How to set the priority of new preprocessor written for layer 2 traffic in SNORT2?

[Awais Ali via Snort-devel <snort-devel () lists snort org>]

Hello all,
I have written a decoder for layer 2 and have written a preprocessor on top
of it to generate some required alerts. Its working perfectly as expected
but it gives following assertion failed message on TCP/UDP stream (stream6
preprocessor) traffic:


*snort: snort_stream_tcp.c:3407: StreamUpdatePerfBaseState: Assertion
`sf_base->iSessionsInitializing' failed.Aborted (core dumped) *
It should not give this error as i am not disturbing any other source code
above layer 3 but adding new functionality at layer 2.
My understanding is, it is because of the priority we set for different
preprocessors through following function(in this case arp's function) in
preprocessors:

*AddFuncToPreprocList(sc, DetectARPattacks, PRIORITY_NETWORK, PP_ARPSPOOF,
PROTO_BIT__ARP);*

I set the same priority ( PRIORITY_NETWORK) for my preprocessor as well but
when i play TCP/UDP traffic it gives me stream6 assertion error given
above. As I change priority it gives different output, so my question is
what should be the priority of new preprocessors working on a newly written
decoder for layer 2 protocol? Or is there any other reason for such kind of
assertion failed message?

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!