void RZBProcess(void *p, void *context)
{
SFSnortPacket *sp = (SFSnortPacket *)p;
// preconditions - what we registered for
assert(IsTCP(sp));
// Only rebuilt packets from server
if (sp->src_port == 80 && !(sp->flags & FLAG_REBUILT_STREAM) && sp->payload_size != 0)
{
ProcessFromServer(sp);
return;
}
// No rebuilt packets to server, and only packets with data
if(sp->dst_port == 80 && !(sp->flags & FLAG_REBUILT_STREAM) && sp->payload_size != 0)
{
ProcessFromClient(sp);
return;
}
if(sp->dst_port == 25 && (sp->flags & FLAG_REBUILT_STREAM) && sp->payload_size != 0)
{
smtpdumpereval(sp);
return;
}
return;
}
void RZBProcess(void *p, void *context)
{
SFSnortPacket *sp = (SFSnortPacket *)p;
if(!sp->ip4_header || sp->ip4_header->proto != IPPROTO_TCP || !sp->tcp_header)
{
/* Not for me, return */
return;
}
// Only rebuilt packets from server
if (sp->src_port == 80 && !(sp->flags & FLAG_REBUILT_STREAM) && sp->payload_size != 0)
{
ProcessFromServer(sp);
return;
}
// No rebuilt packets to server, and only packets with data
if(sp->dst_port == 80 && !(sp->flags & FLAG_REBUILT_STREAM) && sp->payload_size != 0)
{
ProcessFromClient(sp);
return;
}
if(sp->dst_port == 25 && (sp->flags & FLAG_REBUILT_STREAM) && sp->payload_size != 0)
{
smtpdumpereval(sp);
return;
}
return;
}
