[Snort-devel] xml thoughts

Colin Haxton Colin at ...187...
Wed Feb 7 14:44:37 EST 2001

I am all for xml BUT...

1.  there is a learning curve to using DOM or SAX.  Yes, I know that
it's great once your there but some of the terms and methods my be a bit
strange to those who have not done much object oriented/event driven
work (IMHO). 

2.  after having pushed myself to try some of the stuff that Todd keeps
talking about I had a sweet bit of code running on my Linux box and was
really excited about the possibilities, only to find that OpenBSD didn't
want to know about the libxml libraries.  It seems that OpenBSD 2.8
supports libxml but not earlier versions, 2.7, 2.6 etc.  This is a
problem for me and I suspect for others that have operational systems
deployed 'out there'.  Then I learnt about libxml 1 & 2...sigh...I put
my xml code into my 'maybe later' box and took a different approach that
would work on my different platforms.

Summary: Yes, I think xml should be in the 'future' plans for snort but
I know that I couldn't deploy it for a while (6-12 month) unless a large
chunk of xml supporting code went with it.  If we did have to add code
to support the portability of xml then aren't we sort of getting
distracted from what snort does so well.  

Will xml really make snort much 'better' at what it does ?  It's sort of
a efficiency vs effectiveness thing.  How about pouring all this great
energy into testing the new stuff like spade, and getting the new
'Aho-Corasick Boyer-Moore' pattern matching stuff into the core
product.  This work by SiliconDefence really looks hot!!

anyway,  just my 10c worth.   :-)



More information about the Snort-devel mailing list