static void SIPReload(char *args) { tSfPolicyId policy_id = _dpd.getParserPolicy(); SIPConfig * pPolicyConfig = NULL; if (sip_swap_config == NULL) { //create a context sip_swap_config = sfPolicyConfigCreate(); if (sip_swap_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for SIP config.\n"); } } sfPolicyUserPolicySet (sip_swap_config, policy_id); pPolicyConfig = (SIPConfig *)sfPolicyUserDataGetCurrent(sip_swap_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("SIP preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SIPConfig *)calloc(1, sizeof(SIPConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "SIP preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(sip_swap_config, pPolicyConfig); SIP_RegRuleOptions(); ParseSIPArgs(pPolicyConfig, (u_char *)args); if( pPolicyConfig->disabled ) return; if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupSIP(): The Stream preprocessor must be enabled.\n"); } _dpd.addPreproc( SIPmain, PRIORITY_APPLICATION, PP_SIP, PROTO_BIT__UDP|PROTO_BIT__TCP ); _dpd.addPreprocReloadVerify(SIPReloadVerify); _addPortsToStream5Filter(pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(policy_id); #endif }
static void SSHReload(struct _SnortConfig *sc, char *args, void **new_config) { tSfPolicyUserContextId ssh_swap_config = (tSfPolicyUserContextId)*new_config; tSfPolicyId policy_id = _dpd.getParserPolicy(sc); SSHConfig * pPolicyConfig = NULL; if (ssh_swap_config == NULL) { //create a context ssh_swap_config = sfPolicyConfigCreate(); if (ssh_swap_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for SSH config.\n"); } if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupSSH(): The Stream preprocessor must be enabled.\n"); } *new_config = (void *)ssh_swap_config; } sfPolicyUserPolicySet (ssh_swap_config, policy_id); pPolicyConfig = (SSHConfig *)sfPolicyUserDataGetCurrent(ssh_swap_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("SSH preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SSHConfig *)calloc(1, sizeof(SSHConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "SSH preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(ssh_swap_config, pPolicyConfig); ParseSSHArgs(pPolicyConfig, (u_char *)args); _dpd.addPreproc( sc, ProcessSSH, PRIORITY_APPLICATION, PP_SSH, PROTO_BIT__TCP ); _addPortsToStream5Filter(sc, pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(sc, policy_id); #endif }
static void DNP3RegisterPerPolicyCallbacks(struct _SnortConfig *sc, dnp3_config_t *dnp3_policy) { tSfPolicyId policy_id = _dpd.getParserPolicy(sc); /* Callbacks should be avoided if the preproc is disabled. */ if (dnp3_policy->disabled) return; _dpd.addPreproc(sc, ProcessDNP3, PRIORITY_APPLICATION, PP_DNP3, PROTO_BIT__TCP|PROTO_BIT__UDP); _addPortsToStream5Filter(sc, dnp3_policy, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(sc, policy_id); DNP3AddServiceToPaf(sc, dnp3_app_id, policy_id); #endif DNP3AddPortsToPaf(sc, dnp3_policy, policy_id); _dpd.preprocOptRegister(sc, DNP3_FUNC_NAME, DNP3FuncInit, DNP3FuncEval, free, NULL, NULL, NULL, NULL); _dpd.preprocOptRegister(sc, DNP3_OBJ_NAME, DNP3ObjInit, DNP3ObjEval, free, NULL, NULL, NULL, NULL); _dpd.preprocOptRegister(sc, DNP3_IND_NAME, DNP3IndInit, DNP3IndEval, free, NULL, NULL, NULL, NULL); _dpd.preprocOptRegister(sc, DNP3_DATA_NAME, DNP3DataInit, DNP3DataEval, free, NULL, NULL, NULL, NULL); }
/* Responsible for allocating a Modbus policy. Never returns NULL. */ static inline modbus_config_t * ModbusPerPolicyInit(tSfPolicyUserContextId context_id) { tSfPolicyId policy_id = _dpd.getParserPolicy(); modbus_config_t *modbus_policy = NULL; /* Check for existing policy & bail if found */ sfPolicyUserPolicySet(context_id, policy_id); modbus_policy = (modbus_config_t *)sfPolicyUserDataGetCurrent(context_id); if (modbus_policy != NULL) { _dpd.fatalMsg("%s(%d) Modbus preprocessor can only be " "configured once.\n", *_dpd.config_file, *_dpd.config_line); } /* Allocate new policy */ modbus_policy = (modbus_config_t *)calloc(1, sizeof(modbus_config_t)); if (!modbus_policy) { _dpd.fatalMsg("%s(%d) Could not allocate memory for " "modbus preprocessor configuration.\n" , *_dpd.config_file, *_dpd.config_line); } sfPolicyUserDataSetCurrent(context_id, modbus_policy); /* Register callbacks that are done for each policy */ _dpd.addPreproc(ProcessModbus, PRIORITY_APPLICATION, PP_MODBUS, PROTO_BIT__TCP); _addPortsToStream5Filter(modbus_policy, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(policy_id); #endif /* Add preprocessor rule options here */ /* _dpd.preprocOptRegister("foo_bar", FOO_init, FOO_rule_eval, free, NULL, NULL, NULL, NULL); */ _dpd.preprocOptRegister("modbus_func", ModbusFuncInit, ModbusRuleEval, free, NULL, NULL, NULL, NULL); _dpd.preprocOptRegister("modbus_unit", ModbusUnitInit, ModbusRuleEval, free, NULL, NULL, NULL, NULL); _dpd.preprocOptRegister("modbus_data", ModbusDataInit, ModbusRuleEval, free, NULL, NULL, NULL, NULL); return modbus_policy; }
/* Initializes the SIP preprocessor module and registers * it in the preprocessor list. * * PARAMETERS: * * argp: Pointer to argument string to process for config * data. * * RETURNS: Nothing. */ static void SIPInit(char *argp) { tSfPolicyId policy_id = _dpd.getParserPolicy(); SIPConfig *pDefaultPolicyConfig = NULL; SIPConfig *pPolicyConfig = NULL; if (sip_config == NULL) { //create a context sip_config = sfPolicyConfigCreate(); if (sip_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for SIP config.\n"); } _dpd.addPreprocConfCheck(SIPCheckConfig); _dpd.registerPreprocStats(SIP_NAME, SIP_PrintStats); _dpd.addPreprocExit(SIPCleanExit, NULL, PRIORITY_LAST, PP_SIP); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("sip", (void *)&sipPerfStats, 0, _dpd.totalPerfStats); #endif #ifdef TARGET_BASED sip_app_id = _dpd.findProtocolReference("sip"); if (sip_app_id == SFTARGET_UNKNOWN_PROTOCOL) sip_app_id = _dpd.addProtocolReference("sip"); #endif } sfPolicyUserPolicySet (sip_config, policy_id); pDefaultPolicyConfig = (SIPConfig *)sfPolicyUserDataGetDefault(sip_config); pPolicyConfig = (SIPConfig *)sfPolicyUserDataGetCurrent(sip_config); if ((pPolicyConfig != NULL) && (pDefaultPolicyConfig == NULL)) { DynamicPreprocessorFatalMessage("SIP preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SIPConfig *)calloc(1, sizeof(SIPConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "SIP preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(sip_config, pPolicyConfig); SIP_RegRuleOptions(); ParseSIPArgs(pPolicyConfig, (u_char *)argp); if (policy_id != 0) pPolicyConfig->maxNumSessions = pDefaultPolicyConfig->maxNumSessions; if ( pPolicyConfig->disabled ) return; if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupSIP(): The Stream preprocessor must be enabled.\n"); } _dpd.addPreproc( SIPmain, PRIORITY_APPLICATION, PP_SIP, PROTO_BIT__UDP|PROTO_BIT__TCP ); _addPortsToStream5Filter(pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(policy_id); #endif }
/* Initializes the SSH preprocessor module and registers * it in the preprocessor list. * * PARAMETERS: * * argp: Pointer to argument string to process for config * data. * * RETURNS: Nothing. */ static void SSHInit(char *argp) { tSfPolicyId policy_id = _dpd.getParserPolicy(); SSHConfig *pPolicyConfig = NULL; if (ssh_config == NULL) { //create a context ssh_config = sfPolicyConfigCreate(); if (ssh_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for SSH config.\n"); } if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupSSH(): The Stream preprocessor must be enabled.\n"); } _dpd.addPreprocConfCheck(SSHCheckConfig); _dpd.addPreprocExit(SSHCleanExit, NULL, PRIORITY_LAST, PP_SSH); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("ssh", (void *)&sshPerfStats, 0, _dpd.totalPerfStats); #endif #ifdef TARGET_BASED ssh_app_id = _dpd.findProtocolReference("ssh"); if (ssh_app_id == SFTARGET_UNKNOWN_PROTOCOL) ssh_app_id = _dpd.addProtocolReference("ssh"); #endif } sfPolicyUserPolicySet (ssh_config, policy_id); pPolicyConfig = (SSHConfig *)sfPolicyUserDataGetCurrent(ssh_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("SSH preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SSHConfig *)calloc(1, sizeof(SSHConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "SSH preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(ssh_config, pPolicyConfig); ParseSSHArgs(pPolicyConfig, (u_char *)argp); _dpd.addPreproc( ProcessSSH, PRIORITY_APPLICATION, PP_SSH, PROTO_BIT__TCP ); _addPortsToStream5Filter(pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(policy_id); #endif }
void SSLReload(struct _SnortConfig *sc, char *args, void **new_config) { tSfPolicyUserContextId ssl_swap_config = (tSfPolicyUserContextId)*new_config; tSfPolicyId policy_id = _dpd.getParserPolicy(sc); SSLPP_config_t * pPolicyConfig = NULL; if (ssl_swap_config == NULL) { //create a context ssl_swap_config = sfPolicyConfigCreate(); if (ssl_swap_config == NULL) { DynamicPreprocessorFatalMessage("Could not allocate memory for the " "SSL preprocessor configuration.\n"); } if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage( "SSLPP_init(): The Stream preprocessor must be enabled.\n"); } *new_config = (void *)ssl_swap_config; } sfPolicyUserPolicySet (ssl_swap_config, policy_id); pPolicyConfig = (SSLPP_config_t *)sfPolicyUserDataGetCurrent(ssl_swap_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("SSL preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SSLPP_config_t *)calloc(1, sizeof(SSLPP_config_t)); if (pPolicyConfig == NULL) { DynamicPreprocessorFatalMessage("Could not allocate memory for the " "SSL preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(ssl_swap_config, pPolicyConfig); SSLPP_init_config(pPolicyConfig); SSLPP_config(pPolicyConfig, args); SSLPP_print_config(pPolicyConfig); _dpd.preprocOptRegister(sc, "ssl_state", SSLPP_state_init, SSLPP_rule_eval, free, NULL, NULL, NULL, NULL); _dpd.preprocOptRegister(sc, "ssl_version", SSLPP_ver_init, SSLPP_rule_eval, free, NULL, NULL, NULL, NULL); _dpd.addPreproc(sc, SSLPP_process, PRIORITY_APPLICATION, PP_SSL, PROTO_BIT__TCP); registerPortsForDispatch( sc, pPolicyConfig ); registerPortsForReassembly( pPolicyConfig, SSN_DIR_FROM_SERVER | SSN_DIR_FROM_CLIENT ); _addPortsToStream5Filter(sc, pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(sc, policy_id); #endif }
void SSLPP_init(struct _SnortConfig *sc, char *args) { tSfPolicyId policy_id = _dpd.getParserPolicy(sc); SSLPP_config_t *pPolicyConfig = NULL; if (ssl_config == NULL) { //create a context ssl_config = sfPolicyConfigCreate(); if (ssl_config == NULL) { DynamicPreprocessorFatalMessage("Could not allocate memory for the " "SSL preprocessor configuration.\n"); } if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage( "SSLPP_init(): The Stream preprocessor must be enabled.\n"); } SSL_InitGlobals(); _dpd.registerPreprocStats("ssl", SSLPP_drop_stats); _dpd.addPreprocConfCheck(sc, SSLPP_CheckConfig); _dpd.addPreprocExit(SSLCleanExit, NULL, PRIORITY_LAST, PP_SSL); _dpd.addPreprocResetStats(SSLResetStats, NULL, PRIORITY_LAST, PP_SSL); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("ssl", (void *)&sslpp_perf_stats, 0, _dpd.totalPerfStats); #endif #ifdef ENABLE_HA _dpd.addFuncToPostConfigList(sc, SSLHAPostConfigInit, NULL); #endif #ifdef TARGET_BASED ssl_app_id = _dpd.findProtocolReference("ssl"); if (ssl_app_id == SFTARGET_UNKNOWN_PROTOCOL) { ssl_app_id = _dpd.addProtocolReference("ssl"); } _dpd.sessionAPI->register_service_handler( PP_SSL, ssl_app_id ); #endif } sfPolicyUserPolicySet (ssl_config, policy_id); pPolicyConfig = (SSLPP_config_t *)sfPolicyUserDataGetCurrent(ssl_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("SSL preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SSLPP_config_t *)calloc(1, sizeof(SSLPP_config_t)); if (pPolicyConfig == NULL) { DynamicPreprocessorFatalMessage("Could not allocate memory for the " "SSL preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(ssl_config, pPolicyConfig); SSLPP_init_config(pPolicyConfig); SSLPP_config(pPolicyConfig, args); SSLPP_print_config(pPolicyConfig); _dpd.preprocOptRegister(sc, "ssl_state", SSLPP_state_init, SSLPP_rule_eval, free, NULL, NULL, NULL, NULL); _dpd.preprocOptRegister(sc, "ssl_version", SSLPP_ver_init, SSLPP_rule_eval, free, NULL, NULL, NULL, NULL); _dpd.addPreproc( sc, SSLPP_process, PRIORITY_APPLICATION, PP_SSL, PROTO_BIT__TCP ); registerPortsForDispatch( sc, pPolicyConfig ); registerPortsForReassembly( pPolicyConfig, SSN_DIR_FROM_SERVER | SSN_DIR_FROM_CLIENT ); _addPortsToStream5Filter(sc, pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(sc, policy_id); #endif }
/* Initializes the GTP preprocessor module and registers * it in the preprocessor list. * * PARAMETERS: * * argp: Pointer to argument string to process for config data. * * RETURNS: Nothing. */ static void GTPInit(char *argp) { tSfPolicyId policy_id = _dpd.getParserPolicy(); GTPConfig *pDefaultPolicyConfig = NULL; GTPConfig *pPolicyConfig = NULL; if (gtp_config == NULL) { /*create a context*/ gtp_config = sfPolicyConfigCreate(); if (gtp_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for GTP config.\n"); } _dpd.addPreprocConfCheck(GTPCheckConfig); _dpd.registerPreprocStats(GTP_NAME, GTP_PrintStats); _dpd.addPreprocExit(GTPCleanExit, NULL, PRIORITY_LAST, PP_GTP); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("gtp", (void *)>pPerfStats, 0, _dpd.totalPerfStats); #endif #ifdef TARGET_BASED gtp_app_id = _dpd.findProtocolReference("gtp"); if (gtp_app_id == SFTARGET_UNKNOWN_PROTOCOL) gtp_app_id = _dpd.addProtocolReference("gtp"); #endif } sfPolicyUserPolicySet (gtp_config, policy_id); pDefaultPolicyConfig = (GTPConfig *)sfPolicyUserDataGetDefault(gtp_config); pPolicyConfig = (GTPConfig *)sfPolicyUserDataGetCurrent(gtp_config); if ((pPolicyConfig != NULL) && (pDefaultPolicyConfig == NULL)) { DynamicPreprocessorFatalMessage("GTP preprocessor can only be " "configured once.\n"); } pPolicyConfig = (GTPConfig *)calloc(1, sizeof(GTPConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "GTP preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(gtp_config, pPolicyConfig); GTP_RegRuleOptions(); ParseGTPArgs(pPolicyConfig, (u_char *)argp); if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupGTP(): The Stream preprocessor must be enabled.\n"); } _dpd.addPreproc( GTPmain, PRIORITY_APPLICATION, PP_GTP, PROTO_BIT__UDP ); _addPortsToStream5Filter(pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(policy_id); #endif }