[Snort-devel] Problems developing a detection plugin.

Peteris Krumins newsgroups at ...2117...
Sun Sep 7 12:15:09 EDT 2003


Sunday, September 7, 2003, 6:56:26 PM, you wrote:


PK>  Hello,

[...]

PK>   the only workaround i found the ip/src addresses
PK>   are stored in otn->proto_node->dip/sip so now i just compare
PK>   these w/ actual p->iph->ip_src/ip_dst addresses.
PK>   If they match i do my detection.


 This is not that easy to make it work correctly as i though..

 Is there a way to see in the data available to a
 detection plugin if the rule really matched the packet?
 Without writing enormous extra algorithms?


P.Krumins





More information about the Snort-devel mailing list