Re: external internet/process calls from a preprocessor

can we see the code?

Regards,

Will

On 4/15/06, David Cann <dlcann@xxxxxxxxxxxxxxxxxxxx> wrote:
> I was told I might have more luck posting this to the devel list, rather
> than the users list, so here goes ;-)
>
> I've got snort 2.4.4 running inline on a dedicated box, and I'm trying
> to use the gethostbyname() function to make a simple DNS call when a set
> of criteria is true. This code is contained in a preprocessor which
> otherwise works fine. When the criteria are satisfied, the DNS call
> invariably fails to work; it doesn't time out, it just fails outright,
> as if it has no access to the internet.
>
> Running the exact same code in a standalone program outside of Snort,
> works fine. So my backup idea was to invoke a standalone program each
> time the criteria is met, and pass arguments back and forth. This
> doesn't seem to work either, it's as if snort disallows such
> functionality, even when running in daemon mode.
>
> I admit I am a terrible, novice C programmer. But can anybody provide
> some insight into either A) snort not being able to make DNS calls from
> a preprocessor, or B) snort not invoking an external process and passing
> arguments?
>
> -Note: It was mentioned in a reply on the other list that Snort doesn't
> disallow DNS resolution implicitly in its programming. Is this accurate?
> Is there any other reason my gethostbyname() call is failing so miserably?
>
> Thanks in advance,
> --Dave
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Snort-devel mailing list
> Snort-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642