Snort - the de facto standard for intrusion detection/prevention
the de facto standard for IPS  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Snort Downloads Snort Rules Snort Docs Snort Training Snort Forums Snort Community Snort Store
Search Site
Search Rules
Account
email
password
not registered?
can't login?
user preferences
next up previous contents
Next: Examples Up: Required Functions Previous: Detection Engine   Contents

Rules

Each dynamic rules library must define the following functions. Examples are defined in the file sfnort_dynamic_detection_lib.c. The metadata and setup function for the preprocessor should be defined sfsnort_dynamic_detection_lib.h.

  • int LibVersion(DynamicPluginMeta *)

    This function returns the metadata for the shared library.

  • int EngineVersion(DynamicPluginMeta *)

    This function defines the version requirements for the corresponding detection engine library.

  • int DumpSkeletonRules()

    This functions writes out the rule-stubs for rules that are loaded.

  • int InitializeDetection()

    This function registers each rule in the rules library. It should set up fast pattern-matcher content, register flowbits, etc.

The sample code provided with Snort predefines those functions and uses the following data within the dynamic rules library.

  • Rule *rules[]

    A NULL terminated list of Rule structures that this library defines.


Steven Sturges 2006-12-08
Terms of Use | Privacy Policy | forum archives | site feedback ©2009 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.