[Snort-users] My "wishlist" (small stuff).

Fyodor fygrave at ...121...
Sun Aug 20 03:44:33 EDT 2000


~ :
~ :3) Less sensitive to 'bad files': I am not complaining here, but I notice
~ :that Snort segfaults a lot when something is the matter with a rulesfile, or
~ :it thinks something is the matter.

Lololo.. :) The ruleset parser definetely needs improvements. We just need
how high is the priority of rewriting the parser module. As for the moment
IMHO the highest is to finish up bringing fixes into current, sort out the
directory structure and plugin issues. Spooling module is what I'd like to
play next .. I actually made already an attempt to rewrite snort rules
parser using flex/yacc but at that time it was flagged down, so it's still
sorta unfinished, but I think if there's enough interest we can bring this
issue back too. Have a look on
http://www.scorpions.net/~fygrave/misc/snort_cfg.tar.gz, last modification
date is december, 1999, hence it may complain on current rulesets..

~ : Sometimes it's a space after the IP,
~ :sometimes it's I-don't-know-what. I don't know if this can be fixed from a
~ :programming standpoint, but if anyone has a few minutes to look at the code
~ :that reads in the file...


Been there. Did that. :) That's why I suggested to rewrite the parser part
while ago :)






More information about the Snort-users mailing list