Snort mailing list archives
Re: Help Developing Snort "Hello World" Dynamic Preprocessor
From: Fuat Yosanto <mbahe_suro () students ittelkom ac id>
Date: Mon, 23 Aug 2010 16:15:49 +0700
Well, after rechecking anything in "Hello World" Dynamic Preprocessor,
I found that only one thing I have to do to make it working.
That was done by adding this preprocessor in snort.conf.
Since the setup function was like this :
void HelloSetup()
{
_dpd.registerPreproc("hello", HelloInit);
}
So I added a line :
preprocessor hello
in snort.conf.
And then, it just worked out.
Since there were no parameters needed to run this preprocessor,
I thought it was unnecessary to add that line in snort.conf.
That's my wrong.
Anyway, thanks.
On Wed, 18 Aug 2010 13:29:32 -0400, Ryan Jordan
<ryan.jordan () sourcefire com> wrote:
If your initialization function "HelloInit()" is working, make sure
that it registers your detection function. Since we're using SSH as an
example, here's the important part of SSH init:
void SetupSSH(void)
{
_dpd.registerPreproc( "ssh", SSHInit );
}
static void SSHInit(char *argp)
{
// prereq checks and config parsing...
// ...
_dpd.addPreproc( ProcessSSH, PRIORITY_APPLICATION, PP_SSH,
PROTO_BIT__TCP );
// ...
}
SetupSSH() will always get called at Snort start-up. It registers the
string "ssh" as a preprocessor name.
SSHInit() only gets called if snort.conf contains "preprocessor ssh:".
SSHInit() is responsible for parsing the preprocessor's config and
registering the detection function.
Once SSHInit() has been called, ProcessSSH() will be added to the list
of preprocessor functions that get called on every packet.
To get your preprocessor working, make sure that you're following each
of these steps. I'd guess that you either left out a call to
_dpd.registerPreproc(), or didn't add your preprocessor to snort.conf.
-Ryan
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Help Developing Snort "Hello World" Dynamic Preprocessor Fuat Yosanto (Jul 30)
- Re: Help Developing Snort "Hello World" Dynamic Preprocessor Russ Combs (Aug 16)
- Re: Help Developing Snort "Hello World" Dynamic Preprocessor Fuat Yosanto (Aug 18)
- Re: Help Developing Snort "Hello World" Dynamic Preprocessor Ryan Jordan (Aug 18)
- Re: Help Developing Snort "Hello World" Dynamic Preprocessor Fuat Yosanto (Aug 23)
- Re: Help Developing Snort "Hello World" Dynamic Preprocessor Fuat Yosanto (Aug 18)
- Re: Help Developing Snort "Hello World" Dynamic Preprocessor Russ Combs (Aug 16)