preprocessor drop packets issues

[Han Zhang <zhanghan0116 () gmail com>]

Hi all,

         I'm currently writing a Snort preprocessor, which tries to drop
some
packets before it goes to the detection engine and triggers any rules. I
tried function Active_DropPacket(); but it doesn't work.

         I attached my code here, for test purpose, this code just drop all
the HTTP packets. I could see output "Got a packet", which means this
preprocessor was called. But it did not drop any HTTP packet. Was I using a
wrong function to drop the packet? Any comment is appreciate.

static void Detection(Packet *p, void *context)
{

    TestConfig *entropy = NULL;

    LogMessage("Got a packet\n");
    sfPolicyUserPolicySet (entropy_config, getRuntimePolicy());
    entropy = (EntropyConfig *)sfPolicyUserDataGetCurrent(entropy_config);

    /* Not configured in this policy */
    if (entropy == NULL)
        return;

    if(p->sp == 80)
    {
            Active_DropPacket();
            //Active_ForceDropPacket();
            //Active_ForceDropAction(p);
            //Active_ForceDropSession();
    }
    return;
}

-- 
Thanks
Han

------------------------------------------------------------------------------
Sponsored by Intel(R) XDK 
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!