[Snort-devel] [ snort-Patches-592020 ] changes in spo_database.c suggested

Ian Macdonald secsnortdev at ...1490...
Wed Aug 7 12:35:05 EDT 2002


Its is also more efficient to do matches based on a numeric number rather
than strings. So using a numeric number should return queries quicker.

Ian
----- Original Message -----
From: "Kreimendahl, Chad J" <Chad.Kreimendahl at ...1167...>
To: <snort-devel at lists.sourceforge.net>
Sent: Wednesday, August 07, 2002 11:50 AM
Subject: RE: [Snort-devel] [ snort-Patches-592020 ] changes in
spo_database.c suggested


>
> I posted a comment on sourceforge, but should probably do it here as
> well:
>
> One of the greatest reasons to insert the data into the DB this way is
> for searching of ranges.  Since the range:
> 172.16.0.0/12 would be extremely dificult to represent in a query to
> return all info from those src or dst IPs... the decimal form is
> preferred:
> 172.16.0.0/12 would be:
> 2886729728 -> 2887778303
>
> so an oracle query such as
> where dst_ip between 2886729728 and 2887778303
> would return the exact information you wanted.  The calculations for the
> minimum and maximum values is actually very simple...
>
> -----Original Message-----
> From: noreply at ...12... [mailto:noreply at ...12...]
> Sent: Wednesday, August 07, 2002 7:33 AM
> To: noreply at ...12...
> Subject: [Snort-devel] [ snort-Patches-592020 ] changes in
> spo_database.c suggested
>
>
> Patches item #592020, was opened at 2002-08-07 18:03
> You can respond by visiting:
> https://sourceforge.net/tracker/?func=detail&atid=303357&aid=592020&grou
> p_id=3357
>
> Category: None
> Group: None
> Status: Open
> Resolution: None
> Priority: 5
> Submitted By: Manish Kumar Arya (manish_k_arya)
> Assigned to: Nobody/Anonymous (nobody)
> Summary: changes in spo_database.c suggested
>
> Initial Comment:
> Hello Admins
>                   I have a suggestion for making a change in
> spo_database.c.
>                   while commiting src ip and dst ip in iphdr
> table  it commited network byte order rather
> commiting actul ip address. i hav made changes for
> commiting IP addresses to iphdr table rather
> commiting network byte order.
>
> if u feel i m correct pls accept this change (line no
> 1010 program spo_database.c)
>
> i m sending this changed program with this mail
>
> Manish Arya
> http://www.linuxlabs.biz
>
>
> ----------------------------------------------------------------------
>
> You can respond by visiting:
> https://sourceforge.net/tracker/?func=detail&atid=303357&aid=592020&grou
> p_id=3357
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>





More information about the Snort-devel mailing list