[Snort-users] what is snort policy?

阔野嘹歌 85358830 at ...15456...
Mon May 15 23:11:33 EDT 2017

Hello everyone.
I tried to read the snort source code,I'm reading the snort/src/dynamic_preprocessor/reputation/spp_reputation.c 
I can't understand the meaning of policy in the source code.
In the init function ReputationInit(The 447 line):

static void ReputationInit(struct _SnortConfig *sc, char *argp)
    tSfPolicyId policy_id = _dpd.getParserPolicy(sc);     ?????What is  tSfPolicyId?Why should we use it?
    ReputationConfig *pDefaultPolicyConfig = NULL;     ?????what is the policy?
    ReputationConfig *pPolicyConfig = NULL;                 ?????what is the policy?

    if (reputation_config == NULL)
        /*create a context*/
        reputation_config = sfPolicyConfigCreate();                
        if (reputation_config == NULL)
            DynamicPreprocessorFatalMessage("Failed to allocate memory "
                    "for Reputation config.\n");

        _dpd.addPreprocConfCheck(sc, ReputationCheckConfig);
        _dpd.registerPreprocStats(REPUTATION_NAME, ReputationPrintStats);
        _dpd.addPreprocExit(ReputationCleanExit, NULL, PRIORITY_LAST, PP_REPUTATION);

        _dpd.addPreprocProfileFunc("reputation", (void *)&reputationPerfStats, 0, _dpd.totalPerfStats, NULL);


    sfPolicyUserPolicySet (reputation_config, policy_id);         ?????what is the policy?
    pDefaultPolicyConfig = (ReputationConfig *)sfPolicyUserDataGetDefault(reputation_config);           ?????what is the policy?
    pPolicyConfig = (ReputationConfig *)sfPolicyUserDataGetCurrent(reputation_config);           ?????what is the policy?

    if ((policy_id != 0) && (pDefaultPolicyConfig == NULL))
        DynamicPreprocessorFatalMessage("%s(%d) => Reputation configuration may only"
                " be enabled in default configuration\n",
                *_dpd.config_file, *_dpd.config_line);

    if (pPolicyConfig != NULL)
        DynamicPreprocessorFatalMessage("%s(%d) => Reputation preprocessor can only be "
                "configured once.\n",  *_dpd.config_file, *_dpd.config_line);

    pPolicyConfig = (ReputationConfig *)calloc(1, sizeof(ReputationConfig));
    if (!pPolicyConfig)
        DynamicPreprocessorFatalMessage("Could not allocate memory for "
                "Reputation preprocessor configuration.\n");

    sfPolicyUserDataSetCurrent(reputation_config, pPolicyConfig);

    ParseReputationArgs(pPolicyConfig, (u_char *)argp);

    if ((0 == pPolicyConfig->numEntries)&&(!pPolicyConfig->sharedMem.path))           ?????what is the policy?

    if (policy_id != 0)
        pPolicyConfig->memcap = pDefaultPolicyConfig->memcap;           ?????what is the policy?

    if (!pPolicyConfig->sharedMem.path && pPolicyConfig->localSegment)
        IPtables = &pPolicyConfig->localSegment;

    if (pPolicyConfig->sharedMem.path && (!_dpd.isTestMode()))         ?????what is the policy?
        _dpd.addPostConfigFunc(sc, initShareMemory, pPolicyConfig);


There are a lot of policy, but I can't understand what they mean.

Who can explain their meaning?

Thanks in advance.


More information about the Snort-users mailing list