int DAQ_New (const SnortConfig* sc, const char* intf)
{
DAQ_Config_t cfg;
if ( !daq_mod )
FatalError("DAQ_Init not called!\n");
if ( intf )
interface_spec = SnortStrdup(intf);
intf = DAQ_GetInterfaceSpec();
memset(&cfg, 0, sizeof(cfg));
cfg.name = (char*)intf;
cfg.snaplen = snap;
cfg.timeout = PKT_TIMEOUT;
cfg.mode = daq_mode;
cfg.extra = NULL;
cfg.flags = 0;
DAQ_LoadVars(&cfg, sc);
if ( !ScReadMode() )
{
if ( !(sc->run_flags & RUN_FLAG__NO_PROMISCUOUS) )
cfg.flags |= DAQ_CFG_PROMISC;
}
DAQ_Config(&cfg);
if ( !DAQ_ValidateInstance() )
FatalError("DAQ configuration incompatible with intended operation.\n");
if ( DAQ_UnprivilegedStart() )
daq_dlt = daq_get_datalink_type(daq_mod, daq_hand);
if ( intf && *intf )
{
LogMessage("Acquiring network traffic from \"%s\".\n",
strcmp(intf, "-") == 0 ? "stdin" : intf);
}
DAQ_SetFilter(sc->bpf_filter);
daq_config_clear_values(&cfg);
return 0;
}
const char *GetDAQInterface(void)
{
return (PRINT_INTERFACE(DAQ_GetInterfaceSpec()));
}
static int event_to_source_target(Packet *p, idmef_alert_t *alert)
{
int ret;
idmef_node_t *node;
idmef_source_t *source;
idmef_target_t *target;
idmef_address_t *address;
idmef_service_t *service;
prelude_string_t *string;
static char saddr[128], daddr[128];
if ( !p )
return 0;
if ( ! IPH_IS_VALID(p) )
return 0;
ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND);
if ( ret < 0 )
return ret;
ret = idmef_source_new_interface(source, &string);
if ( ret < 0 )
return ret;
prelude_string_set_ref(string, PRINT_INTERFACE(DAQ_GetInterfaceSpec()));
ret = idmef_source_new_service(source, &service);
if ( ret < 0 )
return ret;
if ( p->tcph || p->udph )
idmef_service_set_port(service, p->sp);
idmef_service_set_ip_version(service, GET_IPH_VER(p));
idmef_service_set_iana_protocol_number(service, GET_IPH_PROTO(p));
ret = idmef_source_new_node(source, &node);
if ( ret < 0 )
return ret;
ret = idmef_node_new_address(node, &address, IDMEF_LIST_APPEND);
if ( ret < 0 )
return ret;
ret = idmef_address_new_address(address, &string);
if ( ret < 0 )
return ret;
SnortSnprintf(saddr, sizeof(saddr), "%s", inet_ntoa(GET_SRC_ADDR(p)));
prelude_string_set_ref(string, saddr);
ret = idmef_alert_new_target(alert, &target, IDMEF_LIST_APPEND);
if ( ret < 0 )
return ret;
ret = idmef_target_new_interface(target, &string);
if ( ret < 0 )
return ret;
prelude_string_set_ref(string, PRINT_INTERFACE(DAQ_GetInterfaceSpec()));
ret = idmef_target_new_service(target, &service);
if ( ! ret < 0 )
return ret;
if ( p->tcph || p->udph )
idmef_service_set_port(service, p->dp);
idmef_service_set_ip_version(service, GET_IPH_VER(p));
idmef_service_set_iana_protocol_number(service, GET_IPH_PROTO(p));
ret = idmef_target_new_node(target, &node);
if ( ret < 0 )
return ret;
ret = idmef_node_new_address(node, &address, IDMEF_LIST_APPEND);
if ( ret < 0 )
return ret;
ret = idmef_address_new_address(address, &string);
if ( ret < 0 )
return ret;
SnortSnprintf(daddr, sizeof(daddr), "%s", inet_ntoa(GET_DST_ADDR(p)));
prelude_string_set_ref(string, daddr);
return 0;
}
