[Snort-devel] quesion about snort Packet type

Joseph Nicholas Yarbrough nyarbrough at ...118...
Tue Dec 26 04:59:24 EST 2000


Does snort set the pointers (tcph, iph, udph, and icmph) in Packet to null if 
they are not valid. (i.e. if the Packet is not tcp, tcph is null) If not, how 
do I determine which I should use?

Also, what are orig_iph, orig_tcph, orig_udph, and orig_icmph for? Are the 
others (iph, tcph, udph, and icmph) somehow different than thier orig_ 
eqivelents? Most importantly, which set should my output plugin use?

Thanks for all your help,
-Nick




More information about the Snort-devel mailing list