Snort ssl preprocessor
Here's my issue:
I am developing a preprocessor for Snort. I am trying to use the out of the box SSL preprocessor as a base line but so far its not making a whole lot of sense. Specifically I want to store the exchange between the server and the client (i.e. the IP addresses, certificates, essentially all the information that is sent before the connection gets encrypted). From what it looks like, looking at the code for the SF_snort_packet, which is the main structure that the rest of the SSL preprocessor uses, there is no way to access all of that information that I want to. Is this true? Is there another way to access the stream directly? Thanks for the input.
I doubt you'll find many snort experts here -- I'm certainly not one. Somebody else may come along later and give you the help you need, but I wouldn't hold your breath. Have you tried asking this on the snort mailing lists (http://www.snort.org/community/groups/)?
We can definitely help you if you have any specific C questions, but your general "how does snort's dynamic preprocessor work" is not well suited for this forum.
No, I haven't tried that yet. I knew there was a lot of members here and thought maybe someone would come along who could help me our. I will go over to the snort group and ask there. Thanks!