[Snort-devel] Trying to develope a preprocessor

Raymond Pun raymondpun80 at ...445...
Fri Nov 19 10:49:05 EST 2004


Hi,

I would like to develop a preprocessor, and therefore I am trying to 
familiar myself with snort and some other preprocessor.

I try to understand the telnet negotiation preprocessor but I have some 
doubts. I guess what the preprocessor is trying to do is replacing some 
characters in the data. But I am not quite understand what is 
"DecodeBuffer".  When data is written on DecodeBuffer, what will happen? 
Will it be written into p->data eventually? Is DecodeBuffer a general buffer 
that will be used to replace p->data?

Besides, could someone teach me how to generate an alert and how to printout 
message to console if snort is run with sth like "snort -dev -A fast" ?

Many many thanks.

regards,
Raymond 




More information about the Snort-devel mailing list