Snort mailing list archives

Re: question about InlineDrop()

From: Steven Sturges <steve.sturges () sourcefire com>
Date: Fri, 26 Feb 2010 08:46:51 -0500

Hi Markus--

The idea there is once you decide to drop (block) a packet,
do the same for the other packets in the session.

The stateless check disables that if the drop is triggered
from a rule that has flow:stateless.

Cheers.
-steve

Markus Lude wrote:

Hello,
in inline.c in InlineDrop() there is among others this piece of code:

        if (!(p->packet_flags & PKT_STATELESS))
            stream_api->drop_traffic(p->ssnptr, SSN_DIR_BOTH);

I've some problems to understand what it does and when. Maybe someone
could help me here? Thanks.

Regards,
Markus


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Current thread:

question about InlineDrop() Markus Lude (Feb 26)
- Re: question about InlineDrop() Steven Sturges (Feb 26)