[Snort-devel] Session reassembly in a preprocessor

Pietro Ravasio snort at ...1266...
Fri Apr 19 02:20:04 EDT 2002

Chris Green wrote:

 > Each pkt has
 > void *ssnptr;      /* for tcp session tracking info... */
 > that should be a pointer back to the tcp session info for that.
 > It's there so that the orignal packets can be flushed but should also
 > give you what you want

Hi Chris,

thanks, this is exactly what I need. I've just got two problems now:
1st) To correctly read from Session data structure I had to make a
static cast like this:


for this reason I had to redefine Session data structure into my
preprocessor's code. Infact, if I don't make a cast, the compiler tells
me that:

...request for member 'start_time' in something not a structure or union

2nd) If I try to read from Session data structure I get a segmentation
fault after a while (a few seconds). For example, trying to do this:

foo.s_addr = p->ssnptr->server.ip;
printf(" Server IP: %s ", inet_ntoa(foo));

gdb session:
#0  0x080784a2 in Pride (p=0x80c73b0) at spp_pride.c:260
260 printf(" Server IP: %s ", inet_ntoa(foo));
(gdb) bt
#0  0x080784a2 in Pride (p=0x80c73b0) at spp_pride.c:260
#1  0x0805655a in Preprocess (p=0x80c73b0) at rules.c:3545

Any suggestion?

Thank you so much for your patience,

"Our real illiteracy is our inability to create"

More information about the Snort-devel mailing list