[Snort-devel] SnortSP: Writing an analyzer in Lua

Tako Chanz tako_chanz at ...445...
Mon Jun 27 20:33:20 EDT 2011


Hi all,

Maybe I'm double posting but I saw two dev mailing list and I really need some guidance.

After studied the snort.lua and snort_funcs.lua, I'm still stuck on
how a packet passed to lua's callback function.
 
Is there any doc describing the params for the function: lua_analyzer
(buf, offset, proto, dport)?
 
It seems that the lua_analyzer is dealing packet above the IP layer.
Is it possible to inspect the link or network layer using Lua?
 
My goals:
 
- Using Lua to write an analyzer and inspect any layer(ether, IP, tcp/
udp).
- Drop packets base on some simple matching condition
 
I really need some directions or docs from you all.
 
 
Thanks in advance,
Tako 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110628/e4221a9e/attachment.html>


More information about the Snort-devel mailing list