[Snort-devel] About snort sFsnortPakcet header file

Steven Sturges ssturges at ...402...
Tue Apr 29 09:50:20 EDT 2014


We recommend using the accessor functions/methods defined in ipv6_port.h
versus direct reference to the IP4Hdr data struct itself.

Look in src/dynamic-preprocessors/include for the ipv6_port.h to use.

On 4/29/14, 5:24 AM, Emiliano Fausto wrote:
> Hello Amtul,
>
> I was working with IP Addresses v4, and that's part of the code I used:
>
> SFSnortPacket *p = (SFSnortPacket *) pkt;
>
> IP4Hdr iphd;
> sfip_t iphdt;
>
> iphd = p->inner_ip4h;
> iphdt = iphd.ip_src;
>
> Then, in iphdt.ip you'll have the Source IP Address. Doing similar 
> steps, but instead of previous line putting this one: iphdt = 
> iphd.ip_dst; you'll have the Destination IP Address.
>
> Hope it helps,
> regards.
>
> Emiliano.
>
> PS: if you want to store the IP in an unsigned integer you may use 
> these two lines:
>
> unsigned char *ipsrcp = (unsigned char*) &iphdt.ip;
> unsigned int src_ip_uint = (*ipsrcp << 24) + (*(ipsrcp+1) << 16) + 
> (*(ipsrcp+2) << 8) + *(ipsrcp+3);
>
>
>
> 2014-04-29 4:59 GMT-03:00 Amtul Saboor <saboor.amtul at ...2499... 
> <mailto:saboor.amtul at ...2499...>>:
>
>     Hello
>
>     I am trying to make some changes in snort sample prperocessor dpx
>     , i have read the following information from snort manual online:
>
>
>         /4.1.4 SFSnortPacket/
>
>     /*The SFSnortPacket structure mirrors the snort Packet structure
>     and provides access to all of the data contained in a given packet.*/
>
>     /*It and the data structures it incorporates are defined in
>     sf_snort_packet.h. Additional data structures may be defined to
>     reference other protocol fields. Check the header file for the
>     current definitions.*/
>
>     _Source: http://manual.snort.org/node38.html_
>
>     >>>I have gone through this file sf_snort_packet.h , but i am unable to locate the exact data
>     structure that deals with packet source ip address and destination
>     ip address. I just need these two data structures to make the
>     desired variation.
>
>     Any one would be appreciated. Thanks
>
>
>
>     -- 
>     *Amtul Saboor*
>     /MS (Information Security)
>     /
>     /Military College of Signals, National University of Science &
>     Technology, Rawalpindi
>     /
>     /Pakistan
>     /
>
>
>
>     ------------------------------------------------------------------------------
>     "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>     Instantly run your Selenium tests across 300+ browser/OS combos.  Get
>     unparalleled scalability from the best Selenium testing platform
>     available.
>     Simple to use. Nothing to install. Get started now for free."
>     http://p.sf.net/sfu/SauceLabs
>     _______________________________________________
>     Snort-devel mailing list
>     Snort-devel at lists.sourceforge.net
>     <mailto:Snort-devel at lists.sourceforge.net>
>     https://lists.sourceforge.net/lists/listinfo/snort-devel
>     Archive:
>     http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
>     Please visit http://blog.snort.org for the latest news about Snort!
>
>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.  Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
>
>
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140429/db5f66fc/attachment.html>


More information about the Snort-devel mailing list