Snort mailing list archives
Re: [Snort-devel] Implementing timeouts in Snort
From: Steven Sturges <steve.sturges () sourcefire com>
Date: Tue, 21 Oct 2008 08:39:14 -0400
Hi Devdutt-- Depending on what protocols your preprocessor is using, you can leverage the stream API and store data that is associated with the TCP or UDP session structure. The data is then freed (providing you specify a free function) when the session is terminated -- via timeout or normal TCP FIN/FIN-ACK/etc. Cheers. -steve Devdutt Patnaik wrote:
Hi All, I am currently working on a preprocessor plugin that needs to keep some state but will discard it upon a timeout. I have some experience with snort and have previously written a state machine based preprocessor plugin. However I didn't have to use timeouts until now. All the logic was just based on incoming packet events ie. asynchronous, wherein the packet arrival events would allow/trigger my logic to execute. In the timer case I need to get some code to run without triggers from incoming packets. I looked at the snort.conf file and preprocessors like frag3 do use timers/timeouts. However it isnt clear how they are implemented in the code. Can some one give me a few tips/hints so that I could understand how I could implement timeouts/timers in Snort. Thanks, Devdutt. ------------------------------------------------------------------------ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ------------------------------------------------------------------------ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Implementing timeouts in Snort Devdutt Patnaik (Oct 21)
- Implementing timeouts in Snort Devdutt Patnaik (Oct 21)
- Re: [Snort-devel] Implementing timeouts in Snort Steven Sturges (Oct 21)