[Snort-devel] The detect function

Shimrit Tzur shimritd at ...2499...
Tue Dec 18 04:57:21 EST 2012


I can see now that I'm getting into the ifdef GRE in the function and this
is the reason that it returns.
Can someone explain me why? what is this gre? the input contains http or
tcp packets.
Thanks!

On Tue, Dec 18, 2012 at 9:39 AM, Shimrit Tzur <shimritd at ...2499...> wrote:

> Hello all,
> I know Snort for a while but new in developing it.
> I'm trying to trace the function flow of a standard http packet.
> I notice that in the detect function of (detect.c) there is a switch-case
> statement on "p->outer_family" where the options are AF_INET and AF_INET6.
> In my case the value is 0 so the program goes to the default option which
> simply returns so the fpEvalPacket isn't called.
>
> My question is what is the meaning of this outer_family field of the
> packet and why it is 0?
>
> Thanks a lot,
> Shimrit
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20121218/f87d759f/attachment.html>


More information about the Snort-devel mailing list