[Snort-devel] new plugin for rules based on stream offset

scott campbell axonpotential at ...398...
Thu Aug 1 06:18:28 EDT 2002


I just wanted to say thanks for the help on this one. 
By using todays cvs and commenting out the
PKT_REBUILT_STREAM test it all seems to be working
perfectly now.

I will do a bit more clean up and then post it.

Chris - do you want me to change it to
'stream_depth:'?  If it looks good it's all yours, but
if you all had something else in mind to supersede
this I would not take it personal...

Another day or so and I will do a formal release
posting.

thanks again to both of you!

scott


--- Chris Green <cmg at ...402...> wrote:
> Andreas Östling <andreaso at ...387...> writes:
> 
> > I guess the "int direction" argument should have
> something to do with it,
> > but when enabling stream4 debugging, this one:
> >
> > DEBUG_WRAP(DebugMessage(DEBUG_STREAM,
> >            "Built packet with %u byte payload, "
> >            "Direction: %s\n",
> >            stream_pkt->dsize,
> >            direction ? "from_server":
> "from_client"););
> >
> > always says the rebuilt stream is from the client,
> even when it
> > clearly prints out a rebuilt stream with output
> from the server.
> > On non-rebuilt packets, the PKT_FROM_SERVER/CLIENT
> is always correct.
> 
> Ahh ok. I see the problem. You are right. 
> packet_flags should inherit
> from the packet it just ran through for stream
> assmebler.
> 
> committing changes now.
> -- 
> Chris Green <cmg at ...402...>
> A good pun is its own reword.

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com




More information about the Snort-devel mailing list