Snort mailing list archives
what is snort policy?
From: "????????" <85358830 () qq com>
Date: Tue, 16 May 2017 11:11:33 +0800
Hello everyone.
I tried to read the snort source code,I'm reading the snort/src/dynamic_preprocessor/reputation/spp_reputation.c
I can't understand the meaning of policy in the source code.
In the init function ReputationInit(The 447 line):
static void ReputationInit(struct _SnortConfig *sc, char *argp)
{
tSfPolicyId policy_id = _dpd.getParserPolicy(sc); ?????What is tSfPolicyId?Why should we use it?
ReputationConfig *pDefaultPolicyConfig = NULL; ?????what is the policy?
ReputationConfig *pPolicyConfig = NULL; ?????what is the policy?
if (reputation_config == NULL)
{
/*create a context*/
reputation_config = sfPolicyConfigCreate();
if (reputation_config == NULL)
{
DynamicPreprocessorFatalMessage("Failed to allocate memory "
"for Reputation config.\n");
}
_dpd.addPreprocConfCheck(sc, ReputationCheckConfig);
_dpd.registerPreprocStats(REPUTATION_NAME, ReputationPrintStats);
_dpd.addPreprocExit(ReputationCleanExit, NULL, PRIORITY_LAST, PP_REPUTATION);
#ifdef PERF_PROFILING
_dpd.addPreprocProfileFunc("reputation", (void *)&reputationPerfStats, 0, _dpd.totalPerfStats, NULL);
#endif
}
sfPolicyUserPolicySet (reputation_config, policy_id); ?????what is the policy?
pDefaultPolicyConfig = (ReputationConfig *)sfPolicyUserDataGetDefault(reputation_config); ?????what is
the policy?
pPolicyConfig = (ReputationConfig *)sfPolicyUserDataGetCurrent(reputation_config); ?????what is the
policy?
if ((policy_id != 0) && (pDefaultPolicyConfig == NULL))
{
DynamicPreprocessorFatalMessage("%s(%d) => Reputation configuration may only"
" be enabled in default configuration\n",
*_dpd.config_file, *_dpd.config_line);
}
if (pPolicyConfig != NULL)
{
DynamicPreprocessorFatalMessage("%s(%d) => Reputation preprocessor can only be "
"configured once.\n", *_dpd.config_file, *_dpd.config_line);
}
pPolicyConfig = (ReputationConfig *)calloc(1, sizeof(ReputationConfig));
if (!pPolicyConfig)
{
DynamicPreprocessorFatalMessage("Could not allocate memory for "
"Reputation preprocessor configuration.\n");
}
sfPolicyUserDataSetCurrent(reputation_config, pPolicyConfig);
ParseReputationArgs(pPolicyConfig, (u_char *)argp);
if ((0 == pPolicyConfig->numEntries)&&(!pPolicyConfig->sharedMem.path)) ?????what is the policy?
{
return;
}
if (policy_id != 0)
pPolicyConfig->memcap = pDefaultPolicyConfig->memcap; ?????what is the policy?
if (!pPolicyConfig->sharedMem.path && pPolicyConfig->localSegment)
IPtables = &pPolicyConfig->localSegment;
#ifdef SHARED_REP
if (pPolicyConfig->sharedMem.path && (!_dpd.isTestMode())) ?????what is the policy?
_dpd.addPostConfigFunc(sc, initShareMemory, pPolicyConfig);
#endif
}
There are a lot of policy, but I can't understand what they mean.
Who can explain their meaning?
Thanks in advance.
minggang
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- what is snort policy? ???????? (May 15)