A typical process flow:
221 /* Not a completely ideal place for this since any entries added on the
222 * PacketCallback -> ProcessPacket -> Preprocess trail will get
223 * obliterated - right now there isn't anything adding entries there.
224 * Really need it here for stream5 clean exit, since all of the
225 * flushed, reassembled packets are going to be injected directly into
226 * this function and there may be enough that the obfuscation entry
227 * table will overflow if we don't reset it. Putting it here does
228 * have the advantage of fewer entries per logging cycle */
SnortMain -> PacketLoop -> PacketCallback -> ProcessPacket -> Preprocess ->Detect ->fpEvalPacket ->fpEvalHeaderTcp
Thursday, March 9, 2017
Subscribe to:
Posts (Atom)