[Snort-devel] snort multiple network support

Dragos Ruiu dr at ...40...
Sat Nov 18 14:27:33 EST 2000


How does this compare with Marty's cvs code?

Serendipity... cool.

I can check that Sunday nite... but I'm gone for a bit.

have a nice weekend,
--dr


On Sat, 18 Nov 2000, Todd Lewis wrote:
> 
> Greetings.
> 
> I have modified snort-1.6.3 to support to declaration of sets of networks
> for the source or destination in rules.  Previously, one could only
> specify a single network as the source or destination.  This behaviour
> made specifying HOME_NET exclusions difficult when snort was running on
> a firewall protecting multiple back-end networks.
> 
> The syntax allows stating a sequence of networks separated by colons.
> (Leading colons, trailing colons, multiple colons, it all works.)
> Since a single network with no colon describes a set of one network,
> this patch is 100% reverse-compatible with previous rules.
> 
> I have created a diff file, which I attach, detailing my changes.
> While I have myself tested this code, it has not been put through
> SecureWorks' QA process.  We intend to license this code under the GPL
> and ask for its incorporation into snort, but only after it has passed QA.
> Until then, I am circulating this patch in order to get feedback from the
> snort developers.  The code as it is right now '#ifdef's the new code and
> preserves all of the old code; I would like to tidy this up for the final
> patch, and if there is general consensus that this is a positive change to
> snort, then I will do so before submitting the final version of this work.
> 
> There is a README.SMN (that's for Support Multiple Networks) included
> in the patch detailing everything I could think of that anyone would
> need to know about this patch.
> 
> I am happy to make changes to the code or documentation; feedback is
> welcome and encouraged.
> 
> --
> Todd Lewis                                       tlewis at ...120...
> 
>   God grant me the courage not to give up what I think is right, even
>   though I think it is hopeless.          - Admiral Chester W. Nimitz
> 

----------------------------------------
Content-Type: APPLICATION/octet-stream; name="snort.smn.patch.bz2"
Content-Transfer-Encoding: BASE64
Content-Description: 
----------------------------------------

-- 
Dragos Ruiu <dr at ...9...>   dursec.com ltd. / kyx.net - we're from the future 
gpg/pgp key on file at wwwkeys.pgp.net



More information about the Snort-devel mailing list