[Snort-users] Protocol Names -- always upper case?

James Hoagland hoagland at ...47...
Wed Aug 9 12:36:41 EDT 2000


Greetings,

I was wondering if the protocol names that snort uses in output 
should always be upper case.  These are stored in protocol_names[] 
and established in InitProtoNames() in snort.c.  This is used for (at 
least) the printed alerts and  logs and in the name of the log file.

I have looked at InitProtoNames() in 3 version of Snort.  An old 
version (1.6 I think it was) just set up 3 or so hard-coded protocol 
names, in all caps.  In version 1.6.3, the hard-coded protocol names 
are there, additional names are grabbed by calls to 
getprotobynumber(), and everything is set up upper case using 
toupper().  In the version I just grabbed from CVS, there are no 
longer hard coded names at all and toupper() has been removed.

It seems that some OSs (including OpenBSD 2.7) return the protocol 
name in lower case.

The reason I ask is that at present SnortSnarf assumes the protocol 
name is in upper case for the purposes of generating a link to a log 
file and in a few other places.  This is causing problems for at 
least one person.

Is it a valid assumption that the protocol name should be upper case? 
Or should I hack SnortSnarf to handle both cases?  (I think you can 
guess my preference :) .)

Thanks,

   Jim
-- 
|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland at ...47...                *|
|*  Voice: (707) 445-4355 x13          Fax: (707) 826-7571  *|




More information about the Snort-users mailing list