[Snort-devel] The detect function

Shimrit Tzur shimritd at ...2499...
Tue Dec 18 02:39:31 EST 2012


Hello all,
I know Snort for a while but new in developing it.
I'm trying to trace the function flow of a standard http packet.
I notice that in the detect function of (detect.c) there is a switch-case
statement on "p->outer_family" where the options are AF_INET and AF_INET6.
In my case the value is 0 so the program goes to the default option which
simply returns so the fpEvalPacket isn't called.

My question is what is the meaning of this outer_family field of the packet
and why it is 0?

Thanks a lot,
Shimrit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20121218/fa6433b4/attachment.html>


More information about the Snort-devel mailing list