Preprocessors, detection capabilities, and rules can now be developed as dynamically loadable module to snort. When enabled via the -enable-dynamicplugin configure option, the dynamic API presents a means for loading dynamic libraries and allowing the module to utilize certain functions within the main snort code.
The remainder of this chapter will highlight the data structures and API functions used in developing preprocessors, detection engines, and rules as a dynamic plugin to snort.
Beware: the definitions herein may be out of date; check the appropriate header files for the current definitions.