Re: [Snort-user] how to get input for snort rules

[zT <zzahra88 () gmail com>]

i found answer for second question, just add NULL to function call, it will
be solved.

On Fri, Jan 30, 2015 at 12:22 AM, zT <zzahra88 () gmail com> wrote:

> hello all,
> i have 2 question:
> 1- i want to write a rule that get a keyword from terminal and match
> it with packet content. for this i try to use dynamic module. is this
> right work ? or can i try easy way :(
> 2- when i try to test a dynamic rule this happend:
>  i have test example of snortIDS&IPS TOOLKIT.pdf about dynamic
> modules. I copy code of that file and i got this error in my
> InnerWorkingsDynmaicRules:
> InnerWorkingsDynamicRules.c:48:2: error: too few arguments to function
> ‘RegisterRules’
> and this is the content of that file:
> extern Rule sid109;
> extern Rule sid637;
> extern Rule Rule2329;
> Rule *rules[] =
> {
>     &sid109,&sid637,&Rule2329,NULL
> };
> int InitializeDetection()
> {
>         return RegisterRules(rules);
> }
>
> i'm really confuse. rules is an array of rules and these codes are the
> same as codes in snort IDS&IPS TOOLKIT.pdf .what is going wrong in
> these codes???
> thanks & Regards
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!