From 0b1862356c3b2c3300caefc098fc207523f5e87d Mon Sep 17 00:00:00 2001 From: BlackLight Date: Sun, 3 Oct 2010 04:18:43 +0200 Subject: [PATCH] Uniformed error messages format --- Makefile.am | 2 +- Makefile.in | 2 +- alert_history.c | 20 +++---- alert_parser.c | 26 ++++----- bayesian.c | 2 +- cluster.c | 22 ++++---- correlation.c | 70 ++++++++++++------------ db.c | 33 +++++------- outdb.c | 12 ++--- postgresql.c | 8 +-- spp_ai.c | 138 +++++++++++++++++++++++++++--------------------- spp_ai.h | 1 + stream.c | 8 +-- 13 files changed, 175 insertions(+), 169 deletions(-) diff --git a/Makefile.am b/Makefile.am index aecb027..74d7b56 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,7 +4,7 @@ AUTOMAKE_OPTIONS=foreign no-dependencies libdir = ${exec_prefix}/lib/snort_dynamicpreprocessor lib_LTLIBRARIES = libsf_ai_preproc.la -libsf_ai_preproc_la_CFLAGS = -I./uthash -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -fstack-protector +libsf_ai_preproc_la_CFLAGS = -I./uthash -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -std=c99 -fstack-protector libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic BUILT_SOURCES = \ diff --git a/Makefile.in b/Makefile.in index 7c74ecb..3103d64 100644 --- a/Makefile.in +++ b/Makefile.in @@ -240,7 +240,7 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = foreign no-dependencies lib_LTLIBRARIES = libsf_ai_preproc.la -libsf_ai_preproc_la_CFLAGS = -I./uthash -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -fstack-protector +libsf_ai_preproc_la_CFLAGS = -I./uthash -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -std=c99 -fstack-protector libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic BUILT_SOURCES = \ include/sf_dynamic_preproc_lib.c \ diff --git a/alert_history.c b/alert_history.c index e829038..3e1e04c 100644 --- a/alert_history.c +++ b/alert_history.c @@ -82,15 +82,15 @@ AI_deserialize_alerts () return NULL; if ( ! S_ISREG ( st.st_mode )) - _dpd.fatalMsg ( "AIPreproc: '%s' is not a regular file\n", config->alert_history_file ); + AI_fatal_err ( "The specified alert history file is not a regular file", __FILE__, __LINE__ ); if ( !( fp = fopen ( config->alert_history_file, "r" ))) - _dpd.fatalMsg ( "AIPreproc: Unable to read from the file '%s'\n", config->alert_history_file ); + AI_fatal_err ( "Unable to read from the alert history file", __FILE__, __LINE__ ); AI_alerts_hash_free ( &alerts_hash ); if ( fread ( &lists_count, sizeof ( unsigned int ), 1, fp ) <= 0 ) - _dpd.fatalMsg ( "AIPreproc: Malformed history file '%s'\n", config->alert_history_file ); + AI_fatal_err ( "Malformed binary history file", __FILE__, __LINE__ ); /* Fill the hash table reading from the file */ for ( i=0; i < lists_count; i++ ) @@ -99,30 +99,30 @@ AI_deserialize_alerts () event_prev = NULL; if ( fread ( &items_count, sizeof ( unsigned int ), 1, fp ) <= 0 ) - _dpd.fatalMsg ( "AIPreproc: Malformed history file '%s'\n", config->alert_history_file ); + AI_fatal_err ( "Malformed history file", __FILE__, __LINE__ ); for ( j=0; j < items_count; j++ ) { if ( j == 0 ) { if ( !( event_list = ( AI_alert_event* ) malloc ( sizeof ( AI_alert_event )))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); memset ( event_list, 0, sizeof ( AI_alert_event )); event_iterator = event_list; } else { if ( !( event_iterator = ( AI_alert_event* ) malloc ( sizeof ( AI_alert_event )))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); memset ( event_iterator, 0, sizeof ( AI_alert_event )); } event_iterator->count = items_count; if ( fread ( &( event_iterator->key ), sizeof ( event_iterator->key ), 1, fp ) <= 0 ) - _dpd.fatalMsg ( "AIPreproc: Malformed history file '%s'\n", config->alert_history_file ); + AI_fatal_err ( "Malformed alert history file", __FILE__, __LINE__ ); if ( fread ( &( event_iterator->timestamp ), sizeof ( event_iterator->timestamp ), 1, fp ) <= 0 ) - _dpd.fatalMsg ( "AIPreproc: Malformed history file '%s'\n", config->alert_history_file ); + AI_fatal_err ( "Malformed alert history file", __FILE__, __LINE__ ); if ( event_prev ) { @@ -168,7 +168,7 @@ AI_serialize_alerts ( AI_snort_alert **alerts_pool, unsigned int alerts_pool_cou for ( i=0; i < alerts_pool_count; i++ ) { if ( !( event = ( AI_alert_event* ) malloc ( sizeof ( AI_alert_event )))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); memset ( event, 0, sizeof ( AI_alert_event )); key.gid = alerts_pool[i]->gid; @@ -208,7 +208,7 @@ AI_serialize_alerts ( AI_snort_alert **alerts_pool, unsigned int alerts_pool_cou hash_count = HASH_COUNT ( alerts_hash ); if ( !( fp = fopen ( config->alert_history_file, "w" ))) - _dpd.fatalMsg ( "AIPreproc: Unable to write on '%s'\n", config->alert_history_file ); + AI_fatal_err ( "Unable to write on the alert history file", __FILE__, __LINE__ ); fwrite ( &hash_count, sizeof ( hash_count ), 1, fp ); for ( event = alerts_hash; event; event = ( AI_alert_event* ) event->hh.next ) diff --git a/alert_parser.c b/alert_parser.c index b0bd105..9fc83ac 100644 --- a/alert_parser.c +++ b/alert_parser.c @@ -98,7 +98,7 @@ AI_alerts_pool_thread ( void *arg ) continue; if ( pthread_create ( &serializer_thread, NULL, AI_serializer_thread, NULL ) != 0 ) - _dpd.fatalMsg ( "Failed to create the alerts' serializer thread\n" ); + AI_fatal_err ( "Failed to create the alerts' serializer thread", __FILE__, __LINE__ ); } pthread_exit ((void*) 0); @@ -158,28 +158,28 @@ AI_file_alertparser_thread ( void* arg ) /* Initialize the pool of alerts to be passed to the serialization thread */ if ( !( alerts_pool = ( AI_snort_alert** ) malloc ( config->alert_bufsize * sizeof ( AI_snort_alert* )))) - _dpd.fatalMsg ( "Dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); for ( i=0; i < config->alert_bufsize; i++ ) alerts_pool[i] = NULL; /* Initialize the thread for managing the serialization of alerts' pool */ if ( pthread_create ( &alerts_pool_thread, NULL, AI_alerts_pool_thread, NULL ) != 0 ) - _dpd.fatalMsg ( "Failed to create the alerts' pool management thread\n" ); + AI_fatal_err ( "Failed to create the alerts' pool management thread", __FILE__, __LINE__ ); while ( 1 ) { #ifdef LINUX if (( ifd = inotify_init() ) < 0 ) { - _dpd.fatalMsg ( "Could not initialize an inotify object on the alert log file" ); + AI_fatal_err ( "Could not initialize an inotify object on the alert log file", __FILE__, __LINE__ ); } if ( stat ( config->alertfile, &st ) < 0 ) { if (( wd = inotify_add_watch ( ifd, config->alertfile, IN_CREATE )) < 0 ) { - _dpd.fatalMsg ( "Could not initialize a watch descriptor on the alert log file" ); + AI_fatal_err ( "Could not initialize a watch descriptor on the alert log file", __FILE__, __LINE__ ); } read ( ifd, line, sizeof(line) ); @@ -189,14 +189,14 @@ AI_file_alertparser_thread ( void* arg ) { if ( ! (alert_fp = fopen ( config->alertfile, "r" )) ) { - _dpd.fatalMsg ( "Could not open alert log file for reading" ); + AI_fatal_err ( "Could not open alert log file for reading", __FILE__, __LINE__ ); } } } if (( wd = inotify_add_watch ( ifd, config->alertfile, IN_MODIFY )) < 0 ) { - _dpd.fatalMsg ( "Could not initialize a watch descriptor on the alert log file" ); + AI_fatal_err ( "Could not initialize a watch descriptor on the alert log file", __FILE__, __LINE__ ); } fseek ( alert_fp, 0, SEEK_END ); @@ -212,7 +212,7 @@ AI_file_alertparser_thread ( void* arg ) { if ( ! (alert_fp = fopen ( config->alertfile, "r" )) ) { - _dpd.fatalMsg ( "Could not open alert log file for reading" ); + AI_fatal_err ( "Could not open alert log file for reading", __FILE__, __LINE__ ); } else if( fd == -1 ){ /* @@ -283,12 +283,12 @@ AI_file_alertparser_thread ( void* arg ) } if ( pthread_create ( &serializer_thread, NULL, AI_serializer_thread, alert ) != 0 ) - _dpd.fatalMsg ( "Failed to create the alerts' serializer thread\n" ); + AI_fatal_err ( "Failed to create the alerts' serializer thread", __FILE__, __LINE__ ); if ( config->outdbtype != outdb_none ) { if ( pthread_create ( &db_thread, NULL, AI_store_alert_to_db_thread, alert ) != 0 ) - _dpd.fatalMsg ( "Failed to create the alert to db storing thread\n" ); + AI_fatal_err ( "Failed to create the alert to db storing thread", __FILE__, __LINE__ ); } in_alert = false; @@ -308,7 +308,7 @@ AI_file_alertparser_thread ( void* arg ) if ( !( alert = ( AI_snort_alert* ) malloc ( sizeof( AI_snort_alert )))) { - _dpd.fatalMsg ( "\nDynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); } memset ( alert, 0, sizeof(AI_snort_alert) ); @@ -324,7 +324,7 @@ AI_file_alertparser_thread ( void* arg ) free ( matches ); matches = NULL; } else { - _dpd.fatalMsg ( "Parse error: a line in the alert log cannot be associated to an alert block\n" ); + AI_fatal_err ( "Parse error: a line in the alert log cannot be associated to an alert block", __FILE__, __LINE__ ); } } else if ( preg_match ( "\\[Priority:\\s*([0-9]+)\\]", line, &matches, &nmatches) > 0 ) { alert->priority = (unsigned short) strtoul ( matches[0], NULL, 10 ); @@ -480,7 +480,7 @@ _AI_copy_alerts ( AI_snort_alert *node ) if ( !( current = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) )) { - _dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); } memcpy ( current, node, sizeof ( AI_snort_alert )); diff --git a/bayesian.c b/bayesian.c index 18f18aa..a4182b2 100644 --- a/bayesian.c +++ b/bayesian.c @@ -152,7 +152,7 @@ AI_alert_bayesian_correlation ( AI_snort_alert *a, AI_snort_alert *b ) found->latest_computation_time = time ( NULL ); } else { if ( !( found = ( AI_bayesian_correlation* ) malloc ( sizeof ( AI_bayesian_correlation )))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); found->key = bayesian_key; found->correlation = corr; diff --git a/cluster.c b/cluster.c index b04105a..cce70cd 100644 --- a/cluster.c +++ b/cluster.c @@ -91,7 +91,7 @@ _heuristic_func ( cluster_type type ) { if ( !( value = ( attribute_value* ) malloc ( sizeof ( attribute_value )) )) { - _dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation failure", __FILE__, __LINE__ ); } memset ( value, 0, sizeof ( attribute_value )); @@ -137,7 +137,7 @@ _hierarchy_node_new ( char *label, int min_val, int max_val ) if ( !( n = ( hierarchy_node* ) malloc ( sizeof ( hierarchy_node )) )) { - _dpd.fatalMsg ( "Dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation failure", __FILE__, __LINE__ ); } n->min_val = min_val; @@ -162,7 +162,7 @@ _hierarchy_node_append ( hierarchy_node *parent, hierarchy_node *child ) { if ( !( parent->children = ( hierarchy_node** ) realloc ( parent->children, (++(parent->nchildren)) * sizeof ( hierarchy_node* )) )) { - _dpd.fatalMsg ( "Dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation failure", __FILE__, __LINE__ ); } parent->children[ parent->nchildren - 1 ] = child; @@ -286,25 +286,25 @@ _AI_merge_alerts ( AI_snort_alert **log ) if ( config->outdbtype != outdb_none ) { if ( !( alerts_couple = (AI_alerts_couple*) malloc ( sizeof ( AI_alerts_couple )))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); alerts_couple->alert1 = tmp; alerts_couple->alert2 = tmp2->next; if ( pthread_create ( &db_thread, NULL, AI_store_cluster_to_db_thread, alerts_couple ) != 0 ) { - _dpd.fatalMsg ( "AIPreproc: Failed to create the cluster-to-database thread: %s\n", strerror(errno) ); + AI_fatal_err ( "Failed to create the cluster-to-database thread", __FILE__, __LINE__ ); } if ( pthread_join ( db_thread, NULL ) != 0 ) { - _dpd.fatalMsg ( "AIPreproc: Could not join the cluster-to-database thread: %s\n", strerror(errno) ); + AI_fatal_err ( "Could not join the cluster-to-database thread", __FILE__, __LINE__ ); } } /* Merge the two alerts */ if ( !( tmp->grouped_alerts = ( AI_snort_alert** ) realloc ( tmp->grouped_alerts, (++(tmp->grouped_alerts_count)) * sizeof ( AI_snort_alert* )))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); tmp->grouped_alerts[ tmp->grouped_alerts_count - 1 ] = tmp2->next; count++; @@ -354,7 +354,7 @@ _AI_get_alerts_heterogeneity ( int *alert_count ) if ( !found ) { if ( !( found = (AI_alert_occurrence*) malloc ( sizeof ( AI_alert_occurrence )))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); found->key = key; found->count = 1; @@ -674,7 +674,7 @@ AI_hierarchies_build ( hierarchy_node **nodes, int n_nodes ) if ( _AI_check_duplicate ( nodes[i], root )) { - _dpd.fatalMsg ( "AIPreproc: Parse error: duplicate cluster range '%d-%d' in configuration\n", nodes[i]->min_val, nodes[i]->max_val ); + AI_fatal_err ( "Parse error: duplicate cluster range in module configuration", __FILE__, __LINE__ ); } for ( j=0; j < n_nodes; j++ ) @@ -709,7 +709,7 @@ AI_hierarchies_build ( hierarchy_node **nodes, int n_nodes ) if ( pthread_create ( &cluster_thread, NULL, _AI_cluster_thread, NULL ) != 0 ) { - _dpd.fatalMsg ( "AIPreproc: Failed to create the hash cleanup thread\n" ); + AI_fatal_err ( "Failed to create the hash cleanup thread", __FILE__, __LINE__ ); } } /* ----- end of function AI_hierarchies_build ----- */ @@ -736,7 +736,7 @@ _AI_copy_clustered_alerts ( AI_snort_alert *node ) if ( !( current = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) )) { - _dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation failure", __FILE__, __LINE__ ); } memcpy ( current, node, sizeof ( AI_snort_alert )); diff --git a/correlation.c b/correlation.c index 2192d35..5d17a15 100644 --- a/correlation.c +++ b/correlation.c @@ -197,7 +197,7 @@ _AI_get_function_arguments ( char *orig_stmt, int *n_args ) while ( tok ) { if ( !( args = (char**) realloc ( args, (++(*n_args)) * sizeof ( char* )))) - _dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); args [ (*n_args) - 1 ] = strdup ( tok ); tok = (char*) strtok ( NULL, " " ); @@ -296,15 +296,15 @@ _AI_kb_correlation_coefficient ( AI_snort_alert *a, AI_snort_alert *b ) if ( preg_match ( "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$", args2[k], NULL, NULL )) { if (( netmask = strtol ( matches[1], NULL, 10 )) > 32 ) - _dpd.fatalMsg ( "AIPreproc: Invalid netmask value in '%s'\n", args1[k] ); + AI_fatal_err ( "Invalid IP netmask value in configuration", __FILE__, __LINE__ ); if (( min_addr = inet_addr ( matches[0] )) == INADDR_NONE ) - _dpd.fatalMsg ( "AIPreproc: Invalid base IP address in '%s'\n", args1[k] ); + AI_fatal_err ( "Invalid base IP address in configuration", __FILE__, __LINE__ ); ipaddr = inet_addr ( args2[k] ); if ( ipaddr == INADDR_NONE ) - _dpd.fatalMsg ( "AIPreproc: Invalid base IP address in '%s'\n", args2[k] ); + AI_fatal_err ( "Invalid base IP address in configuration", __FILE__, __LINE__ ); netmask = 1 << (( 8*sizeof ( uint32_t )) - netmask ); min_addr = ntohl ( min_addr ) & (~(netmask - 1)); @@ -328,15 +328,15 @@ _AI_kb_correlation_coefficient ( AI_snort_alert *a, AI_snort_alert *b ) if ( preg_match ( "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$", args1[k], NULL, NULL )) { if (( netmask = strtol ( matches[1], NULL, 10 )) > 32 ) - _dpd.fatalMsg ( "AIPreproc: Invalid netmask value in '%s'\n", args2[k] ); + AI_fatal_err ( "Invalid IP netmask value in configuration", __FILE__, __LINE__ ); if (( min_addr = inet_addr ( matches[0] )) == INADDR_NONE ) - _dpd.fatalMsg ( "AIPreproc: Invalid base IP address in '%s'\n", args2[k] ); + AI_fatal_err ( "Invalid base IP address in configuration", __FILE__, __LINE__ ); ipaddr = inet_addr ( args1[k] ); if ( ipaddr == INADDR_NONE ) - _dpd.fatalMsg ( "AIPreproc: Invalid base IP address in '%s'\n", args1[k] ); + AI_fatal_err ( "Invalid base IP address in configuration", __FILE__, __LINE__ ); netmask = 1 << (( 8*sizeof ( uint32_t )) - netmask ); min_addr = ntohl ( min_addr ) & (~(netmask - 1)); @@ -535,7 +535,7 @@ _AI_hyperalert_from_XML ( AI_hyperalert_key key ) if ( !( hyp = ( AI_hyperalert_info* ) malloc ( sizeof ( AI_hyperalert_info )))) { - _dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); } memset ( hyp, 0, sizeof ( AI_hyperalert_info )); @@ -563,59 +563,59 @@ _AI_hyperalert_from_XML ( AI_hyperalert_key key ) if ( !strcasecmp ((const char*) tagname, "hyperalert" )) { if ( xmlFlags[inHyperAlert] ) - _dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': the hyperalert tag was opened twice\n", hyperalert_file ); + AI_fatal_err ( "Error in XML correlation rules: the hyperalert tag was opened twice", __FILE__, __LINE__ ); else xmlFlags[inHyperAlert] = true; } else if ( !strcasecmp ((const char*) tagname, "snort-id" )) { if ( xmlFlags[inSnortIdTag] ) - _dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'snort-id' tag open inside of another 'snort-id' tag\n", hyperalert_file ); + AI_fatal_err ( "Error in XML correlation rules: 'snort-id' tag open inside of another 'snort-id' tag", __FILE__, __LINE__ ); else if ( !xmlFlags[inHyperAlert] ) - _dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'snort-id' tag open outside of 'hyperalert' tag\n", hyperalert_file ); + AI_fatal_err ( "Error in XML correlation rules: 'snort-id' tag open outside of 'hyperalert' tag", __FILE__, __LINE__ ); else xmlFlags[inSnortIdTag] = true; } else if ( !strcasecmp ((const char*) tagname, "pre" )) { if ( xmlFlags[inPreTag] ) - _dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'pre' tag open inside of another 'pre' tag\n", hyperalert_file ); + AI_fatal_err ( "Error in XML correlation rules: 'pre' tag open inside of another 'pre' tag", __FILE__, __LINE__ ); else if ( !xmlFlags[inHyperAlert] ) - _dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'pre' tag open outside of 'hyperalert' tag\n", hyperalert_file ); + AI_fatal_err ( "Error in XML correlation rules: 'pre' tag open outside of 'hyperalert' tag", __FILE__, __LINE__ ); else xmlFlags[inPreTag] = true; } else if ( !strcasecmp ((const char*) tagname, "post" )) { if ( xmlFlags[inPostTag] ) - _dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'post' tag open inside of another 'post' tag\n", hyperalert_file ); + AI_fatal_err ( "Error in XML correlation rules: 'post' tag open inside of another 'post' tag", __FILE__, __LINE__ ); else if ( !xmlFlags[inHyperAlert] ) - _dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'post' tag open outside of 'hyperalert' tag\n", hyperalert_file ); + AI_fatal_err ( "Error in XML correlation rules: 'post' tag open outside of 'hyperalert' tag", __FILE__, __LINE__ ); else xmlFlags[inPostTag] = true; } else if ( !strcasecmp ((const char*) tagname, "desc" )) {} else { - _dpd.fatalMsg ( "AIPreproc: Unrecognized tag '%s' in XML file '%s'\n", tagname, hyperalert_file ); + AI_fatal_err ( "Unrecognized tag in XML correlation rules", __FILE__, __LINE__ ); } } else if ( xmlTextReaderNodeType ( xml ) == XML_READER_TYPE_END_ELEMENT ) { if ( !strcasecmp ((const char*) tagname, "hyperalert" )) { if ( !xmlFlags[inHyperAlert] ) - _dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': hyperalert tag closed but never opend\n", hyperalert_file ); + AI_fatal_err ( "Error in XML correlation rules: hyperalert tag closed but never opend", __FILE__, __LINE__ ); else xmlFlags[inHyperAlert] = false; } else if ( !strcasecmp ((const char*) tagname, "snort-id" )) { if ( !xmlFlags[inSnortIdTag] ) - _dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': snort-id tag closed but never opend\n", hyperalert_file ); + AI_fatal_err ( "Error in XML correlation rules: snort-id tag closed but never opend", __FILE__, __LINE__ ); else xmlFlags[inSnortIdTag] = false; } else if ( !strcasecmp ((const char*) tagname, "pre" )) { if ( !xmlFlags[inPreTag] ) - _dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': pre tag closed but never opend\n", hyperalert_file ); + AI_fatal_err ( "Error in XML correlation rules: pre tag closed but never opend", __FILE__, __LINE__ ); else xmlFlags[inPreTag] = false; } else if ( !strcasecmp ((const char*) tagname, "post" )) { if ( !xmlFlags[inPostTag] ) - _dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': post tag closed but never opend\n", hyperalert_file ); + AI_fatal_err ( "Error in XML correlation rules: post tag closed but never opend", __FILE__, __LINE__ ); else xmlFlags[inPostTag] = false; } else if ( !strcasecmp ((const char*) tagname, "desc" )) {} else { - _dpd.fatalMsg ( "AIPreproc: Unrecognized tag '%s' in XML file '%s'\n", tagname, hyperalert_file ); + AI_fatal_err ( "Unrecognized tag in XML correlation rules", __FILE__, __LINE__ ); } } else if ( xmlTextReaderNodeType ( xml ) == XML_READER_TYPE_TEXT ) { if ( !( tagvalue = xmlTextReaderConstValue ( xml ))) @@ -635,14 +635,12 @@ _AI_hyperalert_from_XML ( AI_hyperalert_key key ) } } else if ( xmlFlags[inPreTag] ) { if ( !( hyp->preconds = (char**) realloc ( hyp->preconds, (++hyp->n_preconds)*sizeof(char*) ))) - _dpd.fatalMsg ( "AIPreproc: Fatal allocation memory error at %s:%d\n", - __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); hyp->preconds[hyp->n_preconds-1] = strdup ((const char*) tagvalue ); } else if ( xmlFlags[inPostTag] ) { if ( !( hyp->postconds = (char**) realloc ( hyp->postconds, (++hyp->n_postconds)*sizeof(char*) ))) - _dpd.fatalMsg ( "AIPreproc: Fatal allocation memory error at %s:%d\n", - __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); hyp->postconds[hyp->n_postconds-1] = strdup ((const char*) tagvalue ); } @@ -741,20 +739,20 @@ AI_alert_correlation_thread ( void *arg ) /* Fill the hyper alert info for the current alert */ if ( !( alert_iterator->hyperalert = ( AI_hyperalert_info* ) malloc ( sizeof ( AI_hyperalert_info )))) - _dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); alert_iterator->hyperalert->key = hyp->key; alert_iterator->hyperalert->n_preconds = hyp->n_preconds; alert_iterator->hyperalert->n_postconds = hyp->n_postconds; if ( !( alert_iterator->hyperalert->preconds = ( char** ) malloc ( alert_iterator->hyperalert->n_preconds * sizeof ( char* )))) - _dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); for ( i=0; i < alert_iterator->hyperalert->n_preconds; i++ ) alert_iterator->hyperalert->preconds[i] = strdup ( hyp->preconds[i] ); if ( !( alert_iterator->hyperalert->postconds = ( char** ) malloc ( alert_iterator->hyperalert->n_postconds * sizeof ( char* )))) - _dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); for ( i=0; i < alert_iterator->hyperalert->n_postconds; i++ ) alert_iterator->hyperalert->postconds[i] = strdup ( hyp->postconds[i] ); @@ -775,7 +773,7 @@ AI_alert_correlation_thread ( void *arg ) alert_iterator->rev == alert_iterator2->rev )) { if ( !( corr = ( AI_alert_correlation* ) malloc ( sizeof ( AI_alert_correlation )))) - _dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); corr_key.a = alert_iterator; corr_key.b = alert_iterator2; @@ -823,14 +821,14 @@ AI_alert_correlation_thread ( void *arg ) { if ( mkdir ( config->corr_alerts_dir, 0755 ) < 0 ) { - _dpd.fatalMsg ( "AIPreproc: Unable to create directory '%s'\n", config->corr_alerts_dir ); + AI_fatal_err ( "Unable to create directory the correlated alerts directory", __FILE__, __LINE__ ); } } else if ( !S_ISDIR ( st.st_mode )) { - _dpd.fatalMsg ( "AIPreproc: '%s' found but it's not a directory\n", config->corr_alerts_dir ); + AI_fatal_err ( "The specified directory for correlated alerts is not a directory", __FILE__, __LINE__ ); } if ( !( fp = fopen ( corr_dot_file, "w" ))) - _dpd.fatalMsg ( "AIPreproc: Could not write on file '%s'\n", corr_dot_file ); + AI_fatal_err ( "Could not write on the correlated alerts .dot file", __FILE__, __LINE__ ); fprintf ( fp, "digraph G {\n" ); /* Find correlated alerts */ @@ -844,10 +842,10 @@ AI_alert_correlation_thread ( void *arg ) corr->key.a->rev == corr->key.b->rev )) { if ( !( corr->key.a->derived_alerts = ( AI_snort_alert** ) realloc ( corr->key.a->derived_alerts, (++corr->key.a->n_derived_alerts) * sizeof ( AI_snort_alert* )))) - _dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); if ( !( corr->key.b->parent_alerts = ( AI_snort_alert** ) realloc ( corr->key.b->parent_alerts, (++corr->key.b->n_parent_alerts) * sizeof ( AI_snort_alert* )))) - _dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); corr->key.a->derived_alerts[ corr->key.a->n_derived_alerts - 1 ] = corr->key.b; corr->key.b->parent_alerts [ corr->key.b->n_parent_alerts - 1 ] = corr->key.a; @@ -857,12 +855,12 @@ AI_alert_correlation_thread ( void *arg ) { if ( pthread_create ( &db_thread, NULL, AI_store_correlation_to_db_thread, corr ) != 0 ) { - _dpd.fatalMsg ( "AIPreproc: Failed to create the correlation-to-database storing thread: %s\n", strerror ( errno )); + AI_fatal_err ( "Failed to create the correlation-to-database storing thread", __FILE__, __LINE__ ); } if ( pthread_join ( db_thread, NULL ) != 0 ) { - _dpd.fatalMsg ( "AIPreproc: Failed to join the correlation-to-database storing thread: %s\n", strerror ( errno )); + AI_fatal_err ( "Failed to join the correlation-to-database storing thread", __FILE__, __LINE__ ); } } } diff --git a/db.c b/db.c index 102dfac..97026b0 100644 --- a/db.c +++ b/db.c @@ -60,20 +60,19 @@ AI_db_alertparser_thread ( void *arg ) if ( !DB_init() ) { - _dpd.fatalMsg ( "AIPreproc: Unable to connect to the database '%s' @ '%s'\n", - config->dbname, config->dbhost ); + AI_fatal_err ( "Unable to connect to the database specified in module configuration", __FILE__, __LINE__ ); } /* Initialize the pool of alerts to be passed to the serialization thread */ if ( !( alerts_pool = ( AI_snort_alert** ) malloc ( config->alert_bufsize * sizeof ( AI_snort_alert* )))) - _dpd.fatalMsg ( "Dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); for ( i=0; i < config->alert_bufsize; i++ ) alerts_pool[i] = NULL; /* Initialize the thread for managing the serialization of alerts' pool */ if ( pthread_create ( &alerts_pool_thread, NULL, AI_alerts_pool_thread, NULL ) != 0 ) - _dpd.fatalMsg ( "Failed to create the alerts' pool management thread\n" ); + AI_fatal_err ( "Failed to create the alerts' pool management thread", __FILE__, __LINE__ ); while ( 1 ) { @@ -87,14 +86,13 @@ AI_db_alertparser_thread ( void *arg ) if ( !( res = (DB_result) DB_query ( query ))) { DB_close(); - _dpd.fatalMsg ( "AIPreproc: Fatal error while executing a query on the database " - "at %s:%d: '%s'\n", __FILE__, __LINE__, query ); + AI_fatal_err ( "Fatal error while executing a query on the database", __FILE__, __LINE__ ); } if (( rows = DB_num_rows ( res )) < 0 ) { DB_close(); - _dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Could not store the query result", __FILE__, __LINE__ ); } else if ( rows == 0 ) { pthread_mutex_unlock ( &mutex ); continue; @@ -104,7 +102,7 @@ AI_db_alertparser_thread ( void *arg ) { if ( !( alert = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) )) { - _dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); } memset ( alert, 0, sizeof ( AI_snort_alert )); @@ -119,13 +117,12 @@ AI_db_alertparser_thread ( void *arg ) if ( !( res2 = (DB_result) DB_query ( query ))) { DB_close(); - _dpd.fatalMsg ( "AIPreproc: Fatal error while executing a query on the database " - "at %s:%d: '%s'\n", __FILE__, __LINE__, query ); + AI_fatal_err ( "Fatal error while executing a query on the database", __FILE__, __LINE__ ); } if (( rows = DB_num_rows ( res2 )) < 0 ) { DB_close(); - _dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Could not store the query result", __FILE__, __LINE__ ); } else if ( rows > 0 ) { if (( row2 = (DB_row) DB_fetch_row ( res2 ))) { @@ -147,13 +144,12 @@ AI_db_alertparser_thread ( void *arg ) if ( !( res2 = (DB_result) DB_query ( query ))) { DB_close(); - _dpd.fatalMsg ( "AIPreproc: Fatal error while executing a query on the database " - "at %s:%d: '%s'\n", __FILE__, __LINE__, query ); + AI_fatal_err ( "Fatal error while executing a query on the database", __FILE__, __LINE__ ); } if (( rows = DB_num_rows ( res2 )) < 0 ) { DB_close(); - _dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Could not store the query result", __FILE__, __LINE__ ); } else if ( rows > 0 ) { if (( row2 = DB_fetch_row ( res2 ))) { @@ -177,13 +173,12 @@ AI_db_alertparser_thread ( void *arg ) if ( !( res2 = (DB_result) DB_query ( query ))) { DB_close(); - _dpd.fatalMsg ( "AIPreproc: Fatal error while executing a query on the database " - "at %s:%d: '%s'\n", __FILE__, __LINE__, query ); + AI_fatal_err ( "Fatal error while executing a query on the database", __FILE__, __LINE__ ); } if (( rows = DB_num_rows ( res2 )) < 0 ) { DB_close(); - _dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Could not store the query result", __FILE__, __LINE__ ); } else if ( rows > 0 ) { if (( row2 = DB_fetch_row ( res2 ))) { @@ -227,7 +222,7 @@ AI_db_alertparser_thread ( void *arg ) latest_time = time ( NULL ); if ( pthread_create ( &serializer_thread, NULL, AI_serializer_thread, alert ) != 0 ) - _dpd.fatalMsg ( "Failed to create the alerts' serializer thread\n" ); + AI_fatal_err ( "Failed to create the alerts' serializer thread", __FILE__, __LINE__ ); } DB_close(); @@ -257,7 +252,7 @@ _AI_db_copy_alerts ( AI_snort_alert *node ) if ( !( current = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) )) { - _dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); } memcpy ( current, node, sizeof ( AI_snort_alert )); diff --git a/outdb.c b/outdb.c index 4530b85..d5f28a1 100644 --- a/outdb.c +++ b/outdb.c @@ -89,7 +89,7 @@ AI_store_alert_to_db_thread ( void *arg ) pthread_mutex_lock ( &mutex ); if ( !DB_out_init() ) - _dpd.fatalMsg ( "AIPreproc: Unable to connect to output database '%s'\n", config->outdbname ); + AI_fatal_err ( "Unable to connect to the specified output database", __FILE__, __LINE__ ); inet_ntop ( AF_INET, &(alert->ip_src_addr), srcip, INET_ADDRSTRLEN ); inet_ntop ( AF_INET, &(alert->ip_dst_addr), dstip, INET_ADDRSTRLEN ); @@ -210,7 +210,7 @@ AI_store_alert_to_db_thread ( void *arg ) pkt_size_offset = 0; if ( !( pkt_data = (unsigned char*) alloca ( 2 * (pkt->pkt->pcap_header->len + pkt->pkt->payload_size) + 1 ))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic allocation memory at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); DB_out_escape_string ( &pkt_data, pkt->pkt->pkt_data, @@ -273,7 +273,7 @@ AI_store_cluster_to_db_thread ( void *arg ) /* Initialize the database (it just does nothing if it is already initialized) */ if ( !DB_out_init() ) - _dpd.fatalMsg ( "AIPreproc: Unable to connect to output database '%s'\n", config->outdbname ); + AI_fatal_err ( "Unable to connect to the specified output database", __FILE__, __LINE__ ); /* If one of the two alerts has no alert_id, simply return */ if ( !alerts_couple->alert1->alert_id || !alerts_couple->alert2->alert_id ) @@ -334,7 +334,7 @@ AI_store_cluster_to_db_thread ( void *arg ) if ( cluster1 != 0 && cluster2 != 0 && cluster1 == cluster2 ) { if ( !( found = ( AI_couples_cache* ) malloc ( sizeof ( AI_couples_cache )))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic allocation memory at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); found->alerts_couple = alerts_couple; found->cluster_id = cluster1; @@ -417,7 +417,7 @@ AI_store_cluster_to_db_thread ( void *arg ) /* Add the couple to the cache */ if ( !( found = ( AI_couples_cache* ) malloc ( sizeof ( AI_couples_cache )))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic allocation memory at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); found->alerts_couple = alerts_couple; found->cluster_id = cluster1; @@ -444,7 +444,7 @@ AI_store_correlation_to_db_thread ( void *arg ) /* Initialize the database (it just does nothing if it is already initialized) */ if ( !DB_out_init() ) - _dpd.fatalMsg ( "AIPreproc: Unable to connect to output database '%s'\n", config->outdbname ); + AI_fatal_err ( "Unable to connect to the specified output database", __FILE__, __LINE__ ); memset ( query, 0, sizeof ( query )); snprintf ( query, sizeof ( query ), diff --git a/postgresql.c b/postgresql.c index f788384..4c81f53 100644 --- a/postgresql.c +++ b/postgresql.c @@ -62,7 +62,7 @@ __postgresql_do_init ( PGconn **__DB, BOOL is_out ) return (void*) *__DB; if ( !( conninfo = (char*) alloca ( conninfo_max_length ))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); memset ( conninfo, 0, conninfo_max_length ); @@ -104,7 +104,7 @@ __postgresql_do_query ( PGconn *__DB, const char *query ) PSQL_result *res = NULL; if ( !( res = (PSQL_result*) malloc ( sizeof ( PSQL_result )))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); if ( PQresultStatus ( res->res = PQexec( __DB, query )) != PGRES_TUPLES_OK ) { @@ -117,14 +117,14 @@ __postgresql_do_query ( PGconn *__DB, const char *query ) res->rows = NULL; if ( !( res->rows = ( char*** ) malloc ( ntuples * sizeof ( char** )))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); for ( i=0; i < ntuples; i++ ) { nfields = PQnfields ( res->res ); if ( !( res->rows[i] = ( char** ) malloc ( nfields * sizeof ( char* )))) - _dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); for ( j=0; j < nfields; j++ ) { diff --git a/spp_ai.c b/spp_ai.c index 559a4f6..94cf723 100644 --- a/spp_ai.c +++ b/spp_ai.c @@ -19,10 +19,12 @@ #include "spp_ai.h" #include "sfPolicyUserData.h" +#include "sf_preproc_info.h" #include #include #include +#include /** \defgroup spp_ai Main file for spp_ai module * @{ */ @@ -48,6 +50,21 @@ static void AI_reloadSwapFree(void *); #endif +/** + * \brief Function called when the module experiences a fatal error + * \param msg Error message + * \param file File where the error occurred + * \param line Line number where the error occurred + */ + +void +AI_fatal_err ( const char *msg, const char *file, const int line ) +{ + _dpd.fatalMsg ( "%s: %s at %s:%d (%s)\n", + PREPROC_NAME, msg, file, line, + ((errno != 0) ? strerror(errno) : "")); +} /* ----- end of function AI_fatal_err ----- */ + /** * \brief Set up the preprocessor module */ @@ -84,7 +101,7 @@ static void AI_init(char *args) { ex_config = sfPolicyConfigCreate(); if (ex_config == NULL) - _dpd.fatalMsg ("Could not allocate configuration struct.\n"); + AI_fatal_err ("Could not allocate configuration struct", __FILE__, __LINE__); } config = AI_parse(args); @@ -97,7 +114,7 @@ static void AI_init(char *args) { if ( pthread_create ( &cleanup_thread, NULL, AI_hashcleanup_thread, config ) != 0 ) { - _dpd.fatalMsg ( "Failed to create the hash cleanup thread\n" ); + AI_fatal_err ( "Failed to create the hash cleanup thread", __FILE__, __LINE__ ); } } @@ -107,7 +124,7 @@ static void AI_init(char *args) { if ( pthread_create ( &correlation_thread, NULL, AI_alert_correlation_thread, config ) != 0 ) { - _dpd.fatalMsg ( "Failed to create the alert correlation thread\n" ); + AI_fatal_err ( "Failed to create the alert correlation thread", __FILE__, __LINE__ ); } } @@ -115,7 +132,7 @@ static void AI_init(char *args) { if ( pthread_create ( &logparse_thread, NULL, alertparser_thread, config ) != 0 ) { - _dpd.fatalMsg ( "Failed to create the alert parser thread\n" ); + AI_fatal_err ( "Failed to create the alert parser thread", __FILE__, __LINE__ ); } } @@ -187,7 +204,7 @@ static AI_config * AI_parse(char *args) has_alert_history_file = false; if ( !( config = ( AI_config* ) malloc ( sizeof( AI_config )) )) - _dpd.fatalMsg("Could not allocate configuration struct.\n"); + AI_fatal_err( "Could not allocate configuration struct", __FILE__, __LINE__ ); memset ( config, 0, sizeof ( AI_config )); /* Parsing the hashtable_cleanup_interval option */ @@ -201,8 +218,8 @@ static AI_config * AI_parse(char *args) if ( !(*arg) ) { - _dpd.fatalMsg("AIPreproc: hashtable_cleanup_interval option used but " - "no value specified\n"); + AI_fatal_err ( "Hashtable_cleanup_interval option used but " + "no value specified", __FILE__, __LINE__ ); } cleanup_interval = strtoul(arg, NULL, 10); @@ -221,8 +238,8 @@ static AI_config * AI_parse(char *args) if ( !(*arg) ) { - _dpd.fatalMsg("AIPreproc: tcp_stream_expire_interval option used but " - "no value specified\n"); + AI_fatal_err( "tcp_stream_expire_interval option used but " + "no value specified", __FILE__, __LINE__ ); } stream_expire_interval = strtoul(arg, NULL, 10); @@ -239,8 +256,8 @@ static AI_config * AI_parse(char *args) if ( !(*arg) ) { - _dpd.fatalMsg("AIPreproc: alert_clustering_interval option used but " - "no value specified\n"); + AI_fatal_err ( "alert_clustering_interval option used but " + "no value specified", __FILE__, __LINE__ ); } alert_clustering_interval = strtoul(arg, NULL, 10); @@ -259,8 +276,8 @@ static AI_config * AI_parse(char *args) if ( !(*arg) ) { - _dpd.fatalMsg("AIPreproc: database_parsing_interval option used but " - "no value specified\n"); + AI_fatal_err ( "database_parsing_interval option used but " + "no value specified", __FILE__, __LINE__ ); } database_parsing_interval = strtoul(arg, NULL, 10); @@ -279,8 +296,8 @@ static AI_config * AI_parse(char *args) if ( !(*arg) ) { - _dpd.fatalMsg("AIPreproc: correlation_graph_interval option used but " - "no value specified\n"); + AI_fatal_err ( "correlation_graph_interval option used but " + "no value specified", __FILE__, __LINE__ ); } correlation_graph_interval = strtoul(arg, NULL, 10); @@ -297,8 +314,8 @@ static AI_config * AI_parse(char *args) if ( !(*arg) ) { - _dpd.fatalMsg("AIPreproc: alert_serialization_interval option used but " - "no value specified\n"); + AI_fatal_err ( "alert_serialization_interval option used but " + "no value specified", __FILE__, __LINE__ ); } alert_serialization_interval = strtoul(arg, NULL, 10); @@ -315,8 +332,8 @@ static AI_config * AI_parse(char *args) if ( !(*arg) ) { - _dpd.fatalMsg("AIPreproc: alert_bufsize option used but " - "no value specified\n"); + AI_fatal_err( "alert_bufsize option used but " + "no value specified", __FILE__, __LINE__ ); } alert_bufsize = strtoul(arg, NULL, 10); @@ -335,8 +352,8 @@ static AI_config * AI_parse(char *args) if ( !(*arg) ) { - _dpd.fatalMsg("AIPreproc: correlation_threshold_coefficient option used but " - "no value specified\n"); + AI_fatal_err( "correlation_threshold_coefficient option used but " + "no value specified", __FILE__, __LINE__ ); } corr_threshold_coefficient = strtod ( arg, NULL ); @@ -354,8 +371,8 @@ static AI_config * AI_parse(char *args) if ( !(*arg) ) { - _dpd.fatalMsg("AIPreproc: bayesian_correlation_interval option used but " - "no value specified\n"); + AI_fatal_err ( "bayesian_correlation_interval option used but " + "no value specified", __FILE__, __LINE__ ); } bayesian_correlation_interval = strtoul ( arg, NULL, 10 ); @@ -376,8 +393,8 @@ static AI_config * AI_parse(char *args) if ( !(*arg) ) { - _dpd.fatalMsg("AIPreproc: bayesian_correlation_cache_validity option used but " - "no value specified\n"); + AI_fatal_err ( "bayesian_correlation_cache_validity option used but " + "no value specified", __FILE__, __LINE__ ); } bayesian_correlation_cache_validity = strtoul ( arg, NULL, 10 ); @@ -399,8 +416,8 @@ static AI_config * AI_parse(char *args) if ( !(*arg) ) { - _dpd.fatalMsg("AIPreproc: cluster_max_alert_interval option used but " - "no value specified\n"); + AI_fatal_err ( "cluster_max_alert_interval option used but " + "no value specified", __FILE__, __LINE__ ); } cluster_max_alert_interval = strtoul ( arg, NULL, 10 ); @@ -420,7 +437,7 @@ static AI_config * AI_parse(char *args) if ( !(*(arg++)) ) { - _dpd.fatalMsg("AIPreproc: alertfile option used but no filename specified\n"); + AI_fatal_err ( "alertfile option used but no filename specified", __FILE__, __LINE__ ); } for ( alertfile[ (++alertfile_len)-1 ] = *arg; @@ -431,7 +448,7 @@ static AI_config * AI_parse(char *args) has_alertfile = false; } else { if ( alertfile_len >= 1024 ) { - _dpd.fatalMsg("AIPreproc: alertfile path too long ( >= 1024 )\n"); + AI_fatal_err ( "alertfile path too long ( >= 1024 )", __FILE__, __LINE__ ); } else if ( strlen( alertfile ) == 0 ) { has_alertfile = false; } else { @@ -453,7 +470,7 @@ static AI_config * AI_parse(char *args) if ( !(*(arg++)) ) { - _dpd.fatalMsg("AIPreproc: alert_history_file option used but no filename specified\n"); + AI_fatal_err ( "alert_history_file option used but no filename specified", __FILE__, __LINE__ ); } for ( alert_history_file[ (++alert_history_file_len)-1 ] = *arg; @@ -464,7 +481,7 @@ static AI_config * AI_parse(char *args) has_alert_history_file = false; } else { if ( alert_history_file_len >= 1024 ) { - _dpd.fatalMsg("AIPreproc: alert_history_file path too long ( >= 1024 )\n"); + AI_fatal_err ( "alert_history_file path too long ( >= 1024 )", __FILE__, __LINE__ ); } else if ( strlen( alert_history_file ) == 0 ) { has_alert_history_file = false; } else { @@ -485,7 +502,7 @@ static AI_config * AI_parse(char *args) if ( !(*(arg++)) ) { - _dpd.fatalMsg("AIPreproc: clusterfile option used but no filename specified\n"); + AI_fatal_err ( "clusterfile option used but no filename specified", __FILE__, __LINE__ ); } for ( clusterfile[ (++clusterfile_len)-1 ] = *arg; @@ -496,7 +513,7 @@ static AI_config * AI_parse(char *args) has_clusterfile = false; } else { if ( clusterfile_len >= 1024 ) { - _dpd.fatalMsg("AIPreproc: clusterfile path too long ( >= 1024 )\n"); + AI_fatal_err ( "clusterfile path too long ( >= 1024 )", __FILE__, __LINE__ ); } else if ( strlen( clusterfile ) == 0 ) { has_clusterfile = false; } else { @@ -517,7 +534,7 @@ static AI_config * AI_parse(char *args) if ( !(*(arg++)) ) { - _dpd.fatalMsg("AIPreproc: correlation_rules_dir option used but no filename specified\n"); + AI_fatal_err ( "correlation_rules_dir option used but no filename specified", __FILE__, __LINE__ ); } for ( corr_rules_dir[ (++corr_rules_dir_len)-1 ] = *arg; @@ -528,7 +545,7 @@ static AI_config * AI_parse(char *args) has_corr_rules_dir = false; } else { if ( corr_rules_dir_len >= 1024 ) { - _dpd.fatalMsg("AIPreproc: corr_rules_dir path too long ( >= 1024 )\n"); + AI_fatal_err ( "corr_rules_dir path too long ( >= 1024 )", __FILE__, __LINE__ ); } else if ( strlen( corr_rules_dir ) == 0 ) { has_corr_rules_dir = false; } else { @@ -549,7 +566,7 @@ static AI_config * AI_parse(char *args) if ( !(*(arg++)) ) { - _dpd.fatalMsg("AIPreproc: correlated_alerts_dir option used but no filename specified\n"); + AI_fatal_err ( "correlated_alerts_dir option used but no filename specified", __FILE__, __LINE__ ); } for ( corr_alerts_dir[ (++corr_alerts_dir_len)-1 ] = *arg; @@ -560,7 +577,7 @@ static AI_config * AI_parse(char *args) has_corr_alerts_dir = false; } else { if ( corr_alerts_dir_len >= 1024 ) { - _dpd.fatalMsg("AIPreproc: correlated_alerts_dir path too long ( >= 1024 )\n"); + AI_fatal_err ( "correlated_alerts_dir path too long ( >= 1024 )", __FILE__, __LINE__ ); } else if ( strlen( corr_alerts_dir ) == 0 ) { has_corr_alerts_dir = false; } else { @@ -590,7 +607,7 @@ static AI_config * AI_parse(char *args) { if ( strcasecmp ( matches[0], "mysql" ) && strcasecmp ( matches[0], "postgresql" )) { - _dpd.fatalMsg ( "AIPreproc: Not supported database '%s' (supported types: mysql, postgresql)\n", matches[0] ); + AI_fatal_err ( "Not supported database type in configuration (supported types: mysql, postgresql)", __FILE__, __LINE__ ); } for ( i=0; i < nmatches; i++ ) @@ -648,7 +665,7 @@ static AI_config * AI_parse(char *args) if ( !strlen ( config->dbhost ) || !strlen ( config->dbname ) || !strlen ( config->dbpass ) || !strlen ( config->dbuser )) { - _dpd.fatalMsg ( "AIPreproc: Database option used in config, but missing configuration option (all 'host', 'type', 'name', 'user', and 'password' option must be used)\n" ); + AI_fatal_err ( "Database option used in config, but missing configuration option (all 'host', 'type', 'name', 'user', and 'password' option must be used)", __FILE__, __LINE__ ); } _dpd.logMsg(" Reading alerts from the database %s\n", config->dbname ); @@ -675,18 +692,18 @@ static AI_config * AI_parse(char *args) if ( !strcasecmp ( matches[0], "mysql" )) { #ifndef HAVE_LIBMYSQLCLIENT - _dpd.fatalMsg ( "AIPreproc: mysql output set in 'output_database' option but the module was not compiled through --with-mysql option\n" ); + AI_fatal_err ( "mysql output set in 'output_database' option but the module was not compiled through --with-mysql option", __FILE__, __LINE__ ); #else config->outdbtype = outdb_mysql; #endif } else if ( !strcasecmp ( matches[0], "postgresql" )) { #ifndef HAVE_LIBPQ - _dpd.fatalMsg ( "AIPreproc: postgresql output set in 'output_database' option but the module was not compiled through --with-postgresql option\n" ); + AI_fatal_err ( "postgresql output set in 'output_database' option but the module was not compiled through --with-postgresql option", __FILE__, __LINE__ ); #else config->outdbtype = outdb_postgresql; #endif } else { - _dpd.fatalMsg ( "AIPreproc: Not supported database '%s' (supported types: mysql, postgresql)\n", matches[0] ); + AI_fatal_err ( "Not supported database in configuration (supported types: mysql, postgresql)", __FILE__, __LINE__ ); } for ( i=0; i < nmatches; i++ ) @@ -744,7 +761,7 @@ static AI_config * AI_parse(char *args) if ( !strlen ( config->outdbhost ) || !strlen ( config->outdbname ) || !strlen ( config->outdbpass ) || !strlen ( config->outdbuser )) { - _dpd.fatalMsg ( "AIPreproc: Output database option used in config, but missing configuration option (all 'host', 'type', 'name', 'user', and 'password' options must be used)\n" ); + AI_fatal_err ( "Output database option used in config, but missing configuration option (all 'host', 'type', 'name', 'user', and 'password' options must be used)", __FILE__, __LINE__ ); } AI_outdb_mutex_initialize(); @@ -784,7 +801,7 @@ static AI_config * AI_parse(char *args) else if ( !strcasecmp ( matches[0], "dst_addr" )) type = dst_addr; else - _dpd.fatalMsg ( "AIPreproc: Unknown class type in configuration: '%s'\n", matches[0] ); + AI_fatal_err ( "Unknown class type in configuration", __FILE__, __LINE__ ); for ( i=0; i < nmatches; i++ ) free ( matches[i] ); @@ -796,8 +813,7 @@ static AI_config * AI_parse(char *args) if ( preg_match ( "name\\s*=\\s*\"([^\"]+)\"", match, &matches, &nmatches ) > 0 ) { if ( strlen( matches[0] ) > sizeof(label) ) - _dpd.fatalMsg ( "AIPreproc: Label name too long in configuration: '%s' (maximum allowed length: %d)\n", - matches[0], sizeof(label) ); + AI_fatal_err ( "Label name too long in configuration", __FILE__, __LINE__ ); strncpy ( label, matches[0], sizeof(label) ); @@ -829,7 +845,7 @@ static AI_config * AI_parse(char *args) if ( min_val > max_val ) { - _dpd.fatalMsg ( "AIPreproc: Parse error in configuration: '%s', minval > maxval\n", arg ); + AI_fatal_err ( "Parse error in configuration: minval > maxval", __FILE__, __LINE__ ); } for ( i=0; i < nmatches; i++ ) @@ -847,7 +863,7 @@ static AI_config * AI_parse(char *args) free ( matches ); matches = NULL; } else { - _dpd.fatalMsg ( "AIPreproc: Unallowed format for a port range in configuration file: '%s'\n", arg ); + AI_fatal_err ( "Unallowed format for a port range in configuration file", __FILE__, __LINE__ ); } break; @@ -858,7 +874,7 @@ static AI_config * AI_parse(char *args) { if (( min_val = inet_addr ( matches[0] )) == INADDR_NONE ) { - _dpd.fatalMsg ( "AIPreproc: Unallowed IPv4 format in configuration: '%s'\n", matches[0] ); + AI_fatal_err ( "Unallowed IPv4 format in configuration", __FILE__, __LINE__ ); for ( i=0; i < nmatches; i++ ) free ( matches[i] ); @@ -877,7 +893,7 @@ static AI_config * AI_parse(char *args) if ( netmask > 32 ) { - _dpd.fatalMsg ( "AIPreproc: The netmask number of bits should be in [0,32] in '%s'\n", arg ); + AI_fatal_err ( "The netmask number of bits should be in [0,32] in configuration file", __FILE__, __LINE__ ); } netmask = 1 << (( 8*sizeof ( uint32_t )) - netmask ); @@ -886,7 +902,7 @@ static AI_config * AI_parse(char *args) } else if ( preg_match ( "^([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})$", arg, &matches, &nmatches ) > 0 ) { if (( min_val = inet_addr ( matches[0] )) == INADDR_NONE ) { - _dpd.fatalMsg ( "AIPreproc: Unallowed IPv4 format in configuration: '%s'\n", matches[0] ); + AI_fatal_err ( "Unallowed IPv4 format in configuration", __FILE__, __LINE__ ); for ( i=0; i < nmatches; i++ ) free ( matches[i] ); @@ -904,7 +920,7 @@ static AI_config * AI_parse(char *args) min_val = ntohl ( min_val ); max_val = min_val; } else { - _dpd.fatalMsg ( "AIPreproc: Invalid value for an IP address or a subnet in configuration: '%s'\n", arg ); + AI_fatal_err ( "Invalid value for an IP address or a subnet in configuration", __FILE__, __LINE__ ); } break; @@ -935,21 +951,21 @@ static AI_config * AI_parse(char *args) if ( min_val == -1 || max_val == -1 || type == none || strlen ( label ) == 0 ) { - _dpd.fatalMsg ( "AIPreproc: Invalid cluster in configuration: '%s'\nAll of the following fields are required: class, range, name\n", match ); + AI_fatal_err ( "Invalid cluster in configuration\nAll of the following fields are required: class, range, name", __FILE__, __LINE__ ); free ( match ); match = NULL; } if ( !( hierarchy_nodes = ( hierarchy_node** ) realloc ( hierarchy_nodes, (++n_hierarchy_nodes) * sizeof(hierarchy_node) )) ) { - _dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation failure", __FILE__, __LINE__ ); free ( match ); match = NULL; } if ( !( hierarchy_nodes[ n_hierarchy_nodes - 1 ] = ( hierarchy_node* ) malloc ( sizeof(hierarchy_node) ) )) { - _dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); + AI_fatal_err ( "Fatal dynamic memory allocation failure", __FILE__, __LINE__ ); free ( match ); match = NULL; } @@ -1000,8 +1016,8 @@ static AI_config * AI_parse(char *args) #ifdef HAVE_DB alertparser_thread = AI_db_alertparser_thread; #else - _dpd.fatalMsg ( "AIPreproc: database logging enabled in config file, but the module was not compiled " - "with database support (recompile, i.e., with ./configure --with-mysql or --with-postgresql)\n" ); + AI_fatal_err ( "Database logging enabled in config file, but the module was not compiled " + "with database support (recompile, i.e., with ./configure --with-mysql or --with-postgresql)", __FILE__, __LINE__ ); #endif } else if ( has_alertfile ) { alertparser_thread = AI_file_alertparser_thread; @@ -1017,7 +1033,7 @@ static AI_config * AI_parse(char *args) { if ( ! hierarchy_nodes ) { - _dpd.fatalMsg ( "AIPreproc: cluster file specified in the configuration but no clusters were specified\n" ); + AI_fatal_err ( "Cluster file specified in the configuration but no clusters were specified", __FILE__, __LINE__ ); } if ( ! has_clusterfile ) @@ -1036,7 +1052,7 @@ static AI_config * AI_parse(char *args) if ( ! has_corr_rules_dir ) { #ifndef HAVE_CONFIG_H - _dpd.fatalMsg ( "AIPreproc: unable to read PREFIX from config.h\n" ); + AI_fatal_err ( "Unable to read PREFIX from config.h", __FILE__, __LINE__ ); #endif if ( !strcmp ( PREFIX, "/usr" ) || !strcmp ( PREFIX, "/usr/" )) @@ -1071,7 +1087,7 @@ static AI_config * AI_parse(char *args) #ifdef HAVE_DB get_alerts = AI_db_get_alerts; #else - _dpd.fatalMsg ( "AIPreproc: Using database alert log, but the module was not compiled with database support\n" ); + AI_fatal_err ( "Using database alert log, but the module was not compiled with database support", __FILE__, __LINE__ ); #endif } else { get_alerts = AI_get_alerts; @@ -1119,7 +1135,7 @@ static void AI_reload(char *args) { ex_swap_config = sfPolicyConfigCreate(); if (ex_swap_config == NULL) - _dpd.fatalMsg("Could not allocate configuration struct.\n"); + AI_fatal_err ( "Could not allocate configuration struct", __FILE__, __LINE__ ); } config = AI_parse(args); diff --git a/spp_ai.h b/spp_ai.h index da639e5..6d701eb 100644 --- a/spp_ai.h +++ b/spp_ai.h @@ -392,6 +392,7 @@ int preg_match ( const char*, char*, char***, int* ); char* str_replace ( char*, char*, char *); char* str_replace_all ( char*, char*, char* ); +void AI_fatal_err ( const char *msg, const char *file, const int line ); void* AI_hashcleanup_thread ( void* ); void* AI_file_alertparser_thread ( void* ); void* AI_alert_correlation_thread ( void* ); diff --git a/stream.c b/stream.c index 06247ac..6536f57 100644 --- a/stream.c +++ b/stream.c @@ -167,9 +167,7 @@ AI_pkt_enqueue ( SFSnortPacket* pkt ) return; if ( !( info = (struct pkt_info*) malloc( sizeof(struct pkt_info) )) ) - { - _dpd.fatalMsg ( "\nDynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); - } + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); memset ( &key, 0, sizeof(struct pkt_key)); key.src_ip = pkt->ip4_header->source.s_addr; @@ -181,9 +179,7 @@ AI_pkt_enqueue ( SFSnortPacket* pkt ) info->next = NULL; if ( !( info->pkt = (SFSnortPacket*) malloc ( sizeof (SFSnortPacket) )) ) - { - _dpd.fatalMsg ( "\nDynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); - } + AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ ); memcpy ( info->pkt, pkt, sizeof (SFSnortPacket) );