What is a Snort Preprocessor?

Preprocessors are pluggable components of Snort, introduced since version 1.5. They're "located" just after the module of protocol analysis and before the detection engine and do not depend of rules. They are called whenever a packet arrives, but JUST ONCE, the detection plugins, in the other hand, do depend of rules and may be applied many times for a single packet. SPP's can be used in different ways: They can look for an specific behavior(portscan, flowportscan), to be support for further analysis like flow, or just collect certain information, like perfmonitor.