[Snort-devel] Composite keys in Snort DB schema

Frank Knobbe frank at ...2134...
Thu Aug 26 18:17:10 EDT 2004

On Thu, 2004-08-26 at 19:00, Martin Roesch wrote:
> I'm kicking around adding a "serial number" field to the Packet struct. 
>   It would probably look something like:
> typedef struct _PktSerial
> {
> 	u_int8_t collection_mac[6];	/* MAC addr of the interface this packet 
> was collected on */

Tracking by MAC address? Eeww... How do you handle things when you need
to replace the sniffing network card? Force the old MAC on the new card
through software?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040826/bc1825c6/attachment.sig>

More information about the Snort-devel mailing list