'Re: [Snort-devel] [PATCH] Add non-IP layer 3 detection via new'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-devel
Subject:    Re: [Snort-devel] [PATCH] Add non-IP layer 3 detection via new
From:       Joel Esler <jesler () sourcefire ! com>
Date:       2011-11-28 13:24:53
Message-ID: 58BCFABF-774A-4350-922B-0BBFC49B16EC () sourcefire ! com
[Download RAW message or body]

Same here Joshua.


On Nov 20, 2011, at 8:24 PM, Joshua Kinard wrote:

> On 11/13/2011 16:37, Joshua Kinard wrote:
> 
>> 
>> Hi snort-devel,
>> 
>> I decided to play around some more in src/decode.c, and got to thinking,
>> with all of these additional Decode* functions that don't seem to see a lot
>> of use, why not provide some baseline support to at least scan some of the
>> protocols?
>> 
>> End result is I didn't fiddle with too much in decoder.c, but wound up
>> adding a new rule protocol, "eth", and a new rule option, "ether_type".  The
>> purpose is to open up Snort to detecting things other than IP-based traffic
>> by leveraging the existing capabilities of the fast-pattern matcher and
>> detection engine.
> 
> Okay, I forgot to synchronize SFSnortPacket in sf_snort_packet.h with the
> changes I made to Packet in decode.h, which resulted in an alignment problem
> in any of the dynamic preprocessors.  The attached patch fixes this.
> 
> Any comment so far?  List has been dead all week.
> 
> -- 
> Joshua Kinard
> Gentoo/MIPS
> kumba@gentoo.org
> 4096R/D25D95E3 2011-03-28
> 
> "The past tempts us, the present confuses us, the future frightens us.  And
> our lives slip away, moment by moment, lost in that vast, terrible in-between."
> 
> --Emperor Turhan, Centauri Republic
> <snort-2.9.2-ether_type-support.patch>



------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic