[Snort-devel] Help Developing Snort "Hello World" Dynamic Preprocessor
rcombs at ...402...
Mon Aug 16 10:33:51 EDT 2010
Rolling your own dynamic preprocessor is not as easy as it could be. I'm
putting a blog post together to remedy that.
In the mean time, here are some pointers:
* ensure the dpp is compiled with exactly same options as snort
* ensure visibility is correct to get InitializePreprocessor() and
* use DebugMessage() instead of _dpd.debugMsg() so file and line are set
* use the SNORT_DEBUG environment variable to get helpful output
And be sure to add the preprocessor config to your snort.conf!
On Sat, Jul 31, 2010 at 2:35 AM, Fuat Yosanto <
mbahe_suro at ...3099...> wrote:
> Hi all,
> Actually I have a problem when creating my own dynamic-preprocessor.
> (See my previous email with subject : Linking custom dynamic-preprocessor)
> Seems like my dynamic-preprocessor hasn't been executed by Snort (loaded
> successfully but didn't work).
> I can't figure out what's wrong with it. May be something is missing.
> I have tried modifying Snort dynamic-preprocessor example to do same
> process with my dynamic-preprocessor.
> It works, but I can't satisfy my needs, because of its directory
> position, and naming problem.
> So to understand what are the minimum requirements to build
> I am looking for a basic example code like "hello world" Snort
> Here, I have created the prototype of "hello world" Snort
> The idea is simple, it will log message when it finds any kind of packet.
> Additionally it can identify TCP, UDP, and ICMP packet.
> Assume that we have done any setup things to integrate this
> dynamic-preprocessor in Snort sources
> such as editing generators.h, preprocids.h, Makefile.am, re-running
> autotools, etc.
> These are the sources :
> Directory : src/dynamic-preprocessor/hello
> File name : spp_hello.c
> #include "preprocids.h"
> #include "sf_snort_packet.h"
> #include "sf_dynamic_preprocessor.h"
> #include "sf_dynamic_preproc_lib.h"
> #include "sf_snort_plugin_api.h"
> #include "sfPolicy.h"
> #include "sfPolicyUserData.h"
> #define GENERATOR_SPP_HELLO 230
> extern DynamicPreprocessorData _dpd;
> static void HelloInit(char *);
> static void HelloProcess(void *, void *);
> void HelloSetup()
> _dpd.registerPreproc("hello", HelloInit);
> static void HelloInit(char *args)
> _dpd.addPreproc(HelloProcess, PRIORITY_TRANSPORT, PP_HELLO,
> PROTO_BIT__TCP | PROTO_BIT__UDP | PROTO_BIT__ICMP);
> static void HelloProcess(void *pkt, void *context)
> SFSnortPacket *p = (SFSnortPacket *)pkt;
> _dpd.logMsg("Hello : Got TCP packet!\n");
> else if(IsUDP(p))
> _dpd.logMsg("Hello : Got UDP packet!\n");
> else if(IsICMP(p))
> _dpd.logMsg("Hello : Got ICMP packet!\n");
> _dpd.logMsg("Hello : Got unknown packet!\n");
> File name : sf_preproc_info.h :
> #ifndef SF_PREPROC_INFO_H_
> #define SF_PREPROC_INFO_H_
> #define MAJOR_VERSION 1
> #define MINOR_VERSION 0
> #define BUILD_VERSION 1
> #define PREPROC_NAME "HelloWorld_Preprocessor"
> #define DYNAMIC_PREPROC_SETUP HelloSetup
> extern void HelloSetup();
> So here I need a help to fix & improve them, beacuse those are still not
> There should be something missing, something wrong, or something
> The Palm PDK Hot Apps Program offers developers who use the
> Plug-In Development Kit to bring their C/C++ apps to Palm for a share
> of $1 Million in cash or HP Products. Visit us here for more details:
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel