[Snort-devel] preprocessor drop packets issues

Han Zhang zhanghan0116 at ...2499...
Fri Dec 6 20:04:59 EST 2013


Hi all,

         I'm currently writing a Snort preprocessor, which tries to drop
some
packets before it goes to the detection engine and triggers any rules. I
tried function Active_DropPacket(); but it doesn't work.

         I attached my code here, for test purpose, this code just drop all
the HTTP packets. I could see output "Got a packet", which means this
preprocessor was called. But it did not drop any HTTP packet. Was I using a
wrong function to drop the packet? Any comment is appreciate.

static void Detection(Packet *p, void *context)
{

    TestConfig *entropy = NULL;

    LogMessage("Got a packet\n");
    sfPolicyUserPolicySet (entropy_config, getRuntimePolicy());
    entropy = (EntropyConfig *)sfPolicyUserDataGetCurrent(entropy_config);

    /* Not configured in this policy */
    if (entropy == NULL)
        return;

    if(p->sp == 80)
    {
            Active_DropPacket();
            //Active_ForceDropPacket();
            //Active_ForceDropAction(p);
            //Active_ForceDropSession();
    }
    return;
}

-- 
Thanks
Han
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20131206/c0384fd9/attachment.html>


More information about the Snort-devel mailing list