No subject

Thu Nov 23 16:31:58 EST 2017

 void DumpRuleChains()
    RuleListNode *rule;

    rule = RuleLists;

    while(rule != NULL)
        DumpChain(rule->RuleList->IpList, rule->name, "IP Chains");
        DumpChain(rule->RuleList->TcpList, rule->name, "TCP Chains");
        DumpChain(rule->RuleList->UdpList, rule->name, "UDP Chains");
        DumpChain(rule->RuleList->IcmpList, rule->name, "ICMP Chains");
        rule = rule->next;

I have read lisapaper and other informarion on snort but now I am reading
the source code and attempting to understand what it is doing. While the
ascii drawings help out they are simplified and I want to draw a more
accurate/complex version.

----- Original Message -----
From: "Chris Green" <cmg at ...81...>
To: <ndesai01 at ...1037...>
Cc: <snort-devel at>
Sent: Friday, January 04, 2002 8:13 PM
Subject: Re: [Snort-devel] rules.c/h

> ndesai01 at ...1037... writes:
> > If I am reading the rules.c file correctly once the rules have been
> > they are sent to either the IP chain, TCP chain, UDP chain or ICMP
> >
> > Am I missing something or just make things harder than they need to
> > be?
> The best explanation of it is in the FAQ
> It is confusing to to get used to because of the multiple types of
> Rule heads.
> The only thing I don't quite understand is how IP and ICMP rules
> organize themselves. Do they all get thrown into a single chain
> because they have no ports to group by?
> DumpChain() gives a good example of transversing it
> Hope it helps, in doing my own evil functions at the moment, I've had
> to look at it a lot
> --
> Chris Green <cmg at ...81...>
> A good pun is its own reword.

More information about the Snort-devel mailing list