/*
* Function: TemplateInit(u_char *)
*
* Purpose: Calls the argument parsing function, performs final setup on data
* structs, links the preproc function into the function list.
*
* Arguments: args => ptr to argument string
*
* Returns: void function
*
*/
void TemplateInit(u_char *args)
{
DebugMessage(DEBUG_PLUGIN,"Preprocessor: Template Initialized\n");
/* parse the argument list from the rules file */
ParseTemplateArgs(args);
/* Set the preprocessor function into the function list */
AddFuncToPreprocList(PreprocFunction);
AddFuncToCleanExitList(PreprocCleanExitFunction);
AddFuncToRestartList(PreprocRestartFunction);
}
/*
* Function: HttpDecodeInit(u_char *)
*
* Purpose: Processes the args sent to the preprocessor, sets up the
* port list, links the processing function into the preproc
* function list
*
* Arguments: args => ptr to argument string
*
* Returns: void function
*
*/
void HttpDecodeInit(u_char *args)
{
#ifdef DEBUG
printf("Preprocessor: HttpDecode Initialized\n");
#endif
/* parse the argument list into a list of ports to normalize */
SetPorts(args);
/* Set the preprocessor function into the function list */
AddFuncToPreprocList(PreprocUrlDecode);
}
/*
* Function: TemplateInit(u_char *)
*
* Purpose: Calls the argument parsing function, performs final setup on data
* structs, links the preproc function into the function list.
*
* Arguments: args => ptr to argument string
*
* Returns: void function
*
*/
static void TemplateInit(u_char *args)
{
DebugMessage(DEBUG_PLUGIN,"Preprocessor: Template Initialized\n");
/*
* parse the argument list from the rules file
*/
ParseTemplateArgs(args);
/*
* perform any other initialization functions that are required here
*/
/*
* Set the preprocessor function into the function list
*/
AddFuncToPreprocList(PreprocFunction);
AddFuncToCleanExitList(PreprocCleanExitFunction, NULL);
AddFuncToRestartList(PreprocRestartFunction, NULL);
}
/**
* Initialize the configuration of the flow preprocessor
*
* @param args command line arguments from snort.conf
*/
static void FlowInit(u_char *args)
{
static int init_once = 0;
int ret;
static SPPFLOW_CONFIG *config = &s_config;
if(init_once)
FatalError("%s(%d) Unable to reinitialize flow!\n", file_name, file_line);
else
init_once = 1;
/* setup the defaults */
config->stats_interval = DEFAULT_STAT_INTERVAL;
config->memcap = DEFAULT_MEMCAP;
config->rows = DEFAULT_ROWS;
config->hashid = HASH2; /* use the quickest hash by default */
FlowParseArgs(config, args);
if((ret = flowcache_init(&s_fcache, config->rows, config->memcap,
giFlowbitSize, config->hashid)) != FLOW_SUCCESS)
{
FatalError("Unable to initialize the flow cache!"
"-- try more memory (current memcap is %d)\n", config->memcap);
}
DisplayFlowConfig();
s_flow_running = 1;
AddFuncToPreprocList(FlowPreprocessor, PRIORITY_NETWORK, PP_FLOW);
AddFuncToPreprocCleanExitList(FlowCleanExit, NULL, PRIORITY_LAST, PP_FLOW);
AddFuncToPreprocRestartList(FlowRestart, NULL, PRIORITY_LAST, PP_FLOW);
#ifdef PERF_PROFILING
RegisterPreprocessorProfile("flow", &flowPerfStats, 0, &totalPerfStats);
#endif
}
/**
** This function initializes HttpInspect with a user configuration.
**
** The function is called when HttpInspect is configured in
** snort.conf. It gets passed a string of arguments, which gets
** parsed into configuration constructs that HttpInspect understands.
**
** This function gets called for every HttpInspect configure line. We
** use this characteristic to split up the configuration, so each line
** is a configuration construct. We need to keep track of what part
** of the configuration has been configured, so we don't configure one
** part, then configure it again.
**
** Any upfront memory is allocated here (if necessary).
**
** @param args a string to the preprocessor arguments.
**
** @return void
*/
static void HttpInspectInit(char *args)
{
char ErrorString[ERRSTRLEN];
int iErrStrLen = ERRSTRLEN;
int iRet;
static int siFirstConfig = 1;
int iGlobal = 0;
if(siFirstConfig)
{
memset(&hi_stats, 0, sizeof(HIStats));
iRet = hi_ui_config_init_global_conf(&GlobalConf);
if (iRet)
{
snprintf(ErrorString, iErrStrLen,
"Error initializing Global Configuration.");
FatalError("%s(%d) => %s\n", file_name, file_line, ErrorString);
return;
}
iRet = hi_ui_config_default(&GlobalConf);
if (iRet)
{
snprintf(ErrorString, iErrStrLen,
"Error configuring default global configuration.");
FatalError("%s(%d) => %s\n", file_name, file_line, ErrorString);
return;
}
iRet = hi_client_init(&GlobalConf);
if (iRet)
{
snprintf(ErrorString, iErrStrLen,
"Error initializing client module.");
FatalError("%s(%d) => %s\n", file_name, file_line, ErrorString);
return;
}
iRet = hi_norm_init(&GlobalConf);
if (iRet)
{
snprintf(ErrorString, iErrStrLen,
"Error initializing normalization module.");
FatalError("%s(%d) => %s\n", file_name, file_line, ErrorString);
return;
}
/*
** We set the global configuration variable
*/
iGlobal = 1;
}
iRet = HttpInspectSnortConf(&GlobalConf, args, iGlobal, ErrorString, iErrStrLen);
if (iRet)
{
if(iRet > 0)
{
/*
** Non-fatal Error
*/
if(ErrorString)
{
ErrorMessage("%s(%d) => %s\n",
file_name, file_line, ErrorString);
}
}
else
{
/*
** Fatal Error, log error and exit.
*/
if(ErrorString)
{
FatalError("%s(%d) => %s\n",
file_name, file_line, ErrorString);
}
else
{
/*
** Check if ErrorString is undefined.
*/
if(iRet == -2)
{
FatalError("%s(%d) => ErrorString is undefined.\n",
file_name, file_line);
}
else
{
FatalError("%s(%d) => Undefined Error.\n",
file_name, file_line);
}
}
}
}
/*
** Only add the functions one time to the preproc list.
*/
if(siFirstConfig)
{
/*
** Add HttpInspect into the preprocessor list
*/
AddFuncToPreprocList(HttpInspect, PRIORITY_APPLICATION, PP_HTTPINSPECT);
RegisterPreprocStats("http_inspect", HttpInspectDropStats);
/*
** Remember to add any cleanup functions into the appropriate
** lists.
*/
AddFuncToPreprocCleanExitList(HttpInspectCleanExit, NULL, PRIORITY_APPLICATION, PP_HTTPINSPECT);
AddFuncToPreprocRestartList(HttpInspectCleanExit, NULL, PRIORITY_APPLICATION, PP_HTTPINSPECT);
siFirstConfig = 0;
#ifdef PERF_PROFILING
RegisterPreprocessorProfile("httpinspect", &hiPerfStats, 0, &totalPerfStats);
#endif
}
return;
}