[Snort-devel] How to get the name of the current interface?
twease at ...402...
Tue Jul 1 10:05:27 EDT 2008
The global pv structure (struct _progvars typedef'ed as PV) declared in
snort.c might be what you want. It contains a 'char *' member
'interface' which is what is passed to pcap_open_live() and is the
interface Snort is using. Just add a couple of lines like
extern PV pv;
to your source file to use it.
Jack Pepper wrote:
> Quoting Salvo Danilo Giuffrida <salvodanilogiuffrida at ...2499...>:
>> Hello, the function GetIP(char*) returns the IP assigned to the
>> interface whose name is specified as the 1st parameter. But, how can I
>> get the name of the interface Snort is currently sniffing to (apart
>> from parsing the command line or the snort.conf file)?
> I assume you are talking about during detection (since you mention
> CallAlertFunc). The packet structure, P, passed into your detector
> includes as it's structure a pointer to the pflog header at p->pfh.
> The pfh structure includes some fields that describe the interface
> associated with the packet. For an example of how to use the pfh
> structre, look at detect.c and see how the grinder gets built for each
> I have not tested this before, but it seems straightforward enough.
More information about the Snort-devel