[Snort-devel] Order of preprocessors:

Ashley Thomas athomas at ...1383...
Wed Jun 19 16:22:02 EDT 2002


Hi,

The InitPreprocessors() sets up the preprocessors in the order:
    SetupHttpDecode();
    SetupPortscan();
    SetupPortscanIgnoreHosts();
    SetupDefrag();
    SetupTcpStream2();
    SetupSpade();
    SetupUnidecode();
    SetupRpcDecode();
    SetupBo();
    SetupTelNeg();
    SetupStream4();
    SetupFrag2();
    SetupARPspoof();

Also in int Preprocess(Packet * p)

    idx = PreprocessList;
                
    while(idx != NULL)
    {   
        assert(idx->func != NULL);
        idx->func(p);
        idx = idx->next;
    }   

** This means that the Preprocessors gets the packet in the 
** same order as it is setup, right ?
** But in that case does'nt http_decode / stream4 etc HAVE to come after
** fragmentation reassembly ?
** Without reassembling fragmentations it doesnt make much sense , right ?

Correct me if i am wrong .

thanks
ashley thomas







More information about the Snort-devel mailing list