[Snort-devel] Looking at rule metadata from an output plugin
Alan M. Carroll
amc at ...3043...
Fri May 29 17:25:04 EDT 2009
I have my output plugin working now along with the rule metadata hook. If you've ever wanted to be able to do output overrides on specific rules, it works very nicely for that purpose.
I have just a couple of questions left.
1) What is the difference between Restart and CleanExit? I can't find any documentation that elucidates the distinction and a sampling of existing output plugins yields the uniform result that both of these are implemented with identical code. Is this just an artifact from earlier versions of Snort?
2) How or should memory allocated and placed in OpTreeNode.ds_list be cleaned up? Currently when the plugin sees its metadata, it allocates a struct and stuffs it in the ds_list. But that memory is never released. Is that a problem?
More information about the Snort-devel