[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-devel
Subject: Re: [Snort-devel] [PATCH] Add non-IP layer 3 detection via new
From: Joel Esler <jesler () sourcefire ! com>
Date: 2011-11-28 13:24:53
Message-ID: 58BCFABF-774A-4350-922B-0BBFC49B16EC () sourcefire ! com
[Download RAW message or body]
Same here Joshua.
On Nov 20, 2011, at 8:24 PM, Joshua Kinard wrote:
> On 11/13/2011 16:37, Joshua Kinard wrote:
>
>>
>> Hi snort-devel,
>>
>> I decided to play around some more in src/decode.c, and got to thinking,
>> with all of these additional Decode* functions that don't seem to see a lot
>> of use, why not provide some baseline support to at least scan some of the
>> protocols?
>>
>> End result is I didn't fiddle with too much in decoder.c, but wound up
>> adding a new rule protocol, "eth", and a new rule option, "ether_type". The
>> purpose is to open up Snort to detecting things other than IP-based traffic
>> by leveraging the existing capabilities of the fast-pattern matcher and
>> detection engine.
>
> Okay, I forgot to synchronize SFSnortPacket in sf_snort_packet.h with the
> changes I made to Packet in decode.h, which resulted in an alignment problem
> in any of the dynamic preprocessors. The attached patch fixes this.
>
> Any comment so far? List has been dead all week.
>
> --
> Joshua Kinard
> Gentoo/MIPS
> kumba@gentoo.org
> 4096R/D25D95E3 2011-03-28
>
> "The past tempts us, the present confuses us, the future frightens us. And
> our lives slip away, moment by moment, lost in that vast, terrible in-between."
>
> --Emperor Turhan, Centauri Republic
> <snort-2.9.2-ether_type-support.patch>
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic