snort -------DEBUG_WRAP

在看snort源码的时候，经常看到调用DEBUG_WRAP函数输出的debug信息。研究了一下怎么打开这个debug开关，以下是具体的步骤

1. 在configure 选项中添加--enable-debug-msgs 和--enable-debug ,这个打开了宏DEBUG_MSGS

2.定义环境变量SNORT_DEBUG和SNORT_PP_DEBUG， debug_level = $SNORT_DEBUG  |  ($SNORT_PP_DEBUG << 32)

    为了使环境变量对某个用户生效，可以在~/.bashrc里面添加 ，如 export SNORT_DEBUG=0x00000200

#define DEBUG_CONFIGRULES     0x0000000000000200LL

DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,"[*] Processing keyword: %s\n", index););

void DebugMessageFunc(uint64_t level, const char *fmt, ...){    va_list ap;    <span style="color:#ff6666;">if (!(level & GetDebugLevel()))</span>        return;    va_start(ap, fmt);    if ((snort_conf != NULL) && (ScDaemonMode() || ScLogSyslog()))    {        char buf[STD_BUF];        int buf_len = sizeof(buf);        char *buf_ptr = buf;        buf[buf_len - 1] = '\0';        /* filename and line number information */        if (DebugMessageFile != NULL)        {            snprintf(buf, buf_len - 1, "%s:%d: ",                    DebugMessageFile, DebugMessageLine);            buf_ptr += strlen(buf);            buf_len -= strlen(buf);        }        vsnprintf(buf_ptr, buf_len - 1, fmt, ap);        syslog(LOG_DAEMON | LOG_DEBUG, "%s", buf);    }    else    {        if (DebugMessageFile != NULL)            printf("%s:%d: ", DebugMessageFile, DebugMessageLine);        vprintf(fmt, ap);    }    va_end(ap);}

uint64_t <span style="color:#ff6666;">GetDebugLevel</span>(void){    static int debug_init = 0;    static uint64_t debug_level = 0;    const char* key;    if ( debug_init )        return debug_level;    key = getenv(DEBUG_PP_VAR);    if ( key )        debug_level = strtoul(key, NULL, 0);    debug_level <<= 32;    key = getenv(DEBUG_VARIABLE);    if ( key )        debug_level |= strtoul(key, NULL, 0);    debug_init = 1;    return debug_level;}