int Norm_SetConfig (NormalizerContext* nc)
{
if ( !DAQ_CanReplace() )
{
LogMessage("WARNING: normalizations disabled because DAQ"
" can't replace packets.\n");
nc->normalizer_flags = 0x0;
return -1;
}
if ( !nc->normalizer_flags )
{
return 0;
}
if ( Norm_IsEnabled(nc, NORM_IP4) )
{
nc->normalizers[PROTO_IP4] = Norm_IP4;
}
if ( Norm_IsEnabled(nc, NORM_IP4_TRIM) )
{
if ( !DAQ_CanInject() )
{
LogMessage("WARNING: normalize_ip4: trim disabled since DAQ "
"can't inject packets.\n");
Norm_Disable(nc, NORM_IP4_TRIM);
}
}
if ( Norm_IsEnabled(nc, NORM_ICMP4) )
{
nc->normalizers[PROTO_ICMP4] = Norm_ICMP4;
}
if ( Norm_IsEnabled(nc, NORM_IP6) )
{
nc->normalizers[PROTO_IP6] = Norm_IP6;
nc->normalizers[PROTO_IP6_HOP_OPTS] = Norm_IP6_Opts;
nc->normalizers[PROTO_IP6_DST_OPTS] = Norm_IP6_Opts;
}
if ( Norm_IsEnabled(nc, NORM_ICMP6) )
{
nc->normalizers[PROTO_ICMP6] = Norm_ICMP6;
}
if ( Norm_IsEnabled(nc, NORM_TCP) )
{
nc->normalizers[PROTO_TCP] = Norm_TCP;
}
return 0;
}
void PayloadReplaceInit(char *data, OptTreeNode * otn, int protocol)
{
static int warned = 0;
PatternMatchData *idx;
PatternMatchData *test_idx;
if( !ScInlineMode() )
return;
if ( !DAQ_CanReplace() )
{
if ( !warned )
{
LogMessage("WARNING: payload replacements disabled because DAQ "
" can't replace packets.\n");
warned = 1;
}
return;
}
if ( lastType == PLUGIN_PATTERN_MATCH_URI )
{
FatalError("%s(%d) => \"replace\" option is not supported "
"with uricontent, nor in conjunction with http_uri, "
"http_header, http_method http_cookie,"
"http_raw_uri, http_raw_header, or "
"http_raw_cookie modifiers.\n",
file_name, file_line);
}
idx = (PatternMatchData *) otn->ds_list[PLUGIN_PATTERN_MATCH];
if(idx == NULL)
{
FatalError("%s(%d) => Please place \"content\" rules "
"before depth, nocase, replace or offset modifiers.\n",
file_name, file_line);
}
test_idx = Replace_Parse(data, otn);
}
