關於SNORT無法插入範例的preprocessor - 資安

我已經解決我的問題了，總結如下：

##################################################
spp_template.c: In function `SetupTemplate':
spp_template.c:100: warning: implicit declaration of function `DebugMessage'
spp_template.c:100: error: `DEBUG_PLUGIN' undeclared (first use in this
function)
spp_template.c:100: error: (Each undeclared identifier is reported only once
spp_template.c:100: error: for each function it appears in.)
spp_template.c: In function `TemplateInit':
spp_template.c:117: error: `DEBUG_PLUGIN' undeclared (first use in this
function)
spp_template.c:131: warning: passing arg 1 of `AddFuncToPreprocList' from
incompatible pointer type
spp_template.c:131: error: too few arguments to function
`AddFuncToPreprocList'
##################################################

1. error: `DEBUG_PLUGIN' undeclared

A: #include "debug.h"
我在spp_template.c引入debug.h的函式庫


2. warning: implicit declaration of function `DebugMessage'

A: DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"...");
我用DEBUG_WRAP()把DebugMessage()包起來
不過我不知道為何範例的寫法會有問題


3. warning: passing arg 1 of `AddFuncToPreprocList' from incompatible pointer
type
error: too few arguments to function `AddFuncToPreprocList'

A: 新版的SNORT已經改過AddFuncToPreprocList()這個函式
SNORT2.4.1裡的型態為PreprocessFuncNode *AddFuncToPreprocList(void (*func)
(Packet *, void *))
SNORT2.6.1.5裡的型態為PreprocessFuncNode *AddFuncToPreprocList(void (*func)
(Packet *, void *), unsigned short priority, unsigned int preproc_id)
所以我目前改在SNORT2.4.1執行我的程式


4.
##################################################
etc/snort.conf(803) unknown dynamic preprocessor "template"
ERROR: Misconfigured dynamic preprocessor(s)
Fatal Error, Quitting..
##################################################

A: 我在etc/snort.conf第803行是設定"preprocessor template"
所以我在spp_template.c註冊preprocessor的名稱時也要為"template"
// RegisterPreprocessor("keyword", TemplateInit);
RegisterPreprocessor("template", TemplateInit);
如果這兩個名稱不符合就會發生這個問題，然而範例是註冊為keyword
所以一定要去修改註冊的名稱



--