Snort mailing list archives

Previous By Date Next
Previous By Thread Next

LightSPD manifest.json question for builtin path

From: Noah Dietrich <noah_dietrich () 86penny org>
Date: Sat, 3 Jul 2021 16:25:25 +0000
I'm working on getting LightSPD functionality added to PulledPork3, and I
have a question about the way builtin rules are stored in the LightSPD
folder

For the current LightSPD file ("lightspd build number" : "2021-06-30-003"),
the format for the builtin folder is:

.\lightspd\builtins\3.0.1-3\
- builtins.rules
- *.states files


There is only the one '3.0.1-3' folder contained in the 'builtins' folder.
The manifest.json file lists Snort3 versions from 3.0.3-1 to 3.1.1.0-20,
but only contains references for the policies folder and .so files.

Can you let me know what the format/plan is for this folder?  I think it
would be best if you need to have different versions of your builtin.rules
file to reference unique folders in the manifest.json file, like you're
doing with the policies and .so folders.  For example:
      "3.1.1.0-0" : {
         "policies_path" : "policies/3.0.3-4/",
         "builtins_path" : "builtins/3.0.1-3/",
         "architectures" : {
            ...
         }

However, if you're only going to have one builtin.rules file for all
versions of Snort that are supported, then it'd make more sense to just
rename the folder to .\lightspd\builtins\, and have that folder contain the
builtins.rules and *.states files.  You'd then reference this path from the
root of your manifest.json file:

{
"builtins_path" : "builtins/",
"lightspd build number" : "2021-06-30-003",
    "snort versions" : {
      "3.1.0.1-149" : {...}
     }
}


From a PulledPork perspective, it'd be nice to have a single mechanism for

me to determine the various paths (getting the path for each type of object
out of the json file, rather than looking at the folder names for some
items, and getting json entries for others).

thanks,
Noah

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: