[Snort-devel] xml format samples

Todd Lewis tlewis at ...255...
Wed Feb 7 14:37:19 EST 2001

On Wed, 7 Feb 2001, Brian Caswell wrote:

> Yes, but where are you going to store ICMP options?  Shouldn't that be
> stored in the protocol section?  Makes more sense from the user
> standpoint.   

Uhh, that sounds fine.  Unlike a positional syntax, it's a breeze to
add new elements to the xml form; just stick a new node in the parent.

> I agree that it would be nice to validate XML just by comparing it
> against a DTD, but XML will cut down on the readability.  You showed
> multiple  methods of showing the same rule with the same options. 
> Unless you understand XML, that concept isn't that easy to grasp.

Actually, I was walking through several alternate formats just to get
the old mental juices flowing.  The last one was my favorite.  Also,
I disagree that XML would cut down on readability.  Take the present
syntax, expand it to do the sorts of things you can do with XML, and
then see which one is more readable.

Todd Lewis                                       tlewis at ...120...

  God grant me the courage not to give up what I think is right, even
  though I think it is hopeless.          - Admiral Chester W. Nimitz

More information about the Snort-devel mailing list