[Snort-devel] Re: Snort prepoocessor Kickstart

Yash Gandhi yashacad at ...2499...
Wed Nov 30 18:36:02 EST 2005


Hey,

I just saw, the structure IPHdr is initialized in Packet structure.
So it takes care of that,

but there are two structure pointers created, *iph, *orgiph.

ie IP header, and original IP header.
why do we need two?
any comments!!!

thanks
Yash


On 11/30/05, Yash Gandhi <yashacad at ...2499...> wrote:
>
> Hello ,
>
> In the Preprocessor kick start tutorial,
>
> the function hellofunc();
> is the function which is to be used, for anyone developing their own
> functionality.
>
> Now the function is initialized with no parameters hellofunc();
>
> but, it gets packet as the arguments,
> hellofunc( packet * p)
>
> I didn't get how did that happen,
> also, I wanted to access the source and destination IP addresses, so I
> need to pass another structure .
> How can I do that.
>
>
> Any help is appreciated.
>
> thank you
> Yash
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20051130/76e810cf/attachment.html>


More information about the Snort-devel mailing list