[Snort-devel] Timer in the flows preprocessor
raymondpun80 at ...445...
Thu Nov 11 16:59:04 EST 2004
I have a further question.
In the snort config, we have specified the home network address, like
192.168.1.0/24. How can I get that info in my preprocessor? Or is there any
function that determine a given ip address is within a home network,
something like IsHomeNetworkIP(in_addr *ip_addr)?
many many thanks.
----- Original Message -----
From: "Jay Beale" <jay at ...2665...>
To: "Raymond Pun" <raymondpun80 at ...445...>
Cc: <snort-devel at lists.sourceforge.net>
Sent: Friday, November 12, 2004 04:17
Subject: Re: [Snort-devel] Timer in the flows preprocessor
> Raymond Pun wrote:
>> There is a parameter for the flow preprocessor that tells the inteveral
>> for reporting statistic. How the flow preprocessor output to screen
>> periodically? Is it using somekind of timer? I am not able to find it in
>> the code. Could someone please point it to me?
> Well, the interval is set to the default in FlowInit() and then set to
> the value written in the config file, if any, by FlowParseArgs(). They
> store this in the s_config struct's stats_interval variable.
> In FlowPreprocessor(), this is used by this code:
> /* printout some verbose statistics */
> if(s_config.stats_interval &&
> ((last_output + s_config.stats_interval) <= p->pkth->ts.tv_sec))
> last_output = p->pkth->ts.tv_sec;
> flowcache_stats(stdout, fcache);
> The code here checks if this packet came in stats_interval or more
> seconds since the time of the last output. If it has, it sets
> last_output to the time of the current packet and calls
> flowcache_stats() to print statistics.
> That function is in the flow_cache.c code in the preprocessor/flow
> directory, which might be confusing you. The flow and HttpInspect
> preprocessors get their own directories for most of their code, as its
> broken up into a number of files.
> - Jay
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
More information about the Snort-devel