Snort mailing list archives

Previous By Date Next
Previous By Thread Next

The detect function

From: Shimrit Tzur <shimritd () gmail com>
Date: Tue, 18 Dec 2012 09:39:31 +0200
Hello all,
I know Snort for a while but new in developing it.
I'm trying to trace the function flow of a standard http packet.
I notice that in the detect function of (detect.c) there is a switch-case
statement on "p->outer_family" where the options are AF_INET and AF_INET6.
In my case the value is 0 so the program goes to the default option which
simply returns so the fpEvalPacket isn't called.

My question is what is the meaning of this outer_family field of the packet
and why it is 0?

Thanks a lot,
Shimrit

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: