Snort mailing list archives
Re: About snort sFsnortPakcet header file
From: Steven Sturges <ssturges () sourcefire com>
Date: Tue, 29 Apr 2014 09:50:20 -0400
We recommend using the accessor functions/methods defined in ipv6_port.h versus direct reference to the IP4Hdr data struct itself. Look in src/dynamic-preprocessors/include for the ipv6_port.h to use. On 4/29/14, 5:24 AM, Emiliano Fausto wrote:
Hello Amtul, I was working with IP Addresses v4, and that's part of the code I used: SFSnortPacket *p = (SFSnortPacket *) pkt; IP4Hdr iphd; sfip_t iphdt; iphd = p->inner_ip4h; iphdt = iphd.ip_src;Then, in iphdt.ip you'll have the Source IP Address. Doing similar steps, but instead of previous line putting this one: iphdt = iphd.ip_dst; you'll have the Destination IP Address.Hope it helps, regards. Emiliano.PS: if you want to store the IP in an unsigned integer you may use these two lines:unsigned char *ipsrcp = (unsigned char*) &iphdt.ip;unsigned int src_ip_uint = (*ipsrcp << 24) + (*(ipsrcp+1) << 16) + (*(ipsrcp+2) << 8) + *(ipsrcp+3);2014-04-29 4:59 GMT-03:00 Amtul Saboor <saboor.amtul () gmail com <mailto:saboor.amtul () gmail com>>:Hello I am trying to make some changes in snort sample prperocessor dpx , i have read the following information from snort manual online: /4.1.4 SFSnortPacket/ /*The SFSnortPacket structure mirrors the snort Packet structure and provides access to all of the data contained in a given packet.*/ /*It and the data structures it incorporates are defined in sf_snort_packet.h. Additional data structures may be defined to reference other protocol fields. Check the header file for the current definitions.*/ _Source: http://manual.snort.org/node38.html_ >>>I have gone through this file sf_snort_packet.h , but i am unable to locate the exact data structure that deals with packet source ip address and destination ip address. I just need these two data structures to make the desired variation. Any one would be appreciated. Thanks-- *Amtul Saboor*/MS (Information Security) / /Military College of Signals, National University of Science & Technology, Rawalpindi / /Pakistan / ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net <mailto:Snort-devel () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- About snort sFsnortPakcet header file Amtul Saboor (Apr 29)
- Re: About snort sFsnortPakcet header file Emiliano Fausto (Apr 29)
- Re: About snort sFsnortPakcet header file Steven Sturges (Apr 29)
- Re: About snort sFsnortPakcet header file Emiliano Fausto (Apr 29)