Re: weird error messages

[Paul Slootman <paul@murphy.nl>]

On Fri 09 Feb 2001, Paul Slootman wrote:
> 
> I'll see if I can have a look at snort for this; I prefer Chris

I've had a look at this :-)

It's always the same with packages that examine raw network stuff.
It's because the ethernet packet is snarfed, and then a pointer to
e.g. the IP part is passed to some other function that thinks it
has a pointer to a struct and tries to use that directly. I fix this
by allocating a separate struct for this (which is automagically
aligned properly), and then copy the data from the address given
into the new struct via memcpy (which does it byte by byte
(effectively), hence not needing the alignment (although I'm sure
some optimization takes place)).

I've identified a couple of places where this needed to be done.
I've put up a test version (1.7-2.alpha.1) of snort at
http://www.murphy.nl/~paul/debian/snort/ ; the deb itself is
http://www.murphy.nl/~paul/debian/snort/snort_1.7-2.alpha.1_alpha.deb

Please give any feedback (esp. any remaining unaligned accesses;
the first hex number is important in finding the place in the
source where the problem is).  I may have introduced some wierdness
somewhere, so also please check it's still doing what it should be :-)
There may still be an unaligned access if you have token ring (yeah,
right, like anyone still uses IP over token ring on an alpha :-)


Paul Slootman
-- 
home:       paul@wurtel.net      http://www.wurtel.demon.nl/
work:       paul@murphy.nl       http://www.murphy.nl/
debian:     paul@debian.org      http://www.debian.org/
isdn4linux: paul@isdn4linux.org  http://www.isdn4linux.org/