[Snort-users] what is snort policy?

阔野嘹歌 85358830 at ...15456...
Mon May 15 23:11:33 EDT 2017


Hello everyone.
I tried to read the snort source code,I'm reading the snort/src/dynamic_preprocessor/reputation/spp_reputation.c 
I can't understand the meaning of policy in the source code.
In the init function ReputationInit(The 447 line):


static void ReputationInit(struct _SnortConfig *sc, char *argp)
{
    tSfPolicyId policy_id = _dpd.getParserPolicy(sc);     ?????What is  tSfPolicyId?Why should we use it?
    ReputationConfig *pDefaultPolicyConfig = NULL;     ?????what is the policy?
    ReputationConfig *pPolicyConfig = NULL;                 ?????what is the policy?




    if (reputation_config == NULL)
    {
        /*create a context*/
        reputation_config = sfPolicyConfigCreate();                
        if (reputation_config == NULL)
        {
            DynamicPreprocessorFatalMessage("Failed to allocate memory "
                    "for Reputation config.\n");
        }


        _dpd.addPreprocConfCheck(sc, ReputationCheckConfig);
        _dpd.registerPreprocStats(REPUTATION_NAME, ReputationPrintStats);
        _dpd.addPreprocExit(ReputationCleanExit, NULL, PRIORITY_LAST, PP_REPUTATION);


#ifdef PERF_PROFILING
        _dpd.addPreprocProfileFunc("reputation", (void *)&reputationPerfStats, 0, _dpd.totalPerfStats, NULL);
#endif


    }


    sfPolicyUserPolicySet (reputation_config, policy_id);         ?????what is the policy?
    pDefaultPolicyConfig = (ReputationConfig *)sfPolicyUserDataGetDefault(reputation_config);           ?????what is the policy?
    pPolicyConfig = (ReputationConfig *)sfPolicyUserDataGetCurrent(reputation_config);           ?????what is the policy?


    if ((policy_id != 0) && (pDefaultPolicyConfig == NULL))
    {
        DynamicPreprocessorFatalMessage("%s(%d) => Reputation configuration may only"
                " be enabled in default configuration\n",
                *_dpd.config_file, *_dpd.config_line);
    }


    if (pPolicyConfig != NULL)
    {
        DynamicPreprocessorFatalMessage("%s(%d) => Reputation preprocessor can only be "
                "configured once.\n",  *_dpd.config_file, *_dpd.config_line);
    }


    pPolicyConfig = (ReputationConfig *)calloc(1, sizeof(ReputationConfig));
    if (!pPolicyConfig)
    {
        DynamicPreprocessorFatalMessage("Could not allocate memory for "
                "Reputation preprocessor configuration.\n");
    }


    sfPolicyUserDataSetCurrent(reputation_config, pPolicyConfig);


    ParseReputationArgs(pPolicyConfig, (u_char *)argp);


    if ((0 == pPolicyConfig->numEntries)&&(!pPolicyConfig->sharedMem.path))           ?????what is the policy?
    {
        return;
    }


    if (policy_id != 0)
        pPolicyConfig->memcap = pDefaultPolicyConfig->memcap;           ?????what is the policy?


    if (!pPolicyConfig->sharedMem.path && pPolicyConfig->localSegment)
        IPtables = &pPolicyConfig->localSegment;


#ifdef SHARED_REP
    if (pPolicyConfig->sharedMem.path && (!_dpd.isTestMode()))         ?????what is the policy?
        _dpd.addPostConfigFunc(sc, initShareMemory, pPolicyConfig);
#endif


}



There are a lot of policy, but I can't understand what they mean.


Who can explain their meaning?


Thanks in advance.






minggang


More information about the Snort-users mailing list