Re: UTF-8 and Unicode packet content under snort 1.8.7

[John Sage <jsage () finchhaven com>]

Chris:

On Sat, Aug 17, 2002 at 07:45:43PM -0400, Chris Green wrote:
> John Sage <jsage () finchhaven com> writes:
>
> > Hello world..
> >
> > I'm currently involved in a discussion on another list where the
> > poster is stating that a Linux-based snort host, not updated to
> > properly handle UTF-8/Unicode encodings, will not correctly represent
> > binary-logged packet content that contains UTF-8/Unicode characters.
> I think the issue you are running into is that older versions of snort
> munged packet data when it normalized it wheras 1.9.x decode in a
> separte normalization buffer.

I'd think 1.8.7 should be OK, then..

Are there any issues with locale settings that you are aware of?

Again (and I shouldn't be implying that I really understand this :-/ )

locale -a does return POSIX

and

locale -m returns UTF-8 and UTF8, among others..

and

locale charmap returns ISO-8859-1, so that's what's currently active.


or is this all a tempest in a teapot?


> The only thing that might be an issue is the use of isspace type macros.

Wazzat? Example?


Thnx..

- John
-- 
"You are in a little maze of twisty passages, all different."

PGP key:     http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800  4EF6 5FC8 F23D 35A4 F705


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users