On 12/3/06, Kevin Johnson <firstname.lastname@example.org> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Ok, I am in the process of trying to morph the schema and rewrite the
plugin so that we can get some populated databases to test against.
But I have some
What are the snort_option_ipv4 and snort_option_tcp tables for? I
see where they
relate over to the other tables but I don't see where they would get
what we would use them for? I am assuming that I am just missing
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----
The tables that are prefixed with "snort_option_" are used to store
reference data. Reference data is defined as "data provided by an rfc
or ietf group" and is mostly static in content.
The usefulness of this data includes:
- during the
presentation of data in applications (e.g., base), reference data can
be provided in addition to actual raw data (packet). In the case of
the snort_option_ipv4, let us say that tpc header options 1 through 24
are set to various values; this supporting data will allow the
application to present a code/name for each of the header options.
- during the querying of data, say you want to search for tcp
packets that have the 'Security' header option set (option number 2),
the application can use the data in the supporing tables to drive menus
that present "code-name" values. Just friendlier to look at.
In the examples presented above, the snort_option_ipv4 optiosn were used. A reference of the various values can be found at
The concept is to use store common data that can drive the
presentation of information and assist in the manipulation of
information (searching, etc.)