snort pv
pv = {
checksums_mode = 15,
assurance_mode = 0,
max_pattern = 0,
test_mode_flag = 0,
alert_interface_flag = 0,
verbose_bytedump_flag = 0,
obfuscation_flag = 0,
log_cmd_override = 0,
alert_cmd_override = 0,
char_data_flag = 0,
data_flag = 0,
verbose_flag = 1,
showarp_flag = 0,
showipv6_flag = 0,
showipx_flag = 0,
readmode_flag = 0,
logbin_flag = 0,
log_flag = 0,
nolog_flag = 0,
show2hdr_flag = 0,
syslog_flag = 0,
promisc_flag = 1,
rules_order_flag = 0,
smbmsg_flag = 0,
track_flag = 0,
daemon_flag = 0,
quiet_flag = 0,
fake_packet_flag = 0,
pkt_cnt = -1,
pkt_snaplen = 0,
homenet = 0,
netmask = 0,
use_rules = 0,
alert_mode = 1,
log_plugin_active = 0,
alert_plugin_active = 0,
log_bitmap = 0,
pid_filename = '\000' <repeats 1023 times>,
config_file = '\000' <repeats 1023 times>,
config_dir = '\000' <repeats 1023 times>,
log_dir = '\000' <repeats 1023 times>,
readfile = '\000' <repeats 1023 times>,
smbmsg_dir = '\000' <repeats 1023 times>,
pid_path = '\000' <repeats 1023 times>,
interfaces = {0x818e380 <device.3921> "eth0", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
mtus = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
pcap_cmd = 0x0,
alert_filename = 0x0,
binLogFile = 0x0,
use_utc = 0,
include_year = 0,
ghetto_msg_flag = 0,
ct = 0x0
}
PV pv; /* program vars (command line args) */
很方便的取到 程序的变量, 也没有命名冲突.
好理解好这些成员变量可要点时间。