Uniformed error messages format

This commit is contained in:
BlackLight 2010-10-03 04:18:43 +02:00
parent 7bbcb865af
commit 0b1862356c
13 changed files with 175 additions and 169 deletions

View file

@ -4,7 +4,7 @@ AUTOMAKE_OPTIONS=foreign no-dependencies
libdir = ${exec_prefix}/lib/snort_dynamicpreprocessor libdir = ${exec_prefix}/lib/snort_dynamicpreprocessor
lib_LTLIBRARIES = libsf_ai_preproc.la lib_LTLIBRARIES = libsf_ai_preproc.la
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -fstack-protector libsf_ai_preproc_la_CFLAGS = -I./uthash -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -std=c99 -fstack-protector
libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic
BUILT_SOURCES = \ BUILT_SOURCES = \

View file

@ -240,7 +240,7 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@ top_srcdir = @top_srcdir@
AUTOMAKE_OPTIONS = foreign no-dependencies AUTOMAKE_OPTIONS = foreign no-dependencies
lib_LTLIBRARIES = libsf_ai_preproc.la lib_LTLIBRARIES = libsf_ai_preproc.la
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -fstack-protector libsf_ai_preproc_la_CFLAGS = -I./uthash -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -std=c99 -fstack-protector
libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic
BUILT_SOURCES = \ BUILT_SOURCES = \
include/sf_dynamic_preproc_lib.c \ include/sf_dynamic_preproc_lib.c \

View file

@ -82,15 +82,15 @@ AI_deserialize_alerts ()
return NULL; return NULL;
if ( ! S_ISREG ( st.st_mode )) if ( ! S_ISREG ( st.st_mode ))
_dpd.fatalMsg ( "AIPreproc: '%s' is not a regular file\n", config->alert_history_file ); AI_fatal_err ( "The specified alert history file is not a regular file", __FILE__, __LINE__ );
if ( !( fp = fopen ( config->alert_history_file, "r" ))) if ( !( fp = fopen ( config->alert_history_file, "r" )))
_dpd.fatalMsg ( "AIPreproc: Unable to read from the file '%s'\n", config->alert_history_file ); AI_fatal_err ( "Unable to read from the alert history file", __FILE__, __LINE__ );
AI_alerts_hash_free ( &alerts_hash ); AI_alerts_hash_free ( &alerts_hash );
if ( fread ( &lists_count, sizeof ( unsigned int ), 1, fp ) <= 0 ) if ( fread ( &lists_count, sizeof ( unsigned int ), 1, fp ) <= 0 )
_dpd.fatalMsg ( "AIPreproc: Malformed history file '%s'\n", config->alert_history_file ); AI_fatal_err ( "Malformed binary history file", __FILE__, __LINE__ );
/* Fill the hash table reading from the file */ /* Fill the hash table reading from the file */
for ( i=0; i < lists_count; i++ ) for ( i=0; i < lists_count; i++ )
@ -99,30 +99,30 @@ AI_deserialize_alerts ()
event_prev = NULL; event_prev = NULL;
if ( fread ( &items_count, sizeof ( unsigned int ), 1, fp ) <= 0 ) if ( fread ( &items_count, sizeof ( unsigned int ), 1, fp ) <= 0 )
_dpd.fatalMsg ( "AIPreproc: Malformed history file '%s'\n", config->alert_history_file ); AI_fatal_err ( "Malformed history file", __FILE__, __LINE__ );
for ( j=0; j < items_count; j++ ) for ( j=0; j < items_count; j++ )
{ {
if ( j == 0 ) if ( j == 0 )
{ {
if ( !( event_list = ( AI_alert_event* ) malloc ( sizeof ( AI_alert_event )))) if ( !( event_list = ( AI_alert_event* ) malloc ( sizeof ( AI_alert_event ))))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
memset ( event_list, 0, sizeof ( AI_alert_event )); memset ( event_list, 0, sizeof ( AI_alert_event ));
event_iterator = event_list; event_iterator = event_list;
} else { } else {
if ( !( event_iterator = ( AI_alert_event* ) malloc ( sizeof ( AI_alert_event )))) if ( !( event_iterator = ( AI_alert_event* ) malloc ( sizeof ( AI_alert_event ))))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
memset ( event_iterator, 0, sizeof ( AI_alert_event )); memset ( event_iterator, 0, sizeof ( AI_alert_event ));
} }
event_iterator->count = items_count; event_iterator->count = items_count;
if ( fread ( &( event_iterator->key ), sizeof ( event_iterator->key ), 1, fp ) <= 0 ) if ( fread ( &( event_iterator->key ), sizeof ( event_iterator->key ), 1, fp ) <= 0 )
_dpd.fatalMsg ( "AIPreproc: Malformed history file '%s'\n", config->alert_history_file ); AI_fatal_err ( "Malformed alert history file", __FILE__, __LINE__ );
if ( fread ( &( event_iterator->timestamp ), sizeof ( event_iterator->timestamp ), 1, fp ) <= 0 ) if ( fread ( &( event_iterator->timestamp ), sizeof ( event_iterator->timestamp ), 1, fp ) <= 0 )
_dpd.fatalMsg ( "AIPreproc: Malformed history file '%s'\n", config->alert_history_file ); AI_fatal_err ( "Malformed alert history file", __FILE__, __LINE__ );
if ( event_prev ) if ( event_prev )
{ {
@ -168,7 +168,7 @@ AI_serialize_alerts ( AI_snort_alert **alerts_pool, unsigned int alerts_pool_cou
for ( i=0; i < alerts_pool_count; i++ ) for ( i=0; i < alerts_pool_count; i++ )
{ {
if ( !( event = ( AI_alert_event* ) malloc ( sizeof ( AI_alert_event )))) if ( !( event = ( AI_alert_event* ) malloc ( sizeof ( AI_alert_event ))))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
memset ( event, 0, sizeof ( AI_alert_event )); memset ( event, 0, sizeof ( AI_alert_event ));
key.gid = alerts_pool[i]->gid; key.gid = alerts_pool[i]->gid;
@ -208,7 +208,7 @@ AI_serialize_alerts ( AI_snort_alert **alerts_pool, unsigned int alerts_pool_cou
hash_count = HASH_COUNT ( alerts_hash ); hash_count = HASH_COUNT ( alerts_hash );
if ( !( fp = fopen ( config->alert_history_file, "w" ))) if ( !( fp = fopen ( config->alert_history_file, "w" )))
_dpd.fatalMsg ( "AIPreproc: Unable to write on '%s'\n", config->alert_history_file ); AI_fatal_err ( "Unable to write on the alert history file", __FILE__, __LINE__ );
fwrite ( &hash_count, sizeof ( hash_count ), 1, fp ); fwrite ( &hash_count, sizeof ( hash_count ), 1, fp );
for ( event = alerts_hash; event; event = ( AI_alert_event* ) event->hh.next ) for ( event = alerts_hash; event; event = ( AI_alert_event* ) event->hh.next )

View file

@ -98,7 +98,7 @@ AI_alerts_pool_thread ( void *arg )
continue; continue;
if ( pthread_create ( &serializer_thread, NULL, AI_serializer_thread, NULL ) != 0 ) if ( pthread_create ( &serializer_thread, NULL, AI_serializer_thread, NULL ) != 0 )
_dpd.fatalMsg ( "Failed to create the alerts' serializer thread\n" ); AI_fatal_err ( "Failed to create the alerts' serializer thread", __FILE__, __LINE__ );
} }
pthread_exit ((void*) 0); pthread_exit ((void*) 0);
@ -158,28 +158,28 @@ AI_file_alertparser_thread ( void* arg )
/* Initialize the pool of alerts to be passed to the serialization thread */ /* Initialize the pool of alerts to be passed to the serialization thread */
if ( !( alerts_pool = ( AI_snort_alert** ) malloc ( config->alert_bufsize * sizeof ( AI_snort_alert* )))) if ( !( alerts_pool = ( AI_snort_alert** ) malloc ( config->alert_bufsize * sizeof ( AI_snort_alert* ))))
_dpd.fatalMsg ( "Dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
for ( i=0; i < config->alert_bufsize; i++ ) for ( i=0; i < config->alert_bufsize; i++ )
alerts_pool[i] = NULL; alerts_pool[i] = NULL;
/* Initialize the thread for managing the serialization of alerts' pool */ /* Initialize the thread for managing the serialization of alerts' pool */
if ( pthread_create ( &alerts_pool_thread, NULL, AI_alerts_pool_thread, NULL ) != 0 ) if ( pthread_create ( &alerts_pool_thread, NULL, AI_alerts_pool_thread, NULL ) != 0 )
_dpd.fatalMsg ( "Failed to create the alerts' pool management thread\n" ); AI_fatal_err ( "Failed to create the alerts' pool management thread", __FILE__, __LINE__ );
while ( 1 ) while ( 1 )
{ {
#ifdef LINUX #ifdef LINUX
if (( ifd = inotify_init() ) < 0 ) if (( ifd = inotify_init() ) < 0 )
{ {
_dpd.fatalMsg ( "Could not initialize an inotify object on the alert log file" ); AI_fatal_err ( "Could not initialize an inotify object on the alert log file", __FILE__, __LINE__ );
} }
if ( stat ( config->alertfile, &st ) < 0 ) if ( stat ( config->alertfile, &st ) < 0 )
{ {
if (( wd = inotify_add_watch ( ifd, config->alertfile, IN_CREATE )) < 0 ) if (( wd = inotify_add_watch ( ifd, config->alertfile, IN_CREATE )) < 0 )
{ {
_dpd.fatalMsg ( "Could not initialize a watch descriptor on the alert log file" ); AI_fatal_err ( "Could not initialize a watch descriptor on the alert log file", __FILE__, __LINE__ );
} }
read ( ifd, line, sizeof(line) ); read ( ifd, line, sizeof(line) );
@ -189,14 +189,14 @@ AI_file_alertparser_thread ( void* arg )
{ {
if ( ! (alert_fp = fopen ( config->alertfile, "r" )) ) if ( ! (alert_fp = fopen ( config->alertfile, "r" )) )
{ {
_dpd.fatalMsg ( "Could not open alert log file for reading" ); AI_fatal_err ( "Could not open alert log file for reading", __FILE__, __LINE__ );
} }
} }
} }
if (( wd = inotify_add_watch ( ifd, config->alertfile, IN_MODIFY )) < 0 ) if (( wd = inotify_add_watch ( ifd, config->alertfile, IN_MODIFY )) < 0 )
{ {
_dpd.fatalMsg ( "Could not initialize a watch descriptor on the alert log file" ); AI_fatal_err ( "Could not initialize a watch descriptor on the alert log file", __FILE__, __LINE__ );
} }
fseek ( alert_fp, 0, SEEK_END ); fseek ( alert_fp, 0, SEEK_END );
@ -212,7 +212,7 @@ AI_file_alertparser_thread ( void* arg )
{ {
if ( ! (alert_fp = fopen ( config->alertfile, "r" )) ) if ( ! (alert_fp = fopen ( config->alertfile, "r" )) )
{ {
_dpd.fatalMsg ( "Could not open alert log file for reading" ); AI_fatal_err ( "Could not open alert log file for reading", __FILE__, __LINE__ );
} }
else if( fd == -1 ){ else if( fd == -1 ){
/* /*
@ -283,12 +283,12 @@ AI_file_alertparser_thread ( void* arg )
} }
if ( pthread_create ( &serializer_thread, NULL, AI_serializer_thread, alert ) != 0 ) if ( pthread_create ( &serializer_thread, NULL, AI_serializer_thread, alert ) != 0 )
_dpd.fatalMsg ( "Failed to create the alerts' serializer thread\n" ); AI_fatal_err ( "Failed to create the alerts' serializer thread", __FILE__, __LINE__ );
if ( config->outdbtype != outdb_none ) if ( config->outdbtype != outdb_none )
{ {
if ( pthread_create ( &db_thread, NULL, AI_store_alert_to_db_thread, alert ) != 0 ) if ( pthread_create ( &db_thread, NULL, AI_store_alert_to_db_thread, alert ) != 0 )
_dpd.fatalMsg ( "Failed to create the alert to db storing thread\n" ); AI_fatal_err ( "Failed to create the alert to db storing thread", __FILE__, __LINE__ );
} }
in_alert = false; in_alert = false;
@ -308,7 +308,7 @@ AI_file_alertparser_thread ( void* arg )
if ( !( alert = ( AI_snort_alert* ) malloc ( sizeof( AI_snort_alert )))) if ( !( alert = ( AI_snort_alert* ) malloc ( sizeof( AI_snort_alert ))))
{ {
_dpd.fatalMsg ( "\nDynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
} }
memset ( alert, 0, sizeof(AI_snort_alert) ); memset ( alert, 0, sizeof(AI_snort_alert) );
@ -324,7 +324,7 @@ AI_file_alertparser_thread ( void* arg )
free ( matches ); free ( matches );
matches = NULL; matches = NULL;
} else { } else {
_dpd.fatalMsg ( "Parse error: a line in the alert log cannot be associated to an alert block\n" ); AI_fatal_err ( "Parse error: a line in the alert log cannot be associated to an alert block", __FILE__, __LINE__ );
} }
} else if ( preg_match ( "\\[Priority:\\s*([0-9]+)\\]", line, &matches, &nmatches) > 0 ) { } else if ( preg_match ( "\\[Priority:\\s*([0-9]+)\\]", line, &matches, &nmatches) > 0 ) {
alert->priority = (unsigned short) strtoul ( matches[0], NULL, 10 ); alert->priority = (unsigned short) strtoul ( matches[0], NULL, 10 );
@ -480,7 +480,7 @@ _AI_copy_alerts ( AI_snort_alert *node )
if ( !( current = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) )) if ( !( current = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) ))
{ {
_dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
} }
memcpy ( current, node, sizeof ( AI_snort_alert )); memcpy ( current, node, sizeof ( AI_snort_alert ));

View file

@ -152,7 +152,7 @@ AI_alert_bayesian_correlation ( AI_snort_alert *a, AI_snort_alert *b )
found->latest_computation_time = time ( NULL ); found->latest_computation_time = time ( NULL );
} else { } else {
if ( !( found = ( AI_bayesian_correlation* ) malloc ( sizeof ( AI_bayesian_correlation )))) if ( !( found = ( AI_bayesian_correlation* ) malloc ( sizeof ( AI_bayesian_correlation ))))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
found->key = bayesian_key; found->key = bayesian_key;
found->correlation = corr; found->correlation = corr;

View file

@ -91,7 +91,7 @@ _heuristic_func ( cluster_type type )
{ {
if ( !( value = ( attribute_value* ) malloc ( sizeof ( attribute_value )) )) if ( !( value = ( attribute_value* ) malloc ( sizeof ( attribute_value )) ))
{ {
_dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation failure", __FILE__, __LINE__ );
} }
memset ( value, 0, sizeof ( attribute_value )); memset ( value, 0, sizeof ( attribute_value ));
@ -137,7 +137,7 @@ _hierarchy_node_new ( char *label, int min_val, int max_val )
if ( !( n = ( hierarchy_node* ) malloc ( sizeof ( hierarchy_node )) )) if ( !( n = ( hierarchy_node* ) malloc ( sizeof ( hierarchy_node )) ))
{ {
_dpd.fatalMsg ( "Dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation failure", __FILE__, __LINE__ );
} }
n->min_val = min_val; n->min_val = min_val;
@ -162,7 +162,7 @@ _hierarchy_node_append ( hierarchy_node *parent, hierarchy_node *child )
{ {
if ( !( parent->children = ( hierarchy_node** ) realloc ( parent->children, (++(parent->nchildren)) * sizeof ( hierarchy_node* )) )) if ( !( parent->children = ( hierarchy_node** ) realloc ( parent->children, (++(parent->nchildren)) * sizeof ( hierarchy_node* )) ))
{ {
_dpd.fatalMsg ( "Dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation failure", __FILE__, __LINE__ );
} }
parent->children[ parent->nchildren - 1 ] = child; parent->children[ parent->nchildren - 1 ] = child;
@ -286,25 +286,25 @@ _AI_merge_alerts ( AI_snort_alert **log )
if ( config->outdbtype != outdb_none ) if ( config->outdbtype != outdb_none )
{ {
if ( !( alerts_couple = (AI_alerts_couple*) malloc ( sizeof ( AI_alerts_couple )))) if ( !( alerts_couple = (AI_alerts_couple*) malloc ( sizeof ( AI_alerts_couple ))))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
alerts_couple->alert1 = tmp; alerts_couple->alert1 = tmp;
alerts_couple->alert2 = tmp2->next; alerts_couple->alert2 = tmp2->next;
if ( pthread_create ( &db_thread, NULL, AI_store_cluster_to_db_thread, alerts_couple ) != 0 ) if ( pthread_create ( &db_thread, NULL, AI_store_cluster_to_db_thread, alerts_couple ) != 0 )
{ {
_dpd.fatalMsg ( "AIPreproc: Failed to create the cluster-to-database thread: %s\n", strerror(errno) ); AI_fatal_err ( "Failed to create the cluster-to-database thread", __FILE__, __LINE__ );
} }
if ( pthread_join ( db_thread, NULL ) != 0 ) if ( pthread_join ( db_thread, NULL ) != 0 )
{ {
_dpd.fatalMsg ( "AIPreproc: Could not join the cluster-to-database thread: %s\n", strerror(errno) ); AI_fatal_err ( "Could not join the cluster-to-database thread", __FILE__, __LINE__ );
} }
} }
/* Merge the two alerts */ /* Merge the two alerts */
if ( !( tmp->grouped_alerts = ( AI_snort_alert** ) realloc ( tmp->grouped_alerts, (++(tmp->grouped_alerts_count)) * sizeof ( AI_snort_alert* )))) if ( !( tmp->grouped_alerts = ( AI_snort_alert** ) realloc ( tmp->grouped_alerts, (++(tmp->grouped_alerts_count)) * sizeof ( AI_snort_alert* ))))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
tmp->grouped_alerts[ tmp->grouped_alerts_count - 1 ] = tmp2->next; tmp->grouped_alerts[ tmp->grouped_alerts_count - 1 ] = tmp2->next;
count++; count++;
@ -354,7 +354,7 @@ _AI_get_alerts_heterogeneity ( int *alert_count )
if ( !found ) if ( !found )
{ {
if ( !( found = (AI_alert_occurrence*) malloc ( sizeof ( AI_alert_occurrence )))) if ( !( found = (AI_alert_occurrence*) malloc ( sizeof ( AI_alert_occurrence ))))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
found->key = key; found->key = key;
found->count = 1; found->count = 1;
@ -674,7 +674,7 @@ AI_hierarchies_build ( hierarchy_node **nodes, int n_nodes )
if ( _AI_check_duplicate ( nodes[i], root )) if ( _AI_check_duplicate ( nodes[i], root ))
{ {
_dpd.fatalMsg ( "AIPreproc: Parse error: duplicate cluster range '%d-%d' in configuration\n", nodes[i]->min_val, nodes[i]->max_val ); AI_fatal_err ( "Parse error: duplicate cluster range in module configuration", __FILE__, __LINE__ );
} }
for ( j=0; j < n_nodes; j++ ) for ( j=0; j < n_nodes; j++ )
@ -709,7 +709,7 @@ AI_hierarchies_build ( hierarchy_node **nodes, int n_nodes )
if ( pthread_create ( &cluster_thread, NULL, _AI_cluster_thread, NULL ) != 0 ) if ( pthread_create ( &cluster_thread, NULL, _AI_cluster_thread, NULL ) != 0 )
{ {
_dpd.fatalMsg ( "AIPreproc: Failed to create the hash cleanup thread\n" ); AI_fatal_err ( "Failed to create the hash cleanup thread", __FILE__, __LINE__ );
} }
} /* ----- end of function AI_hierarchies_build ----- */ } /* ----- end of function AI_hierarchies_build ----- */
@ -736,7 +736,7 @@ _AI_copy_clustered_alerts ( AI_snort_alert *node )
if ( !( current = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) )) if ( !( current = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) ))
{ {
_dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation failure", __FILE__, __LINE__ );
} }
memcpy ( current, node, sizeof ( AI_snort_alert )); memcpy ( current, node, sizeof ( AI_snort_alert ));

View file

@ -197,7 +197,7 @@ _AI_get_function_arguments ( char *orig_stmt, int *n_args )
while ( tok ) { while ( tok ) {
if ( !( args = (char**) realloc ( args, (++(*n_args)) * sizeof ( char* )))) if ( !( args = (char**) realloc ( args, (++(*n_args)) * sizeof ( char* ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
args [ (*n_args) - 1 ] = strdup ( tok ); args [ (*n_args) - 1 ] = strdup ( tok );
tok = (char*) strtok ( NULL, " " ); tok = (char*) strtok ( NULL, " " );
@ -296,15 +296,15 @@ _AI_kb_correlation_coefficient ( AI_snort_alert *a, AI_snort_alert *b )
if ( preg_match ( "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$", args2[k], NULL, NULL )) if ( preg_match ( "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$", args2[k], NULL, NULL ))
{ {
if (( netmask = strtol ( matches[1], NULL, 10 )) > 32 ) if (( netmask = strtol ( matches[1], NULL, 10 )) > 32 )
_dpd.fatalMsg ( "AIPreproc: Invalid netmask value in '%s'\n", args1[k] ); AI_fatal_err ( "Invalid IP netmask value in configuration", __FILE__, __LINE__ );
if (( min_addr = inet_addr ( matches[0] )) == INADDR_NONE ) if (( min_addr = inet_addr ( matches[0] )) == INADDR_NONE )
_dpd.fatalMsg ( "AIPreproc: Invalid base IP address in '%s'\n", args1[k] ); AI_fatal_err ( "Invalid base IP address in configuration", __FILE__, __LINE__ );
ipaddr = inet_addr ( args2[k] ); ipaddr = inet_addr ( args2[k] );
if ( ipaddr == INADDR_NONE ) if ( ipaddr == INADDR_NONE )
_dpd.fatalMsg ( "AIPreproc: Invalid base IP address in '%s'\n", args2[k] ); AI_fatal_err ( "Invalid base IP address in configuration", __FILE__, __LINE__ );
netmask = 1 << (( 8*sizeof ( uint32_t )) - netmask ); netmask = 1 << (( 8*sizeof ( uint32_t )) - netmask );
min_addr = ntohl ( min_addr ) & (~(netmask - 1)); min_addr = ntohl ( min_addr ) & (~(netmask - 1));
@ -328,15 +328,15 @@ _AI_kb_correlation_coefficient ( AI_snort_alert *a, AI_snort_alert *b )
if ( preg_match ( "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$", args1[k], NULL, NULL )) if ( preg_match ( "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$", args1[k], NULL, NULL ))
{ {
if (( netmask = strtol ( matches[1], NULL, 10 )) > 32 ) if (( netmask = strtol ( matches[1], NULL, 10 )) > 32 )
_dpd.fatalMsg ( "AIPreproc: Invalid netmask value in '%s'\n", args2[k] ); AI_fatal_err ( "Invalid IP netmask value in configuration", __FILE__, __LINE__ );
if (( min_addr = inet_addr ( matches[0] )) == INADDR_NONE ) if (( min_addr = inet_addr ( matches[0] )) == INADDR_NONE )
_dpd.fatalMsg ( "AIPreproc: Invalid base IP address in '%s'\n", args2[k] ); AI_fatal_err ( "Invalid base IP address in configuration", __FILE__, __LINE__ );
ipaddr = inet_addr ( args1[k] ); ipaddr = inet_addr ( args1[k] );
if ( ipaddr == INADDR_NONE ) if ( ipaddr == INADDR_NONE )
_dpd.fatalMsg ( "AIPreproc: Invalid base IP address in '%s'\n", args1[k] ); AI_fatal_err ( "Invalid base IP address in configuration", __FILE__, __LINE__ );
netmask = 1 << (( 8*sizeof ( uint32_t )) - netmask ); netmask = 1 << (( 8*sizeof ( uint32_t )) - netmask );
min_addr = ntohl ( min_addr ) & (~(netmask - 1)); min_addr = ntohl ( min_addr ) & (~(netmask - 1));
@ -535,7 +535,7 @@ _AI_hyperalert_from_XML ( AI_hyperalert_key key )
if ( !( hyp = ( AI_hyperalert_info* ) malloc ( sizeof ( AI_hyperalert_info )))) if ( !( hyp = ( AI_hyperalert_info* ) malloc ( sizeof ( AI_hyperalert_info ))))
{ {
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
} }
memset ( hyp, 0, sizeof ( AI_hyperalert_info )); memset ( hyp, 0, sizeof ( AI_hyperalert_info ));
@ -563,59 +563,59 @@ _AI_hyperalert_from_XML ( AI_hyperalert_key key )
if ( !strcasecmp ((const char*) tagname, "hyperalert" )) if ( !strcasecmp ((const char*) tagname, "hyperalert" ))
{ {
if ( xmlFlags[inHyperAlert] ) if ( xmlFlags[inHyperAlert] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': the hyperalert tag was opened twice\n", hyperalert_file ); AI_fatal_err ( "Error in XML correlation rules: the hyperalert tag was opened twice", __FILE__, __LINE__ );
else else
xmlFlags[inHyperAlert] = true; xmlFlags[inHyperAlert] = true;
} else if ( !strcasecmp ((const char*) tagname, "snort-id" )) { } else if ( !strcasecmp ((const char*) tagname, "snort-id" )) {
if ( xmlFlags[inSnortIdTag] ) if ( xmlFlags[inSnortIdTag] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'snort-id' tag open inside of another 'snort-id' tag\n", hyperalert_file ); AI_fatal_err ( "Error in XML correlation rules: 'snort-id' tag open inside of another 'snort-id' tag", __FILE__, __LINE__ );
else if ( !xmlFlags[inHyperAlert] ) else if ( !xmlFlags[inHyperAlert] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'snort-id' tag open outside of 'hyperalert' tag\n", hyperalert_file ); AI_fatal_err ( "Error in XML correlation rules: 'snort-id' tag open outside of 'hyperalert' tag", __FILE__, __LINE__ );
else else
xmlFlags[inSnortIdTag] = true; xmlFlags[inSnortIdTag] = true;
} else if ( !strcasecmp ((const char*) tagname, "pre" )) { } else if ( !strcasecmp ((const char*) tagname, "pre" )) {
if ( xmlFlags[inPreTag] ) if ( xmlFlags[inPreTag] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'pre' tag open inside of another 'pre' tag\n", hyperalert_file ); AI_fatal_err ( "Error in XML correlation rules: 'pre' tag open inside of another 'pre' tag", __FILE__, __LINE__ );
else if ( !xmlFlags[inHyperAlert] ) else if ( !xmlFlags[inHyperAlert] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'pre' tag open outside of 'hyperalert' tag\n", hyperalert_file ); AI_fatal_err ( "Error in XML correlation rules: 'pre' tag open outside of 'hyperalert' tag", __FILE__, __LINE__ );
else else
xmlFlags[inPreTag] = true; xmlFlags[inPreTag] = true;
} else if ( !strcasecmp ((const char*) tagname, "post" )) { } else if ( !strcasecmp ((const char*) tagname, "post" )) {
if ( xmlFlags[inPostTag] ) if ( xmlFlags[inPostTag] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'post' tag open inside of another 'post' tag\n", hyperalert_file ); AI_fatal_err ( "Error in XML correlation rules: 'post' tag open inside of another 'post' tag", __FILE__, __LINE__ );
else if ( !xmlFlags[inHyperAlert] ) else if ( !xmlFlags[inHyperAlert] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': 'post' tag open outside of 'hyperalert' tag\n", hyperalert_file ); AI_fatal_err ( "Error in XML correlation rules: 'post' tag open outside of 'hyperalert' tag", __FILE__, __LINE__ );
else else
xmlFlags[inPostTag] = true; xmlFlags[inPostTag] = true;
} else if ( !strcasecmp ((const char*) tagname, "desc" )) {} } else if ( !strcasecmp ((const char*) tagname, "desc" )) {}
else { else {
_dpd.fatalMsg ( "AIPreproc: Unrecognized tag '%s' in XML file '%s'\n", tagname, hyperalert_file ); AI_fatal_err ( "Unrecognized tag in XML correlation rules", __FILE__, __LINE__ );
} }
} else if ( xmlTextReaderNodeType ( xml ) == XML_READER_TYPE_END_ELEMENT ) { } else if ( xmlTextReaderNodeType ( xml ) == XML_READER_TYPE_END_ELEMENT ) {
if ( !strcasecmp ((const char*) tagname, "hyperalert" )) if ( !strcasecmp ((const char*) tagname, "hyperalert" ))
{ {
if ( !xmlFlags[inHyperAlert] ) if ( !xmlFlags[inHyperAlert] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': hyperalert tag closed but never opend\n", hyperalert_file ); AI_fatal_err ( "Error in XML correlation rules: hyperalert tag closed but never opend", __FILE__, __LINE__ );
else else
xmlFlags[inHyperAlert] = false; xmlFlags[inHyperAlert] = false;
} else if ( !strcasecmp ((const char*) tagname, "snort-id" )) { } else if ( !strcasecmp ((const char*) tagname, "snort-id" )) {
if ( !xmlFlags[inSnortIdTag] ) if ( !xmlFlags[inSnortIdTag] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': snort-id tag closed but never opend\n", hyperalert_file ); AI_fatal_err ( "Error in XML correlation rules: snort-id tag closed but never opend", __FILE__, __LINE__ );
else else
xmlFlags[inSnortIdTag] = false; xmlFlags[inSnortIdTag] = false;
} else if ( !strcasecmp ((const char*) tagname, "pre" )) { } else if ( !strcasecmp ((const char*) tagname, "pre" )) {
if ( !xmlFlags[inPreTag] ) if ( !xmlFlags[inPreTag] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': pre tag closed but never opend\n", hyperalert_file ); AI_fatal_err ( "Error in XML correlation rules: pre tag closed but never opend", __FILE__, __LINE__ );
else else
xmlFlags[inPreTag] = false; xmlFlags[inPreTag] = false;
} else if ( !strcasecmp ((const char*) tagname, "post" )) { } else if ( !strcasecmp ((const char*) tagname, "post" )) {
if ( !xmlFlags[inPostTag] ) if ( !xmlFlags[inPostTag] )
_dpd.fatalMsg ( "AIPreproc: Error in XML file '%s': post tag closed but never opend\n", hyperalert_file ); AI_fatal_err ( "Error in XML correlation rules: post tag closed but never opend", __FILE__, __LINE__ );
else else
xmlFlags[inPostTag] = false; xmlFlags[inPostTag] = false;
} else if ( !strcasecmp ((const char*) tagname, "desc" )) {} } else if ( !strcasecmp ((const char*) tagname, "desc" )) {}
else { else {
_dpd.fatalMsg ( "AIPreproc: Unrecognized tag '%s' in XML file '%s'\n", tagname, hyperalert_file ); AI_fatal_err ( "Unrecognized tag in XML correlation rules", __FILE__, __LINE__ );
} }
} else if ( xmlTextReaderNodeType ( xml ) == XML_READER_TYPE_TEXT ) { } else if ( xmlTextReaderNodeType ( xml ) == XML_READER_TYPE_TEXT ) {
if ( !( tagvalue = xmlTextReaderConstValue ( xml ))) if ( !( tagvalue = xmlTextReaderConstValue ( xml )))
@ -635,14 +635,12 @@ _AI_hyperalert_from_XML ( AI_hyperalert_key key )
} }
} else if ( xmlFlags[inPreTag] ) { } else if ( xmlFlags[inPreTag] ) {
if ( !( hyp->preconds = (char**) realloc ( hyp->preconds, (++hyp->n_preconds)*sizeof(char*) ))) if ( !( hyp->preconds = (char**) realloc ( hyp->preconds, (++hyp->n_preconds)*sizeof(char*) )))
_dpd.fatalMsg ( "AIPreproc: Fatal allocation memory error at %s:%d\n", AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
__FILE__, __LINE__ );
hyp->preconds[hyp->n_preconds-1] = strdup ((const char*) tagvalue ); hyp->preconds[hyp->n_preconds-1] = strdup ((const char*) tagvalue );
} else if ( xmlFlags[inPostTag] ) { } else if ( xmlFlags[inPostTag] ) {
if ( !( hyp->postconds = (char**) realloc ( hyp->postconds, (++hyp->n_postconds)*sizeof(char*) ))) if ( !( hyp->postconds = (char**) realloc ( hyp->postconds, (++hyp->n_postconds)*sizeof(char*) )))
_dpd.fatalMsg ( "AIPreproc: Fatal allocation memory error at %s:%d\n", AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
__FILE__, __LINE__ );
hyp->postconds[hyp->n_postconds-1] = strdup ((const char*) tagvalue ); hyp->postconds[hyp->n_postconds-1] = strdup ((const char*) tagvalue );
} }
@ -741,20 +739,20 @@ AI_alert_correlation_thread ( void *arg )
/* Fill the hyper alert info for the current alert */ /* Fill the hyper alert info for the current alert */
if ( !( alert_iterator->hyperalert = ( AI_hyperalert_info* ) malloc ( sizeof ( AI_hyperalert_info )))) if ( !( alert_iterator->hyperalert = ( AI_hyperalert_info* ) malloc ( sizeof ( AI_hyperalert_info ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
alert_iterator->hyperalert->key = hyp->key; alert_iterator->hyperalert->key = hyp->key;
alert_iterator->hyperalert->n_preconds = hyp->n_preconds; alert_iterator->hyperalert->n_preconds = hyp->n_preconds;
alert_iterator->hyperalert->n_postconds = hyp->n_postconds; alert_iterator->hyperalert->n_postconds = hyp->n_postconds;
if ( !( alert_iterator->hyperalert->preconds = ( char** ) malloc ( alert_iterator->hyperalert->n_preconds * sizeof ( char* )))) if ( !( alert_iterator->hyperalert->preconds = ( char** ) malloc ( alert_iterator->hyperalert->n_preconds * sizeof ( char* ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
for ( i=0; i < alert_iterator->hyperalert->n_preconds; i++ ) for ( i=0; i < alert_iterator->hyperalert->n_preconds; i++ )
alert_iterator->hyperalert->preconds[i] = strdup ( hyp->preconds[i] ); alert_iterator->hyperalert->preconds[i] = strdup ( hyp->preconds[i] );
if ( !( alert_iterator->hyperalert->postconds = ( char** ) malloc ( alert_iterator->hyperalert->n_postconds * sizeof ( char* )))) if ( !( alert_iterator->hyperalert->postconds = ( char** ) malloc ( alert_iterator->hyperalert->n_postconds * sizeof ( char* ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
for ( i=0; i < alert_iterator->hyperalert->n_postconds; i++ ) for ( i=0; i < alert_iterator->hyperalert->n_postconds; i++ )
alert_iterator->hyperalert->postconds[i] = strdup ( hyp->postconds[i] ); alert_iterator->hyperalert->postconds[i] = strdup ( hyp->postconds[i] );
@ -775,7 +773,7 @@ AI_alert_correlation_thread ( void *arg )
alert_iterator->rev == alert_iterator2->rev )) alert_iterator->rev == alert_iterator2->rev ))
{ {
if ( !( corr = ( AI_alert_correlation* ) malloc ( sizeof ( AI_alert_correlation )))) if ( !( corr = ( AI_alert_correlation* ) malloc ( sizeof ( AI_alert_correlation ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
corr_key.a = alert_iterator; corr_key.a = alert_iterator;
corr_key.b = alert_iterator2; corr_key.b = alert_iterator2;
@ -823,14 +821,14 @@ AI_alert_correlation_thread ( void *arg )
{ {
if ( mkdir ( config->corr_alerts_dir, 0755 ) < 0 ) if ( mkdir ( config->corr_alerts_dir, 0755 ) < 0 )
{ {
_dpd.fatalMsg ( "AIPreproc: Unable to create directory '%s'\n", config->corr_alerts_dir ); AI_fatal_err ( "Unable to create directory the correlated alerts directory", __FILE__, __LINE__ );
} }
} else if ( !S_ISDIR ( st.st_mode )) { } else if ( !S_ISDIR ( st.st_mode )) {
_dpd.fatalMsg ( "AIPreproc: '%s' found but it's not a directory\n", config->corr_alerts_dir ); AI_fatal_err ( "The specified directory for correlated alerts is not a directory", __FILE__, __LINE__ );
} }
if ( !( fp = fopen ( corr_dot_file, "w" ))) if ( !( fp = fopen ( corr_dot_file, "w" )))
_dpd.fatalMsg ( "AIPreproc: Could not write on file '%s'\n", corr_dot_file ); AI_fatal_err ( "Could not write on the correlated alerts .dot file", __FILE__, __LINE__ );
fprintf ( fp, "digraph G {\n" ); fprintf ( fp, "digraph G {\n" );
/* Find correlated alerts */ /* Find correlated alerts */
@ -844,10 +842,10 @@ AI_alert_correlation_thread ( void *arg )
corr->key.a->rev == corr->key.b->rev )) corr->key.a->rev == corr->key.b->rev ))
{ {
if ( !( corr->key.a->derived_alerts = ( AI_snort_alert** ) realloc ( corr->key.a->derived_alerts, (++corr->key.a->n_derived_alerts) * sizeof ( AI_snort_alert* )))) if ( !( corr->key.a->derived_alerts = ( AI_snort_alert** ) realloc ( corr->key.a->derived_alerts, (++corr->key.a->n_derived_alerts) * sizeof ( AI_snort_alert* ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
if ( !( corr->key.b->parent_alerts = ( AI_snort_alert** ) realloc ( corr->key.b->parent_alerts, (++corr->key.b->n_parent_alerts) * sizeof ( AI_snort_alert* )))) if ( !( corr->key.b->parent_alerts = ( AI_snort_alert** ) realloc ( corr->key.b->parent_alerts, (++corr->key.b->n_parent_alerts) * sizeof ( AI_snort_alert* ))))
_dpd.fatalMsg ( "AIPreproc: Fatal memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
corr->key.a->derived_alerts[ corr->key.a->n_derived_alerts - 1 ] = corr->key.b; corr->key.a->derived_alerts[ corr->key.a->n_derived_alerts - 1 ] = corr->key.b;
corr->key.b->parent_alerts [ corr->key.b->n_parent_alerts - 1 ] = corr->key.a; corr->key.b->parent_alerts [ corr->key.b->n_parent_alerts - 1 ] = corr->key.a;
@ -857,12 +855,12 @@ AI_alert_correlation_thread ( void *arg )
{ {
if ( pthread_create ( &db_thread, NULL, AI_store_correlation_to_db_thread, corr ) != 0 ) if ( pthread_create ( &db_thread, NULL, AI_store_correlation_to_db_thread, corr ) != 0 )
{ {
_dpd.fatalMsg ( "AIPreproc: Failed to create the correlation-to-database storing thread: %s\n", strerror ( errno )); AI_fatal_err ( "Failed to create the correlation-to-database storing thread", __FILE__, __LINE__ );
} }
if ( pthread_join ( db_thread, NULL ) != 0 ) if ( pthread_join ( db_thread, NULL ) != 0 )
{ {
_dpd.fatalMsg ( "AIPreproc: Failed to join the correlation-to-database storing thread: %s\n", strerror ( errno )); AI_fatal_err ( "Failed to join the correlation-to-database storing thread", __FILE__, __LINE__ );
} }
} }
} }

33
db.c
View file

@ -60,20 +60,19 @@ AI_db_alertparser_thread ( void *arg )
if ( !DB_init() ) if ( !DB_init() )
{ {
_dpd.fatalMsg ( "AIPreproc: Unable to connect to the database '%s' @ '%s'\n", AI_fatal_err ( "Unable to connect to the database specified in module configuration", __FILE__, __LINE__ );
config->dbname, config->dbhost );
} }
/* Initialize the pool of alerts to be passed to the serialization thread */ /* Initialize the pool of alerts to be passed to the serialization thread */
if ( !( alerts_pool = ( AI_snort_alert** ) malloc ( config->alert_bufsize * sizeof ( AI_snort_alert* )))) if ( !( alerts_pool = ( AI_snort_alert** ) malloc ( config->alert_bufsize * sizeof ( AI_snort_alert* ))))
_dpd.fatalMsg ( "Dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
for ( i=0; i < config->alert_bufsize; i++ ) for ( i=0; i < config->alert_bufsize; i++ )
alerts_pool[i] = NULL; alerts_pool[i] = NULL;
/* Initialize the thread for managing the serialization of alerts' pool */ /* Initialize the thread for managing the serialization of alerts' pool */
if ( pthread_create ( &alerts_pool_thread, NULL, AI_alerts_pool_thread, NULL ) != 0 ) if ( pthread_create ( &alerts_pool_thread, NULL, AI_alerts_pool_thread, NULL ) != 0 )
_dpd.fatalMsg ( "Failed to create the alerts' pool management thread\n" ); AI_fatal_err ( "Failed to create the alerts' pool management thread", __FILE__, __LINE__ );
while ( 1 ) while ( 1 )
{ {
@ -87,14 +86,13 @@ AI_db_alertparser_thread ( void *arg )
if ( !( res = (DB_result) DB_query ( query ))) if ( !( res = (DB_result) DB_query ( query )))
{ {
DB_close(); DB_close();
_dpd.fatalMsg ( "AIPreproc: Fatal error while executing a query on the database " AI_fatal_err ( "Fatal error while executing a query on the database", __FILE__, __LINE__ );
"at %s:%d: '%s'\n", __FILE__, __LINE__, query );
} }
if (( rows = DB_num_rows ( res )) < 0 ) if (( rows = DB_num_rows ( res )) < 0 )
{ {
DB_close(); DB_close();
_dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Could not store the query result", __FILE__, __LINE__ );
} else if ( rows == 0 ) { } else if ( rows == 0 ) {
pthread_mutex_unlock ( &mutex ); pthread_mutex_unlock ( &mutex );
continue; continue;
@ -104,7 +102,7 @@ AI_db_alertparser_thread ( void *arg )
{ {
if ( !( alert = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) )) if ( !( alert = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) ))
{ {
_dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
} }
memset ( alert, 0, sizeof ( AI_snort_alert )); memset ( alert, 0, sizeof ( AI_snort_alert ));
@ -119,13 +117,12 @@ AI_db_alertparser_thread ( void *arg )
if ( !( res2 = (DB_result) DB_query ( query ))) if ( !( res2 = (DB_result) DB_query ( query )))
{ {
DB_close(); DB_close();
_dpd.fatalMsg ( "AIPreproc: Fatal error while executing a query on the database " AI_fatal_err ( "Fatal error while executing a query on the database", __FILE__, __LINE__ );
"at %s:%d: '%s'\n", __FILE__, __LINE__, query );
} }
if (( rows = DB_num_rows ( res2 )) < 0 ) { if (( rows = DB_num_rows ( res2 )) < 0 ) {
DB_close(); DB_close();
_dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Could not store the query result", __FILE__, __LINE__ );
} else if ( rows > 0 ) { } else if ( rows > 0 ) {
if (( row2 = (DB_row) DB_fetch_row ( res2 ))) if (( row2 = (DB_row) DB_fetch_row ( res2 )))
{ {
@ -147,13 +144,12 @@ AI_db_alertparser_thread ( void *arg )
if ( !( res2 = (DB_result) DB_query ( query ))) if ( !( res2 = (DB_result) DB_query ( query )))
{ {
DB_close(); DB_close();
_dpd.fatalMsg ( "AIPreproc: Fatal error while executing a query on the database " AI_fatal_err ( "Fatal error while executing a query on the database", __FILE__, __LINE__ );
"at %s:%d: '%s'\n", __FILE__, __LINE__, query );
} }
if (( rows = DB_num_rows ( res2 )) < 0 ) { if (( rows = DB_num_rows ( res2 )) < 0 ) {
DB_close(); DB_close();
_dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Could not store the query result", __FILE__, __LINE__ );
} else if ( rows > 0 ) { } else if ( rows > 0 ) {
if (( row2 = DB_fetch_row ( res2 ))) if (( row2 = DB_fetch_row ( res2 )))
{ {
@ -177,13 +173,12 @@ AI_db_alertparser_thread ( void *arg )
if ( !( res2 = (DB_result) DB_query ( query ))) if ( !( res2 = (DB_result) DB_query ( query )))
{ {
DB_close(); DB_close();
_dpd.fatalMsg ( "AIPreproc: Fatal error while executing a query on the database " AI_fatal_err ( "Fatal error while executing a query on the database", __FILE__, __LINE__ );
"at %s:%d: '%s'\n", __FILE__, __LINE__, query );
} }
if (( rows = DB_num_rows ( res2 )) < 0 ) { if (( rows = DB_num_rows ( res2 )) < 0 ) {
DB_close(); DB_close();
_dpd.fatalMsg ( "AIPreproc: Could not store the query result at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Could not store the query result", __FILE__, __LINE__ );
} else if ( rows > 0 ) { } else if ( rows > 0 ) {
if (( row2 = DB_fetch_row ( res2 ))) if (( row2 = DB_fetch_row ( res2 )))
{ {
@ -227,7 +222,7 @@ AI_db_alertparser_thread ( void *arg )
latest_time = time ( NULL ); latest_time = time ( NULL );
if ( pthread_create ( &serializer_thread, NULL, AI_serializer_thread, alert ) != 0 ) if ( pthread_create ( &serializer_thread, NULL, AI_serializer_thread, alert ) != 0 )
_dpd.fatalMsg ( "Failed to create the alerts' serializer thread\n" ); AI_fatal_err ( "Failed to create the alerts' serializer thread", __FILE__, __LINE__ );
} }
DB_close(); DB_close();
@ -257,7 +252,7 @@ _AI_db_copy_alerts ( AI_snort_alert *node )
if ( !( current = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) )) if ( !( current = ( AI_snort_alert* ) malloc ( sizeof ( AI_snort_alert )) ))
{ {
_dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
} }
memcpy ( current, node, sizeof ( AI_snort_alert )); memcpy ( current, node, sizeof ( AI_snort_alert ));

12
outdb.c
View file

@ -89,7 +89,7 @@ AI_store_alert_to_db_thread ( void *arg )
pthread_mutex_lock ( &mutex ); pthread_mutex_lock ( &mutex );
if ( !DB_out_init() ) if ( !DB_out_init() )
_dpd.fatalMsg ( "AIPreproc: Unable to connect to output database '%s'\n", config->outdbname ); AI_fatal_err ( "Unable to connect to the specified output database", __FILE__, __LINE__ );
inet_ntop ( AF_INET, &(alert->ip_src_addr), srcip, INET_ADDRSTRLEN ); inet_ntop ( AF_INET, &(alert->ip_src_addr), srcip, INET_ADDRSTRLEN );
inet_ntop ( AF_INET, &(alert->ip_dst_addr), dstip, INET_ADDRSTRLEN ); inet_ntop ( AF_INET, &(alert->ip_dst_addr), dstip, INET_ADDRSTRLEN );
@ -210,7 +210,7 @@ AI_store_alert_to_db_thread ( void *arg )
pkt_size_offset = 0; pkt_size_offset = 0;
if ( !( pkt_data = (unsigned char*) alloca ( 2 * (pkt->pkt->pcap_header->len + pkt->pkt->payload_size) + 1 ))) if ( !( pkt_data = (unsigned char*) alloca ( 2 * (pkt->pkt->pcap_header->len + pkt->pkt->payload_size) + 1 )))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic allocation memory at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
DB_out_escape_string ( &pkt_data, DB_out_escape_string ( &pkt_data,
pkt->pkt->pkt_data, pkt->pkt->pkt_data,
@ -273,7 +273,7 @@ AI_store_cluster_to_db_thread ( void *arg )
/* Initialize the database (it just does nothing if it is already initialized) */ /* Initialize the database (it just does nothing if it is already initialized) */
if ( !DB_out_init() ) if ( !DB_out_init() )
_dpd.fatalMsg ( "AIPreproc: Unable to connect to output database '%s'\n", config->outdbname ); AI_fatal_err ( "Unable to connect to the specified output database", __FILE__, __LINE__ );
/* If one of the two alerts has no alert_id, simply return */ /* If one of the two alerts has no alert_id, simply return */
if ( !alerts_couple->alert1->alert_id || !alerts_couple->alert2->alert_id ) if ( !alerts_couple->alert1->alert_id || !alerts_couple->alert2->alert_id )
@ -334,7 +334,7 @@ AI_store_cluster_to_db_thread ( void *arg )
if ( cluster1 != 0 && cluster2 != 0 && cluster1 == cluster2 ) if ( cluster1 != 0 && cluster2 != 0 && cluster1 == cluster2 )
{ {
if ( !( found = ( AI_couples_cache* ) malloc ( sizeof ( AI_couples_cache )))) if ( !( found = ( AI_couples_cache* ) malloc ( sizeof ( AI_couples_cache ))))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic allocation memory at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
found->alerts_couple = alerts_couple; found->alerts_couple = alerts_couple;
found->cluster_id = cluster1; found->cluster_id = cluster1;
@ -417,7 +417,7 @@ AI_store_cluster_to_db_thread ( void *arg )
/* Add the couple to the cache */ /* Add the couple to the cache */
if ( !( found = ( AI_couples_cache* ) malloc ( sizeof ( AI_couples_cache )))) if ( !( found = ( AI_couples_cache* ) malloc ( sizeof ( AI_couples_cache ))))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic allocation memory at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
found->alerts_couple = alerts_couple; found->alerts_couple = alerts_couple;
found->cluster_id = cluster1; found->cluster_id = cluster1;
@ -444,7 +444,7 @@ AI_store_correlation_to_db_thread ( void *arg )
/* Initialize the database (it just does nothing if it is already initialized) */ /* Initialize the database (it just does nothing if it is already initialized) */
if ( !DB_out_init() ) if ( !DB_out_init() )
_dpd.fatalMsg ( "AIPreproc: Unable to connect to output database '%s'\n", config->outdbname ); AI_fatal_err ( "Unable to connect to the specified output database", __FILE__, __LINE__ );
memset ( query, 0, sizeof ( query )); memset ( query, 0, sizeof ( query ));
snprintf ( query, sizeof ( query ), snprintf ( query, sizeof ( query ),

View file

@ -62,7 +62,7 @@ __postgresql_do_init ( PGconn **__DB, BOOL is_out )
return (void*) *__DB; return (void*) *__DB;
if ( !( conninfo = (char*) alloca ( conninfo_max_length ))) if ( !( conninfo = (char*) alloca ( conninfo_max_length )))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
memset ( conninfo, 0, conninfo_max_length ); memset ( conninfo, 0, conninfo_max_length );
@ -104,7 +104,7 @@ __postgresql_do_query ( PGconn *__DB, const char *query )
PSQL_result *res = NULL; PSQL_result *res = NULL;
if ( !( res = (PSQL_result*) malloc ( sizeof ( PSQL_result )))) if ( !( res = (PSQL_result*) malloc ( sizeof ( PSQL_result ))))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
if ( PQresultStatus ( res->res = PQexec( __DB, query )) != PGRES_TUPLES_OK ) if ( PQresultStatus ( res->res = PQexec( __DB, query )) != PGRES_TUPLES_OK )
{ {
@ -117,14 +117,14 @@ __postgresql_do_query ( PGconn *__DB, const char *query )
res->rows = NULL; res->rows = NULL;
if ( !( res->rows = ( char*** ) malloc ( ntuples * sizeof ( char** )))) if ( !( res->rows = ( char*** ) malloc ( ntuples * sizeof ( char** ))))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
for ( i=0; i < ntuples; i++ ) for ( i=0; i < ntuples; i++ )
{ {
nfields = PQnfields ( res->res ); nfields = PQnfields ( res->res );
if ( !( res->rows[i] = ( char** ) malloc ( nfields * sizeof ( char* )))) if ( !( res->rows[i] = ( char** ) malloc ( nfields * sizeof ( char* ))))
_dpd.fatalMsg ( "AIPreproc: Fatal dynamic memory allocation error at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
for ( j=0; j < nfields; j++ ) for ( j=0; j < nfields; j++ )
{ {

138
spp_ai.c
View file

@ -19,10 +19,12 @@
#include "spp_ai.h" #include "spp_ai.h"
#include "sfPolicyUserData.h" #include "sfPolicyUserData.h"
#include "sf_preproc_info.h"
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <pthread.h> #include <pthread.h>
#include <errno.h>
/** \defgroup spp_ai Main file for spp_ai module /** \defgroup spp_ai Main file for spp_ai module
* @{ */ * @{ */
@ -48,6 +50,21 @@ static void AI_reloadSwapFree(void *);
#endif #endif
/**
* \brief Function called when the module experiences a fatal error
* \param msg Error message
* \param file File where the error occurred
* \param line Line number where the error occurred
*/
void
AI_fatal_err ( const char *msg, const char *file, const int line )
{
_dpd.fatalMsg ( "%s: %s at %s:%d (%s)\n",
PREPROC_NAME, msg, file, line,
((errno != 0) ? strerror(errno) : ""));
} /* ----- end of function AI_fatal_err ----- */
/** /**
* \brief Set up the preprocessor module * \brief Set up the preprocessor module
*/ */
@ -84,7 +101,7 @@ static void AI_init(char *args)
{ {
ex_config = sfPolicyConfigCreate(); ex_config = sfPolicyConfigCreate();
if (ex_config == NULL) if (ex_config == NULL)
_dpd.fatalMsg ("Could not allocate configuration struct.\n"); AI_fatal_err ("Could not allocate configuration struct", __FILE__, __LINE__);
} }
config = AI_parse(args); config = AI_parse(args);
@ -97,7 +114,7 @@ static void AI_init(char *args)
{ {
if ( pthread_create ( &cleanup_thread, NULL, AI_hashcleanup_thread, config ) != 0 ) if ( pthread_create ( &cleanup_thread, NULL, AI_hashcleanup_thread, config ) != 0 )
{ {
_dpd.fatalMsg ( "Failed to create the hash cleanup thread\n" ); AI_fatal_err ( "Failed to create the hash cleanup thread", __FILE__, __LINE__ );
} }
} }
@ -107,7 +124,7 @@ static void AI_init(char *args)
{ {
if ( pthread_create ( &correlation_thread, NULL, AI_alert_correlation_thread, config ) != 0 ) if ( pthread_create ( &correlation_thread, NULL, AI_alert_correlation_thread, config ) != 0 )
{ {
_dpd.fatalMsg ( "Failed to create the alert correlation thread\n" ); AI_fatal_err ( "Failed to create the alert correlation thread", __FILE__, __LINE__ );
} }
} }
@ -115,7 +132,7 @@ static void AI_init(char *args)
{ {
if ( pthread_create ( &logparse_thread, NULL, alertparser_thread, config ) != 0 ) if ( pthread_create ( &logparse_thread, NULL, alertparser_thread, config ) != 0 )
{ {
_dpd.fatalMsg ( "Failed to create the alert parser thread\n" ); AI_fatal_err ( "Failed to create the alert parser thread", __FILE__, __LINE__ );
} }
} }
@ -187,7 +204,7 @@ static AI_config * AI_parse(char *args)
has_alert_history_file = false; has_alert_history_file = false;
if ( !( config = ( AI_config* ) malloc ( sizeof( AI_config )) )) if ( !( config = ( AI_config* ) malloc ( sizeof( AI_config )) ))
_dpd.fatalMsg("Could not allocate configuration struct.\n"); AI_fatal_err( "Could not allocate configuration struct", __FILE__, __LINE__ );
memset ( config, 0, sizeof ( AI_config )); memset ( config, 0, sizeof ( AI_config ));
/* Parsing the hashtable_cleanup_interval option */ /* Parsing the hashtable_cleanup_interval option */
@ -201,8 +218,8 @@ static AI_config * AI_parse(char *args)
if ( !(*arg) ) if ( !(*arg) )
{ {
_dpd.fatalMsg("AIPreproc: hashtable_cleanup_interval option used but " AI_fatal_err ( "Hashtable_cleanup_interval option used but "
"no value specified\n"); "no value specified", __FILE__, __LINE__ );
} }
cleanup_interval = strtoul(arg, NULL, 10); cleanup_interval = strtoul(arg, NULL, 10);
@ -221,8 +238,8 @@ static AI_config * AI_parse(char *args)
if ( !(*arg) ) if ( !(*arg) )
{ {
_dpd.fatalMsg("AIPreproc: tcp_stream_expire_interval option used but " AI_fatal_err( "tcp_stream_expire_interval option used but "
"no value specified\n"); "no value specified", __FILE__, __LINE__ );
} }
stream_expire_interval = strtoul(arg, NULL, 10); stream_expire_interval = strtoul(arg, NULL, 10);
@ -239,8 +256,8 @@ static AI_config * AI_parse(char *args)
if ( !(*arg) ) if ( !(*arg) )
{ {
_dpd.fatalMsg("AIPreproc: alert_clustering_interval option used but " AI_fatal_err ( "alert_clustering_interval option used but "
"no value specified\n"); "no value specified", __FILE__, __LINE__ );
} }
alert_clustering_interval = strtoul(arg, NULL, 10); alert_clustering_interval = strtoul(arg, NULL, 10);
@ -259,8 +276,8 @@ static AI_config * AI_parse(char *args)
if ( !(*arg) ) if ( !(*arg) )
{ {
_dpd.fatalMsg("AIPreproc: database_parsing_interval option used but " AI_fatal_err ( "database_parsing_interval option used but "
"no value specified\n"); "no value specified", __FILE__, __LINE__ );
} }
database_parsing_interval = strtoul(arg, NULL, 10); database_parsing_interval = strtoul(arg, NULL, 10);
@ -279,8 +296,8 @@ static AI_config * AI_parse(char *args)
if ( !(*arg) ) if ( !(*arg) )
{ {
_dpd.fatalMsg("AIPreproc: correlation_graph_interval option used but " AI_fatal_err ( "correlation_graph_interval option used but "
"no value specified\n"); "no value specified", __FILE__, __LINE__ );
} }
correlation_graph_interval = strtoul(arg, NULL, 10); correlation_graph_interval = strtoul(arg, NULL, 10);
@ -297,8 +314,8 @@ static AI_config * AI_parse(char *args)
if ( !(*arg) ) if ( !(*arg) )
{ {
_dpd.fatalMsg("AIPreproc: alert_serialization_interval option used but " AI_fatal_err ( "alert_serialization_interval option used but "
"no value specified\n"); "no value specified", __FILE__, __LINE__ );
} }
alert_serialization_interval = strtoul(arg, NULL, 10); alert_serialization_interval = strtoul(arg, NULL, 10);
@ -315,8 +332,8 @@ static AI_config * AI_parse(char *args)
if ( !(*arg) ) if ( !(*arg) )
{ {
_dpd.fatalMsg("AIPreproc: alert_bufsize option used but " AI_fatal_err( "alert_bufsize option used but "
"no value specified\n"); "no value specified", __FILE__, __LINE__ );
} }
alert_bufsize = strtoul(arg, NULL, 10); alert_bufsize = strtoul(arg, NULL, 10);
@ -335,8 +352,8 @@ static AI_config * AI_parse(char *args)
if ( !(*arg) ) if ( !(*arg) )
{ {
_dpd.fatalMsg("AIPreproc: correlation_threshold_coefficient option used but " AI_fatal_err( "correlation_threshold_coefficient option used but "
"no value specified\n"); "no value specified", __FILE__, __LINE__ );
} }
corr_threshold_coefficient = strtod ( arg, NULL ); corr_threshold_coefficient = strtod ( arg, NULL );
@ -354,8 +371,8 @@ static AI_config * AI_parse(char *args)
if ( !(*arg) ) if ( !(*arg) )
{ {
_dpd.fatalMsg("AIPreproc: bayesian_correlation_interval option used but " AI_fatal_err ( "bayesian_correlation_interval option used but "
"no value specified\n"); "no value specified", __FILE__, __LINE__ );
} }
bayesian_correlation_interval = strtoul ( arg, NULL, 10 ); bayesian_correlation_interval = strtoul ( arg, NULL, 10 );
@ -376,8 +393,8 @@ static AI_config * AI_parse(char *args)
if ( !(*arg) ) if ( !(*arg) )
{ {
_dpd.fatalMsg("AIPreproc: bayesian_correlation_cache_validity option used but " AI_fatal_err ( "bayesian_correlation_cache_validity option used but "
"no value specified\n"); "no value specified", __FILE__, __LINE__ );
} }
bayesian_correlation_cache_validity = strtoul ( arg, NULL, 10 ); bayesian_correlation_cache_validity = strtoul ( arg, NULL, 10 );
@ -399,8 +416,8 @@ static AI_config * AI_parse(char *args)
if ( !(*arg) ) if ( !(*arg) )
{ {
_dpd.fatalMsg("AIPreproc: cluster_max_alert_interval option used but " AI_fatal_err ( "cluster_max_alert_interval option used but "
"no value specified\n"); "no value specified", __FILE__, __LINE__ );
} }
cluster_max_alert_interval = strtoul ( arg, NULL, 10 ); cluster_max_alert_interval = strtoul ( arg, NULL, 10 );
@ -420,7 +437,7 @@ static AI_config * AI_parse(char *args)
if ( !(*(arg++)) ) if ( !(*(arg++)) )
{ {
_dpd.fatalMsg("AIPreproc: alertfile option used but no filename specified\n"); AI_fatal_err ( "alertfile option used but no filename specified", __FILE__, __LINE__ );
} }
for ( alertfile[ (++alertfile_len)-1 ] = *arg; for ( alertfile[ (++alertfile_len)-1 ] = *arg;
@ -431,7 +448,7 @@ static AI_config * AI_parse(char *args)
has_alertfile = false; has_alertfile = false;
} else { } else {
if ( alertfile_len >= 1024 ) { if ( alertfile_len >= 1024 ) {
_dpd.fatalMsg("AIPreproc: alertfile path too long ( >= 1024 )\n"); AI_fatal_err ( "alertfile path too long ( >= 1024 )", __FILE__, __LINE__ );
} else if ( strlen( alertfile ) == 0 ) { } else if ( strlen( alertfile ) == 0 ) {
has_alertfile = false; has_alertfile = false;
} else { } else {
@ -453,7 +470,7 @@ static AI_config * AI_parse(char *args)
if ( !(*(arg++)) ) if ( !(*(arg++)) )
{ {
_dpd.fatalMsg("AIPreproc: alert_history_file option used but no filename specified\n"); AI_fatal_err ( "alert_history_file option used but no filename specified", __FILE__, __LINE__ );
} }
for ( alert_history_file[ (++alert_history_file_len)-1 ] = *arg; for ( alert_history_file[ (++alert_history_file_len)-1 ] = *arg;
@ -464,7 +481,7 @@ static AI_config * AI_parse(char *args)
has_alert_history_file = false; has_alert_history_file = false;
} else { } else {
if ( alert_history_file_len >= 1024 ) { if ( alert_history_file_len >= 1024 ) {
_dpd.fatalMsg("AIPreproc: alert_history_file path too long ( >= 1024 )\n"); AI_fatal_err ( "alert_history_file path too long ( >= 1024 )", __FILE__, __LINE__ );
} else if ( strlen( alert_history_file ) == 0 ) { } else if ( strlen( alert_history_file ) == 0 ) {
has_alert_history_file = false; has_alert_history_file = false;
} else { } else {
@ -485,7 +502,7 @@ static AI_config * AI_parse(char *args)
if ( !(*(arg++)) ) if ( !(*(arg++)) )
{ {
_dpd.fatalMsg("AIPreproc: clusterfile option used but no filename specified\n"); AI_fatal_err ( "clusterfile option used but no filename specified", __FILE__, __LINE__ );
} }
for ( clusterfile[ (++clusterfile_len)-1 ] = *arg; for ( clusterfile[ (++clusterfile_len)-1 ] = *arg;
@ -496,7 +513,7 @@ static AI_config * AI_parse(char *args)
has_clusterfile = false; has_clusterfile = false;
} else { } else {
if ( clusterfile_len >= 1024 ) { if ( clusterfile_len >= 1024 ) {
_dpd.fatalMsg("AIPreproc: clusterfile path too long ( >= 1024 )\n"); AI_fatal_err ( "clusterfile path too long ( >= 1024 )", __FILE__, __LINE__ );
} else if ( strlen( clusterfile ) == 0 ) { } else if ( strlen( clusterfile ) == 0 ) {
has_clusterfile = false; has_clusterfile = false;
} else { } else {
@ -517,7 +534,7 @@ static AI_config * AI_parse(char *args)
if ( !(*(arg++)) ) if ( !(*(arg++)) )
{ {
_dpd.fatalMsg("AIPreproc: correlation_rules_dir option used but no filename specified\n"); AI_fatal_err ( "correlation_rules_dir option used but no filename specified", __FILE__, __LINE__ );
} }
for ( corr_rules_dir[ (++corr_rules_dir_len)-1 ] = *arg; for ( corr_rules_dir[ (++corr_rules_dir_len)-1 ] = *arg;
@ -528,7 +545,7 @@ static AI_config * AI_parse(char *args)
has_corr_rules_dir = false; has_corr_rules_dir = false;
} else { } else {
if ( corr_rules_dir_len >= 1024 ) { if ( corr_rules_dir_len >= 1024 ) {
_dpd.fatalMsg("AIPreproc: corr_rules_dir path too long ( >= 1024 )\n"); AI_fatal_err ( "corr_rules_dir path too long ( >= 1024 )", __FILE__, __LINE__ );
} else if ( strlen( corr_rules_dir ) == 0 ) { } else if ( strlen( corr_rules_dir ) == 0 ) {
has_corr_rules_dir = false; has_corr_rules_dir = false;
} else { } else {
@ -549,7 +566,7 @@ static AI_config * AI_parse(char *args)
if ( !(*(arg++)) ) if ( !(*(arg++)) )
{ {
_dpd.fatalMsg("AIPreproc: correlated_alerts_dir option used but no filename specified\n"); AI_fatal_err ( "correlated_alerts_dir option used but no filename specified", __FILE__, __LINE__ );
} }
for ( corr_alerts_dir[ (++corr_alerts_dir_len)-1 ] = *arg; for ( corr_alerts_dir[ (++corr_alerts_dir_len)-1 ] = *arg;
@ -560,7 +577,7 @@ static AI_config * AI_parse(char *args)
has_corr_alerts_dir = false; has_corr_alerts_dir = false;
} else { } else {
if ( corr_alerts_dir_len >= 1024 ) { if ( corr_alerts_dir_len >= 1024 ) {
_dpd.fatalMsg("AIPreproc: correlated_alerts_dir path too long ( >= 1024 )\n"); AI_fatal_err ( "correlated_alerts_dir path too long ( >= 1024 )", __FILE__, __LINE__ );
} else if ( strlen( corr_alerts_dir ) == 0 ) { } else if ( strlen( corr_alerts_dir ) == 0 ) {
has_corr_alerts_dir = false; has_corr_alerts_dir = false;
} else { } else {
@ -590,7 +607,7 @@ static AI_config * AI_parse(char *args)
{ {
if ( strcasecmp ( matches[0], "mysql" ) && strcasecmp ( matches[0], "postgresql" )) if ( strcasecmp ( matches[0], "mysql" ) && strcasecmp ( matches[0], "postgresql" ))
{ {
_dpd.fatalMsg ( "AIPreproc: Not supported database '%s' (supported types: mysql, postgresql)\n", matches[0] ); AI_fatal_err ( "Not supported database type in configuration (supported types: mysql, postgresql)", __FILE__, __LINE__ );
} }
for ( i=0; i < nmatches; i++ ) for ( i=0; i < nmatches; i++ )
@ -648,7 +665,7 @@ static AI_config * AI_parse(char *args)
if ( !strlen ( config->dbhost ) || !strlen ( config->dbname ) || !strlen ( config->dbpass ) || !strlen ( config->dbuser )) if ( !strlen ( config->dbhost ) || !strlen ( config->dbname ) || !strlen ( config->dbpass ) || !strlen ( config->dbuser ))
{ {
_dpd.fatalMsg ( "AIPreproc: Database option used in config, but missing configuration option (all 'host', 'type', 'name', 'user', and 'password' option must be used)\n" ); AI_fatal_err ( "Database option used in config, but missing configuration option (all 'host', 'type', 'name', 'user', and 'password' option must be used)", __FILE__, __LINE__ );
} }
_dpd.logMsg(" Reading alerts from the database %s\n", config->dbname ); _dpd.logMsg(" Reading alerts from the database %s\n", config->dbname );
@ -675,18 +692,18 @@ static AI_config * AI_parse(char *args)
if ( !strcasecmp ( matches[0], "mysql" )) if ( !strcasecmp ( matches[0], "mysql" ))
{ {
#ifndef HAVE_LIBMYSQLCLIENT #ifndef HAVE_LIBMYSQLCLIENT
_dpd.fatalMsg ( "AIPreproc: mysql output set in 'output_database' option but the module was not compiled through --with-mysql option\n" ); AI_fatal_err ( "mysql output set in 'output_database' option but the module was not compiled through --with-mysql option", __FILE__, __LINE__ );
#else #else
config->outdbtype = outdb_mysql; config->outdbtype = outdb_mysql;
#endif #endif
} else if ( !strcasecmp ( matches[0], "postgresql" )) { } else if ( !strcasecmp ( matches[0], "postgresql" )) {
#ifndef HAVE_LIBPQ #ifndef HAVE_LIBPQ
_dpd.fatalMsg ( "AIPreproc: postgresql output set in 'output_database' option but the module was not compiled through --with-postgresql option\n" ); AI_fatal_err ( "postgresql output set in 'output_database' option but the module was not compiled through --with-postgresql option", __FILE__, __LINE__ );
#else #else
config->outdbtype = outdb_postgresql; config->outdbtype = outdb_postgresql;
#endif #endif
} else { } else {
_dpd.fatalMsg ( "AIPreproc: Not supported database '%s' (supported types: mysql, postgresql)\n", matches[0] ); AI_fatal_err ( "Not supported database in configuration (supported types: mysql, postgresql)", __FILE__, __LINE__ );
} }
for ( i=0; i < nmatches; i++ ) for ( i=0; i < nmatches; i++ )
@ -744,7 +761,7 @@ static AI_config * AI_parse(char *args)
if ( !strlen ( config->outdbhost ) || !strlen ( config->outdbname ) || !strlen ( config->outdbpass ) || !strlen ( config->outdbuser )) if ( !strlen ( config->outdbhost ) || !strlen ( config->outdbname ) || !strlen ( config->outdbpass ) || !strlen ( config->outdbuser ))
{ {
_dpd.fatalMsg ( "AIPreproc: Output database option used in config, but missing configuration option (all 'host', 'type', 'name', 'user', and 'password' options must be used)\n" ); AI_fatal_err ( "Output database option used in config, but missing configuration option (all 'host', 'type', 'name', 'user', and 'password' options must be used)", __FILE__, __LINE__ );
} }
AI_outdb_mutex_initialize(); AI_outdb_mutex_initialize();
@ -784,7 +801,7 @@ static AI_config * AI_parse(char *args)
else if ( !strcasecmp ( matches[0], "dst_addr" )) else if ( !strcasecmp ( matches[0], "dst_addr" ))
type = dst_addr; type = dst_addr;
else else
_dpd.fatalMsg ( "AIPreproc: Unknown class type in configuration: '%s'\n", matches[0] ); AI_fatal_err ( "Unknown class type in configuration", __FILE__, __LINE__ );
for ( i=0; i < nmatches; i++ ) for ( i=0; i < nmatches; i++ )
free ( matches[i] ); free ( matches[i] );
@ -796,8 +813,7 @@ static AI_config * AI_parse(char *args)
if ( preg_match ( "name\\s*=\\s*\"([^\"]+)\"", match, &matches, &nmatches ) > 0 ) if ( preg_match ( "name\\s*=\\s*\"([^\"]+)\"", match, &matches, &nmatches ) > 0 )
{ {
if ( strlen( matches[0] ) > sizeof(label) ) if ( strlen( matches[0] ) > sizeof(label) )
_dpd.fatalMsg ( "AIPreproc: Label name too long in configuration: '%s' (maximum allowed length: %d)\n", AI_fatal_err ( "Label name too long in configuration", __FILE__, __LINE__ );
matches[0], sizeof(label) );
strncpy ( label, matches[0], sizeof(label) ); strncpy ( label, matches[0], sizeof(label) );
@ -829,7 +845,7 @@ static AI_config * AI_parse(char *args)
if ( min_val > max_val ) if ( min_val > max_val )
{ {
_dpd.fatalMsg ( "AIPreproc: Parse error in configuration: '%s', minval > maxval\n", arg ); AI_fatal_err ( "Parse error in configuration: minval > maxval", __FILE__, __LINE__ );
} }
for ( i=0; i < nmatches; i++ ) for ( i=0; i < nmatches; i++ )
@ -847,7 +863,7 @@ static AI_config * AI_parse(char *args)
free ( matches ); free ( matches );
matches = NULL; matches = NULL;
} else { } else {
_dpd.fatalMsg ( "AIPreproc: Unallowed format for a port range in configuration file: '%s'\n", arg ); AI_fatal_err ( "Unallowed format for a port range in configuration file", __FILE__, __LINE__ );
} }
break; break;
@ -858,7 +874,7 @@ static AI_config * AI_parse(char *args)
{ {
if (( min_val = inet_addr ( matches[0] )) == INADDR_NONE ) if (( min_val = inet_addr ( matches[0] )) == INADDR_NONE )
{ {
_dpd.fatalMsg ( "AIPreproc: Unallowed IPv4 format in configuration: '%s'\n", matches[0] ); AI_fatal_err ( "Unallowed IPv4 format in configuration", __FILE__, __LINE__ );
for ( i=0; i < nmatches; i++ ) for ( i=0; i < nmatches; i++ )
free ( matches[i] ); free ( matches[i] );
@ -877,7 +893,7 @@ static AI_config * AI_parse(char *args)
if ( netmask > 32 ) if ( netmask > 32 )
{ {
_dpd.fatalMsg ( "AIPreproc: The netmask number of bits should be in [0,32] in '%s'\n", arg ); AI_fatal_err ( "The netmask number of bits should be in [0,32] in configuration file", __FILE__, __LINE__ );
} }
netmask = 1 << (( 8*sizeof ( uint32_t )) - netmask ); netmask = 1 << (( 8*sizeof ( uint32_t )) - netmask );
@ -886,7 +902,7 @@ static AI_config * AI_parse(char *args)
} else if ( preg_match ( "^([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})$", arg, &matches, &nmatches ) > 0 ) { } else if ( preg_match ( "^([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})$", arg, &matches, &nmatches ) > 0 ) {
if (( min_val = inet_addr ( matches[0] )) == INADDR_NONE ) if (( min_val = inet_addr ( matches[0] )) == INADDR_NONE )
{ {
_dpd.fatalMsg ( "AIPreproc: Unallowed IPv4 format in configuration: '%s'\n", matches[0] ); AI_fatal_err ( "Unallowed IPv4 format in configuration", __FILE__, __LINE__ );
for ( i=0; i < nmatches; i++ ) for ( i=0; i < nmatches; i++ )
free ( matches[i] ); free ( matches[i] );
@ -904,7 +920,7 @@ static AI_config * AI_parse(char *args)
min_val = ntohl ( min_val ); min_val = ntohl ( min_val );
max_val = min_val; max_val = min_val;
} else { } else {
_dpd.fatalMsg ( "AIPreproc: Invalid value for an IP address or a subnet in configuration: '%s'\n", arg ); AI_fatal_err ( "Invalid value for an IP address or a subnet in configuration", __FILE__, __LINE__ );
} }
break; break;
@ -935,21 +951,21 @@ static AI_config * AI_parse(char *args)
if ( min_val == -1 || max_val == -1 || type == none || strlen ( label ) == 0 ) if ( min_val == -1 || max_val == -1 || type == none || strlen ( label ) == 0 )
{ {
_dpd.fatalMsg ( "AIPreproc: Invalid cluster in configuration: '%s'\nAll of the following fields are required: class, range, name\n", match ); AI_fatal_err ( "Invalid cluster in configuration\nAll of the following fields are required: class, range, name", __FILE__, __LINE__ );
free ( match ); free ( match );
match = NULL; match = NULL;
} }
if ( !( hierarchy_nodes = ( hierarchy_node** ) realloc ( hierarchy_nodes, (++n_hierarchy_nodes) * sizeof(hierarchy_node) )) ) if ( !( hierarchy_nodes = ( hierarchy_node** ) realloc ( hierarchy_nodes, (++n_hierarchy_nodes) * sizeof(hierarchy_node) )) )
{ {
_dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation failure", __FILE__, __LINE__ );
free ( match ); free ( match );
match = NULL; match = NULL;
} }
if ( !( hierarchy_nodes[ n_hierarchy_nodes - 1 ] = ( hierarchy_node* ) malloc ( sizeof(hierarchy_node) ) )) if ( !( hierarchy_nodes[ n_hierarchy_nodes - 1 ] = ( hierarchy_node* ) malloc ( sizeof(hierarchy_node) ) ))
{ {
_dpd.fatalMsg ( "Fatal dynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ ); AI_fatal_err ( "Fatal dynamic memory allocation failure", __FILE__, __LINE__ );
free ( match ); free ( match );
match = NULL; match = NULL;
} }
@ -1000,8 +1016,8 @@ static AI_config * AI_parse(char *args)
#ifdef HAVE_DB #ifdef HAVE_DB
alertparser_thread = AI_db_alertparser_thread; alertparser_thread = AI_db_alertparser_thread;
#else #else
_dpd.fatalMsg ( "AIPreproc: database logging enabled in config file, but the module was not compiled " AI_fatal_err ( "Database logging enabled in config file, but the module was not compiled "
"with database support (recompile, i.e., with ./configure --with-mysql or --with-postgresql)\n" ); "with database support (recompile, i.e., with ./configure --with-mysql or --with-postgresql)", __FILE__, __LINE__ );
#endif #endif
} else if ( has_alertfile ) { } else if ( has_alertfile ) {
alertparser_thread = AI_file_alertparser_thread; alertparser_thread = AI_file_alertparser_thread;
@ -1017,7 +1033,7 @@ static AI_config * AI_parse(char *args)
{ {
if ( ! hierarchy_nodes ) if ( ! hierarchy_nodes )
{ {
_dpd.fatalMsg ( "AIPreproc: cluster file specified in the configuration but no clusters were specified\n" ); AI_fatal_err ( "Cluster file specified in the configuration but no clusters were specified", __FILE__, __LINE__ );
} }
if ( ! has_clusterfile ) if ( ! has_clusterfile )
@ -1036,7 +1052,7 @@ static AI_config * AI_parse(char *args)
if ( ! has_corr_rules_dir ) if ( ! has_corr_rules_dir )
{ {
#ifndef HAVE_CONFIG_H #ifndef HAVE_CONFIG_H
_dpd.fatalMsg ( "AIPreproc: unable to read PREFIX from config.h\n" ); AI_fatal_err ( "Unable to read PREFIX from config.h", __FILE__, __LINE__ );
#endif #endif
if ( !strcmp ( PREFIX, "/usr" ) || !strcmp ( PREFIX, "/usr/" )) if ( !strcmp ( PREFIX, "/usr" ) || !strcmp ( PREFIX, "/usr/" ))
@ -1071,7 +1087,7 @@ static AI_config * AI_parse(char *args)
#ifdef HAVE_DB #ifdef HAVE_DB
get_alerts = AI_db_get_alerts; get_alerts = AI_db_get_alerts;
#else #else
_dpd.fatalMsg ( "AIPreproc: Using database alert log, but the module was not compiled with database support\n" ); AI_fatal_err ( "Using database alert log, but the module was not compiled with database support", __FILE__, __LINE__ );
#endif #endif
} else { } else {
get_alerts = AI_get_alerts; get_alerts = AI_get_alerts;
@ -1119,7 +1135,7 @@ static void AI_reload(char *args)
{ {
ex_swap_config = sfPolicyConfigCreate(); ex_swap_config = sfPolicyConfigCreate();
if (ex_swap_config == NULL) if (ex_swap_config == NULL)
_dpd.fatalMsg("Could not allocate configuration struct.\n"); AI_fatal_err ( "Could not allocate configuration struct", __FILE__, __LINE__ );
} }
config = AI_parse(args); config = AI_parse(args);

View file

@ -392,6 +392,7 @@ int preg_match ( const char*, char*, char***, int* );
char* str_replace ( char*, char*, char *); char* str_replace ( char*, char*, char *);
char* str_replace_all ( char*, char*, char* ); char* str_replace_all ( char*, char*, char* );
void AI_fatal_err ( const char *msg, const char *file, const int line );
void* AI_hashcleanup_thread ( void* ); void* AI_hashcleanup_thread ( void* );
void* AI_file_alertparser_thread ( void* ); void* AI_file_alertparser_thread ( void* );
void* AI_alert_correlation_thread ( void* ); void* AI_alert_correlation_thread ( void* );

View file

@ -167,9 +167,7 @@ AI_pkt_enqueue ( SFSnortPacket* pkt )
return; return;
if ( !( info = (struct pkt_info*) malloc( sizeof(struct pkt_info) )) ) if ( !( info = (struct pkt_info*) malloc( sizeof(struct pkt_info) )) )
{ AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
_dpd.fatalMsg ( "\nDynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ );
}
memset ( &key, 0, sizeof(struct pkt_key)); memset ( &key, 0, sizeof(struct pkt_key));
key.src_ip = pkt->ip4_header->source.s_addr; key.src_ip = pkt->ip4_header->source.s_addr;
@ -181,9 +179,7 @@ AI_pkt_enqueue ( SFSnortPacket* pkt )
info->next = NULL; info->next = NULL;
if ( !( info->pkt = (SFSnortPacket*) malloc ( sizeof (SFSnortPacket) )) ) if ( !( info->pkt = (SFSnortPacket*) malloc ( sizeof (SFSnortPacket) )) )
{ AI_fatal_err ( "Fatal dynamic memory allocation error", __FILE__, __LINE__ );
_dpd.fatalMsg ( "\nDynamic memory allocation failure at %s:%d\n", __FILE__, __LINE__ );
}
memcpy ( info->pkt, pkt, sizeof (SFSnortPacket) ); memcpy ( info->pkt, pkt, sizeof (SFSnortPacket) );