[Snort-devel] How to get the name of the current interface?

Todd Wease twease at ...402...
Tue Jul 1 10:05:27 EDT 2008


The global pv structure (struct _progvars typedef'ed as PV) declared in 
snort.c might be what you want.  It contains a 'char *' member 
'interface' which is what is passed to pcap_open_live() and is the 
interface Snort is using.  Just add a couple of lines like

#include "snort.h"
extern PV pv;

to your source file to use it.


Jack Pepper wrote:
> Quoting Salvo Danilo Giuffrida <salvodanilogiuffrida at ...2499...>:
> 
>> Hello, the function GetIP(char*) returns the IP assigned to the
>> interface whose name is specified as the 1st parameter. But, how can I
>> get the name of the interface Snort is currently sniffing to (apart
>> from parsing the command line or the snort.conf file)?
>> Thanks
> 
> I assume you are talking about during detection (since you mention  
> CallAlertFunc).  The packet structure, P, passed into your detector  
> includes as it's structure a pointer to the pflog header at p->pfh.   
> The pfh structure includes some fields that describe the interface  
> associated with the packet.  For an example of how to use the pfh  
> structre, look at detect.c and see how the grinder gets built for each  
> interface.
> 
> I have not tested this before, but it seems straightforward enough.
> 
> jp
> 





More information about the Snort-devel mailing list