[Snort-devel] [snort-cvs] CVS: snort plugbase.h,1.8,1.9 rules.c,1.5,1.6 rules.h,1.2,1.3 sp_react.c,1.4,1.5 sp_react.h,1.5,1.6 sp_respond.c,1.2,1.3 sp_respond.h,1.2,1.3 (fwd)

Fyodor fygrave at ...1...
Sat Sep 23 21:30:15 EDT 2000

Hi folks,
 Just commited some change into cvs tree so we can differ
keywords(plugins) which actually perform detection from keywords which
trigger a response from snort. 

Most of changes are in the code, but I've got a question  for you as well:

Should we modify plugin-data handling to be in `void *' pointer of
OptFpList as well, so we could just keep a pointer there and let the
plugin to take care of the rest (istead of keeping an array in OptNodeTree
for all the plugins). One of the reasons for this is that when we switch
to dinamically loaded modules/plugins this way of handling data seems to
be more acceptable (we don't have to hardcore parts of plugins in core

Any thoughts?

And of course review of committed code would be appreciated as well.. it's
8am here by the time I finish it, so funny things could be there :-P

---------- Forwarded message ----------
Date: Sat, 23 Sep 2000 18:11:49 -0700
From: Fyodor Yarochkin <fygrave at ...64...>
To: snort-cvsinfo at lists.sourceforge.net
Subject: [snort-cvs] CVS: snort plugbase.h,1.8,1.9 rules.c,1.5,1.6 rules.h,1.2,
    1.3 sp_react.c,1.4,1.5 sp_react.h,1.5,1.6 sp_respond.c,1.2,1.3 sp_respond.h,

Update of /cvsroot/snort/snort
In directory slayer.i.sourceforge.net:/tmp/cvs-serv24859

Modified Files:
	plugbase.h rules.c rules.h sp_react.c sp_react.h sp_respond.c 
Log Message:
Logical bug in `re*' handling keywords. The thing is that `response' would be sent no
matter whether all of the `options' in rule match packet or not, if the keyword
is not the last in the sequence. Hoperfully this change fixes this problem.

It also introduces new sub-class of `keyword' plugins, which we can call `respond' 
plugins. The difference is in plugin parameters handling (maybe we could switch
to the same way in for `detection' plugins as well?) and the functions it has to call 
to register response functions.

Review and feedback would be appreciated mucho ;-)

[snip snip.. the rest in cvs tree ;-) ]

More information about the Snort-devel mailing list