Snort mailing list archives
Re: Unable to compile snort3 plugin
From: Christian Leclerc <christian.leclerc () sphere3solutions com>
Date: Tue, 28 May 2019 13:19:50 -0400
Hello guy's ! I have found the problem , it was a source version issue. Sorry ! CL On Tue, May 28, 2019 at 12:34 PM <snort-devel-request () lists snort org> wrote:
Send Snort-devel mailing list submissions to snort-devel () lists snort org To subscribe or unsubscribe via the World Wide Web, visit https://lists.snort.org/mailman/listinfo/snort-devel or, via email, send a message with subject or body 'help' to snort-devel-request () lists snort org You can reach the person managing the list at snort-devel-owner () lists snort org When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-devel digest..." Today's Topics: 1. Unable to compile snort3 plugin (Christian Leclerc) 2. Re: Developing new IPS action plugin (?zkan KIRIK) 3. Re: Developing new IPS action plugin (?zkan KIRIK) 4. libsf_sorules in 2.9.13 (Markus Lude) ---------------------------------------------------------------------- Message: 1 Date: Mon, 27 May 2019 09:04:34 -0400 From: Christian Leclerc <christian.leclerc () sphere3solutions com> To: snort-devel () lists snort org Subject: [Snort-devel] Unable to compile snort3 plugin Message-ID: < CA+VMzsJDVC5xcr_k7ku_2MSXstmHBQedGL92ASjnDzQxTxGV4Q () mail gmail com> Content-Type: text/plain; charset="utf-8" Hello community, I am trying to create a new snort3 plugin for my personal project and I have problem compiling the code .. I know , I am a noob .. Iv'e took the code from snort3_extra in git, everything's seams to work fine so I remove everything I didn't need and create my own logger. The create configure script works just fine, without any problem but when I am trying to compile my plugin ( based on the alert_all code) I am stuck (for like an hour now) on this error : *CONFIDENTIALIT?* L'information apparaissant dans ce message ?lectronique est de nature l?galement privil?gi?e et confidentielle. Si ce message vous est parvenu par erreur et que vous n'?tes pas le destinataire vis?, vous ?tes par les pr?sentes avis? que tout usage, copie ou distribution de ce message est strictement interdit. Vous ?tes donc pri? de nous informer imm?diatement de cette erreur et de d?truire ce message. *CONFIDENTIALITY* The information in this message is legally privileged and confidential. In the event of a transmission error and if you are not the individual or entity mentioned above, you are hereby advised that any use, copying or reproduction of this document is strictly forbidden. Please advise us of this error and destroy this message. -------------- next part -------------- An HTML attachment was scrubbed... URL: < https://lists.snort.org/pipermail/snort-devel/attachments/20190527/ec9df105/attachment.html------------------------------ Message: 2 Date: Mon, 27 May 2019 17:11:20 +0300 From: ?zkan KIRIK <ozkan.kirik () gmail com> To: Russ <rucombs () cisco com> Cc: snort-devel () lists snort org Subject: Re: [Snort-devel] Developing new IPS action plugin Message-ID: <CAAcX-AGjAfEZkT-wE23q+SrkQ0kvf= i_v2Cmrkn6tzKFG0xWVA () mail gmail com> Content-Type: text/plain; charset="utf-8" Thank you Russ, It is just configuring the new action for detection. For example, reroute tcp any any -> any any ( msg: "new route test", dst_router_mac: "11:22:33:44:55:66"; sid: 123 ) or is there any way to pass arguments to newaction? Thanks On Sat, May 25, 2019 at 3:57 PM Russ via Snort-devel < snort-devel () lists snort org> wrote:Hmm. Is your newvar used for detection or just for configuring your action? The goal was to move all action related stuff out of the rule body. You can look at the replace option which works with the reject action for probably the closest example but I don't that does what youwant.On 5/24/19 4:24 AM, ?zkan KIRIK via Snort-devel wrote: Hello, I'm trying to develop a simple ips_action plugin. I need to use arguments per rule for action. newaction tcp any any -> any any ( msg: "new action test", newvar: "abc"; sid: 123 ) Is it possible to access newvar variable within void NewAction::exec(Packet* p) function? Or do you suggest another way to pass per rule arguments to action? Thanks, Ozkan _______________________________________________ Snort-devel mailing listSnort-devel@lists.snort.orghttps://lists.snort.org/mailman/listinfo/snort-develPlease visit http://blog.snort.org for the latest news about Snort! _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!-------------- next part -------------- An HTML attachment was scrubbed... URL: < https://lists.snort.org/pipermail/snort-devel/attachments/20190527/92c4b3b5/attachment.html------------------------------ Message: 3 Date: Mon, 27 May 2019 17:15:26 +0300 From: ?zkan KIRIK <ozkan.kirik () gmail com> To: Russ <rucombs () cisco com> Cc: snort-devel () lists snort org Subject: Re: [Snort-devel] Developing new IPS action plugin Message-ID: < CAAcX-AHBKAbA8r3C+P0GSj+Gues2-HXFEBqUjOxJ_nOX3JsaZg () mail gmail com> Content-Type: text/plain; charset="utf-8" It's type err. It is just configuring the new action. On Mon, May 27, 2019 at 5:11 PM ?zkan KIRIK <ozkan.kirik () gmail com> wrote:Thank you Russ, It is just configuring the new action for detection. For example, reroute tcp any any -> any any ( msg: "new route test", dst_router_mac: "11:22:33:44:55:66"; sid: 123 ) or is there any way to pass arguments to newaction? Thanks On Sat, May 25, 2019 at 3:57 PM Russ via Snort-devel < snort-devel () lists snort org> wrote:Hmm. Is your newvar used for detection or just for configuring your action? The goal was to move all action related stuff out of the rule body. You can look at the replace option which works with the reject action for probably the closest example but I don't that does what youwant.On 5/24/19 4:24 AM, ?zkan KIRIK via Snort-devel wrote: Hello, I'm trying to develop a simple ips_action plugin. I need to useargumentsper rule for action. newaction tcp any any -> any any ( msg: "new action test", newvar:"abc";sid: 123 ) Is it possible to access newvar variable within void NewAction::exec(Packet* p) function? Or do you suggest another way to pass per rule arguments to action? Thanks, Ozkan _______________________________________________ Snort-devel mailing listSnort-devel@lists.snort.orghttps://lists.snort.org/mailman/listinfo/snort-develPlease visit http://blog.snort.org for the latest news about Snort! _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!-------------- next part -------------- An HTML attachment was scrubbed... URL: < https://lists.snort.org/pipermail/snort-devel/attachments/20190527/ff5eef69/attachment.html------------------------------ Message: 4 Date: Mon, 27 May 2019 21:53:13 +0200 From: Markus Lude <markus.lude () gmx de> To: snort-devel () lists snort org Subject: [Snort-devel] libsf_sorules in 2.9.13 Message-ID: <20190527195313.kj32yizvkf3nw5bt () nellie mlude de> Content-Type: text/plain; charset=us-ascii Hi, libsf_sorules appears in snort 2.9.13. Is there some easy way to disable building that library? Or do I have to patch the configure script? What is this library for? It seems not to be used so far. Regards Markus Lude ------------------------------ Subject: Digest Footer _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel ------------------------------ End of Snort-devel Digest, Vol 23, Issue 15 *******************************************
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Unable to compile snort3 plugin Christian Leclerc (May 28)
- <Possible follow-ups>
- Re: Unable to compile snort3 plugin Christian Leclerc (May 28)