[Snort-devel] [snort-cvs] CVS: snort plugbase.h,1.8,1.9 rules.c,1.5,1.6 rules.h,1.2,1.3sp_react.c,1.4,1.5 sp_react.h,1.5,1.6 sp_respond.c,1.2,1.3 sp_respond.h,1.2,1.3(fwd)

Martin Roesch roesch at ...48...
Sat Sep 23 23:00:03 EDT 2000


Are you talking about getting rid of the ds_list or something else?

   -Marty

Fyodor wrote:
> 
> Hi folks,
>  Just commited some change into cvs tree so we can differ
> keywords(plugins) which actually perform detection from keywords which
> trigger a response from snort.
> 
> Most of changes are in the code, but I've got a question  for you as well:
> 
> Should we modify plugin-data handling to be in `void *' pointer of
> OptFpList as well, so we could just keep a pointer there and let the
> plugin to take care of the rest (istead of keeping an array in OptNodeTree
> for all the plugins). One of the reasons for this is that when we switch
> to dinamically loaded modules/plugins this way of handling data seems to
> be more acceptable (we don't have to hardcore parts of plugins in core
> system).
> 
> Any thoughts?
> 
> And of course review of committed code would be appreciated as well.. it's
> 8am here by the time I finish it, so funny things could be there :-P
> 
> ---------- Forwarded message ----------
> Date: Sat, 23 Sep 2000 18:11:49 -0700
> From: Fyodor Yarochkin <fygrave at ...64...>
> To: snort-cvsinfo at lists.sourceforge.net
> Subject: [snort-cvs] CVS: snort plugbase.h,1.8,1.9 rules.c,1.5,1.6 rules.h,1.2,
>     1.3 sp_react.c,1.4,1.5 sp_react.h,1.5,1.6 sp_respond.c,1.2,1.3 sp_respond.h,
>     1.2,1.3
> 
> Update of /cvsroot/snort/snort
> In directory slayer.i.sourceforge.net:/tmp/cvs-serv24859
> 
> Modified Files:
>         plugbase.h rules.c rules.h sp_react.c sp_react.h sp_respond.c
>         sp_respond.h
> Log Message:
> Logical bug in `re*' handling keywords. The thing is that `response' would be sent no
> matter whether all of the `options' in rule match packet or not, if the keyword
> is not the last in the sequence. Hoperfully this change fixes this problem.
> 
> It also introduces new sub-class of `keyword' plugins, which we can call `respond'
> plugins. The difference is in plugin parameters handling (maybe we could switch
> to the same way in for `detection' plugins as well?) and the functions it has to call
> to register response functions.
> 
> Review and feedback would be appreciated mucho ;-)
> 
> [snip snip.. the rest in cvs tree ;-) ]
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-devel

-- 
Martin Roesch
roesch at ...48...
http://www.snort.org



More information about the Snort-devel mailing list