Snort mailing list archives

Re: Which parameters to pass in addPreproc func?

From: "Ed Borgoyn (eborgoyn)" <eborgoyn () cisco com>
Date: Thu, 19 May 2016 14:43:10 +0000

Have you tried registering the preproc with PROTO_BIT__ALL instead of just
UDP and/or TCP?


On 5/19/16, 8:11 AM, "Jan Hermes" <jan.hermes () hotmail de> wrote:

I would like to let my dynamic preprocessor being called on every single
package that runs through the network. Which parameters do I have to
pass to the registration function?

I tried a lot of combinations with values from the preprocids.h file.

But the best I could get was the preconfigured situation from the
example preprocessor, which gets called on every package with tcp or udp.

But it is missing all those packages with an unknown ethertype.
--------------------------------------------------------------------------
----
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data
untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!



------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Which parameters to pass in addPreproc func? Jan Hermes (May 19)
- <Possible follow-ups>
- Re: Which parameters to pass in addPreproc func? Ed Borgoyn (eborgoyn) (May 19)
  - Re: Which parameters to pass in addPreproc func? Jan Hermes (May 19)