Snort mailing list archives
Re: Fwd: [Snort-Users] snort signature code
From: Steven Sturges <ssturges () sourcefire com>
Date: Fri, 10 Jun 2011 14:26:42 -0400
This code allows Snort to print a meaningful url related to a short reference value that is specified in a rule. The meaning of each of the reference names (cve, bugtraq, etc) are specified in reference.config. For example, if a rule has "reference:cve,2010-0000;" When Snort generates an alert where it includes reference information, that gets expanded to http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0000 Hope this helps. On 6/10/11 1:00 PM, Joel Esler wrote:
Begin forwarded message:*From: *nashwa salah <nashwasalah8 () gmail com <mailto:nashwasalah8 () gmail com>> *Date: *June 10, 2011 12:03:52 PM EDT *To: *Snort-Users <snortusers () googlegroups com <mailto:snortusers () googlegroups com>> *Subject: **[Snort-Users] snort signature code* *mime-version: *1.0 *user-agent: *G2/1.0 i want to know what this code mean or what that main function of it in signature file: ReferenceSystemNode * ReferenceSystemAdd(ReferenceSystemNode **head, char *name, char *url) { ReferenceSystemNode *node; if (name == NULL) { ErrorMessage("NULL reference system name\n"); return NULL; } if (head == NULL) return NULL; /* create the new node */ node = (ReferenceSystemNode *)SnortAlloc(sizeof(ReferenceSystemNode)); node->name = SnortStrdup(name); if (url != NULL) node->url = SnortStrdup(url); /* Add to the front of the list */ node->next = *head; *head = node; return node; } ReferenceSystemNode * ReferenceSystemLookup(ReferenceSystemNode *head, char *name) { if (name == NULL) return NULL; while (head != NULL) { if (strcasecmp(name, head->name) == 0) break; head = head->next; } return head; } -- To post to this group, send email to snortusers () googlegroups com <mailto:snortusers () googlegroups com> For more information, please visit http://www.snort.org------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Fwd: [Snort-Users] snort signature code Joel Esler (Jun 10)
- Re: Fwd: [Snort-Users] snort signature code Steven Sturges (Jun 10)