[Discussion] Non-tokenized preprocessor parameter lines
Victor Julien
lists at inliniac.net
Tue Feb 10 09:21:09 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martin Fong wrote:
> Matt Jonkman wrote:
>
>> Non-tokenized preprocessor parameter lines
>
> Let me rephrase this into what I'd like (versus definition by
> negation): It would be great if processor arguments could (optionally)
> _include_ newlines to permit line-oriented parameter definition. For
> example, this would allow
>
> allow newlines
>
> preprocessor myPreprocessor: \
> threshold = 1.0 # a description \
> max_count = 10 # another description
>
> disallow newlines
>
> where "[dis]allow newlines" would dictate the parameter token scanner
> behavior.
>
> As a side issue, I'd also like more functionality in the mSplit
> () replacement. Specifically, it would be nice if it accepted 0
> (zero) for max_strs and then dynamically allocate the requisite
> members, particularly when the input is user-specified and thus
> causing the maximum to be relatively unpredictable (e.g., IP
> blacklists).
I think we need to work out a rules syntax and configuration scheme
first. I'm not convinced we should have a snort compatible configuration
scheme... I haven't thought of alternatives though.
Regards,
Victor
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkmRRwUACgkQiSMBBAuniMf8JQCbB4nQqxo1UNohtl0+wcAffMDq
VwYAn3yqd2+eKreUVVcmo2+RccVeF4ZR
=Rb/C
-----END PGP SIGNATURE-----
More information about the Discussion
mailing list