snort-devel July 2008 archive
Main Archive Page > Month Archives  > snort-devel archives
snort-devel: Re: [Snort-devel] How to get the name of the curren

Re: [Snort-devel] How to get the name of the current interface?

From: Jack Pepper <pepperjack_at_nospam>
Date: Tue Jul 01 2008 - 13:44:04 GMT
To: Salvo Danilo Giuffrida <salvodanilogiuffrida@gmail.com>


Quoting Salvo Danilo Giuffrida <salvodanilogiuffrida@gmail.com>:

> Hello, the function GetIP(char*) returns the IP assigned to the
> interface whose name is specified as the 1st parameter. But, how can I
> get the name of the interface Snort is currently sniffing to (apart
> from parsing the command line or the snort.conf file)?
> Thanks

I assume you are talking about during detection (since you mention CallAlertFunc). The packet structure, P, passed into your detector includes as it's structure a pointer to the pflog header at p->pfh. The pfh structure includes some fields that describe the interface associated with the packet. For an example of how to use the pfh structre, look at detect.c and see how the grinder gets built for each interface.

I have not tested this before, but it seems straightforward enough.

jp -- Framework? I don't need no steenking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Snort-devel mailing list Snort-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-devel