Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RegisterRuleOption from 2.8.5.x to 2.8.6

From: Ryan Jordan <ryan.jordan () sourcefire com>
Date: Mon, 26 Apr 2010 16:45:59 -0400
Yes, you should leave that new argument as NULL.

RuleOptOtnHandler is a new function that is used when you want to
parse a rule then handle detection yourself, outside of the detection
option tree. Currently, it is only used in the Sensitive Data
preprocessor for "sd_pattern" rules.

-Ryan

On Mon, Apr 26, 2010 at 4:12 PM, Luis Daniel Lucio Quiroz
<luis.daniel.lucio () gmail com> wrote:


I have realize that new proto is now:
void RegisterRuleOption(char *, RuleOptConfigFunc, RuleOptOverrideInitFunc,
RuleOptType, RuleOptOtnHandler);


i'm porting snortsam patch, i did have
 RegisterRuleOption("fwsam", AlertFWsamOptionInit, NULL, OPT_TYPE_ACTION);

I'm seeing that most of the plugs like the pcre set a NULL in the 4th param.

RegisterRuleOption("pcre", SnortPcreInit, NULL, OPT_TYPE_DETECTION, NULL);

 Is that okay for snotsam? cause i dont find any example on a output-plug

Regards,

LD

------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel



------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: