[Snort-devel] *.rules files parsing

alessandrorguard-snortml at ...2440... alessandrorguard-snortml at ...2440...
Thu Nov 19 08:55:09 EST 2009


Any hint about the structure of the parsed rules?




----- Messaggio originale -----
> Da: Todd Wease <twease at ...402...>
> A: alessandrorguard-snortml at ...2440...
> Cc: snort-devel at lists.sourceforge.net
> Inviato: Gio 19 novembre 2009, 14:04:43
> Oggetto: Re: [Snort-devel] *.rules files parsing
> 
> All non-rule configurations are parsed first because there may be some 
> configuration options necessary for rules parsing, for example 
> preprocessor rule options.  A second pass is then done to parse the rules.
> 
> On 11/19/2009 07:47 AM, alessandrorguard-snortml at ...2440... wrote:
> > During some testing with parser.c it comes out that the rules files
> > included in the snort.conf file gets included 2 times: the first in
> > ParseSnortConf(), then in ParseRules().
> > Is it correct?
> > What are the differences in the two steps?
> > Could any developer tell the structure of the parsed rules? The only 
> documentation I’m finding on the net seems to be obsolete…
> > Thanks!
> >
> > Alessandro R
> >








More information about the Snort-devel mailing list