[Snort-devel] noinspect parameter in stream4

Steven Sturges steve.sturges at ...402...
Tue Aug 14 15:51:39 EDT 2007


No, flow does not depend on stream4... They were both maintaining
their own data structures for flows/sessions.

However, the flow:established,to_server etc options relate to
TCP state tracking.

Cheers.
-steve

snort user wrote:
> Is the flow preprocessor depending on stream4 ? (spp_flow.c and
> everything in flow/ )
> 
> I was trying to find the link/dependency and could not find it -
> looked like flow was
> maintaining it's own data structure and all.
> 
> Any information on this is much appreciated.
> 
> -Thanks
> 
> On 8/13/07, Steven Sturges <steve.sturges at ...402...> wrote:
>> It disables stateful inspection for ports that are not listed in the
>> reassemble list... So, for any rules that use flow:to_server, etc
>> options, they will not trigger unless the port is in the list for
>> reassembly.
>>
>> Cheers.
>> -steve
>>
>> snort user wrote:
>>> Greetings
>>>
>>> I have a question with the stream4 preprocessor. I hope someone can
>>> answer it even though stream4 is getting obsolete.
>>>
>>> If I specify noinspect in the stream4 config, it should disable
>>> stateful inspection altogether
>>> for all ports ?
>>> or it will disable stateful inspection for ports not listed in the
>>> stream4_reassemble list?
>>>
>>> Thanks
>>>
>>> -------------------------------------------------------------------------
>>> This SF.net email is sponsored by: Splunk Inc.
>>> Still grepping through log files to find problems?  Stop.
>>> Now Search log events and configuration files using AJAX and a browser.
>>> Download your FREE copy of Splunk now >>  http://get.splunk.com/
>>> _______________________________________________
>>> Snort-devel mailing list
>>> Snort-devel at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 




More information about the Snort-devel mailing list