In this chapter you will learn how to navigate the Snort source tree. You will also learn how to create new detection plugins, output plugins, and preprocessors, and modify existing plugins in order to add new functionality to Snort.

Plugins and preprocessors can be used to vastly alter the behavior and functionality of Snort. Before starting out and creating your own plugin or preprocessor, it is usually best to try and make sure that someone else has not already written what you desire. As the famous saying goes, “Why reinvent the wheel?”

If there is not an exact implementation of what you ...