[Snort-devel] Problems developing a detection plugin.
newsgroups at ...2117...
Sun Sep 7 12:15:09 EDT 2003
Sunday, September 7, 2003, 6:56:26 PM, you wrote:
PK> the only workaround i found the ip/src addresses
PK> are stored in otn->proto_node->dip/sip so now i just compare
PK> these w/ actual p->iph->ip_src/ip_dst addresses.
PK> If they match i do my detection.
This is not that easy to make it work correctly as i though..
Is there a way to see in the data available to a
detection plugin if the rule really matched the packet?
Without writing enormous extra algorithms?
More information about the Snort-devel