Snort mailing list archives
what is snort policy?
From: "????????" <85358830 () qq com>
Date: Tue, 16 May 2017 11:11:33 +0800
Hello everyone. I tried to read the snort source code,I'm reading the snort/src/dynamic_preprocessor/reputation/spp_reputation.c I can't understand the meaning of policy in the source code. In the init function ReputationInit(The 447 line): static void ReputationInit(struct _SnortConfig *sc, char *argp) { tSfPolicyId policy_id = _dpd.getParserPolicy(sc); ?????What is tSfPolicyId?Why should we use it? ReputationConfig *pDefaultPolicyConfig = NULL; ?????what is the policy? ReputationConfig *pPolicyConfig = NULL; ?????what is the policy? if (reputation_config == NULL) { /*create a context*/ reputation_config = sfPolicyConfigCreate(); if (reputation_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for Reputation config.\n"); } _dpd.addPreprocConfCheck(sc, ReputationCheckConfig); _dpd.registerPreprocStats(REPUTATION_NAME, ReputationPrintStats); _dpd.addPreprocExit(ReputationCleanExit, NULL, PRIORITY_LAST, PP_REPUTATION); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("reputation", (void *)&reputationPerfStats, 0, _dpd.totalPerfStats, NULL); #endif } sfPolicyUserPolicySet (reputation_config, policy_id); ?????what is the policy? pDefaultPolicyConfig = (ReputationConfig *)sfPolicyUserDataGetDefault(reputation_config); ?????what is the policy? pPolicyConfig = (ReputationConfig *)sfPolicyUserDataGetCurrent(reputation_config); ?????what is the policy? if ((policy_id != 0) && (pDefaultPolicyConfig == NULL)) { DynamicPreprocessorFatalMessage("%s(%d) => Reputation configuration may only" " be enabled in default configuration\n", *_dpd.config_file, *_dpd.config_line); } if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("%s(%d) => Reputation preprocessor can only be " "configured once.\n", *_dpd.config_file, *_dpd.config_line); } pPolicyConfig = (ReputationConfig *)calloc(1, sizeof(ReputationConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "Reputation preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(reputation_config, pPolicyConfig); ParseReputationArgs(pPolicyConfig, (u_char *)argp); if ((0 == pPolicyConfig->numEntries)&&(!pPolicyConfig->sharedMem.path)) ?????what is the policy? { return; } if (policy_id != 0) pPolicyConfig->memcap = pDefaultPolicyConfig->memcap; ?????what is the policy? if (!pPolicyConfig->sharedMem.path && pPolicyConfig->localSegment) IPtables = &pPolicyConfig->localSegment; #ifdef SHARED_REP if (pPolicyConfig->sharedMem.path && (!_dpd.isTestMode())) ?????what is the policy? _dpd.addPostConfigFunc(sc, initShareMemory, pPolicyConfig); #endif } There are a lot of policy, but I can't understand what they mean. Who can explain their meaning? Thanks in advance. minggang ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- what is snort policy? ???????? (May 15)