snort-devel July 2008 archive
Main Archive Page > Month Archives  > snort-devel archives
snort-devel: [Snort-devel] Question about preprocessor in snort

[Snort-devel] Question about preprocessor in snort 3.0

From: Xiao Jun <xiaojuntime_at_nospam>
Date: Fri Jul 04 2008 - 08:35:53 GMT
To: snort-devel@lists.sourceforge.net


Hi All,

In my understanding, all functionalities of preprocessors in snort 2.x should be moved to data source in snort 3.0. As Marty pointed out at
http://securitysauce.blogspot.com/2007/11/snort-30-architecture-series-part-1.html, IP defragmentation and TCP reassembly should be included in data source module of snort 3.0.

My question is that:
>From the beta source code for snort 3.0, IP defragmentation is already
here, but TCP reassembly seems to be not here, is the TCP reassembly still using stream5 included in snort 2.8 detection engine?

Thanks,
Jun



Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel