Re: The detect function

[Shimrit Tzur <shimritd () gmail com>]

I can see now that I'm getting into the ifdef GRE in the function and this
is the reason that it returns.
Can someone explain me why? what is this gre? the input contains http or
tcp packets.
Thanks!

On Tue, Dec 18, 2012 at 9:39 AM, Shimrit Tzur <shimritd () gmail com> wrote:

> Hello all,
> I know Snort for a while but new in developing it.
> I'm trying to trace the function flow of a standard http packet.
> I notice that in the detect function of (detect.c) there is a switch-case
> statement on "p->outer_family" where the options are AF_INET and AF_INET6.
> In my case the value is 0 so the program goes to the default option which
> simply returns so the fpEvalPacket isn't called.
>
> My question is what is the meaning of this outer_family field of the
> packet and why it is 0?
>
> Thanks a lot,
> Shimrit
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!