[Snort-devel] remarks on preprocessors

Thomas Washeim hakke_007 at ...578...
Sat Mar 11 04:43:03 EST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello *,

during an internship over the last 2 months I dealt a lot with
preprocessors. I attached a file containing a list of remarks I created
while reading all the different sources of documentation/snort's source
code.
There are quite some preprocessors that have an incomplete documentation
in the snort_manual or the snort.conf. For most of the preprocessor I
found 'hidden' options in the source code.
I did notice that there are README files for some of preprocessors, but
I only read the one for http_inspect (it was really necassary!). For my
taste there are too many sources of documentation. Snort_manual is
available as a tex document, so why bother and add tons of README files
and extensive (and sometimes erroneous) example configurations into the
snort.conf? Why not keep snort_manual up to date as THE ONLY manual?
Anyways, here's the list of remarks.
I took the list and went over 2.6's manual updating the list, but I'm
going to send this to the 2.6 feedback list separately!

Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEEsaF2/ggQBUI/skRAiJ2AJ4qe8l07ELhErMGB++z+p6BfijjoQCfb7c4
OkzdmHk2G1mKTMTNcavjK/w=
=AvCt
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: remarks.2.4.4
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20060311/222ecc68/attachment.ksh>


More information about the Snort-devel mailing list