[Snort-devel] preprocessor identification

Joe McAlerney joey at ...63...
Thu Jan 11 20:51:31 EST 2001


Hello all,

I think it would be beneficial for output plugins to know the source of
where they are receiving input from.  This way, output plugins can
tailor their format, route differently, or choose to ignore information
provided from a given input source.  It's really a trivial thing to
implement.  I suggest adding another argument to CallAlertFuncs() and
CallLogFuncs() in plugbase.c to hold the name of the preprocessor
calling the function.  We could simply use the function keyword
("defrag","http_decode","minfrag", etc...) and "rule" for the rule-based
case.

If this sounds good, I can make some patches tomorrow.  Otherwise, I'd
like to hear your thoughts.

Thanks,

-Joe M.

-- 
+--                            --+
| Joe McAlerney, Silicon Defense |
| http://www.silicondefense.com/ |
+--                            --+




More information about the Snort-devel mailing list