No subject


Thu Nov 23 16:31:58 EST 2017


 void DumpRuleChains()
{
    RuleListNode *rule;

    rule = RuleLists;

    while(rule != NULL)
    {
        DumpChain(rule->RuleList->IpList, rule->name, "IP Chains");
        DumpChain(rule->RuleList->TcpList, rule->name, "TCP Chains");
        DumpChain(rule->RuleList->UdpList, rule->name, "UDP Chains");
        DumpChain(rule->RuleList->IcmpList, rule->name, "ICMP Chains");
        rule = rule->next;
    }
}

I have read lisapaper and other informarion on snort but now I am reading
the source code and attempting to understand what it is doing. While the
ascii drawings help out they are simplified and I want to draw a more
accurate/complex version.
Neil




----- Original Message -----
From: "Chris Green" <cmg at ...81...>
To: <ndesai01 at ...1037...>
Cc: <snort-devel at lists.sourceforge.net>
Sent: Friday, January 04, 2002 8:13 PM
Subject: Re: [Snort-devel] rules.c/h


> ndesai01 at ...1037... writes:
>
> > If I am reading the rules.c file correctly once the rules have been
parsed
> > they are sent to either the IP chain, TCP chain, UDP chain or ICMP
chain.
> >
> > Am I missing something or just make things harder than they need to
> > be?
>
> The best explanation of it is in the FAQ
>
> http://www.snort.org/docs/faq.html#3.13
>
> It is confusing to to get used to because of the multiple types of
> Rule heads.
>
> The only thing I don't quite understand is how IP and ICMP rules
> organize themselves. Do they all get thrown into a single chain
> because they have no ports to group by?
>
> DumpChain() gives a good example of transversing it
>
> Hope it helps, in doing my own evil functions at the moment, I've had
> to look at it a lot
> --
> Chris Green <cmg at ...81...>
> A good pun is its own reword.





More information about the Snort-devel mailing list