upgrade to ubuntu 16.04, snort 2.9.9.0, but bugs to be fixed
This commit is contained in:
parent
c4ef724fe5
commit
1c79dd93e8
|
@ -0,0 +1,52 @@
|
|||
# Prerequisites
|
||||
*.d
|
||||
|
||||
# Object files
|
||||
*.o
|
||||
*.ko
|
||||
*.obj
|
||||
*.elf
|
||||
|
||||
# Linker output
|
||||
*.ilk
|
||||
*.map
|
||||
*.exp
|
||||
|
||||
# Precompiled Headers
|
||||
*.gch
|
||||
*.pch
|
||||
|
||||
# Libraries
|
||||
*.lib
|
||||
*.a
|
||||
*.la
|
||||
*.lo
|
||||
|
||||
# Shared objects (inc. Windows DLLs)
|
||||
*.dll
|
||||
*.so
|
||||
*.so.*
|
||||
*.dylib
|
||||
|
||||
# Executables
|
||||
*.exe
|
||||
*.out
|
||||
*.app
|
||||
*.i*86
|
||||
*.x86_64
|
||||
*.hex
|
||||
|
||||
# Debug files
|
||||
*.dSYM/
|
||||
*.su
|
||||
*.idb
|
||||
*.pdb
|
||||
|
||||
# Kernel Module Compile Results
|
||||
*.mod*
|
||||
*.cmd
|
||||
.tmp_versions/
|
||||
modules.order
|
||||
Module.symvers
|
||||
Mkfile.old
|
||||
dkms.conf
|
|
@ -2,9 +2,9 @@
|
|||
|
||||
AUTOMAKE_OPTIONS=foreign no-dependencies
|
||||
|
||||
libdir = ${exec_prefix}/lib/snort_dynamicpreprocessor
|
||||
libdir = ${exec_prefix}/local/lib/snort_dynamicpreprocessor
|
||||
lib_LTLIBRARIES = libsf_ai_preproc.la
|
||||
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./base64 -I./fsom -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} ${LIBPYTHON_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -std=c99 -fstack-protector
|
||||
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./base64 -I./fsom -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} ${LIBPYTHON_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -std=c99 -fstack-protector -lpthread -DHAVE_CONFIG_H
|
||||
libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic
|
||||
|
||||
BUILT_SOURCES = \
|
||||
|
|
448
Makefile.in
448
Makefile.in
|
@ -1,9 +1,8 @@
|
|||
# Makefile.in generated by automake 1.11.1 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.15 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||
# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
|
||||
# Inc.
|
||||
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
|
||||
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
# with or without modifications, as long as this notice is preserved.
|
||||
|
@ -17,6 +16,61 @@
|
|||
|
||||
|
||||
VPATH = @srcdir@
|
||||
am__is_gnu_make = { \
|
||||
if test -z '$(MAKELEVEL)'; then \
|
||||
false; \
|
||||
elif test -n '$(MAKE_HOST)'; then \
|
||||
true; \
|
||||
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
|
||||
true; \
|
||||
else \
|
||||
false; \
|
||||
fi; \
|
||||
}
|
||||
am__make_running_with_option = \
|
||||
case $${target_option-} in \
|
||||
?) ;; \
|
||||
*) echo "am__make_running_with_option: internal error: invalid" \
|
||||
"target option '$${target_option-}' specified" >&2; \
|
||||
exit 1;; \
|
||||
esac; \
|
||||
has_opt=no; \
|
||||
sane_makeflags=$$MAKEFLAGS; \
|
||||
if $(am__is_gnu_make); then \
|
||||
sane_makeflags=$$MFLAGS; \
|
||||
else \
|
||||
case $$MAKEFLAGS in \
|
||||
*\\[\ \ ]*) \
|
||||
bs=\\; \
|
||||
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
|
||||
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
|
||||
esac; \
|
||||
fi; \
|
||||
skip_next=no; \
|
||||
strip_trailopt () \
|
||||
{ \
|
||||
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
|
||||
}; \
|
||||
for flg in $$sane_makeflags; do \
|
||||
test $$skip_next = yes && { skip_next=no; continue; }; \
|
||||
case $$flg in \
|
||||
*=*|--*) continue;; \
|
||||
-*I) strip_trailopt 'I'; skip_next=yes;; \
|
||||
-*I?*) strip_trailopt 'I';; \
|
||||
-*O) strip_trailopt 'O'; skip_next=yes;; \
|
||||
-*O?*) strip_trailopt 'O';; \
|
||||
-*l) strip_trailopt 'l'; skip_next=yes;; \
|
||||
-*l?*) strip_trailopt 'l';; \
|
||||
-[dEDm]) skip_next=yes;; \
|
||||
-[JT]) skip_next=yes;; \
|
||||
esac; \
|
||||
case $$flg in \
|
||||
*$$target_option*) has_opt=yes; break;; \
|
||||
esac; \
|
||||
done; \
|
||||
test $$has_opt = yes
|
||||
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
|
||||
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
|
||||
pkgdatadir = $(datadir)/@PACKAGE@
|
||||
pkgincludedir = $(includedir)/@PACKAGE@
|
||||
pkglibdir = $(libdir)/@PACKAGE@
|
||||
|
@ -36,10 +90,6 @@ POST_UNINSTALL = :
|
|||
build_triplet = @build@
|
||||
host_triplet = @host@
|
||||
subdir = .
|
||||
DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
|
||||
$(srcdir)/Makefile.in $(srcdir)/config.h.in \
|
||||
$(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \
|
||||
TODO config.guess config.sub install-sh ltmain.sh missing
|
||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
|
||||
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
|
||||
|
@ -47,6 +97,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
|
|||
$(top_srcdir)/configure.ac
|
||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||
$(ACLOCAL_M4)
|
||||
DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
|
||||
$(am__configure_deps) $(am__DIST_COMMON)
|
||||
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
|
||||
configure.lineno config.status.lineno
|
||||
mkinstalldirs = $(install_sh) -d
|
||||
|
@ -74,6 +126,12 @@ am__nobase_list = $(am__nobase_strip_setup); \
|
|||
am__base_list = \
|
||||
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
|
||||
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
|
||||
am__uninstall_files_from_dir = { \
|
||||
test -z "$$files" \
|
||||
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|
||||
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
|
||||
$(am__cd) "$$dir" && rm -f $$files; }; \
|
||||
}
|
||||
am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(corr_rulesdir)" \
|
||||
"$(DESTDIR)$(sharedir)"
|
||||
LTLIBRARIES = $(lib_LTLIBRARIES)
|
||||
|
@ -97,42 +155,102 @@ nodist_libsf_ai_preproc_la_OBJECTS = \
|
|||
libsf_ai_preproc_la-sfPolicyUserData.lo
|
||||
libsf_ai_preproc_la_OBJECTS = $(am_libsf_ai_preproc_la_OBJECTS) \
|
||||
$(nodist_libsf_ai_preproc_la_OBJECTS)
|
||||
libsf_ai_preproc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
|
||||
$(LIBTOOLFLAGS) --mode=link $(CCLD) \
|
||||
AM_V_lt = $(am__v_lt_@AM_V@)
|
||||
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
|
||||
am__v_lt_0 = --silent
|
||||
am__v_lt_1 =
|
||||
libsf_ai_preproc_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
|
||||
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
|
||||
$(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) \
|
||||
$(libsf_ai_preproc_la_LDFLAGS) $(LDFLAGS) -o $@
|
||||
AM_V_P = $(am__v_P_@AM_V@)
|
||||
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
|
||||
am__v_P_0 = false
|
||||
am__v_P_1 = :
|
||||
AM_V_GEN = $(am__v_GEN_@AM_V@)
|
||||
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
|
||||
am__v_GEN_0 = @echo " GEN " $@;
|
||||
am__v_GEN_1 =
|
||||
AM_V_at = $(am__v_at_@AM_V@)
|
||||
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
|
||||
am__v_at_0 = @
|
||||
am__v_at_1 =
|
||||
DEFAULT_INCLUDES = -I.@am__isrc@
|
||||
depcomp =
|
||||
am__depfiles_maybe =
|
||||
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
|
||||
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
|
||||
LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
|
||||
--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
|
||||
$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
|
||||
LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
|
||||
$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
|
||||
$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
|
||||
$(AM_CFLAGS) $(CFLAGS)
|
||||
AM_V_CC = $(am__v_CC_@AM_V@)
|
||||
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
|
||||
am__v_CC_0 = @echo " CC " $@;
|
||||
am__v_CC_1 =
|
||||
CCLD = $(CC)
|
||||
LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
|
||||
--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
|
||||
$(LDFLAGS) -o $@
|
||||
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
|
||||
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
|
||||
$(AM_LDFLAGS) $(LDFLAGS) -o $@
|
||||
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
|
||||
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
|
||||
am__v_CCLD_0 = @echo " CCLD " $@;
|
||||
am__v_CCLD_1 =
|
||||
SOURCES = $(libsf_ai_preproc_la_SOURCES) \
|
||||
$(nodist_libsf_ai_preproc_la_SOURCES)
|
||||
DIST_SOURCES = $(libsf_ai_preproc_la_SOURCES)
|
||||
am__can_run_installinfo = \
|
||||
case $$AM_UPDATE_INFO_DIR in \
|
||||
n|no|NO) false;; \
|
||||
*) (install-info --version) >/dev/null 2>&1;; \
|
||||
esac
|
||||
DATA = $(corr_rules_DATA) $(share_DATA)
|
||||
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
|
||||
$(LISP)config.h.in
|
||||
# Read a list of newline-separated strings from the standard input,
|
||||
# and print each of them once, without duplicates. Input order is
|
||||
# *not* preserved.
|
||||
am__uniquify_input = $(AWK) '\
|
||||
BEGIN { nonempty = 0; } \
|
||||
{ items[$$0] = 1; nonempty = 1; } \
|
||||
END { if (nonempty) { for (i in items) print i; }; } \
|
||||
'
|
||||
# Make sure the list of sources is unique. This is necessary because,
|
||||
# e.g., the same source file might be shared among _SOURCES variables
|
||||
# for different programs/libraries.
|
||||
am__define_uniq_tagged_files = \
|
||||
list='$(am__tagged_files)'; \
|
||||
unique=`for i in $$list; do \
|
||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||
done | $(am__uniquify_input)`
|
||||
ETAGS = etags
|
||||
CTAGS = ctags
|
||||
CSCOPE = cscope
|
||||
AM_RECURSIVE_TARGETS = cscope
|
||||
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in AUTHORS \
|
||||
COPYING ChangeLog INSTALL NEWS README TODO compile \
|
||||
config.guess config.sub install-sh ltmain.sh missing
|
||||
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
||||
distdir = $(PACKAGE)-$(VERSION)
|
||||
top_distdir = $(distdir)
|
||||
am__remove_distdir = \
|
||||
{ test ! -d "$(distdir)" \
|
||||
|| { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
|
||||
&& rm -fr "$(distdir)"; }; }
|
||||
if test -d "$(distdir)"; then \
|
||||
find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
|
||||
&& rm -rf "$(distdir)" \
|
||||
|| { sleep 5 && rm -rf "$(distdir)"; }; \
|
||||
else :; fi
|
||||
am__post_remove_distdir = $(am__remove_distdir)
|
||||
DIST_ARCHIVES = $(distdir).tar.gz
|
||||
GZIP_ENV = --best
|
||||
DIST_TARGETS = dist-gzip
|
||||
distuninstallcheck_listfiles = find . -type f -print
|
||||
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
|
||||
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
|
||||
distcleancheck_listfiles = find . -type f -print
|
||||
ACLOCAL = @ACLOCAL@
|
||||
ALLOCA = @ALLOCA@
|
||||
AMTAR = @AMTAR@
|
||||
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
|
||||
AR = @AR@
|
||||
AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
|
@ -147,6 +265,7 @@ CPPFLAGS = @CPPFLAGS@
|
|||
CYGPATH_W = @CYGPATH_W@
|
||||
DEFS = @DEFS@
|
||||
DEPDIR = @DEPDIR@
|
||||
DLLTOOL = @DLLTOOL@
|
||||
DOC_PREFIX = @DOC_PREFIX@
|
||||
DSYMUTIL = @DSYMUTIL@
|
||||
DUMPBIN = @DUMPBIN@
|
||||
|
@ -173,7 +292,9 @@ LIBXML2_INCLUDES = @LIBXML2_INCLUDES@
|
|||
LIPO = @LIPO@
|
||||
LN_S = @LN_S@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MANIFEST_TOOL = @MANIFEST_TOOL@
|
||||
MKDIR_P = @MKDIR_P@
|
||||
NM = @NM@
|
||||
NMEDIT = @NMEDIT@
|
||||
|
@ -200,6 +321,7 @@ abs_builddir = @abs_builddir@
|
|||
abs_srcdir = @abs_srcdir@
|
||||
abs_top_builddir = @abs_top_builddir@
|
||||
abs_top_srcdir = @abs_top_srcdir@
|
||||
ac_ct_AR = @ac_ct_AR@
|
||||
ac_ct_CC = @ac_ct_CC@
|
||||
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
|
||||
am__include = @am__include@
|
||||
|
@ -229,11 +351,10 @@ htmldir = @htmldir@
|
|||
includedir = @includedir@
|
||||
infodir = @infodir@
|
||||
install_sh = @install_sh@
|
||||
libdir = ${exec_prefix}/lib/snort_dynamicpreprocessor
|
||||
libdir = ${exec_prefix}/local/lib/snort_dynamicpreprocessor
|
||||
libexecdir = @libexecdir@
|
||||
localedir = @localedir@
|
||||
localstatedir = @localstatedir@
|
||||
lt_ECHO = @lt_ECHO@
|
||||
mandir = @mandir@
|
||||
mkdir_p = @mkdir_p@
|
||||
oldincludedir = @oldincludedir@
|
||||
|
@ -241,6 +362,7 @@ pdfdir = @pdfdir@
|
|||
prefix = @prefix@
|
||||
program_transform_name = @program_transform_name@
|
||||
psdir = @psdir@
|
||||
runstatedir = @runstatedir@
|
||||
sbindir = @sbindir@
|
||||
sharedstatedir = @sharedstatedir@
|
||||
srcdir = @srcdir@
|
||||
|
@ -251,7 +373,7 @@ top_builddir = @top_builddir@
|
|||
top_srcdir = @top_srcdir@
|
||||
AUTOMAKE_OPTIONS = foreign no-dependencies
|
||||
lib_LTLIBRARIES = libsf_ai_preproc.la
|
||||
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./base64 -I./fsom -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} ${LIBPYTHON_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -std=c99 -fstack-protector
|
||||
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./base64 -I./fsom -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} ${LIBPYTHON_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -std=c99 -fstack-protector -lpthread -DHAVE_CONFIG_H
|
||||
libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic
|
||||
BUILT_SOURCES = \
|
||||
include/sf_dynamic_preproc_lib.c \
|
||||
|
@ -298,7 +420,7 @@ all: $(BUILT_SOURCES) config.h
|
|||
|
||||
.SUFFIXES:
|
||||
.SUFFIXES: .c .lo .o .obj
|
||||
am--refresh:
|
||||
am--refresh: Makefile
|
||||
@:
|
||||
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
|
||||
@for dep in $?; do \
|
||||
|
@ -313,7 +435,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
|
|||
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
|
||||
$(am__cd) $(top_srcdir) && \
|
||||
$(AUTOMAKE) --foreign Makefile
|
||||
.PRECIOUS: Makefile
|
||||
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
|
||||
@case '$?' in \
|
||||
*config.status*) \
|
||||
|
@ -334,10 +455,8 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
|
|||
$(am__aclocal_m4_deps):
|
||||
|
||||
config.h: stamp-h1
|
||||
@if test ! -f $@; then \
|
||||
rm -f stamp-h1; \
|
||||
$(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
|
||||
else :; fi
|
||||
@test -f $@ || rm -f stamp-h1
|
||||
@test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1
|
||||
|
||||
stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
|
||||
@rm -f stamp-h1
|
||||
|
@ -349,9 +468,9 @@ $(srcdir)/config.h.in: $(am__configure_deps)
|
|||
|
||||
distclean-hdr:
|
||||
-rm -f config.h stamp-h1
|
||||
|
||||
install-libLTLIBRARIES: $(lib_LTLIBRARIES)
|
||||
@$(NORMAL_INSTALL)
|
||||
test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
|
||||
@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
|
||||
list2=; for p in $$list; do \
|
||||
if test -f $$p; then \
|
||||
|
@ -359,6 +478,8 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES)
|
|||
else :; fi; \
|
||||
done; \
|
||||
test -z "$$list2" || { \
|
||||
echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
|
||||
$(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
|
||||
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
|
||||
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
|
||||
}
|
||||
|
@ -374,14 +495,17 @@ uninstall-libLTLIBRARIES:
|
|||
|
||||
clean-libLTLIBRARIES:
|
||||
-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
|
||||
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
|
||||
dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
|
||||
test "$$dir" != "$$p" || dir=.; \
|
||||
echo "rm -f \"$${dir}/so_locations\""; \
|
||||
rm -f "$${dir}/so_locations"; \
|
||||
done
|
||||
libsf_ai_preproc.la: $(libsf_ai_preproc_la_OBJECTS) $(libsf_ai_preproc_la_DEPENDENCIES)
|
||||
$(libsf_ai_preproc_la_LINK) -rpath $(libdir) $(libsf_ai_preproc_la_OBJECTS) $(libsf_ai_preproc_la_LIBADD) $(LIBS)
|
||||
@list='$(lib_LTLIBRARIES)'; \
|
||||
locs=`for p in $$list; do echo $$p; done | \
|
||||
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
|
||||
sort -u`; \
|
||||
test -z "$$locs" || { \
|
||||
echo rm -f $${locs}; \
|
||||
rm -f $${locs}; \
|
||||
}
|
||||
|
||||
libsf_ai_preproc.la: $(libsf_ai_preproc_la_OBJECTS) $(libsf_ai_preproc_la_DEPENDENCIES) $(EXTRA_libsf_ai_preproc_la_DEPENDENCIES)
|
||||
$(AM_V_CCLD)$(libsf_ai_preproc_la_LINK) -rpath $(libdir) $(libsf_ai_preproc_la_OBJECTS) $(libsf_ai_preproc_la_LIBADD) $(LIBS)
|
||||
|
||||
mostlyclean-compile:
|
||||
-rm -f *.$(OBJEXT)
|
||||
|
@ -390,91 +514,91 @@ distclean-compile:
|
|||
-rm -f *.tab.c
|
||||
|
||||
.c.o:
|
||||
$(COMPILE) -c $<
|
||||
$(AM_V_CC)$(COMPILE) -c -o $@ $<
|
||||
|
||||
.c.obj:
|
||||
$(COMPILE) -c `$(CYGPATH_W) '$<'`
|
||||
$(AM_V_CC)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
|
||||
|
||||
.c.lo:
|
||||
$(LTCOMPILE) -c -o $@ $<
|
||||
$(AM_V_CC)$(LTCOMPILE) -c -o $@ $<
|
||||
|
||||
libsf_ai_preproc_la-alert_history.lo: alert_history.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-alert_history.lo `test -f 'alert_history.c' || echo '$(srcdir)/'`alert_history.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-alert_history.lo `test -f 'alert_history.c' || echo '$(srcdir)/'`alert_history.c
|
||||
|
||||
libsf_ai_preproc_la-alert_parser.lo: alert_parser.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-alert_parser.lo `test -f 'alert_parser.c' || echo '$(srcdir)/'`alert_parser.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-alert_parser.lo `test -f 'alert_parser.c' || echo '$(srcdir)/'`alert_parser.c
|
||||
|
||||
libsf_ai_preproc_la-base64.lo: base64/base64.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-base64.lo `test -f 'base64/base64.c' || echo '$(srcdir)/'`base64/base64.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-base64.lo `test -f 'base64/base64.c' || echo '$(srcdir)/'`base64/base64.c
|
||||
|
||||
libsf_ai_preproc_la-cdecode.lo: base64/cdecode.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cdecode.lo `test -f 'base64/cdecode.c' || echo '$(srcdir)/'`base64/cdecode.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cdecode.lo `test -f 'base64/cdecode.c' || echo '$(srcdir)/'`base64/cdecode.c
|
||||
|
||||
libsf_ai_preproc_la-cencode.lo: base64/cencode.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cencode.lo `test -f 'base64/cencode.c' || echo '$(srcdir)/'`base64/cencode.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cencode.lo `test -f 'base64/cencode.c' || echo '$(srcdir)/'`base64/cencode.c
|
||||
|
||||
libsf_ai_preproc_la-bayesian.lo: bayesian.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-bayesian.lo `test -f 'bayesian.c' || echo '$(srcdir)/'`bayesian.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-bayesian.lo `test -f 'bayesian.c' || echo '$(srcdir)/'`bayesian.c
|
||||
|
||||
libsf_ai_preproc_la-cluster.lo: cluster.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cluster.lo `test -f 'cluster.c' || echo '$(srcdir)/'`cluster.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cluster.lo `test -f 'cluster.c' || echo '$(srcdir)/'`cluster.c
|
||||
|
||||
libsf_ai_preproc_la-correlation.lo: correlation.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-correlation.lo `test -f 'correlation.c' || echo '$(srcdir)/'`correlation.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-correlation.lo `test -f 'correlation.c' || echo '$(srcdir)/'`correlation.c
|
||||
|
||||
libsf_ai_preproc_la-db.lo: db.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
|
||||
|
||||
libsf_ai_preproc_la-kmeans.lo: fkmeans/kmeans.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-kmeans.lo `test -f 'fkmeans/kmeans.c' || echo '$(srcdir)/'`fkmeans/kmeans.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-kmeans.lo `test -f 'fkmeans/kmeans.c' || echo '$(srcdir)/'`fkmeans/kmeans.c
|
||||
|
||||
libsf_ai_preproc_la-fsom.lo: fsom/fsom.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-fsom.lo `test -f 'fsom/fsom.c' || echo '$(srcdir)/'`fsom/fsom.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-fsom.lo `test -f 'fsom/fsom.c' || echo '$(srcdir)/'`fsom/fsom.c
|
||||
|
||||
libsf_ai_preproc_la-geo.lo: geo.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-geo.lo `test -f 'geo.c' || echo '$(srcdir)/'`geo.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-geo.lo `test -f 'geo.c' || echo '$(srcdir)/'`geo.c
|
||||
|
||||
libsf_ai_preproc_la-kb.lo: kb.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-kb.lo `test -f 'kb.c' || echo '$(srcdir)/'`kb.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-kb.lo `test -f 'kb.c' || echo '$(srcdir)/'`kb.c
|
||||
|
||||
libsf_ai_preproc_la-manual.lo: manual.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-manual.lo `test -f 'manual.c' || echo '$(srcdir)/'`manual.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-manual.lo `test -f 'manual.c' || echo '$(srcdir)/'`manual.c
|
||||
|
||||
libsf_ai_preproc_la-modules.lo: modules.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-modules.lo `test -f 'modules.c' || echo '$(srcdir)/'`modules.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-modules.lo `test -f 'modules.c' || echo '$(srcdir)/'`modules.c
|
||||
|
||||
libsf_ai_preproc_la-mysql.lo: mysql.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-mysql.lo `test -f 'mysql.c' || echo '$(srcdir)/'`mysql.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-mysql.lo `test -f 'mysql.c' || echo '$(srcdir)/'`mysql.c
|
||||
|
||||
libsf_ai_preproc_la-neural.lo: neural.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-neural.lo `test -f 'neural.c' || echo '$(srcdir)/'`neural.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-neural.lo `test -f 'neural.c' || echo '$(srcdir)/'`neural.c
|
||||
|
||||
libsf_ai_preproc_la-neural_cluster.lo: neural_cluster.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-neural_cluster.lo `test -f 'neural_cluster.c' || echo '$(srcdir)/'`neural_cluster.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-neural_cluster.lo `test -f 'neural_cluster.c' || echo '$(srcdir)/'`neural_cluster.c
|
||||
|
||||
libsf_ai_preproc_la-outdb.lo: outdb.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-outdb.lo `test -f 'outdb.c' || echo '$(srcdir)/'`outdb.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-outdb.lo `test -f 'outdb.c' || echo '$(srcdir)/'`outdb.c
|
||||
|
||||
libsf_ai_preproc_la-postgresql.lo: postgresql.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-postgresql.lo `test -f 'postgresql.c' || echo '$(srcdir)/'`postgresql.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-postgresql.lo `test -f 'postgresql.c' || echo '$(srcdir)/'`postgresql.c
|
||||
|
||||
libsf_ai_preproc_la-regex.lo: regex.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-regex.lo `test -f 'regex.c' || echo '$(srcdir)/'`regex.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-regex.lo `test -f 'regex.c' || echo '$(srcdir)/'`regex.c
|
||||
|
||||
libsf_ai_preproc_la-spp_ai.lo: spp_ai.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-spp_ai.lo `test -f 'spp_ai.c' || echo '$(srcdir)/'`spp_ai.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-spp_ai.lo `test -f 'spp_ai.c' || echo '$(srcdir)/'`spp_ai.c
|
||||
|
||||
libsf_ai_preproc_la-stream.lo: stream.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-stream.lo `test -f 'stream.c' || echo '$(srcdir)/'`stream.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-stream.lo `test -f 'stream.c' || echo '$(srcdir)/'`stream.c
|
||||
|
||||
libsf_ai_preproc_la-webserv.lo: webserv.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-webserv.lo `test -f 'webserv.c' || echo '$(srcdir)/'`webserv.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-webserv.lo `test -f 'webserv.c' || echo '$(srcdir)/'`webserv.c
|
||||
|
||||
libsf_ai_preproc_la-sf_dynamic_preproc_lib.lo: include/sf_dynamic_preproc_lib.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-sf_dynamic_preproc_lib.lo `test -f 'include/sf_dynamic_preproc_lib.c' || echo '$(srcdir)/'`include/sf_dynamic_preproc_lib.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-sf_dynamic_preproc_lib.lo `test -f 'include/sf_dynamic_preproc_lib.c' || echo '$(srcdir)/'`include/sf_dynamic_preproc_lib.c
|
||||
|
||||
libsf_ai_preproc_la-sfPolicyUserData.lo: include/sfPolicyUserData.c
|
||||
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-sfPolicyUserData.lo `test -f 'include/sfPolicyUserData.c' || echo '$(srcdir)/'`include/sfPolicyUserData.c
|
||||
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-sfPolicyUserData.lo `test -f 'include/sfPolicyUserData.c' || echo '$(srcdir)/'`include/sfPolicyUserData.c
|
||||
|
||||
mostlyclean-libtool:
|
||||
-rm -f *.lo
|
||||
|
@ -486,8 +610,11 @@ distclean-libtool:
|
|||
-rm -f libtool config.lt
|
||||
install-corr_rulesDATA: $(corr_rules_DATA)
|
||||
@$(NORMAL_INSTALL)
|
||||
test -z "$(corr_rulesdir)" || $(MKDIR_P) "$(DESTDIR)$(corr_rulesdir)"
|
||||
@list='$(corr_rules_DATA)'; test -n "$(corr_rulesdir)" || list=; \
|
||||
if test -n "$$list"; then \
|
||||
echo " $(MKDIR_P) '$(DESTDIR)$(corr_rulesdir)'"; \
|
||||
$(MKDIR_P) "$(DESTDIR)$(corr_rulesdir)" || exit 1; \
|
||||
fi; \
|
||||
for p in $$list; do \
|
||||
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
|
||||
echo "$$d$$p"; \
|
||||
|
@ -501,13 +628,14 @@ uninstall-corr_rulesDATA:
|
|||
@$(NORMAL_UNINSTALL)
|
||||
@list='$(corr_rules_DATA)'; test -n "$(corr_rulesdir)" || list=; \
|
||||
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
|
||||
test -n "$$files" || exit 0; \
|
||||
echo " ( cd '$(DESTDIR)$(corr_rulesdir)' && rm -f" $$files ")"; \
|
||||
cd "$(DESTDIR)$(corr_rulesdir)" && rm -f $$files
|
||||
dir='$(DESTDIR)$(corr_rulesdir)'; $(am__uninstall_files_from_dir)
|
||||
install-shareDATA: $(share_DATA)
|
||||
@$(NORMAL_INSTALL)
|
||||
test -z "$(sharedir)" || $(MKDIR_P) "$(DESTDIR)$(sharedir)"
|
||||
@list='$(share_DATA)'; test -n "$(sharedir)" || list=; \
|
||||
if test -n "$$list"; then \
|
||||
echo " $(MKDIR_P) '$(DESTDIR)$(sharedir)'"; \
|
||||
$(MKDIR_P) "$(DESTDIR)$(sharedir)" || exit 1; \
|
||||
fi; \
|
||||
for p in $$list; do \
|
||||
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
|
||||
echo "$$d$$p"; \
|
||||
|
@ -521,30 +649,17 @@ uninstall-shareDATA:
|
|||
@$(NORMAL_UNINSTALL)
|
||||
@list='$(share_DATA)'; test -n "$(sharedir)" || list=; \
|
||||
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
|
||||
test -n "$$files" || exit 0; \
|
||||
echo " ( cd '$(DESTDIR)$(sharedir)' && rm -f" $$files ")"; \
|
||||
cd "$(DESTDIR)$(sharedir)" && rm -f $$files
|
||||
dir='$(DESTDIR)$(sharedir)'; $(am__uninstall_files_from_dir)
|
||||
|
||||
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
|
||||
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
|
||||
unique=`for i in $$list; do \
|
||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||
done | \
|
||||
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
|
||||
END { if (nonempty) { for (i in files) print i; }; }'`; \
|
||||
mkid -fID $$unique
|
||||
tags: TAGS
|
||||
ID: $(am__tagged_files)
|
||||
$(am__define_uniq_tagged_files); mkid -fID $$unique
|
||||
tags: tags-am
|
||||
TAGS: tags
|
||||
|
||||
TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
|
||||
$(TAGS_FILES) $(LISP)
|
||||
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
|
||||
set x; \
|
||||
here=`pwd`; \
|
||||
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
|
||||
unique=`for i in $$list; do \
|
||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||
done | \
|
||||
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
|
||||
END { if (nonempty) { for (i in files) print i; }; }'`; \
|
||||
$(am__define_uniq_tagged_files); \
|
||||
shift; \
|
||||
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
|
||||
test -n "$$unique" || unique=$$empty_fix; \
|
||||
|
@ -556,15 +671,11 @@ TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
|
|||
$$unique; \
|
||||
fi; \
|
||||
fi
|
||||
ctags: CTAGS
|
||||
CTAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
|
||||
$(TAGS_FILES) $(LISP)
|
||||
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
|
||||
unique=`for i in $$list; do \
|
||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||
done | \
|
||||
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
|
||||
END { if (nonempty) { for (i in files) print i; }; }'`; \
|
||||
ctags: ctags-am
|
||||
|
||||
CTAGS: ctags
|
||||
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
|
||||
$(am__define_uniq_tagged_files); \
|
||||
test -z "$(CTAGS_ARGS)$$unique" \
|
||||
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
|
||||
$$unique
|
||||
|
@ -573,9 +684,31 @@ GTAGS:
|
|||
here=`$(am__cd) $(top_builddir) && pwd` \
|
||||
&& $(am__cd) $(top_srcdir) \
|
||||
&& gtags -i $(GTAGS_ARGS) "$$here"
|
||||
cscope: cscope.files
|
||||
test ! -s cscope.files \
|
||||
|| $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS)
|
||||
clean-cscope:
|
||||
-rm -f cscope.files
|
||||
cscope.files: clean-cscope cscopelist
|
||||
cscopelist: cscopelist-am
|
||||
|
||||
cscopelist-am: $(am__tagged_files)
|
||||
list='$(am__tagged_files)'; \
|
||||
case "$(srcdir)" in \
|
||||
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
|
||||
*) sdir=$(subdir)/$(srcdir) ;; \
|
||||
esac; \
|
||||
for i in $$list; do \
|
||||
if test -f "$$i"; then \
|
||||
echo "$(subdir)/$$i"; \
|
||||
else \
|
||||
echo "$$sdir/$$i"; \
|
||||
fi; \
|
||||
done >> $(top_builddir)/cscope.files
|
||||
|
||||
distclean-tags:
|
||||
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
|
||||
-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
|
||||
|
||||
distdir: $(DISTFILES)
|
||||
$(am__remove_distdir)
|
||||
|
@ -618,36 +751,42 @@ distdir: $(DISTFILES)
|
|||
|| chmod -R a+r "$(distdir)"
|
||||
dist-gzip: distdir
|
||||
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
|
||||
$(am__remove_distdir)
|
||||
$(am__post_remove_distdir)
|
||||
|
||||
dist-bzip2: distdir
|
||||
tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
|
||||
$(am__remove_distdir)
|
||||
tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
|
||||
$(am__post_remove_distdir)
|
||||
|
||||
dist-lzma: distdir
|
||||
tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
|
||||
$(am__remove_distdir)
|
||||
dist-lzip: distdir
|
||||
tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
|
||||
$(am__post_remove_distdir)
|
||||
|
||||
dist-xz: distdir
|
||||
tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
|
||||
$(am__remove_distdir)
|
||||
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
|
||||
$(am__post_remove_distdir)
|
||||
|
||||
dist-tarZ: distdir
|
||||
@echo WARNING: "Support for distribution archives compressed with" \
|
||||
"legacy program 'compress' is deprecated." >&2
|
||||
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
|
||||
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
|
||||
$(am__remove_distdir)
|
||||
$(am__post_remove_distdir)
|
||||
|
||||
dist-shar: distdir
|
||||
@echo WARNING: "Support for shar distribution archives is" \
|
||||
"deprecated." >&2
|
||||
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
|
||||
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
|
||||
$(am__remove_distdir)
|
||||
$(am__post_remove_distdir)
|
||||
|
||||
dist-zip: distdir
|
||||
-rm -f $(distdir).zip
|
||||
zip -rq $(distdir).zip $(distdir)
|
||||
$(am__remove_distdir)
|
||||
$(am__post_remove_distdir)
|
||||
|
||||
dist dist-all: distdir
|
||||
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
|
||||
$(am__remove_distdir)
|
||||
dist dist-all:
|
||||
$(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:'
|
||||
$(am__post_remove_distdir)
|
||||
|
||||
# This target untars the dist file and tries a VPATH configuration. Then
|
||||
# it guarantees that the distribution is self-contained by making another
|
||||
|
@ -658,8 +797,8 @@ distcheck: dist
|
|||
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
|
||||
*.tar.bz2*) \
|
||||
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
|
||||
*.tar.lzma*) \
|
||||
lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
|
||||
*.tar.lz*) \
|
||||
lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
|
||||
*.tar.xz*) \
|
||||
xz -dc $(distdir).tar.xz | $(am__untar) ;;\
|
||||
*.tar.Z*) \
|
||||
|
@ -669,17 +808,19 @@ distcheck: dist
|
|||
*.zip*) \
|
||||
unzip $(distdir).zip ;;\
|
||||
esac
|
||||
chmod -R a-w $(distdir); chmod a+w $(distdir)
|
||||
mkdir $(distdir)/_build
|
||||
mkdir $(distdir)/_inst
|
||||
chmod -R a-w $(distdir)
|
||||
chmod u+w $(distdir)
|
||||
mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
|
||||
chmod a-w $(distdir)
|
||||
test -d $(distdir)/_build || exit 0; \
|
||||
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
|
||||
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
|
||||
&& am__cwd=`pwd` \
|
||||
&& $(am__cd) $(distdir)/_build \
|
||||
&& ../configure --srcdir=.. --prefix="$$dc_install_base" \
|
||||
&& $(am__cd) $(distdir)/_build/sub \
|
||||
&& ../../configure \
|
||||
$(AM_DISTCHECK_CONFIGURE_FLAGS) \
|
||||
$(DISTCHECK_CONFIGURE_FLAGS) \
|
||||
--srcdir=../.. --prefix="$$dc_install_base" \
|
||||
&& $(MAKE) $(AM_MAKEFLAGS) \
|
||||
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
|
||||
&& $(MAKE) $(AM_MAKEFLAGS) check \
|
||||
|
@ -702,13 +843,21 @@ distcheck: dist
|
|||
&& $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
|
||||
&& cd "$$am__cwd" \
|
||||
|| exit 1
|
||||
$(am__remove_distdir)
|
||||
$(am__post_remove_distdir)
|
||||
@(echo "$(distdir) archives ready for distribution: "; \
|
||||
list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
|
||||
sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
|
||||
distuninstallcheck:
|
||||
@$(am__cd) '$(distuninstallcheck_dir)' \
|
||||
&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
|
||||
@test -n '$(distuninstallcheck_dir)' || { \
|
||||
echo 'ERROR: trying to run $@ with an empty' \
|
||||
'$$(distuninstallcheck_dir)' >&2; \
|
||||
exit 1; \
|
||||
}; \
|
||||
$(am__cd) '$(distuninstallcheck_dir)' || { \
|
||||
echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \
|
||||
exit 1; \
|
||||
}; \
|
||||
test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \
|
||||
|| { echo "ERROR: files left after uninstall:" ; \
|
||||
if test -n "$(DESTDIR)"; then \
|
||||
echo " (check DESTDIR support)"; \
|
||||
|
@ -743,10 +892,15 @@ install-am: all-am
|
|||
|
||||
installcheck: installcheck-am
|
||||
install-strip:
|
||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||
`test -z '$(STRIP)' || \
|
||||
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
|
||||
if test -z '$(STRIP)'; then \
|
||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||
install; \
|
||||
else \
|
||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
|
||||
fi
|
||||
mostlyclean-generic:
|
||||
|
||||
clean-generic:
|
||||
|
@ -835,24 +989,26 @@ uninstall-am: uninstall-corr_rulesDATA uninstall-libLTLIBRARIES \
|
|||
|
||||
.MAKE: all check install install-am install-data-am install-strip
|
||||
|
||||
.PHONY: CTAGS GTAGS all all-am am--refresh check check-am clean \
|
||||
clean-generic clean-libLTLIBRARIES clean-libtool ctags dist \
|
||||
dist-all dist-bzip2 dist-gzip dist-lzma dist-shar dist-tarZ \
|
||||
dist-xz dist-zip distcheck distclean distclean-compile \
|
||||
distclean-generic distclean-hdr distclean-libtool \
|
||||
distclean-tags distcleancheck distdir distuninstallcheck dvi \
|
||||
dvi-am html html-am info info-am install install-am \
|
||||
install-corr_rulesDATA install-data install-data-am \
|
||||
install-data-hook install-dvi install-dvi-am install-exec \
|
||||
install-exec-am install-html install-html-am install-info \
|
||||
install-info-am install-libLTLIBRARIES install-man install-pdf \
|
||||
install-pdf-am install-ps install-ps-am install-shareDATA \
|
||||
install-strip installcheck installcheck-am installdirs \
|
||||
maintainer-clean maintainer-clean-generic mostlyclean \
|
||||
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
|
||||
pdf pdf-am ps ps-am tags uninstall uninstall-am \
|
||||
uninstall-corr_rulesDATA uninstall-libLTLIBRARIES \
|
||||
uninstall-shareDATA
|
||||
.PHONY: CTAGS GTAGS TAGS all all-am am--refresh check check-am clean \
|
||||
clean-cscope clean-generic clean-libLTLIBRARIES clean-libtool \
|
||||
cscope cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \
|
||||
dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \
|
||||
distcheck distclean distclean-compile distclean-generic \
|
||||
distclean-hdr distclean-libtool distclean-tags distcleancheck \
|
||||
distdir distuninstallcheck dvi dvi-am html html-am info \
|
||||
info-am install install-am install-corr_rulesDATA install-data \
|
||||
install-data-am install-data-hook install-dvi install-dvi-am \
|
||||
install-exec install-exec-am install-html install-html-am \
|
||||
install-info install-info-am install-libLTLIBRARIES \
|
||||
install-man install-pdf install-pdf-am install-ps \
|
||||
install-ps-am install-shareDATA install-strip installcheck \
|
||||
installcheck-am installdirs maintainer-clean \
|
||||
maintainer-clean-generic mostlyclean mostlyclean-compile \
|
||||
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
|
||||
tags tags-am uninstall uninstall-am uninstall-corr_rulesDATA \
|
||||
uninstall-libLTLIBRARIES uninstall-shareDATA
|
||||
|
||||
.PRECIOUS: Makefile
|
||||
|
||||
|
||||
doc:
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -137,7 +137,7 @@ AI_file_alertparser_thread ( void* arg )
|
|||
AI_geoip_cache *found = NULL;
|
||||
AI_snort_alert *alert = NULL;
|
||||
AI_snort_alert *tmp = NULL;
|
||||
BOOL in_alert = false;
|
||||
bool in_alert = false;
|
||||
|
||||
pthread_t alerts_pool_thread;
|
||||
|
||||
|
@ -231,12 +231,12 @@ AI_file_alertparser_thread ( void* arg )
|
|||
{
|
||||
fstats ( fd, &stats );
|
||||
}
|
||||
|
||||
|
||||
last_mod_time = stats.st_mtime;
|
||||
|
||||
|
||||
fseek ( alert_fp, 0, SEEK_END );
|
||||
#endif
|
||||
|
||||
|
||||
pthread_mutex_lock ( &alert_mutex );
|
||||
|
||||
while ( !feof ( alert_fp ))
|
||||
|
@ -450,8 +450,8 @@ AI_file_alertparser_thread ( void* arg )
|
|||
} else if ( preg_match ( "^([\\*CEUAPRSF]{8})\\s+Seq:\\s*0x([0-9A-F]+)\\s+Ack:\\s*0x([0-9A-F]+)\\s+Win:\\s*0x([0-9A-F]+)\\s+TcpLen:\\s*([0-9]+)",
|
||||
line, &matches, &nmatches ) > 0 ) {
|
||||
alert->tcp_flags = 0;
|
||||
alert->tcp_flags |= ( strstr ( matches[0], "C" ) ) ? TCPHEADER_RES1 : 0;
|
||||
alert->tcp_flags |= ( strstr ( matches[0], "E" ) ) ? TCPHEADER_RES2 : 0;
|
||||
alert->tcp_flags |= ( strstr ( matches[0], "C" ) ) ? TCPHEADER_CWR : 0;
|
||||
alert->tcp_flags |= ( strstr ( matches[0], "E" ) ) ? TCPHEADER_ECE : 0;
|
||||
alert->tcp_flags |= ( strstr ( matches[0], "U" ) ) ? TCPHEADER_URG : 0;
|
||||
alert->tcp_flags |= ( strstr ( matches[0], "A" ) ) ? TCPHEADER_ACK : 0;
|
||||
alert->tcp_flags |= ( strstr ( matches[0], "P" ) ) ? TCPHEADER_PUSH : 0;
|
||||
|
@ -584,4 +584,3 @@ AI_free_alerts ( AI_snort_alert *node )
|
|||
} /* ----- end of function AI_free_alerts ----- */
|
||||
|
||||
/** @} */
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,300 @@
|
|||
# This file was generated by Autom4te Fri Oct 23 20:57:39 UTC 2015.
|
||||
# It contains the lists of macros which have been traced.
|
||||
# It can be safely removed.
|
||||
|
||||
@request = (
|
||||
bless( [
|
||||
'0',
|
||||
1,
|
||||
[
|
||||
'/usr/share/autoconf'
|
||||
],
|
||||
[
|
||||
'/usr/share/autoconf/autoconf/autoconf.m4f',
|
||||
'-',
|
||||
'/usr/share/aclocal-1.15/internal/ac-config-macro-dirs.m4',
|
||||
'/usr/share/aclocal/ltargz.m4',
|
||||
'/usr/share/aclocal/ltdl.m4',
|
||||
'/usr/share/aclocal-1.15/amversion.m4',
|
||||
'/usr/share/aclocal-1.15/auxdir.m4',
|
||||
'/usr/share/aclocal-1.15/cond.m4',
|
||||
'/usr/share/aclocal-1.15/depend.m4',
|
||||
'/usr/share/aclocal-1.15/depout.m4',
|
||||
'/usr/share/aclocal-1.15/init.m4',
|
||||
'/usr/share/aclocal-1.15/install-sh.m4',
|
||||
'/usr/share/aclocal-1.15/lead-dot.m4',
|
||||
'/usr/share/aclocal-1.15/make.m4',
|
||||
'/usr/share/aclocal-1.15/missing.m4',
|
||||
'/usr/share/aclocal-1.15/options.m4',
|
||||
'/usr/share/aclocal-1.15/prog-cc-c-o.m4',
|
||||
'/usr/share/aclocal-1.15/runlog.m4',
|
||||
'/usr/share/aclocal-1.15/sanity.m4',
|
||||
'/usr/share/aclocal-1.15/silent.m4',
|
||||
'/usr/share/aclocal-1.15/strip.m4',
|
||||
'/usr/share/aclocal-1.15/substnot.m4',
|
||||
'/usr/share/aclocal-1.15/tar.m4',
|
||||
'm4/libtool.m4',
|
||||
'm4/ltoptions.m4',
|
||||
'm4/ltsugar.m4',
|
||||
'm4/ltversion.m4',
|
||||
'm4/lt~obsolete.m4',
|
||||
'configure.ac'
|
||||
],
|
||||
{
|
||||
'AM_PROG_LIBTOOL' => 1,
|
||||
'AC_CONFIG_MACRO_DIR_TRACE' => 1,
|
||||
'_LT_CC_BASENAME' => 1,
|
||||
'_LT_AC_LANG_C_CONFIG' => 1,
|
||||
'AC_PROG_EGREP' => 1,
|
||||
'AC_LIBTOOL_SYS_HARD_LINK_LOCKS' => 1,
|
||||
'LT_PATH_LD' => 1,
|
||||
'm4_pattern_forbid' => 1,
|
||||
'_LT_AC_SHELL_INIT' => 1,
|
||||
'AC_LIBTOOL_F77' => 1,
|
||||
'AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH' => 1,
|
||||
'AC_LIBTOOL_SYS_OLD_ARCHIVE' => 1,
|
||||
'LT_LIB_DLLOAD' => 1,
|
||||
'_AM_CONFIG_MACRO_DIRS' => 1,
|
||||
'AC_LIBTOOL_LINKER_OPTION' => 1,
|
||||
'AC_LIBTOOL_CONFIG' => 1,
|
||||
'_LT_AC_LANG_GCJ_CONFIG' => 1,
|
||||
'_AM_AUTOCONF_VERSION' => 1,
|
||||
'AC_PROG_LD_RELOAD_FLAG' => 1,
|
||||
'LT_PROG_GCJ' => 1,
|
||||
'LT_SYS_DLOPEN_DEPLIBS' => 1,
|
||||
'_AM_DEPENDENCIES' => 1,
|
||||
'AM_ENABLE_SHARED' => 1,
|
||||
'_LT_AC_PROG_ECHO_BACKSLASH' => 1,
|
||||
'AC_CHECK_LIBM' => 1,
|
||||
'AM_SET_DEPDIR' => 1,
|
||||
'AM_SILENT_RULES' => 1,
|
||||
'_LT_LIBOBJ' => 1,
|
||||
'_LT_AC_LOCK' => 1,
|
||||
'_LT_PROG_CXX' => 1,
|
||||
'_AM_PROG_CC_C_O' => 1,
|
||||
'LTDL_INSTALLABLE' => 1,
|
||||
'AC_LIBTOOL_PICMODE' => 1,
|
||||
'AM_PROG_NM' => 1,
|
||||
'AC_PROG_LD_GNU' => 1,
|
||||
'LT_FUNC_ARGZ' => 1,
|
||||
'include' => 1,
|
||||
'AC_PROG_LD' => 1,
|
||||
'AM_DEP_TRACK' => 1,
|
||||
'AC_LIBTOOL_OBJDIR' => 1,
|
||||
'_LT_PROG_F77' => 1,
|
||||
'AC_ENABLE_SHARED' => 1,
|
||||
'LT_SUPPORTED_TAG' => 1,
|
||||
'AC_LIBTOOL_LANG_RC_CONFIG' => 1,
|
||||
'_LT_AC_LANG_CXX' => 1,
|
||||
'AM_PROG_CC_C_O' => 1,
|
||||
'_LT_AC_LANG_GCJ' => 1,
|
||||
'_AM_MANGLE_OPTION' => 1,
|
||||
'_LT_PROG_FC' => 1,
|
||||
'LT_SYS_MODULE_PATH' => 1,
|
||||
'AM_DISABLE_SHARED' => 1,
|
||||
'LT_SYS_SYMBOL_USCORE' => 1,
|
||||
'AC_LIB_LTDL' => 1,
|
||||
'_LT_AC_LANG_F77_CONFIG' => 1,
|
||||
'AC_LIBTOOL_SYS_MAX_CMD_LEN' => 1,
|
||||
'AC_LIBTOOL_DLOPEN' => 1,
|
||||
'AC_DISABLE_SHARED' => 1,
|
||||
'LT_CMD_MAX_LEN' => 1,
|
||||
'AC_LIBTOOL_CXX' => 1,
|
||||
'AC_LIBTOOL_SETUP' => 1,
|
||||
'_LT_REQUIRED_DARWIN_CHECKS' => 1,
|
||||
'AC_DEFUN_ONCE' => 1,
|
||||
'LT_AC_PROG_EGREP' => 1,
|
||||
'_LT_PROG_ECHO_BACKSLASH' => 1,
|
||||
'AC_PATH_MAGIC' => 1,
|
||||
'LT_LANG' => 1,
|
||||
'_AM_SUBST_NOTMAKE' => 1,
|
||||
'_AM_IF_OPTION' => 1,
|
||||
'AC_LIBLTDL_INSTALLABLE' => 1,
|
||||
'AC_LIBTOOL_LANG_GCJ_CONFIG' => 1,
|
||||
'AM_PROG_INSTALL_SH' => 1,
|
||||
'LT_LIB_M' => 1,
|
||||
'AC_LIBTOOL_FC' => 1,
|
||||
'_LT_WITH_SYSROOT' => 1,
|
||||
'AM_ENABLE_STATIC' => 1,
|
||||
'AM_SANITY_CHECK' => 1,
|
||||
'_LT_AC_TAGVAR' => 1,
|
||||
'AC_LTDL_SYSSEARCHPATH' => 1,
|
||||
'AM_PROG_LD' => 1,
|
||||
'_AM_SET_OPTION' => 1,
|
||||
'_AM_PROG_TAR' => 1,
|
||||
'AC_PROG_NM' => 1,
|
||||
'LT_FUNC_DLSYM_USCORE' => 1,
|
||||
'LT_AC_PROG_GCJ' => 1,
|
||||
'_LT_DLL_DEF_P' => 1,
|
||||
'_LT_AC_LANG_RC_CONFIG' => 1,
|
||||
'AC_ENABLE_STATIC' => 1,
|
||||
'AU_DEFUN' => 1,
|
||||
'AC_LIBTOOL_COMPILER_OPTION' => 1,
|
||||
'LTOPTIONS_VERSION' => 1,
|
||||
'AC_LTDL_ENABLE_INSTALL' => 1,
|
||||
'LT_SYS_DLSEARCH_PATH' => 1,
|
||||
'AC_LIBTOOL_LANG_CXX_CONFIG' => 1,
|
||||
'AC_LTDL_SHLIBEXT' => 1,
|
||||
'AM_SUBST_NOTMAKE' => 1,
|
||||
'LT_OUTPUT' => 1,
|
||||
'LTDL_INIT' => 1,
|
||||
'AC_LTDL_DLLIB' => 1,
|
||||
'AM_SET_LEADING_DOT' => 1,
|
||||
'AM_AUTOMAKE_VERSION' => 1,
|
||||
'LT_SYS_MODULE_EXT' => 1,
|
||||
'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
|
||||
'LT_CONFIG_LTDL_DIR' => 1,
|
||||
'AM_CONDITIONAL' => 1,
|
||||
'AC_DEPLIBS_CHECK_METHOD' => 1,
|
||||
'_LT_AC_TRY_DLOPEN_SELF' => 1,
|
||||
'AC_CONFIG_MACRO_DIR' => 1,
|
||||
'AC_LIBTOOL_WIN32_DLL' => 1,
|
||||
'LTOBSOLETE_VERSION' => 1,
|
||||
'AC_LTDL_PREOPEN' => 1,
|
||||
'_LT_AC_LANG_CXX_CONFIG' => 1,
|
||||
'_LT_AC_TAGCONFIG' => 1,
|
||||
'_LT_LINKER_OPTION' => 1,
|
||||
'AC_LIBTOOL_DLOPEN_SELF' => 1,
|
||||
'AC_LIBTOOL_SYS_DYNAMIC_LINKER' => 1,
|
||||
'AC_LTDL_SYS_DLOPEN_DEPLIBS' => 1,
|
||||
'AC_PROG_LIBTOOL' => 1,
|
||||
'_LT_COMPILER_BOILERPLATE' => 1,
|
||||
'AC_WITH_LTDL' => 1,
|
||||
'_LT_AC_PROG_CXXCPP' => 1,
|
||||
'LT_AC_PROG_RC' => 1,
|
||||
'AM_MAKE_INCLUDE' => 1,
|
||||
'_LT_PROG_LTMAIN' => 1,
|
||||
'LT_PROG_RC' => 1,
|
||||
'_LT_PATH_TOOL_PREFIX' => 1,
|
||||
'_LT_PREPARE_SED_QUOTE_VARS' => 1,
|
||||
'AM_RUN_LOG' => 1,
|
||||
'AC_LIBTOOL_PROG_COMPILER_PIC' => 1,
|
||||
'AC_LIBTOOL_SYS_LIB_STRIP' => 1,
|
||||
'AC_LTDL_SHLIBPATH' => 1,
|
||||
'_LT_AC_SYS_LIBPATH_AIX' => 1,
|
||||
'_AC_AM_CONFIG_HEADER_HOOK' => 1,
|
||||
'm4_pattern_allow' => 1,
|
||||
'LT_SYS_DLOPEN_SELF' => 1,
|
||||
'LT_PATH_NM' => 1,
|
||||
'AC_LTDL_DLSYM_USCORE' => 1,
|
||||
'_LT_AC_CHECK_DLFCN' => 1,
|
||||
'LT_AC_PROG_SED' => 1,
|
||||
'AC_LIBTOOL_LANG_C_CONFIG' => 1,
|
||||
'_m4_warn' => 1,
|
||||
'_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
|
||||
'AC_LIBTOOL_POSTDEP_PREDEP' => 1,
|
||||
'LT_INIT' => 1,
|
||||
'AM_MISSING_HAS_RUN' => 1,
|
||||
'AC_DEFUN' => 1,
|
||||
'LTDL_CONVENIENCE' => 1,
|
||||
'AC_LIBTOOL_PROG_CC_C_O' => 1,
|
||||
'AC_LIBLTDL_CONVENIENCE' => 1,
|
||||
'AC_PATH_TOOL_PREFIX' => 1,
|
||||
'AM_AUX_DIR_EXPAND' => 1,
|
||||
'AC_LTDL_OBJDIR' => 1,
|
||||
'_AM_SET_OPTIONS' => 1,
|
||||
'm4_include' => 1,
|
||||
'AM_PROG_INSTALL_STRIP' => 1,
|
||||
'_LT_AC_SYS_COMPILER' => 1,
|
||||
'AC_LIBTOOL_GCJ' => 1,
|
||||
'AC_LIBTOOL_PROG_COMPILER_NO_RTTI' => 1,
|
||||
'_LT_AC_FILE_LTDLL_C' => 1,
|
||||
'AC_LIBTOOL_LANG_F77_CONFIG' => 1,
|
||||
'_LT_COMPILER_OPTION' => 1,
|
||||
'LT_PROG_GO' => 1,
|
||||
'AC_ENABLE_FAST_INSTALL' => 1,
|
||||
'_LT_AC_LANG_F77' => 1,
|
||||
'LT_WITH_LTDL' => 1,
|
||||
'AM_INIT_AUTOMAKE' => 1,
|
||||
'AM_DISABLE_STATIC' => 1,
|
||||
'AC_LTDL_SYMBOL_USCORE' => 1,
|
||||
'AC_LIBTOOL_RC' => 1,
|
||||
'_LTDL_SETUP' => 1,
|
||||
'AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE' => 1,
|
||||
'_AC_PROG_LIBTOOL' => 1,
|
||||
'LTVERSION_VERSION' => 1,
|
||||
'AC_DISABLE_FAST_INSTALL' => 1,
|
||||
'LTSUGAR_VERSION' => 1,
|
||||
'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1,
|
||||
'AC_DISABLE_STATIC' => 1,
|
||||
'_LT_LINKER_BOILERPLATE' => 1,
|
||||
'AM_MISSING_PROG' => 1,
|
||||
'AC_LIBTOOL_PROG_LD_SHLIBS' => 1
|
||||
}
|
||||
], 'Autom4te::Request' ),
|
||||
bless( [
|
||||
'1',
|
||||
1,
|
||||
[
|
||||
'/usr/share/autoconf'
|
||||
],
|
||||
[
|
||||
'/usr/share/autoconf/autoconf/autoconf.m4f',
|
||||
'aclocal.m4',
|
||||
'configure.ac'
|
||||
],
|
||||
{
|
||||
'AM_PROG_MKDIR_P' => 1,
|
||||
'_AM_SUBST_NOTMAKE' => 1,
|
||||
'AC_CONFIG_AUX_DIR' => 1,
|
||||
'm4_include' => 1,
|
||||
'AC_CANONICAL_HOST' => 1,
|
||||
'AC_CONFIG_SUBDIRS' => 1,
|
||||
'm4_sinclude' => 1,
|
||||
'AM_NLS' => 1,
|
||||
'AC_INIT' => 1,
|
||||
'AC_PROG_LIBTOOL' => 1,
|
||||
'AC_CANONICAL_TARGET' => 1,
|
||||
'AM_SILENT_RULES' => 1,
|
||||
'AC_FC_SRCEXT' => 1,
|
||||
'AC_LIBSOURCE' => 1,
|
||||
'_AM_MAKEFILE_INCLUDE' => 1,
|
||||
'AM_XGETTEXT_OPTION' => 1,
|
||||
'AM_PROG_CXX_C_O' => 1,
|
||||
'AM_INIT_AUTOMAKE' => 1,
|
||||
'AC_REQUIRE_AUX_FILE' => 1,
|
||||
'AC_SUBST_TRACE' => 1,
|
||||
'AC_FC_PP_SRCEXT' => 1,
|
||||
'_AM_COND_ENDIF' => 1,
|
||||
'sinclude' => 1,
|
||||
'_AM_COND_IF' => 1,
|
||||
'include' => 1,
|
||||
'AC_DEFINE_TRACE_LITERAL' => 1,
|
||||
'm4_pattern_allow' => 1,
|
||||
'AC_CONFIG_LINKS' => 1,
|
||||
'LT_SUPPORTED_TAG' => 1,
|
||||
'AC_CANONICAL_BUILD' => 1,
|
||||
'AM_MAINTAINER_MODE' => 1,
|
||||
'AM_ENABLE_MULTILIB' => 1,
|
||||
'AM_PROG_AR' => 1,
|
||||
'AM_MAKEFILE_INCLUDE' => 1,
|
||||
'AC_CONFIG_FILES' => 1,
|
||||
'AM_PROG_LIBTOOL' => 1,
|
||||
'AM_PATH_GUILE' => 1,
|
||||
'AC_CANONICAL_SYSTEM' => 1,
|
||||
'AM_PROG_CC_C_O' => 1,
|
||||
'AM_EXTRA_RECURSIVE_TARGETS' => 1,
|
||||
'_AM_COND_ELSE' => 1,
|
||||
'_m4_warn' => 1,
|
||||
'AM_AUTOMAKE_VERSION' => 1,
|
||||
'AM_PROG_F77_C_O' => 1,
|
||||
'AC_FC_PP_DEFINE' => 1,
|
||||
'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
|
||||
'LT_INIT' => 1,
|
||||
'LT_CONFIG_LTDL_DIR' => 1,
|
||||
'm4_pattern_forbid' => 1,
|
||||
'AC_SUBST' => 1,
|
||||
'AM_CONDITIONAL' => 1,
|
||||
'AM_GNU_GETTEXT' => 1,
|
||||
'AC_CONFIG_HEADERS' => 1,
|
||||
'AM_PROG_MOC' => 1,
|
||||
'AC_CONFIG_LIBOBJ_DIR' => 1,
|
||||
'AH_OUTPUT' => 1,
|
||||
'AM_POT_TOOLS' => 1,
|
||||
'AM_PROG_FC_C_O' => 1,
|
||||
'_LT_AC_TAGCONFIG' => 1,
|
||||
'AC_FC_FREEFORM' => 1
|
||||
}
|
||||
], 'Autom4te::Request' )
|
||||
);
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,967 @@
|
|||
m4trace:aclocal.m4:1153: -1- m4_include([m4/libtool.m4])
|
||||
m4trace:aclocal.m4:1154: -1- m4_include([m4/ltoptions.m4])
|
||||
m4trace:aclocal.m4:1155: -1- m4_include([m4/ltsugar.m4])
|
||||
m4trace:aclocal.m4:1156: -1- m4_include([m4/ltversion.m4])
|
||||
m4trace:aclocal.m4:1157: -1- m4_include([m4/lt~obsolete.m4])
|
||||
m4trace:configure.ac:5: -1- AC_INIT([Snort_AI_preproc], [0.1], [blacklight@autistici.org])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_forbid([^_?A[CHUM]_])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_forbid([_AC_])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_forbid([^LIBOBJS$], [do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS'])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^AS_FLAGS$])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_forbid([^_?m4_])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_forbid([^dnl$])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_forbid([^_?AS_])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([SHELL])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([SHELL])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^SHELL$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([PATH_SEPARATOR])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PATH_SEPARATOR])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PATH_SEPARATOR$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_NAME], [m4_ifdef([AC_PACKAGE_NAME], ['AC_PACKAGE_NAME'])])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_NAME])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_NAME$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_TARNAME], [m4_ifdef([AC_PACKAGE_TARNAME], ['AC_PACKAGE_TARNAME'])])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_TARNAME])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_VERSION], [m4_ifdef([AC_PACKAGE_VERSION], ['AC_PACKAGE_VERSION'])])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_VERSION])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_VERSION$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_STRING], [m4_ifdef([AC_PACKAGE_STRING], ['AC_PACKAGE_STRING'])])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_STRING])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_STRING$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_BUGREPORT], [m4_ifdef([AC_PACKAGE_BUGREPORT], ['AC_PACKAGE_BUGREPORT'])])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_BUGREPORT])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_URL], [m4_ifdef([AC_PACKAGE_URL], ['AC_PACKAGE_URL'])])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_URL])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_URL$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([exec_prefix], [NONE])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([exec_prefix])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^exec_prefix$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([prefix], [NONE])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([prefix])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^prefix$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([program_transform_name], [s,x,x,])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([program_transform_name])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^program_transform_name$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([bindir], ['${exec_prefix}/bin'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([bindir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^bindir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([sbindir], ['${exec_prefix}/sbin'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([sbindir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^sbindir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([libexecdir], ['${exec_prefix}/libexec'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([libexecdir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^libexecdir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([datarootdir], ['${prefix}/share'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([datarootdir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^datarootdir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([datadir], ['${datarootdir}'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([datadir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^datadir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([sysconfdir], ['${prefix}/etc'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([sysconfdir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^sysconfdir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([sharedstatedir], ['${prefix}/com'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([sharedstatedir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^sharedstatedir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([localstatedir], ['${prefix}/var'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([localstatedir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^localstatedir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([runstatedir], ['${localstatedir}/run'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([runstatedir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^runstatedir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([includedir], ['${prefix}/include'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([includedir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^includedir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([oldincludedir], ['/usr/include'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([oldincludedir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^oldincludedir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([docdir], [m4_ifset([AC_PACKAGE_TARNAME],
|
||||
['${datarootdir}/doc/${PACKAGE_TARNAME}'],
|
||||
['${datarootdir}/doc/${PACKAGE}'])])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([docdir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^docdir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([infodir], ['${datarootdir}/info'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([infodir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^infodir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([htmldir], ['${docdir}'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([htmldir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^htmldir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([dvidir], ['${docdir}'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([dvidir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^dvidir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([pdfdir], ['${docdir}'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([pdfdir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^pdfdir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([psdir], ['${docdir}'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([psdir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^psdir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([libdir], ['${exec_prefix}/lib'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([libdir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^libdir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([localedir], ['${datarootdir}/locale'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([localedir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^localedir$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([mandir], ['${datarootdir}/man'])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([mandir])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^mandir$])
|
||||
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_NAME$])
|
||||
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_NAME], [/* Define to the full name of this package. */
|
||||
@%:@undef PACKAGE_NAME])
|
||||
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
|
||||
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Define to the one symbol short name of this package. */
|
||||
@%:@undef PACKAGE_TARNAME])
|
||||
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_VERSION$])
|
||||
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Define to the version of this package. */
|
||||
@%:@undef PACKAGE_VERSION])
|
||||
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_STRING$])
|
||||
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_STRING], [/* Define to the full name and version of this package. */
|
||||
@%:@undef PACKAGE_STRING])
|
||||
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
|
||||
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Define to the address where bug reports for this package should be sent. */
|
||||
@%:@undef PACKAGE_BUGREPORT])
|
||||
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_URL])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_URL$])
|
||||
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_URL], [/* Define to the home page for this package. */
|
||||
@%:@undef PACKAGE_URL])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([DEFS])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([DEFS])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^DEFS$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([ECHO_C])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([ECHO_C])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^ECHO_C$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([ECHO_N])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([ECHO_N])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^ECHO_N$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([ECHO_T])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([ECHO_T])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^ECHO_T$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([LIBS])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([LIBS])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^LIBS$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([build_alias])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([build_alias])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^build_alias$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([host_alias])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([host_alias])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^host_alias$])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST([target_alias])
|
||||
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([target_alias])
|
||||
m4trace:configure.ac:5: -1- m4_pattern_allow([^target_alias$])
|
||||
m4trace:configure.ac:6: -1- AM_INIT_AUTOMAKE([1.10 -Wall no-define])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^AM_[A-Z]+FLAGS$])
|
||||
m4trace:configure.ac:6: -1- AM_AUTOMAKE_VERSION([1.15])
|
||||
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([install-sh])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([INSTALL_PROGRAM])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([INSTALL_PROGRAM])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^INSTALL_PROGRAM$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([INSTALL_SCRIPT])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([INSTALL_SCRIPT])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^INSTALL_SCRIPT$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([INSTALL_DATA])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([INSTALL_DATA])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^INSTALL_DATA$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([am__isrc], [' -I$(srcdir)'])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([am__isrc])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^am__isrc$])
|
||||
m4trace:configure.ac:6: -1- _AM_SUBST_NOTMAKE([am__isrc])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([CYGPATH_W])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CYGPATH_W])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^CYGPATH_W$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([VERSION])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^VERSION$])
|
||||
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([missing])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([ACLOCAL])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ACLOCAL])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^ACLOCAL$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([AUTOCONF])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AUTOCONF])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^AUTOCONF$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([AUTOMAKE])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AUTOMAKE])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^AUTOMAKE$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([AUTOHEADER])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AUTOHEADER])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^AUTOHEADER$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([MAKEINFO])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([MAKEINFO])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^MAKEINFO$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([install_sh])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([install_sh])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^install_sh$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([STRIP])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([STRIP])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^STRIP$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([INSTALL_STRIP_PROGRAM])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([INSTALL_STRIP_PROGRAM])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^INSTALL_STRIP_PROGRAM$])
|
||||
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([install-sh])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([MKDIR_P])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([MKDIR_P])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^MKDIR_P$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([mkdir_p])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^mkdir_p$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([AWK])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AWK])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^AWK$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([SET_MAKE])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([SET_MAKE])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^SET_MAKE$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([am__leading_dot])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([am__leading_dot])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^am__leading_dot$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([AMTAR], ['$${TAR-tar}'])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AMTAR])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^AMTAR$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([am__tar])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([am__tar])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^am__tar$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([am__untar])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([am__untar])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^am__untar$])
|
||||
m4trace:configure.ac:6: -1- AM_SILENT_RULES
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([AM_V])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AM_V])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^AM_V$])
|
||||
m4trace:configure.ac:6: -1- _AM_SUBST_NOTMAKE([AM_V])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([AM_DEFAULT_V])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AM_DEFAULT_V])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^AM_DEFAULT_V$])
|
||||
m4trace:configure.ac:6: -1- _AM_SUBST_NOTMAKE([AM_DEFAULT_V])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([AM_DEFAULT_VERBOSITY])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AM_DEFAULT_VERBOSITY])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^AM_DEFAULT_VERBOSITY$])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST([AM_BACKSLASH])
|
||||
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AM_BACKSLASH])
|
||||
m4trace:configure.ac:6: -1- m4_pattern_allow([^AM_BACKSLASH$])
|
||||
m4trace:configure.ac:6: -1- _AM_SUBST_NOTMAKE([AM_BACKSLASH])
|
||||
m4trace:configure.ac:8: -1- AC_CONFIG_HEADERS([config.h])
|
||||
m4trace:configure.ac:10: -1- LT_INIT
|
||||
m4trace:configure.ac:10: -1- m4_pattern_forbid([^_?LT_[A-Z_]+$])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])
|
||||
m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([LIBTOOL])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LIBTOOL])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^LIBTOOL$])
|
||||
m4trace:configure.ac:10: -1- AC_CANONICAL_HOST
|
||||
m4trace:configure.ac:10: -1- AC_CANONICAL_BUILD
|
||||
m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([config.sub])
|
||||
m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([config.guess])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([build], [$ac_cv_build])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([build])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^build$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([build_cpu], [$[1]])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([build_cpu])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^build_cpu$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([build_vendor], [$[2]])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([build_vendor])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^build_vendor$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([build_os])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([build_os])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^build_os$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([host], [$ac_cv_host])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([host])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^host$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([host_cpu], [$[1]])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([host_cpu])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^host_cpu$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([host_vendor], [$[2]])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([host_vendor])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^host_vendor$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([host_os])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([host_os])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^host_os$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([CC])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([CFLAGS])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CFLAGS])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^CFLAGS$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([LDFLAGS])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LDFLAGS])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^LDFLAGS$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([LIBS])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LIBS])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^LIBS$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([CPPFLAGS])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPPFLAGS])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^CPPFLAGS$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([CC])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([CC])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([CC])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([CC])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([ac_ct_CC])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([ac_ct_CC])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_CC$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([EXEEXT], [$ac_cv_exeext])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([EXEEXT])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^EXEEXT$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([OBJEXT], [$ac_cv_objext])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OBJEXT])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJEXT$])
|
||||
m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([compile])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DEPDIR])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^DEPDIR$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([am__include])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__include])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__include$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([am__quote])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__quote])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__quote$])
|
||||
m4trace:configure.ac:10: -1- AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_TRUE])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_TRUE])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_TRUE$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_FALSE])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_FALSE])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_FALSE$])
|
||||
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_TRUE])
|
||||
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_FALSE])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([AMDEPBACKSLASH])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEPBACKSLASH])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEPBACKSLASH$])
|
||||
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([am__nodep])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__nodep])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__nodep$])
|
||||
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__nodep])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([CCDEPMODE], [depmode=$am_cv_CC_dependencies_compiler_type])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CCDEPMODE])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^CCDEPMODE$])
|
||||
m4trace:configure.ac:10: -1- AM_CONDITIONAL([am__fastdepCC], [
|
||||
test "x$enable_dependency_tracking" != xno \
|
||||
&& test "$am_cv_CC_dependencies_compiler_type" = gcc3])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([am__fastdepCC_TRUE])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__fastdepCC_TRUE])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([am__fastdepCC_FALSE])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__fastdepCC_FALSE])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
|
||||
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
|
||||
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([SED])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([SED])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^SED$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([GREP])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([GREP])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^GREP$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([EGREP])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([EGREP])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^EGREP$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([FGREP])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([FGREP])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^FGREP$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([GREP])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([GREP])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^GREP$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([LD])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LD])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^LD$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([DUMPBIN])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DUMPBIN])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^DUMPBIN$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([ac_ct_DUMPBIN])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([ac_ct_DUMPBIN])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_DUMPBIN$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([DUMPBIN])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DUMPBIN])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^DUMPBIN$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([NM])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([NM])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^NM$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([LN_S], [$as_ln_s])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LN_S])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^LN_S$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([OBJDUMP])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OBJDUMP])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJDUMP$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([OBJDUMP])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OBJDUMP])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJDUMP$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([DLLTOOL])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DLLTOOL])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^DLLTOOL$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([DLLTOOL])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DLLTOOL])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^DLLTOOL$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([AR])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AR])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^AR$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([ac_ct_AR])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([ac_ct_AR])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_AR$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([STRIP])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([STRIP])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^STRIP$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([RANLIB])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([RANLIB])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^RANLIB$])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([LT_OBJDIR])
|
||||
m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([LT_OBJDIR])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^LT_OBJDIR$])
|
||||
m4trace:configure.ac:10: -1- AH_OUTPUT([LT_OBJDIR], [/* Define to the sub-directory where libtool stores uninstalled libraries. */
|
||||
@%:@undef LT_OBJDIR])
|
||||
m4trace:configure.ac:10: -1- LT_SUPPORTED_TAG([CC])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([MANIFEST_TOOL])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([MANIFEST_TOOL])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^MANIFEST_TOOL$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([DSYMUTIL])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DSYMUTIL])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^DSYMUTIL$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([NMEDIT])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([NMEDIT])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^NMEDIT$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([LIPO])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LIPO])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^LIPO$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([OTOOL])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OTOOL])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^OTOOL$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([OTOOL64])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OTOOL64])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^OTOOL64$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([LT_SYS_LIBRARY_PATH])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LT_SYS_LIBRARY_PATH])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^LT_SYS_LIBRARY_PATH$])
|
||||
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_DLFCN_H], [/* Define to 1 if you have the <dlfcn.h> header file. */
|
||||
@%:@undef HAVE_DLFCN_H])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([CPP])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPP])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^CPP$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([CPPFLAGS])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPPFLAGS])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^CPPFLAGS$])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST([CPP])
|
||||
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPP])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^CPP$])
|
||||
m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^STDC_HEADERS$])
|
||||
m4trace:configure.ac:10: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
|
||||
@%:@undef STDC_HEADERS])
|
||||
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
|
||||
@%:@undef HAVE_SYS_TYPES_H])
|
||||
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
|
||||
@%:@undef HAVE_SYS_STAT_H])
|
||||
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
|
||||
@%:@undef HAVE_STDLIB_H])
|
||||
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
|
||||
@%:@undef HAVE_STRING_H])
|
||||
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */
|
||||
@%:@undef HAVE_MEMORY_H])
|
||||
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
|
||||
@%:@undef HAVE_STRINGS_H])
|
||||
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
|
||||
@%:@undef HAVE_INTTYPES_H])
|
||||
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
|
||||
@%:@undef HAVE_STDINT_H])
|
||||
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
|
||||
@%:@undef HAVE_UNISTD_H])
|
||||
m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DLFCN_H])
|
||||
m4trace:configure.ac:10: -1- m4_pattern_allow([^HAVE_DLFCN_H$])
|
||||
m4trace:configure.ac:17: -1- AC_DEFINE_TRACE_LITERAL([OPENBSD])
|
||||
m4trace:configure.ac:17: -1- m4_pattern_allow([^OPENBSD$])
|
||||
m4trace:configure.ac:17: -1- AH_OUTPUT([OPENBSD], [/* Define if OpenBSD */
|
||||
@%:@undef OPENBSD])
|
||||
m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SIOCGIFMTU])
|
||||
m4trace:configure.ac:18: -1- m4_pattern_allow([^BROKEN_SIOCGIFMTU$])
|
||||
m4trace:configure.ac:18: -1- AH_OUTPUT([BROKEN_SIOCGIFMTU], [/* Define if BROKEN_SIOCGIFMTU */
|
||||
@%:@undef BROKEN_SIOCGIFMTU])
|
||||
m4trace:configure.ac:22: -1- AC_DEFINE_TRACE_LITERAL([OPENBSD])
|
||||
m4trace:configure.ac:22: -1- m4_pattern_allow([^OPENBSD$])
|
||||
m4trace:configure.ac:22: -1- AH_OUTPUT([OPENBSD], [/* Define if OpenBSD < 2.3 */
|
||||
@%:@undef OPENBSD])
|
||||
m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([IRIX])
|
||||
m4trace:configure.ac:26: -1- m4_pattern_allow([^IRIX$])
|
||||
m4trace:configure.ac:26: -1- AH_OUTPUT([IRIX], [/* Define if Irix 5 */
|
||||
@%:@undef IRIX])
|
||||
m4trace:configure.ac:36: -1- AC_DEFINE_TRACE_LITERAL([IRIX])
|
||||
m4trace:configure.ac:36: -1- m4_pattern_allow([^IRIX$])
|
||||
m4trace:configure.ac:36: -1- AH_OUTPUT([IRIX], [/* Define if Irix 6 */
|
||||
@%:@undef IRIX])
|
||||
m4trace:configure.ac:46: -1- AC_DEFINE_TRACE_LITERAL([SOLARIS])
|
||||
m4trace:configure.ac:46: -1- m4_pattern_allow([^SOLARIS$])
|
||||
m4trace:configure.ac:46: -1- AH_OUTPUT([SOLARIS], [/* Define if Solaris */
|
||||
@%:@undef SOLARIS])
|
||||
m4trace:configure.ac:51: -1- AC_DEFINE_TRACE_LITERAL([SUNOS])
|
||||
m4trace:configure.ac:51: -1- m4_pattern_allow([^SUNOS$])
|
||||
m4trace:configure.ac:51: -1- AH_OUTPUT([SUNOS], [/* Define if SunOS */
|
||||
@%:@undef SUNOS])
|
||||
m4trace:configure.ac:56: -1- AC_DEFINE_TRACE_LITERAL([LINUX])
|
||||
m4trace:configure.ac:56: -1- m4_pattern_allow([^LINUX$])
|
||||
m4trace:configure.ac:56: -1- AH_OUTPUT([LINUX], [/* Define if Linux */
|
||||
@%:@undef LINUX])
|
||||
m4trace:configure.ac:58: -1- AC_DEFINE_TRACE_LITERAL([PCAP_TIMEOUT_IGNORED])
|
||||
m4trace:configure.ac:58: -1- m4_pattern_allow([^PCAP_TIMEOUT_IGNORED$])
|
||||
m4trace:configure.ac:58: -1- AH_OUTPUT([PCAP_TIMEOUT_IGNORED], [/* Define if pcap timeout is ignored */
|
||||
@%:@undef PCAP_TIMEOUT_IGNORED])
|
||||
m4trace:configure.ac:59: -1- AC_SUBST([extra_incl])
|
||||
m4trace:configure.ac:59: -1- AC_SUBST_TRACE([extra_incl])
|
||||
m4trace:configure.ac:59: -1- m4_pattern_allow([^extra_incl$])
|
||||
m4trace:configure.ac:63: -1- AC_DEFINE_TRACE_LITERAL([HPUX])
|
||||
m4trace:configure.ac:63: -1- m4_pattern_allow([^HPUX$])
|
||||
m4trace:configure.ac:63: -1- AH_OUTPUT([HPUX], [/* Define if HP-UX 10 or 11 */
|
||||
@%:@undef HPUX])
|
||||
m4trace:configure.ac:64: -1- AC_DEFINE_TRACE_LITERAL([WORDS_BIGENDIAN])
|
||||
m4trace:configure.ac:64: -1- m4_pattern_allow([^WORDS_BIGENDIAN$])
|
||||
m4trace:configure.ac:64: -1- AH_OUTPUT([WORDS_BIGENDIAN], [/* Define if words are big endian */
|
||||
@%:@undef WORDS_BIGENDIAN])
|
||||
m4trace:configure.ac:65: -1- AC_SUBST([extra_incl])
|
||||
m4trace:configure.ac:65: -1- AC_SUBST_TRACE([extra_incl])
|
||||
m4trace:configure.ac:65: -1- m4_pattern_allow([^extra_incl$])
|
||||
m4trace:configure.ac:70: -1- AC_DEFINE_TRACE_LITERAL([FREEBSD])
|
||||
m4trace:configure.ac:70: -1- m4_pattern_allow([^FREEBSD$])
|
||||
m4trace:configure.ac:70: -1- AH_OUTPUT([FREEBSD], [/* Define if FreeBSD */
|
||||
@%:@undef FREEBSD])
|
||||
m4trace:configure.ac:74: -1- AC_DEFINE_TRACE_LITERAL([BSDI])
|
||||
m4trace:configure.ac:74: -1- m4_pattern_allow([^BSDI$])
|
||||
m4trace:configure.ac:74: -1- AH_OUTPUT([BSDI], [/* Define if BSDi */
|
||||
@%:@undef BSDI])
|
||||
m4trace:configure.ac:77: -1- AC_DEFINE_TRACE_LITERAL([AIX])
|
||||
m4trace:configure.ac:77: -1- m4_pattern_allow([^AIX$])
|
||||
m4trace:configure.ac:77: -1- AH_OUTPUT([AIX], [/* Define if AIX */
|
||||
@%:@undef AIX])
|
||||
m4trace:configure.ac:80: -1- AC_DEFINE_TRACE_LITERAL([OSF1])
|
||||
m4trace:configure.ac:80: -1- m4_pattern_allow([^OSF1$])
|
||||
m4trace:configure.ac:80: -1- AH_OUTPUT([OSF1], [/* Define if OSF-4 */
|
||||
@%:@undef OSF1])
|
||||
m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([OSF1])
|
||||
m4trace:configure.ac:83: -1- m4_pattern_allow([^OSF1$])
|
||||
m4trace:configure.ac:83: -1- AH_OUTPUT([OSF1], [/* Define if OSF-5.1 */
|
||||
@%:@undef OSF1])
|
||||
m4trace:configure.ac:86: -1- AC_DEFINE_TRACE_LITERAL([OSF1])
|
||||
m4trace:configure.ac:86: -1- m4_pattern_allow([^OSF1$])
|
||||
m4trace:configure.ac:86: -1- AH_OUTPUT([OSF1], [/* Define if Tru64 */
|
||||
@%:@undef OSF1])
|
||||
m4trace:configure.ac:90: -1- AC_DEFINE_TRACE_LITERAL([MACOS])
|
||||
m4trace:configure.ac:90: -1- m4_pattern_allow([^MACOS$])
|
||||
m4trace:configure.ac:90: -1- AH_OUTPUT([MACOS], [/* Define if MacOS */
|
||||
@%:@undef MACOS])
|
||||
m4trace:configure.ac:91: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SIOCGIFMTU])
|
||||
m4trace:configure.ac:91: -1- m4_pattern_allow([^BROKEN_SIOCGIFMTU$])
|
||||
m4trace:configure.ac:91: -1- AH_OUTPUT([BROKEN_SIOCGIFMTU], [/* Define if broken SIOCGIFMTU */
|
||||
@%:@undef BROKEN_SIOCGIFMTU])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([CC])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([CFLAGS])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CFLAGS])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^CFLAGS$])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([LDFLAGS])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([LDFLAGS])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^LDFLAGS$])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([LIBS])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([LIBS])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^LIBS$])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([CPPFLAGS])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CPPFLAGS])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^CPPFLAGS$])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([CC])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([CC])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([CC])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([CC])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([ac_ct_CC])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([ac_ct_CC])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^ac_ct_CC$])
|
||||
m4trace:configure.ac:97: -1- AC_REQUIRE_AUX_FILE([compile])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([CCDEPMODE], [depmode=$am_cv_CC_dependencies_compiler_type])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CCDEPMODE])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^CCDEPMODE$])
|
||||
m4trace:configure.ac:97: -1- AM_CONDITIONAL([am__fastdepCC], [
|
||||
test "x$enable_dependency_tracking" != xno \
|
||||
&& test "$am_cv_CC_dependencies_compiler_type" = gcc3])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([am__fastdepCC_TRUE])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([am__fastdepCC_TRUE])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST([am__fastdepCC_FALSE])
|
||||
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([am__fastdepCC_FALSE])
|
||||
m4trace:configure.ac:97: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
|
||||
m4trace:configure.ac:97: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
|
||||
m4trace:configure.ac:97: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
|
||||
m4trace:configure.ac:98: -1- AC_SUBST([LN_S], [$as_ln_s])
|
||||
m4trace:configure.ac:98: -1- AC_SUBST_TRACE([LN_S])
|
||||
m4trace:configure.ac:98: -1- m4_pattern_allow([^LN_S$])
|
||||
m4trace:configure.ac:99: -1- AC_SUBST([SET_MAKE])
|
||||
m4trace:configure.ac:99: -1- AC_SUBST_TRACE([SET_MAKE])
|
||||
m4trace:configure.ac:99: -1- m4_pattern_allow([^SET_MAKE$])
|
||||
m4trace:configure.ac:127: -1- AH_OUTPUT([HAVE_LIBMYSQLCLIENT], [/* Define to 1 if you have the `mysqlclient\' library (-lmysqlclient). */
|
||||
@%:@undef HAVE_LIBMYSQLCLIENT])
|
||||
m4trace:configure.ac:127: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBMYSQLCLIENT])
|
||||
m4trace:configure.ac:127: -1- m4_pattern_allow([^HAVE_LIBMYSQLCLIENT$])
|
||||
m4trace:configure.ac:131: -1- AH_OUTPUT([HAVE_LIBPQ], [/* Define to 1 if you have the `pq\' library (-lpq). */
|
||||
@%:@undef HAVE_LIBPQ])
|
||||
m4trace:configure.ac:131: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPQ])
|
||||
m4trace:configure.ac:131: -1- m4_pattern_allow([^HAVE_LIBPQ$])
|
||||
m4trace:configure.ac:135: -1- AH_OUTPUT([HAVE_LIBPYTHON2_6], [/* Define to 1 if you have the `python2.6\' library (-lpython2.6). */
|
||||
@%:@undef HAVE_LIBPYTHON2_6])
|
||||
m4trace:configure.ac:135: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPYTHON2_6])
|
||||
m4trace:configure.ac:135: -1- m4_pattern_allow([^HAVE_LIBPYTHON2_6$])
|
||||
m4trace:configure.ac:142: -1- AH_OUTPUT([HAVE_LIBGVC], [/* Define to 1 if you have the `gvc\' library (-lgvc). */
|
||||
@%:@undef HAVE_LIBGVC])
|
||||
m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBGVC])
|
||||
m4trace:configure.ac:142: -1- m4_pattern_allow([^HAVE_LIBGVC$])
|
||||
m4trace:configure.ac:146: -1- AH_OUTPUT([HAVE_LIBXML2], [/* Define to 1 if you have the `xml2\' library (-lxml2). */
|
||||
@%:@undef HAVE_LIBXML2])
|
||||
m4trace:configure.ac:146: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXML2])
|
||||
m4trace:configure.ac:146: -1- m4_pattern_allow([^HAVE_LIBXML2$])
|
||||
m4trace:configure.ac:147: -1- AH_OUTPUT([HAVE_LIBPTHREAD], [/* Define to 1 if you have the `pthread\' library (-lpthread). */
|
||||
@%:@undef HAVE_LIBPTHREAD])
|
||||
m4trace:configure.ac:147: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPTHREAD])
|
||||
m4trace:configure.ac:147: -1- m4_pattern_allow([^HAVE_LIBPTHREAD$])
|
||||
m4trace:configure.ac:148: -1- AH_OUTPUT([HAVE_LIBM], [/* Define to 1 if you have the `m\' library (-lm). */
|
||||
@%:@undef HAVE_LIBM])
|
||||
m4trace:configure.ac:148: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBM])
|
||||
m4trace:configure.ac:148: -1- m4_pattern_allow([^HAVE_LIBM$])
|
||||
m4trace:configure.ac:149: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the `dl\' library (-ldl). */
|
||||
@%:@undef HAVE_LIBDL])
|
||||
m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL])
|
||||
m4trace:configure.ac:149: -1- m4_pattern_allow([^HAVE_LIBDL$])
|
||||
m4trace:configure.ac:151: -1- AC_SUBST([CORR_RULES_PREFIX], ["/etc/snort/corr_rules"])
|
||||
m4trace:configure.ac:151: -1- AC_SUBST_TRACE([CORR_RULES_PREFIX])
|
||||
m4trace:configure.ac:151: -1- m4_pattern_allow([^CORR_RULES_PREFIX$])
|
||||
m4trace:configure.ac:151: -1- AC_SUBST([CORR_RULES_PREFIX], ["${prefix}/etc/corr_rules"])
|
||||
m4trace:configure.ac:151: -1- AC_SUBST_TRACE([CORR_RULES_PREFIX])
|
||||
m4trace:configure.ac:151: -1- m4_pattern_allow([^CORR_RULES_PREFIX$])
|
||||
m4trace:configure.ac:157: -1- AC_SUBST([DOC_PREFIX], ["${prefix}/doc/snort_ai_preprocessor"])
|
||||
m4trace:configure.ac:157: -1- AC_SUBST_TRACE([DOC_PREFIX])
|
||||
m4trace:configure.ac:157: -1- m4_pattern_allow([^DOC_PREFIX$])
|
||||
m4trace:configure.ac:158: -1- AC_SUBST([SHARE_PREFIX], ["${prefix}/share/snort_ai_preprocessor"])
|
||||
m4trace:configure.ac:158: -1- AC_SUBST_TRACE([SHARE_PREFIX])
|
||||
m4trace:configure.ac:158: -1- m4_pattern_allow([^SHARE_PREFIX$])
|
||||
m4trace:configure.ac:162: -1- AC_SUBST([LIBXML2_INCLUDES], ["$(pkg-config --cflags libxml-2.0 2> /dev/null)"])
|
||||
m4trace:configure.ac:162: -1- AC_SUBST_TRACE([LIBXML2_INCLUDES])
|
||||
m4trace:configure.ac:162: -1- m4_pattern_allow([^LIBXML2_INCLUDES$])
|
||||
m4trace:configure.ac:166: -1- AC_SUBST([LIBPYTHON_INCLUDES], ["-I/usr/include/python2.6"])
|
||||
m4trace:configure.ac:166: -1- AC_SUBST_TRACE([LIBPYTHON_INCLUDES])
|
||||
m4trace:configure.ac:166: -1- m4_pattern_allow([^LIBPYTHON_INCLUDES$])
|
||||
m4trace:configure.ac:171: -1- AC_SUBST([LIBGRAPH_INCLUDES], ["$(pkg-config --cflags libgraph 2> /dev/null)"])
|
||||
m4trace:configure.ac:171: -1- AC_SUBST_TRACE([LIBGRAPH_INCLUDES])
|
||||
m4trace:configure.ac:171: -1- m4_pattern_allow([^LIBGRAPH_INCLUDES$])
|
||||
m4trace:configure.ac:176: -1- AC_DEFINE_TRACE_LITERAL([HAVE_BOOLEAN])
|
||||
m4trace:configure.ac:176: -1- m4_pattern_allow([^HAVE_BOOLEAN$])
|
||||
m4trace:configure.ac:176: -1- AH_OUTPUT([HAVE_BOOLEAN], [/* Check if the boolean type is defined */
|
||||
@%:@undef HAVE_BOOLEAN])
|
||||
m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([size_t])
|
||||
m4trace:configure.ac:179: -1- m4_pattern_allow([^size_t$])
|
||||
m4trace:configure.ac:179: -1- AH_OUTPUT([size_t], [/* Define to `unsigned int\' if <sys/types.h> does not define. */
|
||||
@%:@undef size_t])
|
||||
m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ALLOCA_H])
|
||||
m4trace:configure.ac:179: -1- m4_pattern_allow([^HAVE_ALLOCA_H$])
|
||||
m4trace:configure.ac:179: -1- AH_OUTPUT([HAVE_ALLOCA_H], [/* Define to 1 if you have <alloca.h> and it should be used (not on Ultrix).
|
||||
*/
|
||||
@%:@undef HAVE_ALLOCA_H])
|
||||
m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ALLOCA])
|
||||
m4trace:configure.ac:179: -1- m4_pattern_allow([^HAVE_ALLOCA$])
|
||||
m4trace:configure.ac:179: -1- AH_OUTPUT([HAVE_ALLOCA], [/* Define to 1 if you have `alloca\', as a function or macro. */
|
||||
@%:@undef HAVE_ALLOCA])
|
||||
m4trace:configure.ac:179: -1- AC_LIBSOURCE([alloca.c])
|
||||
m4trace:configure.ac:179: -1- AC_SUBST([ALLOCA], [\${LIBOBJDIR}alloca.$ac_objext])
|
||||
m4trace:configure.ac:179: -1- AC_SUBST_TRACE([ALLOCA])
|
||||
m4trace:configure.ac:179: -1- m4_pattern_allow([^ALLOCA$])
|
||||
m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([C_ALLOCA])
|
||||
m4trace:configure.ac:179: -1- m4_pattern_allow([^C_ALLOCA$])
|
||||
m4trace:configure.ac:179: -1- AH_OUTPUT([C_ALLOCA], [/* Define to 1 if using `alloca.c\'. */
|
||||
@%:@undef C_ALLOCA])
|
||||
m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([CRAY_STACKSEG_END])
|
||||
m4trace:configure.ac:179: -1- m4_pattern_allow([^CRAY_STACKSEG_END$])
|
||||
m4trace:configure.ac:179: -1- AH_OUTPUT([CRAY_STACKSEG_END], [/* Define to one of `_getb67\', `GETB67\', `getb67\' for Cray-2 and Cray-YMP
|
||||
systems. This function is required for `alloca.c\' support on those systems.
|
||||
*/
|
||||
@%:@undef CRAY_STACKSEG_END])
|
||||
m4trace:configure.ac:179: -1- AH_OUTPUT([STACK_DIRECTION], [/* If using the C implementation of alloca, define if you know the
|
||||
direction of stack growth for your system; otherwise it will be
|
||||
automatically deduced at runtime.
|
||||
STACK_DIRECTION > 0 => grows toward higher addresses
|
||||
STACK_DIRECTION < 0 => grows toward lower addresses
|
||||
STACK_DIRECTION = 0 => direction of growth unknown */
|
||||
@%:@undef STACK_DIRECTION])
|
||||
m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([STACK_DIRECTION])
|
||||
m4trace:configure.ac:179: -1- m4_pattern_allow([^STACK_DIRECTION$])
|
||||
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_DIRENT_H], [/* Define to 1 if you have the <dirent.h> header file. */
|
||||
@%:@undef HAVE_DIRENT_H])
|
||||
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_DLFCN_H], [/* Define to 1 if you have the <dlfcn.h> header file. */
|
||||
@%:@undef HAVE_DLFCN_H])
|
||||
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
|
||||
@%:@undef HAVE_INTTYPES_H])
|
||||
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */
|
||||
@%:@undef HAVE_LIMITS_H])
|
||||
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_MATH_H], [/* Define to 1 if you have the <math.h> header file. */
|
||||
@%:@undef HAVE_MATH_H])
|
||||
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */
|
||||
@%:@undef HAVE_STDDEF_H])
|
||||
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
|
||||
@%:@undef HAVE_STDLIB_H])
|
||||
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
|
||||
@%:@undef HAVE_STRING_H])
|
||||
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
|
||||
@%:@undef HAVE_UNISTD_H])
|
||||
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_WCHAR_H], [/* Define to 1 if you have the <wchar.h> header file. */
|
||||
@%:@undef HAVE_WCHAR_H])
|
||||
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT8_T])
|
||||
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_U_INT8_T$])
|
||||
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_U_INT8_T], [/* Define to 1 if the system has the type `u_int8_t\'. */
|
||||
@%:@undef HAVE_U_INT8_T])
|
||||
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT16_T])
|
||||
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_U_INT16_T$])
|
||||
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_U_INT16_T], [/* Define to 1 if the system has the type `u_int16_t\'. */
|
||||
@%:@undef HAVE_U_INT16_T])
|
||||
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT32_T])
|
||||
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_U_INT32_T$])
|
||||
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_U_INT32_T], [/* Define to 1 if the system has the type `u_int32_t\'. */
|
||||
@%:@undef HAVE_U_INT32_T])
|
||||
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
|
||||
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_U_INT64_T$])
|
||||
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_U_INT64_T], [/* Define to 1 if the system has the type `u_int64_t\'. */
|
||||
@%:@undef HAVE_U_INT64_T])
|
||||
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT8_T])
|
||||
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_UINT8_T$])
|
||||
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_UINT8_T], [/* Define to 1 if the system has the type `uint8_t\'. */
|
||||
@%:@undef HAVE_UINT8_T])
|
||||
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT16_T])
|
||||
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_UINT16_T$])
|
||||
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_UINT16_T], [/* Define to 1 if the system has the type `uint16_t\'. */
|
||||
@%:@undef HAVE_UINT16_T])
|
||||
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT32_T])
|
||||
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_UINT32_T$])
|
||||
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_UINT32_T], [/* Define to 1 if the system has the type `uint32_t\'. */
|
||||
@%:@undef HAVE_UINT32_T])
|
||||
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT64_T])
|
||||
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_UINT64_T$])
|
||||
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_UINT64_T], [/* Define to 1 if the system has the type `uint64_t\'. */
|
||||
@%:@undef HAVE_UINT64_T])
|
||||
m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT8_T])
|
||||
m4trace:configure.ac:184: -1- m4_pattern_allow([^HAVE_INT8_T$])
|
||||
m4trace:configure.ac:184: -1- AH_OUTPUT([HAVE_INT8_T], [/* Define to 1 if the system has the type `int8_t\'. */
|
||||
@%:@undef HAVE_INT8_T])
|
||||
m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT16_T])
|
||||
m4trace:configure.ac:184: -1- m4_pattern_allow([^HAVE_INT16_T$])
|
||||
m4trace:configure.ac:184: -1- AH_OUTPUT([HAVE_INT16_T], [/* Define to 1 if the system has the type `int16_t\'. */
|
||||
@%:@undef HAVE_INT16_T])
|
||||
m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT32_T])
|
||||
m4trace:configure.ac:184: -1- m4_pattern_allow([^HAVE_INT32_T$])
|
||||
m4trace:configure.ac:184: -1- AH_OUTPUT([HAVE_INT32_T], [/* Define to 1 if the system has the type `int32_t\'. */
|
||||
@%:@undef HAVE_INT32_T])
|
||||
m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
|
||||
m4trace:configure.ac:184: -1- m4_pattern_allow([^HAVE_INT64_T$])
|
||||
m4trace:configure.ac:184: -1- AH_OUTPUT([HAVE_INT64_T], [/* Define to 1 if the system has the type `int64_t\'. */
|
||||
@%:@undef HAVE_INT64_T])
|
||||
m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([HAVE_BOOLEAN])
|
||||
m4trace:configure.ac:184: -1- m4_pattern_allow([^HAVE_BOOLEAN$])
|
||||
m4trace:configure.ac:184: -1- AH_OUTPUT([HAVE_BOOLEAN], [/* Define to 1 if the system has the type `boolean\'. */
|
||||
@%:@undef HAVE_BOOLEAN])
|
||||
m4trace:configure.ac:187: -1- AC_DEFINE_TRACE_LITERAL([HAVE__BOOL])
|
||||
m4trace:configure.ac:187: -1- m4_pattern_allow([^HAVE__BOOL$])
|
||||
m4trace:configure.ac:187: -1- AH_OUTPUT([HAVE__BOOL], [/* Define to 1 if the system has the type `_Bool\'. */
|
||||
@%:@undef HAVE__BOOL])
|
||||
m4trace:configure.ac:187: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDBOOL_H])
|
||||
m4trace:configure.ac:187: -1- m4_pattern_allow([^HAVE_STDBOOL_H$])
|
||||
m4trace:configure.ac:187: -1- AH_OUTPUT([HAVE_STDBOOL_H], [/* Define to 1 if stdbool.h conforms to C99. */
|
||||
@%:@undef HAVE_STDBOOL_H])
|
||||
m4trace:configure.ac:188: -1- AC_DEFINE_TRACE_LITERAL([size_t])
|
||||
m4trace:configure.ac:188: -1- m4_pattern_allow([^size_t$])
|
||||
m4trace:configure.ac:188: -1- AH_OUTPUT([size_t], [/* Define to `unsigned int\' if <sys/types.h> does not define. */
|
||||
@%:@undef size_t])
|
||||
m4trace:configure.ac:189: -1- AC_DEFINE_TRACE_LITERAL([uint16_t])
|
||||
m4trace:configure.ac:189: -1- m4_pattern_allow([^uint16_t$])
|
||||
m4trace:configure.ac:189: -1- AH_OUTPUT([uint16_t], [/* Define to the type of an unsigned integer type of width exactly 16 bits if
|
||||
such a type exists and the standard includes do not define it. */
|
||||
@%:@undef uint16_t])
|
||||
m4trace:configure.ac:190: -1- AC_DEFINE_TRACE_LITERAL([_UINT32_T])
|
||||
m4trace:configure.ac:190: -1- m4_pattern_allow([^_UINT32_T$])
|
||||
m4trace:configure.ac:190: -1- AH_OUTPUT([_UINT32_T], [/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
|
||||
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
|
||||
@%:@define below would cause a syntax error. */
|
||||
@%:@undef _UINT32_T])
|
||||
m4trace:configure.ac:190: -1- AC_DEFINE_TRACE_LITERAL([uint32_t])
|
||||
m4trace:configure.ac:190: -1- m4_pattern_allow([^uint32_t$])
|
||||
m4trace:configure.ac:190: -1- AH_OUTPUT([uint32_t], [/* Define to the type of an unsigned integer type of width exactly 32 bits if
|
||||
such a type exists and the standard includes do not define it. */
|
||||
@%:@undef uint32_t])
|
||||
m4trace:configure.ac:191: -1- AC_DEFINE_TRACE_LITERAL([_UINT8_T])
|
||||
m4trace:configure.ac:191: -1- m4_pattern_allow([^_UINT8_T$])
|
||||
m4trace:configure.ac:191: -1- AH_OUTPUT([_UINT8_T], [/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
|
||||
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
|
||||
@%:@define below would cause a syntax error. */
|
||||
@%:@undef _UINT8_T])
|
||||
m4trace:configure.ac:191: -1- AC_DEFINE_TRACE_LITERAL([uint8_t])
|
||||
m4trace:configure.ac:191: -1- m4_pattern_allow([^uint8_t$])
|
||||
m4trace:configure.ac:191: -1- AH_OUTPUT([uint8_t], [/* Define to the type of an unsigned integer type of width exactly 8 bits if
|
||||
such a type exists and the standard includes do not define it. */
|
||||
@%:@undef uint8_t])
|
||||
m4trace:configure.ac:192: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PTRDIFF_T])
|
||||
m4trace:configure.ac:192: -1- m4_pattern_allow([^HAVE_PTRDIFF_T$])
|
||||
m4trace:configure.ac:192: -1- AH_OUTPUT([HAVE_PTRDIFF_T], [/* Define to 1 if the system has the type `ptrdiff_t\'. */
|
||||
@%:@undef HAVE_PTRDIFF_T])
|
||||
m4trace:configure.ac:195: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
|
||||
@%:@undef HAVE_STDLIB_H])
|
||||
m4trace:configure.ac:195: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDLIB_H])
|
||||
m4trace:configure.ac:195: -1- m4_pattern_allow([^HAVE_STDLIB_H$])
|
||||
m4trace:configure.ac:195: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MALLOC])
|
||||
m4trace:configure.ac:195: -1- m4_pattern_allow([^HAVE_MALLOC$])
|
||||
m4trace:configure.ac:195: -1- AH_OUTPUT([HAVE_MALLOC], [/* Define to 1 if your system has a GNU libc compatible `malloc\' function, and
|
||||
to 0 otherwise. */
|
||||
@%:@undef HAVE_MALLOC])
|
||||
m4trace:configure.ac:195: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MALLOC])
|
||||
m4trace:configure.ac:195: -1- m4_pattern_allow([^HAVE_MALLOC$])
|
||||
m4trace:configure.ac:195: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS malloc.$ac_objext"])
|
||||
m4trace:configure.ac:195: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
|
||||
m4trace:configure.ac:195: -1- m4_pattern_allow([^LIB@&t@OBJS$])
|
||||
m4trace:configure.ac:195: -1- AC_LIBSOURCE([malloc.c])
|
||||
m4trace:configure.ac:195: -1- AC_DEFINE_TRACE_LITERAL([malloc])
|
||||
m4trace:configure.ac:195: -1- m4_pattern_allow([^malloc$])
|
||||
m4trace:configure.ac:195: -1- AH_OUTPUT([malloc], [/* Define to rpl_malloc if the replacement function should be used. */
|
||||
@%:@undef malloc])
|
||||
m4trace:configure.ac:196: -1- AC_DEFINE_TRACE_LITERAL([TIME_WITH_SYS_TIME])
|
||||
m4trace:configure.ac:196: -1- m4_pattern_allow([^TIME_WITH_SYS_TIME$])
|
||||
m4trace:configure.ac:196: -1- AH_OUTPUT([TIME_WITH_SYS_TIME], [/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
|
||||
@%:@undef TIME_WITH_SYS_TIME])
|
||||
m4trace:configure.ac:196: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */
|
||||
@%:@undef HAVE_SYS_TIME_H])
|
||||
m4trace:configure.ac:196: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
|
||||
@%:@undef HAVE_UNISTD_H])
|
||||
m4trace:configure.ac:196: -1- AH_OUTPUT([HAVE_ALARM], [/* Define to 1 if you have the `alarm\' function. */
|
||||
@%:@undef HAVE_ALARM])
|
||||
m4trace:configure.ac:196: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS mktime.$ac_objext"])
|
||||
m4trace:configure.ac:196: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
|
||||
m4trace:configure.ac:196: -1- m4_pattern_allow([^LIB@&t@OBJS$])
|
||||
m4trace:configure.ac:196: -1- AC_LIBSOURCE([mktime.c])
|
||||
m4trace:configure.ac:197: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
|
||||
@%:@undef HAVE_STDLIB_H])
|
||||
m4trace:configure.ac:197: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDLIB_H])
|
||||
m4trace:configure.ac:197: -1- m4_pattern_allow([^HAVE_STDLIB_H$])
|
||||
m4trace:configure.ac:197: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOC])
|
||||
m4trace:configure.ac:197: -1- m4_pattern_allow([^HAVE_REALLOC$])
|
||||
m4trace:configure.ac:197: -1- AH_OUTPUT([HAVE_REALLOC], [/* Define to 1 if your system has a GNU libc compatible `realloc\' function,
|
||||
and to 0 otherwise. */
|
||||
@%:@undef HAVE_REALLOC])
|
||||
m4trace:configure.ac:197: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOC])
|
||||
m4trace:configure.ac:197: -1- m4_pattern_allow([^HAVE_REALLOC$])
|
||||
m4trace:configure.ac:197: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS realloc.$ac_objext"])
|
||||
m4trace:configure.ac:197: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
|
||||
m4trace:configure.ac:197: -1- m4_pattern_allow([^LIB@&t@OBJS$])
|
||||
m4trace:configure.ac:197: -1- AC_LIBSOURCE([realloc.c])
|
||||
m4trace:configure.ac:197: -1- AC_DEFINE_TRACE_LITERAL([realloc])
|
||||
m4trace:configure.ac:197: -1- m4_pattern_allow([^realloc$])
|
||||
m4trace:configure.ac:197: -1- AH_OUTPUT([realloc], [/* Define to rpl_realloc if the replacement function should be used. */
|
||||
@%:@undef realloc])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the `memmove\' function. */
|
||||
@%:@undef HAVE_MEMMOVE])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_MEMSET], [/* Define to 1 if you have the `memset\' function. */
|
||||
@%:@undef HAVE_MEMSET])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_REGCOMP], [/* Define to 1 if you have the `regcomp\' function. */
|
||||
@%:@undef HAVE_REGCOMP])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_STRCASECMP], [/* Define to 1 if you have the `strcasecmp\' function. */
|
||||
@%:@undef HAVE_STRCASECMP])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_STRDUP], [/* Define to 1 if you have the `strdup\' function. */
|
||||
@%:@undef HAVE_STRDUP])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_STRSTR], [/* Define to 1 if you have the `strstr\' function. */
|
||||
@%:@undef HAVE_STRSTR])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_STRTOL], [/* Define to 1 if you have the `strtol\' function. */
|
||||
@%:@undef HAVE_STRTOL])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_STRTOUL], [/* Define to 1 if you have the `strtoul\' function. */
|
||||
@%:@undef HAVE_STRTOUL])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_SOCKET], [/* Define to 1 if you have the `socket\' function. */
|
||||
@%:@undef HAVE_SOCKET])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_BIND], [/* Define to 1 if you have the `bind\' function. */
|
||||
@%:@undef HAVE_BIND])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_LISTEN], [/* Define to 1 if you have the `listen\' function. */
|
||||
@%:@undef HAVE_LISTEN])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_ACCEPT], [/* Define to 1 if you have the `accept\' function. */
|
||||
@%:@undef HAVE_ACCEPT])
|
||||
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_CONNECT], [/* Define to 1 if you have the `connect\' function. */
|
||||
@%:@undef HAVE_CONNECT])
|
||||
m4trace:configure.ac:200: -1- AC_DEFINE_TRACE_LITERAL([VERSION])
|
||||
m4trace:configure.ac:200: -1- m4_pattern_allow([^VERSION$])
|
||||
m4trace:configure.ac:200: -1- AH_OUTPUT([VERSION], [/* Module version */
|
||||
@%:@undef VERSION])
|
||||
m4trace:configure.ac:201: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE])
|
||||
m4trace:configure.ac:201: -1- m4_pattern_allow([^PACKAGE$])
|
||||
m4trace:configure.ac:201: -1- AH_OUTPUT([PACKAGE], [/* Package name */
|
||||
@%:@undef PACKAGE])
|
||||
m4trace:configure.ac:202: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT])
|
||||
m4trace:configure.ac:202: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
|
||||
m4trace:configure.ac:202: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Bug report address */
|
||||
@%:@undef PACKAGE_BUGREPORT])
|
||||
m4trace:configure.ac:203: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME])
|
||||
m4trace:configure.ac:203: -1- m4_pattern_allow([^PACKAGE_NAME$])
|
||||
m4trace:configure.ac:203: -1- AH_OUTPUT([PACKAGE_NAME], [/* Package full name */
|
||||
@%:@undef PACKAGE_NAME])
|
||||
m4trace:configure.ac:204: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING])
|
||||
m4trace:configure.ac:204: -1- m4_pattern_allow([^PACKAGE_STRING$])
|
||||
m4trace:configure.ac:204: -1- AH_OUTPUT([PACKAGE_STRING], [/* Package string */
|
||||
@%:@undef PACKAGE_STRING])
|
||||
m4trace:configure.ac:205: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME])
|
||||
m4trace:configure.ac:205: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
|
||||
m4trace:configure.ac:205: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Package tarname */
|
||||
@%:@undef PACKAGE_TARNAME])
|
||||
m4trace:configure.ac:206: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION])
|
||||
m4trace:configure.ac:206: -1- m4_pattern_allow([^PACKAGE_VERSION$])
|
||||
m4trace:configure.ac:206: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Package version */
|
||||
@%:@undef PACKAGE_VERSION])
|
||||
m4trace:configure.ac:207: -1- AC_DEFINE_TRACE_LITERAL([SUP_IP6])
|
||||
m4trace:configure.ac:207: -1- m4_pattern_allow([^SUP_IP6$])
|
||||
m4trace:configure.ac:207: -1- AH_OUTPUT([SUP_IP6], [/* Use SUP_IP6 */
|
||||
@%:@undef SUP_IP6])
|
||||
m4trace:configure.ac:209: -1- AC_DEFINE_TRACE_LITERAL([HAVE_VISIBILITY])
|
||||
m4trace:configure.ac:209: -1- m4_pattern_allow([^HAVE_VISIBILITY$])
|
||||
m4trace:configure.ac:209: -1- AH_OUTPUT([HAVE_VISIBILITY], [/* Check if the compiler supports visibility */
|
||||
@%:@undef HAVE_VISIBILITY])
|
||||
m4trace:configure.ac:210: -1- AC_DEFINE_TRACE_LITERAL([PREFIX])
|
||||
m4trace:configure.ac:210: -1- m4_pattern_allow([^PREFIX$])
|
||||
m4trace:configure.ac:210: -1- AH_OUTPUT([PREFIX], [/* Installation prefix */
|
||||
@%:@undef PREFIX])
|
||||
m4trace:configure.ac:212: -1- AC_CONFIG_FILES([Makefile])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
|
||||
m4trace:configure.ac:213: -1- m4_pattern_allow([^LIB@&t@OBJS$])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([LTLIBOBJS])
|
||||
m4trace:configure.ac:213: -1- m4_pattern_allow([^LTLIBOBJS$])
|
||||
m4trace:configure.ac:213: -1- AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST([am__EXEEXT_TRUE])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([am__EXEEXT_TRUE])
|
||||
m4trace:configure.ac:213: -1- m4_pattern_allow([^am__EXEEXT_TRUE$])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST([am__EXEEXT_FALSE])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([am__EXEEXT_FALSE])
|
||||
m4trace:configure.ac:213: -1- m4_pattern_allow([^am__EXEEXT_FALSE$])
|
||||
m4trace:configure.ac:213: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_TRUE])
|
||||
m4trace:configure.ac:213: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_FALSE])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([top_builddir])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([top_build_prefix])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([srcdir])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([abs_srcdir])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([top_srcdir])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([abs_top_srcdir])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([builddir])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([abs_builddir])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([abs_top_builddir])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([INSTALL])
|
||||
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([MKDIR_P])
|
||||
m4trace:configure.ac:213: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])
|
|
@ -97,7 +97,7 @@ AI_alert_bayesian_correlation ( const AI_snort_alert *a, const AI_snort_alert *b
|
|||
unsigned int corr_count = 0,
|
||||
corr_count_a = 0;
|
||||
|
||||
BOOL is_a_correlated = false;
|
||||
bool is_a_correlated = false;
|
||||
AI_bayesian_correlation_key bayesian_key;
|
||||
AI_bayesian_correlation *found = NULL;
|
||||
|
||||
|
@ -181,4 +181,3 @@ AI_alert_bayesian_correlation ( const AI_snort_alert *a, const AI_snort_alert *b
|
|||
} /* ----- end of function AI_alert_bayesian_correlation ----- */
|
||||
|
||||
/** @} */
|
||||
|
||||
|
|
|
@ -68,7 +68,7 @@ __AI_heuristic_func ( cluster_type type )
|
|||
attribute_value *value = NULL;
|
||||
attribute_value *found = NULL;
|
||||
int max = 0;
|
||||
|
||||
|
||||
if ( type == none || !alert_log || !h_root[type] )
|
||||
return -1;
|
||||
|
||||
|
@ -200,7 +200,7 @@ __AI_get_min_hierarchy_node ( int val, hierarchy_node *root )
|
|||
|
||||
if ( !next )
|
||||
return root;
|
||||
|
||||
|
||||
return __AI_get_min_hierarchy_node ( val, next );
|
||||
} /* ----- end of function __AI_get_min_hierarchy_node ----- */
|
||||
|
||||
|
@ -211,7 +211,7 @@ __AI_get_min_hierarchy_node ( int val, hierarchy_node *root )
|
|||
* \return True if they are equal, false otherwise
|
||||
*/
|
||||
|
||||
PRIVATE BOOL
|
||||
PRIVATE bool
|
||||
__AI_equal_alerts ( AI_snort_alert *a1, AI_snort_alert *a2 )
|
||||
{
|
||||
if ( a1->gid != a2->gid || a1->sid != a2->sid || a1->rev != a2->rev )
|
||||
|
@ -470,7 +470,7 @@ __AI_cluster_thread ( void* arg )
|
|||
AI_free_alerts ( alert_log );
|
||||
alert_log = NULL;
|
||||
}
|
||||
|
||||
|
||||
/* get_alerts() is a function pointer that can point to the function for getting the alerts from
|
||||
* the plain alert log file or from the database. Calling it the source of the alerts is
|
||||
* completely transparent to this level */
|
||||
|
@ -599,11 +599,11 @@ __AI_cluster_thread ( void* arg )
|
|||
* \return True if 'node' is already in 'root', false otherwise
|
||||
*/
|
||||
|
||||
PRIVATE BOOL
|
||||
PRIVATE bool
|
||||
__AI_check_duplicate ( hierarchy_node *node, hierarchy_node *root )
|
||||
{
|
||||
int i;
|
||||
|
||||
|
||||
if ( !node || !root )
|
||||
return false;
|
||||
|
||||
|
@ -651,7 +651,7 @@ AI_hierarchies_build ( hierarchy_node **nodes, int n_nodes )
|
|||
case dst_addr:
|
||||
if ( !h_root[ nodes[i]->type ] )
|
||||
h_root[ nodes[i]->type ] = __AI_hierarchy_node_new ( "0.0.0.0/0", 0x0, 0xffffffff );
|
||||
|
||||
|
||||
min_range = 0xffffffff;
|
||||
break;
|
||||
|
||||
|
@ -754,4 +754,3 @@ AI_get_clustered_alerts ()
|
|||
} /* ----- end of function AI_get_clustered_alerts ----- */
|
||||
|
||||
/** @} */
|
||||
|
||||
|
|
|
@ -0,0 +1,347 @@
|
|||
#! /bin/sh
|
||||
# Wrapper for compilers which do not understand '-c -o'.
|
||||
|
||||
scriptversion=2012-10-14.11; # UTC
|
||||
|
||||
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
|
||||
# Written by Tom Tromey <tromey@cygnus.com>.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2, or (at your option)
|
||||
# any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
# configuration script generated by Autoconf, you may include it under
|
||||
# the same distribution terms that you use for the rest of that program.
|
||||
|
||||
# This file is maintained in Automake, please report
|
||||
# bugs to <bug-automake@gnu.org> or send patches to
|
||||
# <automake-patches@gnu.org>.
|
||||
|
||||
nl='
|
||||
'
|
||||
|
||||
# We need space, tab and new line, in precisely that order. Quoting is
|
||||
# there to prevent tools from complaining about whitespace usage.
|
||||
IFS=" "" $nl"
|
||||
|
||||
file_conv=
|
||||
|
||||
# func_file_conv build_file lazy
|
||||
# Convert a $build file to $host form and store it in $file
|
||||
# Currently only supports Windows hosts. If the determined conversion
|
||||
# type is listed in (the comma separated) LAZY, no conversion will
|
||||
# take place.
|
||||
func_file_conv ()
|
||||
{
|
||||
file=$1
|
||||
case $file in
|
||||
/ | /[!/]*) # absolute file, and not a UNC file
|
||||
if test -z "$file_conv"; then
|
||||
# lazily determine how to convert abs files
|
||||
case `uname -s` in
|
||||
MINGW*)
|
||||
file_conv=mingw
|
||||
;;
|
||||
CYGWIN*)
|
||||
file_conv=cygwin
|
||||
;;
|
||||
*)
|
||||
file_conv=wine
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
case $file_conv/,$2, in
|
||||
*,$file_conv,*)
|
||||
;;
|
||||
mingw/*)
|
||||
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
|
||||
;;
|
||||
cygwin/*)
|
||||
file=`cygpath -m "$file" || echo "$file"`
|
||||
;;
|
||||
wine/*)
|
||||
file=`winepath -w "$file" || echo "$file"`
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
# func_cl_dashL linkdir
|
||||
# Make cl look for libraries in LINKDIR
|
||||
func_cl_dashL ()
|
||||
{
|
||||
func_file_conv "$1"
|
||||
if test -z "$lib_path"; then
|
||||
lib_path=$file
|
||||
else
|
||||
lib_path="$lib_path;$file"
|
||||
fi
|
||||
linker_opts="$linker_opts -LIBPATH:$file"
|
||||
}
|
||||
|
||||
# func_cl_dashl library
|
||||
# Do a library search-path lookup for cl
|
||||
func_cl_dashl ()
|
||||
{
|
||||
lib=$1
|
||||
found=no
|
||||
save_IFS=$IFS
|
||||
IFS=';'
|
||||
for dir in $lib_path $LIB
|
||||
do
|
||||
IFS=$save_IFS
|
||||
if $shared && test -f "$dir/$lib.dll.lib"; then
|
||||
found=yes
|
||||
lib=$dir/$lib.dll.lib
|
||||
break
|
||||
fi
|
||||
if test -f "$dir/$lib.lib"; then
|
||||
found=yes
|
||||
lib=$dir/$lib.lib
|
||||
break
|
||||
fi
|
||||
if test -f "$dir/lib$lib.a"; then
|
||||
found=yes
|
||||
lib=$dir/lib$lib.a
|
||||
break
|
||||
fi
|
||||
done
|
||||
IFS=$save_IFS
|
||||
|
||||
if test "$found" != yes; then
|
||||
lib=$lib.lib
|
||||
fi
|
||||
}
|
||||
|
||||
# func_cl_wrapper cl arg...
|
||||
# Adjust compile command to suit cl
|
||||
func_cl_wrapper ()
|
||||
{
|
||||
# Assume a capable shell
|
||||
lib_path=
|
||||
shared=:
|
||||
linker_opts=
|
||||
for arg
|
||||
do
|
||||
if test -n "$eat"; then
|
||||
eat=
|
||||
else
|
||||
case $1 in
|
||||
-o)
|
||||
# configure might choose to run compile as 'compile cc -o foo foo.c'.
|
||||
eat=1
|
||||
case $2 in
|
||||
*.o | *.[oO][bB][jJ])
|
||||
func_file_conv "$2"
|
||||
set x "$@" -Fo"$file"
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
func_file_conv "$2"
|
||||
set x "$@" -Fe"$file"
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
-I)
|
||||
eat=1
|
||||
func_file_conv "$2" mingw
|
||||
set x "$@" -I"$file"
|
||||
shift
|
||||
;;
|
||||
-I*)
|
||||
func_file_conv "${1#-I}" mingw
|
||||
set x "$@" -I"$file"
|
||||
shift
|
||||
;;
|
||||
-l)
|
||||
eat=1
|
||||
func_cl_dashl "$2"
|
||||
set x "$@" "$lib"
|
||||
shift
|
||||
;;
|
||||
-l*)
|
||||
func_cl_dashl "${1#-l}"
|
||||
set x "$@" "$lib"
|
||||
shift
|
||||
;;
|
||||
-L)
|
||||
eat=1
|
||||
func_cl_dashL "$2"
|
||||
;;
|
||||
-L*)
|
||||
func_cl_dashL "${1#-L}"
|
||||
;;
|
||||
-static)
|
||||
shared=false
|
||||
;;
|
||||
-Wl,*)
|
||||
arg=${1#-Wl,}
|
||||
save_ifs="$IFS"; IFS=','
|
||||
for flag in $arg; do
|
||||
IFS="$save_ifs"
|
||||
linker_opts="$linker_opts $flag"
|
||||
done
|
||||
IFS="$save_ifs"
|
||||
;;
|
||||
-Xlinker)
|
||||
eat=1
|
||||
linker_opts="$linker_opts $2"
|
||||
;;
|
||||
-*)
|
||||
set x "$@" "$1"
|
||||
shift
|
||||
;;
|
||||
*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
|
||||
func_file_conv "$1"
|
||||
set x "$@" -Tp"$file"
|
||||
shift
|
||||
;;
|
||||
*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
|
||||
func_file_conv "$1" mingw
|
||||
set x "$@" "$file"
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
set x "$@" "$1"
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
shift
|
||||
done
|
||||
if test -n "$linker_opts"; then
|
||||
linker_opts="-link$linker_opts"
|
||||
fi
|
||||
exec "$@" $linker_opts
|
||||
exit 1
|
||||
}
|
||||
|
||||
eat=
|
||||
|
||||
case $1 in
|
||||
'')
|
||||
echo "$0: No command. Try '$0 --help' for more information." 1>&2
|
||||
exit 1;
|
||||
;;
|
||||
-h | --h*)
|
||||
cat <<\EOF
|
||||
Usage: compile [--help] [--version] PROGRAM [ARGS]
|
||||
|
||||
Wrapper for compilers which do not understand '-c -o'.
|
||||
Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
|
||||
arguments, and rename the output as expected.
|
||||
|
||||
If you are trying to build a whole package this is not the
|
||||
right script to run: please start by reading the file 'INSTALL'.
|
||||
|
||||
Report bugs to <bug-automake@gnu.org>.
|
||||
EOF
|
||||
exit $?
|
||||
;;
|
||||
-v | --v*)
|
||||
echo "compile $scriptversion"
|
||||
exit $?
|
||||
;;
|
||||
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
|
||||
func_cl_wrapper "$@" # Doesn't return...
|
||||
;;
|
||||
esac
|
||||
|
||||
ofile=
|
||||
cfile=
|
||||
|
||||
for arg
|
||||
do
|
||||
if test -n "$eat"; then
|
||||
eat=
|
||||
else
|
||||
case $1 in
|
||||
-o)
|
||||
# configure might choose to run compile as 'compile cc -o foo foo.c'.
|
||||
# So we strip '-o arg' only if arg is an object.
|
||||
eat=1
|
||||
case $2 in
|
||||
*.o | *.obj)
|
||||
ofile=$2
|
||||
;;
|
||||
*)
|
||||
set x "$@" -o "$2"
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*.c)
|
||||
cfile=$1
|
||||
set x "$@" "$1"
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
set x "$@" "$1"
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
shift
|
||||
done
|
||||
|
||||
if test -z "$ofile" || test -z "$cfile"; then
|
||||
# If no '-o' option was seen then we might have been invoked from a
|
||||
# pattern rule where we don't need one. That is ok -- this is a
|
||||
# normal compilation that the losing compiler can handle. If no
|
||||
# '.c' file was seen then we are probably linking. That is also
|
||||
# ok.
|
||||
exec "$@"
|
||||
fi
|
||||
|
||||
# Name of file we expect compiler to create.
|
||||
cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
|
||||
|
||||
# Create the lock directory.
|
||||
# Note: use '[/\\:.-]' here to ensure that we don't use the same name
|
||||
# that we are using for the .o file. Also, base the name on the expected
|
||||
# object file name, since that is what matters with a parallel build.
|
||||
lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
|
||||
while true; do
|
||||
if mkdir "$lockdir" >/dev/null 2>&1; then
|
||||
break
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
# FIXME: race condition here if user kills between mkdir and trap.
|
||||
trap "rmdir '$lockdir'; exit 1" 1 2 15
|
||||
|
||||
# Run the compile.
|
||||
"$@"
|
||||
ret=$?
|
||||
|
||||
if test -f "$cofile"; then
|
||||
test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
|
||||
elif test -f "${cofile}bj"; then
|
||||
test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
|
||||
fi
|
||||
|
||||
rmdir "$lockdir"
|
||||
exit $ret
|
||||
|
||||
# Local Variables:
|
||||
# mode: shell-script
|
||||
# sh-indentation: 2
|
||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||
# time-stamp-start: "scriptversion="
|
||||
# time-stamp-format: "%:y-%02m-%02d.%02H"
|
||||
# time-stamp-time-zone: "UTC"
|
||||
# time-stamp-end: "; # UTC"
|
||||
# End:
|
|
@ -1,14 +1,12 @@
|
|||
#! /bin/sh
|
||||
# Attempt to guess a canonical system name.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
|
||||
# Free Software Foundation, Inc.
|
||||
# Copyright 1992-2015 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2009-11-20'
|
||||
timestamp='2015-08-20'
|
||||
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
|
@ -17,26 +15,22 @@ timestamp='2009-11-20'
|
|||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
|
||||
# 02110-1301, USA.
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
# configuration script generated by Autoconf, you may include it under
|
||||
# the same distribution terms that you use for the rest of that program.
|
||||
|
||||
|
||||
# Originally written by Per Bothner. Please send patches (context
|
||||
# diff format) to <config-patches@gnu.org> and include a ChangeLog
|
||||
# entry.
|
||||
# the same distribution terms that you use for the rest of that
|
||||
# program. This Exception is an additional permission under section 7
|
||||
# of the GNU General Public License, version 3 ("GPLv3").
|
||||
#
|
||||
# This script attempts to guess a canonical system name similar to
|
||||
# config.sub. If it succeeds, it prints the system name on stdout, and
|
||||
# exits with 0. Otherwise, it exits with 1.
|
||||
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
|
||||
#
|
||||
# You can get the latest version of this script from:
|
||||
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
|
||||
#
|
||||
# Please send patches to <config-patches@gnu.org>.
|
||||
|
||||
|
||||
me=`echo "$0" | sed -e 's,.*/,,'`
|
||||
|
||||
|
@ -56,8 +50,7 @@ version="\
|
|||
GNU config.guess ($timestamp)
|
||||
|
||||
Originally written by Per Bothner.
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
|
||||
2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||
Copyright 1992-2015 Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
|
@ -139,12 +132,33 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
|
|||
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
|
||||
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
|
||||
|
||||
case "${UNAME_SYSTEM}" in
|
||||
Linux|GNU|GNU/*)
|
||||
# If the system lacks a compiler, then just pick glibc.
|
||||
# We could probably try harder.
|
||||
LIBC=gnu
|
||||
|
||||
eval $set_cc_for_build
|
||||
cat <<-EOF > $dummy.c
|
||||
#include <features.h>
|
||||
#if defined(__UCLIBC__)
|
||||
LIBC=uclibc
|
||||
#elif defined(__dietlibc__)
|
||||
LIBC=dietlibc
|
||||
#else
|
||||
LIBC=gnu
|
||||
#endif
|
||||
EOF
|
||||
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
|
||||
;;
|
||||
esac
|
||||
|
||||
# Note: order is significant - the case branches are not exclusive.
|
||||
|
||||
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
*:NetBSD:*:*)
|
||||
# NetBSD (nbsd) targets should (where applicable) match one or
|
||||
# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
|
||||
# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
|
||||
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
|
||||
# switched to ELF, *-*-netbsd* would select the old
|
||||
# object file format. This provides both forward
|
||||
|
@ -154,20 +168,27 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
|||
# Note: NetBSD doesn't particularly care about the vendor
|
||||
# portion of the name. We always set it to "unknown".
|
||||
sysctl="sysctl -n hw.machine_arch"
|
||||
UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
|
||||
/usr/sbin/$sysctl 2>/dev/null || echo unknown)`
|
||||
UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
|
||||
/sbin/$sysctl 2>/dev/null || \
|
||||
/usr/sbin/$sysctl 2>/dev/null || \
|
||||
echo unknown)`
|
||||
case "${UNAME_MACHINE_ARCH}" in
|
||||
armeb) machine=armeb-unknown ;;
|
||||
arm*) machine=arm-unknown ;;
|
||||
sh3el) machine=shl-unknown ;;
|
||||
sh3eb) machine=sh-unknown ;;
|
||||
sh5el) machine=sh5le-unknown ;;
|
||||
earmv*)
|
||||
arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
|
||||
endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
|
||||
machine=${arch}${endian}-unknown
|
||||
;;
|
||||
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
|
||||
esac
|
||||
# The Operating System including object format, if it has switched
|
||||
# to ELF recently, or will in the future.
|
||||
case "${UNAME_MACHINE_ARCH}" in
|
||||
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
|
||||
arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
|
||||
eval $set_cc_for_build
|
||||
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
|
||||
| grep -q __ELF__
|
||||
|
@ -180,7 +201,14 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
|||
fi
|
||||
;;
|
||||
*)
|
||||
os=netbsd
|
||||
os=netbsd
|
||||
;;
|
||||
esac
|
||||
# Determine ABI tags.
|
||||
case "${UNAME_MACHINE_ARCH}" in
|
||||
earm*)
|
||||
expr='s/^earmv[0-9]/-eabi/;s/eb$//'
|
||||
abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
|
||||
;;
|
||||
esac
|
||||
# The OS release
|
||||
|
@ -193,13 +221,17 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
|||
release='-gnu'
|
||||
;;
|
||||
*)
|
||||
release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
|
||||
release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
|
||||
;;
|
||||
esac
|
||||
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
|
||||
# contains redundant information, the shorter form:
|
||||
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
|
||||
echo "${machine}-${os}${release}"
|
||||
echo "${machine}-${os}${release}${abi}"
|
||||
exit ;;
|
||||
*:Bitrig:*:*)
|
||||
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
|
||||
echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:OpenBSD:*:*)
|
||||
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
|
||||
|
@ -217,13 +249,16 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
|||
*:MirBSD:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:Sortix:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-sortix
|
||||
exit ;;
|
||||
alpha:OSF1:*:*)
|
||||
case $UNAME_RELEASE in
|
||||
*4.0)
|
||||
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
|
||||
;;
|
||||
*5.*)
|
||||
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
|
||||
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
|
||||
;;
|
||||
esac
|
||||
# According to Compaq, /usr/sbin/psrinfo has been available on
|
||||
|
@ -269,7 +304,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
|||
# A Xn.n version is an unreleased experimental baselevel.
|
||||
# 1.2 uses "1.2" for uname -r.
|
||||
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
|
||||
exit ;;
|
||||
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
|
||||
exitcode=$?
|
||||
trap '' 0
|
||||
exit $exitcode ;;
|
||||
Alpha\ *:Windows_NT*:*)
|
||||
# How do we know it's Interix rather than the generic POSIX subsystem?
|
||||
# Should we change UNAME_MACHINE based on the output of uname instead
|
||||
|
@ -295,12 +333,12 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
|||
echo s390-ibm-zvmoe
|
||||
exit ;;
|
||||
*:OS400:*:*)
|
||||
echo powerpc-ibm-os400
|
||||
echo powerpc-ibm-os400
|
||||
exit ;;
|
||||
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
|
||||
echo arm-acorn-riscix${UNAME_RELEASE}
|
||||
exit ;;
|
||||
arm:riscos:*:*|arm:RISCOS:*:*)
|
||||
arm*:riscos:*:*|arm*:RISCOS:*:*)
|
||||
echo arm-unknown-riscos
|
||||
exit ;;
|
||||
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
|
||||
|
@ -394,23 +432,23 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
|||
# MiNT. But MiNT is downward compatible to TOS, so this should
|
||||
# be no problem.
|
||||
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
exit ;;
|
||||
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
|
||||
echo m68k-milan-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
echo m68k-milan-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
|
||||
echo m68k-hades-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
echo m68k-hades-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
|
||||
echo m68k-unknown-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
echo m68k-unknown-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
m68k:machten:*:*)
|
||||
echo m68k-apple-machten${UNAME_RELEASE}
|
||||
exit ;;
|
||||
|
@ -480,8 +518,8 @@ EOF
|
|||
echo m88k-motorola-sysv3
|
||||
exit ;;
|
||||
AViiON:dgux:*:*)
|
||||
# DG/UX returns AViiON for all architectures
|
||||
UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
# DG/UX returns AViiON for all architectures
|
||||
UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
|
||||
then
|
||||
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
|
||||
|
@ -494,7 +532,7 @@ EOF
|
|||
else
|
||||
echo i586-dg-dgux${UNAME_RELEASE}
|
||||
fi
|
||||
exit ;;
|
||||
exit ;;
|
||||
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
|
||||
echo m88k-dolphin-sysv3
|
||||
exit ;;
|
||||
|
@ -551,15 +589,16 @@ EOF
|
|||
echo rs6000-ibm-aix3.2
|
||||
fi
|
||||
exit ;;
|
||||
*:AIX:*:[456])
|
||||
*:AIX:*:[4567])
|
||||
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
|
||||
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
|
||||
IBM_ARCH=rs6000
|
||||
else
|
||||
IBM_ARCH=powerpc
|
||||
fi
|
||||
if [ -x /usr/bin/oslevel ] ; then
|
||||
IBM_REV=`/usr/bin/oslevel`
|
||||
if [ -x /usr/bin/lslpp ] ; then
|
||||
IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
|
||||
awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
|
||||
else
|
||||
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
|
||||
fi
|
||||
|
@ -594,52 +633,52 @@ EOF
|
|||
9000/[678][0-9][0-9])
|
||||
if [ -x /usr/bin/getconf ]; then
|
||||
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
|
||||
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
|
||||
case "${sc_cpu_version}" in
|
||||
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
|
||||
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
|
||||
532) # CPU_PA_RISC2_0
|
||||
case "${sc_kernel_bits}" in
|
||||
32) HP_ARCH="hppa2.0n" ;;
|
||||
64) HP_ARCH="hppa2.0w" ;;
|
||||
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
|
||||
case "${sc_cpu_version}" in
|
||||
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
|
||||
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
|
||||
532) # CPU_PA_RISC2_0
|
||||
case "${sc_kernel_bits}" in
|
||||
32) HP_ARCH="hppa2.0n" ;;
|
||||
64) HP_ARCH="hppa2.0w" ;;
|
||||
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
|
||||
esac ;;
|
||||
esac
|
||||
esac ;;
|
||||
esac
|
||||
fi
|
||||
if [ "${HP_ARCH}" = "" ]; then
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
|
||||
#define _HPUX_SOURCE
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#define _HPUX_SOURCE
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main ()
|
||||
{
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
long bits = sysconf(_SC_KERNEL_BITS);
|
||||
#endif
|
||||
long cpu = sysconf (_SC_CPU_VERSION);
|
||||
int main ()
|
||||
{
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
long bits = sysconf(_SC_KERNEL_BITS);
|
||||
#endif
|
||||
long cpu = sysconf (_SC_CPU_VERSION);
|
||||
|
||||
switch (cpu)
|
||||
{
|
||||
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
|
||||
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
|
||||
case CPU_PA_RISC2_0:
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
switch (bits)
|
||||
{
|
||||
case 64: puts ("hppa2.0w"); break;
|
||||
case 32: puts ("hppa2.0n"); break;
|
||||
default: puts ("hppa2.0"); break;
|
||||
} break;
|
||||
#else /* !defined(_SC_KERNEL_BITS) */
|
||||
puts ("hppa2.0"); break;
|
||||
#endif
|
||||
default: puts ("hppa1.0"); break;
|
||||
}
|
||||
exit (0);
|
||||
}
|
||||
switch (cpu)
|
||||
{
|
||||
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
|
||||
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
|
||||
case CPU_PA_RISC2_0:
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
switch (bits)
|
||||
{
|
||||
case 64: puts ("hppa2.0w"); break;
|
||||
case 32: puts ("hppa2.0n"); break;
|
||||
default: puts ("hppa2.0"); break;
|
||||
} break;
|
||||
#else /* !defined(_SC_KERNEL_BITS) */
|
||||
puts ("hppa2.0"); break;
|
||||
#endif
|
||||
default: puts ("hppa1.0"); break;
|
||||
}
|
||||
exit (0);
|
||||
}
|
||||
EOF
|
||||
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
|
||||
test -z "$HP_ARCH" && HP_ARCH=hppa
|
||||
|
@ -730,22 +769,22 @@ EOF
|
|||
exit ;;
|
||||
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
|
||||
echo c1-convex-bsd
|
||||
exit ;;
|
||||
exit ;;
|
||||
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
|
||||
if getsysinfo -f scalar_acc
|
||||
then echo c32-convex-bsd
|
||||
else echo c2-convex-bsd
|
||||
fi
|
||||
exit ;;
|
||||
exit ;;
|
||||
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
|
||||
echo c34-convex-bsd
|
||||
exit ;;
|
||||
exit ;;
|
||||
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
|
||||
echo c38-convex-bsd
|
||||
exit ;;
|
||||
exit ;;
|
||||
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
|
||||
echo c4-convex-bsd
|
||||
exit ;;
|
||||
exit ;;
|
||||
CRAY*Y-MP:*:*:*)
|
||||
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
|
||||
exit ;;
|
||||
|
@ -769,14 +808,14 @@ EOF
|
|||
exit ;;
|
||||
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
|
||||
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
|
||||
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
|
||||
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
5000:UNIX_System_V:4.*:*)
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
|
||||
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
|
||||
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
|
||||
|
@ -788,30 +827,35 @@ EOF
|
|||
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:FreeBSD:*:*)
|
||||
case ${UNAME_MACHINE} in
|
||||
pc98)
|
||||
echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
case ${UNAME_PROCESSOR} in
|
||||
amd64)
|
||||
echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
*)
|
||||
echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
esac
|
||||
exit ;;
|
||||
i*:CYGWIN*:*)
|
||||
echo ${UNAME_MACHINE}-pc-cygwin
|
||||
exit ;;
|
||||
*:MINGW64*:*)
|
||||
echo ${UNAME_MACHINE}-pc-mingw64
|
||||
exit ;;
|
||||
*:MINGW*:*)
|
||||
echo ${UNAME_MACHINE}-pc-mingw32
|
||||
exit ;;
|
||||
*:MSYS*:*)
|
||||
echo ${UNAME_MACHINE}-pc-msys
|
||||
exit ;;
|
||||
i*:windows32*:*)
|
||||
# uname -m includes "-pc" on this system.
|
||||
echo ${UNAME_MACHINE}-mingw32
|
||||
# uname -m includes "-pc" on this system.
|
||||
echo ${UNAME_MACHINE}-mingw32
|
||||
exit ;;
|
||||
i*:PW*:*)
|
||||
echo ${UNAME_MACHINE}-pc-pw32
|
||||
exit ;;
|
||||
*:Interix*:*)
|
||||
case ${UNAME_MACHINE} in
|
||||
case ${UNAME_MACHINE} in
|
||||
x86)
|
||||
echo i586-pc-interix${UNAME_RELEASE}
|
||||
exit ;;
|
||||
|
@ -848,15 +892,22 @@ EOF
|
|||
exit ;;
|
||||
*:GNU:*:*)
|
||||
# the GNU system
|
||||
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
|
||||
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
|
||||
exit ;;
|
||||
*:GNU/*:*:*)
|
||||
# other systems with GNU libc and userland
|
||||
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
|
||||
exit ;;
|
||||
i*86:Minix:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-minix
|
||||
exit ;;
|
||||
aarch64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
aarch64_be:Linux:*:*)
|
||||
UNAME_MACHINE=aarch64_be
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
alpha:Linux:*:*)
|
||||
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
|
||||
EV5) UNAME_MACHINE=alphaev5 ;;
|
||||
|
@ -866,52 +917,59 @@ EOF
|
|||
EV6) UNAME_MACHINE=alphaev6 ;;
|
||||
EV67) UNAME_MACHINE=alphaev67 ;;
|
||||
EV68*) UNAME_MACHINE=alphaev68 ;;
|
||||
esac
|
||||
esac
|
||||
objdump --private-headers /bin/sh | grep -q ld.so.1
|
||||
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
|
||||
if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
arc:Linux:*:* | arceb:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
arm*:Linux:*:*)
|
||||
eval $set_cc_for_build
|
||||
if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
|
||||
| grep -q __ARM_EABI__
|
||||
then
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
else
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnueabi
|
||||
if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
|
||||
| grep -q __ARM_PCS_VFP
|
||||
then
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
|
||||
else
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf
|
||||
fi
|
||||
fi
|
||||
exit ;;
|
||||
avr32*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
cris:Linux:*:*)
|
||||
echo cris-axis-linux-gnu
|
||||
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
|
||||
exit ;;
|
||||
crisv32:Linux:*:*)
|
||||
echo crisv32-axis-linux-gnu
|
||||
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
|
||||
exit ;;
|
||||
e2k:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
frv:Linux:*:*)
|
||||
echo frv-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
hexagon:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
i*86:Linux:*:*)
|
||||
LIBC=gnu
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
#ifdef __dietlibc__
|
||||
LIBC=dietlibc
|
||||
#endif
|
||||
EOF
|
||||
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
|
||||
echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
|
||||
echo ${UNAME_MACHINE}-pc-linux-${LIBC}
|
||||
exit ;;
|
||||
ia64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
m32r*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
m68*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
mips:Linux:*:* | mips64:Linux:*:*)
|
||||
eval $set_cc_for_build
|
||||
|
@ -930,51 +988,63 @@ EOF
|
|||
#endif
|
||||
EOF
|
||||
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
|
||||
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
|
||||
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
|
||||
;;
|
||||
or32:Linux:*:*)
|
||||
echo or32-unknown-linux-gnu
|
||||
openrisc*:Linux:*:*)
|
||||
echo or1k-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
or32:Linux:*:* | or1k*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
padre:Linux:*:*)
|
||||
echo sparc-unknown-linux-gnu
|
||||
echo sparc-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
parisc64:Linux:*:* | hppa64:Linux:*:*)
|
||||
echo hppa64-unknown-linux-gnu
|
||||
echo hppa64-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
parisc:Linux:*:* | hppa:Linux:*:*)
|
||||
# Look for CPU level
|
||||
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
|
||||
PA7*) echo hppa1.1-unknown-linux-gnu ;;
|
||||
PA8*) echo hppa2.0-unknown-linux-gnu ;;
|
||||
*) echo hppa-unknown-linux-gnu ;;
|
||||
PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
|
||||
PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
|
||||
*) echo hppa-unknown-linux-${LIBC} ;;
|
||||
esac
|
||||
exit ;;
|
||||
ppc64:Linux:*:*)
|
||||
echo powerpc64-unknown-linux-gnu
|
||||
echo powerpc64-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
ppc:Linux:*:*)
|
||||
echo powerpc-unknown-linux-gnu
|
||||
echo powerpc-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
ppc64le:Linux:*:*)
|
||||
echo powerpc64le-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
ppcle:Linux:*:*)
|
||||
echo powerpcle-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
s390:Linux:*:* | s390x:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-ibm-linux
|
||||
echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
|
||||
exit ;;
|
||||
sh64*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
sh*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
sparc:Linux:*:* | sparc64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
tile*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
vax:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-dec-linux-gnu
|
||||
echo ${UNAME_MACHINE}-dec-linux-${LIBC}
|
||||
exit ;;
|
||||
x86_64:Linux:*:*)
|
||||
echo x86_64-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-pc-linux-${LIBC}
|
||||
exit ;;
|
||||
xtensa*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
i*86:DYNIX/ptx:4*:*)
|
||||
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
|
||||
|
@ -983,11 +1053,11 @@ EOF
|
|||
echo i386-sequent-sysv4
|
||||
exit ;;
|
||||
i*86:UNIX_SV:4.2MP:2.*)
|
||||
# Unixware is an offshoot of SVR4, but it has its own version
|
||||
# number series starting with 2...
|
||||
# I am not positive that other SVR4 systems won't match this,
|
||||
# Unixware is an offshoot of SVR4, but it has its own version
|
||||
# number series starting with 2...
|
||||
# I am not positive that other SVR4 systems won't match this,
|
||||
# I just have to hope. -- rms.
|
||||
# Use sysv4.2uw... so that sysv4* matches it.
|
||||
# Use sysv4.2uw... so that sysv4* matches it.
|
||||
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
|
||||
exit ;;
|
||||
i*86:OS/2:*:*)
|
||||
|
@ -1019,7 +1089,7 @@ EOF
|
|||
fi
|
||||
exit ;;
|
||||
i*86:*:5:[678]*)
|
||||
# UnixWare 7.x, OpenUNIX and OpenServer 6.
|
||||
# UnixWare 7.x, OpenUNIX and OpenServer 6.
|
||||
case `/bin/uname -X | grep "^Machine"` in
|
||||
*486*) UNAME_MACHINE=i486 ;;
|
||||
*Pentium) UNAME_MACHINE=i586 ;;
|
||||
|
@ -1047,13 +1117,13 @@ EOF
|
|||
exit ;;
|
||||
pc:*:*:*)
|
||||
# Left here for compatibility:
|
||||
# uname -m prints for DJGPP always 'pc', but it prints nothing about
|
||||
# the processor, so we play safe by assuming i586.
|
||||
# uname -m prints for DJGPP always 'pc', but it prints nothing about
|
||||
# the processor, so we play safe by assuming i586.
|
||||
# Note: whatever this is, it MUST be the same as what config.sub
|
||||
# prints for the "djgpp" host, or else GDB configury will decide that
|
||||
# this is a cross-build.
|
||||
echo i586-pc-msdosdjgpp
|
||||
exit ;;
|
||||
exit ;;
|
||||
Intel:Mach:3*:*)
|
||||
echo i386-pc-mach3
|
||||
exit ;;
|
||||
|
@ -1088,8 +1158,8 @@ EOF
|
|||
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
|
||||
&& { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
|
||||
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
|
||||
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
|
||||
&& { echo i486-ncr-sysv4; exit; } ;;
|
||||
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
|
||||
&& { echo i486-ncr-sysv4; exit; } ;;
|
||||
NCR*:*:4.2:* | MPRAS*:*:4.2:*)
|
||||
OS_REL='.3'
|
||||
test -r /etc/.relid \
|
||||
|
@ -1132,10 +1202,10 @@ EOF
|
|||
echo ns32k-sni-sysv
|
||||
fi
|
||||
exit ;;
|
||||
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
|
||||
# says <Richard.M.Bartel@ccMail.Census.GOV>
|
||||
echo i586-unisys-sysv4
|
||||
exit ;;
|
||||
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
|
||||
# says <Richard.M.Bartel@ccMail.Census.GOV>
|
||||
echo i586-unisys-sysv4
|
||||
exit ;;
|
||||
*:UNIX_System_V:4*:FTX*)
|
||||
# From Gerald Hewes <hewes@openmarket.com>.
|
||||
# How about differentiating between stratus architectures? -djm
|
||||
|
@ -1161,11 +1231,11 @@ EOF
|
|||
exit ;;
|
||||
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
|
||||
if [ -d /usr/nec ]; then
|
||||
echo mips-nec-sysv${UNAME_RELEASE}
|
||||
echo mips-nec-sysv${UNAME_RELEASE}
|
||||
else
|
||||
echo mips-unknown-sysv${UNAME_RELEASE}
|
||||
echo mips-unknown-sysv${UNAME_RELEASE}
|
||||
fi
|
||||
exit ;;
|
||||
exit ;;
|
||||
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
|
||||
echo powerpc-be-beos
|
||||
exit ;;
|
||||
|
@ -1178,6 +1248,9 @@ EOF
|
|||
BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
|
||||
echo i586-pc-haiku
|
||||
exit ;;
|
||||
x86_64:Haiku:*:*)
|
||||
echo x86_64-unknown-haiku
|
||||
exit ;;
|
||||
SX-4:SUPER-UX:*:*)
|
||||
echo sx4-nec-superux${UNAME_RELEASE}
|
||||
exit ;;
|
||||
|
@ -1204,19 +1277,31 @@ EOF
|
|||
exit ;;
|
||||
*:Darwin:*:*)
|
||||
UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
|
||||
case $UNAME_PROCESSOR in
|
||||
i386)
|
||||
eval $set_cc_for_build
|
||||
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
|
||||
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
|
||||
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
|
||||
grep IS_64BIT_ARCH >/dev/null
|
||||
then
|
||||
UNAME_PROCESSOR="x86_64"
|
||||
fi
|
||||
fi ;;
|
||||
unknown) UNAME_PROCESSOR=powerpc ;;
|
||||
esac
|
||||
eval $set_cc_for_build
|
||||
if test "$UNAME_PROCESSOR" = unknown ; then
|
||||
UNAME_PROCESSOR=powerpc
|
||||
fi
|
||||
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
|
||||
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
|
||||
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
|
||||
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
|
||||
grep IS_64BIT_ARCH >/dev/null
|
||||
then
|
||||
case $UNAME_PROCESSOR in
|
||||
i386) UNAME_PROCESSOR=x86_64 ;;
|
||||
powerpc) UNAME_PROCESSOR=powerpc64 ;;
|
||||
esac
|
||||
fi
|
||||
fi
|
||||
elif test "$UNAME_PROCESSOR" = i386 ; then
|
||||
# Avoid executing cc on OS X 10.9, as it ships with a stub
|
||||
# that puts up a graphical alert prompting to install
|
||||
# developer tools. Any system running Mac OS X 10.7 or
|
||||
# later (Darwin 11 and later) is required to have a 64-bit
|
||||
# processor. This is not true of the ARM version of Darwin
|
||||
# that Apple uses in portable devices.
|
||||
UNAME_PROCESSOR=x86_64
|
||||
fi
|
||||
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:procnto*:*:* | *:QNX:[0123456789]*:*)
|
||||
|
@ -1230,7 +1315,10 @@ EOF
|
|||
*:QNX:*:4*)
|
||||
echo i386-pc-qnx
|
||||
exit ;;
|
||||
NSE-?:NONSTOP_KERNEL:*:*)
|
||||
NEO-?:NONSTOP_KERNEL:*:*)
|
||||
echo neo-tandem-nsk${UNAME_RELEASE}
|
||||
exit ;;
|
||||
NSE-*:NONSTOP_KERNEL:*:*)
|
||||
echo nse-tandem-nsk${UNAME_RELEASE}
|
||||
exit ;;
|
||||
NSR-?:NONSTOP_KERNEL:*:*)
|
||||
|
@ -1275,13 +1363,13 @@ EOF
|
|||
echo pdp10-unknown-its
|
||||
exit ;;
|
||||
SEI:*:*:SEIUX)
|
||||
echo mips-sei-seiux${UNAME_RELEASE}
|
||||
echo mips-sei-seiux${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:DragonFly:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
|
||||
exit ;;
|
||||
*:*VMS:*:*)
|
||||
UNAME_MACHINE=`(uname -p) 2>/dev/null`
|
||||
UNAME_MACHINE=`(uname -p) 2>/dev/null`
|
||||
case "${UNAME_MACHINE}" in
|
||||
A*) echo alpha-dec-vms ; exit ;;
|
||||
I*) echo ia64-dec-vms ; exit ;;
|
||||
|
@ -1299,159 +1387,11 @@ EOF
|
|||
i*86:AROS:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-aros
|
||||
exit ;;
|
||||
x86_64:VMkernel:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-esx
|
||||
exit ;;
|
||||
esac
|
||||
|
||||
#echo '(No uname command or uname output not recognized.)' 1>&2
|
||||
#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
|
||||
|
||||
eval $set_cc_for_build
|
||||
cat >$dummy.c <<EOF
|
||||
#ifdef _SEQUENT_
|
||||
# include <sys/types.h>
|
||||
# include <sys/utsname.h>
|
||||
#endif
|
||||
main ()
|
||||
{
|
||||
#if defined (sony)
|
||||
#if defined (MIPSEB)
|
||||
/* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
|
||||
I don't know.... */
|
||||
printf ("mips-sony-bsd\n"); exit (0);
|
||||
#else
|
||||
#include <sys/param.h>
|
||||
printf ("m68k-sony-newsos%s\n",
|
||||
#ifdef NEWSOS4
|
||||
"4"
|
||||
#else
|
||||
""
|
||||
#endif
|
||||
); exit (0);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined (__arm) && defined (__acorn) && defined (__unix)
|
||||
printf ("arm-acorn-riscix\n"); exit (0);
|
||||
#endif
|
||||
|
||||
#if defined (hp300) && !defined (hpux)
|
||||
printf ("m68k-hp-bsd\n"); exit (0);
|
||||
#endif
|
||||
|
||||
#if defined (NeXT)
|
||||
#if !defined (__ARCHITECTURE__)
|
||||
#define __ARCHITECTURE__ "m68k"
|
||||
#endif
|
||||
int version;
|
||||
version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
|
||||
if (version < 4)
|
||||
printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
|
||||
else
|
||||
printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
|
||||
exit (0);
|
||||
#endif
|
||||
|
||||
#if defined (MULTIMAX) || defined (n16)
|
||||
#if defined (UMAXV)
|
||||
printf ("ns32k-encore-sysv\n"); exit (0);
|
||||
#else
|
||||
#if defined (CMU)
|
||||
printf ("ns32k-encore-mach\n"); exit (0);
|
||||
#else
|
||||
printf ("ns32k-encore-bsd\n"); exit (0);
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined (__386BSD__)
|
||||
printf ("i386-pc-bsd\n"); exit (0);
|
||||
#endif
|
||||
|
||||
#if defined (sequent)
|
||||
#if defined (i386)
|
||||
printf ("i386-sequent-dynix\n"); exit (0);
|
||||
#endif
|
||||
#if defined (ns32000)
|
||||
printf ("ns32k-sequent-dynix\n"); exit (0);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined (_SEQUENT_)
|
||||
struct utsname un;
|
||||
|
||||
uname(&un);
|
||||
|
||||
if (strncmp(un.version, "V2", 2) == 0) {
|
||||
printf ("i386-sequent-ptx2\n"); exit (0);
|
||||
}
|
||||
if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
|
||||
printf ("i386-sequent-ptx1\n"); exit (0);
|
||||
}
|
||||
printf ("i386-sequent-ptx\n"); exit (0);
|
||||
|
||||
#endif
|
||||
|
||||
#if defined (vax)
|
||||
# if !defined (ultrix)
|
||||
# include <sys/param.h>
|
||||
# if defined (BSD)
|
||||
# if BSD == 43
|
||||
printf ("vax-dec-bsd4.3\n"); exit (0);
|
||||
# else
|
||||
# if BSD == 199006
|
||||
printf ("vax-dec-bsd4.3reno\n"); exit (0);
|
||||
# else
|
||||
printf ("vax-dec-bsd\n"); exit (0);
|
||||
# endif
|
||||
# endif
|
||||
# else
|
||||
printf ("vax-dec-bsd\n"); exit (0);
|
||||
# endif
|
||||
# else
|
||||
printf ("vax-dec-ultrix\n"); exit (0);
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#if defined (alliant) && defined (i860)
|
||||
printf ("i860-alliant-bsd\n"); exit (0);
|
||||
#endif
|
||||
|
||||
exit (1);
|
||||
}
|
||||
EOF
|
||||
|
||||
$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
|
||||
{ echo "$SYSTEM_NAME"; exit; }
|
||||
|
||||
# Apollos put the system type in the environment.
|
||||
|
||||
test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
|
||||
|
||||
# Convex versions that predate uname can use getsysinfo(1)
|
||||
|
||||
if [ -x /usr/convex/getsysinfo ]
|
||||
then
|
||||
case `getsysinfo -f cpu_type` in
|
||||
c1*)
|
||||
echo c1-convex-bsd
|
||||
exit ;;
|
||||
c2*)
|
||||
if getsysinfo -f scalar_acc
|
||||
then echo c32-convex-bsd
|
||||
else echo c2-convex-bsd
|
||||
fi
|
||||
exit ;;
|
||||
c34*)
|
||||
echo c34-convex-bsd
|
||||
exit ;;
|
||||
c38*)
|
||||
echo c38-convex-bsd
|
||||
exit ;;
|
||||
c4*)
|
||||
echo c4-convex-bsd
|
||||
exit ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
cat >&2 <<EOF
|
||||
$0: unable to guess system type
|
||||
|
||||
|
|
|
@ -0,0 +1,310 @@
|
|||
/* config.h. Generated from config.h.in by configure. */
|
||||
/* config.h.in. Generated from configure.ac by autoheader. */
|
||||
|
||||
/* Define if AIX */
|
||||
/* #undef AIX */
|
||||
|
||||
/* Define if broken SIOCGIFMTU */
|
||||
/* #undef BROKEN_SIOCGIFMTU */
|
||||
|
||||
/* Define if BSDi */
|
||||
/* #undef BSDI */
|
||||
|
||||
/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP
|
||||
systems. This function is required for `alloca.c' support on those systems.
|
||||
*/
|
||||
/* #undef CRAY_STACKSEG_END */
|
||||
|
||||
/* Define to 1 if using `alloca.c'. */
|
||||
/* #undef C_ALLOCA */
|
||||
|
||||
/* Define if FreeBSD */
|
||||
/* #undef FREEBSD */
|
||||
|
||||
/* Define to 1 if you have the `accept' function. */
|
||||
#define HAVE_ACCEPT 1
|
||||
|
||||
/* Define to 1 if you have the `alarm' function. */
|
||||
#define HAVE_ALARM 1
|
||||
|
||||
/* Define to 1 if you have `alloca', as a function or macro. */
|
||||
#define HAVE_ALLOCA 1
|
||||
|
||||
/* Define to 1 if you have <alloca.h> and it should be used (not on Ultrix).
|
||||
*/
|
||||
#define HAVE_ALLOCA_H 1
|
||||
|
||||
/* Define to 1 if you have the `bind' function. */
|
||||
#define HAVE_BIND 1
|
||||
|
||||
/* Define to 1 if the system has the type `boolean'. */
|
||||
/* #undef HAVE_BOOLEAN */
|
||||
|
||||
/* Define to 1 if you have the `connect' function. */
|
||||
#define HAVE_CONNECT 1
|
||||
|
||||
/* Define to 1 if you have the <dirent.h> header file. */
|
||||
#define HAVE_DIRENT_H 1
|
||||
|
||||
/* Define to 1 if you have the <dlfcn.h> header file. */
|
||||
#define HAVE_DLFCN_H 1
|
||||
|
||||
/* Define to 1 if the system has the type `int16_t'. */
|
||||
#define HAVE_INT16_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `int32_t'. */
|
||||
#define HAVE_INT32_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `int64_t'. */
|
||||
#define HAVE_INT64_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `int8_t'. */
|
||||
#define HAVE_INT8_T 1
|
||||
|
||||
/* Define to 1 if you have the <inttypes.h> header file. */
|
||||
#define HAVE_INTTYPES_H 1
|
||||
|
||||
/* Define to 1 if you have the `dl' library (-ldl). */
|
||||
#define HAVE_LIBDL 1
|
||||
|
||||
/* Define to 1 if you have the `gvc' library (-lgvc). */
|
||||
/* #undef HAVE_LIBGVC */
|
||||
|
||||
/* Define to 1 if you have the `m' library (-lm). */
|
||||
#define HAVE_LIBM 1
|
||||
|
||||
/* Define to 1 if you have the `mysqlclient' library (-lmysqlclient). */
|
||||
#define HAVE_LIBMYSQLCLIENT 1
|
||||
|
||||
/* Define to 1 if you have the `pq' library (-lpq). */
|
||||
/* #undef HAVE_LIBPQ */
|
||||
|
||||
/* Define to 1 if you have the `pthread' library (-lpthread). */
|
||||
#define HAVE_LIBPTHREAD 1
|
||||
|
||||
/* Define to 1 if you have the `python2.6' library (-lpython2.6). */
|
||||
/* #undef HAVE_LIBPYTHON2_6 */
|
||||
|
||||
/* Define to 1 if you have the `xml2' library (-lxml2). */
|
||||
#define HAVE_LIBXML2 1
|
||||
|
||||
/* Define to 1 if you have the <limits.h> header file. */
|
||||
#define HAVE_LIMITS_H 1
|
||||
|
||||
/* Define to 1 if you have the `listen' function. */
|
||||
#define HAVE_LISTEN 1
|
||||
|
||||
/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
|
||||
to 0 otherwise. */
|
||||
#define HAVE_MALLOC 1
|
||||
|
||||
/* Define to 1 if you have the <math.h> header file. */
|
||||
#define HAVE_MATH_H 1
|
||||
|
||||
/* Define to 1 if you have the `memmove' function. */
|
||||
#define HAVE_MEMMOVE 1
|
||||
|
||||
/* Define to 1 if you have the <memory.h> header file. */
|
||||
#define HAVE_MEMORY_H 1
|
||||
|
||||
/* Define to 1 if you have the `memset' function. */
|
||||
#define HAVE_MEMSET 1
|
||||
|
||||
/* Define to 1 if the system has the type `ptrdiff_t'. */
|
||||
#define HAVE_PTRDIFF_T 1
|
||||
|
||||
/* Define to 1 if your system has a GNU libc compatible `realloc' function,
|
||||
and to 0 otherwise. */
|
||||
#define HAVE_REALLOC 1
|
||||
|
||||
/* Define to 1 if you have the `regcomp' function. */
|
||||
#define HAVE_REGCOMP 1
|
||||
|
||||
/* Define to 1 if you have the `socket' function. */
|
||||
#define HAVE_SOCKET 1
|
||||
|
||||
/* Define to 1 if stdbool.h conforms to C99. */
|
||||
#define HAVE_STDBOOL_H 1
|
||||
|
||||
/* Define to 1 if you have the <stddef.h> header file. */
|
||||
#define HAVE_STDDEF_H 1
|
||||
|
||||
/* Define to 1 if you have the <stdint.h> header file. */
|
||||
#define HAVE_STDINT_H 1
|
||||
|
||||
/* Define to 1 if you have the <stdlib.h> header file. */
|
||||
#define HAVE_STDLIB_H 1
|
||||
|
||||
/* Define to 1 if you have the `strcasecmp' function. */
|
||||
#define HAVE_STRCASECMP 1
|
||||
|
||||
/* Define to 1 if you have the `strdup' function. */
|
||||
#define HAVE_STRDUP 1
|
||||
|
||||
/* Define to 1 if you have the <strings.h> header file. */
|
||||
#define HAVE_STRINGS_H 1
|
||||
|
||||
/* Define to 1 if you have the <string.h> header file. */
|
||||
#define HAVE_STRING_H 1
|
||||
|
||||
/* Define to 1 if you have the `strstr' function. */
|
||||
#define HAVE_STRSTR 1
|
||||
|
||||
/* Define to 1 if you have the `strtol' function. */
|
||||
#define HAVE_STRTOL 1
|
||||
|
||||
/* Define to 1 if you have the `strtoul' function. */
|
||||
#define HAVE_STRTOUL 1
|
||||
|
||||
/* Define to 1 if you have the <sys/stat.h> header file. */
|
||||
#define HAVE_SYS_STAT_H 1
|
||||
|
||||
/* Define to 1 if you have the <sys/time.h> header file. */
|
||||
#define HAVE_SYS_TIME_H 1
|
||||
|
||||
/* Define to 1 if you have the <sys/types.h> header file. */
|
||||
#define HAVE_SYS_TYPES_H 1
|
||||
|
||||
/* Define to 1 if the system has the type `uint16_t'. */
|
||||
#define HAVE_UINT16_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `uint32_t'. */
|
||||
#define HAVE_UINT32_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `uint64_t'. */
|
||||
#define HAVE_UINT64_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `uint8_t'. */
|
||||
#define HAVE_UINT8_T 1
|
||||
|
||||
/* Define to 1 if you have the <unistd.h> header file. */
|
||||
#define HAVE_UNISTD_H 1
|
||||
|
||||
/* Define to 1 if the system has the type `u_int16_t'. */
|
||||
#define HAVE_U_INT16_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `u_int32_t'. */
|
||||
#define HAVE_U_INT32_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `u_int64_t'. */
|
||||
#define HAVE_U_INT64_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `u_int8_t'. */
|
||||
#define HAVE_U_INT8_T 1
|
||||
|
||||
/* Check if the compiler supports visibility */
|
||||
#define HAVE_VISIBILITY 1
|
||||
|
||||
/* Define to 1 if you have the <wchar.h> header file. */
|
||||
#define HAVE_WCHAR_H 1
|
||||
|
||||
/* Define to 1 if the system has the type `_Bool'. */
|
||||
#define HAVE__BOOL 1
|
||||
|
||||
/* Define if HP-UX 10 or 11 */
|
||||
/* #undef HPUX */
|
||||
|
||||
/* Define if Irix 6 */
|
||||
/* #undef IRIX */
|
||||
|
||||
/* Define if Linux */
|
||||
#define LINUX 1
|
||||
|
||||
/* Define to the sub-directory where libtool stores uninstalled libraries. */
|
||||
#define LT_OBJDIR ".libs/"
|
||||
|
||||
/* Define if MacOS */
|
||||
/* #undef MACOS */
|
||||
|
||||
/* Define if OpenBSD < 2.3 */
|
||||
/* #undef OPENBSD */
|
||||
|
||||
/* Define if Tru64 */
|
||||
/* #undef OSF1 */
|
||||
|
||||
/* Package name */
|
||||
#define PACKAGE "sf_ai_preprocessor"
|
||||
|
||||
/* Bug report address */
|
||||
#define PACKAGE_BUGREPORT "blacklight@autistici.org"
|
||||
|
||||
/* Package full name */
|
||||
#define PACKAGE_NAME "sf_ai_preprocessor"
|
||||
|
||||
/* Package string */
|
||||
#define PACKAGE_STRING "Snort AI preprocessor"
|
||||
|
||||
/* Package tarname */
|
||||
#define PACKAGE_TARNAME "snort_ai_preproc"
|
||||
|
||||
/* Define to the home page for this package. */
|
||||
#define PACKAGE_URL ""
|
||||
|
||||
/* Package version */
|
||||
#define PACKAGE_VERSION "0.1.0"
|
||||
|
||||
/* Define if pcap timeout is ignored */
|
||||
#define PCAP_TIMEOUT_IGNORED 1
|
||||
|
||||
/* Installation prefix */
|
||||
#define PREFIX "/usr"
|
||||
|
||||
/* Define if Solaris */
|
||||
/* #undef SOLARIS */
|
||||
|
||||
/* If using the C implementation of alloca, define if you know the
|
||||
direction of stack growth for your system; otherwise it will be
|
||||
automatically deduced at runtime.
|
||||
STACK_DIRECTION > 0 => grows toward higher addresses
|
||||
STACK_DIRECTION < 0 => grows toward lower addresses
|
||||
STACK_DIRECTION = 0 => direction of growth unknown */
|
||||
/* #undef STACK_DIRECTION */
|
||||
|
||||
/* Define to 1 if you have the ANSI C header files. */
|
||||
#define STDC_HEADERS 1
|
||||
|
||||
/* Define if SunOS */
|
||||
/* #undef SUNOS */
|
||||
|
||||
/* Use SUP_IP6 */
|
||||
#define SUP_IP6 /**/
|
||||
|
||||
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
|
||||
#define TIME_WITH_SYS_TIME 1
|
||||
|
||||
/* Module version */
|
||||
#define VERSION "0.1.0"
|
||||
|
||||
/* Define if words are big endian */
|
||||
/* #undef WORDS_BIGENDIAN */
|
||||
|
||||
/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
|
||||
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
|
||||
#define below would cause a syntax error. */
|
||||
/* #undef _UINT32_T */
|
||||
|
||||
/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
|
||||
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
|
||||
#define below would cause a syntax error. */
|
||||
/* #undef _UINT8_T */
|
||||
|
||||
/* Define to rpl_malloc if the replacement function should be used. */
|
||||
/* #undef malloc */
|
||||
|
||||
/* Define to rpl_realloc if the replacement function should be used. */
|
||||
/* #undef realloc */
|
||||
|
||||
/* Define to `unsigned int' if <sys/types.h> does not define. */
|
||||
/* #undef size_t */
|
||||
|
||||
/* Define to the type of an unsigned integer type of width exactly 16 bits if
|
||||
such a type exists and the standard includes do not define it. */
|
||||
/* #undef uint16_t */
|
||||
|
||||
/* Define to the type of an unsigned integer type of width exactly 32 bits if
|
||||
such a type exists and the standard includes do not define it. */
|
||||
/* #undef uint32_t */
|
||||
|
||||
/* Define to the type of an unsigned integer type of width exactly 8 bits if
|
||||
such a type exists and the standard includes do not define it. */
|
||||
/* #undef uint8_t */
|
|
@ -209,8 +209,7 @@
|
|||
/* Define if Linux */
|
||||
#undef LINUX
|
||||
|
||||
/* Define to the sub-directory in which libtool stores uninstalled libraries.
|
||||
*/
|
||||
/* Define to the sub-directory where libtool stores uninstalled libraries. */
|
||||
#undef LT_OBJDIR
|
||||
|
||||
/* Define if MacOS */
|
||||
|
|
|
@ -0,0 +1,309 @@
|
|||
/* config.h.in. Generated from configure.ac by autoheader. */
|
||||
|
||||
/* Define if AIX */
|
||||
#undef AIX
|
||||
|
||||
/* Define if broken SIOCGIFMTU */
|
||||
#undef BROKEN_SIOCGIFMTU
|
||||
|
||||
/* Define if BSDi */
|
||||
#undef BSDI
|
||||
|
||||
/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP
|
||||
systems. This function is required for `alloca.c' support on those systems.
|
||||
*/
|
||||
#undef CRAY_STACKSEG_END
|
||||
|
||||
/* Define to 1 if using `alloca.c'. */
|
||||
#undef C_ALLOCA
|
||||
|
||||
/* Define if FreeBSD */
|
||||
#undef FREEBSD
|
||||
|
||||
/* Define to 1 if you have the `accept' function. */
|
||||
#undef HAVE_ACCEPT
|
||||
|
||||
/* Define to 1 if you have the `alarm' function. */
|
||||
#undef HAVE_ALARM
|
||||
|
||||
/* Define to 1 if you have `alloca', as a function or macro. */
|
||||
#undef HAVE_ALLOCA
|
||||
|
||||
/* Define to 1 if you have <alloca.h> and it should be used (not on Ultrix).
|
||||
*/
|
||||
#undef HAVE_ALLOCA_H
|
||||
|
||||
/* Define to 1 if you have the `bind' function. */
|
||||
#undef HAVE_BIND
|
||||
|
||||
/* Define to 1 if the system has the type `boolean'. */
|
||||
#undef HAVE_BOOLEAN
|
||||
|
||||
/* Define to 1 if you have the `connect' function. */
|
||||
#undef HAVE_CONNECT
|
||||
|
||||
/* Define to 1 if you have the <dirent.h> header file. */
|
||||
#undef HAVE_DIRENT_H
|
||||
|
||||
/* Define to 1 if you have the <dlfcn.h> header file. */
|
||||
#undef HAVE_DLFCN_H
|
||||
|
||||
/* Define to 1 if the system has the type `int16_t'. */
|
||||
#undef HAVE_INT16_T
|
||||
|
||||
/* Define to 1 if the system has the type `int32_t'. */
|
||||
#undef HAVE_INT32_T
|
||||
|
||||
/* Define to 1 if the system has the type `int64_t'. */
|
||||
#undef HAVE_INT64_T
|
||||
|
||||
/* Define to 1 if the system has the type `int8_t'. */
|
||||
#undef HAVE_INT8_T
|
||||
|
||||
/* Define to 1 if you have the <inttypes.h> header file. */
|
||||
#undef HAVE_INTTYPES_H
|
||||
|
||||
/* Define to 1 if you have the `dl' library (-ldl). */
|
||||
#undef HAVE_LIBDL
|
||||
|
||||
/* Define to 1 if you have the `gvc' library (-lgvc). */
|
||||
#undef HAVE_LIBGVC
|
||||
|
||||
/* Define to 1 if you have the `m' library (-lm). */
|
||||
#undef HAVE_LIBM
|
||||
|
||||
/* Define to 1 if you have the `mysqlclient' library (-lmysqlclient). */
|
||||
#undef HAVE_LIBMYSQLCLIENT
|
||||
|
||||
/* Define to 1 if you have the `pq' library (-lpq). */
|
||||
#undef HAVE_LIBPQ
|
||||
|
||||
/* Define to 1 if you have the `pthread' library (-lpthread). */
|
||||
#undef HAVE_LIBPTHREAD
|
||||
|
||||
/* Define to 1 if you have the `python2.6' library (-lpython2.6). */
|
||||
#undef HAVE_LIBPYTHON2_6
|
||||
|
||||
/* Define to 1 if you have the `xml2' library (-lxml2). */
|
||||
#undef HAVE_LIBXML2
|
||||
|
||||
/* Define to 1 if you have the <limits.h> header file. */
|
||||
#undef HAVE_LIMITS_H
|
||||
|
||||
/* Define to 1 if you have the `listen' function. */
|
||||
#undef HAVE_LISTEN
|
||||
|
||||
/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
|
||||
to 0 otherwise. */
|
||||
#undef HAVE_MALLOC
|
||||
|
||||
/* Define to 1 if you have the <math.h> header file. */
|
||||
#undef HAVE_MATH_H
|
||||
|
||||
/* Define to 1 if you have the `memmove' function. */
|
||||
#undef HAVE_MEMMOVE
|
||||
|
||||
/* Define to 1 if you have the <memory.h> header file. */
|
||||
#undef HAVE_MEMORY_H
|
||||
|
||||
/* Define to 1 if you have the `memset' function. */
|
||||
#undef HAVE_MEMSET
|
||||
|
||||
/* Define to 1 if the system has the type `ptrdiff_t'. */
|
||||
#undef HAVE_PTRDIFF_T
|
||||
|
||||
/* Define to 1 if your system has a GNU libc compatible `realloc' function,
|
||||
and to 0 otherwise. */
|
||||
#undef HAVE_REALLOC
|
||||
|
||||
/* Define to 1 if you have the `regcomp' function. */
|
||||
#undef HAVE_REGCOMP
|
||||
|
||||
/* Define to 1 if you have the `socket' function. */
|
||||
#undef HAVE_SOCKET
|
||||
|
||||
/* Define to 1 if stdbool.h conforms to C99. */
|
||||
#undef HAVE_STDBOOL_H
|
||||
|
||||
/* Define to 1 if you have the <stddef.h> header file. */
|
||||
#undef HAVE_STDDEF_H
|
||||
|
||||
/* Define to 1 if you have the <stdint.h> header file. */
|
||||
#undef HAVE_STDINT_H
|
||||
|
||||
/* Define to 1 if you have the <stdlib.h> header file. */
|
||||
#undef HAVE_STDLIB_H
|
||||
|
||||
/* Define to 1 if you have the `strcasecmp' function. */
|
||||
#undef HAVE_STRCASECMP
|
||||
|
||||
/* Define to 1 if you have the `strdup' function. */
|
||||
#undef HAVE_STRDUP
|
||||
|
||||
/* Define to 1 if you have the <strings.h> header file. */
|
||||
#undef HAVE_STRINGS_H
|
||||
|
||||
/* Define to 1 if you have the <string.h> header file. */
|
||||
#undef HAVE_STRING_H
|
||||
|
||||
/* Define to 1 if you have the `strstr' function. */
|
||||
#undef HAVE_STRSTR
|
||||
|
||||
/* Define to 1 if you have the `strtol' function. */
|
||||
#undef HAVE_STRTOL
|
||||
|
||||
/* Define to 1 if you have the `strtoul' function. */
|
||||
#undef HAVE_STRTOUL
|
||||
|
||||
/* Define to 1 if you have the <sys/stat.h> header file. */
|
||||
#undef HAVE_SYS_STAT_H
|
||||
|
||||
/* Define to 1 if you have the <sys/time.h> header file. */
|
||||
#undef HAVE_SYS_TIME_H
|
||||
|
||||
/* Define to 1 if you have the <sys/types.h> header file. */
|
||||
#undef HAVE_SYS_TYPES_H
|
||||
|
||||
/* Define to 1 if the system has the type `uint16_t'. */
|
||||
#undef HAVE_UINT16_T
|
||||
|
||||
/* Define to 1 if the system has the type `uint32_t'. */
|
||||
#undef HAVE_UINT32_T
|
||||
|
||||
/* Define to 1 if the system has the type `uint64_t'. */
|
||||
#undef HAVE_UINT64_T
|
||||
|
||||
/* Define to 1 if the system has the type `uint8_t'. */
|
||||
#undef HAVE_UINT8_T
|
||||
|
||||
/* Define to 1 if you have the <unistd.h> header file. */
|
||||
#undef HAVE_UNISTD_H
|
||||
|
||||
/* Define to 1 if the system has the type `u_int16_t'. */
|
||||
#undef HAVE_U_INT16_T
|
||||
|
||||
/* Define to 1 if the system has the type `u_int32_t'. */
|
||||
#undef HAVE_U_INT32_T
|
||||
|
||||
/* Define to 1 if the system has the type `u_int64_t'. */
|
||||
#undef HAVE_U_INT64_T
|
||||
|
||||
/* Define to 1 if the system has the type `u_int8_t'. */
|
||||
#undef HAVE_U_INT8_T
|
||||
|
||||
/* Check if the compiler supports visibility */
|
||||
#undef HAVE_VISIBILITY
|
||||
|
||||
/* Define to 1 if you have the <wchar.h> header file. */
|
||||
#undef HAVE_WCHAR_H
|
||||
|
||||
/* Define to 1 if the system has the type `_Bool'. */
|
||||
#undef HAVE__BOOL
|
||||
|
||||
/* Define if HP-UX 10 or 11 */
|
||||
#undef HPUX
|
||||
|
||||
/* Define if Irix 6 */
|
||||
#undef IRIX
|
||||
|
||||
/* Define if Linux */
|
||||
#undef LINUX
|
||||
|
||||
/* Define to the sub-directory where libtool stores uninstalled libraries. */
|
||||
#undef LT_OBJDIR
|
||||
|
||||
/* Define if MacOS */
|
||||
#undef MACOS
|
||||
|
||||
/* Define if OpenBSD < 2.3 */
|
||||
#undef OPENBSD
|
||||
|
||||
/* Define if Tru64 */
|
||||
#undef OSF1
|
||||
|
||||
/* Package name */
|
||||
#undef PACKAGE
|
||||
|
||||
/* Bug report address */
|
||||
#undef PACKAGE_BUGREPORT
|
||||
|
||||
/* Package full name */
|
||||
#undef PACKAGE_NAME
|
||||
|
||||
/* Package string */
|
||||
#undef PACKAGE_STRING
|
||||
|
||||
/* Package tarname */
|
||||
#undef PACKAGE_TARNAME
|
||||
|
||||
/* Define to the home page for this package. */
|
||||
#undef PACKAGE_URL
|
||||
|
||||
/* Package version */
|
||||
#undef PACKAGE_VERSION
|
||||
|
||||
/* Define if pcap timeout is ignored */
|
||||
#undef PCAP_TIMEOUT_IGNORED
|
||||
|
||||
/* Installation prefix */
|
||||
#undef PREFIX
|
||||
|
||||
/* Define if Solaris */
|
||||
#undef SOLARIS
|
||||
|
||||
/* If using the C implementation of alloca, define if you know the
|
||||
direction of stack growth for your system; otherwise it will be
|
||||
automatically deduced at runtime.
|
||||
STACK_DIRECTION > 0 => grows toward higher addresses
|
||||
STACK_DIRECTION < 0 => grows toward lower addresses
|
||||
STACK_DIRECTION = 0 => direction of growth unknown */
|
||||
#undef STACK_DIRECTION
|
||||
|
||||
/* Define to 1 if you have the ANSI C header files. */
|
||||
#undef STDC_HEADERS
|
||||
|
||||
/* Define if SunOS */
|
||||
#undef SUNOS
|
||||
|
||||
/* Use SUP_IP6 */
|
||||
#undef SUP_IP6
|
||||
|
||||
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
|
||||
#undef TIME_WITH_SYS_TIME
|
||||
|
||||
/* Module version */
|
||||
#undef VERSION
|
||||
|
||||
/* Define if words are big endian */
|
||||
#undef WORDS_BIGENDIAN
|
||||
|
||||
/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
|
||||
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
|
||||
#define below would cause a syntax error. */
|
||||
#undef _UINT32_T
|
||||
|
||||
/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
|
||||
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
|
||||
#define below would cause a syntax error. */
|
||||
#undef _UINT8_T
|
||||
|
||||
/* Define to rpl_malloc if the replacement function should be used. */
|
||||
#undef malloc
|
||||
|
||||
/* Define to rpl_realloc if the replacement function should be used. */
|
||||
#undef realloc
|
||||
|
||||
/* Define to `unsigned int' if <sys/types.h> does not define. */
|
||||
#undef size_t
|
||||
|
||||
/* Define to the type of an unsigned integer type of width exactly 16 bits if
|
||||
such a type exists and the standard includes do not define it. */
|
||||
#undef uint16_t
|
||||
|
||||
/* Define to the type of an unsigned integer type of width exactly 32 bits if
|
||||
such a type exists and the standard includes do not define it. */
|
||||
#undef uint32_t
|
||||
|
||||
/* Define to the type of an unsigned integer type of width exactly 8 bits if
|
||||
such a type exists and the standard includes do not define it. */
|
||||
#undef uint8_t
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -1,38 +1,31 @@
|
|||
#! /bin/sh
|
||||
# Configuration validation subroutine script.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
|
||||
# Free Software Foundation, Inc.
|
||||
# Copyright 1992-2015 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2009-11-20'
|
||||
timestamp='2015-08-20'
|
||||
|
||||
# This file is (in principle) common to ALL GNU software.
|
||||
# The presence of a machine in this file suggests that SOME GNU software
|
||||
# can handle that machine. It does not imply ALL GNU software can.
|
||||
#
|
||||
# This file is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
|
||||
# 02110-1301, USA.
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
# configuration script generated by Autoconf, you may include it under
|
||||
# the same distribution terms that you use for the rest of that program.
|
||||
# the same distribution terms that you use for the rest of that
|
||||
# program. This Exception is an additional permission under section 7
|
||||
# of the GNU General Public License, version 3 ("GPLv3").
|
||||
|
||||
|
||||
# Please send patches to <config-patches@gnu.org>. Submit a context
|
||||
# diff and a properly formatted GNU ChangeLog entry.
|
||||
# Please send patches to <config-patches@gnu.org>.
|
||||
#
|
||||
# Configuration subroutine to validate and canonicalize a configuration type.
|
||||
# Supply the specified configuration type as an argument.
|
||||
|
@ -75,8 +68,7 @@ Report bugs and patches to <config-patches@gnu.org>."
|
|||
version="\
|
||||
GNU config.sub ($timestamp)
|
||||
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
|
||||
2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||
Copyright 1992-2015 Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
|
@ -123,13 +115,18 @@ esac
|
|||
# Here we must recognize all the valid KERNEL-OS combinations.
|
||||
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
|
||||
case $maybe_os in
|
||||
nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
|
||||
uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
|
||||
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
|
||||
linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
|
||||
knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
|
||||
kopensolaris*-gnu* | \
|
||||
storm-chaos* | os2-emx* | rtmk-nova*)
|
||||
os=-$maybe_os
|
||||
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
|
||||
;;
|
||||
android-linux)
|
||||
os=-linux-android
|
||||
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
|
||||
;;
|
||||
*)
|
||||
basic_machine=`echo $1 | sed 's/-[^-]*$//'`
|
||||
if [ $basic_machine != $1 ]
|
||||
|
@ -152,12 +149,12 @@ case $os in
|
|||
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
|
||||
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
|
||||
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
|
||||
-apple | -axis | -knuth | -cray | -microblaze)
|
||||
-apple | -axis | -knuth | -cray | -microblaze*)
|
||||
os=
|
||||
basic_machine=$1
|
||||
;;
|
||||
-bluegene*)
|
||||
os=-cnk
|
||||
-bluegene*)
|
||||
os=-cnk
|
||||
;;
|
||||
-sim | -cisco | -oki | -wec | -winbond)
|
||||
os=
|
||||
|
@ -173,10 +170,10 @@ case $os in
|
|||
os=-chorusos
|
||||
basic_machine=$1
|
||||
;;
|
||||
-chorusrdb)
|
||||
os=-chorusrdb
|
||||
-chorusrdb)
|
||||
os=-chorusrdb
|
||||
basic_machine=$1
|
||||
;;
|
||||
;;
|
||||
-hiux*)
|
||||
os=-hiuxwe2
|
||||
;;
|
||||
|
@ -221,6 +218,12 @@ case $os in
|
|||
-isc*)
|
||||
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
|
||||
;;
|
||||
-lynx*178)
|
||||
os=-lynxos178
|
||||
;;
|
||||
-lynx*5)
|
||||
os=-lynxos5
|
||||
;;
|
||||
-lynx*)
|
||||
os=-lynxos
|
||||
;;
|
||||
|
@ -245,20 +248,29 @@ case $basic_machine in
|
|||
# Some are omitted here because they have special meanings below.
|
||||
1750a | 580 \
|
||||
| a29k \
|
||||
| aarch64 | aarch64_be \
|
||||
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
|
||||
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
|
||||
| am33_2.0 \
|
||||
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
|
||||
| arc | arceb \
|
||||
| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
|
||||
| avr | avr32 \
|
||||
| ba \
|
||||
| be32 | be64 \
|
||||
| bfin \
|
||||
| c4x | clipper \
|
||||
| c4x | c8051 | clipper \
|
||||
| d10v | d30v | dlx | dsp16xx \
|
||||
| fido | fr30 | frv \
|
||||
| e2k | epiphany \
|
||||
| fido | fr30 | frv | ft32 \
|
||||
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
|
||||
| hexagon \
|
||||
| i370 | i860 | i960 | ia64 \
|
||||
| ip2k | iq2000 \
|
||||
| k1om \
|
||||
| le32 | le64 \
|
||||
| lm32 \
|
||||
| m32c | m32r | m32rle | m68000 | m68k | m88k \
|
||||
| maxq | mb | microblaze | mcore | mep | metag \
|
||||
| maxq | mb | microblaze | microblazeel | mcore | mep | metag \
|
||||
| mips | mipsbe | mipseb | mipsel | mipsle \
|
||||
| mips16 \
|
||||
| mips64 | mips64el \
|
||||
|
@ -272,38 +284,55 @@ case $basic_machine in
|
|||
| mips64vr5900 | mips64vr5900el \
|
||||
| mipsisa32 | mipsisa32el \
|
||||
| mipsisa32r2 | mipsisa32r2el \
|
||||
| mipsisa32r6 | mipsisa32r6el \
|
||||
| mipsisa64 | mipsisa64el \
|
||||
| mipsisa64r2 | mipsisa64r2el \
|
||||
| mipsisa64r6 | mipsisa64r6el \
|
||||
| mipsisa64sb1 | mipsisa64sb1el \
|
||||
| mipsisa64sr71k | mipsisa64sr71kel \
|
||||
| mipsr5900 | mipsr5900el \
|
||||
| mipstx39 | mipstx39el \
|
||||
| mn10200 | mn10300 \
|
||||
| moxie \
|
||||
| mt \
|
||||
| msp430 \
|
||||
| nios | nios2 \
|
||||
| nds32 | nds32le | nds32be \
|
||||
| nios | nios2 | nios2eb | nios2el \
|
||||
| ns16k | ns32k \
|
||||
| or32 \
|
||||
| open8 | or1k | or1knd | or32 \
|
||||
| pdp10 | pdp11 | pj | pjl \
|
||||
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
|
||||
| powerpc | powerpc64 | powerpc64le | powerpcle \
|
||||
| pyramid \
|
||||
| rx \
|
||||
| riscv32 | riscv64 \
|
||||
| rl78 | rx \
|
||||
| score \
|
||||
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
|
||||
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
|
||||
| sh64 | sh64le \
|
||||
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
|
||||
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
|
||||
| spu | strongarm \
|
||||
| tahoe | thumb | tic4x | tic80 | tron \
|
||||
| spu \
|
||||
| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
|
||||
| ubicom32 \
|
||||
| v850 | v850e \
|
||||
| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
|
||||
| visium \
|
||||
| we32k \
|
||||
| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
|
||||
| x86 | xc16x | xstormy16 | xtensa \
|
||||
| z8k | z80)
|
||||
basic_machine=$basic_machine-unknown
|
||||
;;
|
||||
m6811 | m68hc11 | m6812 | m68hc12 | picochip)
|
||||
# Motorola 68HC11/12.
|
||||
c54x)
|
||||
basic_machine=tic54x-unknown
|
||||
;;
|
||||
c55x)
|
||||
basic_machine=tic55x-unknown
|
||||
;;
|
||||
c6x)
|
||||
basic_machine=tic6x-unknown
|
||||
;;
|
||||
leon|leon[3-9])
|
||||
basic_machine=sparc-$basic_machine
|
||||
;;
|
||||
m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
|
||||
basic_machine=$basic_machine-unknown
|
||||
os=-none
|
||||
;;
|
||||
|
@ -313,6 +342,21 @@ case $basic_machine in
|
|||
basic_machine=mt-unknown
|
||||
;;
|
||||
|
||||
strongarm | thumb | xscale)
|
||||
basic_machine=arm-unknown
|
||||
;;
|
||||
xgate)
|
||||
basic_machine=$basic_machine-unknown
|
||||
os=-none
|
||||
;;
|
||||
xscaleeb)
|
||||
basic_machine=armeb-unknown
|
||||
;;
|
||||
|
||||
xscaleel)
|
||||
basic_machine=armel-unknown
|
||||
;;
|
||||
|
||||
# We use `pc' rather than `unknown'
|
||||
# because (1) that's what they normally are, and
|
||||
# (2) the word "unknown" tends to confuse beginning users.
|
||||
|
@ -327,25 +371,32 @@ case $basic_machine in
|
|||
# Recognize the basic CPU types with company name.
|
||||
580-* \
|
||||
| a29k-* \
|
||||
| aarch64-* | aarch64_be-* \
|
||||
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
|
||||
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
|
||||
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
|
||||
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
|
||||
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
|
||||
| avr-* | avr32-* \
|
||||
| ba-* \
|
||||
| be32-* | be64-* \
|
||||
| bfin-* | bs2000-* \
|
||||
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
|
||||
| clipper-* | craynv-* | cydra-* \
|
||||
| c[123]* | c30-* | [cjt]90-* | c4x-* \
|
||||
| c8051-* | clipper-* | craynv-* | cydra-* \
|
||||
| d10v-* | d30v-* | dlx-* \
|
||||
| elxsi-* \
|
||||
| e2k-* | elxsi-* \
|
||||
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
|
||||
| h8300-* | h8500-* \
|
||||
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
|
||||
| hexagon-* \
|
||||
| i*86-* | i860-* | i960-* | ia64-* \
|
||||
| ip2k-* | iq2000-* \
|
||||
| k1om-* \
|
||||
| le32-* | le64-* \
|
||||
| lm32-* \
|
||||
| m32c-* | m32r-* | m32rle-* \
|
||||
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
|
||||
| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
|
||||
| m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
|
||||
| microblaze-* | microblazeel-* \
|
||||
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
|
||||
| mips16-* \
|
||||
| mips64-* | mips64el-* \
|
||||
|
@ -359,33 +410,43 @@ case $basic_machine in
|
|||
| mips64vr5900-* | mips64vr5900el-* \
|
||||
| mipsisa32-* | mipsisa32el-* \
|
||||
| mipsisa32r2-* | mipsisa32r2el-* \
|
||||
| mipsisa32r6-* | mipsisa32r6el-* \
|
||||
| mipsisa64-* | mipsisa64el-* \
|
||||
| mipsisa64r2-* | mipsisa64r2el-* \
|
||||
| mipsisa64r6-* | mipsisa64r6el-* \
|
||||
| mipsisa64sb1-* | mipsisa64sb1el-* \
|
||||
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
|
||||
| mipsr5900-* | mipsr5900el-* \
|
||||
| mipstx39-* | mipstx39el-* \
|
||||
| mmix-* \
|
||||
| mt-* \
|
||||
| msp430-* \
|
||||
| nios-* | nios2-* \
|
||||
| nds32-* | nds32le-* | nds32be-* \
|
||||
| nios-* | nios2-* | nios2eb-* | nios2el-* \
|
||||
| none-* | np1-* | ns16k-* | ns32k-* \
|
||||
| open8-* \
|
||||
| or1k*-* \
|
||||
| orion-* \
|
||||
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
|
||||
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
|
||||
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
|
||||
| pyramid-* \
|
||||
| romp-* | rs6000-* | rx-* \
|
||||
| riscv32-* | riscv64-* \
|
||||
| rl78-* | romp-* | rs6000-* | rx-* \
|
||||
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
|
||||
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
|
||||
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
|
||||
| sparclite-* \
|
||||
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
|
||||
| tahoe-* | thumb-* \
|
||||
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
|
||||
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
|
||||
| tahoe-* \
|
||||
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
|
||||
| tile*-* \
|
||||
| tron-* \
|
||||
| ubicom32-* \
|
||||
| v850-* | v850e-* | vax-* \
|
||||
| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
|
||||
| vax-* \
|
||||
| visium-* \
|
||||
| we32k-* \
|
||||
| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
|
||||
| x86-* | x86_64-* | xc16x-* | xps100-* \
|
||||
| xstormy16-* | xtensa*-* \
|
||||
| ymp-* \
|
||||
| z8k-* | z80-*)
|
||||
|
@ -410,7 +471,7 @@ case $basic_machine in
|
|||
basic_machine=a29k-amd
|
||||
os=-udi
|
||||
;;
|
||||
abacus)
|
||||
abacus)
|
||||
basic_machine=abacus-unknown
|
||||
;;
|
||||
adobe68k)
|
||||
|
@ -460,6 +521,9 @@ case $basic_machine in
|
|||
basic_machine=i386-pc
|
||||
os=-aros
|
||||
;;
|
||||
asmjs)
|
||||
basic_machine=asmjs-unknown
|
||||
;;
|
||||
aux)
|
||||
basic_machine=m68k-apple
|
||||
os=-aux
|
||||
|
@ -480,11 +544,20 @@ case $basic_machine in
|
|||
basic_machine=powerpc-ibm
|
||||
os=-cnk
|
||||
;;
|
||||
c54x-*)
|
||||
basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
c55x-*)
|
||||
basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
c6x-*)
|
||||
basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
c90)
|
||||
basic_machine=c90-cray
|
||||
os=-unicos
|
||||
;;
|
||||
cegcc)
|
||||
cegcc)
|
||||
basic_machine=arm-unknown
|
||||
os=-cegcc
|
||||
;;
|
||||
|
@ -516,7 +589,7 @@ case $basic_machine in
|
|||
basic_machine=craynv-cray
|
||||
os=-unicosmp
|
||||
;;
|
||||
cr16)
|
||||
cr16 | cr16-*)
|
||||
basic_machine=cr16-unknown
|
||||
os=-elf
|
||||
;;
|
||||
|
@ -674,7 +747,6 @@ case $basic_machine in
|
|||
i370-ibm* | ibm*)
|
||||
basic_machine=i370-ibm
|
||||
;;
|
||||
# I'm not sure what "Sysv32" means. Should this be sysv3.2?
|
||||
i*86v32)
|
||||
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
|
||||
os=-sysv32
|
||||
|
@ -713,6 +785,9 @@ case $basic_machine in
|
|||
basic_machine=m68k-isi
|
||||
os=-sysv
|
||||
;;
|
||||
leon-*|leon[3-9]-*)
|
||||
basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'`
|
||||
;;
|
||||
m68knommu)
|
||||
basic_machine=m68k-unknown
|
||||
os=-linux
|
||||
|
@ -732,11 +807,15 @@ case $basic_machine in
|
|||
basic_machine=ns32k-utek
|
||||
os=-sysv
|
||||
;;
|
||||
microblaze)
|
||||
microblaze*)
|
||||
basic_machine=microblaze-xilinx
|
||||
;;
|
||||
mingw64)
|
||||
basic_machine=x86_64-pc
|
||||
os=-mingw64
|
||||
;;
|
||||
mingw32)
|
||||
basic_machine=i386-pc
|
||||
basic_machine=i686-pc
|
||||
os=-mingw32
|
||||
;;
|
||||
mingw32ce)
|
||||
|
@ -764,6 +843,10 @@ case $basic_machine in
|
|||
basic_machine=powerpc-unknown
|
||||
os=-morphos
|
||||
;;
|
||||
moxiebox)
|
||||
basic_machine=moxie-unknown
|
||||
os=-moxiebox
|
||||
;;
|
||||
msdos)
|
||||
basic_machine=i386-pc
|
||||
os=-msdos
|
||||
|
@ -771,10 +854,18 @@ case $basic_machine in
|
|||
ms1-*)
|
||||
basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
|
||||
;;
|
||||
msys)
|
||||
basic_machine=i686-pc
|
||||
os=-msys
|
||||
;;
|
||||
mvs)
|
||||
basic_machine=i370-ibm
|
||||
os=-mvs
|
||||
;;
|
||||
nacl)
|
||||
basic_machine=le32-unknown
|
||||
os=-nacl
|
||||
;;
|
||||
ncr3000)
|
||||
basic_machine=i486-ncr
|
||||
os=-sysv4
|
||||
|
@ -839,6 +930,12 @@ case $basic_machine in
|
|||
np1)
|
||||
basic_machine=np1-gould
|
||||
;;
|
||||
neo-tandem)
|
||||
basic_machine=neo-tandem
|
||||
;;
|
||||
nse-tandem)
|
||||
basic_machine=nse-tandem
|
||||
;;
|
||||
nsr-tandem)
|
||||
basic_machine=nsr-tandem
|
||||
;;
|
||||
|
@ -921,9 +1018,10 @@ case $basic_machine in
|
|||
;;
|
||||
power) basic_machine=power-ibm
|
||||
;;
|
||||
ppc) basic_machine=powerpc-unknown
|
||||
ppc | ppcbe) basic_machine=powerpc-unknown
|
||||
;;
|
||||
ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
ppc-* | ppcbe-*)
|
||||
basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
ppcle | powerpclittle | ppc-le | powerpc-little)
|
||||
basic_machine=powerpcle-unknown
|
||||
|
@ -948,7 +1046,11 @@ case $basic_machine in
|
|||
basic_machine=i586-unknown
|
||||
os=-pw32
|
||||
;;
|
||||
rdos)
|
||||
rdos | rdos64)
|
||||
basic_machine=x86_64-pc
|
||||
os=-rdos
|
||||
;;
|
||||
rdos32)
|
||||
basic_machine=i386-pc
|
||||
os=-rdos
|
||||
;;
|
||||
|
@ -1017,6 +1119,9 @@ case $basic_machine in
|
|||
basic_machine=i860-stratus
|
||||
os=-sysv4
|
||||
;;
|
||||
strongarm-* | thumb-*)
|
||||
basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
sun2)
|
||||
basic_machine=m68000-sun
|
||||
;;
|
||||
|
@ -1073,20 +1178,8 @@ case $basic_machine in
|
|||
basic_machine=t90-cray
|
||||
os=-unicos
|
||||
;;
|
||||
tic54x | c54x*)
|
||||
basic_machine=tic54x-unknown
|
||||
os=-coff
|
||||
;;
|
||||
tic55x | c55x*)
|
||||
basic_machine=tic55x-unknown
|
||||
os=-coff
|
||||
;;
|
||||
tic6x | c6x*)
|
||||
basic_machine=tic6x-unknown
|
||||
os=-coff
|
||||
;;
|
||||
tile*)
|
||||
basic_machine=tile-unknown
|
||||
basic_machine=$basic_machine-unknown
|
||||
os=-linux-gnu
|
||||
;;
|
||||
tx39)
|
||||
|
@ -1156,6 +1249,9 @@ case $basic_machine in
|
|||
xps | xps100)
|
||||
basic_machine=xps100-honeywell
|
||||
;;
|
||||
xscale-* | xscalee[bl]-*)
|
||||
basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
|
||||
;;
|
||||
ymp)
|
||||
basic_machine=ymp-cray
|
||||
os=-unicos
|
||||
|
@ -1253,11 +1349,11 @@ esac
|
|||
if [ x"$os" != x"" ]
|
||||
then
|
||||
case $os in
|
||||
# First match some system type aliases
|
||||
# that might get confused with valid system types.
|
||||
# First match some system type aliases
|
||||
# that might get confused with valid system types.
|
||||
# -solaris* is a basic system type, with this one exception.
|
||||
-auroraux)
|
||||
os=-auroraux
|
||||
-auroraux)
|
||||
os=-auroraux
|
||||
;;
|
||||
-solaris1 | -solaris1.*)
|
||||
os=`echo $os | sed -e 's|solaris1|sunos4|'`
|
||||
|
@ -1281,28 +1377,29 @@ case $os in
|
|||
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
|
||||
| -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
|
||||
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
|
||||
| -sym* | -kopensolaris* \
|
||||
| -sym* | -kopensolaris* | -plan9* \
|
||||
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
|
||||
| -aos* | -aros* \
|
||||
| -aos* | -aros* | -cloudabi* | -sortix* \
|
||||
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
|
||||
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
|
||||
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
|
||||
| -openbsd* | -solidbsd* \
|
||||
| -bitrig* | -openbsd* | -solidbsd* \
|
||||
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
|
||||
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
|
||||
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
|
||||
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
|
||||
| -chorusos* | -chorusrdb* | -cegcc* \
|
||||
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
|
||||
| -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
|
||||
| -uxpv* | -beos* | -mpeix* | -udk* \
|
||||
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
|
||||
| -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
|
||||
| -linux-newlib* | -linux-musl* | -linux-uclibc* \
|
||||
| -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
|
||||
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
|
||||
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
|
||||
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
|
||||
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
|
||||
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
|
||||
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
|
||||
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
|
||||
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
|
||||
# Remember, each alternative MUST END IN *, to match a version number.
|
||||
;;
|
||||
-qnx*)
|
||||
|
@ -1341,7 +1438,7 @@ case $os in
|
|||
-opened*)
|
||||
os=-openedition
|
||||
;;
|
||||
-os400*)
|
||||
-os400*)
|
||||
os=-os400
|
||||
;;
|
||||
-wince*)
|
||||
|
@ -1390,7 +1487,7 @@ case $os in
|
|||
-sinix*)
|
||||
os=-sysv4
|
||||
;;
|
||||
-tpf*)
|
||||
-tpf*)
|
||||
os=-tpf
|
||||
;;
|
||||
-triton*)
|
||||
|
@ -1426,15 +1523,14 @@ case $os in
|
|||
-aros*)
|
||||
os=-aros
|
||||
;;
|
||||
-kaos*)
|
||||
os=-kaos
|
||||
;;
|
||||
-zvmoe)
|
||||
os=-zvmoe
|
||||
;;
|
||||
-dicos*)
|
||||
os=-dicos
|
||||
;;
|
||||
-nacl*)
|
||||
;;
|
||||
-none)
|
||||
;;
|
||||
*)
|
||||
|
@ -1457,10 +1553,10 @@ else
|
|||
# system, and we'll never get to this point.
|
||||
|
||||
case $basic_machine in
|
||||
score-*)
|
||||
score-*)
|
||||
os=-elf
|
||||
;;
|
||||
spu-*)
|
||||
spu-*)
|
||||
os=-elf
|
||||
;;
|
||||
*-acorn)
|
||||
|
@ -1472,8 +1568,23 @@ case $basic_machine in
|
|||
arm*-semi)
|
||||
os=-aout
|
||||
;;
|
||||
c4x-* | tic4x-*)
|
||||
os=-coff
|
||||
c4x-* | tic4x-*)
|
||||
os=-coff
|
||||
;;
|
||||
c8051-*)
|
||||
os=-elf
|
||||
;;
|
||||
hexagon-*)
|
||||
os=-elf
|
||||
;;
|
||||
tic54x-*)
|
||||
os=-coff
|
||||
;;
|
||||
tic55x-*)
|
||||
os=-coff
|
||||
;;
|
||||
tic6x-*)
|
||||
os=-coff
|
||||
;;
|
||||
# This must come before the *-dec entry.
|
||||
pdp10-*)
|
||||
|
@ -1493,14 +1604,11 @@ case $basic_machine in
|
|||
;;
|
||||
m68000-sun)
|
||||
os=-sunos3
|
||||
# This also exists in the configure program, but was not the
|
||||
# default.
|
||||
# os=-sunos4
|
||||
;;
|
||||
m68*-cisco)
|
||||
os=-aout
|
||||
;;
|
||||
mep-*)
|
||||
mep-*)
|
||||
os=-elf
|
||||
;;
|
||||
mips*-cisco)
|
||||
|
@ -1527,7 +1635,7 @@ case $basic_machine in
|
|||
*-ibm)
|
||||
os=-aix
|
||||
;;
|
||||
*-knuth)
|
||||
*-knuth)
|
||||
os=-mmixware
|
||||
;;
|
||||
*-wec)
|
||||
|
|
|
@ -239,7 +239,7 @@ __AI_correlated_alerts_to_json ()
|
|||
for ( pkt_iterator = alert_iterator->stream; pkt_iterator; pkt_iterator = pkt_iterator->next )
|
||||
{
|
||||
encoded_pkt = NULL;
|
||||
pkt_len = pkt_iterator->pkt->pcap_header->len + pkt_iterator->pkt->payload_size;
|
||||
pkt_len = pkt_iterator->pkt->pcap_header->caplen + pkt_iterator->pkt->payload_size;
|
||||
|
||||
if ( !( encoded_pkt = (char*) calloc ( 4*pkt_len + 1, sizeof ( char ))))
|
||||
{
|
||||
|
@ -305,7 +305,7 @@ __AI_correlated_alerts_to_json ()
|
|||
{
|
||||
if ( !pkt_iterator->pkt->ip4_header )
|
||||
{
|
||||
pkt_len = pkt_iterator->pkt->pcap_header->len +
|
||||
pkt_len = pkt_iterator->pkt->pcap_header->caplen +
|
||||
pkt_iterator->pkt->tcp_options_length +
|
||||
pkt_iterator->pkt->payload_size;
|
||||
} else {
|
||||
|
@ -632,7 +632,7 @@ AI_alert_correlation_thread ( void *arg )
|
|||
std_deviation = sqrt ( std_deviation / (double) HASH_COUNT ( correlation_table ));
|
||||
corr_threshold = avg_correlation + ( config->correlationThresholdCoefficient * std_deviation );
|
||||
snprintf ( corr_dot_file, sizeof ( corr_dot_file ), "%s/correlated_alerts.dot", config->corr_alerts_dir );
|
||||
|
||||
|
||||
if ( stat ( config->corr_alerts_dir, &st ) < 0 )
|
||||
{
|
||||
if ( mkdir ( config->corr_alerts_dir, 0755 ) < 0 )
|
||||
|
@ -754,4 +754,3 @@ AI_alert_correlation_thread ( void *arg )
|
|||
} /* ----- end of function AI_alert_correlation_thread ----- */
|
||||
|
||||
/** @} */
|
||||
|
||||
|
|
|
@ -52,8 +52,8 @@
|
|||
const char* DB_do_error();
|
||||
const char* DB_do_out_error();
|
||||
|
||||
BOOL DB_is_gone();
|
||||
BOOL DB_is_out_gone();
|
||||
bool DB_is_gone();
|
||||
bool DB_is_out_gone();
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBPQ
|
||||
|
@ -100,4 +100,3 @@
|
|||
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
|
|
@ -3,7 +3,8 @@
|
|||
**
|
||||
** bitopt.c
|
||||
**
|
||||
** Copyright (C) 2002-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2002-2013 Sourcefire, Inc.
|
||||
** Dan Roelker <droelker@sourcefire.com>
|
||||
** Marc Norton <mnorton@sourcefire.com>
|
||||
**
|
||||
|
@ -20,7 +21,7 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
**
|
||||
** NOTES
|
||||
** 5.15.02 - Initial Source Code. Norton/Roelker
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
** Copyright (C) 2006-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2006-2013 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,19 +15,12 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
#ifndef CPU_CLOCK_TICKS_H
|
||||
#define CPU_CLOCK_TICKS_H
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include "debug.h"
|
||||
#include "sf_types.h" /* for uint64_t */
|
||||
|
||||
/* Assembly to find clock ticks. */
|
||||
#ifdef WIN32
|
||||
#include <windows.h>
|
||||
|
@ -92,7 +86,7 @@ __inline void __cputicks_msc(uint64_t *val)
|
|||
#else
|
||||
/* SPARC */
|
||||
#ifdef SPARCV9
|
||||
#ifdef _LP64
|
||||
#ifdef _LP64
|
||||
#define get_clockticks(val) \
|
||||
{ \
|
||||
__asm__ __volatile__("rd %%tick, %0" : "=r"(val)); \
|
||||
|
@ -116,7 +110,7 @@ __inline void __cputicks_msc(uint64_t *val)
|
|||
#endif /* I386 || AMD64 || X86_64 */
|
||||
#endif /* WIN32 */
|
||||
|
||||
static INLINE double get_ticks_per_usec (void)
|
||||
static inline double get_ticks_per_usec (void)
|
||||
{
|
||||
uint64_t start = 0, end = 0;
|
||||
get_clockticks(start);
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
** Copyright (C) 2002-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2002-2013 Sourcefire, Inc.
|
||||
** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
|
@ -16,28 +17,24 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
/* D E F I N E S ************************************************************/
|
||||
#ifndef __EVENT_H__
|
||||
#define __EVENT_H__
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#ifdef OSF1
|
||||
#include <sys/bitypes.h>
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#ifndef WIN32
|
||||
#include <sys/time.h>
|
||||
#endif
|
||||
|
||||
#include "pcap_pkthdr32.h"
|
||||
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
#define MAX_EVENT_APPNAME_LEN 64
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
typedef struct _Event
|
||||
{
|
||||
uint32_t sig_generator; /* which part of snort generated the alert? */
|
||||
|
@ -51,6 +48,9 @@ typedef struct _Event
|
|||
*/
|
||||
struct sf_timeval32 ref_time; /* reference time for the event reference */
|
||||
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
char app_name[MAX_EVENT_APPNAME_LEN];
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
/* Don't add to this structure because this is the serialized data
|
||||
* struct for unified logging.
|
||||
*/
|
||||
|
|
|
@ -0,0 +1,692 @@
|
|||
/*
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* ** Copyright (C) 2012-2013 Sourcefire, Inc.
|
||||
* ** AUTHOR: Hui Cao
|
||||
* **
|
||||
* ** This program is free software; you can redistribute it and/or modify
|
||||
* ** it under the terms of the GNU General Public License Version 2 as
|
||||
* ** published by the Free Software Foundation. You may not use, modify or
|
||||
* ** distribute this program under any other version of the GNU General
|
||||
* ** Public License.
|
||||
* **
|
||||
* ** This program is distributed in the hope that it will be useful,
|
||||
* ** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* ** GNU General Public License for more details.
|
||||
* **
|
||||
* ** You should have received a copy of the GNU General Public License
|
||||
* ** along with this program; if not, write to the Free Software
|
||||
* ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
* */
|
||||
|
||||
/* file_api.h
|
||||
*
|
||||
* Purpose: Definition of the FileAPI. To be used as a common interface
|
||||
* for file process access for other preprocessors and detection
|
||||
* plugins.
|
||||
*
|
||||
* Author(s): Hui Cao <hcao@sourcefire.com>
|
||||
*
|
||||
* NOTES
|
||||
* 5.25.12 - Initial Source Code. Hcao
|
||||
*/
|
||||
|
||||
#ifndef FILE_API_H_
|
||||
#define FILE_API_H_
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#include "sfPolicy.h"
|
||||
|
||||
#define ENABLE_FILE_TYPE_IDENTIFICATION 0x1
|
||||
#define ENABLE_FILE_SIGNATURE_SHA256 0x2
|
||||
#define ENABLE_FILE_CAPTURE 0x4
|
||||
#define FILE_ALL_ON 0xFFFFFFFF
|
||||
#define FILE_ALL_OFF 0x00000000
|
||||
#define MAX_FILE 1024
|
||||
#define MAX_EMAIL 1024
|
||||
#define MAX_UNICODE_FILE_NAME 1024
|
||||
|
||||
#define FILE_RESUME_BLOCK 0x01
|
||||
#define FILE_RESUME_LOG 0x02
|
||||
|
||||
/*
|
||||
* Generator id. Define here the same as the official register
|
||||
* in generators.h
|
||||
*/
|
||||
#define GENERATOR_FILE_TYPE 146
|
||||
#define GENERATOR_FILE_SIGNATURE 147
|
||||
|
||||
#define FILE_SIGNATURE_SHA256 1
|
||||
#define FILE_SIGNATURE_SHA256_STR "(file) malware detected"
|
||||
|
||||
typedef enum _File_Verdict
|
||||
{
|
||||
FILE_VERDICT_UNKNOWN = 0,
|
||||
FILE_VERDICT_LOG,
|
||||
FILE_VERDICT_STOP,
|
||||
FILE_VERDICT_BLOCK,
|
||||
FILE_VERDICT_REJECT,
|
||||
FILE_VERDICT_PENDING,
|
||||
FILE_VERDICT_STOP_CAPTURE,
|
||||
FILE_VERDICT_MAX
|
||||
} File_Verdict;
|
||||
|
||||
typedef enum _FilePosition
|
||||
{
|
||||
SNORT_FILE_POSITION_UNKNOWN,
|
||||
SNORT_FILE_START,
|
||||
SNORT_FILE_MIDDLE,
|
||||
SNORT_FILE_END,
|
||||
SNORT_FILE_FULL
|
||||
} FilePosition;
|
||||
|
||||
typedef enum _FileCaptureState
|
||||
{
|
||||
FILE_CAPTURE_SUCCESS = 0,
|
||||
FILE_CAPTURE_MIN, /*smaller than file capture min*/
|
||||
FILE_CAPTURE_MAX, /*larger than file capture max*/
|
||||
FILE_CAPTURE_MEMCAP, /*memcap reached, no more file buffer*/
|
||||
FILE_CAPTURE_FAIL /*Other file capture failures*/
|
||||
} FileCaptureState;
|
||||
|
||||
typedef enum _FileSigState
|
||||
{
|
||||
FILE_SIG_PROCESSING = 0,
|
||||
FILE_SIG_DEPTH_FAIL, /*larger than file signature depth*/
|
||||
FILE_SIG_DONE
|
||||
} FileSigState;
|
||||
|
||||
typedef enum _FileProcessType
|
||||
{
|
||||
SNORT_FILE_TYPE_ID,
|
||||
SNORT_FILE_SHA256,
|
||||
SNORT_FILE_CAPTURE
|
||||
} FileProcessType;
|
||||
|
||||
typedef struct _FileState
|
||||
{
|
||||
FileCaptureState capture_state;
|
||||
FileSigState sig_state;
|
||||
} FileState;
|
||||
|
||||
typedef struct _FileCacheStatus
|
||||
{
|
||||
uint64_t prunes; /* number of file entries pruned due to memcap*/
|
||||
uint64_t segment_mem_in_use; /* memory used currently */
|
||||
uint64_t segment_mem_in_use_max; /* Maximal memory usage */
|
||||
} FileCacheStatus;
|
||||
|
||||
struct s_MAIL_LogState;
|
||||
struct _DecodeConfig;
|
||||
struct s_MAIL_LogConfig;
|
||||
struct _MimeDataPafInfo;
|
||||
struct _MimeState;
|
||||
|
||||
struct _FileCaptureInfo;
|
||||
typedef struct _FileCaptureInfo FileCaptureInfo;
|
||||
struct _SnortConfig;
|
||||
struct _FileContext;
|
||||
struct _FileCache;
|
||||
|
||||
typedef struct _FileSession
|
||||
{
|
||||
struct _FileContext *current_context;
|
||||
struct _FileContext *main_context;
|
||||
struct _FileContext *pending_context;
|
||||
uint32_t max_file_id;
|
||||
struct _FileCache *file_cache;
|
||||
uint64_t file_id;
|
||||
|
||||
} FileSession;
|
||||
|
||||
#define FILE_API_VERSION 4
|
||||
|
||||
#define DEFAULT_FILE_ID 0
|
||||
|
||||
typedef uint32_t (*File_policy_callback_func) (void* ssnptr, int16_t app_id, bool upload);
|
||||
typedef File_Verdict (*File_type_callback_func) (void* p, void* ssnptr,
|
||||
uint32_t file_type_id, bool upload, uint32_t file_id);
|
||||
typedef File_Verdict (*File_signature_callback_func) (void* p, void* ssnptr,
|
||||
uint8_t* file_sig, uint64_t file_size, FileState *state, bool upload,
|
||||
uint32_t file_id);
|
||||
typedef void (*Log_file_action_func) (void* ssnptr, int action);
|
||||
|
||||
typedef int (*File_process_func)( void* p, uint8_t* file_data, int data_size, FilePosition position,
|
||||
bool upload, bool suspend_block_verdict);
|
||||
typedef int (*Get_file_name_func) (void* ssnptr, uint8_t **file_name, uint32_t *name_len);
|
||||
typedef uint64_t (*Get_file_size_func) (void* ssnptr);
|
||||
typedef bool (*Get_file_direction_func) (void* ssnptr);
|
||||
typedef uint8_t *(*Get_file_sig_sha256_func) (void* ssnptr);
|
||||
|
||||
typedef void (*Set_file_name_func) (void* ssnptr, uint8_t *, uint32_t, bool);
|
||||
typedef void (*Set_file_direction_func) (void* ssnptr, bool);
|
||||
|
||||
typedef int64_t (*Get_file_depth_func) (void);
|
||||
|
||||
typedef void (*Set_file_policy_func)(File_policy_callback_func);
|
||||
typedef void (*Enable_file_type_func)(File_type_callback_func);
|
||||
typedef void (*Enable_file_signature_func)(File_signature_callback_func);
|
||||
typedef void (*Enable_file_capture_func)(File_signature_callback_func);
|
||||
typedef void (*Set_file_action_log_func)(Log_file_action_func);
|
||||
|
||||
typedef int (*Set_log_buffers_func)(struct s_MAIL_LogState **log_state, struct s_MAIL_LogConfig *conf, void *mempool);
|
||||
typedef void* (*Init_mime_mempool_func)(int max_mime_mem, int max_depth, void *mempool, const char *preproc_name);
|
||||
typedef void* (*Init_log_mempool_func)(uint32_t email_hdrs_log_depth, uint32_t memcap, void *mempool, const char *preproc_name);
|
||||
|
||||
typedef int (*File_resume_block_add_file_func)(void *pkt, uint32_t file_sig,
|
||||
uint32_t timeout, File_Verdict verdict, uint32_t file_type_id, uint8_t *signature);
|
||||
typedef File_Verdict (*File_resume_block_check_func)(void *pkt, uint32_t file_sig);
|
||||
typedef uint32_t (*Str_to_hash_func)(uint8_t *str, int length );
|
||||
typedef void (*File_signature_lookup_func)(void* p, bool is_retransmit);
|
||||
typedef void (*Set_mime_decode_config_defaults_func)(struct _DecodeConfig *decode_conf);
|
||||
typedef void (*Set_mime_log_config_defaults_func)(struct s_MAIL_LogConfig *log_config);
|
||||
typedef int (*Parse_mime_decode_args_func)(struct _DecodeConfig *decode_conf, char *arg, const char *preproc_name);
|
||||
typedef const uint8_t * (*Process_mime_data_func)(void *packet, const uint8_t *start, const uint8_t *end,
|
||||
struct _MimeState *mime_ssn, bool upload, bool paf_enabled);
|
||||
typedef void (*Free_mime_session_func)(struct _MimeState *mime_ssn);
|
||||
typedef bool (*Is_decoding_enabled_func)(struct _DecodeConfig *decode_conf);
|
||||
typedef bool (*Is_decoding_conf_changed_func)(struct _DecodeConfig *configNext, struct _DecodeConfig *config, const char *preproc_name);
|
||||
typedef bool (*Check_decoding_conf_func)(struct _DecodeConfig *configNext, struct _DecodeConfig *config, const char *preproc_name);
|
||||
typedef bool (*Is_mime_log_enabled_func)(struct s_MAIL_LogConfig *log_config);
|
||||
typedef void (*Finalize_mime_position_func)(void *ssnptr, void *decode_state, FilePosition *position);
|
||||
typedef File_Verdict (*Get_file_verdict_func)(void *ssnptr);
|
||||
typedef void (*Render_block_verdict_func)(void *ctx, void *p);
|
||||
typedef FileCaptureState (*Reserve_file_func)(void *ssnptr, FileCaptureInfo **file_mem);
|
||||
typedef void* (*Get_file_func)(FileCaptureInfo *file_mem, uint8_t **buff, int *size);
|
||||
typedef void (*Release_file_func)(FileCaptureInfo *data);
|
||||
typedef size_t (*File_capture_size_func)(FileCaptureInfo *file_mem);
|
||||
|
||||
typedef bool (*Is_file_service_enabled)(void);
|
||||
typedef bool (*Check_paf_abort_func)(void* ssn);
|
||||
typedef void (*Update_file_name_func) (struct s_MAIL_LogState *log_state);
|
||||
typedef FilePosition (*GetFilePosition)(void *pkt);
|
||||
typedef void (*Reset_mime_paf_state_func)(struct _MimeDataPafInfo *data_info);
|
||||
/* Process data boundary and flush each file based on boundary*/
|
||||
typedef bool (*Process_mime_paf_data_func)(struct _MimeDataPafInfo *data_info, uint8_t data);
|
||||
typedef bool (*Check_data_end_func)(void *end_state, uint8_t data);
|
||||
typedef uint32_t (*Get_file_type_id)(void *);
|
||||
typedef uint32_t (*Get_new_file_instance)(void *);
|
||||
|
||||
/*Context based file process functions*/
|
||||
typedef struct _FileContext* (*Create_file_context_func)(void *ssnptr);
|
||||
typedef void (*Init_file_context_func)(void *ssnptr, bool upload, struct _FileContext *ctx);
|
||||
typedef struct _FileContext* (*Get_file_context_func)(void *ssnptr);
|
||||
typedef bool (*Set_file_context_func)(void *ssnptr, struct _FileContext *ctx);
|
||||
typedef int (*Process_file_func)( struct _FileContext *ctx, void *p,
|
||||
uint8_t *file_data, int data_size, FilePosition position,
|
||||
bool suspend_block_verdict);
|
||||
typedef void *(*File_cache_update_entry_func) (struct _FileCache *fileCache, void* p, uint64_t file_id,
|
||||
uint8_t *file_name, uint32_t file_name_size, uint64_t file_size);
|
||||
typedef int (*File_segment_process_func)( struct _FileCache *fileCache, void* p, uint64_t file_id,
|
||||
uint64_t file_size, const uint8_t* file_data, int data_size, uint64_t offset,
|
||||
bool upload);
|
||||
typedef struct _FileCache * (*File_cache_create_func)(uint64_t memcap, uint32_t cleanup_files);
|
||||
typedef void (*File_cache_free_func)(struct _FileCache *fileCache);
|
||||
typedef FileCacheStatus * (*File_cache_status_func)(struct _FileCache *fileCache);
|
||||
typedef int64_t (*Get_max_file_capture_size)(void *ssn);
|
||||
|
||||
typedef struct _file_api
|
||||
{
|
||||
int version;
|
||||
|
||||
/* Check if file type id is enabled.
|
||||
*
|
||||
* Arguments: None
|
||||
*
|
||||
* Returns:
|
||||
* (bool) true file processing is enabled
|
||||
* (bool) false file processing is disabled
|
||||
*/
|
||||
Is_file_service_enabled is_file_service_enabled;
|
||||
|
||||
/* File process function, called by preprocessors that provides file data
|
||||
*
|
||||
* Arguments:
|
||||
* void* p: packet pointer
|
||||
* uint8_t* file_data: file data
|
||||
* int data_size: file data size
|
||||
* FilePosition: file position
|
||||
* bool upload: upload or not
|
||||
* Returns:
|
||||
* 1: continue processing/log/block this file
|
||||
* 0: ignore this file (no further processing needed)
|
||||
*/
|
||||
File_process_func file_process;
|
||||
|
||||
/*-----File property functions--------*/
|
||||
|
||||
/* Get file name and the length of file name
|
||||
* Note: this is updated after file processing. It will be available
|
||||
* for file event logging, but might not be available during file type
|
||||
* callback or file signature callback, because those callbacks are called
|
||||
* during file processing.
|
||||
*
|
||||
* Arguments:
|
||||
* void* ssnptr: session pointer
|
||||
* uint8_t **file_name: address for file name to be saved
|
||||
* uint32_t *name_len: address to save file name length
|
||||
* Returns
|
||||
* 1: file name available,
|
||||
* 0: file name is unavailable
|
||||
*/
|
||||
Get_file_name_func get_file_name;
|
||||
|
||||
/* Get file size
|
||||
* Note: this is updated after file processing. It will be available
|
||||
* for file event logging, but might not be available during file type
|
||||
* callback or file signature callback, because those callbacks are called
|
||||
* during file processing.
|
||||
*
|
||||
* Arguments:
|
||||
* void* ssnptr: session pointer
|
||||
*
|
||||
* Returns
|
||||
* uint64_t: file size
|
||||
* Note: 0 means file size is unavailable
|
||||
*/
|
||||
Get_file_size_func get_file_size;
|
||||
|
||||
/* Get number of bytes processed
|
||||
*
|
||||
* Arguments:
|
||||
* void* ssnptr: session pointer
|
||||
*
|
||||
* Returns
|
||||
* uint64_t: processed file data size
|
||||
*/
|
||||
Get_file_size_func get_file_processed_size;
|
||||
|
||||
/* Get file direction
|
||||
*
|
||||
* Arguments:
|
||||
* void* ssnptr: session pointer
|
||||
*
|
||||
* Returns
|
||||
* 1: upload
|
||||
* 0: download
|
||||
*/
|
||||
Get_file_direction_func get_file_direction;
|
||||
|
||||
/* Get file signature sha256
|
||||
*
|
||||
* Arguments:
|
||||
* void* ssnptr: session pointer
|
||||
*
|
||||
* Returns
|
||||
* char *: pointer to sha256
|
||||
* NULL: sha256 is not available
|
||||
*/
|
||||
Get_file_sig_sha256_func get_sig_sha256;
|
||||
|
||||
/* Set file name and the length of file name
|
||||
*
|
||||
* Arguments:
|
||||
* void* ssnptr: session pointer
|
||||
* uint8_t *file_name: file name to be saved
|
||||
* uint32_t name_len: file name length
|
||||
* bool save_in_context: true if file name is saved in context
|
||||
* instead of session
|
||||
* Returns
|
||||
* None
|
||||
*/
|
||||
Set_file_name_func set_file_name;
|
||||
|
||||
/* Get file direction
|
||||
*
|
||||
* Arguments:
|
||||
* void* ssnptr: session pointer
|
||||
* bool:
|
||||
* 1 - upload
|
||||
* 0 - download
|
||||
* Returns
|
||||
* None
|
||||
*/
|
||||
Set_file_direction_func set_file_direction;
|
||||
|
||||
/*----------File call backs--------------*/
|
||||
|
||||
/* Set file policy callback. This callback is called in the beginning
|
||||
* of session. This callback will decide whether to do file type ID,
|
||||
* file signature, or file capture
|
||||
*
|
||||
* Arguments:
|
||||
* File_policy_callback_func
|
||||
* Returns
|
||||
* None
|
||||
*/
|
||||
Set_file_policy_func set_file_policy_callback;
|
||||
|
||||
/* Enable file type ID and set file type callback.
|
||||
* File type callback is called when file type is identified. Callback
|
||||
* will return a verdict based on file type
|
||||
*
|
||||
* Arguments:
|
||||
* File_type_callback_func
|
||||
* Returns
|
||||
* None
|
||||
*/
|
||||
Enable_file_type_func enable_file_type;
|
||||
|
||||
/* Enable file signature and set file signature callback.
|
||||
* File signature callback is called when file signature is calculated.
|
||||
* Callback will return a verdict based on file signature.
|
||||
* SHA256 is calculated after file transfer is finished.
|
||||
*
|
||||
* Arguments:
|
||||
* File_signature_callback_func
|
||||
* Returns
|
||||
* None
|
||||
*/
|
||||
Enable_file_signature_func enable_file_signature;
|
||||
|
||||
/* Enable file capture and set file signature callback.
|
||||
* File signature callback is called when file signature is calculated.
|
||||
* Callback will return a verdict based on file signature.
|
||||
* SHA256 is calculated after file transfer is finished.
|
||||
*
|
||||
* Note: file signature and file capture will use the same callback, but
|
||||
* enabled separately.
|
||||
*
|
||||
* Arguments:
|
||||
* File_signature_callback_func
|
||||
* Returns
|
||||
* None
|
||||
*/
|
||||
Enable_file_signature_func enable_file_capture;
|
||||
|
||||
/* Set file action log callback.
|
||||
* File action log callback is called when file resume is detected.
|
||||
* It allows file events to be generated for a resumed file download
|
||||
*
|
||||
* Arguments:
|
||||
* Log_file_action_func
|
||||
* Returns
|
||||
* None
|
||||
*/
|
||||
Set_file_action_log_func set_file_action_log_callback;
|
||||
|
||||
/*--------------File configurations-------------*/
|
||||
|
||||
/* Get file depth required for all file processings enabled
|
||||
*
|
||||
* Arguments:
|
||||
* None
|
||||
*
|
||||
* Returns:
|
||||
* int64_t: file depth in bytes
|
||||
*/
|
||||
Get_file_depth_func get_max_file_depth;
|
||||
|
||||
/*--------------Common functions used for MIME processing-------------*/
|
||||
Set_log_buffers_func set_log_buffers;
|
||||
Init_mime_mempool_func init_mime_mempool;
|
||||
Init_log_mempool_func init_log_mempool;
|
||||
Set_mime_decode_config_defaults_func set_mime_decode_config_defauts;
|
||||
Set_mime_log_config_defaults_func set_mime_log_config_defauts;
|
||||
Parse_mime_decode_args_func parse_mime_decode_args;
|
||||
Process_mime_data_func process_mime_data;
|
||||
Free_mime_session_func free_mime_session;
|
||||
Is_decoding_enabled_func is_decoding_enabled;
|
||||
Is_decoding_conf_changed_func is_decoding_conf_changed;
|
||||
Check_decoding_conf_func check_decoding_conf;
|
||||
Is_mime_log_enabled_func is_mime_log_enabled;
|
||||
Finalize_mime_position_func finalize_mime_position;
|
||||
Reset_mime_paf_state_func reset_mime_paf_state;
|
||||
Process_mime_paf_data_func process_mime_paf_data;
|
||||
Check_data_end_func check_data_end;
|
||||
Check_paf_abort_func check_paf_abort;
|
||||
|
||||
/*--------------Other helper functions-------------*/
|
||||
File_resume_block_add_file_func file_resume_block_add_file;
|
||||
File_resume_block_check_func file_resume_block_check;
|
||||
Str_to_hash_func str_to_hash;
|
||||
File_signature_lookup_func file_signature_lookup;
|
||||
Get_file_verdict_func get_file_verdict;
|
||||
Render_block_verdict_func render_block_verdict;
|
||||
/*
|
||||
* Preserve the file in memory until it is released
|
||||
* This function must be called in packet processing thread
|
||||
* Arguments:
|
||||
* void *ssnptr: session pointer
|
||||
* void **file_mem: the pointer to store the memory block
|
||||
* that stores file and its metadata.
|
||||
* It will set NULL if no memory or fail to store
|
||||
*
|
||||
* Returns:
|
||||
* FileCaptureState:
|
||||
* FILE_CAPTURE_SUCCESS = 0,
|
||||
* FILE_CAPTURE_MIN,
|
||||
* FILE_CAPTURE_MAX,
|
||||
* FILE_CAPTURE_MEMCAP,
|
||||
* FILE_CAPTURE_FAIL
|
||||
*/
|
||||
Reserve_file_func reserve_file;
|
||||
|
||||
/*
|
||||
* Get the file that is reserved in memory. To get a full file,
|
||||
* this function must be called iteratively until NULL is returned
|
||||
* This function can be called in out of band thread
|
||||
*
|
||||
* Arguments:
|
||||
* void *file_mem: the memory block working on
|
||||
* uint8_t **buff: address to store buffer address
|
||||
* int *size: address to store size of file
|
||||
*
|
||||
* Returns:
|
||||
* the next memory block
|
||||
* If NULL: no memory or fail to get file
|
||||
*/
|
||||
Get_file_func read_file;
|
||||
|
||||
/*
|
||||
* Get the file size captured in the file buffer
|
||||
* This function can be called in out of band thread
|
||||
*
|
||||
* Arguments:
|
||||
* void *file_mem: the first memory block of file buffer
|
||||
*
|
||||
* Returns:
|
||||
* the size of file
|
||||
* If 0: no memory or fail to read file
|
||||
*/
|
||||
File_capture_size_func get_file_capture_size;
|
||||
|
||||
/*
|
||||
* Release the file that is reserved in memory.
|
||||
* This function can be called in out of band thread.
|
||||
*
|
||||
* Arguments:
|
||||
* void *data: the memory block that stores file and its metadata
|
||||
*
|
||||
* Returns:
|
||||
* None
|
||||
*/
|
||||
Release_file_func release_file;
|
||||
|
||||
/* Return the file rule id associated with a session.
|
||||
*
|
||||
* Arguments:
|
||||
* void *ssnptr: session pointer
|
||||
*
|
||||
* Returns:
|
||||
* (u32) file-rule id on session; FILE_TYPE_UNKNOWN otherwise.
|
||||
*/
|
||||
Get_file_type_id get_file_type_id;
|
||||
|
||||
/* Create a file context to use
|
||||
*
|
||||
* Arguments:
|
||||
* void* ssnptr: session pointer
|
||||
* Returns:
|
||||
* FileContext *: file context created.
|
||||
*/
|
||||
Create_file_context_func create_file_context;
|
||||
|
||||
/* Intialize a file context
|
||||
*
|
||||
* Arguments:
|
||||
* void* ssnptr: session pointer
|
||||
* Returns:
|
||||
* FileContext *: file context.
|
||||
*/
|
||||
Init_file_context_func init_file_context;
|
||||
|
||||
/* Set file context to be the current
|
||||
*
|
||||
* Arguments:
|
||||
* void* ssnptr: session pointer
|
||||
* FileContext *: file context that will be current
|
||||
* Returns:
|
||||
* True: changed successfully
|
||||
* False: fail to change
|
||||
*/
|
||||
Set_file_context_func set_current_file_context;
|
||||
|
||||
/* Get current file context
|
||||
*
|
||||
* Arguments:
|
||||
* void* ssnptr: session pointer
|
||||
* Returns:
|
||||
* FileContext *: current file context
|
||||
*/
|
||||
Get_file_context_func get_current_file_context;
|
||||
|
||||
/* Get main file context that used by preprocessors
|
||||
*
|
||||
* Arguments:
|
||||
* void* ssnptr: session pointer
|
||||
* Returns:
|
||||
* FileContext *: main file context
|
||||
*/
|
||||
Get_file_context_func get_main_file_context;
|
||||
|
||||
/* Process file function, called by preprocessors that provides file data
|
||||
*
|
||||
* Arguments:
|
||||
* void* ctx: file context that will be processed
|
||||
* void* p: packet pointer
|
||||
* uint8_t* file_data: file data
|
||||
* int data_size: file data size
|
||||
* FilePosition: file position
|
||||
* bool suspend_block_verdict: used for smb to allow file pass
|
||||
* Returns:
|
||||
* 1: continue processing/log/block this file
|
||||
* 0: ignore this file (no further processing needed)
|
||||
*/
|
||||
Process_file_func process_file;
|
||||
|
||||
/* Create the file cache that store file segments and properties.
|
||||
*
|
||||
* Arguments:
|
||||
* uint64_t: total memory available for file cache, including file contexts
|
||||
* uint32_t: maximal number of files pruned when memcap is reached
|
||||
* Returns:
|
||||
* struct _FileCache *: file cache pointer
|
||||
*/
|
||||
File_cache_create_func file_cache_create;
|
||||
|
||||
/* Free the file cache that store file segments and properties.
|
||||
*
|
||||
* Arguments:
|
||||
* struct _FileCache *: file cache pointer
|
||||
* Returns:
|
||||
* None
|
||||
*/
|
||||
File_cache_free_func file_cache_free;
|
||||
|
||||
/* Get the status of file cache for troubleshooting.
|
||||
*
|
||||
* Arguments:
|
||||
* struct _FileCache *: file cache pointer
|
||||
* Returns:
|
||||
* FileCacheStatus *: status of file cache
|
||||
*/
|
||||
File_cache_status_func file_cache_status;
|
||||
|
||||
/* Get a new file entry in the file cache, if already exists, update file name
|
||||
*
|
||||
* Arguments:
|
||||
* struct _FileCache *: file cache that stores file segments
|
||||
* void* : packet pointer
|
||||
* uint64_t: file id that is unique
|
||||
* uint8_t *: file name
|
||||
* uint32_t: file name size
|
||||
* Returns:
|
||||
* None
|
||||
*/
|
||||
File_cache_update_entry_func file_cache_update_entry;
|
||||
|
||||
/* Process file segment, when file segment is in order, file data will be
|
||||
* processed; otherwise it is stored.
|
||||
*
|
||||
* Arguments:
|
||||
* struct _FileCache *: file cache that stores file segments
|
||||
* void* : packet pointer
|
||||
* uint64_t: file id that is unique
|
||||
* uint64_t: total file size,
|
||||
* const uint8_t*: file data
|
||||
* int: file data size
|
||||
* uint64_t: file data offset in the file
|
||||
* bool: true for upload, false for download
|
||||
* Returns:
|
||||
* 1: continue processing/log/block this file
|
||||
* 0: ignore this file (no further processing needed)
|
||||
*/
|
||||
File_segment_process_func file_segment_process;
|
||||
|
||||
/* Return a unique file instance number
|
||||
*
|
||||
* Arguments:
|
||||
* void *ssnptr: session pointer
|
||||
* Returns:
|
||||
* (u32) a unique file instance id.
|
||||
*/
|
||||
Get_new_file_instance get_new_file_instance;
|
||||
|
||||
GetFilePosition get_file_position;
|
||||
|
||||
Get_max_file_capture_size get_max_file_capture_size;
|
||||
|
||||
} FileAPI;
|
||||
|
||||
/* To be set by Stream */
|
||||
extern FileAPI *file_api;
|
||||
|
||||
static inline void initFilePosition(FilePosition *position,
|
||||
uint64_t processed_size)
|
||||
{
|
||||
*position = SNORT_FILE_START;
|
||||
if (processed_size)
|
||||
*position = SNORT_FILE_MIDDLE;
|
||||
}
|
||||
static inline void updateFilePosition(FilePosition *position,
|
||||
uint64_t processed_size)
|
||||
{
|
||||
if ((*position == SNORT_FILE_END) || (*position == SNORT_FILE_FULL))
|
||||
*position = SNORT_FILE_START;
|
||||
else if (processed_size)
|
||||
*position = SNORT_FILE_MIDDLE;
|
||||
}
|
||||
static inline void finalFilePosition(FilePosition *position)
|
||||
{
|
||||
if (*position == SNORT_FILE_START)
|
||||
*position = SNORT_FILE_FULL;
|
||||
else if (*position != SNORT_FILE_FULL)
|
||||
*position = SNORT_FILE_END;
|
||||
}
|
||||
|
||||
static inline bool isFileStart(FilePosition position)
|
||||
{
|
||||
return ((position == SNORT_FILE_START) || (position == SNORT_FILE_FULL));
|
||||
}
|
||||
|
||||
static inline bool isFileEnd(FilePosition position)
|
||||
{
|
||||
return ((position == SNORT_FILE_END) || (position == SNORT_FILE_FULL));
|
||||
}
|
||||
#endif /* FILE_API_H_ */
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2011-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
* published by the Free Software Foundation. You may not use, modify or
|
||||
* distribute this program under any other version of the GNU General
|
||||
* Public License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
#ifndef _IDLE_PROCESSING_H
|
||||
#define _IDLE_PROCESSING_H
|
||||
|
||||
typedef void (*IdleProcessingHandler)(void);
|
||||
|
||||
#endif /* _IDLE_PROCESSING_H */
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
** Copyright (C) 2007-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2007-2013 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,24 +15,19 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
#ifndef IPV6_PORT_H
|
||||
#define IPV6_PORT_H
|
||||
|
||||
#include "sf_types.h"
|
||||
#include "debug.h"
|
||||
#include "snort_debug.h"
|
||||
|
||||
/* ///////////////// */
|
||||
/*****************/
|
||||
/* IPv6 and IPv4 */
|
||||
#ifdef SUP_IP6
|
||||
|
||||
#include "sf_ip.h"
|
||||
|
||||
typedef sfip_t snort_ip;
|
||||
typedef sfip_t *snort_ip_p;
|
||||
|
||||
#define IpAddrNode sfip_node_t
|
||||
#define IpAddrSet sfip_var_t
|
||||
#define IpAddrSetContains(x,y) sfvar_ip_in(x, y)
|
||||
|
@ -42,63 +38,58 @@ typedef sfip_t *snort_ip_p;
|
|||
#endif
|
||||
#define inet_ntoa sfip_ntoa
|
||||
|
||||
#define GET_SRC_IP(p) (p->iph_api->iph_ret_src(p))
|
||||
#define GET_DST_IP(p) (p->iph_api->iph_ret_dst(p))
|
||||
#define GET_SRC_IP(p) ((p)->iph_api->iph_ret_src(p))
|
||||
#define GET_DST_IP(p) ((p)->iph_api->iph_ret_dst(p))
|
||||
|
||||
#define GET_ORIG_SRC(p) (p->orig_ipv4h_api->orig_iph_ret_src(p))
|
||||
#define GET_ORIG_DST(p) (p->orig_ipv4h_api->orig_iph_ret_dst(p))
|
||||
#define GET_ORIG_SRC(p) ((p)->orig_ipv4h_api->orig_iph_ret_src(p))
|
||||
#define GET_ORIG_DST(p) ((p)->orig_ipv4h_api->orig_iph_ret_dst(p))
|
||||
|
||||
/* These are here for backwards compatibility */
|
||||
#define GET_SRC_ADDR(x) GET_SRC_IP(x)
|
||||
#define GET_DST_ADDR(x) GET_DST_IP(x)
|
||||
|
||||
#define IP_EQUALITY(x,y) (sfip_compare(x,y) == SFIP_EQUAL)
|
||||
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset(x,y) == SFIP_EQUAL)
|
||||
#define IP_LESSER(x,y) (sfip_compare(x,y) == SFIP_LESSER)
|
||||
#define IP_GREATER(x,y) (sfip_compare(x,y) == SFIP_GREATER)
|
||||
#define IP_EQUALITY(x,y) (sfip_compare((x),(y)) == SFIP_EQUAL)
|
||||
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset((x),(y)) == SFIP_EQUAL)
|
||||
#define IP_LESSER(x,y) (sfip_compare((x),(y)) == SFIP_LESSER)
|
||||
#define IP_GREATER(x,y) (sfip_compare((x),(y)) == SFIP_GREATER)
|
||||
|
||||
#define GET_IPH_TOS(p) p->iph_api->iph_ret_tos(p)
|
||||
#define GET_IPH_LEN(p) p->iph_api->iph_ret_len(p)
|
||||
#define GET_IPH_TTL(p) p->iph_api->iph_ret_ttl(p)
|
||||
#define GET_IPH_ID(p) p->iph_api->iph_ret_id(p)
|
||||
#define GET_IPH_OFF(p) p->iph_api->iph_ret_off(p)
|
||||
#define GET_IPH_VER(p) p->iph_api->iph_ret_ver(p)
|
||||
#define GET_IPH_PROTO(p) p->iph_api->iph_ret_proto(p)
|
||||
#define IS_IP4(x) ((x)->family == AF_INET)
|
||||
#define IS_IP6(x) ((x)->family == AF_INET6)
|
||||
|
||||
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h_api->orig_iph_ret_proto(p)
|
||||
#define GET_ORIG_IPH_VER(p) p->orig_ipv4h_api->orig_iph_ret_ver(p)
|
||||
#define GET_ORIG_IPH_LEN(p) p->orig_ipv4h_api->orig_iph_ret_len(p)
|
||||
#define GET_ORIG_IPH_OFF(p) p->orig_ipv4h_api->orig_iph_ret_off(p)
|
||||
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h_api->orig_iph_ret_proto(p)
|
||||
#define IS_OUTER_IP4(x) ((x)->outer_family == AF_INET)
|
||||
#define IS_OUTER_IP6(x) ((x)->outer_family == AF_INET6)
|
||||
|
||||
#define GET_IPH_TOS(p) (p)->iph_api->iph_ret_tos(p)
|
||||
#define GET_IPH_LEN(p) (p)->iph_api->iph_ret_len(p)
|
||||
#define GET_IPH_TTL(p) (p)->iph_api->iph_ret_ttl(p)
|
||||
#define GET_IPH_ID(p) (p)->iph_api->iph_ret_id(p)
|
||||
#define GET_IPH_OFF(p) (p)->iph_api->iph_ret_off(p)
|
||||
#define GET_IPH_VER(p) (p)->iph_api->iph_ret_ver(p)
|
||||
#define GET_IPH_PROTO(p) ((uint8_t)(IS_IP6(p) ? ((p)->ip6h->next) : ((p)->iph_api->iph_ret_proto(p))))
|
||||
|
||||
#define GET_ORIG_IPH_PROTO(p) (p)->orig_ipv4h_api->orig_iph_ret_proto(p)
|
||||
#define GET_ORIG_IPH_VER(p) (p)->orig_ipv4h_api->orig_iph_ret_ver(p)
|
||||
#define GET_ORIG_IPH_LEN(p) (p)->orig_ipv4h_api->orig_iph_ret_len(p)
|
||||
#define GET_ORIG_IPH_OFF(p) (p)->orig_ipv4h_api->orig_iph_ret_off(p)
|
||||
|
||||
#define IS_IP4(x) (x->family == AF_INET)
|
||||
#define IS_IP6(x) (x->family == AF_INET6)
|
||||
/* XXX make sure these aren't getting confused with sfip_is_valid within the code */
|
||||
#define IPH_IS_VALID(p) iph_is_valid(p)
|
||||
|
||||
#define IP_CLEAR(x) x.bits = x.family = x.ip32[0] = x.ip32[1] = x.ip32[2] = x.ip32[3] = 0;
|
||||
#define IP_CLEAR(x) (x).family = (x).ia32[0] = (x).ia32[1] = (x).ia32[2] = (x).ia32[3] = 0;
|
||||
|
||||
#define IS_SET(x) sfip_is_set(&x)
|
||||
#define IP_IS_SET(x) sfip_is_set(&x)
|
||||
|
||||
/* This loop trickery is intentional. If each copy is performed
|
||||
/* This loop trickery is intentional. If each copy is performed
|
||||
* individually on each field, then the following expression gets broken:
|
||||
*
|
||||
*
|
||||
* if(conditional) IP_COPY_VALUE(a,b);
|
||||
*
|
||||
*
|
||||
* If the macro is instead enclosed in braces, then having a semicolon
|
||||
* trailing the macro causes compile breakage.
|
||||
* trailing the macro causes compile breakage.
|
||||
* So: use loop. */
|
||||
#define IP_COPY_VALUE(x,y) \
|
||||
do { \
|
||||
x.bits = y->bits; \
|
||||
x.family = y->family; \
|
||||
x.ip32[0] = y->ip32[0]; \
|
||||
x.ip32[1] = y->ip32[1]; \
|
||||
x.ip32[2] = y->ip32[2]; \
|
||||
x.ip32[3] = y->ip32[3]; \
|
||||
} while(0)
|
||||
#define IP_COPY_VALUE(dst, src) sfip_set_ip(&(dst), src)
|
||||
|
||||
#define GET_IPH_HLEN(p) (p->iph_api->iph_ret_hlen(p))
|
||||
#define GET_IPH_HLEN(p) ((p)->iph_api->iph_ret_hlen(p))
|
||||
#define SET_IPH_HLEN(p, val)
|
||||
|
||||
#define GET_IP_DGMLEN(p) IS_IP6(p) ? (ntohs(GET_IPH_LEN(p)) + (GET_IPH_HLEN(p) << 2)) : ntohs(GET_IPH_LEN(p))
|
||||
|
@ -107,95 +98,18 @@ typedef sfip_t *snort_ip_p;
|
|||
#define IP_ARG(ipt) (&ipt)
|
||||
#define IP_PTR(ipp) (ipp)
|
||||
#define IP_VAL(ipt) (*ipt)
|
||||
#define IP_SIZE(ipp) (sfip_size(ipp))
|
||||
|
||||
static INLINE int sfip_equal (snort_ip* ip1, snort_ip* ip2)
|
||||
#define GET_INNER_SRC_IP(p) (IS_IP6(p) ? (&((p)->inner_ip6h.ip_addrs->ip_src)):(&((p)->inner_ip4h.ip_addrs->ip_src)))
|
||||
#define GET_INNER_DST_IP(p) (IS_IP6(p) ? (&((p)->inner_ip6h.ip_addrs->ip_dst)):(&((p)->inner_ip4h.ip_addrs->ip_dst)))
|
||||
#define GET_OUTER_SRC_IP(p) (IS_OUTER_IP6(p) ? (&((p)->outer_ip6h.ip_addrs->ip_src)):(&((p)->outer_ip4h.ip_addrs->ip_src)))
|
||||
#define GET_OUTER_DST_IP(p) (IS_OUTER_IP6(p) ? (&((p)->outer_ip6h.ip_addrs->ip_dst)):(&((p)->outer_ip4h.ip_addrs->ip_dst)))
|
||||
#if 0
|
||||
static inline int sfip_equal (sfaddr_t* ip1, sfaddr_t* ip2)
|
||||
{
|
||||
if ( ip1->family != ip2->family )
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
if ( ip1->family == AF_INET )
|
||||
{
|
||||
return _ip4_cmp(ip1->ip32[0], ip2->ip32[0]) == SFIP_EQUAL;
|
||||
}
|
||||
if ( ip1->family == AF_INET6 )
|
||||
{
|
||||
return _ip6_cmp(ip1, ip2) == SFIP_EQUAL;
|
||||
}
|
||||
return 0;
|
||||
return _ip6_cmp(ip1, ip2) == SFIP_EQUAL;
|
||||
}
|
||||
|
||||
#else
|
||||
/* ///////////// */
|
||||
/* IPv4 only */
|
||||
#include <sys/types.h>
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
typedef u_int32_t snort_ip; /* 32 bits only -- don't use unsigned long */
|
||||
typedef u_int32_t snort_ip_p; /* 32 bits only -- don't use unsigned long */
|
||||
|
||||
#define IP_SRC_EQUALITY(x,y) (x->ip_addr == (y->ip4_header->source.s_addr & x->netmask))
|
||||
#define IP_DST_EQUALITY(x,y) (x->ip_addr == (y->ip4_header->destination.s_addr & x->netmask))
|
||||
|
||||
#define GET_SRC_IP(x) x->ip4_header->source.s_addr
|
||||
#define GET_DST_IP(x) x->ip4_header->destination.s_addr
|
||||
|
||||
#define GET_ORIG_SRC(p) (p->orig_ipv4h->ip_src.s_addr)
|
||||
#define GET_ORIG_DST(p) (p->orig_ipv4h->ip_dst.s_addr)
|
||||
|
||||
#define GET_SRC_ADDR(x) x->ip4_header->source
|
||||
#define GET_DST_ADDR(x) x->ip4_header->destination
|
||||
|
||||
#define IP_CLEAR_SRC(x) x->ip4_header->source.s_addr = 0
|
||||
#define IP_CLEAR_DST(x) x->ip4_header->destination.s_addr = 0
|
||||
|
||||
#define IP_EQUALITY(x,y) (x == y)
|
||||
#define IP_EQUALITY_UNSET(x,y) (x == y)
|
||||
#define IP_LESSER(x,y) (x < y)
|
||||
#define IP_GREATER(x,y) (x > y)
|
||||
|
||||
#define GET_IPH_PROTO(p) p->ip4_header->proto
|
||||
#define GET_IPH_TOS(p) p->ip4_header->type_service
|
||||
#define GET_IPH_LEN(p) p->ip4_header->data_length
|
||||
#define GET_IPH_TTL(p) p->ip4_header->time_to_live
|
||||
#define GET_IPH_VER(p) ((p->ip4_header->version_headerlength & 0xf0) >> 4)
|
||||
#define GET_IPH_ID(p) p->ip4_header->identifier
|
||||
#define GET_IPH_OFF(p) p->ip4_header->offset
|
||||
|
||||
#define GET_ORIG_IPH_VER(p) IP_VER(p->orig_ipv4h)
|
||||
#define GET_ORIG_IPH_LEN(p) p->orig_ipv4h->data_length
|
||||
#define GET_ORIG_IPH_OFF(p) p->orig_ipv4h->offset
|
||||
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h->proto
|
||||
|
||||
#define IS_IP4(x) 1
|
||||
#define IS_IP6(x) 0
|
||||
#define IPH_IS_VALID(p) p->ip4_header
|
||||
|
||||
#define IP_CLEAR(x) x = 0;
|
||||
#define IS_SET(x) x
|
||||
|
||||
#define IP_COPY_VALUE(x,y) x = y
|
||||
|
||||
#define GET_IPH_HLEN(p) ((p)->ip4_header->version_headerlength & 0x0f)
|
||||
#define SET_IPH_HLEN(p, val) (((IPHdr *)(p)->iph)->version_headerlength = (unsigned char)(((p)->ip4_header->ip_verhl & 0xf0) | ((val) & 0x0f)))
|
||||
|
||||
#define GET_IP_DGMLEN(p) ntohs(GET_IPH_LEN(p))
|
||||
#define GET_IP_PAYLEN(p) ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2)
|
||||
|
||||
#define IP_ARG(ipt) (ipt)
|
||||
#define IP_PTR(ipp) (&ipp)
|
||||
#define IP_VAL(ipt) (ipt)
|
||||
#define IP_SIZE(ipp) (sizeof(ipp))
|
||||
|
||||
static INLINE int sfip_equal (snort_ip ip1, snort_ip ip2)
|
||||
{
|
||||
return IP_EQUALITY(ip1, ip2);
|
||||
}
|
||||
|
||||
#endif /* SUP_IP6 */
|
||||
|
||||
#if !defined(IPPROTO_IPIP) && defined(WIN32) /* Needed for some Win32 */
|
||||
#define IPPROTO_IPIP 4
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
** Copyright (C) 2007-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2007-2013 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,24 +15,19 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
#ifndef IPV6_PORT_H
|
||||
#define IPV6_PORT_H
|
||||
|
||||
#include "sf_types.h"
|
||||
#include "debug.h"
|
||||
#include "snort_debug.h"
|
||||
|
||||
///////////////////
|
||||
/*****************/
|
||||
/* IPv6 and IPv4 */
|
||||
#ifdef SUP_IP6
|
||||
|
||||
#include "sf_ip.h"
|
||||
|
||||
typedef sfip_t snort_ip;
|
||||
typedef sfip_t *snort_ip_p;
|
||||
|
||||
#define IpAddrNode sfip_node_t
|
||||
#define IpAddrSet sfip_var_t
|
||||
#define IpAddrSetContains(x,y) sfvar_ip_in(x, y)
|
||||
|
@ -42,63 +38,58 @@ typedef sfip_t *snort_ip_p;
|
|||
#endif
|
||||
#define inet_ntoa sfip_ntoa
|
||||
|
||||
#define GET_SRC_IP(p) (p->iph_api->iph_ret_src(p))
|
||||
#define GET_DST_IP(p) (p->iph_api->iph_ret_dst(p))
|
||||
#define GET_SRC_IP(p) ((p)->iph_api->iph_ret_src(p))
|
||||
#define GET_DST_IP(p) ((p)->iph_api->iph_ret_dst(p))
|
||||
|
||||
#define GET_ORIG_SRC(p) (p->orig_iph_api->orig_iph_ret_src(p))
|
||||
#define GET_ORIG_DST(p) (p->orig_iph_api->orig_iph_ret_dst(p))
|
||||
#define GET_ORIG_SRC(p) ((p)->orig_iph_api->orig_iph_ret_src(p))
|
||||
#define GET_ORIG_DST(p) ((p)->orig_iph_api->orig_iph_ret_dst(p))
|
||||
|
||||
/* These are here for backwards compatibility */
|
||||
#define GET_SRC_ADDR(x) GET_SRC_IP(x)
|
||||
#define GET_DST_ADDR(x) GET_DST_IP(x)
|
||||
|
||||
#define IP_EQUALITY(x,y) (sfip_compare(x,y) == SFIP_EQUAL)
|
||||
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset(x,y) == SFIP_EQUAL)
|
||||
#define IP_LESSER(x,y) (sfip_compare(x,y) == SFIP_LESSER)
|
||||
#define IP_GREATER(x,y) (sfip_compare(x,y) == SFIP_GREATER)
|
||||
#define IP_EQUALITY(x,y) (sfip_compare((x),(y)) == SFIP_EQUAL)
|
||||
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset((x),(y)) == SFIP_EQUAL)
|
||||
#define IP_LESSER(x,y) (sfip_compare((x),(y)) == SFIP_LESSER)
|
||||
#define IP_GREATER(x,y) (sfip_compare((x),(y)) == SFIP_GREATER)
|
||||
|
||||
#define GET_IPH_TOS(p) p->iph_api->iph_ret_tos(p)
|
||||
#define GET_IPH_LEN(p) p->iph_api->iph_ret_len(p)
|
||||
#define GET_IPH_TTL(p) p->iph_api->iph_ret_ttl(p)
|
||||
#define GET_IPH_ID(p) p->iph_api->iph_ret_id(p)
|
||||
#define GET_IPH_OFF(p) p->iph_api->iph_ret_off(p)
|
||||
#define GET_IPH_VER(p) p->iph_api->iph_ret_ver(p)
|
||||
#define GET_IPH_PROTO(p) p->iph_api->iph_ret_proto(p)
|
||||
#define IS_IP4(x) ((x)->family == AF_INET)
|
||||
#define IS_IP6(x) ((x)->family == AF_INET6)
|
||||
|
||||
#define GET_ORIG_IPH_PROTO(p) p->orig_iph_api->orig_iph_ret_proto(p)
|
||||
#define GET_ORIG_IPH_VER(p) p->orig_iph_api->orig_iph_ret_ver(p)
|
||||
#define GET_ORIG_IPH_LEN(p) p->orig_iph_api->orig_iph_ret_len(p)
|
||||
#define GET_ORIG_IPH_OFF(p) p->orig_iph_api->orig_iph_ret_off(p)
|
||||
#define GET_ORIG_IPH_PROTO(p) p->orig_iph_api->orig_iph_ret_proto(p)
|
||||
#define IS_OUTER_IP4(x) ((x)->outer_family == AF_INET)
|
||||
#define IS_OUTER_IP6(x) ((x)->outer_family == AF_INET6)
|
||||
|
||||
#define GET_IPH_TOS(p) (p)->iph_api->iph_ret_tos(p)
|
||||
#define GET_IPH_LEN(p) (p)->iph_api->iph_ret_len(p)
|
||||
#define GET_IPH_TTL(p) (p)->iph_api->iph_ret_ttl(p)
|
||||
#define GET_IPH_ID(p) (p)->iph_api->iph_ret_id(p)
|
||||
#define GET_IPH_OFF(p) (p)->iph_api->iph_ret_off(p)
|
||||
#define GET_IPH_VER(p) (p)->iph_api->iph_ret_ver(p)
|
||||
#define GET_IPH_PROTO(p) ((uint8_t)(IS_IP6(p) ? ((p)->ip6h->next) : ((p)->iph_api->iph_ret_proto(p))))
|
||||
|
||||
#define GET_ORIG_IPH_PROTO(p) (p)->orig_iph_api->orig_iph_ret_proto(p)
|
||||
#define GET_ORIG_IPH_VER(p) (p)->orig_iph_api->orig_iph_ret_ver(p)
|
||||
#define GET_ORIG_IPH_LEN(p) (p)->orig_iph_api->orig_iph_ret_len(p)
|
||||
#define GET_ORIG_IPH_OFF(p) (p)->orig_iph_api->orig_iph_ret_off(p)
|
||||
|
||||
#define IS_IP4(x) (x->family == AF_INET)
|
||||
#define IS_IP6(x) (x->family == AF_INET6)
|
||||
/* XXX make sure these aren't getting confused with sfip_is_valid within the code */
|
||||
#define IPH_IS_VALID(p) iph_is_valid(p)
|
||||
|
||||
#define IP_CLEAR(x) x.bits = x.family = x.ip32[0] = x.ip32[1] = x.ip32[2] = x.ip32[3] = 0;
|
||||
#define IP_CLEAR(x) (x).family = (x).ia32[0] = (x).ia32[1] = (x).ia32[2] = (x).ia32[3] = 0;
|
||||
|
||||
#define IS_SET(x) sfip_is_set(&x)
|
||||
#define IP_IS_SET(x) sfip_is_set(&x)
|
||||
|
||||
/* This loop trickery is intentional. If each copy is performed
|
||||
/* This loop trickery is intentional. If each copy is performed
|
||||
* individually on each field, then the following expression gets broken:
|
||||
*
|
||||
*
|
||||
* if(conditional) IP_COPY_VALUE(a,b);
|
||||
*
|
||||
*
|
||||
* If the macro is instead enclosed in braces, then having a semicolon
|
||||
* trailing the macro causes compile breakage.
|
||||
* trailing the macro causes compile breakage.
|
||||
* So: use loop. */
|
||||
#define IP_COPY_VALUE(x,y) \
|
||||
do { \
|
||||
x.bits = y->bits; \
|
||||
x.family = y->family; \
|
||||
x.ip32[0] = y->ip32[0]; \
|
||||
x.ip32[1] = y->ip32[1]; \
|
||||
x.ip32[2] = y->ip32[2]; \
|
||||
x.ip32[3] = y->ip32[3]; \
|
||||
} while(0)
|
||||
#define IP_COPY_VALUE(dst, src) sfip_set_ip(&(dst), src)
|
||||
|
||||
#define GET_IPH_HLEN(p) (p->iph_api->iph_ret_hlen(p))
|
||||
#define GET_IPH_HLEN(p) ((p)->iph_api->iph_ret_hlen(p))
|
||||
#define SET_IPH_HLEN(p, val)
|
||||
|
||||
#define GET_IP_DGMLEN(p) IS_IP6(p) ? (ntohs(GET_IPH_LEN(p)) + (GET_IPH_HLEN(p) << 2)) : ntohs(GET_IPH_LEN(p))
|
||||
|
@ -107,95 +98,18 @@ typedef sfip_t *snort_ip_p;
|
|||
#define IP_ARG(ipt) (&ipt)
|
||||
#define IP_PTR(ipp) (ipp)
|
||||
#define IP_VAL(ipt) (*ipt)
|
||||
#define IP_SIZE(ipp) (sfip_size(ipp))
|
||||
|
||||
static INLINE int sfip_equal (snort_ip* ip1, snort_ip* ip2)
|
||||
#define GET_INNER_SRC_IP(p) (IS_IP6(p) ? (&((p)->inner_ip6h.ip_addrs->ip_src)):(&((p)->inner_ip4h.ip_addrs->ip_src)))
|
||||
#define GET_INNER_DST_IP(p) (IS_IP6(p) ? (&((p)->inner_ip6h.ip_addrs->ip_dst)):(&((p)->inner_ip4h.ip_addrs->ip_dst)))
|
||||
#define GET_OUTER_SRC_IP(p) (IS_OUTER_IP6(p) ? (&((p)->outer_ip6h.ip_addrs->ip_src)):(&((p)->outer_ip4h.ip_addrs->ip_src)))
|
||||
#define GET_OUTER_DST_IP(p) (IS_OUTER_IP6(p) ? (&((p)->outer_ip6h.ip_addrs->ip_dst)):(&((p)->outer_ip4h.ip_addrs->ip_dst)))
|
||||
#if 0
|
||||
static inline int sfip_equal (sfaddr_t* ip1, sfaddr_t* ip2)
|
||||
{
|
||||
if ( ip1->family != ip2->family )
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
if ( ip1->family == AF_INET )
|
||||
{
|
||||
return _ip4_cmp(ip1->ip32[0], ip2->ip32[0]) == SFIP_EQUAL;
|
||||
}
|
||||
if ( ip1->family == AF_INET6 )
|
||||
{
|
||||
return _ip6_cmp(ip1, ip2) == SFIP_EQUAL;
|
||||
}
|
||||
return 0;
|
||||
return _ip6_cmp(ip1, ip2) == SFIP_EQUAL;
|
||||
}
|
||||
|
||||
#else
|
||||
///////////////
|
||||
/* IPv4 only */
|
||||
#include <sys/types.h>
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
typedef u_int32_t snort_ip; /* 32 bits only -- don't use unsigned long */
|
||||
typedef u_int32_t snort_ip_p; /* 32 bits only -- don't use unsigned long */
|
||||
|
||||
#define IP_SRC_EQUALITY(x,y) (x->ip_addr == (y->iph->ip_src.s_addr & x->netmask))
|
||||
#define IP_DST_EQUALITY(x,y) (x->ip_addr == (y->iph->ip_dst.s_addr & x->netmask))
|
||||
|
||||
#define GET_SRC_IP(x) x->iph->ip_src.s_addr
|
||||
#define GET_DST_IP(x) x->iph->ip_dst.s_addr
|
||||
|
||||
#define GET_ORIG_SRC(p) (p->orig_iph->ip_src.s_addr)
|
||||
#define GET_ORIG_DST(p) (p->orig_iph->ip_dst.s_addr)
|
||||
|
||||
#define GET_SRC_ADDR(x) x->iph->ip_src
|
||||
#define GET_DST_ADDR(x) x->iph->ip_dst
|
||||
|
||||
#define IP_CLEAR_SRC(x) x->iph->ip_src.s_addr = 0
|
||||
#define IP_CLEAR_DST(x) x->iph->ip_dst.s_addr = 0
|
||||
|
||||
#define IP_EQUALITY(x,y) (x == y)
|
||||
#define IP_EQUALITY_UNSET(x,y) (x == y)
|
||||
#define IP_LESSER(x,y) (x < y)
|
||||
#define IP_GREATER(x,y) (x > y)
|
||||
|
||||
#define GET_IPH_PROTO(p) p->iph->ip_proto
|
||||
#define GET_IPH_TOS(p) p->iph->ip_tos
|
||||
#define GET_IPH_LEN(p) p->iph->ip_len
|
||||
#define GET_IPH_TTL(p) p->iph->ip_ttl
|
||||
#define GET_IPH_VER(p) ((p->iph->ip_verhl & 0xf0) >> 4)
|
||||
#define GET_IPH_ID(p) p->iph->ip_id
|
||||
#define GET_IPH_OFF(p) p->iph->ip_off
|
||||
|
||||
#define GET_ORIG_IPH_VER(p) IP_VER(p->orig_iph)
|
||||
#define GET_ORIG_IPH_LEN(p) p->orig_iph->ip_len
|
||||
#define GET_ORIG_IPH_OFF(p) p->orig_iph->ip_off
|
||||
#define GET_ORIG_IPH_PROTO(p) p->orig_iph->ip_proto
|
||||
|
||||
#define IS_IP4(x) 1
|
||||
#define IS_IP6(x) 0
|
||||
#define IPH_IS_VALID(p) p->iph
|
||||
|
||||
#define IP_CLEAR(x) x = 0;
|
||||
#define IS_SET(x) x
|
||||
|
||||
#define IP_COPY_VALUE(x,y) x = y
|
||||
|
||||
#define GET_IPH_HLEN(p) ((p)->iph->ip_verhl & 0x0f)
|
||||
#define SET_IPH_HLEN(p, val) (((IPHdr *)(p)->iph)->ip_verhl = (unsigned char)(((p)->iph->ip_verhl & 0xf0) | ((val) & 0x0f)))
|
||||
|
||||
#define GET_IP_DGMLEN(p) ntohs(GET_IPH_LEN(p))
|
||||
#define GET_IP_PAYLEN(p) ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2)
|
||||
|
||||
#define IP_ARG(ipt) (ipt)
|
||||
#define IP_PTR(ipp) (&ipp)
|
||||
#define IP_VAL(ipt) (ipt)
|
||||
#define IP_SIZE(ipp) (sizeof(ipp))
|
||||
|
||||
static INLINE int sfip_equal (snort_ip ip1, snort_ip ip2)
|
||||
{
|
||||
return IP_EQUALITY(ip1, ip2);
|
||||
}
|
||||
|
||||
#endif /* SUP_IP6 */
|
||||
|
||||
#if !defined(IPPROTO_IPIP) && defined(WIN32) /* Needed for some Win32 */
|
||||
#define IPPROTO_IPIP 4
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
/*
|
||||
** mpse.h
|
||||
**
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2002-2013 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU Gener*
|
||||
*/
|
||||
|
||||
#ifndef _MPSE_METHODS_H_
|
||||
#define _MPSE_METHODS_H_
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Pattern Matching Methods
|
||||
*/
|
||||
//#define MPSE_MWM 1
|
||||
#define MPSE_AC 2
|
||||
//#define MPSE_KTBM 3
|
||||
#define MPSE_LOWMEM 4
|
||||
//#define MPSE_AUTO 5
|
||||
#define MPSE_ACF 6
|
||||
#define MPSE_ACS 7
|
||||
#define MPSE_ACB 8
|
||||
#define MPSE_ACSB 9
|
||||
#define MPSE_AC_BNFA 10
|
||||
#define MPSE_AC_BNFA_Q 11
|
||||
#define MPSE_ACF_Q 12
|
||||
#define MPSE_LOWMEM_Q 13
|
||||
|
||||
#ifdef INTEL_SOFT_CPM
|
||||
#define MPSE_INTEL_CPM 14
|
||||
#endif /* INTEL_SOFT_CPM */
|
||||
|
||||
typedef enum {
|
||||
MPSE_PATTERN_CASE,
|
||||
MPSE_PATTERN_NOCASE
|
||||
} tMpseCaseEnum;
|
||||
#endif
|
||||
|
|
@ -0,0 +1,52 @@
|
|||
/*
|
||||
** mpse.h
|
||||
**
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2002-2013 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU Gener*
|
||||
*/
|
||||
|
||||
#ifndef _MPSE_METHODS_H_
|
||||
#define _MPSE_METHODS_H_
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Pattern Matching Methods
|
||||
*/
|
||||
//#define MPSE_MWM 1
|
||||
#define MPSE_AC 2
|
||||
//#define MPSE_KTBM 3
|
||||
#define MPSE_LOWMEM 4
|
||||
//#define MPSE_AUTO 5
|
||||
#define MPSE_ACF 6
|
||||
#define MPSE_ACS 7
|
||||
#define MPSE_ACB 8
|
||||
#define MPSE_ACSB 9
|
||||
#define MPSE_AC_BNFA 10
|
||||
#define MPSE_AC_BNFA_Q 11
|
||||
#define MPSE_ACF_Q 12
|
||||
#define MPSE_LOWMEM_Q 13
|
||||
|
||||
#ifdef INTEL_SOFT_CPM
|
||||
#define MPSE_INTEL_CPM 14
|
||||
#endif /* INTEL_SOFT_CPM */
|
||||
|
||||
typedef enum {
|
||||
MPSE_PATTERN_CASE,
|
||||
MPSE_PATTERN_NOCASE
|
||||
} tMpseCaseEnum;
|
||||
#endif
|
||||
|
|
@ -1,5 +1,6 @@
|
|||
/******************************************************************************
|
||||
* Copyright (C) 2009-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2009-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,16 +15,15 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
******************************************************************************/
|
||||
|
||||
#ifndef __OBFUSCATION_H__
|
||||
#define __OBFUSCATION_H__
|
||||
|
||||
#include "sf_types.h"
|
||||
#include <daq.h>
|
||||
#include "sf_snort_packet.h"
|
||||
#include <pcap.h>
|
||||
|
||||
|
||||
/*******************************************************************************
|
||||
|
@ -69,7 +69,7 @@ typedef enum _ObRet
|
|||
* obfuscation character.
|
||||
*
|
||||
* Arguments
|
||||
* struct pcap_pkthdr *pkth
|
||||
* DAQ_PktHdr_t *pkth
|
||||
* The pcap header that contains the packet caplen and timestamps
|
||||
* uint8_t *packet_data
|
||||
* A pointer to the current offset into the packet data. NULL if
|
||||
|
@ -89,7 +89,7 @@ typedef enum _ObRet
|
|||
******************************************************************************/
|
||||
typedef ObRet (*ObfuscationCallback)
|
||||
(
|
||||
const struct pcap_pkthdr *pkth,
|
||||
const DAQ_PktHdr_t *pkth,
|
||||
const uint8_t *packet_data,
|
||||
ob_size_t length,
|
||||
ob_char_t ob_char,
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/******************************************************************************
|
||||
* Copyright (C) 2009-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2009-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,16 +15,15 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
******************************************************************************/
|
||||
|
||||
#ifndef __OBFUSCATION_H__
|
||||
#define __OBFUSCATION_H__
|
||||
|
||||
#include "sf_types.h"
|
||||
#include <daq.h>
|
||||
#include "decode.h"
|
||||
#include <pcap.h>
|
||||
|
||||
|
||||
/*******************************************************************************
|
||||
|
@ -69,7 +69,7 @@ typedef enum _ObRet
|
|||
* obfuscation character.
|
||||
*
|
||||
* Arguments
|
||||
* struct pcap_pkthdr *pkth
|
||||
* DAQ_PktHdr_t *pkth
|
||||
* The pcap header that contains the packet caplen and timestamps
|
||||
* uint8_t *packet_data
|
||||
* A pointer to the current offset into the packet data. NULL if
|
||||
|
@ -89,7 +89,7 @@ typedef enum _ObRet
|
|||
******************************************************************************/
|
||||
typedef ObRet (*ObfuscationCallback)
|
||||
(
|
||||
const struct pcap_pkthdr *pkth,
|
||||
const DAQ_PktHdr_t *pkth,
|
||||
const uint8_t *packet_data,
|
||||
ob_size_t length,
|
||||
ob_char_t ob_char,
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2003-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
* published by the Free Software Foundation. You may not use, modify or
|
||||
* distribute this program under any other version of the GNU General
|
||||
* Public License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
#ifndef _PACKET_TIME_H
|
||||
#define _PACKET_TIME_H
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#ifndef WIN32
|
||||
#include <sys/time.h>
|
||||
#endif
|
||||
|
||||
void packet_time_update(const struct timeval *cur_tv);
|
||||
time_t packet_time(void);
|
||||
void packet_gettimeofday(struct timeval *tv);
|
||||
|
||||
#endif /* _PACKET_TIME_H */
|
|
@ -0,0 +1,38 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2003-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
* published by the Free Software Foundation. You may not use, modify or
|
||||
* distribute this program under any other version of the GNU General
|
||||
* Public License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
#ifndef _PACKET_TIME_H
|
||||
#define _PACKET_TIME_H
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#ifndef WIN32
|
||||
#include <sys/time.h>
|
||||
#endif
|
||||
|
||||
void packet_time_update(const struct timeval *cur_tv);
|
||||
time_t packet_time(void);
|
||||
void packet_gettimeofday(struct timeval *tv);
|
||||
|
||||
#endif /* _PACKET_TIME_H */
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
** Copyright (C) 2007-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2007-2013 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,29 +15,14 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
#ifndef __PCAP_PKTHDR32_H__
|
||||
#define __PCAP_PKTHDR32_H__
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#ifdef WIN32
|
||||
#include <winsock2.h>
|
||||
#else
|
||||
#include <sys/time.h>
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#include "sf_types.h"
|
||||
|
||||
|
||||
/* we must use fixed size of 32 bits, because on-disk
|
||||
* format of savefiles uses 32-bit tv_sec (and tv_usec)
|
||||
*/
|
||||
|
@ -52,10 +38,10 @@ struct sf_timeval32
|
|||
struct pcap_pkthdr32
|
||||
{
|
||||
struct sf_timeval32 ts; /* packet timestamp */
|
||||
uint32_t caplen; /* packet capture length */
|
||||
uint32_t pktlen; /* packet "real" length */
|
||||
uint32_t caplen; /* packet capture length */
|
||||
uint32_t len; /* packet "real" length */
|
||||
};
|
||||
|
||||
|
||||
#endif /* __PCAP_PKTHDR32_H__ */
|
||||
#endif // __PCAP_PKTHDR32_H__
|
||||
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
/* $Id$ */
|
||||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2003-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2003-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -16,7 +17,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -47,7 +48,7 @@ enum {
|
|||
PLUGIN_PATTERN_MATCH, /* AND match */
|
||||
PLUGIN_PATTERN_MATCH_OR,
|
||||
PLUGIN_PATTERN_MATCH_URI,
|
||||
PLUGIN_RESPOND,
|
||||
PLUGIN_RESPONSE,
|
||||
PLUGIN_RPC_CHECK,
|
||||
PLUGIN_SESSION,
|
||||
PLUGIN_TCP_ACK_CHECK,
|
||||
|
@ -60,6 +61,11 @@ enum {
|
|||
PLUGIN_URILEN_CHECK,
|
||||
PLUGIN_DYNAMIC,
|
||||
PLUGIN_FLOWBIT,
|
||||
PLUGIN_FILE_DATA,
|
||||
PLUGIN_BASE64_DECODE,
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
PLUGIN_APPID,
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
PLUGIN_MAX /* sentinel value */
|
||||
};
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -15,13 +16,17 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
||||
#ifndef _PREPROC_IDS_H
|
||||
#define _PREPROC_IDS_H
|
||||
|
||||
#include <stdint.h>
|
||||
#ifdef DUMP_BUFFER
|
||||
#include "sf_types.h"
|
||||
#endif
|
||||
/*
|
||||
** Preprocessor Communication Defines
|
||||
** ----------------------------------
|
||||
|
@ -31,60 +36,169 @@
|
|||
** during preprocessing.
|
||||
**
|
||||
** Currently, the order in which the preprocessors are
|
||||
** placed in the snort.conf determine the order of
|
||||
** placed in the snort.conf determine the order of
|
||||
** evaluation. So if one module wants to turn off
|
||||
** another module, it must come first in the order.
|
||||
*/
|
||||
|
||||
// currently 64 bits (preprocessors)
|
||||
// are available.
|
||||
|
||||
#define PP_BO 0
|
||||
#define PP_DCERPC 1
|
||||
#define PP_APP_ID 1
|
||||
#define PP_DNS 2
|
||||
#define PP_FRAG3 3
|
||||
#define PP_FTPTELNET 4
|
||||
#define PP_HTTPINSPECT 5
|
||||
#define PP_PERFMONITOR 6
|
||||
#define PP_RPCDECODE 7
|
||||
#define PP_RULES 8
|
||||
#define PP_SHARED_RULES 8
|
||||
#define PP_SFPORTSCAN 9
|
||||
#define PP_SMTP 10
|
||||
#define PP_SSH 11
|
||||
#define PP_SSL 12
|
||||
#define PP_STREAM5 13
|
||||
#define PP_STREAM 13
|
||||
#define PP_TELNET 14
|
||||
#define PP_ARPSPOOF 15
|
||||
#define PP_DCE2 16
|
||||
#define PP_SDF 17
|
||||
#define PP_NORMALIZE 18
|
||||
#define PP_ISAKMP 19 // used externally
|
||||
#define PP_SESSION 20
|
||||
#define PP_SIP 21
|
||||
#define PP_POP 22
|
||||
#define PP_IMAP 23
|
||||
#define PP_NETWORK_DISCOVERY 24 // used externally
|
||||
#define PP_FW_RULE_ENGINE 25 // used externally
|
||||
#define PP_REPUTATION 26
|
||||
#define PP_GTP 27
|
||||
#define PP_MODBUS 28
|
||||
#define PP_DNP3 29
|
||||
#define PP_FILE 30
|
||||
#define PP_FILE_INSPECT 31
|
||||
#define PP_NAP_RULE_ENGINE 32
|
||||
#define PP_PREFILTER_RULE_ENGINE 33 // used externally
|
||||
#define PP_HTTPMOD 34
|
||||
#define PP_HTTP2 35
|
||||
#define PP_MAX 36
|
||||
|
||||
/* used externally */
|
||||
#define PP_ISAKMP 18
|
||||
#define PP_SKYPE 19
|
||||
#define PP_ENABLE_ALL (~0)
|
||||
#define PP_DISABLE_ALL 0x0
|
||||
|
||||
/* currently 32 bits (preprocessors) */
|
||||
/* are available. most of these can */
|
||||
/* be deleted: */
|
||||
#if 0
|
||||
#define PP_ASN1DECODE 17
|
||||
#define PP_CONVERSATION 18
|
||||
#define PP_FLOW 19
|
||||
#define PP_FRAG2 20
|
||||
#define PP_FNORD 21
|
||||
#define PP_HTTPFLOW 22
|
||||
#define PP_LOADBALANCING 24
|
||||
#define PP_PORTSCAN 25
|
||||
#define PP_PORTSCAN2 26
|
||||
#define PP_PORTSCAN_IGNORE_HOSTS 27
|
||||
#ifdef WIN32
|
||||
#ifndef UINT64_C
|
||||
#define UINT64_C(v) (v)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#define PP_ALL_ON 0xFFFFFFFF
|
||||
#define PP_ALL_OFF 0x00000000
|
||||
// preprocessors that run before or as part of Network Analysis Policy processing... If enabled by
|
||||
// configuration they are never disabled
|
||||
#define PP_CLASS_NETWORK ( ( UINT64_C(1) << PP_FRAG3 ) | ( UINT64_C(1) << PP_PERFMONITOR ) | \
|
||||
( UINT64_C(1) << PP_SFPORTSCAN ) | ( UINT64_C(1) << PP_STREAM ) | \
|
||||
( UINT64_C(1) << PP_NORMALIZE ) | ( UINT64_C(1) << PP_SESSION ) | \
|
||||
( UINT64_C(1) << PP_REPUTATION ) )
|
||||
|
||||
#define PRIORITY_FIRST 0x0
|
||||
#define PRIORITY_NETWORK 0x10
|
||||
// Firewall and Application ID & Netowrk Discovery preprocessors...also always run if enabled by configuration
|
||||
#define PP_CLASS_NGFW ( ( UINT64_C(1) << PP_APP_ID ) | ( UINT64_C(1) << PP_FW_RULE_ENGINE ) | \
|
||||
( UINT64_C(1) << PP_NETWORK_DISCOVERY ) | ( UINT64_C(1) << PP_PREFILTER_RULE_ENGINE ) | \
|
||||
( UINT64_C(1) << PP_HTTPMOD) )
|
||||
|
||||
// Application preprocessors...once the application or protocol for a stream is determined only preprocessors
|
||||
// that analyze that type of stream are enabled (usually there is only 1...)
|
||||
#define PP_CLASS_PROTO_APP ( ( UINT64_C(1) << PP_BO ) | ( UINT64_C(1) << PP_DNS ) | \
|
||||
( UINT64_C(1) << PP_FTPTELNET ) | ( UINT64_C(1) << PP_HTTPINSPECT ) | \
|
||||
( UINT64_C(1) << PP_RPCDECODE ) | ( UINT64_C(1) << PP_SHARED_RULES ) | \
|
||||
( UINT64_C(1) << PP_SMTP ) | ( UINT64_C(1) << PP_SSH ) | \
|
||||
( UINT64_C(1) << PP_SSL ) | ( UINT64_C(1) << PP_TELNET ) | \
|
||||
( UINT64_C(1) << PP_ARPSPOOF ) | ( UINT64_C(1) << PP_DCE2 ) | \
|
||||
( UINT64_C(1) << PP_SDF ) | ( UINT64_C(1) << PP_ISAKMP) | \
|
||||
( UINT64_C(1) << PP_POP ) | ( UINT64_C(1) << PP_IMAP ) | \
|
||||
( UINT64_C(1) << PP_GTP ) | ( UINT64_C(1) << PP_MODBUS ) | \
|
||||
( UINT64_C(1) << PP_DNP3 ) | ( UINT64_C(1) << PP_FILE ) | \
|
||||
( UINT64_C(1) << PP_FILE_INSPECT ) )
|
||||
|
||||
#define PP_DEFINED_GLOBAL ( ( UINT64_C(1) << PP_APP_ID ) | ( UINT64_C(1) << PP_FW_RULE_ENGINE ) | \
|
||||
( UINT64_C(1) << PP_NETWORK_DISCOVERY ) | ( UINT64_C(1) << PP_PERFMONITOR) | \
|
||||
( UINT64_C(1) << PP_SESSION ) | ( UINT64_C(1) << PP_PREFILTER_RULE_ENGINE ) )
|
||||
|
||||
#define PP_CORE_ORDER_SESSION 0
|
||||
#define PP_CORE_ORDER_IPREP 1
|
||||
#define PP_CORE_ORDER_NAP 2
|
||||
#define PP_CORE_ORDER_NORML 3
|
||||
#define PP_CORE_ORDER_FRAG3 4
|
||||
#define PP_CORE_ORDER_PREFILTER 5 // used externally
|
||||
#define PP_CORE_ORDER_STREAM 6
|
||||
|
||||
#define PRIORITY_CORE 0x0
|
||||
#define PRIORITY_CORE_LAST 0x0f
|
||||
#define PRIORITY_FIRST 0x10
|
||||
#define PRIORITY_NETWORK 0x20
|
||||
#define PRIORITY_TRANSPORT 0x100
|
||||
#define PRIORITY_TUNNEL 0x105
|
||||
#define PRIORITY_SCANNER 0x110
|
||||
#define PRIORITY_APPLICATION 0x200
|
||||
#define PRIORITY_LAST 0xffff
|
||||
|
||||
#ifdef DUMP_BUFFER
|
||||
|
||||
/* dump_alert_only makes sure that bufferdump happens only when a rule is
|
||||
triggered.
|
||||
|
||||
dumped_state avoids repeatition of buffer dump for a packet that has an
|
||||
alert, when --buffer-dump is given as command line option.
|
||||
|
||||
dump_enabled gets set when --buffer-dump or --buffer-dump-alert option
|
||||
is given.
|
||||
*/
|
||||
|
||||
extern bool dump_alert_only;
|
||||
extern bool dumped_state;
|
||||
extern bool dump_enabled;
|
||||
|
||||
#define MAX_BUFFER_DUMP_FUNC 13
|
||||
#define MAX_HTTP_BUFFER_DUMP 16
|
||||
#define MAX_SMTP_BUFFER_DUMP 7
|
||||
#define MAX_SIP_BUFFER_DUMP 16
|
||||
#define MAX_DNP3_BUFFER_DUMP 4
|
||||
#define MAX_POP_BUFFER_DUMP 7
|
||||
#define MAX_MODBUS_BUFFER_DUMP 3
|
||||
#define MAX_SSH_BUFFER_DUMP 11
|
||||
#define MAX_DNS_BUFFER_DUMP 10
|
||||
#define MAX_DCERPC2_BUFFER_DUMP 7
|
||||
#define MAX_FTPTELNET_BUFFER_DUMP 7
|
||||
#define MAX_IMAP_BUFFER_DUMP 4
|
||||
#define MAX_SSL_BUFFER_DUMP 4
|
||||
#define MAX_GTP_BUFFER_DUMP 6
|
||||
|
||||
typedef enum {
|
||||
HTTP_BUFFER_DUMP_FUNC,
|
||||
SMTP_BUFFER_DUMP_FUNC,
|
||||
SIP_BUFFER_DUMP_FUNC,
|
||||
DNP3_BUFFER_DUMP_FUNC,
|
||||
POP_BUFFER_DUMP_FUNC,
|
||||
MODBUS_BUFFER_DUMP_FUNC,
|
||||
SSH_BUFFER_DUMP_FUNC,
|
||||
DNS_BUFFER_DUMP_FUNC,
|
||||
DCERPC2_BUFFER_DUMP_FUNC,
|
||||
FTPTELNET_BUFFER_DUMP_FUNC,
|
||||
IMAP_BUFFER_DUMP_FUNC,
|
||||
SSL_BUFFER_DUMP_FUNC,
|
||||
GTP_BUFFER_DUMP_FUNC
|
||||
} BUFFER_DUMP_FUNC;
|
||||
|
||||
typedef struct _TraceBuffer {
|
||||
char *buf_name;
|
||||
char *buf_content;
|
||||
uint16_t length;
|
||||
} TraceBuffer;
|
||||
|
||||
typedef uint64_t BufferDumpEnableMask;
|
||||
extern TraceBuffer *(*getBuffers[MAX_BUFFER_DUMP_FUNC])(void);
|
||||
extern BufferDumpEnableMask bdmask;
|
||||
|
||||
#endif
|
||||
|
||||
typedef uint64_t PreprocEnableMask;
|
||||
|
||||
#endif /* _PREPROC_IDS_H */
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
** Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
** Author: Steven Sturges <ssturges@sourcefire.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
|
@ -15,7 +16,7 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
/* $Id$ */
|
||||
|
@ -25,7 +26,6 @@
|
|||
|
||||
#ifdef PERF_PROFILING
|
||||
|
||||
#include "sf_types.h"
|
||||
#include "cpuclock.h"
|
||||
|
||||
/* Sort preferences for rule profiling */
|
||||
|
@ -38,50 +38,54 @@
|
|||
#define PROFILE_SORT_TOTAL_TICKS 7
|
||||
|
||||
/* MACROS that handle profiling of rules and preprocessors */
|
||||
#define PROFILE_VARS uint64_t ticks_start = 0, ticks_end = 0, ticks_delta = 0
|
||||
#define PROFILE_VARS_NAMED(name) uint64_t name##_ticks_start, name##_ticks_end
|
||||
#define PROFILE_VARS PROFILE_VARS_NAMED(snort)
|
||||
|
||||
#define PROFILE_START \
|
||||
get_clockticks(ticks_start);
|
||||
#define PROFILE_START_NAMED(name) \
|
||||
get_clockticks(name##_ticks_start)
|
||||
|
||||
#define PROFILE_END \
|
||||
get_clockticks(ticks_end); \
|
||||
ticks_delta = ticks_end - ticks_start;
|
||||
#define PROFILE_END_NAMED(name) \
|
||||
get_clockticks(name##_ticks_end)
|
||||
|
||||
#define NODE_PROFILE_END \
|
||||
PROFILE_END_NAMED(node); \
|
||||
node_ticks_delta = node_ticks_end - node_ticks_start
|
||||
|
||||
#ifndef PROFILING_RULES
|
||||
#define PROFILING_RULES ScProfileRules()
|
||||
#endif
|
||||
|
||||
#define NODE_PROFILE_VARS uint64_t ticks_start = 0, ticks_end = 0, ticks_delta = 0, node_deltas = 0
|
||||
#define NODE_PROFILE_VARS uint64_t node_ticks_start, node_ticks_end, node_ticks_delta, node_deltas = 0
|
||||
|
||||
#define NODE_PROFILE_START(node) \
|
||||
if (PROFILING_RULES) { \
|
||||
node->checks++; \
|
||||
PROFILE_START; \
|
||||
PROFILE_START_NAMED(node); \
|
||||
}
|
||||
|
||||
#define NODE_PROFILE_END_MATCH(node) \
|
||||
if (PROFILING_RULES) { \
|
||||
PROFILE_END; \
|
||||
node->ticks += ticks_delta + node_deltas; \
|
||||
node->ticks_match += ticks_delta + node_deltas; \
|
||||
NODE_PROFILE_END; \
|
||||
node->ticks += node_ticks_delta + node_deltas; \
|
||||
node->ticks_match += node_ticks_delta + node_deltas; \
|
||||
}
|
||||
|
||||
#define NODE_PROFILE_END_NOMATCH(node) \
|
||||
if (PROFILING_RULES) { \
|
||||
PROFILE_END; \
|
||||
node->ticks += ticks_delta + node_deltas; \
|
||||
node->ticks_no_match += ticks_delta + node_deltas; \
|
||||
NODE_PROFILE_END; \
|
||||
node->ticks += node_ticks_delta + node_deltas; \
|
||||
node->ticks_no_match += node_ticks_delta + node_deltas; \
|
||||
}
|
||||
|
||||
#define NODE_PROFILE_TMPSTART(node) \
|
||||
if (PROFILING_RULES) { \
|
||||
PROFILE_START; \
|
||||
PROFILE_START_NAMED(node); \
|
||||
}
|
||||
|
||||
#define NODE_PROFILE_TMPEND(node) \
|
||||
if (PROFILING_RULES) { \
|
||||
PROFILE_END; \
|
||||
node_deltas += ticks_delta; \
|
||||
NODE_PROFILE_END; \
|
||||
node_deltas += node_ticks_delta; \
|
||||
}
|
||||
|
||||
#define OTN_PROFILE_ALERT(otn) otn->alerts++;
|
||||
|
@ -90,43 +94,65 @@
|
|||
#define PROFILING_PREPROCS ScProfilePreprocs()
|
||||
#endif
|
||||
|
||||
#define PREPROC_PROFILE_START(ppstat) \
|
||||
#define PREPROC_PROFILE_START_NAMED(name, ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
ppstat.checks++; \
|
||||
PROFILE_START; \
|
||||
ppstat.ticks_start = ticks_start; \
|
||||
}
|
||||
PROFILE_START_NAMED(name); \
|
||||
ppstat.ticks_start = name##_ticks_start; \
|
||||
}
|
||||
#define PREPROC_PROFILE_START(ppstat) PREPROC_PROFILE_START_NAMED(snort, ppstat)
|
||||
|
||||
#define PREPROC_PROFILE_REENTER_START(ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
PROFILE_START; \
|
||||
ppstat.ticks_start = ticks_start; \
|
||||
}
|
||||
#define PREPROC_PROFILE_START_NAMED_PI(name, ppstat) \
|
||||
{ \
|
||||
ppstat.checks++; \
|
||||
PROFILE_START_NAMED(name); \
|
||||
ppstat.ticks_start = name##_ticks_start; \
|
||||
}
|
||||
#define PREPROC_PROFILE_START_PI(ppstat) PREPROC_PROFILE_START_NAMED_PI(snort, ppstat)
|
||||
|
||||
#define PREPROC_PROFILE_TMPSTART(ppstat) \
|
||||
#define PREPROC_PROFILE_REENTER_START_NAMED(name, ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
PROFILE_START; \
|
||||
ppstat.ticks_start = ticks_start; \
|
||||
}
|
||||
PROFILE_START_NAMED(name); \
|
||||
ppstat.ticks_start = name##_ticks_start; \
|
||||
}
|
||||
#define PREPROC_PROFILE_REENTER_START(ppstat) PREPROC_PROFILE_REENTER_START_NAMED(snort, ppstat)
|
||||
|
||||
#define PREPROC_PROFILE_END(ppstat) \
|
||||
#define PREPROC_PROFILE_TMPSTART_NAMED(name, ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
PROFILE_END; \
|
||||
PROFILE_START_NAMED(name); \
|
||||
ppstat.ticks_start = name##_ticks_start; \
|
||||
}
|
||||
#define PREPROC_PROFILE_TMPSTART(ppstat) PREPROC_PROFILE_TMPSTART_NAMED(snort, ppstat)
|
||||
|
||||
#define PREPROC_PROFILE_END_NAMED(name, ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
PROFILE_END_NAMED(name); \
|
||||
ppstat.exits++; \
|
||||
ppstat.ticks += ticks_end - ppstat.ticks_start; \
|
||||
}
|
||||
ppstat.ticks += name##_ticks_end - ppstat.ticks_start; \
|
||||
}
|
||||
#define PREPROC_PROFILE_END(ppstat) PREPROC_PROFILE_END_NAMED(snort, ppstat)
|
||||
|
||||
#define PREPROC_PROFILE_REENTER_END(ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
PROFILE_END; \
|
||||
ppstat.ticks += ticks_end - ppstat.ticks_start; \
|
||||
}
|
||||
#define PREPROC_PROFILE_END_NAMED_PI(name, ppstat) \
|
||||
{ \
|
||||
PROFILE_END_NAMED(name); \
|
||||
ppstat.exits++; \
|
||||
ppstat.ticks += name##_ticks_end - ppstat.ticks_start; \
|
||||
}
|
||||
#define PREPROC_PROFILE_END_PI(ppstat) PREPROC_PROFILE_END_NAMED_PI(snort, ppstat)
|
||||
|
||||
#define PREPROC_PROFILE_TMPEND(ppstat) \
|
||||
#define PREPROC_PROFILE_REENTER_END_NAMED(name, ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
PROFILE_END; \
|
||||
ppstat.ticks += ticks_end - ppstat.ticks_start; \
|
||||
}
|
||||
PROFILE_END_NAMED(name); \
|
||||
ppstat.ticks += name##_ticks_end - ppstat.ticks_start; \
|
||||
}
|
||||
#define PREPROC_PROFILE_REENTER_END(ppstat) PREPROC_PROFILE_REENTER_END_NAMED(snort, ppstat)
|
||||
|
||||
#define PREPROC_PROFILE_TMPEND_NAMED(name, ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
PROFILE_END_NAMED(name); \
|
||||
ppstat.ticks += name##_ticks_end - ppstat.ticks_start; \
|
||||
}
|
||||
#define PREPROC_PROFILE_TMPEND(ppstat) PREPROC_PROFILE_TMPEND_NAMED(snort, ppstat)
|
||||
|
||||
/************** Profiling API ******************/
|
||||
void ShowRuleProfiles(void);
|
||||
|
@ -139,12 +165,16 @@ typedef struct _PreprocStats
|
|||
uint64_t exits;
|
||||
} PreprocStats;
|
||||
|
||||
typedef void (*FreeFunc)(PreprocStats *stats);
|
||||
|
||||
typedef struct _PreprocStatsNode
|
||||
{
|
||||
PreprocStats *stats;
|
||||
char *name;
|
||||
int layer;
|
||||
FreeFunc freefn;
|
||||
PreprocStats *parent;
|
||||
|
||||
struct _PreprocStatsNode *next;
|
||||
} PreprocStatsNode;
|
||||
|
||||
|
@ -157,7 +187,8 @@ typedef struct _ProfileConfig
|
|||
|
||||
} ProfileConfig;
|
||||
|
||||
void RegisterPreprocessorProfile(char *keyword, PreprocStats *stats, int layer, PreprocStats *parent);
|
||||
typedef void (*StatsNodeFreeFunc)(PreprocStats *stats);
|
||||
void RegisterPreprocessorProfile(const char *keyword, PreprocStats *stats, int layer, PreprocStats *parent, StatsNodeFreeFunc freefn);
|
||||
void ShowPreprocProfiles(void);
|
||||
void ResetRuleProfiling(void);
|
||||
void ResetPreprocProfiling(void);
|
||||
|
@ -165,6 +196,7 @@ void CleanupPreprocStatsNodeList(void);
|
|||
extern PreprocStats totalPerfStats;
|
||||
#else
|
||||
#define PROFILE_VARS
|
||||
#define PROFILE_VARS_NAMED(name)
|
||||
#define NODE_PROFILE_VARS
|
||||
#define NODE_PROFILE_START(node)
|
||||
#define NODE_PROFILE_END_MATCH(node)
|
||||
|
@ -173,11 +205,19 @@ extern PreprocStats totalPerfStats;
|
|||
#define NODE_PROFILE_TMPEND(node)
|
||||
#define OTN_PROFILE_ALERT(otn)
|
||||
#define PREPROC_PROFILE_START(ppstat)
|
||||
#define PREPROC_PROFILE_START_NAMED(name, ppstat)
|
||||
#define PREPROC_PROFILE_START_PI(ppstat)
|
||||
#define PREPROC_PROFILE_REENTER_START(ppstat)
|
||||
#define PREPROC_PROFILE_REENTER_START_NAMED(name, ppstat)
|
||||
#define PREPROC_PROFILE_TMPSTART(ppstat)
|
||||
#define PREPROC_PROFILE_TMPSTART_NAMED(name, ppstat)
|
||||
#define PREPROC_PROFILE_END(ppstat)
|
||||
#define PREPROC_PROFILE_END_NAMED(name, ppstat)
|
||||
#define PREPROC_PROFILE_END_PI(ppstat)
|
||||
#define PREPROC_PROFILE_REENTER_END(ppstat)
|
||||
#define PREPROC_PROFILE_REENTER_END_NAMED(name, ppstat)
|
||||
#define PREPROC_PROFILE_TMPEND(ppstat)
|
||||
#define PREPROC_PROFILE_TMPEND_NAMED(name, ppstat)
|
||||
#endif
|
||||
|
||||
#endif /* __PROFILER_H__ */
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/****************************************************************************
|
||||
* Copyright (C) 2008-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2008-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,7 +15,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
#ifndef RULE_OPTION_TYPES__H
|
||||
|
@ -26,6 +27,7 @@ typedef enum _option_type_t
|
|||
RULE_OPTION_TYPE_ASN1,
|
||||
RULE_OPTION_TYPE_BYTE_TEST,
|
||||
RULE_OPTION_TYPE_BYTE_JUMP,
|
||||
RULE_OPTION_TYPE_BYTE_EXTRACT,
|
||||
RULE_OPTION_TYPE_FLOW,
|
||||
RULE_OPTION_TYPE_CVS,
|
||||
RULE_OPTION_TYPE_DSIZE,
|
||||
|
@ -44,6 +46,10 @@ typedef enum _option_type_t
|
|||
RULE_OPTION_TYPE_IP_TOS,
|
||||
RULE_OPTION_TYPE_IS_DATA_AT,
|
||||
RULE_OPTION_TYPE_FILE_DATA,
|
||||
RULE_OPTION_TYPE_FILE_TYPE,
|
||||
RULE_OPTION_TYPE_BASE64_DECODE,
|
||||
RULE_OPTION_TYPE_BASE64_DATA,
|
||||
RULE_OPTION_TYPE_PKT_DATA,
|
||||
RULE_OPTION_TYPE_CONTENT,
|
||||
RULE_OPTION_TYPE_CONTENT_URI,
|
||||
RULE_OPTION_TYPE_PCRE,
|
||||
|
@ -60,13 +66,17 @@ typedef enum _option_type_t
|
|||
RULE_OPTION_TYPE_TCP_SEQ,
|
||||
RULE_OPTION_TYPE_TCP_WIN,
|
||||
RULE_OPTION_TYPE_TTL,
|
||||
RULE_OPTION_TYPE_URILEN
|
||||
#ifdef DYNAMIC_PLUGIN
|
||||
,
|
||||
RULE_OPTION_TYPE_URILEN,
|
||||
RULE_OPTION_TYPE_HDR_OPT_CHECK,
|
||||
RULE_OPTION_TYPE_PREPROCESSOR,
|
||||
#if !defined(FEAT_OPEN_APPID)
|
||||
RULE_OPTION_TYPE_DYNAMIC
|
||||
#endif
|
||||
#else /* defined(FEAT_OPEN_APPID) */
|
||||
RULE_OPTION_TYPE_DYNAMIC,
|
||||
RULE_OPTION_TYPE_APPID
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
,RULE_OPTION_TYPE_BYTE_MATH
|
||||
|
||||
} option_type_t;
|
||||
|
||||
#endif /* RULE_OPTION_TYPES__H */
|
||||
|
|
|
@ -0,0 +1,961 @@
|
|||
/* $Id$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2004-2013 Sourcefire, Inc.
|
||||
* ** AUTHOR: d mcpherson
|
||||
* **
|
||||
* ** This program is free software; you can redistribute it and/or modify
|
||||
* ** it under the terms of the GNU General Public License Version 2 as
|
||||
* ** published by the Free Software Foundation. You may not use, modify or
|
||||
* ** distribute this program under any other version of the GNU General
|
||||
* ** Public License.
|
||||
* **
|
||||
* ** This program is distributed in the hope that it will be useful,
|
||||
* ** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* ** GNU General Public License for more details.
|
||||
* **
|
||||
* ** You should have received a copy of the GNU General Public License
|
||||
* ** along with this program; if not, write to the Free Software
|
||||
* ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
* */
|
||||
|
||||
/* session_api.h
|
||||
*
|
||||
* Purpose: Definition of the SessionAPI. To be used as a common interface
|
||||
* for other preprocessors and detection plugins that require a
|
||||
* session context for execution.
|
||||
*
|
||||
* Arguments:
|
||||
*
|
||||
* Effect:
|
||||
*
|
||||
* Comments:
|
||||
*
|
||||
* Any comments?
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef _SESSION_API_H_
|
||||
#define _SESSION_API_H_
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include "ipv6_port.h"
|
||||
#include "preprocids.h" /* IDs are used when setting preproc specific data */
|
||||
#include "bitop.h"
|
||||
#include "sf_snort_packet.h"
|
||||
#include "sfPolicy.h"
|
||||
|
||||
/* default limits */
|
||||
#define STREAM_DEFAULT_PRUNE_QUANTA 30 /* seconds to timeout a session */
|
||||
#define STREAM_DEFAULT_MEMCAP 8388608 /* 8MB */
|
||||
#define STREAM_DEFAULT_PRUNE_LOG_MAX 1048576 /* 1MB */
|
||||
#define STREAM_RIDICULOUS_HI_MEMCAP ( 1024 * 1024 * 1024 ) /* 1GB */
|
||||
#define STREAM_RIDICULOUS_LOW_MEMCAP 32768 /* 32k*/
|
||||
#define STREAM_RIDICULOUS_MAX_SESSIONS ( 1024 * 1024 ) /* 1 million sessions */
|
||||
#define STREAM_DEFAULT_MAX_TCP_SESSIONS 262144 /* 256k TCP sessions by default */
|
||||
#define STREAM_DEFAULT_MAX_UDP_SESSIONS 131072 /* 128k UDP sessions by default */
|
||||
#define STREAM_DEFAULT_MAX_ICMP_SESSIONS 65536 /* 64k ICMP sessions by default */
|
||||
#define STREAM_DEFAULT_MAX_IP_SESSIONS 16384 /* 16k IP sessions by default */
|
||||
#define STREAM_DEFAULT_TCP_CACHE_PRUNING_TIMEOUT 30 /* 30 seconds */
|
||||
#define STREAM_DEFAULT_TCP_CACHE_NOMINAL_TIMEOUT ( 60 * 60 ) /* 1 hour */
|
||||
#define STREAM_DEFAULT_UDP_CACHE_PRUNING_TIMEOUT 30 /* 30 seconds */
|
||||
#define STREAM_DEFAULT_UDP_CACHE_NOMINAL_TIMEOUT ( 3 * 60 ) /* 3 minutes */
|
||||
#define STREAM_MAX_CACHE_TIMEOUT ( 12 * 60 * 60 ) /* 12 hours */
|
||||
#define STREAM_MIN_PRUNE_LOG_MAX 1024 /* 1k packet data stored */
|
||||
#define STREAM_MAX_PRUNE_LOG_MAX STREAM_RIDICULOUS_HI_MEMCAP /* 1GB packet data stored */
|
||||
#define STREAM_DELAY_SESSION_DELETION true /* set if session deletion to be delayed */
|
||||
#define STREAM_DELAY_TIMEOUT_AFTER_CONNECTION_ENDED (3 * 60) /* 3 minutes */
|
||||
|
||||
#define STREAM_EXPECTED_CHANNEL_TIMEOUT 300
|
||||
|
||||
#ifdef ACTIVE_RESPONSE
|
||||
#define STREAM_DEFAULT_MAX_ACTIVE_RESPONSES 0 /* default to no responses */
|
||||
#define STREAM_DEFAULT_MIN_RESPONSE_SECONDS 1 /* wait at least 1 second between resps */
|
||||
|
||||
#define STREAM_MAX_ACTIVE_RESPONSES_MAX 25 /* banging your head against the wall */
|
||||
#define STREAM_MIN_RESPONSE_SECONDS_MAX 300 /* we want to stop the flow soonest */
|
||||
#endif
|
||||
|
||||
#define EXPECT_FLAG_ALWAYS 0x01
|
||||
|
||||
#define SSN_MISSING_NONE 0x00
|
||||
#define SSN_MISSING_BEFORE 0x01
|
||||
#define SSN_MISSING_AFTER 0x02
|
||||
#define SSN_MISSING_BOTH (SSN_MISSING_BEFORE | SSN_MISSING_AFTER)
|
||||
|
||||
#define SSN_DIR_NONE 0x0
|
||||
#define SSN_DIR_FROM_CLIENT 0x1
|
||||
#define SSN_DIR_FROM_SENDER 0x1
|
||||
#define SSN_DIR_TO_SERVER 0x1
|
||||
#define SSN_DIR_FROM_SERVER 0x2
|
||||
#define SSN_DIR_FROM_RESPONDER 0x2
|
||||
#define SSN_DIR_TO_CLIENT 0x2
|
||||
#define SSN_DIR_BOTH 0x3
|
||||
|
||||
#define SSNFLAG_SEEN_CLIENT 0x00000001
|
||||
#define SSNFLAG_SEEN_SENDER 0x00000001
|
||||
#define SSNFLAG_SEEN_SERVER 0x00000002
|
||||
#define SSNFLAG_SEEN_RESPONDER 0x00000002
|
||||
#define SSNFLAG_SEEN_BOTH (SSNFLAG_SEEN_SERVER | SSNFLAG_SEEN_CLIENT) /* used to check asymetric traffic */
|
||||
#define SSNFLAG_ESTABLISHED 0x00000004
|
||||
#define SSNFLAG_NMAP 0x00000008
|
||||
#define SSNFLAG_ECN_CLIENT_QUERY 0x00000010
|
||||
#define SSNFLAG_ECN_SERVER_REPLY 0x00000020
|
||||
#define SSNFLAG_HTTP_1_1 0x00000040 /* has stream seen HTTP 1.1? */
|
||||
#define SSNFLAG_SEEN_PMATCH 0x00000080 /* seen pattern match? */
|
||||
#define SSNFLAG_MIDSTREAM 0x00000100 /* picked up midstream */
|
||||
#define SSNFLAG_CLIENT_FIN 0x00000200 /* server sent fin */
|
||||
#define SSNFLAG_SERVER_FIN 0x00000400 /* client sent fin */
|
||||
#define SSNFLAG_CLIENT_PKT 0x00000800 /* packet is from the client */
|
||||
#define SSNFLAG_SERVER_PKT 0x00001000 /* packet is from the server */
|
||||
#define SSNFLAG_COUNTED_INITIALIZE 0x00002000
|
||||
#define SSNFLAG_COUNTED_ESTABLISH 0x00004000
|
||||
#define SSNFLAG_COUNTED_CLOSING 0x00008000
|
||||
#define SSNFLAG_TIMEDOUT 0x00010000
|
||||
#define SSNFLAG_PRUNED 0x00020000
|
||||
#define SSNFLAG_RESET 0x00040000
|
||||
#define SSNFLAG_DROP_CLIENT 0x00080000
|
||||
#define SSNFLAG_DROP_SERVER 0x00100000
|
||||
#define SSNFLAG_LOGGED_QUEUE_FULL 0x00200000
|
||||
#define SSNFLAG_STREAM_ORDER_BAD 0x00400000
|
||||
#define SSNFLAG_FORCE_BLOCK 0x00800000
|
||||
#define SSNFLAG_CLIENT_SWAP 0x01000000
|
||||
#define SSNFLAG_CLIENT_SWAPPED 0x02000000
|
||||
#define SSNFLAG_DETECTION_DISABLED 0x04000000
|
||||
#define SSNFLAG_HTTP_2 0x08000000
|
||||
#define SSNFLAG_HTTP_2_UPG 0x10000000
|
||||
#define SSNFLAG_FREE_APP_DATA 0x20000000
|
||||
#define SSNFLAG_ALL 0xFFFFFFFF /* all that and a bag of chips */
|
||||
#define SSNFLAG_NONE 0x00000000 /* nothing, an MT bag of chips */
|
||||
|
||||
|
||||
// HA Session flags helper macros
|
||||
#define HA_IGNORED_SESSION_FLAGS ( SSNFLAG_COUNTED_INITIALIZE | SSNFLAG_COUNTED_ESTABLISH | \
|
||||
SSNFLAG_COUNTED_CLOSING | SSNFLAG_LOGGED_QUEUE_FULL)
|
||||
#define HA_CRITICAL_SESSION_FLAGS ( SSNFLAG_DROP_CLIENT | SSNFLAG_DROP_SERVER | SSNFLAG_RESET )
|
||||
#define HA_TCP_MAJOR_SESSION_FLAGS ( SSNFLAG_ESTABLISHED )
|
||||
|
||||
#define UNKNOWN_PORT 0
|
||||
|
||||
#define TCP_HZ 100
|
||||
|
||||
#define SESSION_API_VERSION1 1
|
||||
|
||||
/* NOTE: The XFF_BUILTING_NAMES value must match the code in snort_httpinspect.c that
|
||||
adds the builtin names to the list. */
|
||||
#define HTTP_XFF_FIELD_X_FORWARDED_FOR "X-Forwarded-For"
|
||||
#define HTTP_XFF_FIELD_TRUE_CLIENT_IP "True-Client-IP"
|
||||
#define HTTP_XFF_BUILTIN_NAMES (2)
|
||||
#define HTTP_MAX_XFF_FIELDS 8
|
||||
|
||||
typedef struct _StreamSessionKey
|
||||
{
|
||||
/* XXX If this data structure changes size, HashKeyCmp must be updated! */
|
||||
uint32_t ip_l[4]; /* Low IP */
|
||||
uint32_t ip_h[4]; /* High IP */
|
||||
uint16_t port_l; /* Low Port - 0 if ICMP */
|
||||
uint16_t port_h; /* High Port - 0 if ICMP */
|
||||
uint16_t vlan_tag;
|
||||
uint8_t protocol;
|
||||
char pad;
|
||||
uint32_t mplsLabel; /* MPLS label */
|
||||
uint16_t addressSpaceId;
|
||||
uint16_t addressSpaceIdPad1;
|
||||
/* XXX If this data structure changes size, HashKeyCmp must be updated! */
|
||||
} StreamSessionKey;
|
||||
|
||||
typedef StreamSessionKey SessionKey;
|
||||
|
||||
typedef void ( *StreamAppDataFree )( void * );
|
||||
typedef struct _StreamAppData
|
||||
{
|
||||
uint32_t protocol;
|
||||
void *dataPointer;
|
||||
struct _StreamAppData *next;
|
||||
struct _StreamAppData *prev;
|
||||
StreamAppDataFree freeFunc;
|
||||
} StreamAppData;
|
||||
|
||||
typedef struct _StreamFlowData
|
||||
{
|
||||
BITOP boFlowbits;
|
||||
unsigned char flowb[1];
|
||||
} StreamFlowData;
|
||||
|
||||
typedef struct _StreamSessionLimits
|
||||
{
|
||||
uint32_t tcp_session_limit;
|
||||
uint32_t udp_session_limit;
|
||||
uint32_t icmp_session_limit;
|
||||
uint32_t ip_session_limit;
|
||||
} StreamSessionLimits;
|
||||
|
||||
typedef struct _StreamHAState
|
||||
{
|
||||
uint32_t session_flags;
|
||||
|
||||
#ifdef TARGET_BASED
|
||||
int16_t ipprotocol;
|
||||
int16_t application_protocol;
|
||||
#endif
|
||||
|
||||
char direction;
|
||||
char ignore_direction; /* flag to ignore traffic on this session */
|
||||
} StreamHAState;
|
||||
|
||||
typedef enum {
|
||||
SE_REXMIT,
|
||||
SE_EOF,
|
||||
SE_MAX
|
||||
} Stream_Event;
|
||||
|
||||
//typedef void (*LogExtraData)(void *ssnptr, void *config, LogFunction *funcs, uint32_t max_count,
|
||||
// uint32_t xtradata_mask, uint32_t id, uint32_t sec);
|
||||
|
||||
#ifdef ENABLE_HA
|
||||
typedef uint32_t ( *StreamHAProducerFunc )( void *ssnptr, uint8_t *buf );
|
||||
typedef int ( *StreamHAConsumerFunc )( void *ssnptr, const uint8_t *data, uint8_t length );
|
||||
#endif
|
||||
|
||||
// Protocol types for creating session cache
|
||||
#define SESSION_PROTO_TCP 0x00
|
||||
#define SESSION_PROTO_UDP 0x01
|
||||
#define SESSION_PROTO_ICMP 0x02
|
||||
#define SESSION_PROTO_IP 0x03
|
||||
#define SESSION_PROTO_MAX 0x04
|
||||
|
||||
// Snort Policy Types
|
||||
#define SNORT_NAP_POLICY 0x00
|
||||
#define SNORT_IPS_POLICY 0x01
|
||||
|
||||
struct _SnortConfig;
|
||||
struct _ExpectNode;
|
||||
|
||||
typedef void( *SessionCleanup )( void *ssn );
|
||||
typedef void ( *nap_selector )( SFSnortPacket *p, bool client_packet );
|
||||
typedef void (*MandatoryEarlySessionCreatorFn)(void *ssn, struct _ExpectNode*);
|
||||
typedef char** (*GetHttpXffPrecedenceFunc)(void* ssn, uint32_t flags, int* nFields);
|
||||
|
||||
typedef struct _session_api
|
||||
{
|
||||
int version;
|
||||
|
||||
/* Create a protocol specific cache for session control blocks
|
||||
*
|
||||
* Parameters:
|
||||
* Session procotol type
|
||||
* Protocol Session Control Block Size
|
||||
* Cleanup callback function
|
||||
*/
|
||||
void *(*init_session_cache)(uint32_t, uint32_t, SessionCleanup);
|
||||
|
||||
/* Lookup and return pointer to Session Control Block
|
||||
*
|
||||
* Parameters
|
||||
* Session Cache
|
||||
* Packet
|
||||
* Session Key
|
||||
*/
|
||||
void *(*get_session)(void *, SFSnortPacket *, SessionKey *);
|
||||
|
||||
/* Populate a session key from the Packet
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
* Stream session key pointer
|
||||
*/
|
||||
void (*populate_session_key)(SFSnortPacket *, StreamSessionKey *);
|
||||
|
||||
|
||||
/* Lookup session by IP and Port from packet and return pointer to Session Control Block
|
||||
*
|
||||
* Parameters
|
||||
* Source IP
|
||||
* Source Port
|
||||
* Destination IP
|
||||
* Destination Port
|
||||
* Protocol
|
||||
* VLAN
|
||||
* MPLS ID
|
||||
* Address Space ID
|
||||
* Session Key
|
||||
*/
|
||||
int (*get_session_key_by_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char, uint16_t,
|
||||
uint32_t, uint16_t, SessionKey *);
|
||||
|
||||
/* Lookup by session key and return Session Control Block
|
||||
*
|
||||
* Parameters
|
||||
* Session Cache (protocol specific)
|
||||
* Session Key
|
||||
*
|
||||
*/
|
||||
void *(*get_session_by_key)(void *, const SessionKey *);
|
||||
|
||||
/* Create a new session
|
||||
*
|
||||
* Parameters
|
||||
* Session Cache (protocol specific)
|
||||
* Packet
|
||||
* Session Key
|
||||
*
|
||||
*/
|
||||
void *(*create_session)(void *, SFSnortPacket *, const SessionKey *);
|
||||
|
||||
/* Is session verified by protocol
|
||||
*
|
||||
* Parameters
|
||||
* Session Control Block
|
||||
*/
|
||||
bool (*is_session_verified)( void * );
|
||||
|
||||
/* remove session from oneway list
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
* Session Control Block
|
||||
*/
|
||||
void (*remove_session_from_oneway_list)( uint32_t, void * );
|
||||
|
||||
/* Delete a session
|
||||
*
|
||||
* Parameters
|
||||
* Session cache (protocol specific)
|
||||
* Session Control Block
|
||||
* Reason
|
||||
*/
|
||||
int (*delete_session)(void *, void *, char *);
|
||||
|
||||
/* Delete a session but without providing the session cache.
|
||||
*
|
||||
* Parameters
|
||||
* Session Control Block
|
||||
* Reason
|
||||
*/
|
||||
int (*delete_session_by_key)(void *, char *);
|
||||
|
||||
/* Print session cache
|
||||
*
|
||||
* Parameters
|
||||
* Session cache (protocol specific)
|
||||
*
|
||||
*/
|
||||
void (*print_session_cache)(void *);
|
||||
|
||||
/* Delete session cache
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
*
|
||||
*/
|
||||
int (*delete_session_cache)( uint32_t protocol );
|
||||
|
||||
/* Purge session cache
|
||||
*
|
||||
* Parameters
|
||||
* Session cache (protocol specific)
|
||||
*
|
||||
*/
|
||||
int (*purge_session_cache)(void *);
|
||||
|
||||
/* Prune session cache
|
||||
*
|
||||
* Parameters
|
||||
* Session cache (protocol specific)
|
||||
* Time
|
||||
* Session Control Block
|
||||
* Mem Check
|
||||
*
|
||||
*/
|
||||
int (*prune_session_cache)(void *, uint32_t, void *, int);
|
||||
|
||||
/* Clean memory pool for protocol sessions by protocol
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
*
|
||||
*/
|
||||
void (*clean_protocol_session_pool)( uint32_t );
|
||||
|
||||
/* Free protocol session memory by protocol
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
* Session Pointer
|
||||
*/
|
||||
void (*free_protocol_session_pool)( uint32_t, void * );
|
||||
|
||||
/* Allocate session from protocol session pool
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
*/
|
||||
void *(*alloc_protocol_session)( uint32_t );
|
||||
|
||||
/* Get session count
|
||||
*
|
||||
* Parameters
|
||||
* Session cache (protocol specific)
|
||||
*
|
||||
*/
|
||||
int (*get_session_count)(void *);
|
||||
|
||||
/* Get prune count by protocol
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
*/
|
||||
uint32_t (*get_session_prune_count)( uint32_t protocol );
|
||||
|
||||
/* Reset prune count by protocol
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
*/
|
||||
void (*reset_session_prune_count)( uint32_t protocol );
|
||||
|
||||
/* Check session timeout
|
||||
*
|
||||
* Parameters
|
||||
* Flow count
|
||||
* Current time
|
||||
*/
|
||||
void (*check_session_timeout)( uint32_t, time_t );
|
||||
|
||||
/* Return status of protocol tracking for specified protocol
|
||||
*
|
||||
* Parameters
|
||||
* proto
|
||||
*
|
||||
*/
|
||||
int (*protocol_tracking_enabled)( IpProto proto );
|
||||
|
||||
/* Set packet direction flag
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
* Session Control Block
|
||||
*
|
||||
*/
|
||||
void (*set_packet_direction_flag)(SFSnortPacket *, void *);
|
||||
|
||||
/* Free session application data
|
||||
*
|
||||
* Parameters
|
||||
* Session Control Block
|
||||
*
|
||||
*/
|
||||
void (*free_application_data)(void *);
|
||||
|
||||
/* Get direction of packet
|
||||
*
|
||||
* Parameters:
|
||||
* Packet
|
||||
*/
|
||||
uint32_t (*get_packet_direction)(SFSnortPacket *);
|
||||
|
||||
/* Disable inspection for a sesion.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Packet
|
||||
*/
|
||||
void (*disable_inspection)(void *, SFSnortPacket *);
|
||||
|
||||
/* Stop inspection for session, up to count bytes (-1 to ignore
|
||||
* for life or until resume).
|
||||
*
|
||||
* If response flag is set, automatically resume inspection up to
|
||||
* count bytes when a data packet in the other direction is seen.
|
||||
*
|
||||
* Also marks the packet to be ignored
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Packet
|
||||
* Direction
|
||||
* Bytes
|
||||
* Response Flag
|
||||
*/
|
||||
void (*stop_inspection)(void *, SFSnortPacket *, char, int32_t, int);
|
||||
|
||||
/* Turn off inspection for potential session.
|
||||
* Adds session identifiers to a hash table.
|
||||
* TCP only.
|
||||
*
|
||||
* Parameters
|
||||
* IP addr #1
|
||||
* Port #1
|
||||
* IP addr #2
|
||||
* Port #2
|
||||
* Protocol
|
||||
* Preprocessor ID
|
||||
* Direction
|
||||
* Flags (permanent)
|
||||
*
|
||||
* Returns
|
||||
* 0 on success
|
||||
* -1 on failure
|
||||
*/
|
||||
int (*ignore_session)(const SFSnortPacket *, sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, uint8_t,
|
||||
uint32_t, char, char, struct _ExpectNode**);
|
||||
|
||||
/* Get direction that data is being ignored.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*/
|
||||
int (*get_ignore_direction)(void *);
|
||||
|
||||
/* Resume inspection for session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Direction
|
||||
*/
|
||||
void (*resume_inspection)(void *, char);
|
||||
|
||||
/* Drop traffic arriving on session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Direction
|
||||
*/
|
||||
void (*drop_traffic)(SFSnortPacket *, void *, char);
|
||||
|
||||
/* Set a reference to application data for a session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Application Protocol
|
||||
* Application Data reference (pointer)
|
||||
* Application Data free function
|
||||
*
|
||||
* Returns
|
||||
* 0 on success
|
||||
* -1 on failure
|
||||
*/
|
||||
int (*set_application_data)(void *, uint32_t, void *, StreamAppDataFree);
|
||||
|
||||
/* Set a reference to application data for a session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Application Protocol
|
||||
*
|
||||
* Returns
|
||||
* Application Data reference (pointer)
|
||||
*/
|
||||
void *(*get_application_data)(void *, uint32_t);
|
||||
|
||||
/*
|
||||
* Set Expiration Timeout
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
* Session Ptr
|
||||
* timeout
|
||||
*/
|
||||
void (*set_expire_timer)( SFSnortPacket *, void *, uint32_t );
|
||||
|
||||
/* Get Expriration Timeou
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
* Session Ptr
|
||||
*
|
||||
*/
|
||||
int (*get_expire_timer)( SFSnortPacket *, void *);
|
||||
|
||||
/* Sets the flags for a session
|
||||
* This ORs the supplied flags with the previous values
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Flags
|
||||
*
|
||||
* Returns
|
||||
* New Flags
|
||||
*/
|
||||
uint32_t (*set_session_flags)(void *, uint32_t);
|
||||
|
||||
/* Gets the flags for a session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*/
|
||||
uint32_t (*get_session_flags)(void *);
|
||||
|
||||
/* Get the runtime policy index for policy type
|
||||
* specified
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Policy Type: NAP or IPS
|
||||
*/
|
||||
tSfPolicyId (*get_runtime_policy)(void *, int);
|
||||
|
||||
/* Set the runtime policy index for policy type
|
||||
* specified
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Policy Type: NAP or IPS
|
||||
* Index for this policy
|
||||
*/
|
||||
void (*set_runtime_policy)(void *, int, tSfPolicyId);
|
||||
|
||||
|
||||
/* Get Flowbits data
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
*
|
||||
* Returns
|
||||
* Ptr to Flowbits Data
|
||||
*/
|
||||
|
||||
StreamFlowData *(*get_flow_data)(SFSnortPacket *p);
|
||||
|
||||
/* Set if Session Deletion to be delayed
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* bool to set/unset delay_session_deletion_flag
|
||||
*
|
||||
*/
|
||||
void (*set_session_deletion_delayed)(void *, bool);
|
||||
|
||||
/* Returns if SessionDeletion to be delayed or not
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*
|
||||
* Returns
|
||||
* bool value denoting if sessionDeletion Delayed or not
|
||||
*
|
||||
*/
|
||||
bool (*is_session_deletion_delayed)(void *);
|
||||
|
||||
#ifdef TARGET_BASED
|
||||
/* Register preproc handler for the specifed application id
|
||||
*
|
||||
* Parameters
|
||||
* Preprocessor Id
|
||||
* Application ID
|
||||
*/
|
||||
void (*register_service_handler)(uint32_t, int16_t);
|
||||
|
||||
|
||||
/* Get the protocol identifier from a stream
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*
|
||||
* Returns
|
||||
* integer protocol identifier
|
||||
*/
|
||||
int16_t (*get_application_protocol_id)(void *);
|
||||
|
||||
/* Set the protocol identifier for a stream
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* ID
|
||||
*
|
||||
* Returns
|
||||
* integer protocol identifier
|
||||
*/
|
||||
int16_t (*set_application_protocol_id)(void *, int16_t);
|
||||
|
||||
/* Get server IP address. This could be used either during packet processing or when
|
||||
* a session is being closed. Caller should make a deep copy if return value is needed
|
||||
* for later use.
|
||||
*
|
||||
* Arguments
|
||||
* void * - session pointer
|
||||
* uint32_t - direction. Valid values are SSN_DIR_SERVER or SSN_DIR_CLIENT
|
||||
*
|
||||
* Returns
|
||||
* IP address. Contents at the buffer should not be changed. The
|
||||
*/
|
||||
sfaddr_t* (*get_session_ip_address)(void *, uint32_t);
|
||||
|
||||
/* Get server/client ports.
|
||||
*
|
||||
* Arguments
|
||||
* void * - session pointer
|
||||
* uint16_t *client_port - client port pointer
|
||||
* uint16_t *server_port - server port pointer
|
||||
*
|
||||
* Returns
|
||||
* Ports.
|
||||
*/
|
||||
void (*get_session_ports)(void *, uint16_t *client_port, uint16_t *server_port);
|
||||
#endif
|
||||
|
||||
/** Get an independent bit to allow an entity to enable and
|
||||
* disable port session tracking and syn session creation
|
||||
* without affecting the status of set by other entities.
|
||||
* Returns a bitmask (with the bit range 3-15) or 0, if no bits
|
||||
* are available.
|
||||
*/
|
||||
uint16_t (*get_preprocessor_status_bit)(void);
|
||||
|
||||
#ifdef ACTIVE_RESPONSE
|
||||
// initialize response count and expiration time
|
||||
void (*init_active_response)(SFSnortPacket *, void *);
|
||||
#endif
|
||||
|
||||
// Get the TTL value used at session setup
|
||||
// outer=0 to get inner ip ttl for ip in ip; else outer=1
|
||||
uint8_t (*get_session_ttl)(void *ssnptr, char direction, int outer);
|
||||
|
||||
/* Turn off inspection for potential session.
|
||||
* Adds session identifiers to a hash table.
|
||||
* TCP only.
|
||||
*
|
||||
* Parameters
|
||||
* Control Channel Packet
|
||||
* IP addr #1
|
||||
* Port #1
|
||||
* IP addr #2
|
||||
* Port #2
|
||||
* Protocol
|
||||
* ID,
|
||||
* Preprocessor ID calling this function,
|
||||
* Preprocessor specific data,
|
||||
* Preprocessor data free function. If NULL, then static buffer is assumed.
|
||||
*
|
||||
* Returns
|
||||
* 0 on success
|
||||
* -1 on failure
|
||||
*/
|
||||
int (*set_application_protocol_id_expected)(const SFSnortPacket *, sfaddr_t*, uint16_t, sfaddr_t*, uint16_t,
|
||||
uint8_t, int16_t, uint32_t, void*, void (*)(void*), struct _ExpectNode**);
|
||||
|
||||
#ifdef ENABLE_HA
|
||||
/* Register a high availability producer and consumer function pair for a
|
||||
* particular preprocessor ID and subcode combination.
|
||||
*
|
||||
* Parameters
|
||||
* Processor ID
|
||||
* Subcode
|
||||
* Maximum Message Size
|
||||
* Message Producer Function
|
||||
* Message Consumer Function
|
||||
*
|
||||
* Returns
|
||||
* >= 0 on success
|
||||
* The returned value is the bit number in the HA pending bitmask and
|
||||
* should be stored for future calls to set_ha_pending_bit().
|
||||
* < 0 on failure
|
||||
*/
|
||||
int (*register_ha_funcs)(uint32_t preproc_id, uint8_t subcode, uint8_t size,
|
||||
StreamHAProducerFunc produce, StreamHAConsumerFunc consume);
|
||||
|
||||
/* Indicate a pending high availability update for a given session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* HA Pending Update Bit
|
||||
*/
|
||||
void (*set_ha_pending_bit)(void *, int bit);
|
||||
|
||||
/* Attempt to process any pending HA events for the given session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* DAQ SFSnortPacket Header for the packet being processed (Could be NULL)
|
||||
*/
|
||||
void (*process_ha)(void *, const DAQ_PktHdr_t *);
|
||||
#endif
|
||||
|
||||
//Retrieve the maximum session limits for the given policy
|
||||
void (*get_max_session_limits)(tSfPolicyId, StreamSessionLimits*);
|
||||
|
||||
/* Set direction that data is being ignored.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*/
|
||||
int (*set_ignore_direction)(void *, int);
|
||||
|
||||
/** Retrieve stream session pointer based on the lookup tuples for
|
||||
* cases where Snort does not have an active packet that is
|
||||
* relevant.
|
||||
*
|
||||
* Parameters
|
||||
* IP addr #1
|
||||
* Port #1 (0 for non TCP/UDP)
|
||||
* IP addr #2
|
||||
* Port #2 (0 for non TCP/UDP)
|
||||
* Protocol
|
||||
* VLAN ID
|
||||
* MPLS ID
|
||||
* Address Space ID
|
||||
*
|
||||
* Returns
|
||||
* Stream session pointer
|
||||
*/
|
||||
void *(*get_session_ptr_from_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char,
|
||||
uint16_t, uint32_t, uint16_t);
|
||||
|
||||
/** Retrieve the session key given a stream session pointer.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*
|
||||
* Returns
|
||||
* Stream session key
|
||||
*/
|
||||
const StreamSessionKey *(*get_key_from_session_ptr)(const void *);
|
||||
|
||||
/* Delete the session if it is in the closed session state.
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
*/
|
||||
void (*check_session_closed)(SFSnortPacket *);
|
||||
|
||||
/* Create a session key from the Packet
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
*/
|
||||
StreamSessionKey *(*get_session_key)(SFSnortPacket *);
|
||||
|
||||
/* Get the application data from the session key
|
||||
*
|
||||
* Parameters
|
||||
* SessionKey *
|
||||
* Application Protocol
|
||||
*/
|
||||
void *(*get_application_data_from_key)(const StreamSessionKey *, uint32_t);
|
||||
|
||||
/** Retrieve application session data based on the lookup tuples for
|
||||
* cases where Snort does not have an active packet that is
|
||||
* relevant.
|
||||
*
|
||||
* Parameters
|
||||
* IP addr #1
|
||||
* Port #1 (0 for non TCP/UDP)
|
||||
* IP addr #2
|
||||
* Port #2 (0 for non TCP/UDP)
|
||||
* Protocol
|
||||
* VLAN ID
|
||||
* MPLS ID
|
||||
* Address Space ID
|
||||
* Preprocessor ID
|
||||
*
|
||||
* Returns
|
||||
* Application Data reference (pointer)
|
||||
*/
|
||||
void *(*get_application_data_from_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char,
|
||||
uint16_t, uint32_t, uint16_t, uint32_t);
|
||||
|
||||
void (*disable_preproc_for_session)( void *, uint32_t );
|
||||
void (*enable_preproc_for_port)( struct _SnortConfig *, uint32_t, uint32_t, uint16_t );
|
||||
void (*enable_preproc_all_ports)( struct _SnortConfig *, uint32_t, uint32_t );
|
||||
void (*enable_preproc_all_ports_all_policies)( struct _SnortConfig *, uint32_t, uint32_t );
|
||||
bool (*is_preproc_enabled_for_port)( uint32_t, uint16_t );
|
||||
void (*register_nap_selector)( nap_selector );
|
||||
void (*register_mandatory_early_session_creator)(struct _SnortConfig *,
|
||||
MandatoryEarlySessionCreatorFn callback);
|
||||
void* (*get_application_data_from_expected_node)(struct _ExpectNode*, uint32_t);
|
||||
int (*add_application_data_to_expected_node)(struct _ExpectNode*, uint32_t, void*, void (*)(void*));
|
||||
void (*register_get_http_xff_precedence)(GetHttpXffPrecedenceFunc );
|
||||
char** (*get_http_xff_precedence)(void* ssn, uint32_t flags, int* nFields);
|
||||
struct _ExpectNode* (*get_next_expected_node)(struct _ExpectNode*);
|
||||
} SessionAPI;
|
||||
|
||||
/* To be set by Session */
|
||||
extern SessionAPI *session_api;
|
||||
|
||||
/**Port Inspection States. Port can be either ignored,
|
||||
* or inspected or session tracked. The values are bitmasks.
|
||||
*/
|
||||
typedef enum {
|
||||
/**Dont monitor the port. */
|
||||
PORT_MONITOR_NONE = 0x00,
|
||||
|
||||
/**Inspect the port. */
|
||||
PORT_MONITOR_INSPECT = 0x01,
|
||||
|
||||
/**perform session tracking on the port. */
|
||||
PORT_MONITOR_SESSION = 0x02
|
||||
|
||||
} PortMonitorStates;
|
||||
|
||||
#define PORT_MONITOR_SESSION_BITS 0xFFFE
|
||||
|
||||
#define PP_SESSION_PRIORITY PRIORITY_CORE + PP_CORE_ORDER_SESSION
|
||||
|
||||
// Utility functions
|
||||
//
|
||||
/*********************************************************************
|
||||
* Function: isPortEnabled
|
||||
*
|
||||
* Checks to see if a port is enabled in the port array mask
|
||||
* passed in.
|
||||
*
|
||||
* Arguments:
|
||||
* uint8_t *
|
||||
* Pointer to a port array mask.
|
||||
* const uint16_t
|
||||
* The port to check for in the mask.
|
||||
*
|
||||
* Returns:
|
||||
* bool
|
||||
* true if the port is set.
|
||||
* false if the port is not set.
|
||||
*
|
||||
*********************************************************************/
|
||||
static inline bool isPortEnabled( const uint8_t *port_array, const uint16_t port )
|
||||
{
|
||||
return port_array[ ( port / 8 ) ] & ( 1 << ( port % 8 ) );
|
||||
}
|
||||
|
||||
/*********************************************************************
|
||||
* Function: enablePort()
|
||||
*
|
||||
* Enable a port in the port array mask passed in.
|
||||
*
|
||||
* Arguments:
|
||||
* uint8_t *
|
||||
* Pointer to a port array mask.
|
||||
* const uint16_t
|
||||
* The port to set in the port array mask.
|
||||
*
|
||||
* Returns: None
|
||||
*
|
||||
*********************************************************************/
|
||||
static inline void enablePort( uint8_t *port_array, const uint16_t port )
|
||||
{
|
||||
port_array[ ( port / 8 ) ] |= ( 1 << ( port % 8 ) );
|
||||
}
|
||||
|
||||
/*********************************************************************
|
||||
* Function: disablePort()
|
||||
*
|
||||
* Disable a port in the port array mask passed in.
|
||||
*
|
||||
* Arguments:
|
||||
* uint8_t *
|
||||
* Pointer to a port array mask.
|
||||
* const uint16_t
|
||||
* The port to set in the port array mask.
|
||||
*
|
||||
* Returns: None
|
||||
*
|
||||
*********************************************************************/
|
||||
static inline void disablePort( uint8_t *port_array, const uint16_t port )
|
||||
{
|
||||
port_array[ ( port / 8 ) ] &= ~( 1 << ( port % 8 ) );
|
||||
}
|
||||
|
||||
#endif /* SESSION_API_H_ */
|
||||
|
|
@ -0,0 +1,961 @@
|
|||
/* $Id$ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2004-2013 Sourcefire, Inc.
|
||||
* ** AUTHOR: d mcpherson
|
||||
* **
|
||||
* ** This program is free software; you can redistribute it and/or modify
|
||||
* ** it under the terms of the GNU General Public License Version 2 as
|
||||
* ** published by the Free Software Foundation. You may not use, modify or
|
||||
* ** distribute this program under any other version of the GNU General
|
||||
* ** Public License.
|
||||
* **
|
||||
* ** This program is distributed in the hope that it will be useful,
|
||||
* ** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* ** GNU General Public License for more details.
|
||||
* **
|
||||
* ** You should have received a copy of the GNU General Public License
|
||||
* ** along with this program; if not, write to the Free Software
|
||||
* ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
* */
|
||||
|
||||
/* session_api.h
|
||||
*
|
||||
* Purpose: Definition of the SessionAPI. To be used as a common interface
|
||||
* for other preprocessors and detection plugins that require a
|
||||
* session context for execution.
|
||||
*
|
||||
* Arguments:
|
||||
*
|
||||
* Effect:
|
||||
*
|
||||
* Comments:
|
||||
*
|
||||
* Any comments?
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef _SESSION_API_H_
|
||||
#define _SESSION_API_H_
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include "ipv6_port.h"
|
||||
#include "preprocids.h" /* IDs are used when setting preproc specific data */
|
||||
#include "bitop.h"
|
||||
#include "decode.h"
|
||||
#include "sfPolicy.h"
|
||||
|
||||
/* default limits */
|
||||
#define STREAM_DEFAULT_PRUNE_QUANTA 30 /* seconds to timeout a session */
|
||||
#define STREAM_DEFAULT_MEMCAP 8388608 /* 8MB */
|
||||
#define STREAM_DEFAULT_PRUNE_LOG_MAX 1048576 /* 1MB */
|
||||
#define STREAM_RIDICULOUS_HI_MEMCAP ( 1024 * 1024 * 1024 ) /* 1GB */
|
||||
#define STREAM_RIDICULOUS_LOW_MEMCAP 32768 /* 32k*/
|
||||
#define STREAM_RIDICULOUS_MAX_SESSIONS ( 1024 * 1024 ) /* 1 million sessions */
|
||||
#define STREAM_DEFAULT_MAX_TCP_SESSIONS 262144 /* 256k TCP sessions by default */
|
||||
#define STREAM_DEFAULT_MAX_UDP_SESSIONS 131072 /* 128k UDP sessions by default */
|
||||
#define STREAM_DEFAULT_MAX_ICMP_SESSIONS 65536 /* 64k ICMP sessions by default */
|
||||
#define STREAM_DEFAULT_MAX_IP_SESSIONS 16384 /* 16k IP sessions by default */
|
||||
#define STREAM_DEFAULT_TCP_CACHE_PRUNING_TIMEOUT 30 /* 30 seconds */
|
||||
#define STREAM_DEFAULT_TCP_CACHE_NOMINAL_TIMEOUT ( 60 * 60 ) /* 1 hour */
|
||||
#define STREAM_DEFAULT_UDP_CACHE_PRUNING_TIMEOUT 30 /* 30 seconds */
|
||||
#define STREAM_DEFAULT_UDP_CACHE_NOMINAL_TIMEOUT ( 3 * 60 ) /* 3 minutes */
|
||||
#define STREAM_MAX_CACHE_TIMEOUT ( 12 * 60 * 60 ) /* 12 hours */
|
||||
#define STREAM_MIN_PRUNE_LOG_MAX 1024 /* 1k packet data stored */
|
||||
#define STREAM_MAX_PRUNE_LOG_MAX STREAM_RIDICULOUS_HI_MEMCAP /* 1GB packet data stored */
|
||||
#define STREAM_DELAY_SESSION_DELETION true /* set if session deletion to be delayed */
|
||||
#define STREAM_DELAY_TIMEOUT_AFTER_CONNECTION_ENDED (3 * 60) /* 3 minutes */
|
||||
|
||||
#define STREAM_EXPECTED_CHANNEL_TIMEOUT 300
|
||||
|
||||
#ifdef ACTIVE_RESPONSE
|
||||
#define STREAM_DEFAULT_MAX_ACTIVE_RESPONSES 0 /* default to no responses */
|
||||
#define STREAM_DEFAULT_MIN_RESPONSE_SECONDS 1 /* wait at least 1 second between resps */
|
||||
|
||||
#define STREAM_MAX_ACTIVE_RESPONSES_MAX 25 /* banging your head against the wall */
|
||||
#define STREAM_MIN_RESPONSE_SECONDS_MAX 300 /* we want to stop the flow soonest */
|
||||
#endif
|
||||
|
||||
#define EXPECT_FLAG_ALWAYS 0x01
|
||||
|
||||
#define SSN_MISSING_NONE 0x00
|
||||
#define SSN_MISSING_BEFORE 0x01
|
||||
#define SSN_MISSING_AFTER 0x02
|
||||
#define SSN_MISSING_BOTH (SSN_MISSING_BEFORE | SSN_MISSING_AFTER)
|
||||
|
||||
#define SSN_DIR_NONE 0x0
|
||||
#define SSN_DIR_FROM_CLIENT 0x1
|
||||
#define SSN_DIR_FROM_SENDER 0x1
|
||||
#define SSN_DIR_TO_SERVER 0x1
|
||||
#define SSN_DIR_FROM_SERVER 0x2
|
||||
#define SSN_DIR_FROM_RESPONDER 0x2
|
||||
#define SSN_DIR_TO_CLIENT 0x2
|
||||
#define SSN_DIR_BOTH 0x3
|
||||
|
||||
#define SSNFLAG_SEEN_CLIENT 0x00000001
|
||||
#define SSNFLAG_SEEN_SENDER 0x00000001
|
||||
#define SSNFLAG_SEEN_SERVER 0x00000002
|
||||
#define SSNFLAG_SEEN_RESPONDER 0x00000002
|
||||
#define SSNFLAG_SEEN_BOTH (SSNFLAG_SEEN_SERVER | SSNFLAG_SEEN_CLIENT) /* used to check asymetric traffic */
|
||||
#define SSNFLAG_ESTABLISHED 0x00000004
|
||||
#define SSNFLAG_NMAP 0x00000008
|
||||
#define SSNFLAG_ECN_CLIENT_QUERY 0x00000010
|
||||
#define SSNFLAG_ECN_SERVER_REPLY 0x00000020
|
||||
#define SSNFLAG_HTTP_1_1 0x00000040 /* has stream seen HTTP 1.1? */
|
||||
#define SSNFLAG_SEEN_PMATCH 0x00000080 /* seen pattern match? */
|
||||
#define SSNFLAG_MIDSTREAM 0x00000100 /* picked up midstream */
|
||||
#define SSNFLAG_CLIENT_FIN 0x00000200 /* server sent fin */
|
||||
#define SSNFLAG_SERVER_FIN 0x00000400 /* client sent fin */
|
||||
#define SSNFLAG_CLIENT_PKT 0x00000800 /* packet is from the client */
|
||||
#define SSNFLAG_SERVER_PKT 0x00001000 /* packet is from the server */
|
||||
#define SSNFLAG_COUNTED_INITIALIZE 0x00002000
|
||||
#define SSNFLAG_COUNTED_ESTABLISH 0x00004000
|
||||
#define SSNFLAG_COUNTED_CLOSING 0x00008000
|
||||
#define SSNFLAG_TIMEDOUT 0x00010000
|
||||
#define SSNFLAG_PRUNED 0x00020000
|
||||
#define SSNFLAG_RESET 0x00040000
|
||||
#define SSNFLAG_DROP_CLIENT 0x00080000
|
||||
#define SSNFLAG_DROP_SERVER 0x00100000
|
||||
#define SSNFLAG_LOGGED_QUEUE_FULL 0x00200000
|
||||
#define SSNFLAG_STREAM_ORDER_BAD 0x00400000
|
||||
#define SSNFLAG_FORCE_BLOCK 0x00800000
|
||||
#define SSNFLAG_CLIENT_SWAP 0x01000000
|
||||
#define SSNFLAG_CLIENT_SWAPPED 0x02000000
|
||||
#define SSNFLAG_DETECTION_DISABLED 0x04000000
|
||||
#define SSNFLAG_HTTP_2 0x08000000
|
||||
#define SSNFLAG_HTTP_2_UPG 0x10000000
|
||||
#define SSNFLAG_FREE_APP_DATA 0x20000000
|
||||
#define SSNFLAG_ALL 0xFFFFFFFF /* all that and a bag of chips */
|
||||
#define SSNFLAG_NONE 0x00000000 /* nothing, an MT bag of chips */
|
||||
|
||||
|
||||
// HA Session flags helper macros
|
||||
#define HA_IGNORED_SESSION_FLAGS ( SSNFLAG_COUNTED_INITIALIZE | SSNFLAG_COUNTED_ESTABLISH | \
|
||||
SSNFLAG_COUNTED_CLOSING | SSNFLAG_LOGGED_QUEUE_FULL)
|
||||
#define HA_CRITICAL_SESSION_FLAGS ( SSNFLAG_DROP_CLIENT | SSNFLAG_DROP_SERVER | SSNFLAG_RESET )
|
||||
#define HA_TCP_MAJOR_SESSION_FLAGS ( SSNFLAG_ESTABLISHED )
|
||||
|
||||
#define UNKNOWN_PORT 0
|
||||
|
||||
#define TCP_HZ 100
|
||||
|
||||
#define SESSION_API_VERSION1 1
|
||||
|
||||
/* NOTE: The XFF_BUILTING_NAMES value must match the code in snort_httpinspect.c that
|
||||
adds the builtin names to the list. */
|
||||
#define HTTP_XFF_FIELD_X_FORWARDED_FOR "X-Forwarded-For"
|
||||
#define HTTP_XFF_FIELD_TRUE_CLIENT_IP "True-Client-IP"
|
||||
#define HTTP_XFF_BUILTIN_NAMES (2)
|
||||
#define HTTP_MAX_XFF_FIELDS 8
|
||||
|
||||
typedef struct _StreamSessionKey
|
||||
{
|
||||
/* XXX If this data structure changes size, HashKeyCmp must be updated! */
|
||||
uint32_t ip_l[4]; /* Low IP */
|
||||
uint32_t ip_h[4]; /* High IP */
|
||||
uint16_t port_l; /* Low Port - 0 if ICMP */
|
||||
uint16_t port_h; /* High Port - 0 if ICMP */
|
||||
uint16_t vlan_tag;
|
||||
uint8_t protocol;
|
||||
char pad;
|
||||
uint32_t mplsLabel; /* MPLS label */
|
||||
uint16_t addressSpaceId;
|
||||
uint16_t addressSpaceIdPad1;
|
||||
/* XXX If this data structure changes size, HashKeyCmp must be updated! */
|
||||
} StreamSessionKey;
|
||||
|
||||
typedef StreamSessionKey SessionKey;
|
||||
|
||||
typedef void ( *StreamAppDataFree )( void * );
|
||||
typedef struct _StreamAppData
|
||||
{
|
||||
uint32_t protocol;
|
||||
void *dataPointer;
|
||||
struct _StreamAppData *next;
|
||||
struct _StreamAppData *prev;
|
||||
StreamAppDataFree freeFunc;
|
||||
} StreamAppData;
|
||||
|
||||
typedef struct _StreamFlowData
|
||||
{
|
||||
BITOP boFlowbits;
|
||||
unsigned char flowb[1];
|
||||
} StreamFlowData;
|
||||
|
||||
typedef struct _StreamSessionLimits
|
||||
{
|
||||
uint32_t tcp_session_limit;
|
||||
uint32_t udp_session_limit;
|
||||
uint32_t icmp_session_limit;
|
||||
uint32_t ip_session_limit;
|
||||
} StreamSessionLimits;
|
||||
|
||||
typedef struct _StreamHAState
|
||||
{
|
||||
uint32_t session_flags;
|
||||
|
||||
#ifdef TARGET_BASED
|
||||
int16_t ipprotocol;
|
||||
int16_t application_protocol;
|
||||
#endif
|
||||
|
||||
char direction;
|
||||
char ignore_direction; /* flag to ignore traffic on this session */
|
||||
} StreamHAState;
|
||||
|
||||
typedef enum {
|
||||
SE_REXMIT,
|
||||
SE_EOF,
|
||||
SE_MAX
|
||||
} Stream_Event;
|
||||
|
||||
//typedef void (*LogExtraData)(void *ssnptr, void *config, LogFunction *funcs, uint32_t max_count,
|
||||
// uint32_t xtradata_mask, uint32_t id, uint32_t sec);
|
||||
|
||||
#ifdef ENABLE_HA
|
||||
typedef uint32_t ( *StreamHAProducerFunc )( void *ssnptr, uint8_t *buf );
|
||||
typedef int ( *StreamHAConsumerFunc )( void *ssnptr, const uint8_t *data, uint8_t length );
|
||||
#endif
|
||||
|
||||
// Protocol types for creating session cache
|
||||
#define SESSION_PROTO_TCP 0x00
|
||||
#define SESSION_PROTO_UDP 0x01
|
||||
#define SESSION_PROTO_ICMP 0x02
|
||||
#define SESSION_PROTO_IP 0x03
|
||||
#define SESSION_PROTO_MAX 0x04
|
||||
|
||||
// Snort Policy Types
|
||||
#define SNORT_NAP_POLICY 0x00
|
||||
#define SNORT_IPS_POLICY 0x01
|
||||
|
||||
struct _SnortConfig;
|
||||
struct _ExpectNode;
|
||||
|
||||
typedef void( *SessionCleanup )( void *ssn );
|
||||
typedef void ( *nap_selector )( Packet *p, bool client_packet );
|
||||
typedef void (*MandatoryEarlySessionCreatorFn)(void *ssn, struct _ExpectNode*);
|
||||
typedef char** (*GetHttpXffPrecedenceFunc)(void* ssn, uint32_t flags, int* nFields);
|
||||
|
||||
typedef struct _session_api
|
||||
{
|
||||
int version;
|
||||
|
||||
/* Create a protocol specific cache for session control blocks
|
||||
*
|
||||
* Parameters:
|
||||
* Session procotol type
|
||||
* Protocol Session Control Block Size
|
||||
* Cleanup callback function
|
||||
*/
|
||||
void *(*init_session_cache)(uint32_t, uint32_t, SessionCleanup);
|
||||
|
||||
/* Lookup and return pointer to Session Control Block
|
||||
*
|
||||
* Parameters
|
||||
* Session Cache
|
||||
* Packet
|
||||
* Session Key
|
||||
*/
|
||||
void *(*get_session)(void *, Packet *, SessionKey *);
|
||||
|
||||
/* Populate a session key from the Packet
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
* Stream session key pointer
|
||||
*/
|
||||
void (*populate_session_key)(Packet *, StreamSessionKey *);
|
||||
|
||||
|
||||
/* Lookup session by IP and Port from packet and return pointer to Session Control Block
|
||||
*
|
||||
* Parameters
|
||||
* Source IP
|
||||
* Source Port
|
||||
* Destination IP
|
||||
* Destination Port
|
||||
* Protocol
|
||||
* VLAN
|
||||
* MPLS ID
|
||||
* Address Space ID
|
||||
* Session Key
|
||||
*/
|
||||
int (*get_session_key_by_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char, uint16_t,
|
||||
uint32_t, uint16_t, SessionKey *);
|
||||
|
||||
/* Lookup by session key and return Session Control Block
|
||||
*
|
||||
* Parameters
|
||||
* Session Cache (protocol specific)
|
||||
* Session Key
|
||||
*
|
||||
*/
|
||||
void *(*get_session_by_key)(void *, const SessionKey *);
|
||||
|
||||
/* Create a new session
|
||||
*
|
||||
* Parameters
|
||||
* Session Cache (protocol specific)
|
||||
* Packet
|
||||
* Session Key
|
||||
*
|
||||
*/
|
||||
void *(*create_session)(void *, Packet *, const SessionKey *);
|
||||
|
||||
/* Is session verified by protocol
|
||||
*
|
||||
* Parameters
|
||||
* Session Control Block
|
||||
*/
|
||||
bool (*is_session_verified)( void * );
|
||||
|
||||
/* remove session from oneway list
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
* Session Control Block
|
||||
*/
|
||||
void (*remove_session_from_oneway_list)( uint32_t, void * );
|
||||
|
||||
/* Delete a session
|
||||
*
|
||||
* Parameters
|
||||
* Session cache (protocol specific)
|
||||
* Session Control Block
|
||||
* Reason
|
||||
*/
|
||||
int (*delete_session)(void *, void *, char *);
|
||||
|
||||
/* Delete a session but without providing the session cache.
|
||||
*
|
||||
* Parameters
|
||||
* Session Control Block
|
||||
* Reason
|
||||
*/
|
||||
int (*delete_session_by_key)(void *, char *);
|
||||
|
||||
/* Print session cache
|
||||
*
|
||||
* Parameters
|
||||
* Session cache (protocol specific)
|
||||
*
|
||||
*/
|
||||
void (*print_session_cache)(void *);
|
||||
|
||||
/* Delete session cache
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
*
|
||||
*/
|
||||
int (*delete_session_cache)( uint32_t protocol );
|
||||
|
||||
/* Purge session cache
|
||||
*
|
||||
* Parameters
|
||||
* Session cache (protocol specific)
|
||||
*
|
||||
*/
|
||||
int (*purge_session_cache)(void *);
|
||||
|
||||
/* Prune session cache
|
||||
*
|
||||
* Parameters
|
||||
* Session cache (protocol specific)
|
||||
* Time
|
||||
* Session Control Block
|
||||
* Mem Check
|
||||
*
|
||||
*/
|
||||
int (*prune_session_cache)(void *, uint32_t, void *, int);
|
||||
|
||||
/* Clean memory pool for protocol sessions by protocol
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
*
|
||||
*/
|
||||
void (*clean_protocol_session_pool)( uint32_t );
|
||||
|
||||
/* Free protocol session memory by protocol
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
* Session Pointer
|
||||
*/
|
||||
void (*free_protocol_session_pool)( uint32_t, void * );
|
||||
|
||||
/* Allocate session from protocol session pool
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
*/
|
||||
void *(*alloc_protocol_session)( uint32_t );
|
||||
|
||||
/* Get session count
|
||||
*
|
||||
* Parameters
|
||||
* Session cache (protocol specific)
|
||||
*
|
||||
*/
|
||||
int (*get_session_count)(void *);
|
||||
|
||||
/* Get prune count by protocol
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
*/
|
||||
uint32_t (*get_session_prune_count)( uint32_t protocol );
|
||||
|
||||
/* Reset prune count by protocol
|
||||
*
|
||||
* Parameters
|
||||
* protocol
|
||||
*/
|
||||
void (*reset_session_prune_count)( uint32_t protocol );
|
||||
|
||||
/* Check session timeout
|
||||
*
|
||||
* Parameters
|
||||
* Flow count
|
||||
* Current time
|
||||
*/
|
||||
void (*check_session_timeout)( uint32_t, time_t );
|
||||
|
||||
/* Return status of protocol tracking for specified protocol
|
||||
*
|
||||
* Parameters
|
||||
* proto
|
||||
*
|
||||
*/
|
||||
int (*protocol_tracking_enabled)( IpProto proto );
|
||||
|
||||
/* Set packet direction flag
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
* Session Control Block
|
||||
*
|
||||
*/
|
||||
void (*set_packet_direction_flag)(Packet *, void *);
|
||||
|
||||
/* Free session application data
|
||||
*
|
||||
* Parameters
|
||||
* Session Control Block
|
||||
*
|
||||
*/
|
||||
void (*free_application_data)(void *);
|
||||
|
||||
/* Get direction of packet
|
||||
*
|
||||
* Parameters:
|
||||
* Packet
|
||||
*/
|
||||
uint32_t (*get_packet_direction)(Packet *);
|
||||
|
||||
/* Disable inspection for a sesion.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Packet
|
||||
*/
|
||||
void (*disable_inspection)(void *, Packet *);
|
||||
|
||||
/* Stop inspection for session, up to count bytes (-1 to ignore
|
||||
* for life or until resume).
|
||||
*
|
||||
* If response flag is set, automatically resume inspection up to
|
||||
* count bytes when a data packet in the other direction is seen.
|
||||
*
|
||||
* Also marks the packet to be ignored
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Packet
|
||||
* Direction
|
||||
* Bytes
|
||||
* Response Flag
|
||||
*/
|
||||
void (*stop_inspection)(void *, Packet *, char, int32_t, int);
|
||||
|
||||
/* Turn off inspection for potential session.
|
||||
* Adds session identifiers to a hash table.
|
||||
* TCP only.
|
||||
*
|
||||
* Parameters
|
||||
* IP addr #1
|
||||
* Port #1
|
||||
* IP addr #2
|
||||
* Port #2
|
||||
* Protocol
|
||||
* Preprocessor ID
|
||||
* Direction
|
||||
* Flags (permanent)
|
||||
*
|
||||
* Returns
|
||||
* 0 on success
|
||||
* -1 on failure
|
||||
*/
|
||||
int (*ignore_session)(const Packet *, sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, uint8_t,
|
||||
uint32_t, char, char, struct _ExpectNode**);
|
||||
|
||||
/* Get direction that data is being ignored.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*/
|
||||
int (*get_ignore_direction)(void *);
|
||||
|
||||
/* Resume inspection for session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Direction
|
||||
*/
|
||||
void (*resume_inspection)(void *, char);
|
||||
|
||||
/* Drop traffic arriving on session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Direction
|
||||
*/
|
||||
void (*drop_traffic)(Packet *, void *, char);
|
||||
|
||||
/* Set a reference to application data for a session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Application Protocol
|
||||
* Application Data reference (pointer)
|
||||
* Application Data free function
|
||||
*
|
||||
* Returns
|
||||
* 0 on success
|
||||
* -1 on failure
|
||||
*/
|
||||
int (*set_application_data)(void *, uint32_t, void *, StreamAppDataFree);
|
||||
|
||||
/* Set a reference to application data for a session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Application Protocol
|
||||
*
|
||||
* Returns
|
||||
* Application Data reference (pointer)
|
||||
*/
|
||||
void *(*get_application_data)(void *, uint32_t);
|
||||
|
||||
/*
|
||||
* Set Expiration Timeout
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
* Session Ptr
|
||||
* timeout
|
||||
*/
|
||||
void (*set_expire_timer)( Packet *, void *, uint32_t );
|
||||
|
||||
/* Get Expriration Timeou
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
* Session Ptr
|
||||
*
|
||||
*/
|
||||
int (*get_expire_timer)( Packet *, void *);
|
||||
|
||||
/* Sets the flags for a session
|
||||
* This ORs the supplied flags with the previous values
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Flags
|
||||
*
|
||||
* Returns
|
||||
* New Flags
|
||||
*/
|
||||
uint32_t (*set_session_flags)(void *, uint32_t);
|
||||
|
||||
/* Gets the flags for a session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*/
|
||||
uint32_t (*get_session_flags)(void *);
|
||||
|
||||
/* Get the runtime policy index for policy type
|
||||
* specified
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Policy Type: NAP or IPS
|
||||
*/
|
||||
tSfPolicyId (*get_runtime_policy)(void *, int);
|
||||
|
||||
/* Set the runtime policy index for policy type
|
||||
* specified
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Policy Type: NAP or IPS
|
||||
* Index for this policy
|
||||
*/
|
||||
void (*set_runtime_policy)(void *, int, tSfPolicyId);
|
||||
|
||||
|
||||
/* Get Flowbits data
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
*
|
||||
* Returns
|
||||
* Ptr to Flowbits Data
|
||||
*/
|
||||
|
||||
StreamFlowData *(*get_flow_data)(Packet *p);
|
||||
|
||||
/* Set if Session Deletion to be delayed
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* bool to set/unset delay_session_deletion_flag
|
||||
*
|
||||
*/
|
||||
void (*set_session_deletion_delayed)(void *, bool);
|
||||
|
||||
/* Returns if SessionDeletion to be delayed or not
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*
|
||||
* Returns
|
||||
* bool value denoting if sessionDeletion Delayed or not
|
||||
*
|
||||
*/
|
||||
bool (*is_session_deletion_delayed)(void *);
|
||||
|
||||
#ifdef TARGET_BASED
|
||||
/* Register preproc handler for the specifed application id
|
||||
*
|
||||
* Parameters
|
||||
* Preprocessor Id
|
||||
* Application ID
|
||||
*/
|
||||
void (*register_service_handler)(uint32_t, int16_t);
|
||||
|
||||
|
||||
/* Get the protocol identifier from a stream
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*
|
||||
* Returns
|
||||
* integer protocol identifier
|
||||
*/
|
||||
int16_t (*get_application_protocol_id)(void *);
|
||||
|
||||
/* Set the protocol identifier for a stream
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* ID
|
||||
*
|
||||
* Returns
|
||||
* integer protocol identifier
|
||||
*/
|
||||
int16_t (*set_application_protocol_id)(void *, int16_t);
|
||||
|
||||
/* Get server IP address. This could be used either during packet processing or when
|
||||
* a session is being closed. Caller should make a deep copy if return value is needed
|
||||
* for later use.
|
||||
*
|
||||
* Arguments
|
||||
* void * - session pointer
|
||||
* uint32_t - direction. Valid values are SSN_DIR_SERVER or SSN_DIR_CLIENT
|
||||
*
|
||||
* Returns
|
||||
* IP address. Contents at the buffer should not be changed. The
|
||||
*/
|
||||
sfaddr_t* (*get_session_ip_address)(void *, uint32_t);
|
||||
|
||||
/* Get server/client ports.
|
||||
*
|
||||
* Arguments
|
||||
* void * - session pointer
|
||||
* uint16_t *client_port - client port pointer
|
||||
* uint16_t *server_port - server port pointer
|
||||
*
|
||||
* Returns
|
||||
* Ports.
|
||||
*/
|
||||
void (*get_session_ports)(void *, uint16_t *client_port, uint16_t *server_port);
|
||||
#endif
|
||||
|
||||
/** Get an independent bit to allow an entity to enable and
|
||||
* disable port session tracking and syn session creation
|
||||
* without affecting the status of set by other entities.
|
||||
* Returns a bitmask (with the bit range 3-15) or 0, if no bits
|
||||
* are available.
|
||||
*/
|
||||
uint16_t (*get_preprocessor_status_bit)(void);
|
||||
|
||||
#ifdef ACTIVE_RESPONSE
|
||||
// initialize response count and expiration time
|
||||
void (*init_active_response)(Packet *, void *);
|
||||
#endif
|
||||
|
||||
// Get the TTL value used at session setup
|
||||
// outer=0 to get inner ip ttl for ip in ip; else outer=1
|
||||
uint8_t (*get_session_ttl)(void *ssnptr, char direction, int outer);
|
||||
|
||||
/* Turn off inspection for potential session.
|
||||
* Adds session identifiers to a hash table.
|
||||
* TCP only.
|
||||
*
|
||||
* Parameters
|
||||
* Control Channel Packet
|
||||
* IP addr #1
|
||||
* Port #1
|
||||
* IP addr #2
|
||||
* Port #2
|
||||
* Protocol
|
||||
* ID,
|
||||
* Preprocessor ID calling this function,
|
||||
* Preprocessor specific data,
|
||||
* Preprocessor data free function. If NULL, then static buffer is assumed.
|
||||
*
|
||||
* Returns
|
||||
* 0 on success
|
||||
* -1 on failure
|
||||
*/
|
||||
int (*set_application_protocol_id_expected)(const Packet *, sfaddr_t*, uint16_t, sfaddr_t*, uint16_t,
|
||||
uint8_t, int16_t, uint32_t, void*, void (*)(void*), struct _ExpectNode**);
|
||||
|
||||
#ifdef ENABLE_HA
|
||||
/* Register a high availability producer and consumer function pair for a
|
||||
* particular preprocessor ID and subcode combination.
|
||||
*
|
||||
* Parameters
|
||||
* Processor ID
|
||||
* Subcode
|
||||
* Maximum Message Size
|
||||
* Message Producer Function
|
||||
* Message Consumer Function
|
||||
*
|
||||
* Returns
|
||||
* >= 0 on success
|
||||
* The returned value is the bit number in the HA pending bitmask and
|
||||
* should be stored for future calls to set_ha_pending_bit().
|
||||
* < 0 on failure
|
||||
*/
|
||||
int (*register_ha_funcs)(uint32_t preproc_id, uint8_t subcode, uint8_t size,
|
||||
StreamHAProducerFunc produce, StreamHAConsumerFunc consume);
|
||||
|
||||
/* Indicate a pending high availability update for a given session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* HA Pending Update Bit
|
||||
*/
|
||||
void (*set_ha_pending_bit)(void *, int bit);
|
||||
|
||||
/* Attempt to process any pending HA events for the given session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* DAQ Packet Header for the packet being processed (Could be NULL)
|
||||
*/
|
||||
void (*process_ha)(void *, const DAQ_PktHdr_t *);
|
||||
#endif
|
||||
|
||||
//Retrieve the maximum session limits for the given policy
|
||||
void (*get_max_session_limits)(tSfPolicyId, StreamSessionLimits*);
|
||||
|
||||
/* Set direction that data is being ignored.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*/
|
||||
int (*set_ignore_direction)(void *, int);
|
||||
|
||||
/** Retrieve stream session pointer based on the lookup tuples for
|
||||
* cases where Snort does not have an active packet that is
|
||||
* relevant.
|
||||
*
|
||||
* Parameters
|
||||
* IP addr #1
|
||||
* Port #1 (0 for non TCP/UDP)
|
||||
* IP addr #2
|
||||
* Port #2 (0 for non TCP/UDP)
|
||||
* Protocol
|
||||
* VLAN ID
|
||||
* MPLS ID
|
||||
* Address Space ID
|
||||
*
|
||||
* Returns
|
||||
* Stream session pointer
|
||||
*/
|
||||
void *(*get_session_ptr_from_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char,
|
||||
uint16_t, uint32_t, uint16_t);
|
||||
|
||||
/** Retrieve the session key given a stream session pointer.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*
|
||||
* Returns
|
||||
* Stream session key
|
||||
*/
|
||||
const StreamSessionKey *(*get_key_from_session_ptr)(const void *);
|
||||
|
||||
/* Delete the session if it is in the closed session state.
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
*/
|
||||
void (*check_session_closed)(Packet *);
|
||||
|
||||
/* Create a session key from the Packet
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
*/
|
||||
StreamSessionKey *(*get_session_key)(Packet *);
|
||||
|
||||
/* Get the application data from the session key
|
||||
*
|
||||
* Parameters
|
||||
* SessionKey *
|
||||
* Application Protocol
|
||||
*/
|
||||
void *(*get_application_data_from_key)(const StreamSessionKey *, uint32_t);
|
||||
|
||||
/** Retrieve application session data based on the lookup tuples for
|
||||
* cases where Snort does not have an active packet that is
|
||||
* relevant.
|
||||
*
|
||||
* Parameters
|
||||
* IP addr #1
|
||||
* Port #1 (0 for non TCP/UDP)
|
||||
* IP addr #2
|
||||
* Port #2 (0 for non TCP/UDP)
|
||||
* Protocol
|
||||
* VLAN ID
|
||||
* MPLS ID
|
||||
* Address Space ID
|
||||
* Preprocessor ID
|
||||
*
|
||||
* Returns
|
||||
* Application Data reference (pointer)
|
||||
*/
|
||||
void *(*get_application_data_from_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char,
|
||||
uint16_t, uint32_t, uint16_t, uint32_t);
|
||||
|
||||
void (*disable_preproc_for_session)( void *, uint32_t );
|
||||
void (*enable_preproc_for_port)( struct _SnortConfig *, uint32_t, uint32_t, uint16_t );
|
||||
void (*enable_preproc_all_ports)( struct _SnortConfig *, uint32_t, uint32_t );
|
||||
void (*enable_preproc_all_ports_all_policies)( struct _SnortConfig *, uint32_t, uint32_t );
|
||||
bool (*is_preproc_enabled_for_port)( uint32_t, uint16_t );
|
||||
void (*register_nap_selector)( nap_selector );
|
||||
void (*register_mandatory_early_session_creator)(struct _SnortConfig *,
|
||||
MandatoryEarlySessionCreatorFn callback);
|
||||
void* (*get_application_data_from_expected_node)(struct _ExpectNode*, uint32_t);
|
||||
int (*add_application_data_to_expected_node)(struct _ExpectNode*, uint32_t, void*, void (*)(void*));
|
||||
void (*register_get_http_xff_precedence)(GetHttpXffPrecedenceFunc );
|
||||
char** (*get_http_xff_precedence)(void* ssn, uint32_t flags, int* nFields);
|
||||
struct _ExpectNode* (*get_next_expected_node)(struct _ExpectNode*);
|
||||
} SessionAPI;
|
||||
|
||||
/* To be set by Session */
|
||||
extern SessionAPI *session_api;
|
||||
|
||||
/**Port Inspection States. Port can be either ignored,
|
||||
* or inspected or session tracked. The values are bitmasks.
|
||||
*/
|
||||
typedef enum {
|
||||
/**Dont monitor the port. */
|
||||
PORT_MONITOR_NONE = 0x00,
|
||||
|
||||
/**Inspect the port. */
|
||||
PORT_MONITOR_INSPECT = 0x01,
|
||||
|
||||
/**perform session tracking on the port. */
|
||||
PORT_MONITOR_SESSION = 0x02
|
||||
|
||||
} PortMonitorStates;
|
||||
|
||||
#define PORT_MONITOR_SESSION_BITS 0xFFFE
|
||||
|
||||
#define PP_SESSION_PRIORITY PRIORITY_CORE + PP_CORE_ORDER_SESSION
|
||||
|
||||
// Utility functions
|
||||
//
|
||||
/*********************************************************************
|
||||
* Function: isPortEnabled
|
||||
*
|
||||
* Checks to see if a port is enabled in the port array mask
|
||||
* passed in.
|
||||
*
|
||||
* Arguments:
|
||||
* uint8_t *
|
||||
* Pointer to a port array mask.
|
||||
* const uint16_t
|
||||
* The port to check for in the mask.
|
||||
*
|
||||
* Returns:
|
||||
* bool
|
||||
* true if the port is set.
|
||||
* false if the port is not set.
|
||||
*
|
||||
*********************************************************************/
|
||||
static inline bool isPortEnabled( const uint8_t *port_array, const uint16_t port )
|
||||
{
|
||||
return port_array[ ( port / 8 ) ] & ( 1 << ( port % 8 ) );
|
||||
}
|
||||
|
||||
/*********************************************************************
|
||||
* Function: enablePort()
|
||||
*
|
||||
* Enable a port in the port array mask passed in.
|
||||
*
|
||||
* Arguments:
|
||||
* uint8_t *
|
||||
* Pointer to a port array mask.
|
||||
* const uint16_t
|
||||
* The port to set in the port array mask.
|
||||
*
|
||||
* Returns: None
|
||||
*
|
||||
*********************************************************************/
|
||||
static inline void enablePort( uint8_t *port_array, const uint16_t port )
|
||||
{
|
||||
port_array[ ( port / 8 ) ] |= ( 1 << ( port % 8 ) );
|
||||
}
|
||||
|
||||
/*********************************************************************
|
||||
* Function: disablePort()
|
||||
*
|
||||
* Disable a port in the port array mask passed in.
|
||||
*
|
||||
* Arguments:
|
||||
* uint8_t *
|
||||
* Pointer to a port array mask.
|
||||
* const uint16_t
|
||||
* The port to set in the port array mask.
|
||||
*
|
||||
* Returns: None
|
||||
*
|
||||
*********************************************************************/
|
||||
static inline void disablePort( uint8_t *port_array, const uint16_t port )
|
||||
{
|
||||
port_array[ ( port / 8 ) ] &= ~( 1 << ( port % 8 ) );
|
||||
}
|
||||
|
||||
#endif /* SESSION_API_H_ */
|
||||
|
|
@ -1,5 +1,6 @@
|
|||
/****************************************************************************
|
||||
* Copyright (C) 2008-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2008-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,7 +15,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -24,16 +25,17 @@
|
|||
#include "sf_ip.h"
|
||||
#include "ipv6_port.h"
|
||||
#include "sfrt.h"
|
||||
#include "debug.h"
|
||||
#include "snort_debug.h"
|
||||
|
||||
/**Number of additional policies allocated with each re-alloc operation. */
|
||||
#define POLICY_ALLOCATION_CHUNK 10
|
||||
#define SF_VLAN_BINDING_MAX 4096
|
||||
#define SF_POLICY_ID_BINDING_MAX 4096
|
||||
#define SF_NETWORK_BINDING_MAX 4096
|
||||
#define SF_VLAN_UNBOUND 0xffffffff
|
||||
#define SF_POLICY_UNBOUND 0xffffffff
|
||||
#define SF_DEFAULT_POLICY_ID 0
|
||||
|
||||
|
||||
/* vlan id or address range is reduced to policy id. and subsequent processing is done using policy id only. */
|
||||
/*vlan id or address range is reduced to policy id. and subsequent processing is done using policy id only. */
|
||||
|
||||
typedef struct
|
||||
{
|
||||
|
@ -48,6 +50,7 @@ typedef struct
|
|||
typedef enum {
|
||||
SF_BINDING_TYPE_VLAN,
|
||||
SF_BINDING_TYPE_NETWORK,
|
||||
SF_BINDING_TYPE_POLICY_ID,
|
||||
SF_BINDING_TYPE_UNKNOWN
|
||||
} tSF_BINDING_TYPE;
|
||||
|
||||
|
@ -64,15 +67,13 @@ typedef struct
|
|||
unsigned int numActivePolicies;
|
||||
/**vlan to policyId bindings. */
|
||||
tSfPolicyId vlanBindings[SF_VLAN_BINDING_MAX];
|
||||
/**policyId to policyId bindings. */
|
||||
tSfPolicyId policyIdBindings[SF_POLICY_ID_BINDING_MAX];
|
||||
/**Network to policyId bindings. */
|
||||
table_t *netBindTable;
|
||||
|
||||
} tSfPolicyConfig;
|
||||
|
||||
|
||||
extern tSfPolicyId runtimePolicyId;
|
||||
extern tSfPolicyId parserPolicyId;
|
||||
|
||||
tSfPolicyConfig * sfPolicyInit(
|
||||
void
|
||||
);
|
||||
|
@ -104,27 +105,40 @@ void sfVlanDeleteBinding(
|
|||
tSfPolicyConfig *,
|
||||
int
|
||||
);
|
||||
int sfPolicyIdAddBinding(
|
||||
tSfPolicyConfig *,
|
||||
int,
|
||||
char *
|
||||
);
|
||||
tSfPolicyId sfPolicyIdGetBinding(
|
||||
tSfPolicyConfig *,
|
||||
int
|
||||
);
|
||||
void sfPolicyIdDeleteBinding(
|
||||
tSfPolicyConfig *,
|
||||
int
|
||||
);
|
||||
unsigned int sfGetApplicablePolicyId(
|
||||
tSfPolicyConfig *,
|
||||
int,
|
||||
snort_ip_p,
|
||||
snort_ip_p
|
||||
sfaddr_t*,
|
||||
sfaddr_t*
|
||||
);
|
||||
int sfNetworkAddBinding(
|
||||
tSfPolicyConfig *,
|
||||
sfip_t *,
|
||||
sfcidr_t *,
|
||||
char *
|
||||
);
|
||||
unsigned int sfNetworkGetBinding(
|
||||
tSfPolicyConfig *,
|
||||
snort_ip_p
|
||||
sfaddr_t*
|
||||
);
|
||||
void sfNetworkDeleteBinding(
|
||||
tSfPolicyConfig *,
|
||||
snort_ip_p
|
||||
sfaddr_t*
|
||||
);
|
||||
|
||||
static INLINE tSfPolicyId sfGetDefaultPolicy(
|
||||
static inline tSfPolicyId sfGetDefaultPolicy(
|
||||
tSfPolicyConfig *config
|
||||
)
|
||||
{
|
||||
|
@ -134,7 +148,7 @@ static INLINE tSfPolicyId sfGetDefaultPolicy(
|
|||
return config->defaultPolicyId;
|
||||
}
|
||||
|
||||
static INLINE void sfSetDefaultPolicy(
|
||||
static inline void sfSetDefaultPolicy(
|
||||
tSfPolicyConfig *config,
|
||||
tSfPolicyId policyId
|
||||
)
|
||||
|
@ -145,7 +159,7 @@ static INLINE void sfSetDefaultPolicy(
|
|||
config->defaultPolicyId = policyId;
|
||||
}
|
||||
|
||||
static INLINE tSfPolicyId sfPolicyNumAllocated(
|
||||
static inline tSfPolicyId sfPolicyNumAllocated(
|
||||
tSfPolicyConfig *config
|
||||
)
|
||||
{
|
||||
|
@ -155,10 +169,15 @@ static INLINE tSfPolicyId sfPolicyNumAllocated(
|
|||
return config->numAllocatedPolicies;
|
||||
}
|
||||
|
||||
/* dynamic array functions */
|
||||
/*dynamic array functions */
|
||||
int sfDynArrayCheckBounds (
|
||||
void ** dynArray,
|
||||
unsigned int index,
|
||||
void ** dynArray,
|
||||
unsigned int index,
|
||||
unsigned int *maxElements
|
||||
);
|
||||
|
||||
typedef tSfPolicyId (*GetPolicyFunc)(void);
|
||||
struct _SnortConfig;
|
||||
typedef tSfPolicyId (*GetParserPolicyFunc)(struct _SnortConfig *);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/****************************************************************************
|
||||
* Copyright (C) 2008-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2008-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,18 +15,20 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include "stdlib.h"
|
||||
#include "string.h"
|
||||
#include "sf_types.h"
|
||||
#include "sfPolicy.h"
|
||||
#include "sfPolicyUserData.h"
|
||||
|
||||
tSfPolicyId runtimePolicyId = 0;
|
||||
tSfPolicyId parserPolicyId = 0;
|
||||
|
||||
/** @defgroup sfPolicyConfig Sourcefire policy configuration module
|
||||
*
|
||||
* Create a user policy configuration context. A context provides facility for creating
|
||||
|
@ -39,7 +42,7 @@ tSfPolicyId parserPolicyId = 0;
|
|||
* and put it in a new policy management module. Policy management module will set a single
|
||||
* pointer to user data before calling appropriate callback function in a preprocessor. As
|
||||
* an example, policy module will iterate over all policies and call CleanExit functions in every
|
||||
* preprocessor for each policy. This will make policy management module will hide policies from
|
||||
* preprocessor for each policy. This will make policy management module will hide policies from
|
||||
* preprocessors and make them policy agnostic.
|
||||
* @{
|
||||
*/
|
||||
|
@ -48,14 +51,14 @@ tSfPolicyId parserPolicyId = 0;
|
|||
* Allocates a new context and return it to user. All transactions within a context are independent from
|
||||
* any other transactions in a different context.
|
||||
*
|
||||
* @returns tSfPolicyUserContextId
|
||||
* @returns tSfPolicyUserContextId
|
||||
*/
|
||||
tSfPolicyUserContextId sfPolicyConfigCreate(void)
|
||||
{
|
||||
tSfPolicyUserContext *pTmp = NULL;
|
||||
|
||||
pTmp = calloc(1, sizeof(tSfPolicyUserContext));
|
||||
|
||||
|
||||
return pTmp;
|
||||
}
|
||||
|
||||
|
@ -78,11 +81,11 @@ void sfPolicyConfigDelete(
|
|||
/**Store a pointer to user data.
|
||||
* @param pContext
|
||||
* @param policyId is 0 based.
|
||||
* @param config - pointer to user configuration.
|
||||
* @param config - pointer to user configuration.
|
||||
*/
|
||||
int sfPolicyUserDataSet (
|
||||
tSfPolicyUserContextId pContext,
|
||||
tSfPolicyId policyId,
|
||||
tSfPolicyUserContextId pContext,
|
||||
tSfPolicyId policyId,
|
||||
void *config
|
||||
)
|
||||
{
|
||||
|
@ -90,7 +93,7 @@ int sfPolicyUserDataSet (
|
|||
|
||||
if (policyId >= pContext->numAllocatedPolicies)
|
||||
{
|
||||
/*expand the array*/
|
||||
//expand the array
|
||||
ppTmp = (void **)calloc(policyId+POLICY_ALLOCATION_CHUNK, sizeof(void *));
|
||||
if (!(ppTmp))
|
||||
{
|
||||
|
@ -109,9 +112,9 @@ int sfPolicyUserDataSet (
|
|||
|
||||
if (pContext->userConfig[policyId])
|
||||
{
|
||||
/*dont overwrite existing configuration*/
|
||||
//dont overwrite existing configuration
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
pContext->userConfig[policyId] = config;
|
||||
pContext->numActivePolicies++;
|
||||
|
@ -139,14 +142,37 @@ void * sfPolicyUserDataClear (
|
|||
}
|
||||
|
||||
int sfPolicyUserDataIterate (
|
||||
tSfPolicyUserContextId pContext,
|
||||
struct _SnortConfig *sc,
|
||||
tSfPolicyUserContextId pContext,
|
||||
int (*callback)(struct _SnortConfig *sc, tSfPolicyUserContextId pContext, tSfPolicyId policyId, void* config)
|
||||
)
|
||||
{
|
||||
tSfPolicyId policyId;
|
||||
int ret = 0;
|
||||
|
||||
//must not use numActivePolicies because the callback may delete a policy
|
||||
for (policyId = 0; policyId < pContext->numAllocatedPolicies; policyId++)
|
||||
{
|
||||
if (pContext->userConfig[policyId])
|
||||
{
|
||||
ret = callback(sc, pContext, policyId, pContext->userConfig[policyId]);
|
||||
if (ret != 0)
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int sfPolicyUserDataFreeIterate (
|
||||
tSfPolicyUserContextId pContext,
|
||||
int (*callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void* config)
|
||||
)
|
||||
{
|
||||
tSfPolicyId policyId;
|
||||
int ret = 0;
|
||||
|
||||
/*must not use numActivePolicies because the callback may delete a policy*/
|
||||
//must not use numActivePolicies because the callback may delete a policy
|
||||
for (policyId = 0; policyId < pContext->numAllocatedPolicies; policyId++)
|
||||
{
|
||||
if (pContext->userConfig[policyId])
|
||||
|
@ -160,6 +186,5 @@ int sfPolicyUserDataIterate (
|
|||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/** @} */
|
||||
/** @} */ //
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/****************************************************************************
|
||||
* Copyright (C) 2008-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2008-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,7 +15,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -25,7 +26,6 @@
|
|||
#include "ipv6_port.h"
|
||||
#include "sfPolicy.h"
|
||||
#include "sf_dynamic_preprocessor.h"
|
||||
extern DynamicPreprocessorData _dpd;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
|
@ -37,11 +37,11 @@ typedef struct
|
|||
*/
|
||||
unsigned int numAllocatedPolicies;
|
||||
|
||||
/**Number of policies active. Since we use an array of policy pointers,
|
||||
/**Number of policies active. Since we use an array of policy pointers,
|
||||
* number of allocated policies may be more than active policies. */
|
||||
unsigned int numActivePolicies;
|
||||
|
||||
/**user configuration for a policy. This is a pointer to an array of pointers
|
||||
/**user configuration for a policy. This is a pointer to an array of pointers
|
||||
* to user configuration.
|
||||
*/
|
||||
void **userConfig;
|
||||
|
@ -51,94 +51,68 @@ typedef struct
|
|||
typedef tSfPolicyUserContext * tSfPolicyUserContextId;
|
||||
|
||||
|
||||
tSfPolicyUserContextId sfPolicyConfigCreate(
|
||||
void
|
||||
);
|
||||
tSfPolicyUserContextId sfPolicyConfigCreate( void );
|
||||
void sfPolicyConfigDelete( tSfPolicyUserContextId pContext );
|
||||
|
||||
void sfPolicyConfigDelete(
|
||||
tSfPolicyUserContextId pContext
|
||||
);
|
||||
|
||||
/* Functions for setting, getting and clearing policy ids */
|
||||
static INLINE void sfPolicyUserPolicySet (
|
||||
tSfPolicyUserContextId pContext,
|
||||
tSfPolicyId policyId
|
||||
)
|
||||
//Functions for setting, getting and clearing policy ids
|
||||
static inline void sfPolicyUserPolicySet ( tSfPolicyUserContextId pContext, tSfPolicyId policyId )
|
||||
{
|
||||
pContext->currentPolicyId = policyId;
|
||||
}
|
||||
|
||||
static INLINE tSfPolicyId sfPolicyUserPolicyGet (
|
||||
tSfPolicyUserContextId pContext
|
||||
)
|
||||
static inline tSfPolicyId sfPolicyUserPolicyGet ( tSfPolicyUserContextId pContext )
|
||||
{
|
||||
return pContext->currentPolicyId;
|
||||
}
|
||||
|
||||
static INLINE unsigned int sfPolicyUserPolicyGetActive (
|
||||
tSfPolicyUserContextId pContext
|
||||
)
|
||||
static inline unsigned int sfPolicyUserPolicyGetActive ( tSfPolicyUserContextId pContext )
|
||||
{
|
||||
return (pContext->numActivePolicies);
|
||||
}
|
||||
|
||||
/* Functions for setting, getting and clearing user data specific to policies. */
|
||||
int sfPolicyUserDataSet (
|
||||
tSfPolicyUserContextId pContext,
|
||||
tSfPolicyId policyId,
|
||||
void *config
|
||||
);
|
||||
static INLINE void * sfPolicyUserDataGet (
|
||||
tSfPolicyUserContextId pContext,
|
||||
tSfPolicyId policyId
|
||||
)
|
||||
//Functions for setting, getting and clearing user data specific to policies.
|
||||
int sfPolicyUserDataSet ( tSfPolicyUserContextId pContext, tSfPolicyId policyId, void *config );
|
||||
|
||||
static inline void * sfPolicyUserDataGet ( tSfPolicyUserContextId pContext, tSfPolicyId policyId )
|
||||
{
|
||||
if ((pContext != NULL) && (policyId < pContext->numAllocatedPolicies))
|
||||
{
|
||||
if (pContext && policyId < pContext->numAllocatedPolicies)
|
||||
return pContext->userConfig[policyId];
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static INLINE int sfPolicyUserDataSetDefault (
|
||||
tSfPolicyUserContextId pContext,
|
||||
void *config
|
||||
)
|
||||
static inline int sfPolicyUserDataSetDefault ( tSfPolicyUserContextId pContext, void *config )
|
||||
{
|
||||
return sfPolicyUserDataSet (pContext, _dpd.getDefaultPolicy(), config);
|
||||
}
|
||||
|
||||
static INLINE void * sfPolicyUserDataGetDefault (
|
||||
tSfPolicyUserContextId pContext
|
||||
)
|
||||
static inline void * sfPolicyUserDataGetDefault ( tSfPolicyUserContextId pContext )
|
||||
{
|
||||
return sfPolicyUserDataGet (pContext, _dpd.getDefaultPolicy());
|
||||
}
|
||||
|
||||
static INLINE int sfPolicyUserDataSetCurrent (
|
||||
tSfPolicyUserContextId pContext,
|
||||
void *config
|
||||
)
|
||||
static inline int sfPolicyUserDataSetCurrent ( tSfPolicyUserContextId pContext, void *config )
|
||||
{
|
||||
return sfPolicyUserDataSet (pContext, pContext->currentPolicyId, config);
|
||||
}
|
||||
static INLINE void * sfPolicyUserDataGetCurrent (
|
||||
tSfPolicyUserContextId pContext
|
||||
)
|
||||
|
||||
static inline void * sfPolicyUserDataGetCurrent ( tSfPolicyUserContextId pContext )
|
||||
{
|
||||
return sfPolicyUserDataGet (pContext, pContext->currentPolicyId);
|
||||
}
|
||||
|
||||
void * sfPolicyUserDataClear (
|
||||
tSfPolicyUserContextId pContext,
|
||||
tSfPolicyId policyId
|
||||
);
|
||||
void *sfPolicyUserDataClear( tSfPolicyUserContextId pContext, tSfPolicyId policyId );
|
||||
|
||||
int sfPolicyUserDataIterate (
|
||||
tSfPolicyUserContextId pContext,
|
||||
int (*callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void* config)
|
||||
);
|
||||
int sfPolicyUserDataIterate( struct _SnortConfig *sc, tSfPolicyUserContextId pContext,
|
||||
int ( *callback )( struct _SnortConfig *sc,
|
||||
tSfPolicyUserContextId pContext,
|
||||
tSfPolicyId policyId,
|
||||
void *config ) );
|
||||
|
||||
int sfPolicyUserDataFreeIterate( tSfPolicyUserContextId pContext,
|
||||
int ( *callback )( tSfPolicyUserContextId pContext,
|
||||
tSfPolicyId policyId,
|
||||
void *config ) );
|
||||
|
||||
|
||||
#endif
|
||||
|
|
|
@ -12,9 +12,10 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
* Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
*/
|
||||
#ifndef _SF_DYNAMIC_COMMON_H_
|
||||
|
@ -26,33 +27,57 @@
|
|||
#include <stdint.h>
|
||||
#endif
|
||||
|
||||
typedef void (*LogMsgFunc)(const char *, ...);
|
||||
typedef void (*DebugMsgFunc)(int, char *, ...);
|
||||
#ifdef HAVE_WCHAR_H
|
||||
typedef void (*DebugWideMsgFunc)(int, wchar_t *, ...);
|
||||
typedef enum {
|
||||
SF_FLAG_ALT_DECODE = 0x0001,
|
||||
SF_FLAG_ALT_DETECT = 0x0002,
|
||||
SF_FLAG_DETECT_ALL = 0xffff
|
||||
} SFDetectFlagType;
|
||||
|
||||
#ifdef SF_WCHAR
|
||||
#include <wchar.h>
|
||||
typedef void (*DebugWideMsgFunc)(uint64_t, const wchar_t *, ...);
|
||||
#endif
|
||||
typedef uint32_t (*GetSnortInstance)(void);
|
||||
|
||||
#define STD_BUF 1024
|
||||
|
||||
#define MAX_URIINFOS 10
|
||||
|
||||
#define HTTP_BUFFER_URI 0
|
||||
#define HTTP_BUFFER_RAW_URI 1
|
||||
#define HTTP_BUFFER_HEADER 2
|
||||
#define HTTP_BUFFER_RAW_HEADER 3
|
||||
#define HTTP_BUFFER_CLIENT_BODY 4
|
||||
#define HTTP_BUFFER_METHOD 5
|
||||
#define HTTP_BUFFER_COOKIE 6
|
||||
#define HTTP_BUFFER_RAW_COOKIE 7
|
||||
#define HTTP_BUFFER_STAT_CODE 8
|
||||
#define HTTP_BUFFER_STAT_MSG 9
|
||||
|
||||
typedef struct _UriInfo
|
||||
#ifndef DECODE_BLEN
|
||||
#define DECODE_BLEN 65535
|
||||
/* must be defined the same as in detection_util.h */
|
||||
typedef enum
|
||||
{
|
||||
uint8_t *uriBuffer;
|
||||
uint16_t uriLength;
|
||||
uint32_t uriDecodeFlags;
|
||||
HTTP_BUFFER_NONE,
|
||||
HTTP_BUFFER_URI,
|
||||
HTTP_BUFFER_HEADER,
|
||||
HTTP_BUFFER_CLIENT_BODY,
|
||||
HTTP_BUFFER_METHOD,
|
||||
HTTP_BUFFER_COOKIE,
|
||||
HTTP_BUFFER_STAT_CODE,
|
||||
HTTP_BUFFER_STAT_MSG,
|
||||
HTTP_BUFFER_RAW_URI,
|
||||
HTTP_BUFFER_RAW_HEADER,
|
||||
HTTP_BUFFER_RAW_COOKIE,
|
||||
HTTP_BUFFER_MAX
|
||||
} HTTP_BUFFER;
|
||||
#endif
|
||||
|
||||
} UriInfo;
|
||||
typedef struct {
|
||||
const uint8_t *data;
|
||||
uint16_t len;
|
||||
} SFDataPointer;
|
||||
|
||||
typedef struct {
|
||||
uint8_t data[DECODE_BLEN];
|
||||
uint16_t len;
|
||||
} SFDataBuffer;
|
||||
|
||||
typedef void (*LogMsgFunc)(const char *, ...);
|
||||
typedef void (*DebugMsgFunc)(uint64_t, const char *, ...);
|
||||
typedef int (*GetAltDetectFunc)(uint8_t **, uint16_t *);
|
||||
typedef void (*SetAltDetectFunc)(uint8_t *,uint16_t );
|
||||
typedef int (*IsDetectFlagFunc)(SFDetectFlagType);
|
||||
typedef void (*DetectFlagDisableFunc)(SFDetectFlagType);
|
||||
typedef void (*SetHttpBufferFunc)(HTTP_BUFFER, const uint8_t*, unsigned);
|
||||
typedef const uint8_t* (*GetHttpBufferFunc)(HTTP_BUFFER, unsigned*);
|
||||
|
||||
#endif /* _SF_DYNAMIC_COMMON_H_ */
|
||||
|
|
|
@ -12,9 +12,10 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
* Copyright (C) 2007-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2007-2013 Sourcefire, Inc.
|
||||
*
|
||||
* Author: Russ Combs
|
||||
*
|
||||
|
@ -29,10 +30,14 @@
|
|||
/* the OPTION_TYPE_* and FLOW_* values
|
||||
* are used as args to the hasFunc()
|
||||
* which replaces the prior has*Func()s.
|
||||
*
|
||||
* Try to add values to the end (just before OPTION_TYPE_MAX). Also, look
|
||||
* at OptionConverterArray in sf_convert_dynamic.c to make sure types align.
|
||||
*/
|
||||
typedef enum {
|
||||
OPTION_TYPE_PREPROCESSOR,
|
||||
OPTION_TYPE_CONTENT,
|
||||
OPTION_TYPE_PROTECTED_CONTENT,
|
||||
OPTION_TYPE_PCRE,
|
||||
OPTION_TYPE_FLOWBIT,
|
||||
OPTION_TYPE_FLOWFLAGS,
|
||||
|
@ -44,10 +49,16 @@ typedef enum {
|
|||
OPTION_TYPE_BYTE_EXTRACT,
|
||||
OPTION_TYPE_SET_CURSOR,
|
||||
OPTION_TYPE_LOOP,
|
||||
OPTION_TYPE_FILE_DATA,
|
||||
OPTION_TYPE_PKT_DATA,
|
||||
OPTION_TYPE_BASE64_DATA,
|
||||
OPTION_TYPE_BASE64_DECODE,
|
||||
OPTION_TYPE_BYTE_MATH,
|
||||
OPTION_TYPE_MAX
|
||||
} DynamicOptionType;
|
||||
|
||||
#define FLOW_ESTABLISHED 0x0010
|
||||
/* beware: these are redefined from sf_snort_packet.h FLAG_*! */
|
||||
#define FLOW_ESTABLISHED 0x0008
|
||||
#define FLOW_FR_SERVER 0x0040
|
||||
#define FLOW_TO_CLIENT 0x0040 /* Just for convenience */
|
||||
#define FLOW_TO_SERVER 0x0080
|
||||
|
@ -58,30 +69,45 @@ typedef enum {
|
|||
|
||||
#define SNORT_PCRE_OVERRIDE_MATCH_LIMIT 0x8000000
|
||||
|
||||
#ifndef SF_SO_PUBLIC
|
||||
#if defined _WIN32 || defined __CYGWIN__
|
||||
# if defined SF_SNORT_ENGINE_DLL || defined SF_SNORT_DETECTION_DLL || defined SF_SNORT_PREPROC_DLL
|
||||
# if defined SF_SNORT_ENGINE_DLL || defined SF_SNORT_DETECTION_DLL || \
|
||||
defined SF_SNORT_PREPROC_DLL
|
||||
# ifdef __GNUC__
|
||||
# define SO_PUBLIC __attribute__((dllexport))
|
||||
# define SF_SO_PUBLIC __attribute__((dllexport))
|
||||
# else
|
||||
# define SO_PUBLIC __declspec(dllexport)
|
||||
# define SF_SO_PUBLIC __declspec(dllexport)
|
||||
# endif
|
||||
# else
|
||||
# ifdef __GNUC__
|
||||
# define SO_PUBLIC __attribute__((dllimport))
|
||||
# define SF_SO_PUBLIC __attribute__((dllimport))
|
||||
# else
|
||||
# define SO_PUBLIC __declspec(dllimport)
|
||||
# define SF_SO_PUBLIC __declspec(dllimport)
|
||||
# endif
|
||||
# endif
|
||||
# define DLL_LOCAL
|
||||
#else
|
||||
# ifdef HAVE_VISIBILITY
|
||||
# define SO_PUBLIC __attribute__ ((visibility("default")))
|
||||
# define SO_PRIVATE __attribute__ ((visibility("hidden")))
|
||||
# ifdef SF_VISIBILITY
|
||||
# define SF_SO_PUBLIC __attribute__ ((visibility("default")))
|
||||
# define SF_SO_PRIVATE __attribute__ ((visibility("hidden")))
|
||||
# else
|
||||
# define SO_PUBLIC
|
||||
# define SO_PRIVATE
|
||||
# define SF_SO_PUBLIC
|
||||
# define SF_SO_PRIVATE
|
||||
# endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Parameters are rule info pointer, int to indicate URI or NORM,
|
||||
* and list pointer */
|
||||
/* low nibble must be HTTP_BUFFER_* (see sf_dynamic_common.h) */
|
||||
/* FIXTHIS eliminate these redefines */
|
||||
#define CONTENT_HTTP_URI 0x00000001
|
||||
#define CONTENT_HTTP_HEADER 0x00000002
|
||||
#define CONTENT_HTTP_CLIENT_BODY 0x00000003
|
||||
#define CONTENT_HTTP_METHOD 0x00000004
|
||||
|
||||
#define CONTENT_NORMAL 0x00010000
|
||||
#define CONTENT_HTTP 0x00000007
|
||||
|
||||
#endif /* _SF_DYNAMIC_DEFINE_H_ */
|
||||
|
||||
|
|
|
@ -12,9 +12,10 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
* Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
* Author: Steven Sturges
|
||||
*
|
||||
|
@ -24,10 +25,6 @@
|
|||
#ifndef _SF_DYNAMIC_ENGINE_H_
|
||||
#define _SF_DYNAMIC_ENGINE_H_
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#ifndef WIN32
|
||||
#include <sys/types.h>
|
||||
#else
|
||||
|
@ -36,9 +33,8 @@
|
|||
|
||||
#include "sf_dynamic_define.h"
|
||||
#include "sf_dynamic_meta.h"
|
||||
#include "sf_types.h"
|
||||
|
||||
/* specifies that a function does not return
|
||||
/* specifies that a function does not return
|
||||
* used for quieting Visual Studio warnings
|
||||
*/
|
||||
#ifdef WIN32
|
||||
|
@ -70,56 +66,58 @@ typedef struct _FPContentInfo
|
|||
char is_relative;
|
||||
char fp;
|
||||
char fp_only;
|
||||
u_int16_t fp_offset;
|
||||
u_int16_t fp_length;
|
||||
char uri_buffer;
|
||||
uint16_t fp_offset;
|
||||
uint16_t fp_length;
|
||||
struct _FPContentInfo *next;
|
||||
|
||||
} FPContentInfo;
|
||||
|
||||
/* Parameters are rule info pointer, int to indicate URI or NORM,
|
||||
* and list pointer */
|
||||
#define CONTENT_NORMAL 0x01
|
||||
#define CONTENT_HTTP_URI 0x02
|
||||
#define CONTENT_HTTP_HEADER 0x04
|
||||
#define CONTENT_HTTP_CLIENT_BODY 0x08
|
||||
#define CONTENT_HTTP_METHOD 0x10
|
||||
#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\
|
||||
CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD)
|
||||
typedef int (*GetDynamicContentsFunction)(void *, int, FPContentInfo **);
|
||||
typedef int (*GetDynamicPreprocOptFpContentsFunc)(void *, FPContentInfo **);
|
||||
typedef void (*RuleFreeFunc)(void *);
|
||||
|
||||
/* ruleInfo is passed to OTNCheckFunction when the fast pattern matches. */
|
||||
struct _SnortConfig;
|
||||
typedef int (*RegisterRule)(
|
||||
u_int32_t, u_int32_t, void *,
|
||||
struct _SnortConfig *,
|
||||
uint32_t, uint32_t, void *,
|
||||
OTNCheckFunction, OTNHasFunction,
|
||||
int, GetDynamicContentsFunction, RuleFreeFunc,
|
||||
GetDynamicPreprocOptFpContentsFunc
|
||||
);
|
||||
typedef u_int32_t (*RegisterBit)(char *, int);
|
||||
typedef int (*CheckFlowbit)(void *, int, u_int32_t);
|
||||
typedef int (*DetectAsn1)(void *, void *, const u_int8_t *);
|
||||
typedef int (*PreprocOptionEval)(void *p, const u_int8_t **cursor, void *dataPtr);
|
||||
typedef int (*PreprocOptionInit)(char *, char *, void **dataPtr);
|
||||
typedef void *(*RegisterBit)(void *);
|
||||
typedef void (*UnregisterBit)(void *);
|
||||
typedef int (*CheckFlowbit)(void *, void *);
|
||||
typedef int (*DetectAsn1)(void *, void *, const uint8_t *);
|
||||
typedef int (*PreprocOptionEval)(void *p, const uint8_t **cursor, void *dataPtr);
|
||||
typedef int (*PreprocOptionInit)(struct _SnortConfig *, char *, char *, void **dataPtr);
|
||||
typedef void (*PreprocOptionCleanup)(void *dataPtr);
|
||||
typedef int (*SfUnfold)(const uint8_t *, uint32_t , uint8_t *, uint32_t , uint32_t *);
|
||||
typedef int (*SfBase64Decode)(uint8_t *, uint32_t , uint8_t *, uint32_t , uint32_t *);
|
||||
#define PREPROC_OPT_EQUAL 0
|
||||
#define PREPROC_OPT_NOT_EQUAL 1
|
||||
typedef u_int32_t (*PreprocOptionHash)(void *);
|
||||
typedef uint32_t (*PreprocOptionHash)(void *);
|
||||
typedef int (*PreprocOptionKeyCompare)(void *, void *);
|
||||
/* Function prototype for rule options that want to add patterns to the
|
||||
* fast pattern matcher */
|
||||
typedef int (*PreprocOptionFastPatternFunc)
|
||||
(void *rule_opt_data, int protocol, int direction, FPContentInfo **info);
|
||||
typedef int (*PreprocOptionOtnHandler)(void *);
|
||||
typedef int (*PreprocOptionOtnHandler)(struct _SnortConfig *, void *);
|
||||
typedef int (*PreprocOptionByteOrderFunc)(void *, int32_t);
|
||||
|
||||
typedef int (*RegisterPreprocRuleOpt)(
|
||||
struct _SnortConfig *,
|
||||
char *, PreprocOptionInit, PreprocOptionEval,
|
||||
PreprocOptionCleanup, PreprocOptionHash, PreprocOptionKeyCompare,
|
||||
PreprocOptionOtnHandler, PreprocOptionFastPatternFunc);
|
||||
typedef int (*PreprocRuleOptInit)(void *);
|
||||
typedef int (*PreprocRuleOptInit)(struct _SnortConfig *, void *);
|
||||
|
||||
typedef void (*SetRuleData)(void *, void *);
|
||||
typedef void *(*GetRuleData)(void *);
|
||||
typedef void (*SessionDataFree)(void *);
|
||||
typedef int (*SetRuleData)(void *, void *, uint32_t, SessionDataFree);
|
||||
typedef void *(*GetRuleData)(void *, uint32_t);
|
||||
typedef void * (*AllocRuleData)(size_t);
|
||||
typedef void (*FreeRuleData)(void *);
|
||||
|
||||
/* Info Data passed to dynamic engine plugin must include:
|
||||
* version
|
||||
|
@ -134,17 +132,22 @@ typedef void *(*GetRuleData)(void *);
|
|||
*/
|
||||
#include "sf_dynamic_common.h"
|
||||
|
||||
#define ENGINE_DATA_VERSION 5
|
||||
#define ENGINE_DATA_VERSION 10
|
||||
|
||||
typedef void *(*PCRECompileFunc)(const char *, int, const char **, int *, const unsigned char *);
|
||||
typedef void *(*PCREStudyFunc)(const void *, int, const char **);
|
||||
typedef int (*PCREExecFunc)(const void *, const void *, const char *, int, int, int, int *, int);
|
||||
typedef void (*PCRECapture)(struct _SnortConfig *, const void *, const void *);
|
||||
typedef void(*PCREOvectorInfo)(int **, int *);
|
||||
|
||||
typedef struct _DynamicEngineData
|
||||
{
|
||||
int version;
|
||||
u_int8_t *altBuffer;
|
||||
UriInfo *uriBuffers[MAX_URIINFOS];
|
||||
|
||||
SFDataBuffer *altBuffer;
|
||||
SFDataPointer *altDetect;
|
||||
SFDataPointer *fileDataBuf;
|
||||
|
||||
RegisterRule ruleRegister;
|
||||
RegisterBit flowbitRegister;
|
||||
CheckFlowbit flowbitCheck;
|
||||
|
@ -160,7 +163,7 @@ typedef struct _DynamicEngineData
|
|||
GetRuleData getRuleData;
|
||||
|
||||
DebugMsgFunc debugMsg;
|
||||
#ifdef HAVE_WCHAR_H
|
||||
#ifdef SF_WCHAR
|
||||
DebugWideMsgFunc debugWideMsg;
|
||||
#endif
|
||||
|
||||
|
@ -170,13 +173,30 @@ typedef struct _DynamicEngineData
|
|||
PCRECompileFunc pcreCompile;
|
||||
PCREStudyFunc pcreStudy;
|
||||
PCREExecFunc pcreExec;
|
||||
SfUnfold sfUnfold;
|
||||
SfBase64Decode sfbase64decode;
|
||||
GetAltDetectFunc GetAltDetect;
|
||||
SetAltDetectFunc SetAltDetect;
|
||||
IsDetectFlagFunc Is_DetectFlag;
|
||||
DetectFlagDisableFunc DetectFlag_Disable;
|
||||
|
||||
AllocRuleData allocRuleData;
|
||||
FreeRuleData freeRuleData;
|
||||
|
||||
UnregisterBit flowbitUnregister;
|
||||
|
||||
PCRECapture pcreCapture;
|
||||
PCREOvectorInfo pcreOvectorInfo;
|
||||
|
||||
GetHttpBufferFunc getHttpBuffer;
|
||||
} DynamicEngineData;
|
||||
|
||||
extern DynamicEngineData _ded;
|
||||
|
||||
/* Function prototypes for Dynamic Engine Plugins */
|
||||
void CloseDynamicEngineLibs(void);
|
||||
void LoadAllDynamicEngineLibs(char *path);
|
||||
int LoadDynamicEngineLib(char *library_name, int indent);
|
||||
void LoadAllDynamicEngineLibs(const char * const path);
|
||||
int LoadDynamicEngineLib(const char * const library_name, int indent);
|
||||
typedef int (*InitEngineLibFunc)(DynamicEngineData *);
|
||||
typedef int (*CompatibilityFunc)(DynamicPluginMeta *meta, DynamicPluginMeta *lib);
|
||||
|
||||
|
|
|
@ -12,9 +12,10 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
* Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
* Author: Steven Sturges
|
||||
*
|
||||
|
@ -24,11 +25,22 @@
|
|||
#ifndef _SF_DYNAMIC_META_H_
|
||||
#define _SF_DYNAMIC_META_H_
|
||||
|
||||
/* Required version and name of the engine */
|
||||
#ifndef REQ_ENGINE_LIB_MAJOR
|
||||
#define REQ_ENGINE_LIB_MAJOR 3
|
||||
#endif
|
||||
#ifndef REQ_ENGINE_LIB_MINOR
|
||||
/* FIXTHIS need to update dynamic-plugins/sf_engine/examples/sfsnort_dynamic_detection_lib.c */
|
||||
#define REQ_ENGINE_LIB_MINOR 0
|
||||
#endif
|
||||
#define REQ_ENGINE_LIB_NAME "SF_SNORT_DETECTION_ENGINE"
|
||||
|
||||
#define MAX_NAME_LEN 1024
|
||||
|
||||
#define TYPE_ENGINE 0x01
|
||||
#define TYPE_DETECTION 0x02
|
||||
#define TYPE_PREPROCESSOR 0x04
|
||||
#define TYPE_SIDE_CHANNEL 0x08
|
||||
|
||||
typedef struct _DynamicPluginMeta
|
||||
{
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
** Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -15,21 +16,27 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include "sf_types.h"
|
||||
#include "sf_dynamic_define.h"
|
||||
#include "sf_preproc_info.h"
|
||||
#include "sf_snort_packet.h"
|
||||
#include "sf_dynamic_preproc_lib.h"
|
||||
#include "sf_dynamic_meta.h"
|
||||
#include "sf_dynamic_preprocessor.h"
|
||||
#include "sf_dynamic_common.h"
|
||||
#include "sf_dynamic_define.h"
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
DynamicPreprocessorData _dpd;
|
||||
|
||||
|
@ -49,116 +56,23 @@ NORETURN void DynamicPreprocessorFatalMessage(const char *format, ...)
|
|||
exit(1);
|
||||
}
|
||||
|
||||
|
||||
PREPROC_LINKAGE int InitializePreprocessor(DynamicPreprocessorData *dpd)
|
||||
{
|
||||
int i;
|
||||
if (dpd->version < PREPROCESSOR_DATA_VERSION)
|
||||
{
|
||||
printf("ERROR version %d < %d\n", dpd->version,
|
||||
PREPROCESSOR_DATA_VERSION);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (dpd->size != sizeof(DynamicPreprocessorData))
|
||||
{
|
||||
return -1;
|
||||
printf("ERROR size %d != %u\n", dpd->size, (unsigned)sizeof(*dpd));
|
||||
return -2;
|
||||
}
|
||||
|
||||
|
||||
_dpd.version = dpd->version;
|
||||
_dpd.size = dpd->size;
|
||||
|
||||
_dpd.altBuffer = dpd->altBuffer;
|
||||
_dpd.altBufferLen = dpd->altBufferLen;
|
||||
for (i=0;i<MAX_URIINFOS;i++)
|
||||
{
|
||||
_dpd.uriBuffers[i] = dpd->uriBuffers[i];
|
||||
}
|
||||
_dpd.logMsg = dpd->logMsg;
|
||||
_dpd.errMsg = dpd->errMsg;
|
||||
_dpd.fatalMsg = dpd->fatalMsg;
|
||||
_dpd.debugMsg = dpd->debugMsg;
|
||||
|
||||
_dpd.registerPreproc = dpd->registerPreproc;
|
||||
_dpd.addPreproc = dpd->addPreproc;
|
||||
_dpd.addPreprocRestart = dpd->addPreprocRestart;
|
||||
_dpd.addPreprocExit = dpd->addPreprocExit;
|
||||
_dpd.addPreprocConfCheck = dpd->addPreprocConfCheck;
|
||||
_dpd.preprocOptRegister = dpd->preprocOptRegister;
|
||||
_dpd.addPreprocProfileFunc = dpd->addPreprocProfileFunc;
|
||||
_dpd.profilingPreprocsFunc = dpd->profilingPreprocsFunc;
|
||||
_dpd.totalPerfStats = dpd->totalPerfStats;
|
||||
|
||||
_dpd.alertAdd = dpd->alertAdd;
|
||||
_dpd.genSnortEvent = dpd->genSnortEvent;
|
||||
_dpd.thresholdCheck = dpd->thresholdCheck;
|
||||
|
||||
_dpd.inlineMode = dpd->inlineMode;
|
||||
_dpd.inlineDrop = dpd->inlineDrop;
|
||||
|
||||
_dpd.detect = dpd->detect;
|
||||
_dpd.disableDetect = dpd->disableDetect;
|
||||
_dpd.disableAllDetect = dpd->disableAllDetect;
|
||||
_dpd.setPreprocBit = dpd->setPreprocBit;
|
||||
|
||||
_dpd.streamAPI = dpd->streamAPI;
|
||||
_dpd.searchAPI = dpd->searchAPI;
|
||||
|
||||
_dpd.config_file = dpd->config_file;
|
||||
_dpd.config_line = dpd->config_line;
|
||||
_dpd.printfappend = dpd->printfappend;
|
||||
_dpd.tokenSplit = dpd->tokenSplit;
|
||||
_dpd.tokenFree = dpd->tokenFree;
|
||||
|
||||
_dpd.getRuleInfoByName = dpd->getRuleInfoByName;
|
||||
_dpd.getRuleInfoById = dpd->getRuleInfoById;
|
||||
|
||||
_dpd.preprocess = dpd->preprocess;
|
||||
|
||||
_dpd.debugMsgFile = dpd->debugMsgFile;
|
||||
_dpd.debugMsgLine = dpd->debugMsgLine;
|
||||
|
||||
_dpd.registerPreprocStats = dpd->registerPreprocStats;
|
||||
_dpd.addPreprocReset = dpd->addPreprocReset;
|
||||
_dpd.addPreprocResetStats = dpd->addPreprocResetStats;
|
||||
_dpd.addPreprocReassemblyPkt = dpd->addPreprocReassemblyPkt;
|
||||
_dpd.setPreprocReassemblyPktBit = dpd->setPreprocReassemblyPktBit;
|
||||
_dpd.disablePreprocessors = dpd->disablePreprocessors;
|
||||
|
||||
#ifdef SUP_IP6
|
||||
_dpd.ip6Build = dpd->ip6Build;
|
||||
_dpd.ip6SetCallbacks = dpd->ip6SetCallbacks;
|
||||
#endif
|
||||
|
||||
_dpd.logAlerts = dpd->logAlerts;
|
||||
_dpd.resetAlerts = dpd->resetAlerts;
|
||||
_dpd.pushAlerts = dpd->pushAlerts;
|
||||
_dpd.popAlerts = dpd->popAlerts;
|
||||
|
||||
#ifdef TARGET_BASED
|
||||
_dpd.findProtocolReference = dpd->findProtocolReference;
|
||||
_dpd.addProtocolReference = dpd->addProtocolReference;
|
||||
_dpd.isAdaptiveConfigured = dpd->isAdaptiveConfigured;
|
||||
#endif
|
||||
|
||||
_dpd.preprocOptOverrideKeyword = dpd->preprocOptOverrideKeyword;
|
||||
_dpd.isPreprocEnabled = dpd->isPreprocEnabled;
|
||||
|
||||
#ifdef SNORT_RELOAD
|
||||
_dpd.addPreprocReloadVerify = dpd->addPreprocReloadVerify;
|
||||
#endif
|
||||
|
||||
_dpd.getRuntimePolicy = dpd->getRuntimePolicy;
|
||||
_dpd.getParserPolicy = dpd->getParserPolicy;
|
||||
_dpd.getDefaultPolicy = dpd->getDefaultPolicy;
|
||||
_dpd.setParserPolicy = dpd->setParserPolicy;
|
||||
_dpd.setFileDataPtr = dpd->setFileDataPtr;
|
||||
_dpd.SnortStrtol = dpd->SnortStrtol;
|
||||
_dpd.SnortStrtoul = dpd->SnortStrtoul;
|
||||
|
||||
_dpd.fpEvalRTN = dpd->fpEvalRTN;
|
||||
_dpd.portObjectCharPortArray = dpd->portObjectCharPortArray;
|
||||
|
||||
_dpd.obApi = dpd->obApi;
|
||||
|
||||
_dpd = *dpd;
|
||||
DYNAMIC_PREPROC_SETUP();
|
||||
return 0;
|
||||
}
|
||||
|
@ -170,11 +84,8 @@ PREPROC_LINKAGE int LibVersion(DynamicPluginMeta *dpm)
|
|||
dpm->major = MAJOR_VERSION;
|
||||
dpm->minor = MINOR_VERSION;
|
||||
dpm->build = BUILD_VERSION;
|
||||
strncpy(dpm->uniqueName, PREPROC_NAME, MAX_NAME_LEN);
|
||||
strncpy(dpm->uniqueName, PREPROC_NAME, MAX_NAME_LEN-1);
|
||||
dpm->uniqueName[MAX_NAME_LEN-1] = '\0';
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Variables to check type of InitializeEngine and LibVersion */
|
||||
/*PREPROC_LINKAGE InitEngineLibFunc initEngineFunc = &InitializeEngine;*/
|
||||
/*PREPROC_LINKAGE LibVersionFunc libVersionFunc = &LibVersion;*/
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
** Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
** Author: Steven Sturges
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
|
@ -15,7 +16,7 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
/* $Id$ */
|
||||
|
@ -28,12 +29,12 @@
|
|||
#ifdef WIN32
|
||||
#ifdef SF_SNORT_PREPROC_DLL
|
||||
#define BUILDING_SO
|
||||
#define PREPROC_LINKAGE SO_PUBLIC
|
||||
#define PREPROC_LINKAGE SF_SO_PUBLIC
|
||||
#else
|
||||
#define PREPROC_LINKAGE
|
||||
#endif
|
||||
#else /* WIN32 */
|
||||
#define PREPROC_LINKAGE SO_PUBLIC
|
||||
#define PREPROC_LINKAGE SF_SO_PUBLIC
|
||||
#endif
|
||||
|
||||
#endif /* __SF_DYNAMIC_PREPROC_LIB_H_ */
|
||||
|
|
|
@ -12,9 +12,10 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
* Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
* Author: Steven Sturges
|
||||
*
|
||||
|
@ -24,19 +25,15 @@
|
|||
#ifndef _SF_DYNAMIC_PREPROCESSOR_H_
|
||||
#define _SF_DYNAMIC_PREPROCESSOR_H_
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include <ctype.h>
|
||||
#ifdef HAVE_WCHAR_H
|
||||
#ifdef SF_WCHAR
|
||||
#include <wchar.h>
|
||||
#endif
|
||||
#include "sf_dynamic_meta.h"
|
||||
#include "ipv6_port.h"
|
||||
#include "sf_types.h"
|
||||
#include "obfuscation.h"
|
||||
|
||||
/* specifies that a function does not return
|
||||
/* specifies that a function does not return
|
||||
* used for quieting Visual Studio warnings
|
||||
*/
|
||||
#ifdef WIN32
|
||||
|
@ -58,91 +55,246 @@
|
|||
#endif
|
||||
#endif
|
||||
|
||||
#define PREPROCESSOR_DATA_VERSION 5
|
||||
#define PREPROCESSOR_DATA_VERSION 12
|
||||
|
||||
#include "sf_dynamic_common.h"
|
||||
#include "sf_dynamic_engine.h"
|
||||
#include "session_api.h"
|
||||
#include "stream_api.h"
|
||||
#include "str_search.h"
|
||||
#include "obfuscation.h"
|
||||
#include "sfcontrol.h"
|
||||
#ifdef SIDE_CHANNEL
|
||||
#include "sidechannel_define.h"
|
||||
#endif
|
||||
#include "idle_processing.h"
|
||||
#include "file_api.h"
|
||||
|
||||
struct _PreprocStats;
|
||||
|
||||
#define MINIMUM_DYNAMIC_PREPROC_ID 10000
|
||||
typedef void (*PreprocessorInitFunc)(char *);
|
||||
typedef void * (*AddPreprocFunc)(void (*func)(void *, void *), u_int16_t, u_int32_t, u_int32_t);
|
||||
typedef void (*AddPreprocExit)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
|
||||
typedef void (*AddPreprocRestart)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
|
||||
typedef void (*AddPreprocConfCheck)(void (*func) (void));
|
||||
typedef int (*AlertQueueAdd)(unsigned int, unsigned int, unsigned int,
|
||||
unsigned int, unsigned int, char *, void *);
|
||||
typedef void (*PreprocessorInitFunc)(struct _SnortConfig *, char *);
|
||||
typedef void * (*AddPreprocFunc)(struct _SnortConfig *, void (*pp_func)(void *, void *), uint16_t, uint32_t, uint32_t);
|
||||
typedef void * (*AddMetaEvalFunc)(struct _SnortConfig *, void (*meta_eval_func)(int, const uint8_t *),
|
||||
uint16_t priority, uint32_t preproc_id);
|
||||
typedef void (*AddPreprocExit)(void (*pp_exit_func) (int, void *), void *arg, uint16_t, uint32_t);
|
||||
typedef void (*AddPreprocUnused)(void (*pp_unused_func) (int, void *), void *arg, uint16_t, uint32_t);
|
||||
typedef void (*AddPreprocConfCheck)(struct _SnortConfig *, int (*pp_conf_chk_func) (struct _SnortConfig *));
|
||||
typedef void (*AddToPostConfList)(struct _SnortConfig *sc, void (*post_config_func)(struct _SnortConfig *, int , void *), void *arg);
|
||||
typedef int (*AlertQueueAdd)(uint32_t, uint32_t, uint32_t,
|
||||
uint32_t, uint32_t, const char *, void *);
|
||||
typedef uint32_t (*GenSnortEvent)(SFSnortPacket *p, uint32_t gid, uint32_t sid, uint32_t rev,
|
||||
uint32_t classification, uint32_t priority, char *msg);
|
||||
uint32_t classification, uint32_t priority, const char *msg);
|
||||
#ifdef SNORT_RELOAD
|
||||
typedef void (*PreprocessorReloadFunc)(char *);
|
||||
typedef int (*PreprocessorReloadVerifyFunc)(void);
|
||||
typedef void * (*PreprocessorReloadSwapFunc)(void);
|
||||
typedef void (*PreprocessorReloadFunc)(struct _SnortConfig *, char *, void **);
|
||||
typedef int (*PreprocessorReloadVerifyFunc)(struct _SnortConfig *, void *);
|
||||
typedef void * (*PreprocessorReloadSwapFunc)(struct _SnortConfig *, void *);
|
||||
typedef void (*PreprocessorReloadSwapFreeFunc)(void *);
|
||||
#endif
|
||||
|
||||
#ifndef SNORT_RELOAD
|
||||
typedef void (*PreprocRegisterFunc)(char *, PreprocessorInitFunc);
|
||||
typedef void (*PreprocRegisterFunc)(const char *, PreprocessorInitFunc);
|
||||
#else
|
||||
typedef void (*PreprocRegisterFunc)(char *, PreprocessorInitFunc,
|
||||
typedef void (*PreprocRegisterFunc)(const char *, PreprocessorInitFunc,
|
||||
PreprocessorReloadFunc,
|
||||
PreprocessorReloadVerifyFunc,
|
||||
PreprocessorReloadSwapFunc,
|
||||
PreprocessorReloadSwapFreeFunc);
|
||||
|
||||
typedef void (*AddPreprocReloadVerifyFunc)(PreprocessorReloadVerifyFunc);
|
||||
typedef void *(*GetRelatedReloadDataFunc)(struct _SnortConfig *, const char *);
|
||||
#endif
|
||||
typedef int (*ThresholdCheckFunc)(unsigned int, unsigned int, snort_ip_p, snort_ip_p, long);
|
||||
typedef int (*InlineDropFunc)(void *);
|
||||
typedef int (*ThresholdCheckFunc)(unsigned int, unsigned int, sfaddr_t*, sfaddr_t*, long);
|
||||
typedef void (*InlineDropFunc)(void *);
|
||||
typedef bool (*ActivePacketWasDroppedFunc)(void);
|
||||
typedef bool (*InlineRetryFunc)(void *);
|
||||
typedef void (*ActiveEnableFunc)(int);
|
||||
typedef void (*DisableDetectFunc)(void *);
|
||||
typedef int (*SetPreprocBitFunc)(void *, u_int32_t);
|
||||
typedef int (*EnablePreprocessorFunc)(void *, uint32_t);
|
||||
typedef int (*DetectFunc)(void *);
|
||||
typedef void *(*GetRuleInfoByNameFunc)(char *);
|
||||
typedef void *(*GetRuleInfoByIdFunc)(int);
|
||||
typedef int (*printfappendfunc)(char *, int, const char *, ...);
|
||||
typedef char ** (*TokenSplitFunc)(const char *, const char *, const int, int *, const char);
|
||||
typedef void (*TokenFreeFunc)(char ***, int);
|
||||
typedef void (*AddPreprocProfileFunc)(char *, void *, int, void *);
|
||||
typedef void (*PreprocStatsNodeFreeFunc)(struct _PreprocStats *stats);
|
||||
typedef void (*AddPreprocProfileFunc)(const char *, void *, int, void *, PreprocStatsNodeFreeFunc freefn);
|
||||
typedef int (*ProfilingFunc)(void);
|
||||
typedef int (*PreprocessFunc)(void *);
|
||||
typedef void (*PreprocStatsRegisterFunc)(char *, void (*func)(int));
|
||||
typedef void (*AddPreprocReset)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
|
||||
typedef void (*AddPreprocResetStats)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
|
||||
typedef void (*AddPreprocReassemblyPktFunc)(void * (*func)(void), u_int32_t);
|
||||
typedef int (*SetPreprocReassemblyPktBitFunc)(void *, u_int32_t);
|
||||
typedef void (*DisablePreprocessorsFunc)(void *);
|
||||
#ifdef TARGET_BASED
|
||||
typedef int16_t (*FindProtocolReferenceFunc)(char *);
|
||||
typedef int16_t (*AddProtocolReferenceFunc)(char *);
|
||||
typedef int (*IsAdaptiveConfiguredFunc)(tSfPolicyId, int);
|
||||
#ifdef DUMP_BUFFER
|
||||
typedef void (*BufferDumpRegisterFunc)(TraceBuffer * (*)(), unsigned int);
|
||||
#endif
|
||||
typedef void (*PreprocStatsRegisterFunc)(const char *, void (*pp_stats_func)(int));
|
||||
typedef void (*AddPreprocReset)(void (*pp_rst_func) (int, void *), void *arg, uint16_t, uint32_t);
|
||||
typedef void (*AddPreprocResetStats)(void (*pp_rst_stats_func) (int, void *), void *arg, uint16_t, uint32_t);
|
||||
typedef void (*AddPreprocReassemblyPktFunc)(void * (*pp_reass_pkt_func)(void), uint32_t);
|
||||
typedef int (*SetPreprocReassemblyPktBitFunc)(void *, uint32_t);
|
||||
typedef void (*DisablePreprocessorsFunc)(void *);
|
||||
typedef char** (*DynamicGetHttpXffFieldsFunc)(int* nFields);
|
||||
#ifdef TARGET_BASED
|
||||
typedef int16_t (*FindProtocolReferenceFunc)(const char *);
|
||||
typedef int16_t (*AddProtocolReferenceFunc)(const char *);
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
typedef const char * (*FindProtocolNameFunc)(int16_t);
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
typedef int (*IsAdaptiveConfiguredFunc)(void);
|
||||
typedef int (*IsAdaptiveConfiguredForSnortConfigFunc)(struct _SnortConfig *);
|
||||
#endif
|
||||
#ifdef SUP_IP6
|
||||
typedef void (*IP6BuildFunc)(void *, const void *, int);
|
||||
#define SET_CALLBACK_IP 0
|
||||
#define SET_CALLBACK_ICMP_ORIG 1
|
||||
typedef void (*IP6SetCallbacksFunc)(void *, int, char);
|
||||
#endif
|
||||
typedef void (*AddKeywordOverrideFunc)(char *, char *, PreprocOptionInit,
|
||||
typedef void (*AddKeywordOverrideFunc)(struct _SnortConfig *, char *, char *, PreprocOptionInit,
|
||||
PreprocOptionEval, PreprocOptionCleanup, PreprocOptionHash,
|
||||
PreprocOptionKeyCompare, PreprocOptionOtnHandler,
|
||||
PreprocOptionFastPatternFunc);
|
||||
typedef void (*AddKeywordByteOrderFunc)(char *, PreprocOptionByteOrderFunc);
|
||||
|
||||
typedef int (*IsPreprocEnabledFunc)(u_int32_t);
|
||||
typedef int (*IsPreprocEnabledFunc)(struct _SnortConfig *, uint32_t);
|
||||
|
||||
typedef char * (*PortArrayFunc)(char *, void *, int *);
|
||||
|
||||
typedef int (*AlertQueueLog)(void *);
|
||||
typedef void (*AlertQueueControl)(void); /* reset, push, and pop */
|
||||
typedef tSfPolicyId (*GetPolicyFunc)(void);
|
||||
typedef void (*SetPolicyFunc)(tSfPolicyId);
|
||||
typedef int (*GetInlineMode)(void);
|
||||
typedef void (*SetFileDataPtrFunc)(const u_char *);
|
||||
typedef void (*AlertQueueControl)(void); /* reset, push, and pop */
|
||||
typedef void (*SetPolicyFunc)(struct _SnortConfig *, tSfPolicyId);
|
||||
typedef tSfPolicyId (*GetPolicyFromIdFunc)(uint16_t );
|
||||
typedef void (*ChangePolicyFunc)(tSfPolicyId, void *p);
|
||||
typedef void (*SetFileDataPtrFunc)(uint8_t *,uint16_t );
|
||||
typedef void (*DetectResetFunc)(uint8_t *,uint16_t );
|
||||
typedef void (*SetAltDecodeFunc)(uint16_t );
|
||||
typedef void (*DetectFlagEnableFunc)(SFDetectFlagType);
|
||||
typedef long (*DynamicStrtol)(const char *, char **, int);
|
||||
typedef unsigned long(*DynamicStrtoul)(const char *, char **, int);
|
||||
typedef const char* (*DynamicStrnStr)(const char *, int, const char *);
|
||||
typedef const char* (*DynamicStrcasestr)(const char *, int, const char *);
|
||||
typedef int (*DynamicStrncpy)(char *, const char *, size_t );
|
||||
typedef const char* (*DynamicStrnPbrk)(const char *, int , const char *);
|
||||
|
||||
typedef int (*EvalRTNFunc)(void *rtn, void *p, int check_ports);
|
||||
|
||||
typedef void* (*EncodeNew)(void);
|
||||
typedef void (*EncodeDelete)(void*);
|
||||
typedef void (*EncodeUpdate)(void*);
|
||||
typedef int (*EncodeFormat)(uint32_t, const void*, void*, int);
|
||||
|
||||
typedef void* (*NewGrinderPktPtr)(void *, void *, uint8_t *);
|
||||
typedef void (*DeleteGrinderPktPtr)(void*);
|
||||
typedef bool (*PafEnabledFunc)(void);
|
||||
typedef time_t (*SCPacketTimeFunc)(void);
|
||||
typedef void (*SCGetPktTimeOfDay)(struct timeval *tv);
|
||||
|
||||
#ifdef SIDE_CHANNEL
|
||||
typedef bool (*SCEnabledFunc)(void);
|
||||
typedef int (*SCRegisterRXHandlerFunc)(uint16_t type, SCMProcessMsgFunc processMsgFunc, void *data);
|
||||
typedef int (*SCPreallocMessageTXFunc)(uint32_t length, SCMsgHdr **hdr, uint8_t **msg_ptr, void **msg_handle);
|
||||
typedef int (*SCEnqueueMessageTXFunc)(SCMsgHdr *hdr, const uint8_t *msg, uint32_t length, void *msg_handle, SCMQMsgFreeFunc msgFreeFunc);
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
typedef char* (*GetLogDirectory)(void);
|
||||
|
||||
typedef int (*ControlSocketRegisterHandlerFunc)(uint16_t, OOBPreControlFunc, IBControlFunc,
|
||||
OOBPostControlFunc);
|
||||
|
||||
typedef int (*RegisterIdleHandler)(IdleProcessingHandler);
|
||||
#ifdef ACTIVE_RESPONSE
|
||||
#define SND_BLK_RESP_FLAG_DO_CLIENT 1
|
||||
#define SND_BLK_RESP_FLAG_DO_SERVER 2
|
||||
typedef void (*DynamicSendBlockResponse)(void *packet, const uint8_t* buffer, uint32_t buffer_len, unsigned flags);
|
||||
typedef void (*ActiveInjectDataFunc)(void *, uint32_t, const uint8_t *, uint32_t);
|
||||
typedef void (*ActiveResponseFunc )(void *, const uint8_t *, uint32_t , uint32_t);
|
||||
// NOTE: DynamicActive_ResponseFunc must match func ptr def Active_ResponseFunc in active.h
|
||||
typedef void (*DynamicActive_ResponseFunc)(SFSnortPacket *packet, void* data);
|
||||
typedef int (*ActiveQueueResponseFunc )(DynamicActive_ResponseFunc cb, void *);
|
||||
#endif
|
||||
typedef int (*DynamicSetFlowId)(const void* p, uint32_t id);
|
||||
#ifdef HAVE_DAQ_EXT_MODFLOW
|
||||
typedef int (*DynamicModifyFlow)(const DAQ_PktHdr_t *hdr, const DAQ_ModFlow_t* mod);
|
||||
#endif
|
||||
#ifdef HAVE_DAQ_QUERYFLOW
|
||||
typedef int (*DynamicQueryFlow)(const DAQ_PktHdr_t *hdr, DAQ_QueryFlow_t* query);
|
||||
#endif
|
||||
|
||||
typedef int (*DynamicIsStrEmpty)(const char * );
|
||||
typedef void (*AddPeriodicCheck)(void (*pp_check_func) (int, void *), void *arg, uint16_t, uint32_t, uint32_t);
|
||||
typedef void (*AddPostConfigFuncs)(struct _SnortConfig *, void (*pp_post_config_func) (struct _SnortConfig *, void *), void *arg);
|
||||
typedef int (*AddOutPutModule)(const char *filename);
|
||||
typedef int (*CanWhitelist)(void);
|
||||
|
||||
typedef void (*DisableAllPoliciesFunc)(struct _SnortConfig *);
|
||||
typedef int (*ReenablePreprocBitFunc)(struct _SnortConfig *, unsigned int preproc_id);
|
||||
typedef int (*DynamicCheckValueInRangeFunc)(const char *, char *,
|
||||
unsigned long lo, unsigned long hi, unsigned long *value);
|
||||
typedef bool (*DynamicReadyForProcessFunc) (void* pkt);
|
||||
typedef int (*SslAppIdLookupFunc)(void * ssnptr, const char * serverName, const char * commonName, int32_t *serviceAppId, int32_t *clientAppId, int32_t *payloadAppId);
|
||||
typedef void (*RegisterSslAppIdLookupFunc)(SslAppIdLookupFunc);
|
||||
|
||||
typedef int32_t (*GetAppIdFunc)(void *ssnptr);
|
||||
typedef void (*RegisterGetAppIdFunc)(GetAppIdFunc);
|
||||
|
||||
typedef struct urlQueryContext* (*UrlQueryCreateFunc)(const char *url);
|
||||
typedef void (*UrlQueryDestroyFunc)(struct urlQueryContext *context);
|
||||
typedef int (*UrlQueryMatchFunc)(void *ssnptr, struct urlQueryContext *context, uint16_t inUrlCat, uint16_t inUrlMinRep, uint16_t inUrlMaxRep);
|
||||
typedef void (*RegisterUrlQueryFunc)(UrlQueryCreateFunc, UrlQueryDestroyFunc,UrlQueryMatchFunc);
|
||||
|
||||
typedef int (*UserGroupIdGetFunc)(void *ssnptr, uint32_t *userId, uint32_t *realmId, unsigned *groupIdArray, unsigned groupIdArrayLen);
|
||||
typedef void (*RegisterUserGroupIdGetFunc)(UserGroupIdGetFunc);
|
||||
|
||||
typedef int (*GeoIpAddressLookupFunc)(const sfaddr_t *snortIp, uint16_t *geo);
|
||||
typedef void (*RegisterGeoIpAddressLookupFunc)(GeoIpAddressLookupFunc);
|
||||
|
||||
typedef void (*UpdateSSLSSnLogDataFunc)(void *ssnptr, uint8_t logging_on, uint8_t action_is_block, const char *ssl_cert_fingerprint,
|
||||
uint32_t ssl_cert_fingerprint_len, uint32_t ssl_cert_status, uint8_t *ssl_policy_id,
|
||||
uint32_t ssl_policy_id_len, uint32_t ssl_rule_id, uint16_t ssl_cipher_suite, uint8_t ssl_version,
|
||||
uint16_t ssl_actual_action, uint16_t ssl_expected_action, uint32_t ssl_url_category,
|
||||
uint16_t ssl_flow_status, uint32_t ssl_flow_error, uint32_t ssl_flow_messages,
|
||||
uint64_t ssl_flow_flags, char *ssl_server_name, uint8_t *ssl_session_id, uint8_t session_id_len,
|
||||
uint8_t *ssl_ticket_id, uint8_t ticket_id_len);
|
||||
typedef void (*RegisterUpdateSSLSSnLogDataFunc)(UpdateSSLSSnLogDataFunc);
|
||||
|
||||
typedef void (*EndSSLSSnLogDataFunc)(void *ssnptr, uint32_t ssl_flow_messages, uint64_t ssl_flow_flags) ;
|
||||
typedef void (*RegisterEndSSLSSnLogDataFunc)(EndSSLSSnLogDataFunc);
|
||||
|
||||
typedef int (*GetSSLActualActionFunc)(void *ssnptr, uint16_t *action);
|
||||
typedef void (*RegisterGetSSLActualActionFunc)(GetSSLActualActionFunc);
|
||||
|
||||
typedef void (*GetIntfDataFunc)(void *ssnptr,int32_t *ingressIntfIndex, int32_t *egressIntfIndex,
|
||||
int32_t *ingressZoneIndex, int32_t *egressZoneIndex) ;
|
||||
typedef void (*RegisterGetIntfDataFunc)(GetIntfDataFunc);
|
||||
|
||||
//
|
||||
// SSL Callbacks
|
||||
//
|
||||
typedef bool (*DynamicIsSSLPolicyEnabledFunc)(struct _SnortConfig *sc);
|
||||
typedef void (*DynamicSetSSLPolicyEnabledFunc)(struct _SnortConfig *sc, tSfPolicyId policy, bool value);
|
||||
typedef void (*SetSSLCallbackFunc)(void *);
|
||||
typedef void* (*GetSSLCallbackFunc)(void);
|
||||
|
||||
typedef int (*_LoadLibraryFunc)(const char * const path, int indent);
|
||||
typedef void (*LoadAllLibsFunc)(const char * const path, _LoadLibraryFunc loadFunc);
|
||||
typedef void * _PluginHandle;
|
||||
typedef _PluginHandle (*OpenDynamicLibraryFunc)(const char * const library_name, int useGlobal);
|
||||
typedef void (*_dlsym_func)(void);
|
||||
typedef _dlsym_func (*GetSymbolFunc)(_PluginHandle handle, char * symbol, DynamicPluginMeta * meta, int fatal);
|
||||
typedef void (*CloseDynamicLibraryFunc)(_PluginHandle handle);
|
||||
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
typedef bool (*IsAppIdRequiredFunc)(void);
|
||||
typedef void (*RegisterIsAppIdRequiredFunc)(IsAppIdRequiredFunc);
|
||||
typedef void (*UnregisterIsAppIdRequiredFunc)(IsAppIdRequiredFunc);
|
||||
struct AppIdApi;
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
|
||||
typedef bool (*ReadModeFunc)(void);
|
||||
|
||||
typedef int (*GetPerfIndicatorsFunc)(void *Request);
|
||||
|
||||
typedef bool (*IsTestModeFunc)(void);
|
||||
|
||||
typedef struct _SnortConfig* (*GetCurrentSnortConfigFunc)(void);
|
||||
|
||||
#define ENC_DYN_FWD 0x80000000
|
||||
#define ENC_DYN_NET 0x10000000
|
||||
|
||||
/* Info Data passed to dynamic preprocessor plugin must include:
|
||||
* version
|
||||
* Pointer to AltDecodeBuffer
|
||||
|
@ -157,17 +309,22 @@ typedef struct _DynamicPreprocessorData
|
|||
int version;
|
||||
int size;
|
||||
|
||||
u_int8_t *altBuffer;
|
||||
unsigned int altBufferLen;
|
||||
UriInfo *uriBuffers[MAX_URIINFOS];
|
||||
SFDataBuffer *altBuffer;
|
||||
SFDataPointer *altDetect;
|
||||
SFDataPointer *fileDataBuf;
|
||||
|
||||
LogMsgFunc logMsg;
|
||||
LogMsgFunc errMsg;
|
||||
LogMsgFunc fatalMsg;
|
||||
DebugMsgFunc debugMsg;
|
||||
|
||||
PreprocRegisterFunc registerPreproc;
|
||||
#ifdef SNORT_RELOAD
|
||||
GetRelatedReloadDataFunc getRelatedReloadData;
|
||||
#endif
|
||||
AddPreprocFunc addPreproc;
|
||||
AddPreprocRestart addPreprocRestart;
|
||||
AddPreprocFunc addPreprocAllPolicies;
|
||||
GetSnortInstance getSnortInstance;
|
||||
AddPreprocExit addPreprocExit;
|
||||
AddPreprocConfCheck addPreprocConfCheck;
|
||||
RegisterPreprocRuleOpt preprocOptRegister;
|
||||
|
@ -178,16 +335,17 @@ typedef struct _DynamicPreprocessorData
|
|||
AlertQueueAdd alertAdd;
|
||||
GenSnortEvent genSnortEvent;
|
||||
ThresholdCheckFunc thresholdCheck;
|
||||
|
||||
GetInlineMode inlineMode;
|
||||
InlineDropFunc inlineDrop;
|
||||
#ifdef ACTIVE_RESPONSE
|
||||
ActiveEnableFunc activeSetEnabled;
|
||||
#endif
|
||||
|
||||
DetectFunc detect;
|
||||
DisableDetectFunc disableDetect;
|
||||
DisableDetectFunc disableAllDetect;
|
||||
DisableDetectFunc disablePacketAnalysis;
|
||||
EnablePreprocessorFunc enablePreprocessor;
|
||||
|
||||
SetPreprocBitFunc setPreprocBit;
|
||||
|
||||
SessionAPI *sessionAPI;
|
||||
StreamAPI *streamAPI;
|
||||
SearchAPI *searchAPI;
|
||||
|
||||
|
@ -199,27 +357,24 @@ typedef struct _DynamicPreprocessorData
|
|||
|
||||
GetRuleInfoByNameFunc getRuleInfoByName;
|
||||
GetRuleInfoByIdFunc getRuleInfoById;
|
||||
#ifdef HAVE_WCHAR_H
|
||||
#ifdef SF_WCHAR
|
||||
DebugWideMsgFunc debugWideMsg;
|
||||
#endif
|
||||
|
||||
PreprocessFunc preprocess;
|
||||
|
||||
#ifdef DUMP_BUFFER
|
||||
BufferDumpRegisterFunc registerBufferTracer;
|
||||
#endif
|
||||
char **debugMsgFile;
|
||||
int *debugMsgLine;
|
||||
|
||||
|
||||
PreprocStatsRegisterFunc registerPreprocStats;
|
||||
AddPreprocReset addPreprocReset;
|
||||
AddPreprocResetStats addPreprocResetStats;
|
||||
AddPreprocReassemblyPktFunc addPreprocReassemblyPkt;
|
||||
SetPreprocReassemblyPktBitFunc setPreprocReassemblyPktBit;
|
||||
|
||||
DisablePreprocessorsFunc disablePreprocessors;
|
||||
|
||||
#ifdef SUP_IP6
|
||||
IP6BuildFunc ip6Build;
|
||||
IP6SetCallbacksFunc ip6SetCallbacks;
|
||||
#endif
|
||||
|
||||
AlertQueueLog logAlerts;
|
||||
AlertQueueControl resetAlerts;
|
||||
|
@ -230,34 +385,161 @@ typedef struct _DynamicPreprocessorData
|
|||
FindProtocolReferenceFunc findProtocolReference;
|
||||
AddProtocolReferenceFunc addProtocolReference;
|
||||
IsAdaptiveConfiguredFunc isAdaptiveConfigured;
|
||||
IsAdaptiveConfiguredForSnortConfigFunc isAdaptiveConfiguredForSnortConfig;
|
||||
#endif
|
||||
|
||||
AddKeywordOverrideFunc preprocOptOverrideKeyword;
|
||||
AddKeywordByteOrderFunc preprocOptByteOrderKeyword;
|
||||
IsPreprocEnabledFunc isPreprocEnabled;
|
||||
|
||||
#ifdef SNORT_RELOAD
|
||||
AddPreprocReloadVerifyFunc addPreprocReloadVerify;
|
||||
#endif
|
||||
|
||||
PortArrayFunc portObjectCharPortArray;
|
||||
|
||||
GetPolicyFunc getRuntimePolicy;
|
||||
GetPolicyFunc getParserPolicy;
|
||||
GetPolicyFunc getNapRuntimePolicy;
|
||||
GetPolicyFunc getIpsRuntimePolicy;
|
||||
GetParserPolicyFunc getParserPolicy;
|
||||
GetPolicyFunc getDefaultPolicy;
|
||||
SetPolicyFunc setParserPolicy;
|
||||
SetFileDataPtrFunc setFileDataPtr;
|
||||
DetectResetFunc DetectReset;
|
||||
SetAltDecodeFunc SetAltDecode;
|
||||
GetAltDetectFunc GetAltDetect;
|
||||
SetAltDetectFunc SetAltDetect;
|
||||
IsDetectFlagFunc Is_DetectFlag;
|
||||
DetectFlagDisableFunc DetectFlag_Disable;
|
||||
DynamicStrtol SnortStrtol;
|
||||
DynamicStrtoul SnortStrtoul;
|
||||
DynamicStrnStr SnortStrnStr;
|
||||
DynamicStrncpy SnortStrncpy;
|
||||
DynamicStrnPbrk SnortStrnPbrk;
|
||||
DynamicStrcasestr SnortStrcasestr;
|
||||
EvalRTNFunc fpEvalRTN;
|
||||
|
||||
ObfuscationApi *obApi;
|
||||
|
||||
EncodeNew encodeNew;
|
||||
EncodeDelete encodeDelete;
|
||||
EncodeFormat encodeFormat;
|
||||
EncodeUpdate encodeUpdate;
|
||||
|
||||
NewGrinderPktPtr newGrinderPkt;
|
||||
DeleteGrinderPktPtr deleteGrinderPkt;
|
||||
|
||||
AddPreprocFunc addDetect;
|
||||
PafEnabledFunc isPafEnabled;
|
||||
SCPacketTimeFunc pktTime;
|
||||
SCGetPktTimeOfDay getPktTimeOfDay;
|
||||
#ifdef SIDE_CHANNEL
|
||||
SCEnabledFunc isSCEnabled;
|
||||
SCRegisterRXHandlerFunc scRegisterRXHandler;
|
||||
SCPreallocMessageTXFunc scAllocMessageTX;
|
||||
SCEnqueueMessageTXFunc scEnqueueMessageTX;
|
||||
#endif
|
||||
|
||||
GetLogDirectory getLogDirectory;
|
||||
|
||||
ControlSocketRegisterHandlerFunc controlSocketRegisterHandler;
|
||||
RegisterIdleHandler registerIdleHandler;
|
||||
|
||||
GetPolicyFromIdFunc getPolicyFromId;
|
||||
ChangePolicyFunc changeNapRuntimePolicy;
|
||||
ChangePolicyFunc changeIpsRuntimePolicy;
|
||||
InlineDropFunc inlineDropPacket;
|
||||
InlineDropFunc inlineForceDropPacket;
|
||||
InlineDropFunc inlineDropSessionAndReset;
|
||||
InlineDropFunc inlineForceDropSession;
|
||||
InlineDropFunc inlineForceDropSessionAndReset;
|
||||
ActivePacketWasDroppedFunc active_PacketWasDropped;
|
||||
InlineRetryFunc inlineRetryPacket;
|
||||
DynamicIsStrEmpty SnortIsStrEmpty;
|
||||
AddMetaEvalFunc addMetaEval;
|
||||
#ifdef ACTIVE_RESPONSE
|
||||
DynamicSendBlockResponse dynamicSendBlockResponse;
|
||||
#endif
|
||||
DynamicSetFlowId dynamicSetFlowId;
|
||||
#ifdef HAVE_DAQ_EXT_MODFLOW
|
||||
DynamicModifyFlow dynamicModifyFlow;
|
||||
#endif
|
||||
#ifdef HAVE_DAQ_QUERYFLOW
|
||||
DynamicQueryFlow dynamicQueryFlow;
|
||||
#endif
|
||||
AddPeriodicCheck addPeriodicCheck;
|
||||
AddPostConfigFuncs addPostConfigFunc;
|
||||
AddToPostConfList addFuncToPostConfigList;
|
||||
char **snort_conf_dir;
|
||||
AddOutPutModule addOutputModule;
|
||||
CanWhitelist canWhitelist;
|
||||
FileAPI *fileAPI;
|
||||
DisableAllPoliciesFunc disableAllPolicies;
|
||||
ReenablePreprocBitFunc reenablePreprocBit;
|
||||
DynamicCheckValueInRangeFunc checkValueInRange;
|
||||
|
||||
SetHttpBufferFunc setHttpBuffer;
|
||||
GetHttpBufferFunc getHttpBuffer;
|
||||
|
||||
#ifdef ACTIVE_RESPONSE
|
||||
ActiveInjectDataFunc activeInjectData;
|
||||
ActiveResponseFunc activeSendResponse;
|
||||
ActiveQueueResponseFunc activeQueueResponse;
|
||||
#endif
|
||||
GetSSLCallbackFunc getSSLCallback;
|
||||
SetSSLCallbackFunc setSSLCallback;
|
||||
SslAppIdLookupFunc sslAppIdLookup;
|
||||
RegisterSslAppIdLookupFunc registerSslAppIdLookup;
|
||||
|
||||
GetAppIdFunc getAppId;
|
||||
RegisterGetAppIdFunc registerGetAppId;
|
||||
|
||||
UrlQueryCreateFunc urlQueryCreate;
|
||||
UrlQueryDestroyFunc urlQueryDestroy;
|
||||
UrlQueryMatchFunc urlQueryMatch;
|
||||
RegisterUrlQueryFunc registerUrlQuery;
|
||||
|
||||
UserGroupIdGetFunc userGroupIdGet;
|
||||
RegisterUserGroupIdGetFunc registerUserGroupIdGet;
|
||||
|
||||
GeoIpAddressLookupFunc geoIpAddressLookup;
|
||||
RegisterGeoIpAddressLookupFunc registerGeoIpAddressLookup;
|
||||
|
||||
UpdateSSLSSnLogDataFunc updateSSLSSnLogData;
|
||||
RegisterUpdateSSLSSnLogDataFunc registerUpdateSSLSSnLogData;
|
||||
|
||||
EndSSLSSnLogDataFunc endSSLSSnLogData;
|
||||
RegisterEndSSLSSnLogDataFunc registerEndSSLSSnLogData;
|
||||
|
||||
GetSSLActualActionFunc getSSLActualAction;
|
||||
RegisterGetSSLActualActionFunc registerGetSSLActualAction;
|
||||
|
||||
GetIntfDataFunc getIntfData;
|
||||
RegisterGetIntfDataFunc registerGetIntfData;
|
||||
DynamicReadyForProcessFunc readyForProcess;
|
||||
DynamicIsSSLPolicyEnabledFunc isSSLPolicyEnabled;
|
||||
DynamicSetSSLPolicyEnabledFunc setSSLPolicyEnabled;
|
||||
|
||||
/* Preproc's fetch Snort performance indicators. Used by IAB. */
|
||||
GetPerfIndicatorsFunc getPerfIndicators;
|
||||
|
||||
LoadAllLibsFunc loadAllLibs;
|
||||
OpenDynamicLibraryFunc openDynamicLibrary;
|
||||
GetSymbolFunc getSymbol;
|
||||
CloseDynamicLibraryFunc closeDynamicLibrary;
|
||||
|
||||
DynamicGetHttpXffFieldsFunc getHttpXffFields;
|
||||
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
struct AppIdApi *appIdApi;
|
||||
RegisterIsAppIdRequiredFunc registerIsAppIdRequired;
|
||||
UnregisterIsAppIdRequiredFunc unregisterIsAppIdRequired;
|
||||
IsAppIdRequiredFunc isAppIdRequired;
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
ReadModeFunc isReadMode;
|
||||
IsTestModeFunc isTestMode;
|
||||
GetCurrentSnortConfigFunc getCurrentSnortConfig;
|
||||
} DynamicPreprocessorData;
|
||||
|
||||
/* Function prototypes for Dynamic Preprocessor Plugins */
|
||||
void CloseDynamicPreprocessorLibs(void);
|
||||
int LoadDynamicPreprocessor(char *library_name, int indent);
|
||||
void LoadAllDynamicPreprocessors(char *path);
|
||||
int LoadDynamicPreprocessor(const char * const library_name, int indent);
|
||||
void LoadAllDynamicPreprocessors(const char * const path);
|
||||
typedef int (*InitPreprocessorLibFunc)(DynamicPreprocessorData *);
|
||||
|
||||
int InitDynamicPreprocessors(void);
|
||||
|
@ -268,4 +550,5 @@ void RemoveDuplicatePreprocessorPlugins(void);
|
|||
*/
|
||||
NORETURN void DynamicPreprocessorFatalMessage(const char *format, ...);
|
||||
|
||||
extern DynamicPreprocessorData _dpd;
|
||||
#endif /* _SF_DYNAMIC_PREPROCESSOR_H_ */
|
||||
|
|
|
@ -12,9 +12,10 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
* Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
* Author: Steven Sturges
|
||||
*
|
||||
|
@ -24,19 +25,15 @@
|
|||
#ifndef _SF_DYNAMIC_PREPROCESSOR_H_
|
||||
#define _SF_DYNAMIC_PREPROCESSOR_H_
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include <ctype.h>
|
||||
#ifdef HAVE_WCHAR_H
|
||||
#ifdef SF_WCHAR
|
||||
#include <wchar.h>
|
||||
#endif
|
||||
#include "sf_dynamic_meta.h"
|
||||
#include "ipv6_port.h"
|
||||
#include "sf_types.h"
|
||||
#include "obfuscation.h"
|
||||
|
||||
/* specifies that a function does not return
|
||||
/* specifies that a function does not return
|
||||
* used for quieting Visual Studio warnings
|
||||
*/
|
||||
#ifdef WIN32
|
||||
|
@ -58,92 +55,247 @@
|
|||
#endif
|
||||
#endif
|
||||
|
||||
#define PREPROCESSOR_DATA_VERSION 5
|
||||
#define PREPROCESSOR_DATA_VERSION 12
|
||||
|
||||
#include "sf_dynamic_common.h"
|
||||
#include "sf_dynamic_engine.h"
|
||||
#include "session_api.h"
|
||||
#include "stream_api.h"
|
||||
#include "str_search.h"
|
||||
#include "obfuscation.h"
|
||||
#include "sfportobject.h"
|
||||
/*#include "sfportobject.h" */
|
||||
#include "sfcontrol.h"
|
||||
#ifdef SIDE_CHANNEL
|
||||
#include "sidechannel_define.h"
|
||||
#endif
|
||||
#include "idle_processing.h"
|
||||
#include "file_api.h"
|
||||
|
||||
struct _PreprocStats;
|
||||
|
||||
#define MINIMUM_DYNAMIC_PREPROC_ID 10000
|
||||
typedef void (*PreprocessorInitFunc)(char *);
|
||||
typedef void * (*AddPreprocFunc)(void (*func)(void *, void *), u_int16_t, u_int32_t, u_int32_t);
|
||||
typedef void (*AddPreprocExit)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
|
||||
typedef void (*AddPreprocRestart)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
|
||||
typedef void (*AddPreprocConfCheck)(void (*func) (void));
|
||||
typedef int (*AlertQueueAdd)(unsigned int, unsigned int, unsigned int,
|
||||
unsigned int, unsigned int, char *, void *);
|
||||
typedef void (*PreprocessorInitFunc)(struct _SnortConfig *, char *);
|
||||
typedef void * (*AddPreprocFunc)(struct _SnortConfig *, void (*pp_func)(void *, void *), uint16_t, uint32_t, uint32_t);
|
||||
typedef void * (*AddMetaEvalFunc)(struct _SnortConfig *, void (*meta_eval_func)(int, const uint8_t *),
|
||||
uint16_t priority, uint32_t preproc_id);
|
||||
typedef void (*AddPreprocExit)(void (*pp_exit_func) (int, void *), void *arg, uint16_t, uint32_t);
|
||||
typedef void (*AddPreprocUnused)(void (*pp_unused_func) (int, void *), void *arg, uint16_t, uint32_t);
|
||||
typedef void (*AddPreprocConfCheck)(struct _SnortConfig *, int (*pp_conf_chk_func) (struct _SnortConfig *));
|
||||
typedef void (*AddToPostConfList)(struct _SnortConfig *sc, void (*post_config_func)(struct _SnortConfig *, int , void *), void *arg);
|
||||
typedef int (*AlertQueueAdd)(uint32_t, uint32_t, uint32_t,
|
||||
uint32_t, uint32_t, const char *, void *);
|
||||
typedef uint32_t (*GenSnortEvent)(Packet *p, uint32_t gid, uint32_t sid, uint32_t rev,
|
||||
uint32_t classification, uint32_t priority, char *msg);
|
||||
uint32_t classification, uint32_t priority, const char *msg);
|
||||
#ifdef SNORT_RELOAD
|
||||
typedef void (*PreprocessorReloadFunc)(char *);
|
||||
typedef int (*PreprocessorReloadVerifyFunc)(void);
|
||||
typedef void * (*PreprocessorReloadSwapFunc)(void);
|
||||
typedef void (*PreprocessorReloadFunc)(struct _SnortConfig *, char *, void **);
|
||||
typedef int (*PreprocessorReloadVerifyFunc)(struct _SnortConfig *, void *);
|
||||
typedef void * (*PreprocessorReloadSwapFunc)(struct _SnortConfig *, void *);
|
||||
typedef void (*PreprocessorReloadSwapFreeFunc)(void *);
|
||||
#endif
|
||||
|
||||
#ifndef SNORT_RELOAD
|
||||
typedef void (*PreprocRegisterFunc)(char *, PreprocessorInitFunc);
|
||||
typedef void (*PreprocRegisterFunc)(const char *, PreprocessorInitFunc);
|
||||
#else
|
||||
typedef void (*PreprocRegisterFunc)(char *, PreprocessorInitFunc,
|
||||
typedef void (*PreprocRegisterFunc)(const char *, PreprocessorInitFunc,
|
||||
PreprocessorReloadFunc,
|
||||
PreprocessorReloadVerifyFunc,
|
||||
PreprocessorReloadSwapFunc,
|
||||
PreprocessorReloadSwapFreeFunc);
|
||||
|
||||
typedef void (*AddPreprocReloadVerifyFunc)(PreprocessorReloadVerifyFunc);
|
||||
typedef void *(*GetRelatedReloadDataFunc)(struct _SnortConfig *, const char *);
|
||||
#endif
|
||||
typedef int (*ThresholdCheckFunc)(unsigned int, unsigned int, snort_ip_p, snort_ip_p, long);
|
||||
typedef int (*InlineDropFunc)(void *);
|
||||
typedef int (*ThresholdCheckFunc)(unsigned int, unsigned int, sfaddr_t*, sfaddr_t*, long);
|
||||
typedef void (*InlineDropFunc)(void *);
|
||||
typedef bool (*ActivePacketWasDroppedFunc)(void);
|
||||
typedef bool (*InlineRetryFunc)(void *);
|
||||
typedef void (*ActiveEnableFunc)(int);
|
||||
typedef void (*DisableDetectFunc)(void *);
|
||||
typedef int (*SetPreprocBitFunc)(void *, u_int32_t);
|
||||
typedef int (*EnablePreprocessorFunc)(void *, uint32_t);
|
||||
typedef int (*DetectFunc)(void *);
|
||||
typedef void *(*GetRuleInfoByNameFunc)(char *);
|
||||
typedef void *(*GetRuleInfoByIdFunc)(int);
|
||||
typedef int (*printfappendfunc)(char *, int, const char *, ...);
|
||||
typedef char ** (*TokenSplitFunc)(const char *, const char *, const int, int *, const char);
|
||||
typedef void (*TokenFreeFunc)(char ***, int);
|
||||
typedef void (*AddPreprocProfileFunc)(char *, void *, int, void *);
|
||||
typedef void (*PreprocStatsNodeFreeFunc)(struct _PreprocStats *stats);
|
||||
typedef void (*AddPreprocProfileFunc)(const char *, void *, int, void *, PreprocStatsNodeFreeFunc freefn);
|
||||
typedef int (*ProfilingFunc)(void);
|
||||
typedef int (*PreprocessFunc)(void *);
|
||||
typedef void (*PreprocStatsRegisterFunc)(char *, void (*func)(int));
|
||||
typedef void (*AddPreprocReset)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
|
||||
typedef void (*AddPreprocResetStats)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
|
||||
typedef void (*AddPreprocReassemblyPktFunc)(void * (*func)(void), u_int32_t);
|
||||
typedef int (*SetPreprocReassemblyPktBitFunc)(void *, u_int32_t);
|
||||
typedef void (*DisablePreprocessorsFunc)(void *);
|
||||
#ifdef TARGET_BASED
|
||||
typedef int16_t (*FindProtocolReferenceFunc)(char *);
|
||||
typedef int16_t (*AddProtocolReferenceFunc)(char *);
|
||||
typedef int (*IsAdaptiveConfiguredFunc)(tSfPolicyId, int);
|
||||
#ifdef DUMP_BUFFER
|
||||
typedef void (*BufferDumpRegisterFunc)(TraceBuffer * (*)(), unsigned int);
|
||||
#endif
|
||||
typedef void (*PreprocStatsRegisterFunc)(const char *, void (*pp_stats_func)(int));
|
||||
typedef void (*AddPreprocReset)(void (*pp_rst_func) (int, void *), void *arg, uint16_t, uint32_t);
|
||||
typedef void (*AddPreprocResetStats)(void (*pp_rst_stats_func) (int, void *), void *arg, uint16_t, uint32_t);
|
||||
typedef void (*AddPreprocReassemblyPktFunc)(void * (*pp_reass_pkt_func)(void), uint32_t);
|
||||
typedef int (*SetPreprocReassemblyPktBitFunc)(void *, uint32_t);
|
||||
typedef void (*DisablePreprocessorsFunc)(void *);
|
||||
typedef char** (*DynamicGetHttpXffFieldsFunc)(int* nFields);
|
||||
#ifdef TARGET_BASED
|
||||
typedef int16_t (*FindProtocolReferenceFunc)(const char *);
|
||||
typedef int16_t (*AddProtocolReferenceFunc)(const char *);
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
typedef const char * (*FindProtocolNameFunc)(int16_t);
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
typedef int (*IsAdaptiveConfiguredFunc)(void);
|
||||
typedef int (*IsAdaptiveConfiguredForSnortConfigFunc)(struct _SnortConfig *);
|
||||
#endif
|
||||
#ifdef SUP_IP6
|
||||
typedef void (*IP6BuildFunc)(void *, const void *, int);
|
||||
#define SET_CALLBACK_IP 0
|
||||
#define SET_CALLBACK_ICMP_ORIG 1
|
||||
typedef void (*IP6SetCallbacksFunc)(void *, int, char);
|
||||
#endif
|
||||
typedef void (*AddKeywordOverrideFunc)(char *, char *, PreprocOptionInit,
|
||||
typedef void (*AddKeywordOverrideFunc)(struct _SnortConfig *, char *, char *, PreprocOptionInit,
|
||||
PreprocOptionEval, PreprocOptionCleanup, PreprocOptionHash,
|
||||
PreprocOptionKeyCompare, PreprocOptionOtnHandler,
|
||||
PreprocOptionFastPatternFunc);
|
||||
typedef void (*AddKeywordByteOrderFunc)(char *, PreprocOptionByteOrderFunc);
|
||||
|
||||
typedef int (*IsPreprocEnabledFunc)(u_int32_t);
|
||||
typedef int (*IsPreprocEnabledFunc)(struct _SnortConfig *, uint32_t);
|
||||
|
||||
typedef char * (*PortArrayFunc)(char *, PortObject *, int *);
|
||||
|
||||
typedef int (*AlertQueueLog)(void *);
|
||||
typedef void (*AlertQueueControl)(void); // reset, push, and pop
|
||||
typedef tSfPolicyId (*GetPolicyFunc)(void);
|
||||
typedef void (*SetPolicyFunc)(tSfPolicyId);
|
||||
typedef int (*GetInlineMode)(void);
|
||||
typedef void (*SetFileDataPtrFunc)(const u_char *);
|
||||
typedef void (*AlertQueueControl)(void); /* reset, push, and pop */
|
||||
typedef void (*SetPolicyFunc)(struct _SnortConfig *, tSfPolicyId);
|
||||
typedef tSfPolicyId (*GetPolicyFromIdFunc)(uint16_t );
|
||||
typedef void (*ChangePolicyFunc)(tSfPolicyId, void *p);
|
||||
typedef void (*SetFileDataPtrFunc)(uint8_t *,uint16_t );
|
||||
typedef void (*DetectResetFunc)(uint8_t *,uint16_t );
|
||||
typedef void (*SetAltDecodeFunc)(uint16_t );
|
||||
typedef void (*DetectFlagEnableFunc)(SFDetectFlagType);
|
||||
typedef long (*DynamicStrtol)(const char *, char **, int);
|
||||
typedef unsigned long(*DynamicStrtoul)(const char *, char **, int);
|
||||
typedef const char* (*DynamicStrnStr)(const char *, int, const char *);
|
||||
typedef const char* (*DynamicStrcasestr)(const char *, int, const char *);
|
||||
typedef int (*DynamicStrncpy)(char *, const char *, size_t );
|
||||
typedef const char* (*DynamicStrnPbrk)(const char *, int , const char *);
|
||||
|
||||
typedef int (*EvalRTNFunc)(void *rtn, void *p, int check_ports);
|
||||
|
||||
typedef void* (*EncodeNew)(void);
|
||||
typedef void (*EncodeDelete)(void*);
|
||||
typedef void (*EncodeUpdate)(void*);
|
||||
typedef int (*EncodeFormat)(uint32_t, const void*, void*, int);
|
||||
|
||||
typedef void* (*NewGrinderPktPtr)(void *, void *, uint8_t *);
|
||||
typedef void (*DeleteGrinderPktPtr)(void*);
|
||||
typedef bool (*PafEnabledFunc)(void);
|
||||
typedef time_t (*SCPacketTimeFunc)(void);
|
||||
typedef void (*SCGetPktTimeOfDay)(struct timeval *tv);
|
||||
|
||||
#ifdef SIDE_CHANNEL
|
||||
typedef bool (*SCEnabledFunc)(void);
|
||||
typedef int (*SCRegisterRXHandlerFunc)(uint16_t type, SCMProcessMsgFunc processMsgFunc, void *data);
|
||||
typedef int (*SCPreallocMessageTXFunc)(uint32_t length, SCMsgHdr **hdr, uint8_t **msg_ptr, void **msg_handle);
|
||||
typedef int (*SCEnqueueMessageTXFunc)(SCMsgHdr *hdr, const uint8_t *msg, uint32_t length, void *msg_handle, SCMQMsgFreeFunc msgFreeFunc);
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
typedef char* (*GetLogDirectory)(void);
|
||||
|
||||
typedef int (*ControlSocketRegisterHandlerFunc)(uint16_t, OOBPreControlFunc, IBControlFunc,
|
||||
OOBPostControlFunc);
|
||||
|
||||
typedef int (*RegisterIdleHandler)(IdleProcessingHandler);
|
||||
#ifdef ACTIVE_RESPONSE
|
||||
#define SND_BLK_RESP_FLAG_DO_CLIENT 1
|
||||
#define SND_BLK_RESP_FLAG_DO_SERVER 2
|
||||
typedef void (*DynamicSendBlockResponse)(void *packet, const uint8_t* buffer, uint32_t buffer_len, unsigned flags);
|
||||
typedef void (*ActiveInjectDataFunc)(void *, uint32_t, const uint8_t *, uint32_t);
|
||||
typedef void (*ActiveResponseFunc )(void *, const uint8_t *, uint32_t , uint32_t);
|
||||
// NOTE: DynamicActive_ResponseFunc must match func ptr def Active_ResponseFunc in active.h
|
||||
typedef void (*DynamicActive_ResponseFunc)(Packet *packet, void* data);
|
||||
typedef int (*ActiveQueueResponseFunc )(DynamicActive_ResponseFunc cb, void *);
|
||||
#endif
|
||||
typedef int (*DynamicSetFlowId)(const void* p, uint32_t id);
|
||||
#ifdef HAVE_DAQ_EXT_MODFLOW
|
||||
typedef int (*DynamicModifyFlow)(const DAQ_PktHdr_t *hdr, const DAQ_ModFlow_t* mod);
|
||||
#endif
|
||||
#ifdef HAVE_DAQ_QUERYFLOW
|
||||
typedef int (*DynamicQueryFlow)(const DAQ_PktHdr_t *hdr, DAQ_QueryFlow_t* query);
|
||||
#endif
|
||||
|
||||
typedef int (*DynamicIsStrEmpty)(const char * );
|
||||
typedef void (*AddPeriodicCheck)(void (*pp_check_func) (int, void *), void *arg, uint16_t, uint32_t, uint32_t);
|
||||
typedef void (*AddPostConfigFuncs)(struct _SnortConfig *, void (*pp_post_config_func) (struct _SnortConfig *, void *), void *arg);
|
||||
typedef int (*AddOutPutModule)(const char *filename);
|
||||
typedef int (*CanWhitelist)(void);
|
||||
|
||||
typedef void (*DisableAllPoliciesFunc)(struct _SnortConfig *);
|
||||
typedef int (*ReenablePreprocBitFunc)(struct _SnortConfig *, unsigned int preproc_id);
|
||||
typedef int (*DynamicCheckValueInRangeFunc)(const char *, char *,
|
||||
unsigned long lo, unsigned long hi, unsigned long *value);
|
||||
typedef bool (*DynamicReadyForProcessFunc) (void* pkt);
|
||||
typedef int (*SslAppIdLookupFunc)(void * ssnptr, const char * serverName, const char * commonName, int32_t *serviceAppId, int32_t *clientAppId, int32_t *payloadAppId);
|
||||
typedef void (*RegisterSslAppIdLookupFunc)(SslAppIdLookupFunc);
|
||||
|
||||
typedef int32_t (*GetAppIdFunc)(void *ssnptr);
|
||||
typedef void (*RegisterGetAppIdFunc)(GetAppIdFunc);
|
||||
|
||||
typedef struct urlQueryContext* (*UrlQueryCreateFunc)(const char *url);
|
||||
typedef void (*UrlQueryDestroyFunc)(struct urlQueryContext *context);
|
||||
typedef int (*UrlQueryMatchFunc)(void *ssnptr, struct urlQueryContext *context, uint16_t inUrlCat, uint16_t inUrlMinRep, uint16_t inUrlMaxRep);
|
||||
typedef void (*RegisterUrlQueryFunc)(UrlQueryCreateFunc, UrlQueryDestroyFunc,UrlQueryMatchFunc);
|
||||
|
||||
typedef int (*UserGroupIdGetFunc)(void *ssnptr, uint32_t *userId, uint32_t *realmId, unsigned *groupIdArray, unsigned groupIdArrayLen);
|
||||
typedef void (*RegisterUserGroupIdGetFunc)(UserGroupIdGetFunc);
|
||||
|
||||
typedef int (*GeoIpAddressLookupFunc)(const sfaddr_t *snortIp, uint16_t *geo);
|
||||
typedef void (*RegisterGeoIpAddressLookupFunc)(GeoIpAddressLookupFunc);
|
||||
|
||||
typedef void (*UpdateSSLSSnLogDataFunc)(void *ssnptr, uint8_t logging_on, uint8_t action_is_block, const char *ssl_cert_fingerprint,
|
||||
uint32_t ssl_cert_fingerprint_len, uint32_t ssl_cert_status, uint8_t *ssl_policy_id,
|
||||
uint32_t ssl_policy_id_len, uint32_t ssl_rule_id, uint16_t ssl_cipher_suite, uint8_t ssl_version,
|
||||
uint16_t ssl_actual_action, uint16_t ssl_expected_action, uint32_t ssl_url_category,
|
||||
uint16_t ssl_flow_status, uint32_t ssl_flow_error, uint32_t ssl_flow_messages,
|
||||
uint64_t ssl_flow_flags, char *ssl_server_name, uint8_t *ssl_session_id, uint8_t session_id_len,
|
||||
uint8_t *ssl_ticket_id, uint8_t ticket_id_len);
|
||||
typedef void (*RegisterUpdateSSLSSnLogDataFunc)(UpdateSSLSSnLogDataFunc);
|
||||
|
||||
typedef void (*EndSSLSSnLogDataFunc)(void *ssnptr, uint32_t ssl_flow_messages, uint64_t ssl_flow_flags) ;
|
||||
typedef void (*RegisterEndSSLSSnLogDataFunc)(EndSSLSSnLogDataFunc);
|
||||
|
||||
typedef int (*GetSSLActualActionFunc)(void *ssnptr, uint16_t *action);
|
||||
typedef void (*RegisterGetSSLActualActionFunc)(GetSSLActualActionFunc);
|
||||
|
||||
typedef void (*GetIntfDataFunc)(void *ssnptr,int32_t *ingressIntfIndex, int32_t *egressIntfIndex,
|
||||
int32_t *ingressZoneIndex, int32_t *egressZoneIndex) ;
|
||||
typedef void (*RegisterGetIntfDataFunc)(GetIntfDataFunc);
|
||||
|
||||
//
|
||||
// SSL Callbacks
|
||||
//
|
||||
typedef bool (*DynamicIsSSLPolicyEnabledFunc)(struct _SnortConfig *sc);
|
||||
typedef void (*DynamicSetSSLPolicyEnabledFunc)(struct _SnortConfig *sc, tSfPolicyId policy, bool value);
|
||||
typedef void (*SetSSLCallbackFunc)(void *);
|
||||
typedef void* (*GetSSLCallbackFunc)(void);
|
||||
|
||||
typedef int (*_LoadLibraryFunc)(const char * const path, int indent);
|
||||
typedef void (*LoadAllLibsFunc)(const char * const path, _LoadLibraryFunc loadFunc);
|
||||
typedef void * _PluginHandle;
|
||||
typedef _PluginHandle (*OpenDynamicLibraryFunc)(const char * const library_name, int useGlobal);
|
||||
typedef void (*_dlsym_func)(void);
|
||||
typedef _dlsym_func (*GetSymbolFunc)(_PluginHandle handle, char * symbol, DynamicPluginMeta * meta, int fatal);
|
||||
typedef void (*CloseDynamicLibraryFunc)(_PluginHandle handle);
|
||||
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
typedef bool (*IsAppIdRequiredFunc)(void);
|
||||
typedef void (*RegisterIsAppIdRequiredFunc)(IsAppIdRequiredFunc);
|
||||
typedef void (*UnregisterIsAppIdRequiredFunc)(IsAppIdRequiredFunc);
|
||||
struct AppIdApi;
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
|
||||
typedef bool (*ReadModeFunc)(void);
|
||||
|
||||
typedef int (*GetPerfIndicatorsFunc)(void *Request);
|
||||
|
||||
typedef bool (*IsTestModeFunc)(void);
|
||||
|
||||
typedef struct _SnortConfig* (*GetCurrentSnortConfigFunc)(void);
|
||||
|
||||
#define ENC_DYN_FWD 0x80000000
|
||||
#define ENC_DYN_NET 0x10000000
|
||||
|
||||
/* Info Data passed to dynamic preprocessor plugin must include:
|
||||
* version
|
||||
* Pointer to AltDecodeBuffer
|
||||
|
@ -158,17 +310,22 @@ typedef struct _DynamicPreprocessorData
|
|||
int version;
|
||||
int size;
|
||||
|
||||
u_int8_t *altBuffer;
|
||||
unsigned int altBufferLen;
|
||||
UriInfo *uriBuffers[MAX_URIINFOS];
|
||||
SFDataBuffer *altBuffer;
|
||||
SFDataPointer *altDetect;
|
||||
SFDataPointer *fileDataBuf;
|
||||
|
||||
LogMsgFunc logMsg;
|
||||
LogMsgFunc errMsg;
|
||||
LogMsgFunc fatalMsg;
|
||||
DebugMsgFunc debugMsg;
|
||||
|
||||
PreprocRegisterFunc registerPreproc;
|
||||
#ifdef SNORT_RELOAD
|
||||
GetRelatedReloadDataFunc getRelatedReloadData;
|
||||
#endif
|
||||
AddPreprocFunc addPreproc;
|
||||
AddPreprocRestart addPreprocRestart;
|
||||
AddPreprocFunc addPreprocAllPolicies;
|
||||
GetSnortInstance getSnortInstance;
|
||||
AddPreprocExit addPreprocExit;
|
||||
AddPreprocConfCheck addPreprocConfCheck;
|
||||
RegisterPreprocRuleOpt preprocOptRegister;
|
||||
|
@ -179,16 +336,17 @@ typedef struct _DynamicPreprocessorData
|
|||
AlertQueueAdd alertAdd;
|
||||
GenSnortEvent genSnortEvent;
|
||||
ThresholdCheckFunc thresholdCheck;
|
||||
|
||||
GetInlineMode inlineMode;
|
||||
InlineDropFunc inlineDrop;
|
||||
#ifdef ACTIVE_RESPONSE
|
||||
ActiveEnableFunc activeSetEnabled;
|
||||
#endif
|
||||
|
||||
DetectFunc detect;
|
||||
DisableDetectFunc disableDetect;
|
||||
DisableDetectFunc disableAllDetect;
|
||||
DisableDetectFunc disablePacketAnalysis;
|
||||
EnablePreprocessorFunc enablePreprocessor;
|
||||
|
||||
SetPreprocBitFunc setPreprocBit;
|
||||
|
||||
SessionAPI *sessionAPI;
|
||||
StreamAPI *streamAPI;
|
||||
SearchAPI *searchAPI;
|
||||
|
||||
|
@ -200,27 +358,24 @@ typedef struct _DynamicPreprocessorData
|
|||
|
||||
GetRuleInfoByNameFunc getRuleInfoByName;
|
||||
GetRuleInfoByIdFunc getRuleInfoById;
|
||||
#ifdef HAVE_WCHAR_H
|
||||
#ifdef SF_WCHAR
|
||||
DebugWideMsgFunc debugWideMsg;
|
||||
#endif
|
||||
|
||||
PreprocessFunc preprocess;
|
||||
|
||||
#ifdef DUMP_BUFFER
|
||||
BufferDumpRegisterFunc registerBufferTracer;
|
||||
#endif
|
||||
char **debugMsgFile;
|
||||
int *debugMsgLine;
|
||||
|
||||
|
||||
PreprocStatsRegisterFunc registerPreprocStats;
|
||||
AddPreprocReset addPreprocReset;
|
||||
AddPreprocResetStats addPreprocResetStats;
|
||||
AddPreprocReassemblyPktFunc addPreprocReassemblyPkt;
|
||||
SetPreprocReassemblyPktBitFunc setPreprocReassemblyPktBit;
|
||||
|
||||
DisablePreprocessorsFunc disablePreprocessors;
|
||||
|
||||
#ifdef SUP_IP6
|
||||
IP6BuildFunc ip6Build;
|
||||
IP6SetCallbacksFunc ip6SetCallbacks;
|
||||
#endif
|
||||
|
||||
AlertQueueLog logAlerts;
|
||||
AlertQueueControl resetAlerts;
|
||||
|
@ -231,34 +386,161 @@ typedef struct _DynamicPreprocessorData
|
|||
FindProtocolReferenceFunc findProtocolReference;
|
||||
AddProtocolReferenceFunc addProtocolReference;
|
||||
IsAdaptiveConfiguredFunc isAdaptiveConfigured;
|
||||
IsAdaptiveConfiguredForSnortConfigFunc isAdaptiveConfiguredForSnortConfig;
|
||||
#endif
|
||||
|
||||
AddKeywordOverrideFunc preprocOptOverrideKeyword;
|
||||
AddKeywordByteOrderFunc preprocOptByteOrderKeyword;
|
||||
IsPreprocEnabledFunc isPreprocEnabled;
|
||||
|
||||
#ifdef SNORT_RELOAD
|
||||
AddPreprocReloadVerifyFunc addPreprocReloadVerify;
|
||||
#endif
|
||||
|
||||
PortArrayFunc portObjectCharPortArray;
|
||||
|
||||
GetPolicyFunc getRuntimePolicy;
|
||||
GetPolicyFunc getParserPolicy;
|
||||
GetPolicyFunc getNapRuntimePolicy;
|
||||
GetPolicyFunc getIpsRuntimePolicy;
|
||||
GetParserPolicyFunc getParserPolicy;
|
||||
GetPolicyFunc getDefaultPolicy;
|
||||
SetPolicyFunc setParserPolicy;
|
||||
SetFileDataPtrFunc setFileDataPtr;
|
||||
DetectResetFunc DetectReset;
|
||||
SetAltDecodeFunc SetAltDecode;
|
||||
GetAltDetectFunc GetAltDetect;
|
||||
SetAltDetectFunc SetAltDetect;
|
||||
IsDetectFlagFunc Is_DetectFlag;
|
||||
DetectFlagDisableFunc DetectFlag_Disable;
|
||||
DynamicStrtol SnortStrtol;
|
||||
DynamicStrtoul SnortStrtoul;
|
||||
DynamicStrnStr SnortStrnStr;
|
||||
DynamicStrncpy SnortStrncpy;
|
||||
DynamicStrnPbrk SnortStrnPbrk;
|
||||
DynamicStrcasestr SnortStrcasestr;
|
||||
EvalRTNFunc fpEvalRTN;
|
||||
|
||||
ObfuscationApi *obApi;
|
||||
|
||||
EncodeNew encodeNew;
|
||||
EncodeDelete encodeDelete;
|
||||
EncodeFormat encodeFormat;
|
||||
EncodeUpdate encodeUpdate;
|
||||
|
||||
NewGrinderPktPtr newGrinderPkt;
|
||||
DeleteGrinderPktPtr deleteGrinderPkt;
|
||||
|
||||
AddPreprocFunc addDetect;
|
||||
PafEnabledFunc isPafEnabled;
|
||||
SCPacketTimeFunc pktTime;
|
||||
SCGetPktTimeOfDay getPktTimeOfDay;
|
||||
#ifdef SIDE_CHANNEL
|
||||
SCEnabledFunc isSCEnabled;
|
||||
SCRegisterRXHandlerFunc scRegisterRXHandler;
|
||||
SCPreallocMessageTXFunc scAllocMessageTX;
|
||||
SCEnqueueMessageTXFunc scEnqueueMessageTX;
|
||||
#endif
|
||||
|
||||
GetLogDirectory getLogDirectory;
|
||||
|
||||
ControlSocketRegisterHandlerFunc controlSocketRegisterHandler;
|
||||
RegisterIdleHandler registerIdleHandler;
|
||||
|
||||
GetPolicyFromIdFunc getPolicyFromId;
|
||||
ChangePolicyFunc changeNapRuntimePolicy;
|
||||
ChangePolicyFunc changeIpsRuntimePolicy;
|
||||
InlineDropFunc inlineDropPacket;
|
||||
InlineDropFunc inlineForceDropPacket;
|
||||
InlineDropFunc inlineDropSessionAndReset;
|
||||
InlineDropFunc inlineForceDropSession;
|
||||
InlineDropFunc inlineForceDropSessionAndReset;
|
||||
ActivePacketWasDroppedFunc active_PacketWasDropped;
|
||||
InlineRetryFunc inlineRetryPacket;
|
||||
DynamicIsStrEmpty SnortIsStrEmpty;
|
||||
AddMetaEvalFunc addMetaEval;
|
||||
#ifdef ACTIVE_RESPONSE
|
||||
DynamicSendBlockResponse dynamicSendBlockResponse;
|
||||
#endif
|
||||
DynamicSetFlowId dynamicSetFlowId;
|
||||
#ifdef HAVE_DAQ_EXT_MODFLOW
|
||||
DynamicModifyFlow dynamicModifyFlow;
|
||||
#endif
|
||||
#ifdef HAVE_DAQ_QUERYFLOW
|
||||
DynamicQueryFlow dynamicQueryFlow;
|
||||
#endif
|
||||
AddPeriodicCheck addPeriodicCheck;
|
||||
AddPostConfigFuncs addPostConfigFunc;
|
||||
AddToPostConfList addFuncToPostConfigList;
|
||||
char **snort_conf_dir;
|
||||
AddOutPutModule addOutputModule;
|
||||
CanWhitelist canWhitelist;
|
||||
FileAPI *fileAPI;
|
||||
DisableAllPoliciesFunc disableAllPolicies;
|
||||
ReenablePreprocBitFunc reenablePreprocBit;
|
||||
DynamicCheckValueInRangeFunc checkValueInRange;
|
||||
|
||||
SetHttpBufferFunc setHttpBuffer;
|
||||
GetHttpBufferFunc getHttpBuffer;
|
||||
|
||||
#ifdef ACTIVE_RESPONSE
|
||||
ActiveInjectDataFunc activeInjectData;
|
||||
ActiveResponseFunc activeSendResponse;
|
||||
ActiveQueueResponseFunc activeQueueResponse;
|
||||
#endif
|
||||
GetSSLCallbackFunc getSSLCallback;
|
||||
SetSSLCallbackFunc setSSLCallback;
|
||||
SslAppIdLookupFunc sslAppIdLookup;
|
||||
RegisterSslAppIdLookupFunc registerSslAppIdLookup;
|
||||
|
||||
GetAppIdFunc getAppId;
|
||||
RegisterGetAppIdFunc registerGetAppId;
|
||||
|
||||
UrlQueryCreateFunc urlQueryCreate;
|
||||
UrlQueryDestroyFunc urlQueryDestroy;
|
||||
UrlQueryMatchFunc urlQueryMatch;
|
||||
RegisterUrlQueryFunc registerUrlQuery;
|
||||
|
||||
UserGroupIdGetFunc userGroupIdGet;
|
||||
RegisterUserGroupIdGetFunc registerUserGroupIdGet;
|
||||
|
||||
GeoIpAddressLookupFunc geoIpAddressLookup;
|
||||
RegisterGeoIpAddressLookupFunc registerGeoIpAddressLookup;
|
||||
|
||||
UpdateSSLSSnLogDataFunc updateSSLSSnLogData;
|
||||
RegisterUpdateSSLSSnLogDataFunc registerUpdateSSLSSnLogData;
|
||||
|
||||
EndSSLSSnLogDataFunc endSSLSSnLogData;
|
||||
RegisterEndSSLSSnLogDataFunc registerEndSSLSSnLogData;
|
||||
|
||||
GetSSLActualActionFunc getSSLActualAction;
|
||||
RegisterGetSSLActualActionFunc registerGetSSLActualAction;
|
||||
|
||||
GetIntfDataFunc getIntfData;
|
||||
RegisterGetIntfDataFunc registerGetIntfData;
|
||||
DynamicReadyForProcessFunc readyForProcess;
|
||||
DynamicIsSSLPolicyEnabledFunc isSSLPolicyEnabled;
|
||||
DynamicSetSSLPolicyEnabledFunc setSSLPolicyEnabled;
|
||||
|
||||
/* Preproc's fetch Snort performance indicators. Used by IAB. */
|
||||
GetPerfIndicatorsFunc getPerfIndicators;
|
||||
|
||||
LoadAllLibsFunc loadAllLibs;
|
||||
OpenDynamicLibraryFunc openDynamicLibrary;
|
||||
GetSymbolFunc getSymbol;
|
||||
CloseDynamicLibraryFunc closeDynamicLibrary;
|
||||
|
||||
DynamicGetHttpXffFieldsFunc getHttpXffFields;
|
||||
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
struct AppIdApi *appIdApi;
|
||||
RegisterIsAppIdRequiredFunc registerIsAppIdRequired;
|
||||
UnregisterIsAppIdRequiredFunc unregisterIsAppIdRequired;
|
||||
IsAppIdRequiredFunc isAppIdRequired;
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
ReadModeFunc isReadMode;
|
||||
IsTestModeFunc isTestMode;
|
||||
GetCurrentSnortConfigFunc getCurrentSnortConfig;
|
||||
} DynamicPreprocessorData;
|
||||
|
||||
/* Function prototypes for Dynamic Preprocessor Plugins */
|
||||
void CloseDynamicPreprocessorLibs(void);
|
||||
int LoadDynamicPreprocessor(char *library_name, int indent);
|
||||
void LoadAllDynamicPreprocessors(char *path);
|
||||
int LoadDynamicPreprocessor(const char * const library_name, int indent);
|
||||
void LoadAllDynamicPreprocessors(const char * const path);
|
||||
typedef int (*InitPreprocessorLibFunc)(DynamicPreprocessorData *);
|
||||
|
||||
int InitDynamicPreprocessors(void);
|
||||
|
@ -269,4 +551,5 @@ void RemoveDuplicatePreprocessorPlugins(void);
|
|||
*/
|
||||
NORETURN void DynamicPreprocessorFatalMessage(const char *format, ...);
|
||||
|
||||
extern DynamicPreprocessorData _dpd;
|
||||
#endif /* _SF_DYNAMIC_PREPROCESSOR_H_ */
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
/*
|
||||
** Copyright (C) 1998-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 1998-2013 Sourcefire, Inc.
|
||||
** Adam Keeton
|
||||
** Kevin Liu <kliu@sourcefire.com>
|
||||
**
|
||||
**
|
||||
** $Id$
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -17,7 +18,7 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -25,7 +26,7 @@
|
|||
* sf_ip.c
|
||||
* 11/17/06
|
||||
*
|
||||
* Library for managing IP addresses of either v6 or v4 families.
|
||||
* Library for managing IP addresses of either v6 or v4 families.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -37,32 +38,24 @@
|
|||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
#include <math.h> /* For ceil */
|
||||
#include "sf_types.h" /* For bool */
|
||||
#include "sf_ip.h"
|
||||
|
||||
/* For inet_pton */
|
||||
#ifndef WIN32
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#endif /* WIN32 */
|
||||
|
||||
#if 0
|
||||
/* Support function .. but could see some external uses */
|
||||
static INLINE int sfip_length(sfip_t *ip) {
|
||||
ARG_CHECK1(ip, 0);
|
||||
|
||||
if(sfip_family(ip) == AF_INET) return 4;
|
||||
return 16;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Support function */
|
||||
// note that an ip6 address may have a trailing dotted quad form
|
||||
// but that it always has at least 2 ':'s; furthermore there is
|
||||
// no valid ip4 format (including mask) with 2 ':'s
|
||||
// we don't have to figure out if the format is entirely legal
|
||||
// we just have to be able to tell correct formats apart
|
||||
static INLINE int sfip_str_to_fam(const char *str) {
|
||||
static inline int sfip_str_to_fam(const char *str) {
|
||||
const char* s;
|
||||
ARG_CHECK1(str, 0);
|
||||
s = strchr(str, (int)':');
|
||||
|
@ -72,105 +65,15 @@ static INLINE int sfip_str_to_fam(const char *str) {
|
|||
}
|
||||
|
||||
/* Place-holder allocation incase we want to do something more indepth later */
|
||||
static INLINE sfip_t *_sfip_alloc() {
|
||||
/* Note: using calloc here instead of SnortAlloc since the dynamic libs
|
||||
static inline sfcidr_t *_sfip_alloc() {
|
||||
/* Note: using calloc here instead of SnortAlloc since the dynamic libs
|
||||
* can't presently resolve SnortAlloc */
|
||||
return (sfip_t*)calloc(sizeof(sfip_t), 1);
|
||||
}
|
||||
|
||||
/* Masks off 'val' bits from the IP contained within 'ip' */
|
||||
static INLINE int sfip_cidr_mask(sfip_t *ip, int val) {
|
||||
int i;
|
||||
unsigned int mask = 0;
|
||||
unsigned int *p;
|
||||
int index = (int)ceil(val / 32.0) - 1;
|
||||
|
||||
ARG_CHECK1(ip, SFIP_ARG_ERR);
|
||||
|
||||
p = ip->ip32;
|
||||
|
||||
if( val < 0 ||
|
||||
((sfip_family(ip) == AF_INET6) && val > 128) ||
|
||||
((sfip_family(ip) == AF_INET) && val > 32) ) {
|
||||
return SFIP_ARG_ERR;
|
||||
}
|
||||
|
||||
/* Build the netmask by converting "val" into
|
||||
* the corresponding number of bits that are set */
|
||||
for(i = 0; i < 32- (val - (index * 32)); i++)
|
||||
mask = (mask<<1) + 1;
|
||||
|
||||
p[index] = htonl((ntohl(p[index]) & ~mask));
|
||||
|
||||
index++;
|
||||
|
||||
/* 0 off the rest of the IP */
|
||||
for( ; index<4; index++) p[index] = 0;
|
||||
|
||||
return SFIP_SUCCESS;
|
||||
}
|
||||
|
||||
/* Allocate IP address from a character array describing the IP */
|
||||
sfip_t *sfip_alloc(const char *ip, SFIP_RET *status) {
|
||||
SFIP_RET tmp;
|
||||
sfip_t *ret;
|
||||
|
||||
if(!ip) {
|
||||
if(status)
|
||||
*status = SFIP_ARG_ERR;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if((ret = _sfip_alloc()) == NULL) {
|
||||
if(status)
|
||||
*status = SFIP_ALLOC_ERR;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if( (tmp = sfip_pton(ip, ret)) != SFIP_SUCCESS) {
|
||||
if(status)
|
||||
*status = tmp;
|
||||
|
||||
sfip_free(ret);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if(status)
|
||||
*status = SFIP_SUCCESS;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Allocate IP address from an array of 8 byte integers */
|
||||
sfip_t *sfip_alloc_raw(void *ip, int family, SFIP_RET *status) {
|
||||
sfip_t *ret;
|
||||
|
||||
if(!ip) {
|
||||
if(status)
|
||||
*status = SFIP_ARG_ERR;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if((ret = _sfip_alloc()) == NULL) {
|
||||
if(status)
|
||||
*status = SFIP_ALLOC_ERR;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ret->bits = (family==AF_INET?32:128);
|
||||
ret->family = family;
|
||||
/* XXX Replace with appropriate "high speed" copy */
|
||||
memcpy(ret->ip8, ip, ret->bits/8);
|
||||
|
||||
if(status)
|
||||
*status = SFIP_SUCCESS;
|
||||
|
||||
return ret;
|
||||
return (sfcidr_t*)calloc(sizeof(sfcidr_t), 1);
|
||||
}
|
||||
|
||||
/* Support function for _netmask_str_to_bit_count */
|
||||
static INLINE int _count_bits(unsigned int val) {
|
||||
unsigned int count;
|
||||
static inline int _count_bits(unsigned int val) {
|
||||
unsigned int count;
|
||||
|
||||
for (count = 0; val; count++) {
|
||||
val &= val - 1;
|
||||
|
@ -181,14 +84,14 @@ static INLINE int _count_bits(unsigned int val) {
|
|||
|
||||
/* Support function for sfip_pton. Used for converting a netmask string
|
||||
* into a number of bits to mask off */
|
||||
static INLINE int _netmask_str_to_bit_count(char *mask, int family) {
|
||||
u_int32_t buf[4];
|
||||
static inline int _netmask_str_to_bit_count(char *mask, int family) {
|
||||
uint32_t buf[4];
|
||||
int bits, i, nBits, nBytes;
|
||||
u_int8_t* bytes = (u_int8_t*)buf;
|
||||
uint8_t* bytes = (uint8_t*)buf;
|
||||
|
||||
/* XXX
|
||||
* Mask not validated.
|
||||
* Only sfip_pton should be using this function, and using it safely.
|
||||
/* XXX
|
||||
* Mask not validated.
|
||||
* Only sfip_pton should be using this function, and using it safely.
|
||||
* XXX */
|
||||
|
||||
if(inet_pton(family, mask, buf) < 1)
|
||||
|
@ -223,28 +126,66 @@ static INLINE int _netmask_str_to_bit_count(char *mask, int family) {
|
|||
return bits;
|
||||
}
|
||||
|
||||
/* Masks off 'val' bits from the IP contained within 'ip' */
|
||||
static inline int sfip_cidr_mask(sfaddr_t *ip, int val) {
|
||||
uint32_t *p;
|
||||
int index = (int)ceil(val / 32.0) - 1;
|
||||
int bits;
|
||||
|
||||
ARG_CHECK1(ip, SFIP_ARG_ERR);
|
||||
|
||||
p = sfaddr_get_ip6_ptr(ip);
|
||||
|
||||
if( val < 0 || val > 128)
|
||||
return SFIP_ARG_ERR;
|
||||
|
||||
if (val == 128)
|
||||
return SFIP_SUCCESS;
|
||||
|
||||
/* Build the netmask by converting "val" into
|
||||
* the corresponding number of bits that are set */
|
||||
bits = 32 - (val - (index * 32));
|
||||
if (bits)
|
||||
{
|
||||
unsigned int mask;
|
||||
|
||||
mask = ~0;
|
||||
mask >>= bits;
|
||||
mask <<= bits;
|
||||
p[index] &= htonl(mask);
|
||||
}
|
||||
|
||||
index++;
|
||||
|
||||
/* 0 off the rest of the IP */
|
||||
for( ; index<4; index++) p[index] = 0;
|
||||
|
||||
return SFIP_SUCCESS;
|
||||
}
|
||||
|
||||
/* Parses "src" and stores results in "dst" */
|
||||
SFIP_RET sfip_pton(const char *src, sfip_t *dst) {
|
||||
static SFIP_RET _sfip_pton(const char *src, sfaddr_t *dst, uint16_t *srcBits) {
|
||||
char *mask;
|
||||
char *sfip_buf;
|
||||
char *ip;
|
||||
int bits;
|
||||
int family;
|
||||
|
||||
if(!dst || !src)
|
||||
if(!dst || !src)
|
||||
return SFIP_ARG_ERR;
|
||||
|
||||
if((sfip_buf = strdup(src)) == NULL)
|
||||
|
||||
if((sfip_buf = strdup(src)) == NULL)
|
||||
return SFIP_ALLOC_ERR;
|
||||
|
||||
ip = sfip_buf;
|
||||
dst->family = sfip_str_to_fam(src);
|
||||
family = sfip_str_to_fam(src);
|
||||
|
||||
/* skip whitespace or opening bracket */
|
||||
while(isspace((int)*ip) || (*ip == '[')) ip++;
|
||||
|
||||
/* check for and extract a mask in CIDR form */
|
||||
if( (mask = strchr(ip, (int)'/')) != NULL ) {
|
||||
/* NULL out this character so inet_pton will see the
|
||||
/* NULL out this character so inet_pton will see the
|
||||
* correct ending to the IP string */
|
||||
char* end = mask++;
|
||||
while ( (end > ip) && isspace((int)end[-1]) ) end--;
|
||||
|
@ -253,23 +194,23 @@ SFIP_RET sfip_pton(const char *src, sfip_t *dst) {
|
|||
while(isspace((int)*mask)) mask++;
|
||||
|
||||
/* verify a leading digit */
|
||||
if(((dst->family == AF_INET6) && !isxdigit((int)*mask)) ||
|
||||
((dst->family == AF_INET) && !isdigit((int)*mask))) {
|
||||
free(sfip_buf);
|
||||
if(((family == AF_INET6) && !isxdigit((int)*mask)) ||
|
||||
((family == AF_INET) && !isdigit((int)*mask))) {
|
||||
free(sfip_buf);
|
||||
return SFIP_CIDR_ERR;
|
||||
}
|
||||
|
||||
/* Check if there's a netmask here instead of the number of bits */
|
||||
if(strchr(mask, (int)'.') || strchr(mask, (int)':'))
|
||||
if(strchr(mask, (int)'.') || strchr(mask, (int)':'))
|
||||
bits = _netmask_str_to_bit_count(mask, sfip_str_to_fam(mask));
|
||||
else
|
||||
bits = atoi(mask);
|
||||
}
|
||||
else if(
|
||||
/* If this is IPv4, ia ':' may used specified to indicate a netmask */
|
||||
((dst->family == AF_INET) && (mask = strchr(ip, (int)':')) != NULL) ||
|
||||
((family == AF_INET) && (mask = strchr(ip, (int)':')) != NULL) ||
|
||||
|
||||
/* We've already skipped the leading whitespace, if there is more
|
||||
/* We've already skipped the leading whitespace, if there is more
|
||||
* whitespace, then there's probably a netmask specified after it. */
|
||||
(mask = strchr(ip, (int)' ')) != NULL
|
||||
) {
|
||||
|
@ -282,89 +223,228 @@ SFIP_RET sfip_pton(const char *src, sfip_t *dst) {
|
|||
|
||||
/* Make sure we're either looking at a valid digit, or a leading
|
||||
* colon, such as can be the case with IPv6 */
|
||||
if(((dst->family == AF_INET) && isdigit((int)*mask)) ||
|
||||
((dst->family == AF_INET6) && (isxdigit((int)*mask) || *mask == ':'))) {
|
||||
if(((family == AF_INET) && isdigit((int)*mask)) ||
|
||||
((family == AF_INET6) && (isxdigit((int)*mask) || *mask == ':'))) {
|
||||
bits = _netmask_str_to_bit_count(mask, sfip_str_to_fam(mask));
|
||||
}
|
||||
}
|
||||
/* No netmask */
|
||||
else {
|
||||
if(dst->family == AF_INET) bits = 32;
|
||||
else bits = 128;
|
||||
else {
|
||||
if(family == AF_INET) bits = 32;
|
||||
else bits = 128;
|
||||
}
|
||||
}
|
||||
/* No netmask */
|
||||
else {
|
||||
if(dst->family == AF_INET) bits = 32;
|
||||
else bits = 128;
|
||||
if(family == AF_INET) bits = 32;
|
||||
else bits = 128;
|
||||
}
|
||||
|
||||
if(inet_pton(dst->family, ip, dst->ip8) < 1) {
|
||||
free(sfip_buf);
|
||||
if(sfip_convert_ip_text_to_binary(family, ip, sfaddr_get_ip6_ptr(dst)) != SFIP_SUCCESS) {
|
||||
free(sfip_buf);
|
||||
return SFIP_INET_PARSE_ERR;
|
||||
}
|
||||
dst->family = family;
|
||||
|
||||
/* Store mask */
|
||||
dst->bits = bits;
|
||||
bits += (family == AF_INET && bits >= 0) ? 96 : 0;
|
||||
|
||||
/* Apply mask */
|
||||
if(sfip_cidr_mask(dst, bits) != SFIP_SUCCESS) {
|
||||
free(sfip_buf);
|
||||
return SFIP_INVALID_MASK;
|
||||
}
|
||||
|
||||
|
||||
*srcBits = bits;
|
||||
free(sfip_buf);
|
||||
return SFIP_SUCCESS;
|
||||
}
|
||||
|
||||
/* Sets existing IP, "dst", to be source IP, "src" */
|
||||
SFIP_RET sfip_set_raw(sfip_t *dst, void *src, int family) {
|
||||
|
||||
ARG_CHECK3(dst, src, dst->ip32, SFIP_ARG_ERR);
|
||||
/* Allocate IP address from a character array describing the IP */
|
||||
sfcidr_t *sfip_alloc(const char *ip, SFIP_RET *status) {
|
||||
SFIP_RET tmp;
|
||||
sfcidr_t *ret;
|
||||
|
||||
dst->family = family;
|
||||
|
||||
if(family == AF_INET) {
|
||||
dst->ip32[0] = *(u_int32_t*)src;
|
||||
memset(&dst->ip32[1], 0, 12);
|
||||
dst->bits = 32;
|
||||
} else if(family == AF_INET6) {
|
||||
memcpy(dst->ip8, src, 16);
|
||||
dst->bits = 128;
|
||||
} else {
|
||||
return SFIP_ARG_ERR;
|
||||
if(!ip) {
|
||||
if(status)
|
||||
*status = SFIP_ARG_ERR;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return SFIP_SUCCESS;
|
||||
|
||||
if((ret = _sfip_alloc()) == NULL) {
|
||||
if(status)
|
||||
*status = SFIP_ALLOC_ERR;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if( (tmp = sfip_pton(ip, ret)) != SFIP_SUCCESS) {
|
||||
if(status)
|
||||
*status = tmp;
|
||||
|
||||
sfip_free(ret);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if(status)
|
||||
*status = SFIP_SUCCESS;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Allocate IP address from a character array describing the IP */
|
||||
sfaddr_t *sfaddr_alloc(const char *ip, SFIP_RET *status) {
|
||||
SFIP_RET tmp;
|
||||
sfaddr_t *ret;
|
||||
uint16_t bits;
|
||||
|
||||
if(!ip) {
|
||||
if(status)
|
||||
*status = SFIP_ARG_ERR;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if((ret = (sfaddr_t*)calloc(sizeof(sfaddr_t), 1)) == NULL) {
|
||||
if(status)
|
||||
*status = SFIP_ALLOC_ERR;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if( (tmp = _sfip_pton(ip, ret, &bits)) != SFIP_SUCCESS ) {
|
||||
if(status)
|
||||
*status = tmp;
|
||||
|
||||
sfaddr_free(ret);
|
||||
return NULL;
|
||||
}
|
||||
if (bits != 128)
|
||||
{
|
||||
if(status)
|
||||
*status = SFIP_INET_PARSE_ERR;
|
||||
|
||||
sfaddr_free(ret);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if(status)
|
||||
*status = SFIP_SUCCESS;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Allocate IP address from an array of 8 byte integers */
|
||||
sfaddr_t *sfip_alloc_raw(void *ip, int family, SFIP_RET *status) {
|
||||
sfaddr_t *ret;
|
||||
|
||||
if(!ip) {
|
||||
if(status)
|
||||
*status = SFIP_ARG_ERR;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if((ret = (sfaddr_t*)calloc(sizeof(sfaddr_t), 1)) == NULL) {
|
||||
if(status)
|
||||
*status = SFIP_ALLOC_ERR;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
sfip_set_raw(ret, ip, family);
|
||||
|
||||
if(status)
|
||||
*status = SFIP_SUCCESS;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Converts string IP format to an array of values. Also checks IP address format.
|
||||
Specifically look for issues that inet_pton either overlooks or is inconsistent
|
||||
about. */
|
||||
SFIP_RET sfip_convert_ip_text_to_binary( const int family, const char *ip, void *dst)
|
||||
{
|
||||
const char *my_ip;
|
||||
sfaddr_t* addr;
|
||||
|
||||
my_ip = ip;
|
||||
|
||||
if( my_ip == NULL )
|
||||
return( SFIP_FAILURE );
|
||||
|
||||
/* Across platforms, inet_pton() is inconsistent about leading 0's in
|
||||
AF_INET (ie IPv4 addresses. */
|
||||
if( family == AF_INET ) {
|
||||
char chr;
|
||||
bool new_octet;
|
||||
|
||||
new_octet = true;
|
||||
while( (chr = *my_ip++) != '\0') {
|
||||
|
||||
/* If we are at the first char of a new octet, look for a leading zero
|
||||
followed by another digit */
|
||||
if( new_octet && (chr == '0') && isdigit(*my_ip))
|
||||
return( SFIP_INET_PARSE_ERR );
|
||||
|
||||
/* when we see an octet separator, set the flag to start looking for a
|
||||
leading zero. */
|
||||
new_octet = (chr == '.');
|
||||
}
|
||||
addr = (sfaddr_t*)dst;
|
||||
addr->ia32[0] = addr->ia32[1] = addr->ia16[4] = 0;
|
||||
addr->ia16[5] = 0xFFFF;
|
||||
dst = &addr->ia32[3];
|
||||
}
|
||||
|
||||
if( inet_pton(family, ip, dst) < 1 )
|
||||
return( SFIP_INET_PARSE_ERR );
|
||||
|
||||
return( SFIP_SUCCESS ); /* Otherwise, ip is OK */
|
||||
}
|
||||
|
||||
SFIP_RET sfaddr_pton(const char *src, sfaddr_t *dst) {
|
||||
SFIP_RET ret;
|
||||
uint16_t bits;
|
||||
|
||||
ret = _sfip_pton(src, dst, &bits);
|
||||
if (ret == SFIP_SUCCESS && bits != 128)
|
||||
return SFIP_INET_PARSE_ERR;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
SFIP_RET sfip_pton(const char *src, sfcidr_t *dst) {
|
||||
return _sfip_pton(src, &dst->addr, &dst->bits);
|
||||
}
|
||||
|
||||
/* Sets existing IP, "dst", to be source IP, "src" */
|
||||
SFIP_RET sfip_set_ip(sfip_t *dst, sfip_t *src) {
|
||||
ARG_CHECK2(dst, src, SFIP_ARG_ERR);
|
||||
SFIP_RET sfip_set_raw(sfaddr_t *dst, const void *src, int family) {
|
||||
|
||||
dst->family = src->family;
|
||||
dst->bits = src->bits;
|
||||
dst->ip32[0] = src->ip32[0];
|
||||
dst->ip32[1] = src->ip32[1];
|
||||
dst->ip32[2] = src->ip32[2];
|
||||
dst->ip32[3] = src->ip32[3];
|
||||
ARG_CHECK3(dst, src, sfaddr_get_ip6_ptr(dst), SFIP_ARG_ERR);
|
||||
|
||||
dst->family = family;
|
||||
if(family == AF_INET) {
|
||||
dst->ia32[0] = dst->ia32[1] = dst->ia16[4] = 0;
|
||||
dst->ia16[5] = 0xFFFF;
|
||||
dst->ia32[3] = *(uint32_t*)src;
|
||||
} else if(family == AF_INET6) {
|
||||
memcpy(sfaddr_get_ip6_ptr(dst), src, 16);
|
||||
} else {
|
||||
return SFIP_ARG_ERR;
|
||||
}
|
||||
|
||||
return SFIP_SUCCESS;
|
||||
}
|
||||
|
||||
/* Obfuscates an IP
|
||||
* Makes 'ip': ob | (ip & mask) */
|
||||
void sfip_obfuscate(sfip_t *ob, sfip_t *ip) {
|
||||
unsigned int *ob_p, *ip_p;
|
||||
void sfip_obfuscate(sfcidr_t *ob, sfaddr_t *ip) {
|
||||
uint32_t *ob_p, *ip_p;
|
||||
int index, i;
|
||||
unsigned int mask = 0;
|
||||
|
||||
if(!ob || !ip)
|
||||
return;
|
||||
|
||||
ob_p = ob->ip32;
|
||||
ip_p = ip->ip32;
|
||||
ob_p = sfip_get_ip6_ptr(ob);
|
||||
ip_p = sfaddr_get_ip6_ptr(ip);
|
||||
|
||||
/* Build the netmask by converting "val" into
|
||||
/* Build the netmask by converting "val" into
|
||||
* the corresponding number of bits that are set */
|
||||
index = (int)ceil(ob->bits / 32.0) - 1;
|
||||
|
||||
|
@ -387,49 +467,27 @@ void sfip_obfuscate(sfip_t *ob, sfip_t *ip) {
|
|||
}
|
||||
|
||||
|
||||
/* Check if ip is contained within the network specified by net */
|
||||
/* Returns SFIP_EQUAL if so.
|
||||
* XXX sfip_contains assumes that "ip" is
|
||||
/* Check if ip is contained within the network specified by net */
|
||||
/* Returns SFIP_EQUAL if so.
|
||||
* XXX sfip_contains assumes that "ip" is
|
||||
* not less-specific than "net" XXX
|
||||
*/
|
||||
SFIP_RET sfip_contains(sfip_t *net, sfip_t *ip) {
|
||||
SFIP_RET sfip_contains(const sfcidr_t *net, const sfaddr_t *ip) {
|
||||
unsigned int bits, mask, temp, i;
|
||||
int net_fam, ip_fam;
|
||||
unsigned int *p1, *p2;
|
||||
const uint32_t *p1, *p2;
|
||||
|
||||
/* SFIP_CONTAINS is returned here due to how IpAddrSetContains
|
||||
/* SFIP_CONTAINS is returned here due to how IpAddrSetContains
|
||||
* handles zero'ed IPs" */
|
||||
ARG_CHECK2(net, ip, SFIP_CONTAINS);
|
||||
|
||||
bits = sfip_bits(net);
|
||||
net_fam = sfip_family(net);
|
||||
ip_fam = sfip_family(ip);
|
||||
|
||||
/* If the families are mismatched, check if we're really comparing
|
||||
* an IPv4 with a mapped IPv4 (in IPv6) address. */
|
||||
if(net_fam != ip_fam) {
|
||||
if((net_fam != AF_INET) || !sfip_ismapped(ip))
|
||||
return SFIP_ARG_ERR;
|
||||
|
||||
/* Both are really IPv4. Only compare last 4 bytes of 'ip'*/
|
||||
p1 = net->ip32;
|
||||
p2 = &ip->ip32[3];
|
||||
|
||||
/* Mask off bits */
|
||||
bits = 32 - bits;
|
||||
temp = (ntohl(*p2) >> bits) << bits;
|
||||
|
||||
if(ntohl(*p1) == temp) return SFIP_CONTAINS;
|
||||
|
||||
return SFIP_NOT_CONTAINS;
|
||||
}
|
||||
|
||||
p1 = net->ip32;
|
||||
p2 = ip->ip32;
|
||||
p1 = sfip_get_ip6_ptr(net);
|
||||
p2 = sfaddr_get_ip6_ptr(ip);
|
||||
|
||||
/* Iterate over each 32 bit segment */
|
||||
for(i=0; i < bits/32 && i < 3; i++, p1++, p2++) {
|
||||
if(*p1 != *p2)
|
||||
for(i=0; i < bits/32; i++, p1++, p2++) {
|
||||
if(*p1 != *p2)
|
||||
return SFIP_NOT_CONTAINS;
|
||||
}
|
||||
|
||||
|
@ -442,136 +500,134 @@ SFIP_RET sfip_contains(sfip_t *net, sfip_t *ip) {
|
|||
temp = ntohl(*p2);
|
||||
temp = (temp >> mask) << mask;
|
||||
|
||||
/* If p1 was setup correctly through this library, there is no need to
|
||||
/* If p1 was setup correctly through this library, there is no need to
|
||||
* mask off any bits of its own. */
|
||||
if(ntohl(*p1) == temp)
|
||||
if(ntohl(*p1) == temp)
|
||||
return SFIP_CONTAINS;
|
||||
|
||||
return SFIP_NOT_CONTAINS;
|
||||
|
||||
}
|
||||
|
||||
void sfip_raw_ntop(int family, const void *ip_raw, char *buf, int bufsize) {
|
||||
int i;
|
||||
|
||||
if(!ip_raw || !buf || !bufsize ||
|
||||
(family != AF_INET && family != AF_INET6) ||
|
||||
void sfip_raw_ntop(int family, const void *ip_raw, char *buf, int bufsize)
|
||||
{
|
||||
if(!ip_raw || !buf ||
|
||||
(family != AF_INET && family != AF_INET6) ||
|
||||
/* Make sure if it's IPv6 that the buf is large enough. */
|
||||
/* Need atleast a max of 8 fields of 4 bytes plus 7 for colons in
|
||||
/* Need atleast a max of 8 fields of 4 bytes plus 7 for colons in
|
||||
* between. Need 1 more byte for null. */
|
||||
(family == AF_INET6 && bufsize < 8*4 + 7 + 1) ||
|
||||
(family == AF_INET6 && bufsize < INET6_ADDRSTRLEN) ||
|
||||
/* Make sure if it's IPv4 that the buf is large enough. */
|
||||
/* 4 fields of 3 numbers, plus 3 dots and a null byte */
|
||||
(family == AF_INET && bufsize < 3*4 + 4) )
|
||||
(family == AF_INET && bufsize < INET_ADDRSTRLEN) )
|
||||
{
|
||||
if(buf && bufsize > 0) buf[0] = 0;
|
||||
return;
|
||||
}
|
||||
|
||||
#if defined(HAVE_INET_NTOP) && !defined(REG_TEST)
|
||||
if (!inet_ntop(family, ip_raw, buf, bufsize))
|
||||
snprintf(buf, bufsize, "ERROR");
|
||||
#else
|
||||
/* 4 fields of at most 3 characters each */
|
||||
if(family == AF_INET) {
|
||||
u_int8_t *p = (u_int8_t*)ip_raw;
|
||||
int i;
|
||||
uint8_t *p = (uint8_t*)ip_raw;
|
||||
|
||||
for(i=0; p < ((u_int8_t*)ip_raw) + 4; p++) {
|
||||
for(i=0; p < ((uint8_t*)ip_raw) + 4; p++) {
|
||||
i += sprintf(&buf[i], "%d", *p);
|
||||
|
||||
/* If this is the last iteration, this could technically cause one
|
||||
* extra byte to be written past the end. */
|
||||
if(i < bufsize && ((p + 1) < ((u_int8_t*)ip_raw+4)))
|
||||
if(i < bufsize && ((p + 1) < ((uint8_t*)ip_raw+4)))
|
||||
buf[i] = '.';
|
||||
|
||||
i++;
|
||||
}
|
||||
|
||||
/* Check if this is really just an IPv4 address represented as 6,
|
||||
/* Check if this is really just an IPv4 address represented as 6,
|
||||
* in compatible format */
|
||||
#if 0
|
||||
}
|
||||
}
|
||||
else if(!field[0] && !field[1] && !field[2]) {
|
||||
unsigned char *p = (unsigned char *)(&ip->ip[12]);
|
||||
|
||||
for(i=0; p < &ip->ip[16]; p++)
|
||||
for(i=0; p < &ip->ip[16]; p++)
|
||||
i += sprintf(&buf[i], "%d.", *p);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
else {
|
||||
u_int16_t *p = (u_int16_t*)ip_raw;
|
||||
int i;
|
||||
uint16_t *p = (uint16_t*)ip_raw;
|
||||
|
||||
for(i=0; p < ((u_int16_t*)ip_raw) + 8; p++) {
|
||||
for(i=0; p < ((uint16_t*)ip_raw) + 8; p++) {
|
||||
i += sprintf(&buf[i], "%04x", ntohs(*p));
|
||||
|
||||
/* If this is the last iteration, this could technically cause one
|
||||
* extra byte to be written past the end. */
|
||||
if(i < bufsize && ((p + 1) < ((u_int16_t*)ip_raw) + 8))
|
||||
if(i < bufsize && ((p + 1) < ((uint16_t*)ip_raw) + 8))
|
||||
buf[i] = ':';
|
||||
|
||||
i++;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
void sfip_ntop(const sfaddr_t *ip, char *buf, int bufsize)
|
||||
{
|
||||
int family;
|
||||
if(!ip)
|
||||
{
|
||||
if(buf && bufsize > 0) buf[0] = 0;
|
||||
return;
|
||||
}
|
||||
|
||||
family = sfaddr_family(ip);
|
||||
sfip_raw_ntop(family, sfaddr_get_ptr(ip), buf, bufsize);
|
||||
}
|
||||
|
||||
/* Uses a static buffer to return a string representation of the IP */
|
||||
char *sfip_to_str(const sfip_t *ip) {
|
||||
/* IPv6 addresses will be at most 8 fields, of 4 characters each,
|
||||
* with 7 colons inbetween, one NULL, and one fudge byte for sloppy use
|
||||
* in sfip_to_strbuf */
|
||||
static char buf[8*4 + 7 + 1 + 1];
|
||||
char *sfip_to_str(const sfaddr_t *ip)
|
||||
{
|
||||
static char buf[INET6_ADDRSTRLEN];
|
||||
|
||||
if(!ip)
|
||||
return NULL;
|
||||
sfip_ntop(ip, buf, sizeof(buf));
|
||||
|
||||
sfip_raw_ntop(sfip_family(ip), ip->ip32, buf, sizeof(buf));
|
||||
|
||||
return buf;
|
||||
}
|
||||
|
||||
void sfip_free(sfip_t *ip) {
|
||||
void sfip_free(sfcidr_t *ip) {
|
||||
if(ip) free(ip);
|
||||
}
|
||||
|
||||
void sfaddr_free(sfaddr_t *ip) {
|
||||
if(ip) free(ip);
|
||||
}
|
||||
|
||||
/* Returns 1 if the IP is non-zero. 0 otherwise */
|
||||
int sfip_is_loopback(sfip_t *ip) {
|
||||
unsigned int *p;
|
||||
int sfip_is_loopback(const sfaddr_t *ip) {
|
||||
|
||||
ARG_CHECK1(ip, 0);
|
||||
|
||||
if(sfip_family(ip) == AF_INET) {
|
||||
// 127.0.0.0/8 is IPv4 loopback
|
||||
return (ip->ip8[0] == 0x7f);
|
||||
/* Check the first 80 bits in an IPv6 address, and */
|
||||
/* verify they're zero. If not, it's not a loopback */
|
||||
if(ip->ia32[0] || ip->ia32[1] || ip->ia16[4])
|
||||
return 0;
|
||||
|
||||
if(ip->ia16[5] == 0xFFFF)
|
||||
{
|
||||
/* ::ffff:7f00:0/104 is ipv4 compatible ipv6 */
|
||||
return (ip->ia8[12] == 0x7f);
|
||||
}
|
||||
|
||||
p = ip->ip32;
|
||||
|
||||
/* Check the first 64 bits in an IPv6 address, and */
|
||||
/* verify they're zero. If not, it's not a loopback */
|
||||
if(p[0] || p[1]) return 0;
|
||||
|
||||
/* Check if the 3rd 32-bit int is zero */
|
||||
if ( p[2] == 0 ) {
|
||||
if(!ip->ia16[5])
|
||||
{
|
||||
/* ::7f00:0/104 is ipv4 compatible ipv6 */
|
||||
/* ::1 is the IPv6 loopback */
|
||||
return ( (ip->ip8[12] == 0x7f) || (ntohl(p[3]) == 0x1) );
|
||||
}
|
||||
/* Check the 3rd 32-bit int for a mapped IPv4 address */
|
||||
if ( ntohl(p[2]) == 0xffff ) {
|
||||
/* ::ffff:127.0.0.0/104 is IPv4 loopback mapped over IPv6 */
|
||||
return ( ip->ip8[12] == 0x7f );
|
||||
return (ip->ia32[3] == htonl(0x1) || ip->ia8[12] == 0x7f);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int sfip_ismapped(sfip_t *ip) {
|
||||
unsigned int *p;
|
||||
|
||||
ARG_CHECK1(ip, 0);
|
||||
|
||||
if(sfip_family(ip) == AF_INET)
|
||||
return 0;
|
||||
|
||||
p = ip->ip32;
|
||||
|
||||
if(p[0] || p[1] || (ntohl(p[2]) != 0xffff && p[2] != 0)) return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
/*
|
||||
** Copyright (C) 1998-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 1998-2013 Sourcefire, Inc.
|
||||
** Adam Keeton
|
||||
** Kevin Liu <kliu@sourcefire.com>
|
||||
*
|
||||
*
|
||||
** $ID: $
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
|
@ -18,7 +19,7 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -30,23 +31,18 @@
|
|||
#ifndef SF_IP_H
|
||||
#define SF_IP_H
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#ifndef WIN32
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#endif
|
||||
|
||||
#ifdef SF_IP_TEST
|
||||
#define INLINE inline
|
||||
#else
|
||||
#include "debug.h" /* for INLINE definition */
|
||||
#ifdef WIN32
|
||||
#include <ws2tcpip.h>
|
||||
#endif
|
||||
|
||||
#include "sf_types.h"
|
||||
#include "snort_debug.h" /* for inline definition */
|
||||
|
||||
/* define SFIP_ROBUST to check pointers passed into the sfip libs.
|
||||
* Robustification should not be enabled if the client code is trustworthy.
|
||||
|
@ -70,30 +66,103 @@
|
|||
|
||||
#else
|
||||
|
||||
#define ARG_CHECK1(a, z)
|
||||
#define ARG_CHECK2(a, b, z)
|
||||
#define ARG_CHECK1(a, z)
|
||||
#define ARG_CHECK2(a, b, z)
|
||||
#define ARG_CHECK3(a, b, c, z)
|
||||
|
||||
#endif
|
||||
|
||||
typedef struct _ip {
|
||||
int family;
|
||||
int bits;
|
||||
#ifndef WIN32
|
||||
#if !defined(s6_addr8)
|
||||
#define s6_addr8 __u6_addr.__u6_addr8
|
||||
#endif
|
||||
#if !defined(s6_addr16)
|
||||
#define s6_addr16 __u6_addr.__u6_addr16
|
||||
#endif
|
||||
#if !defined(s6_addr32)
|
||||
#define s6_addr32 __u6_addr.__u6_addr32
|
||||
#endif
|
||||
|
||||
/* see sfip_size(): these address bytes
|
||||
* must be the last field in this struct */
|
||||
union
|
||||
{
|
||||
u_int8_t u6_addr8[16];
|
||||
u_int16_t u6_addr16[8];
|
||||
u_int32_t u6_addr32[4];
|
||||
/* u_int64_t u6_addr64[2]; */
|
||||
} ip;
|
||||
#define ip8 ip.u6_addr8
|
||||
#define ip16 ip.u6_addr16
|
||||
#define ip32 ip.u6_addr32
|
||||
/* #define ip64 ip.u6_addr64 */
|
||||
} sfip_t;
|
||||
#ifdef _WIN32
|
||||
#pragma pack(push,1)
|
||||
#endif
|
||||
|
||||
struct _sfaddr
|
||||
{
|
||||
struct in6_addr ip;
|
||||
uint16_t family;
|
||||
# define ia8 ip.s6_addr
|
||||
# define ia16 ip.s6_addr16
|
||||
# define ia32 ip.s6_addr32
|
||||
#ifdef _WIN32
|
||||
};
|
||||
#pragma pack(pop)
|
||||
#else
|
||||
} __attribute__((__packed__));
|
||||
#endif
|
||||
typedef struct _sfaddr sfaddr_t;
|
||||
|
||||
#ifdef _WIN32
|
||||
#pragma pack(push,1)
|
||||
#endif
|
||||
|
||||
struct _ip {
|
||||
sfaddr_t addr;
|
||||
uint16_t bits;
|
||||
# define ip8 addr.ip.s6_addr
|
||||
# define ip16 addr.ip.s6_addr16
|
||||
# define ip32 addr.ip.s6_addr32
|
||||
# define ip_family addr.family
|
||||
#ifdef _WIN32
|
||||
};
|
||||
#pragma pack(pop)
|
||||
#else
|
||||
} __attribute__((__packed__));
|
||||
#endif
|
||||
|
||||
typedef struct _ip sfcidr_t;
|
||||
|
||||
#else // WIN32 Build
|
||||
#if !defined(s6_addr8)
|
||||
#define s6_addr8 u.u6_addr8
|
||||
#endif
|
||||
#if !defined(s6_addr16)
|
||||
#define s6_addr16 u.u6_addr16
|
||||
#endif
|
||||
#if !defined(s6_addr32)
|
||||
#define s6_addr32 u.u6_addr32
|
||||
#endif
|
||||
|
||||
struct sf_in6_addr {
|
||||
union {
|
||||
uint8_t u6_addr8[16];
|
||||
uint16_t u6_addr16[8];
|
||||
uint32_t u6_addr32[4];
|
||||
} in6_u;
|
||||
};
|
||||
|
||||
#pragma pack(push,1)
|
||||
struct _sfaddr {
|
||||
struct in6_addr ip;
|
||||
uint16_t family;
|
||||
# define ia8 ip.s6_addr
|
||||
# define ia16 ip.s6_addr16
|
||||
# define ia32 ip.s6_addr32
|
||||
};
|
||||
typedef struct _sfaddr sfaddr_t;
|
||||
|
||||
struct _ip {
|
||||
sfaddr_t addr;
|
||||
uint16_t bits;
|
||||
# define ip8 addr.ip.s6_addr
|
||||
# define ip16 addr.ip.s6_addr16
|
||||
# define ip32 addr.ip.s6_addr32
|
||||
# define ip_family addr.family
|
||||
};
|
||||
typedef struct _ip sfcidr_t;
|
||||
#pragma pack(pop)
|
||||
|
||||
#endif // WIN32
|
||||
|
||||
typedef enum _return_values {
|
||||
SFIP_SUCCESS=0,
|
||||
|
@ -112,7 +181,8 @@ typedef enum _return_values {
|
|||
SFIP_LOOKUP_FAILURE, /* Failed to lookup a variable from the table */
|
||||
SFIP_UNMATCHED_BRACKET, /* IP lists that are missing a closing bracket */
|
||||
SFIP_NOT_ANY, /* For !any */
|
||||
SFIP_CONFLICT /* For IP conflicts in IP lists */
|
||||
SFIP_CONFLICT, /* For IP conflicts in IP lists */
|
||||
SFIP_INVALID_VAR /* variable definition is invalid */
|
||||
} SFIP_RET;
|
||||
|
||||
|
||||
|
@ -120,51 +190,62 @@ typedef enum _return_values {
|
|||
|
||||
/* Parses "src" and stores results in "dst" */
|
||||
/* If the conversion is invalid, returns SFIP_FAILURE */
|
||||
SFIP_RET sfip_pton(const char *src, sfip_t *dst);
|
||||
SFIP_RET sfaddr_pton(const char *src, sfaddr_t *dst);
|
||||
SFIP_RET sfip_pton(const char *src, sfcidr_t *dst);
|
||||
|
||||
/* Allocate IP address from a character array describing the IP */
|
||||
sfip_t *sfip_alloc(const char *ip, SFIP_RET *status);
|
||||
sfcidr_t *sfip_alloc(const char *ip, SFIP_RET *status);
|
||||
|
||||
/* Frees an sfip_t */
|
||||
void sfip_free(sfip_t *ip);
|
||||
/* Frees an sfcidr_t */
|
||||
void sfip_free(sfcidr_t *ip);
|
||||
|
||||
/* Allocate IP address from an array of integers. The array better be
|
||||
/* Allocate IP address from a character array describing the IP */
|
||||
sfaddr_t *sfaddr_alloc(const char *ip, SFIP_RET *status);
|
||||
|
||||
/* Frees an sfaddr_t */
|
||||
void sfaddr_free(sfaddr_t *ip);
|
||||
|
||||
/* Allocate IP address from an array of integers. The array better be
|
||||
* long enough for the given family! */
|
||||
sfip_t *sfip_alloc_raw(void *ip, int family, SFIP_RET *status);
|
||||
sfaddr_t *sfip_alloc_raw(void *ip, int family, SFIP_RET *status);
|
||||
|
||||
/* Sets existing IP, "dst", to a raw source IP (4 or 16 bytes,
|
||||
/* Sets existing IP, "dst", to a raw source IP (4 or 16 bytes,
|
||||
* according to family) */
|
||||
SFIP_RET sfip_set_raw(sfip_t *dst, void *src, int src_family);
|
||||
SFIP_RET sfip_set_raw(sfaddr_t *dst, const void *src, int src_family);
|
||||
|
||||
/* Sets existing IP, "dst", to be source IP, "src" */
|
||||
SFIP_RET sfip_set_ip(sfip_t *dst, sfip_t *src);
|
||||
#define sfip_set_ip(dst, src) *(dst) = *(src)
|
||||
|
||||
/* Obfuscates an IP */
|
||||
void sfip_obfuscate(sfip_t *ob, sfip_t *ip);
|
||||
|
||||
/* return required size (eg for hashing)
|
||||
* requires that address bytes be the last field in sfip_t */
|
||||
static INLINE unsigned int sfip_size(sfip_t* ipt)
|
||||
{
|
||||
if ( ipt->family == AF_INET6 ) return sizeof(*ipt);
|
||||
return (unsigned int)((ipt->ip.u6_addr8+4) - (u_int8_t*)ipt);
|
||||
}
|
||||
void sfip_obfuscate(sfcidr_t *ob, sfaddr_t *ip);
|
||||
|
||||
/* Member-access *******************************************************/
|
||||
|
||||
#define sfip_get_ip4_value(x) ((x)->ip32[3])
|
||||
#define sfaddr_get_ip4_value(x) ((x)->ia32[3])
|
||||
|
||||
#define sfip_get_ip4_ptr(x) (&(x)->ip32[3])
|
||||
#define sfip_get_ip6_ptr(x) ((x)->ip32)
|
||||
#define sfip_get_ptr(x) (((x)->ip_family == AF_INET) ? &(x)->ip32[3] : (x)->ip32)
|
||||
|
||||
#define sfaddr_get_ip4_ptr(x) (&(x)->ia32[3])
|
||||
#define sfaddr_get_ip6_ptr(x) ((x)->ia32)
|
||||
#define sfaddr_get_ptr(x) (((x)->family == AF_INET) ? &(x)->ia32[3] : (x)->ia32)
|
||||
|
||||
/* Returns the family of "ip", either AF_INET or AF_INET6 */
|
||||
/* XXX This is a performance critical function,
|
||||
* need to determine if it's safe to not check these pointers */
|
||||
/* ARG_CHECK1(ip, 0); */
|
||||
#define sfip_family(ip) ip->family
|
||||
/* ARG_CHECK1(ip, 0); */
|
||||
#define sfaddr_family(x) ((x)->family)
|
||||
#define sfip_family(x) ((x)->ip_family)
|
||||
|
||||
/* Returns the number of bits used for masking "ip" */
|
||||
static INLINE unsigned char sfip_bits(sfip_t *ip) {
|
||||
static inline unsigned char sfip_bits(const sfcidr_t *ip) {
|
||||
ARG_CHECK1(ip, 0);
|
||||
return (unsigned char)ip->bits;
|
||||
}
|
||||
}
|
||||
|
||||
static INLINE void sfip_set_bits(sfip_t *p, int bits) {
|
||||
static inline void sfip_set_bits(sfcidr_t *p, int bits) {
|
||||
|
||||
if(!p)
|
||||
return;
|
||||
|
@ -175,36 +256,52 @@ static INLINE void sfip_set_bits(sfip_t *p, int bits) {
|
|||
}
|
||||
|
||||
/* Returns the raw IP address as an in6_addr */
|
||||
/* inline struct in6_addr sfip_to_raw(sfip_t *); */
|
||||
/*inline struct in6_addr sfip_to_raw(sfcidr_t *); */
|
||||
|
||||
|
||||
|
||||
/* IP Comparisons ******************************************************/
|
||||
|
||||
/* Check if ip is contained within the network specified by net */
|
||||
/* Check if ip is contained within the network specified by net */
|
||||
/* Returns SFIP_EQUAL if so */
|
||||
SFIP_RET sfip_contains(sfip_t *net, sfip_t *ip);
|
||||
SFIP_RET sfip_contains(const sfcidr_t *net, const sfaddr_t *ip);
|
||||
|
||||
/* Returns 1 if the IP is non-zero. 0 otherwise */
|
||||
/* XXX This is a performance critical function, \
|
||||
* need to determine if it's safe to not check these pointers */\
|
||||
static INLINE int sfip_is_set(sfip_t *ip) {
|
||||
/* ARG_CHECK1(ip, -1); */
|
||||
return ip->ip32[0] ||
|
||||
( (ip->family == AF_INET6) &&
|
||||
(ip->ip32[1] ||
|
||||
ip->ip32[2] ||
|
||||
ip->ip32[3] || ip->bits != 128)) || ((ip->family == AF_INET) && ip->bits != 32) ;
|
||||
static inline int sfraw_is_set(const struct in6_addr *addr) {
|
||||
/* ARG_CHECK1(ip, -1); */
|
||||
return (addr->s6_addr32[3] || addr->s6_addr32[0] || addr->s6_addr32[1] || addr->s6_addr16[4] ||
|
||||
(addr->s6_addr16[5] && addr->s6_addr16[5] != 0xFFFF)) ? 1 : 0;
|
||||
}
|
||||
|
||||
static inline int sfaddr_is_set(const sfaddr_t *addr) {
|
||||
/* ARG_CHECK1(ip, -1); */
|
||||
return ((addr->family == AF_INET && addr->ia32[3]) ||
|
||||
(addr->family == AF_INET6 &&
|
||||
(addr->ia32[0] || addr->ia32[1] || addr->ia32[3] || addr->ia16[4] ||
|
||||
(addr->ia16[5] && addr->ia16[5] != 0xFFFF)))) ? 1 : 0;
|
||||
}
|
||||
|
||||
static inline int sfip_is_set(const sfcidr_t *ip) {
|
||||
/* ARG_CHECK1(ip, -1); */
|
||||
return (sfaddr_is_set(&ip->addr) ||
|
||||
((ip->ip_family == AF_INET || ip->ip_family == AF_INET6) &&
|
||||
ip->bits != 128)) ? 1 : 0;
|
||||
}
|
||||
|
||||
/* Return 1 if the IP is a loopback IP */
|
||||
int sfip_is_loopback(sfip_t *ip);
|
||||
int sfip_is_loopback(const sfaddr_t *ip);
|
||||
|
||||
/* Returns 1 if the IPv6 address appears mapped. 0 otherwise. */
|
||||
int sfip_ismapped(sfip_t *ip);
|
||||
static inline int sfip_ismapped(const sfaddr_t *ip) {
|
||||
ARG_CHECK1(ip, 0);
|
||||
|
||||
return (ip->ia32[0] || ip->ia32[1] || ip->ia16[4] || (ip->ia16[5] != 0xffff && ip->ia16[5])) ? 0 : 1;
|
||||
}
|
||||
|
||||
/* Support function for sfip_compare */
|
||||
static INLINE SFIP_RET _ip4_cmp(u_int32_t ip1, u_int32_t ip2) {
|
||||
static inline SFIP_RET _ip4_cmp(u_int32_t ip1, u_int32_t ip2) {
|
||||
u_int32_t hip1 = htonl(ip1);
|
||||
u_int32_t hip2 = htonl(ip2);
|
||||
if(hip1 < hip2) return SFIP_LESSER;
|
||||
|
@ -213,18 +310,18 @@ static INLINE SFIP_RET _ip4_cmp(u_int32_t ip1, u_int32_t ip2) {
|
|||
}
|
||||
|
||||
/* Support function for sfip_compare */
|
||||
static INLINE SFIP_RET _ip6_cmp(sfip_t *ip1, sfip_t *ip2) {
|
||||
static inline SFIP_RET _ip6_cmp(const sfaddr_t *ip1, const sfaddr_t *ip2) {
|
||||
SFIP_RET ret;
|
||||
u_int32_t *p1, *p2;
|
||||
const uint32_t *p1, *p2;
|
||||
|
||||
/* XXX
|
||||
* Argument are assumed trusted!
|
||||
* This function is presently only called by sfip_compare
|
||||
* This function is presently only called by sfip_compare
|
||||
* on validated pointers.
|
||||
* XXX */
|
||||
|
||||
p1 = ip1->ip32;
|
||||
p2 = ip2->ip32;
|
||||
p1 = sfaddr_get_ip6_ptr(ip1);
|
||||
p2 = sfaddr_get_ip6_ptr(ip2);
|
||||
|
||||
if( (ret = _ip4_cmp(p1[0], p2[0])) != SFIP_EQUAL) return ret;
|
||||
if( (ret = _ip4_cmp(p1[1], p2[1])) != SFIP_EQUAL) return ret;
|
||||
|
@ -234,12 +331,12 @@ static INLINE SFIP_RET _ip6_cmp(sfip_t *ip1, sfip_t *ip2) {
|
|||
return ret;
|
||||
}
|
||||
|
||||
/* Compares two IPs
|
||||
* Returns SFIP_LESSER, SFIP_EQUAL, SFIP_GREATER, if ip1 is less than, equal to,
|
||||
* or greater than ip2 In the case of mismatched families, the IPv4 address
|
||||
/* Compares two IPs
|
||||
* Returns SFIP_LESSER, SFIP_EQUAL, SFIP_GREATER, if ip1 is less than, equal to,
|
||||
* or greater than ip2 In the case of mismatched families, the IPv4 address
|
||||
* is converted to an IPv6 representation. */
|
||||
/* XXX-IPv6 Should add version of sfip_compare that just tests equality */
|
||||
static INLINE SFIP_RET sfip_compare(sfip_t *ip1, sfip_t *ip2) {
|
||||
static inline SFIP_RET sfip_compare(const sfaddr_t *ip1, const sfaddr_t *ip2) {
|
||||
int f1,f2;
|
||||
|
||||
ARG_CHECK2(ip1, ip2, SFIP_ARG_ERR);
|
||||
|
@ -247,40 +344,23 @@ static INLINE SFIP_RET sfip_compare(sfip_t *ip1, sfip_t *ip2) {
|
|||
/* This is being done because at some points in the existing Snort code,
|
||||
* an unset IP is considered to match anything. Thus, if either IP is not
|
||||
* set here, it's considered equal. */
|
||||
if(!sfip_is_set(ip1) || !sfip_is_set(ip2)) return SFIP_EQUAL;
|
||||
if(!sfaddr_is_set(ip1) || !sfaddr_is_set(ip2)) return SFIP_EQUAL;
|
||||
|
||||
f1 = sfip_family(ip1);
|
||||
f2 = sfip_family(ip2);
|
||||
f1 = sfaddr_family(ip1);
|
||||
f2 = sfaddr_family(ip2);
|
||||
|
||||
if(f1 == AF_INET && f2 == AF_INET) {
|
||||
return _ip4_cmp(*ip1->ip32, *ip2->ip32);
|
||||
}
|
||||
/* Mixed families not presently supported */
|
||||
#if 0
|
||||
else if(f1 == AF_INET && f2 == AF_INET6) {
|
||||
conv = sfip_4to6(ip1);
|
||||
return _ip6_cmp(&conv, ip2);
|
||||
} else if(f1 == AF_INET6 && f2 == AF_INET) {
|
||||
conv = sfip_4to6(ip2);
|
||||
return _ip6_cmp(ip1, &conv);
|
||||
}
|
||||
else {
|
||||
return _ip6_cmp(ip1, ip2);
|
||||
return _ip4_cmp(sfaddr_get_ip4_value(ip1), sfaddr_get_ip4_value(ip2));
|
||||
}
|
||||
#endif
|
||||
else if(f1 == AF_INET6 && f2 == AF_INET6) {
|
||||
return _ip6_cmp(ip1, ip2);
|
||||
}
|
||||
|
||||
return SFIP_FAILURE;
|
||||
return _ip6_cmp(ip1, ip2);
|
||||
}
|
||||
|
||||
/* Compares two IPs
|
||||
* Returns SFIP_LESSER, SFIP_EQUAL, SFIP_GREATER, if ip1 is less than, equal to,
|
||||
* or greater than ip2 In the case of mismatched families, the IPv4 address
|
||||
/* Compares two IPs
|
||||
* Returns SFIP_LESSER, SFIP_EQUAL, SFIP_GREATER, if ip1 is less than, equal to,
|
||||
* or greater than ip2 In the case of mismatched families, the IPv4 address
|
||||
* is converted to an IPv6 representation. */
|
||||
/* XXX-IPv6 Should add version of sfip_compare that just tests equality */
|
||||
static INLINE SFIP_RET sfip_compare_unset(sfip_t *ip1, sfip_t *ip2) {
|
||||
static inline SFIP_RET sfip_compare_unset(const sfaddr_t *ip1, const sfaddr_t *ip2) {
|
||||
int f1,f2;
|
||||
|
||||
ARG_CHECK2(ip1, ip2, SFIP_ARG_ERR);
|
||||
|
@ -289,49 +369,32 @@ static INLINE SFIP_RET sfip_compare_unset(sfip_t *ip1, sfip_t *ip2) {
|
|||
* unset is considered to match nothing. This is the opposite of
|
||||
* sfip_compare(), defined above. Thus, if either IP is not
|
||||
* set here, it's considered not equal. */
|
||||
if(!sfip_is_set(ip1) || !sfip_is_set(ip2)) return SFIP_FAILURE;
|
||||
if(!sfaddr_is_set(ip1) || !sfaddr_is_set(ip2)) return SFIP_FAILURE;
|
||||
|
||||
f1 = sfip_family(ip1);
|
||||
f2 = sfip_family(ip2);
|
||||
f1 = sfaddr_family(ip1);
|
||||
f2 = sfaddr_family(ip2);
|
||||
|
||||
if(f1 == AF_INET && f2 == AF_INET) {
|
||||
return _ip4_cmp(*ip1->ip32, *ip2->ip32);
|
||||
}
|
||||
/* Mixed families not presently supported */
|
||||
#if 0
|
||||
else if(f1 == AF_INET && f2 == AF_INET6) {
|
||||
conv = sfip_4to6(ip1);
|
||||
return _ip6_cmp(&conv, ip2);
|
||||
} else if(f1 == AF_INET6 && f2 == AF_INET) {
|
||||
conv = sfip_4to6(ip2);
|
||||
return _ip6_cmp(ip1, &conv);
|
||||
}
|
||||
else {
|
||||
return _ip6_cmp(ip1, ip2);
|
||||
return _ip4_cmp(sfaddr_get_ip4_value(ip1), sfaddr_get_ip4_value(ip2));
|
||||
}
|
||||
#endif
|
||||
else if(f1 == AF_INET6 && f2 == AF_INET6) {
|
||||
return _ip6_cmp(ip1, ip2);
|
||||
}
|
||||
|
||||
return SFIP_FAILURE;
|
||||
return _ip6_cmp(ip1, ip2);
|
||||
}
|
||||
|
||||
static INLINE int sfip_fast_lt4(sfip_t *ip1, sfip_t *ip2) {
|
||||
return *ip1->ip32 < *ip2->ip32;
|
||||
static inline int sfip_fast_lt4(const sfaddr_t *ip1, const sfaddr_t *ip2) {
|
||||
return sfaddr_get_ip4_value(ip1) < sfaddr_get_ip4_value(ip2);
|
||||
}
|
||||
static INLINE int sfip_fast_gt4(sfip_t *ip1, sfip_t *ip2) {
|
||||
return *ip1->ip32 > *ip2->ip32;
|
||||
static inline int sfip_fast_gt4(const sfaddr_t *ip1, const sfaddr_t *ip2) {
|
||||
return sfaddr_get_ip4_value(ip1) > sfaddr_get_ip4_value(ip2);
|
||||
}
|
||||
static INLINE int sfip_fast_eq4(sfip_t *ip1, sfip_t *ip2) {
|
||||
return *ip1->ip32 == *ip2->ip32;
|
||||
static inline int sfip_fast_eq4(const sfaddr_t *ip1, const sfaddr_t *ip2) {
|
||||
return sfaddr_get_ip4_value(ip1) == sfaddr_get_ip4_value(ip2);
|
||||
}
|
||||
|
||||
static INLINE int sfip_fast_lt6(sfip_t *ip1, sfip_t *ip2) {
|
||||
u_int32_t *p1, *p2;
|
||||
static inline int sfip_fast_lt6(const sfaddr_t *ip1, const sfaddr_t *ip2) {
|
||||
const uint32_t *p1, *p2;
|
||||
|
||||
p1 = ip1->ip32;
|
||||
p2 = ip2->ip32;
|
||||
p1 = sfaddr_get_ip6_ptr(ip1);
|
||||
p2 = sfaddr_get_ip6_ptr(ip2);
|
||||
|
||||
if(*p1 < *p2) return 1;
|
||||
else if(*p1 > *p2) return 0;
|
||||
|
@ -348,11 +411,11 @@ static INLINE int sfip_fast_lt6(sfip_t *ip1, sfip_t *ip2) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static INLINE int sfip_fast_gt6(sfip_t *ip1, sfip_t *ip2) {
|
||||
u_int32_t *p1, *p2;
|
||||
static inline int sfip_fast_gt6(const sfaddr_t *ip1, const sfaddr_t *ip2) {
|
||||
const uint32_t *p1, *p2;
|
||||
|
||||
p1 = ip1->ip32;
|
||||
p2 = ip2->ip32;
|
||||
p1 = sfaddr_get_ip6_ptr(ip1);
|
||||
p2 = sfaddr_get_ip6_ptr(ip2);
|
||||
|
||||
if(*p1 > *p2) return 1;
|
||||
else if(*p1 < *p2) return 0;
|
||||
|
@ -369,11 +432,11 @@ static INLINE int sfip_fast_gt6(sfip_t *ip1, sfip_t *ip2) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static INLINE int sfip_fast_eq6(sfip_t *ip1, sfip_t *ip2) {
|
||||
u_int32_t *p1, *p2;
|
||||
static inline int sfip_fast_eq6(const sfaddr_t *ip1, const sfaddr_t *ip2) {
|
||||
const uint32_t *p1, *p2;
|
||||
|
||||
p1 = ip1->ip32;
|
||||
p2 = ip2->ip32;
|
||||
p1 = sfaddr_get_ip6_ptr(ip1);
|
||||
p2 = sfaddr_get_ip6_ptr(ip2);
|
||||
|
||||
if(*p1 != *p2) return 0;
|
||||
if(p1[1] != p2[1]) return 0;
|
||||
|
@ -384,31 +447,35 @@ static INLINE int sfip_fast_eq6(sfip_t *ip1, sfip_t *ip2) {
|
|||
}
|
||||
|
||||
/* Checks if ip2 is equal to ip1 or contained within the CIDR ip1 */
|
||||
static INLINE int sfip_fast_cont4(sfip_t *ip1, sfip_t *ip2) {
|
||||
u_int32_t shift = 32 - sfip_bits(ip1);
|
||||
u_int32_t ip = ntohl(*ip2->ip32);
|
||||
static inline int sfip_fast_cont4(const sfcidr_t *ip1, const sfaddr_t *ip2) {
|
||||
uint32_t shift = 128 - sfip_bits(ip1);
|
||||
uint32_t ip = ntohl(sfaddr_get_ip4_value(ip2));
|
||||
uint32_t ip3 = ntohl(sfip_get_ip4_value(ip1));
|
||||
|
||||
ip >>= shift;
|
||||
ip <<= shift;
|
||||
|
||||
return ntohl(*ip1->ip32) == ip;
|
||||
if(ip3 == 0)
|
||||
return 1;
|
||||
|
||||
return (ip3 == ip);
|
||||
}
|
||||
|
||||
/* Checks if ip2 is equal to ip1 or contained within the CIDR ip1 */
|
||||
static INLINE int sfip_fast_cont6(sfip_t *ip1, sfip_t *ip2) {
|
||||
u_int32_t ip;
|
||||
static inline int sfip_fast_cont6(const sfcidr_t *ip1, const sfaddr_t *ip2) {
|
||||
uint32_t ip;
|
||||
int i, bits = sfip_bits(ip1);
|
||||
int words = bits / 32;
|
||||
bits = 32 - (bits % 32);
|
||||
|
||||
for ( i = 0; i < words; i++ ) {
|
||||
if ( ip1->ip32[i] != ip2->ip32[i] )
|
||||
if ( ip1->ip32[i] != ip2->ia32[i] )
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ( bits == 32 ) return 1;
|
||||
|
||||
ip = ntohl(ip2->ip32[i]);
|
||||
ip = ntohl(ip2->ia32[i]);
|
||||
|
||||
ip >>= bits;
|
||||
ip <<= bits;
|
||||
|
@ -416,6 +483,89 @@ static INLINE int sfip_fast_cont6(sfip_t *ip1, sfip_t *ip2) {
|
|||
return ntohl(ip1->ip32[i]) == ip;
|
||||
}
|
||||
|
||||
/* Compares two IPs
|
||||
* Returns 1 for equal and 0 for not equal
|
||||
*/
|
||||
static inline int sfip_fast_equals_raw(const sfaddr_t *ip1, const sfaddr_t *ip2)
|
||||
{
|
||||
int f1,f2;
|
||||
|
||||
ARG_CHECK2(ip1, ip2, 0);
|
||||
|
||||
f1 = sfaddr_family(ip1);
|
||||
f2 = sfaddr_family(ip2);
|
||||
|
||||
if(f1 == AF_INET)
|
||||
{
|
||||
if(f2 != AF_INET)
|
||||
return 0;
|
||||
if (sfip_fast_eq4(ip1, ip2))
|
||||
return 1;
|
||||
}
|
||||
else if(f1 == AF_INET6)
|
||||
{
|
||||
if(f2 != AF_INET6)
|
||||
return 0;
|
||||
if (sfip_fast_eq6(ip1, ip2))
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
* Function: sfip_is_private()
|
||||
*
|
||||
* Checks if the address is local
|
||||
*
|
||||
* Arguments:
|
||||
* sfcidr_t * - IP address to check
|
||||
*
|
||||
* Returns:
|
||||
* 1 if the IP is in local network
|
||||
* 0 otherwise
|
||||
*
|
||||
********************************************************************/
|
||||
static inline int sfip_is_private(const sfaddr_t *ip)
|
||||
{
|
||||
ARG_CHECK1(ip, 0);
|
||||
|
||||
/* Check the first 80 bits in an IPv6 address, and */
|
||||
/* verify they're zero. If not, it's not a loopback */
|
||||
if(ip->ia32[0] || ip->ia32[1] || ip->ia16[4]) return 0;
|
||||
|
||||
if ( ip->ia16[5] == 0xffff ) {
|
||||
/* ::ffff: IPv4 mapped over IPv6 */
|
||||
/*
|
||||
* 10.0.0.0 - 10.255.255.255 (10/8 prefix)
|
||||
* 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
|
||||
* 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
|
||||
* */
|
||||
return ( (ip->ia8[12] == 10)
|
||||
||((ip->ia8[12] == 172) && ((ip->ia8[13] & 0xf0 ) == 16))
|
||||
||((ip->ia8[12] == 192) && (ip->ia8[13] == 168)) );
|
||||
}
|
||||
|
||||
/* Check if the 3rd 32-bit int is zero */
|
||||
if ( !ip->ia16[5] ) {
|
||||
/* ::ipv4 compatible ipv6 */
|
||||
/* ::1 is the IPv6 loopback */
|
||||
return ( (ip->ia8[12] == 10)
|
||||
||((ip->ia8[12] == 172) && ((ip->ia8[13] & 0xf0 ) == 16))
|
||||
||((ip->ia8[12] == 192) && (ip->ia8[13] == 168))
|
||||
|| (ip->ia32[3] == htonl(0x1)) );
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline void sfaddr_copy_to_raw(struct in6_addr *dst, const sfaddr_t *src)
|
||||
{
|
||||
dst->s6_addr32[0] = src->ia32[0];
|
||||
dst->s6_addr32[1] = src->ia32[1];
|
||||
dst->s6_addr32[2] = src->ia32[2];
|
||||
dst->s6_addr32[3] = src->ia32[3];
|
||||
}
|
||||
|
||||
#define sfip_equals(x,y) (sfip_compare(&x, &y) == SFIP_EQUAL)
|
||||
#define sfip_not_equals !sfip_equals
|
||||
#define sfip_clear(x) memset(x, 0, 16)
|
||||
|
@ -423,9 +573,14 @@ static INLINE int sfip_fast_cont6(sfip_t *ip1, sfip_t *ip2) {
|
|||
/* Printing ************************************************************/
|
||||
|
||||
/* Uses a static buffer to return a string representation of the IP */
|
||||
char *sfip_to_str(const sfip_t *ip);
|
||||
char *sfip_to_str(const sfaddr_t *ip);
|
||||
#define sfip_ntoa(x) sfip_to_str(x)
|
||||
void sfip_raw_ntop(int family, const void *ip_raw, char *buf, int bufsize);
|
||||
void sfip_ntop(const sfaddr_t *ip, char *buf, int bufsize);
|
||||
|
||||
#endif /* SF_IP_H */
|
||||
/* Conversions *********************************************************/
|
||||
|
||||
SFIP_RET sfip_convert_ip_text_to_binary( const int, const char *src, void *dst );
|
||||
|
||||
#endif /* SF_IP_H */
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
** Copyright (C) 1998-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 1998-2013 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,7 +15,7 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -34,47 +35,45 @@
|
|||
#include <stdio.h>
|
||||
#include "sf_ip.h"
|
||||
|
||||
/* Selects which mode a given variable is using to
|
||||
/* Selects which mode a given variable is using to
|
||||
* store and lookup IP addresses */
|
||||
typedef enum _modes {
|
||||
SFIP_LIST,
|
||||
SFIP_TABLE
|
||||
} MODES;
|
||||
|
||||
/* Used by the "list" mode. A doubly linked list of sfip_t objects. */
|
||||
/* Used by the "list" mode. A doubly linked list of sfcidr_t objects. */
|
||||
typedef struct _ip_node {
|
||||
sfip_t *ip;
|
||||
#ifdef SUP_IP6
|
||||
#define ip_addr ip; /* To ease porting Snort */
|
||||
#endif
|
||||
sfcidr_t *ip;
|
||||
struct _ip_node *next;
|
||||
int flags;
|
||||
/* XXX */
|
||||
// XXX
|
||||
int addr_flags; /* Flags used exlusively by Snort */
|
||||
/* Keeping these variables seperate keeps
|
||||
/* Keeping these variables seperate keeps
|
||||
* this from stepping on Snort's toes. */
|
||||
/* Should merge them later */
|
||||
} sfip_node_t;
|
||||
|
||||
/* An IP variable onkect */
|
||||
typedef struct _var_t {
|
||||
/* Selects whether or not to use the list, the table,
|
||||
/* Selects whether or not to use the list, the table,
|
||||
* or any other method added later */
|
||||
MODES mode;
|
||||
|
||||
|
||||
/* Linked lists. Switch to something faster later */
|
||||
sfip_node_t *head;
|
||||
sfip_node_t *neg_head;
|
||||
|
||||
/* The mode above will select whether to use the sfip_node_t linked list
|
||||
* or the IP routing table */
|
||||
/* sfrt rt; */
|
||||
|
||||
// sfrt rt;
|
||||
|
||||
/* Linked list of IP variables for the variable table */
|
||||
struct _var_t *next;
|
||||
|
||||
uint32_t id;
|
||||
char *name;
|
||||
char *value;
|
||||
} sfip_var_t;
|
||||
|
||||
/* A variable table for storing and looking up variables */
|
||||
|
@ -110,7 +109,7 @@ sfip_node_t *sfipnode_alloc(char *str, SFIP_RET *status);
|
|||
SFIP_RET sfvar_add(sfip_var_t *dst, sfip_var_t *src);
|
||||
|
||||
/* Adds the nodes in 'src' to the variable 'dst' */
|
||||
/* The mismatch of types is for ease-of-supporting Snort4 and
|
||||
/* The mismatch of types is for ease-of-supporting Snort4 and
|
||||
* Snort6 simultaneously */
|
||||
SFIP_RET sfvar_add_node(sfip_var_t *dst, sfip_node_t *src, int negated);
|
||||
|
||||
|
@ -125,12 +124,14 @@ void sfvar_free(sfip_var_t *var);
|
|||
|
||||
/* Returns non-zero if ip is contained in 'var', 0 otherwise */
|
||||
/* If either argument is NULL, 0 is returned. */
|
||||
int sfvar_ip_in(sfip_var_t *var, sfip_t *ip);
|
||||
int sfvar_ip_in(sfip_var_t *var, sfaddr_t *ip);
|
||||
|
||||
/* Prints the variable "var" to the file descriptor 'f' */
|
||||
void sfvar_print(FILE *f, sfip_var_t *var);
|
||||
void sfvar_print(const char *prefix, sfip_var_t *var);
|
||||
void sfip_set_print(const char *prefix, sfip_node_t *head);
|
||||
|
||||
void sfip_set_print(FILE *f, sfip_node_t *head);
|
||||
void sfvar_print_to_file(FILE *f, sfip_var_t *var);
|
||||
void sfip_set_print_to_file(FILE *f, sfip_node_t *head);
|
||||
|
||||
/* Returns the node's flags */
|
||||
int sfvar_flags(sfip_node_t *node);
|
||||
|
|
|
@ -0,0 +1,112 @@
|
|||
/* $Id$ */
|
||||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
* published by the Free Software Foundation. You may not use, modify or
|
||||
* distribute this program under any other version of the GNU General
|
||||
* Public License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
#ifndef __SF_PROTOCOLS_H__
|
||||
#define __SF_PROTOCOLS_H__
|
||||
|
||||
typedef uint8_t IpProto;
|
||||
|
||||
typedef enum {
|
||||
PROTO_ETH, /* DecodeEthPkt */
|
||||
PROTO_FPATH, /* FabricPath - handled by DecodeEthPkt */
|
||||
PROTO_CISCO_META, /* Cisco Metadata - handled by DecodeEthPkt */
|
||||
|
||||
PROTO_IP4, /* DecodeIP */
|
||||
/* DecodeIPOptions - handled with IP4 */
|
||||
PROTO_ICMP4, /* DecodeICMP */
|
||||
PROTO_ICMP_IP4, /* DecodeICMPEmbeddedIP */
|
||||
|
||||
PROTO_UDP, /* DecodeUDP */
|
||||
PROTO_TCP, /* DecodeTCP */
|
||||
/* DecodeTCPOptions - handled with TCP */
|
||||
|
||||
PROTO_IP6, /* DecodeIPV6 */
|
||||
/* DecodeIPV6Extensions - nothing to do here, calls below */
|
||||
PROTO_IP6_HOP_OPTS, /* DecodeIPV6Options - ip6 hop, dst, rte, and frag exts */
|
||||
PROTO_IP6_DST_OPTS,
|
||||
PROTO_ICMP6, /* DecodeICMP6 */
|
||||
PROTO_ICMP_IP6, /* DecodeICMPEmbeddedIP6 */
|
||||
PROTO_VLAN, /* DecodeVlan */
|
||||
#ifdef GRE
|
||||
PROTO_GRE, /* DecodeGRE */
|
||||
/* DecodeTransBridging - basically same as DecodeEthPkt */
|
||||
PROTO_ERSPAN, /* DecodeERSPANType2 and DecodeERSPANType3 */
|
||||
#endif
|
||||
PROTO_PPPOE, /* DecodePPPoEPkt */
|
||||
PROTO_PPP_ENCAP, /* DecodePppPktEncapsulated */
|
||||
PROTO_MPLS, /* DecodeMPLS - decoder changes pkth len/caplen! */
|
||||
/* DecodeEthOverMPLS - basically same as straight eth */
|
||||
PROTO_ARP, /* DecodeARP */
|
||||
PROTO_GTP, /* DecodeGTP */
|
||||
PROTO_AH, /* DecodeAH - Authentication Header (IPSec stuff) */
|
||||
|
||||
#ifndef NO_NON_ETHER_DECODER
|
||||
PROTO_TR, /* DecodeTRPkt */
|
||||
PROTO_FDDI, /* DecodeFDDIPkt */
|
||||
PROTO_LSLL, /* DecodeLinuxSLLPkt sockaddr_ll for "any" device and */
|
||||
/* certain misbehaving link layer encapsulations */
|
||||
PROTO_80211, /* DecodeIEEE80211Pkt */
|
||||
PROTO_SLIP, /* DecodeSlipPkt - actually, based on header size, this */
|
||||
/* must be CSLIP (TCP/IP header compression) but all it */
|
||||
/* does is skip over the presumed header w/o expanding */
|
||||
/* and then jumps into IP4 decoding only; also, the actual */
|
||||
/* esc/end sequences must already have been removed because */
|
||||
/* there is no attempt to do that. */
|
||||
PROTO_L2I4, /* DecodeI4LRawIPPkt - always skips 2 bytes and then does */
|
||||
/* IP4 decoding only */
|
||||
PROTO_L2I4C, /* DecodeI4LCiscoIPPkt -always skips 4 bytes and then does */
|
||||
/* IP4 decoding only */
|
||||
PROTO_CHDLC, /* DecodeChdlcPkt - skips 4 bytes and decodes IP4 only. */
|
||||
PROTO_PFLOG, /* DecodePflog */
|
||||
PROTO_OLD_PFLOG, /* DecodeOldPflog */
|
||||
PROTO_PPP, /* DecodePppPkt - weird - optionally skips addr and cntl */
|
||||
/* bytes; what about flag and protocol? */
|
||||
/* calls only DecodePppPktEncapsulated. */
|
||||
PROTO_PPP_SERIAL, /* DecodePppSerialPkt - also weird - requires addr, cntl, */
|
||||
/* and proto (no flag) but optionally skips only 2 bytes */
|
||||
/* (presumably the trailer w/chksum is already stripped) */
|
||||
/* Calls either DecodePppPktEncapsulated or DecodeChdlcPkt. */
|
||||
PROTO_ENC, /* DecodeEncPkt - skips 12 bytes and decodes IP4 only. */
|
||||
/* (add family + "spi" + "flags" - don't know what this is) */
|
||||
PROTO_EAP, /* DecodeEAP */
|
||||
PROTO_EAPOL, /* DecodeEapol - leaf decoder */
|
||||
PROTO_EAPOL_KEY, /* DecodeEapolKey - leaf decoder */
|
||||
#endif /* NO_NON_ETHER_DECODER */
|
||||
|
||||
PROTO_MAX
|
||||
} PROTO_ID;
|
||||
|
||||
/* DecodeIPX - just counts; no decoding */
|
||||
/* DecodeEthLoopback - same as ipx */
|
||||
/* DecodeRawPkt - jumps straight into IP4 decoding */
|
||||
/* there is nothing to do */
|
||||
/* DecodeNullPkt - same as DecodeRawPkt */
|
||||
|
||||
typedef struct {
|
||||
PROTO_ID proto;
|
||||
uint16_t length;
|
||||
uint8_t* start;
|
||||
} Layer;
|
||||
|
||||
#endif /* __PROTOCOLS_H__ */
|
||||
|
|
@ -14,9 +14,10 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
* Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
* Author: Steve Sturges
|
||||
* Andy Mullican
|
||||
|
@ -30,10 +31,6 @@
|
|||
#ifndef _SF_SNORT_PACKET_H_
|
||||
#define _SF_SNORT_PACKET_H_
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#ifndef WIN32
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in.h>
|
||||
|
@ -42,27 +39,64 @@
|
|||
#include <windows.h>
|
||||
#endif
|
||||
|
||||
#include <daq.h>
|
||||
#include <sfbpf_dlt.h>
|
||||
|
||||
#include "sf_ip.h"
|
||||
#include "sf_protocols.h"
|
||||
#include "preprocids.h"
|
||||
|
||||
#define VLAN_HDR_LEN 4
|
||||
|
||||
/* for vrt backwards compatibility */
|
||||
#define pcap_header pkt_header
|
||||
|
||||
typedef int (*LogFunction)(void *ssnptr, uint8_t **buf, uint32_t *len, uint32_t *type);
|
||||
|
||||
typedef DAQ_PktHdr_t SFDAQ_PktHdr_t;
|
||||
|
||||
#define VTH_PRIORITY(vh) ((ntohs((vh)->vth_pri_cfi_vlan) & 0xe000) >> 13)
|
||||
#define VTH_CFI(vh) ((ntohs((vh)->vth_pri_cfi_vlan) & 0x1000) >> 12)
|
||||
#define VTH_VLAN(vh) ((uint16_t)(ntohs((vh)->vth_pri_cfi_vlan) & 0x0FFF))
|
||||
|
||||
typedef struct _VlanHeader
|
||||
{
|
||||
u_int16_t vth_pri_cfi_vlan;
|
||||
u_int16_t vth_proto; /* protocol field... */
|
||||
uint16_t vth_pri_cfi_vlan;
|
||||
uint16_t vth_proto; /* protocol field... */
|
||||
|
||||
} VlanHeader;
|
||||
|
||||
/* #define NO_NON_ETHER_DECODER */
|
||||
/*#define NO_NON_ETHER_DECODER */
|
||||
#define ETHER_HDR_LEN 14
|
||||
#define ETHERNET_TYPE_IP 0x0800
|
||||
#define ETHERNET_TYPE_IPV6 0x86dd
|
||||
#define ETHERNET_TYPE_8021Q 0x8100
|
||||
/*
|
||||
* Cisco MetaData header
|
||||
*/
|
||||
|
||||
typedef struct _CiscoMetaHdr
|
||||
{
|
||||
uint8_t version; // This must be 1
|
||||
uint8_t length; //This is the header size in bytes / 8
|
||||
} CiscoMetaHdr;
|
||||
|
||||
/*
|
||||
* Cisco MetaData header options
|
||||
*/
|
||||
|
||||
typedef struct _CiscoMetaOpt
|
||||
{
|
||||
uint16_t opt_len_type; /* 3-bit length + 13-bit type. Length of 0 = 4. Type must be 1. */
|
||||
uint16_t sgt; /* Can be any value except 0xFFFF */
|
||||
} CiscoMetaOpt;
|
||||
|
||||
|
||||
typedef struct _EtherHeader
|
||||
{
|
||||
u_int8_t ether_destination[6];
|
||||
u_int8_t ether_source[6];
|
||||
u_int16_t ethernet_type;
|
||||
uint8_t ether_destination[6];
|
||||
uint8_t ether_source[6];
|
||||
uint16_t ethernet_type;
|
||||
|
||||
} EtherHeader;
|
||||
|
||||
|
@ -90,20 +124,21 @@ typedef struct _EtherHeader
|
|||
|
||||
typedef struct _IPV4Header
|
||||
{
|
||||
u_int8_t version_headerlength;
|
||||
u_int8_t type_service;
|
||||
u_int16_t data_length;
|
||||
u_int16_t identifier;
|
||||
u_int16_t offset;
|
||||
u_int8_t time_to_live;
|
||||
u_int8_t proto;
|
||||
u_int16_t checksum;
|
||||
uint8_t version_headerlength;
|
||||
uint8_t type_service;
|
||||
uint16_t data_length;
|
||||
uint16_t identifier;
|
||||
uint16_t offset;
|
||||
uint8_t time_to_live;
|
||||
uint8_t proto;
|
||||
uint16_t checksum;
|
||||
struct in_addr source;
|
||||
struct in_addr destination;
|
||||
} IPV4Header;
|
||||
|
||||
#define MAX_LOG_FUNC 32
|
||||
#define MAX_IP_OPTIONS 40
|
||||
#define MAX_IP6_EXTENSIONS 40
|
||||
|
||||
/* ip option codes */
|
||||
#define IPOPTION_EOL 0x00
|
||||
#define IPOPTION_NOP 0x01
|
||||
|
@ -118,9 +153,9 @@ typedef struct _IPV4Header
|
|||
|
||||
typedef struct _IPOptions
|
||||
{
|
||||
u_int8_t option_code;
|
||||
u_int8_t length;
|
||||
u_int8_t *option_data;
|
||||
uint8_t option_code;
|
||||
uint8_t length;
|
||||
uint8_t *option_data;
|
||||
} IPOptions;
|
||||
|
||||
|
||||
|
@ -128,15 +163,15 @@ typedef struct _IPOptions
|
|||
|
||||
typedef struct _TCPHeader
|
||||
{
|
||||
u_int16_t source_port;
|
||||
u_int16_t destination_port;
|
||||
u_int32_t sequence;
|
||||
u_int32_t acknowledgement;
|
||||
u_int8_t offset_reserved;
|
||||
u_int8_t flags;
|
||||
u_int16_t window;
|
||||
u_int16_t checksum;
|
||||
u_int16_t urgent_pointer;
|
||||
uint16_t source_port;
|
||||
uint16_t destination_port;
|
||||
uint32_t sequence;
|
||||
uint32_t acknowledgement;
|
||||
uint8_t offset_reserved;
|
||||
uint8_t flags;
|
||||
uint16_t window;
|
||||
uint16_t checksum;
|
||||
uint16_t urgent_pointer;
|
||||
} TCPHeader;
|
||||
|
||||
#define TCPHEADER_FIN 0x01
|
||||
|
@ -145,8 +180,8 @@ typedef struct _TCPHeader
|
|||
#define TCPHEADER_PUSH 0x08
|
||||
#define TCPHEADER_ACK 0x10
|
||||
#define TCPHEADER_URG 0x20
|
||||
#define TCPHEADER_RES2 0x40
|
||||
#define TCPHEADER_RES1 0x80
|
||||
#define TCPHEADER_ECE 0x40
|
||||
#define TCPHEADER_CWR 0x80
|
||||
#define TCPHEADER_NORESERVED (TCPHEADER_FIN|TCPHEADER_SYN|TCPHEADER_RST \
|
||||
|TCPHEADER_PUSH|TCPHEADER_ACK|TCPHEADER_URG)
|
||||
|
||||
|
@ -171,28 +206,28 @@ typedef IPOptions TCPOptions;
|
|||
|
||||
typedef struct _UDPHeader
|
||||
{
|
||||
u_int16_t source_port;
|
||||
u_int16_t destination_port;
|
||||
u_int16_t data_length;
|
||||
u_int16_t checksum;
|
||||
uint16_t source_port;
|
||||
uint16_t destination_port;
|
||||
uint16_t data_length;
|
||||
uint16_t checksum;
|
||||
} UDPHeader;
|
||||
|
||||
typedef struct _ICMPSequenceID
|
||||
{
|
||||
u_int16_t id;
|
||||
u_int16_t seq;
|
||||
uint16_t id;
|
||||
uint16_t seq;
|
||||
} ICMPSequenceID;
|
||||
|
||||
typedef struct _ICMPHeader
|
||||
{
|
||||
u_int8_t type;
|
||||
u_int8_t code;
|
||||
u_int16_t checksum;
|
||||
uint8_t type;
|
||||
uint8_t code;
|
||||
uint16_t checksum;
|
||||
|
||||
union
|
||||
{
|
||||
/* type 12 */
|
||||
u_int8_t parameter_problem_ptr;
|
||||
uint8_t parameter_problem_ptr;
|
||||
|
||||
/* type 5 */
|
||||
struct in_addr gateway_addr;
|
||||
|
@ -202,25 +237,25 @@ typedef struct _ICMPHeader
|
|||
|
||||
/* type 13, 14 */
|
||||
ICMPSequenceID timestamp;
|
||||
|
||||
|
||||
/* type 15, 16 */
|
||||
ICMPSequenceID info;
|
||||
|
||||
|
||||
int voidInfo;
|
||||
|
||||
/* type 3/code=4 (Path MTU, RFC 1191) */
|
||||
struct path_mtu
|
||||
{
|
||||
u_int16_t voidInfo;
|
||||
u_int16_t next_mtu;
|
||||
uint16_t voidInfo;
|
||||
uint16_t next_mtu;
|
||||
} path_mtu;
|
||||
|
||||
/* type 9 */
|
||||
struct router_advertisement
|
||||
struct router_advertisement
|
||||
{
|
||||
u_int8_t number_addrs;
|
||||
u_int8_t entry_size;
|
||||
u_int16_t lifetime;
|
||||
uint8_t number_addrs;
|
||||
uint8_t entry_size;
|
||||
uint16_t lifetime;
|
||||
} router_advertisement;
|
||||
} icmp_header_union;
|
||||
|
||||
|
@ -238,32 +273,32 @@ typedef struct _ICMPHeader
|
|||
#define icmp_ra_entry_size icmp_header_union.router_advertisement.entry_size
|
||||
#define icmp_ra_lifetime icmp_header_union.router_advertisement.lifetime
|
||||
|
||||
union
|
||||
union
|
||||
{
|
||||
/* timestamp */
|
||||
struct timestamp
|
||||
struct timestamp
|
||||
{
|
||||
u_int32_t orig;
|
||||
u_int32_t receive;
|
||||
u_int32_t transmit;
|
||||
uint32_t orig;
|
||||
uint32_t receive;
|
||||
uint32_t transmit;
|
||||
} timestamp;
|
||||
|
||||
|
||||
/* IP header for unreach */
|
||||
struct ipv4_header
|
||||
struct ipv4_header
|
||||
{
|
||||
IPV4Header *ip;
|
||||
/* options and then 64 bits of data */
|
||||
} ipv4_header;
|
||||
|
||||
/* Router Advertisement */
|
||||
struct router_address
|
||||
|
||||
/* Router Advertisement */
|
||||
struct router_address
|
||||
{
|
||||
u_int32_t addr;
|
||||
u_int32_t preference;
|
||||
uint32_t addr;
|
||||
uint32_t preference;
|
||||
} router_address;
|
||||
|
||||
/* type 17, 18 */
|
||||
u_int32_t mask;
|
||||
uint32_t mask;
|
||||
|
||||
char data[1];
|
||||
|
||||
|
@ -293,57 +328,80 @@ typedef struct _ICMPHeader
|
|||
#define ICMP_ADDRESS_REQUEST 17 /* Address Mask Request */
|
||||
#define ICMP_ADDRESS_REPLY 18 /* Address Mask Reply */
|
||||
|
||||
#define CHECKSUM_INVALID_IP 0x01
|
||||
#define CHECKSUM_INVALID_TCP 0x02
|
||||
#define CHECKSUM_INVALID_UDP 0x04
|
||||
#define CHECKSUM_INVALID_ICMP 0x08
|
||||
#define CHECKSUM_INVALID_IGMP 0x10
|
||||
#define INVALID_CHECKSUM_IP 0x01
|
||||
#define INVALID_CHECKSUM_TCP 0x02
|
||||
#define INVALID_CHECKSUM_UDP 0x04
|
||||
#define INVALID_CHECKSUM_ICMP 0x08
|
||||
#define INVALID_CHECKSUM_IGMP 0x10
|
||||
#define INVALID_CHECKSUM_ALL 0x1F
|
||||
#define INVALID_TTL 0x20
|
||||
|
||||
typedef struct _IPv6Extension
|
||||
{
|
||||
u_int8_t option_type;
|
||||
const u_int8_t *option_data;
|
||||
uint8_t option_type;
|
||||
const uint8_t *option_data;
|
||||
} IP6Extension;
|
||||
|
||||
typedef struct _IPAddresses
|
||||
{
|
||||
sfaddr_t ip_src; /* source IP */
|
||||
sfaddr_t ip_dst; /* dest IP */
|
||||
} IPAddresses;
|
||||
|
||||
typedef struct _IPv4Hdr
|
||||
{
|
||||
u_int8_t ip_verhl; /* version & header length */
|
||||
u_int8_t ip_tos; /* type of service */
|
||||
u_int16_t ip_len; /* datagram length */
|
||||
u_int16_t ip_id; /* identification */
|
||||
u_int16_t ip_off; /* fragment offset */
|
||||
u_int8_t ip_ttl; /* time to live field */
|
||||
u_int8_t ip_proto; /* datagram protocol */
|
||||
u_int16_t ip_csum; /* checksum */
|
||||
sfip_t ip_src; /* source IP */
|
||||
sfip_t ip_dst; /* dest IP */
|
||||
uint8_t ip_verhl; /* version & header length */
|
||||
uint8_t ip_tos; /* type of service */
|
||||
uint16_t ip_len; /* datagram length */
|
||||
uint16_t ip_id; /* identification */
|
||||
uint16_t ip_off; /* fragment offset */
|
||||
uint8_t ip_ttl; /* time to live field */
|
||||
uint8_t ip_proto; /* datagram protocol */
|
||||
uint16_t ip_csum; /* checksum */
|
||||
IPAddresses* ip_addrs; /* IP addresses*/
|
||||
} IP4Hdr;
|
||||
|
||||
typedef struct _IP6RawHdr
|
||||
{
|
||||
uint32_t vcl; /* version, class, and label */
|
||||
uint16_t payload_len; /* length of the payload */
|
||||
uint8_t next_header; /* same values as ip4 protocol field + new ip6 values */
|
||||
uint8_t hop_limit; /* same usage as ip4 ttl */
|
||||
|
||||
struct in6_addr src_addr;
|
||||
struct in6_addr dst_addr;
|
||||
} IP6RawHdr;
|
||||
|
||||
#define ip6_vcl vcl
|
||||
#define ip6_payload_len payload_len
|
||||
#define ip6_next_header next_header
|
||||
#define ip6_hop_limit hop_limit
|
||||
#define ip6_hops hop_limit
|
||||
|
||||
typedef struct _IPv6Hdr
|
||||
{
|
||||
u_int32_t vcl; /* version, class, and label */
|
||||
u_int16_t len; /* length of the payload */
|
||||
u_int8_t next; /* next header
|
||||
{
|
||||
uint32_t vcl; /* version, class, and label */
|
||||
uint16_t len; /* length of the payload */
|
||||
uint8_t next; /* next header
|
||||
* Uses the same flags as
|
||||
* the IPv4 protocol field */
|
||||
u_int8_t hop_lmt; /* hop limit */
|
||||
sfip_t ip_src;
|
||||
sfip_t ip_dst;
|
||||
} IP6Hdr;
|
||||
uint8_t hop_lmt; /* hop limit */
|
||||
IPAddresses* ip_addrs; /* IP addresses*/
|
||||
} IP6Hdr;
|
||||
|
||||
typedef struct _IP6FragHdr
|
||||
typedef struct _IP6FragHdr
|
||||
{
|
||||
u_int8_t ip6f_nxt; /* next header */
|
||||
u_int8_t ip6f_reserved; /* reserved field */
|
||||
u_int16_t ip6f_offlg; /* offset, reserved, and flag */
|
||||
u_int32_t ip6f_ident; /* identification */
|
||||
uint8_t ip6f_nxt; /* next header */
|
||||
uint8_t ip6f_reserved; /* reserved field */
|
||||
uint16_t ip6f_offlg; /* offset, reserved, and flag */
|
||||
uint32_t ip6f_ident; /* identification */
|
||||
} IP6FragHdr;
|
||||
|
||||
typedef struct _ICMP6
|
||||
{
|
||||
u_int8_t type;
|
||||
u_int8_t code;
|
||||
u_int16_t csum;
|
||||
uint8_t type;
|
||||
uint8_t code;
|
||||
uint16_t csum;
|
||||
|
||||
} ICMP6Hdr;
|
||||
|
||||
|
@ -359,79 +417,44 @@ typedef struct _ICMP6
|
|||
|
||||
struct _SFSnortPacket;
|
||||
|
||||
|
||||
/* IPHeader access calls */
|
||||
sfip_t * ip4_ret_src(struct _SFSnortPacket *);
|
||||
sfip_t * ip4_ret_dst(struct _SFSnortPacket *);
|
||||
u_int16_t ip4_ret_tos(struct _SFSnortPacket *);
|
||||
u_int8_t ip4_ret_ttl(struct _SFSnortPacket *);
|
||||
u_int16_t ip4_ret_len(struct _SFSnortPacket *);
|
||||
u_int32_t ip4_ret_id(struct _SFSnortPacket *);
|
||||
u_int8_t ip4_ret_proto(struct _SFSnortPacket *);
|
||||
u_int16_t ip4_ret_off(struct _SFSnortPacket *);
|
||||
u_int8_t ip4_ret_ver(struct _SFSnortPacket *);
|
||||
u_int8_t ip4_ret_hlen(struct _SFSnortPacket *);
|
||||
|
||||
sfip_t * orig_ip4_ret_src(struct _SFSnortPacket *);
|
||||
sfip_t * orig_ip4_ret_dst(struct _SFSnortPacket *);
|
||||
u_int16_t orig_ip4_ret_tos(struct _SFSnortPacket *);
|
||||
u_int8_t orig_ip4_ret_ttl(struct _SFSnortPacket *);
|
||||
u_int16_t orig_ip4_ret_len(struct _SFSnortPacket *);
|
||||
u_int32_t orig_ip4_ret_id(struct _SFSnortPacket *);
|
||||
u_int8_t orig_ip4_ret_proto(struct _SFSnortPacket *);
|
||||
u_int16_t orig_ip4_ret_off(struct _SFSnortPacket *);
|
||||
u_int8_t orig_ip4_ret_ver(struct _SFSnortPacket *);
|
||||
u_int8_t orig_ip4_ret_hlen(struct _SFSnortPacket *);
|
||||
|
||||
sfip_t * ip6_ret_src(struct _SFSnortPacket *);
|
||||
sfip_t * ip6_ret_dst(struct _SFSnortPacket *);
|
||||
u_int16_t ip6_ret_toc(struct _SFSnortPacket *);
|
||||
u_int8_t ip6_ret_hops(struct _SFSnortPacket *);
|
||||
u_int16_t ip6_ret_len(struct _SFSnortPacket *);
|
||||
u_int32_t ip6_ret_id(struct _SFSnortPacket *);
|
||||
u_int8_t ip6_ret_next(struct _SFSnortPacket *);
|
||||
u_int16_t ip6_ret_off(struct _SFSnortPacket *);
|
||||
u_int8_t ip6_ret_ver(struct _SFSnortPacket *);
|
||||
u_int8_t ip6_ret_hlen(struct _SFSnortPacket *);
|
||||
|
||||
sfip_t * orig_ip6_ret_src(struct _SFSnortPacket *);
|
||||
sfip_t * orig_ip6_ret_dst(struct _SFSnortPacket *);
|
||||
u_int16_t orig_ip6_ret_toc(struct _SFSnortPacket *);
|
||||
u_int8_t orig_ip6_ret_hops(struct _SFSnortPacket *);
|
||||
u_int16_t orig_ip6_ret_len(struct _SFSnortPacket *);
|
||||
u_int32_t orig_ip6_ret_id(struct _SFSnortPacket *);
|
||||
u_int8_t orig_ip6_ret_next(struct _SFSnortPacket *);
|
||||
u_int16_t orig_ip6_ret_off(struct _SFSnortPacket *);
|
||||
u_int8_t orig_ip6_ret_ver(struct _SFSnortPacket *);
|
||||
u_int8_t orig_ip6_ret_hlen(struct _SFSnortPacket *);
|
||||
|
||||
typedef struct _IPH_API
|
||||
typedef struct _IPH_API
|
||||
{
|
||||
sfip_t * (*iph_ret_src)(struct _SFSnortPacket *);
|
||||
sfip_t * (*iph_ret_dst)(struct _SFSnortPacket *);
|
||||
u_int16_t (*iph_ret_tos)(struct _SFSnortPacket *);
|
||||
u_int8_t (*iph_ret_ttl)(struct _SFSnortPacket *);
|
||||
u_int16_t (*iph_ret_len)(struct _SFSnortPacket *);
|
||||
u_int32_t (*iph_ret_id)(struct _SFSnortPacket *);
|
||||
u_int8_t (*iph_ret_proto)(struct _SFSnortPacket *);
|
||||
u_int16_t (*iph_ret_off)(struct _SFSnortPacket *);
|
||||
u_int8_t (*iph_ret_ver)(struct _SFSnortPacket *);
|
||||
u_int8_t (*iph_ret_hlen)(struct _SFSnortPacket *);
|
||||
sfaddr_t * (*iph_ret_src)(const struct _SFSnortPacket *);
|
||||
sfaddr_t * (*iph_ret_dst)(const struct _SFSnortPacket *);
|
||||
uint16_t (*iph_ret_tos)(const struct _SFSnortPacket *);
|
||||
uint8_t (*iph_ret_ttl)(const struct _SFSnortPacket *);
|
||||
uint16_t (*iph_ret_len)(const struct _SFSnortPacket *);
|
||||
uint32_t (*iph_ret_id)(const struct _SFSnortPacket *);
|
||||
uint8_t (*iph_ret_proto)(const struct _SFSnortPacket *);
|
||||
uint16_t (*iph_ret_off)(const struct _SFSnortPacket *);
|
||||
uint8_t (*iph_ret_ver)(const struct _SFSnortPacket *);
|
||||
uint8_t (*iph_ret_hlen)(const struct _SFSnortPacket *);
|
||||
|
||||
sfip_t * (*orig_iph_ret_src)(struct _SFSnortPacket *);
|
||||
sfip_t * (*orig_iph_ret_dst)(struct _SFSnortPacket *);
|
||||
u_int16_t (*orig_iph_ret_tos)(struct _SFSnortPacket *);
|
||||
u_int8_t (*orig_iph_ret_ttl)(struct _SFSnortPacket *);
|
||||
u_int16_t (*orig_iph_ret_len)(struct _SFSnortPacket *);
|
||||
u_int16_t (*orig_iph_ret_id)(struct _SFSnortPacket *);
|
||||
u_int8_t (*orig_iph_ret_proto)(struct _SFSnortPacket *);
|
||||
u_int16_t (*orig_iph_ret_off)(struct _SFSnortPacket *);
|
||||
u_int8_t (*orig_iph_ret_ver)(struct _SFSnortPacket *);
|
||||
u_int8_t (*orig_iph_ret_hlen)(struct _SFSnortPacket *);
|
||||
sfaddr_t * (*orig_iph_ret_src)(const struct _SFSnortPacket *);
|
||||
sfaddr_t * (*orig_iph_ret_dst)(const struct _SFSnortPacket *);
|
||||
uint16_t (*orig_iph_ret_tos)(const struct _SFSnortPacket *);
|
||||
uint8_t (*orig_iph_ret_ttl)(const struct _SFSnortPacket *);
|
||||
uint16_t (*orig_iph_ret_len)(const struct _SFSnortPacket *);
|
||||
uint32_t (*orig_iph_ret_id)(const struct _SFSnortPacket *);
|
||||
uint8_t (*orig_iph_ret_proto)(const struct _SFSnortPacket *);
|
||||
uint16_t (*orig_iph_ret_off)(const struct _SFSnortPacket *);
|
||||
uint8_t (*orig_iph_ret_ver)(const struct _SFSnortPacket *);
|
||||
uint8_t (*orig_iph_ret_hlen)(const struct _SFSnortPacket *);
|
||||
char version;
|
||||
} IPH_API;
|
||||
|
||||
#ifdef SUP_IP6
|
||||
typedef enum {
|
||||
PSEUDO_PKT_IP,
|
||||
PSEUDO_PKT_TCP,
|
||||
PSEUDO_PKT_DCE_RPKT,
|
||||
PSEUDO_PKT_SMB_SEG,
|
||||
PSEUDO_PKT_DCE_SEG,
|
||||
PSEUDO_PKT_DCE_FRAG,
|
||||
PSEUDO_PKT_SMB_TRANS,
|
||||
PSEUDO_PKT_PS,
|
||||
PSEUDO_PKT_SDF,
|
||||
PSEUDO_PKT_MAX
|
||||
} PseudoPacketType;
|
||||
|
||||
#include "ipv6_port.h"
|
||||
|
||||
|
@ -443,52 +466,84 @@ typedef struct _IPH_API
|
|||
extern IPH_API ip4;
|
||||
extern IPH_API ip6;
|
||||
|
||||
#define iph_is_valid(p) (p->family != NO_IP)
|
||||
#define iph_is_valid(p) ((p)->family != NO_IP)
|
||||
|
||||
#define NO_IP 0
|
||||
|
||||
#define IP6_HDR_LEN 40
|
||||
#endif
|
||||
|
||||
typedef struct _MplsHdr
|
||||
{
|
||||
u_int32_t label;
|
||||
u_int8_t exp;
|
||||
u_int8_t bos;
|
||||
u_int8_t ttl;
|
||||
uint32_t label;
|
||||
uint8_t exp;
|
||||
uint8_t bos;
|
||||
uint8_t ttl;
|
||||
} MplsHdr;
|
||||
|
||||
typedef struct _H2PriSpec
|
||||
{
|
||||
uint32_t stream_id;
|
||||
uint32_t weight;
|
||||
uint8_t exclusive;
|
||||
} H2PriSpec;
|
||||
|
||||
typedef struct _H2Hdr
|
||||
{
|
||||
uint32_t length;
|
||||
uint32_t stream_id;
|
||||
uint8_t type;
|
||||
uint8_t flags;
|
||||
uint8_t reserved;
|
||||
H2PriSpec pri;
|
||||
} H2Hdr;
|
||||
|
||||
#define MAX_PROTO_LAYERS 32
|
||||
|
||||
typedef struct {
|
||||
PROTO_ID proto_id;
|
||||
uint16_t proto_length;
|
||||
uint8_t* proto_start;
|
||||
} ProtoLayer;
|
||||
|
||||
// for backwards compatibility with VRT .so rules
|
||||
#define stream_session_ptr stream_session
|
||||
|
||||
// forward declaration for snort list management type
|
||||
struct sfSDList;
|
||||
|
||||
// forward declaration for snort expected session created due to this packet.
|
||||
struct _ExpectNode;
|
||||
|
||||
typedef struct _SFSnortPacket
|
||||
{
|
||||
const struct pcap_pkthdr *pcap_header; /* Is this GPF'd? */
|
||||
const u_int8_t *pkt_data;
|
||||
const SFDAQ_PktHdr_t *pkt_header; /* Is this GPF'd? */
|
||||
const uint8_t *pkt_data;
|
||||
|
||||
void *ether_arp_header;
|
||||
const EtherHeader *ether_header;
|
||||
const void *vlan_tag_header;
|
||||
const VlanHeader *vlan_tag_header;
|
||||
void *ether_header_llc;
|
||||
void *ether_header_other;
|
||||
const void *ppp_over_ether_header;
|
||||
const void *gre_header;
|
||||
u_int32_t *mpls;
|
||||
uint32_t *mpls;
|
||||
const CiscoMetaHdr *cmdh; /* Cisco Metadata Header */
|
||||
|
||||
const IPV4Header *ip4_header, *orig_ip4_header;
|
||||
const IPV4Header *inner_ip4_header;
|
||||
const IPV4Header *outer_ip4_header;
|
||||
const TCPHeader *tcp_header, *orig_tcp_header;
|
||||
const UDPHeader *udp_header, *orig_udp_header;
|
||||
const UDPHeader *inner_udph; /* if Teredo + UDP, this will be the inner UDP header */
|
||||
const UDPHeader *outer_udph; /* if Teredo + UDP, this will be the outer UDP header */
|
||||
const ICMPHeader *icmp_header, *orig_icmp_header;
|
||||
|
||||
const u_int8_t *payload;
|
||||
const u_int8_t *ip_payload;
|
||||
const u_int8_t *outer_ip_payload;
|
||||
const u_int8_t *ip_frag_start;
|
||||
const u_int8_t *ip4_options_data;
|
||||
const u_int8_t *tcp_options_data;
|
||||
const uint8_t *payload;
|
||||
const uint8_t *ip_payload;
|
||||
const uint8_t *outer_ip_payload;
|
||||
|
||||
void *stream_session_ptr;
|
||||
void *stream_session;
|
||||
void *fragmentation_tracking_ptr;
|
||||
void *flow_ptr;
|
||||
void *stream_ptr;
|
||||
|
||||
IP4Hdr *ip4h, *orig_ip4h;
|
||||
IP6Hdr *ip6h, *orig_ip6h;
|
||||
|
@ -499,64 +554,50 @@ typedef struct _SFSnortPacket
|
|||
IPH_API* outer_iph_api;
|
||||
IPH_API* outer_orig_iph_api;
|
||||
|
||||
IP4Hdr inner_ip4h, inner_orig_ip4h;
|
||||
IP6Hdr inner_ip6h, inner_orig_ip6h;
|
||||
IP4Hdr outer_ip4h, outer_orig_ip4h;
|
||||
IP6Hdr outer_ip6h, outer_orig_ip6h;
|
||||
|
||||
MplsHdr mplsHdr;
|
||||
|
||||
int family;
|
||||
int orig_family;
|
||||
int outer_family;
|
||||
int number_bytes_to_check;
|
||||
|
||||
/* int ip_payload_length; */
|
||||
/* int ip_payload_offset; */
|
||||
PreprocEnableMask preprocessor_bit_mask;
|
||||
|
||||
u_int32_t preprocessor_bit_mask;
|
||||
u_int32_t preproc_reassembly_pkt_bit_mask;
|
||||
uint64_t flags;
|
||||
|
||||
u_int32_t pcap_cap_len;
|
||||
u_int32_t http_pipeline_count;
|
||||
u_int32_t flags;
|
||||
u_int16_t proto_bits;
|
||||
u_int16_t data_flags;
|
||||
uint32_t xtradata_mask;
|
||||
|
||||
u_int16_t payload_size;
|
||||
u_int16_t ip_payload_size;
|
||||
u_int16_t normalized_payload_size;
|
||||
u_int16_t actual_ip_length;
|
||||
u_int16_t outer_ip_payload_size;
|
||||
uint16_t proto_bits;
|
||||
|
||||
u_int16_t ip_fragment_offset;
|
||||
u_int16_t ip_frag_length;
|
||||
u_int16_t ip4_options_length;
|
||||
u_int16_t tcp_options_length;
|
||||
uint16_t payload_size;
|
||||
uint16_t ip_payload_size;
|
||||
uint16_t normalized_payload_size;
|
||||
uint16_t actual_ip_length;
|
||||
uint16_t outer_ip_payload_size;
|
||||
|
||||
u_int16_t src_port;
|
||||
u_int16_t dst_port;
|
||||
u_int16_t orig_src_port;
|
||||
u_int16_t orig_dst_port;
|
||||
uint16_t ip_fragment_offset;
|
||||
uint16_t ip_frag_length;
|
||||
uint16_t ip4_options_length;
|
||||
uint16_t tcp_options_length;
|
||||
|
||||
uint16_t src_port;
|
||||
uint16_t dst_port;
|
||||
uint16_t orig_src_port;
|
||||
uint16_t orig_dst_port;
|
||||
|
||||
int16_t application_protocol_ordinal;
|
||||
|
||||
u_int8_t ip_fragmented;
|
||||
u_int8_t ip_more_fragments;
|
||||
u_int8_t ip_dont_fragment;
|
||||
u_int8_t ip_reserved;
|
||||
uint8_t ip_fragmented;
|
||||
uint8_t ip_more_fragments;
|
||||
uint8_t ip_dont_fragment;
|
||||
uint8_t ip_reserved;
|
||||
|
||||
u_int8_t num_uris;
|
||||
u_int8_t checksums_invalid;
|
||||
u_int8_t encapsulated;
|
||||
uint8_t num_ip_options;
|
||||
uint8_t num_tcp_options;
|
||||
uint8_t num_ip6_extensions;
|
||||
uint8_t ip6_frag_extension;
|
||||
|
||||
u_int8_t num_ip_options;
|
||||
u_int8_t num_tcp_options;
|
||||
u_int8_t num_ip6_extensions;
|
||||
u_int8_t ip6_frag_extension;
|
||||
|
||||
u_char ip_last_option_invalid_flag;
|
||||
u_char tcp_last_option_invalid_flag;
|
||||
uint8_t invalid_flags;
|
||||
uint8_t encapsulated;
|
||||
uint8_t GTPencapsulated;
|
||||
uint8_t next_layer_index;
|
||||
|
||||
#ifndef NO_NON_ETHER_DECODER
|
||||
const void *fddi_header;
|
||||
|
@ -572,43 +613,79 @@ typedef struct _SFSnortPacket
|
|||
void *pflog1_header;
|
||||
void *pflog2_header;
|
||||
void *pflog3_header;
|
||||
void *pflog4_header;
|
||||
|
||||
#ifdef DLT_LINUX_SLL
|
||||
const void *sll_header;
|
||||
#endif
|
||||
#ifdef DLT_IEEE802_11
|
||||
const void *wifi_header;
|
||||
const void *ppp_over_ether_header;
|
||||
|
||||
#endif
|
||||
const void *ether_eapol_header;
|
||||
const void *eapol_headear;
|
||||
const u_int8_t *eapol_type;
|
||||
const uint8_t *eapol_type;
|
||||
void *eapol_key;
|
||||
#endif
|
||||
|
||||
IPOptions ip_options[MAX_IP_OPTIONS];
|
||||
TCPOptions tcp_options[MAX_TCP_OPTIONS];
|
||||
IP6Extension ip6_extensions[MAX_IP6_EXTENSIONS];
|
||||
IP6Extension *ip6_extensions;
|
||||
CiscoMetaOpt *cmd_options; /* Cisco Metadata header options */
|
||||
|
||||
/**policyId provided in configuration file. Used for correlating configuration
|
||||
const uint8_t *ip_frag_start;
|
||||
const uint8_t *ip4_options_data;
|
||||
const uint8_t *tcp_options_data;
|
||||
|
||||
const IP6RawHdr* raw_ip6_header;
|
||||
ProtoLayer proto_layers[MAX_PROTO_LAYERS];
|
||||
|
||||
IPAddresses inner_ips, inner_orig_ips;
|
||||
IP4Hdr inner_ip4h, inner_orig_ip4h;
|
||||
IP6Hdr inner_ip6h, inner_orig_ip6h;
|
||||
IPAddresses outer_ips, outer_orig_ips;
|
||||
IP4Hdr outer_ip4h, outer_orig_ip4h;
|
||||
IP6Hdr outer_ip6h, outer_orig_ip6h;
|
||||
|
||||
MplsHdr mplsHdr;
|
||||
H2Hdr *h2Hdr;
|
||||
|
||||
PseudoPacketType pseudo_type;
|
||||
uint16_t max_payload;
|
||||
|
||||
/**policyId provided in configuration file. Used for correlating configuration
|
||||
* with event output
|
||||
*/
|
||||
uint16_t config_policy_id;
|
||||
uint16_t configPolicyId;
|
||||
|
||||
uint32_t iplist_id;
|
||||
unsigned char iprep_layer;
|
||||
|
||||
uint8_t ps_proto; /* Used for portscan and unified2 logging */
|
||||
|
||||
uint8_t ips_os_selected;
|
||||
void *cur_pp;
|
||||
|
||||
// Expected session created due to this packet.
|
||||
struct _ExpectNode* expectedSession;
|
||||
} SFSnortPacket;
|
||||
|
||||
#define IP_INNER_LAYER 1
|
||||
#define IP_OUTTER_LAYER 0
|
||||
|
||||
#define PKT_ZERO_LEN offsetof(SFSnortPacket, ip_options)
|
||||
|
||||
#define PROTO_BIT__IP 0x0001
|
||||
#define PROTO_BIT__ARP 0x0002
|
||||
#define PROTO_BIT__TCP 0x0004
|
||||
#define PROTO_BIT__UDP 0x0008
|
||||
#define PROTO_BIT__ICMP 0x0010
|
||||
#define PROTO_BIT__ALL 0xffff
|
||||
|
||||
#define DATA_FLAGS_GZIP 0x0002
|
||||
#define PROTO_BIT__IP 0x0001
|
||||
#define PROTO_BIT__ARP 0x0002
|
||||
#define PROTO_BIT__TCP 0x0004
|
||||
#define PROTO_BIT__UDP 0x0008
|
||||
#define PROTO_BIT__ICMP 0x0010
|
||||
#define PROTO_BIT__TEREDO 0x0020
|
||||
#define PROTO_BIT__ALL 0xffff
|
||||
|
||||
#define IsIP(p) (IPH_IS_VALID(p))
|
||||
#define IsTCP(p) (IsIP(p) && (GET_IPH_PROTO(p) == IPPROTO_TCP))
|
||||
#define IsUDP(p) (IsIP(p) && (GET_IPH_PROTO(p) == IPPROTO_UDP))
|
||||
#define IsICMP(p) (IsIP(p) && (GET_IPH_PROTO(p) == IPPROTO_ICMP))
|
||||
#define IsTCP(p) (IsIP(p) && p->tcp_header)
|
||||
#define IsUDP(p) (IsIP(p) && p->udp_header)
|
||||
#define IsICMP(p) (IsIP(p) && p->icmp_header)
|
||||
|
||||
#define SET_IP4_VER(ip_header, value) \
|
||||
((ip_header)->version_headerlength = \
|
||||
|
@ -621,46 +698,104 @@ typedef struct _SFSnortPacket
|
|||
((tcp_header)->offset_reserved = \
|
||||
(unsigned char)(((tcp_header)->offset_reserved & 0x0f) | (value << 4)))
|
||||
|
||||
#define FLAG_REBUILT_FRAG 0x00000001
|
||||
#define FLAG_REBUILT_STREAM 0x00000002
|
||||
#define FLAG_STREAM_UNEST_UNI 0x00000004
|
||||
#define FLAG_STREAM_UNEST_BI 0x00000008
|
||||
#define FLAG_STREAM_EST 0x00000010
|
||||
#define FLAG_FROM_SERVER 0x00000040
|
||||
#define FLAG_FROM_CLIENT 0x00000080
|
||||
#define FLAG_HTTP_DECODE 0x00000100
|
||||
#define FLAG_STREAM_INSERT 0x00000400
|
||||
#define FLAG_ALT_DECODE 0x00000800
|
||||
#define FLAG_STREAM_TWH 0x00001000
|
||||
#define FLAG_IGNORE_PORT 0x00002000 /* this packet should be ignored, based on port */
|
||||
#define FLAG_PASS_RULE 0x00004000 /* this packet has matched a pass rule */
|
||||
#define FLAG_NO_DETECT 0x00008000 /* this packet should not be preprocessed */
|
||||
#define FLAG_PREPROC_RPKT 0x00010000 /* set in original packet to indicate a preprocessor
|
||||
* has a reassembled packet */
|
||||
#define FLAG_DCE_RPKT 0x00020000 /* this is a DCE/RPC reassembled packet */
|
||||
#define FLAG_IP_RULE 0x00040000 /* this packet being evaluated against an ip rule */
|
||||
#define BIT(i) (0x1 << (i-1))
|
||||
|
||||
|
||||
/* beware: some flags are redefined in dynamic-plugins/sf_dynamic_define.h! */
|
||||
#define FLAG_REBUILT_FRAG 0x00000001 /* is a rebuilt fragment */
|
||||
#define FLAG_REBUILT_STREAM 0x00000002 /* is a rebuilt stream */
|
||||
#define FLAG_STREAM_UNEST_UNI 0x00000004 /* is from an unestablished stream and
|
||||
* we've only seen traffic in one direction */
|
||||
#define FLAG_STREAM_EST 0x00000008 /* is from an established stream */
|
||||
|
||||
#define FLAG_STREAM_INSERT 0x00000010 /* this packet has been queued for stream reassembly */
|
||||
#define FLAG_STREAM_TWH 0x00000020 /* packet completes the 3-way handshake */
|
||||
#define FLAG_FROM_SERVER 0x00000040 /* this packet came from the server
|
||||
side of a connection (TCP) */
|
||||
#define FLAG_FROM_CLIENT 0x00000080 /* this packet came from the client
|
||||
side of a connection (TCP) */
|
||||
|
||||
#define FLAG_PDU_HEAD 0x00000100 /* start of PDU */
|
||||
#define FLAG_PDU_TAIL 0x00000200 /* end of PDU */
|
||||
#define FLAG_UNSURE_ENCAP 0x00000400 /* packet may have incorrect encapsulation layer. */
|
||||
/* don't alert if "next layer" is invalid. */
|
||||
#define FLAG_HTTP_DECODE 0x00000800 /* this packet has normalized http */
|
||||
|
||||
#define FLAG_IGNORE_PORT 0x00001000 /* this packet should be ignored, based on port */
|
||||
#define FLAG_NO_DETECT 0x00002000 /* this packet should not be preprocessed */
|
||||
#define FLAG_ALLOW_MULTIPLE_DETECT 0x00004000 /* packet has either pipelined mime attachements */
|
||||
/* or pipeline http requests */
|
||||
#define FLAG_PAYLOAD_OBFUSCATE 0x00008000
|
||||
|
||||
#define FLAG_STATELESS 0x00010000 /* Packet has matched a stateless rule */
|
||||
#define FLAG_PASS_RULE 0x00020000 /* this packet has matched a pass rule */
|
||||
#define FLAG_IP_RULE 0x00040000 /* this packet is being evaluated against an IP rule */
|
||||
#define FLAG_IP_RULE_2ND 0x00080000 /* this packet is being evaluated against an IP rule */
|
||||
|
||||
#define FLAG_SMB_SEG 0x00100000 /* this is an SMB desegmented packet */
|
||||
#define FLAG_DCE_SEG 0x00200000 /* this is a DCE/RPC desegmented packet */
|
||||
#define FLAG_DCE_FRAG 0x00400000 /* this is a DCE/RPC defragmented packet */
|
||||
#define FLAG_SMB_TRANS 0x00800000 /* this is an SMB Transact reassembled packet */
|
||||
#define FLAG_DCE_PKT 0x01000000 /* this is a DCE packet processed by DCE/RPC preprocessor */
|
||||
#define FLAG_RPC_PKT 0x02000000 /* this is an ONC RPC packet processed by rpc decode preprocessor */
|
||||
#define FLAG_LOGGED 0x00100000 /* this packet has been logged */
|
||||
#define FLAG_PSEUDO 0x00200000 /* is a pseudo packet */
|
||||
#define FLAG_MODIFIED 0x00400000 /* packet had normalizations, etc. */
|
||||
#ifdef NORMALIZER
|
||||
#define FLAG_RESIZED 0x00800000 /* packet has new size; must set modified too */
|
||||
#endif
|
||||
|
||||
#define FLAG_HTTP_RESP_BODY 0x04000000 /* this packet contains non-zipped HTTP response Body */
|
||||
/* neither of these flags will be set for (full) retransmissions or non-data segments */
|
||||
/* a partial overlap results in out of sequence condition */
|
||||
/* out of sequence condition is sticky */
|
||||
#define FLAG_STREAM_ORDER_OK 0x01000000 /* this segment is in order, w/o gaps */
|
||||
#define FLAG_STREAM_ORDER_BAD 0x02000000 /* this stream had at least one gap */
|
||||
#define FLAG_REASSEMBLED_OLD 0x04000000 /* for backwards compat with so rules */
|
||||
|
||||
#define FLAG_STATELESS 0x10000000 /* Packet has matched a stateless rule */
|
||||
#define FLAG_INLINE_DROP 0x20000000
|
||||
#define FLAG_OBFUSCATED 0x40000000 /* this packet has been obfuscated */
|
||||
#define FLAG_LOGGED 0x80000000 /* this packet has been logged */
|
||||
#define FLAG_IPREP_SOURCE_TRIGGERED 0x08000000
|
||||
#define FLAG_IPREP_DATA_SET 0x10000000
|
||||
#define FLAG_FILE_EVENT_SET 0x20000000
|
||||
#define FLAG_EARLY_REASSEMBLY 0x40000000 /* this packet. part of the expected stream, should have stream reassembly set */
|
||||
#define FLAG_RETRANSMIT 0x80000000 /* this packet is identified as re-transmitted one */
|
||||
#define FLAG_PURGE 0x0100000000 /* Stream will not flush the data */
|
||||
|
||||
|
||||
#define FLAG_PDU_FULL (FLAG_PDU_HEAD | FLAG_PDU_TAIL)
|
||||
|
||||
#define REASSEMBLED_PACKET_FLAGS (FLAG_REBUILT_STREAM|FLAG_REASSEMBLED_OLD)
|
||||
|
||||
#define SFTARGET_UNKNOWN_PROTOCOL -1
|
||||
|
||||
/* Only include application layer reassembled data
|
||||
* flags here - no PKT_REBUILT_FRAG */
|
||||
#define REASSEMBLED_PACKET_FLAGS \
|
||||
(FLAG_REBUILT_STREAM|FLAG_SMB_SEG|FLAG_DCE_SEG|FLAG_DCE_FRAG|FLAG_SMB_TRANS)
|
||||
static inline int PacketWasCooked(const SFSnortPacket* p)
|
||||
{
|
||||
return ( p->flags & FLAG_PSEUDO ) != 0;
|
||||
}
|
||||
|
||||
static inline int IsPortscanPacket(const SFSnortPacket *p)
|
||||
{
|
||||
return ((p->flags & FLAG_PSEUDO) && (p->pseudo_type == PSEUDO_PKT_PS));
|
||||
}
|
||||
|
||||
static inline uint8_t GetEventProto(const SFSnortPacket *p)
|
||||
{
|
||||
if (IsPortscanPacket(p))
|
||||
return p->ps_proto;
|
||||
return IPH_IS_VALID(p) ? GET_IPH_PROTO(p) : 0;
|
||||
}
|
||||
|
||||
static inline int PacketHasFullPDU (const SFSnortPacket* p)
|
||||
{
|
||||
return ( (p->flags & FLAG_PDU_FULL) == FLAG_PDU_FULL );
|
||||
}
|
||||
|
||||
static inline int PacketHasStartOfPDU (const SFSnortPacket* p)
|
||||
{
|
||||
return ( (p->flags & FLAG_PDU_HEAD) != 0 );
|
||||
}
|
||||
|
||||
static inline int PacketHasPAFPayload (const SFSnortPacket* p)
|
||||
{
|
||||
return ( (p->flags & FLAG_REBUILT_STREAM) || (p->flags & FLAG_PDU_TAIL) );
|
||||
}
|
||||
|
||||
static inline void SetExtraData (SFSnortPacket* p, uint32_t xid)
|
||||
{
|
||||
p->xtradata_mask |= BIT(xid);
|
||||
}
|
||||
|
||||
#endif /* _SF_SNORT_PACKET_H_ */
|
||||
|
||||
|
|
|
@ -14,9 +14,10 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
* Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
* Author: Steve Sturges
|
||||
* Andy Mullican
|
||||
|
@ -29,10 +30,6 @@
|
|||
#ifndef SF_SNORT_PLUGIN_API_H_
|
||||
#define SF_SNORT_PLUGIN_API_H_
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include "pcre.h"
|
||||
#include "stdio.h"
|
||||
|
||||
|
@ -57,16 +54,18 @@
|
|||
|
||||
#ifdef WIN32
|
||||
# ifdef SF_SNORT_ENGINE_DLL
|
||||
# define ENGINE_LINKAGE SO_PUBLIC
|
||||
# define ENGINE_LINKAGE SF_SO_PUBLIC
|
||||
# else
|
||||
# define ENGINE_LINKAGE
|
||||
# define ENGINE_LINKAGE
|
||||
# endif
|
||||
#else /* WIN32 */
|
||||
# define ENGINE_LINKAGE SO_PUBLIC
|
||||
# define ENGINE_LINKAGE SF_SO_PUBLIC
|
||||
#endif
|
||||
|
||||
#define RULE_MATCH 1
|
||||
#define RULE_NOMATCH 0
|
||||
#define RULE_MATCH 1
|
||||
#define RULE_NOALERT 2
|
||||
#define RULE_FAILED_BIT 3
|
||||
|
||||
#define RULE_DIRECTIONAL 0
|
||||
#define RULE_BIDIRECTIONAL 1
|
||||
|
@ -76,49 +75,68 @@
|
|||
#define CONTENT_TYPE_MISMATCH -1
|
||||
#define CONTENT_TYPE_MISSING -2
|
||||
#define CONTENT_CURSOR_ERROR -3
|
||||
#define CONTENT_HASH_ERROR -4
|
||||
#define CURSOR_IN_BOUNDS 1
|
||||
#define CURSOR_OUT_OF_BOUNDS 0
|
||||
|
||||
/* Defined in sf_dynamic_define.h */
|
||||
/* #define SNORT_PCRE_OVERRIDE_MATCH_LIMIT 0x80000000 */
|
||||
//==========================================
|
||||
// these are all part of the same mask:
|
||||
//------------------------------------------
|
||||
// low nibble must be same as HTTP_BUFFER_*
|
||||
// see detection_util.h for enum
|
||||
// TBD include BUF_* as well in a single enum?
|
||||
#define CONTENT_BUF_NONE 0x00000000
|
||||
#define CONTENT_BUF_URI 0x00000001
|
||||
#define CONTENT_BUF_HEADER 0x00000002
|
||||
#define CONTENT_BUF_POST 0x00000003
|
||||
|
||||
#define CONTENT_NOCASE 0x01
|
||||
#define CONTENT_RELATIVE 0x02
|
||||
#define CONTENT_UNICODE2BYTE 0x04
|
||||
#define CONTENT_UNICODE4BYTE 0x08
|
||||
#define CONTENT_FAST_PATTERN 0x10
|
||||
#define CONTENT_END_BUFFER 0x20
|
||||
#define CONTENT_BUF_METHOD 0x00000004
|
||||
#define CONTENT_BUF_COOKIE 0x00000005
|
||||
#define CONTENT_BUF_STAT_CODE 0x00000006
|
||||
#define CONTENT_BUF_STAT_MSG 0x00000007
|
||||
|
||||
#define CONTENT_BUF_NORMALIZED 0x100
|
||||
#define CONTENT_BUF_RAW 0x200
|
||||
#define CONTENT_BUF_URI 0x400
|
||||
#define CONTENT_BUF_POST 0x800
|
||||
#define CONTENT_BUF_HEADER 0x2000
|
||||
#define CONTENT_BUF_METHOD 0x4000
|
||||
#define CONTENT_BUF_COOKIE 0x8000
|
||||
#define CONTENT_BUF_RAW_URI 0x10000
|
||||
#define CONTENT_BUF_RAW_HEADER 0x20000
|
||||
#define CONTENT_BUF_RAW_COOKIE 0x40000
|
||||
#define CONTENT_BUF_STAT_CODE 0x80000
|
||||
#define CONTENT_BUF_STAT_MSG 0x100000
|
||||
#define CONTENT_BUF_RAW_URI 0x00000008
|
||||
#define CONTENT_BUF_RAW_HEADER 0x00000009
|
||||
#define CONTENT_BUF_RAW_COOKIE 0x0000000A
|
||||
#define CONTENT_BUF_HTTP 0x0000000F
|
||||
//------------------------------------------
|
||||
|
||||
/* This option implies the fast pattern flag */
|
||||
#define CONTENT_FAST_PATTERN_ONLY 0x200000
|
||||
#define BUF_FILE_DATA 0x00000010
|
||||
#define BUF_FILE_DATA_MIME 0x00000020
|
||||
#define BUF_BASE64_DECODE 0x00000040
|
||||
|
||||
#define BYTE_LITTLE_ENDIAN 0x0000
|
||||
#define BYTE_BIG_ENDIAN 0x1000
|
||||
#define CONTENT_BUF_NORMALIZED 0x00000100
|
||||
#define CONTENT_BUF_RAW 0x00000200
|
||||
#define CONTENT_END_BUFFER 0x00000400
|
||||
|
||||
#define EXTRACT_AS_BYTE 0x010000
|
||||
#define EXTRACT_AS_STRING 0x020000
|
||||
#define EXTRACT_AS_DEC 0x100000
|
||||
#define EXTRACT_AS_OCT 0x200000
|
||||
#define EXTRACT_AS_HEX 0x400000
|
||||
#define EXTRACT_AS_BIN 0x800000
|
||||
#define CONTENT_NOCASE 0x00001000
|
||||
#define CONTENT_RELATIVE 0x00002000
|
||||
#define NOT_FLAG 0x00004000
|
||||
|
||||
#define JUMP_FROM_BEGINNING 0x01000000
|
||||
#define JUMP_ALIGN 0x02000000
|
||||
#define CONTENT_FAST_PATTERN 0x00010000
|
||||
#define CONTENT_FAST_PATTERN_ONLY 0x00020000 // implies fast pattern
|
||||
#define JUMP_FROM_BEGINNING 0x00040000
|
||||
#define JUMP_ALIGN 0x00080000
|
||||
|
||||
#define NOT_FLAG 0x10000000
|
||||
#define CONTENT_UNICODE2BYTE 0x00100000
|
||||
#define CONTENT_UNICODE4BYTE 0x00200000
|
||||
#define BYTE_LITTLE_ENDIAN 0x00400000
|
||||
#define BYTE_BIG_ENDIAN 0x00800000
|
||||
|
||||
#define EXTRACT_AS_DEC 0x01000000
|
||||
#define EXTRACT_AS_OCT 0x02000000
|
||||
#define EXTRACT_AS_HEX 0x04000000
|
||||
#define EXTRACT_AS_BIN 0x08000000
|
||||
|
||||
#define EXTRACT_AS_BYTE 0x10000000
|
||||
#define EXTRACT_AS_STRING 0x20000000
|
||||
|
||||
#define JUMP_FROM_END 0x40000000
|
||||
|
||||
#define PROTECTED_CONTENT_HASH_MD5 (1)
|
||||
#define PROTECTED_CONTENT_HASH_SHA256 (2)
|
||||
#define PROTECTED_CONTENT_HASH_SHA512 (3)
|
||||
//==========================================
|
||||
|
||||
#define CHECK_EQ 0
|
||||
#define CHECK_NEQ 1
|
||||
|
@ -130,35 +148,66 @@
|
|||
#define CHECK_XOR 7
|
||||
#define CHECK_ALL 8
|
||||
#define CHECK_ATLEASTONE 9
|
||||
#define CHECK_NONE 10
|
||||
#define CHECK_ADD 10
|
||||
#define CHECK_SUB 11
|
||||
#define CHECK_MUL 12
|
||||
#define CHECK_DIV 13
|
||||
#define CHECK_LS 14
|
||||
#define CHECK_RS 15
|
||||
#define CHECK_NONE 16
|
||||
|
||||
#define HTTP_CONTENT(cf) (cf & CONTENT_BUF_HTTP)
|
||||
|
||||
#define NORMAL_CONTENT_BUFS ( CONTENT_BUF_NORMALIZED | CONTENT_BUF_RAW )
|
||||
#define URI_CONTENT_BUFS ( CONTENT_BUF_URI | CONTENT_BUF_POST \
|
||||
| CONTENT_BUF_COOKIE | CONTENT_BUF_HEADER | CONTENT_BUF_METHOD \
|
||||
| CONTENT_BUF_RAW_URI | CONTENT_BUF_RAW_HEADER | CONTENT_BUF_RAW_COOKIE \
|
||||
| CONTENT_BUF_STAT_CODE | CONTENT_BUF_STAT_MSG )
|
||||
#define URI_FAST_PATTERN_BUFS ( CONTENT_BUF_URI | CONTENT_BUF_METHOD \
|
||||
| CONTENT_BUF_HEADER | CONTENT_BUF_POST )
|
||||
|
||||
static inline int IsHttpFastPattern (uint32_t cf)
|
||||
{
|
||||
cf = HTTP_CONTENT(cf);
|
||||
|
||||
return ( cf == CONTENT_BUF_URI || cf == CONTENT_BUF_HEADER ||
|
||||
cf == CONTENT_BUF_POST );
|
||||
}
|
||||
|
||||
typedef struct _ContentInfo
|
||||
{
|
||||
const u_int8_t *pattern;
|
||||
u_int32_t depth;
|
||||
const uint8_t *pattern;
|
||||
uint32_t depth;
|
||||
int32_t offset;
|
||||
u_int32_t flags; /* must include a CONTENT_BUF_X */
|
||||
uint32_t flags; /* must include a CONTENT_BUF_X */
|
||||
void *boyer_ptr;
|
||||
u_int8_t *patternByteForm;
|
||||
u_int32_t patternByteFormLength;
|
||||
u_int32_t incrementLength;
|
||||
u_int16_t fp_offset;
|
||||
u_int16_t fp_length;
|
||||
u_int8_t fp_only;
|
||||
uint8_t *patternByteForm;
|
||||
uint32_t patternByteFormLength;
|
||||
uint32_t incrementLength;
|
||||
uint16_t fp_offset;
|
||||
uint16_t fp_length;
|
||||
uint8_t fp_only;
|
||||
char *offset_refId; /* To match up with a DynamicElement refId */
|
||||
char *depth_refId; /* To match up with a DynamicElement refId */
|
||||
int32_t *offset_location;
|
||||
uint32_t *depth_location;
|
||||
} ContentInfo;
|
||||
typedef struct _ProtectedContentInfo
|
||||
{
|
||||
const uint8_t *pattern;
|
||||
uint32_t depth;
|
||||
int32_t offset;
|
||||
uint32_t flags; /* must include a CONTENT_BUF_X */
|
||||
uint8_t hash_type;
|
||||
uint32_t protected_length;
|
||||
uint8_t *patternByteForm;
|
||||
uint32_t patternByteFormLength;
|
||||
char *offset_refId; /* To match up with a DynamicElement refId */
|
||||
char *depth_refId; /* To match up with a DynamicElement refId */
|
||||
int32_t *offset_location;
|
||||
uint32_t *depth_location;
|
||||
} ProtectedContentInfo;
|
||||
|
||||
typedef struct _CursorInfo
|
||||
{
|
||||
int32_t offset;
|
||||
u_int32_t flags; /* specify one of CONTENT_BUF_X */
|
||||
uint32_t flags; /* specify one of CONTENT_BUF_X */
|
||||
char *offset_refId; /* To match up with a DynamicElement refId */
|
||||
int32_t *offset_location;
|
||||
} CursorInfo;
|
||||
|
||||
/*
|
||||
|
@ -178,51 +227,66 @@ typedef struct _PCREInfo
|
|||
char *expr;
|
||||
void *compiled_expr;
|
||||
void *compiled_extra;
|
||||
u_int32_t compile_flags;
|
||||
u_int32_t flags; /* must include a CONTENT_BUF_X */
|
||||
uint32_t compile_flags;
|
||||
uint32_t flags; /* must include a CONTENT_BUF_X */
|
||||
int32_t offset;
|
||||
} PCREInfo;
|
||||
|
||||
#define FLOWBIT_SET 0x01
|
||||
#define FLOWBIT_SET 0x01
|
||||
#define FLOWBIT_UNSET 0x02
|
||||
#define FLOWBIT_TOGGLE 0x04
|
||||
#define FLOWBIT_ISSET 0x08
|
||||
#define FLOWBIT_ISNOTSET 0x10
|
||||
#define FLOWBIT_RESET 0x20
|
||||
#define FLOWBIT_NOALERT 0x40
|
||||
#define FLOWBIT_SETX 0x80
|
||||
|
||||
|
||||
typedef struct _FlowBitsInfo
|
||||
{
|
||||
char *flowBitsName;
|
||||
u_int8_t operation;
|
||||
u_int32_t id;
|
||||
u_int32_t flags;
|
||||
char *flowBitsName;
|
||||
uint8_t operation;
|
||||
uint16_t id;
|
||||
uint32_t flags;
|
||||
char *groupName;
|
||||
uint8_t eval;
|
||||
uint16_t *ids;
|
||||
uint8_t num_ids;
|
||||
} FlowBitsInfo;
|
||||
|
||||
typedef struct _ByteData
|
||||
{
|
||||
u_int32_t bytes; /* Number of bytes to extract */
|
||||
u_int32_t op; /* Type of byte comparison, for checkValue */
|
||||
u_int32_t value; /* Value to compare value against, for checkValue, or extracted value */
|
||||
uint32_t bytes; /* Number of bytes to extract */
|
||||
uint32_t op; /* Type of byte comparison, for checkValue */
|
||||
uint32_t value; /* Value to compare value against, for checkValue, or extracted value */
|
||||
int32_t offset; /* Offset from cursor */
|
||||
u_int32_t multiplier; /* Used for byte jump -- 32bits is MORE than enough */
|
||||
u_int32_t flags; /* must include a CONTENT_BUF_X */
|
||||
uint32_t multiplier; /* Used for byte jump -- 32bits is MORE than enough */
|
||||
uint32_t flags; /* must include a CONTENT_BUF_X */
|
||||
int32_t post_offset;/* Use for byte jump -- adjust cusor by this much after the jump */
|
||||
char *offset_refId; /* To match up with a DynamicElement refId */
|
||||
char *value_refId; /* To match up with a DynamicElement refId */
|
||||
int32_t *offset_location;
|
||||
uint32_t *value_location;
|
||||
uint32_t bitmask_val;
|
||||
char *postoffset_refId; /* To match up with a DynamicElement refId */
|
||||
char *refId; /* To match up with a DynamicElement refId */
|
||||
} ByteData;
|
||||
|
||||
typedef struct _ByteExtract
|
||||
{
|
||||
u_int32_t bytes; /* Number of bytes to extract */
|
||||
uint32_t bytes; /* Number of bytes to extract */
|
||||
int32_t offset; /* Offset from cursor */
|
||||
u_int32_t multiplier; /* Multiply value by this (similar to byte jump) */
|
||||
u_int32_t flags; /* must include a CONTENT_BUF_X */
|
||||
uint32_t multiplier; /* Multiply value by this (similar to byte jump) */
|
||||
uint32_t flags; /* must include a CONTENT_BUF_X */
|
||||
char *refId; /* To match up with a DynamicElement refId */
|
||||
void *memoryLocation; /* Location to store the data extracted */
|
||||
uint8_t align; /* Align to 2 or 4 bit boundary after extraction */
|
||||
uint32_t bitmask_val;
|
||||
} ByteExtract;
|
||||
|
||||
typedef struct _FlowFlags
|
||||
{
|
||||
u_int32_t flags; /* FLOW_* values */
|
||||
uint32_t flags; /* FLOW_* values */
|
||||
} FlowFlags;
|
||||
|
||||
|
||||
|
@ -238,7 +302,7 @@ typedef struct _Asn1Context
|
|||
unsigned int max_length;
|
||||
int offset;
|
||||
int offset_type;
|
||||
u_int32_t flags;
|
||||
uint32_t flags;
|
||||
} Asn1Context;
|
||||
|
||||
#define IP_HDR_ID 0x0001 /* IP Header ID */
|
||||
|
@ -265,11 +329,11 @@ typedef struct _Asn1Context
|
|||
|
||||
typedef struct _HdrOptCheck
|
||||
{
|
||||
u_int16_t hdrField; /* Field to check */
|
||||
u_int32_t op; /* Type of comparison */
|
||||
u_int32_t value; /* Value to compare value against */
|
||||
u_int32_t mask_value; /* bits of value to ignore */
|
||||
u_int32_t flags;
|
||||
uint16_t hdrField; /* Field to check */
|
||||
uint32_t op; /* Type of comparison */
|
||||
uint32_t value; /* Value to compare value against */
|
||||
uint32_t mask_value; /* bits of value to ignore */
|
||||
uint32_t flags;
|
||||
} HdrOptCheck;
|
||||
|
||||
#define DYNAMIC_TYPE_INT_STATIC 1
|
||||
|
@ -292,24 +356,32 @@ typedef struct _LoopInfo
|
|||
DynamicElement *start; /* Starting value of FOR loop (i=start) */
|
||||
DynamicElement *end; /* Ending value of FOR loop (i OP end) */
|
||||
DynamicElement *increment; /* Increment value of FOR loop (i+= increment) */
|
||||
u_int32_t op; /* Type of comparison for loop termination */
|
||||
uint32_t op; /* Type of comparison for loop termination */
|
||||
CursorInfo *cursorAdjust; /* How to move cursor each iteration of loop */
|
||||
struct _Rule *subRule; /* Pointer to SubRule & options to evaluate within
|
||||
* the loop */
|
||||
u_int8_t initialized; /* Loop initialized properly (safeguard) */
|
||||
u_int32_t flags; /* can be used to negate loop results, specifies
|
||||
uint8_t initialized; /* Loop initialized properly (safeguard) */
|
||||
uint32_t flags; /* can be used to negate loop results, specifies
|
||||
* relative. */
|
||||
} LoopInfo;
|
||||
|
||||
typedef struct _base64DecodeData
|
||||
{
|
||||
uint32_t bytes;
|
||||
uint32_t offset;
|
||||
uint8_t relative;
|
||||
}base64DecodeData;
|
||||
|
||||
typedef struct _PreprocessorOption
|
||||
{
|
||||
const char *optionName;
|
||||
const char *optionParameters;
|
||||
u_int32_t flags;
|
||||
uint32_t flags;
|
||||
PreprocOptionInit optionInit;
|
||||
PreprocOptionEval optionEval;
|
||||
void *dataPtr;
|
||||
PreprocOptionFastPatternFunc optionFpFunc;
|
||||
PreprocOptionCleanup optionCleanup;
|
||||
} PreprocessorOption;
|
||||
|
||||
typedef struct _RuleOption
|
||||
|
@ -319,6 +391,7 @@ typedef struct _RuleOption
|
|||
{
|
||||
void *ptr;
|
||||
ContentInfo *content;
|
||||
ProtectedContentInfo *protectedContent;
|
||||
CursorInfo *cursor;
|
||||
PCREInfo *pcre;
|
||||
FlowBitsInfo *flowBit;
|
||||
|
@ -328,13 +401,14 @@ typedef struct _RuleOption
|
|||
Asn1Context *asn1;
|
||||
HdrOptCheck *hdrData;
|
||||
LoopInfo *loop;
|
||||
base64DecodeData *bData;
|
||||
PreprocessorOption *preprocOpt;
|
||||
} option_u;
|
||||
} RuleOption;
|
||||
|
||||
typedef struct _IPInfo
|
||||
{
|
||||
u_int8_t protocol;
|
||||
uint8_t protocol;
|
||||
char * src_addr;
|
||||
char * src_port; /* 0 for non TCP/UDP */
|
||||
char direction; /* non-zero is bi-directional */
|
||||
|
@ -357,11 +431,11 @@ typedef struct _RuleMetaData {
|
|||
|
||||
typedef struct _RuleInformation
|
||||
{
|
||||
u_int32_t genID;
|
||||
u_int32_t sigID;
|
||||
u_int32_t revision;
|
||||
uint32_t genID;
|
||||
uint32_t sigID;
|
||||
uint32_t revision;
|
||||
char *classification; /* String format of classification name */
|
||||
u_int32_t priority;
|
||||
uint32_t priority;
|
||||
char *message;
|
||||
RuleReference **references; /* NULL terminated array of references */
|
||||
RuleMetaData **meta; /* NULL terminated array of references */
|
||||
|
@ -373,51 +447,70 @@ typedef struct _Rule
|
|||
{
|
||||
IPInfo ip;
|
||||
RuleInformation info;
|
||||
|
||||
|
||||
RuleOption **options; /* NULL terminated array of RuleOption union */
|
||||
|
||||
ruleEvalFunc evalFunc;
|
||||
|
||||
char initialized; /* Rule Initialized, used internally */
|
||||
u_int32_t numOptions; /* Rule option count, used internally */
|
||||
uint32_t numOptions; /* Rule option count, used internally */
|
||||
char noAlert; /* Flag with no alert, used internally */
|
||||
void *ruleData; /* Hash table for dynamic data pointers */
|
||||
|
||||
} Rule;
|
||||
|
||||
|
||||
ENGINE_LINKAGE int RegisterRules(Rule **rules);
|
||||
struct _SnortConfig;
|
||||
ENGINE_LINKAGE int RegisterRules(struct _SnortConfig *sc, Rule **rules);
|
||||
ENGINE_LINKAGE int DumpRules(char *rulesFileName, Rule **rules);
|
||||
|
||||
ENGINE_LINKAGE int contentMatch(void *p, ContentInfo* content, const u_int8_t **cursor);
|
||||
ENGINE_LINKAGE int contentMatch(void *p, ContentInfo* content, const uint8_t **cursor);
|
||||
ENGINE_LINKAGE int protectedContentMatch(void *p, ProtectedContentInfo* content, const uint8_t **cursor);
|
||||
ENGINE_LINKAGE int checkFlow(void *p, FlowFlags *flowFlags);
|
||||
ENGINE_LINKAGE int extractValue(void *p, ByteExtract *byteExtract, const u_int8_t *cursor);
|
||||
ENGINE_LINKAGE int extractValue(void *p, ByteExtract *byteExtract, const uint8_t *cursor);
|
||||
ENGINE_LINKAGE int processFlowbits(void *p, FlowBitsInfo *flowBits);
|
||||
ENGINE_LINKAGE int getBuffer(void *p, int flags, const u_int8_t **start, const u_int8_t **end);
|
||||
ENGINE_LINKAGE int setCursor(void *p, CursorInfo *cursorInfo, const u_int8_t **cursor);
|
||||
ENGINE_LINKAGE int checkCursor(void *p, CursorInfo *cursorInfo, const u_int8_t *cursor);
|
||||
ENGINE_LINKAGE int checkValue(void *p, ByteData *byteData, u_int32_t value, const u_int8_t *cursor);
|
||||
ENGINE_LINKAGE int getBuffer(void *p, int flags, const uint8_t **start, const uint8_t **end);
|
||||
ENGINE_LINKAGE int setCursor(void *p, CursorInfo *cursorInfo, const uint8_t **cursor);
|
||||
ENGINE_LINKAGE int fileData(void *p, CursorInfo* cursorInfo, const uint8_t **cursor);
|
||||
ENGINE_LINKAGE int pktData(void *p, CursorInfo* cursorInfo, const uint8_t **cursor);
|
||||
ENGINE_LINKAGE int base64Data(void *p, CursorInfo* cursorInfo, const uint8_t **cursor);
|
||||
ENGINE_LINKAGE int base64Decode(void *p, base64DecodeData *data, const uint8_t *cursor);
|
||||
ENGINE_LINKAGE int checkCursor(void *p, CursorInfo *cursorInfo, const uint8_t *cursor);
|
||||
ENGINE_LINKAGE int checkValue(void *p, ByteData *byteData, uint32_t value, const uint8_t *cursor);
|
||||
/* Same as extractValue plus checkValue */
|
||||
ENGINE_LINKAGE int byteTest(void *p, ByteData *byteData, const u_int8_t *cursor);
|
||||
ENGINE_LINKAGE int byteTest(void *p, ByteData *byteData, const uint8_t *cursor);
|
||||
ENGINE_LINKAGE int byteMath(void *p, ByteData *byteData, const uint8_t *cursor);
|
||||
/* Same as extractValue plus setCursor */
|
||||
ENGINE_LINKAGE int byteJump(void *p, ByteData *byteData, const u_int8_t **cursor);
|
||||
ENGINE_LINKAGE int pcreMatch(void *p, PCREInfo* pcre, const u_int8_t **cursor);
|
||||
ENGINE_LINKAGE int detectAsn1(void *p, Asn1Context* asn1, const u_int8_t *cursor);
|
||||
ENGINE_LINKAGE int byteJump(void *p, ByteData *byteData, const uint8_t **cursor);
|
||||
ENGINE_LINKAGE int pcreMatch(void *p, PCREInfo* pcre, const uint8_t **cursor);
|
||||
ENGINE_LINKAGE int detectAsn1(void *p, Asn1Context* asn1, const uint8_t *cursor);
|
||||
ENGINE_LINKAGE int checkHdrOpt(void *p, HdrOptCheck *optData);
|
||||
ENGINE_LINKAGE int loopEval(void *p, LoopInfo *loop, const u_int8_t **cursor);
|
||||
ENGINE_LINKAGE int preprocOptionEval(void *p, PreprocessorOption *preprocOpt, const u_int8_t **cursor);
|
||||
ENGINE_LINKAGE void setTempCursor(const u_int8_t **temp_cursor, const u_int8_t **cursor);
|
||||
ENGINE_LINKAGE void revertTempCursor(const u_int8_t **temp_cursor, const u_int8_t **cursor);
|
||||
ENGINE_LINKAGE int loopEval(void *p, LoopInfo *loop, const uint8_t **cursor);
|
||||
ENGINE_LINKAGE int preprocOptionEval(void *p, PreprocessorOption *preprocOpt, const uint8_t **cursor);
|
||||
ENGINE_LINKAGE void setTempCursor(const uint8_t **temp_cursor, const uint8_t **cursor);
|
||||
ENGINE_LINKAGE void revertTempCursor(const uint8_t **temp_cursor, const uint8_t **cursor);
|
||||
ENGINE_LINKAGE int ruleMatch(void *p, Rule *rule);
|
||||
ENGINE_LINKAGE int MatchDecryptedRC4(
|
||||
const u_int8_t *key, u_int16_t keylen, const u_int8_t *encrypted_data,
|
||||
u_int8_t *plain_data, u_int16_t datalen
|
||||
const uint8_t *key, uint16_t keylen, const uint8_t *encrypted_data,
|
||||
uint8_t *plain_data, uint16_t datalen
|
||||
);
|
||||
ENGINE_LINKAGE void storeRuleData(void *p, void *rule_data);
|
||||
ENGINE_LINKAGE void *getRuleData(void *p);
|
||||
ENGINE_LINKAGE int storeRuleData(void *, void *, uint32_t, SessionDataFree);
|
||||
ENGINE_LINKAGE void *getRuleData(void *, uint32_t);
|
||||
ENGINE_LINKAGE void *allocRuleData(size_t);
|
||||
ENGINE_LINKAGE void freeRuleData(void *);
|
||||
|
||||
ENGINE_LINKAGE int isDetectFlag(SFDetectFlagType df);
|
||||
ENGINE_LINKAGE void detectFlagDisable(SFDetectFlagType df);
|
||||
ENGINE_LINKAGE int getAltDetect(uint8_t **bufPtr, uint16_t *altLenPtr);
|
||||
ENGINE_LINKAGE void setAltDetect(uint8_t *buf, uint16_t altLen);
|
||||
|
||||
ENGINE_LINKAGE int pcreExecWrapper(const PCREInfo *pcre_info, const char *buf, int len, int start_offset,
|
||||
int options, int *ovector, int ovecsize);
|
||||
|
||||
static inline int invertMatchResult(int retVal)
|
||||
{
|
||||
return (retVal <= RULE_NOMATCH) ? RULE_MATCH : RULE_NOMATCH;
|
||||
}
|
||||
|
||||
#endif /* SF_SNORT_PLUGIN_API_H_ */
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
** Copyright (C) 2007-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2007-2013 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,7 +15,7 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
#ifndef __SF_TYPES_H__
|
||||
|
@ -83,7 +84,6 @@ typedef uint64_t u_int64_t;
|
|||
typedef u_int64_t uint64_t;
|
||||
# endif /* !defined(HAVE_UINT64_T) && !defined(HAVE_U_INT64_T) */
|
||||
# endif /* !defined(HAVE_UINT64_T) || !defined(HAVE_U_INT64_T) */
|
||||
|
||||
# ifndef HAVE_INT8_T
|
||||
typedef char int8_t;
|
||||
# endif
|
||||
|
@ -104,7 +104,6 @@ typedef long long int int64_t;
|
|||
typedef long int int64_t;
|
||||
# endif
|
||||
# endif
|
||||
|
||||
# ifndef WIN32
|
||||
# ifdef HAVE_INTTYPES_H
|
||||
/* <inttypes.h> includes <stdint.h> */
|
||||
|
@ -137,6 +136,7 @@ typedef unsigned int uintptr_t;
|
|||
# endif /* SIZEOF_UNSIGNED_LONG_INT == 8 */
|
||||
# define PRIu64 _SF_PREFIX "u"
|
||||
# define PRIi64 _SF_PREFIX "i"
|
||||
# define PRIx64 _SF_PREFIX "x"
|
||||
#endif /* PRIu64 */
|
||||
|
||||
/* use these macros (and those in <inttypes.h>)
|
||||
|
@ -150,6 +150,10 @@ typedef unsigned int uintptr_t;
|
|||
#define CSVi64 STDi64 ","
|
||||
#define FMTi64(fmt) "%" fmt PRIi64
|
||||
|
||||
#define STDx64 "%" PRIx64
|
||||
#define CSVx64 STDx64 ","
|
||||
#define FMTx64(fmt) "%" fmt PRIx64
|
||||
|
||||
#ifndef UINT8_MAX
|
||||
# define UINT8_MAX 0xff
|
||||
#endif
|
||||
|
@ -177,8 +181,36 @@ typedef unsigned int uintptr_t;
|
|||
# define PATH_MAX 4096
|
||||
#endif
|
||||
|
||||
#define MAXPORTS 65536
|
||||
#define MAXPORTS_STORAGE 8192
|
||||
/* utilities */
|
||||
#ifndef boolean
|
||||
#ifndef HAVE_BOOLEAN
|
||||
typedef unsigned char boolean;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef TRUE
|
||||
# define TRUE 1
|
||||
#endif
|
||||
|
||||
#ifndef FALSE
|
||||
# define FALSE 0
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_STDBOOL_H
|
||||
# include <stdbool.h>
|
||||
#else
|
||||
# ifndef HAVE__BOOL
|
||||
# ifdef __cplusplus
|
||||
typedef bool _Bool;
|
||||
# else
|
||||
# define _Bool signed char
|
||||
# endif
|
||||
# endif
|
||||
# define bool _Bool
|
||||
# define false 0
|
||||
# define true 1
|
||||
# define __bool_true_false_are_defined 1
|
||||
#endif
|
||||
|
||||
#endif /* __SF_TYPES_H__ */
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
** Copyright (C) 1998-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 1998-2013 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,7 +15,7 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -37,7 +38,7 @@ vartable_t * sfvt_alloc_table(void);
|
|||
void sfvt_free_table(vartable_t *table);
|
||||
|
||||
/* Adds the variable described by "str" to the table "table" */
|
||||
SFIP_RET sfvt_add_str(vartable_t *table, char *str);
|
||||
SFIP_RET sfvt_add_str(vartable_t *table, char *str, sfip_var_t **);
|
||||
SFIP_RET sfvt_define(vartable_t *table, char *name, char *value);
|
||||
|
||||
/* Adds the variable described by "str" to the variable "dst",
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
/*
|
||||
**
|
||||
** sfcontrol.c
|
||||
**
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2002-2013 Sourcefire, Inc.
|
||||
** Author(s): Ron Dempster <rdempster@sourcefire.com>
|
||||
**
|
||||
** NOTES
|
||||
** 5.16.11 - Initial Source Code. Dempster
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU General Public License for more details.
|
||||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
**
|
||||
*/
|
||||
|
||||
#ifndef __SF_CONTROL_H__
|
||||
#define __SF_CONTROL_H__
|
||||
|
||||
#define CONTROL_FILE "SNORT.sock"
|
||||
|
||||
#define CS_TYPE_HUP_DAQ 0x0001
|
||||
#define CS_TYPE_RELOAD 0x0002
|
||||
#define CS_TYPE_IS_PROCESSING 0x0003
|
||||
#define CS_TYPE_DUMP_PACKETS 0x0004
|
||||
#define CS_TYPE_MAX 0x1FFF
|
||||
#define CS_HEADER_VERSION 0x0001
|
||||
#define CS_HEADER_SUCCESS 0x0000
|
||||
#define CS_HEADER_ERROR 0x0001
|
||||
#define CS_HEADER_DATA 0x0009
|
||||
|
||||
#pragma pack(1)
|
||||
typedef struct _CS_MESSAGE_DATA_HEADER
|
||||
{
|
||||
/* All values must be in network byte order */
|
||||
int32_t code;
|
||||
uint16_t length; /* Data length. Does not include this header */
|
||||
} CSMessageDataHeader;
|
||||
#pragma pack()
|
||||
|
||||
typedef struct _CS_MESSAGE_HEADER
|
||||
{
|
||||
/* All values must be in network byte order */
|
||||
uint16_t version;
|
||||
uint16_t type;
|
||||
uint32_t length; /* Does not include the header */
|
||||
} CSMessageHeader;
|
||||
|
||||
struct _THREAD_ELEMENT;
|
||||
typedef int (*ControlDataSendFunc)(struct _THREAD_ELEMENT *te, const uint8_t *data, uint16_t length);
|
||||
typedef int (*OOBPreControlFunc)(uint16_t type, const uint8_t *data, uint32_t length, void **new_context, char *statusBuf, int statusBuf_len);
|
||||
typedef int (*IBControlFunc)(uint16_t type, void *new_context, void **old_context);
|
||||
typedef void (*OOBPostControlFunc)(uint16_t type, void *old_context, struct _THREAD_ELEMENT *te, ControlDataSendFunc f);
|
||||
|
||||
#endif
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2003-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2003-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -15,7 +16,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -46,8 +47,8 @@
|
|||
#define SFGHASH_OK 0
|
||||
#define SFGHASH_INTABLE 1
|
||||
|
||||
/*
|
||||
* Flags for ghash_new: userkeys
|
||||
/*
|
||||
* Flags for ghash_new: userkeys
|
||||
*/
|
||||
#define GH_COPYKEYS 0
|
||||
#define GH_USERKEYS 1
|
||||
|
@ -59,9 +60,9 @@ typedef struct _sfghash_node
|
|||
{
|
||||
struct _sfghash_node * next, * prev;
|
||||
|
||||
void * key; /* Copy of, or Pointer to, the Users key */
|
||||
void * data; /* Pointer to the users data, this is never copied! */
|
||||
|
||||
const void * key; /* Copy of, or Pointer to, the Users key */
|
||||
void *data; /* The users data, this is never copied! */
|
||||
|
||||
} SFGHASH_NODE;
|
||||
|
||||
/*
|
||||
|
@ -78,10 +79,10 @@ typedef struct _sfghash
|
|||
|
||||
unsigned count; /* total # nodes in table */
|
||||
|
||||
void (*userfree)( void * );
|
||||
void (*userfree)( void * );
|
||||
|
||||
int crow; /* findfirst/next row in table */
|
||||
SFGHASH_NODE * cnode; /* findfirst/next node ptr */
|
||||
int crow; /* findfirst/next row in table */
|
||||
SFGHASH_NODE * cnode; /* findfirst/next node ptr */
|
||||
|
||||
int splay;
|
||||
|
||||
|
@ -93,14 +94,14 @@ typedef struct _sfghash
|
|||
*/
|
||||
SFGHASH * sfghash_new( int nrows, int keysize, int userkeys, void (*userfree)(void*p) );
|
||||
void sfghash_delete( SFGHASH * h );
|
||||
int sfghash_add ( SFGHASH * h, void * key, void * data );
|
||||
int sfghash_remove( SFGHASH * h, void * key);
|
||||
int sfghash_add( SFGHASH * t, const void * const key, void * const data );
|
||||
int sfghash_remove( SFGHASH * h, const void * const key);
|
||||
int sfghash_count( SFGHASH * h);
|
||||
void * sfghash_find( SFGHASH * h, void * key );
|
||||
void * sfghash_find( SFGHASH * h, const void * const key );
|
||||
SFGHASH_NODE * sfghash_find_node( SFGHASH * t, const void * const key);
|
||||
int sfghash_find2(SFGHASH *, void *, void **);
|
||||
SFGHASH_NODE * sfghash_findfirst( SFGHASH * h );
|
||||
SFGHASH_NODE * sfghash_findnext ( SFGHASH * h );
|
||||
void sfghash_splaymode( SFGHASH * t, int n );
|
||||
|
||||
int sfghash_set_keyops( SFGHASH *h ,
|
||||
unsigned (*hash_fcn)( SFHASHFCN * p,
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2003-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2003-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -15,7 +16,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2006-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2006-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -15,7 +16,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -25,57 +26,57 @@
|
|||
* @date Thu July 20 10:16:26 EDT 2006
|
||||
*
|
||||
* Route implements two different routing table lookup mechanisms. The table
|
||||
* lookups have been adapted to return a void pointer so any information can
|
||||
* be associated with each CIDR block.
|
||||
* lookups have been adapted to return a void pointer so any information can
|
||||
* be associated with each CIDR block.
|
||||
*
|
||||
* As of this writing, the two methods used are Stefan Nilsson and Gunnar
|
||||
* Karlsson's LC-trie, and a multibit-trie method similar to Gupta et-al.'s
|
||||
* DIR-n-m. Presently, the LC-trie is used primarily for testing purposes as
|
||||
* As of this writing, the two methods used are Stefan Nilsson and Gunnar
|
||||
* Karlsson's LC-trie, and a multibit-trie method similar to Gupta et-al.'s
|
||||
* DIR-n-m. Presently, the LC-trie is used primarily for testing purposes as
|
||||
* the current implementation does not allow for fast dynamic inserts.
|
||||
*
|
||||
* The intended use is for a user to optionally specify large IP blocks and
|
||||
* then more specific information will be written into the routing tables
|
||||
* The intended use is for a user to optionally specify large IP blocks and
|
||||
* then more specific information will be written into the routing tables
|
||||
* from RNA. Ideally, information will only move from less specific to more
|
||||
* specific. If a more general information is to overwrite existing entries,
|
||||
* the table should be free'ed and rebuilt.
|
||||
*
|
||||
*
|
||||
*
|
||||
* Implementation:
|
||||
*
|
||||
* The routing tables associate an index into a "data" table with each CIDR.
|
||||
* Each entry in the data table stores a pointer to actual data. This
|
||||
* implementation was chosen so each routing entry only needs one word to
|
||||
* either index the data array, or point to another table.
|
||||
* The routing tables associate an index into a "data" table with each CIDR.
|
||||
* Each entry in the data table stores a pointer to actual data. This
|
||||
* implementation was chosen so each routing entry only needs one word to
|
||||
* either index the data array, or point to another table.
|
||||
*
|
||||
* Inserts are performed by specifying a CIDR and a pointer to its associated
|
||||
* data. Since a new routing table entry may overwrite previous entries,
|
||||
* data. Since a new routing table entry may overwrite previous entries,
|
||||
* a flag selects whether the insert favors the most recent or favors the most
|
||||
* specific. Favoring most specific should be the default behvior. If
|
||||
* the user wishes to overwrite routing entries with more general data, the
|
||||
* specific. Favoring most specific should be the default behvior. If
|
||||
* the user wishes to overwrite routing entries with more general data, the
|
||||
* table should be flushed, rather than using favor-most-recent.
|
||||
*
|
||||
*
|
||||
* Before modifying the routing or data tables, the insert function performs a
|
||||
* lookup on the CIDR-to-be-insertted. If no entry or an entry *of differing
|
||||
* lookup on the CIDR-to-be-insertted. If no entry or an entry *of differing
|
||||
* bit length* is found, the data is insertted into the data table, and its
|
||||
* index is used for the new routing table entry. If an entry is found that
|
||||
* is as specific as the new CIDR, the index stored points to where the new
|
||||
* index is used for the new routing table entry. If an entry is found that
|
||||
* is as specific as the new CIDR, the index stored points to where the new
|
||||
* data is written into the data table.
|
||||
*
|
||||
* If more specific CIDR blocks overwrote the data table, then the more
|
||||
*
|
||||
* If more specific CIDR blocks overwrote the data table, then the more
|
||||
* general routing table entries that were not overwritten will be referencing
|
||||
* the wrong data. Alternatively, less specific entries can only overwrite
|
||||
* existing routing table entries if favor-most-recent inserts are used.
|
||||
*
|
||||
* Because there is no quick way to clean the data-table if a user wishes to
|
||||
* use a favor-most-recent insert for more general data, the user should flush
|
||||
* the table with sfrt_free and create one anew. Alternatively, a small
|
||||
* the table with sfrt_free and create one anew. Alternatively, a small
|
||||
* memory leak occurs with the data table, as it will be storing pointers that
|
||||
* no routing table entry cares about.
|
||||
*
|
||||
*
|
||||
* The API calls that should be used are:
|
||||
* The API calls that should be used are:
|
||||
* sfrt_new - create new table
|
||||
* sfrt_insert - insert entry
|
||||
* sfrt_insert - insert entry
|
||||
* sfrt_lookup - lookup entry
|
||||
* sfrt_free - free table
|
||||
*/
|
||||
|
@ -84,6 +85,7 @@
|
|||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include "sf_types.h"
|
||||
#include "sfrt.h"
|
||||
|
||||
char *rt_error_messages[] =
|
||||
|
@ -102,9 +104,11 @@ char *rt_error_messages[] =
|
|||
#endif
|
||||
};
|
||||
|
||||
/* Create new lookup table
|
||||
* @param table_type Type of table. Uses the types enumeration in route.h
|
||||
* @param ip_type IPv4 or IPv6. Uses the types enumeration in route.h
|
||||
static inline int allocateTableIndex(table_t *table);
|
||||
|
||||
/* Create new lookup table
|
||||
* @param table_type Type of table. Uses the types enumeration in route.h
|
||||
* @param ip_type IPv4 or IPv6. Uses the types enumeration in route.h
|
||||
* @param data_size Max number of unique data entries
|
||||
*
|
||||
* Returns the new table. */
|
||||
|
@ -117,21 +121,13 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
|
|||
return NULL;
|
||||
}
|
||||
|
||||
#ifndef SUP_IP6
|
||||
/* IPv6 is not supported */
|
||||
if(ip_type == IPv6)
|
||||
{
|
||||
free(table);
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* If this limit is exceeded, there will be no way to distinguish
|
||||
* between pointers and indeces into the data table. Only
|
||||
* applies to DIR-n-m. */
|
||||
#ifdef SUPPORT_LCTRIE
|
||||
#if SIZEOF_LONG_INT == 8
|
||||
if(data_size >= 0x800000000000000 && table_type == LCT)
|
||||
if(data_size >= 0x800000000000000 && table_type == LCT)
|
||||
#else
|
||||
if(data_size >= 0x8000000 && table_type != LCT)
|
||||
#endif
|
||||
|
@ -152,6 +148,7 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
|
|||
|
||||
/* Maximum allowable number of stored entries */
|
||||
table->max_size = data_size;
|
||||
table->lastAllocatedIndex = 0;
|
||||
|
||||
table->data = (GENERIC*)calloc(sizeof(GENERIC) * table->max_size, 1);
|
||||
|
||||
|
@ -168,13 +165,11 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
|
|||
|
||||
/* This will point to the actual table lookup algorithm */
|
||||
table->rt = NULL;
|
||||
#ifdef SUP_IP6
|
||||
table->rt6 = NULL;
|
||||
#endif
|
||||
|
||||
/* index 0 will be used for failed lookups, so set this to 1 */
|
||||
table->num_ent = 1;
|
||||
|
||||
|
||||
switch(table_type)
|
||||
{
|
||||
#ifdef SUPPORT_LCTRIE
|
||||
|
@ -185,13 +180,16 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
|
|||
table->lookup = sfrt_lct_lookup;
|
||||
table->free = sfrt_lct_free;
|
||||
table->usage = sfrt_lct_usage;
|
||||
table->print = NULL;
|
||||
table->remove = NULL;
|
||||
|
||||
table->rt = sfrt_lct_new(data_size);
|
||||
free(table->data);
|
||||
free(table);
|
||||
return NULL;
|
||||
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
/* Setup DIR-n-m table */
|
||||
case DIR_24_8:
|
||||
case DIR_16x2:
|
||||
|
@ -200,16 +198,16 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
|
|||
case DIR_8x4:
|
||||
case DIR_4x8:
|
||||
case DIR_2x16:
|
||||
#ifdef SUP_IP6
|
||||
case DIR_16_4x4_16x5_4x4:
|
||||
case DIR_16x7_4x4:
|
||||
case DIR_16x8:
|
||||
case DIR_8x16:
|
||||
#endif
|
||||
table->insert = sfrt_dir_insert;
|
||||
table->lookup = sfrt_dir_lookup;
|
||||
table->free = sfrt_dir_free;
|
||||
table->usage = sfrt_dir_usage;
|
||||
table->print = sfrt_dir_print;
|
||||
table->remove = sfrt_dir_remove;
|
||||
|
||||
break;
|
||||
|
||||
|
@ -237,18 +235,17 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
|
|||
case DIR_8x4:
|
||||
table->rt = sfrt_dir_new(mem_cap, 4, 8,8,8,8);
|
||||
break;
|
||||
/* There is no reason to use 4x8 except for benchmarking and
|
||||
* comparison purposes. */
|
||||
/* There is no reason to use 4x8 except for benchmarking and
|
||||
* comparison purposes. */
|
||||
case DIR_4x8:
|
||||
table->rt = sfrt_dir_new(mem_cap, 8, 4,4,4,4,4,4,4,4);
|
||||
break;
|
||||
/* There is no reason to use 2x16 except for benchmarking and
|
||||
* comparison purposes. */
|
||||
/* There is no reason to use 2x16 except for benchmarking and
|
||||
* comparison purposes. */
|
||||
case DIR_2x16:
|
||||
table->rt = sfrt_dir_new(mem_cap, 16,
|
||||
table->rt = sfrt_dir_new(mem_cap, 16,
|
||||
2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2);
|
||||
break;
|
||||
#ifdef SUP_IP6
|
||||
case DIR_16_4x4_16x5_4x4:
|
||||
table->rt = sfrt_dir_new(mem_cap, 5, 16,4,4,4,4);
|
||||
table->rt6 = sfrt_dir_new(mem_cap, 14, 16,4,4,4,4,16,16,16,16,16,4,4,4,4);
|
||||
|
@ -262,29 +259,23 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
|
|||
table->rt6 = sfrt_dir_new(mem_cap, 8, 16,16,16,16,16,16,16,16);
|
||||
break;
|
||||
case DIR_8x16:
|
||||
table->rt = sfrt_dir_new(mem_cap, 4, 8,8,8,8);
|
||||
table->rt6 = sfrt_dir_new(mem_cap, 16,
|
||||
table->rt = sfrt_dir_new(mem_cap, 4, 16,8,4,4);
|
||||
table->rt6 = sfrt_dir_new(mem_cap, 16,
|
||||
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8);
|
||||
break;
|
||||
#endif
|
||||
};
|
||||
|
||||
if(!table->rt)
|
||||
if((!table->rt) || (!table->rt6))
|
||||
{
|
||||
if (table->rt)
|
||||
table->free( table->rt );
|
||||
if (table->rt6)
|
||||
table->free( table->rt6 );
|
||||
free(table->data);
|
||||
free(table);
|
||||
return NULL;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifdef SUP_IP6
|
||||
if (!table->rt6)
|
||||
{
|
||||
table->free( table->rt );
|
||||
free(table->data);
|
||||
free(table);
|
||||
}
|
||||
#endif
|
||||
|
||||
return table;
|
||||
}
|
||||
|
||||
|
@ -315,7 +306,6 @@ void sfrt_free(table_t *table)
|
|||
table->free( table->rt );
|
||||
}
|
||||
|
||||
#ifdef SUP_IP6
|
||||
if(!table->rt6)
|
||||
{
|
||||
/* This should not have happened either */
|
||||
|
@ -324,23 +314,19 @@ void sfrt_free(table_t *table)
|
|||
{
|
||||
table->free( table->rt6 );
|
||||
}
|
||||
#endif
|
||||
|
||||
free(table);
|
||||
}
|
||||
|
||||
/* Perform a lookup on value contained in "ip" */
|
||||
GENERIC sfrt_lookup(void *adr, table_t* table)
|
||||
GENERIC sfrt_lookup(sfaddr_t* ip, table_t* table)
|
||||
{
|
||||
tuple_t tuple;
|
||||
#ifdef SUP_IP6
|
||||
sfip_t *ip;
|
||||
#else
|
||||
uint32_t ip;
|
||||
#endif
|
||||
void *rt = NULL;
|
||||
uint32_t* adr;
|
||||
int numAdrDwords;
|
||||
void *rt;
|
||||
|
||||
if(!adr)
|
||||
if(!ip)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
@ -350,35 +336,22 @@ GENERIC sfrt_lookup(void *adr, table_t* table)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
#ifdef SUP_IP6
|
||||
ip = adr;
|
||||
if (ip->family == AF_INET)
|
||||
if (sfaddr_family(ip) == AF_INET)
|
||||
{
|
||||
adr = sfaddr_get_ip4_ptr(ip);
|
||||
numAdrDwords = 1;
|
||||
rt = table->rt;
|
||||
}
|
||||
else if (ip->family == AF_INET6)
|
||||
else
|
||||
{
|
||||
adr = sfaddr_get_ip6_ptr(ip);
|
||||
numAdrDwords = 4;
|
||||
rt = table->rt6;
|
||||
}
|
||||
#else
|
||||
/* IPv6 not yet supported */
|
||||
if(table->ip_type == IPv6)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ip = *(uint32_t*)adr;
|
||||
rt = table->rt;
|
||||
#endif
|
||||
tuple = table->lookup(adr, numAdrDwords, rt);
|
||||
|
||||
if (!rt)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
tuple = table->lookup(ip, rt);
|
||||
|
||||
if(tuple.index >= table->num_ent)
|
||||
if(tuple.index >= table->max_size)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
@ -388,14 +361,41 @@ GENERIC sfrt_lookup(void *adr, table_t* table)
|
|||
|
||||
void sfrt_iterate(table_t* table, sfrt_iterator_callback userfunc)
|
||||
{
|
||||
uint32_t index;
|
||||
uint32_t index, count;
|
||||
|
||||
if (!table)
|
||||
return;
|
||||
|
||||
for (index = 0; index < table->num_ent; index++)
|
||||
for (index = 0, count = 0;
|
||||
index < table->max_size;
|
||||
index++)
|
||||
{
|
||||
if (table->data[index])
|
||||
{
|
||||
userfunc(table->data[index]);
|
||||
if (++count == table->num_ent) break;
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
void sfrt_iterate_with_snort_config(struct _SnortConfig *sc, table_t* table, sfrt_sc_iterator_callback userfunc)
|
||||
{
|
||||
uint32_t index, count;
|
||||
|
||||
if (!table)
|
||||
return;
|
||||
|
||||
for (index = 0, count = 0;
|
||||
index < table->max_size;
|
||||
index++)
|
||||
{
|
||||
if (table->data[index])
|
||||
{
|
||||
userfunc(sc, table->data[index]);
|
||||
if (++count == table->num_ent) break;
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
|
@ -403,17 +403,42 @@ void sfrt_iterate(table_t* table, sfrt_iterator_callback userfunc)
|
|||
|
||||
int sfrt_iterate2(table_t* table, sfrt_iterator_callback3 userfunc)
|
||||
{
|
||||
uint32_t index;
|
||||
uint32_t index, count;
|
||||
if (!table)
|
||||
return 0;
|
||||
|
||||
for (index = 0; index < table->num_ent; index++)
|
||||
for (index = 0, count = 0;
|
||||
index < table->max_size;
|
||||
index++)
|
||||
{
|
||||
if (table->data[index])
|
||||
{
|
||||
int ret = userfunc(table->data[index]);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
if (++count == table->num_ent) break;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int sfrt_iterate2_with_snort_config(struct _SnortConfig *sc, table_t* table, sfrt_sc_iterator_callback3 userfunc)
|
||||
{
|
||||
uint32_t index, count;
|
||||
if (!table)
|
||||
return 0;
|
||||
|
||||
for (index = 0, count = 0;
|
||||
index < table->max_size;
|
||||
index++)
|
||||
{
|
||||
if (table->data[index])
|
||||
{
|
||||
int ret = userfunc(sc, table->data[index]);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
if (++count == table->num_ent) break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -426,94 +451,80 @@ void sfrt_cleanup2(
|
|||
void *data
|
||||
)
|
||||
{
|
||||
uint32_t index;
|
||||
uint32_t index, count;
|
||||
if (!table)
|
||||
return;
|
||||
|
||||
for (index = 0; index < table->num_ent; index++)
|
||||
for (index = 0, count = 0;
|
||||
index < table->max_size;
|
||||
index++)
|
||||
{
|
||||
if (table->data[index])
|
||||
{
|
||||
cleanup_func(table->data[index], data);
|
||||
|
||||
/* cleanup_func is supposed to free memory associated with this
|
||||
* table->data[index]. Set that to NULL.
|
||||
*/
|
||||
table->data[index] = NULL;
|
||||
/* cleanup_func is supposed to free memory associated with this
|
||||
* table->data[index]. Set that to NULL.
|
||||
*/
|
||||
table->data[index] = NULL;
|
||||
if (++count == table->num_ent) break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void sfrt_cleanup(table_t* table, sfrt_iterator_callback cleanup_func)
|
||||
{
|
||||
uint32_t index;
|
||||
uint32_t index, count;
|
||||
|
||||
if (!table)
|
||||
return;
|
||||
|
||||
for (index = 0; index < table->num_ent; index++)
|
||||
for (index = 0, count = 0;
|
||||
index < table->max_size;
|
||||
index++)
|
||||
{
|
||||
if (table->data[index])
|
||||
{
|
||||
cleanup_func(table->data[index]);
|
||||
|
||||
/* cleanup_func is supposed to free memory associated with this
|
||||
* table->data[index]. Set that to NULL.
|
||||
*/
|
||||
table->data[index] = NULL;
|
||||
/* cleanup_func is supposed to free memory associated with this
|
||||
* table->data[index]. Set that to NULL.
|
||||
*/
|
||||
table->data[index] = NULL;
|
||||
|
||||
if (++count == table->num_ent) break;
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
GENERIC sfrt_search(void *adr, unsigned char len, table_t *table)
|
||||
GENERIC sfrt_search(sfaddr_t* ip, table_t *table)
|
||||
{
|
||||
#ifdef SUP_IP6
|
||||
sfip_t *ip;
|
||||
#else
|
||||
uint32_t ip;
|
||||
#endif
|
||||
tuple_t tuple;
|
||||
uint32_t* adr;
|
||||
int numAdrDwords;
|
||||
tuple_t tuple;
|
||||
void *rt = NULL;
|
||||
|
||||
if ((adr == NULL) || (table == NULL) || (len == 0))
|
||||
if ((ip == NULL) || (table == NULL))
|
||||
return NULL;
|
||||
|
||||
#ifdef SUP_IP6
|
||||
ip = adr;
|
||||
if (ip->family == AF_INET)
|
||||
if (sfaddr_family(ip) == AF_INET)
|
||||
{
|
||||
adr = sfaddr_get_ip4_ptr(ip);
|
||||
numAdrDwords = 1;
|
||||
rt = table->rt;
|
||||
}
|
||||
else if (ip->family == AF_INET6)
|
||||
else
|
||||
{
|
||||
adr = sfaddr_get_ip6_ptr(ip);
|
||||
numAdrDwords = 4;
|
||||
rt = table->rt6;
|
||||
}
|
||||
#else
|
||||
/* IPv6 not yet supported */
|
||||
if(table->ip_type == IPv6)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ip = *(uint32_t*)adr;
|
||||
rt = table->rt;
|
||||
#endif
|
||||
/* IPv6 not yet supported */
|
||||
if (table->ip_type == IPv6)
|
||||
return NULL;
|
||||
tuple = table->lookup(adr, numAdrDwords, rt);
|
||||
|
||||
if( (table->ip_type == IPv4 && len > 32) ||
|
||||
(table->ip_type == IPv6 && len > 128) )
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifdef SUP_IP6
|
||||
ip = adr;
|
||||
#else
|
||||
ip = *(uint32_t*)adr;
|
||||
#endif
|
||||
|
||||
tuple = table->lookup(ip, rt);
|
||||
|
||||
if (tuple.length != len)
|
||||
if(tuple.index >= table->max_size)
|
||||
return NULL;
|
||||
|
||||
return table->data[tuple.index];
|
||||
|
@ -521,20 +532,18 @@ GENERIC sfrt_search(void *adr, unsigned char len, table_t *table)
|
|||
|
||||
/* Insert "ip", of length "len", into "table", and have it point to "ptr" */
|
||||
/* Insert "ip", of length "len", into "table", and have it point to "ptr" */
|
||||
int sfrt_insert(void *adr, unsigned char len, GENERIC ptr,
|
||||
int sfrt_insert(sfcidr_t* ip, unsigned char len, GENERIC ptr,
|
||||
int behavior, table_t *table)
|
||||
{
|
||||
int index;
|
||||
int newIndex = 0;
|
||||
int res;
|
||||
#ifdef SUP_IP6
|
||||
sfip_t *ip;
|
||||
#else
|
||||
uint32_t ip;
|
||||
#endif
|
||||
tuple_t tuple;
|
||||
uint32_t* adr;
|
||||
int numAdrDwords;
|
||||
tuple_t tuple;
|
||||
void *rt = NULL;
|
||||
|
||||
if(!adr)
|
||||
if(!ip)
|
||||
{
|
||||
return RT_INSERT_FAILURE;
|
||||
}
|
||||
|
@ -546,20 +555,13 @@ int sfrt_insert(void *adr, unsigned char len, GENERIC ptr,
|
|||
{
|
||||
return RT_INSERT_FAILURE;
|
||||
}
|
||||
|
||||
if( (table->ip_type == IPv4 && len > 32) ||
|
||||
(table->ip_type == IPv6 && len > 128) )
|
||||
|
||||
if (len > 128)
|
||||
{
|
||||
return RT_INSERT_FAILURE;
|
||||
}
|
||||
|
||||
#ifdef SUP_IP6
|
||||
ip = adr;
|
||||
#else
|
||||
ip = *(uint32_t*)adr;
|
||||
#endif
|
||||
|
||||
/* Check if we can reuse an existing data table entry by
|
||||
/* Check if we can reuse an existing data table entry by
|
||||
* seeing if there is an existing entry with the same length. */
|
||||
/* Only perform this if the table is not an LC-trie */
|
||||
#ifdef SUPPORT_LCTRIE
|
||||
|
@ -567,24 +569,29 @@ int sfrt_insert(void *adr, unsigned char len, GENERIC ptr,
|
|||
{
|
||||
#endif
|
||||
|
||||
#ifdef SUP_IP6
|
||||
if (ip->family == AF_INET)
|
||||
if (sfaddr_family(&ip->addr) == AF_INET)
|
||||
{
|
||||
if (len < 96)
|
||||
{
|
||||
return RT_INSERT_FAILURE;
|
||||
}
|
||||
len -= 96;
|
||||
adr = sfip_get_ip4_ptr(ip);
|
||||
numAdrDwords = 1;
|
||||
rt = table->rt;
|
||||
}
|
||||
else if (ip->family == AF_INET6)
|
||||
else
|
||||
{
|
||||
adr = sfip_get_ip6_ptr(ip);
|
||||
numAdrDwords = 4;
|
||||
rt = table->rt6;
|
||||
}
|
||||
#else
|
||||
rt = table->rt;
|
||||
#endif
|
||||
if (!rt)
|
||||
{
|
||||
return RT_INSERT_FAILURE;
|
||||
}
|
||||
|
||||
tuple = table->lookup(ip, table->rt);
|
||||
tuple = table->lookup(adr, numAdrDwords, rt);
|
||||
|
||||
#ifdef SUPPORT_LCTRIE
|
||||
}
|
||||
|
@ -599,38 +606,46 @@ int sfrt_insert(void *adr, unsigned char len, GENERIC ptr,
|
|||
#endif
|
||||
if( table->num_ent >= table->max_size)
|
||||
{
|
||||
return RT_POLICY_TABLE_EXCEEDED;
|
||||
return RT_POLICY_TABLE_EXCEEDED;
|
||||
}
|
||||
|
||||
index = table->num_ent;
|
||||
table->num_ent++;
|
||||
}
|
||||
index = newIndex = allocateTableIndex(table);
|
||||
if (!index)
|
||||
return RT_POLICY_TABLE_EXCEEDED;
|
||||
}
|
||||
else
|
||||
{
|
||||
index = tuple.index;
|
||||
}
|
||||
|
||||
/* Insert value into policy table */
|
||||
table->data[ index ] = ptr;
|
||||
|
||||
/* The actual value that is looked-up is an index
|
||||
/* The actual value that is looked-up is an index
|
||||
* into the data table. */
|
||||
res = table->insert(ip, len, index, behavior, rt);
|
||||
res = table->insert(adr, numAdrDwords, len, index, behavior, rt);
|
||||
|
||||
/* Check if we ran out of memory. If so, need to decrement
|
||||
* table->num_ent */
|
||||
if(res == MEM_ALLOC_FAILURE)
|
||||
if ((res == RT_SUCCESS) && newIndex)
|
||||
{
|
||||
/* From the control flow above, it's possible table->num_ent was not
|
||||
* incremented. It should be safe to decrement here, because the only
|
||||
* time it will be incremented above is when we are potentially
|
||||
* mallocing one or more new entries (It's not incremented when we
|
||||
* overwrite an existing entry). */
|
||||
table->num_ent--;
|
||||
table->num_ent++;
|
||||
table->data[ index ] = ptr;
|
||||
}
|
||||
|
||||
|
||||
return res;
|
||||
}
|
||||
/** Pretty print table
|
||||
* Pretty print sfrt table.
|
||||
* @param table - routing table.
|
||||
*/
|
||||
void sfrt_print(table_t *table)
|
||||
{
|
||||
if(!table || !table->print )
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (table->rt)
|
||||
table->print(table->rt);
|
||||
if (table->rt6)
|
||||
table->print(table->rt6);
|
||||
}
|
||||
|
||||
uint32_t sfrt_num_entries(table_t *table)
|
||||
{
|
||||
|
@ -638,7 +653,7 @@ uint32_t sfrt_num_entries(table_t *table)
|
|||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* There is always a root node, so subtract 1 for it */
|
||||
return table->num_ent - 1;
|
||||
}
|
||||
|
@ -650,17 +665,116 @@ uint32_t sfrt_usage(table_t *table)
|
|||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
usage = table->allocated + table->usage( table->rt );
|
||||
|
||||
#ifdef SUP_IP6
|
||||
if (table->rt6)
|
||||
{
|
||||
usage += table->usage( table->rt6 );
|
||||
usage += table->usage( table->rt6 );
|
||||
}
|
||||
|
||||
return usage;
|
||||
}
|
||||
|
||||
/** Remove subnet from sfrt table.
|
||||
* Remove subnet identified by ip/len and return associated data.
|
||||
* @param ip - IP address
|
||||
* @param len - length of netmask
|
||||
* @param ptr - void ** that is set to value associated with subnet
|
||||
* @param behavior - RT_FAVOR_SPECIFIC or RT_FAVOR_TIME
|
||||
* @note - For RT_FAVOR_TIME behavior, if partial subnet is removed then table->data[x] is nulled. Any remaining entries
|
||||
* will then point to null data. This can cause hung or crosslinked data. RT_FAVOR_SPECIFIC does not have this drawback.
|
||||
* hung or crosslinked entries.
|
||||
*/
|
||||
int sfrt_remove(sfcidr_t* ip, unsigned char len, GENERIC *ptr,
|
||||
int behavior, table_t *table)
|
||||
{
|
||||
int index;
|
||||
uint32_t* adr;
|
||||
int numAdrDwords;
|
||||
void *rt = NULL;
|
||||
|
||||
if(!ip)
|
||||
{
|
||||
return RT_REMOVE_FAILURE;
|
||||
}
|
||||
|
||||
if (len == 0)
|
||||
return RT_REMOVE_FAILURE;
|
||||
|
||||
if(!table || !table->data || !table->remove || !table->lookup )
|
||||
{
|
||||
//remove operation will fail for LCT since this operation is not implemented
|
||||
return RT_REMOVE_FAILURE;
|
||||
}
|
||||
|
||||
if (len > 128)
|
||||
{
|
||||
return RT_REMOVE_FAILURE;
|
||||
}
|
||||
|
||||
#ifdef SUPPORT_LCTRIE
|
||||
if(table->table_type != LCT)
|
||||
{
|
||||
#endif
|
||||
|
||||
if (sfaddr_family(&ip->addr) == AF_INET)
|
||||
{
|
||||
if (len < 96)
|
||||
{
|
||||
return RT_REMOVE_FAILURE;
|
||||
}
|
||||
len -= 96;
|
||||
adr = sfip_get_ip4_ptr(ip);
|
||||
numAdrDwords = 1;
|
||||
rt = table->rt;
|
||||
}
|
||||
else
|
||||
{
|
||||
adr = sfip_get_ip6_ptr(ip);
|
||||
numAdrDwords = 4;
|
||||
rt = table->rt6;
|
||||
}
|
||||
|
||||
#ifdef SUPPORT_LCTRIE
|
||||
}
|
||||
#endif
|
||||
|
||||
return usage;
|
||||
/* The actual value that is looked-up is an index
|
||||
* into the data table. */
|
||||
index = table->remove(adr, numAdrDwords, len, behavior, rt);
|
||||
|
||||
/* Remove value into policy table. See TBD in function header*/
|
||||
if (index)
|
||||
{
|
||||
*ptr = table->data[ index ];
|
||||
table->data[ index ] = NULL;
|
||||
table->num_ent--;
|
||||
}
|
||||
|
||||
return RT_SUCCESS;
|
||||
}
|
||||
|
||||
/**allocate first unused index value. With delete operation, index values can be non-contiguous.
|
||||
* Index 0 is error in this function but this is valid entry in table->data that is used
|
||||
* for failure case. Calling function must check for 0 and take appropriate error action.
|
||||
*/
|
||||
static inline int allocateTableIndex(table_t *table)
|
||||
{
|
||||
uint32_t index;
|
||||
|
||||
//0 is special index for failed entries.
|
||||
for (index = table->lastAllocatedIndex+1;
|
||||
index != table->lastAllocatedIndex;
|
||||
index = (index+1) % table->max_size)
|
||||
{
|
||||
if (index && !table->data[index])
|
||||
{
|
||||
table->lastAllocatedIndex = index;
|
||||
return index;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef DEBUG_SFRT
|
||||
|
@ -678,9 +792,9 @@ int main()
|
|||
for(index=0; index<NUM_IPS; index++)
|
||||
{
|
||||
ip_list[index] = (uint32_t)rand()%NUM_IPS;
|
||||
data[index%NUM_DATA] = index%26 + 65; /* Random letter */
|
||||
data[index%NUM_DATA] = index%26 + 65; /* Random letter */
|
||||
}
|
||||
|
||||
|
||||
dir = sfrt_new(DIR_16x2, IPv4, NUM_IPS, 20);
|
||||
|
||||
if(!dir)
|
||||
|
@ -691,27 +805,27 @@ int main()
|
|||
|
||||
for(index=0; index < NUM_IPS; index++)
|
||||
{
|
||||
if(sfrt_insert(&ip_list[index], 32, &data[index%NUM_DATA],
|
||||
if(sfrt_insert(&ip_list[index], 32, &data[index%NUM_DATA],
|
||||
RT_FAVOR_SPECIFIC, dir) != RT_SUCCESS)
|
||||
{
|
||||
printf("DIR Insertion failure\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf("%d\t %x: %c -> %c\n", index, ip_list[index],
|
||||
printf("%d\t %x: %c -> %c\n", index, ip_list[index],
|
||||
data[index%NUM_DATA], *(uint32_t*)sfrt_lookup(&ip_list[index], dir));
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
for(index=0; index < NUM_IPS; index++)
|
||||
{
|
||||
val = *(uint32_t*)sfrt_lookup(&ip_list[index], dir);
|
||||
printf("\t@%d\t%x: %c. originally:\t%c\n",
|
||||
printf("\t@%d\t%x: %c. originally:\t%c\n",
|
||||
index, ip_list[index], val, data[index%NUM_DATA]);
|
||||
}
|
||||
}
|
||||
|
||||
printf("Usage: %d bytes\n", ((dir_table_t*)(dir->rt))->allocated);
|
||||
|
||||
|
||||
sfrt_free(dir);
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2006-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2006-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -15,7 +16,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -24,20 +25,20 @@
|
|||
* @author Adam Keeton <akeeton@sourcefire.com>
|
||||
* @date Thu July 20 10:16:26 EDT 2006
|
||||
*
|
||||
* SFRT implements two different routing table lookup methods that have been
|
||||
* adapted to return a void pointers. Any generic information may be
|
||||
* SFRT implements two different routing table lookup methods that have been
|
||||
* adapted to return a void pointers. Any generic information may be
|
||||
* associated with a given IP or CIDR block.
|
||||
*
|
||||
* As of this writing, the two methods used are Stefan Nilsson and Gunnar
|
||||
* Karlsson's LC-trie, and a multibit-trie method similar to Gupta et-al.'s
|
||||
* As of this writing, the two methods used are Stefan Nilsson and Gunnar
|
||||
* Karlsson's LC-trie, and a multibit-trie method similar to Gupta et-al.'s
|
||||
* DIR-n-m. Presently, the LC-trie is used for testing purposes as the
|
||||
* current implementation does not allow for fast, dynamic inserts.
|
||||
*
|
||||
* The intended use is to associate large IP blocks with specific information;
|
||||
* such as what may be written into the table by RNA.
|
||||
* such as what may be written into the table by RNA.
|
||||
*
|
||||
* NOTE: information should only move from less specific to more specific, ie:
|
||||
*
|
||||
*
|
||||
* First insert: 1.1.0.0/16 -> some data
|
||||
* Second insert: 1.1.2.3 -> some other data
|
||||
*
|
||||
|
@ -46,49 +47,49 @@
|
|||
* First insert: 1.1.2.3 -> some other data
|
||||
* Second insert: 1.1.0.0/16 -> some data
|
||||
*
|
||||
* If more general information is to overwrite existing entries, the table
|
||||
* should be free'ed and rebuilt. This is due to the difficulty of cleaning
|
||||
* If more general information is to overwrite existing entries, the table
|
||||
* should be free'ed and rebuilt. This is due to the difficulty of cleaning
|
||||
* out stale entries with the current implementation. At runtime, this won't
|
||||
* be a significant issue since inserts should apply to specific IP addresses
|
||||
* and not entire blocks of IPs.
|
||||
*
|
||||
*
|
||||
*
|
||||
* Implementation:
|
||||
*
|
||||
* The routing tables associate an index into a "data" table with each CIDR.
|
||||
* Each entry in the data table stores a pointer to actual data. This
|
||||
* implementation was chosen so each routing entry only needs one word to
|
||||
* either index the data array, or point to another table.
|
||||
*
|
||||
* The routing tables associate an index into a "data" table with each CIDR.
|
||||
* Each entry in the data table stores a pointer to actual data. This
|
||||
* implementation was chosen so each routing entry only needs one word to
|
||||
* either index the data array, or point to another table.
|
||||
*
|
||||
* Inserts are performed by specifying a CIDR and a pointer to its associated
|
||||
* data. Since a new routing table entry may overwrite previous entries,
|
||||
* data. Since a new routing table entry may overwrite previous entries,
|
||||
* a flag selects whether the insert favors the most recent or favors the most
|
||||
* specific. Favoring most specific should be the default behvior. If
|
||||
* the user wishes to overwrite routing entries with more general data, the
|
||||
* specific. Favoring most specific should be the default behvior. If
|
||||
* the user wishes to overwrite routing entries with more general data, the
|
||||
* table should be flushed, rather than using favor-most-recent.
|
||||
*
|
||||
*
|
||||
* Before modifying the routing or data tables, the insert function performs a
|
||||
* lookup on the CIDR-to-be-insertted. If no entry or an entry *of differing
|
||||
* lookup on the CIDR-to-be-insertted. If no entry or an entry *of differing
|
||||
* bit length* is found, the data is insertted into the data table, and its
|
||||
* index is used for the new routing table entry. If an entry is found that
|
||||
* is as specific as the new CIDR, the index stored points to where the new
|
||||
* index is used for the new routing table entry. If an entry is found that
|
||||
* is as specific as the new CIDR, the index stored points to where the new
|
||||
* data is written into the data table.
|
||||
*
|
||||
* If more specific CIDR blocks overwrote the data table, then the more
|
||||
*
|
||||
* If more specific CIDR blocks overwrote the data table, then the more
|
||||
* general routing table entries that were not overwritten will be referencing
|
||||
* the wrong data. Alternatively, less specific entries can only overwrite
|
||||
* existing routing table entries if favor-most-recent inserts are used.
|
||||
*
|
||||
* Because there is no quick way to clean the data-table if a user wishes to
|
||||
* use a favor-most-recent insert for more general data, the user should flush
|
||||
* the table with sfrt_free and create one anew. Alternatively, a small
|
||||
* the table with sfrt_free and create one anew. Alternatively, a small
|
||||
* memory leak occurs with the data table, as it will be storing pointers that
|
||||
* no routing table entry cares about.
|
||||
*
|
||||
*
|
||||
* The API calls that should be used are:
|
||||
* The API calls that should be used are:
|
||||
* sfrt_new - create new table
|
||||
* sfrt_insert - insert entry
|
||||
* sfrt_insert - insert entry
|
||||
* sfrt_lookup - lookup entry
|
||||
* sfrt_free - free table
|
||||
*/
|
||||
|
@ -96,21 +97,13 @@
|
|||
#ifndef _SFRT_H_
|
||||
#define _SFRT_H_
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <sys/types.h>
|
||||
#include "sfrt_trie.h"
|
||||
#include "debug.h"
|
||||
#include "snort_debug.h"
|
||||
#include "ipv6_port.h"
|
||||
|
||||
#ifdef SUP_IP6
|
||||
typedef sfip_t *IP;
|
||||
#else
|
||||
typedef uint32_t IP;
|
||||
#endif
|
||||
typedef sfcidr_t *IP;
|
||||
typedef void* GENERIC; /* To be replaced with a pointer to a policy */
|
||||
typedef struct
|
||||
{
|
||||
|
@ -120,7 +113,7 @@ typedef struct
|
|||
|
||||
|
||||
#include "sfrt_dir.h"
|
||||
/* #define SUPPORT_LCTRIE */
|
||||
/*#define SUPPORT_LCTRIE */
|
||||
#ifdef SUPPORT_LCTRIE
|
||||
#include "sfrt_lctrie.h"
|
||||
#endif
|
||||
|
@ -137,12 +130,10 @@ enum types
|
|||
DIR_8x4,
|
||||
DIR_4x8,
|
||||
DIR_2x16,
|
||||
#ifdef SUP_IP6
|
||||
DIR_16_4x4_16x5_4x4,
|
||||
DIR_16x7_4x4,
|
||||
DIR_16x8,
|
||||
DIR_8x16,
|
||||
#endif
|
||||
IPv4,
|
||||
IPv6
|
||||
};
|
||||
|
@ -154,13 +145,13 @@ enum return_codes
|
|||
RT_POLICY_TABLE_EXCEEDED,
|
||||
DIR_INSERT_FAILURE,
|
||||
DIR_LOOKUP_FAILURE,
|
||||
MEM_ALLOC_FAILURE
|
||||
MEM_ALLOC_FAILURE,
|
||||
#ifdef SUPPORT_LCTRIE
|
||||
,
|
||||
LCT_COMPILE_FAILURE,
|
||||
LCT_INSERT_FAILURE,
|
||||
LCT_LOOKUP_FAILURE
|
||||
LCT_LOOKUP_FAILURE,
|
||||
#endif
|
||||
RT_REMOVE_FAILURE
|
||||
};
|
||||
|
||||
/* Defined in sfrt.c */
|
||||
|
@ -169,7 +160,8 @@ extern char *rt_error_messages[];
|
|||
enum
|
||||
{
|
||||
RT_FAVOR_TIME,
|
||||
RT_FAVOR_SPECIFIC
|
||||
RT_FAVOR_SPECIFIC,
|
||||
RT_FAVOR_ALL
|
||||
};
|
||||
|
||||
/*******************************************************************/
|
||||
|
@ -179,38 +171,112 @@ typedef struct
|
|||
GENERIC *data; /* data table. Each IP points to an entry here */
|
||||
uint32_t num_ent; /* Number of entries in the policy table */
|
||||
uint32_t max_size; /* Max size of policies array */
|
||||
uint32_t lastAllocatedIndex; /* Index allocated last. Search for unused index
|
||||
starts from this value and then wraps around at max_size.*/
|
||||
char ip_type; /* Only IPs of this family will be used */
|
||||
char table_type;
|
||||
char table_type;
|
||||
uint32_t allocated;
|
||||
|
||||
void *rt; /* Actual "routing" table */
|
||||
#ifdef SUP_IP6
|
||||
void *rt6; /* Actual "routing" table */
|
||||
#endif
|
||||
|
||||
tuple_t (*lookup)(IP ip, GENERIC);
|
||||
int (*insert)(IP ip, int len, word index, int behavior, GENERIC);
|
||||
void (*free)(void *);
|
||||
uint32_t (*usage)(void *);
|
||||
tuple_t (*lookup)(uint32_t* adr, int numAdrDwords, GENERIC tbl);
|
||||
int (*insert)(uint32_t* adr, int numAdrDwords, int len, word index, int behavior, GENERIC tbl);
|
||||
void (*free)(GENERIC tbl);
|
||||
uint32_t (*usage)(GENERIC tbl);
|
||||
void (*print)(GENERIC tbl);
|
||||
word (*remove)(uint32_t* adr, int numAdrDwords, int len, int behavior, GENERIC tbl);
|
||||
} table_t;
|
||||
/*******************************************************************/
|
||||
|
||||
/* Abstracted routing table API */
|
||||
table_t * sfrt_new(char type, char ip_type, long data_size, uint32_t mem_cap);
|
||||
void sfrt_free(table_t *table);
|
||||
GENERIC sfrt_lookup(void *adr, table_t* table);
|
||||
GENERIC sfrt_search(void *adr, unsigned char len, table_t *table);
|
||||
GENERIC sfrt_lookup(sfaddr_t* ip, table_t* table);
|
||||
GENERIC sfrt_search(sfaddr_t* ip, table_t *table);
|
||||
typedef void (*sfrt_iterator_callback)(void *);
|
||||
struct _SnortConfig;
|
||||
typedef void (*sfrt_sc_iterator_callback)(struct _SnortConfig *, void *);
|
||||
typedef int (*sfrt_sc_iterator_callback3)(struct _SnortConfig *, void *);
|
||||
typedef void (*sfrt_iterator_callback2)(void *, void *);
|
||||
typedef int (*sfrt_iterator_callback3)(void *);
|
||||
void sfrt_iterate(table_t* table, sfrt_iterator_callback userfunc);
|
||||
void sfrt_iterate_with_snort_config(struct _SnortConfig *sc, table_t* table, sfrt_sc_iterator_callback userfunc);
|
||||
int sfrt_iterate2(table_t* table, sfrt_iterator_callback3 userfunc);
|
||||
int sfrt_iterate2_with_snort_config(struct _SnortConfig *sc, table_t* table, sfrt_sc_iterator_callback3 userfunc);
|
||||
void sfrt_cleanup(table_t* table, sfrt_iterator_callback userfunc);
|
||||
void sfrt_cleanup2(table_t*, sfrt_iterator_callback2, void *);
|
||||
int sfrt_insert(void *adr, unsigned char len, GENERIC ptr,
|
||||
int sfrt_insert(sfcidr_t* ip, unsigned char len, GENERIC ptr,
|
||||
int behavior, table_t *table);
|
||||
int sfrt_remove(sfcidr_t* ip, unsigned char len, GENERIC *ptr,
|
||||
int behavior, table_t *table);
|
||||
uint32_t sfrt_usage(table_t *table);
|
||||
void sfrt_print(table_t *table);
|
||||
uint32_t sfrt_num_entries(table_t *table);
|
||||
|
||||
/* Perform a lookup on value contained in "ip"
|
||||
* For performance reason, we use this simplified version instead of sfrt_lookup
|
||||
* Note: this only applied to table setting: DIR_8x16 (DIR_16_8_4x2 for IPV4), DIR_8x4*/
|
||||
static inline GENERIC sfrt_dir8x_lookup(sfaddr_t *ip, table_t* table)
|
||||
{
|
||||
dir_sub_table_t *subtable;
|
||||
int i;
|
||||
void *rt = NULL;
|
||||
int index;
|
||||
|
||||
if (sfaddr_family(ip) == AF_INET)
|
||||
{
|
||||
rt = table->rt;
|
||||
subtable = ((dir_table_t *)rt)->sub_table;
|
||||
/* 16 bits*/
|
||||
index = ntohs(ip->ia16[6]);
|
||||
if( !subtable->entries[index] || subtable->lengths[index] )
|
||||
{
|
||||
return table->data[subtable->entries[index]];
|
||||
}
|
||||
subtable = (dir_sub_table_t *) subtable->entries[index];
|
||||
|
||||
/* 8 bits*/
|
||||
index = ip->ia8[14];
|
||||
if( !subtable->entries[index] || subtable->lengths[index] )
|
||||
{
|
||||
return table->data[subtable->entries[index]];
|
||||
}
|
||||
subtable = (dir_sub_table_t *) subtable->entries[index];
|
||||
|
||||
/* 4 bits */
|
||||
index = ip->ia8[15] >> 4;
|
||||
if( !subtable->entries[index] || subtable->lengths[index] )
|
||||
{
|
||||
return table->data[subtable->entries[index]];
|
||||
}
|
||||
subtable = (dir_sub_table_t *) subtable->entries[index];
|
||||
|
||||
/* 4 bits */
|
||||
index = ip->ia8[15] & 0xF;
|
||||
if( !subtable->entries[index] || subtable->lengths[index] )
|
||||
{
|
||||
return table->data[subtable->entries[index]];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
rt = table->rt6;
|
||||
subtable = ((dir_table_t *)rt)->sub_table;
|
||||
for (i = 0; i < 16; i++)
|
||||
{
|
||||
index = ip->ia8[i];
|
||||
if( !subtable->entries[index] || subtable->lengths[index] )
|
||||
{
|
||||
return table->data[subtable->entries[index]];
|
||||
}
|
||||
subtable = (dir_sub_table_t *) subtable->entries[index];
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2006-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2006-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -15,7 +16,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -24,7 +25,7 @@
|
|||
* @author Adam Keeton <akeeton@sourcefire.com>
|
||||
* @date Thu July 20 10:16:26 EDT 2006
|
||||
*
|
||||
* The implementation uses an multibit-trie that is similar to Gupta et-al's
|
||||
* The implementation uses an multibit-trie that is similar to Gupta et-al's
|
||||
* DIR-n-m.
|
||||
*/
|
||||
|
||||
|
@ -35,39 +36,30 @@
|
|||
#include <stdarg.h> /* For variadic */
|
||||
#include <stdio.h>
|
||||
#include <string.h> /* For memset */
|
||||
#include "sf_types.h"
|
||||
#include "sfrt.h"
|
||||
#include "sfrt_dir.h"
|
||||
|
||||
#if SIZEOF_UNSIGNED_LONG_INT == 8
|
||||
#define ARCH_WIDTH 64
|
||||
#else
|
||||
#define ARCH_WIDTH 32
|
||||
#endif
|
||||
|
||||
#ifdef SUP_IP6
|
||||
typedef struct {
|
||||
IP ip;
|
||||
uint32_t* adr;
|
||||
int bits;
|
||||
} IPLOOKUP;
|
||||
#else
|
||||
typedef IP IPLOOKUP;
|
||||
#endif
|
||||
|
||||
/* Create new "sub" table of 2^width entries */
|
||||
static dir_sub_table_t *_sub_table_new(dir_table_t *root, uint32_t dimension,
|
||||
static dir_sub_table_t *_sub_table_new(dir_table_t *root, uint32_t dimension,
|
||||
uint32_t prefill, uint32_t bit_length)
|
||||
{
|
||||
|
||||
int width = root->dimensions[dimension];
|
||||
int width = root->dimensions[dimension];
|
||||
int len = 1 << width;
|
||||
int index;
|
||||
dir_sub_table_t *sub;
|
||||
|
||||
/* Check if creating this node will exceed the memory cap.
|
||||
* The symbols in the conditional (other than cap), come from the
|
||||
* The symbols in the conditional (other than cap), come from the
|
||||
* allocs below. */
|
||||
if( root->mem_cap < ( root->allocated +
|
||||
sizeof(dir_sub_table_t) +
|
||||
if( root->mem_cap < ( root->allocated +
|
||||
sizeof(dir_sub_table_t) +
|
||||
sizeof(word) * len + len ) ||
|
||||
bit_length > 128)
|
||||
{
|
||||
|
@ -99,9 +91,9 @@ static dir_sub_table_t *_sub_table_new(dir_table_t *root, uint32_t dimension,
|
|||
|
||||
/* A "length" needs to be stored with each entry above. The length refers
|
||||
* to how specific the insertion that set the entry was. It is necessary
|
||||
* so that the entry is not overwritten by less general routing
|
||||
* so that the entry is not overwritten by less general routing
|
||||
* information if "RT_FAVOR_SPECIFIC" insertions are being performed. */
|
||||
sub->lengths = (char*)malloc(sub->num_entries);
|
||||
sub->lengths = (uint8_t*)malloc(sub->num_entries);
|
||||
|
||||
if(!sub->lengths)
|
||||
{
|
||||
|
@ -114,12 +106,17 @@ static dir_sub_table_t *_sub_table_new(dir_table_t *root, uint32_t dimension,
|
|||
for(index = 0; index < sub->num_entries; index++)
|
||||
{
|
||||
sub->entries[index] = prefill;
|
||||
sub->lengths[index] = (char)bit_length;
|
||||
sub->lengths[index] = (uint8_t)bit_length;
|
||||
}
|
||||
|
||||
sub->cur_num = 0;
|
||||
|
||||
root->allocated += sizeof(dir_sub_table_t) + sizeof(word) * sub->num_entries;
|
||||
if (prefill)
|
||||
sub->filledEntries = sub->num_entries;
|
||||
else
|
||||
sub->filledEntries = 0;
|
||||
|
||||
root->allocated += sizeof(dir_sub_table_t) + sizeof(word) * sub->num_entries + sub->num_entries;
|
||||
|
||||
root->cur_num++;
|
||||
|
||||
|
@ -189,7 +186,7 @@ static void _sub_table_free(uint32_t *allocated, dir_sub_table_t *sub)
|
|||
|
||||
for(index=0; index < sub->num_entries; index++)
|
||||
{
|
||||
/* The following condition will only be true if
|
||||
/* The following condition will only be true if
|
||||
* this entry is a pointer */
|
||||
if( !sub->lengths[index] && sub->entries[index] )
|
||||
{
|
||||
|
@ -199,7 +196,7 @@ static void _sub_table_free(uint32_t *allocated, dir_sub_table_t *sub)
|
|||
|
||||
if(sub->entries)
|
||||
{
|
||||
/* This probably does not need to be checked
|
||||
/* This probably does not need to be checked
|
||||
* since if it was not allocated, we would have errored out
|
||||
* in _sub_table_new */
|
||||
free(sub->entries);
|
||||
|
@ -209,7 +206,7 @@ static void _sub_table_free(uint32_t *allocated, dir_sub_table_t *sub)
|
|||
|
||||
if(sub->lengths)
|
||||
{
|
||||
/* This probably does not need to be checked
|
||||
/* This probably does not need to be checked
|
||||
* since if it was not allocated, we would have errored out
|
||||
* in _sub_table_new */
|
||||
free(sub->lengths);
|
||||
|
@ -234,7 +231,7 @@ void sfrt_dir_free(void *tbl)
|
|||
|
||||
if(table->sub_table)
|
||||
{
|
||||
_sub_table_free(&table->allocated, table->sub_table);
|
||||
_sub_table_free(&table->allocated, table->sub_table);
|
||||
}
|
||||
|
||||
if(table->dimensions)
|
||||
|
@ -245,7 +242,7 @@ void sfrt_dir_free(void *tbl)
|
|||
free(table);
|
||||
}
|
||||
|
||||
static INLINE void _dir_fill_all(uint32_t *allocated, uint32_t index, uint32_t fill,
|
||||
static inline void _dir_fill_all(uint32_t *allocated, uint32_t index, uint32_t fill,
|
||||
word length, uint32_t val, dir_sub_table_t *table)
|
||||
{
|
||||
|
||||
|
@ -254,25 +251,32 @@ static INLINE void _dir_fill_all(uint32_t *allocated, uint32_t index, uint32_t f
|
|||
{
|
||||
/* Before overwriting this entry, verify there's not an existing
|
||||
* pointer ... otherwise free it to avoid a huge memory leak. */
|
||||
if( table->entries[index] && !table->lengths[index])
|
||||
if(table->entries[index])
|
||||
{
|
||||
_sub_table_free(allocated, (dir_sub_table_t*)table->entries[index]);
|
||||
if (!table->lengths[index])
|
||||
{
|
||||
_sub_table_free(allocated, (dir_sub_table_t*)table->entries[index]);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
table->filledEntries++;
|
||||
}
|
||||
|
||||
table->entries[index] = val;
|
||||
table->lengths[index] = (char)length;
|
||||
table->lengths[index] = (uint8_t)length;
|
||||
}
|
||||
}
|
||||
|
||||
static INLINE void _dir_fill_less_specific(int index, int fill,
|
||||
static inline void _dir_fill_less_specific(int index, int fill,
|
||||
word length, uint32_t val, dir_sub_table_t *table)
|
||||
{
|
||||
|
||||
/* Fill entries */
|
||||
for(; index < fill; index++)
|
||||
{
|
||||
/* If we encounter a pointer, and we're inserting at this level, we
|
||||
* automatically know that this entry refers to more specific
|
||||
/* If we encounter a pointer, and we're inserting at this level, we
|
||||
* automatically know that this entry refers to more specific
|
||||
* information. However, there might only be one more specific entry
|
||||
* in the entire block, meaning the rest must be filled.
|
||||
*
|
||||
|
@ -285,79 +289,153 @@ static INLINE void _dir_fill_less_specific(int index, int fill,
|
|||
|
||||
if( !table->lengths[index] && table->entries[index])
|
||||
{
|
||||
dir_sub_table_t *next = (dir_sub_table_t*)table->entries[index];
|
||||
dir_sub_table_t *next = (dir_sub_table_t*)table->entries[index];
|
||||
_dir_fill_less_specific(0, 1 << next->width, length, val, next);
|
||||
}
|
||||
else if(length >= (word)table->lengths[index])
|
||||
{
|
||||
if (!table->entries[index])
|
||||
{
|
||||
table->filledEntries++;
|
||||
}
|
||||
table->entries[index] = val;
|
||||
table->lengths[index] = (char)length;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*Remove entries all this level and discard any more specific entries.
|
||||
*
|
||||
* @note RT_FAVOR_TIME behavior can cause hung or crosslinked entries if part of a subnet
|
||||
* (which was added) are deleted. Same issue is there when a more general subnet overwrites
|
||||
* a specific subnet. table->data[] entry for more specific subnet is not cleared.
|
||||
*
|
||||
* @note RT_FAVOR_TIME can cause orphaned table->data[] entries if the entire subnet
|
||||
* is replaced by more specific sudnets.
|
||||
*/
|
||||
static inline uint32_t _dir_remove_all(uint32_t *allocated, uint32_t index, uint32_t fill,
|
||||
word length, dir_sub_table_t *table)
|
||||
{
|
||||
uint32_t valueIndex = 0;
|
||||
|
||||
/* Fill entries */
|
||||
for(; index < fill; index++)
|
||||
{
|
||||
/* Before overwriting this entry, verify there's not an existing
|
||||
* pointer ... otherwise free it to avoid a huge memory leak. */
|
||||
if (table->entries[index])
|
||||
{
|
||||
if (!table->lengths[index])
|
||||
{
|
||||
_sub_table_free(allocated, (dir_sub_table_t*)table->entries[index]);
|
||||
}
|
||||
|
||||
if(length == (word)table->lengths[index])
|
||||
{
|
||||
valueIndex = table->entries[index];
|
||||
}
|
||||
|
||||
table->filledEntries--;
|
||||
|
||||
//zero value here works since sfrt uses 0 for failed entries.
|
||||
table->entries[index] = 0;
|
||||
table->lengths[index] = 0;
|
||||
}
|
||||
}
|
||||
|
||||
return valueIndex;
|
||||
}
|
||||
|
||||
/**Remove entries which match in address/length in all subtables.
|
||||
* @note RT_FAVOR_SPECIFIC can cause orphaned table->data[] entries if the entire subnet
|
||||
* is replaced by more specific subnets.
|
||||
*/
|
||||
static inline uint32_t _dir_remove_less_specific(uint32_t *allocated, int index, int fill,
|
||||
word length, dir_sub_table_t *table)
|
||||
{
|
||||
uint32_t valueIndexRet = 0;
|
||||
uint32_t valueIndex = 0;
|
||||
|
||||
for(; index < fill; index++)
|
||||
{
|
||||
if( !table->lengths[index] && table->entries[index])
|
||||
{
|
||||
dir_sub_table_t *next = (dir_sub_table_t*)table->entries[index];
|
||||
valueIndex = _dir_remove_less_specific(allocated, 0, 1 << next->width, length, next);
|
||||
if (valueIndex)
|
||||
{
|
||||
valueIndexRet = valueIndex;
|
||||
}
|
||||
|
||||
if (!next->filledEntries) //table can be collapsed.
|
||||
{
|
||||
_sub_table_free(allocated, next);
|
||||
table->entries[index] = 0;
|
||||
table->lengths[index] = 0;
|
||||
table->filledEntries--;
|
||||
|
||||
}
|
||||
}
|
||||
else if(length == (word)table->lengths[index])
|
||||
{
|
||||
if (table->entries[index])
|
||||
{
|
||||
table->filledEntries--;
|
||||
valueIndexRet = table->entries[index];
|
||||
}
|
||||
table->entries[index] = 0;
|
||||
table->lengths[index] = 0;
|
||||
}
|
||||
}
|
||||
|
||||
return valueIndexRet;
|
||||
}
|
||||
|
||||
/* Sub table insertion
|
||||
* This is called by dir_insert and recursively to find the the sub table
|
||||
* that should house the value "ptr"
|
||||
* @param ip IP address structure
|
||||
* @param cur_len Number of bits of the IP left at this depth
|
||||
* @param length Number of bits of the IP used to specify this CIDR
|
||||
* @param length Number of bits of the IP used to specify this CIDR
|
||||
* @param ptr Information to be associated with this IP range
|
||||
* @param master_table The table that describes all, returned by dir_new */
|
||||
static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
|
||||
int current_depth, int behavior,
|
||||
static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
|
||||
int current_depth, int behavior,
|
||||
dir_sub_table_t *sub_table, dir_table_t *root_table)
|
||||
{
|
||||
|
||||
word index;
|
||||
uint32_t fill;
|
||||
#ifdef SUP_IP6
|
||||
{
|
||||
uint32_t local_index, i;
|
||||
/* need to handle bits usage across multiple 32bit vals within IPv6. */
|
||||
if (ip->ip->family == AF_INET)
|
||||
if (ip->bits < 32 )
|
||||
{
|
||||
i=0;
|
||||
}
|
||||
else if (ip->ip->family == AF_INET6)
|
||||
else if (ip->bits < 64)
|
||||
{
|
||||
if (ip->bits < 32 )
|
||||
{
|
||||
i=0;
|
||||
}
|
||||
else if (ip->bits < 64)
|
||||
{
|
||||
i=1;
|
||||
}
|
||||
else if (ip->bits < 96)
|
||||
{
|
||||
i=2;
|
||||
}
|
||||
else
|
||||
{
|
||||
i=3;
|
||||
}
|
||||
i=1;
|
||||
}
|
||||
else if (ip->bits < 96)
|
||||
{
|
||||
i=2;
|
||||
}
|
||||
else
|
||||
{
|
||||
return RT_INSERT_FAILURE;
|
||||
i=3;
|
||||
}
|
||||
local_index = ip->ip->ip32[i] << (ip->bits %32);
|
||||
index = local_index >> (ARCH_WIDTH - sub_table->width);
|
||||
local_index = ip->adr[i] << (ip->bits %32);
|
||||
index = local_index >> (sizeof(local_index)*8 - sub_table->width);
|
||||
}
|
||||
#else
|
||||
IPLOOKUP iplu;
|
||||
/* Index is determined by the highest 'len' bits in 'ip' */
|
||||
index = *ip >> (ARCH_WIDTH - sub_table->width);
|
||||
#endif
|
||||
|
||||
/* Check if this is the last table to traverse to */
|
||||
if(sub_table->width >= cur_len)
|
||||
{
|
||||
/* Calculate how many entries need to be filled
|
||||
/* Calculate how many entries need to be filled
|
||||
* in this table. If the table is 24 bits wide, and the entry
|
||||
* is 20 bytes long, 2^4 entries need to be filled. */
|
||||
fill = 1 << (sub_table->width - cur_len);
|
||||
fill = 1 << (sub_table->width - cur_len);
|
||||
|
||||
index = (index >> (sub_table->width - cur_len)) <<
|
||||
(sub_table->width - cur_len);
|
||||
|
@ -367,7 +445,7 @@ static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
|
|||
/* Favor most recent CIDR */
|
||||
if(behavior == RT_FAVOR_TIME)
|
||||
{
|
||||
_dir_fill_all(&root_table->allocated, index, fill, length,
|
||||
_dir_fill_all(&root_table->allocated, index, fill, length,
|
||||
(word)ptr, sub_table);
|
||||
}
|
||||
/* Fill over less specific CIDR */
|
||||
|
@ -379,10 +457,10 @@ static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
|
|||
/* Need to traverse to a sub-table */
|
||||
else
|
||||
{
|
||||
dir_sub_table_t *next_sub =
|
||||
dir_sub_table_t *next_sub =
|
||||
(dir_sub_table_t *)sub_table->entries[index];
|
||||
|
||||
/* Check if we need to alloc a new sub table.
|
||||
/* Check if we need to alloc a new sub table.
|
||||
* If next_sub was 0/NULL, there's no entry at this index
|
||||
* If the length is non-zero, there is an entry */
|
||||
if(!next_sub || sub_table->lengths[index])
|
||||
|
@ -392,10 +470,15 @@ static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
|
|||
return RT_INSERT_FAILURE;
|
||||
}
|
||||
|
||||
sub_table->entries[index] =
|
||||
(word) _sub_table_new(root_table, current_depth+1,
|
||||
sub_table->entries[index] =
|
||||
(word) _sub_table_new(root_table, current_depth+1,
|
||||
(word) next_sub, sub_table->lengths[index]);
|
||||
|
||||
if (!next_sub)
|
||||
{
|
||||
sub_table->filledEntries++;
|
||||
}
|
||||
|
||||
sub_table->cur_num++;
|
||||
|
||||
sub_table->lengths[index] = 0;
|
||||
|
@ -409,17 +492,10 @@ static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
|
|||
}
|
||||
/* Recurse to next level. Rightshift off appropriate number of
|
||||
* bits and update the length accordingly. */
|
||||
#ifdef SUP_IP6
|
||||
ip->bits += sub_table->width;
|
||||
_dir_sub_insert(ip, length,
|
||||
cur_len - sub_table->width, ptr, current_depth+1,
|
||||
behavior, next_sub, root_table);
|
||||
#else
|
||||
iplu = *ip << sub_table->width;
|
||||
_dir_sub_insert(&iplu, length,
|
||||
cur_len - sub_table->width, ptr, current_depth+1,
|
||||
behavior, next_sub, root_table);
|
||||
#endif
|
||||
return (_dir_sub_insert(ip, length,
|
||||
cur_len - sub_table->width, ptr, current_depth+1,
|
||||
behavior, next_sub, root_table));
|
||||
}
|
||||
|
||||
return RT_SUCCESS;
|
||||
|
@ -430,17 +506,14 @@ static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
|
|||
* @param len Number of bits of the IP used for lookup
|
||||
* @param ptr Information to be associated with this IP range
|
||||
* @param master_table The table that describes all, returned by dir_new */
|
||||
int sfrt_dir_insert(IP ip, int len, word data_index,
|
||||
int sfrt_dir_insert(uint32_t* adr, int numAdrDwords, int len, word data_index,
|
||||
int behavior, void *table)
|
||||
{
|
||||
dir_table_t *root = (dir_table_t*)table;
|
||||
#ifdef SUP_IP6
|
||||
uint32_t h_adr[4];
|
||||
IPLOOKUP iplu;
|
||||
iplu.ip = ip;
|
||||
iplu.adr = h_adr;
|
||||
iplu.bits = 0;
|
||||
#else
|
||||
IPLOOKUP iplu = ip;
|
||||
#endif
|
||||
|
||||
/* Validate arguments */
|
||||
if(!root || !root->sub_table)
|
||||
|
@ -448,6 +521,23 @@ int sfrt_dir_insert(IP ip, int len, word data_index,
|
|||
return DIR_INSERT_FAILURE;
|
||||
}
|
||||
|
||||
h_adr[0] = ntohl(adr[0]);
|
||||
if (len > 96)
|
||||
{
|
||||
h_adr[1] = ntohl(adr[1]);
|
||||
h_adr[2] = ntohl(adr[2]);
|
||||
h_adr[3] = ntohl(adr[3]);
|
||||
}
|
||||
else if (len > 64)
|
||||
{
|
||||
h_adr[1] = ntohl(adr[1]);
|
||||
h_adr[2] = ntohl(adr[2]);
|
||||
}
|
||||
else if (len > 32)
|
||||
{
|
||||
h_adr[1] = ntohl(adr[1]);
|
||||
}
|
||||
|
||||
/* Find the sub table in which to insert */
|
||||
return _dir_sub_insert(&iplu, len, len, (GENERIC)data_index,
|
||||
0, behavior, root->sub_table, root);
|
||||
|
@ -458,45 +548,28 @@ int sfrt_dir_insert(IP ip, int len, word data_index,
|
|||
static tuple_t _dir_sub_lookup(IPLOOKUP *ip, dir_sub_table_t *table)
|
||||
{
|
||||
word index;
|
||||
#ifdef SUP_IP6
|
||||
{
|
||||
uint32_t local_index, i;
|
||||
/* need to handle bits usage across multiple 32bit vals within IPv6. */
|
||||
if (ip->ip->family == AF_INET)
|
||||
if (ip->bits < 32 )
|
||||
{
|
||||
i=0;
|
||||
}
|
||||
else if (ip->ip->family == AF_INET6)
|
||||
else if (ip->bits < 64)
|
||||
{
|
||||
if (ip->bits < 32 )
|
||||
{
|
||||
i=0;
|
||||
}
|
||||
else if (ip->bits < 64)
|
||||
{
|
||||
i=1;
|
||||
}
|
||||
else if (ip->bits < 96)
|
||||
{
|
||||
i=2;
|
||||
}
|
||||
else
|
||||
{
|
||||
i=3;
|
||||
}
|
||||
i=1;
|
||||
}
|
||||
else if (ip->bits < 96)
|
||||
{
|
||||
i=2;
|
||||
}
|
||||
else
|
||||
{
|
||||
tuple_t ret = { 0, 0 };
|
||||
return ret;
|
||||
i=3;
|
||||
}
|
||||
local_index = ip->ip->ip32[i] << (ip->bits %32);
|
||||
index = local_index >> (ARCH_WIDTH - table->width);
|
||||
local_index = ip->adr[i] << (ip->bits %32);
|
||||
index = local_index >> (sizeof(local_index)*8 - table->width);
|
||||
}
|
||||
#else
|
||||
IPLOOKUP iplu;
|
||||
index = *ip >> (ARCH_WIDTH - table->width);
|
||||
#endif
|
||||
|
||||
if( !table->entries[index] || table->lengths[index] )
|
||||
{
|
||||
|
@ -507,26 +580,19 @@ static tuple_t _dir_sub_lookup(IPLOOKUP *ip, dir_sub_table_t *table)
|
|||
return ret;
|
||||
}
|
||||
|
||||
#ifdef SUP_IP6
|
||||
ip->bits += table->width;
|
||||
return _dir_sub_lookup( ip, (dir_sub_table_t *)table->entries[index]);
|
||||
#else
|
||||
iplu = *ip << table->width;
|
||||
return _dir_sub_lookup( &iplu, (dir_sub_table_t *)table->entries[index]);
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Lookup information associated with the value "ip" */
|
||||
tuple_t sfrt_dir_lookup(IP ip, void *tbl)
|
||||
tuple_t sfrt_dir_lookup(uint32_t* adr, int numAdrDwords, void *tbl)
|
||||
{
|
||||
dir_table_t *root = (dir_table_t*)tbl;
|
||||
#ifdef SUP_IP6
|
||||
uint32_t h_adr[4];
|
||||
int i;
|
||||
IPLOOKUP iplu;
|
||||
iplu.ip = ip;
|
||||
iplu.adr = h_adr;
|
||||
iplu.bits = 0;
|
||||
#else
|
||||
IPLOOKUP iplu = ip;
|
||||
#endif
|
||||
|
||||
if(!root || !root->sub_table)
|
||||
{
|
||||
|
@ -535,6 +601,11 @@ tuple_t sfrt_dir_lookup(IP ip, void *tbl)
|
|||
return ret;
|
||||
}
|
||||
|
||||
for (i = 0; i < numAdrDwords; i++)
|
||||
{
|
||||
h_adr[i] = ntohl(adr[i]);
|
||||
}
|
||||
|
||||
return _dir_sub_lookup(&iplu, root->sub_table);
|
||||
}
|
||||
|
||||
|
@ -549,3 +620,182 @@ uint32_t sfrt_dir_usage(void *table)
|
|||
return ((dir_table_t*)(table))->allocated;
|
||||
}
|
||||
|
||||
static void _sub_table_print(dir_sub_table_t *sub, uint32_t level, dir_table_t *table) {
|
||||
int index;
|
||||
|
||||
char label[100];
|
||||
|
||||
memset(label, ' ', sizeof(label));
|
||||
label[level*5] = '\0';
|
||||
|
||||
printf("%sCurrent Nodes: %d, Filled Entries: %d, table Width: %d\n", label, sub->cur_num, sub->filledEntries, sub->width);
|
||||
for(index=0; index < sub->num_entries; index++)
|
||||
{
|
||||
if (sub->lengths[index] || sub->entries[index])
|
||||
printf("%sIndex: %d, Length: %d, dataIndex: %d\n", label, index, sub->lengths[index],
|
||||
(uint32_t)sub->entries[index]);
|
||||
|
||||
if( !sub->lengths[index] && sub->entries[index] ) {
|
||||
_sub_table_print((dir_sub_table_t*) sub->entries[index], level+1, table);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Print a table.
|
||||
* Prints a table and its subtable. This is used for debugging purpose only.
|
||||
* @param table The table that describes all, returned by dir_new
|
||||
*/
|
||||
void sfrt_dir_print(void *tbl) {
|
||||
dir_table_t *table = (dir_table_t*)tbl;
|
||||
|
||||
if(!table) {
|
||||
return;
|
||||
}
|
||||
|
||||
printf ("Nodes in use: %d\n", table->cur_num);
|
||||
if(table->sub_table) {
|
||||
_sub_table_print(table->sub_table, 1, table);
|
||||
}
|
||||
}
|
||||
|
||||
/* Sub table removal
|
||||
* Recursive function to drill down to subnet table and remove entries.
|
||||
* @param ip IP address structure
|
||||
* @param length Number of bits of the IP used to specify this CIDR
|
||||
* @param cur_len Number of bits of the IP left at this depth
|
||||
* @param current_depth Number of levels down from root_table.
|
||||
* @param behavior RT_FAVOR_SPECIFIC or RT_FAVOR_TIME
|
||||
* @param root_table The table that describes all, returned by dir_new
|
||||
* @returns index of entry removed. Returns 0, which is a valid index, as failure code.
|
||||
* Calling function should treat 0 index as failure case.*/
|
||||
|
||||
static int _dir_sub_remove(IPLOOKUP *ip, int length, int cur_len,
|
||||
int current_depth, int behavior,
|
||||
dir_sub_table_t *sub_table, dir_table_t *root_table)
|
||||
{
|
||||
|
||||
word index;
|
||||
uint32_t fill;
|
||||
uint32_t valueIndex = 0;
|
||||
|
||||
{
|
||||
uint32_t local_index, i;
|
||||
/* need to handle bits usage across multiple 32bit vals within IPv6. */
|
||||
if (ip->bits < 32 )
|
||||
{
|
||||
i=0;
|
||||
}
|
||||
else if (ip->bits < 64)
|
||||
{
|
||||
i=1;
|
||||
}
|
||||
else if (ip->bits < 96)
|
||||
{
|
||||
i=2;
|
||||
}
|
||||
else
|
||||
{
|
||||
i=3;
|
||||
}
|
||||
local_index = ip->adr[i] << (ip->bits %32);
|
||||
index = local_index >> (sizeof(local_index)*8 - sub_table->width);
|
||||
}
|
||||
|
||||
/* Check if this is the last table to traverse to */
|
||||
if(sub_table->width >= cur_len)
|
||||
{
|
||||
|
||||
/* Calculate how many entries need to be removed (filled with 0)
|
||||
* in this table. If the table is 24 bits wide, and the entry
|
||||
* is 20 bytes long, 2^4 entries need to be filled. */
|
||||
fill = 1 << (sub_table->width - cur_len);
|
||||
|
||||
index = (index >> (sub_table->width - cur_len)) <<
|
||||
(sub_table->width - cur_len);
|
||||
|
||||
fill += index;
|
||||
|
||||
/* Remove and overwrite without consedering CIDR specificity*/
|
||||
if(behavior == RT_FAVOR_TIME)
|
||||
{
|
||||
valueIndex = _dir_remove_all(&root_table->allocated, index, fill, length, sub_table);
|
||||
}
|
||||
/* Remove and overwrite only less specific CIDR */
|
||||
else
|
||||
{
|
||||
valueIndex = _dir_remove_less_specific(&root_table->allocated, index, fill, length, sub_table);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* traverse to a next sub-table down*/
|
||||
|
||||
dir_sub_table_t *next_sub = (dir_sub_table_t *)sub_table->entries[index];
|
||||
|
||||
/*subtable was never added. */
|
||||
if(!next_sub || sub_table->lengths[index])
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
/* Recurse to next level. Rightshift off appropriate number of
|
||||
* bits and update the length accordingly. */
|
||||
ip->bits += sub_table->width;
|
||||
valueIndex = _dir_sub_remove(ip, length,
|
||||
cur_len - sub_table->width, current_depth+1,
|
||||
behavior, next_sub, root_table);
|
||||
if (!next_sub->filledEntries)
|
||||
{
|
||||
_sub_table_free(&root_table->allocated, next_sub);
|
||||
sub_table->entries[index] = 0;
|
||||
sub_table->lengths[index] = 0;
|
||||
sub_table->filledEntries--;
|
||||
root_table->cur_num--;
|
||||
}
|
||||
}
|
||||
|
||||
return valueIndex;
|
||||
}
|
||||
|
||||
/* Remove entry into DIR-n-m tables
|
||||
* @param ip IP address structure
|
||||
* @param len Number of bits of the IP used for lookup
|
||||
* @param behavior RT_FAVOR_SPECIFIC or RT_FAVOR_TIME
|
||||
* @param table The table that describes all, returned by dir_new
|
||||
* @return index to data or 0 on failure. Calling function should check for 0 since
|
||||
* this is valid index for failed operation.
|
||||
*/
|
||||
word sfrt_dir_remove(uint32_t* adr, int numAdrDwords, int len, int behavior, void *table)
|
||||
{
|
||||
dir_table_t *root = (dir_table_t*)table;
|
||||
uint32_t h_adr[4];
|
||||
IPLOOKUP iplu;
|
||||
iplu.adr = h_adr;
|
||||
iplu.bits = 0;
|
||||
|
||||
/* Validate arguments */
|
||||
if(!root || !root->sub_table)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
h_adr[0] = ntohl(adr[0]);
|
||||
if (len > 96)
|
||||
{
|
||||
h_adr[1] = ntohl(adr[1]);
|
||||
h_adr[2] = ntohl(adr[2]);
|
||||
h_adr[3] = ntohl(adr[3]);
|
||||
}
|
||||
else if (len > 64)
|
||||
{
|
||||
h_adr[1] = ntohl(adr[1]);
|
||||
h_adr[2] = ntohl(adr[2]);
|
||||
}
|
||||
else if (len > 32)
|
||||
{
|
||||
h_adr[1] = ntohl(adr[1]);
|
||||
}
|
||||
|
||||
/* Find the sub table in which to remove */
|
||||
return _dir_sub_remove(&iplu, len, len, 0, behavior, root->sub_table, root);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2006-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2006-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -15,7 +16,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -24,30 +25,32 @@
|
|||
* @author Adam Keeton <akeeton@sourcefire.com>
|
||||
* @date Thu July 20 10:16:26 EDT 2006
|
||||
*
|
||||
* The implementation uses an multibit-trie that is similar to Gupta et-al's
|
||||
* The implementation uses an multibit-trie that is similar to Gupta et-al's
|
||||
* DIR-n-m.
|
||||
*/
|
||||
|
||||
#ifndef SFRT_DIR_H_
|
||||
#define SFRT_DIR_H_
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
/*******************************************************************/
|
||||
/* DIR-n-m data structures
|
||||
* Each table in the DIR-n-m method is represented by a
|
||||
/* DIR-n-m data structures
|
||||
* Each table in the DIR-n-m method is represented by a
|
||||
* dir_sub_table_t. They are managed by a dir_table_t. */
|
||||
typedef struct
|
||||
{
|
||||
word *entries;
|
||||
char *lengths;
|
||||
uint8_t *lengths;
|
||||
int num_entries; /* Number of entries in this table */
|
||||
int width; /* width of this table. */
|
||||
/* While one determines the other, this way fewer
|
||||
/* While one determines the other, this way fewer
|
||||
* calculations are needed at runtime, since both
|
||||
* are used. */
|
||||
int cur_num; /* Present number of used nodes */
|
||||
|
||||
/** number of entries filled including chidren sub_tables. This is used
|
||||
* for freeing sub_tables when all entried are freed by delete operation.
|
||||
*/
|
||||
int filledEntries;
|
||||
} dir_sub_table_t;
|
||||
|
||||
/* Master data structure for the DIR-n-m derivative */
|
||||
|
@ -56,7 +59,7 @@ typedef struct
|
|||
int *dimensions; /* DIR-n-m will consist of any number of arbitrarily
|
||||
* long tables. This variable keeps track of the
|
||||
* dimensions */
|
||||
int dim_size; /* And this variable keeps track of 'dimensions''s
|
||||
int dim_size; /* And this variable keeps track of 'dimensions''s
|
||||
* dimensions! */
|
||||
uint32_t mem_cap; /* User-defined maximum memory that can be allocated
|
||||
* for the DIR-n-m derivative */
|
||||
|
@ -72,10 +75,12 @@ typedef struct
|
|||
/* DIR-n-m functions, these are not intended to be called directly */
|
||||
dir_table_t * sfrt_dir_new(uint32_t mem_cap, int count,...);
|
||||
void sfrt_dir_free(void *);
|
||||
tuple_t sfrt_dir_lookup(IP ip, void *table);
|
||||
int sfrt_dir_insert(IP ip, int len, word data_index,
|
||||
tuple_t sfrt_dir_lookup(uint32_t* adr, int numAdrDwords, void *table);
|
||||
int sfrt_dir_insert(uint32_t* adr, int numAdrDwords, int len, word data_index,
|
||||
int behavior, void *table);
|
||||
uint32_t sfrt_dir_usage(void *table);
|
||||
void sfrt_dir_print(void *table);
|
||||
word sfrt_dir_remove(uint32_t* adr, int numAdrDwords, int len, int behavior, void *table);
|
||||
|
||||
#endif /* SFRT_DIR_H_ */
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2006-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2006-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -15,7 +16,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -68,7 +69,7 @@ typedef unsigned long word;
|
|||
/* The trie is represented by an array and each node in
|
||||
the trie is compactly represented using only 32 bits:
|
||||
5 + 5 + 22 = branch + skip + adr */
|
||||
typedef word trie_node_t;
|
||||
typedef word node_t;
|
||||
|
||||
#define NOPRE -1 /* an empty prefix pointer */
|
||||
|
||||
|
@ -130,14 +131,14 @@ typedef struct { /* compact version of above */
|
|||
int len;
|
||||
int pre;
|
||||
int policy;
|
||||
} comp_pre_t;
|
||||
} comp_pre_t;
|
||||
|
||||
/* The complete routing table data structure consists of
|
||||
a trie, a base vector, a prefix vector, and a next-hop table. */
|
||||
|
||||
typedef struct routtablerec *routtable_t;
|
||||
struct routtablerec {
|
||||
trie_node_t *trie; /* the main trie search structure */
|
||||
node_t *trie; /* the main trie search structure */
|
||||
int triesize;
|
||||
comp_base_t *base; /* the base vector */
|
||||
int basesize;
|
||||
|
@ -145,23 +146,8 @@ struct routtablerec {
|
|||
int presize;
|
||||
policy_t *policy; /* the next-hop table */
|
||||
int policysize;
|
||||
|
||||
|
||||
int dirty; /* Whether or not the table needs to be rebuilt */
|
||||
};
|
||||
|
||||
/* utilities */
|
||||
#ifndef boolean
|
||||
#ifndef HAVE_BOOLEAN
|
||||
typedef unsigned char boolean;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef TRUE
|
||||
# define TRUE 1
|
||||
#endif
|
||||
|
||||
#ifndef FALSE
|
||||
# define FALSE 0
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1,4 +1,29 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
* published by the Free Software Foundation. You may not use, modify or
|
||||
* distribute this program under any other version of the GNU General
|
||||
* Public License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include "sf_dynamic_define.h"
|
||||
#include "sf_snort_plugin_api.h"
|
||||
#include "sf_dynamic_meta.h"
|
||||
#include "detection_lib_meta.h"
|
||||
|
@ -8,12 +33,12 @@
|
|||
|
||||
extern Rule *rules[];
|
||||
|
||||
DETECTION_LINKAGE int InitializeDetection()
|
||||
DETECTION_LINKAGE int InitializeDetection(struct _SnortConfig *sc)
|
||||
{
|
||||
return RegisterRules(rules);
|
||||
return RegisterRules(sc, rules);
|
||||
}
|
||||
|
||||
DETECTION_LINKAGE int DumpSkeletonRules()
|
||||
DETECTION_LINKAGE int DumpSkeletonRules(void)
|
||||
{
|
||||
return DumpRules(DETECTION_LIB_NAME, rules);
|
||||
}
|
||||
|
@ -25,7 +50,8 @@ DETECTION_LINKAGE int LibVersion(DynamicPluginMeta *dpm)
|
|||
dpm->major = DETECTION_LIB_MAJOR;
|
||||
dpm->minor = DETECTION_LIB_MINOR;
|
||||
dpm->build = DETECTION_LIB_BUILD;
|
||||
strncpy(dpm->uniqueName, DETECTION_LIB_NAME, MAX_NAME_LEN);
|
||||
strncpy(dpm->uniqueName, DETECTION_LIB_NAME, MAX_NAME_LEN-1);
|
||||
dpm->uniqueName[MAX_NAME_LEN-1] = '\0';
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -36,6 +62,7 @@ DETECTION_LINKAGE int EngineVersion(DynamicPluginMeta *dpm)
|
|||
dpm->major = REQ_ENGINE_LIB_MAJOR;
|
||||
dpm->minor = REQ_ENGINE_LIB_MINOR;
|
||||
dpm->build = 0;
|
||||
strncpy(dpm->uniqueName, REQ_ENGINE_LIB_NAME, MAX_NAME_LEN);
|
||||
strncpy(dpm->uniqueName, REQ_ENGINE_LIB_NAME, MAX_NAME_LEN-1);
|
||||
dpm->uniqueName[MAX_NAME_LEN-1] = '\0';
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -1,15 +1,37 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
* published by the Free Software Foundation. You may not use, modify or
|
||||
* distribute this program under any other version of the GNU General
|
||||
* Public License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
#ifndef SFSNORT_DYNAMIC_DETECTION_LIB_H_
|
||||
#define SFSNORT_DYNAMIC_DETECTION_LIB_H_
|
||||
|
||||
#ifdef WIN32
|
||||
#ifdef SF_SNORT_DETECTION_DLL
|
||||
#define DETECTION_LINKAGE __declspec(dllexport)
|
||||
#define BUILDING_SO
|
||||
#define DETECTION_LINKAGE SF_SO_PUBLIC
|
||||
#else
|
||||
#define DETECTION_LINKAGE __declspec(dllimport)
|
||||
#define DETECTION_LINKAGE
|
||||
#endif
|
||||
#else /* WIN32 */
|
||||
#define DETECTION_LINKAGE
|
||||
#endif /* WIN32 */
|
||||
#define DETECTION_LINKAGE SF_SO_PUBLIC
|
||||
#endif
|
||||
|
||||
#endif /* SFSNORT_DYNAMIC_DETECTION_LIB_H_ */
|
||||
|
||||
|
|
|
@ -0,0 +1,67 @@
|
|||
/*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
* published by the Free Software Foundation. You may not use, modify or
|
||||
* distribute this program under any other version of the GNU General
|
||||
* Public License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2012-2013 Sourcefire, Inc.
|
||||
*
|
||||
* Author: Michael Altizer <maltizer@sourcefire.com>
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef __SIDE_CHANNEL_DEFINE_H__
|
||||
#define __SIDE_CHANNEL_DEFINE_H__
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#define SC_USE_DMQ 1
|
||||
|
||||
/* You get 16 bits worth of types. Use them wisely. */
|
||||
enum
|
||||
{
|
||||
SC_MSG_TYPE_NONE = 0,
|
||||
SC_MSG_TYPE_FLOW_STATE_TRACKING,
|
||||
SC_MSG_TYPE_SSL_STATE_TRACKING,
|
||||
SC_MSG_TYPE_ANY = 0xFFFF
|
||||
};
|
||||
|
||||
typedef struct _SC_MESSAGE_HEADER
|
||||
{
|
||||
uint16_t type;
|
||||
uint64_t timestamp;
|
||||
} SCMsgHdr;
|
||||
|
||||
typedef struct _SC_MESSAGE_QUEUE_NODE *SCMessageQueueNodePtr;
|
||||
|
||||
typedef void (*SCMQMsgFreeFunc)(void *);
|
||||
|
||||
typedef int (*SCMConfigFunc)(char *);
|
||||
typedef int (*SCMInitFunc)(void);
|
||||
typedef int (*SCMPostInitFunc)(void);
|
||||
typedef void (*SCMStatsFunc)(int exiting);
|
||||
typedef void (*SCMIdleFunc)(void);
|
||||
typedef int (*SCMProcessMsgFunc)(SCMsgHdr *hdr, const uint8_t *msg, uint32_t length);
|
||||
typedef void (*SCMShutdownFunc)(void);
|
||||
|
||||
typedef struct _SCM_FUNCTION_BUNDLE {
|
||||
SCMConfigFunc configFunc;
|
||||
SCMInitFunc initFunc;
|
||||
SCMPostInitFunc postInitFunc;
|
||||
SCMIdleFunc idleFunc;
|
||||
SCMStatsFunc statsFunc;
|
||||
SCMShutdownFunc shutdownFunc;
|
||||
} SCMFunctionBundle;
|
||||
|
||||
#endif /* __SIDE_CHANNEL_DEFINE_H__ */
|
|
@ -1,6 +1,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
** Copyright (C) 2002-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2002-2013 Sourcefire, Inc.
|
||||
** Author(s): Andrew R. Baker <andrewb@sourcefire.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
|
@ -16,14 +17,11 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
#ifndef __SIGNATURE_H__
|
||||
#define __SIGNATURE_H__
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
#ifdef OSF1
|
||||
#include <sys/bitypes.h>
|
||||
#endif
|
||||
|
@ -101,6 +99,13 @@ typedef struct _ServiceInfo
|
|||
char *service;
|
||||
int16_t service_ordinal;
|
||||
} ServiceInfo;
|
||||
|
||||
typedef enum _ServiceOverride {
|
||||
ServiceOverride_ElsePorts = 0,
|
||||
ServiceOverride_AndPorts,
|
||||
ServiceOverride_OrPorts,
|
||||
ServiceOverride_Nil
|
||||
} ServiceOverride;
|
||||
#endif
|
||||
|
||||
typedef struct _SigInfo
|
||||
|
@ -111,17 +116,22 @@ typedef struct _SigInfo
|
|||
uint32_t class_id;
|
||||
ClassType *classType;
|
||||
uint32_t priority;
|
||||
char *message;
|
||||
const char *message;
|
||||
ReferenceNode *refs;
|
||||
int shared; /* shared object rule */
|
||||
int rule_type; /* 0-std rule, 1-decoder, rule, 3 preprocessor rule */
|
||||
int rule_flushing; /* 0-disabled, 1-enabled */
|
||||
char shared; /* shared object rule */
|
||||
char dup_opt_func; /* has soid, and refers to another shared object rule */
|
||||
char rule_type; /* 0-std rule, 1-decoder, rule, 3 preprocessor rule */
|
||||
char rule_flushing; /* 0-disabled, 1-enabled */
|
||||
OtnKey otnKey;
|
||||
#ifdef TARGET_BASED
|
||||
unsigned int num_services;
|
||||
ServiceInfo *services;
|
||||
char *os;
|
||||
ServiceOverride service_override;
|
||||
#endif
|
||||
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
unsigned int num_appid;
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
} SigInfo;
|
||||
|
||||
void * SoRuleOtnLookupNew(void);
|
||||
|
@ -139,4 +149,12 @@ void OtnRemove(void *, void *, struct _OptTreeNode *);
|
|||
void OtnDeleteData(void *data);
|
||||
void OtnFree(void *data);
|
||||
|
||||
static inline bool IsPreprocDecoderRule(char rule_type)
|
||||
{
|
||||
if ((rule_type == SI_RULE_TYPE_DECODE)
|
||||
|| (rule_type == SI_RULE_TYPE_PREPROC))
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
|
||||
#endif /* SIGNATURE */
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
** Copyright (C) 2002-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2002-2013 Sourcefire, Inc.
|
||||
** Author(s): Andrew R. Baker <andrewb@sourcefire.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
|
@ -16,14 +17,11 @@
|
|||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
#ifndef __SIGNATURE_H__
|
||||
#define __SIGNATURE_H__
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
#ifdef OSF1
|
||||
#include <sys/bitypes.h>
|
||||
#endif
|
||||
|
@ -103,6 +101,13 @@ typedef struct _ServiceInfo
|
|||
char *service;
|
||||
int16_t service_ordinal;
|
||||
} ServiceInfo;
|
||||
|
||||
typedef enum _ServiceOverride {
|
||||
ServiceOverride_ElsePorts = 0,
|
||||
ServiceOverride_AndPorts,
|
||||
ServiceOverride_OrPorts,
|
||||
ServiceOverride_Nil
|
||||
} ServiceOverride;
|
||||
#endif
|
||||
|
||||
typedef struct _SigInfo
|
||||
|
@ -113,17 +118,22 @@ typedef struct _SigInfo
|
|||
uint32_t class_id;
|
||||
ClassType *classType;
|
||||
uint32_t priority;
|
||||
char *message;
|
||||
const char *message;
|
||||
ReferenceNode *refs;
|
||||
int shared; /* shared object rule */
|
||||
int rule_type; /* 0-std rule, 1-decoder, rule, 3 preprocessor rule */
|
||||
int rule_flushing; /* 0-disabled, 1-enabled */
|
||||
char shared; /* shared object rule */
|
||||
char dup_opt_func; /* has soid, and refers to another shared object rule */
|
||||
char rule_type; /* 0-std rule, 1-decoder, rule, 3 preprocessor rule */
|
||||
char rule_flushing; /* 0-disabled, 1-enabled */
|
||||
OtnKey otnKey;
|
||||
#ifdef TARGET_BASED
|
||||
unsigned int num_services;
|
||||
ServiceInfo *services;
|
||||
char *os;
|
||||
ServiceOverride service_override;
|
||||
#endif
|
||||
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
unsigned int num_appid;
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
} SigInfo;
|
||||
|
||||
SFGHASH * SoRuleOtnLookupNew(void);
|
||||
|
@ -141,4 +151,12 @@ void OtnRemove(SFGHASH *, SFGHASH *, struct _OptTreeNode *);
|
|||
void OtnDeleteData(void *data);
|
||||
void OtnFree(void *data);
|
||||
|
||||
static inline bool IsPreprocDecoderRule(char rule_type)
|
||||
{
|
||||
if ((rule_type == SI_RULE_TYPE_DECODE)
|
||||
|| (rule_type == SI_RULE_TYPE_PREPROC))
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
|
||||
#endif /* SIGNATURE */
|
||||
|
|
|
@ -0,0 +1,248 @@
|
|||
#ifndef _BOUNDS_H
|
||||
#define _BOUNDS_H
|
||||
/*
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2003-2013 Sourcefire, Inc.
|
||||
** Chris Green <cmg@sourcefire.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU General Public License for more details.
|
||||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
**
|
||||
*/
|
||||
|
||||
#ifdef OSF1
|
||||
#include <sys/bitypes.h>
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/types.h>
|
||||
#include <stdarg.h>
|
||||
#ifdef DEBUG
|
||||
#include <assert.h>
|
||||
#endif
|
||||
#include <unistd.h>
|
||||
|
||||
#define SAFEMEM_ERROR 0
|
||||
#define SAFEMEM_SUCCESS 1
|
||||
|
||||
#ifdef DEBUG
|
||||
#define ERRORRET assert(0==1)
|
||||
#else
|
||||
#define ERRORRET return SAFEMEM_ERROR;
|
||||
#endif /* DEBUG */
|
||||
|
||||
#define MAXPORTS 65536
|
||||
#define MAXPORTS_STORAGE 8192
|
||||
|
||||
|
||||
/*
|
||||
* Check to make sure that p is less than or equal to the ptr range
|
||||
* pointers
|
||||
*
|
||||
* 1 means it's in bounds, 0 means it's not
|
||||
*/
|
||||
static inline int inBounds(const uint8_t *start, const uint8_t *end, const uint8_t *p)
|
||||
{
|
||||
if ((p >= start) && (p < end))
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int SafeMemCheck(void *dst, size_t n,
|
||||
const void *start, const void *end)
|
||||
{
|
||||
void *tmp;
|
||||
|
||||
if (n < 1)
|
||||
return SAFEMEM_ERROR;
|
||||
|
||||
if ((dst == NULL) || (start == NULL) || (end == NULL))
|
||||
return SAFEMEM_ERROR;
|
||||
|
||||
tmp = ((uint8_t *)dst) + (n - 1);
|
||||
if (tmp < dst)
|
||||
return SAFEMEM_ERROR;
|
||||
|
||||
if (!inBounds(start, end, dst) || !inBounds(start, end, tmp))
|
||||
return SAFEMEM_ERROR;
|
||||
|
||||
return SAFEMEM_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* A Safer Memcpy
|
||||
*
|
||||
* @param dst where to copy to
|
||||
* @param src where to copy from
|
||||
* @param n number of bytes to copy
|
||||
* @param start start of the dest buffer
|
||||
* @param end end of the dst buffer
|
||||
*
|
||||
* @return SAFEMEM_ERROR on failure, SAFEMEM_SUCCESS on success
|
||||
*/
|
||||
static inline int SafeMemcpy(void *dst, const void *src, size_t n, const void *start, const void *end)
|
||||
{
|
||||
if (!n)
|
||||
return SAFEMEM_SUCCESS;
|
||||
if (SafeMemCheck(dst, n, start, end) != SAFEMEM_SUCCESS)
|
||||
ERRORRET;
|
||||
if (src == NULL)
|
||||
ERRORRET;
|
||||
memcpy(dst, src, n);
|
||||
return SAFEMEM_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* A Safer Memmove
|
||||
* dst and src can be in the same buffer
|
||||
*
|
||||
* @param dst where to copy to
|
||||
* @param src where to copy from
|
||||
* @param n number of bytes to copy
|
||||
* @param start start of the dest buffer
|
||||
* @param end end of the dst buffer
|
||||
*
|
||||
* @return SAFEMEM_ERROR on failure, SAFEMEM_SUCCESS on success
|
||||
*/
|
||||
static inline int SafeMemmove(void *dst, const void *src, size_t n, const void *start, const void *end)
|
||||
{
|
||||
if (SafeMemCheck(dst, n, start, end) != SAFEMEM_SUCCESS)
|
||||
ERRORRET;
|
||||
if (src == NULL)
|
||||
ERRORRET;
|
||||
memmove(dst, src, n);
|
||||
return SAFEMEM_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* A Safer Memmove
|
||||
* dst and src can be in the same buffer
|
||||
*
|
||||
* @param dst where to copy to
|
||||
* @param src where to copy from
|
||||
* @param n number of bytes to copy
|
||||
* @param start start of the dest buffer
|
||||
* @param end end of the dst buffer
|
||||
*
|
||||
* @return SAFEMEM_ERROR on failure, SAFEMEM_SUCCESS on success
|
||||
*/
|
||||
static inline int SafeBoundsMemmove(void *dst, const void *src, size_t n, const void *start, const void *end)
|
||||
{
|
||||
size_t overlap = 0;
|
||||
if (SafeMemCheck(dst, n, start, end) != SAFEMEM_SUCCESS)
|
||||
ERRORRET;
|
||||
if (src == NULL)
|
||||
ERRORRET;
|
||||
|
||||
if( src == dst )
|
||||
{
|
||||
return SAFEMEM_SUCCESS;
|
||||
}
|
||||
else if(inBounds(dst, ((uint8_t *)dst + n), src))
|
||||
{
|
||||
overlap = (uint8_t *)src - (uint8_t *)dst;
|
||||
memcpy(dst, src , overlap);
|
||||
memmove(((uint8_t *)dst + overlap), ((uint8_t *)src + overlap), (n - overlap));
|
||||
}
|
||||
else if(inBounds(src, ((uint8_t *)src + n), dst))
|
||||
{
|
||||
overlap = (uint8_t *)dst - (uint8_t *)src;
|
||||
memcpy(((uint8_t *)dst + overlap), ((uint8_t *)src + overlap), (n - overlap));
|
||||
memmove(dst, src, overlap);
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy(dst, src, n);
|
||||
}
|
||||
return SAFEMEM_SUCCESS;
|
||||
}
|
||||
/**
|
||||
* A Safer Memset
|
||||
* dst and src can be in the same buffer
|
||||
*
|
||||
* @param dst where to copy to
|
||||
* @param c character to set memory with
|
||||
* @param n number of bytes to set
|
||||
* @param start start of the dst buffer
|
||||
* @param end end of the dst buffer
|
||||
*
|
||||
* @return SAFEMEM_ERROR on failure, SAFEMEM_SUCCESS on success
|
||||
*/
|
||||
static inline int SafeMemset(void *dst, uint8_t c, size_t n, const void *start, const void *end)
|
||||
{
|
||||
if (SafeMemCheck(dst, n, start, end) != SAFEMEM_SUCCESS)
|
||||
ERRORRET;
|
||||
memset(dst, c, n);
|
||||
return SAFEMEM_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* A Safer *a = *b
|
||||
*
|
||||
* @param start start of the dst buffer
|
||||
* @param end end of the dst buffer
|
||||
* @param dst the location to write to
|
||||
* @param src the source to read from
|
||||
*
|
||||
* @return 0 on failure, 1 on success
|
||||
*/
|
||||
static inline int SafeWrite(uint8_t *start, uint8_t *end, uint8_t *dst, uint8_t *src)
|
||||
{
|
||||
if(!inBounds(start, end, dst))
|
||||
{
|
||||
ERRORRET;
|
||||
}
|
||||
|
||||
*dst = *src;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static inline int SafeRead(uint8_t *start, uint8_t *end, uint8_t *src, uint8_t *read)
|
||||
{
|
||||
if(!inBounds(start,end, src))
|
||||
{
|
||||
ERRORRET;
|
||||
}
|
||||
|
||||
*read = *start;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* An wrapper around snprintf to make it safe.
|
||||
*
|
||||
* This wrapper of snprintf returns the number of bytes written to the buffer.
|
||||
*/
|
||||
static inline size_t SafeSnprintf(char *str, size_t size, const char *format, ...)
|
||||
{
|
||||
va_list ap;
|
||||
int ret;
|
||||
|
||||
if (size == 0) return 0;
|
||||
|
||||
va_start(ap, format);
|
||||
ret = vsnprintf(str, size, format, ap);
|
||||
va_end(ap);
|
||||
|
||||
if (ret < 0 || (size_t)ret > size)
|
||||
return 0;
|
||||
|
||||
return (size_t)ret;
|
||||
}
|
||||
|
||||
|
||||
|
||||
#endif /* _BOUNDS_H */
|
|
@ -0,0 +1,120 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2002-2013 Sourcefire, Inc.
|
||||
** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU General Public License for more details.
|
||||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef DEBUG_H
|
||||
#define DEBUG_H
|
||||
|
||||
#include <ctype.h>
|
||||
#ifdef SF_WCHAR
|
||||
/* ISOC99 is defined to get required prototypes */
|
||||
#ifndef __USE_ISOC99
|
||||
#define __USE_ISOC99
|
||||
#endif
|
||||
#include <wchar.h>
|
||||
#endif
|
||||
|
||||
/* this env var uses the lower 32 bits of the flags: */
|
||||
#define DEBUG_VARIABLE "SNORT_DEBUG"
|
||||
|
||||
#define DEBUG_INIT 0x0000000000000001LL
|
||||
#define DEBUG_PARSER 0x0000000000000002LL
|
||||
#define DEBUG_MSTRING 0x0000000000000004LL
|
||||
#define DEBUG_PORTLISTS 0x0000000000000008LL
|
||||
#define DEBUG_ATTRIBUTE 0x0000000000000010LL
|
||||
#define DEBUG_PLUGIN 0x0000000000000020LL
|
||||
#define DEBUG_PLUGBASE 0x0000000000000040LL
|
||||
#define DEBUG_DECODE 0x0000000000000080LL
|
||||
#define DEBUG_DATALINK 0x0000000000000100LL
|
||||
#define DEBUG_CONFIGRULES 0x0000000000000200LL
|
||||
#define DEBUG_RULES 0x0000000000000400LL
|
||||
#define DEBUG_DETECT 0x0000000000000800LL
|
||||
#define DEBUG_PATTERN_MATCH 0x0000000000001000LL
|
||||
#define DEBUG_FLOW 0x0000000000002000LL
|
||||
#define DEBUG_LOG 0x0000000000004000LL
|
||||
#define DEBUG_FLOWBITS 0x0000000000008000LL
|
||||
#define DEBUG_FILE 0x0000000000010000LL
|
||||
#define DEBUG_CONTROL 0x0000000000020000LL
|
||||
#define DEBUG_EXP 0x0000000080000000LL
|
||||
|
||||
/* this env var uses the upper 32 bits of the flags: */
|
||||
#define DEBUG_PP_VAR "SNORT_PP_DEBUG"
|
||||
|
||||
#define DEBUG_FRAG 0x0000000100000000LL
|
||||
#define DEBUG_STREAM 0x0000000200000000LL
|
||||
#define DEBUG_STREAM_STATE 0x0000000400000000LL
|
||||
#define DEBUG_STREAM_PAF 0x0000000800000000LL
|
||||
#define DEBUG_HTTP_DECODE 0x0000001000000000LL
|
||||
#define DEBUG_HTTPINSPECT 0x0000002000000000LL
|
||||
#define DEBUG_ASN1 0x0000004000000000LL
|
||||
#define DEBUG_DNS 0x0000008000000000LL
|
||||
#define DEBUG_FTPTELNET 0x0000010000000000LL
|
||||
#define DEBUG_GTP 0x0000020000000000LL
|
||||
#define DEBUG_IMAP 0x0000040000000000LL
|
||||
#define DEBUG_POP 0x0000080000000000LL
|
||||
#define DEBUG_RPC 0x0000100000000000LL
|
||||
#define DEBUG_SIP 0x0000200000000000LL
|
||||
#define DEBUG_SKYPE 0x0000400000000000LL
|
||||
#define DEBUG_SSL 0x0000800000000000LL
|
||||
#define DEBUG_SMTP 0x0001000000000000LL
|
||||
#define DEBUG_APPID 0x0002000000000000LL
|
||||
#define DEBUG_PP_EXP 0x8000000000000000LL
|
||||
|
||||
void DebugMessageFunc(uint64_t dbg, const char *fmt, ...);
|
||||
#ifdef SF_WCHAR
|
||||
void DebugWideMessageFunc(uint64_t dbg, const wchar_t *fmt, ...);
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG_MSGS
|
||||
|
||||
extern char *DebugMessageFile;
|
||||
extern int DebugMessageLine;
|
||||
|
||||
#define DebugMessage *_dpd.debugMsgFile = __FILE__; *_dpd.debugMsgLine = __LINE__; _dpd.debugMsg
|
||||
#define DebugWideMessage *_dpd.debugMsgFile = __FILE__; *_dpd.debugMsgLine = __LINE__; _dpd.debugWideMsg
|
||||
|
||||
uint64_t GetDebugLevel (void);
|
||||
int DebugThis(uint64_t level);
|
||||
#else /* DEBUG_MSGS */
|
||||
|
||||
#ifdef WIN32
|
||||
/* Visual C++ uses the keyword "__inline" rather than "__inline__" */
|
||||
#define __inline__ __inline
|
||||
#endif
|
||||
|
||||
#endif /* DEBUG_MSGS */
|
||||
|
||||
|
||||
#ifdef DEBUG_MSGS
|
||||
#define DEBUG_WRAP(code) code
|
||||
void DebugMessageFunc(uint64_t dbg, const char *fmt, ...);
|
||||
#ifdef SF_WCHAR
|
||||
void DebugWideMessageFunc(uint64_t dbg, const wchar_t *fmt, ...);
|
||||
#endif
|
||||
#else /* DEBUG_MSGS */
|
||||
#define DEBUG_WRAP(code)
|
||||
/* I would use DebugMessage(dbt,fmt...) but that only works with GCC */
|
||||
|
||||
#endif /* DEBUG_MSGS */
|
||||
|
||||
#endif /* DEBUG_H */
|
||||
|
|
@ -0,0 +1,120 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
** Copyright (C) 2002-2013 Sourcefire, Inc.
|
||||
** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU General Public License for more details.
|
||||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef DEBUG_H
|
||||
#define DEBUG_H
|
||||
|
||||
#include <ctype.h>
|
||||
#ifdef SF_WCHAR
|
||||
/* ISOC99 is defined to get required prototypes */
|
||||
#ifndef __USE_ISOC99
|
||||
#define __USE_ISOC99
|
||||
#endif
|
||||
#include <wchar.h>
|
||||
#endif
|
||||
|
||||
/* this env var uses the lower 32 bits of the flags: */
|
||||
#define DEBUG_VARIABLE "SNORT_DEBUG"
|
||||
|
||||
#define DEBUG_INIT 0x0000000000000001LL
|
||||
#define DEBUG_PARSER 0x0000000000000002LL
|
||||
#define DEBUG_MSTRING 0x0000000000000004LL
|
||||
#define DEBUG_PORTLISTS 0x0000000000000008LL
|
||||
#define DEBUG_ATTRIBUTE 0x0000000000000010LL
|
||||
#define DEBUG_PLUGIN 0x0000000000000020LL
|
||||
#define DEBUG_PLUGBASE 0x0000000000000040LL
|
||||
#define DEBUG_DECODE 0x0000000000000080LL
|
||||
#define DEBUG_DATALINK 0x0000000000000100LL
|
||||
#define DEBUG_CONFIGRULES 0x0000000000000200LL
|
||||
#define DEBUG_RULES 0x0000000000000400LL
|
||||
#define DEBUG_DETECT 0x0000000000000800LL
|
||||
#define DEBUG_PATTERN_MATCH 0x0000000000001000LL
|
||||
#define DEBUG_FLOW 0x0000000000002000LL
|
||||
#define DEBUG_LOG 0x0000000000004000LL
|
||||
#define DEBUG_FLOWBITS 0x0000000000008000LL
|
||||
#define DEBUG_FILE 0x0000000000010000LL
|
||||
#define DEBUG_CONTROL 0x0000000000020000LL
|
||||
#define DEBUG_EXP 0x0000000080000000LL
|
||||
|
||||
/* this env var uses the upper 32 bits of the flags: */
|
||||
#define DEBUG_PP_VAR "SNORT_PP_DEBUG"
|
||||
|
||||
#define DEBUG_FRAG 0x0000000100000000LL
|
||||
#define DEBUG_STREAM 0x0000000200000000LL
|
||||
#define DEBUG_STREAM_STATE 0x0000000400000000LL
|
||||
#define DEBUG_STREAM_PAF 0x0000000800000000LL
|
||||
#define DEBUG_HTTP_DECODE 0x0000001000000000LL
|
||||
#define DEBUG_HTTPINSPECT 0x0000002000000000LL
|
||||
#define DEBUG_ASN1 0x0000004000000000LL
|
||||
#define DEBUG_DNS 0x0000008000000000LL
|
||||
#define DEBUG_FTPTELNET 0x0000010000000000LL
|
||||
#define DEBUG_GTP 0x0000020000000000LL
|
||||
#define DEBUG_IMAP 0x0000040000000000LL
|
||||
#define DEBUG_POP 0x0000080000000000LL
|
||||
#define DEBUG_RPC 0x0000100000000000LL
|
||||
#define DEBUG_SIP 0x0000200000000000LL
|
||||
#define DEBUG_SKYPE 0x0000400000000000LL
|
||||
#define DEBUG_SSL 0x0000800000000000LL
|
||||
#define DEBUG_SMTP 0x0001000000000000LL
|
||||
#define DEBUG_APPID 0x0002000000000000LL
|
||||
#define DEBUG_PP_EXP 0x8000000000000000LL
|
||||
|
||||
void DebugMessageFunc(uint64_t dbg, const char *fmt, ...);
|
||||
#ifdef SF_WCHAR
|
||||
void DebugWideMessageFunc(uint64_t dbg, const wchar_t *fmt, ...);
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG_MSGS
|
||||
|
||||
extern char *DebugMessageFile;
|
||||
extern int DebugMessageLine;
|
||||
|
||||
#define DebugMessage DebugMessageFile = __FILE__; DebugMessageLine = __LINE__; DebugMessageFunc
|
||||
#define DebugWideMessage DebugMessageFile = __FILE__; DebugMessageLine = __LINE__; DebugWideMessageFunc
|
||||
|
||||
uint64_t GetDebugLevel (void);
|
||||
int DebugThis(uint64_t level);
|
||||
#else /* DEBUG_MSGS */
|
||||
|
||||
#ifdef WIN32
|
||||
/* Visual C++ uses the keyword "__inline" rather than "__inline__" */
|
||||
#define __inline__ __inline
|
||||
#endif
|
||||
|
||||
#endif /* DEBUG_MSGS */
|
||||
|
||||
|
||||
#ifdef DEBUG_MSGS
|
||||
#define DEBUG_WRAP(code) code
|
||||
void DebugMessageFunc(uint64_t dbg, const char *fmt, ...);
|
||||
#ifdef SF_WCHAR
|
||||
void DebugWideMessageFunc(uint64_t dbg, const wchar_t *fmt, ...);
|
||||
#endif
|
||||
#else /* DEBUG_MSGS */
|
||||
#define DEBUG_WRAP(code)
|
||||
/* I would use DebugMessage(dbt,fmt...) but that only works with GCC */
|
||||
|
||||
#endif /* DEBUG_MSGS */
|
||||
|
||||
#endif /* DEBUG_H */
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -15,7 +16,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -23,6 +24,12 @@
|
|||
#ifndef __STR_SEARCH_H__
|
||||
#define __STR_SEARCH_H__
|
||||
|
||||
#include "mpse_methods.h"
|
||||
|
||||
/*search pattern case sensitivity */
|
||||
#define STR_SEARCH_CASE_SENSITIVE 0
|
||||
#define STR_SEARCH_CASE_INSENSITIVE 1
|
||||
|
||||
/* Function prototypes */
|
||||
typedef int (*MatchFunction)(void *, void *, int, void *, void *);
|
||||
|
||||
|
@ -38,10 +45,14 @@ int SearchFindString(unsigned int mpse_id, const char *str, unsigned int str_le
|
|||
|
||||
|
||||
void * SearchInstanceNew( void );
|
||||
void * SearchInstanceNewEx( unsigned method );
|
||||
void SearchInstanceFree( void * insance );
|
||||
void SearchInstanceAdd( void * instance, const char *pat, unsigned int pat_len, int id);
|
||||
void SearchInstanceAddEx( void * instance, const char *pat, unsigned int pat_len, void* id, unsigned nocase);
|
||||
void SearchInstancePrepPatterns( void * instance );
|
||||
int SearchInstanceFindString( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction);
|
||||
int SearchInstanceFindStringAll( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction, void *userData);
|
||||
int SearchInstanceSFindString( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction, int *state);
|
||||
|
||||
typedef struct _search_api
|
||||
{
|
||||
|
@ -64,10 +75,15 @@ typedef struct _search_api
|
|||
int (*search_put_handle)(unsigned int);
|
||||
|
||||
void * (*search_instance_new)(void);
|
||||
void * (*search_instance_new_ex)(unsigned method);
|
||||
void (*search_instance_free)(void * instance);
|
||||
void (*search_instance_add) (void * instance, const char *s, unsigned int s_len, int s_id);
|
||||
void (*search_instance_add_ex) (void * instance, const char *s, unsigned int s_len, void* s_id, unsigned nocase);
|
||||
void (*search_instance_prep)(void * instance );
|
||||
int (*search_instance_find)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction);
|
||||
int (*search_instance_find_all)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction, void *userData);
|
||||
char * (*search_instance_find_end)(char *match_ptr, int buflen, char *search_str, int search_len);
|
||||
int (*stateful_search_instance_find)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction, int *state);
|
||||
|
||||
} SearchAPI;
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -15,7 +16,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -23,6 +24,12 @@
|
|||
#ifndef __STR_SEARCH_H__
|
||||
#define __STR_SEARCH_H__
|
||||
|
||||
#include "mpse_methods.h"
|
||||
|
||||
/*search pattern case sensitivity */
|
||||
#define STR_SEARCH_CASE_SENSITIVE 0
|
||||
#define STR_SEARCH_CASE_INSENSITIVE 1
|
||||
|
||||
/* Function prototypes */
|
||||
typedef int (*MatchFunction)(void *, void *, int, void *, void *);
|
||||
|
||||
|
@ -38,10 +45,14 @@ int SearchFindString(unsigned int mpse_id, const char *str, unsigned int str_le
|
|||
|
||||
|
||||
void * SearchInstanceNew( void );
|
||||
void * SearchInstanceNewEx( unsigned method );
|
||||
void SearchInstanceFree( void * insance );
|
||||
void SearchInstanceAdd( void * instance, const char *pat, unsigned int pat_len, int id);
|
||||
void SearchInstanceAddEx( void * instance, const char *pat, unsigned int pat_len, void* id, unsigned nocase);
|
||||
void SearchInstancePrepPatterns( void * instance );
|
||||
int SearchInstanceFindString( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction);
|
||||
int SearchInstanceFindStringAll( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction, void *userData);
|
||||
int SearchInstanceSFindString( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction, int *state);
|
||||
|
||||
typedef struct _search_api
|
||||
{
|
||||
|
@ -64,10 +75,15 @@ typedef struct _search_api
|
|||
int (*search_put_handle)(unsigned int);
|
||||
|
||||
void * (*search_instance_new)(void);
|
||||
void * (*search_instance_new_ex)(unsigned method);
|
||||
void (*search_instance_free)(void * instance);
|
||||
void (*search_instance_add) (void * instance, const char *s, unsigned int s_len, int s_id);
|
||||
void (*search_instance_add_ex) (void * instance, const char *s, unsigned int s_len, void* s_id, unsigned nocase);
|
||||
void (*search_instance_prep)(void * instance );
|
||||
int (*search_instance_find)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction);
|
||||
int (*search_instance_find_all)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction, void *userData);
|
||||
char * (*search_instance_find_end)(char *match_ptr, int buflen, char *search_str, int search_len);
|
||||
int (*stateful_search_instance_find)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction, int *state);
|
||||
|
||||
} SearchAPI;
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/* $Id$ */
|
||||
|
||||
/*
|
||||
* ** Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* ** Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
* ** AUTHOR: Steven Sturges
|
||||
* **
|
||||
* ** This program is free software; you can redistribute it and/or modify
|
||||
|
@ -17,13 +17,13 @@
|
|||
* **
|
||||
* ** You should have received a copy of the GNU General Public License
|
||||
* ** along with this program; if not, write to the Free Software
|
||||
* ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
* */
|
||||
|
||||
/* stream_api.h
|
||||
*
|
||||
* Purpose: Definition of the StreamAPI. To be used as a common interface
|
||||
* for TCP (and later UDP & ICMP) Stream access for other
|
||||
* for TCP (and later UDP & ICMP) Stream access for other
|
||||
* preprocessors and detection plugins.
|
||||
*
|
||||
* Arguments:
|
||||
|
@ -39,6 +39,10 @@
|
|||
#ifndef STREAM_API_H_
|
||||
#define STREAM_API_H_
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include "ipv6_port.h"
|
||||
|
@ -46,90 +50,115 @@
|
|||
#include "bitop.h"
|
||||
#include "sf_snort_packet.h"
|
||||
#include "sfPolicy.h"
|
||||
#include "session_api.h"
|
||||
|
||||
#define IGNORE_FLAG_ALWAYS 0x01
|
||||
|
||||
#define SSN_MISSING_NONE 0x00
|
||||
#define SSN_MISSING_BEFORE 0x01
|
||||
#define SSN_MISSING_AFTER 0x02
|
||||
#define SSN_MISSING_BOTH (SSN_MISSING_BEFORE | SSN_MISSING_AFTER)
|
||||
|
||||
#define SSN_DIR_NONE 0x0
|
||||
#define SSN_DIR_CLIENT 0x1
|
||||
#define SSN_DIR_SENDER 0x1
|
||||
#define SSN_DIR_SERVER 0x2
|
||||
#define SSN_DIR_RESPONDER 0x2
|
||||
#define SSN_DIR_BOTH 0x03
|
||||
|
||||
#define SSNFLAG_SEEN_CLIENT 0x00000001
|
||||
#define SSNFLAG_SEEN_SENDER 0x00000001
|
||||
#define SSNFLAG_SEEN_SERVER 0x00000002
|
||||
#define SSNFLAG_SEEN_RESPONDER 0x00000002
|
||||
#define SSNFLAG_ESTABLISHED 0x00000004
|
||||
#define SSNFLAG_NMAP 0x00000008
|
||||
#define SSNFLAG_ECN_CLIENT_QUERY 0x00000010
|
||||
#define SSNFLAG_ECN_SERVER_REPLY 0x00000020
|
||||
#define SSNFLAG_HTTP_1_1 0x00000040 /* has stream seen HTTP 1.1? */
|
||||
#define SSNFLAG_SEEN_PMATCH 0x00000080 /* seen pattern match? */
|
||||
#define SSNFLAG_MIDSTREAM 0x00000100 /* picked up midstream */
|
||||
#define SSNFLAG_CLIENT_FIN 0x00000200 /* server sent fin */
|
||||
#define SSNFLAG_SERVER_FIN 0x00000400 /* client sent fin */
|
||||
#define SSNFLAG_CLIENT_PKT 0x00000800 /* packet is from the client */
|
||||
#define SSNFLAG_SERVER_PKT 0x00001000 /* packet is from the server */
|
||||
#define SSNFLAG_COUNTED_INITIALIZE 0x00002000
|
||||
#define SSNFLAG_COUNTED_ESTABLISH 0x00004000
|
||||
#define SSNFLAG_COUNTED_CLOSING 0x00008000
|
||||
#define SSNFLAG_TIMEDOUT 0x00010000
|
||||
#define SSNFLAG_PRUNED 0x00020000
|
||||
#define SSNFLAG_RESET 0x00040000
|
||||
#define SSNFLAG_DROP_CLIENT 0x00080000
|
||||
#define SSNFLAG_DROP_SERVER 0x00100000
|
||||
#define SSNFLAG_LOGGED_QUEUE_FULL 0x00200000
|
||||
#define SSNFLAG_ALL 0xFFFFFFFF /* all that and a bag of chips */
|
||||
#define SSNFLAG_NONE 0x00000000 /* nothing, an MT bag of chips */
|
||||
|
||||
#define STREAM_FLPOLICY_NONE 0x00
|
||||
#define STREAM_FLPOLICY_FOOTPRINT 0x01 /* size-based footprint flush */
|
||||
#define STREAM_FLPOLICY_LOGICAL 0x02 /* queued bytes-based flush */
|
||||
#define STREAM_FLPOLICY_RESPONSE 0x03 /* flush when we see response */
|
||||
#define STREAM_FLPOLICY_SLIDING_WINDOW 0x04 /* flush on sliding window */
|
||||
typedef enum {
|
||||
STREAM_FLPOLICY_NONE,
|
||||
STREAM_FLPOLICY_FOOTPRINT, /* size-based footprint flush */
|
||||
STREAM_FLPOLICY_LOGICAL, /* queued bytes-based flush */
|
||||
STREAM_FLPOLICY_RESPONSE, /* flush when we see response */
|
||||
STREAM_FLPOLICY_SLIDING_WINDOW, /* flush on sliding window */
|
||||
#if 0
|
||||
#define STREAM_FLPOLICY_CONSUMED 0x05 /* purge consumed bytes */
|
||||
STREAM_FLPOLICY_CONSUMED, /* purge consumed bytes */
|
||||
#endif
|
||||
#define STREAM_FLPOLICY_IGNORE 0x06 /* ignore this traffic */
|
||||
STREAM_FLPOLICY_IGNORE, /* ignore this traffic */
|
||||
STREAM_FLPOLICY_PROTOCOL, /* protocol aware flushing (PAF) */
|
||||
#ifdef NORMALIZER
|
||||
STREAM_FLPOLICY_FOOTPRINT_IPS, /* protocol agnostic ips */
|
||||
STREAM_FLPOLICY_PROTOCOL_IPS, /* protocol aware ips */
|
||||
#endif
|
||||
STREAM_FLPOLICY_FOOTPRINT_NOACK, /* protocol aware ips */
|
||||
STREAM_FLPOLICY_PROTOCOL_NOACK, /* protocol aware ips */
|
||||
|
||||
#define STREAM_FLPOLICY_MAX STREAM_FLPOLICY_IGNORE
|
||||
STREAM_FLPOLICY_DISABLED, /* reassembly disabled for this traffic */
|
||||
|
||||
STREAM_FLPOLICY_MAX
|
||||
} FlushPolicy;
|
||||
|
||||
typedef enum {
|
||||
PAF_TYPE_SERVICE,
|
||||
PAF_TYPE_PORT
|
||||
}PafType;
|
||||
|
||||
#define STREAM_FLPOLICY_SET_ABSOLUTE 0x01
|
||||
#define STREAM_FLPOLICY_SET_APPEND 0x02
|
||||
|
||||
#define UNKNOWN_PORT 0
|
||||
#define STREAM_API_VERSION5 6
|
||||
|
||||
#define STREAM_API_VERSION5 5
|
||||
typedef void (*LogExtraData)(void *ssnptr, void *config, LogFunction *funcs, uint32_t max_count, uint32_t xtradata_mask, uint32_t id, uint32_t sec);
|
||||
|
||||
typedef void (*StreamAppDataFree)(void *);
|
||||
typedef int (*PacketIterator)
|
||||
(
|
||||
struct pcap_pkthdr *,
|
||||
typedef int (*PacketIterator)( DAQ_PktHdr_t *,
|
||||
uint8_t *, /* pkt pointer */
|
||||
void * /* user-defined data pointer */
|
||||
);
|
||||
|
||||
typedef int (*StreamSegmentIterator)
|
||||
(
|
||||
struct pcap_pkthdr *,
|
||||
typedef int (*StreamSegmentIterator)( DAQ_PktHdr_t *,
|
||||
uint8_t *, /* pkt pointer */
|
||||
uint8_t *, /* payload pointer */
|
||||
uint32_t, /* sequence number */
|
||||
void * /* user-defined data pointer */
|
||||
);
|
||||
|
||||
typedef struct _StreamFlowData
|
||||
{
|
||||
BITOP boFlowbits;
|
||||
unsigned char flowb[1];
|
||||
} StreamFlowData;
|
||||
|
||||
/* for protocol aware flushing (PAF): */
|
||||
typedef enum {
|
||||
PAF_ABORT, /* non-paf operation */
|
||||
PAF_START, /* internal use only */
|
||||
PAF_SEARCH, /* searching for next flush point */
|
||||
PAF_FLUSH, /* flush at given offset */
|
||||
PAF_LIMIT, /* if paf_max is reached, flush up to given offset*/
|
||||
PAF_SKIP, /* skip ahead to given offset */
|
||||
PAF_PERFORMED_LMT_FLUSH, /* previously performed PAF_LIMIT */
|
||||
PAF_DISCARD_START, /*start of the discard point */
|
||||
PAF_DISCARD_END, /*end of the discard point */
|
||||
PAF_IGNORE, /* Used for HTTP2.0*/
|
||||
} PAF_Status;
|
||||
|
||||
typedef PAF_Status (*PAF_Callback)( /* return your scan state */
|
||||
void* session, /* session pointer */
|
||||
void** user, /* arbitrary user data hook */
|
||||
const uint8_t* data, /* in order segment data as it arrives */
|
||||
uint32_t len, /* length of data */
|
||||
uint64_t *flags, /* packet flags indicating direction of data */
|
||||
uint32_t* fp, /* flush point (offset) relative to data */
|
||||
uint32_t * fp_eoh /* flush point (offset) at end-of-header */
|
||||
);
|
||||
|
||||
typedef void (*PAF_Free_Callback)(
|
||||
void* user /* arbitrary user data hook */
|
||||
);
|
||||
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
typedef struct s_HEADER_LOCATION {
|
||||
const uint8_t *start;
|
||||
unsigned len;
|
||||
} HEADER_LOCATION;
|
||||
|
||||
typedef struct _HttpParsedHeaders
|
||||
{
|
||||
HEADER_LOCATION host, url, method, userAgent, referer, via, responseCode, server, xWorkingWith, contentType;
|
||||
} HttpParsedHeaders;
|
||||
|
||||
typedef void (*Http_Processor_Callback)(
|
||||
SFSnortPacket *p,
|
||||
HttpParsedHeaders *headers
|
||||
);
|
||||
typedef enum {
|
||||
APP_PROTOID_SERVICE,
|
||||
APP_PROTOID_CLIENT,
|
||||
APP_PROTOID_PAYLOAD,
|
||||
APP_PROTOID_MISC,
|
||||
APP_PROTOID_MAX
|
||||
} AppProtoIdIndex;
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
|
||||
typedef unsigned int ServiceEventType;
|
||||
|
||||
typedef void (*ServiceEventNotifierFunc)(void *ssnptr, ServiceEventType eventType, void *eventData);
|
||||
|
||||
typedef void (*Stream_Callback)(SFSnortPacket *);
|
||||
|
||||
struct _ExpectNode;
|
||||
typedef struct _stream_api
|
||||
{
|
||||
int version;
|
||||
|
@ -145,123 +174,6 @@ typedef struct _stream_api
|
|||
*/
|
||||
int (*alert_inline_midstream_drops)(void);
|
||||
|
||||
/* Set direction of session
|
||||
*
|
||||
* Parameters:
|
||||
* Session Ptr
|
||||
* New Direction
|
||||
* IP
|
||||
* Port
|
||||
*/
|
||||
void (*update_direction)(void *, char, snort_ip_p, uint16_t );
|
||||
|
||||
/* Get direction of packet
|
||||
*
|
||||
* Parameters:
|
||||
* Packet
|
||||
*/
|
||||
uint32_t (*get_packet_direction)(SFSnortPacket *);
|
||||
|
||||
/* Stop inspection for session, up to count bytes (-1 to ignore
|
||||
* for life or until resume).
|
||||
*
|
||||
* If response flag is set, automatically resume inspection up to
|
||||
* count bytes when a data packet in the other direction is seen.
|
||||
*
|
||||
* Also marks the packet to be ignored
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Packet
|
||||
* Direction
|
||||
* Bytes
|
||||
* Response Flag
|
||||
*/
|
||||
void (*stop_inspection)(void *, SFSnortPacket *, char, int32_t, int);
|
||||
|
||||
/* Turn off inspection for potential session.
|
||||
* Adds session identifiers to a hash table.
|
||||
* TCP only.
|
||||
*
|
||||
* Parameters
|
||||
* IP addr #1
|
||||
* Port #1
|
||||
* IP addr #2
|
||||
* Port #2
|
||||
* Protocol
|
||||
* Direction
|
||||
* Flags (permanent)
|
||||
*
|
||||
* Returns
|
||||
* 0 on success
|
||||
* -1 on failure
|
||||
*/
|
||||
int (*ignore_session)(snort_ip_p, uint16_t, snort_ip_p, uint16_t,
|
||||
char, char, char);
|
||||
|
||||
/* Resume inspection for session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Direction
|
||||
*/
|
||||
void (*resume_inspection)(void *, char);
|
||||
|
||||
/* Drop traffic arriving on session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Direction
|
||||
*/
|
||||
void (*drop_traffic)(void *, char);
|
||||
|
||||
/* Drop retransmitted packet arriving on session.
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
*/
|
||||
void (*drop_packet)(SFSnortPacket *);
|
||||
|
||||
/* Set a reference to application data for a session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Application Protocol
|
||||
* Application Data reference (pointer)
|
||||
* Application Data free function
|
||||
*/
|
||||
void (*set_application_data)(void *, uint32_t, void *, StreamAppDataFree);
|
||||
|
||||
/* Set a reference to application data for a session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Application Protocol
|
||||
*
|
||||
* Returns
|
||||
* Application Data reference (pointer)
|
||||
*/
|
||||
void *(*get_application_data)(void *, uint32_t);
|
||||
|
||||
/* Sets the flags for a session
|
||||
* This ORs the supplied flags with the previous values
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Flags
|
||||
*
|
||||
* Returns
|
||||
* New Flags
|
||||
*/
|
||||
uint32_t (*set_session_flags)(void *, uint32_t);
|
||||
|
||||
/* Gets the flags for a session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*/
|
||||
uint32_t (*get_session_flags)(void *);
|
||||
|
||||
/* Flushes the stream on an alert
|
||||
* Side that is flushed is the same as the packet.
|
||||
*
|
||||
|
@ -270,6 +182,14 @@ typedef struct _stream_api
|
|||
*/
|
||||
int (*alert_flush_stream)(SFSnortPacket *);
|
||||
|
||||
/* Flushes the stream on arrival of packet
|
||||
* Side that is flushed is the same side of the packet.
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
*/
|
||||
int (*request_flush_stream)(SFSnortPacket *);
|
||||
|
||||
/* Flushes the stream on arrival of another packet
|
||||
* Side that is flushed is the opposite of the packet.
|
||||
*
|
||||
|
@ -334,15 +254,19 @@ typedef struct _stream_api
|
|||
*/
|
||||
int (*check_session_alerted)(void *, SFSnortPacket *p, uint32_t, uint32_t);
|
||||
|
||||
/* Get Flowbits data
|
||||
/* Set Extra Data Logging
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
*
|
||||
* Session Ptr
|
||||
* Packet
|
||||
* gen ID
|
||||
* sig ID
|
||||
* Returns
|
||||
* Ptr to Flowbits Data
|
||||
* 0 success
|
||||
* -1 failure ( no alerts )
|
||||
*
|
||||
*/
|
||||
StreamFlowData *(*get_flow_data)(SFSnortPacket *p);
|
||||
int (*update_session_alert)(void *, SFSnortPacket *p, uint32_t, uint32_t, uint32_t, uint32_t);
|
||||
|
||||
/* Set reassembly flush policy/direction for given session
|
||||
*
|
||||
|
@ -355,8 +279,19 @@ typedef struct _stream_api
|
|||
* Returns
|
||||
* direction(s) of reassembly for session
|
||||
*/
|
||||
/* XXX Do not attempt to set flush policy to PROTOCOL or PROTOCOL_IPS. */
|
||||
char (*set_reassembly)(void *, uint8_t, char, char);
|
||||
|
||||
/* Set direction of session
|
||||
*
|
||||
* Parameters:
|
||||
* Session Ptr
|
||||
* New Direction
|
||||
* IP
|
||||
* Port
|
||||
*/
|
||||
void (*update_direction)(void *, char, sfaddr_t*, uint16_t );
|
||||
|
||||
/* Get reassembly direction for given session
|
||||
*
|
||||
* Parameters
|
||||
|
@ -417,40 +352,12 @@ typedef struct _stream_api
|
|||
*/
|
||||
char (*missed_packets)(void *, char);
|
||||
|
||||
#ifdef TARGET_BASED
|
||||
/* Get the protocol identifier from a stream
|
||||
/* Drop retransmitted packet arriving on session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*
|
||||
* Returns
|
||||
* integer protocol identifier
|
||||
* Packet
|
||||
*/
|
||||
int16_t (*get_application_protocol_id)(void *);
|
||||
|
||||
/* Set the protocol identifier for a stream
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* ID
|
||||
*
|
||||
* Returns
|
||||
* integer protocol identifier
|
||||
*/
|
||||
int16_t (*set_application_protocol_id)(void *, int16_t);
|
||||
|
||||
/** Set service to either ignore, inspect or maintain session state.
|
||||
* If this is called during parsing a preprocessor configuration, make
|
||||
* sure to set the parsing argument to 1.
|
||||
*/
|
||||
void (*set_service_filter_status)(int service, int status, tSfPolicyId policyId, int parsing);
|
||||
#endif
|
||||
|
||||
/** Set port to either ignore, inspect or maintain session state.
|
||||
* If this is called during parsing a preprocessor configuration, make
|
||||
* sure to set the parsing argument to 1.
|
||||
*/
|
||||
void (*set_port_filter_status)(int protocol, uint16_t port, int status, tSfPolicyId policyId, int parsing);
|
||||
void (*drop_packet)(SFSnortPacket *);
|
||||
|
||||
/* Get the current flush point
|
||||
*
|
||||
|
@ -472,45 +379,259 @@ typedef struct _stream_api
|
|||
*/
|
||||
void (*set_flush_point)(void *, char, uint32_t);
|
||||
|
||||
#ifdef TARGET_BASED
|
||||
// register for stateful scanning of in-order payload to determine flush points
|
||||
// autoEnable allows PAF regardless of s5 ports config
|
||||
uint8_t (*register_paf_port)( struct _SnortConfig *sc, tSfPolicyId, uint16_t server_port, bool toServer,
|
||||
PAF_Callback, bool autoEnable);
|
||||
|
||||
// get any paf user data stored for this session
|
||||
void** (*get_paf_user_data)(void* ssnptr, bool toServer, uint8_t id);
|
||||
|
||||
bool (*is_paf_active)(void* ssn, bool toServer);
|
||||
bool (*activate_paf)(void* ssn, int dir, int16_t service, uint8_t type);
|
||||
|
||||
/** Set flag to force sessions to be created on SYN packets.
|
||||
* This function can only be used with independent bits
|
||||
* acquired from get_preprocessor_status_bit. If this is called
|
||||
* during parsing a preprocessor configuration, make sure to
|
||||
* set the parsing argument to 1.
|
||||
*/
|
||||
void (*set_tcp_syn_session_status)(struct _SnortConfig *sc, uint16_t status, tSfPolicyId policyId, int parsing);
|
||||
|
||||
/** Unset flag that forces sessions to be created on SYN
|
||||
* packets. This function can only be used with independent
|
||||
* bits acquired from get_preprocessor_status_bit. If this is
|
||||
* called during parsing a preprocessor configuration, make
|
||||
* sure to set the parsing argument to 1.
|
||||
*/
|
||||
void (*unset_tcp_syn_session_status)(struct _SnortConfig *sc, uint16_t status, tSfPolicyId policyId, int parsing);
|
||||
|
||||
//Register callbacks for extra data logging
|
||||
uint32_t (*reg_xtra_data_cb)(LogFunction );
|
||||
|
||||
//Register Extra Data Log Function
|
||||
void (*reg_xtra_data_log)(LogExtraData, void *);
|
||||
|
||||
//Get the Extra data map
|
||||
uint32_t (*get_xtra_data_map)(LogFunction **);
|
||||
|
||||
// register for stateful scanning of in-order payload to determine flush points
|
||||
// autoEnable allows PAF regardless of s5 ports config
|
||||
uint8_t (*register_paf_service)(
|
||||
struct _SnortConfig *sc, tSfPolicyId, uint16_t service, bool toServer,
|
||||
PAF_Callback, bool autoEnable);
|
||||
|
||||
void (*set_extra_data)(void*, SFSnortPacket *, uint32_t);
|
||||
void (*clear_extra_data)(void*, SFSnortPacket *, uint32_t);
|
||||
|
||||
// These methods may move to Session:
|
||||
//
|
||||
/* Set port to either ignore, inspect or maintain session state.
|
||||
* If this is called during parsing a preprocessor configuration, make
|
||||
* sure to set the parsing argument to 1.
|
||||
*/
|
||||
void (*set_port_filter_status)(struct _SnortConfig *sc, IpProto protocol, uint16_t port, uint16_t status,
|
||||
tSfPolicyId policyId, int parsing);
|
||||
|
||||
/* Unset port to maintain session state. This function can only
|
||||
* be used with independent bits acquired from
|
||||
* get_preprocessor_status_bit. If this is called during
|
||||
* parsing a preprocessor configuration, make sure to set the
|
||||
* parsing argument to 1.
|
||||
*/
|
||||
void (*unset_port_filter_status)(struct _SnortConfig *sc, IpProto protocol, uint16_t port, uint16_t status,
|
||||
tSfPolicyId policyId, int parsing);
|
||||
|
||||
|
||||
/* Set service to either ignore, inspect or maintain session state.
|
||||
* If this is called during parsing a preprocessor configuration, make
|
||||
* sure to set the parsing argument to 1.
|
||||
*/
|
||||
void (*set_service_filter_status)( struct _SnortConfig *sc, int service, int status,
|
||||
tSfPolicyId policyId, int parsing );
|
||||
|
||||
/* Register specified port for reassembly on specified network. If network is NULL the
|
||||
* port is register for reassembly on the default stream network policy
|
||||
*/
|
||||
void (*register_reassembly_port)( char *, uint16_t, int );
|
||||
|
||||
/* Unregister specified port for reassembly on specified network. If network is NULL the
|
||||
* port is unregistered for reassembly on the default stream network policy
|
||||
*/
|
||||
void (*unregister_reassembly_port)( char *, uint16_t, int );
|
||||
|
||||
/* Time out the specified session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*/
|
||||
void (*expire_session)(void *);
|
||||
|
||||
/* register returns a non-zero id for use with set; zero is error */
|
||||
unsigned (*register_event_handler)(Stream_Callback);
|
||||
bool (*set_event_handler)(void* ssnptr, unsigned id, Stream_Event);
|
||||
void (*set_reset_policy)(void* ssn, int dir, uint16_t policy, uint16_t mss);
|
||||
void (*set_session_decrypted)(void *ssn, bool enable);
|
||||
bool (*is_session_decrypted)(void *ssn);
|
||||
|
||||
/* Turn off inspection for potential session.
|
||||
* Adds session identifiers to a hash table.
|
||||
* TCP only.
|
||||
*
|
||||
* Parameters
|
||||
* Control Channel Packet
|
||||
* IP addr #1
|
||||
* Port #1
|
||||
* IP addr #2
|
||||
* Port #2
|
||||
* Protocol
|
||||
* ID
|
||||
* ID,
|
||||
* Preprocessor ID calling this function,
|
||||
* Preprocessor specific data,
|
||||
* Preprocessor data free function. If NULL, then static buffer is assumed.
|
||||
* Preprocessor event handler callback ID (used when calling set_event_handler)
|
||||
* Preprocessor event on which to callback (only used when cbId is not NULL )
|
||||
*
|
||||
* Returns
|
||||
* 0 on success
|
||||
* -1 on failure
|
||||
*/
|
||||
int (*set_application_protocol_id_expected)(snort_ip_p, uint16_t, snort_ip_p, uint16_t,
|
||||
char, int16_t);
|
||||
#endif
|
||||
int (*set_application_protocol_id_expected_preassign_callback)(const SFSnortPacket *, sfaddr_t*, uint16_t,
|
||||
sfaddr_t*, uint16_t, uint8_t, int16_t, uint32_t, void*, void (*)(void*), unsigned, Stream_Event,
|
||||
struct _ExpectNode**);
|
||||
|
||||
// print and reset normalization statistics
|
||||
void (*print_normalization_stats)(void);
|
||||
void (*reset_normalization_stats)(void);
|
||||
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
/* set detected service, client, payload and misc Applicaiton Id.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Snort Protocol Id for service application
|
||||
* Snort Protocol Id for client application
|
||||
* Snort Protocol Id for payload application
|
||||
* Snort Protocol Id for misc application
|
||||
*/
|
||||
void (*set_application_id)(void* ssnptr, int16_t serviceAppid, int16_t clientAppid, int16_t payloadAppId, int16_t miscAppid);
|
||||
|
||||
/* get detected service, client, payload and misc Applicaiton Id.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Snort Protocol Id for service application
|
||||
* Snort Protocol Id for client application
|
||||
* Snort Protocol Id for payload application
|
||||
* Snort Protocol Id for misc application
|
||||
*/
|
||||
void (*get_application_id)(void* ssnptr, int16_t *serviceAppid, int16_t *clientAppid, int16_t *payloadAppId, int16_t *miscAppid);
|
||||
|
||||
|
||||
/* Register callback function for processing HTTP headers extracted by HTTP preprocessor.
|
||||
*
|
||||
* Parameters
|
||||
* Callback function pointer
|
||||
*/
|
||||
int (*register_http_header_callback)(Http_Processor_Callback);
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
|
||||
/* function to publish events
|
||||
*
|
||||
* Parameters
|
||||
* preprocId - preprocess identifier
|
||||
* ssnptr - sesssion pointer
|
||||
* eventType - type of event enumerated in ServiceEventType
|
||||
* eventData - void data pointer. Structure must be agreed between publisher and subscriber.
|
||||
*/
|
||||
bool (*service_event_publish)(unsigned int preprocId, void *ssnptr, ServiceEventType eventType, void *eventData);
|
||||
|
||||
/* function for subcribing to events.
|
||||
*
|
||||
* Parameters
|
||||
* preprocId - preprocess identifier
|
||||
* eventType - type of event enumerated in ServiceEventType
|
||||
* Callback function pointer
|
||||
*/
|
||||
bool (*service_event_subscribe)(unsigned int preprocId, ServiceEventType eventType, ServiceEventNotifierFunc cb);
|
||||
|
||||
/* function to register for customized free function
|
||||
*
|
||||
* Parameters
|
||||
* id - registered paf identifier
|
||||
* Callback function pointer
|
||||
*/
|
||||
void (*register_paf_free)(uint8_t id, PAF_Free_Callback);
|
||||
|
||||
/* function to return the wire packet
|
||||
*
|
||||
* Parameters
|
||||
* None
|
||||
*/
|
||||
SFSnortPacket *(*get_wire_packet)(void);
|
||||
|
||||
/* function which returns the forward dir or reverse dir to h2_paf
|
||||
*
|
||||
* Parameter
|
||||
* None
|
||||
*/
|
||||
uint8_t (*get_flush_policy_dir)(void);
|
||||
|
||||
/* function returns if its a http/2 session
|
||||
*
|
||||
* Parameters
|
||||
* Session Pointer
|
||||
*/
|
||||
bool (*is_session_http2)(void *ssn);
|
||||
|
||||
/* function sets http/2 session flag
|
||||
*
|
||||
* Parameters
|
||||
* Session Pointer
|
||||
*/
|
||||
void (*set_session_http2)(void *ssn);
|
||||
|
||||
bool (*is_show_rebuilt_packets_enabled)();
|
||||
/* function returns if its a http/2 session Upgrade
|
||||
*
|
||||
* Parameters
|
||||
* Session Pointer
|
||||
*/
|
||||
bool (*is_session_http2_upg)(void *ssn);
|
||||
|
||||
/* function sets http/2 session Upgrade flag
|
||||
*
|
||||
* Parameters
|
||||
* Session Pointer
|
||||
*/
|
||||
void (*set_session_http2_upg)(void *ssn);
|
||||
|
||||
/* function for setting proto_flags
|
||||
*
|
||||
* Parameters
|
||||
* ssnptr - sesssion pointer
|
||||
* flags - flags
|
||||
*/
|
||||
void (*set_proto_flags)(void* ssnptr, uint32_t flags);
|
||||
|
||||
/* function for unsetting proto_flags
|
||||
*
|
||||
* Parameters
|
||||
* ssnptr - sesssion pointer
|
||||
* flags - flags
|
||||
*/
|
||||
void (*unset_proto_flags)(void* ssnptr, uint32_t flags);
|
||||
|
||||
/* Gets the proto_flags for a session
|
||||
*
|
||||
* Parameters
|
||||
* ssnptr - sesssion pointer
|
||||
*/
|
||||
uint32_t (*get_proto_flags)(void *ssnptr);
|
||||
|
||||
} StreamAPI;
|
||||
|
||||
/* To be set by Stream5 (or Stream4) */
|
||||
/* To be set by Stream */
|
||||
extern StreamAPI *stream_api;
|
||||
|
||||
/**Port Inspection States. Port can be either ignored,
|
||||
* or inspected or session tracked. The values are bitmasks.
|
||||
*/
|
||||
typedef enum {
|
||||
/**Dont monitor the port. */
|
||||
PORT_MONITOR_NONE = 0x00,
|
||||
|
||||
/**Inspect the port. */
|
||||
PORT_MONITOR_INSPECT = 0x01,
|
||||
|
||||
/**perform session tracking on the port. */
|
||||
PORT_MONITOR_SESSION = 0x02
|
||||
|
||||
} PortMonitorStates;
|
||||
|
||||
#endif /* STREAM_API_H_ */
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/* $Id$ */
|
||||
|
||||
/*
|
||||
* ** Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* ** Copyright (C) 2005-2013 Sourcefire, Inc.
|
||||
* ** AUTHOR: Steven Sturges
|
||||
* **
|
||||
* ** This program is free software; you can redistribute it and/or modify
|
||||
|
@ -17,13 +17,13 @@
|
|||
* **
|
||||
* ** You should have received a copy of the GNU General Public License
|
||||
* ** along with this program; if not, write to the Free Software
|
||||
* ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
* */
|
||||
|
||||
/* stream_api.h
|
||||
*
|
||||
* Purpose: Definition of the StreamAPI. To be used as a common interface
|
||||
* for TCP (and later UDP & ICMP) Stream access for other
|
||||
* for TCP (and later UDP & ICMP) Stream access for other
|
||||
* preprocessors and detection plugins.
|
||||
*
|
||||
* Arguments:
|
||||
|
@ -39,6 +39,10 @@
|
|||
#ifndef STREAM_API_H_
|
||||
#define STREAM_API_H_
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include "ipv6_port.h"
|
||||
|
@ -46,90 +50,115 @@
|
|||
#include "bitop.h"
|
||||
#include "decode.h"
|
||||
#include "sfPolicy.h"
|
||||
#include "session_api.h"
|
||||
|
||||
#define IGNORE_FLAG_ALWAYS 0x01
|
||||
|
||||
#define SSN_MISSING_NONE 0x00
|
||||
#define SSN_MISSING_BEFORE 0x01
|
||||
#define SSN_MISSING_AFTER 0x02
|
||||
#define SSN_MISSING_BOTH (SSN_MISSING_BEFORE | SSN_MISSING_AFTER)
|
||||
|
||||
#define SSN_DIR_NONE 0x0
|
||||
#define SSN_DIR_CLIENT 0x1
|
||||
#define SSN_DIR_SENDER 0x1
|
||||
#define SSN_DIR_SERVER 0x2
|
||||
#define SSN_DIR_RESPONDER 0x2
|
||||
#define SSN_DIR_BOTH 0x03
|
||||
|
||||
#define SSNFLAG_SEEN_CLIENT 0x00000001
|
||||
#define SSNFLAG_SEEN_SENDER 0x00000001
|
||||
#define SSNFLAG_SEEN_SERVER 0x00000002
|
||||
#define SSNFLAG_SEEN_RESPONDER 0x00000002
|
||||
#define SSNFLAG_ESTABLISHED 0x00000004
|
||||
#define SSNFLAG_NMAP 0x00000008
|
||||
#define SSNFLAG_ECN_CLIENT_QUERY 0x00000010
|
||||
#define SSNFLAG_ECN_SERVER_REPLY 0x00000020
|
||||
#define SSNFLAG_HTTP_1_1 0x00000040 /* has stream seen HTTP 1.1? */
|
||||
#define SSNFLAG_SEEN_PMATCH 0x00000080 /* seen pattern match? */
|
||||
#define SSNFLAG_MIDSTREAM 0x00000100 /* picked up midstream */
|
||||
#define SSNFLAG_CLIENT_FIN 0x00000200 /* server sent fin */
|
||||
#define SSNFLAG_SERVER_FIN 0x00000400 /* client sent fin */
|
||||
#define SSNFLAG_CLIENT_PKT 0x00000800 /* packet is from the client */
|
||||
#define SSNFLAG_SERVER_PKT 0x00001000 /* packet is from the server */
|
||||
#define SSNFLAG_COUNTED_INITIALIZE 0x00002000
|
||||
#define SSNFLAG_COUNTED_ESTABLISH 0x00004000
|
||||
#define SSNFLAG_COUNTED_CLOSING 0x00008000
|
||||
#define SSNFLAG_TIMEDOUT 0x00010000
|
||||
#define SSNFLAG_PRUNED 0x00020000
|
||||
#define SSNFLAG_RESET 0x00040000
|
||||
#define SSNFLAG_DROP_CLIENT 0x00080000
|
||||
#define SSNFLAG_DROP_SERVER 0x00100000
|
||||
#define SSNFLAG_LOGGED_QUEUE_FULL 0x00200000
|
||||
#define SSNFLAG_ALL 0xFFFFFFFF /* all that and a bag of chips */
|
||||
#define SSNFLAG_NONE 0x00000000 /* nothing, an MT bag of chips */
|
||||
|
||||
#define STREAM_FLPOLICY_NONE 0x00
|
||||
#define STREAM_FLPOLICY_FOOTPRINT 0x01 /* size-based footprint flush */
|
||||
#define STREAM_FLPOLICY_LOGICAL 0x02 /* queued bytes-based flush */
|
||||
#define STREAM_FLPOLICY_RESPONSE 0x03 /* flush when we see response */
|
||||
#define STREAM_FLPOLICY_SLIDING_WINDOW 0x04 /* flush on sliding window */
|
||||
typedef enum {
|
||||
STREAM_FLPOLICY_NONE,
|
||||
STREAM_FLPOLICY_FOOTPRINT, /* size-based footprint flush */
|
||||
STREAM_FLPOLICY_LOGICAL, /* queued bytes-based flush */
|
||||
STREAM_FLPOLICY_RESPONSE, /* flush when we see response */
|
||||
STREAM_FLPOLICY_SLIDING_WINDOW, /* flush on sliding window */
|
||||
#if 0
|
||||
#define STREAM_FLPOLICY_CONSUMED 0x05 /* purge consumed bytes */
|
||||
STREAM_FLPOLICY_CONSUMED, /* purge consumed bytes */
|
||||
#endif
|
||||
#define STREAM_FLPOLICY_IGNORE 0x06 /* ignore this traffic */
|
||||
STREAM_FLPOLICY_IGNORE, /* ignore this traffic */
|
||||
STREAM_FLPOLICY_PROTOCOL, /* protocol aware flushing (PAF) */
|
||||
#ifdef NORMALIZER
|
||||
STREAM_FLPOLICY_FOOTPRINT_IPS, /* protocol agnostic ips */
|
||||
STREAM_FLPOLICY_PROTOCOL_IPS, /* protocol aware ips */
|
||||
#endif
|
||||
STREAM_FLPOLICY_FOOTPRINT_NOACK, /* protocol aware ips */
|
||||
STREAM_FLPOLICY_PROTOCOL_NOACK, /* protocol aware ips */
|
||||
|
||||
#define STREAM_FLPOLICY_MAX STREAM_FLPOLICY_IGNORE
|
||||
STREAM_FLPOLICY_DISABLED, /* reassembly disabled for this traffic */
|
||||
|
||||
STREAM_FLPOLICY_MAX
|
||||
} FlushPolicy;
|
||||
|
||||
typedef enum {
|
||||
PAF_TYPE_SERVICE,
|
||||
PAF_TYPE_PORT
|
||||
}PafType;
|
||||
|
||||
#define STREAM_FLPOLICY_SET_ABSOLUTE 0x01
|
||||
#define STREAM_FLPOLICY_SET_APPEND 0x02
|
||||
|
||||
#define UNKNOWN_PORT 0
|
||||
#define STREAM_API_VERSION5 6
|
||||
|
||||
#define STREAM_API_VERSION5 5
|
||||
typedef void (*LogExtraData)(void *ssnptr, void *config, LogFunction *funcs, uint32_t max_count, uint32_t xtradata_mask, uint32_t id, uint32_t sec);
|
||||
|
||||
typedef void (*StreamAppDataFree)(void *);
|
||||
typedef int (*PacketIterator)
|
||||
(
|
||||
struct pcap_pkthdr *,
|
||||
typedef int (*PacketIterator)( DAQ_PktHdr_t *,
|
||||
uint8_t *, /* pkt pointer */
|
||||
void * /* user-defined data pointer */
|
||||
);
|
||||
|
||||
typedef int (*StreamSegmentIterator)
|
||||
(
|
||||
struct pcap_pkthdr *,
|
||||
typedef int (*StreamSegmentIterator)( DAQ_PktHdr_t *,
|
||||
uint8_t *, /* pkt pointer */
|
||||
uint8_t *, /* payload pointer */
|
||||
uint32_t, /* sequence number */
|
||||
void * /* user-defined data pointer */
|
||||
);
|
||||
|
||||
typedef struct _StreamFlowData
|
||||
{
|
||||
BITOP boFlowbits;
|
||||
unsigned char flowb[1];
|
||||
} StreamFlowData;
|
||||
|
||||
/* for protocol aware flushing (PAF): */
|
||||
typedef enum {
|
||||
PAF_ABORT, /* non-paf operation */
|
||||
PAF_START, /* internal use only */
|
||||
PAF_SEARCH, /* searching for next flush point */
|
||||
PAF_FLUSH, /* flush at given offset */
|
||||
PAF_LIMIT, /* if paf_max is reached, flush up to given offset*/
|
||||
PAF_SKIP, /* skip ahead to given offset */
|
||||
PAF_PERFORMED_LMT_FLUSH, /* previously performed PAF_LIMIT */
|
||||
PAF_DISCARD_START, /*start of the discard point */
|
||||
PAF_DISCARD_END, /*end of the discard point */
|
||||
PAF_IGNORE, /* Used for HTTP2.0*/
|
||||
} PAF_Status;
|
||||
|
||||
typedef PAF_Status (*PAF_Callback)( /* return your scan state */
|
||||
void* session, /* session pointer */
|
||||
void** user, /* arbitrary user data hook */
|
||||
const uint8_t* data, /* in order segment data as it arrives */
|
||||
uint32_t len, /* length of data */
|
||||
uint64_t *flags, /* packet flags indicating direction of data */
|
||||
uint32_t* fp, /* flush point (offset) relative to data */
|
||||
uint32_t * fp_eoh /* flush point (offset) at end-of-header */
|
||||
);
|
||||
|
||||
typedef void (*PAF_Free_Callback)(
|
||||
void* user /* arbitrary user data hook */
|
||||
);
|
||||
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
typedef struct s_HEADER_LOCATION {
|
||||
const uint8_t *start;
|
||||
unsigned len;
|
||||
} HEADER_LOCATION;
|
||||
|
||||
typedef struct _HttpParsedHeaders
|
||||
{
|
||||
HEADER_LOCATION host, url, method, userAgent, referer, via, responseCode, server, xWorkingWith, contentType;
|
||||
} HttpParsedHeaders;
|
||||
|
||||
typedef void (*Http_Processor_Callback)(
|
||||
Packet *p,
|
||||
HttpParsedHeaders *headers
|
||||
);
|
||||
typedef enum {
|
||||
APP_PROTOID_SERVICE,
|
||||
APP_PROTOID_CLIENT,
|
||||
APP_PROTOID_PAYLOAD,
|
||||
APP_PROTOID_MISC,
|
||||
APP_PROTOID_MAX
|
||||
} AppProtoIdIndex;
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
|
||||
typedef unsigned int ServiceEventType;
|
||||
|
||||
typedef void (*ServiceEventNotifierFunc)(void *ssnptr, ServiceEventType eventType, void *eventData);
|
||||
|
||||
typedef void (*Stream_Callback)(Packet *);
|
||||
|
||||
struct _ExpectNode;
|
||||
typedef struct _stream_api
|
||||
{
|
||||
int version;
|
||||
|
@ -145,123 +174,6 @@ typedef struct _stream_api
|
|||
*/
|
||||
int (*alert_inline_midstream_drops)(void);
|
||||
|
||||
/* Set direction of session
|
||||
*
|
||||
* Parameters:
|
||||
* Session Ptr
|
||||
* New Direction
|
||||
* IP
|
||||
* Port
|
||||
*/
|
||||
void (*update_direction)(void *, char, snort_ip_p, uint16_t );
|
||||
|
||||
/* Get direction of packet
|
||||
*
|
||||
* Parameters:
|
||||
* Packet
|
||||
*/
|
||||
uint32_t (*get_packet_direction)(Packet *);
|
||||
|
||||
/* Stop inspection for session, up to count bytes (-1 to ignore
|
||||
* for life or until resume).
|
||||
*
|
||||
* If response flag is set, automatically resume inspection up to
|
||||
* count bytes when a data packet in the other direction is seen.
|
||||
*
|
||||
* Also marks the packet to be ignored
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Packet
|
||||
* Direction
|
||||
* Bytes
|
||||
* Response Flag
|
||||
*/
|
||||
void (*stop_inspection)(void *, Packet *, char, int32_t, int);
|
||||
|
||||
/* Turn off inspection for potential session.
|
||||
* Adds session identifiers to a hash table.
|
||||
* TCP only.
|
||||
*
|
||||
* Parameters
|
||||
* IP addr #1
|
||||
* Port #1
|
||||
* IP addr #2
|
||||
* Port #2
|
||||
* Protocol
|
||||
* Direction
|
||||
* Flags (permanent)
|
||||
*
|
||||
* Returns
|
||||
* 0 on success
|
||||
* -1 on failure
|
||||
*/
|
||||
int (*ignore_session)(snort_ip_p, uint16_t, snort_ip_p, uint16_t,
|
||||
char, char, char);
|
||||
|
||||
/* Resume inspection for session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Direction
|
||||
*/
|
||||
void (*resume_inspection)(void *, char);
|
||||
|
||||
/* Drop traffic arriving on session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Direction
|
||||
*/
|
||||
void (*drop_traffic)(void *, char);
|
||||
|
||||
/* Drop retransmitted packet arriving on session.
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
*/
|
||||
void (*drop_packet)(Packet *);
|
||||
|
||||
/* Set a reference to application data for a session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Application Protocol
|
||||
* Application Data reference (pointer)
|
||||
* Application Data free function
|
||||
*/
|
||||
void (*set_application_data)(void *, uint32_t, void *, StreamAppDataFree);
|
||||
|
||||
/* Set a reference to application data for a session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Application Protocol
|
||||
*
|
||||
* Returns
|
||||
* Application Data reference (pointer)
|
||||
*/
|
||||
void *(*get_application_data)(void *, uint32_t);
|
||||
|
||||
/* Sets the flags for a session
|
||||
* This ORs the supplied flags with the previous values
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Flags
|
||||
*
|
||||
* Returns
|
||||
* New Flags
|
||||
*/
|
||||
uint32_t (*set_session_flags)(void *, uint32_t);
|
||||
|
||||
/* Gets the flags for a session
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*/
|
||||
uint32_t (*get_session_flags)(void *);
|
||||
|
||||
/* Flushes the stream on an alert
|
||||
* Side that is flushed is the same as the packet.
|
||||
*
|
||||
|
@ -270,6 +182,14 @@ typedef struct _stream_api
|
|||
*/
|
||||
int (*alert_flush_stream)(Packet *);
|
||||
|
||||
/* Flushes the stream on arrival of packet
|
||||
* Side that is flushed is the same side of the packet.
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
*/
|
||||
int (*request_flush_stream)(Packet *);
|
||||
|
||||
/* Flushes the stream on arrival of another packet
|
||||
* Side that is flushed is the opposite of the packet.
|
||||
*
|
||||
|
@ -334,15 +254,19 @@ typedef struct _stream_api
|
|||
*/
|
||||
int (*check_session_alerted)(void *, Packet *p, uint32_t, uint32_t);
|
||||
|
||||
/* Get Flowbits data
|
||||
/* Set Extra Data Logging
|
||||
*
|
||||
* Parameters
|
||||
* Packet
|
||||
*
|
||||
* Session Ptr
|
||||
* Packet
|
||||
* gen ID
|
||||
* sig ID
|
||||
* Returns
|
||||
* Ptr to Flowbits Data
|
||||
* 0 success
|
||||
* -1 failure ( no alerts )
|
||||
*
|
||||
*/
|
||||
StreamFlowData *(*get_flow_data)(Packet *p);
|
||||
int (*update_session_alert)(void *, Packet *p, uint32_t, uint32_t, uint32_t, uint32_t);
|
||||
|
||||
/* Set reassembly flush policy/direction for given session
|
||||
*
|
||||
|
@ -355,8 +279,19 @@ typedef struct _stream_api
|
|||
* Returns
|
||||
* direction(s) of reassembly for session
|
||||
*/
|
||||
/* XXX Do not attempt to set flush policy to PROTOCOL or PROTOCOL_IPS. */
|
||||
char (*set_reassembly)(void *, uint8_t, char, char);
|
||||
|
||||
/* Set direction of session
|
||||
*
|
||||
* Parameters:
|
||||
* Session Ptr
|
||||
* New Direction
|
||||
* IP
|
||||
* Port
|
||||
*/
|
||||
void (*update_direction)(void *, char, sfaddr_t*, uint16_t );
|
||||
|
||||
/* Get reassembly direction for given session
|
||||
*
|
||||
* Parameters
|
||||
|
@ -417,40 +352,12 @@ typedef struct _stream_api
|
|||
*/
|
||||
char (*missed_packets)(void *, char);
|
||||
|
||||
#ifdef TARGET_BASED
|
||||
/* Get the protocol identifier from a stream
|
||||
/* Drop retransmitted packet arriving on session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*
|
||||
* Returns
|
||||
* integer protocol identifier
|
||||
* Packet
|
||||
*/
|
||||
int16_t (*get_application_protocol_id)(void *);
|
||||
|
||||
/* Set the protocol identifier for a stream
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* ID
|
||||
*
|
||||
* Returns
|
||||
* integer protocol identifier
|
||||
*/
|
||||
int16_t (*set_application_protocol_id)(void *, int16_t);
|
||||
|
||||
/** Set service to either ignore, inspect or maintain session state.
|
||||
* If this is called during parsing a preprocessor configuration, make
|
||||
* sure to set the parsing argument to 1.
|
||||
*/
|
||||
void (*set_service_filter_status)(int service, int status, tSfPolicyId policyId, int parsing);
|
||||
#endif
|
||||
|
||||
/** Set port to either ignore, inspect or maintain session state.
|
||||
* If this is called during parsing a preprocessor configuration, make
|
||||
* sure to set the parsing argument to 1.
|
||||
*/
|
||||
void (*set_port_filter_status)(int protocol, uint16_t port, int status, tSfPolicyId policyId, int parsing);
|
||||
void (*drop_packet)(Packet *);
|
||||
|
||||
/* Get the current flush point
|
||||
*
|
||||
|
@ -472,45 +379,259 @@ typedef struct _stream_api
|
|||
*/
|
||||
void (*set_flush_point)(void *, char, uint32_t);
|
||||
|
||||
#ifdef TARGET_BASED
|
||||
// register for stateful scanning of in-order payload to determine flush points
|
||||
// autoEnable allows PAF regardless of s5 ports config
|
||||
uint8_t (*register_paf_port)( struct _SnortConfig *sc, tSfPolicyId, uint16_t server_port, bool toServer,
|
||||
PAF_Callback, bool autoEnable);
|
||||
|
||||
// get any paf user data stored for this session
|
||||
void** (*get_paf_user_data)(void* ssnptr, bool toServer, uint8_t id);
|
||||
|
||||
bool (*is_paf_active)(void* ssn, bool toServer);
|
||||
bool (*activate_paf)(void* ssn, int dir, int16_t service, uint8_t type);
|
||||
|
||||
/** Set flag to force sessions to be created on SYN packets.
|
||||
* This function can only be used with independent bits
|
||||
* acquired from get_preprocessor_status_bit. If this is called
|
||||
* during parsing a preprocessor configuration, make sure to
|
||||
* set the parsing argument to 1.
|
||||
*/
|
||||
void (*set_tcp_syn_session_status)(struct _SnortConfig *sc, uint16_t status, tSfPolicyId policyId, int parsing);
|
||||
|
||||
/** Unset flag that forces sessions to be created on SYN
|
||||
* packets. This function can only be used with independent
|
||||
* bits acquired from get_preprocessor_status_bit. If this is
|
||||
* called during parsing a preprocessor configuration, make
|
||||
* sure to set the parsing argument to 1.
|
||||
*/
|
||||
void (*unset_tcp_syn_session_status)(struct _SnortConfig *sc, uint16_t status, tSfPolicyId policyId, int parsing);
|
||||
|
||||
//Register callbacks for extra data logging
|
||||
uint32_t (*reg_xtra_data_cb)(LogFunction );
|
||||
|
||||
//Register Extra Data Log Function
|
||||
void (*reg_xtra_data_log)(LogExtraData, void *);
|
||||
|
||||
//Get the Extra data map
|
||||
uint32_t (*get_xtra_data_map)(LogFunction **);
|
||||
|
||||
// register for stateful scanning of in-order payload to determine flush points
|
||||
// autoEnable allows PAF regardless of s5 ports config
|
||||
uint8_t (*register_paf_service)(
|
||||
struct _SnortConfig *sc, tSfPolicyId, uint16_t service, bool toServer,
|
||||
PAF_Callback, bool autoEnable);
|
||||
|
||||
void (*set_extra_data)(void*, Packet *, uint32_t);
|
||||
void (*clear_extra_data)(void*, Packet *, uint32_t);
|
||||
|
||||
// These methods may move to Session:
|
||||
//
|
||||
/* Set port to either ignore, inspect or maintain session state.
|
||||
* If this is called during parsing a preprocessor configuration, make
|
||||
* sure to set the parsing argument to 1.
|
||||
*/
|
||||
void (*set_port_filter_status)(struct _SnortConfig *sc, IpProto protocol, uint16_t port, uint16_t status,
|
||||
tSfPolicyId policyId, int parsing);
|
||||
|
||||
/* Unset port to maintain session state. This function can only
|
||||
* be used with independent bits acquired from
|
||||
* get_preprocessor_status_bit. If this is called during
|
||||
* parsing a preprocessor configuration, make sure to set the
|
||||
* parsing argument to 1.
|
||||
*/
|
||||
void (*unset_port_filter_status)(struct _SnortConfig *sc, IpProto protocol, uint16_t port, uint16_t status,
|
||||
tSfPolicyId policyId, int parsing);
|
||||
|
||||
|
||||
/* Set service to either ignore, inspect or maintain session state.
|
||||
* If this is called during parsing a preprocessor configuration, make
|
||||
* sure to set the parsing argument to 1.
|
||||
*/
|
||||
void (*set_service_filter_status)( struct _SnortConfig *sc, int service, int status,
|
||||
tSfPolicyId policyId, int parsing );
|
||||
|
||||
/* Register specified port for reassembly on specified network. If network is NULL the
|
||||
* port is register for reassembly on the default stream network policy
|
||||
*/
|
||||
void (*register_reassembly_port)( char *, uint16_t, int );
|
||||
|
||||
/* Unregister specified port for reassembly on specified network. If network is NULL the
|
||||
* port is unregistered for reassembly on the default stream network policy
|
||||
*/
|
||||
void (*unregister_reassembly_port)( char *, uint16_t, int );
|
||||
|
||||
/* Time out the specified session.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
*/
|
||||
void (*expire_session)(void *);
|
||||
|
||||
/* register returns a non-zero id for use with set; zero is error */
|
||||
unsigned (*register_event_handler)(Stream_Callback);
|
||||
bool (*set_event_handler)(void* ssnptr, unsigned id, Stream_Event);
|
||||
void (*set_reset_policy)(void* ssn, int dir, uint16_t policy, uint16_t mss);
|
||||
void (*set_session_decrypted)(void *ssn, bool enable);
|
||||
bool (*is_session_decrypted)(void *ssn);
|
||||
|
||||
/* Turn off inspection for potential session.
|
||||
* Adds session identifiers to a hash table.
|
||||
* TCP only.
|
||||
*
|
||||
* Parameters
|
||||
* Control Channel Packet
|
||||
* IP addr #1
|
||||
* Port #1
|
||||
* IP addr #2
|
||||
* Port #2
|
||||
* Protocol
|
||||
* ID
|
||||
* ID,
|
||||
* Preprocessor ID calling this function,
|
||||
* Preprocessor specific data,
|
||||
* Preprocessor data free function. If NULL, then static buffer is assumed.
|
||||
* Preprocessor event handler callback ID (used when calling set_event_handler)
|
||||
* Preprocessor event on which to callback (only used when cbId is not NULL )
|
||||
*
|
||||
* Returns
|
||||
* 0 on success
|
||||
* -1 on failure
|
||||
*/
|
||||
int (*set_application_protocol_id_expected)(snort_ip_p, uint16_t, snort_ip_p, uint16_t,
|
||||
char, int16_t);
|
||||
#endif
|
||||
int (*set_application_protocol_id_expected_preassign_callback)(const Packet *, sfaddr_t*, uint16_t,
|
||||
sfaddr_t*, uint16_t, uint8_t, int16_t, uint32_t, void*, void (*)(void*), unsigned, Stream_Event,
|
||||
struct _ExpectNode**);
|
||||
|
||||
// print and reset normalization statistics
|
||||
void (*print_normalization_stats)(void);
|
||||
void (*reset_normalization_stats)(void);
|
||||
|
||||
#if defined(FEAT_OPEN_APPID)
|
||||
/* set detected service, client, payload and misc Applicaiton Id.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Snort Protocol Id for service application
|
||||
* Snort Protocol Id for client application
|
||||
* Snort Protocol Id for payload application
|
||||
* Snort Protocol Id for misc application
|
||||
*/
|
||||
void (*set_application_id)(void* ssnptr, int16_t serviceAppid, int16_t clientAppid, int16_t payloadAppId, int16_t miscAppid);
|
||||
|
||||
/* get detected service, client, payload and misc Applicaiton Id.
|
||||
*
|
||||
* Parameters
|
||||
* Session Ptr
|
||||
* Snort Protocol Id for service application
|
||||
* Snort Protocol Id for client application
|
||||
* Snort Protocol Id for payload application
|
||||
* Snort Protocol Id for misc application
|
||||
*/
|
||||
void (*get_application_id)(void* ssnptr, int16_t *serviceAppid, int16_t *clientAppid, int16_t *payloadAppId, int16_t *miscAppid);
|
||||
|
||||
|
||||
/* Register callback function for processing HTTP headers extracted by HTTP preprocessor.
|
||||
*
|
||||
* Parameters
|
||||
* Callback function pointer
|
||||
*/
|
||||
int (*register_http_header_callback)(Http_Processor_Callback);
|
||||
#endif /* defined(FEAT_OPEN_APPID) */
|
||||
|
||||
/* function to publish events
|
||||
*
|
||||
* Parameters
|
||||
* preprocId - preprocess identifier
|
||||
* ssnptr - sesssion pointer
|
||||
* eventType - type of event enumerated in ServiceEventType
|
||||
* eventData - void data pointer. Structure must be agreed between publisher and subscriber.
|
||||
*/
|
||||
bool (*service_event_publish)(unsigned int preprocId, void *ssnptr, ServiceEventType eventType, void *eventData);
|
||||
|
||||
/* function for subcribing to events.
|
||||
*
|
||||
* Parameters
|
||||
* preprocId - preprocess identifier
|
||||
* eventType - type of event enumerated in ServiceEventType
|
||||
* Callback function pointer
|
||||
*/
|
||||
bool (*service_event_subscribe)(unsigned int preprocId, ServiceEventType eventType, ServiceEventNotifierFunc cb);
|
||||
|
||||
/* function to register for customized free function
|
||||
*
|
||||
* Parameters
|
||||
* id - registered paf identifier
|
||||
* Callback function pointer
|
||||
*/
|
||||
void (*register_paf_free)(uint8_t id, PAF_Free_Callback);
|
||||
|
||||
/* function to return the wire packet
|
||||
*
|
||||
* Parameters
|
||||
* None
|
||||
*/
|
||||
Packet *(*get_wire_packet)(void);
|
||||
|
||||
/* function which returns the forward dir or reverse dir to h2_paf
|
||||
*
|
||||
* Parameter
|
||||
* None
|
||||
*/
|
||||
uint8_t (*get_flush_policy_dir)(void);
|
||||
|
||||
/* function returns if its a http/2 session
|
||||
*
|
||||
* Parameters
|
||||
* Session Pointer
|
||||
*/
|
||||
bool (*is_session_http2)(void *ssn);
|
||||
|
||||
/* function sets http/2 session flag
|
||||
*
|
||||
* Parameters
|
||||
* Session Pointer
|
||||
*/
|
||||
void (*set_session_http2)(void *ssn);
|
||||
|
||||
bool (*is_show_rebuilt_packets_enabled)();
|
||||
/* function returns if its a http/2 session Upgrade
|
||||
*
|
||||
* Parameters
|
||||
* Session Pointer
|
||||
*/
|
||||
bool (*is_session_http2_upg)(void *ssn);
|
||||
|
||||
/* function sets http/2 session Upgrade flag
|
||||
*
|
||||
* Parameters
|
||||
* Session Pointer
|
||||
*/
|
||||
void (*set_session_http2_upg)(void *ssn);
|
||||
|
||||
/* function for setting proto_flags
|
||||
*
|
||||
* Parameters
|
||||
* ssnptr - sesssion pointer
|
||||
* flags - flags
|
||||
*/
|
||||
void (*set_proto_flags)(void* ssnptr, uint32_t flags);
|
||||
|
||||
/* function for unsetting proto_flags
|
||||
*
|
||||
* Parameters
|
||||
* ssnptr - sesssion pointer
|
||||
* flags - flags
|
||||
*/
|
||||
void (*unset_proto_flags)(void* ssnptr, uint32_t flags);
|
||||
|
||||
/* Gets the proto_flags for a session
|
||||
*
|
||||
* Parameters
|
||||
* ssnptr - sesssion pointer
|
||||
*/
|
||||
uint32_t (*get_proto_flags)(void *ssnptr);
|
||||
|
||||
} StreamAPI;
|
||||
|
||||
/* To be set by Stream5 (or Stream4) */
|
||||
/* To be set by Stream */
|
||||
extern StreamAPI *stream_api;
|
||||
|
||||
/**Port Inspection States. Port can be either ignored,
|
||||
* or inspected or session tracked. The values are bitmasks.
|
||||
*/
|
||||
typedef enum {
|
||||
/**Dont monitor the port. */
|
||||
PORT_MONITOR_NONE = 0x00,
|
||||
|
||||
/**Inspect the port. */
|
||||
PORT_MONITOR_INSPECT = 0x01,
|
||||
|
||||
/**perform session tracking on the port. */
|
||||
PORT_MONITOR_SESSION = 0x02
|
||||
|
||||
} PortMonitorStates;
|
||||
|
||||
#endif /* STREAM_API_H_ */
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/****************************************************************************
|
||||
* Copyright (C) 2008-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2008-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,7 +15,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -105,6 +106,9 @@ typedef struct _OptTreeNode
|
|||
unsigned short proto_node_num;
|
||||
|
||||
uint8_t failedCheckBits;
|
||||
char generated;
|
||||
|
||||
uint16_t longestPatternLen;
|
||||
|
||||
int rule_state; /* Enabled or Disabled */
|
||||
|
||||
|
@ -122,7 +126,6 @@ typedef struct _OptTreeNode
|
|||
uint64_t ppm_suspend_time; /* PPM */
|
||||
uint64_t ppm_disable_cnt; /*PPM */
|
||||
|
||||
char generated;
|
||||
uint32_t num_detection_opts;
|
||||
|
||||
/**unique index generated in ruleIndexMap.
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
/****************************************************************************
|
||||
* Copyright (C) 2008-2010 Sourcefire, Inc.
|
||||
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
|
||||
* Copyright (C) 2008-2013 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
|
@ -14,7 +15,7 @@
|
|||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
|
@ -103,6 +104,9 @@ typedef struct _OptTreeNode
|
|||
unsigned short proto_node_num;
|
||||
|
||||
uint8_t failedCheckBits;
|
||||
char generated;
|
||||
|
||||
uint16_t longestPatternLen;
|
||||
|
||||
int rule_state; /* Enabled or Disabled */
|
||||
|
||||
|
@ -120,7 +124,6 @@ typedef struct _OptTreeNode
|
|||
uint64_t ppm_suspend_time; /* PPM */
|
||||
uint64_t ppm_disable_cnt; /*PPM */
|
||||
|
||||
char generated;
|
||||
uint32_t num_detection_opts;
|
||||
|
||||
/**unique index generated in ruleIndexMap.
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
/*
|
||||
** $Id$
|
||||
**
|
||||
** bitopt.c
|
||||
**
|
||||
** Copyright (C) 2002-2010 Sourcefire, Inc.
|
||||
** Dan Roelker <droelker@sourcefire.com>
|
||||
** Marc Norton <mnorton@sourcefire.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU General Public License for more details.
|
||||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
**
|
||||
** NOTES
|
||||
** 5.15.02 - Initial Source Code. Norton/Roelker
|
||||
** 5.23.02 - Moved bitop functions to bitop.h to inline. Norton/Roelker
|
||||
** 1.21.04 - Added static initialization. Roelker
|
||||
** 9.13.05 - Separated type and inline func definitions. Sturges
|
||||
**
|
||||
*/
|
||||
|
||||
#ifndef _BITOP_H
|
||||
#define _BITOP_H
|
||||
|
||||
typedef struct _BITOP {
|
||||
unsigned char *pucBitBuffer;
|
||||
unsigned int uiBitBufferSize;
|
||||
unsigned int uiMaxBits;
|
||||
} BITOP;
|
||||
|
||||
#endif /* _BITOP_H */
|
|
@ -0,0 +1,135 @@
|
|||
/*
|
||||
** Copyright (C) 2006-2010 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU General Public License for more details.
|
||||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifndef CPU_CLOCK_TICKS_H
|
||||
#define CPU_CLOCK_TICKS_H
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#include "debug.h"
|
||||
#include "sf_types.h" /* for uint64_t */
|
||||
|
||||
/* Assembly to find clock ticks. */
|
||||
#ifdef WIN32
|
||||
#include <windows.h>
|
||||
|
||||
/* INTEL WINDOWS */
|
||||
__inline void __cputicks_msc(uint64_t *val)
|
||||
{
|
||||
__int64 t;
|
||||
__asm
|
||||
{
|
||||
rdtsc;
|
||||
mov dword PTR [t],eax;
|
||||
mov dword PTR [t+4],edx;
|
||||
}
|
||||
*val = (uint64_t)t;
|
||||
}
|
||||
#define get_clockticks(val) __cputicks_msc(&val)
|
||||
|
||||
/*
|
||||
#define get_clockticks(val) \
|
||||
QueryPerformanceCounter((PLARGE_INTEGER)&val)
|
||||
*/
|
||||
|
||||
|
||||
#else
|
||||
#include <unistd.h>
|
||||
|
||||
/* INTEL LINUX/BSD/.. */
|
||||
#if (defined(__i386) || defined(__amd64) || defined(__x86_64__))
|
||||
#define get_clockticks(val) \
|
||||
{ \
|
||||
uint32_t a, d; \
|
||||
__asm__ __volatile__ ("rdtsc" : "=a" (a), "=d" (d)); \
|
||||
val = ((uint64_t)a) | (((uint64_t)d) << 32); \
|
||||
}
|
||||
#else
|
||||
#if (defined(__ia64) && defined(__GNUC__) )
|
||||
#define get_clockticks(val) \
|
||||
{ \
|
||||
__asm__ __volatile__ ("mov %0=ar.itc" : "=r"(val)); \
|
||||
}
|
||||
#else
|
||||
#if (defined(__ia64) && defined(__hpux))
|
||||
#include <machine/sys/inline.h>
|
||||
#define get_clockticks(val) \
|
||||
{ \
|
||||
val = _Asm_mov_from_ar (_AREG_ITC); \
|
||||
}
|
||||
#else
|
||||
/* POWER PC */
|
||||
#if (defined(__GNUC__) && (defined(__powerpc__) || (defined(__ppc__))))
|
||||
#define get_clockticks(val) \
|
||||
{ \
|
||||
uint32_t tbu0, tbu1, tbl; \
|
||||
do \
|
||||
{ \
|
||||
__asm__ __volatile__ ("mftbu %0" : "=r"(tbu0)); \
|
||||
__asm__ __volatile__ ("mftb %0" : "=r"(tbl)); \
|
||||
__asm__ __volatile__ ("mftbu %0" : "=r"(tbu1)); \
|
||||
} while (tbu0 != tbu1); \
|
||||
val = ((uint64_t)tbl) | (((uint64_t)tbu0) << 32); \
|
||||
}
|
||||
#else
|
||||
/* SPARC */
|
||||
#ifdef SPARCV9
|
||||
#ifdef _LP64
|
||||
#define get_clockticks(val) \
|
||||
{ \
|
||||
__asm__ __volatile__("rd %%tick, %0" : "=r"(val)); \
|
||||
}
|
||||
#else
|
||||
#define get_clockticks(val) \
|
||||
{ \
|
||||
uint32_t a, b; \
|
||||
__asm__ __volatile__("rd %%tick, %0\n" \
|
||||
"srlx %0, 32, %1" \
|
||||
: "=r"(a), "=r"(b)); \
|
||||
val = ((uint64_t)a) | (((uint64_t)b) << 32); \
|
||||
}
|
||||
#endif /* _LP64 */
|
||||
#else
|
||||
#define get_clockticks(val)
|
||||
#endif /* SPARC */
|
||||
#endif /* POWERPC || PPC */
|
||||
#endif /* IA64 && HPUX */
|
||||
#endif /* IA64 && GNUC */
|
||||
#endif /* I386 || AMD64 || X86_64 */
|
||||
#endif /* WIN32 */
|
||||
|
||||
static INLINE double get_ticks_per_usec (void)
|
||||
{
|
||||
uint64_t start = 0, end = 0;
|
||||
get_clockticks(start);
|
||||
|
||||
#ifdef WIN32
|
||||
Sleep(1000);
|
||||
#else
|
||||
sleep(1);
|
||||
#endif
|
||||
get_clockticks(end);
|
||||
|
||||
return (double)(end-start)/1e6;
|
||||
}
|
||||
|
||||
|
||||
#endif /* CPU_CLOCK_TICKS_H */
|
|
@ -0,0 +1,76 @@
|
|||
/* $Id$ */
|
||||
/*
|
||||
** Copyright (C) 2002-2010 Sourcefire, Inc.
|
||||
** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU General Public License for more details.
|
||||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
/* D E F I N E S ************************************************************/
|
||||
#ifndef __EVENT_H__
|
||||
#define __EVENT_H__
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#ifdef OSF1
|
||||
#include <sys/bitypes.h>
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#ifndef WIN32
|
||||
#include <sys/time.h>
|
||||
#endif
|
||||
|
||||
#include "pcap_pkthdr32.h"
|
||||
|
||||
typedef struct _Event
|
||||
{
|
||||
uint32_t sig_generator; /* which part of snort generated the alert? */
|
||||
uint32_t sig_id; /* sig id for this generator */
|
||||
uint32_t sig_rev; /* sig revision for this id */
|
||||
uint32_t classification; /* event classification */
|
||||
uint32_t priority; /* event priority */
|
||||
uint32_t event_id; /* event ID */
|
||||
uint32_t event_reference; /* reference to other events that have gone off,
|
||||
* such as in the case of tagged packets...
|
||||
*/
|
||||
struct sf_timeval32 ref_time; /* reference time for the event reference */
|
||||
|
||||
/* Don't add to this structure because this is the serialized data
|
||||
* struct for unified logging.
|
||||
*/
|
||||
} Event;
|
||||
|
||||
#if 0
|
||||
typedef struct _EventID
|
||||
{
|
||||
uint32_t sequence;
|
||||
uint32_t seconds;
|
||||
} EventID;
|
||||
|
||||
typedef struct _Event
|
||||
{
|
||||
EventID id;
|
||||
uint32_t uSeconds;
|
||||
SigInfo sigInfo;
|
||||
} Event;
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#endif /* __EVENT_H__ */
|
|
@ -0,0 +1,204 @@
|
|||
/*
|
||||
** Copyright (C) 2007-2010 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU General Public License for more details.
|
||||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifndef IPV6_PORT_H
|
||||
#define IPV6_PORT_H
|
||||
|
||||
#include "sf_types.h"
|
||||
#include "debug.h"
|
||||
|
||||
/* ///////////////// */
|
||||
/* IPv6 and IPv4 */
|
||||
#ifdef SUP_IP6
|
||||
|
||||
#include "sf_ip.h"
|
||||
|
||||
typedef sfip_t snort_ip;
|
||||
typedef sfip_t *snort_ip_p;
|
||||
|
||||
#define IpAddrNode sfip_node_t
|
||||
#define IpAddrSet sfip_var_t
|
||||
#define IpAddrSetContains(x,y) sfvar_ip_in(x, y)
|
||||
#define IpAddrSetPrint sfvar_print
|
||||
|
||||
#ifdef inet_ntoa
|
||||
#undef inet_ntoa
|
||||
#endif
|
||||
#define inet_ntoa sfip_ntoa
|
||||
|
||||
#define GET_SRC_IP(p) (p->iph_api->iph_ret_src(p))
|
||||
#define GET_DST_IP(p) (p->iph_api->iph_ret_dst(p))
|
||||
|
||||
#define GET_ORIG_SRC(p) (p->orig_ipv4h_api->orig_iph_ret_src(p))
|
||||
#define GET_ORIG_DST(p) (p->orig_ipv4h_api->orig_iph_ret_dst(p))
|
||||
|
||||
/* These are here for backwards compatibility */
|
||||
#define GET_SRC_ADDR(x) GET_SRC_IP(x)
|
||||
#define GET_DST_ADDR(x) GET_DST_IP(x)
|
||||
|
||||
#define IP_EQUALITY(x,y) (sfip_compare(x,y) == SFIP_EQUAL)
|
||||
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset(x,y) == SFIP_EQUAL)
|
||||
#define IP_LESSER(x,y) (sfip_compare(x,y) == SFIP_LESSER)
|
||||
#define IP_GREATER(x,y) (sfip_compare(x,y) == SFIP_GREATER)
|
||||
|
||||
#define GET_IPH_TOS(p) p->iph_api->iph_ret_tos(p)
|
||||
#define GET_IPH_LEN(p) p->iph_api->iph_ret_len(p)
|
||||
#define GET_IPH_TTL(p) p->iph_api->iph_ret_ttl(p)
|
||||
#define GET_IPH_ID(p) p->iph_api->iph_ret_id(p)
|
||||
#define GET_IPH_OFF(p) p->iph_api->iph_ret_off(p)
|
||||
#define GET_IPH_VER(p) p->iph_api->iph_ret_ver(p)
|
||||
#define GET_IPH_PROTO(p) p->iph_api->iph_ret_proto(p)
|
||||
|
||||
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h_api->orig_iph_ret_proto(p)
|
||||
#define GET_ORIG_IPH_VER(p) p->orig_ipv4h_api->orig_iph_ret_ver(p)
|
||||
#define GET_ORIG_IPH_LEN(p) p->orig_ipv4h_api->orig_iph_ret_len(p)
|
||||
#define GET_ORIG_IPH_OFF(p) p->orig_ipv4h_api->orig_iph_ret_off(p)
|
||||
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h_api->orig_iph_ret_proto(p)
|
||||
|
||||
#define IS_IP4(x) (x->family == AF_INET)
|
||||
#define IS_IP6(x) (x->family == AF_INET6)
|
||||
/* XXX make sure these aren't getting confused with sfip_is_valid within the code */
|
||||
#define IPH_IS_VALID(p) iph_is_valid(p)
|
||||
|
||||
#define IP_CLEAR(x) x.bits = x.family = x.ip32[0] = x.ip32[1] = x.ip32[2] = x.ip32[3] = 0;
|
||||
|
||||
#define IS_SET(x) sfip_is_set(&x)
|
||||
|
||||
/* This loop trickery is intentional. If each copy is performed
|
||||
* individually on each field, then the following expression gets broken:
|
||||
*
|
||||
* if(conditional) IP_COPY_VALUE(a,b);
|
||||
*
|
||||
* If the macro is instead enclosed in braces, then having a semicolon
|
||||
* trailing the macro causes compile breakage.
|
||||
* So: use loop. */
|
||||
#define IP_COPY_VALUE(x,y) \
|
||||
do { \
|
||||
x.bits = y->bits; \
|
||||
x.family = y->family; \
|
||||
x.ip32[0] = y->ip32[0]; \
|
||||
x.ip32[1] = y->ip32[1]; \
|
||||
x.ip32[2] = y->ip32[2]; \
|
||||
x.ip32[3] = y->ip32[3]; \
|
||||
} while(0)
|
||||
|
||||
#define GET_IPH_HLEN(p) (p->iph_api->iph_ret_hlen(p))
|
||||
#define SET_IPH_HLEN(p, val)
|
||||
|
||||
#define GET_IP_DGMLEN(p) IS_IP6(p) ? (ntohs(GET_IPH_LEN(p)) + (GET_IPH_HLEN(p) << 2)) : ntohs(GET_IPH_LEN(p))
|
||||
#define GET_IP_PAYLEN(p) IS_IP6(p) ? ntohs(GET_IPH_LEN(p)) : (ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2))
|
||||
|
||||
#define IP_ARG(ipt) (&ipt)
|
||||
#define IP_PTR(ipp) (ipp)
|
||||
#define IP_VAL(ipt) (*ipt)
|
||||
#define IP_SIZE(ipp) (sfip_size(ipp))
|
||||
|
||||
static INLINE int sfip_equal (snort_ip* ip1, snort_ip* ip2)
|
||||
{
|
||||
if ( ip1->family != ip2->family )
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
if ( ip1->family == AF_INET )
|
||||
{
|
||||
return _ip4_cmp(ip1->ip32[0], ip2->ip32[0]) == SFIP_EQUAL;
|
||||
}
|
||||
if ( ip1->family == AF_INET6 )
|
||||
{
|
||||
return _ip6_cmp(ip1, ip2) == SFIP_EQUAL;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#else
|
||||
/* ///////////// */
|
||||
/* IPv4 only */
|
||||
#include <sys/types.h>
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
typedef u_int32_t snort_ip; /* 32 bits only -- don't use unsigned long */
|
||||
typedef u_int32_t snort_ip_p; /* 32 bits only -- don't use unsigned long */
|
||||
|
||||
#define IP_SRC_EQUALITY(x,y) (x->ip_addr == (y->ip4_header->source.s_addr & x->netmask))
|
||||
#define IP_DST_EQUALITY(x,y) (x->ip_addr == (y->ip4_header->destination.s_addr & x->netmask))
|
||||
|
||||
#define GET_SRC_IP(x) x->ip4_header->source.s_addr
|
||||
#define GET_DST_IP(x) x->ip4_header->destination.s_addr
|
||||
|
||||
#define GET_ORIG_SRC(p) (p->orig_ipv4h->ip_src.s_addr)
|
||||
#define GET_ORIG_DST(p) (p->orig_ipv4h->ip_dst.s_addr)
|
||||
|
||||
#define GET_SRC_ADDR(x) x->ip4_header->source
|
||||
#define GET_DST_ADDR(x) x->ip4_header->destination
|
||||
|
||||
#define IP_CLEAR_SRC(x) x->ip4_header->source.s_addr = 0
|
||||
#define IP_CLEAR_DST(x) x->ip4_header->destination.s_addr = 0
|
||||
|
||||
#define IP_EQUALITY(x,y) (x == y)
|
||||
#define IP_EQUALITY_UNSET(x,y) (x == y)
|
||||
#define IP_LESSER(x,y) (x < y)
|
||||
#define IP_GREATER(x,y) (x > y)
|
||||
|
||||
#define GET_IPH_PROTO(p) p->ip4_header->proto
|
||||
#define GET_IPH_TOS(p) p->ip4_header->type_service
|
||||
#define GET_IPH_LEN(p) p->ip4_header->data_length
|
||||
#define GET_IPH_TTL(p) p->ip4_header->time_to_live
|
||||
#define GET_IPH_VER(p) ((p->ip4_header->version_headerlength & 0xf0) >> 4)
|
||||
#define GET_IPH_ID(p) p->ip4_header->identifier
|
||||
#define GET_IPH_OFF(p) p->ip4_header->offset
|
||||
|
||||
#define GET_ORIG_IPH_VER(p) IP_VER(p->orig_ipv4h)
|
||||
#define GET_ORIG_IPH_LEN(p) p->orig_ipv4h->data_length
|
||||
#define GET_ORIG_IPH_OFF(p) p->orig_ipv4h->offset
|
||||
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h->proto
|
||||
|
||||
#define IS_IP4(x) 1
|
||||
#define IS_IP6(x) 0
|
||||
#define IPH_IS_VALID(p) p->ip4_header
|
||||
|
||||
#define IP_CLEAR(x) x = 0;
|
||||
#define IS_SET(x) x
|
||||
|
||||
#define IP_COPY_VALUE(x,y) x = y
|
||||
|
||||
#define GET_IPH_HLEN(p) ((p)->ip4_header->version_headerlength & 0x0f)
|
||||
#define SET_IPH_HLEN(p, val) (((IPHdr *)(p)->iph)->version_headerlength = (unsigned char)(((p)->ip4_header->ip_verhl & 0xf0) | ((val) & 0x0f)))
|
||||
|
||||
#define GET_IP_DGMLEN(p) ntohs(GET_IPH_LEN(p))
|
||||
#define GET_IP_PAYLEN(p) ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2)
|
||||
|
||||
#define IP_ARG(ipt) (ipt)
|
||||
#define IP_PTR(ipp) (&ipp)
|
||||
#define IP_VAL(ipt) (ipt)
|
||||
#define IP_SIZE(ipp) (sizeof(ipp))
|
||||
|
||||
static INLINE int sfip_equal (snort_ip ip1, snort_ip ip2)
|
||||
{
|
||||
return IP_EQUALITY(ip1, ip2);
|
||||
}
|
||||
|
||||
#endif /* SUP_IP6 */
|
||||
|
||||
#if !defined(IPPROTO_IPIP) && defined(WIN32) /* Needed for some Win32 */
|
||||
#define IPPROTO_IPIP 4
|
||||
#endif
|
||||
|
||||
#endif /* IPV6_PORT_H */
|
|
@ -0,0 +1,204 @@
|
|||
/*
|
||||
** Copyright (C) 2007-2010 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU General Public License for more details.
|
||||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifndef IPV6_PORT_H
|
||||
#define IPV6_PORT_H
|
||||
|
||||
#include "sf_types.h"
|
||||
#include "debug.h"
|
||||
|
||||
///////////////////
|
||||
/* IPv6 and IPv4 */
|
||||
#ifdef SUP_IP6
|
||||
|
||||
#include "sf_ip.h"
|
||||
|
||||
typedef sfip_t snort_ip;
|
||||
typedef sfip_t *snort_ip_p;
|
||||
|
||||
#define IpAddrNode sfip_node_t
|
||||
#define IpAddrSet sfip_var_t
|
||||
#define IpAddrSetContains(x,y) sfvar_ip_in(x, y)
|
||||
#define IpAddrSetPrint sfvar_print
|
||||
|
||||
#ifdef inet_ntoa
|
||||
#undef inet_ntoa
|
||||
#endif
|
||||
#define inet_ntoa sfip_ntoa
|
||||
|
||||
#define GET_SRC_IP(p) (p->iph_api->iph_ret_src(p))
|
||||
#define GET_DST_IP(p) (p->iph_api->iph_ret_dst(p))
|
||||
|
||||
#define GET_ORIG_SRC(p) (p->orig_iph_api->orig_iph_ret_src(p))
|
||||
#define GET_ORIG_DST(p) (p->orig_iph_api->orig_iph_ret_dst(p))
|
||||
|
||||
/* These are here for backwards compatibility */
|
||||
#define GET_SRC_ADDR(x) GET_SRC_IP(x)
|
||||
#define GET_DST_ADDR(x) GET_DST_IP(x)
|
||||
|
||||
#define IP_EQUALITY(x,y) (sfip_compare(x,y) == SFIP_EQUAL)
|
||||
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset(x,y) == SFIP_EQUAL)
|
||||
#define IP_LESSER(x,y) (sfip_compare(x,y) == SFIP_LESSER)
|
||||
#define IP_GREATER(x,y) (sfip_compare(x,y) == SFIP_GREATER)
|
||||
|
||||
#define GET_IPH_TOS(p) p->iph_api->iph_ret_tos(p)
|
||||
#define GET_IPH_LEN(p) p->iph_api->iph_ret_len(p)
|
||||
#define GET_IPH_TTL(p) p->iph_api->iph_ret_ttl(p)
|
||||
#define GET_IPH_ID(p) p->iph_api->iph_ret_id(p)
|
||||
#define GET_IPH_OFF(p) p->iph_api->iph_ret_off(p)
|
||||
#define GET_IPH_VER(p) p->iph_api->iph_ret_ver(p)
|
||||
#define GET_IPH_PROTO(p) p->iph_api->iph_ret_proto(p)
|
||||
|
||||
#define GET_ORIG_IPH_PROTO(p) p->orig_iph_api->orig_iph_ret_proto(p)
|
||||
#define GET_ORIG_IPH_VER(p) p->orig_iph_api->orig_iph_ret_ver(p)
|
||||
#define GET_ORIG_IPH_LEN(p) p->orig_iph_api->orig_iph_ret_len(p)
|
||||
#define GET_ORIG_IPH_OFF(p) p->orig_iph_api->orig_iph_ret_off(p)
|
||||
#define GET_ORIG_IPH_PROTO(p) p->orig_iph_api->orig_iph_ret_proto(p)
|
||||
|
||||
#define IS_IP4(x) (x->family == AF_INET)
|
||||
#define IS_IP6(x) (x->family == AF_INET6)
|
||||
/* XXX make sure these aren't getting confused with sfip_is_valid within the code */
|
||||
#define IPH_IS_VALID(p) iph_is_valid(p)
|
||||
|
||||
#define IP_CLEAR(x) x.bits = x.family = x.ip32[0] = x.ip32[1] = x.ip32[2] = x.ip32[3] = 0;
|
||||
|
||||
#define IS_SET(x) sfip_is_set(&x)
|
||||
|
||||
/* This loop trickery is intentional. If each copy is performed
|
||||
* individually on each field, then the following expression gets broken:
|
||||
*
|
||||
* if(conditional) IP_COPY_VALUE(a,b);
|
||||
*
|
||||
* If the macro is instead enclosed in braces, then having a semicolon
|
||||
* trailing the macro causes compile breakage.
|
||||
* So: use loop. */
|
||||
#define IP_COPY_VALUE(x,y) \
|
||||
do { \
|
||||
x.bits = y->bits; \
|
||||
x.family = y->family; \
|
||||
x.ip32[0] = y->ip32[0]; \
|
||||
x.ip32[1] = y->ip32[1]; \
|
||||
x.ip32[2] = y->ip32[2]; \
|
||||
x.ip32[3] = y->ip32[3]; \
|
||||
} while(0)
|
||||
|
||||
#define GET_IPH_HLEN(p) (p->iph_api->iph_ret_hlen(p))
|
||||
#define SET_IPH_HLEN(p, val)
|
||||
|
||||
#define GET_IP_DGMLEN(p) IS_IP6(p) ? (ntohs(GET_IPH_LEN(p)) + (GET_IPH_HLEN(p) << 2)) : ntohs(GET_IPH_LEN(p))
|
||||
#define GET_IP_PAYLEN(p) IS_IP6(p) ? ntohs(GET_IPH_LEN(p)) : (ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2))
|
||||
|
||||
#define IP_ARG(ipt) (&ipt)
|
||||
#define IP_PTR(ipp) (ipp)
|
||||
#define IP_VAL(ipt) (*ipt)
|
||||
#define IP_SIZE(ipp) (sfip_size(ipp))
|
||||
|
||||
static INLINE int sfip_equal (snort_ip* ip1, snort_ip* ip2)
|
||||
{
|
||||
if ( ip1->family != ip2->family )
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
if ( ip1->family == AF_INET )
|
||||
{
|
||||
return _ip4_cmp(ip1->ip32[0], ip2->ip32[0]) == SFIP_EQUAL;
|
||||
}
|
||||
if ( ip1->family == AF_INET6 )
|
||||
{
|
||||
return _ip6_cmp(ip1, ip2) == SFIP_EQUAL;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#else
|
||||
///////////////
|
||||
/* IPv4 only */
|
||||
#include <sys/types.h>
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
typedef u_int32_t snort_ip; /* 32 bits only -- don't use unsigned long */
|
||||
typedef u_int32_t snort_ip_p; /* 32 bits only -- don't use unsigned long */
|
||||
|
||||
#define IP_SRC_EQUALITY(x,y) (x->ip_addr == (y->iph->ip_src.s_addr & x->netmask))
|
||||
#define IP_DST_EQUALITY(x,y) (x->ip_addr == (y->iph->ip_dst.s_addr & x->netmask))
|
||||
|
||||
#define GET_SRC_IP(x) x->iph->ip_src.s_addr
|
||||
#define GET_DST_IP(x) x->iph->ip_dst.s_addr
|
||||
|
||||
#define GET_ORIG_SRC(p) (p->orig_iph->ip_src.s_addr)
|
||||
#define GET_ORIG_DST(p) (p->orig_iph->ip_dst.s_addr)
|
||||
|
||||
#define GET_SRC_ADDR(x) x->iph->ip_src
|
||||
#define GET_DST_ADDR(x) x->iph->ip_dst
|
||||
|
||||
#define IP_CLEAR_SRC(x) x->iph->ip_src.s_addr = 0
|
||||
#define IP_CLEAR_DST(x) x->iph->ip_dst.s_addr = 0
|
||||
|
||||
#define IP_EQUALITY(x,y) (x == y)
|
||||
#define IP_EQUALITY_UNSET(x,y) (x == y)
|
||||
#define IP_LESSER(x,y) (x < y)
|
||||
#define IP_GREATER(x,y) (x > y)
|
||||
|
||||
#define GET_IPH_PROTO(p) p->iph->ip_proto
|
||||
#define GET_IPH_TOS(p) p->iph->ip_tos
|
||||
#define GET_IPH_LEN(p) p->iph->ip_len
|
||||
#define GET_IPH_TTL(p) p->iph->ip_ttl
|
||||
#define GET_IPH_VER(p) ((p->iph->ip_verhl & 0xf0) >> 4)
|
||||
#define GET_IPH_ID(p) p->iph->ip_id
|
||||
#define GET_IPH_OFF(p) p->iph->ip_off
|
||||
|
||||
#define GET_ORIG_IPH_VER(p) IP_VER(p->orig_iph)
|
||||
#define GET_ORIG_IPH_LEN(p) p->orig_iph->ip_len
|
||||
#define GET_ORIG_IPH_OFF(p) p->orig_iph->ip_off
|
||||
#define GET_ORIG_IPH_PROTO(p) p->orig_iph->ip_proto
|
||||
|
||||
#define IS_IP4(x) 1
|
||||
#define IS_IP6(x) 0
|
||||
#define IPH_IS_VALID(p) p->iph
|
||||
|
||||
#define IP_CLEAR(x) x = 0;
|
||||
#define IS_SET(x) x
|
||||
|
||||
#define IP_COPY_VALUE(x,y) x = y
|
||||
|
||||
#define GET_IPH_HLEN(p) ((p)->iph->ip_verhl & 0x0f)
|
||||
#define SET_IPH_HLEN(p, val) (((IPHdr *)(p)->iph)->ip_verhl = (unsigned char)(((p)->iph->ip_verhl & 0xf0) | ((val) & 0x0f)))
|
||||
|
||||
#define GET_IP_DGMLEN(p) ntohs(GET_IPH_LEN(p))
|
||||
#define GET_IP_PAYLEN(p) ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2)
|
||||
|
||||
#define IP_ARG(ipt) (ipt)
|
||||
#define IP_PTR(ipp) (&ipp)
|
||||
#define IP_VAL(ipt) (ipt)
|
||||
#define IP_SIZE(ipp) (sizeof(ipp))
|
||||
|
||||
static INLINE int sfip_equal (snort_ip ip1, snort_ip ip2)
|
||||
{
|
||||
return IP_EQUALITY(ip1, ip2);
|
||||
}
|
||||
|
||||
#endif /* SUP_IP6 */
|
||||
|
||||
#if !defined(IPPROTO_IPIP) && defined(WIN32) /* Needed for some Win32 */
|
||||
#define IPPROTO_IPIP 4
|
||||
#endif
|
||||
|
||||
#endif /* IPV6_PORT_H */
|
|
@ -0,0 +1,272 @@
|
|||
/******************************************************************************
|
||||
* Copyright (C) 2009-2010 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
* published by the Free Software Foundation. You may not use, modify or
|
||||
* distribute this program under any other version of the GNU General
|
||||
* Public License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
******************************************************************************/
|
||||
|
||||
#ifndef __OBFUSCATION_H__
|
||||
#define __OBFUSCATION_H__
|
||||
|
||||
#include "sf_types.h"
|
||||
#include "sf_snort_packet.h"
|
||||
#include <pcap.h>
|
||||
|
||||
|
||||
/*******************************************************************************
|
||||
* Macros
|
||||
******************************************************************************/
|
||||
/* This should be defined to be greater than or equal to the maximum
|
||||
* amount of data expected to be obfuscated */
|
||||
#define OB_LENGTH_MAX UINT16_MAX
|
||||
|
||||
|
||||
/*******************************************************************************
|
||||
* Types
|
||||
******************************************************************************/
|
||||
typedef uint8_t ob_char_t;
|
||||
typedef uint16_t ob_size_t;
|
||||
|
||||
typedef enum _ObRet
|
||||
{
|
||||
OB_RET_SUCCESS,
|
||||
OB_RET_ERROR,
|
||||
OB_RET_OVERFLOW
|
||||
|
||||
} ObRet;
|
||||
|
||||
|
||||
/*******************************************************************************
|
||||
* Callback to use for obfuscating payload or stream segments - see API below.
|
||||
*
|
||||
* The first chunk of a payload or stream segment whether needing obfuscation
|
||||
* or not will pass a valid pcap_pkthdr struct. Subsequent calls will pass NULL
|
||||
* for this structure. This is useful, especially for the stream segment API
|
||||
* call to know when a new segment begins. Any new "payload" will have a valid
|
||||
* pcap_pkthdr struct.
|
||||
*
|
||||
* If the slice sent in has a non-NULL packet data pointer, the data should *NOT*
|
||||
* be obfuscated.
|
||||
*
|
||||
* If the chunk sent in has a NULL packet data pointer, then that chunk of data
|
||||
* should be obfuscated with the obfuscation character.
|
||||
*
|
||||
* The length passed in is the amount of data that should be copied from the
|
||||
* packet data pointer or the amount of data that should be written with the
|
||||
* obfuscation character.
|
||||
*
|
||||
* Arguments
|
||||
* struct pcap_pkthdr *pkth
|
||||
* The pcap header that contains the packet caplen and timestamps
|
||||
* uint8_t *packet_data
|
||||
* A pointer to the current offset into the packet data. NULL if
|
||||
* obfuscation of the payload slice is required.
|
||||
* ob_char_t ob_char
|
||||
* The obfuscation character to use if packet_data is NULL.
|
||||
* ob_size_t length
|
||||
* The amount of data to be logged or obfuscated.
|
||||
* void *user_data
|
||||
* The user data passed in to the API functions obfuscatePayload() or
|
||||
* obfuscateStreamSegments below.
|
||||
*
|
||||
* Returns
|
||||
* OB_RET_SUCCESS if all is good
|
||||
* OB_RET_ERROR if the rest of the obfuscation should not be done
|
||||
*
|
||||
******************************************************************************/
|
||||
typedef ObRet (*ObfuscationCallback)
|
||||
(
|
||||
const struct pcap_pkthdr *pkth,
|
||||
const uint8_t *packet_data,
|
||||
ob_size_t length,
|
||||
ob_char_t ob_char,
|
||||
void *user_data
|
||||
);
|
||||
|
||||
|
||||
/*******************************************************************************
|
||||
* Obfuscation API
|
||||
******************************************************************************/
|
||||
typedef struct _ObfuscationApi
|
||||
{
|
||||
/*
|
||||
* Resets/clears any entries that have been added
|
||||
* Should be done per packet aquisition
|
||||
*
|
||||
* Arguments
|
||||
* None
|
||||
*
|
||||
* Returns
|
||||
* None
|
||||
*/
|
||||
|
||||
void (*resetObfuscationEntries)(void);
|
||||
|
||||
|
||||
/*
|
||||
* Adds an obfuscation entry to the queue
|
||||
*
|
||||
* Arguments
|
||||
* SFSnortPacket *p
|
||||
* The SFSnortPacket struct that has the payload data that should be obfuscated
|
||||
* ob_size_t offset
|
||||
* The offset from the beginning of the payload to start obfuscation
|
||||
* ob_size_t length
|
||||
* The amount of data to obfuscate
|
||||
* ob_char_t ob_char
|
||||
* The character to use when obfuscating
|
||||
*
|
||||
* There are two types of entries that can be added. A slice entry that
|
||||
* has an offset and length less than OB_LENGTH_MAX and an entry with
|
||||
* length OB_LENGTH_MAX that implies obfuscating from offset to the end
|
||||
* of the packet data.
|
||||
*
|
||||
* NOTE --
|
||||
* There is a fixed size of slice entries and OB_LENGTH_MAX entries.
|
||||
* If OB_RET_OVERFLOW is returned when attempting to add a slice entry,
|
||||
* a second call can be made to add an OB_LENGTH_MAX entry. Only one
|
||||
* OB_LENGTH_MAX entry can be associated with each Packet. If there is
|
||||
* already an OB_LENGTH_MAX entry for the packet, the lower of the two
|
||||
* offsets will be used. Although you should check for OB_RET_OVERFLOW
|
||||
* when attempting to add an OB_LENGTH_MAX entry, the fixed size should
|
||||
* be more than enough space to store an entry for each possible packet
|
||||
* that could be in the system at the time.
|
||||
*
|
||||
* Returns
|
||||
* OB_RET_SUCCESS on sucess
|
||||
* OB_RET_ERROR on error
|
||||
* OB_RET_OVERFLOW if there is no space left to add an entry
|
||||
*/
|
||||
|
||||
ObRet (*addObfuscationEntry)(SFSnortPacket *p, ob_size_t offset,
|
||||
ob_size_t length, ob_char_t ob_char);
|
||||
|
||||
|
||||
/*
|
||||
* Determines if there are any obfuscation entries associated with
|
||||
* the given Packet
|
||||
*
|
||||
* Arguments
|
||||
* SFSnortPacket *
|
||||
* The SFSnortPacket to check
|
||||
*
|
||||
* Returns
|
||||
* 1 if the packet requires obfuscation
|
||||
* 0 if it doesn't
|
||||
*/
|
||||
|
||||
int (*payloadObfuscationRequired)(SFSnortPacket *p);
|
||||
|
||||
|
||||
/*
|
||||
* Obfuscate the payload associated with the Packet. Mainly for use by the
|
||||
* output system to print or log an obfuscated payload. The callback will
|
||||
* be called for both payload segments that need obfuscation and those that
|
||||
* don't. See comment on ObfuscationCallback above.
|
||||
*
|
||||
* Arguments
|
||||
* SFSnortPacket *
|
||||
* The SFSnortPacket whose payload should be obfuscated
|
||||
* ObfuscationCallback
|
||||
* The function that will be called for each obfuscated and
|
||||
* non-obfuscated segment in the payload
|
||||
* void *
|
||||
* User data that will be passed to the callback
|
||||
*
|
||||
* Returns
|
||||
* OB_RET_SUCCESS on sucess
|
||||
* OB_RET_ERROR on error
|
||||
*/
|
||||
|
||||
ObRet (*obfuscatePacket)(SFSnortPacket *p,
|
||||
ObfuscationCallback callback, void *user_data);
|
||||
|
||||
|
||||
/*
|
||||
* Obfuscate the stream segments associated with the Packet. Mainly for use
|
||||
* by the output system to print or log the stream segments associated with
|
||||
* a SFSnortPacket that have been marked as needing obfuscation. The callback will
|
||||
* be called for both stream segments that need obfuscation and those that
|
||||
* don't. It will be called for all stream segments. See comment on
|
||||
* ObfuscationCallback above.
|
||||
*
|
||||
* Arguments
|
||||
* SFSnortPacket *
|
||||
* The SFSnortPacket whose stream segments should be obfuscated
|
||||
* ObfuscationCallback
|
||||
* The function that will be called for each obfuscated and
|
||||
* non-obfuscated part of the stream segments.
|
||||
* void *
|
||||
* User data that will be passed to the callback
|
||||
*
|
||||
* Returns
|
||||
* OB_RET_SUCCESS on sucess
|
||||
* OB_RET_ERROR on error
|
||||
*/
|
||||
|
||||
ObRet (*obfuscatePacketStreamSegments)(SFSnortPacket *p,
|
||||
ObfuscationCallback callback, void *user_data);
|
||||
|
||||
|
||||
/*
|
||||
* Obfuscates the SFSnortPacket payload and returns payload and payload length
|
||||
* in parameters
|
||||
*
|
||||
* NOTE
|
||||
* *payload will be set to NULL, so don't pass in an already
|
||||
* allocated pointer.
|
||||
* *payload_len will be zeroed.
|
||||
*
|
||||
* The payload returned is dynamically allocated and MUST be free'd.
|
||||
*
|
||||
* Arguments
|
||||
* SFSnortPacket *
|
||||
* The SFSnortPacket whose payload should be obfuscated
|
||||
* uint8_t **payload
|
||||
* A pointer to a payload pointer so it can be allocated, returned
|
||||
* and accessed.
|
||||
* ob_size_t *payload_len
|
||||
* A pointer to an ob_size_t so the length can be returned.
|
||||
*
|
||||
* Returns
|
||||
* OB_RET_ERROR if the payload could not be obfuscated
|
||||
* the pointers to payload and payload_len will not be valid
|
||||
* OB_RET_SUCCESS if the payload was obfuscated
|
||||
* the pointers to payload and payload_len will be valid
|
||||
*/
|
||||
|
||||
ObRet (*getObfuscatedPayload)(SFSnortPacket *p, uint8_t **payload,
|
||||
ob_size_t *payload_len);
|
||||
|
||||
/*
|
||||
* Prints the current obfuscation entries.
|
||||
*
|
||||
* Arguments
|
||||
* int sorted
|
||||
* Print the sorted entries and sort if necessary.
|
||||
*
|
||||
* Returns
|
||||
* None
|
||||
*/
|
||||
|
||||
void (*printObfuscationEntries)(int sorted);
|
||||
|
||||
} ObfuscationApi;
|
||||
|
||||
/* For access when including header */
|
||||
extern ObfuscationApi *obApi;
|
||||
|
||||
#endif /* __OBFUSCATION_H__ */
|
|
@ -0,0 +1,272 @@
|
|||
/******************************************************************************
|
||||
* Copyright (C) 2009-2010 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
* published by the Free Software Foundation. You may not use, modify or
|
||||
* distribute this program under any other version of the GNU General
|
||||
* Public License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
******************************************************************************/
|
||||
|
||||
#ifndef __OBFUSCATION_H__
|
||||
#define __OBFUSCATION_H__
|
||||
|
||||
#include "sf_types.h"
|
||||
#include "decode.h"
|
||||
#include <pcap.h>
|
||||
|
||||
|
||||
/*******************************************************************************
|
||||
* Macros
|
||||
******************************************************************************/
|
||||
/* This should be defined to be greater than or equal to the maximum
|
||||
* amount of data expected to be obfuscated */
|
||||
#define OB_LENGTH_MAX UINT16_MAX
|
||||
|
||||
|
||||
/*******************************************************************************
|
||||
* Types
|
||||
******************************************************************************/
|
||||
typedef uint8_t ob_char_t;
|
||||
typedef uint16_t ob_size_t;
|
||||
|
||||
typedef enum _ObRet
|
||||
{
|
||||
OB_RET_SUCCESS,
|
||||
OB_RET_ERROR,
|
||||
OB_RET_OVERFLOW
|
||||
|
||||
} ObRet;
|
||||
|
||||
|
||||
/*******************************************************************************
|
||||
* Callback to use for obfuscating payload or stream segments - see API below.
|
||||
*
|
||||
* The first chunk of a payload or stream segment whether needing obfuscation
|
||||
* or not will pass a valid pcap_pkthdr struct. Subsequent calls will pass NULL
|
||||
* for this structure. This is useful, especially for the stream segment API
|
||||
* call to know when a new segment begins. Any new "payload" will have a valid
|
||||
* pcap_pkthdr struct.
|
||||
*
|
||||
* If the slice sent in has a non-NULL packet data pointer, the data should *NOT*
|
||||
* be obfuscated.
|
||||
*
|
||||
* If the chunk sent in has a NULL packet data pointer, then that chunk of data
|
||||
* should be obfuscated with the obfuscation character.
|
||||
*
|
||||
* The length passed in is the amount of data that should be copied from the
|
||||
* packet data pointer or the amount of data that should be written with the
|
||||
* obfuscation character.
|
||||
*
|
||||
* Arguments
|
||||
* struct pcap_pkthdr *pkth
|
||||
* The pcap header that contains the packet caplen and timestamps
|
||||
* uint8_t *packet_data
|
||||
* A pointer to the current offset into the packet data. NULL if
|
||||
* obfuscation of the payload slice is required.
|
||||
* ob_char_t ob_char
|
||||
* The obfuscation character to use if packet_data is NULL.
|
||||
* ob_size_t length
|
||||
* The amount of data to be logged or obfuscated.
|
||||
* void *user_data
|
||||
* The user data passed in to the API functions obfuscatePayload() or
|
||||
* obfuscateStreamSegments below.
|
||||
*
|
||||
* Returns
|
||||
* OB_RET_SUCCESS if all is good
|
||||
* OB_RET_ERROR if the rest of the obfuscation should not be done
|
||||
*
|
||||
******************************************************************************/
|
||||
typedef ObRet (*ObfuscationCallback)
|
||||
(
|
||||
const struct pcap_pkthdr *pkth,
|
||||
const uint8_t *packet_data,
|
||||
ob_size_t length,
|
||||
ob_char_t ob_char,
|
||||
void *user_data
|
||||
);
|
||||
|
||||
|
||||
/*******************************************************************************
|
||||
* Obfuscation API
|
||||
******************************************************************************/
|
||||
typedef struct _ObfuscationApi
|
||||
{
|
||||
/*
|
||||
* Resets/clears any entries that have been added
|
||||
* Should be done per packet aquisition
|
||||
*
|
||||
* Arguments
|
||||
* None
|
||||
*
|
||||
* Returns
|
||||
* None
|
||||
*/
|
||||
|
||||
void (*resetObfuscationEntries)(void);
|
||||
|
||||
|
||||
/*
|
||||
* Adds an obfuscation entry to the queue
|
||||
*
|
||||
* Arguments
|
||||
* Packet *p
|
||||
* The Packet struct that has the payload data that should be obfuscated
|
||||
* ob_size_t offset
|
||||
* The offset from the beginning of the payload to start obfuscation
|
||||
* ob_size_t length
|
||||
* The amount of data to obfuscate
|
||||
* ob_char_t ob_char
|
||||
* The character to use when obfuscating
|
||||
*
|
||||
* There are two types of entries that can be added. A slice entry that
|
||||
* has an offset and length less than OB_LENGTH_MAX and an entry with
|
||||
* length OB_LENGTH_MAX that implies obfuscating from offset to the end
|
||||
* of the packet data.
|
||||
*
|
||||
* NOTE --
|
||||
* There is a fixed size of slice entries and OB_LENGTH_MAX entries.
|
||||
* If OB_RET_OVERFLOW is returned when attempting to add a slice entry,
|
||||
* a second call can be made to add an OB_LENGTH_MAX entry. Only one
|
||||
* OB_LENGTH_MAX entry can be associated with each Packet. If there is
|
||||
* already an OB_LENGTH_MAX entry for the packet, the lower of the two
|
||||
* offsets will be used. Although you should check for OB_RET_OVERFLOW
|
||||
* when attempting to add an OB_LENGTH_MAX entry, the fixed size should
|
||||
* be more than enough space to store an entry for each possible packet
|
||||
* that could be in the system at the time.
|
||||
*
|
||||
* Returns
|
||||
* OB_RET_SUCCESS on sucess
|
||||
* OB_RET_ERROR on error
|
||||
* OB_RET_OVERFLOW if there is no space left to add an entry
|
||||
*/
|
||||
|
||||
ObRet (*addObfuscationEntry)(Packet *p, ob_size_t offset,
|
||||
ob_size_t length, ob_char_t ob_char);
|
||||
|
||||
|
||||
/*
|
||||
* Determines if there are any obfuscation entries associated with
|
||||
* the given Packet
|
||||
*
|
||||
* Arguments
|
||||
* Packet *
|
||||
* The Packet to check
|
||||
*
|
||||
* Returns
|
||||
* 1 if the packet requires obfuscation
|
||||
* 0 if it doesn't
|
||||
*/
|
||||
|
||||
int (*payloadObfuscationRequired)(Packet *p);
|
||||
|
||||
|
||||
/*
|
||||
* Obfuscate the payload associated with the Packet. Mainly for use by the
|
||||
* output system to print or log an obfuscated payload. The callback will
|
||||
* be called for both payload segments that need obfuscation and those that
|
||||
* don't. See comment on ObfuscationCallback above.
|
||||
*
|
||||
* Arguments
|
||||
* Packet *
|
||||
* The Packet whose payload should be obfuscated
|
||||
* ObfuscationCallback
|
||||
* The function that will be called for each obfuscated and
|
||||
* non-obfuscated segment in the payload
|
||||
* void *
|
||||
* User data that will be passed to the callback
|
||||
*
|
||||
* Returns
|
||||
* OB_RET_SUCCESS on sucess
|
||||
* OB_RET_ERROR on error
|
||||
*/
|
||||
|
||||
ObRet (*obfuscatePacket)(Packet *p,
|
||||
ObfuscationCallback callback, void *user_data);
|
||||
|
||||
|
||||
/*
|
||||
* Obfuscate the stream segments associated with the Packet. Mainly for use
|
||||
* by the output system to print or log the stream segments associated with
|
||||
* a Packet that have been marked as needing obfuscation. The callback will
|
||||
* be called for both stream segments that need obfuscation and those that
|
||||
* don't. It will be called for all stream segments. See comment on
|
||||
* ObfuscationCallback above.
|
||||
*
|
||||
* Arguments
|
||||
* Packet *
|
||||
* The Packet whose stream segments should be obfuscated
|
||||
* ObfuscationCallback
|
||||
* The function that will be called for each obfuscated and
|
||||
* non-obfuscated part of the stream segments.
|
||||
* void *
|
||||
* User data that will be passed to the callback
|
||||
*
|
||||
* Returns
|
||||
* OB_RET_SUCCESS on sucess
|
||||
* OB_RET_ERROR on error
|
||||
*/
|
||||
|
||||
ObRet (*obfuscatePacketStreamSegments)(Packet *p,
|
||||
ObfuscationCallback callback, void *user_data);
|
||||
|
||||
|
||||
/*
|
||||
* Obfuscates the Packet payload and returns payload and payload length
|
||||
* in parameters
|
||||
*
|
||||
* NOTE
|
||||
* *payload will be set to NULL, so don't pass in an already
|
||||
* allocated pointer.
|
||||
* *payload_len will be zeroed.
|
||||
*
|
||||
* The payload returned is dynamically allocated and MUST be free'd.
|
||||
*
|
||||
* Arguments
|
||||
* Packet *
|
||||
* The Packet whose payload should be obfuscated
|
||||
* uint8_t **payload
|
||||
* A pointer to a payload pointer so it can be allocated, returned
|
||||
* and accessed.
|
||||
* ob_size_t *payload_len
|
||||
* A pointer to an ob_size_t so the length can be returned.
|
||||
*
|
||||
* Returns
|
||||
* OB_RET_ERROR if the payload could not be obfuscated
|
||||
* the pointers to payload and payload_len will not be valid
|
||||
* OB_RET_SUCCESS if the payload was obfuscated
|
||||
* the pointers to payload and payload_len will be valid
|
||||
*/
|
||||
|
||||
ObRet (*getObfuscatedPayload)(Packet *p, uint8_t **payload,
|
||||
ob_size_t *payload_len);
|
||||
|
||||
/*
|
||||
* Prints the current obfuscation entries.
|
||||
*
|
||||
* Arguments
|
||||
* int sorted
|
||||
* Print the sorted entries and sort if necessary.
|
||||
*
|
||||
* Returns
|
||||
* None
|
||||
*/
|
||||
|
||||
void (*printObfuscationEntries)(int sorted);
|
||||
|
||||
} ObfuscationApi;
|
||||
|
||||
/* For access when including header */
|
||||
extern ObfuscationApi *obApi;
|
||||
|
||||
#endif /* __OBFUSCATION_H__ */
|
|
@ -0,0 +1,61 @@
|
|||
/*
|
||||
** Copyright (C) 2007-2010 Sourcefire, Inc.
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU General Public License for more details.
|
||||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifndef __PCAP_PKTHDR32_H__
|
||||
#define __PCAP_PKTHDR32_H__
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include "config.h"
|
||||
#endif
|
||||
|
||||
#ifdef WIN32
|
||||
#include <winsock2.h>
|
||||
#else
|
||||
#include <sys/time.h>
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#include "sf_types.h"
|
||||
|
||||
|
||||
/* we must use fixed size of 32 bits, because on-disk
|
||||
* format of savefiles uses 32-bit tv_sec (and tv_usec)
|
||||
*/
|
||||
struct sf_timeval32
|
||||
{
|
||||
uint32_t tv_sec; /* seconds */
|
||||
uint32_t tv_usec; /* microseconds */
|
||||
};
|
||||
|
||||
/* this is equivalent to the pcap pkthdr struct, but we need
|
||||
* a 32 bit one for unified output
|
||||
*/
|
||||
struct pcap_pkthdr32
|
||||
{
|
||||
struct sf_timeval32 ts; /* packet timestamp */
|
||||
uint32_t caplen; /* packet capture length */
|
||||
uint32_t pktlen; /* packet "real" length */
|
||||
};
|
||||
|
||||
|
||||
#endif /* __PCAP_PKTHDR32_H__ */
|
||||
|
|
@ -0,0 +1,67 @@
|
|||
/* $Id$ */
|
||||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2003-2010 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
* published by the Free Software Foundation. You may not use, modify or
|
||||
* distribute this program under any other version of the GNU General
|
||||
* Public License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
/*
|
||||
Purpose: Enumerate all the various detection plugins entries for
|
||||
otn->ds_list[]
|
||||
|
||||
No more grepping to make your own plugin!
|
||||
*/
|
||||
|
||||
#ifndef _PLUGIN_ENUM_H
|
||||
#define _PLUGIN_ENUM_H
|
||||
|
||||
enum {
|
||||
PLUGIN_CLIENTSERVER,
|
||||
PLUGIN_DSIZE_CHECK,
|
||||
PLUGIN_FRAG_BITS,
|
||||
PLUGIN_FRAG_OFFSET,
|
||||
PLUGIN_ICMP_CODE,
|
||||
PLUGIN_ICMP_ID_CHECK,
|
||||
PLUGIN_ICMP_SEQ_CHECK,
|
||||
PLUGIN_ICMP_TYPE,
|
||||
PLUGIN_IPOPTION_CHECK,
|
||||
PLUGIN_IP_ID_CHECK,
|
||||
PLUGIN_IP_PROTO_CHECK,
|
||||
PLUGIN_IP_SAME_CHECK,
|
||||
PLUGIN_IP_TOS_CHECK,
|
||||
PLUGIN_PATTERN_MATCH, /* AND match */
|
||||
PLUGIN_PATTERN_MATCH_OR,
|
||||
PLUGIN_PATTERN_MATCH_URI,
|
||||
PLUGIN_RESPOND,
|
||||
PLUGIN_RPC_CHECK,
|
||||
PLUGIN_SESSION,
|
||||
PLUGIN_TCP_ACK_CHECK,
|
||||
PLUGIN_TCP_FLAG_CHECK,
|
||||
PLUGIN_TCP_SEQ_CHECK,
|
||||
PLUGIN_TCP_WIN_CHECK,
|
||||
PLUGIN_TTL_CHECK,
|
||||
PLUGIN_BYTE_TEST,
|
||||
PLUGIN_PCRE,
|
||||
PLUGIN_URILEN_CHECK,
|
||||
PLUGIN_DYNAMIC,
|
||||
PLUGIN_FLOWBIT,
|
||||
PLUGIN_MAX /* sentinel value */
|
||||
};
|
||||
|
||||
#endif /* _PLUGIN_ENUM_H */
|
||||
|
|
@ -0,0 +1,90 @@
|
|||
/****************************************************************************
|
||||
*
|
||||
* Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
* published by the Free Software Foundation. You may not use, modify or
|
||||
* distribute this program under any other version of the GNU General
|
||||
* Public License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
|
||||
#ifndef _PREPROC_IDS_H
|
||||
#define _PREPROC_IDS_H
|
||||
|
||||
/*
|
||||
** Preprocessor Communication Defines
|
||||
** ----------------------------------
|
||||
** These defines allow preprocessors to be turned
|
||||
** on and off for each packet. Preprocessors can be
|
||||
** turned off and on before preprocessing occurs and
|
||||
** during preprocessing.
|
||||
**
|
||||
** Currently, the order in which the preprocessors are
|
||||
** placed in the snort.conf determine the order of
|
||||
** evaluation. So if one module wants to turn off
|
||||
** another module, it must come first in the order.
|
||||
*/
|
||||
|
||||
#define PP_BO 0
|
||||
#define PP_DCERPC 1
|
||||
#define PP_DNS 2
|
||||
#define PP_FRAG3 3
|
||||
#define PP_FTPTELNET 4
|
||||
#define PP_HTTPINSPECT 5
|
||||
#define PP_PERFMONITOR 6
|
||||
#define PP_RPCDECODE 7
|
||||
#define PP_RULES 8
|
||||
#define PP_SFPORTSCAN 9
|
||||
#define PP_SMTP 10
|
||||
#define PP_SSH 11
|
||||
#define PP_SSL 12
|
||||
#define PP_STREAM5 13
|
||||
#define PP_TELNET 14
|
||||
#define PP_ARPSPOOF 15
|
||||
#define PP_DCE2 16
|
||||
#define PP_SDF 17
|
||||
|
||||
/* used externally */
|
||||
#define PP_ISAKMP 18
|
||||
#define PP_SKYPE 19
|
||||
|
||||
/* currently 32 bits (preprocessors) */
|
||||
/* are available. most of these can */
|
||||
/* be deleted: */
|
||||
#if 0
|
||||
#define PP_ASN1DECODE 17
|
||||
#define PP_CONVERSATION 18
|
||||
#define PP_FLOW 19
|
||||
#define PP_FRAG2 20
|
||||
#define PP_FNORD 21
|
||||
#define PP_HTTPFLOW 22
|
||||
#define PP_LOADBALANCING 24
|
||||
#define PP_PORTSCAN 25
|
||||
#define PP_PORTSCAN2 26
|
||||
#define PP_PORTSCAN_IGNORE_HOSTS 27
|
||||
#endif
|
||||
|
||||
#define PP_ALL_ON 0xFFFFFFFF
|
||||
#define PP_ALL_OFF 0x00000000
|
||||
|
||||
#define PRIORITY_FIRST 0x0
|
||||
#define PRIORITY_NETWORK 0x10
|
||||
#define PRIORITY_TRANSPORT 0x100
|
||||
#define PRIORITY_TUNNEL 0x105
|
||||
#define PRIORITY_SCANNER 0x110
|
||||
#define PRIORITY_APPLICATION 0x200
|
||||
#define PRIORITY_LAST 0xffff
|
||||
|
||||
#endif /* _PREPROC_IDS_H */
|
||||
|
|
@ -0,0 +1,183 @@
|
|||
/*
|
||||
** Copyright (C) 2005-2010 Sourcefire, Inc.
|
||||
** Author: Steven Sturges <ssturges@sourcefire.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License Version 2 as
|
||||
** published by the Free Software Foundation. You may not use, modify or
|
||||
** distribute this program under any other version of the GNU General
|
||||
** Public License.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU General Public License for more details.
|
||||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
/* $Id$ */
|
||||
|
||||
#ifndef __PROFILER_H__
|
||||
#define __PROFILER_H__
|
||||
|
||||
#ifdef PERF_PROFILING
|
||||
|
||||
#include "sf_types.h"
|
||||
#include "cpuclock.h"
|
||||
|
||||
/* Sort preferences for rule profiling */
|
||||
#define PROFILE_SORT_CHECKS 1
|
||||
#define PROFILE_SORT_MATCHES 2
|
||||
#define PROFILE_SORT_NOMATCHES 3
|
||||
#define PROFILE_SORT_AVG_TICKS 4
|
||||
#define PROFILE_SORT_AVG_TICKS_PER_MATCH 5
|
||||
#define PROFILE_SORT_AVG_TICKS_PER_NOMATCH 6
|
||||
#define PROFILE_SORT_TOTAL_TICKS 7
|
||||
|
||||
/* MACROS that handle profiling of rules and preprocessors */
|
||||
#define PROFILE_VARS uint64_t ticks_start = 0, ticks_end = 0, ticks_delta = 0
|
||||
|
||||
#define PROFILE_START \
|
||||
get_clockticks(ticks_start);
|
||||
|
||||
#define PROFILE_END \
|
||||
get_clockticks(ticks_end); \
|
||||
ticks_delta = ticks_end - ticks_start;
|
||||
|
||||
#ifndef PROFILING_RULES
|
||||
#define PROFILING_RULES ScProfileRules()
|
||||
#endif
|
||||
|
||||
#define NODE_PROFILE_VARS uint64_t ticks_start = 0, ticks_end = 0, ticks_delta = 0, node_deltas = 0
|
||||
|
||||
#define NODE_PROFILE_START(node) \
|
||||
if (PROFILING_RULES) { \
|
||||
node->checks++; \
|
||||
PROFILE_START; \
|
||||
}
|
||||
|
||||
#define NODE_PROFILE_END_MATCH(node) \
|
||||
if (PROFILING_RULES) { \
|
||||
PROFILE_END; \
|
||||
node->ticks += ticks_delta + node_deltas; \
|
||||
node->ticks_match += ticks_delta + node_deltas; \
|
||||
}
|
||||
|
||||
#define NODE_PROFILE_END_NOMATCH(node) \
|
||||
if (PROFILING_RULES) { \
|
||||
PROFILE_END; \
|
||||
node->ticks += ticks_delta + node_deltas; \
|
||||
node->ticks_no_match += ticks_delta + node_deltas; \
|
||||
}
|
||||
|
||||
#define NODE_PROFILE_TMPSTART(node) \
|
||||
if (PROFILING_RULES) { \
|
||||
PROFILE_START; \
|
||||
}
|
||||
|
||||
#define NODE_PROFILE_TMPEND(node) \
|
||||
if (PROFILING_RULES) { \
|
||||
PROFILE_END; \
|
||||
node_deltas += ticks_delta; \
|
||||
}
|
||||
|
||||
#define OTN_PROFILE_ALERT(otn) otn->alerts++;
|
||||
|
||||
#ifndef PROFILING_PREPROCS
|
||||
#define PROFILING_PREPROCS ScProfilePreprocs()
|
||||
#endif
|
||||
|
||||
#define PREPROC_PROFILE_START(ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
ppstat.checks++; \
|
||||
PROFILE_START; \
|
||||
ppstat.ticks_start = ticks_start; \
|
||||
}
|
||||
|
||||
#define PREPROC_PROFILE_REENTER_START(ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
PROFILE_START; \
|
||||
ppstat.ticks_start = ticks_start; \
|
||||
}
|
||||
|
||||
#define PREPROC_PROFILE_TMPSTART(ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
PROFILE_START; \
|
||||
ppstat.ticks_start = ticks_start; \
|
||||
}
|
||||
|
||||
#define PREPROC_PROFILE_END(ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
PROFILE_END; \
|
||||
ppstat.exits++; \
|
||||
ppstat.ticks += ticks_end - ppstat.ticks_start; \
|
||||
}
|
||||
|
||||
#define PREPROC_PROFILE_REENTER_END(ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
PROFILE_END; \
|
||||
ppstat.ticks += ticks_end - ppstat.ticks_start; \
|
||||
}
|
||||
|
||||
#define PREPROC_PROFILE_TMPEND(ppstat) \
|
||||
if (PROFILING_PREPROCS) { \
|
||||
PROFILE_END; \
|
||||
ppstat.ticks += ticks_end - ppstat.ticks_start; \
|
||||
}
|
||||
|
||||
/************** Profiling API ******************/
|
||||
void ShowRuleProfiles(void);
|
||||
|
||||
/* Preprocessor stats info */
|
||||
typedef struct _PreprocStats
|
||||
{
|
||||
uint64_t ticks, ticks_start;
|
||||
uint64_t checks;
|
||||
uint64_t exits;
|
||||
} PreprocStats;
|
||||
|
||||
typedef struct _PreprocStatsNode
|
||||
{
|
||||
PreprocStats *stats;
|
||||
char *name;
|
||||
int layer;
|
||||
PreprocStats *parent;
|
||||
struct _PreprocStatsNode *next;
|
||||
} PreprocStatsNode;
|
||||
|
||||
typedef struct _ProfileConfig
|
||||
{
|
||||
int num;
|
||||
int sort;
|
||||
int append;
|
||||
char *filename;
|
||||
|
||||
} ProfileConfig;
|
||||
|
||||
void RegisterPreprocessorProfile(char *keyword, PreprocStats *stats, int layer, PreprocStats *parent);
|
||||
void ShowPreprocProfiles(void);
|
||||
void ResetRuleProfiling(void);
|
||||
void ResetPreprocProfiling(void);
|
||||
void CleanupPreprocStatsNodeList(void);
|
||||
extern PreprocStats totalPerfStats;
|
||||
#else
|
||||
#define PROFILE_VARS
|
||||
#define NODE_PROFILE_VARS
|
||||
#define NODE_PROFILE_START(node)
|
||||
#define NODE_PROFILE_END_MATCH(node)
|
||||
#define NODE_PROFILE_END_NOMATCH(node)
|
||||
#define NODE_PROFILE_TMPSTART(node)
|
||||
#define NODE_PROFILE_TMPEND(node)
|
||||
#define OTN_PROFILE_ALERT(otn)
|
||||
#define PREPROC_PROFILE_START(ppstat)
|
||||
#define PREPROC_PROFILE_REENTER_START(ppstat)
|
||||
#define PREPROC_PROFILE_TMPSTART(ppstat)
|
||||
#define PREPROC_PROFILE_END(ppstat)
|
||||
#define PREPROC_PROFILE_REENTER_END(ppstat)
|
||||
#define PREPROC_PROFILE_TMPEND(ppstat)
|
||||
#endif
|
||||
|
||||
#endif /* __PROFILER_H__ */
|
|
@ -0,0 +1,72 @@
|
|||
/****************************************************************************
|
||||
* Copyright (C) 2008-2010 Sourcefire, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License Version 2 as
|
||||
* published by the Free Software Foundation. You may not use, modify or
|
||||
* distribute this program under any other version of the GNU General
|
||||
* Public License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
****************************************************************************/
|
||||
#ifndef RULE_OPTION_TYPES__H
|
||||
#define RULE_OPTION_TYPES__H
|
||||
|
||||
typedef enum _option_type_t
|
||||
{
|
||||
RULE_OPTION_TYPE_LEAF_NODE,
|
||||
RULE_OPTION_TYPE_ASN1,
|
||||
RULE_OPTION_TYPE_BYTE_TEST,
|
||||
RULE_OPTION_TYPE_BYTE_JUMP,
|
||||
RULE_OPTION_TYPE_FLOW,
|
||||
RULE_OPTION_TYPE_CVS,
|
||||
RULE_OPTION_TYPE_DSIZE,
|
||||
RULE_OPTION_TYPE_FLOWBIT,
|
||||
RULE_OPTION_TYPE_FTPBOUNCE,
|
||||
RULE_OPTION_TYPE_ICMP_CODE,
|
||||
RULE_OPTION_TYPE_ICMP_ID,
|
||||
RULE_OPTION_TYPE_ICMP_SEQ,
|
||||
RULE_OPTION_TYPE_ICMP_TYPE,
|
||||
RULE_OPTION_TYPE_IP_FRAGBITS,
|
||||
RULE_OPTION_TYPE_IP_FRAG_OFFSET,
|
||||
RULE_OPTION_TYPE_IP_ID,
|
||||
RULE_OPTION_TYPE_IP_OPTION,
|
||||
RULE_OPTION_TYPE_IP_PROTO,
|
||||
RULE_OPTION_TYPE_IP_SAME,
|
||||
RULE_OPTION_TYPE_IP_TOS,
|
||||
RULE_OPTION_TYPE_IS_DATA_AT,
|
||||
RULE_OPTION_TYPE_FILE_DATA,
|
||||
RULE_OPTION_TYPE_CONTENT,
|
||||
RULE_OPTION_TYPE_CONTENT_URI,
|
||||
RULE_OPTION_TYPE_PCRE,
|
||||
#ifdef ENABLE_REACT
|
||||
RULE_OPTION_TYPE_REACT,
|
||||
#endif
|
||||
#ifdef ENABLE_RESPOND
|
||||
RULE_OPTION_TYPE_RESPOND,
|
||||
#endif
|
||||
RULE_OPTION_TYPE_RPC_CHECK,
|
||||
RULE_OPTION_TYPE_SESSION,
|
||||
RULE_OPTION_TYPE_TCP_ACK,
|
||||
RULE_OPTION_TYPE_TCP_FLAG,
|
||||
RULE_OPTION_TYPE_TCP_SEQ,
|
||||
RULE_OPTION_TYPE_TCP_WIN,
|
||||
RULE_OPTION_TYPE_TTL,
|
||||
RULE_OPTION_TYPE_URILEN
|
||||
#ifdef DYNAMIC_PLUGIN
|
||||
,
|
||||
RULE_OPTION_TYPE_HDR_OPT_CHECK,
|
||||
RULE_OPTION_TYPE_PREPROCESSOR,
|
||||
RULE_OPTION_TYPE_DYNAMIC
|
||||
#endif
|
||||
} option_type_t;
|
||||
|
||||
#endif /* RULE_OPTION_TYPES__H */
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue