How to make my preprocessor being called before the stream5_global (aka spp_session)?

[Jan Hermes <jan.hermes () hotmail de>]

I developed a preprocessor that is also handling Ethernet frames.

The problem I've got is, that my preprocessor is being disabled by the session preprocessor because an Ethernet frame 
does not have a valid IP header.

I registered my preprocessor with PRIORITY_CORE which evaluates to 0x0 but the session preprocessor is registered with 
PP_SESSION_PRIORITY = PRIORITY_CORE + PP_CORE_ORDER_SESSION which evaluates also to 0x0 (= 0x0 + 0x0).

So both preprocessors have theoretically the same priority value. The session pp though is being called before, so my 
preprocessor is being disabled before it can process any Ethernet frame.

Is there a way to register my preprocessor or tweak anything via the session_api, so that it is being called in any 
case? (e.g. make it the first preprocessor in line, even before the session preprocessor)

Thank you for any help

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!