[Snort-devel] new plugin for rules based on stream offset
axonpotential at ...398...
Thu Aug 1 06:18:28 EDT 2002
I just wanted to say thanks for the help on this one.
By using todays cvs and commenting out the
PKT_REBUILT_STREAM test it all seems to be working
I will do a bit more clean up and then post it.
Chris - do you want me to change it to
'stream_depth:'? If it looks good it's all yours, but
if you all had something else in mind to supersede
this I would not take it personal...
Another day or so and I will do a formal release
thanks again to both of you!
--- Chris Green <cmg at ...402...> wrote:
> Andreas Östling <andreaso at ...387...> writes:
> > I guess the "int direction" argument should have
> something to do with it,
> > but when enabling stream4 debugging, this one:
> > DEBUG_WRAP(DebugMessage(DEBUG_STREAM,
> > "Built packet with %u byte payload, "
> > "Direction: %s\n",
> > stream_pkt->dsize,
> > direction ? "from_server":
> > always says the rebuilt stream is from the client,
> even when it
> > clearly prints out a rebuilt stream with output
> from the server.
> > On non-rebuilt packets, the PKT_FROM_SERVER/CLIENT
> is always correct.
> Ahh ok. I see the problem. You are right.
> packet_flags should inherit
> from the packet it just ran through for stream
> committing changes now.
> Chris Green <cmg at ...402...>
> A good pun is its own reword.
Do You Yahoo!?
Yahoo! Health - Feel better, live better
More information about the Snort-devel