[Snort-devel] How to get the name of the current interface?

Jack Pepper pepperjack at ...2971...
Tue Jul 1 09:44:04 EDT 2008


Quoting Salvo Danilo Giuffrida <salvodanilogiuffrida at ...2499...>:

> Hello, the function GetIP(char*) returns the IP assigned to the
> interface whose name is specified as the 1st parameter. But, how can I
> get the name of the interface Snort is currently sniffing to (apart
> from parsing the command line or the snort.conf file)?
> Thanks

I assume you are talking about during detection (since you mention  
CallAlertFunc).  The packet structure, P, passed into your detector  
includes as it's structure a pointer to the pflog header at p->pfh.   
The pfh structure includes some fields that describe the interface  
associated with the packet.  For an example of how to use the pfh  
structre, look at detect.c and see how the grinder gets built for each  
interface.

I have not tested this before, but it seems straightforward enough.

jp

-- 
Framework?  I don't need no steenking framework!

----------------------------------------------------------------
@fferent Security Labs:  Isolate/Insulate/Innovate  
http://www.afferentsecurity.com





More information about the Snort-devel mailing list