[Snort-devel] Question regarding Flowbits

Adayadil Thomas adayadil.thomas at ...2499...
Fri May 30 15:58:08 EDT 2008


Thanks for the reply.
Both FLOW info and flowdata bits is stored in the hash table
mentioned, is that right?

> Stream5 uses a mempool to dole out flow data structures.  Look at src/preprocessors/spp_stream5.c and src/preprocessors/Stream5/*.

With stream5 is'nt flow tracked through stream5 lookup rather than
separate flow hash table lookup?




On Fri, May 30, 2008 at 2:48 PM, Todd Wease <twease at ...402...> wrote:
> The actual rule option data is allocated and stored in a hash table. See
> src/detection-plugins/sp_flowbits.{c,h}.  Stream5 uses a mempool to dole out
> flow data structures.  Look at src/preprocessors/spp_stream5.c and
> src/preprocessors/Stream5/*.
>
> Adayadil Thomas wrote:
>>
>> Greetings.
>>
>> I am looking through the source code of snort 2.8.1 and I am trying to
>> understand
>> the allocation for memory for flowbits data.
>>
>> If x bytes (x times 8 bits) are needed for flowbits data, how and
>> where the memory
>> is allocated? If you can specify the file/function that I am looking
>> for that would be great.
>>
>> Thanks
>> Aday
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Microsoft
>> Defy all challenges. Microsoft(R) Visual Studio 2008.
>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>




More information about the Snort-devel mailing list