[Snort-devel] Question about preprocessor in snort 3.0

Xiao Jun xiaojuntime at ...2499...
Fri Jul 4 04:35:53 EDT 2008


Hi All,

In my understanding, all functionalities of preprocessors in snort 2.x
should be moved to data source in snort 3.0.
As Marty pointed out at
http://securitysauce.blogspot.com/2007/11/snort-30-architecture-series-part-1.html,
IP defragmentation and TCP reassembly should be included in data
source module of snort 3.0.

My question is that:
>From the beta source code for snort 3.0, IP defragmentation is already
here, but TCP reassembly seems to be not here,
is the TCP reassembly still using stream5 included in snort 2.8
detection engine?

Thanks,
Jun




More information about the Snort-devel mailing list