snortParseCmdLine func.docx
《snortParseCmdLine func.docx》由会员分享,可在线阅读,更多相关《snortParseCmdLine func.docx(24页珍藏版)》请在冰点文库上搜索。
![snortParseCmdLine func.docx](https://file1.bingdoc.com/fileroot1/2023-5/4/1dc54ee2-c21e-4776-9f34-a632259ae3df/1dc54ee2-c21e-4776-9f34-a632259ae3df1.gif)
snortParseCmdLinefunc
snort代码分析_ParseCmdLine
editbyluo2012
Snort的命令分析是由ParseCmdLine()(snort.c)函数完成的,而命令行的分解是由getopt_long()函数完成的,下面就分析getopt_long这个函数:
先解释一下,命令行中有短选项(option),长选项(long_option),非选项(nonoption),参数
像 -c -d -v 的是短选项,./log 是参数,--help是长选项,一般用 '-','--'来区分长短选项。
ParseCmdLine():
while ((ch = getopt_long(argc, argv, valid_options, long_options, &option_index)) !
= -1)
switch (ch)
由getopt_long返回正确的选项,当argv命令行结束时返回EOF。
解释一下各个参数:
argc, argv ,c的基本参数,valid_options指向短选项字符串
*valid_options = "?
A:
bB:
c:
CdeEfF:
G:
h:
i:
Ik:
K:
l:
L:
Mn:
NoOpP:
qr:
R:
sS:
TUvVw:
WXyzZ:
";
":
"的作用是指明短选项后要跟参数。
long_options指向option结构数组,以0作为结束。
1.struct option
2.
3.{
4.
5.#if __STDC__
6.
7. const char *name;
8.
9.#else
10.
11. char *name;
12.
13.#endif
14.
15. int has_arg;//指示长选项后跟参数
16.
17. int *flag;
18.
19. int val;
20.
21.};
22.
23.static struct option long_options[] = {
24.
25. {"logid", LONGOPT_ARG_REQUIRED, NULL, 'G'},
26.
27........
28.
29. {0,0,0,0}//结束
30.
31.}
Option_index保存long_options[]的索引。
getoption_long.c文件中有两个函数:
getopt_long()和getopt_long_only()都调用_getopt_internal(),区别在于对long_only的设值上。
当long_only非零时,可以把‘-’视作‘--’,但此版本中long_only=0是区分‘-’‘--’。
注意一下optind,*optarg,*nextchar,opterr全局变量
分析一下_getopt_internal():
1./* Scan elements of ARGV (whose length is ARGC) for option characters
2. given in OPTSTRING.
3. 扫描argv字符选项
4.
5. If an element of ARGV starts with '-', and is not exactly "-" or "--",
6. then it is an option element. The characters of this element
7. (aside from the initial '-') are option characters. If `getopt'
8. is called repeatedly, it returns successively each of the option characters
9. from each of the option elements.
10. 如果字符开头是'-',说明是一个选项,反复调用‘getopt’函数---如果是正确的选项就能返回option中的某个字符
11.
12. If `getopt' finds another option character, it returns that character,
13. updating `optind' and `nextchar' so that the next call to `getopt' can
14. resume the scan with the following option character or ARGV-element.
15. 更新‘optind’,‘nextchar’以便继续扫描
16.
17. If there are no more option characters, `getopt' returns `EOF'.
18. Then `optind' is the index in ARGV of the first ARGV-element
19. that is not an option. (The ARGV-elements have been permuted
20. so that those that are not options now come last.)
21. 扫描argv到尾部‘getopt’返回EOF,‘optind’则指向argv的第一个元素
22.
23. OPTSTRING is a string containing the legitimate option characters.
24. If an option character is seen that is not listed in OPTSTRING,
25. return '?
' after printing an error message. If you set `opterr' to
26. zero, the error message is suppressed but we still return '?
'.
27. ‘OPTSTRING’包含了正确的选项,遇到不正确的选项返回‘?
’
28.
29. If a char in OPTSTRING is followed by a colon, that means it wants an arg,
30. so the following text in the same ARGV-element, or the text of the following
31. ARGV-element, is returned in `optarg'. Two colons mean an option that
32. wants an optional arg; if there is text in the current ARGV-element,
33. it is returned in `optarg', otherwise `optarg' is set to zero.
34. OPTSTRING的字符中后跟‘:
’,说明需要变量,保存在optarg
35.
36. If OPTSTRING starts with `-' or `+', it requests different methods of
37. handling the non-option ARGV-elements.
38. See the comments about RETURN_IN_ORDER and REQUIRE_ORDER, above.
39.
40. Long-named options begin with `--' instead of `-'.
41. Their names may be abbreviated as long as the abbreviation is unique
42. or is an exact match for some defined option. If they have an
43. argument, it follows the option name in the same ARGV-element, separated
44. from the option name by a `=', or else the in next ARGV-element.
45. When `getopt' finds a long-named option, it returns 0 if that option's
46. `flag' field is nonzero, the value of the option's `val' field
47. if the `flag' field is zero.
48. 长选项以‘--’开始,选项与值用’=‘或空格分开
49.
50. The elements of ARGV aren't really const, because we permute them.
51. But we pretend they're const in the prototype to be compatible
52. with other systems.
53.
54.
55. LONGOPTS is a vector of `struct option' terminated by an
56. element containing a name which is zero.
57.
58. LONGIND returns the index in LONGOPT of the long-named option found.
59. It is only valid when a long-named option has been found by the most
60. recent call.
61. longing保存在长选项索引
62.
63. If LONG_ONLY is nonzero, '-' as well as '--' can introduce
64. long-named options. */
65. //当long_only为非零时,‘-’和’--‘一样可以当作长选项
66.
67.int
68._getopt_internal (argc, argv, optstring, longopts, longind, long_only)
69. int argc;
70. char *const *argv;
71. const char *optstring;
72. const struct option *longopts;
73. int *longind;
74. int long_only;
75.{
76. optarg = NULL;
77.
78. if (optind == 0)
79. //第一次扫描,设置选项扫描方式
80. optstring = _getopt_initialize (optstring);
81.
82. if (nextchar == NULL || *nextchar == '/0')
83. {
84. /* Advance to the next ARGV-element. */
85. /*这段代码看不懂可以跳过,后面有注释
86. */
87. if (ordering == PERMUTE)
88. {
89. /* If we have just processed some options following some non-options,
90. exchange them so that the options come first. */
91. //非第一次扫描,遇到非选项,则交换
92. if (first_nonopt !
= last_nonopt && last_nonopt !
= optind)
93. exchange ((char **) argv);
94. else if (last_nonopt !
= optind)
95. first_nonopt = optind;
96.
97. /* Skip any additional non-options
98. and extend the range of non-options previously skipped. */
99. //跳过非选项
100. while (optind < argc
101. && (argv[optind][0] !
= '-' || argv[optind][1] == '/0'))
102. optind++;
103. last_nonopt = optind;
104. }
105.
106. /* The special ARGV-element `--' means premature end of options.
107. Skip it like a null option,
108. then exchange with previous non-options as if it were an option,
109. then skip everything else like a non-option. */
110. if (optind !
= argc && !
strcmp (argv[optind], "--"))
111. {
112. optind++;
113.
114. if (first_nonopt !
= last_nonopt && last_nonopt !
= optind)
115. exchange ((char **) argv);
116. else if (first_nonopt == last_nonopt)
117. first_nonopt = optind;
118. last_nonopt = argc;
119.
120. optind = argc;
121. }
122.
123. /* If we have done all the ARGV-elements, stop the scan
124. and back over any non-options that we skipped and permuted. */
125. //处理完所有选项
126. if (optind == argc)
127. {
128. /* Set the next-arg-index to point at the non-options
129. that we previously skipped, so the caller will digest them. */
130. if (first_nonopt !
= last_nonopt)
131. optind = first_nonopt;
132. return EOF;
133. }
134.
135. /* If we have come to a non-option and did not permute it,
136. either stop the scan or describe it to the caller and pass it by. */
137. if ((argv[optind][0] !
= '-' || argv[optind][1] == '/0'))
138. {
139. if (ordering == REQUIRE_ORDER)
140. return EOF;
141. optarg = argv[optind++];
142. return 1;
143. }
144. //以上这段代码涉及到非选项,因为没用过这样的命令所以很难理解
145. /* We have found another option-ARGV-element.
146. Skip the initial punctuation. */
147. //nextchar处理类似-dev这种选项
148. nextchar = (argv[optind] + 1 +
149. (longopts !
= NULL && argv[optind][1] == '-'));//处理’--‘
150. }
151.
152. /* Decode the current option-ARGV-element. */
153. //识别选项
154. /* Check whether the ARGV-element is a long option.
155.
156. If long_only and the ARGV-element has the form "-f", where f is
157. a valid short option, don't consider it an abbreviated form of
158. a long option that starts with f. Otherwise there would be no
159. way to give the -f short option.
160.
161. On the other hand, if there's a long option "fubar" and
162. the ARGV-element is "-fu", do consider that an abbreviation of
163. the long option, just like "--fu", and not "-f" with arg "u".
164.
165. This distinction seems to be the most useful approach. */
166. //判定是长选项的条件:
167. //longopts !
= NULL 如果longopts=null,说明没长选项
168. //argv[optind][1] == '-' 以‘--’开头一定是长选项
169. /*long_only &&(argv[optind][2] || !
my_index (optstring, argv[optind][1]) long_only非零‘-’可视为‘--’
170. 并且 !
my_index (optstring, argv[optind][1]) 不是短字符 或 argv[optind][2]不是单字符*/
171. if (longopts !
= NULL
172. && (argv[optind][1] == '-'
173. || (long_only && (argv[optind][2] || !
my_index (optstring, argv[optind][1])
174. ))))
175. {
176. char *nameend;
177. const struct option *p;
178. const struct option *pfound = NULL;
179. int exact = 0;
180. int ambig = 0;
181