[Snort-devel] SnortSP: Writing an analyzer in Lua
tako_chanz at ...445...
Mon Jun 27 20:33:20 EDT 2011
Maybe I'm double posting but I saw two dev mailing list and I really need some guidance.
After studied the snort.lua and snort_funcs.lua, I'm still stuck on
how a packet passed to lua's callback function.
Is there any doc describing the params for the function: lua_analyzer
(buf, offset, proto, dport)?
It seems that the lua_analyzer is dealing packet above the IP layer.
Is it possible to inspect the link or network layer using Lua?
- Using Lua to write an analyzer and inspect any layer(ether, IP, tcp/
- Drop packets base on some simple matching condition
I really need some directions or docs from you all.
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel