[Snort-users] Protocol Names -- always upper case?
hoagland at ...47...
Wed Aug 9 12:36:41 EDT 2000
I was wondering if the protocol names that snort uses in output
should always be upper case. These are stored in protocol_names
and established in InitProtoNames() in snort.c. This is used for (at
least) the printed alerts and logs and in the name of the log file.
I have looked at InitProtoNames() in 3 version of Snort. An old
version (1.6 I think it was) just set up 3 or so hard-coded protocol
names, in all caps. In version 1.6.3, the hard-coded protocol names
are there, additional names are grabbed by calls to
getprotobynumber(), and everything is set up upper case using
toupper(). In the version I just grabbed from CVS, there are no
longer hard coded names at all and toupper() has been removed.
It seems that some OSs (including OpenBSD 2.7) return the protocol
name in lower case.
The reason I ask is that at present SnortSnarf assumes the protocol
name is in upper case for the purposes of generating a link to a log
file and in a few other places. This is causing problems for at
least one person.
Is it a valid assumption that the protocol name should be upper case?
Or should I hack SnortSnarf to handle both cases? (I think you can
guess my preference :) .)
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* hoagland at ...47... *|
|* Voice: (707) 445-4355 x13 Fax: (707) 826-7571 *|
More information about the Snort-users