[Snort-devel] [PATCH] Add non-IP layer 3 detection via new 'ether_type' keyword and 'eth' protocol

Joshua Kinard kumba at ...2185...
Mon Dec 26 19:06:35 EST 2011


With the release of snort-2.9.2 final, I rebased my work for the ether_type
rule option.  Some of the data types changed which required it.

In addition, I added the bit of code to DecodeIEEE80211Pkt to make it work
with ether_type (no time to fix the mess w/ LLC/SNAP frame decoding right
now), and I added documentation to the snort manual for the new option and
tested it once I got the TeX tools setup and working.

Attached patch only modifies the snort_manual.tex file, so the PDF would
need to be regenerated in an upcoming release if this is accepted.

And lets not forget the hyperlinks in the manual next time :)

Changes:
 doc/snort_manual.tex                            |  105 ++++++
 src/decode.c                                    |  120 +++++++
 src/decode.h                                    |   27 +
 src/detect.c                                    |   42 +-
 src/detection-plugins/Makefile.am               |    3
 src/detection-plugins/Makefile.in               |    8
 src/detection-plugins/detection_options.c       |   14
 src/detection-plugins/sp_ether_type.c           |  361 ++++++++++++++++++++++++
 src/detection-plugins/sp_ether_type.h           |  125 ++++++++
 src/dynamic-plugins/sf_engine/sf_snort_packet.h |    3
 src/fpcreate.c                                  |  252 +++++++++++++---
 src/fpcreate.h                                  |    7
 src/fpdetect.c                                  |  241 ++++++++++------
 src/fpdetect.h                                  |   12
 src/parser.c                                    |  183 ++++++++----
 src/plugbase.c                                  |    2
 src/plugin_enum.h                               |    1
 src/rule_option_types.h                         |    3
 src/sfutil/sfportobject.h                       |    7
 src/snort.c                                     |   14
 src/snort.h                                     |    4
 21 files changed, 1313 insertions(+), 221 deletions(-)


Cheers!

-- 
Joshua Kinard
Gentoo/MIPS
kumba at ...2185...
4096R/D25D95E3 2011-03-28

"The past tempts us, the present confuses us, the future frightens us.  And
our lives slip away, moment by moment, lost in that vast, terrible in-between."

--Emperor Turhan, Centauri Republic
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snort-2.9.2-ether_type-support.patch
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20111226/523bd43b/attachment.ksh>


More information about the Snort-devel mailing list