[Snort-devel] remarks on preprocessors
hakke_007 at ...578...
Sat Mar 11 04:43:03 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
during an internship over the last 2 months I dealt a lot with
preprocessors. I attached a file containing a list of remarks I created
while reading all the different sources of documentation/snort's source
There are quite some preprocessors that have an incomplete documentation
in the snort_manual or the snort.conf. For most of the preprocessor I
found 'hidden' options in the source code.
I did notice that there are README files for some of preprocessors, but
I only read the one for http_inspect (it was really necassary!). For my
taste there are too many sources of documentation. Snort_manual is
available as a tex document, so why bother and add tons of README files
and extensive (and sometimes erroneous) example configurations into the
snort.conf? Why not keep snort_manual up to date as THE ONLY manual?
Anyways, here's the list of remarks.
I took the list and went over 2.6's manual updating the list, but I'm
going to send this to the 2.6 feedback list separately!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Snort-devel