[Snort-devel] Snort++: enum "RuleOptType"

Sancho Panza sancho at ...3553...
Mon Mar 23 07:55:19 EDT 2015


Hello

I have noticed that IPS options register themselves with Snort by 
providing their RuleOptType, either of

OPT_TYPE_LOGGING,
OPT_TYPE_DETECTION,
OPT_TYPE_META

I was trying to find out what are the exact implications of registering 
one type or the other. The only place in the source that I was able to 
find is in IpsManager::option_end ( ips_manager.cc), where it only makes 
a difference if you provide OPT_TYPE_META or any other:

if ( ! ips )
     return (ruleOptType == OPT_TYPE_META);

In parse_rule_opt_end (parse_rule.cc) it also only makes a difference if 
you provide OPT_TYPE_META.

So it looks to me like it really makes no difference at all to use 
OPT_TYPE_LOGGING or OPT_TYPE_DETECTION, is that right?

Why is a distinction made between these two? Am I missing something?

Thanks

Sancho




More information about the Snort-devel mailing list