[Snort-devel] quesion about snort Packet type
Joseph Nicholas Yarbrough
nyarbrough at ...118...
Tue Dec 26 04:59:24 EST 2000
Does snort set the pointers (tcph, iph, udph, and icmph) in Packet to null if
they are not valid. (i.e. if the Packet is not tcp, tcph is null) If not, how
do I determine which I should use?
Also, what are orig_iph, orig_tcph, orig_udph, and orig_icmph for? Are the
others (iph, tcph, udph, and icmph) somehow different than thier orig_
eqivelents? Most importantly, which set should my output plugin use?
Thanks for all your help,
More information about the Snort-devel