static void FileUpdateConfig(FileInspectConf *pPolicyConfig, tSfPolicyUserContextId context)
{
FileInspectConf *defaultConfig =
(FileInspectConf *)sfPolicyUserDataGetDefault(context);
if (pPolicyConfig == defaultConfig)
{
if (!pPolicyConfig->file_capture_queue_size)
pPolicyConfig->file_capture_queue_size = FILE_CAPTURE_QUEUE_SIZE_DEFAULT;
if (!pPolicyConfig->capture_disk_size)
pPolicyConfig->capture_disk_size = FILE_CAPTURE_DISK_SIZE_DEFAULT;
}
else if (defaultConfig == NULL)
{
if (pPolicyConfig->file_capture_queue_size)
{
DynamicPreprocessorFatalMessage("%s(%d) => File inspect: "
"file capture queue size must be configured "
"in the default config.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
}
else
{
pPolicyConfig->file_capture_queue_size = defaultConfig->file_capture_queue_size;
}
}
static void SSLFreeConfig(tSfPolicyUserContextId config)
{
SSLPP_config_t *defaultConfig;
ssl_callback_interface_t *ssl_cb = (ssl_callback_interface_t *)_dpd.getSSLCallback();
if (config == NULL)
return;
defaultConfig = (SSLPP_config_t *)sfPolicyUserDataGetDefault(config);
if(defaultConfig && ssl_cb)
{
ssl_cb->policy_free(&(defaultConfig->current_handle), defaultConfig->reload_handle);
defaultConfig->reload_handle = NULL;
#ifdef ENABLE_HA
if(defaultConfig->ssl_ha_config)
{
SSLHAConfigFree(defaultConfig->ssl_ha_config);
defaultConfig->ssl_ha_config = NULL;
}
#endif
}
sfPolicyUserDataFreeIterate (config, SSLFreeConfigPolicy);
sfPolicyConfigDelete(config);
}
static int SSLPP_CheckConfig(struct _SnortConfig *sc)
{
#ifdef ENABLE_HA
int haNotConfigured = 0;
#endif
int rval;
SSLPP_config_t *defaultConfig =
(SSLPP_config_t *)sfPolicyUserDataGetDefault(ssl_config);
if ((rval = sfPolicyUserDataIterate (sc, ssl_config, SSLPP_CheckPolicyConfig)))
return rval;
// Load SSL once for default policy
if (defaultConfig)
{
if( SSLPP_PolicyInit(sc, ssl_config, defaultConfig, _dpd.getDefaultPolicy(), false) != 0 )
return -1;
#ifdef ENABLE_HA
if (defaultConfig->enable_ssl_ha)
{
haNotConfigured = (SSLVerifyHAConfig(sc, defaultConfig->ssl_ha_config) != 0);
if (haNotConfigured)
{
_dpd.errMsg("WARNING: SSL HA misconfigured.\n");
return -1;
}
}
#endif
}
sfPolicyUserDataIterate (sc, ssl_config, SSLPP_CheckPolicyEnabled);
return 0;
}
void IMAP_CheckConfig(IMAPConfig *pPolicyConfig, tSfPolicyUserContextId context)
{
IMAPConfig *defaultConfig =
(IMAPConfig *)sfPolicyUserDataGetDefault(context);
if (pPolicyConfig == defaultConfig)
{
if (! _dpd.fileAPI->check_decoding_conf(&(pPolicyConfig->decode_conf),
&(defaultConfig->decode_conf), "IMAP"))
return;
if (!pPolicyConfig->memcap)
pPolicyConfig->memcap = DEFAULT_IMAP_MEMCAP;
}
else if (defaultConfig == NULL)
{
_dpd.fileAPI->check_decoding_conf(&(pPolicyConfig->decode_conf),
NULL, "IMAP");
}
else
{
pPolicyConfig->memcap = defaultConfig->memcap;
if(pPolicyConfig->disabled)
{
pPolicyConfig->decode_conf = defaultConfig->decode_conf;
return;
}
_dpd.fileAPI->check_decoding_conf(&(pPolicyConfig->decode_conf),
&(defaultConfig->decode_conf), "IMAP");
}
}
static void Reputation_PostControl(uint16_t type, void *old_config, struct _THREAD_ELEMENT *te, ControlDataSendFunc f)
{
ReputationConfig *config = (ReputationConfig *) old_config;
ReputationConfig *pDefaultPolicyConfig = NULL;
pDefaultPolicyConfig = (ReputationConfig *)sfPolicyUserDataGetDefault(reputation_config);
if (!pDefaultPolicyConfig)
{
return;
}
UnmapInactiveSegments();
pDefaultPolicyConfig->memCapReached = config->memCapReached;
pDefaultPolicyConfig->segment_version = config->segment_version;
pDefaultPolicyConfig->memsize = config->memsize;
pDefaultPolicyConfig->numEntries = config->numEntries;
pDefaultPolicyConfig->iplist = config->iplist;
pDefaultPolicyConfig->statusBuf = NULL;
reputation_shmem_config = pDefaultPolicyConfig;
switch_state = SWITCHED;
free(config);
}
/* Check configs & set up mempool.
Mempool stuff is in this function because we want to parse & check *ALL*
of the configs before allocating a mempool. */
static int DNP3CheckConfig(struct _SnortConfig *sc)
{
int rval;
unsigned int max_sessions;
/* Get default configuration */
dnp3_config_t *default_config =
(dnp3_config_t *)sfPolicyUserDataGetDefault(dnp3_context_id);
if ( !default_config )
{
_dpd.errMsg(
"ERROR: preprocessor dnp3 must be configured in the default policy.\n");
return -1;
}
/* Check all individual configurations */
if ((rval = sfPolicyUserDataIterate(sc, dnp3_context_id, DNP3CheckPolicyConfig)))
return rval;
/* Set up MemPool, but only if a config exists that's not "disabled". */
if (sfPolicyUserDataIterate(sc, dnp3_context_id, DNP3IsEnabled) == 0)
return 0;
// FIXTHIS default_config is null when configured in target policy only
max_sessions = default_config->memcap / sizeof(dnp3_session_data_t);
dnp3_mempool = (MemPool *)calloc(1, sizeof(MemPool));
if (mempool_init(dnp3_mempool, max_sessions, sizeof(dnp3_session_data_t)) != 0)
{
DynamicPreprocessorFatalMessage("Unable to allocate DNP3 mempool.\n");
}
return 0;
}
/* Initializes the SIP preprocessor module and registers
* it in the preprocessor list.
*
* PARAMETERS:
*
* argp: Pointer to argument string to process for config
* data.
*
* RETURNS: Nothing.
*/
static void SIPInit(struct _SnortConfig *sc, char *argp)
{
tSfPolicyId policy_id = _dpd.getParserPolicy(sc);
SIPConfig *pDefaultPolicyConfig = NULL;
SIPConfig *pPolicyConfig = NULL;
if (sip_config == NULL)
{
//create a context
sip_config = sfPolicyConfigCreate();
if (sip_config == NULL)
{
DynamicPreprocessorFatalMessage("Failed to allocate memory "
"for SIP config.\n");
}
_dpd.addPreprocConfCheck(sc, SIPCheckConfig);
_dpd.registerPreprocStats(SIP_NAME, SIP_PrintStats);
_dpd.addPreprocExit(SIPCleanExit, NULL, PRIORITY_LAST, PP_SIP);
#ifdef PERF_PROFILING
_dpd.addPreprocProfileFunc("sip", (void *)&sipPerfStats, 0, _dpd.totalPerfStats, NULL);
#endif
#ifdef TARGET_BASED
sip_app_id = _dpd.findProtocolReference("sip");
if (sip_app_id == SFTARGET_UNKNOWN_PROTOCOL)
sip_app_id = _dpd.addProtocolReference("sip");
// register with session to handle applications
_dpd.sessionAPI->register_service_handler( PP_SIP, sip_app_id );
#endif
}
sfPolicyUserPolicySet (sip_config, policy_id);
pDefaultPolicyConfig = (SIPConfig *)sfPolicyUserDataGetDefault(sip_config);
pPolicyConfig = (SIPConfig *)sfPolicyUserDataGetCurrent(sip_config);
if ((pPolicyConfig != NULL) && (pDefaultPolicyConfig == NULL))
{
DynamicPreprocessorFatalMessage("SIP preprocessor can only be "
"configured once.\n");
}
pPolicyConfig = (SIPConfig *)calloc(1, sizeof(SIPConfig));
if (!pPolicyConfig)
{
DynamicPreprocessorFatalMessage("Could not allocate memory for "
"SIP preprocessor configuration.\n");
}
sfPolicyUserDataSetCurrent(sip_config, pPolicyConfig);
SIP_RegRuleOptions(sc);
ParseSIPArgs(pPolicyConfig, (u_char *)argp);
}
static int Reputation_PreControl(uint16_t type, const uint8_t *data, uint32_t length, void **new_config,
char *statusBuf, int statusBufLen)
{
ReputationConfig *pDefaultPolicyConfig = NULL;
ReputationConfig *nextConfig = NULL;
statusBuf[0] = 0;
if (SWITCHING == switch_state )
return -1;
pDefaultPolicyConfig = (ReputationConfig *)sfPolicyUserDataGetDefault(reputation_config);
if (!pDefaultPolicyConfig)
{
*new_config = NULL;
return -1;
}
nextConfig = (ReputationConfig *)calloc(1, sizeof(ReputationConfig));
if (!nextConfig)
{
*new_config = NULL;
return -1;
}
switch_state = SWITCHING;
nextConfig->segment_version = NO_DATASEG;
nextConfig->memcap = pDefaultPolicyConfig->memcap;
nextConfig->statusBuf = statusBuf;
nextConfig->statusBuf_len = statusBufLen;
reputation_shmem_config = nextConfig;
if ((available_segment = LoadSharedMemDataSegmentForWriter(RELOAD)) >= 0)
{
*new_config = nextConfig;
nextConfig->segment_version = available_segment;
_dpd.logMsg(" Reputation Preprocessor: Received segment %d\n",
available_segment);
if (!statusBuf[0])
snprintf(statusBuf,statusBufLen, "Reputation Preprocessor: Received segment %d successful", available_segment);
}
else
{
*new_config = NULL;
free(nextConfig);
switch_state = NO_SWITCH;
return -1;
}
return 0;
}
void SMTP_CheckConfig(SMTPConfig *pPolicyConfig, tSfPolicyUserContextId context)
{
SMTPConfig *defaultConfig =
(SMTPConfig *)sfPolicyUserDataGetDefault(context);
if (pPolicyConfig == defaultConfig)
{
if (!_dpd.fileAPI->check_decoding_conf(&(pPolicyConfig->decode_conf),
&(defaultConfig->decode_conf), "SMTP"))
return;
if (!pPolicyConfig->memcap)
pPolicyConfig->memcap = DEFAULT_SMTP_MEMCAP;
if(pPolicyConfig->disabled && !pPolicyConfig->log_config.email_hdrs_log_depth)
pPolicyConfig->log_config.email_hdrs_log_depth = DEFAULT_LOG_DEPTH;
}
else if (defaultConfig == NULL)
{
_dpd.fileAPI->check_decoding_conf(&(pPolicyConfig->decode_conf),
NULL, "SMTP");
if (pPolicyConfig->memcap)
{
DynamicPreprocessorFatalMessage("%s(%d) => SMTP: memcap must be "
"configured in the default config.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
if(pPolicyConfig->log_config.log_email_hdrs && pPolicyConfig->log_config.email_hdrs_log_depth)
{
DynamicPreprocessorFatalMessage("%s(%d) => SMTP: email_hdrs_log_depth must be "
"configured in the default config.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
}
else
{
pPolicyConfig->memcap = defaultConfig->memcap;
pPolicyConfig->log_config.email_hdrs_log_depth = defaultConfig->log_config.email_hdrs_log_depth;
if(pPolicyConfig->disabled)
{
pPolicyConfig->decode_conf = defaultConfig->decode_conf;
return;
}
_dpd.fileAPI->check_decoding_conf(&(pPolicyConfig->decode_conf),
&(defaultConfig->decode_conf), "SMTP");
}
}
static void file_agent_thread_init()
{
int rval;
const struct timespec thread_sleep = { 0, 100 };
sigset_t mask;
stop_file_capturing = false;
/* Spin off the file capture handler thread. */
sigemptyset(&mask);
sigaddset(&mask, SIGTERM);
sigaddset(&mask, SIGQUIT);
sigaddset(&mask, SIGPIPE);
sigaddset(&mask, SIGINT);
sigaddset(&mask, SIGHUP);
sigaddset(&mask, SIGUSR1);
sigaddset(&mask, SIGUSR2);
sigaddset(&mask, SIGCHLD);
sigaddset(&mask, SIGURG);
sigaddset(&mask, SIGVTALRM);
pthread_sigmask(SIG_SETMASK, &mask, NULL);
FileInspectConf *conf = sfPolicyUserDataGetDefault(file_config);
if ((rval = pthread_create(&capture_thread_tid, NULL,
&FileCaptureThread, conf)) != 0)
{
sigemptyset(&mask);
pthread_sigmask(SIG_SETMASK, &mask, NULL);
FILE_FATAL_ERROR("File capture: Unable to create a "
"processing thread: %s", strerror(rval));
}
while (!capture_thread_running)
nanosleep(&thread_sleep, NULL);
sigemptyset(&mask);
pthread_sigmask(SIG_SETMASK, &mask, NULL);
_dpd.logMsg("File capture thread started tid=%p (pid=%u)\n",
(void *) capture_thread_tid, capture_thread_pid);
}
void SMTP_CheckConfig(SMTPConfig *pPolicyConfig, tSfPolicyUserContextId context)
{
SMTPConfig *defaultConfig =
(SMTPConfig *)sfPolicyUserDataGetDefault(context);
if (pPolicyConfig == defaultConfig)
{
if (!pPolicyConfig->max_mime_mem)
pPolicyConfig->max_mime_mem = DEFAULT_MAX_MIME_MEM;
if (!pPolicyConfig->max_mime_depth)
pPolicyConfig->max_mime_depth = DEFAULT_MAX_MIME_DEPTH;
}
else if (defaultConfig == NULL)
{
if (pPolicyConfig->max_mime_mem)
{
DynamicPreprocessorFatalMessage("%s(%d) => SMTP: max_mime_mem must be "
"configured in the default policy.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
if (pPolicyConfig->max_mime_depth)
{
DynamicPreprocessorFatalMessage("%s(%d) => SMTP: max_mime_depth must be "
"configured in the default policy.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
}
else
{
pPolicyConfig->max_mime_mem = defaultConfig->max_mime_mem;
pPolicyConfig->max_mime_depth = defaultConfig->max_mime_depth;
pPolicyConfig->max_mime_decode_bytes = defaultConfig->max_mime_decode_bytes;
pPolicyConfig->max_mime_sessions = defaultConfig->max_mime_sessions;
}
}
static int SIPCheckPolicyConfig(struct _SnortConfig *sc, tSfPolicyUserContextId config, tSfPolicyId policy_id, void* pData)
{
SIPConfig *sip_policy = ( SIPConfig * ) pData;
if ( sip_policy->disabled )
return 0;
if (!_dpd.isPreprocEnabled(sc, PP_STREAM))
{
_dpd.errMsg("SIPCheckPolicyConfig(): The Stream preprocessor must be enabled.\n");
return -1;
}
if (policy_id != 0)
{
SIPConfig *default_sip_policy = ( SIPConfig * ) sfPolicyUserDataGetDefault( config );
if(default_sip_policy == NULL)
{
_dpd.errMsg("SIPCheckPolicyConfig(): SIP default policy must be configured\n");
return -1;
}
sip_policy->maxNumSessions = default_sip_policy->maxNumSessions;
}
_dpd.setParserPolicy( sc, policy_id );
_dpd.addPreproc( sc, SIPmain, PRIORITY_APPLICATION, PP_SIP, PROTO_BIT__UDP|PROTO_BIT__TCP );
// register ports with session and stream
registerPortsForDispatch( sc, sip_policy );
registerPortsForReassembly( sip_policy, SSN_DIR_FROM_SERVER | SSN_DIR_FROM_CLIENT );
_addPortsToStreamFilter(sc, sip_policy, policy_id);
#ifdef TARGET_BASED
_addServicesToStreamFilter(sc, policy_id);
#endif
return 0;
}
/*********************************************************************
* Function: DCE2_ReloadGlobal()
*
* Purpose: Creates a new global DCE/RPC preprocessor config.
*
* Arguments: snort.conf argument line for the DCE/RPC preprocessor.
*
* Returns: None
*
*********************************************************************/
static void DCE2_ReloadGlobal(char *args)
{
tSfPolicyId policy_id = _dpd.getParserPolicy();
DCE2_Config *pDefaultPolicyConfig = NULL;
DCE2_Config *pCurrentPolicyConfig = NULL;
if ((_dpd.streamAPI == NULL) || (_dpd.streamAPI->version != STREAM_API_VERSION5))
{
DCE2_Die("%s(%d) \"%s\" configuration: "
"Stream5 must be enabled with TCP and UDP tracking.",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
if (dce2_swap_config == NULL)
{
//create a context
dce2_swap_config = sfPolicyConfigCreate();
if (dce2_swap_config == NULL)
{
DCE2_Die("%s(%d) \"%s\" configuration: Could not allocate memory "
"configuration.\n",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
_dpd.addPreprocReloadVerify(DCE2_ReloadVerify);
}
sfPolicyUserPolicySet(dce2_swap_config, policy_id);
pDefaultPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetDefault(dce2_swap_config);
pCurrentPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetCurrent(dce2_swap_config);
if ((policy_id != 0) && (pDefaultPolicyConfig == NULL))
{
DCE2_Die("%s(%d) \"%s\" configuration: Must configure default policy "
"if other policies are to be configured.\n",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
/* Can only do one global configuration */
if (pCurrentPolicyConfig != NULL)
{
DCE2_Die("%s(%d) \"%s\" configuration: Only one global configuration can be specified.",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
DCE2_RegRuleOptions();
pCurrentPolicyConfig = (DCE2_Config *)DCE2_Alloc(sizeof(DCE2_Config),
DCE2_MEM_TYPE__CONFIG);
sfPolicyUserDataSetCurrent(dce2_swap_config, pCurrentPolicyConfig);
/* Parse configuration args */
DCE2_GlobalConfigure(pCurrentPolicyConfig, args);
if ( pCurrentPolicyConfig->gconfig->disabled )
return;
_dpd.addPreproc(DCE2_Main, PRIORITY_APPLICATION, PP_DCE2,
PROTO_BIT__TCP | PROTO_BIT__UDP);
#ifdef TARGET_BASED
_dpd.streamAPI->set_service_filter_status
(dce2_proto_ids.dcerpc, PORT_MONITOR_SESSION, policy_id, 1);
_dpd.streamAPI->set_service_filter_status
(dce2_proto_ids.nbss, PORT_MONITOR_SESSION, policy_id, 1);
#endif
if (policy_id != 0)
pCurrentPolicyConfig->gconfig->memcap = pDefaultPolicyConfig->gconfig->memcap;
}
/*********************************************************************
* Function: DCE2_InitGlobal()
*
* Purpose: Initializes the global DCE/RPC preprocessor config.
*
* Arguments: snort.conf argument line for the DCE/RPC preprocessor.
*
* Returns: None
*
*********************************************************************/
static void DCE2_InitGlobal(char *args)
{
tSfPolicyId policy_id = _dpd.getParserPolicy();
DCE2_Config *pDefaultPolicyConfig = NULL;
DCE2_Config *pCurrentPolicyConfig = NULL;
if ((_dpd.streamAPI == NULL) || (_dpd.streamAPI->version != STREAM_API_VERSION5))
{
DCE2_Die("%s(%d) \"%s\" configuration: "
"Stream5 must be enabled with TCP and UDP tracking.",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
if (dce2_config == NULL)
{
dce2_config = sfPolicyConfigCreate();
if (dce2_config == NULL)
{
DCE2_Die("%s(%d) \"%s\" configuration: Could not allocate memory "
"configuration.\n",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
DCE2_MemInit();
DCE2_StatsInit();
DCE2_EventsInit();
/* Initialize reassembly packet */
DCE2_InitRpkts();
DCE2_SmbInitGlobals();
_dpd.addPreprocConfCheck(DCE2_CheckConfig);
_dpd.registerPreprocStats(DCE2_GNAME, DCE2_PrintStats);
_dpd.addPreprocReset(DCE2_Reset, NULL, PRIORITY_LAST, PP_DCE2);
_dpd.addPreprocResetStats(DCE2_ResetStats, NULL, PRIORITY_LAST, PP_DCE2);
_dpd.addPreprocExit(DCE2_CleanExit, NULL, PRIORITY_LAST, PP_DCE2);
#ifdef PERF_PROFILING
_dpd.addPreprocProfileFunc(DCE2_PSTAT__MAIN, &dce2_pstat_main, 0, _dpd.totalPerfStats);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SESSION, &dce2_pstat_session, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__NEW_SESSION, &dce2_pstat_new_session, 2, &dce2_pstat_session);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SSN_STATE, &dce2_pstat_session_state, 2, &dce2_pstat_session);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__LOG, &dce2_pstat_log, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__DETECT, &dce2_pstat_detect, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_SEG, &dce2_pstat_smb_seg, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_REQ, &dce2_pstat_smb_req, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_UID, &dce2_pstat_smb_uid, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_TID, &dce2_pstat_smb_tid, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_FID, &dce2_pstat_smb_fid, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_FP, &dce2_pstat_smb_fingerprint, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_NEG, &dce2_pstat_smb_negotiate, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_SEG, &dce2_pstat_co_seg, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_FRAG, &dce2_pstat_co_frag, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_REASS, &dce2_pstat_co_reass, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_CTX, &dce2_pstat_co_ctx, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CL_ACTS, &dce2_pstat_cl_acts, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CL_FRAG, &dce2_pstat_cl_frag, 1, &dce2_pstat_main);
_dpd.addPreprocProfileFunc(DCE2_PSTAT__CL_REASS, &dce2_pstat_cl_reass, 1, &dce2_pstat_main);
#endif
#ifdef TARGET_BASED
dce2_proto_ids.dcerpc = _dpd.findProtocolReference(DCE2_PROTO_REF_STR__DCERPC);
if (dce2_proto_ids.dcerpc == SFTARGET_UNKNOWN_PROTOCOL)
dce2_proto_ids.dcerpc = _dpd.addProtocolReference(DCE2_PROTO_REF_STR__DCERPC);
/* smb and netbios-ssn refer to the same thing */
dce2_proto_ids.nbss = _dpd.findProtocolReference(DCE2_PROTO_REF_STR__NBSS);
if (dce2_proto_ids.nbss == SFTARGET_UNKNOWN_PROTOCOL)
dce2_proto_ids.nbss = _dpd.addProtocolReference(DCE2_PROTO_REF_STR__NBSS);
#endif
}
sfPolicyUserPolicySet(dce2_config, policy_id);
pDefaultPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetDefault(dce2_config);
pCurrentPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetCurrent(dce2_config);
if ((policy_id != 0) && (pDefaultPolicyConfig == NULL))
{
DCE2_Die("%s(%d) \"%s\" configuration: Must configure default policy "
"if other policies are to be configured.\n",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
/* Can only do one global configuration */
if (pCurrentPolicyConfig != NULL)
{
DCE2_Die("%s(%d) \"%s\" configuration: Only one global configuration can be specified.",
*_dpd.config_file, *_dpd.config_line, DCE2_GNAME);
}
DCE2_RegRuleOptions();
pCurrentPolicyConfig = (DCE2_Config *)DCE2_Alloc(sizeof(DCE2_Config), DCE2_MEM_TYPE__CONFIG);
sfPolicyUserDataSetCurrent(dce2_config, pCurrentPolicyConfig);
/* Parse configuration args */
DCE2_GlobalConfigure(pCurrentPolicyConfig, args);
if (policy_id != 0)
pCurrentPolicyConfig->gconfig->memcap = pDefaultPolicyConfig->gconfig->memcap;
if ( pCurrentPolicyConfig->gconfig->disabled )
return;
/* Register callbacks */
_dpd.addPreproc(DCE2_Main, PRIORITY_APPLICATION,
PP_DCE2, PROTO_BIT__TCP | PROTO_BIT__UDP);
#ifdef TARGET_BASED
_dpd.streamAPI->set_service_filter_status
(dce2_proto_ids.dcerpc, PORT_MONITOR_SESSION, policy_id, 1);
_dpd.streamAPI->set_service_filter_status
(dce2_proto_ids.nbss, PORT_MONITOR_SESSION, policy_id, 1);
#endif
}
/* Initializes the SIP preprocessor module and registers
* it in the preprocessor list.
*
* PARAMETERS:
*
* argp: Pointer to argument string to process for config
* data.
*
* RETURNS: Nothing.
*/
static void SIPInit(char *argp)
{
tSfPolicyId policy_id = _dpd.getParserPolicy();
SIPConfig *pDefaultPolicyConfig = NULL;
SIPConfig *pPolicyConfig = NULL;
if (sip_config == NULL)
{
//create a context
sip_config = sfPolicyConfigCreate();
if (sip_config == NULL)
{
DynamicPreprocessorFatalMessage("Failed to allocate memory "
"for SIP config.\n");
}
_dpd.addPreprocConfCheck(SIPCheckConfig);
_dpd.registerPreprocStats(SIP_NAME, SIP_PrintStats);
_dpd.addPreprocExit(SIPCleanExit, NULL, PRIORITY_LAST, PP_SIP);
#ifdef PERF_PROFILING
_dpd.addPreprocProfileFunc("sip", (void *)&sipPerfStats, 0, _dpd.totalPerfStats);
#endif
#ifdef TARGET_BASED
sip_app_id = _dpd.findProtocolReference("sip");
if (sip_app_id == SFTARGET_UNKNOWN_PROTOCOL)
sip_app_id = _dpd.addProtocolReference("sip");
#endif
}
sfPolicyUserPolicySet (sip_config, policy_id);
pDefaultPolicyConfig = (SIPConfig *)sfPolicyUserDataGetDefault(sip_config);
pPolicyConfig = (SIPConfig *)sfPolicyUserDataGetCurrent(sip_config);
if ((pPolicyConfig != NULL) && (pDefaultPolicyConfig == NULL))
{
DynamicPreprocessorFatalMessage("SIP preprocessor can only be "
"configured once.\n");
}
pPolicyConfig = (SIPConfig *)calloc(1, sizeof(SIPConfig));
if (!pPolicyConfig)
{
DynamicPreprocessorFatalMessage("Could not allocate memory for "
"SIP preprocessor configuration.\n");
}
sfPolicyUserDataSetCurrent(sip_config, pPolicyConfig);
SIP_RegRuleOptions();
ParseSIPArgs(pPolicyConfig, (u_char *)argp);
if (policy_id != 0)
pPolicyConfig->maxNumSessions = pDefaultPolicyConfig->maxNumSessions;
if ( pPolicyConfig->disabled )
return;
if (_dpd.streamAPI == NULL)
{
DynamicPreprocessorFatalMessage("SetupSIP(): The Stream preprocessor must be enabled.\n");
}
_dpd.addPreproc( SIPmain, PRIORITY_APPLICATION, PP_SIP, PROTO_BIT__UDP|PROTO_BIT__TCP );
_addPortsToStream5Filter(pPolicyConfig, policy_id);
#ifdef TARGET_BASED
_addServicesToStream5Filter(policy_id);
#endif
}
void IMAP_CheckConfig(IMAPConfig *pPolicyConfig, tSfPolicyUserContextId context)
{
int max = -1;
IMAPConfig *defaultConfig =
(IMAPConfig *)sfPolicyUserDataGetDefault(context);
if (pPolicyConfig == defaultConfig)
{
if (!pPolicyConfig->max_mime_mem)
pPolicyConfig->max_mime_mem = DEFAULT_MAX_MIME_MEM;
if(!pPolicyConfig->b64_depth || !pPolicyConfig->qp_depth
|| !pPolicyConfig->uu_depth || !pPolicyConfig->bitenc_depth)
{
pPolicyConfig->max_depth = MAX_DEPTH;
return;
}
else
{
if(max < pPolicyConfig->b64_depth)
max = pPolicyConfig->b64_depth;
if(max < pPolicyConfig->qp_depth)
max = pPolicyConfig->qp_depth;
if(max < pPolicyConfig->bitenc_depth)
max = pPolicyConfig->bitenc_depth;
if(max < pPolicyConfig->uu_depth)
max = pPolicyConfig->uu_depth;
pPolicyConfig->max_depth = max;
}
if (!pPolicyConfig->memcap)
pPolicyConfig->memcap = DEFAULT_IMAP_MEMCAP;
}
else if (defaultConfig == NULL)
{
if (pPolicyConfig->max_mime_mem)
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: max_mime_mem must be "
"configured in the default config.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
if (pPolicyConfig->b64_depth > -1)
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: b64_decode_depth must be "
"configured in the default config.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
if (pPolicyConfig->qp_depth > -1)
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: qp_decode_depth must be "
"configured in the default config.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
if (pPolicyConfig->uu_depth > -1)
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: uu_decode_depth must be "
"configured in the default config.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
if (pPolicyConfig->bitenc_depth > -1)
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: bitenc_decode_depth must be "
"configured in the default config.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
}
else
{
pPolicyConfig->max_mime_mem = defaultConfig->max_mime_mem;
pPolicyConfig->memcap = defaultConfig->memcap;
pPolicyConfig->max_depth = defaultConfig->max_depth;
if(pPolicyConfig->disabled)
{
pPolicyConfig->b64_depth = defaultConfig->b64_depth;
pPolicyConfig->qp_depth = defaultConfig->qp_depth;
pPolicyConfig->uu_depth = defaultConfig->uu_depth;
pPolicyConfig->bitenc_depth = defaultConfig->bitenc_depth;
return;
}
if(!pPolicyConfig->b64_depth && defaultConfig->b64_depth)
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: Cannot enable unlimited Base64 decoding"
" in non-default config without turning on unlimited Base64 decoding in the default "
" config.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
else if(defaultConfig->b64_depth && (pPolicyConfig->b64_depth > defaultConfig->b64_depth))
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: b64_decode_depth value %d in non-default config"
" cannot exceed default config's value %d.\n",
*(_dpd.config_file), *(_dpd.config_line), pPolicyConfig->b64_depth, defaultConfig->b64_depth);
}
if(!pPolicyConfig->qp_depth && defaultConfig->qp_depth)
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: Cannot enable unlimited Quoted-Printable decoding"
" in non-default config without turning on unlimited Quoted-Printable decoding in the default "
" config.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
else if(defaultConfig->qp_depth && (pPolicyConfig->qp_depth > defaultConfig->qp_depth))
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: qp_decode_depth value %d in non-default config"
" cannot exceed default config's value %d.\n",
*(_dpd.config_file), *(_dpd.config_line), pPolicyConfig->qp_depth, defaultConfig->qp_depth);
}
if(!pPolicyConfig->uu_depth && defaultConfig->uu_depth )
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: Cannot enable unlimited Unix-to-Unix decoding"
" in non-default config without turning on unlimited Unix-to-Unix decoding in the default "
" config.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
else if(defaultConfig->uu_depth && (pPolicyConfig->uu_depth > defaultConfig->uu_depth))
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: uu_decode_depth value %d in the non-default config"
" cannot exceed default config's value %d.\n",
*(_dpd.config_file), *(_dpd.config_line),pPolicyConfig->uu_depth, defaultConfig->uu_depth);
}
if(!pPolicyConfig->bitenc_depth && defaultConfig->bitenc_depth)
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: Cannot enable unlimited Non-Encoded MIME attachment extraction"
" in non-default config without turning on unlimited Non-Encoded MIME attachment extraction in the default "
" config.\n",
*(_dpd.config_file), *(_dpd.config_line));
}
else if(defaultConfig->bitenc_depth && (pPolicyConfig->bitenc_depth > defaultConfig->bitenc_depth))
{
DynamicPreprocessorFatalMessage("%s(%d) => IMAP: bitenc_decode_depth value %d in non-default config"
" cannot exceed default config's value %d.\n",
*(_dpd.config_file), *(_dpd.config_line), pPolicyConfig->bitenc_depth, defaultConfig->bitenc_depth);
}
}
}
/* Initializes the GTP preprocessor module and registers
* it in the preprocessor list.
*
* PARAMETERS:
*
* argp: Pointer to argument string to process for config data.
*
* RETURNS: Nothing.
*/
static void GTPInit(char *argp)
{
tSfPolicyId policy_id = _dpd.getParserPolicy();
GTPConfig *pDefaultPolicyConfig = NULL;
GTPConfig *pPolicyConfig = NULL;
if (gtp_config == NULL)
{
/*create a context*/
gtp_config = sfPolicyConfigCreate();
if (gtp_config == NULL)
{
DynamicPreprocessorFatalMessage("Failed to allocate memory "
"for GTP config.\n");
}
_dpd.addPreprocConfCheck(GTPCheckConfig);
_dpd.registerPreprocStats(GTP_NAME, GTP_PrintStats);
_dpd.addPreprocExit(GTPCleanExit, NULL, PRIORITY_LAST, PP_GTP);
#ifdef PERF_PROFILING
_dpd.addPreprocProfileFunc("gtp", (void *)>pPerfStats, 0, _dpd.totalPerfStats);
#endif
#ifdef TARGET_BASED
gtp_app_id = _dpd.findProtocolReference("gtp");
if (gtp_app_id == SFTARGET_UNKNOWN_PROTOCOL)
gtp_app_id = _dpd.addProtocolReference("gtp");
#endif
}
sfPolicyUserPolicySet (gtp_config, policy_id);
pDefaultPolicyConfig = (GTPConfig *)sfPolicyUserDataGetDefault(gtp_config);
pPolicyConfig = (GTPConfig *)sfPolicyUserDataGetCurrent(gtp_config);
if ((pPolicyConfig != NULL) && (pDefaultPolicyConfig == NULL))
{
DynamicPreprocessorFatalMessage("GTP preprocessor can only be "
"configured once.\n");
}
pPolicyConfig = (GTPConfig *)calloc(1, sizeof(GTPConfig));
if (!pPolicyConfig)
{
DynamicPreprocessorFatalMessage("Could not allocate memory for "
"GTP preprocessor configuration.\n");
}
sfPolicyUserDataSetCurrent(gtp_config, pPolicyConfig);
GTP_RegRuleOptions();
ParseGTPArgs(pPolicyConfig, (u_char *)argp);
if (_dpd.streamAPI == NULL)
{
DynamicPreprocessorFatalMessage("SetupGTP(): The Stream preprocessor must be enabled.\n");
}
_dpd.addPreproc( GTPmain, PRIORITY_APPLICATION, PP_GTP, PROTO_BIT__UDP );
_addPortsToStream5Filter(pPolicyConfig, policy_id);
#ifdef TARGET_BASED
_addServicesToStream5Filter(policy_id);
#endif
}
