[Snort-devel] question about InlineDrop()

Steven Sturges steve.sturges at ...402...
Fri Feb 26 08:46:51 EST 2010


Hi Markus--

The idea there is once you decide to drop (block) a packet,
do the same for the other packets in the session.

The stateless check disables that if the drop is triggered
from a rule that has flow:stateless.

Cheers.
-steve

Markus Lude wrote:
> Hello,
> in inline.c in InlineDrop() there is among others this piece of code:
> 
>         if (!(p->packet_flags & PKT_STATELESS))
>             stream_api->drop_traffic(p->ssnptr, SSN_DIR_BOTH);
> 
> I've some problems to understand what it does and when. Maybe someone
> could help me here? Thanks.
> 
> Regards,
> Markus
> 
> 
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 




More information about the Snort-devel mailing list