Missing ICMP decodes?

Hi ti all,

Apologies if this message is posted twice. This time I
have subscribed to the list :)

It seems that snort does not decode completely all
ICMP packets that contain another paket in the ICMP
data. (At least the IP header and the 64 bits data of
the original packet). ICMP UNREACHABLES and REDIRECTS
are decoded all the way but for the other ICMP
messages like SOURCE QUENCH or TIME EXCEEDED and
others this is not true.

In decode.c DecodeICMP() there is no piece of code
that assings an orig_iphdr to the decoded packet and
in log.c the original packets are not printed. They
couldn't anyway beacause the decoder didn't set them
appropriately.

Is this a bug or is it in the future plans or maybe I
am missing something ?

Thanks in advance

Cheers, John.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642