[Snort-devel] Re: Snort prepoocessor Kickstart

Yash Gandhi yashacad at ...2499...
Wed Nov 30 18:36:02 EST 2005


I just saw, the structure IPHdr is initialized in Packet structure.
So it takes care of that,

but there are two structure pointers created, *iph, *orgiph.

ie IP header, and original IP header.
why do we need two?
any comments!!!


On 11/30/05, Yash Gandhi <yashacad at ...2499...> wrote:
> Hello ,
> In the Preprocessor kick start tutorial,
> the function hellofunc();
> is the function which is to be used, for anyone developing their own
> functionality.
> Now the function is initialized with no parameters hellofunc();
> but, it gets packet as the arguments,
> hellofunc( packet * p)
> I didn't get how did that happen,
> also, I wanted to access the source and destination IP addresses, so I
> need to pass another structure .
> How can I do that.
> Any help is appreciated.
> thank you
> Yash
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20051130/76e810cf/attachment.html>

More information about the Snort-devel mailing list