[Snort-devel] Snort++: enum "RuleOptType"

Russ rucombs at ...3461...
Mon Mar 23 08:25:58 EDT 2015



On 3/23/15 7:55 AM, Sancho Panza wrote:
> Hello
>
> I have noticed that IPS options register themselves with Snort by
> providing their RuleOptType, either of
>
> OPT_TYPE_LOGGING,
> OPT_TYPE_DETECTION,
> OPT_TYPE_META
>
> I was trying to find out what are the exact implications of registering
> one type or the other. The only place in the source that I was able to
> find is in IpsManager::option_end ( ips_manager.cc), where it only makes
> a difference if you provide OPT_TYPE_META or any other:
>
> if ( ! ips )
>       return (ruleOptType == OPT_TYPE_META);
>
> In parse_rule_opt_end (parse_rule.cc) it also only makes a difference if
> you provide OPT_TYPE_META.
>
> So it looks to me like it really makes no difference at all to use
> OPT_TYPE_LOGGING or OPT_TYPE_DETECTION, is that right?
>
> Why is a distinction made between these two? Am I missing something?
Just use detection or meta.  Logging will likely disappear in a later 
version and this may be replaced with a bool.
>
> Thanks
>
> Sancho
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!





More information about the Snort-devel mailing list