[Snort-devel] Question about DAQ in snort 3.0
xiaojuntime at ...2499...
Mon Jul 7 04:41:49 EDT 2008
I think the mechanism is that the engine will invoke the callback
function finish_packet() to tell data source module to take the
corresponding action. Is that correct?
There is also another question, why need we do a packet copy in dap_pcap.c
memcpy(p, data, pkth->caplen);
Can we reuse data pointer to reduce the packet copy?
2008/7/4 Xiao Jun <xiaojuntime at ...2499...>:
> Hi All,
> I am wondering the snort 3.0 beta + iptables (IPS mode) workable or not,
> that means how did the engine return back the detection result (for
> example, drop or reject) back to data source?
> BTW, at line 147 of daq_ipq.c, "dd.resolution" should be used to
> return the detection result, but I even can not find out the
> definition for resolution.
More information about the Snort-devel