[Snort-devel] Trying to develope a preprocesso

Raymond Pun raymondpun80 at ...445...
Thu Nov 11 00:21:00 EST 2004


Hi,

I would like to develop a preprocessor, and therefore I am trying to
familiar myself with snort and some other preprocessor.

I try to understand the telnet negotiation preprocessor but I have some
doubts. I guess what the preprocessor is trying to do is replacing some
characters in the data. But I am not quite understand what is
"DecodeBuffer".  When data is written on DecodeBuffer, what will happen?
Will it be written into p->data eventually? Is DecodeBuffer a general buffer
that will be used to replace p->data?

Besides, could someone teach me how to generate an alert and how to printout
message to console if snort is run with sth like "snort -dev -A fast" ?

Many many thanks.

regards,
Raymond




More information about the Snort-devel mailing list