ReferenceSystemNode * ReferenceSystemAdd(ReferenceSystemNode **head, char *name, char *url) { ReferenceSystemNode *node; if (name == NULL) { ErrorMessage("NULL reference system name\n"); return NULL; } if (head == NULL) return NULL; /* create the new node */ node = (ReferenceSystemNode *)SnortAlloc(sizeof(ReferenceSystemNode)); node->name = SnortStrdup(name); if (url != NULL) node->url = SnortStrdup(url); /* Add to the front of the list */ node->next = *head; *head = node; return node; }
static int ConvertFlowbitOption(Rule *rule, int index, OptTreeNode *otn) { FlowBitsInfo *flowBit = rule->options[index]->option_u.flowBit; FLOWBITS_OP *fop = (FLOWBITS_OP *) SnortAlloc(sizeof(FLOWBITS_OP)); OptFpList *fpl; void *idx_dup; /* Convert struct for rule option */ fop->name = SnortStrdup(flowBit->flowBitsName); fop->type = flowBit->operation; fop->id = flowBit->id; /* Add detection option to hash table */ otn->ds_list[PLUGIN_FLOWBIT] = (void *)1; if (add_detection_option(RULE_OPTION_TYPE_FLOWBIT, (void *)fop, &idx_dup) == DETECTION_OPTION_EQUAL) { free(fop->name); free(fop); fop = idx_dup; } /* Add detection function to otn */ fpl = AddOptFuncToList(FlowBitsCheck, otn); fpl->type = RULE_OPTION_TYPE_FLOWBIT; fpl->context = (void *) fop; return 1; }
/*------------------------------------------------------------------- * TextLog_Init: constructor *------------------------------------------------------------------- */ TextLog* TextLog_Init ( const char* name, unsigned int maxBuf, size_t maxFile ) { TextLog* this; if ( maxBuf < MIN_BUF ) maxBuf = MIN_BUF; if ( maxFile < MIN_FILE ) maxFile = MIN_FILE; if ( maxFile < maxBuf ) maxFile = maxBuf; this = (TextLog*)malloc(sizeof(TextLog)+maxBuf); if ( !this ) { FatalError("Unable to allocate a TextLog(%u)!\n", maxBuf); } this->name = name ? SnortStrdup(name) : NULL; this->file = TextLog_Open(this->name); this->size = TextLog_Size(this->file); this->last = time(NULL); this->maxFile = maxFile; this->maxBuf = maxBuf; TextLog_Reset(this); return this; }
ReferenceNode * AddReference(Barnyard2Config *bc, ReferenceNode **head, char *system, char *id) { ReferenceNode *node; if ((system == NULL) || (id == NULL) || (bc == NULL) || (head == NULL)) { return NULL; } /* create the new node */ node = (ReferenceNode *)SnortAlloc(sizeof(ReferenceNode)); /* lookup the reference system */ node->system = ReferenceSystemLookup(bc->references, system); if (node->system == NULL) node->system = ReferenceSystemAdd(&bc->references, system, NULL); node->id = SnortStrdup(id); /* Add the node to the front of the list */ node->next = *head; *head = node; return node; }
void RegisterSideChannelModule(const char *keyword, SCMFunctionBundle *funcs) { SCModule *module, *tmp, *last = NULL; if (!ScSideChannelEnabled()) return; if (!keyword) FatalError("No keyword given while registering a side channel module!\n"); if (!funcs) FatalError("No function bundle given while registering side channel '%s'!\n", keyword); for (tmp = modules; tmp; tmp = tmp->next) { if (strcasecmp(tmp->keyword, keyword) == 0) FatalError("Duplicate side channel keyword: %s\n", keyword); last = tmp; } module = SnortAlloc(sizeof(SCModule)); module->next = NULL; module->keyword = SnortStrdup(keyword); module->funcs = *funcs; module->enabled = 0; LogMessage("Register SCM '%s' with configFunc=%p, initFunc=%p, postInitFunc=%p, idleFunc=%p, statsFunc=%p, shutdownFunc=%p\n", keyword, module->funcs.configFunc, module->funcs.initFunc, module->funcs.postInitFunc, module->funcs.idleFunc, module->funcs.statsFunc, module->funcs.shutdownFunc); if (last) last->next = module; else modules = module; }
int main( int argc, char ** argv ) { int i,n=10; KMAP * km; char * p; char str[80]; printf("usage: kmap nkeys (default=10)\n\n"); km = KMapNew( free ); /* use 'free' to free 'userdata' */ KMapSetNoCase(km,1); //need to add xlat.... if( argc > 1 ) { n = atoi(argv[1]); } for(i=1;i<=n;i++) { SnortSnprintf(str, sizeof(str), "KeyWord%d",i); KMapAdd( km, str, 0 /* strlen(str) */, strupr(SnortStrdup(str)) ); printf("Adding Key=%s\n",str); } printf("xmem: %u bytes, %d chars\n",xmalloc_bytes(),km->nchars); printf("\nKey Find test...\n"); for(i=1;i<=n;i++) { SnortSnprintf(str, sizeof(str), "KeyWord%d",i); p = (char*) KMapFind( km, str, 0 /*strlen(str) */ ); if(p)printf("key=%s, data=%*s\n",str,strlen(str),p); else printf("'%s' NOT found.\n",str); } KMapSetNoCase(km,0); // this should fail all key searches printf("\nKey Find test2...\n"); for(i=1;i<=n;i++) { SnortSnprintf(str, sizeof(str), "KeyWord%d",i); p = (char*) KMapFind( km, str, 0 /*strlen(str) */ ); if(p)printf("key=%s, data=%*s\n",str,strlen(str),p); else printf("'%s' NOT found.\n",str); } printf("\nKey FindFirst/Next test...\n"); for(p = (char*) KMapFindFirst(km); p; p=(char*)KMapFindNext(km) ) printf("data=%s\n",p); printf("\nKey FindFirst/Next test done.\n"); KMapDelete( km ); printf("xmem: %u bytes\n",xmalloc_bytes()); printf("normal pgm finish.\n"); return 0; }
int DAQ_New (const SnortConfig* sc, const char* intf) { DAQ_Config_t cfg; if ( !daq_mod ) FatalError("DAQ_Init not called!\n"); if ( intf ) interface_spec = SnortStrdup(intf); intf = DAQ_GetInterfaceSpec(); memset(&cfg, 0, sizeof(cfg)); cfg.name = (char*)intf; cfg.snaplen = snap; cfg.timeout = PKT_TIMEOUT; cfg.mode = daq_mode; cfg.extra = NULL; cfg.flags = 0; DAQ_LoadVars(&cfg, sc); if ( !ScReadMode() ) { if ( !(sc->run_flags & RUN_FLAG__NO_PROMISCUOUS) ) cfg.flags |= DAQ_CFG_PROMISC; } DAQ_Config(&cfg); if ( !DAQ_ValidateInstance() ) FatalError("DAQ configuration incompatible with intended operation.\n"); if ( DAQ_UnprivilegedStart() ) daq_dlt = daq_get_datalink_type(daq_mod, daq_hand); if ( intf && *intf ) { LogMessage("Acquiring network traffic from \"%s\".\n", strcmp(intf, "-") == 0 ? "stdin" : intf); } DAQ_SetFilter(sc->bpf_filter); daq_config_clear_values(&cfg); return 0; }
int StringVector_Add (void* pv, const char* s) { StringVector* sv = (StringVector*)pv; char** v; if ( !sv || !s ) return 0; v = realloc(sv->v, (sv->n+2) * sizeof(char*)); if ( !v ) return 0; sv->v = v; sv->v[sv->n++] = SnortStrdup(s); sv->v[sv->n] = NULL; return 1; }
static int ConvertPcreOption(Rule *rule, int index, OptTreeNode *otn) { PcreData *pcre_data = (PcreData *) SnortAlloc(sizeof(PcreData)); PCREInfo *pcre_info = rule->options[index]->option_u.pcre; OptFpList *fpl; void *pcre_dup; const char *error; int erroroffset; /* Need to recompile the expression so double free doesn't occur * during reload */ /* Compile & Study PCRE */ pcre_data->re = pcreCompile( pcre_info->expr, pcre_info->compile_flags, &error, &erroroffset, NULL ); if (pcre_data->re == NULL) { free(pcre_data); return -1; } pcre_data->pe = pcreStudy( pcre_data->re, pcre_info->compile_flags, &error ); if (error) { free(pcre_data->re); free(pcre_data); return -1; } /* Copy to struct used for normal PCRE rules */ pcre_data->expression = SnortStrdup(pcre_info->expr); /* Option values differ between PCREInfo and PcreData, * so a straight copy of the options variable won't work. */ if (pcre_info->flags & CONTENT_RELATIVE) pcre_data->options |= SNORT_PCRE_RELATIVE; if (pcre_info->flags & NOT_FLAG) pcre_data->options |= SNORT_PCRE_INVERT; if (pcre_info->flags & CONTENT_BUF_RAW) pcre_data->options |= SNORT_PCRE_RAWBYTES; if (pcre_info->flags & CONTENT_BUF_NORMALIZED) pcre_data->options &= ~SNORT_PCRE_RAWBYTES; if (pcre_info->flags & CONTENT_BUF_POST) pcre_data->options |= SNORT_PCRE_HTTP_BODY; if (pcre_info->flags & CONTENT_BUF_HEADER) pcre_data->options |= SNORT_PCRE_HTTP_HEADER; if (pcre_info->flags & CONTENT_BUF_METHOD) pcre_data->options |= SNORT_PCRE_HTTP_METHOD; if (pcre_info->flags & CONTENT_BUF_COOKIE) pcre_data->options |= SNORT_PCRE_HTTP_COOKIE; if (pcre_info->flags & CONTENT_BUF_URI) pcre_data->options |= SNORT_PCRE_HTTP_URI; if (pcre_info->flags & CONTENT_BUF_STAT_CODE) pcre_data->options |= SNORT_PCRE_HTTP_STAT_CODE; if (pcre_info->flags & CONTENT_BUF_STAT_MSG) pcre_data->options |= SNORT_PCRE_HTTP_STAT_MSG; if (pcre_info->flags & CONTENT_BUF_RAW_URI) pcre_data->options |= SNORT_PCRE_HTTP_RAW_URI; if (pcre_info->flags & CONTENT_BUF_RAW_HEADER) pcre_data->options |= SNORT_PCRE_HTTP_RAW_HEADER; if (pcre_info->flags & CONTENT_BUF_RAW_COOKIE) pcre_data->options |= SNORT_PCRE_HTTP_RAW_COOKIE; if (pcre_info->flags & CONTENT_BUF_STAT_CODE) pcre_data->options |= SNORT_PCRE_HTTP_STAT_CODE; if (pcre_info->flags & CONTENT_BUF_STAT_MSG) pcre_data->options |= SNORT_PCRE_HTTP_STAT_MSG; PcreCheckAnchored(pcre_data); /* Attach option to tree, checking for duplicate */ otn->pcre_flag = 1; fpl = AddOptFuncToList(SnortPcre, otn); fpl->type = RULE_OPTION_TYPE_PCRE; if (add_detection_option(RULE_OPTION_TYPE_PCRE, (void *)pcre_data, &pcre_dup) == DETECTION_OPTION_EQUAL) { if (pcre_data->expression) free(pcre_data->expression); if (pcre_data->pe) free(pcre_data->pe); if (pcre_data->re) free(pcre_data->re); free(pcre_data); pcre_data = pcre_dup; } fpl->context = (void *)pcre_data; if (pcre_data->options & SNORT_PCRE_RELATIVE) fpl->isRelative = 1; if (otn->ds_list[PLUGIN_PCRE] == NULL) otn->ds_list[PLUGIN_PCRE] = (void *)pcre_data; return 1; }
int DeleteLWSession(Stream5SessionCache *sessionCache, Stream5LWSession *ssn, char *delete_reason) { /* Need to save the current configurations being used since this function * may cause a packet reassembly on this deleted session when flushing * (via sessionCache->cleanup_fcn) and a preprocessor may call an API * function changing the configurations to this one to be deleted */ Stream5GlobalConfig *save_global_eval_config = s5_global_eval_config; Stream5TcpConfig *save_tcp_eval_config = s5_tcp_eval_config; Stream5UdpConfig *save_udp_eval_config = s5_udp_eval_config; Stream5IcmpConfig *save_icmp_eval_config = s5_icmp_eval_config; int ret; uint32_t prune_log_max; /* Save the current mem in use before pruning */ uint32_t old_mem_in_use = mem_in_use; /* And save some info on that session */ #ifdef SUP_IP6 sfip_t client_ip; sfip_t server_ip; #else struct in_addr client_ip; struct in_addr server_ip; #endif uint16_t client_port = ntohs(ssn->client_port); uint16_t server_port = ntohs(ssn->server_port); uint16_t lw_session_state = ssn->session_state; uint32_t lw_session_flags = ssn->session_flags; #ifdef TARGET_BASED int16_t app_proto_id = ssn->application_protocol; #endif #ifdef SUP_IP6 sfip_set_ip(&client_ip, &ssn->client_ip); sfip_set_ip(&server_ip, &ssn->server_ip); #else client_ip.s_addr = ssn->client_ip; server_ip.s_addr = ssn->server_ip; #endif /* * Call callback to cleanup the protocol (TCP/UDP/ICMP) * specific session details */ if (sessionCache->cleanup_fcn) sessionCache->cleanup_fcn(ssn); FreeLWApplicationData(ssn); /* Need to save this off since the global config might be from an * older session - because of a reload - and that config might * get freed after removing the session */ prune_log_max = s5_global_eval_config->prune_log_max; ret = RemoveLWSession(sessionCache, ssn); /* If we're pruning and we clobbered some large amount, log a * message about that session. */ if (prune_log_max && ((old_mem_in_use - mem_in_use ) > prune_log_max)) { char *client_ip_str, *server_ip_str; #ifdef SUP_IP6 client_ip_str = SnortStrdup(inet_ntoa(&client_ip)); server_ip_str = SnortStrdup(inet_ntoa(&server_ip)); #else client_ip_str = SnortStrdup(inet_ntoa(client_ip)); server_ip_str = SnortStrdup(inet_ntoa(server_ip)); #endif LogMessage("S5: Pruned session from cache that was " "using %d bytes (%s). %s %d --> %s %d " #ifdef TARGET_BASED "(%d) " #endif ": LWstate 0x%x LWFlags 0x%x\n", old_mem_in_use - mem_in_use, delete_reason, client_ip_str, client_port, server_ip_str, server_port, #ifdef TARGET_BASED app_proto_id, #endif lw_session_state, lw_session_flags); free(client_ip_str); free(server_ip_str); } s5_global_eval_config = save_global_eval_config; s5_tcp_eval_config = save_tcp_eval_config; s5_udp_eval_config = save_udp_eval_config; s5_icmp_eval_config = save_icmp_eval_config; return ret; }