[Snort-devel] Help Developing Snort "Hello World" Dynamic Preprocessor
mbahe_suro at ...3099...
Mon Aug 23 05:15:49 EDT 2010
Well, after rechecking anything in "Hello World" Dynamic Preprocessor,
I found that only one thing I have to do to make it working.
That was done by adding this preprocessor in snort.conf.
Since the setup function was like this :
So I added a line :
And then, it just worked out.
Since there were no parameters needed to run this preprocessor,
I thought it was unnecessary to add that line in snort.conf.
That's my wrong.
On Wed, 18 Aug 2010 13:29:32 -0400, Ryan Jordan
<ryan.jordan at ...402...> wrote:
> If your initialization function "HelloInit()" is working, make sure
> that it registers your detection function. Since we're using SSH as an
> example, here's the important part of SSH init:
> void SetupSSH(void)
> _dpd.registerPreproc( "ssh", SSHInit );
> static void SSHInit(char *argp)
> // prereq checks and config parsing...
> // ...
> _dpd.addPreproc( ProcessSSH, PRIORITY_APPLICATION, PP_SSH,
> PROTO_BIT__TCP );
> // ...
> SetupSSH() will always get called at Snort start-up. It registers the
> string "ssh" as a preprocessor name.
> SSHInit() only gets called if snort.conf contains "preprocessor ssh:".
> SSHInit() is responsible for parsing the preprocessor's config and
> registering the detection function.
> Once SSHInit() has been called, ProcessSSH() will be added to the list
> of preprocessor functions that get called on every packet.
> To get your preprocessor working, make sure that you're following each
> of these steps. I'd guess that you either left out a call to
> _dpd.registerPreproc(), or didn't add your preprocessor to snort.conf.
More information about the Snort-devel