On Fri 09 Feb 2001, Paul Slootman wrote: > > I'll see if I can have a look at snort for this; I prefer Chris
I've had a look at this :-) It's always the same with packages that examine raw network stuff. It's because the ethernet packet is snarfed, and then a pointer to e.g. the IP part is passed to some other function that thinks it has a pointer to a struct and tries to use that directly. I fix this by allocating a separate struct for this (which is automagically aligned properly), and then copy the data from the address given into the new struct via memcpy (which does it byte by byte (effectively), hence not needing the alignment (although I'm sure some optimization takes place)). I've identified a couple of places where this needed to be done. I've put up a test version (1.7-2.alpha.1) of snort at http://www.murphy.nl/~paul/debian/snort/ ; the deb itself is http://www.murphy.nl/~paul/debian/snort/snort_1.7-2.alpha.1_alpha.deb Please give any feedback (esp. any remaining unaligned accesses; the first hex number is important in finding the place in the source where the problem is). I may have introduced some wierdness somewhere, so also please check it's still doing what it should be :-) There may still be an unaligned access if you have token ring (yeah, right, like anyone still uses IP over token ring on an alpha :-) Paul Slootman -- home: [EMAIL PROTECTED] http://www.wurtel.demon.nl/ work: [EMAIL PROTECTED] http://www.murphy.nl/ debian: [EMAIL PROTECTED] http://www.debian.org/ isdn4linux: [EMAIL PROTECTED] http://www.isdn4linux.org/
