[Snort-devel] Detection Engine

Jallam Amada arisen at posteo.de
Wed Dec 13 16:13:03 EST 2017


Hello Guys,

i have a question regarding packet evaluation in Snort 2.9.11 (not
C++!). I am willing to replace the Detection Engine (no portgroups, no
fpPatternMatching...) by simply running my own function to the flowing
packet while ignoring the rest of Snort. As simple as it might sound,
what is the fastest way to achieve this with existing function in the
framework?

I don't need any preprocessors or anything, i just need to make use of a
firewall-functionality in Snort (packet classification).


Thank You..

Jallam Amada



More information about the Snort-devel mailing list