(no subject)

[Hema Krishnamurthy <hemasreeram () yahoo com>]

Hi,

Can someone please explain to me this comment in
fpdetect.c?

PKT_REBUILT_STREAM packets are re-injected streams. 
This means
    **  that the "packet headers" are completely bogus
and only the 
    **  content matches are important.  So for
PKT_REBUILT_STREAMs, we
    **  don't inspect against no-content OTNs since
these deal with 
    **  packet headers, packet sizes, etc.
    **
    **  NOTE:
    **  This has been changed when evaluating
no-content rules because
    **  it was interfering with the pass->alert
ordering.  We still
    **  need to check no-contents against rebuilt
packets, because of
    **  this problem.  Immediate solution is to have
the detection plugins
    **  bail if the rule should only be inspected
against packets, a.k.a
    **  dsize checks.

Thanks



                
__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - Get yours free! 
http://my.yahoo.com 
 



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users