[Snort-devel] Dynamic preprocessor question - access to Preprocess function
vladimir at ...2929...
Tue Mar 27 13:47:57 EDT 2007
I'm working on a SSL decryption Snort preprocessor that would decipher SSL
traffic and pass the decrypted data back to Snort wrapped as fake network
packets. Ideally, I'd like the preprocess to work the same way as Snort's
own stream4 one, but implemented as a dynamic preprocessor to simplify the
The only problem with this approach is that the dynamic preprocessor API
only allows sending packets to the detection engine using the
DynamicPreprocessorData.detect function, while I'd like to be able to send
the decoded data back to the preprocessors layer so that (decoded) SSL
traffic can be processed, say, with the stream4 preprocessor before it
reaches the detection layer.
Is there any way to do that? If not, does it look like something you (Snort
developers) could consider as a feature request?
Thanks in advance,
SSLTech.net - SSL traffic decryption software
More information about the Snort-devel