[Snort-devel] Help Developing Snort "Hello World" Dynamic Preprocessor

Fuat Yosanto mbahe_suro at ...3099...
Mon Aug 23 05:15:49 EDT 2010


Well, after rechecking anything in "Hello World" Dynamic Preprocessor,
I found that only one thing I have to do to make it working.
That was done by adding this preprocessor in snort.conf.
Since the setup function was like this :

void HelloSetup()
{
    _dpd.registerPreproc("hello", HelloInit);
}

So I added a line :

preprocessor hello

in snort.conf.
And then, it just worked out.

Since there were no parameters needed to run this preprocessor,
I thought it was unnecessary to add that line in snort.conf.
That's my wrong.

Anyway, thanks.


On Wed, 18 Aug 2010 13:29:32 -0400, Ryan Jordan
<ryan.jordan at ...402...> wrote:
> If your initialization function "HelloInit()" is working, make sure
> that it registers your detection function. Since we're using SSH as an
> example, here's the important part of SSH init:
> 
> void SetupSSH(void)
> {
>    _dpd.registerPreproc( "ssh", SSHInit );
> }
> 
> static void SSHInit(char *argp)
> {
>    // prereq checks and config parsing...
>    // ...
> 
>    _dpd.addPreproc( ProcessSSH, PRIORITY_APPLICATION, PP_SSH,
>    PROTO_BIT__TCP );
> 
>    // ...
> }
> 
> SetupSSH() will always get called at Snort start-up. It registers the
> string "ssh" as a preprocessor name.
> 
> SSHInit() only gets called if snort.conf contains "preprocessor ssh:".
> SSHInit() is responsible for parsing the preprocessor's config and
> registering the detection function.
> 
> Once SSHInit() has been called, ProcessSSH() will be added to the list
> of preprocessor functions that get called on every packet.
> 
> To get your preprocessor working, make sure that you're following each
> of these steps. I'd guess that you either left out a call to
> _dpd.registerPreproc(), or didn't add your preprocessor to snort.conf.
> 
> -Ryan
> 





More information about the Snort-devel mailing list