[Snort-devel] Information on DETECTION_OPTION_TREE and OTN vs ds_list

Daniel Peck peck at ...3014...
Thu Mar 5 17:31:06 EST 2009


Hi List,

Could someone provide me some information or a pointer to some information
on the current best practice/approach to creating detection plugins.
Working from the provided template I'm able to understand most of whats
going on, but looking at some of the included plugins in the current release
theres a few things that I can't find documentation on.

 

One specifically is  the DETECTION_OPTION_TREE define that Im seeing pop up
a lot, and I cannot find any documentation about what it is.

 

Also, looking through an older book I have (the nessus/snort/wireshark one),
there is instruction on the ds_list method but says that the otn method was
the preferred way.  Is this still the case, or has this too been phased out
for something better?

 

Thank you for any advice.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20090305/80ea4526/attachment.html>


More information about the Snort-devel mailing list