Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Packet Logger Mode- what is func()?

From: Russ Combs <rcombs () sourcefire com>
Date: Fri, 21 Sep 2012 10:29:55 -0400
Suggest running in a debugger to follow that function call.  "func" is a
function pointer in LogList, which is added to with AddFuncToOutputList()
in src/plugbase.c.  The exact function(s) called depend on your
configuration.

On Fri, Sep 21, 2012 at 9:02 AM, Alex Adamos <alexthakidadam () hotmail com>wrote:


 hi to all!

im new here and i suppose maybe you can help me!

I was trying to figure out how the Packet Logger Mode runs. At snort.c ,
when packet_logger_mode is set,  the LogPacket() which in turn calls the
CallLogPlugins(). In the later definition of the function (at detect.c
file) a function pointer idx calls the func(). At this point, i can not
neither understand or find what this function does or where it is defined
!!! It goes like this :

void CallLogPlugins(Packet * p, char *message, void *args, Event *event)
{
    OutputFuncNode *idx;

    idx = LogList;

    pc.log_pkts++;

    while(idx != NULL)
    {
        idx->func(p, message, idx->arg, event);
        idx = idx->next;
    }
}

please help!
Thanks.


------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!


------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: