Comment # 7
on bug 8461
from Sebastiano Di Paola
(In reply to comment #6)
> Comment on attachment 10228 [details]
> patch to add json dissection to some honeypot messages
>
> >
> >+static const chan_str_elem chan_lookup_table[] = {
> >+ { "dionaea.capture", CH_DIONAEA_CAPTURE },
> >+ { "dionaea.dcerpcrequests", CH_DIONAEA_DCE },
> >+ { "dionaea.shellcodeprofiles", CH_DIONAEA_SHELLCODE },
> >+ { "mwbinary.dionaea.sensorunique", CH_DIONAEA_UINQUE },
> >+ { "kippo.sessions", CH_KIPPO_SESSIONS },
> >+ { "geoloc.events", CH_GEOLOC_EVENTS },
> >+ { "glastopf.events", CH_GLASTOPF_EVENTS },
> >+ { NULL, CH_EINVAL }
> >+};
> >
> >+static gint8 lookup_channel_string(char* str)
> >+{
> >+ const chan_str_elem *ptr = NULL;
> >+
> >+ for (ptr = chan_lookup_table; ptr->chan_name != NULL; ptr++)
> >+ if(!strncmp(ptr->chan_name, str, strlen(ptr->chan_name)))
> >+ return ptr->value;
> >+ return CH_EINVAL;
> >+}
> >+
> >+
>
> Why don't use string_string table ? (and match_strstr)
Just didn't know about the existence of string_string table :)
I will update the code and re-submit the patch!
Thanks a lot!
Cheers,
Seba
You are receiving this mail because:
- You are watching all bug changes.