|
|
|
|
Snort Forums Archive
Archive Home » Snort Development » snort-inline at runtime instead of compiletime
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
snort-inline at runtime instead of compiletime
Posted by bluefoxicy on May 09, 2005 06:32:01
AutoPackage has a nice tool called "relaytool" that allows simple code blocks to be automagically parsed into the more complex pointer BS that makes dynamic code react to libraries existing at runtime. For example, if libpng is there:
if (libpng_is_present) {
show_file_selection(FILETYPE_PNG);
}
void show_file_selection(int filetype) {
if (filetype == FILETYPE_PNG && libpng_is_present) {
libpng_functions_here();
}
else if (filetype == FILETYPE_JPG && libjpeg_is_present) {
libjpeg_functions_here();
}
...
}
I'm not sure exactly how it works, but it allows you to write "normal" looking code and have all the dlopen/dlsym stuff happen for you. Note that dlopen() and dlsym() work exactly the way any other dynamic linking from ld.so works, so the security considerations are exactly identical to using -lfoo on the compiler command line.
The idea here is to build snort so that snort-inline functionality is there; and if the libs needed to do it aren't around, snort simply refuses to use the code. This way snort won't depend on libpcap or libwhatever to run, but will need one or the other to be functional.
For reference:
http://autopackage.org/developer-quickstart.html
relaytool is unfortunately ill documented. |
|
Posted by roesch on June 28, 2005 12:12:53
Thanks! That's interesting, I'll take a look.
-Marty
|
|
|
|
|
|
