Re: Updated IP Blacklisting patch (version 2)

[Martin Roesch <roesch () sourcefire com>]

On Thu, Jul 9, 2009 at 9:34 AM, Eoin
Miller<eoin.miller () trojanedbinaries com> wrote:

> Seems to work great with the goto's now (thanks!).  Very small/non
> functionality niggle with the output/alerting: Was wondering about this:
>
> static void ProcessArgs(char *args){
> snprintf(eventstr, STD_BUF, "Access attempt from %s blacklisted IP
> address", arg);
>
> "attempt from" might mean to some the src address is blacklisted. Since
> iplist fires on both src and dst maybe have something like:
>
> snprintf(eventstr, STD_BUF, "Communication with %s blacklisted IP
> address", arg);
>
> Might help thwart some potential confusion down the road.


Good point, I'll make the change.

Any stats on CPU usage?  Did the gotos or different arrangement result
in any savings?


Marty


-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users