[Snort-devel] About snort sFsnortPakcet header file

Emiliano Fausto emiliano.fausto at ...2499...
Tue Apr 29 05:24:39 EDT 2014


Hello Amtul,

I was working with IP Addresses v4, and that's part of the code I used:

SFSnortPacket *p = (SFSnortPacket *) pkt;

IP4Hdr iphd;
sfip_t iphdt;

iphd = p->inner_ip4h;
iphdt = iphd.ip_src;

Then, in iphdt.ip you'll have the Source IP Address. Doing similar steps,
but instead of previous line putting this one: iphdt = iphd.ip_dst; you'll
have the Destination IP Address.

Hope it helps,
regards.

Emiliano.

PS: if you want to store the IP in an unsigned integer you may use these
two lines:

unsigned char *ipsrcp = (unsigned char*) &iphdt.ip;
unsigned int src_ip_uint = (*ipsrcp << 24) + (*(ipsrcp+1) << 16) +
(*(ipsrcp+2) << 8) + *(ipsrcp+3);



2014-04-29 4:59 GMT-03:00 Amtul Saboor <saboor.amtul at ...2499...>:

> Hello
>
> I am trying to make some changes in snort sample prperocessor dpx , i have
> read the following information from snort manual online:
> *4.1.4 SFSnortPacket*
>
> *The SFSnortPacket structure mirrors the snort Packet structure and
> provides access to all of the data contained in a given packet.*
>
> *It and the data structures it incorporates are defined
> in sf_snort_packet.h. Additional data structures may be defined to
> reference other protocol fields. Check the header file for the current
> definitions.*
>
> *Source: http://manual.snort.org/node38.html
> <http://manual.snort.org/node38.html>*
>
> >>>I have gone through this file sf_snort_packet.h , but i am unable to
> locate the exact data structure that deals with packet source ip address
> and destination ip address. I just need these two data structures to make
> the desired variation.
>
> Any one would be appreciated. Thanks
>
>
> --
> *Amtul Saboor*
>
> *MS (Information Security) *
>
> *Military College of Signals, National University of Science & Technology,
> Rawalpindi*
>
> *Pakistan*
>
>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.  Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140429/9fc378b8/attachment.html>


More information about the Snort-devel mailing list