[Oisf-devel] [PATCH 1/3] Add support for 'set_mark' keyword
Eric Leblond
eric at regit.org
Mon Mar 7 21:16:30 UTC 2011
Hi,
Le lundi 07 mars 2011 à 21:42 +0100, Victor Julien a écrit :
> Hi Eric, the way the detection function is called in the detection
> engine is not how it should be. It should be registered with the keyword
> so it's only activated if the signature is inspected.
>
> More inline...
>
> On 03/07/2011 11:59 AM, Eric Leblond wrote:
> > +/**
> > + * \brief Registration function for set_mark: keyword
> > + */
> > +
> > +void DetectMarkRegister (void) {
> > + sigmatch_table[DETECT_MARK].name = "set_mark";
> > + sigmatch_table[DETECT_MARK].Match = NULL;
>
> The detection engine needs to be registered here ^^.
Really looks cleaner that way ! I send a updated version of the patchset
ASAP.
BR,
--
Eric Leblond <eric at regit.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20110307/5d00ebcf/attachment.sig>
More information about the Oisf-devel
mailing list