[Snort-users] Re: Snort-users digest, Vol 1 #1731 - 12 msgs

Peter Kahle pkahle at ...492...
Thu Mar 28 12:27:03 EST 2002


Snort has very basic support for ipv6, but it doesn't do more than
increment a counter, and ignores the guts of the packet. I was
considering trying to add better support for ipv6, before life got in
the way, but it seems like it would be non-trivial, but not all that
hard. You can borrow a lot of code from the ipv4 code. The problem comes
in with packets with multiple subheaders, and in the use of packet
header structure in the TCP and UDP parsing code. Oh, and ICMPv6 is
different from the ipv4 version. Haven't done my homework on that, so I
don't know how big the differences are.
Hope that helps, and if anyone starts working on this, let me know.
P
-- 

Those who would give up essential Liberty to purchase a little temporary 
safety, deserve neither Liberty nor safety.
					-- Ben Franklin

|| Peter M Kahle Jr              ||     PGP Public Key on Keyservers     ||
|| pkahle at ...492...              ||    http://pops.dyndns.com/~pkahle/   || 
##===============================##======================================##




More information about the Snort-users mailing list