[Snort-devel] [ekr at ...168...: Re: format string in ssl dump]

Todd Lewis tlewis at ...120...
Tue Dec 19 17:34:16 EST 2000


On Tue, 19 Dec 2000, Martin Roesch wrote:

> Hi Tood, et al.
> 
> I think modularizing ssldump for easy inclusion into Snort and other projects
> is probably the way to go.  I really see this as an application layer decoder,
> which is something we hope to introduce into follow-on versions of Snort
> (modular decoder plugin architecture).

Do you mean the next release, or some alternate version?

> Basically what I'm imagining that we'd
> like to do is to treat it as a decoder plugin to Snort which would fill in
> various data structs that would then be passed to the detection elements of
> the system.  
> 
> Sounds reasonable?  I'm not sure if this is what Fyodor is thinking, but it
> sounds pretty reasonable to me. :)

I want to make sure that I understand first.  What would the API for
this look like?  Where would this plug in?

--
Todd Lewis                                       tlewis at ...120...

  God grant me the courage not to give up what I think is right, even
  though I think it is hopeless.          - Admiral Chester W. Nimitz





More information about the Snort-devel mailing list