[Snort-devel] Dynamic preprocessor question - access to Preprocess function

Vladimir Shcherbakov vladimir at ...2929...
Tue Mar 27 13:47:57 EDT 2007


Hello All,

I'm working on a SSL decryption Snort preprocessor that would decipher SSL
traffic and pass the decrypted data back to Snort wrapped as fake network
packets. Ideally, I'd like the preprocess to work the same way as Snort's
own stream4 one, but  implemented as a dynamic preprocessor to simplify the
deployment.

The only problem with this approach is that the dynamic preprocessor API
only allows sending packets to the detection engine using the
DynamicPreprocessorData.detect function, while I'd like to be able to send
the decoded data back to the preprocessors layer so that (decoded) SSL
traffic can be processed, say, with the stream4 preprocessor before it
reaches the detection layer.

Is there any way to do that? If not, does it look like something you (Snort
developers) could consider as a feature request?

Thanks in advance,

Vladimir Shcherbakov

SSLTech.net - SSL traffic decryption software
http://www.ssltech.net




More information about the Snort-devel mailing list