[Snort-devel] The detect function
shimritd at ...2499...
Tue Dec 18 02:39:31 EST 2012
I know Snort for a while but new in developing it.
I'm trying to trace the function flow of a standard http packet.
I notice that in the detect function of (detect.c) there is a switch-case
statement on "p->outer_family" where the options are AF_INET and AF_INET6.
In my case the value is 0 so the program goes to the default option which
simply returns so the fpEvalPacket isn't called.
My question is what is the meaning of this outer_family field of the packet
and why it is 0?
Thanks a lot,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel