[Snort-users] Snort 2.9.0.3 & Phil Wood's modified libpcap

Russ Combs rcombs at ...1935...
Fri Feb 11 06:55:14 EST 2011


On Fri, Feb 11, 2011 at 4:39 AM,  <vincent at ...15035...> wrote:
>
>
> Hi everyone,
>
>> From what I just saw, the patch below didn't make it into the 2.9.0.4
>
> release (daq-0.5 from Feb 11th still doesn't have that fix)  Is there any
> reason for that?

Yes - it was discovered too late in the release cycle to be put in 2904.

 Should I include that patch in my .EL5 rpms anyway or keep
> the 0.5 version with the bug?

Sourcefire didn't because of the timing, but the patch is safe, IMHO.
If you do include it, use the later one with the version number
change.

>
> Regards,
>
> Vincent
>
> On Tue, 8 Feb 2011, Michael Scheidell wrote:
>
>> On 2/8/11 10:54 AM, Weir, Jason wrote:
>>      Ok - I'll bite, where do I get the latest daq version, looks like
>> snort.org only has 0.5...
>>
>> -J
>>
>> small patch, published on this list: 2/1/11, 2:06 ET, subject
>> 'freebsd/snort 2.9.0.3 daq: how do I verity if
>> is using ram.
>>
>> author xiche at ...3147...:
>>
>> --- os-daq-modules/daq_pcap.c.orig      2011-01-30 15:28:19.000000000
>> -0500
>> +++ os-daq-modules/daq_pcap.c   2011-02-01 14:03:08.000000000 -0500
>> @@ -39,7 +39,7 @@
>>
>>  #include "daq_api.h"
>>
>> -#define DAQ_PCAP_VERSION 3
>> +#define DAQ_PCAP_VERSION 4
>>
>>  typedef struct _pcap_context
>>  {
>> @@ -216,7 +216,7 @@ static int pcap_daq_initialize(const DAQ
>>     for (entry = config->values; entry; entry = entry->next)
>>     {
>>         if (!strcmp(entry->key, "buffer_size"))
>> -            context->buffer_size = strtol(entry->key, NULL, 10);
>> +            context->buffer_size = strtol(entry->value, NULL, 10);
>>     }
>>     /* Try to account for legacy PCAP_FRAMES environment variable if we
>> weren't passed a buffer size. */
>>     if (context->buffer_size == 0)
>>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list