[Snort-devel] spo_xml patch

Martin Roesch roesch at ...402...
Mon Jan 14 11:01:14 EST 2002


I'm cleaning house in snort-current to make way for Snort 2.0.  In Snort
2.0 we'll be having very few native output types and using barnyard for
more complex/slow stuff like XML and database output.  Nobody but
primary Snort developers should be tracking -current right now, it's
likely broken in a thousand horrible ways and there are big pieces that
have been removed.

    -Marty

Fyodor wrote:
> 
> On Sat, Jan 12, 2002 at 12:52:13PM -0500, roman at ...49... wrote:
> > Enclosed is a patch to the xml output plugin to:
> >
> > + properly handle non-IP alerts
> > + properly handle IP packets with a proto=ICMP,UDP,TCP
> >   but no corresponding p->icmph,udph,tcph
> >
> > This addresses bug #491771 (xml equivalent of the
> > database bug) and #488742.
> 
> comitted. Just noticed spo_xml.c is not in current btw. (only in
> SNORT_1_8 release).
> 
> --
> http://www.notlsd.net
> PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel

--
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...402... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-devel mailing list