[Snort-devel] [ekr at ...168...: Re: format string in ssl dump]

Martin Roesch roesch at ...48...
Thu Dec 21 00:48:30 EST 2000


Fyodor wrote:
> 
> On Tue, Dec 19, 2000 at 05:34:16PM -0500, Todd Lewis wrote:
> > On Tue, 19 Dec 2000, Martin Roesch wrote:
> >
> > > Hi Tood, et al.
> > >
> > > I think modularizing ssldump for easy inclusion into Snort and other projects
> > > is probably the way to go.  I really see this as an application layer decoder,
> > > which is something we hope to introduce into follow-on versions of Snort
> > > (modular decoder plugin architecture).
> >
> > Do you mean the next release, or some alternate version?
> 
> That's actually was my concern as well, I think we shouldn't hurry sticking up
> ssldump in just 5 minutes before we release 1.7.x but rather include it into original
> design of 2.x, right?

Right.


> > > sounds pretty reasonable to me. :)
> >
> > I want to make sure that I understand first.  What would the API for
> > this look like?  Where would this plug in?
> >
> 
> As I mentioned, it might be a preprocessor plugin (a-la tcp stream f.e.), just could be on a higher level.
> BTW, what about allowing preprocessor to specify it's level (either according to OSI model, or just priority),
> this way we could sort out in which order plugins are processing data wiyhout taking care of the order, which
> they are included in snort.conf file f.e.

That's a good idea, I like that.  :)

   -Marty

-- 
Martin Roesch
roesch at ...48...
http://www.snort.org




More information about the Snort-devel mailing list