[Snort-devel] Regarding PORTLISTS and TARGET_BASED features

snort user snort.user at ...2499...
Thu Oct 16 14:24:24 EDT 2008


Hello and Greetings. Hope this email finds you well.

I have a question(s) regarding the new PORTLISTS feature.


In fpdetect.c (snort release 2.8.*) we have --

static INLINE int fpEvalHeaderTcp(Packet *p)
{
    PORT_GROUP *src, *dst, *gen;
    int retval=0;

#if defined(TARGET_BASED) && defined(PORTLISTS)
<snip>

#else
    //old way
    retval = prmFindRuleGroupTcp(p->dp, p->sp, &src, &dst, &gen);
#endif

<snip>


Does the PORTLIST based packet evaluation work only with TARGET_BASED setting?
What is the behavior if PORTLISTS is defined and TARGET_BASED is not?
Is there a dependency for PORTLISTS feature on TARGET_BASED feature?

Any clarification on this is much appreciated.




More information about the Snort-devel mailing list