[Snort-devel] snort multiple network support
dr at ...40...
Sat Nov 18 14:27:33 EST 2000
How does this compare with Marty's cvs code?
I can check that Sunday nite... but I'm gone for a bit.
have a nice weekend,
On Sat, 18 Nov 2000, Todd Lewis wrote:
> I have modified snort-1.6.3 to support to declaration of sets of networks
> for the source or destination in rules. Previously, one could only
> specify a single network as the source or destination. This behaviour
> made specifying HOME_NET exclusions difficult when snort was running on
> a firewall protecting multiple back-end networks.
> The syntax allows stating a sequence of networks separated by colons.
> (Leading colons, trailing colons, multiple colons, it all works.)
> Since a single network with no colon describes a set of one network,
> this patch is 100% reverse-compatible with previous rules.
> I have created a diff file, which I attach, detailing my changes.
> While I have myself tested this code, it has not been put through
> SecureWorks' QA process. We intend to license this code under the GPL
> and ask for its incorporation into snort, but only after it has passed QA.
> Until then, I am circulating this patch in order to get feedback from the
> snort developers. The code as it is right now '#ifdef's the new code and
> preserves all of the old code; I would like to tidy this up for the final
> patch, and if there is general consensus that this is a positive change to
> snort, then I will do so before submitting the final version of this work.
> There is a README.SMN (that's for Support Multiple Networks) included
> in the patch detailing everything I could think of that anyone would
> need to know about this patch.
> I am happy to make changes to the code or documentation; feedback is
> welcome and encouraged.
> Todd Lewis tlewis at ...120...
> God grant me the courage not to give up what I think is right, even
> though I think it is hopeless. - Admiral Chester W. Nimitz
Content-Type: APPLICATION/octet-stream; name="snort.smn.patch.bz2"
Dragos Ruiu <dr at ...9...> dursec.com ltd. / kyx.net - we're from the future
gpg/pgp key on file at wwwkeys.pgp.net
More information about the Snort-devel