next up previous contents
Next: Detection Plugins Up: Snort Data Flow Previous: Snort Data Flow   Contents


For example, a TCP analysis preprocessor could simply return if the packet does not have a TCP header. It can do this by checking:

if (p->tcph==null)

Similarly, there are a lot of packet_flags available that can be used to mark a packet as ``reassembled'' or logged. Check out src/decode.h for the list of pkt_* constants.

Eugene Misnik 2013-05-08