/**
* Initialize the configuration of the flow preprocessor
*
* @param args command line arguments from snort.conf
*/
static void FlowPSInit(u_char *args)
{
static int init_once = 0;
int ret;
PS_TRACKER *pstp = &s_tracker;
PS_CONFIG tconfig;
if(flowps_init_pkt())
{
FatalError("Error initializing flowps packet!\n");
}
if(!SppFlowIsRunning())
{
FatalError("%s(%d) flow-portscan requires spp_flow to be enabled!\n",
file_name, file_line);
}
if(init_once)
{
FatalError("%s(%d) Unable to reinitialize flow-portscan!\n",
file_name, file_line);
}
else
{
init_once = 1;
}
FlowPSSetDefaults(&tconfig);
FlowPSParseArgs(&tconfig, (char *)args);
if((ret = flowps_init(pstp, &tconfig)) != FLOW_SUCCESS)
{
FatalError("Unable to initialize the flow cache!"
"-- try more memory (current memcap is %d)\n",
tconfig.sb_memcap_total);
}
FlowPSOutputConfig(pstp);
AddFuncToPreprocCleanExitList(FlowPSCleanExit, NULL, PRIORITY_LAST, PP_FLOW);
AddFuncToPreprocRestartList(FlowPSRestart, NULL, PRIORITY_LAST, PP_FLOW);
}
/**
* Initialize the configuration of the flow preprocessor
*
* @param args command line arguments from snort.conf
*/
static void FlowInit(u_char *args)
{
static int init_once = 0;
int ret;
static SPPFLOW_CONFIG *config = &s_config;
if(init_once)
FatalError("%s(%d) Unable to reinitialize flow!\n", file_name, file_line);
else
init_once = 1;
/* setup the defaults */
config->stats_interval = DEFAULT_STAT_INTERVAL;
config->memcap = DEFAULT_MEMCAP;
config->rows = DEFAULT_ROWS;
config->hashid = HASH2; /* use the quickest hash by default */
FlowParseArgs(config, args);
if((ret = flowcache_init(&s_fcache, config->rows, config->memcap,
giFlowbitSize, config->hashid)) != FLOW_SUCCESS)
{
FatalError("Unable to initialize the flow cache!"
"-- try more memory (current memcap is %d)\n", config->memcap);
}
DisplayFlowConfig();
s_flow_running = 1;
AddFuncToPreprocList(FlowPreprocessor, PRIORITY_NETWORK, PP_FLOW);
AddFuncToPreprocCleanExitList(FlowCleanExit, NULL, PRIORITY_LAST, PP_FLOW);
AddFuncToPreprocRestartList(FlowRestart, NULL, PRIORITY_LAST, PP_FLOW);
#ifdef PERF_PROFILING
RegisterPreprocessorProfile("flow", &flowPerfStats, 0, &totalPerfStats);
#endif
}
/**
** This function initializes HttpInspect with a user configuration.
**
** The function is called when HttpInspect is configured in
** snort.conf. It gets passed a string of arguments, which gets
** parsed into configuration constructs that HttpInspect understands.
**
** This function gets called for every HttpInspect configure line. We
** use this characteristic to split up the configuration, so each line
** is a configuration construct. We need to keep track of what part
** of the configuration has been configured, so we don't configure one
** part, then configure it again.
**
** Any upfront memory is allocated here (if necessary).
**
** @param args a string to the preprocessor arguments.
**
** @return void
*/
static void HttpInspectInit(char *args)
{
char ErrorString[ERRSTRLEN];
int iErrStrLen = ERRSTRLEN;
int iRet;
static int siFirstConfig = 1;
int iGlobal = 0;
if(siFirstConfig)
{
memset(&hi_stats, 0, sizeof(HIStats));
iRet = hi_ui_config_init_global_conf(&GlobalConf);
if (iRet)
{
snprintf(ErrorString, iErrStrLen,
"Error initializing Global Configuration.");
FatalError("%s(%d) => %s\n", file_name, file_line, ErrorString);
return;
}
iRet = hi_ui_config_default(&GlobalConf);
if (iRet)
{
snprintf(ErrorString, iErrStrLen,
"Error configuring default global configuration.");
FatalError("%s(%d) => %s\n", file_name, file_line, ErrorString);
return;
}
iRet = hi_client_init(&GlobalConf);
if (iRet)
{
snprintf(ErrorString, iErrStrLen,
"Error initializing client module.");
FatalError("%s(%d) => %s\n", file_name, file_line, ErrorString);
return;
}
iRet = hi_norm_init(&GlobalConf);
if (iRet)
{
snprintf(ErrorString, iErrStrLen,
"Error initializing normalization module.");
FatalError("%s(%d) => %s\n", file_name, file_line, ErrorString);
return;
}
/*
** We set the global configuration variable
*/
iGlobal = 1;
}
iRet = HttpInspectSnortConf(&GlobalConf, args, iGlobal, ErrorString, iErrStrLen);
if (iRet)
{
if(iRet > 0)
{
/*
** Non-fatal Error
*/
if(ErrorString)
{
ErrorMessage("%s(%d) => %s\n",
file_name, file_line, ErrorString);
}
}
else
{
/*
** Fatal Error, log error and exit.
*/
if(ErrorString)
{
FatalError("%s(%d) => %s\n",
file_name, file_line, ErrorString);
}
else
{
/*
** Check if ErrorString is undefined.
*/
if(iRet == -2)
{
FatalError("%s(%d) => ErrorString is undefined.\n",
file_name, file_line);
}
else
{
FatalError("%s(%d) => Undefined Error.\n",
file_name, file_line);
}
}
}
}
/*
** Only add the functions one time to the preproc list.
*/
if(siFirstConfig)
{
/*
** Add HttpInspect into the preprocessor list
*/
AddFuncToPreprocList(HttpInspect, PRIORITY_APPLICATION, PP_HTTPINSPECT);
RegisterPreprocStats("http_inspect", HttpInspectDropStats);
/*
** Remember to add any cleanup functions into the appropriate
** lists.
*/
AddFuncToPreprocCleanExitList(HttpInspectCleanExit, NULL, PRIORITY_APPLICATION, PP_HTTPINSPECT);
AddFuncToPreprocRestartList(HttpInspectCleanExit, NULL, PRIORITY_APPLICATION, PP_HTTPINSPECT);
siFirstConfig = 0;
#ifdef PERF_PROFILING
RegisterPreprocessorProfile("httpinspect", &hiPerfStats, 0, &totalPerfStats);
#endif
}
return;
}
