• Snort 入侵检测系统规则解析部分分析

    Snort规则实际采用三维链表结构形式,数据结构RuleListNode如下:
    typedef struct_RuleListNode
    {
    ListHead *RuList; /* The rule list associated with this node*/
    int mode; /* The rule mode */
    int rval; /* 0—no detection , 1 –detection event */
    int evalIndex ; /* eval index for this rule set */
    char *name; /* Name of this rule list */
    struct_RuleListNode Next; /* Rhe next RuleListNode */
    } RuleListNode; [Read More…]