/* Process the 'config threshold: memcap #bytes, option2-name option2-value, ...' config threshold: memcap #bytes */ void ProcessThresholdOptions(char *options) { int i = 0; char ** args; int nargs; char ** oargs; int noargs; if( !s_enabled ) return ; args = mSplit(options,",",10,&nargs,0); /* get rule option pairs */ for(i=0;i<nargs;i++) { oargs = mSplit(options," ",2,&noargs,0); /* get rule option pairs */ if( strcmp(oargs[0],"memcap") == 0 ) { s_memcap = xatou(oargs[1],"config threshold: memcap"); } else { FatalError("Threshold-RuleOptionParse: unknown argument\n"); } } mSplitFree(&args, nargs); mSplitFree(&oargs, noargs); }
static void StreamParseIpArgs (char* args, StreamIpPolicy* policy) { char* *toks; int num_toks; int i; policy->session_timeout = STREAM_DEFAULT_SSN_TIMEOUT; if ( !args || !*args ) return; toks = mSplit(args, ",", 0, &num_toks, 0); for (i = 0; i < num_toks; i++) { int s_toks; char* *stoks = mSplit(toks[i], " ", 2, &s_toks, 0); if (s_toks == 0) { ParseError("Missing parameter in Stream IP config.\n"); } if(!strcasecmp(stoks[0], "timeout")) { char* endPtr = NULL; if(stoks[1]) { policy->session_timeout = strtoul(stoks[1], &endPtr, 10); } if (!stoks[1] || (endPtr == &stoks[1][0])) { ParseError("Invalid timeout in config file. Integer parameter required.\n"); } if ((policy->session_timeout > STREAM_MAX_SSN_TIMEOUT) || (policy->session_timeout < STREAM_MIN_SSN_TIMEOUT)) { ParseError("Invalid timeout in config file. Must be between %d and %d\n", STREAM_MIN_SSN_TIMEOUT, STREAM_MAX_SSN_TIMEOUT); } if (s_toks > 2) { ParseError("Invalid Stream IP Policy option. Missing comma?\n"); } } else { ParseError("Invalid Stream IP policy option\n"); } mSplitFree(&stoks, s_toks); } mSplitFree(&toks, num_toks); }
void ParseReferenceSystemConfig(char *args) { char **toks; char *name = NULL; char *url = NULL; int num_toks; int i; /* 2 tokens: name <url> */ toks = mSplit(args, " ", 2, &num_toks, 0); name = toks[0]; if(num_toks == 2) { url = toks[1]; while(isspace((int)*url)) url++; if(url[0] == '\0') url = NULL; } ReferenceSystemAdd(name, url); for(i = 0; i < num_toks; i++) free(toks[i]); return; }
/* * Function: GenHomenet(char *) * * Purpose: Translate the command line character string into its equivalent * 32-bit network byte ordered value (with netmask) * * Arguments: netdata => The address/CIDR block * * Returns: void function */ void GenHomenet(char *netdata) { struct in_addr net; /* place to stick the local network data */ char **toks; /* dbl ptr to store mSplit return data in */ int num_toks; /* number of tokens mSplit returns */ int nmask; /* temporary netmask storage */ /* break out the CIDR notation from the IP address */ toks = mSplit(netdata, "/", 2, &num_toks, 0); if(num_toks > 1) { /* convert the CIDR notation into a real live netmask */ nmask = atoi(toks[1]); if((nmask > 0) && (nmask < 33)) { pv.netmask = netmasks[nmask]; } else { FatalError("Bad CIDR block [%s:%d], 1 to 32 please!\n", toks[1], nmask); } } else { FatalError("No netmask specified for home network!\n"); } pv.netmask = htonl(pv.netmask); DEBUG_WRAP(DebugMessage(DEBUG_INIT, "homenet netmask = %#8lX\n", pv.netmask););
//function to assign the RpcDecodePorts array static void RpcDecodePortsAssign(uint8_t *RpcDecodePorts, char *portlist) { int num; int num_toks; char **toks; if( portlist == NULL || *portlist == '\0') { portlist = RPC_DECODE_DEFAULT_PORTS; } toks = mSplit(portlist, " \t", 0, &num_toks, 0); for(num = 0; num < num_toks; num++) { if(isdigit((int)toks[num][0])) { char *num_p = NULL; /* used to determine last position in string */ long t_num; t_num = strtol(toks[num], &num_p, 10); if(*num_p != '\0') { ParseError("Port Number invalid format: %s.", toks[num]); } else if(t_num < 0 || t_num > MAXPORTS-1 ) { ParseError("Port Number out of range: %d.", t_num); } RpcDecodePorts[(t_num/8)] |= 1<<(t_num%8); } } mSplitFree(&toks, num_toks); }
int parse_conf() { FILE *fp; char line[512]; char *remote_server = NULL; uint16_t remote_port = 0; char *p; char **toks; int num_toks; if ((fp = fopen("/opt/utc/conf/water_mark.conf", "rb")) == NULL) { E("-------open config file /opt/utc/conf/water_mark.conf fail.\n"); return -1; } while(fgets(line, 512, fp)) { if (*line == '#') continue; toks = mSplit(line, "=", 2, &num_toks, 0); if(num_toks != 2) goto free_toks; _strim(toks[0]); _strim(toks[1]); printf("[%s]--[%s]\n",toks[0], toks[1]); if (strncmp(toks[0], "HIGH_WATER_MARK", strlen("HIGH_WATER_MARK")) == 0) { high_water_mark = (uint64_t)atoi(toks[1]); if (high_water_mark <= 0) { mSplitFree(&toks, num_toks); fclose(fp); return 1; } } if (strncmp(toks[0], "HASH_LEVEL_WATER", strlen("HASH_LEVEL_WATER")) == 0) { hash_level_water_mark = (uint64_t)atoi(toks[1]); if (hash_level_water_mark < 0) { mSplitFree(&toks, num_toks); fclose(fp); return 1; } } free_toks: memset(line, 0x00, 512); mSplitFree(&toks, num_toks); } fclose(fp); return 0; }
/* Parse basic CIDR block - [!]a.b.c.d/bits */ static void parseCIDR( THDX_STRUCT * thdx, char * s ) { #ifdef SUP_IP6 sfip_pton(s, &thdx->ip_address); #else char **args; int nargs; if (*s == '!') { thdx->not_flag = 1; s++; while( (*s <= ' ') && (*s > 0) ) s++; /* skip whitespace */ } args = mSplit( s , "/", 2, &nargs, 0 ); /* get rule option pairs */ if( !nargs || nargs > 2 ) { FatalError("%s(%d) => Suppress-Parse: argument pairing error\n", file_name, file_line); } /* * Keep IP in network order */ thdx->ip_address = inet_addr( args[0] ); if( nargs == 2 ) { int i; int nbits; int mask; nbits = xatou( args[1],"suppress: cidr mask bits" ); mask = 1 << 31; for( i=0; i<nbits; i++ ) { thdx->ip_mask |= mask; mask >>= 1; } /* Put mask in network order */ thdx->ip_mask = htonl(thdx->ip_mask); }
/* * Function: SetPorts(char *) * * Purpose: Reads the list of port numbers from the argument string and * parses them into the port list data struct * * Arguments: portlist => argument list * * Returns: void function * */ void SetPorts(char *portlist) { char **toks; int num_toks; int num_ports = 0; int num; if(portlist == NULL) { FatalError("ERROR %s (%d)=> No arguments to http_decode preprocessor!\n", file_name, file_line); } /* tokenize the argument list */ toks = mSplit(portlist, " ", 31, &num_toks, '\\'); /* convert the tokens and place them into the port list */ for(num = 0; num < num_toks; num++) { if(!strncmp(NOUNICODE, toks[num], sizeof NOUNICODE)) { check_iis_unicode = 0; } else if(!strncmp(NOCGINULL, toks[num], sizeof NOCGINULL)) { check_cgi_null = 0; } else { HttpDecodePorts.ports[num_ports++] = atoi(toks[num]); } } HttpDecodePorts.num_entries = num_ports; #ifdef DEBUG printf("Decoding HTTP on %d ports: ", HttpDecodePorts.num_entries); for(num_ports = 0; num_ports < HttpDecodePorts.num_entries; num_ports++) { printf("%d ", HttpDecodePorts.ports[num_ports]); } printf("\n"); #endif }
int parse_ipc_conf() { char ipc_path[128] = {0}; FILE *fp; char line[1024]; char *p; char **toks; int num_toks; strncpy(ipc_path, pv.conf_path, 128); strcat(ipc_path, "/sft_ipc.conf"); if ((fp = fopen(ipc_path, "rb")) == NULL) { E("-------open log config file [%s] fail.\n", pv.conf_path); return -1; } while(fgets(line, 1024, fp)) { if (*line == '#') continue; toks = mSplit(line, "=", 2, &num_toks, 0); if(unlikely(num_toks != 2)) goto free_toks; _strim(toks[0]); trim_specific(toks[1], "\""); printf("[%s]--[%s]\n",toks[0], toks[1]); if (strncmp(toks[0], "remote_server", strlen("remote_server")) == 0 && is_ipv4_addr(toks[1])) { pv.peer_ip = strdup(toks[1]); } else if (strncmp(toks[0], "remote_port", strlen("remote_port")) == 0 && atoi(toks[1]) > 0) { pv.peer_port = (uint16_t) atoi(toks[1]); } free_toks: memset(line, 0x00, 1024); mSplitFree(&toks, num_toks); } fclose(fp); printf("peer addr is %s:%u\n",pv.peer_ip, pv.peer_port); return 0; }
void ParseReference(char *args, OptTreeNode *otn) { char **toks; int num_toks; int i; /* 2 tokens: system, id */ toks = mSplit(args, ",", 2, &num_toks, 0); if(num_toks != 2) { LogMessage("WARNING %s(%d): invalid Reference spec '%s'. Ignored\n", file_name, file_line, args); goto exit; } otn->sigInfo.refs = AddReference(otn->sigInfo.refs, toks[0], toks[1]); exit: for(i = 0; i < num_toks; i++) free(toks[i]); return; }
static void StreamParseUdpArgs(StreamUdpConfig *config, char *args, StreamUdpPolicy *s5UdpPolicy) { char **toks; int num_toks; int i; char *index; char **stoks = NULL; int s_toks; char *endPtr = NULL; if (s5UdpPolicy == NULL) return; s5UdpPolicy->session_timeout = STREAM_DEFAULT_SSN_TIMEOUT; s5UdpPolicy->flags = 0; if(args != NULL && strlen(args) != 0) { toks = mSplit(args, ",", 6, &num_toks, 0); i=0; while(i < num_toks) { index = toks[i]; while(isspace((int)*index)) index++; stoks = mSplit(index, " ", 3, &s_toks, 0); if (s_toks == 0) { FatalError("%s(%d) => Missing parameter in Stream UDP config.\n", file_name, file_line); } if(!strcasecmp(stoks[0], "timeout")) { if(stoks[1]) { s5UdpPolicy->session_timeout = strtoul(stoks[1], &endPtr, 10); } if (!stoks[1] || (endPtr == &stoks[1][0]) || *endPtr) { FatalError("%s(%d) => Invalid timeout in config file. Integer parameter required.\n", file_name, file_line); } if ((s5UdpPolicy->session_timeout > STREAM_MAX_SSN_TIMEOUT) || (s5UdpPolicy->session_timeout < STREAM_MIN_SSN_TIMEOUT)) { FatalError("%s(%d) => Invalid timeout in config file. " "Must be between %d and %d\n", file_name, file_line, STREAM_MIN_SSN_TIMEOUT, STREAM_MAX_SSN_TIMEOUT); } if (s_toks > 2) { FatalError("%s(%d) => Invalid Stream UDP Policy option. Missing comma?\n", file_name, file_line); } } else if (!strcasecmp(stoks[0], "ignore_any_rules")) { s5UdpPolicy->flags |= STREAM_CONFIG_IGNORE_ANY; if (s_toks > 1) { FatalError("%s(%d) => Invalid Stream UDP Policy option. Missing comma?\n", file_name, file_line); } } else { FatalError("%s(%d) => Invalid Stream UDP Policy option\n", file_name, file_line); } mSplitFree(&stoks, s_toks); i++; } mSplitFree(&toks, num_toks); } if (s5UdpPolicy->bound_addrs == NULL) { if (config->default_policy != NULL) { FatalError("%s(%d) => Default Stream UDP Policy already set. " "This policy must be bound to a specific host or " "network.\n", file_name, file_line); } config->default_policy = s5UdpPolicy; } else { if (s5UdpPolicy->flags & STREAM_CONFIG_IGNORE_ANY) { FatalError("%s(%d) => \"ignore_any_rules\" option can be used only" " with Default Stream UDP Policy\n", file_name, file_line); } } }
/* initialize the output processor for this particular instantiation */ OpAlertSyslog2_Data *OpAlertSyslog2_ParseArgs(char *args) { OpAlertSyslog2_Data *data; char **toks; int num_toks; int i; int header_length = -1; char *index; if(pv.verbose) LogMessage("Parsing %s arguments: %s\n", MODULE_NAME, args); if(!(data = (OpAlertSyslog2_Data *)calloc(1, sizeof(OpAlertSyslog2_Data)))) { FatalError("Out of memory creating %s configuration\n", MODULE_NAME); return NULL; } data->facility = -1; data->severity = -1; data->socket = -1; if(args) { toks = mSplit(args, ";", 8, &num_toks, 0); /* XXX error check */ for(i = 0; i < num_toks; i++) { char *token = toks[i]; char **subtoks; int num_subtoks; long value; StripWhitespace(&token); if(*token == '\0') continue; /* split the token on ':' */ subtoks = mSplit(token, ":", 2, &num_subtoks, 0); /* XXX error check */ if(strcasecmp("facility", subtoks[0]) == 0) { if(data->facility >= 0) { FatalError("%s: Multiple %s arguments\n", MODULE_NAME, subtoks[0]); } /* Process facility Argument */ if(num_subtoks != 2) { FatalError("%s: Invalid %s argument: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); } if(String2Long(subtoks[1], &value) == 0) { if(value > MAX_FACILITY) FatalError("%s: Invalid %s argument: %s\n" MODULE_NAME, subtoks[0], subtoks[1]); else data->facility = value; } else { /* search for match in facility map */ int j = 0; while(facility_map[j].keyword) { if(strcasecmp(facility_map[j].keyword, subtoks[1]) == 0) { data->facility = facility_map[j].value; break; } j++; } if(data->facility < 0) { FatalError("%s: Invalid %s argument: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); } } } else if(strcasecmp("severity", subtoks[0]) == 0) { if(data->severity >= 0) { FatalError("%s: Multiple %s arguments\n", MODULE_NAME, subtoks[0]); } /* Process severity Argument */ if(num_subtoks != 2) { FatalError("%s: Invalid %s argument: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); } if(String2Long(subtoks[1], &value) == 0) { if(value > MAX_FACILITY) FatalError("%s: Invalid %s argument: %s\n" MODULE_NAME, subtoks[0], subtoks[1]); else data->severity = value; } else { /* search for match in severity map */ int j = 0; while(severity_map[j].keyword) { if(strcasecmp(severity_map[j].keyword, subtoks[1]) == 0) { data->severity = severity_map[j].value; break; } j++; } if(data->severity < 0) { FatalError("%s: Invalid %s argument: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); } } } else if(strcasecmp("hostname", subtoks[0]) == 0) { if(data->hostname) { FatalError("%s: Multiple %s arguments\n", MODULE_NAME, subtoks[0]); } /* Must be < 255 bytes and must contain only alphanumeric * names and embedded '-'s */ if(IsValidHostname(subtoks[1]) != 1) FatalError("%s: %s argument is not a valid hostname: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); if(!(data->hostname = strdup(subtoks[1]))) FatalError("%s: Out of memory processing config\n"); } else if(strcasecmp("tag", subtoks[0]) == 0) { if(data->tag) { FatalError("%s: Multiple %s arguments\n", MODULE_NAME, subtoks[0]); } if(IsValidSyslogTag(subtoks[1]) != 1) FatalError("%s: %s argument is not a valid syslog tag: " "%s\n", MODULE_NAME, subtoks[0], subtoks[1]); if(!(data->tag = strdup(subtoks[1]))) FatalError("%s: Out of memory processing config\n"); } else if(strcasecmp("syslog_host", subtoks[0]) == 0) { if(data->syslog_host) { FatalError("%s: Multiple %s arguments\n", MODULE_NAME, subtoks[0]); } if(!(data->syslog_host = strdup(subtoks[1]))) FatalError("%s: Out of memory processing config\n"); } else if(strcasecmp("syslog_port", subtoks[0]) == 0) { if(data->syslog_port > 0) { FatalError("%s: Multiple %s arguments\n", MODULE_NAME, subtoks[0]); } if(String2Long(subtoks[1], &value) != 0) FatalError("%s: Invalid %s argument: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); if(value < 1 || value > 65535) FatalError("%s: Invalid %s argument: %s\n", MODULE_NAME, subtoks[0], subtoks[1]); data->syslog_port = value; } else if(strcasecmp("withpid", subtoks[0]) == 0) { if(num_subtoks != 1) { FatalError("%s: %s does not take arguments\n", MODULE_NAME, subtoks[0]); } data->pid_flag = 1; } else { FatalError("%s: Unknown argument: %s\n", MODULE_NAME, subtoks[0]); } FreeToks(subtoks, num_subtoks); } FreeToks(toks, num_toks); } if(data->facility == -1) data->facility = DEFAULT_FACILITY; if(data->severity == -1) data->severity = DEFAULT_SEVERITY; if(!data->tag) { if(!(data->tag = strdup(PROGRAM_NAME))) FatalError("%s: Out of memory processing config\n"); } if(!data->hostname) { char hostname[255]; char *index; if(gethostname(hostname, 255) != 0) FatalError("%s: Unable to get hostname\n"); /* since we may get a FQDN, munge the hostname */ if((index = strchr(hostname, '.'))) *index = '\0'; if(!(data->hostname = strdup(hostname))) FatalError("%s: Out of memory processing config\n"); } if(!data->syslog_host) { if(!(data->syslog_host = strdup(DEFAULT_SYSLOG_HOST))) FatalError("%s: Out of memory processing config\n"); } if(data->syslog_port == 0) data->syslog_port = DEFAULT_SYSLOG_PORT; /* calculate the syslog priority */ data->priority = data->facility * 8 + data->severity; /* allocate the message buffer */ if(!(data->message_buffer = calloc(MESSAGE_LENGTH, sizeof(char)))) FatalError("%s: Out of memory starting output plugin\n"); /* copy in the basic string */ if(data->pid_flag) header_length = snprintf(data->message_buffer, MESSAGE_LENGTH, "<%u>XXX XX XX:XX:XX %s %s[%u]: ", data->priority, data->hostname, data->tag, getpid()); else header_length = snprintf(data->message_buffer, MESSAGE_LENGTH, "<%u>XXX XX XX:XX:XX %s %s: ", data->priority, data->hostname, data->tag); if(header_length > MESSAGE_LENGTH) FatalError("%s: Message header length is too long: %i\n", header_length); data->header_length = header_length; if(!(index = strchr(data->message_buffer, '>'))) FatalError("%s: Error calculating priority field length\n"); data->month_offset = index - data->message_buffer + 1; data->timestamp_offset = data->month_offset + 4; if(pv.verbose) { } return data; }
void ParseClassificationConfig(char *args) { char **toks; int num_toks; int i; char *data; ClassType *newNode; toks = mSplit(args, ",",3, &num_toks, '\\'); if(num_toks != 3) { ErrorMessage("%s(%d): Invalid classification config: %s\n", args); goto exit; } /* create the new node */ if(!(newNode = (ClassType *)malloc(sizeof(ClassType)))) { FatalError("Out of memory in ParseClassificationConfig\n"); } memset(newNode, 0, sizeof(ClassType)); data = toks[0]; while(isspace((int)*data)) data++; newNode->type = strdup(data); /* XXX: oom check */ data = toks[1]; while(isspace((int)*data)) data++; newNode->name = strdup(data); /* XXX: oom check */ data = toks[2]; while(isspace((int)*data)) data++; /* XXX: error checking needed */ newNode->priority = atoi(data); /* XXX: oom check */ if(AddClassificationConfig(newNode) == -1) { ErrorMessage("%s(%d): Duplicate classification \"%s\"" "found, ignoring this line\n", file_name, file_line, newNode->type); if(newNode) { if(newNode->name) free(newNode->name); if(newNode->type) free(newNode->type); free(newNode); } } exit: for(i = 0; i < num_toks; i++) free(toks[i]); return; }
} else { fprintf(fp, "[Xref => %s]", ref_node->id); } } void ParseReference(Barnyard2Config *bc, char *args, SigNode *sn) { char **toks, *system, *id; int num_toks; DEBUG_WRAP(DebugMessage(DEBUG_MAPS, "map: parsing reference %s\n", args);); /* 2 tokens: system, id */ toks = mSplit(args, ",", 2, &num_toks, 0); if(num_toks != 2) { LogMessage("WARNING: invalid Reference spec '%s'. Ignored\n", args); } else { system = toks[0]; while ( isspace((int) *system) ) system++; id = toks[1]; while ( isspace((int) *id) ) id++; sn->refs = AddReference(bc, &sn->refs, system, id);
OpSyslog_Data *OpSyslog_ParseArgs(char *args) { OpSyslog_Data *op_data = NULL; op_data = (OpSyslog_Data *)SnortAlloc(sizeof(OpSyslog_Data)); if(args != NULL) { char **toks; int num_toks; int i; /* parse out your args */ toks = mSplit(args, ",", 31, &num_toks, '\\'); for(i = 0; i < num_toks; ++i) { char **stoks; int num_stoks; char *index = toks[i]; while(isspace((int)*index)) ++index; stoks = mSplit(index, " ", 2, &num_stoks, 0); if(strcasecmp("port", stoks[0]) == 0) { if(num_stoks > 1 ) op_data->port = strtoul(stoks[1], NULL, 0); else LogMessage("Argument Error in %s(%i): %s\n", file_name, file_line, index); } else if(strcasecmp("server", stoks[0]) == 0) { if(num_stoks > 1 && !op_data->server ) op_data->server = strdup(stoks[1]); else LogMessage("Argument Error in %s(%i): %s\n", file_name, file_line, index); } else if(strcasecmp("sensor_name", stoks[0]) == 0) { if(num_stoks > 1 && !op_data->sensor_name ) op_data->sensor_name = strdup(stoks[1]); else LogMessage("Argument Error in %s(%i): %s\n", file_name, file_line, index); } else if(strcasecmp("protocol", stoks[0]) == 0) { if(num_stoks > 1) { if(strcasecmp("udp", stoks[1]) == 0) op_data->proto = 0; else op_data->proto = 1; } else LogMessage("Argument Error in %s(%i): %s\n", file_name, file_line, index); } else if(strcasecmp("detail", stoks[0]) == 0) { if(num_stoks > 1) { if(strcasecmp("full", stoks[1]) == 0) op_data->detail = 1; } else LogMessage("Argument Error in %s(%i): %s\n", file_name, file_line, index); } else if(strcasecmp("delimiters", stoks[0]) == 0) { if(num_stoks >= 1) { if( (strlen(stoks[1]) > 3) || (strlen(stoks[1]) < 3)) { LogMessage("Invalid delimiters configured [%s], default will be used \n",stoks[1]); } else { if(stoks[1][0] == '"' && stoks[1][2] == '"') { op_data->delim = stoks[1][1]; } else { LogMessage("Invalid delimiters configured [%s], default will be used \n",stoks[1]); } } } } else if(strcasecmp("separators", stoks[0]) == 0) { if(num_stoks >= 1) { if( (strlen(stoks[1]) > 3) || (strlen(stoks[1]) < 3)) { LogMessage("Invalid field separator configured [%s], default will be used \n",stoks[1]); } else { if(stoks[1][0] == '"' && stoks[1][2] == '"') { op_data->field_separators = stoks[1][1]; } else { LogMessage("Invalid field separator configured [%s], default will be used. \n",stoks[1]); } } } } else if(strcasecmp("operation_mode", stoks[0]) == 0) { if(num_stoks >=1) { if(strcasecmp("default",stoks[1])) { op_data->operation_mode = 0; } else if(strcasecmp("complete",stoks[1])) { op_data->operation_mode = 1; } else { LogMessage("Invalid operation_mode defined [%s], will use default mode \n",stoks[1]); } } else { LogMessage("Invalid operation_mode defined, will use default mode \n"); } } else if(strcasecmp("local", stoks[0]) == 0) { op_data->local_logging = 1; } else if(strcasecmp("log_facility", stoks[0]) == 0) { if(num_stoks >=1) { if(!strcasecmp("LOG_KERN", stoks[1])) { op_data->syslog_priority |= LOG_KERN; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_KERN"); } else if(!strcasecmp("LOG_MAIL", stoks[1])) { op_data->syslog_priority |= LOG_MAIL; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_MAIL"); } else if(!strcasecmp("LOG_DAEMON", stoks[1])) { op_data->syslog_priority |= LOG_DAEMON; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_DAEMON"); } else if(!strcasecmp("LOG_AUTH", stoks[1])) { op_data->syslog_priority |= LOG_AUTH; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_AUTH"); } else if(!strcasecmp("LOG_SYSLOG", stoks[1])) { op_data->syslog_priority |= LOG_SYSLOG; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_SYSLOG"); } else if(!strcasecmp("LOG_LPR", stoks[1])) { op_data->syslog_priority |= LOG_LPR; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LPR"); } else if(!strcasecmp("LOG_NEWS", stoks[1])) { op_data->syslog_priority |= LOG_NEWS; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_NEWS"); } else if(!strcasecmp("LOG_UUCP", stoks[1])) { op_data->syslog_priority |= LOG_UUCP; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_UUCP"); } else if(!strcasecmp("LOG_CRON", stoks[1])) { op_data->syslog_priority |= LOG_CRON; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_CRON"); } else if(!strcasecmp("LOG_AUTHPRIV", stoks[1])) { op_data->syslog_priority |= LOG_AUTHPRIV; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_AUTHPRIV"); } else if(!strcasecmp("LOG_FTP", stoks[1])) { op_data->syslog_priority |= LOG_FTP; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_FTP"); } else if(!strcasecmp("LOG_LOCAL1", stoks[1])) { op_data->syslog_priority |= LOG_LOCAL1; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL1"); } else if(!strcasecmp("LOG_LOCAL2", stoks[1])) { op_data->syslog_priority |= LOG_LOCAL2; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL2"); } else if(!strcasecmp("LOG_LOCAL3", stoks[1])) { op_data->syslog_priority |= LOG_LOCAL3; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL3"); } else if(!strcasecmp("LOG_LOCAL4", stoks[1])) { op_data->syslog_priority |= LOG_LOCAL4; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL4"); } else if(!strcasecmp("LOG_LOCAL5", stoks[1])) { op_data->syslog_priority |= LOG_LOCAL5; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL5"); } else if(!strcasecmp("LOG_LOCAL6", stoks[1])) { op_data->syslog_priority |= LOG_LOCAL6; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL6"); } else if(!strcasecmp("LOG_LOCAL7", stoks[1])) { op_data->syslog_priority |= LOG_LOCAL7; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_LOCAL7"); } else if(!strcasecmp("LOG_USER", stoks[1])) { op_data->syslog_priority |= LOG_USER; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_USER"); } else { LogMessage("[%s()]: Unknown log_facility defined [%s], using \"LOG_USER\" as default \n", __FUNCTION__, stoks[1]); op_data->syslog_priority |= LOG_USER; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_USER"); } } else { LogMessage("No default log_facility defined, using LOG_USER as default \n"); op_data->syslog_priority |= LOG_USER; } } else if(strcasecmp("log_priority", stoks[0]) == 0) { if(num_stoks >=1) { if(!strcasecmp("LOG_EMERG",stoks[1])) { op_data->syslog_priority |= LOG_EMERG; snprintf(op_data->syslog_tx_priority,16,"%s","LOG_EMERG"); } else if(!strcasecmp("LOG_ALERT", stoks[1])) { op_data->syslog_priority |= LOG_ALERT; snprintf(op_data->syslog_tx_priority,16,"%s","LOG_ALERT"); } else if(!strcasecmp("LOG_CRIT", stoks[1])) { op_data->syslog_priority |=LOG_CRIT; snprintf(op_data->syslog_tx_priority,16,"%s","LOG_CRIT"); } else if(!strcasecmp("LOG_ERR", stoks[1])) { op_data->syslog_priority |=LOG_ERR; snprintf(op_data->syslog_tx_priority,16,"%s","LOG_ERR"); } else if(!strcasecmp("LOG_WARNING", stoks[1])) { op_data->syslog_priority |= LOG_WARNING; snprintf(op_data->syslog_tx_priority,16,"%s","LOG_WARNING"); } else if(!strcasecmp("LOG_NOTICE", stoks[1])) { op_data->syslog_priority |= LOG_NOTICE; snprintf(op_data->syslog_tx_priority,16,"%s","LOG_NOTICE"); } else if(!strcasecmp("LOG_INFO", stoks[1])) { op_data->syslog_priority |=LOG_INFO; snprintf(op_data->syslog_tx_priority,16,"%s","LOG_INFO"); } else if(!strcasecmp("LOG_DEBUG", stoks[1])) { op_data->syslog_priority |= LOG_DEBUG; snprintf(op_data->syslog_tx_priority,16,"%s","LOG_DEBUG"); } else { LogMessage("[%s()]: Unknown log_priority defined [%s], using \"LOG_INFO\" as default \n", __FUNCTION__, stoks[1]); op_data->syslog_priority |= LOG_INFO; } } else { LogMessage("No default log_priority defined, using LOG_INFO as default \n"); op_data->syslog_priority |= LOG_INFO; } } else { fprintf(stderr, "WARNING %s (%d) => Unrecognized argument for " "SyslogFull plugin: %s\n", file_name, file_line, index); } } /* free your mSplit tokens */ mSplitFree(&toks, num_toks); } /* Default */ if(op_data->sensor_name == NULL) { FatalError("You must specify a sensor name\n"); } if(op_data->syslog_priority == 0) { op_data->syslog_priority = LOG_INFO | LOG_USER; snprintf(op_data->syslog_tx_facility,16,"%s","LOG_USER"); snprintf(op_data->syslog_tx_priority,16,"%s","LOG_INFO"); } if(op_data->local_logging == 1) { LogMessage("Local logging enabled, WILL NOT send information to a remote syslog \n"); } if( op_data->local_logging == 0) { if(op_data->port == 0) { LogMessage("Using default Syslog port [%u] \n",op_data->port); op_data->port = 514; } if( op_data->server == NULL) { FatalError("You must specify a valid server \n"); } } if(op_data->operation_mode == 0) { LogMessage("using operation_mode: default \n"); } else if(op_data->operation_mode == 1) { LogMessage("using operation_mode: complete \n"); if(op_data->delim == 0) { LogMessage("Using default delimiters for syslog messages \"|\"\n"); op_data->delim = '|'; } else { LogMessage("Using \"%c\" as delimiters for syslog messages \n",op_data->delim); } if(op_data->field_separators == 0) { LogMessage("Using default field separators for syslog messages \" \"\n"); op_data->field_separators= ' '; } else { LogMessage("Using \"%c\" as field separators for syslog messages \n",op_data->field_separators); } } else { LogMessage("Defaulting operation_mode to default. \n"); op_data->operation_mode = 0; } return op_data; }
/* * Function: ParseIP(char *, IpAddrSet *) * * Purpose: Convert a supplied IP address to it's network order 32-bit long * value. Also convert the CIDR block notation into a real * netmask. * * Arguments: char *addr => address string to convert * IpAddrSet * => * * * Returns: 0 for normal addresses, 1 for an "any" address */ int ParseIP(char *paddr, IpAddrSet *address_data) { char **toks; /* token dbl buffer */ int num_toks; /* number of tokens found by mSplit() */ int cidr = 1; /* is network expressed in CIDR format */ int nmask; /* netmask temporary storage */ char *addr; /* string to parse, eventually a * variable-contents */ struct hostent *host_info; /* various struct pointers for stuff */ struct sockaddr_in sin; /* addr struct */ addr = paddr; if(*addr == '!') { address_data->addr_flags |= EXCEPT_IP; addr++; /* inc past the '!' */ } /* check for wildcards */ if(!strcasecmp(addr, "any")) { address_data->ip_addr = 0; address_data->netmask = 0; return 1; } /* break out the CIDR notation from the IP address */ toks = mSplit(addr, "/", 2, &num_toks, 0); /* "/" was not used as a delimeter, try ":" */ if(num_toks == 1) { mSplitFree(&toks, num_toks); toks = mSplit(addr, ":", 2, &num_toks, 0); } /* * if we have a mask spec and it is more than two characters long, assume * it is netmask format */ if((num_toks > 1) && strlen(toks[1]) > 2) { cidr = 0; } switch(num_toks) { case 1: address_data->netmask = netmasks[32]; break; case 2: if(cidr) { /* convert the CIDR notation into a real live netmask */ nmask = atoi(toks[1]); /* it's pain to differ whether toks[1] is correct if netmask */ /* is /0, so we deploy some sort of evil hack with isdigit */ if(!isdigit((int) toks[1][0])) nmask = -1; if((nmask > -1) && (nmask < 33)) { address_data->netmask = netmasks[nmask]; } else { FatalError("ERROR %s(%d): Invalid CIDR block for IP addr " "%s\n", file_name, file_line, addr); } } else { /* convert the netmask into its 32-bit value */ /* broadcast address fix from * Steve Beaty <*****@*****.**> */ /* * if the address is the (v4) broadcast address, inet_addr * * returns -1 which usually signifies an error, but in the * * broadcast address case, is correct. we'd use inet_aton() * * here, but it's less portable. */ if(!strncmp(toks[1], "255.255.255.255", 15)) { address_data->netmask = INADDR_BROADCAST; } else if((address_data->netmask = inet_addr(toks[1])) == -1) { FatalError("ERROR %s(%d): Unable to parse rule netmask " "(%s)\n", file_name, file_line, toks[1]); } } break; default: FatalError("ERROR %s(%d) => Unrecognized IP address/netmask %s\n", file_name, file_line, addr); break; } #ifndef WORDS_BIGENDIAN /* * since PC's store things the "wrong" way, shuffle the bytes into the * right order. Non-CIDR netmasks are already correct. */ if(cidr) { address_data->netmask = htonl(address_data->netmask); } #endif /* convert names to IP addrs */ if(isalpha((int) toks[0][0])) { /* get the hostname and fill in the host_info struct */ if((host_info = gethostbyname(toks[0]))) { /* protecting against malicious DNS servers */ if(host_info->h_length <= sizeof(sin.sin_addr)) { bcopy(host_info->h_addr, (char *) &sin.sin_addr, host_info->h_length); } else { bcopy(host_info->h_addr, (char *) &sin.sin_addr, sizeof(sin.sin_addr)); } } else if((sin.sin_addr.s_addr = inet_addr(toks[0])) == INADDR_NONE) { FatalError("ERROR %s(%d): Couldn't resolve hostname %s\n", file_name, file_line, toks[0]); } address_data->ip_addr = ((u_long) (sin.sin_addr.s_addr) & (address_data->netmask)); mSplitFree(&toks, num_toks); return 1; } /* convert the IP addr into its 32-bit value */ /* broadcast address fix from Steve Beaty <*****@*****.**> */ /* * if the address is the (v4) broadcast address, inet_addr returns -1 * * which usually signifies an error, but in the broadcast address case, * * is correct. we'd use inet_aton() here, but it's less portable. */ if(!strncmp(toks[0], "255.255.255.255", 15)) { address_data->ip_addr = INADDR_BROADCAST; } else if((address_data->ip_addr = inet_addr(toks[0])) == -1) { FatalError("ERROR %s(%d): Rule IP addr (%s) didn't translate\n", file_name, file_line, toks[0]); } else { /* set the final homenet address up */ address_data->ip_addr = ((u_long) (address_data->ip_addr) & (address_data->netmask)); } mSplitFree(&toks, num_toks); return 0; }
int parse_log_conf() { char syslog_path[128] = {0}; FILE *fp; char line[1024]; char *remote_server = NULL; uint16_t remote_port = 0; char *p; char **toks; int num_toks; strncpy(syslog_path, pv.conf_path, 128); strcat(syslog_path, "/sft_syslog.conf"); if ((fp = fopen(syslog_path, "rb")) == NULL) { E("-------open log config file [%s] fail.\n", pv.conf_path); return -1; } while(fgets(line, 1024, fp)) { if (*line == '#') continue; toks = mSplit(line, "=", 2, &num_toks, 0); if(unlikely(num_toks != 2)) goto free_toks; _strim(toks[0]); trim_specific(toks[1], "\""); printf("[%s]--[%s]\n",toks[0], toks[1]); if (strncmp(toks[0], "enableSYSLOG", strlen("enableSYSLOG")) == 0) { if (strncmp(toks[1], "1", 1) == 0) { pv.urlog = 1; pv.qqlog = 1; D("syslog is enabled!\n"); } else { pv.urlog = 0; pv.qqlog = 0; D("syslog is disabled!\n"); } } else if (strncmp(toks[0], "remote_server", strlen("remote_server")) == 0 && is_ipv4_addr(toks[1])) { remote_server = strdup(toks[1]); } else if (strncmp(toks[0], "remote_port", strlen("remote_port")) == 0 && atoi(toks[1]) > 0) { remote_port = (uint16_t) atoi(toks[1]); } free_toks: memset(line, 0x00, 1024); mSplitFree(&toks, num_toks); } fclose(fp); printf("peer addr is %s:%u\n",remote_server, remote_port); if (pv.urlog && pv.qqlog && remote_server && remote_port) { if (pv.syslog_sd) close(pv.syslog_sd); pv.syslog_sd = socket(PF_INET, SOCK_DGRAM, 0); if (pv.syslog_sd<0) { perror("socket()"); exit(1); } pv.syslog_peer_addr.sin_family = AF_INET; pv.syslog_peer_addr.sin_port = htons(remote_port); inet_pton(AF_INET, remote_server, &pv.syslog_peer_addr.sin_addr); D("connect remote syslog server\n"); } return 0; }
int updateUser(USER_INFO *userInfo, char *pass) { int i; FILE *pf ; FILE *pTmp; MD5_CTX c; unsigned char md[16]; char password[16*2]; // // 判断是否存在相同的用户名 // if (haveUser(userInfo) == 0) return USER_NO_EXIST; // // 计算口令的摘要 // MD5_Init(&c); MD5_Update(&c,pass,strlen(pass)); MD5_Final(md,&c); memset(&c,0,sizeof(c)); // // 将摘要转换为十六进制字符 // for (i=0; i<16; i++) sprintf(password+(i*2),"%02x",md[i]); // // 打开用户文件 // pf = fopen(USER_FILE,"r"); if (pf) { char tempFile[STD_BUF]; char buf[STD_BUF]; // // 生成临时文件名 // sprintf(tempFile,"%s.temp",USER_FILE); pTmp = fopen(tempFile,"w"); while((pTmp)&&(fgets(buf, STD_BUF, pf) != NULL)) { char *index = buf; // // 去掉空白符 // while(*index == ' ' || *index == '\t') index++; // // 注释行,空行去掉。以字符“#”和“;”开始的行为注释行。 // if((*index != '#') && (*index != 0x0a) && (*index != ';') && (index != NULL)) { int k; char **toks; int num_toks; // // 分解字段 // toks = mSplit(index, " \t", 5, &num_toks, 0); if ((num_toks == 4)||(num_toks == 3)) { if ((unsigned int)atoi(toks[0])!=userInfo->id) { // // 其他用户信息写入临时文件 // fwrite(buf,strlen(buf),1,pTmp); } else { char buf[20]; // // 写入新的数据 // sprintf(buf,"\n%d\t",userInfo->id); fwrite(buf,strlen(buf),1,pTmp); fwrite(userInfo->name,strlen(userInfo->name),1,pTmp); fwrite("\t",1,1,pTmp); fwrite(password,sizeof(password),1,pTmp); fwrite("\t",1,1,pTmp); fwrite(userInfo->email,strlen(userInfo->email),1,pTmp); } } // // 释放mSplit分配的内存 // for(k=0;k<num_toks;k++) free(toks[k]); free(toks); } else { // // 将注释行写入文件 // fwrite(buf,strlen(buf),1,pTmp); } } fclose(pf); if (pTmp) { fclose(pTmp); unlink(USER_FILE); // 删除原文件:可能出现同步问题. rename(tempFile,USER_FILE); // 改名为新文件 return OK; } else return OPEN_TEMP_FILE_FALSE ; } else return OPEN_USER_FILE_FALSE ; }
void listUser(char *operate) { char buf[STD_BUF]; FILE *pf; int oper; int line = 0; // // 打开用户数据文件 // pf = fopen(USER_FILE,"r"); if (pf) { if (strcmp(operate,"删除")==0) { printf("<FORM name=\"request\" action=\"/cgi-bin/delUser.cgi\" method=POST\">" "<BR><P><P><TABLE width=\"60%\" border=\"1\" bordercolorlight=\"#808080\" bordercolordark=\"#FFFFFF\" cellpadding=\"0\" cellspacing=\"0\" id=\"AutoNumber1\" height=\"1\" align=center >"); // // 输出表栏 // printf("<tr><th height=\"24\" bgcolor=\"#E1E1E1\"><span style=\"font-weight: 400\">用户名</span></th><th height=\"24\" bgcolor=\"#E1E1E1\"><span style=\"font-weight: 400\">邮件地址</span></th><th height=\"24\" bgcolor=\"#E1E1E1\"><span style=\"font-weight: 400\">删除</span></th></tr>"); oper = 1; } while(fgets(buf, STD_BUF, pf) != NULL) { char *index = buf; // // 去掉空白符 // while(*index == ' ' || *index == '\t') index++; // // 注释行,空行去掉。以字符“#”和“;”开始的行为注释行。 // if((*index != '#') && (*index != 0x0a) && (*index != ';') && (index != NULL)) { char **toks; int num_toks,i; // // 分解字段 // toks = mSplit(index, " \t", 5, &num_toks, 0); if ((num_toks == 4)||(num_toks == 3)) { if (oper == 1) { //printf("<tr bgColor=#ffffff onmouseout=\"this.style.backgroundColor='#FFFFff'\" onmouseover=\"this.style.backgroundColor='#D7F1FB'\">"); printf("<tr bgColor=#ffffff onmouseout=\"this.style.backgroundColor='#FFFFff'\" " "onmouseover=\"this.style.backgroundColor='#D7F1FB'\">" "<th align=\"left\" height=\"24\" ><span style=\"font-weight: 400\">"); DisplayEncodeHttp(toks[1]); printf("</span></th><th align=\"left\" height=\"24\" ><span style=\"font-weight: 400\">"); DisplayEncodeHttp(toks[3]); printf("</span></th><th height=\"24\" ><span style=\"font-weight: 400\">" "<input type=\"checkbox\" name=\"record%d\"></span></th></tr>",line); //printf("<td height=\"24\" ><span style=\"font-weight: 400\">%s</span></td>",toks[order[i]]); } printf("<input type=\"hidden\" name=delKey%d value=\"",line++); DisplayEncodeHttp(toks[1]); printf("\">\n"); } for (i=0;i<num_toks;i++) free(toks[i]); free(toks); } } fclose(pf); printf("<input type=hidden name=numDel value=%d>",line); printf("</table><P><P><center><input type=submit value=\"确认删除\">"); } }
static void StreamParseIcmpArgs(char *args, StreamIcmpPolicy *s5IcmpPolicy) { char **toks; int num_toks; int i; char **stoks = NULL; int s_toks; char *endPtr = NULL; s5IcmpPolicy->session_timeout = STREAM_DEFAULT_SSN_TIMEOUT; //s5IcmpPolicy->flags = 0; if(args != NULL && strlen(args) != 0) { toks = mSplit(args, ",", 0, &num_toks, 0); for (i = 0; i < num_toks; i++) { stoks = mSplit(toks[i], " ", 2, &s_toks, 0); if (s_toks == 0) { FatalError("%s(%d) => Missing parameter in Stream ICMP config.\n", file_name, file_line); } if(!strcasecmp(stoks[0], "timeout")) { if(stoks[1]) { s5IcmpPolicy->session_timeout = strtoul(stoks[1], &endPtr, 10); } if (!stoks[1] || (endPtr == &stoks[1][0]) || *endPtr) { FatalError("%s(%d) => Invalid timeout in config file. Integer parameter required.\n", file_name, file_line); } if ((s5IcmpPolicy->session_timeout > STREAM_MAX_SSN_TIMEOUT) || (s5IcmpPolicy->session_timeout < STREAM_MIN_SSN_TIMEOUT)) { FatalError("%s(%d) => Invalid timeout in config file. " "Must be between %d and %d\n", file_name, file_line, STREAM_MIN_SSN_TIMEOUT, STREAM_MAX_SSN_TIMEOUT); } if (s_toks > 2) { FatalError("%s(%d) => Invalid Stream ICMP Policy option. Missing comma?\n", file_name, file_line); } } else { FatalError("%s(%d) => Invalid Stream ICMP policy option\n", file_name, file_line); } mSplitFree(&stoks, s_toks); } mSplitFree(&toks, num_toks); } }
int delUser(int numDel,char **delKey) { FILE *pf ; FILE *pTmp; // // 打开用户文件 // pf = fopen(USER_FILE,"r"); if (pf) { char tempFile[STD_BUF]; char buf[STD_BUF]; // // 生成临时文件名 // sprintf(tempFile,"%s.temp",USER_FILE); pTmp = fopen(tempFile,"w"); while((pTmp)&&(fgets(buf, STD_BUF, pf) != NULL)) { char *index = buf; // // 去掉空白符 // while(*index == ' ' || *index == '\t') index++; // // 注释行,空行去掉。以字符“#”和“;”开始的行为注释行。 // if((*index != '#') && (*index != 0x0a) && (*index != ';') && (index != NULL)) { char **toks; int num_toks; int k; // // 分解字段 // toks = mSplit(index, " \t", 5, &num_toks, 0); if ((num_toks == 4)||(num_toks == 3)) { int k=0; // // 判断是否是删除的用户 // for(k=0;k<numDel;k++) { if (strcmp(delKey[k],toks[1])==0) { if (strlen(delKey[k])>strlen(toks[0])) strcpy(delKey[k],toks[0]); else { char *p; p=(char*)malloc(strlen(toks[0])+1); if (p) { free(delKey[k]); delKey[k]=p; strcpy(delKey[k],toks[0]); } } break; } } if (k>=numDel) { // // 其他用户信息写入临时文件 // fputs(buf,pTmp); fwrite("\n",1,1,pTmp); } } // // 释放mSplit分配的内存 // for(k=0;k<num_toks;k++) free(toks[k]); free(toks); } else { // // 将注释行写入文件 // fputs(buf,pTmp); } } fclose(pf); if (pTmp) { fclose(pTmp); unlink(USER_FILE); // 删除原文件:可能出现同步问题. rename(tempFile,USER_FILE); // 改名为新文件 // // 删除访问控制文件中的被删除的用户使用的资源。 // return delMultiRecord(0,numDel,delKey,ACCESS_FILE,NULL); } else return OPEN_TEMP_FILE_FALSE ; } else return OPEN_USER_FILE_FALSE ; }
/* * Function: ParseIP(char *, IpAddrSet *) * * Purpose: Convert a supplied IP address to it's network order 32-bit long * value. Also convert the CIDR block notation into a real * netmask. * * Arguments: char *addr => address string to convert * IpAddrSet * => * * * Returns: 0 for normal addresses, 1 for an "any" address */ int ParseIP(char *paddr, IpAddrSet *ias, int negate) //, IpAddrNode *node) { char **toks; /* token dbl buffer */ int num_toks; /* number of tokens found by mSplit() */ int cidr = 1; /* is network expressed in CIDR format */ int nmask = -1; /* netmask temporary storage */ char *addr; /* string to parse, eventually a * variable-contents */ struct hostent *host_info; /* various struct pointers for stuff */ struct sockaddr_in sin; /* addr struct */ char broadcast_addr_set = 0; IpAddrNode *address_data = (IpAddrNode*)SnortAlloc(sizeof(IpAddrNode)); if(!paddr || !ias) return 1; addr = paddr; if(*addr == '!') { negate = !negate; // address_data->addr_flags |= EXCEPT_IP; addr++; /* inc past the '!' */ } /* check for wildcards */ if(!strcasecmp(addr, "any")) { if(negate) { FatalError("%s(%d) => !any is not allowed\n", file_name, file_line); } /* Make first node 0, which matches anything */ if(!ias->iplist) { ias->iplist = (IpAddrNode*)SnortAlloc(sizeof(IpAddrNode)); } ias->iplist->ip_addr = 0; ias->iplist->netmask = 0; free(address_data); return 1; } /* break out the CIDR notation from the IP address */ toks = mSplit(addr, "/", 2, &num_toks, 0); /* "/" was not used as a delimeter, try ":" */ if(num_toks == 1) { mSplitFree(&toks, num_toks); toks = mSplit(addr, ":", 2, &num_toks, 0); } /* * if we have a mask spec and it is more than two characters long, assume * it is netmask format */ if((num_toks > 1) && strlen(toks[1]) > 2) { cidr = 0; } switch(num_toks) { case 1: address_data->netmask = netmasks[32]; break; case 2: if(cidr) { /* convert the CIDR notation into a real live netmask */ nmask = atoi(toks[1]); /* it's pain to differ whether toks[1] is correct if netmask */ /* is /0, so we deploy some sort of evil hack with isdigit */ if(!isdigit((int) toks[1][0])) nmask = -1; /* if second char is != '\0', it must be a digit * by Daniel B. Cid, [email protected] */ if((toks[1][1] != '\0')&&(!isdigit((int) toks[1][1]) )) nmask = -1; if((nmask > -1) && (nmask < 33)) { address_data->netmask = netmasks[nmask]; } else { FatalError("%s(%d): Invalid CIDR block for IP addr " "%s\n", file_name, file_line, addr); } } else { /* convert the netmask into its 32-bit value */ /* broadcast address fix from * Steve Beaty <*****@*****.**> */ /* * if the address is the (v4) broadcast address, inet_addr * * returns -1 which usually signifies an error, but in the * * broadcast address case, is correct. we'd use inet_aton() * * here, but it's less portable. */ if(!strncmp(toks[1], "255.255.255.255", 15)) { address_data->netmask = INADDR_BROADCAST; } else if((address_data->netmask = inet_addr(toks[1])) == INADDR_NONE) { FatalError("%s(%d): Unable to parse rule netmask " "(%s)\n", file_name, file_line, toks[1]); } /* Set nmask so we don't try to do a host lookup below. * The value of 0 is irrelevant. */ nmask = 0; } break; default: FatalError("%s(%d) => Unrecognized IP address/netmask %s\n", file_name, file_line, addr); break; } sin.sin_addr.s_addr = inet_addr(toks[0]); #ifndef WORDS_BIGENDIAN /* * since PC's store things the "wrong" way, shuffle the bytes into the * right order. Non-CIDR netmasks are already correct. */ if(cidr) { address_data->netmask = htonl(address_data->netmask); } #endif /* broadcast address fix from Steve Beaty <*****@*****.**> */ /* Changed location */ if(!strncmp(toks[0], "255.255.255.255", 15)) { address_data->ip_addr = INADDR_BROADCAST; broadcast_addr_set = 1; } else if (nmask == -1) { /* Try to do a host lookup if the address didn't * convert to a valid IP and there were not any * mask bits specified (CIDR or dot notation). */ if(sin.sin_addr.s_addr == INADDR_NONE) { /* get the hostname and fill in the host_info struct */ host_info = gethostbyname(toks[0]); if (host_info) { /* protecting against malicious DNS servers */ if(host_info->h_length <= (int)sizeof(sin.sin_addr)) { bcopy(host_info->h_addr, (char *) &sin.sin_addr, host_info->h_length); } else { bcopy(host_info->h_addr, (char *) &sin.sin_addr, sizeof(sin.sin_addr)); } } /* Using h_errno */ else if(h_errno == HOST_NOT_FOUND) /*else if((sin.sin_addr.s_addr = inet_addr(toks[0])) == INADDR_NONE)*/ { FatalError("%s(%d): Couldn't resolve hostname %s\n", file_name, file_line, toks[0]); } } else { /* It was a valid IP address with no netmask specified. */ /* Noop */ } } else { if(sin.sin_addr.s_addr == INADDR_NONE) { /* It was not a valid IP address but had a valid netmask. */ FatalError("%s(%d): Rule IP addr (%s) didn't translate\n", file_name, file_line, toks[0]); } } /* Only set this if we haven't set it above as 255.255.255.255 */ if (!broadcast_addr_set) { address_data->ip_addr = ((u_long) (sin.sin_addr.s_addr) & (address_data->netmask)); } mSplitFree(&toks, num_toks); /* Add new IP address to address set */ if(!negate) { IpAddrNode *idx; if(!ias->iplist) { ias->iplist = address_data; } else { /* Get to the end of the list */ for(idx = ias->iplist; idx->next; idx=idx->next) ; idx->next = address_data; } } else { IpAddrNode *idx; if(!ias->neg_iplist) { ias->neg_iplist = address_data; } else { /* Get to the end of the list */ for(idx = ias->neg_iplist; idx->next; idx=idx->next) ; idx->next = address_data; } address_data->addr_flags |= EXCEPT_IP; } return 0; }
/* threshold gen_id #, sig_id #, type limit|threshold|both, track by_src|by_dst, count #, seconds # 8/25/03 - added support for a global threshold, uses sid = 0, and is applied after all other thresholding so a sid specific threshold or suppress command has precedence... */ void ParseSFThreshold( FILE * fp, char * rule ) { char **args, **oargs; int nargs, noargs; THDX_STRUCT thdx; int count_flag=0; int seconds_flag=0; int type_flag=0; int tracking_flag=0; /* int priority_flag=0; */ int genid_flag=0; int sigid_flag=0; int i; memset( &thdx, 0, sizeof(THDX_STRUCT) ); while( (*rule <= ' ') && (*rule > 0) ) rule++; /* skip whitespace */ while( (*rule > ' ') ) rule++; /* skip 'threshold' */ args = mSplit(rule,",",15,&nargs,0); /* get rule option pairs */ for( i=0; i<nargs; i++ ) { oargs = mSplit(args[i]," ",2,&noargs,0); /* get rule option pairs */ if( noargs != 2 ) { FatalError("Threshold Parse: argument pairing error\n"); } if( strcmp(oargs[0],"type")==0 ) { if( strcmp(oargs[1],"limit") == 0 ) { thdx.type = THD_TYPE_LIMIT; } else if( strcmp(oargs[1],"threshold") == 0 ) { thdx.type = THD_TYPE_THRESHOLD; } else if( strcmp(oargs[1],"both") == 0 ) { thdx.type = THD_TYPE_BOTH; } else { /* Fatal incorrect threshold type */ FatalError("Threshold-Parse: incorrect 'type' argument \n"); } type_flag++; } else if( strcmp(oargs[0],"track")==0 ) { if( strcmp(oargs[1],"by_src") == 0 ) { thdx.tracking = THD_TRK_SRC; } else if( strcmp(oargs[1],"by_dst") == 0 ) { thdx.tracking = THD_TRK_DST; } else { /* Fatal incorrect threshold type */ FatalError("Threshold-Parse: incorrect tracking type\n"); } tracking_flag++; } else if( strcmp(oargs[0],"count")==0 ) { thdx.count = xatou(oargs[1],"threshold: count"); count_flag++; } else if( strcmp(oargs[0],"seconds")==0 ) { thdx.seconds = xatou(oargs[1],"threshold: seconds"); seconds_flag++; } else if( strcmp(oargs[0],"gen_id")==0 ) { thdx.gen_id = xatou(oargs[1],"threshold: gen_id"); genid_flag++; if( oargs[1][0]== '-' ) FatalError("Threshold-Parse: gen_id < 0 not supported '%s %s'\n",oargs[0],oargs[1]); } else if( strcmp(oargs[0],"sig_id")==0 ) { thdx.sig_id = xatou(oargs[1],"threshold: sig_id"); sigid_flag++; if( oargs[1][0]== '-' ) FatalError("Threshold-Parse: sig_id < 0 not supported '%s %s'\n",oargs[0],oargs[1]); } else { /* Fatal incorrect threshold type */ FatalError("Threshold-Parse: unsupported option : %s %s\n",oargs[0],oargs[1]); } } if( (count_flag + tracking_flag + type_flag + seconds_flag + genid_flag + sigid_flag) != 6 ) { /* Fatal - incorrect argument count */ FatalError("Threshold-Parse: incorrect argument count\n"); } if( sfthreshold_create( &thdx ) ) { if( thdx.sig_id == 0 ) { FatalError("Global Threshold-Parse: could not create a threshold object -- only one per gen_id=%u!\n",thdx.gen_id); } else { if( thdx.gen_id == 0 ) { FatalError("Global Threshold-Parse: could not create a threshold object -- a gen_id < 0 requires a sig_id < 0, sig_id=%u !\n",thdx.sig_id); } else { FatalError("Threshold-Parse: could not create a threshold object -- only one per sig_id=%u!\n",thdx.sig_id); } } } mSplitFree(&args, nargs); mSplitFree(&oargs, noargs); }