Snort mailing list archives
Re: *.rules files parsing
From: Todd Wease <twease () sourcefire com>
Date: Thu, 19 Nov 2009 08:04:43 -0500
All non-rule configurations are parsed first because there may be some configuration options necessary for rules parsing, for example preprocessor rule options. A second pass is then done to parse the rules. On 11/19/2009 07:47 AM, alessandrorguard-snortml () yahoo it wrote:
During some testing with parser.c it comes out that the rules files included in the snort.conf file gets included 2 times: the first in ParseSnortConf(), then in ParseRules(). Is it correct? What are the differences in the two steps? Could any developer tell the structure of the parsed rules? The only documentation I’m finding on the net seems to be obsolete… Thanks! Alessandro R
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- *.rules files parsing alessandrorguard-snortml (Nov 19)
- Re: *.rules files parsing Todd Wease (Nov 19)
- Re: *.rules files parsing alessandrorguard-snortml (Nov 19)
- Re: *.rules files parsing Todd Wease (Nov 19)