static void FileUpdateConfig(FileInspectConf *pPolicyConfig, tSfPolicyUserContextId context) { FileInspectConf *defaultConfig = (FileInspectConf *)sfPolicyUserDataGetDefault(context); if (pPolicyConfig == defaultConfig) { if (!pPolicyConfig->file_capture_queue_size) pPolicyConfig->file_capture_queue_size = FILE_CAPTURE_QUEUE_SIZE_DEFAULT; if (!pPolicyConfig->capture_disk_size) pPolicyConfig->capture_disk_size = FILE_CAPTURE_DISK_SIZE_DEFAULT; } else if (defaultConfig == NULL) { if (pPolicyConfig->file_capture_queue_size) { DynamicPreprocessorFatalMessage("%s(%d) => File inspect: " "file capture queue size must be configured " "in the default config.\n", *(_dpd.config_file), *(_dpd.config_line)); } } else { pPolicyConfig->file_capture_queue_size = defaultConfig->file_capture_queue_size; } }
static void SSLFreeConfig(tSfPolicyUserContextId config) { SSLPP_config_t *defaultConfig; ssl_callback_interface_t *ssl_cb = (ssl_callback_interface_t *)_dpd.getSSLCallback(); if (config == NULL) return; defaultConfig = (SSLPP_config_t *)sfPolicyUserDataGetDefault(config); if(defaultConfig && ssl_cb) { ssl_cb->policy_free(&(defaultConfig->current_handle), defaultConfig->reload_handle); defaultConfig->reload_handle = NULL; #ifdef ENABLE_HA if(defaultConfig->ssl_ha_config) { SSLHAConfigFree(defaultConfig->ssl_ha_config); defaultConfig->ssl_ha_config = NULL; } #endif } sfPolicyUserDataFreeIterate (config, SSLFreeConfigPolicy); sfPolicyConfigDelete(config); }
static int SSLPP_CheckConfig(struct _SnortConfig *sc) { #ifdef ENABLE_HA int haNotConfigured = 0; #endif int rval; SSLPP_config_t *defaultConfig = (SSLPP_config_t *)sfPolicyUserDataGetDefault(ssl_config); if ((rval = sfPolicyUserDataIterate (sc, ssl_config, SSLPP_CheckPolicyConfig))) return rval; // Load SSL once for default policy if (defaultConfig) { if( SSLPP_PolicyInit(sc, ssl_config, defaultConfig, _dpd.getDefaultPolicy(), false) != 0 ) return -1; #ifdef ENABLE_HA if (defaultConfig->enable_ssl_ha) { haNotConfigured = (SSLVerifyHAConfig(sc, defaultConfig->ssl_ha_config) != 0); if (haNotConfigured) { _dpd.errMsg("WARNING: SSL HA misconfigured.\n"); return -1; } } #endif } sfPolicyUserDataIterate (sc, ssl_config, SSLPP_CheckPolicyEnabled); return 0; }
void IMAP_CheckConfig(IMAPConfig *pPolicyConfig, tSfPolicyUserContextId context) { IMAPConfig *defaultConfig = (IMAPConfig *)sfPolicyUserDataGetDefault(context); if (pPolicyConfig == defaultConfig) { if (! _dpd.fileAPI->check_decoding_conf(&(pPolicyConfig->decode_conf), &(defaultConfig->decode_conf), "IMAP")) return; if (!pPolicyConfig->memcap) pPolicyConfig->memcap = DEFAULT_IMAP_MEMCAP; } else if (defaultConfig == NULL) { _dpd.fileAPI->check_decoding_conf(&(pPolicyConfig->decode_conf), NULL, "IMAP"); } else { pPolicyConfig->memcap = defaultConfig->memcap; if(pPolicyConfig->disabled) { pPolicyConfig->decode_conf = defaultConfig->decode_conf; return; } _dpd.fileAPI->check_decoding_conf(&(pPolicyConfig->decode_conf), &(defaultConfig->decode_conf), "IMAP"); } }
static void Reputation_PostControl(uint16_t type, void *old_config, struct _THREAD_ELEMENT *te, ControlDataSendFunc f) { ReputationConfig *config = (ReputationConfig *) old_config; ReputationConfig *pDefaultPolicyConfig = NULL; pDefaultPolicyConfig = (ReputationConfig *)sfPolicyUserDataGetDefault(reputation_config); if (!pDefaultPolicyConfig) { return; } UnmapInactiveSegments(); pDefaultPolicyConfig->memCapReached = config->memCapReached; pDefaultPolicyConfig->segment_version = config->segment_version; pDefaultPolicyConfig->memsize = config->memsize; pDefaultPolicyConfig->numEntries = config->numEntries; pDefaultPolicyConfig->iplist = config->iplist; pDefaultPolicyConfig->statusBuf = NULL; reputation_shmem_config = pDefaultPolicyConfig; switch_state = SWITCHED; free(config); }
/* Check configs & set up mempool. Mempool stuff is in this function because we want to parse & check *ALL* of the configs before allocating a mempool. */ static int DNP3CheckConfig(struct _SnortConfig *sc) { int rval; unsigned int max_sessions; /* Get default configuration */ dnp3_config_t *default_config = (dnp3_config_t *)sfPolicyUserDataGetDefault(dnp3_context_id); if ( !default_config ) { _dpd.errMsg( "ERROR: preprocessor dnp3 must be configured in the default policy.\n"); return -1; } /* Check all individual configurations */ if ((rval = sfPolicyUserDataIterate(sc, dnp3_context_id, DNP3CheckPolicyConfig))) return rval; /* Set up MemPool, but only if a config exists that's not "disabled". */ if (sfPolicyUserDataIterate(sc, dnp3_context_id, DNP3IsEnabled) == 0) return 0; // FIXTHIS default_config is null when configured in target policy only max_sessions = default_config->memcap / sizeof(dnp3_session_data_t); dnp3_mempool = (MemPool *)calloc(1, sizeof(MemPool)); if (mempool_init(dnp3_mempool, max_sessions, sizeof(dnp3_session_data_t)) != 0) { DynamicPreprocessorFatalMessage("Unable to allocate DNP3 mempool.\n"); } return 0; }
/* Initializes the SIP preprocessor module and registers * it in the preprocessor list. * * PARAMETERS: * * argp: Pointer to argument string to process for config * data. * * RETURNS: Nothing. */ static void SIPInit(struct _SnortConfig *sc, char *argp) { tSfPolicyId policy_id = _dpd.getParserPolicy(sc); SIPConfig *pDefaultPolicyConfig = NULL; SIPConfig *pPolicyConfig = NULL; if (sip_config == NULL) { //create a context sip_config = sfPolicyConfigCreate(); if (sip_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for SIP config.\n"); } _dpd.addPreprocConfCheck(sc, SIPCheckConfig); _dpd.registerPreprocStats(SIP_NAME, SIP_PrintStats); _dpd.addPreprocExit(SIPCleanExit, NULL, PRIORITY_LAST, PP_SIP); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("sip", (void *)&sipPerfStats, 0, _dpd.totalPerfStats, NULL); #endif #ifdef TARGET_BASED sip_app_id = _dpd.findProtocolReference("sip"); if (sip_app_id == SFTARGET_UNKNOWN_PROTOCOL) sip_app_id = _dpd.addProtocolReference("sip"); // register with session to handle applications _dpd.sessionAPI->register_service_handler( PP_SIP, sip_app_id ); #endif } sfPolicyUserPolicySet (sip_config, policy_id); pDefaultPolicyConfig = (SIPConfig *)sfPolicyUserDataGetDefault(sip_config); pPolicyConfig = (SIPConfig *)sfPolicyUserDataGetCurrent(sip_config); if ((pPolicyConfig != NULL) && (pDefaultPolicyConfig == NULL)) { DynamicPreprocessorFatalMessage("SIP preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SIPConfig *)calloc(1, sizeof(SIPConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "SIP preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(sip_config, pPolicyConfig); SIP_RegRuleOptions(sc); ParseSIPArgs(pPolicyConfig, (u_char *)argp); }
static int Reputation_PreControl(uint16_t type, const uint8_t *data, uint32_t length, void **new_config, char *statusBuf, int statusBufLen) { ReputationConfig *pDefaultPolicyConfig = NULL; ReputationConfig *nextConfig = NULL; statusBuf[0] = 0; if (SWITCHING == switch_state ) return -1; pDefaultPolicyConfig = (ReputationConfig *)sfPolicyUserDataGetDefault(reputation_config); if (!pDefaultPolicyConfig) { *new_config = NULL; return -1; } nextConfig = (ReputationConfig *)calloc(1, sizeof(ReputationConfig)); if (!nextConfig) { *new_config = NULL; return -1; } switch_state = SWITCHING; nextConfig->segment_version = NO_DATASEG; nextConfig->memcap = pDefaultPolicyConfig->memcap; nextConfig->statusBuf = statusBuf; nextConfig->statusBuf_len = statusBufLen; reputation_shmem_config = nextConfig; if ((available_segment = LoadSharedMemDataSegmentForWriter(RELOAD)) >= 0) { *new_config = nextConfig; nextConfig->segment_version = available_segment; _dpd.logMsg(" Reputation Preprocessor: Received segment %d\n", available_segment); if (!statusBuf[0]) snprintf(statusBuf,statusBufLen, "Reputation Preprocessor: Received segment %d successful", available_segment); } else { *new_config = NULL; free(nextConfig); switch_state = NO_SWITCH; return -1; } return 0; }
void SMTP_CheckConfig(SMTPConfig *pPolicyConfig, tSfPolicyUserContextId context) { SMTPConfig *defaultConfig = (SMTPConfig *)sfPolicyUserDataGetDefault(context); if (pPolicyConfig == defaultConfig) { if (!_dpd.fileAPI->check_decoding_conf(&(pPolicyConfig->decode_conf), &(defaultConfig->decode_conf), "SMTP")) return; if (!pPolicyConfig->memcap) pPolicyConfig->memcap = DEFAULT_SMTP_MEMCAP; if(pPolicyConfig->disabled && !pPolicyConfig->log_config.email_hdrs_log_depth) pPolicyConfig->log_config.email_hdrs_log_depth = DEFAULT_LOG_DEPTH; } else if (defaultConfig == NULL) { _dpd.fileAPI->check_decoding_conf(&(pPolicyConfig->decode_conf), NULL, "SMTP"); if (pPolicyConfig->memcap) { DynamicPreprocessorFatalMessage("%s(%d) => SMTP: memcap must be " "configured in the default config.\n", *(_dpd.config_file), *(_dpd.config_line)); } if(pPolicyConfig->log_config.log_email_hdrs && pPolicyConfig->log_config.email_hdrs_log_depth) { DynamicPreprocessorFatalMessage("%s(%d) => SMTP: email_hdrs_log_depth must be " "configured in the default config.\n", *(_dpd.config_file), *(_dpd.config_line)); } } else { pPolicyConfig->memcap = defaultConfig->memcap; pPolicyConfig->log_config.email_hdrs_log_depth = defaultConfig->log_config.email_hdrs_log_depth; if(pPolicyConfig->disabled) { pPolicyConfig->decode_conf = defaultConfig->decode_conf; return; } _dpd.fileAPI->check_decoding_conf(&(pPolicyConfig->decode_conf), &(defaultConfig->decode_conf), "SMTP"); } }
static void file_agent_thread_init() { int rval; const struct timespec thread_sleep = { 0, 100 }; sigset_t mask; stop_file_capturing = false; /* Spin off the file capture handler thread. */ sigemptyset(&mask); sigaddset(&mask, SIGTERM); sigaddset(&mask, SIGQUIT); sigaddset(&mask, SIGPIPE); sigaddset(&mask, SIGINT); sigaddset(&mask, SIGHUP); sigaddset(&mask, SIGUSR1); sigaddset(&mask, SIGUSR2); sigaddset(&mask, SIGCHLD); sigaddset(&mask, SIGURG); sigaddset(&mask, SIGVTALRM); pthread_sigmask(SIG_SETMASK, &mask, NULL); FileInspectConf *conf = sfPolicyUserDataGetDefault(file_config); if ((rval = pthread_create(&capture_thread_tid, NULL, &FileCaptureThread, conf)) != 0) { sigemptyset(&mask); pthread_sigmask(SIG_SETMASK, &mask, NULL); FILE_FATAL_ERROR("File capture: Unable to create a " "processing thread: %s", strerror(rval)); } while (!capture_thread_running) nanosleep(&thread_sleep, NULL); sigemptyset(&mask); pthread_sigmask(SIG_SETMASK, &mask, NULL); _dpd.logMsg("File capture thread started tid=%p (pid=%u)\n", (void *) capture_thread_tid, capture_thread_pid); }
void SMTP_CheckConfig(SMTPConfig *pPolicyConfig, tSfPolicyUserContextId context) { SMTPConfig *defaultConfig = (SMTPConfig *)sfPolicyUserDataGetDefault(context); if (pPolicyConfig == defaultConfig) { if (!pPolicyConfig->max_mime_mem) pPolicyConfig->max_mime_mem = DEFAULT_MAX_MIME_MEM; if (!pPolicyConfig->max_mime_depth) pPolicyConfig->max_mime_depth = DEFAULT_MAX_MIME_DEPTH; } else if (defaultConfig == NULL) { if (pPolicyConfig->max_mime_mem) { DynamicPreprocessorFatalMessage("%s(%d) => SMTP: max_mime_mem must be " "configured in the default policy.\n", *(_dpd.config_file), *(_dpd.config_line)); } if (pPolicyConfig->max_mime_depth) { DynamicPreprocessorFatalMessage("%s(%d) => SMTP: max_mime_depth must be " "configured in the default policy.\n", *(_dpd.config_file), *(_dpd.config_line)); } } else { pPolicyConfig->max_mime_mem = defaultConfig->max_mime_mem; pPolicyConfig->max_mime_depth = defaultConfig->max_mime_depth; pPolicyConfig->max_mime_decode_bytes = defaultConfig->max_mime_decode_bytes; pPolicyConfig->max_mime_sessions = defaultConfig->max_mime_sessions; } }
static int SIPCheckPolicyConfig(struct _SnortConfig *sc, tSfPolicyUserContextId config, tSfPolicyId policy_id, void* pData) { SIPConfig *sip_policy = ( SIPConfig * ) pData; if ( sip_policy->disabled ) return 0; if (!_dpd.isPreprocEnabled(sc, PP_STREAM)) { _dpd.errMsg("SIPCheckPolicyConfig(): The Stream preprocessor must be enabled.\n"); return -1; } if (policy_id != 0) { SIPConfig *default_sip_policy = ( SIPConfig * ) sfPolicyUserDataGetDefault( config ); if(default_sip_policy == NULL) { _dpd.errMsg("SIPCheckPolicyConfig(): SIP default policy must be configured\n"); return -1; } sip_policy->maxNumSessions = default_sip_policy->maxNumSessions; } _dpd.setParserPolicy( sc, policy_id ); _dpd.addPreproc( sc, SIPmain, PRIORITY_APPLICATION, PP_SIP, PROTO_BIT__UDP|PROTO_BIT__TCP ); // register ports with session and stream registerPortsForDispatch( sc, sip_policy ); registerPortsForReassembly( sip_policy, SSN_DIR_FROM_SERVER | SSN_DIR_FROM_CLIENT ); _addPortsToStreamFilter(sc, sip_policy, policy_id); #ifdef TARGET_BASED _addServicesToStreamFilter(sc, policy_id); #endif return 0; }
/********************************************************************* * Function: DCE2_ReloadGlobal() * * Purpose: Creates a new global DCE/RPC preprocessor config. * * Arguments: snort.conf argument line for the DCE/RPC preprocessor. * * Returns: None * *********************************************************************/ static void DCE2_ReloadGlobal(char *args) { tSfPolicyId policy_id = _dpd.getParserPolicy(); DCE2_Config *pDefaultPolicyConfig = NULL; DCE2_Config *pCurrentPolicyConfig = NULL; if ((_dpd.streamAPI == NULL) || (_dpd.streamAPI->version != STREAM_API_VERSION5)) { DCE2_Die("%s(%d) \"%s\" configuration: " "Stream5 must be enabled with TCP and UDP tracking.", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } if (dce2_swap_config == NULL) { //create a context dce2_swap_config = sfPolicyConfigCreate(); if (dce2_swap_config == NULL) { DCE2_Die("%s(%d) \"%s\" configuration: Could not allocate memory " "configuration.\n", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } _dpd.addPreprocReloadVerify(DCE2_ReloadVerify); } sfPolicyUserPolicySet(dce2_swap_config, policy_id); pDefaultPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetDefault(dce2_swap_config); pCurrentPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetCurrent(dce2_swap_config); if ((policy_id != 0) && (pDefaultPolicyConfig == NULL)) { DCE2_Die("%s(%d) \"%s\" configuration: Must configure default policy " "if other policies are to be configured.\n", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } /* Can only do one global configuration */ if (pCurrentPolicyConfig != NULL) { DCE2_Die("%s(%d) \"%s\" configuration: Only one global configuration can be specified.", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } DCE2_RegRuleOptions(); pCurrentPolicyConfig = (DCE2_Config *)DCE2_Alloc(sizeof(DCE2_Config), DCE2_MEM_TYPE__CONFIG); sfPolicyUserDataSetCurrent(dce2_swap_config, pCurrentPolicyConfig); /* Parse configuration args */ DCE2_GlobalConfigure(pCurrentPolicyConfig, args); if ( pCurrentPolicyConfig->gconfig->disabled ) return; _dpd.addPreproc(DCE2_Main, PRIORITY_APPLICATION, PP_DCE2, PROTO_BIT__TCP | PROTO_BIT__UDP); #ifdef TARGET_BASED _dpd.streamAPI->set_service_filter_status (dce2_proto_ids.dcerpc, PORT_MONITOR_SESSION, policy_id, 1); _dpd.streamAPI->set_service_filter_status (dce2_proto_ids.nbss, PORT_MONITOR_SESSION, policy_id, 1); #endif if (policy_id != 0) pCurrentPolicyConfig->gconfig->memcap = pDefaultPolicyConfig->gconfig->memcap; }
/********************************************************************* * Function: DCE2_InitGlobal() * * Purpose: Initializes the global DCE/RPC preprocessor config. * * Arguments: snort.conf argument line for the DCE/RPC preprocessor. * * Returns: None * *********************************************************************/ static void DCE2_InitGlobal(char *args) { tSfPolicyId policy_id = _dpd.getParserPolicy(); DCE2_Config *pDefaultPolicyConfig = NULL; DCE2_Config *pCurrentPolicyConfig = NULL; if ((_dpd.streamAPI == NULL) || (_dpd.streamAPI->version != STREAM_API_VERSION5)) { DCE2_Die("%s(%d) \"%s\" configuration: " "Stream5 must be enabled with TCP and UDP tracking.", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } if (dce2_config == NULL) { dce2_config = sfPolicyConfigCreate(); if (dce2_config == NULL) { DCE2_Die("%s(%d) \"%s\" configuration: Could not allocate memory " "configuration.\n", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } DCE2_MemInit(); DCE2_StatsInit(); DCE2_EventsInit(); /* Initialize reassembly packet */ DCE2_InitRpkts(); DCE2_SmbInitGlobals(); _dpd.addPreprocConfCheck(DCE2_CheckConfig); _dpd.registerPreprocStats(DCE2_GNAME, DCE2_PrintStats); _dpd.addPreprocReset(DCE2_Reset, NULL, PRIORITY_LAST, PP_DCE2); _dpd.addPreprocResetStats(DCE2_ResetStats, NULL, PRIORITY_LAST, PP_DCE2); _dpd.addPreprocExit(DCE2_CleanExit, NULL, PRIORITY_LAST, PP_DCE2); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc(DCE2_PSTAT__MAIN, &dce2_pstat_main, 0, _dpd.totalPerfStats); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SESSION, &dce2_pstat_session, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__NEW_SESSION, &dce2_pstat_new_session, 2, &dce2_pstat_session); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SSN_STATE, &dce2_pstat_session_state, 2, &dce2_pstat_session); _dpd.addPreprocProfileFunc(DCE2_PSTAT__LOG, &dce2_pstat_log, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__DETECT, &dce2_pstat_detect, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_SEG, &dce2_pstat_smb_seg, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_REQ, &dce2_pstat_smb_req, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_UID, &dce2_pstat_smb_uid, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_TID, &dce2_pstat_smb_tid, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_FID, &dce2_pstat_smb_fid, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_FP, &dce2_pstat_smb_fingerprint, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_NEG, &dce2_pstat_smb_negotiate, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_SEG, &dce2_pstat_co_seg, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_FRAG, &dce2_pstat_co_frag, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_REASS, &dce2_pstat_co_reass, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_CTX, &dce2_pstat_co_ctx, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CL_ACTS, &dce2_pstat_cl_acts, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CL_FRAG, &dce2_pstat_cl_frag, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CL_REASS, &dce2_pstat_cl_reass, 1, &dce2_pstat_main); #endif #ifdef TARGET_BASED dce2_proto_ids.dcerpc = _dpd.findProtocolReference(DCE2_PROTO_REF_STR__DCERPC); if (dce2_proto_ids.dcerpc == SFTARGET_UNKNOWN_PROTOCOL) dce2_proto_ids.dcerpc = _dpd.addProtocolReference(DCE2_PROTO_REF_STR__DCERPC); /* smb and netbios-ssn refer to the same thing */ dce2_proto_ids.nbss = _dpd.findProtocolReference(DCE2_PROTO_REF_STR__NBSS); if (dce2_proto_ids.nbss == SFTARGET_UNKNOWN_PROTOCOL) dce2_proto_ids.nbss = _dpd.addProtocolReference(DCE2_PROTO_REF_STR__NBSS); #endif } sfPolicyUserPolicySet(dce2_config, policy_id); pDefaultPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetDefault(dce2_config); pCurrentPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetCurrent(dce2_config); if ((policy_id != 0) && (pDefaultPolicyConfig == NULL)) { DCE2_Die("%s(%d) \"%s\" configuration: Must configure default policy " "if other policies are to be configured.\n", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } /* Can only do one global configuration */ if (pCurrentPolicyConfig != NULL) { DCE2_Die("%s(%d) \"%s\" configuration: Only one global configuration can be specified.", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } DCE2_RegRuleOptions(); pCurrentPolicyConfig = (DCE2_Config *)DCE2_Alloc(sizeof(DCE2_Config), DCE2_MEM_TYPE__CONFIG); sfPolicyUserDataSetCurrent(dce2_config, pCurrentPolicyConfig); /* Parse configuration args */ DCE2_GlobalConfigure(pCurrentPolicyConfig, args); if (policy_id != 0) pCurrentPolicyConfig->gconfig->memcap = pDefaultPolicyConfig->gconfig->memcap; if ( pCurrentPolicyConfig->gconfig->disabled ) return; /* Register callbacks */ _dpd.addPreproc(DCE2_Main, PRIORITY_APPLICATION, PP_DCE2, PROTO_BIT__TCP | PROTO_BIT__UDP); #ifdef TARGET_BASED _dpd.streamAPI->set_service_filter_status (dce2_proto_ids.dcerpc, PORT_MONITOR_SESSION, policy_id, 1); _dpd.streamAPI->set_service_filter_status (dce2_proto_ids.nbss, PORT_MONITOR_SESSION, policy_id, 1); #endif }
/* Initializes the SIP preprocessor module and registers * it in the preprocessor list. * * PARAMETERS: * * argp: Pointer to argument string to process for config * data. * * RETURNS: Nothing. */ static void SIPInit(char *argp) { tSfPolicyId policy_id = _dpd.getParserPolicy(); SIPConfig *pDefaultPolicyConfig = NULL; SIPConfig *pPolicyConfig = NULL; if (sip_config == NULL) { //create a context sip_config = sfPolicyConfigCreate(); if (sip_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for SIP config.\n"); } _dpd.addPreprocConfCheck(SIPCheckConfig); _dpd.registerPreprocStats(SIP_NAME, SIP_PrintStats); _dpd.addPreprocExit(SIPCleanExit, NULL, PRIORITY_LAST, PP_SIP); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("sip", (void *)&sipPerfStats, 0, _dpd.totalPerfStats); #endif #ifdef TARGET_BASED sip_app_id = _dpd.findProtocolReference("sip"); if (sip_app_id == SFTARGET_UNKNOWN_PROTOCOL) sip_app_id = _dpd.addProtocolReference("sip"); #endif } sfPolicyUserPolicySet (sip_config, policy_id); pDefaultPolicyConfig = (SIPConfig *)sfPolicyUserDataGetDefault(sip_config); pPolicyConfig = (SIPConfig *)sfPolicyUserDataGetCurrent(sip_config); if ((pPolicyConfig != NULL) && (pDefaultPolicyConfig == NULL)) { DynamicPreprocessorFatalMessage("SIP preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SIPConfig *)calloc(1, sizeof(SIPConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "SIP preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(sip_config, pPolicyConfig); SIP_RegRuleOptions(); ParseSIPArgs(pPolicyConfig, (u_char *)argp); if (policy_id != 0) pPolicyConfig->maxNumSessions = pDefaultPolicyConfig->maxNumSessions; if ( pPolicyConfig->disabled ) return; if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupSIP(): The Stream preprocessor must be enabled.\n"); } _dpd.addPreproc( SIPmain, PRIORITY_APPLICATION, PP_SIP, PROTO_BIT__UDP|PROTO_BIT__TCP ); _addPortsToStream5Filter(pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(policy_id); #endif }
void IMAP_CheckConfig(IMAPConfig *pPolicyConfig, tSfPolicyUserContextId context) { int max = -1; IMAPConfig *defaultConfig = (IMAPConfig *)sfPolicyUserDataGetDefault(context); if (pPolicyConfig == defaultConfig) { if (!pPolicyConfig->max_mime_mem) pPolicyConfig->max_mime_mem = DEFAULT_MAX_MIME_MEM; if(!pPolicyConfig->b64_depth || !pPolicyConfig->qp_depth || !pPolicyConfig->uu_depth || !pPolicyConfig->bitenc_depth) { pPolicyConfig->max_depth = MAX_DEPTH; return; } else { if(max < pPolicyConfig->b64_depth) max = pPolicyConfig->b64_depth; if(max < pPolicyConfig->qp_depth) max = pPolicyConfig->qp_depth; if(max < pPolicyConfig->bitenc_depth) max = pPolicyConfig->bitenc_depth; if(max < pPolicyConfig->uu_depth) max = pPolicyConfig->uu_depth; pPolicyConfig->max_depth = max; } if (!pPolicyConfig->memcap) pPolicyConfig->memcap = DEFAULT_IMAP_MEMCAP; } else if (defaultConfig == NULL) { if (pPolicyConfig->max_mime_mem) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: max_mime_mem must be " "configured in the default config.\n", *(_dpd.config_file), *(_dpd.config_line)); } if (pPolicyConfig->b64_depth > -1) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: b64_decode_depth must be " "configured in the default config.\n", *(_dpd.config_file), *(_dpd.config_line)); } if (pPolicyConfig->qp_depth > -1) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: qp_decode_depth must be " "configured in the default config.\n", *(_dpd.config_file), *(_dpd.config_line)); } if (pPolicyConfig->uu_depth > -1) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: uu_decode_depth must be " "configured in the default config.\n", *(_dpd.config_file), *(_dpd.config_line)); } if (pPolicyConfig->bitenc_depth > -1) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: bitenc_decode_depth must be " "configured in the default config.\n", *(_dpd.config_file), *(_dpd.config_line)); } } else { pPolicyConfig->max_mime_mem = defaultConfig->max_mime_mem; pPolicyConfig->memcap = defaultConfig->memcap; pPolicyConfig->max_depth = defaultConfig->max_depth; if(pPolicyConfig->disabled) { pPolicyConfig->b64_depth = defaultConfig->b64_depth; pPolicyConfig->qp_depth = defaultConfig->qp_depth; pPolicyConfig->uu_depth = defaultConfig->uu_depth; pPolicyConfig->bitenc_depth = defaultConfig->bitenc_depth; return; } if(!pPolicyConfig->b64_depth && defaultConfig->b64_depth) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: Cannot enable unlimited Base64 decoding" " in non-default config without turning on unlimited Base64 decoding in the default " " config.\n", *(_dpd.config_file), *(_dpd.config_line)); } else if(defaultConfig->b64_depth && (pPolicyConfig->b64_depth > defaultConfig->b64_depth)) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: b64_decode_depth value %d in non-default config" " cannot exceed default config's value %d.\n", *(_dpd.config_file), *(_dpd.config_line), pPolicyConfig->b64_depth, defaultConfig->b64_depth); } if(!pPolicyConfig->qp_depth && defaultConfig->qp_depth) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: Cannot enable unlimited Quoted-Printable decoding" " in non-default config without turning on unlimited Quoted-Printable decoding in the default " " config.\n", *(_dpd.config_file), *(_dpd.config_line)); } else if(defaultConfig->qp_depth && (pPolicyConfig->qp_depth > defaultConfig->qp_depth)) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: qp_decode_depth value %d in non-default config" " cannot exceed default config's value %d.\n", *(_dpd.config_file), *(_dpd.config_line), pPolicyConfig->qp_depth, defaultConfig->qp_depth); } if(!pPolicyConfig->uu_depth && defaultConfig->uu_depth ) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: Cannot enable unlimited Unix-to-Unix decoding" " in non-default config without turning on unlimited Unix-to-Unix decoding in the default " " config.\n", *(_dpd.config_file), *(_dpd.config_line)); } else if(defaultConfig->uu_depth && (pPolicyConfig->uu_depth > defaultConfig->uu_depth)) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: uu_decode_depth value %d in the non-default config" " cannot exceed default config's value %d.\n", *(_dpd.config_file), *(_dpd.config_line),pPolicyConfig->uu_depth, defaultConfig->uu_depth); } if(!pPolicyConfig->bitenc_depth && defaultConfig->bitenc_depth) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: Cannot enable unlimited Non-Encoded MIME attachment extraction" " in non-default config without turning on unlimited Non-Encoded MIME attachment extraction in the default " " config.\n", *(_dpd.config_file), *(_dpd.config_line)); } else if(defaultConfig->bitenc_depth && (pPolicyConfig->bitenc_depth > defaultConfig->bitenc_depth)) { DynamicPreprocessorFatalMessage("%s(%d) => IMAP: bitenc_decode_depth value %d in non-default config" " cannot exceed default config's value %d.\n", *(_dpd.config_file), *(_dpd.config_line), pPolicyConfig->bitenc_depth, defaultConfig->bitenc_depth); } } }
/* Initializes the GTP preprocessor module and registers * it in the preprocessor list. * * PARAMETERS: * * argp: Pointer to argument string to process for config data. * * RETURNS: Nothing. */ static void GTPInit(char *argp) { tSfPolicyId policy_id = _dpd.getParserPolicy(); GTPConfig *pDefaultPolicyConfig = NULL; GTPConfig *pPolicyConfig = NULL; if (gtp_config == NULL) { /*create a context*/ gtp_config = sfPolicyConfigCreate(); if (gtp_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for GTP config.\n"); } _dpd.addPreprocConfCheck(GTPCheckConfig); _dpd.registerPreprocStats(GTP_NAME, GTP_PrintStats); _dpd.addPreprocExit(GTPCleanExit, NULL, PRIORITY_LAST, PP_GTP); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("gtp", (void *)>pPerfStats, 0, _dpd.totalPerfStats); #endif #ifdef TARGET_BASED gtp_app_id = _dpd.findProtocolReference("gtp"); if (gtp_app_id == SFTARGET_UNKNOWN_PROTOCOL) gtp_app_id = _dpd.addProtocolReference("gtp"); #endif } sfPolicyUserPolicySet (gtp_config, policy_id); pDefaultPolicyConfig = (GTPConfig *)sfPolicyUserDataGetDefault(gtp_config); pPolicyConfig = (GTPConfig *)sfPolicyUserDataGetCurrent(gtp_config); if ((pPolicyConfig != NULL) && (pDefaultPolicyConfig == NULL)) { DynamicPreprocessorFatalMessage("GTP preprocessor can only be " "configured once.\n"); } pPolicyConfig = (GTPConfig *)calloc(1, sizeof(GTPConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "GTP preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(gtp_config, pPolicyConfig); GTP_RegRuleOptions(); ParseGTPArgs(pPolicyConfig, (u_char *)argp); if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupGTP(): The Stream preprocessor must be enabled.\n"); } _dpd.addPreproc( GTPmain, PRIORITY_APPLICATION, PP_GTP, PROTO_BIT__UDP ); _addPortsToStream5Filter(pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(policy_id); #endif }