/****************************************************************************
*
* Function: SetupPktData()
*
* Purpose: Load 'er up
*
* Arguments: None.
*
* Returns: void function
*
****************************************************************************/
void SetupPktData(void)
{
/* map the keyword to an initialization/processing function */
RegisterRuleOption("pkt_data", PktDataInit, NULL, OPT_TYPE_DETECTION, NULL);
#ifdef PERF_PROFILING
RegisterPreprocessorProfile("pkt_data", &pktDataPerfStats, 3, &ruleOTNEvalPerfStats);
#endif
DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Plugin: pkt_data Setup\n"););
/* Setup function */
void SetupByteExtract(void)
{
RegisterRuleOption("byte_extract", ByteExtractInit, NULL, OPT_TYPE_DETECTION, NULL);
AddFuncToCleanExitList(ByteExtractCleanup, NULL);
#ifdef PERF_PROFILING
RegisterPreprocessorProfile("byte_extract", &byteExtractPerfStats, 3, &ruleOTNEvalPerfStats);
#endif
}
/****************************************************************************
*
* Function: SetupAppId()
*
* Purpose: Load 'er up
*
* Arguments: None.
*
* Returns: void function
*
****************************************************************************/
void SetupAppId(void)
{
/* map the keyword to an initialization/processing function */
RegisterRuleOption("appid", AppIdInit, NULL, OPT_TYPE_DETECTION, NULL);
#ifdef PERF_PROFILING
RegisterPreprocessorProfile("appid", &appIdPerfStats, 3, &ruleOTNEvalPerfStats, NULL);
#endif
DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Plugin: appid Setup\n"););
/**
* Initialize the configuration of the flow preprocessor
*
* @param args command line arguments from snort.conf
*/
static void FlowInit(u_char *args)
{
static int init_once = 0;
int ret;
static SPPFLOW_CONFIG *config = &s_config;
if(init_once)
FatalError("%s(%d) Unable to reinitialize flow!\n", file_name, file_line);
else
init_once = 1;
/* setup the defaults */
config->stats_interval = DEFAULT_STAT_INTERVAL;
config->memcap = DEFAULT_MEMCAP;
config->rows = DEFAULT_ROWS;
config->hashid = HASH2; /* use the quickest hash by default */
FlowParseArgs(config, args);
if((ret = flowcache_init(&s_fcache, config->rows, config->memcap,
giFlowbitSize, config->hashid)) != FLOW_SUCCESS)
{
FatalError("Unable to initialize the flow cache!"
"-- try more memory (current memcap is %d)\n", config->memcap);
}
DisplayFlowConfig();
s_flow_running = 1;
AddFuncToPreprocList(FlowPreprocessor, PRIORITY_NETWORK, PP_FLOW);
AddFuncToPreprocCleanExitList(FlowCleanExit, NULL, PRIORITY_LAST, PP_FLOW);
AddFuncToPreprocRestartList(FlowRestart, NULL, PRIORITY_LAST, PP_FLOW);
#ifdef PERF_PROFILING
RegisterPreprocessorProfile("flow", &flowPerfStats, 0, &totalPerfStats);
#endif
}
/**
** This function initializes HttpInspect with a user configuration.
**
** The function is called when HttpInspect is configured in
** snort.conf. It gets passed a string of arguments, which gets
** parsed into configuration constructs that HttpInspect understands.
**
** This function gets called for every HttpInspect configure line. We
** use this characteristic to split up the configuration, so each line
** is a configuration construct. We need to keep track of what part
** of the configuration has been configured, so we don't configure one
** part, then configure it again.
**
** Any upfront memory is allocated here (if necessary).
**
** @param args a string to the preprocessor arguments.
**
** @return void
*/
static void HttpInspectInit(char *args)
{
char ErrorString[ERRSTRLEN];
int iErrStrLen = ERRSTRLEN;
int iRet;
static int siFirstConfig = 1;
int iGlobal = 0;
if(siFirstConfig)
{
memset(&hi_stats, 0, sizeof(HIStats));
iRet = hi_ui_config_init_global_conf(&GlobalConf);
if (iRet)
{
snprintf(ErrorString, iErrStrLen,
"Error initializing Global Configuration.");
FatalError("%s(%d) => %s\n", file_name, file_line, ErrorString);
return;
}
iRet = hi_ui_config_default(&GlobalConf);
if (iRet)
{
snprintf(ErrorString, iErrStrLen,
"Error configuring default global configuration.");
FatalError("%s(%d) => %s\n", file_name, file_line, ErrorString);
return;
}
iRet = hi_client_init(&GlobalConf);
if (iRet)
{
snprintf(ErrorString, iErrStrLen,
"Error initializing client module.");
FatalError("%s(%d) => %s\n", file_name, file_line, ErrorString);
return;
}
iRet = hi_norm_init(&GlobalConf);
if (iRet)
{
snprintf(ErrorString, iErrStrLen,
"Error initializing normalization module.");
FatalError("%s(%d) => %s\n", file_name, file_line, ErrorString);
return;
}
/*
** We set the global configuration variable
*/
iGlobal = 1;
}
iRet = HttpInspectSnortConf(&GlobalConf, args, iGlobal, ErrorString, iErrStrLen);
if (iRet)
{
if(iRet > 0)
{
/*
** Non-fatal Error
*/
if(ErrorString)
{
ErrorMessage("%s(%d) => %s\n",
file_name, file_line, ErrorString);
}
}
else
{
/*
** Fatal Error, log error and exit.
*/
if(ErrorString)
{
FatalError("%s(%d) => %s\n",
file_name, file_line, ErrorString);
}
else
{
/*
** Check if ErrorString is undefined.
*/
if(iRet == -2)
{
FatalError("%s(%d) => ErrorString is undefined.\n",
file_name, file_line);
}
else
{
FatalError("%s(%d) => Undefined Error.\n",
file_name, file_line);
}
}
}
}
/*
** Only add the functions one time to the preproc list.
*/
if(siFirstConfig)
{
/*
** Add HttpInspect into the preprocessor list
*/
AddFuncToPreprocList(HttpInspect, PRIORITY_APPLICATION, PP_HTTPINSPECT);
RegisterPreprocStats("http_inspect", HttpInspectDropStats);
/*
** Remember to add any cleanup functions into the appropriate
** lists.
*/
AddFuncToPreprocCleanExitList(HttpInspectCleanExit, NULL, PRIORITY_APPLICATION, PP_HTTPINSPECT);
AddFuncToPreprocRestartList(HttpInspectCleanExit, NULL, PRIORITY_APPLICATION, PP_HTTPINSPECT);
siFirstConfig = 0;
#ifdef PERF_PROFILING
RegisterPreprocessorProfile("httpinspect", &hiPerfStats, 0, &totalPerfStats);
#endif
}
return;
}
