[Snort-devel] SnortSP: Writing an analyzer in Lua

Tako Chanz tako_chanz at ...445...
Mon Jun 27 20:33:20 EDT 2011

Hi all,

Maybe I'm double posting but I saw two dev mailing list and I really need some guidance.

After studied the snort.lua and snort_funcs.lua, I'm still stuck on
how a packet passed to lua's callback function.
Is there any doc describing the params for the function: lua_analyzer
(buf, offset, proto, dport)?
It seems that the lua_analyzer is dealing packet above the IP layer.
Is it possible to inspect the link or network layer using Lua?
My goals:
- Using Lua to write an analyzer and inspect any layer(ether, IP, tcp/
- Drop packets base on some simple matching condition
I really need some directions or docs from you all.
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110628/e4221a9e/attachment.html>

More information about the Snort-devel mailing list