Hi,
I'm working with snort_inline version 2.3.0-RC1, and I would like to know
how can I write a preprocessor to modify the packets.
I have to modify a packet payload (SIP protocol) inside a snort_inline
preprocessor written by myself.
How can I replace a string (e.g. marco) with some other string (e.g. XXXX)
inside a preprocessor?
Is there a function call I can use?
I guess I have to use the 'replace' keyword, but the example in the file
README.INLINE is not explaining how to do what I need: it is explaining how
to modify a packet using the rules while I need to modify the packet more
dynamically in a preprocessor.
(I am also dropping packets inside the preprocessor and I use the function
InlineDrop(), is there something
similar to replace strings?)
Thanks in advance,
Marco
|
