static inline void ModbusOneTimeInit() { /* context creation & error checking */ modbus_context_id = sfPolicyConfigCreate(); if (modbus_context_id == NULL) { _dpd.fatalMsg("%s(%d) Failed to allocate memory for " "Modbus config.\n", *_dpd.config_file, *_dpd.config_line); } if (_dpd.streamAPI == NULL) { _dpd.fatalMsg("%s(%d) SetupModbus(): The Stream preprocessor " "must be enabled.\n", *_dpd.config_file, *_dpd.config_line); } /* callback registration */ _dpd.addPreprocConfCheck(ModbusCheckConfig); _dpd.addPreprocExit(ModbusCleanExit, NULL, PRIORITY_LAST, PP_MODBUS); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("modbus", (void *)&modbusPerfStats, 0, _dpd.totalPerfStats); #endif /* Set up target-based app id */ #ifdef TARGET_BASED modbus_app_id = _dpd.findProtocolReference("modbus"); if (modbus_app_id == SFTARGET_UNKNOWN_PROTOCOL) modbus_app_id = _dpd.addProtocolReference("modbus"); #endif }
/* Almost like ModbusInit, but not quite. */ static void ModbusReload(char *args) { modbus_config_t *modbus_policy = NULL; if (modbus_swap_context_id == NULL) { modbus_swap_context_id = sfPolicyConfigCreate(); if (modbus_swap_context_id == NULL) { _dpd.fatalMsg("Failed to allocate memory " "for Modbus config.\n"); } if (_dpd.streamAPI == NULL) { _dpd.fatalMsg("SetupModbus(): The Stream preprocessor " "must be enabled.\n"); } } modbus_policy = ModbusPerPolicyInit(modbus_swap_context_id); ParseModbusArgs(modbus_policy, args); /* Can't add ports until they've been parsed... */ ModbusAddPortsToPaf(modbus_policy, _dpd.getParserPolicy()); ModbusPrintConfig(modbus_policy); _dpd.addPreprocReloadVerify(ModbusReloadVerify); }
/* Almost like DNP3Init, but not quite. */ static void DNP3Reload(struct _SnortConfig *sc, char *args, void **new_config) { tSfPolicyUserContextId dnp3_swap_context_id = (tSfPolicyUserContextId)*new_config; dnp3_config_t *dnp3_policy = NULL; if (dnp3_swap_context_id == NULL) { dnp3_swap_context_id = sfPolicyConfigCreate(); if (dnp3_swap_context_id == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for DNP3 config.\n"); } if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupDNP3(): The Stream preprocessor " "must be enabled.\n"); } *new_config = (void *)dnp3_swap_context_id; } dnp3_policy = DNP3PerPolicyInit(sc, dnp3_swap_context_id); ParseDNP3Args(sc, dnp3_policy, args); PrintDNP3Config(dnp3_policy); DNP3RegisterPerPolicyCallbacks(sc, dnp3_policy); }
/* Almost like ModbusInit, but not quite. */ static void ModbusReload(struct _SnortConfig *sc, char *args, void **new_config) { tSfPolicyUserContextId modbus_swap_context_id = (tSfPolicyUserContextId)*new_config; modbus_config_t *modbus_policy = NULL; if (modbus_swap_context_id == NULL) { modbus_swap_context_id = sfPolicyConfigCreate(); if (modbus_swap_context_id == NULL) { _dpd.fatalMsg("Failed to allocate memory " "for Modbus config.\n"); } if (_dpd.streamAPI == NULL) { _dpd.fatalMsg("SetupModbus(): The Stream preprocessor " "must be enabled.\n"); } *new_config = (void *)modbus_swap_context_id; } modbus_policy = ModbusPerPolicyInit(sc, modbus_swap_context_id); ParseModbusArgs(modbus_policy, args); /* Can't add ports until they've been parsed... */ ModbusAddPortsToPaf(sc, modbus_policy, _dpd.getParserPolicy(sc)); ModbusPrintConfig(modbus_policy); }
static inline void DNP3OneTimeInit(struct _SnortConfig *sc) { /* context creation & error checking */ dnp3_context_id = sfPolicyConfigCreate(); if (dnp3_context_id == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory for " "DNP3 config.\n"); } if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupDNP3(): The Stream preprocessor " "must be enabled.\n"); } /* callback registration */ _dpd.addPreprocConfCheck(sc, DNP3CheckConfig); _dpd.addPreprocExit(DNP3CleanExit, NULL, PRIORITY_LAST, PP_DNP3); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("dnp3", (void *)&dnp3PerfStats, 0, _dpd.totalPerfStats); #endif /* Set up target-based app id */ #ifdef TARGET_BASED dnp3_app_id = _dpd.findProtocolReference("dnp3"); if (dnp3_app_id == SFTARGET_UNKNOWN_PROTOCOL) dnp3_app_id = _dpd.addProtocolReference("dnp3"); #endif }
static void SIPReload(struct _SnortConfig *sc, char *args, void **new_config) { tSfPolicyUserContextId sip_swap_config = (tSfPolicyUserContextId)*new_config; tSfPolicyId policy_id = _dpd.getParserPolicy(sc); SIPConfig * pPolicyConfig = NULL; if (sip_swap_config == NULL) { //create a context sip_swap_config = sfPolicyConfigCreate(); if (sip_swap_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory for SIP config.\n"); } *new_config = (void *)sip_swap_config; } sfPolicyUserPolicySet (sip_swap_config, policy_id); pPolicyConfig = (SIPConfig *)sfPolicyUserDataGetCurrent(sip_swap_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("SIP preprocessor can only be configured once.\n"); } pPolicyConfig = (SIPConfig *)calloc(1, sizeof(SIPConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "SIP preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(sip_swap_config, pPolicyConfig); SIP_RegRuleOptions(sc); ParseSIPArgs(pPolicyConfig, (u_char *)args); }
/* Initializes the SIP preprocessor module and registers * it in the preprocessor list. * * PARAMETERS: * * argp: Pointer to argument string to process for config * data. * * RETURNS: Nothing. */ static void SIPInit(struct _SnortConfig *sc, char *argp) { tSfPolicyId policy_id = _dpd.getParserPolicy(sc); SIPConfig *pDefaultPolicyConfig = NULL; SIPConfig *pPolicyConfig = NULL; if (sip_config == NULL) { //create a context sip_config = sfPolicyConfigCreate(); if (sip_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for SIP config.\n"); } _dpd.addPreprocConfCheck(sc, SIPCheckConfig); _dpd.registerPreprocStats(SIP_NAME, SIP_PrintStats); _dpd.addPreprocExit(SIPCleanExit, NULL, PRIORITY_LAST, PP_SIP); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("sip", (void *)&sipPerfStats, 0, _dpd.totalPerfStats, NULL); #endif #ifdef TARGET_BASED sip_app_id = _dpd.findProtocolReference("sip"); if (sip_app_id == SFTARGET_UNKNOWN_PROTOCOL) sip_app_id = _dpd.addProtocolReference("sip"); // register with session to handle applications _dpd.sessionAPI->register_service_handler( PP_SIP, sip_app_id ); #endif } sfPolicyUserPolicySet (sip_config, policy_id); pDefaultPolicyConfig = (SIPConfig *)sfPolicyUserDataGetDefault(sip_config); pPolicyConfig = (SIPConfig *)sfPolicyUserDataGetCurrent(sip_config); if ((pPolicyConfig != NULL) && (pDefaultPolicyConfig == NULL)) { DynamicPreprocessorFatalMessage("SIP preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SIPConfig *)calloc(1, sizeof(SIPConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "SIP preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(sip_config, pPolicyConfig); SIP_RegRuleOptions(sc); ParseSIPArgs(pPolicyConfig, (u_char *)argp); }
static void SIPReload(char *args) { tSfPolicyId policy_id = _dpd.getParserPolicy(); SIPConfig * pPolicyConfig = NULL; if (sip_swap_config == NULL) { //create a context sip_swap_config = sfPolicyConfigCreate(); if (sip_swap_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for SIP config.\n"); } } sfPolicyUserPolicySet (sip_swap_config, policy_id); pPolicyConfig = (SIPConfig *)sfPolicyUserDataGetCurrent(sip_swap_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("SIP preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SIPConfig *)calloc(1, sizeof(SIPConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "SIP preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(sip_swap_config, pPolicyConfig); SIP_RegRuleOptions(); ParseSIPArgs(pPolicyConfig, (u_char *)args); if( pPolicyConfig->disabled ) return; if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupSIP(): The Stream preprocessor must be enabled.\n"); } _dpd.addPreproc( SIPmain, PRIORITY_APPLICATION, PP_SIP, PROTO_BIT__UDP|PROTO_BIT__TCP ); _dpd.addPreprocReloadVerify(SIPReloadVerify); _addPortsToStream5Filter(pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(policy_id); #endif }
static void SSHReload(struct _SnortConfig *sc, char *args, void **new_config) { tSfPolicyUserContextId ssh_swap_config = (tSfPolicyUserContextId)*new_config; tSfPolicyId policy_id = _dpd.getParserPolicy(sc); SSHConfig * pPolicyConfig = NULL; if (ssh_swap_config == NULL) { //create a context ssh_swap_config = sfPolicyConfigCreate(); if (ssh_swap_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for SSH config.\n"); } if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupSSH(): The Stream preprocessor must be enabled.\n"); } *new_config = (void *)ssh_swap_config; } sfPolicyUserPolicySet (ssh_swap_config, policy_id); pPolicyConfig = (SSHConfig *)sfPolicyUserDataGetCurrent(ssh_swap_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("SSH preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SSHConfig *)calloc(1, sizeof(SSHConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "SSH preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(ssh_swap_config, pPolicyConfig); ParseSSHArgs(pPolicyConfig, (u_char *)args); _dpd.addPreproc( sc, ProcessSSH, PRIORITY_APPLICATION, PP_SSH, PROTO_BIT__TCP ); _addPortsToStream5Filter(sc, pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(sc, policy_id); #endif }
/* Initializes the File preprocessor module and registers * it in the preprocessor list. * * PARAMETERS: * * argp: Pointer to argument string to process for config * data. * * RETURNS: Nothing. */ static void FileInit(struct _SnortConfig *sc, char *argp) { tSfPolicyId policy_id = _dpd.getParserPolicy(sc); FileInspectConf *pPolicyConfig = NULL; if (file_config == NULL) { /*create a context*/ file_config = sfPolicyConfigCreate(); if (file_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for File config.\n"); } if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupFile(): The Stream preprocessor must be enabled.\n"); } _dpd.addPreprocConfCheck(sc, FileCheckConfig); _dpd.registerPreprocStats(FILE_PREPROC_NAME, print_file_stats); _dpd.addPreprocExit(FileCleanExit, NULL, PRIORITY_LAST, PP_FILE_INSPECT); } sfPolicyUserPolicySet (file_config, policy_id); pPolicyConfig = (FileInspectConf *)sfPolicyUserDataGetCurrent(file_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("File preprocessor can only be " "configured once.\n"); } pPolicyConfig = (FileInspectConf *)calloc(1, sizeof(FileInspectConf)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "File preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(file_config, pPolicyConfig); file_config_parse(pPolicyConfig, (u_char *)argp); FileUpdateConfig(pPolicyConfig, file_config); file_agent_init(pPolicyConfig); _dpd.addPostConfigFunc(sc, file_agent_thread_init, pPolicyConfig); }
static void FileReload(struct _SnortConfig *sc, char *args, void **new_config) { tSfPolicyUserContextId file_swap_config = (tSfPolicyUserContextId)*new_config; tSfPolicyId policy_id = _dpd.getParserPolicy(sc); FileInspectConf * pPolicyConfig = NULL; if (file_swap_config == NULL) { //create a context file_swap_config = sfPolicyConfigCreate(); if (file_swap_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for File config.\n"); } if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupFile(): The Stream preprocessor must be enabled.\n"); } *new_config = (void *)file_swap_config; } sfPolicyUserPolicySet (file_swap_config, policy_id); pPolicyConfig = (FileInspectConf *)sfPolicyUserDataGetCurrent(file_swap_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("File preprocessor can only be " "configured once.\n"); } pPolicyConfig = (FileInspectConf *)calloc(1, sizeof(FileInspectConf)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "File preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(file_swap_config, pPolicyConfig); file_config_parse(pPolicyConfig, (u_char *)args); FileUpdateConfig(pPolicyConfig, file_config); }
/* * Function: SMTPInit(char *) * * Purpose: Calls the argument parsing function, performs final setup on data * structs, links the preproc function into the function list. * * Arguments: args => ptr to argument string * * Returns: void function * */ static void SMTPInit(struct _SnortConfig *sc, char *args) { SMTPToken *tmp; tSfPolicyId policy_id = _dpd.getParserPolicy(sc); SMTPConfig * pPolicyConfig = NULL; if (smtp_config == NULL) { //create a context smtp_config = sfPolicyConfigCreate(); if (smtp_config == NULL) { DynamicPreprocessorFatalMessage("Not enough memory to create SMTP " "configuration.\n"); } /* Initialize the searches not dependent on configuration. * headers, reponsed, data, mime boundary regular expression */ SMTP_SearchInit(); /* zero out static SMTP global used for stateless SMTP or if there * is no session pointer */ memset(&smtp_no_session, 0, sizeof(SMTP)); /* Put the preprocessor function into the function list */ /* _dpd.addPreproc(SMTPDetect, PRIORITY_APPLICATION, PP_SMTP, PROTO_BIT__TCP);*/ _dpd.addPreprocExit(SMTPCleanExitFunction, NULL, PRIORITY_LAST, PP_SMTP); _dpd.addPreprocReset(SMTPResetFunction, NULL, PRIORITY_LAST, PP_SMTP); _dpd.registerPreprocStats(SMTP_PROTO_REF_STR, SMTP_PrintStats); _dpd.addPreprocResetStats(SMTPResetStatsFunction, NULL, PRIORITY_LAST, PP_SMTP); _dpd.addPreprocConfCheck(sc, SMTPCheckConfig); #ifdef TARGET_BASED smtp_proto_id = _dpd.findProtocolReference(SMTP_PROTO_REF_STR); if (smtp_proto_id == SFTARGET_UNKNOWN_PROTOCOL) smtp_proto_id = _dpd.addProtocolReference(SMTP_PROTO_REF_STR); // register with session to handle applications _dpd.sessionAPI->register_service_handler( PP_SMTP, smtp_proto_id ); DEBUG_WRAP(DebugMessage(DEBUG_SMTP,"SMTP: Target-based: Proto id for %s: %u.\n", SMTP_PROTO_REF_STR, smtp_proto_id););
/* * Function: IMAPInit(char *) * * Purpose: Calls the argument parsing function, performs final setup on data * structs, links the preproc function into the function list. * * Arguments: args => ptr to argument string * * Returns: void function * */ static void IMAPInit(char *args) { IMAPToken *tmp; tSfPolicyId policy_id = _dpd.getParserPolicy(); IMAPConfig * pPolicyConfig = NULL; if (imap_config == NULL) { //create a context imap_config = sfPolicyConfigCreate(); if (imap_config == NULL) { DynamicPreprocessorFatalMessage("Not enough memory to create IMAP " "configuration.\n"); } /* Initialize the searches not dependent on configuration. * headers, reponsed, data, mime boundary regular expression */ IMAP_SearchInit(); /* zero out static IMAP global used for stateless IMAP or if there * is no session pointer */ memset(&imap_no_session, 0, sizeof(IMAP)); /* Put the preprocessor function into the function list */ /* _dpd.addPreproc(IMAPDetect, PRIORITY_APPLICATION, PP_IMAP, PROTO_BIT__TCP);*/ _dpd.addPreprocExit(IMAPCleanExitFunction, NULL, PRIORITY_LAST, PP_IMAP); _dpd.addPreprocReset(IMAPResetFunction, NULL, PRIORITY_LAST, PP_IMAP); _dpd.addPreprocResetStats(IMAPResetStatsFunction, NULL, PRIORITY_LAST, PP_IMAP); _dpd.addPreprocConfCheck(IMAPCheckConfig); #ifdef TARGET_BASED imap_proto_id = _dpd.findProtocolReference(IMAP_PROTO_REF_STR); if (imap_proto_id == SFTARGET_UNKNOWN_PROTOCOL) imap_proto_id = _dpd.addProtocolReference(IMAP_PROTO_REF_STR); DEBUG_WRAP(DebugMessage(DEBUG_IMAP,"IMAP: Target-based: Proto id for %s: %u.\n", IMAP_PROTO_REF_STR, imap_proto_id););
static void FTPTelnetInit(struct _SnortConfig *sc, char *args) { char *pcToken; char ErrorString[ERRSTRLEN]; int iErrStrLen = ERRSTRLEN; int iRet = 0; tSfPolicyId policy_id = _dpd.getParserPolicy(sc); FTPTELNET_GLOBAL_CONF *pPolicyConfig = NULL; ErrorString[0] = '\0'; if ((args == NULL) || (strlen(args) == 0)) { DynamicPreprocessorFatalMessage("%s(%d) No arguments to FtpTelnet " "configuration.\n", *_dpd.config_file, *_dpd.config_line); } /* Find out what is getting configured */ maxToken = args + strlen(args); pcToken = mystrtok(args, CONF_SEPARATORS); if (pcToken == NULL) { DynamicPreprocessorFatalMessage("%s(%d)mystrtok returned NULL when it " "should not.", __FILE__, __LINE__); } if (ftp_telnet_config == NULL) { //create a context ftp_telnet_config = sfPolicyConfigCreate(); if (ftp_telnet_config == NULL) { DynamicPreprocessorFatalMessage("No memory to allocate " "FTP/Telnet configuration.\n"); } _dpd.addPreprocExit(FTPTelnetCleanExit, NULL, PRIORITY_APPLICATION, PP_FTPTELNET); _dpd.addPreprocReset(FTPTelnetReset, NULL, PRIORITY_APPLICATION, PP_FTPTELNET); _dpd.addPreprocResetStats(FTPTelnetResetStats, NULL, PRIORITY_APPLICATION, PP_FTPTELNET); _dpd.addPreprocConfCheck(sc, FTPConfigCheck); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("ftptelnet_ftp", (void*)&ftpPerfStats, 0, _dpd.totalPerfStats); _dpd.addPreprocProfileFunc("ftptelnet_telnet", (void*)&telnetPerfStats, 0, _dpd.totalPerfStats); _dpd.addPreprocProfileFunc("ftptelnet_ftpdata", (void*)&ftpdataPerfStats, 0, _dpd.totalPerfStats); #endif #ifdef TARGET_BASED if (_dpd.streamAPI != NULL) { /* Find and store the application ID for FTP & Telnet */ ftp_app_id = _dpd.addProtocolReference("ftp"); ftp_data_app_id = _dpd.addProtocolReference("ftp-data"); telnet_app_id = _dpd.addProtocolReference("telnet"); } // register with session to handle applications _dpd.sessionAPI->register_service_handler( PP_FTPTELNET, ftp_app_id ); _dpd.sessionAPI->register_service_handler( PP_FTPTELNET, ftp_data_app_id ); _dpd.sessionAPI->register_service_handler( PP_FTPTELNET, telnet_app_id ); #endif } /* * Global Configuration Processing * We only process the global configuration once, but always check for * user mistakes, like configuring more than once. That's why we * still check for the global token even if it's been checked. */ sfPolicyUserPolicySet (ftp_telnet_config, policy_id); pPolicyConfig = (FTPTELNET_GLOBAL_CONF *)sfPolicyUserDataGetCurrent(ftp_telnet_config); if (pPolicyConfig == NULL) { if (strcasecmp(pcToken, GLOBAL) != 0) { DynamicPreprocessorFatalMessage("%s(%d) Must configure the " "ftptelnet global configuration first.\n", *_dpd.config_file, *_dpd.config_line); } pPolicyConfig = (FTPTELNET_GLOBAL_CONF *)calloc(1, sizeof(FTPTELNET_GLOBAL_CONF)); if (pPolicyConfig == NULL) { DynamicPreprocessorFatalMessage("No memory to allocate " "FTP/Telnet configuration.\n"); } sfPolicyUserDataSetCurrent(ftp_telnet_config, pPolicyConfig); iRet = FtpTelnetInitGlobalConfig(pPolicyConfig, ErrorString, iErrStrLen); if (iRet == 0) { iRet = ProcessFTPGlobalConf(pPolicyConfig, ErrorString, iErrStrLen); if (iRet == 0) { PrintFTPGlobalConf(pPolicyConfig); _dpd.preprocOptRegister(sc, "ftp.bounce", &FTPPBounceInit, &FTPPBounceEval, NULL, NULL, NULL, NULL, NULL); #ifdef TARGET_BASED if (_dpd.streamAPI != NULL) { _dpd.streamAPI->set_service_filter_status (sc, ftp_app_id, PORT_MONITOR_SESSION, policy_id, 1); _dpd.streamAPI->set_service_filter_status (sc, telnet_app_id, PORT_MONITOR_SESSION, policy_id, 1); } #endif } } } else if (strcasecmp(pcToken, TELNET) == 0) { iRet = ProcessTelnetConf(pPolicyConfig, ErrorString, iErrStrLen); enableFtpTelnetPortStreamServices( sc, &pPolicyConfig->telnet_config->proto_ports, NULL, SSN_DIR_FROM_SERVER | SSN_DIR_FROM_CLIENT ); } else if (strcasecmp(pcToken, FTP) == 0) { pcToken = NextToken(CONF_SEPARATORS); if ( !pcToken ) { DynamicPreprocessorFatalMessage( "%s(%d) Missing ftp_telnet ftp keyword.\n", *(_dpd.config_file), *(_dpd.config_line)); } else if (strcasecmp(pcToken, SERVER) == 0) { iRet = ProcessFTPServerConf(sc, pPolicyConfig, ErrorString, iErrStrLen); } else if (strcasecmp(pcToken, CLIENT) == 0) { iRet = ProcessFTPClientConf(sc, pPolicyConfig, ErrorString, iErrStrLen); } else { DynamicPreprocessorFatalMessage("%s(%d) Invalid ftp_telnet ftp keyword.\n", *(_dpd.config_file), *(_dpd.config_line)); } } else { DynamicPreprocessorFatalMessage("%s(%d) Invalid ftp_telnet keyword.\n", *(_dpd.config_file), *(_dpd.config_line)); } if (iRet) { if(iRet > 0) { /* * Non-fatal Error */ if(*ErrorString) { _dpd.errMsg("WARNING: %s(%d) => %s\n", *(_dpd.config_file), *(_dpd.config_line), ErrorString); } } else { /* * Fatal Error, log error and exit. */ if(*ErrorString) { DynamicPreprocessorFatalMessage("%s(%d) => %s\n", *(_dpd.config_file), *(_dpd.config_line), ErrorString); } else { /* * Check if ErrorString is undefined. */ if(iRet == -2) { DynamicPreprocessorFatalMessage("%s(%d) => ErrorString is undefined.\n", *(_dpd.config_file), *(_dpd.config_line)); } else { DynamicPreprocessorFatalMessage("%s(%d) => Undefined Error.\n", *(_dpd.config_file), *(_dpd.config_line)); } } } } }
/********************************************************************* * Function: DCE2_InitGlobal() * * Purpose: Initializes the global DCE/RPC preprocessor config. * * Arguments: snort.conf argument line for the DCE/RPC preprocessor. * * Returns: None * *********************************************************************/ static void DCE2_InitGlobal(char *args) { tSfPolicyId policy_id = _dpd.getParserPolicy(); DCE2_Config *pDefaultPolicyConfig = NULL; DCE2_Config *pCurrentPolicyConfig = NULL; if ((_dpd.streamAPI == NULL) || (_dpd.streamAPI->version != STREAM_API_VERSION5)) { DCE2_Die("%s(%d) \"%s\" configuration: " "Stream5 must be enabled with TCP and UDP tracking.", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } if (dce2_config == NULL) { dce2_config = sfPolicyConfigCreate(); if (dce2_config == NULL) { DCE2_Die("%s(%d) \"%s\" configuration: Could not allocate memory " "configuration.\n", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } DCE2_MemInit(); DCE2_StatsInit(); DCE2_EventsInit(); /* Initialize reassembly packet */ DCE2_InitRpkts(); DCE2_SmbInitGlobals(); _dpd.addPreprocConfCheck(DCE2_CheckConfig); _dpd.registerPreprocStats(DCE2_GNAME, DCE2_PrintStats); _dpd.addPreprocReset(DCE2_Reset, NULL, PRIORITY_LAST, PP_DCE2); _dpd.addPreprocResetStats(DCE2_ResetStats, NULL, PRIORITY_LAST, PP_DCE2); _dpd.addPreprocExit(DCE2_CleanExit, NULL, PRIORITY_LAST, PP_DCE2); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc(DCE2_PSTAT__MAIN, &dce2_pstat_main, 0, _dpd.totalPerfStats); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SESSION, &dce2_pstat_session, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__NEW_SESSION, &dce2_pstat_new_session, 2, &dce2_pstat_session); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SSN_STATE, &dce2_pstat_session_state, 2, &dce2_pstat_session); _dpd.addPreprocProfileFunc(DCE2_PSTAT__LOG, &dce2_pstat_log, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__DETECT, &dce2_pstat_detect, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_SEG, &dce2_pstat_smb_seg, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_REQ, &dce2_pstat_smb_req, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_UID, &dce2_pstat_smb_uid, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_TID, &dce2_pstat_smb_tid, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_FID, &dce2_pstat_smb_fid, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_FP, &dce2_pstat_smb_fingerprint, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__SMB_NEG, &dce2_pstat_smb_negotiate, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_SEG, &dce2_pstat_co_seg, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_FRAG, &dce2_pstat_co_frag, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_REASS, &dce2_pstat_co_reass, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CO_CTX, &dce2_pstat_co_ctx, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CL_ACTS, &dce2_pstat_cl_acts, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CL_FRAG, &dce2_pstat_cl_frag, 1, &dce2_pstat_main); _dpd.addPreprocProfileFunc(DCE2_PSTAT__CL_REASS, &dce2_pstat_cl_reass, 1, &dce2_pstat_main); #endif #ifdef TARGET_BASED dce2_proto_ids.dcerpc = _dpd.findProtocolReference(DCE2_PROTO_REF_STR__DCERPC); if (dce2_proto_ids.dcerpc == SFTARGET_UNKNOWN_PROTOCOL) dce2_proto_ids.dcerpc = _dpd.addProtocolReference(DCE2_PROTO_REF_STR__DCERPC); /* smb and netbios-ssn refer to the same thing */ dce2_proto_ids.nbss = _dpd.findProtocolReference(DCE2_PROTO_REF_STR__NBSS); if (dce2_proto_ids.nbss == SFTARGET_UNKNOWN_PROTOCOL) dce2_proto_ids.nbss = _dpd.addProtocolReference(DCE2_PROTO_REF_STR__NBSS); #endif } sfPolicyUserPolicySet(dce2_config, policy_id); pDefaultPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetDefault(dce2_config); pCurrentPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetCurrent(dce2_config); if ((policy_id != 0) && (pDefaultPolicyConfig == NULL)) { DCE2_Die("%s(%d) \"%s\" configuration: Must configure default policy " "if other policies are to be configured.\n", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } /* Can only do one global configuration */ if (pCurrentPolicyConfig != NULL) { DCE2_Die("%s(%d) \"%s\" configuration: Only one global configuration can be specified.", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } DCE2_RegRuleOptions(); pCurrentPolicyConfig = (DCE2_Config *)DCE2_Alloc(sizeof(DCE2_Config), DCE2_MEM_TYPE__CONFIG); sfPolicyUserDataSetCurrent(dce2_config, pCurrentPolicyConfig); /* Parse configuration args */ DCE2_GlobalConfigure(pCurrentPolicyConfig, args); if (policy_id != 0) pCurrentPolicyConfig->gconfig->memcap = pDefaultPolicyConfig->gconfig->memcap; if ( pCurrentPolicyConfig->gconfig->disabled ) return; /* Register callbacks */ _dpd.addPreproc(DCE2_Main, PRIORITY_APPLICATION, PP_DCE2, PROTO_BIT__TCP | PROTO_BIT__UDP); #ifdef TARGET_BASED _dpd.streamAPI->set_service_filter_status (dce2_proto_ids.dcerpc, PORT_MONITOR_SESSION, policy_id, 1); _dpd.streamAPI->set_service_filter_status (dce2_proto_ids.nbss, PORT_MONITOR_SESSION, policy_id, 1); #endif }
/* Initializes the SIP preprocessor module and registers * it in the preprocessor list. * * PARAMETERS: * * argp: Pointer to argument string to process for config * data. * * RETURNS: Nothing. */ static void SIPInit(char *argp) { tSfPolicyId policy_id = _dpd.getParserPolicy(); SIPConfig *pDefaultPolicyConfig = NULL; SIPConfig *pPolicyConfig = NULL; if (sip_config == NULL) { //create a context sip_config = sfPolicyConfigCreate(); if (sip_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for SIP config.\n"); } _dpd.addPreprocConfCheck(SIPCheckConfig); _dpd.registerPreprocStats(SIP_NAME, SIP_PrintStats); _dpd.addPreprocExit(SIPCleanExit, NULL, PRIORITY_LAST, PP_SIP); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("sip", (void *)&sipPerfStats, 0, _dpd.totalPerfStats); #endif #ifdef TARGET_BASED sip_app_id = _dpd.findProtocolReference("sip"); if (sip_app_id == SFTARGET_UNKNOWN_PROTOCOL) sip_app_id = _dpd.addProtocolReference("sip"); #endif } sfPolicyUserPolicySet (sip_config, policy_id); pDefaultPolicyConfig = (SIPConfig *)sfPolicyUserDataGetDefault(sip_config); pPolicyConfig = (SIPConfig *)sfPolicyUserDataGetCurrent(sip_config); if ((pPolicyConfig != NULL) && (pDefaultPolicyConfig == NULL)) { DynamicPreprocessorFatalMessage("SIP preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SIPConfig *)calloc(1, sizeof(SIPConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "SIP preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(sip_config, pPolicyConfig); SIP_RegRuleOptions(); ParseSIPArgs(pPolicyConfig, (u_char *)argp); if (policy_id != 0) pPolicyConfig->maxNumSessions = pDefaultPolicyConfig->maxNumSessions; if ( pPolicyConfig->disabled ) return; if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupSIP(): The Stream preprocessor must be enabled.\n"); } _dpd.addPreproc( SIPmain, PRIORITY_APPLICATION, PP_SIP, PROTO_BIT__UDP|PROTO_BIT__TCP ); _addPortsToStream5Filter(pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(policy_id); #endif }
/* Initializes the SSH preprocessor module and registers * it in the preprocessor list. * * PARAMETERS: * * argp: Pointer to argument string to process for config * data. * * RETURNS: Nothing. */ static void SSHInit(char *argp) { tSfPolicyId policy_id = _dpd.getParserPolicy(); SSHConfig *pPolicyConfig = NULL; if (ssh_config == NULL) { //create a context ssh_config = sfPolicyConfigCreate(); if (ssh_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for SSH config.\n"); } if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupSSH(): The Stream preprocessor must be enabled.\n"); } _dpd.addPreprocConfCheck(SSHCheckConfig); _dpd.addPreprocExit(SSHCleanExit, NULL, PRIORITY_LAST, PP_SSH); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("ssh", (void *)&sshPerfStats, 0, _dpd.totalPerfStats); #endif #ifdef TARGET_BASED ssh_app_id = _dpd.findProtocolReference("ssh"); if (ssh_app_id == SFTARGET_UNKNOWN_PROTOCOL) ssh_app_id = _dpd.addProtocolReference("ssh"); #endif } sfPolicyUserPolicySet (ssh_config, policy_id); pPolicyConfig = (SSHConfig *)sfPolicyUserDataGetCurrent(ssh_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("SSH preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SSHConfig *)calloc(1, sizeof(SSHConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "SSH preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(ssh_config, pPolicyConfig); ParseSSHArgs(pPolicyConfig, (u_char *)argp); _dpd.addPreproc( ProcessSSH, PRIORITY_APPLICATION, PP_SSH, PROTO_BIT__TCP ); _addPortsToStream5Filter(pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(policy_id); #endif }
void SSLReload(struct _SnortConfig *sc, char *args, void **new_config) { tSfPolicyUserContextId ssl_swap_config = (tSfPolicyUserContextId)*new_config; tSfPolicyId policy_id = _dpd.getParserPolicy(sc); SSLPP_config_t * pPolicyConfig = NULL; if (ssl_swap_config == NULL) { //create a context ssl_swap_config = sfPolicyConfigCreate(); if (ssl_swap_config == NULL) { DynamicPreprocessorFatalMessage("Could not allocate memory for the " "SSL preprocessor configuration.\n"); } if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage( "SSLPP_init(): The Stream preprocessor must be enabled.\n"); } *new_config = (void *)ssl_swap_config; } sfPolicyUserPolicySet (ssl_swap_config, policy_id); pPolicyConfig = (SSLPP_config_t *)sfPolicyUserDataGetCurrent(ssl_swap_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("SSL preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SSLPP_config_t *)calloc(1, sizeof(SSLPP_config_t)); if (pPolicyConfig == NULL) { DynamicPreprocessorFatalMessage("Could not allocate memory for the " "SSL preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(ssl_swap_config, pPolicyConfig); SSLPP_init_config(pPolicyConfig); SSLPP_config(pPolicyConfig, args); SSLPP_print_config(pPolicyConfig); _dpd.preprocOptRegister(sc, "ssl_state", SSLPP_state_init, SSLPP_rule_eval, free, NULL, NULL, NULL, NULL); _dpd.preprocOptRegister(sc, "ssl_version", SSLPP_ver_init, SSLPP_rule_eval, free, NULL, NULL, NULL, NULL); _dpd.addPreproc(sc, SSLPP_process, PRIORITY_APPLICATION, PP_SSL, PROTO_BIT__TCP); registerPortsForDispatch( sc, pPolicyConfig ); registerPortsForReassembly( pPolicyConfig, SSN_DIR_FROM_SERVER | SSN_DIR_FROM_CLIENT ); _addPortsToStream5Filter(sc, pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(sc, policy_id); #endif }
void SSLPP_init(struct _SnortConfig *sc, char *args) { tSfPolicyId policy_id = _dpd.getParserPolicy(sc); SSLPP_config_t *pPolicyConfig = NULL; if (ssl_config == NULL) { //create a context ssl_config = sfPolicyConfigCreate(); if (ssl_config == NULL) { DynamicPreprocessorFatalMessage("Could not allocate memory for the " "SSL preprocessor configuration.\n"); } if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage( "SSLPP_init(): The Stream preprocessor must be enabled.\n"); } SSL_InitGlobals(); _dpd.registerPreprocStats("ssl", SSLPP_drop_stats); _dpd.addPreprocConfCheck(sc, SSLPP_CheckConfig); _dpd.addPreprocExit(SSLCleanExit, NULL, PRIORITY_LAST, PP_SSL); _dpd.addPreprocResetStats(SSLResetStats, NULL, PRIORITY_LAST, PP_SSL); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("ssl", (void *)&sslpp_perf_stats, 0, _dpd.totalPerfStats); #endif #ifdef ENABLE_HA _dpd.addFuncToPostConfigList(sc, SSLHAPostConfigInit, NULL); #endif #ifdef TARGET_BASED ssl_app_id = _dpd.findProtocolReference("ssl"); if (ssl_app_id == SFTARGET_UNKNOWN_PROTOCOL) { ssl_app_id = _dpd.addProtocolReference("ssl"); } _dpd.sessionAPI->register_service_handler( PP_SSL, ssl_app_id ); #endif } sfPolicyUserPolicySet (ssl_config, policy_id); pPolicyConfig = (SSLPP_config_t *)sfPolicyUserDataGetCurrent(ssl_config); if (pPolicyConfig != NULL) { DynamicPreprocessorFatalMessage("SSL preprocessor can only be " "configured once.\n"); } pPolicyConfig = (SSLPP_config_t *)calloc(1, sizeof(SSLPP_config_t)); if (pPolicyConfig == NULL) { DynamicPreprocessorFatalMessage("Could not allocate memory for the " "SSL preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(ssl_config, pPolicyConfig); SSLPP_init_config(pPolicyConfig); SSLPP_config(pPolicyConfig, args); SSLPP_print_config(pPolicyConfig); _dpd.preprocOptRegister(sc, "ssl_state", SSLPP_state_init, SSLPP_rule_eval, free, NULL, NULL, NULL, NULL); _dpd.preprocOptRegister(sc, "ssl_version", SSLPP_ver_init, SSLPP_rule_eval, free, NULL, NULL, NULL, NULL); _dpd.addPreproc( sc, SSLPP_process, PRIORITY_APPLICATION, PP_SSL, PROTO_BIT__TCP ); registerPortsForDispatch( sc, pPolicyConfig ); registerPortsForReassembly( pPolicyConfig, SSN_DIR_FROM_SERVER | SSN_DIR_FROM_CLIENT ); _addPortsToStream5Filter(sc, pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(sc, policy_id); #endif }
/********************************************************************* * Function: DCE2_ReloadGlobal() * * Purpose: Creates a new global DCE/RPC preprocessor config. * * Arguments: snort.conf argument line for the DCE/RPC preprocessor. * * Returns: None * *********************************************************************/ static void DCE2_ReloadGlobal(char *args) { tSfPolicyId policy_id = _dpd.getParserPolicy(); DCE2_Config *pDefaultPolicyConfig = NULL; DCE2_Config *pCurrentPolicyConfig = NULL; if ((_dpd.streamAPI == NULL) || (_dpd.streamAPI->version != STREAM_API_VERSION5)) { DCE2_Die("%s(%d) \"%s\" configuration: " "Stream5 must be enabled with TCP and UDP tracking.", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } if (dce2_swap_config == NULL) { //create a context dce2_swap_config = sfPolicyConfigCreate(); if (dce2_swap_config == NULL) { DCE2_Die("%s(%d) \"%s\" configuration: Could not allocate memory " "configuration.\n", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } _dpd.addPreprocReloadVerify(DCE2_ReloadVerify); } sfPolicyUserPolicySet(dce2_swap_config, policy_id); pDefaultPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetDefault(dce2_swap_config); pCurrentPolicyConfig = (DCE2_Config *)sfPolicyUserDataGetCurrent(dce2_swap_config); if ((policy_id != 0) && (pDefaultPolicyConfig == NULL)) { DCE2_Die("%s(%d) \"%s\" configuration: Must configure default policy " "if other policies are to be configured.\n", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } /* Can only do one global configuration */ if (pCurrentPolicyConfig != NULL) { DCE2_Die("%s(%d) \"%s\" configuration: Only one global configuration can be specified.", *_dpd.config_file, *_dpd.config_line, DCE2_GNAME); } DCE2_RegRuleOptions(); pCurrentPolicyConfig = (DCE2_Config *)DCE2_Alloc(sizeof(DCE2_Config), DCE2_MEM_TYPE__CONFIG); sfPolicyUserDataSetCurrent(dce2_swap_config, pCurrentPolicyConfig); /* Parse configuration args */ DCE2_GlobalConfigure(pCurrentPolicyConfig, args); if ( pCurrentPolicyConfig->gconfig->disabled ) return; _dpd.addPreproc(DCE2_Main, PRIORITY_APPLICATION, PP_DCE2, PROTO_BIT__TCP | PROTO_BIT__UDP); #ifdef TARGET_BASED _dpd.streamAPI->set_service_filter_status (dce2_proto_ids.dcerpc, PORT_MONITOR_SESSION, policy_id, 1); _dpd.streamAPI->set_service_filter_status (dce2_proto_ids.nbss, PORT_MONITOR_SESSION, policy_id, 1); #endif if (policy_id != 0) pCurrentPolicyConfig->gconfig->memcap = pDefaultPolicyConfig->gconfig->memcap; }
/* Initializes the GTP preprocessor module and registers * it in the preprocessor list. * * PARAMETERS: * * argp: Pointer to argument string to process for config data. * * RETURNS: Nothing. */ static void GTPInit(char *argp) { tSfPolicyId policy_id = _dpd.getParserPolicy(); GTPConfig *pDefaultPolicyConfig = NULL; GTPConfig *pPolicyConfig = NULL; if (gtp_config == NULL) { /*create a context*/ gtp_config = sfPolicyConfigCreate(); if (gtp_config == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory " "for GTP config.\n"); } _dpd.addPreprocConfCheck(GTPCheckConfig); _dpd.registerPreprocStats(GTP_NAME, GTP_PrintStats); _dpd.addPreprocExit(GTPCleanExit, NULL, PRIORITY_LAST, PP_GTP); #ifdef PERF_PROFILING _dpd.addPreprocProfileFunc("gtp", (void *)>pPerfStats, 0, _dpd.totalPerfStats); #endif #ifdef TARGET_BASED gtp_app_id = _dpd.findProtocolReference("gtp"); if (gtp_app_id == SFTARGET_UNKNOWN_PROTOCOL) gtp_app_id = _dpd.addProtocolReference("gtp"); #endif } sfPolicyUserPolicySet (gtp_config, policy_id); pDefaultPolicyConfig = (GTPConfig *)sfPolicyUserDataGetDefault(gtp_config); pPolicyConfig = (GTPConfig *)sfPolicyUserDataGetCurrent(gtp_config); if ((pPolicyConfig != NULL) && (pDefaultPolicyConfig == NULL)) { DynamicPreprocessorFatalMessage("GTP preprocessor can only be " "configured once.\n"); } pPolicyConfig = (GTPConfig *)calloc(1, sizeof(GTPConfig)); if (!pPolicyConfig) { DynamicPreprocessorFatalMessage("Could not allocate memory for " "GTP preprocessor configuration.\n"); } sfPolicyUserDataSetCurrent(gtp_config, pPolicyConfig); GTP_RegRuleOptions(); ParseGTPArgs(pPolicyConfig, (u_char *)argp); if (_dpd.streamAPI == NULL) { DynamicPreprocessorFatalMessage("SetupGTP(): The Stream preprocessor must be enabled.\n"); } _dpd.addPreproc( GTPmain, PRIORITY_APPLICATION, PP_GTP, PROTO_BIT__UDP ); _addPortsToStream5Filter(pPolicyConfig, policy_id); #ifdef TARGET_BASED _addServicesToStream5Filter(policy_id); #endif }