[Snort-users] snort datasctuctures

Matt Kettler mkettler at ...4108...
Wed Sep 1 13:55:03 EDT 2004

At 01:42 PM 9/1/2004, snort user wrote:
>i was going through the code of snort to understand the data structures 
>that are being used to store the rules and then to detect. is there some 
>material where i can get a head start on this?

If you don't get an answer to your question, repeating it isn't going to help.

Check the whitepapers sourcefire has released on the website (linked from 
snort.org). The whitepapers on the detection engines at least give a high 
level view of what's going on which may be helpful when trying to read the 
code. Other than those, the source code is the only documentation.

Of course, I'm curious as to why your're looking at the code at this 
detailed of a level. Perhaps you might get some more helpful answers if you 
state what you're looking to do.

