|Main Archive Page > Month Archives > snort-devel archives|
In my understanding, all functionalities of preprocessors in snort 2.x
should be moved to data source in snort 3.0.
As Marty pointed out at
http://securitysauce.blogspot.com/2007/11/snort-30-architecture-series-part-1.html, IP defragmentation and TCP reassembly should be included in data source module of snort 3.0.
My question is that:
>From the beta source code for snort 3.0, IP defragmentation is already
here, but TCP reassembly seems to be not here, is the TCP reassembly still using stream5 included in snort 2.8 detection engine?