upgrade to ubuntu 16.04, snort 2.9.9.0, but bugs to be fixed

This commit is contained in:
Qool 2017-05-01 20:41:55 +08:00
parent c4ef724fe5
commit 1c79dd93e8
161 changed files with 99441 additions and 5973 deletions

52
.gitignore vendored Normal file
View file

@ -0,0 +1,52 @@
# Prerequisites
*.d
# Object files
*.o
*.ko
*.obj
*.elf
# Linker output
*.ilk
*.map
*.exp
# Precompiled Headers
*.gch
*.pch
# Libraries
*.lib
*.a
*.la
*.lo
# Shared objects (inc. Windows DLLs)
*.dll
*.so
*.so.*
*.dylib
# Executables
*.exe
*.out
*.app
*.i*86
*.x86_64
*.hex
# Debug files
*.dSYM/
*.su
*.idb
*.pdb
# Kernel Module Compile Results
*.mod*
*.cmd
.tmp_versions/
modules.order
Module.symvers
Mkfile.old
dkms.conf

1052
Makefile Normal file

File diff suppressed because it is too large Load diff

4
Makefile.am Normal file → Executable file
View file

@ -2,9 +2,9 @@
AUTOMAKE_OPTIONS=foreign no-dependencies
libdir = ${exec_prefix}/lib/snort_dynamicpreprocessor
libdir = ${exec_prefix}/local/lib/snort_dynamicpreprocessor
lib_LTLIBRARIES = libsf_ai_preproc.la
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./base64 -I./fsom -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} ${LIBPYTHON_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -std=c99 -fstack-protector
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./base64 -I./fsom -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} ${LIBPYTHON_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -std=c99 -fstack-protector -lpthread -DHAVE_CONFIG_H
libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic
BUILT_SOURCES = \

View file

@ -1,9 +1,8 @@
# Makefile.in generated by automake 1.11.1 from Makefile.am.
# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
# Inc.
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -17,6 +16,61 @@
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@ -36,10 +90,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = .
DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in $(srcdir)/config.h.in \
$(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \
TODO config.guess config.sub install-sh ltmain.sh missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
@ -47,6 +97,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
$(am__configure_deps) $(am__DIST_COMMON)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
@ -74,6 +126,12 @@ am__nobase_list = $(am__nobase_strip_setup); \
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(corr_rulesdir)" \
"$(DESTDIR)$(sharedir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
@ -97,42 +155,102 @@ nodist_libsf_ai_preproc_la_OBJECTS = \
libsf_ai_preproc_la-sfPolicyUserData.lo
libsf_ai_preproc_la_OBJECTS = $(am_libsf_ai_preproc_la_OBJECTS) \
$(nodist_libsf_ai_preproc_la_OBJECTS)
libsf_ai_preproc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) \
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
libsf_ai_preproc_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) \
$(libsf_ai_preproc_la_LDFLAGS) $(LDFLAGS) -o $@
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp =
am__depfiles_maybe =
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
$(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo " CC " $@;
am__v_CC_1 =
CCLD = $(CC)
LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(libsf_ai_preproc_la_SOURCES) \
$(nodist_libsf_ai_preproc_la_SOURCES)
DIST_SOURCES = $(libsf_ai_preproc_la_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
DATA = $(corr_rules_DATA) $(share_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
$(LISP)config.h.in
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
AM_RECURSIVE_TARGETS = cscope
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in AUTHORS \
COPYING ChangeLog INSTALL NEWS README TODO compile \
config.guess config.sub install-sh ltmain.sh missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
am__remove_distdir = \
{ test ! -d "$(distdir)" \
|| { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
&& rm -fr "$(distdir)"; }; }
if test -d "$(distdir)"; then \
find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
&& rm -rf "$(distdir)" \
|| { sleep 5 && rm -rf "$(distdir)"; }; \
else :; fi
am__post_remove_distdir = $(am__remove_distdir)
DIST_ARCHIVES = $(distdir).tar.gz
GZIP_ENV = --best
DIST_TARGETS = dist-gzip
distuninstallcheck_listfiles = find . -type f -print
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
distcleancheck_listfiles = find . -type f -print
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@ -147,6 +265,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DOC_PREFIX = @DOC_PREFIX@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
@ -173,7 +292,9 @@ LIBXML2_INCLUDES = @LIBXML2_INCLUDES@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
@ -200,6 +321,7 @@ abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
@ -229,11 +351,10 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = ${exec_prefix}/lib/snort_dynamicpreprocessor
libdir = ${exec_prefix}/local/lib/snort_dynamicpreprocessor
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@ -241,6 +362,7 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@ -251,7 +373,7 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AUTOMAKE_OPTIONS = foreign no-dependencies
lib_LTLIBRARIES = libsf_ai_preproc.la
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./base64 -I./fsom -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} ${LIBPYTHON_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -std=c99 -fstack-protector
libsf_ai_preproc_la_CFLAGS = -I./uthash -I./base64 -I./fsom -I./include ${LIBXML2_INCLUDES} ${LIBGRAPH_INCLUDES} ${LIBPYTHON_INCLUDES} -DDYNAMIC_PLUGIN -D_XOPEN_SOURCE -D_GNU_SOURCE -fvisibility=hidden -fno-strict-aliasing -Wall -pedantic -pedantic-errors -std=c99 -fstack-protector -lpthread -DHAVE_CONFIG_H
libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic
BUILT_SOURCES = \
include/sf_dynamic_preproc_lib.c \
@ -298,7 +420,7 @@ all: $(BUILT_SOURCES) config.h
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
am--refresh:
am--refresh: Makefile
@:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
@ -313,7 +435,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@ -334,10 +455,8 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
$(am__aclocal_m4_deps):
config.h: stamp-h1
@if test ! -f $@; then \
rm -f stamp-h1; \
$(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
else :; fi
@test -f $@ || rm -f stamp-h1
@test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1
stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
@rm -f stamp-h1
@ -349,9 +468,9 @@ $(srcdir)/config.h.in: $(am__configure_deps)
distclean-hdr:
-rm -f config.h stamp-h1
install-libLTLIBRARIES: $(lib_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
list2=; for p in $$list; do \
if test -f $$p; then \
@ -359,6 +478,8 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES)
else :; fi; \
done; \
test -z "$$list2" || { \
echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
}
@ -374,14 +495,17 @@ uninstall-libLTLIBRARIES:
clean-libLTLIBRARIES:
-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
test "$$dir" != "$$p" || dir=.; \
echo "rm -f \"$${dir}/so_locations\""; \
rm -f "$${dir}/so_locations"; \
done
libsf_ai_preproc.la: $(libsf_ai_preproc_la_OBJECTS) $(libsf_ai_preproc_la_DEPENDENCIES)
$(libsf_ai_preproc_la_LINK) -rpath $(libdir) $(libsf_ai_preproc_la_OBJECTS) $(libsf_ai_preproc_la_LIBADD) $(LIBS)
@list='$(lib_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
test -z "$$locs" || { \
echo rm -f $${locs}; \
rm -f $${locs}; \
}
libsf_ai_preproc.la: $(libsf_ai_preproc_la_OBJECTS) $(libsf_ai_preproc_la_DEPENDENCIES) $(EXTRA_libsf_ai_preproc_la_DEPENDENCIES)
$(AM_V_CCLD)$(libsf_ai_preproc_la_LINK) -rpath $(libdir) $(libsf_ai_preproc_la_OBJECTS) $(libsf_ai_preproc_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@ -390,91 +514,91 @@ distclean-compile:
-rm -f *.tab.c
.c.o:
$(COMPILE) -c $<
$(AM_V_CC)$(COMPILE) -c -o $@ $<
.c.obj:
$(COMPILE) -c `$(CYGPATH_W) '$<'`
$(AM_V_CC)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
$(LTCOMPILE) -c -o $@ $<
$(AM_V_CC)$(LTCOMPILE) -c -o $@ $<
libsf_ai_preproc_la-alert_history.lo: alert_history.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-alert_history.lo `test -f 'alert_history.c' || echo '$(srcdir)/'`alert_history.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-alert_history.lo `test -f 'alert_history.c' || echo '$(srcdir)/'`alert_history.c
libsf_ai_preproc_la-alert_parser.lo: alert_parser.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-alert_parser.lo `test -f 'alert_parser.c' || echo '$(srcdir)/'`alert_parser.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-alert_parser.lo `test -f 'alert_parser.c' || echo '$(srcdir)/'`alert_parser.c
libsf_ai_preproc_la-base64.lo: base64/base64.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-base64.lo `test -f 'base64/base64.c' || echo '$(srcdir)/'`base64/base64.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-base64.lo `test -f 'base64/base64.c' || echo '$(srcdir)/'`base64/base64.c
libsf_ai_preproc_la-cdecode.lo: base64/cdecode.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cdecode.lo `test -f 'base64/cdecode.c' || echo '$(srcdir)/'`base64/cdecode.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cdecode.lo `test -f 'base64/cdecode.c' || echo '$(srcdir)/'`base64/cdecode.c
libsf_ai_preproc_la-cencode.lo: base64/cencode.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cencode.lo `test -f 'base64/cencode.c' || echo '$(srcdir)/'`base64/cencode.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cencode.lo `test -f 'base64/cencode.c' || echo '$(srcdir)/'`base64/cencode.c
libsf_ai_preproc_la-bayesian.lo: bayesian.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-bayesian.lo `test -f 'bayesian.c' || echo '$(srcdir)/'`bayesian.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-bayesian.lo `test -f 'bayesian.c' || echo '$(srcdir)/'`bayesian.c
libsf_ai_preproc_la-cluster.lo: cluster.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cluster.lo `test -f 'cluster.c' || echo '$(srcdir)/'`cluster.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cluster.lo `test -f 'cluster.c' || echo '$(srcdir)/'`cluster.c
libsf_ai_preproc_la-correlation.lo: correlation.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-correlation.lo `test -f 'correlation.c' || echo '$(srcdir)/'`correlation.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-correlation.lo `test -f 'correlation.c' || echo '$(srcdir)/'`correlation.c
libsf_ai_preproc_la-db.lo: db.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
libsf_ai_preproc_la-kmeans.lo: fkmeans/kmeans.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-kmeans.lo `test -f 'fkmeans/kmeans.c' || echo '$(srcdir)/'`fkmeans/kmeans.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-kmeans.lo `test -f 'fkmeans/kmeans.c' || echo '$(srcdir)/'`fkmeans/kmeans.c
libsf_ai_preproc_la-fsom.lo: fsom/fsom.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-fsom.lo `test -f 'fsom/fsom.c' || echo '$(srcdir)/'`fsom/fsom.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-fsom.lo `test -f 'fsom/fsom.c' || echo '$(srcdir)/'`fsom/fsom.c
libsf_ai_preproc_la-geo.lo: geo.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-geo.lo `test -f 'geo.c' || echo '$(srcdir)/'`geo.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-geo.lo `test -f 'geo.c' || echo '$(srcdir)/'`geo.c
libsf_ai_preproc_la-kb.lo: kb.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-kb.lo `test -f 'kb.c' || echo '$(srcdir)/'`kb.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-kb.lo `test -f 'kb.c' || echo '$(srcdir)/'`kb.c
libsf_ai_preproc_la-manual.lo: manual.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-manual.lo `test -f 'manual.c' || echo '$(srcdir)/'`manual.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-manual.lo `test -f 'manual.c' || echo '$(srcdir)/'`manual.c
libsf_ai_preproc_la-modules.lo: modules.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-modules.lo `test -f 'modules.c' || echo '$(srcdir)/'`modules.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-modules.lo `test -f 'modules.c' || echo '$(srcdir)/'`modules.c
libsf_ai_preproc_la-mysql.lo: mysql.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-mysql.lo `test -f 'mysql.c' || echo '$(srcdir)/'`mysql.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-mysql.lo `test -f 'mysql.c' || echo '$(srcdir)/'`mysql.c
libsf_ai_preproc_la-neural.lo: neural.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-neural.lo `test -f 'neural.c' || echo '$(srcdir)/'`neural.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-neural.lo `test -f 'neural.c' || echo '$(srcdir)/'`neural.c
libsf_ai_preproc_la-neural_cluster.lo: neural_cluster.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-neural_cluster.lo `test -f 'neural_cluster.c' || echo '$(srcdir)/'`neural_cluster.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-neural_cluster.lo `test -f 'neural_cluster.c' || echo '$(srcdir)/'`neural_cluster.c
libsf_ai_preproc_la-outdb.lo: outdb.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-outdb.lo `test -f 'outdb.c' || echo '$(srcdir)/'`outdb.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-outdb.lo `test -f 'outdb.c' || echo '$(srcdir)/'`outdb.c
libsf_ai_preproc_la-postgresql.lo: postgresql.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-postgresql.lo `test -f 'postgresql.c' || echo '$(srcdir)/'`postgresql.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-postgresql.lo `test -f 'postgresql.c' || echo '$(srcdir)/'`postgresql.c
libsf_ai_preproc_la-regex.lo: regex.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-regex.lo `test -f 'regex.c' || echo '$(srcdir)/'`regex.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-regex.lo `test -f 'regex.c' || echo '$(srcdir)/'`regex.c
libsf_ai_preproc_la-spp_ai.lo: spp_ai.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-spp_ai.lo `test -f 'spp_ai.c' || echo '$(srcdir)/'`spp_ai.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-spp_ai.lo `test -f 'spp_ai.c' || echo '$(srcdir)/'`spp_ai.c
libsf_ai_preproc_la-stream.lo: stream.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-stream.lo `test -f 'stream.c' || echo '$(srcdir)/'`stream.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-stream.lo `test -f 'stream.c' || echo '$(srcdir)/'`stream.c
libsf_ai_preproc_la-webserv.lo: webserv.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-webserv.lo `test -f 'webserv.c' || echo '$(srcdir)/'`webserv.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-webserv.lo `test -f 'webserv.c' || echo '$(srcdir)/'`webserv.c
libsf_ai_preproc_la-sf_dynamic_preproc_lib.lo: include/sf_dynamic_preproc_lib.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-sf_dynamic_preproc_lib.lo `test -f 'include/sf_dynamic_preproc_lib.c' || echo '$(srcdir)/'`include/sf_dynamic_preproc_lib.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-sf_dynamic_preproc_lib.lo `test -f 'include/sf_dynamic_preproc_lib.c' || echo '$(srcdir)/'`include/sf_dynamic_preproc_lib.c
libsf_ai_preproc_la-sfPolicyUserData.lo: include/sfPolicyUserData.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-sfPolicyUserData.lo `test -f 'include/sfPolicyUserData.c' || echo '$(srcdir)/'`include/sfPolicyUserData.c
$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-sfPolicyUserData.lo `test -f 'include/sfPolicyUserData.c' || echo '$(srcdir)/'`include/sfPolicyUserData.c
mostlyclean-libtool:
-rm -f *.lo
@ -486,8 +610,11 @@ distclean-libtool:
-rm -f libtool config.lt
install-corr_rulesDATA: $(corr_rules_DATA)
@$(NORMAL_INSTALL)
test -z "$(corr_rulesdir)" || $(MKDIR_P) "$(DESTDIR)$(corr_rulesdir)"
@list='$(corr_rules_DATA)'; test -n "$(corr_rulesdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(corr_rulesdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(corr_rulesdir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
@ -501,13 +628,14 @@ uninstall-corr_rulesDATA:
@$(NORMAL_UNINSTALL)
@list='$(corr_rules_DATA)'; test -n "$(corr_rulesdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
test -n "$$files" || exit 0; \
echo " ( cd '$(DESTDIR)$(corr_rulesdir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(corr_rulesdir)" && rm -f $$files
dir='$(DESTDIR)$(corr_rulesdir)'; $(am__uninstall_files_from_dir)
install-shareDATA: $(share_DATA)
@$(NORMAL_INSTALL)
test -z "$(sharedir)" || $(MKDIR_P) "$(DESTDIR)$(sharedir)"
@list='$(share_DATA)'; test -n "$(sharedir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(sharedir)'"; \
$(MKDIR_P) "$(DESTDIR)$(sharedir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; \
@ -521,30 +649,17 @@ uninstall-shareDATA:
@$(NORMAL_UNINSTALL)
@list='$(share_DATA)'; test -n "$(sharedir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
test -n "$$files" || exit 0; \
echo " ( cd '$(DESTDIR)$(sharedir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(sharedir)" && rm -f $$files
dir='$(DESTDIR)$(sharedir)'; $(am__uninstall_files_from_dir)
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-am
TAGS: tags
TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
@ -556,15 +671,11 @@ TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
$$unique; \
fi; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
ctags: ctags-am
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
@ -573,9 +684,31 @@ GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
cscope: cscope.files
test ! -s cscope.files \
|| $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS)
clean-cscope:
-rm -f cscope.files
cscope.files: clean-cscope cscopelist
cscopelist: cscopelist-am
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
case "$(srcdir)" in \
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
*) sdir=$(subdir)/$(srcdir) ;; \
esac; \
for i in $$list; do \
if test -f "$$i"; then \
echo "$(subdir)/$$i"; \
else \
echo "$$sdir/$$i"; \
fi; \
done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
distdir: $(DISTFILES)
$(am__remove_distdir)
@ -618,36 +751,42 @@ distdir: $(DISTFILES)
|| chmod -R a+r "$(distdir)"
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
$(am__remove_distdir)
$(am__post_remove_distdir)
dist-bzip2: distdir
tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
$(am__remove_distdir)
tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
$(am__post_remove_distdir)
dist-lzma: distdir
tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
$(am__remove_distdir)
dist-lzip: distdir
tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
$(am__post_remove_distdir)
dist-xz: distdir
tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
$(am__remove_distdir)
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
$(am__post_remove_distdir)
dist-tarZ: distdir
@echo WARNING: "Support for distribution archives compressed with" \
"legacy program 'compress' is deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__remove_distdir)
$(am__post_remove_distdir)
dist-shar: distdir
@echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
$(am__remove_distdir)
$(am__post_remove_distdir)
dist-zip: distdir
-rm -f $(distdir).zip
zip -rq $(distdir).zip $(distdir)
$(am__remove_distdir)
$(am__post_remove_distdir)
dist dist-all: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
$(am__remove_distdir)
dist dist-all:
$(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:'
$(am__post_remove_distdir)
# This target untars the dist file and tries a VPATH configuration. Then
# it guarantees that the distribution is self-contained by making another
@ -658,8 +797,8 @@ distcheck: dist
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lzma*) \
lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
*.tar.lz*) \
lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
*.tar.xz*) \
xz -dc $(distdir).tar.xz | $(am__untar) ;;\
*.tar.Z*) \
@ -669,17 +808,19 @@ distcheck: dist
*.zip*) \
unzip $(distdir).zip ;;\
esac
chmod -R a-w $(distdir); chmod a+w $(distdir)
mkdir $(distdir)/_build
mkdir $(distdir)/_inst
chmod -R a-w $(distdir)
chmod u+w $(distdir)
mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
chmod a-w $(distdir)
test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
&& am__cwd=`pwd` \
&& $(am__cd) $(distdir)/_build \
&& ../configure --srcdir=.. --prefix="$$dc_install_base" \
&& $(am__cd) $(distdir)/_build/sub \
&& ../../configure \
$(AM_DISTCHECK_CONFIGURE_FLAGS) \
$(DISTCHECK_CONFIGURE_FLAGS) \
--srcdir=../.. --prefix="$$dc_install_base" \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) check \
@ -702,13 +843,21 @@ distcheck: dist
&& $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
&& cd "$$am__cwd" \
|| exit 1
$(am__remove_distdir)
$(am__post_remove_distdir)
@(echo "$(distdir) archives ready for distribution: "; \
list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
distuninstallcheck:
@$(am__cd) '$(distuninstallcheck_dir)' \
&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
@test -n '$(distuninstallcheck_dir)' || { \
echo 'ERROR: trying to run $@ with an empty' \
'$$(distuninstallcheck_dir)' >&2; \
exit 1; \
}; \
$(am__cd) '$(distuninstallcheck_dir)' || { \
echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \
exit 1; \
}; \
test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \
|| { echo "ERROR: files left after uninstall:" ; \
if test -n "$(DESTDIR)"; then \
echo " (check DESTDIR support)"; \
@ -743,10 +892,15 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
@ -835,24 +989,26 @@ uninstall-am: uninstall-corr_rulesDATA uninstall-libLTLIBRARIES \
.MAKE: all check install install-am install-data-am install-strip
.PHONY: CTAGS GTAGS all all-am am--refresh check check-am clean \
clean-generic clean-libLTLIBRARIES clean-libtool ctags dist \
dist-all dist-bzip2 dist-gzip dist-lzma dist-shar dist-tarZ \
dist-xz dist-zip distcheck distclean distclean-compile \
distclean-generic distclean-hdr distclean-libtool \
distclean-tags distcleancheck distdir distuninstallcheck dvi \
dvi-am html html-am info info-am install install-am \
install-corr_rulesDATA install-data install-data-am \
install-data-hook install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-libLTLIBRARIES install-man install-pdf \
install-pdf-am install-ps install-ps-am install-shareDATA \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
pdf pdf-am ps ps-am tags uninstall uninstall-am \
uninstall-corr_rulesDATA uninstall-libLTLIBRARIES \
uninstall-shareDATA
.PHONY: CTAGS GTAGS TAGS all all-am am--refresh check check-am clean \
clean-cscope clean-generic clean-libLTLIBRARIES clean-libtool \
cscope cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \
dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \
distcheck distclean distclean-compile distclean-generic \
distclean-hdr distclean-libtool distclean-tags distcleancheck \
distdir distuninstallcheck dvi dvi-am html html-am info \
info-am install install-am install-corr_rulesDATA install-data \
install-data-am install-data-hook install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-libLTLIBRARIES \
install-man install-pdf install-pdf-am install-ps \
install-ps-am install-shareDATA install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-corr_rulesDATA \
uninstall-libLTLIBRARIES uninstall-shareDATA
.PRECIOUS: Makefile
doc:

589
aclocal.m4 vendored

File diff suppressed because it is too large Load diff

7
alert_parser.c Normal file → Executable file
View file

@ -137,7 +137,7 @@ AI_file_alertparser_thread ( void* arg )
AI_geoip_cache *found = NULL;
AI_snort_alert *alert = NULL;
AI_snort_alert *tmp = NULL;
BOOL in_alert = false;
bool in_alert = false;
pthread_t alerts_pool_thread;
@ -450,8 +450,8 @@ AI_file_alertparser_thread ( void* arg )
} else if ( preg_match ( "^([\\*CEUAPRSF]{8})\\s+Seq:\\s*0x([0-9A-F]+)\\s+Ack:\\s*0x([0-9A-F]+)\\s+Win:\\s*0x([0-9A-F]+)\\s+TcpLen:\\s*([0-9]+)",
line, &matches, &nmatches ) > 0 ) {
alert->tcp_flags = 0;
alert->tcp_flags |= ( strstr ( matches[0], "C" ) ) ? TCPHEADER_RES1 : 0;
alert->tcp_flags |= ( strstr ( matches[0], "E" ) ) ? TCPHEADER_RES2 : 0;
alert->tcp_flags |= ( strstr ( matches[0], "C" ) ) ? TCPHEADER_CWR : 0;
alert->tcp_flags |= ( strstr ( matches[0], "E" ) ) ? TCPHEADER_ECE : 0;
alert->tcp_flags |= ( strstr ( matches[0], "U" ) ) ? TCPHEADER_URG : 0;
alert->tcp_flags |= ( strstr ( matches[0], "A" ) ) ? TCPHEADER_ACK : 0;
alert->tcp_flags |= ( strstr ( matches[0], "P" ) ) ? TCPHEADER_PUSH : 0;
@ -584,4 +584,3 @@ AI_free_alerts ( AI_snort_alert *node )
} /* ----- end of function AI_free_alerts ----- */
/** @} */

16757
autom4te.cache/output.0 Normal file

File diff suppressed because it is too large Load diff

16757
autom4te.cache/output.1 Normal file

File diff suppressed because it is too large Load diff

300
autom4te.cache/requests Normal file
View file

@ -0,0 +1,300 @@
# This file was generated by Autom4te Fri Oct 23 20:57:39 UTC 2015.
# It contains the lists of macros which have been traced.
# It can be safely removed.
@request = (
bless( [
'0',
1,
[
'/usr/share/autoconf'
],
[
'/usr/share/autoconf/autoconf/autoconf.m4f',
'-',
'/usr/share/aclocal-1.15/internal/ac-config-macro-dirs.m4',
'/usr/share/aclocal/ltargz.m4',
'/usr/share/aclocal/ltdl.m4',
'/usr/share/aclocal-1.15/amversion.m4',
'/usr/share/aclocal-1.15/auxdir.m4',
'/usr/share/aclocal-1.15/cond.m4',
'/usr/share/aclocal-1.15/depend.m4',
'/usr/share/aclocal-1.15/depout.m4',
'/usr/share/aclocal-1.15/init.m4',
'/usr/share/aclocal-1.15/install-sh.m4',
'/usr/share/aclocal-1.15/lead-dot.m4',
'/usr/share/aclocal-1.15/make.m4',
'/usr/share/aclocal-1.15/missing.m4',
'/usr/share/aclocal-1.15/options.m4',
'/usr/share/aclocal-1.15/prog-cc-c-o.m4',
'/usr/share/aclocal-1.15/runlog.m4',
'/usr/share/aclocal-1.15/sanity.m4',
'/usr/share/aclocal-1.15/silent.m4',
'/usr/share/aclocal-1.15/strip.m4',
'/usr/share/aclocal-1.15/substnot.m4',
'/usr/share/aclocal-1.15/tar.m4',
'm4/libtool.m4',
'm4/ltoptions.m4',
'm4/ltsugar.m4',
'm4/ltversion.m4',
'm4/lt~obsolete.m4',
'configure.ac'
],
{
'AM_PROG_LIBTOOL' => 1,
'AC_CONFIG_MACRO_DIR_TRACE' => 1,
'_LT_CC_BASENAME' => 1,
'_LT_AC_LANG_C_CONFIG' => 1,
'AC_PROG_EGREP' => 1,
'AC_LIBTOOL_SYS_HARD_LINK_LOCKS' => 1,
'LT_PATH_LD' => 1,
'm4_pattern_forbid' => 1,
'_LT_AC_SHELL_INIT' => 1,
'AC_LIBTOOL_F77' => 1,
'AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH' => 1,
'AC_LIBTOOL_SYS_OLD_ARCHIVE' => 1,
'LT_LIB_DLLOAD' => 1,
'_AM_CONFIG_MACRO_DIRS' => 1,
'AC_LIBTOOL_LINKER_OPTION' => 1,
'AC_LIBTOOL_CONFIG' => 1,
'_LT_AC_LANG_GCJ_CONFIG' => 1,
'_AM_AUTOCONF_VERSION' => 1,
'AC_PROG_LD_RELOAD_FLAG' => 1,
'LT_PROG_GCJ' => 1,
'LT_SYS_DLOPEN_DEPLIBS' => 1,
'_AM_DEPENDENCIES' => 1,
'AM_ENABLE_SHARED' => 1,
'_LT_AC_PROG_ECHO_BACKSLASH' => 1,
'AC_CHECK_LIBM' => 1,
'AM_SET_DEPDIR' => 1,
'AM_SILENT_RULES' => 1,
'_LT_LIBOBJ' => 1,
'_LT_AC_LOCK' => 1,
'_LT_PROG_CXX' => 1,
'_AM_PROG_CC_C_O' => 1,
'LTDL_INSTALLABLE' => 1,
'AC_LIBTOOL_PICMODE' => 1,
'AM_PROG_NM' => 1,
'AC_PROG_LD_GNU' => 1,
'LT_FUNC_ARGZ' => 1,
'include' => 1,
'AC_PROG_LD' => 1,
'AM_DEP_TRACK' => 1,
'AC_LIBTOOL_OBJDIR' => 1,
'_LT_PROG_F77' => 1,
'AC_ENABLE_SHARED' => 1,
'LT_SUPPORTED_TAG' => 1,
'AC_LIBTOOL_LANG_RC_CONFIG' => 1,
'_LT_AC_LANG_CXX' => 1,
'AM_PROG_CC_C_O' => 1,
'_LT_AC_LANG_GCJ' => 1,
'_AM_MANGLE_OPTION' => 1,
'_LT_PROG_FC' => 1,
'LT_SYS_MODULE_PATH' => 1,
'AM_DISABLE_SHARED' => 1,
'LT_SYS_SYMBOL_USCORE' => 1,
'AC_LIB_LTDL' => 1,
'_LT_AC_LANG_F77_CONFIG' => 1,
'AC_LIBTOOL_SYS_MAX_CMD_LEN' => 1,
'AC_LIBTOOL_DLOPEN' => 1,
'AC_DISABLE_SHARED' => 1,
'LT_CMD_MAX_LEN' => 1,
'AC_LIBTOOL_CXX' => 1,
'AC_LIBTOOL_SETUP' => 1,
'_LT_REQUIRED_DARWIN_CHECKS' => 1,
'AC_DEFUN_ONCE' => 1,
'LT_AC_PROG_EGREP' => 1,
'_LT_PROG_ECHO_BACKSLASH' => 1,
'AC_PATH_MAGIC' => 1,
'LT_LANG' => 1,
'_AM_SUBST_NOTMAKE' => 1,
'_AM_IF_OPTION' => 1,
'AC_LIBLTDL_INSTALLABLE' => 1,
'AC_LIBTOOL_LANG_GCJ_CONFIG' => 1,
'AM_PROG_INSTALL_SH' => 1,
'LT_LIB_M' => 1,
'AC_LIBTOOL_FC' => 1,
'_LT_WITH_SYSROOT' => 1,
'AM_ENABLE_STATIC' => 1,
'AM_SANITY_CHECK' => 1,
'_LT_AC_TAGVAR' => 1,
'AC_LTDL_SYSSEARCHPATH' => 1,
'AM_PROG_LD' => 1,
'_AM_SET_OPTION' => 1,
'_AM_PROG_TAR' => 1,
'AC_PROG_NM' => 1,
'LT_FUNC_DLSYM_USCORE' => 1,
'LT_AC_PROG_GCJ' => 1,
'_LT_DLL_DEF_P' => 1,
'_LT_AC_LANG_RC_CONFIG' => 1,
'AC_ENABLE_STATIC' => 1,
'AU_DEFUN' => 1,
'AC_LIBTOOL_COMPILER_OPTION' => 1,
'LTOPTIONS_VERSION' => 1,
'AC_LTDL_ENABLE_INSTALL' => 1,
'LT_SYS_DLSEARCH_PATH' => 1,
'AC_LIBTOOL_LANG_CXX_CONFIG' => 1,
'AC_LTDL_SHLIBEXT' => 1,
'AM_SUBST_NOTMAKE' => 1,
'LT_OUTPUT' => 1,
'LTDL_INIT' => 1,
'AC_LTDL_DLLIB' => 1,
'AM_SET_LEADING_DOT' => 1,
'AM_AUTOMAKE_VERSION' => 1,
'LT_SYS_MODULE_EXT' => 1,
'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
'LT_CONFIG_LTDL_DIR' => 1,
'AM_CONDITIONAL' => 1,
'AC_DEPLIBS_CHECK_METHOD' => 1,
'_LT_AC_TRY_DLOPEN_SELF' => 1,
'AC_CONFIG_MACRO_DIR' => 1,
'AC_LIBTOOL_WIN32_DLL' => 1,
'LTOBSOLETE_VERSION' => 1,
'AC_LTDL_PREOPEN' => 1,
'_LT_AC_LANG_CXX_CONFIG' => 1,
'_LT_AC_TAGCONFIG' => 1,
'_LT_LINKER_OPTION' => 1,
'AC_LIBTOOL_DLOPEN_SELF' => 1,
'AC_LIBTOOL_SYS_DYNAMIC_LINKER' => 1,
'AC_LTDL_SYS_DLOPEN_DEPLIBS' => 1,
'AC_PROG_LIBTOOL' => 1,
'_LT_COMPILER_BOILERPLATE' => 1,
'AC_WITH_LTDL' => 1,
'_LT_AC_PROG_CXXCPP' => 1,
'LT_AC_PROG_RC' => 1,
'AM_MAKE_INCLUDE' => 1,
'_LT_PROG_LTMAIN' => 1,
'LT_PROG_RC' => 1,
'_LT_PATH_TOOL_PREFIX' => 1,
'_LT_PREPARE_SED_QUOTE_VARS' => 1,
'AM_RUN_LOG' => 1,
'AC_LIBTOOL_PROG_COMPILER_PIC' => 1,
'AC_LIBTOOL_SYS_LIB_STRIP' => 1,
'AC_LTDL_SHLIBPATH' => 1,
'_LT_AC_SYS_LIBPATH_AIX' => 1,
'_AC_AM_CONFIG_HEADER_HOOK' => 1,
'm4_pattern_allow' => 1,
'LT_SYS_DLOPEN_SELF' => 1,
'LT_PATH_NM' => 1,
'AC_LTDL_DLSYM_USCORE' => 1,
'_LT_AC_CHECK_DLFCN' => 1,
'LT_AC_PROG_SED' => 1,
'AC_LIBTOOL_LANG_C_CONFIG' => 1,
'_m4_warn' => 1,
'_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
'AC_LIBTOOL_POSTDEP_PREDEP' => 1,
'LT_INIT' => 1,
'AM_MISSING_HAS_RUN' => 1,
'AC_DEFUN' => 1,
'LTDL_CONVENIENCE' => 1,
'AC_LIBTOOL_PROG_CC_C_O' => 1,
'AC_LIBLTDL_CONVENIENCE' => 1,
'AC_PATH_TOOL_PREFIX' => 1,
'AM_AUX_DIR_EXPAND' => 1,
'AC_LTDL_OBJDIR' => 1,
'_AM_SET_OPTIONS' => 1,
'm4_include' => 1,
'AM_PROG_INSTALL_STRIP' => 1,
'_LT_AC_SYS_COMPILER' => 1,
'AC_LIBTOOL_GCJ' => 1,
'AC_LIBTOOL_PROG_COMPILER_NO_RTTI' => 1,
'_LT_AC_FILE_LTDLL_C' => 1,
'AC_LIBTOOL_LANG_F77_CONFIG' => 1,
'_LT_COMPILER_OPTION' => 1,
'LT_PROG_GO' => 1,
'AC_ENABLE_FAST_INSTALL' => 1,
'_LT_AC_LANG_F77' => 1,
'LT_WITH_LTDL' => 1,
'AM_INIT_AUTOMAKE' => 1,
'AM_DISABLE_STATIC' => 1,
'AC_LTDL_SYMBOL_USCORE' => 1,
'AC_LIBTOOL_RC' => 1,
'_LTDL_SETUP' => 1,
'AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE' => 1,
'_AC_PROG_LIBTOOL' => 1,
'LTVERSION_VERSION' => 1,
'AC_DISABLE_FAST_INSTALL' => 1,
'LTSUGAR_VERSION' => 1,
'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1,
'AC_DISABLE_STATIC' => 1,
'_LT_LINKER_BOILERPLATE' => 1,
'AM_MISSING_PROG' => 1,
'AC_LIBTOOL_PROG_LD_SHLIBS' => 1
}
], 'Autom4te::Request' ),
bless( [
'1',
1,
[
'/usr/share/autoconf'
],
[
'/usr/share/autoconf/autoconf/autoconf.m4f',
'aclocal.m4',
'configure.ac'
],
{
'AM_PROG_MKDIR_P' => 1,
'_AM_SUBST_NOTMAKE' => 1,
'AC_CONFIG_AUX_DIR' => 1,
'm4_include' => 1,
'AC_CANONICAL_HOST' => 1,
'AC_CONFIG_SUBDIRS' => 1,
'm4_sinclude' => 1,
'AM_NLS' => 1,
'AC_INIT' => 1,
'AC_PROG_LIBTOOL' => 1,
'AC_CANONICAL_TARGET' => 1,
'AM_SILENT_RULES' => 1,
'AC_FC_SRCEXT' => 1,
'AC_LIBSOURCE' => 1,
'_AM_MAKEFILE_INCLUDE' => 1,
'AM_XGETTEXT_OPTION' => 1,
'AM_PROG_CXX_C_O' => 1,
'AM_INIT_AUTOMAKE' => 1,
'AC_REQUIRE_AUX_FILE' => 1,
'AC_SUBST_TRACE' => 1,
'AC_FC_PP_SRCEXT' => 1,
'_AM_COND_ENDIF' => 1,
'sinclude' => 1,
'_AM_COND_IF' => 1,
'include' => 1,
'AC_DEFINE_TRACE_LITERAL' => 1,
'm4_pattern_allow' => 1,
'AC_CONFIG_LINKS' => 1,
'LT_SUPPORTED_TAG' => 1,
'AC_CANONICAL_BUILD' => 1,
'AM_MAINTAINER_MODE' => 1,
'AM_ENABLE_MULTILIB' => 1,
'AM_PROG_AR' => 1,
'AM_MAKEFILE_INCLUDE' => 1,
'AC_CONFIG_FILES' => 1,
'AM_PROG_LIBTOOL' => 1,
'AM_PATH_GUILE' => 1,
'AC_CANONICAL_SYSTEM' => 1,
'AM_PROG_CC_C_O' => 1,
'AM_EXTRA_RECURSIVE_TARGETS' => 1,
'_AM_COND_ELSE' => 1,
'_m4_warn' => 1,
'AM_AUTOMAKE_VERSION' => 1,
'AM_PROG_F77_C_O' => 1,
'AC_FC_PP_DEFINE' => 1,
'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
'LT_INIT' => 1,
'LT_CONFIG_LTDL_DIR' => 1,
'm4_pattern_forbid' => 1,
'AC_SUBST' => 1,
'AM_CONDITIONAL' => 1,
'AM_GNU_GETTEXT' => 1,
'AC_CONFIG_HEADERS' => 1,
'AM_PROG_MOC' => 1,
'AC_CONFIG_LIBOBJ_DIR' => 1,
'AH_OUTPUT' => 1,
'AM_POT_TOOLS' => 1,
'AM_PROG_FC_C_O' => 1,
'_LT_AC_TAGCONFIG' => 1,
'AC_FC_FREEFORM' => 1
}
], 'Autom4te::Request' )
);

2816
autom4te.cache/traces.0 Normal file

File diff suppressed because it is too large Load diff

967
autom4te.cache/traces.1 Normal file
View file

@ -0,0 +1,967 @@
m4trace:aclocal.m4:1153: -1- m4_include([m4/libtool.m4])
m4trace:aclocal.m4:1154: -1- m4_include([m4/ltoptions.m4])
m4trace:aclocal.m4:1155: -1- m4_include([m4/ltsugar.m4])
m4trace:aclocal.m4:1156: -1- m4_include([m4/ltversion.m4])
m4trace:aclocal.m4:1157: -1- m4_include([m4/lt~obsolete.m4])
m4trace:configure.ac:5: -1- AC_INIT([Snort_AI_preproc], [0.1], [blacklight@autistici.org])
m4trace:configure.ac:5: -1- m4_pattern_forbid([^_?A[CHUM]_])
m4trace:configure.ac:5: -1- m4_pattern_forbid([_AC_])
m4trace:configure.ac:5: -1- m4_pattern_forbid([^LIBOBJS$], [do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS'])
m4trace:configure.ac:5: -1- m4_pattern_allow([^AS_FLAGS$])
m4trace:configure.ac:5: -1- m4_pattern_forbid([^_?m4_])
m4trace:configure.ac:5: -1- m4_pattern_forbid([^dnl$])
m4trace:configure.ac:5: -1- m4_pattern_forbid([^_?AS_])
m4trace:configure.ac:5: -1- AC_SUBST([SHELL])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([SHELL])
m4trace:configure.ac:5: -1- m4_pattern_allow([^SHELL$])
m4trace:configure.ac:5: -1- AC_SUBST([PATH_SEPARATOR])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PATH_SEPARATOR])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PATH_SEPARATOR$])
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_NAME], [m4_ifdef([AC_PACKAGE_NAME], ['AC_PACKAGE_NAME'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_NAME])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_NAME$])
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_TARNAME], [m4_ifdef([AC_PACKAGE_TARNAME], ['AC_PACKAGE_TARNAME'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_TARNAME])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_VERSION], [m4_ifdef([AC_PACKAGE_VERSION], ['AC_PACKAGE_VERSION'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_VERSION])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_VERSION$])
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_STRING], [m4_ifdef([AC_PACKAGE_STRING], ['AC_PACKAGE_STRING'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_STRING])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_STRING$])
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_BUGREPORT], [m4_ifdef([AC_PACKAGE_BUGREPORT], ['AC_PACKAGE_BUGREPORT'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_BUGREPORT])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_URL], [m4_ifdef([AC_PACKAGE_URL], ['AC_PACKAGE_URL'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_URL])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_URL$])
m4trace:configure.ac:5: -1- AC_SUBST([exec_prefix], [NONE])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([exec_prefix])
m4trace:configure.ac:5: -1- m4_pattern_allow([^exec_prefix$])
m4trace:configure.ac:5: -1- AC_SUBST([prefix], [NONE])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([prefix])
m4trace:configure.ac:5: -1- m4_pattern_allow([^prefix$])
m4trace:configure.ac:5: -1- AC_SUBST([program_transform_name], [s,x,x,])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([program_transform_name])
m4trace:configure.ac:5: -1- m4_pattern_allow([^program_transform_name$])
m4trace:configure.ac:5: -1- AC_SUBST([bindir], ['${exec_prefix}/bin'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([bindir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^bindir$])
m4trace:configure.ac:5: -1- AC_SUBST([sbindir], ['${exec_prefix}/sbin'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([sbindir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^sbindir$])
m4trace:configure.ac:5: -1- AC_SUBST([libexecdir], ['${exec_prefix}/libexec'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([libexecdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^libexecdir$])
m4trace:configure.ac:5: -1- AC_SUBST([datarootdir], ['${prefix}/share'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([datarootdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^datarootdir$])
m4trace:configure.ac:5: -1- AC_SUBST([datadir], ['${datarootdir}'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([datadir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^datadir$])
m4trace:configure.ac:5: -1- AC_SUBST([sysconfdir], ['${prefix}/etc'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([sysconfdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^sysconfdir$])
m4trace:configure.ac:5: -1- AC_SUBST([sharedstatedir], ['${prefix}/com'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([sharedstatedir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^sharedstatedir$])
m4trace:configure.ac:5: -1- AC_SUBST([localstatedir], ['${prefix}/var'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([localstatedir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^localstatedir$])
m4trace:configure.ac:5: -1- AC_SUBST([runstatedir], ['${localstatedir}/run'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([runstatedir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^runstatedir$])
m4trace:configure.ac:5: -1- AC_SUBST([includedir], ['${prefix}/include'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([includedir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^includedir$])
m4trace:configure.ac:5: -1- AC_SUBST([oldincludedir], ['/usr/include'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([oldincludedir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^oldincludedir$])
m4trace:configure.ac:5: -1- AC_SUBST([docdir], [m4_ifset([AC_PACKAGE_TARNAME],
['${datarootdir}/doc/${PACKAGE_TARNAME}'],
['${datarootdir}/doc/${PACKAGE}'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([docdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^docdir$])
m4trace:configure.ac:5: -1- AC_SUBST([infodir], ['${datarootdir}/info'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([infodir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^infodir$])
m4trace:configure.ac:5: -1- AC_SUBST([htmldir], ['${docdir}'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([htmldir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^htmldir$])
m4trace:configure.ac:5: -1- AC_SUBST([dvidir], ['${docdir}'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([dvidir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^dvidir$])
m4trace:configure.ac:5: -1- AC_SUBST([pdfdir], ['${docdir}'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([pdfdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^pdfdir$])
m4trace:configure.ac:5: -1- AC_SUBST([psdir], ['${docdir}'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([psdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^psdir$])
m4trace:configure.ac:5: -1- AC_SUBST([libdir], ['${exec_prefix}/lib'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([libdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^libdir$])
m4trace:configure.ac:5: -1- AC_SUBST([localedir], ['${datarootdir}/locale'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([localedir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^localedir$])
m4trace:configure.ac:5: -1- AC_SUBST([mandir], ['${datarootdir}/man'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([mandir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^mandir$])
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_NAME$])
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_NAME], [/* Define to the full name of this package. */
@%:@undef PACKAGE_NAME])
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Define to the one symbol short name of this package. */
@%:@undef PACKAGE_TARNAME])
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_VERSION$])
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Define to the version of this package. */
@%:@undef PACKAGE_VERSION])
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_STRING$])
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_STRING], [/* Define to the full name and version of this package. */
@%:@undef PACKAGE_STRING])
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Define to the address where bug reports for this package should be sent. */
@%:@undef PACKAGE_BUGREPORT])
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_URL])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_URL$])
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_URL], [/* Define to the home page for this package. */
@%:@undef PACKAGE_URL])
m4trace:configure.ac:5: -1- AC_SUBST([DEFS])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([DEFS])
m4trace:configure.ac:5: -1- m4_pattern_allow([^DEFS$])
m4trace:configure.ac:5: -1- AC_SUBST([ECHO_C])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([ECHO_C])
m4trace:configure.ac:5: -1- m4_pattern_allow([^ECHO_C$])
m4trace:configure.ac:5: -1- AC_SUBST([ECHO_N])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([ECHO_N])
m4trace:configure.ac:5: -1- m4_pattern_allow([^ECHO_N$])
m4trace:configure.ac:5: -1- AC_SUBST([ECHO_T])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([ECHO_T])
m4trace:configure.ac:5: -1- m4_pattern_allow([^ECHO_T$])
m4trace:configure.ac:5: -1- AC_SUBST([LIBS])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([LIBS])
m4trace:configure.ac:5: -1- m4_pattern_allow([^LIBS$])
m4trace:configure.ac:5: -1- AC_SUBST([build_alias])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([build_alias])
m4trace:configure.ac:5: -1- m4_pattern_allow([^build_alias$])
m4trace:configure.ac:5: -1- AC_SUBST([host_alias])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([host_alias])
m4trace:configure.ac:5: -1- m4_pattern_allow([^host_alias$])
m4trace:configure.ac:5: -1- AC_SUBST([target_alias])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([target_alias])
m4trace:configure.ac:5: -1- m4_pattern_allow([^target_alias$])
m4trace:configure.ac:6: -1- AM_INIT_AUTOMAKE([1.10 -Wall no-define])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AM_[A-Z]+FLAGS$])
m4trace:configure.ac:6: -1- AM_AUTOMAKE_VERSION([1.15])
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([install-sh])
m4trace:configure.ac:6: -1- AC_SUBST([INSTALL_PROGRAM])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([INSTALL_PROGRAM])
m4trace:configure.ac:6: -1- m4_pattern_allow([^INSTALL_PROGRAM$])
m4trace:configure.ac:6: -1- AC_SUBST([INSTALL_SCRIPT])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([INSTALL_SCRIPT])
m4trace:configure.ac:6: -1- m4_pattern_allow([^INSTALL_SCRIPT$])
m4trace:configure.ac:6: -1- AC_SUBST([INSTALL_DATA])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([INSTALL_DATA])
m4trace:configure.ac:6: -1- m4_pattern_allow([^INSTALL_DATA$])
m4trace:configure.ac:6: -1- AC_SUBST([am__isrc], [' -I$(srcdir)'])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([am__isrc])
m4trace:configure.ac:6: -1- m4_pattern_allow([^am__isrc$])
m4trace:configure.ac:6: -1- _AM_SUBST_NOTMAKE([am__isrc])
m4trace:configure.ac:6: -1- AC_SUBST([CYGPATH_W])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CYGPATH_W])
m4trace:configure.ac:6: -1- m4_pattern_allow([^CYGPATH_W$])
m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE])
m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE$])
m4trace:configure.ac:6: -1- AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([VERSION])
m4trace:configure.ac:6: -1- m4_pattern_allow([^VERSION$])
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([missing])
m4trace:configure.ac:6: -1- AC_SUBST([ACLOCAL])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ACLOCAL])
m4trace:configure.ac:6: -1- m4_pattern_allow([^ACLOCAL$])
m4trace:configure.ac:6: -1- AC_SUBST([AUTOCONF])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AUTOCONF])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AUTOCONF$])
m4trace:configure.ac:6: -1- AC_SUBST([AUTOMAKE])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AUTOMAKE])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AUTOMAKE$])
m4trace:configure.ac:6: -1- AC_SUBST([AUTOHEADER])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AUTOHEADER])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AUTOHEADER$])
m4trace:configure.ac:6: -1- AC_SUBST([MAKEINFO])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([MAKEINFO])
m4trace:configure.ac:6: -1- m4_pattern_allow([^MAKEINFO$])
m4trace:configure.ac:6: -1- AC_SUBST([install_sh])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([install_sh])
m4trace:configure.ac:6: -1- m4_pattern_allow([^install_sh$])
m4trace:configure.ac:6: -1- AC_SUBST([STRIP])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([STRIP])
m4trace:configure.ac:6: -1- m4_pattern_allow([^STRIP$])
m4trace:configure.ac:6: -1- AC_SUBST([INSTALL_STRIP_PROGRAM])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([INSTALL_STRIP_PROGRAM])
m4trace:configure.ac:6: -1- m4_pattern_allow([^INSTALL_STRIP_PROGRAM$])
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([install-sh])
m4trace:configure.ac:6: -1- AC_SUBST([MKDIR_P])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([MKDIR_P])
m4trace:configure.ac:6: -1- m4_pattern_allow([^MKDIR_P$])
m4trace:configure.ac:6: -1- AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([mkdir_p])
m4trace:configure.ac:6: -1- m4_pattern_allow([^mkdir_p$])
m4trace:configure.ac:6: -1- AC_SUBST([AWK])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AWK])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AWK$])
m4trace:configure.ac:6: -1- AC_SUBST([SET_MAKE])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([SET_MAKE])
m4trace:configure.ac:6: -1- m4_pattern_allow([^SET_MAKE$])
m4trace:configure.ac:6: -1- AC_SUBST([am__leading_dot])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([am__leading_dot])
m4trace:configure.ac:6: -1- m4_pattern_allow([^am__leading_dot$])
m4trace:configure.ac:6: -1- AC_SUBST([AMTAR], ['$${TAR-tar}'])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AMTAR])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AMTAR$])
m4trace:configure.ac:6: -1- AC_SUBST([am__tar])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([am__tar])
m4trace:configure.ac:6: -1- m4_pattern_allow([^am__tar$])
m4trace:configure.ac:6: -1- AC_SUBST([am__untar])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([am__untar])
m4trace:configure.ac:6: -1- m4_pattern_allow([^am__untar$])
m4trace:configure.ac:6: -1- AM_SILENT_RULES
m4trace:configure.ac:6: -1- AC_SUBST([AM_V])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AM_V])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AM_V$])
m4trace:configure.ac:6: -1- _AM_SUBST_NOTMAKE([AM_V])
m4trace:configure.ac:6: -1- AC_SUBST([AM_DEFAULT_V])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AM_DEFAULT_V])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AM_DEFAULT_V$])
m4trace:configure.ac:6: -1- _AM_SUBST_NOTMAKE([AM_DEFAULT_V])
m4trace:configure.ac:6: -1- AC_SUBST([AM_DEFAULT_VERBOSITY])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AM_DEFAULT_VERBOSITY])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AM_DEFAULT_VERBOSITY$])
m4trace:configure.ac:6: -1- AC_SUBST([AM_BACKSLASH])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AM_BACKSLASH])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AM_BACKSLASH$])
m4trace:configure.ac:6: -1- _AM_SUBST_NOTMAKE([AM_BACKSLASH])
m4trace:configure.ac:8: -1- AC_CONFIG_HEADERS([config.h])
m4trace:configure.ac:10: -1- LT_INIT
m4trace:configure.ac:10: -1- m4_pattern_forbid([^_?LT_[A-Z_]+$])
m4trace:configure.ac:10: -1- m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])
m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])
m4trace:configure.ac:10: -1- AC_SUBST([LIBTOOL])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LIBTOOL])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LIBTOOL$])
m4trace:configure.ac:10: -1- AC_CANONICAL_HOST
m4trace:configure.ac:10: -1- AC_CANONICAL_BUILD
m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([config.sub])
m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([config.guess])
m4trace:configure.ac:10: -1- AC_SUBST([build], [$ac_cv_build])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([build])
m4trace:configure.ac:10: -1- m4_pattern_allow([^build$])
m4trace:configure.ac:10: -1- AC_SUBST([build_cpu], [$[1]])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([build_cpu])
m4trace:configure.ac:10: -1- m4_pattern_allow([^build_cpu$])
m4trace:configure.ac:10: -1- AC_SUBST([build_vendor], [$[2]])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([build_vendor])
m4trace:configure.ac:10: -1- m4_pattern_allow([^build_vendor$])
m4trace:configure.ac:10: -1- AC_SUBST([build_os])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([build_os])
m4trace:configure.ac:10: -1- m4_pattern_allow([^build_os$])
m4trace:configure.ac:10: -1- AC_SUBST([host], [$ac_cv_host])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([host])
m4trace:configure.ac:10: -1- m4_pattern_allow([^host$])
m4trace:configure.ac:10: -1- AC_SUBST([host_cpu], [$[1]])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([host_cpu])
m4trace:configure.ac:10: -1- m4_pattern_allow([^host_cpu$])
m4trace:configure.ac:10: -1- AC_SUBST([host_vendor], [$[2]])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([host_vendor])
m4trace:configure.ac:10: -1- m4_pattern_allow([^host_vendor$])
m4trace:configure.ac:10: -1- AC_SUBST([host_os])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([host_os])
m4trace:configure.ac:10: -1- m4_pattern_allow([^host_os$])
m4trace:configure.ac:10: -1- AC_SUBST([CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- AC_SUBST([CFLAGS])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CFLAGS])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CFLAGS$])
m4trace:configure.ac:10: -1- AC_SUBST([LDFLAGS])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LDFLAGS])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LDFLAGS$])
m4trace:configure.ac:10: -1- AC_SUBST([LIBS])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LIBS])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LIBS$])
m4trace:configure.ac:10: -1- AC_SUBST([CPPFLAGS])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPPFLAGS])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CPPFLAGS$])
m4trace:configure.ac:10: -1- AC_SUBST([CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- AC_SUBST([CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- AC_SUBST([CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- AC_SUBST([CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- AC_SUBST([ac_ct_CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([ac_ct_CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_CC$])
m4trace:configure.ac:10: -1- AC_SUBST([EXEEXT], [$ac_cv_exeext])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([EXEEXT])
m4trace:configure.ac:10: -1- m4_pattern_allow([^EXEEXT$])
m4trace:configure.ac:10: -1- AC_SUBST([OBJEXT], [$ac_cv_objext])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OBJEXT])
m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJEXT$])
m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([compile])
m4trace:configure.ac:10: -1- AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DEPDIR])
m4trace:configure.ac:10: -1- m4_pattern_allow([^DEPDIR$])
m4trace:configure.ac:10: -1- AC_SUBST([am__include])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__include])
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__include$])
m4trace:configure.ac:10: -1- AC_SUBST([am__quote])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__quote])
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__quote$])
m4trace:configure.ac:10: -1- AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_TRUE])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_TRUE])
m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_TRUE$])
m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_FALSE])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_FALSE])
m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_FALSE$])
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_TRUE])
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_FALSE])
m4trace:configure.ac:10: -1- AC_SUBST([AMDEPBACKSLASH])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEPBACKSLASH])
m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEPBACKSLASH$])
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])
m4trace:configure.ac:10: -1- AC_SUBST([am__nodep])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__nodep])
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__nodep$])
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__nodep])
m4trace:configure.ac:10: -1- AC_SUBST([CCDEPMODE], [depmode=$am_cv_CC_dependencies_compiler_type])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CCDEPMODE])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CCDEPMODE$])
m4trace:configure.ac:10: -1- AM_CONDITIONAL([am__fastdepCC], [
test "x$enable_dependency_tracking" != xno \
&& test "$am_cv_CC_dependencies_compiler_type" = gcc3])
m4trace:configure.ac:10: -1- AC_SUBST([am__fastdepCC_TRUE])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__fastdepCC_TRUE])
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
m4trace:configure.ac:10: -1- AC_SUBST([am__fastdepCC_FALSE])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__fastdepCC_FALSE])
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
m4trace:configure.ac:10: -1- AC_SUBST([SED])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([SED])
m4trace:configure.ac:10: -1- m4_pattern_allow([^SED$])
m4trace:configure.ac:10: -1- AC_SUBST([GREP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([GREP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^GREP$])
m4trace:configure.ac:10: -1- AC_SUBST([EGREP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([EGREP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^EGREP$])
m4trace:configure.ac:10: -1- AC_SUBST([FGREP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([FGREP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^FGREP$])
m4trace:configure.ac:10: -1- AC_SUBST([GREP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([GREP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^GREP$])
m4trace:configure.ac:10: -1- AC_SUBST([LD])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LD])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LD$])
m4trace:configure.ac:10: -1- AC_SUBST([DUMPBIN])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DUMPBIN])
m4trace:configure.ac:10: -1- m4_pattern_allow([^DUMPBIN$])
m4trace:configure.ac:10: -1- AC_SUBST([ac_ct_DUMPBIN])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([ac_ct_DUMPBIN])
m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_DUMPBIN$])
m4trace:configure.ac:10: -1- AC_SUBST([DUMPBIN])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DUMPBIN])
m4trace:configure.ac:10: -1- m4_pattern_allow([^DUMPBIN$])
m4trace:configure.ac:10: -1- AC_SUBST([NM])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([NM])
m4trace:configure.ac:10: -1- m4_pattern_allow([^NM$])
m4trace:configure.ac:10: -1- AC_SUBST([LN_S], [$as_ln_s])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LN_S])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LN_S$])
m4trace:configure.ac:10: -1- AC_SUBST([OBJDUMP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OBJDUMP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJDUMP$])
m4trace:configure.ac:10: -1- AC_SUBST([OBJDUMP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OBJDUMP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJDUMP$])
m4trace:configure.ac:10: -1- AC_SUBST([DLLTOOL])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DLLTOOL])
m4trace:configure.ac:10: -1- m4_pattern_allow([^DLLTOOL$])
m4trace:configure.ac:10: -1- AC_SUBST([DLLTOOL])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DLLTOOL])
m4trace:configure.ac:10: -1- m4_pattern_allow([^DLLTOOL$])
m4trace:configure.ac:10: -1- AC_SUBST([AR])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AR])
m4trace:configure.ac:10: -1- m4_pattern_allow([^AR$])
m4trace:configure.ac:10: -1- AC_SUBST([ac_ct_AR])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([ac_ct_AR])
m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_AR$])
m4trace:configure.ac:10: -1- AC_SUBST([STRIP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([STRIP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^STRIP$])
m4trace:configure.ac:10: -1- AC_SUBST([RANLIB])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([RANLIB])
m4trace:configure.ac:10: -1- m4_pattern_allow([^RANLIB$])
m4trace:configure.ac:10: -1- m4_pattern_allow([LT_OBJDIR])
m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([LT_OBJDIR])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LT_OBJDIR$])
m4trace:configure.ac:10: -1- AH_OUTPUT([LT_OBJDIR], [/* Define to the sub-directory where libtool stores uninstalled libraries. */
@%:@undef LT_OBJDIR])
m4trace:configure.ac:10: -1- LT_SUPPORTED_TAG([CC])
m4trace:configure.ac:10: -1- AC_SUBST([MANIFEST_TOOL])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([MANIFEST_TOOL])
m4trace:configure.ac:10: -1- m4_pattern_allow([^MANIFEST_TOOL$])
m4trace:configure.ac:10: -1- AC_SUBST([DSYMUTIL])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DSYMUTIL])
m4trace:configure.ac:10: -1- m4_pattern_allow([^DSYMUTIL$])
m4trace:configure.ac:10: -1- AC_SUBST([NMEDIT])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([NMEDIT])
m4trace:configure.ac:10: -1- m4_pattern_allow([^NMEDIT$])
m4trace:configure.ac:10: -1- AC_SUBST([LIPO])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LIPO])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LIPO$])
m4trace:configure.ac:10: -1- AC_SUBST([OTOOL])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OTOOL])
m4trace:configure.ac:10: -1- m4_pattern_allow([^OTOOL$])
m4trace:configure.ac:10: -1- AC_SUBST([OTOOL64])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OTOOL64])
m4trace:configure.ac:10: -1- m4_pattern_allow([^OTOOL64$])
m4trace:configure.ac:10: -1- AC_SUBST([LT_SYS_LIBRARY_PATH])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LT_SYS_LIBRARY_PATH])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LT_SYS_LIBRARY_PATH$])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_DLFCN_H], [/* Define to 1 if you have the <dlfcn.h> header file. */
@%:@undef HAVE_DLFCN_H])
m4trace:configure.ac:10: -1- AC_SUBST([CPP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CPP$])
m4trace:configure.ac:10: -1- AC_SUBST([CPPFLAGS])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPPFLAGS])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CPPFLAGS$])
m4trace:configure.ac:10: -1- AC_SUBST([CPP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CPP$])
m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
m4trace:configure.ac:10: -1- m4_pattern_allow([^STDC_HEADERS$])
m4trace:configure.ac:10: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
@%:@undef STDC_HEADERS])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
@%:@undef HAVE_SYS_TYPES_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
@%:@undef HAVE_SYS_STAT_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
@%:@undef HAVE_STDLIB_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
@%:@undef HAVE_STRING_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */
@%:@undef HAVE_MEMORY_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
@%:@undef HAVE_STRINGS_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
@%:@undef HAVE_INTTYPES_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
@%:@undef HAVE_STDINT_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
@%:@undef HAVE_UNISTD_H])
m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DLFCN_H])
m4trace:configure.ac:10: -1- m4_pattern_allow([^HAVE_DLFCN_H$])
m4trace:configure.ac:17: -1- AC_DEFINE_TRACE_LITERAL([OPENBSD])
m4trace:configure.ac:17: -1- m4_pattern_allow([^OPENBSD$])
m4trace:configure.ac:17: -1- AH_OUTPUT([OPENBSD], [/* Define if OpenBSD */
@%:@undef OPENBSD])
m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SIOCGIFMTU])
m4trace:configure.ac:18: -1- m4_pattern_allow([^BROKEN_SIOCGIFMTU$])
m4trace:configure.ac:18: -1- AH_OUTPUT([BROKEN_SIOCGIFMTU], [/* Define if BROKEN_SIOCGIFMTU */
@%:@undef BROKEN_SIOCGIFMTU])
m4trace:configure.ac:22: -1- AC_DEFINE_TRACE_LITERAL([OPENBSD])
m4trace:configure.ac:22: -1- m4_pattern_allow([^OPENBSD$])
m4trace:configure.ac:22: -1- AH_OUTPUT([OPENBSD], [/* Define if OpenBSD < 2.3 */
@%:@undef OPENBSD])
m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([IRIX])
m4trace:configure.ac:26: -1- m4_pattern_allow([^IRIX$])
m4trace:configure.ac:26: -1- AH_OUTPUT([IRIX], [/* Define if Irix 5 */
@%:@undef IRIX])
m4trace:configure.ac:36: -1- AC_DEFINE_TRACE_LITERAL([IRIX])
m4trace:configure.ac:36: -1- m4_pattern_allow([^IRIX$])
m4trace:configure.ac:36: -1- AH_OUTPUT([IRIX], [/* Define if Irix 6 */
@%:@undef IRIX])
m4trace:configure.ac:46: -1- AC_DEFINE_TRACE_LITERAL([SOLARIS])
m4trace:configure.ac:46: -1- m4_pattern_allow([^SOLARIS$])
m4trace:configure.ac:46: -1- AH_OUTPUT([SOLARIS], [/* Define if Solaris */
@%:@undef SOLARIS])
m4trace:configure.ac:51: -1- AC_DEFINE_TRACE_LITERAL([SUNOS])
m4trace:configure.ac:51: -1- m4_pattern_allow([^SUNOS$])
m4trace:configure.ac:51: -1- AH_OUTPUT([SUNOS], [/* Define if SunOS */
@%:@undef SUNOS])
m4trace:configure.ac:56: -1- AC_DEFINE_TRACE_LITERAL([LINUX])
m4trace:configure.ac:56: -1- m4_pattern_allow([^LINUX$])
m4trace:configure.ac:56: -1- AH_OUTPUT([LINUX], [/* Define if Linux */
@%:@undef LINUX])
m4trace:configure.ac:58: -1- AC_DEFINE_TRACE_LITERAL([PCAP_TIMEOUT_IGNORED])
m4trace:configure.ac:58: -1- m4_pattern_allow([^PCAP_TIMEOUT_IGNORED$])
m4trace:configure.ac:58: -1- AH_OUTPUT([PCAP_TIMEOUT_IGNORED], [/* Define if pcap timeout is ignored */
@%:@undef PCAP_TIMEOUT_IGNORED])
m4trace:configure.ac:59: -1- AC_SUBST([extra_incl])
m4trace:configure.ac:59: -1- AC_SUBST_TRACE([extra_incl])
m4trace:configure.ac:59: -1- m4_pattern_allow([^extra_incl$])
m4trace:configure.ac:63: -1- AC_DEFINE_TRACE_LITERAL([HPUX])
m4trace:configure.ac:63: -1- m4_pattern_allow([^HPUX$])
m4trace:configure.ac:63: -1- AH_OUTPUT([HPUX], [/* Define if HP-UX 10 or 11 */
@%:@undef HPUX])
m4trace:configure.ac:64: -1- AC_DEFINE_TRACE_LITERAL([WORDS_BIGENDIAN])
m4trace:configure.ac:64: -1- m4_pattern_allow([^WORDS_BIGENDIAN$])
m4trace:configure.ac:64: -1- AH_OUTPUT([WORDS_BIGENDIAN], [/* Define if words are big endian */
@%:@undef WORDS_BIGENDIAN])
m4trace:configure.ac:65: -1- AC_SUBST([extra_incl])
m4trace:configure.ac:65: -1- AC_SUBST_TRACE([extra_incl])
m4trace:configure.ac:65: -1- m4_pattern_allow([^extra_incl$])
m4trace:configure.ac:70: -1- AC_DEFINE_TRACE_LITERAL([FREEBSD])
m4trace:configure.ac:70: -1- m4_pattern_allow([^FREEBSD$])
m4trace:configure.ac:70: -1- AH_OUTPUT([FREEBSD], [/* Define if FreeBSD */
@%:@undef FREEBSD])
m4trace:configure.ac:74: -1- AC_DEFINE_TRACE_LITERAL([BSDI])
m4trace:configure.ac:74: -1- m4_pattern_allow([^BSDI$])
m4trace:configure.ac:74: -1- AH_OUTPUT([BSDI], [/* Define if BSDi */
@%:@undef BSDI])
m4trace:configure.ac:77: -1- AC_DEFINE_TRACE_LITERAL([AIX])
m4trace:configure.ac:77: -1- m4_pattern_allow([^AIX$])
m4trace:configure.ac:77: -1- AH_OUTPUT([AIX], [/* Define if AIX */
@%:@undef AIX])
m4trace:configure.ac:80: -1- AC_DEFINE_TRACE_LITERAL([OSF1])
m4trace:configure.ac:80: -1- m4_pattern_allow([^OSF1$])
m4trace:configure.ac:80: -1- AH_OUTPUT([OSF1], [/* Define if OSF-4 */
@%:@undef OSF1])
m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([OSF1])
m4trace:configure.ac:83: -1- m4_pattern_allow([^OSF1$])
m4trace:configure.ac:83: -1- AH_OUTPUT([OSF1], [/* Define if OSF-5.1 */
@%:@undef OSF1])
m4trace:configure.ac:86: -1- AC_DEFINE_TRACE_LITERAL([OSF1])
m4trace:configure.ac:86: -1- m4_pattern_allow([^OSF1$])
m4trace:configure.ac:86: -1- AH_OUTPUT([OSF1], [/* Define if Tru64 */
@%:@undef OSF1])
m4trace:configure.ac:90: -1- AC_DEFINE_TRACE_LITERAL([MACOS])
m4trace:configure.ac:90: -1- m4_pattern_allow([^MACOS$])
m4trace:configure.ac:90: -1- AH_OUTPUT([MACOS], [/* Define if MacOS */
@%:@undef MACOS])
m4trace:configure.ac:91: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SIOCGIFMTU])
m4trace:configure.ac:91: -1- m4_pattern_allow([^BROKEN_SIOCGIFMTU$])
m4trace:configure.ac:91: -1- AH_OUTPUT([BROKEN_SIOCGIFMTU], [/* Define if broken SIOCGIFMTU */
@%:@undef BROKEN_SIOCGIFMTU])
m4trace:configure.ac:97: -1- AC_SUBST([CC])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:97: -1- AC_SUBST([CFLAGS])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CFLAGS])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CFLAGS$])
m4trace:configure.ac:97: -1- AC_SUBST([LDFLAGS])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([LDFLAGS])
m4trace:configure.ac:97: -1- m4_pattern_allow([^LDFLAGS$])
m4trace:configure.ac:97: -1- AC_SUBST([LIBS])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([LIBS])
m4trace:configure.ac:97: -1- m4_pattern_allow([^LIBS$])
m4trace:configure.ac:97: -1- AC_SUBST([CPPFLAGS])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CPPFLAGS])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CPPFLAGS$])
m4trace:configure.ac:97: -1- AC_SUBST([CC])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:97: -1- AC_SUBST([CC])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:97: -1- AC_SUBST([CC])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:97: -1- AC_SUBST([CC])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:97: -1- AC_SUBST([ac_ct_CC])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([ac_ct_CC])
m4trace:configure.ac:97: -1- m4_pattern_allow([^ac_ct_CC$])
m4trace:configure.ac:97: -1- AC_REQUIRE_AUX_FILE([compile])
m4trace:configure.ac:97: -1- AC_SUBST([CCDEPMODE], [depmode=$am_cv_CC_dependencies_compiler_type])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([CCDEPMODE])
m4trace:configure.ac:97: -1- m4_pattern_allow([^CCDEPMODE$])
m4trace:configure.ac:97: -1- AM_CONDITIONAL([am__fastdepCC], [
test "x$enable_dependency_tracking" != xno \
&& test "$am_cv_CC_dependencies_compiler_type" = gcc3])
m4trace:configure.ac:97: -1- AC_SUBST([am__fastdepCC_TRUE])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([am__fastdepCC_TRUE])
m4trace:configure.ac:97: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
m4trace:configure.ac:97: -1- AC_SUBST([am__fastdepCC_FALSE])
m4trace:configure.ac:97: -1- AC_SUBST_TRACE([am__fastdepCC_FALSE])
m4trace:configure.ac:97: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
m4trace:configure.ac:97: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
m4trace:configure.ac:97: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
m4trace:configure.ac:98: -1- AC_SUBST([LN_S], [$as_ln_s])
m4trace:configure.ac:98: -1- AC_SUBST_TRACE([LN_S])
m4trace:configure.ac:98: -1- m4_pattern_allow([^LN_S$])
m4trace:configure.ac:99: -1- AC_SUBST([SET_MAKE])
m4trace:configure.ac:99: -1- AC_SUBST_TRACE([SET_MAKE])
m4trace:configure.ac:99: -1- m4_pattern_allow([^SET_MAKE$])
m4trace:configure.ac:127: -1- AH_OUTPUT([HAVE_LIBMYSQLCLIENT], [/* Define to 1 if you have the `mysqlclient\' library (-lmysqlclient). */
@%:@undef HAVE_LIBMYSQLCLIENT])
m4trace:configure.ac:127: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBMYSQLCLIENT])
m4trace:configure.ac:127: -1- m4_pattern_allow([^HAVE_LIBMYSQLCLIENT$])
m4trace:configure.ac:131: -1- AH_OUTPUT([HAVE_LIBPQ], [/* Define to 1 if you have the `pq\' library (-lpq). */
@%:@undef HAVE_LIBPQ])
m4trace:configure.ac:131: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPQ])
m4trace:configure.ac:131: -1- m4_pattern_allow([^HAVE_LIBPQ$])
m4trace:configure.ac:135: -1- AH_OUTPUT([HAVE_LIBPYTHON2_6], [/* Define to 1 if you have the `python2.6\' library (-lpython2.6). */
@%:@undef HAVE_LIBPYTHON2_6])
m4trace:configure.ac:135: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPYTHON2_6])
m4trace:configure.ac:135: -1- m4_pattern_allow([^HAVE_LIBPYTHON2_6$])
m4trace:configure.ac:142: -1- AH_OUTPUT([HAVE_LIBGVC], [/* Define to 1 if you have the `gvc\' library (-lgvc). */
@%:@undef HAVE_LIBGVC])
m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBGVC])
m4trace:configure.ac:142: -1- m4_pattern_allow([^HAVE_LIBGVC$])
m4trace:configure.ac:146: -1- AH_OUTPUT([HAVE_LIBXML2], [/* Define to 1 if you have the `xml2\' library (-lxml2). */
@%:@undef HAVE_LIBXML2])
m4trace:configure.ac:146: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXML2])
m4trace:configure.ac:146: -1- m4_pattern_allow([^HAVE_LIBXML2$])
m4trace:configure.ac:147: -1- AH_OUTPUT([HAVE_LIBPTHREAD], [/* Define to 1 if you have the `pthread\' library (-lpthread). */
@%:@undef HAVE_LIBPTHREAD])
m4trace:configure.ac:147: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPTHREAD])
m4trace:configure.ac:147: -1- m4_pattern_allow([^HAVE_LIBPTHREAD$])
m4trace:configure.ac:148: -1- AH_OUTPUT([HAVE_LIBM], [/* Define to 1 if you have the `m\' library (-lm). */
@%:@undef HAVE_LIBM])
m4trace:configure.ac:148: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBM])
m4trace:configure.ac:148: -1- m4_pattern_allow([^HAVE_LIBM$])
m4trace:configure.ac:149: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the `dl\' library (-ldl). */
@%:@undef HAVE_LIBDL])
m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL])
m4trace:configure.ac:149: -1- m4_pattern_allow([^HAVE_LIBDL$])
m4trace:configure.ac:151: -1- AC_SUBST([CORR_RULES_PREFIX], ["/etc/snort/corr_rules"])
m4trace:configure.ac:151: -1- AC_SUBST_TRACE([CORR_RULES_PREFIX])
m4trace:configure.ac:151: -1- m4_pattern_allow([^CORR_RULES_PREFIX$])
m4trace:configure.ac:151: -1- AC_SUBST([CORR_RULES_PREFIX], ["${prefix}/etc/corr_rules"])
m4trace:configure.ac:151: -1- AC_SUBST_TRACE([CORR_RULES_PREFIX])
m4trace:configure.ac:151: -1- m4_pattern_allow([^CORR_RULES_PREFIX$])
m4trace:configure.ac:157: -1- AC_SUBST([DOC_PREFIX], ["${prefix}/doc/snort_ai_preprocessor"])
m4trace:configure.ac:157: -1- AC_SUBST_TRACE([DOC_PREFIX])
m4trace:configure.ac:157: -1- m4_pattern_allow([^DOC_PREFIX$])
m4trace:configure.ac:158: -1- AC_SUBST([SHARE_PREFIX], ["${prefix}/share/snort_ai_preprocessor"])
m4trace:configure.ac:158: -1- AC_SUBST_TRACE([SHARE_PREFIX])
m4trace:configure.ac:158: -1- m4_pattern_allow([^SHARE_PREFIX$])
m4trace:configure.ac:162: -1- AC_SUBST([LIBXML2_INCLUDES], ["$(pkg-config --cflags libxml-2.0 2> /dev/null)"])
m4trace:configure.ac:162: -1- AC_SUBST_TRACE([LIBXML2_INCLUDES])
m4trace:configure.ac:162: -1- m4_pattern_allow([^LIBXML2_INCLUDES$])
m4trace:configure.ac:166: -1- AC_SUBST([LIBPYTHON_INCLUDES], ["-I/usr/include/python2.6"])
m4trace:configure.ac:166: -1- AC_SUBST_TRACE([LIBPYTHON_INCLUDES])
m4trace:configure.ac:166: -1- m4_pattern_allow([^LIBPYTHON_INCLUDES$])
m4trace:configure.ac:171: -1- AC_SUBST([LIBGRAPH_INCLUDES], ["$(pkg-config --cflags libgraph 2> /dev/null)"])
m4trace:configure.ac:171: -1- AC_SUBST_TRACE([LIBGRAPH_INCLUDES])
m4trace:configure.ac:171: -1- m4_pattern_allow([^LIBGRAPH_INCLUDES$])
m4trace:configure.ac:176: -1- AC_DEFINE_TRACE_LITERAL([HAVE_BOOLEAN])
m4trace:configure.ac:176: -1- m4_pattern_allow([^HAVE_BOOLEAN$])
m4trace:configure.ac:176: -1- AH_OUTPUT([HAVE_BOOLEAN], [/* Check if the boolean type is defined */
@%:@undef HAVE_BOOLEAN])
m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([size_t])
m4trace:configure.ac:179: -1- m4_pattern_allow([^size_t$])
m4trace:configure.ac:179: -1- AH_OUTPUT([size_t], [/* Define to `unsigned int\' if <sys/types.h> does not define. */
@%:@undef size_t])
m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ALLOCA_H])
m4trace:configure.ac:179: -1- m4_pattern_allow([^HAVE_ALLOCA_H$])
m4trace:configure.ac:179: -1- AH_OUTPUT([HAVE_ALLOCA_H], [/* Define to 1 if you have <alloca.h> and it should be used (not on Ultrix).
*/
@%:@undef HAVE_ALLOCA_H])
m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ALLOCA])
m4trace:configure.ac:179: -1- m4_pattern_allow([^HAVE_ALLOCA$])
m4trace:configure.ac:179: -1- AH_OUTPUT([HAVE_ALLOCA], [/* Define to 1 if you have `alloca\', as a function or macro. */
@%:@undef HAVE_ALLOCA])
m4trace:configure.ac:179: -1- AC_LIBSOURCE([alloca.c])
m4trace:configure.ac:179: -1- AC_SUBST([ALLOCA], [\${LIBOBJDIR}alloca.$ac_objext])
m4trace:configure.ac:179: -1- AC_SUBST_TRACE([ALLOCA])
m4trace:configure.ac:179: -1- m4_pattern_allow([^ALLOCA$])
m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([C_ALLOCA])
m4trace:configure.ac:179: -1- m4_pattern_allow([^C_ALLOCA$])
m4trace:configure.ac:179: -1- AH_OUTPUT([C_ALLOCA], [/* Define to 1 if using `alloca.c\'. */
@%:@undef C_ALLOCA])
m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([CRAY_STACKSEG_END])
m4trace:configure.ac:179: -1- m4_pattern_allow([^CRAY_STACKSEG_END$])
m4trace:configure.ac:179: -1- AH_OUTPUT([CRAY_STACKSEG_END], [/* Define to one of `_getb67\', `GETB67\', `getb67\' for Cray-2 and Cray-YMP
systems. This function is required for `alloca.c\' support on those systems.
*/
@%:@undef CRAY_STACKSEG_END])
m4trace:configure.ac:179: -1- AH_OUTPUT([STACK_DIRECTION], [/* If using the C implementation of alloca, define if you know the
direction of stack growth for your system; otherwise it will be
automatically deduced at runtime.
STACK_DIRECTION > 0 => grows toward higher addresses
STACK_DIRECTION < 0 => grows toward lower addresses
STACK_DIRECTION = 0 => direction of growth unknown */
@%:@undef STACK_DIRECTION])
m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([STACK_DIRECTION])
m4trace:configure.ac:179: -1- m4_pattern_allow([^STACK_DIRECTION$])
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_DIRENT_H], [/* Define to 1 if you have the <dirent.h> header file. */
@%:@undef HAVE_DIRENT_H])
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_DLFCN_H], [/* Define to 1 if you have the <dlfcn.h> header file. */
@%:@undef HAVE_DLFCN_H])
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
@%:@undef HAVE_INTTYPES_H])
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */
@%:@undef HAVE_LIMITS_H])
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_MATH_H], [/* Define to 1 if you have the <math.h> header file. */
@%:@undef HAVE_MATH_H])
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */
@%:@undef HAVE_STDDEF_H])
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
@%:@undef HAVE_STDLIB_H])
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
@%:@undef HAVE_STRING_H])
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
@%:@undef HAVE_UNISTD_H])
m4trace:configure.ac:180: -1- AH_OUTPUT([HAVE_WCHAR_H], [/* Define to 1 if you have the <wchar.h> header file. */
@%:@undef HAVE_WCHAR_H])
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT8_T])
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_U_INT8_T$])
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_U_INT8_T], [/* Define to 1 if the system has the type `u_int8_t\'. */
@%:@undef HAVE_U_INT8_T])
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT16_T])
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_U_INT16_T$])
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_U_INT16_T], [/* Define to 1 if the system has the type `u_int16_t\'. */
@%:@undef HAVE_U_INT16_T])
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT32_T])
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_U_INT32_T$])
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_U_INT32_T], [/* Define to 1 if the system has the type `u_int32_t\'. */
@%:@undef HAVE_U_INT32_T])
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_U_INT64_T$])
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_U_INT64_T], [/* Define to 1 if the system has the type `u_int64_t\'. */
@%:@undef HAVE_U_INT64_T])
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT8_T])
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_UINT8_T$])
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_UINT8_T], [/* Define to 1 if the system has the type `uint8_t\'. */
@%:@undef HAVE_UINT8_T])
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT16_T])
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_UINT16_T$])
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_UINT16_T], [/* Define to 1 if the system has the type `uint16_t\'. */
@%:@undef HAVE_UINT16_T])
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT32_T])
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_UINT32_T$])
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_UINT32_T], [/* Define to 1 if the system has the type `uint32_t\'. */
@%:@undef HAVE_UINT32_T])
m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINT64_T])
m4trace:configure.ac:183: -1- m4_pattern_allow([^HAVE_UINT64_T$])
m4trace:configure.ac:183: -1- AH_OUTPUT([HAVE_UINT64_T], [/* Define to 1 if the system has the type `uint64_t\'. */
@%:@undef HAVE_UINT64_T])
m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT8_T])
m4trace:configure.ac:184: -1- m4_pattern_allow([^HAVE_INT8_T$])
m4trace:configure.ac:184: -1- AH_OUTPUT([HAVE_INT8_T], [/* Define to 1 if the system has the type `int8_t\'. */
@%:@undef HAVE_INT8_T])
m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT16_T])
m4trace:configure.ac:184: -1- m4_pattern_allow([^HAVE_INT16_T$])
m4trace:configure.ac:184: -1- AH_OUTPUT([HAVE_INT16_T], [/* Define to 1 if the system has the type `int16_t\'. */
@%:@undef HAVE_INT16_T])
m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT32_T])
m4trace:configure.ac:184: -1- m4_pattern_allow([^HAVE_INT32_T$])
m4trace:configure.ac:184: -1- AH_OUTPUT([HAVE_INT32_T], [/* Define to 1 if the system has the type `int32_t\'. */
@%:@undef HAVE_INT32_T])
m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
m4trace:configure.ac:184: -1- m4_pattern_allow([^HAVE_INT64_T$])
m4trace:configure.ac:184: -1- AH_OUTPUT([HAVE_INT64_T], [/* Define to 1 if the system has the type `int64_t\'. */
@%:@undef HAVE_INT64_T])
m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([HAVE_BOOLEAN])
m4trace:configure.ac:184: -1- m4_pattern_allow([^HAVE_BOOLEAN$])
m4trace:configure.ac:184: -1- AH_OUTPUT([HAVE_BOOLEAN], [/* Define to 1 if the system has the type `boolean\'. */
@%:@undef HAVE_BOOLEAN])
m4trace:configure.ac:187: -1- AC_DEFINE_TRACE_LITERAL([HAVE__BOOL])
m4trace:configure.ac:187: -1- m4_pattern_allow([^HAVE__BOOL$])
m4trace:configure.ac:187: -1- AH_OUTPUT([HAVE__BOOL], [/* Define to 1 if the system has the type `_Bool\'. */
@%:@undef HAVE__BOOL])
m4trace:configure.ac:187: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDBOOL_H])
m4trace:configure.ac:187: -1- m4_pattern_allow([^HAVE_STDBOOL_H$])
m4trace:configure.ac:187: -1- AH_OUTPUT([HAVE_STDBOOL_H], [/* Define to 1 if stdbool.h conforms to C99. */
@%:@undef HAVE_STDBOOL_H])
m4trace:configure.ac:188: -1- AC_DEFINE_TRACE_LITERAL([size_t])
m4trace:configure.ac:188: -1- m4_pattern_allow([^size_t$])
m4trace:configure.ac:188: -1- AH_OUTPUT([size_t], [/* Define to `unsigned int\' if <sys/types.h> does not define. */
@%:@undef size_t])
m4trace:configure.ac:189: -1- AC_DEFINE_TRACE_LITERAL([uint16_t])
m4trace:configure.ac:189: -1- m4_pattern_allow([^uint16_t$])
m4trace:configure.ac:189: -1- AH_OUTPUT([uint16_t], [/* Define to the type of an unsigned integer type of width exactly 16 bits if
such a type exists and the standard includes do not define it. */
@%:@undef uint16_t])
m4trace:configure.ac:190: -1- AC_DEFINE_TRACE_LITERAL([_UINT32_T])
m4trace:configure.ac:190: -1- m4_pattern_allow([^_UINT32_T$])
m4trace:configure.ac:190: -1- AH_OUTPUT([_UINT32_T], [/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
@%:@define below would cause a syntax error. */
@%:@undef _UINT32_T])
m4trace:configure.ac:190: -1- AC_DEFINE_TRACE_LITERAL([uint32_t])
m4trace:configure.ac:190: -1- m4_pattern_allow([^uint32_t$])
m4trace:configure.ac:190: -1- AH_OUTPUT([uint32_t], [/* Define to the type of an unsigned integer type of width exactly 32 bits if
such a type exists and the standard includes do not define it. */
@%:@undef uint32_t])
m4trace:configure.ac:191: -1- AC_DEFINE_TRACE_LITERAL([_UINT8_T])
m4trace:configure.ac:191: -1- m4_pattern_allow([^_UINT8_T$])
m4trace:configure.ac:191: -1- AH_OUTPUT([_UINT8_T], [/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
@%:@define below would cause a syntax error. */
@%:@undef _UINT8_T])
m4trace:configure.ac:191: -1- AC_DEFINE_TRACE_LITERAL([uint8_t])
m4trace:configure.ac:191: -1- m4_pattern_allow([^uint8_t$])
m4trace:configure.ac:191: -1- AH_OUTPUT([uint8_t], [/* Define to the type of an unsigned integer type of width exactly 8 bits if
such a type exists and the standard includes do not define it. */
@%:@undef uint8_t])
m4trace:configure.ac:192: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PTRDIFF_T])
m4trace:configure.ac:192: -1- m4_pattern_allow([^HAVE_PTRDIFF_T$])
m4trace:configure.ac:192: -1- AH_OUTPUT([HAVE_PTRDIFF_T], [/* Define to 1 if the system has the type `ptrdiff_t\'. */
@%:@undef HAVE_PTRDIFF_T])
m4trace:configure.ac:195: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
@%:@undef HAVE_STDLIB_H])
m4trace:configure.ac:195: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDLIB_H])
m4trace:configure.ac:195: -1- m4_pattern_allow([^HAVE_STDLIB_H$])
m4trace:configure.ac:195: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MALLOC])
m4trace:configure.ac:195: -1- m4_pattern_allow([^HAVE_MALLOC$])
m4trace:configure.ac:195: -1- AH_OUTPUT([HAVE_MALLOC], [/* Define to 1 if your system has a GNU libc compatible `malloc\' function, and
to 0 otherwise. */
@%:@undef HAVE_MALLOC])
m4trace:configure.ac:195: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MALLOC])
m4trace:configure.ac:195: -1- m4_pattern_allow([^HAVE_MALLOC$])
m4trace:configure.ac:195: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS malloc.$ac_objext"])
m4trace:configure.ac:195: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:195: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:195: -1- AC_LIBSOURCE([malloc.c])
m4trace:configure.ac:195: -1- AC_DEFINE_TRACE_LITERAL([malloc])
m4trace:configure.ac:195: -1- m4_pattern_allow([^malloc$])
m4trace:configure.ac:195: -1- AH_OUTPUT([malloc], [/* Define to rpl_malloc if the replacement function should be used. */
@%:@undef malloc])
m4trace:configure.ac:196: -1- AC_DEFINE_TRACE_LITERAL([TIME_WITH_SYS_TIME])
m4trace:configure.ac:196: -1- m4_pattern_allow([^TIME_WITH_SYS_TIME$])
m4trace:configure.ac:196: -1- AH_OUTPUT([TIME_WITH_SYS_TIME], [/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
@%:@undef TIME_WITH_SYS_TIME])
m4trace:configure.ac:196: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */
@%:@undef HAVE_SYS_TIME_H])
m4trace:configure.ac:196: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
@%:@undef HAVE_UNISTD_H])
m4trace:configure.ac:196: -1- AH_OUTPUT([HAVE_ALARM], [/* Define to 1 if you have the `alarm\' function. */
@%:@undef HAVE_ALARM])
m4trace:configure.ac:196: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS mktime.$ac_objext"])
m4trace:configure.ac:196: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:196: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:196: -1- AC_LIBSOURCE([mktime.c])
m4trace:configure.ac:197: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
@%:@undef HAVE_STDLIB_H])
m4trace:configure.ac:197: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDLIB_H])
m4trace:configure.ac:197: -1- m4_pattern_allow([^HAVE_STDLIB_H$])
m4trace:configure.ac:197: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOC])
m4trace:configure.ac:197: -1- m4_pattern_allow([^HAVE_REALLOC$])
m4trace:configure.ac:197: -1- AH_OUTPUT([HAVE_REALLOC], [/* Define to 1 if your system has a GNU libc compatible `realloc\' function,
and to 0 otherwise. */
@%:@undef HAVE_REALLOC])
m4trace:configure.ac:197: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOC])
m4trace:configure.ac:197: -1- m4_pattern_allow([^HAVE_REALLOC$])
m4trace:configure.ac:197: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS realloc.$ac_objext"])
m4trace:configure.ac:197: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:197: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:197: -1- AC_LIBSOURCE([realloc.c])
m4trace:configure.ac:197: -1- AC_DEFINE_TRACE_LITERAL([realloc])
m4trace:configure.ac:197: -1- m4_pattern_allow([^realloc$])
m4trace:configure.ac:197: -1- AH_OUTPUT([realloc], [/* Define to rpl_realloc if the replacement function should be used. */
@%:@undef realloc])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the `memmove\' function. */
@%:@undef HAVE_MEMMOVE])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_MEMSET], [/* Define to 1 if you have the `memset\' function. */
@%:@undef HAVE_MEMSET])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_REGCOMP], [/* Define to 1 if you have the `regcomp\' function. */
@%:@undef HAVE_REGCOMP])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_STRCASECMP], [/* Define to 1 if you have the `strcasecmp\' function. */
@%:@undef HAVE_STRCASECMP])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_STRDUP], [/* Define to 1 if you have the `strdup\' function. */
@%:@undef HAVE_STRDUP])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_STRSTR], [/* Define to 1 if you have the `strstr\' function. */
@%:@undef HAVE_STRSTR])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_STRTOL], [/* Define to 1 if you have the `strtol\' function. */
@%:@undef HAVE_STRTOL])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_STRTOUL], [/* Define to 1 if you have the `strtoul\' function. */
@%:@undef HAVE_STRTOUL])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_SOCKET], [/* Define to 1 if you have the `socket\' function. */
@%:@undef HAVE_SOCKET])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_BIND], [/* Define to 1 if you have the `bind\' function. */
@%:@undef HAVE_BIND])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_LISTEN], [/* Define to 1 if you have the `listen\' function. */
@%:@undef HAVE_LISTEN])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_ACCEPT], [/* Define to 1 if you have the `accept\' function. */
@%:@undef HAVE_ACCEPT])
m4trace:configure.ac:198: -1- AH_OUTPUT([HAVE_CONNECT], [/* Define to 1 if you have the `connect\' function. */
@%:@undef HAVE_CONNECT])
m4trace:configure.ac:200: -1- AC_DEFINE_TRACE_LITERAL([VERSION])
m4trace:configure.ac:200: -1- m4_pattern_allow([^VERSION$])
m4trace:configure.ac:200: -1- AH_OUTPUT([VERSION], [/* Module version */
@%:@undef VERSION])
m4trace:configure.ac:201: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE])
m4trace:configure.ac:201: -1- m4_pattern_allow([^PACKAGE$])
m4trace:configure.ac:201: -1- AH_OUTPUT([PACKAGE], [/* Package name */
@%:@undef PACKAGE])
m4trace:configure.ac:202: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT])
m4trace:configure.ac:202: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
m4trace:configure.ac:202: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Bug report address */
@%:@undef PACKAGE_BUGREPORT])
m4trace:configure.ac:203: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME])
m4trace:configure.ac:203: -1- m4_pattern_allow([^PACKAGE_NAME$])
m4trace:configure.ac:203: -1- AH_OUTPUT([PACKAGE_NAME], [/* Package full name */
@%:@undef PACKAGE_NAME])
m4trace:configure.ac:204: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING])
m4trace:configure.ac:204: -1- m4_pattern_allow([^PACKAGE_STRING$])
m4trace:configure.ac:204: -1- AH_OUTPUT([PACKAGE_STRING], [/* Package string */
@%:@undef PACKAGE_STRING])
m4trace:configure.ac:205: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME])
m4trace:configure.ac:205: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
m4trace:configure.ac:205: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Package tarname */
@%:@undef PACKAGE_TARNAME])
m4trace:configure.ac:206: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION])
m4trace:configure.ac:206: -1- m4_pattern_allow([^PACKAGE_VERSION$])
m4trace:configure.ac:206: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Package version */
@%:@undef PACKAGE_VERSION])
m4trace:configure.ac:207: -1- AC_DEFINE_TRACE_LITERAL([SUP_IP6])
m4trace:configure.ac:207: -1- m4_pattern_allow([^SUP_IP6$])
m4trace:configure.ac:207: -1- AH_OUTPUT([SUP_IP6], [/* Use SUP_IP6 */
@%:@undef SUP_IP6])
m4trace:configure.ac:209: -1- AC_DEFINE_TRACE_LITERAL([HAVE_VISIBILITY])
m4trace:configure.ac:209: -1- m4_pattern_allow([^HAVE_VISIBILITY$])
m4trace:configure.ac:209: -1- AH_OUTPUT([HAVE_VISIBILITY], [/* Check if the compiler supports visibility */
@%:@undef HAVE_VISIBILITY])
m4trace:configure.ac:210: -1- AC_DEFINE_TRACE_LITERAL([PREFIX])
m4trace:configure.ac:210: -1- m4_pattern_allow([^PREFIX$])
m4trace:configure.ac:210: -1- AH_OUTPUT([PREFIX], [/* Installation prefix */
@%:@undef PREFIX])
m4trace:configure.ac:212: -1- AC_CONFIG_FILES([Makefile])
m4trace:configure.ac:213: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:213: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:213: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([LTLIBOBJS])
m4trace:configure.ac:213: -1- m4_pattern_allow([^LTLIBOBJS$])
m4trace:configure.ac:213: -1- AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])
m4trace:configure.ac:213: -1- AC_SUBST([am__EXEEXT_TRUE])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([am__EXEEXT_TRUE])
m4trace:configure.ac:213: -1- m4_pattern_allow([^am__EXEEXT_TRUE$])
m4trace:configure.ac:213: -1- AC_SUBST([am__EXEEXT_FALSE])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([am__EXEEXT_FALSE])
m4trace:configure.ac:213: -1- m4_pattern_allow([^am__EXEEXT_FALSE$])
m4trace:configure.ac:213: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_TRUE])
m4trace:configure.ac:213: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_FALSE])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([top_builddir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([top_build_prefix])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([srcdir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([abs_srcdir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([top_srcdir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([abs_top_srcdir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([builddir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([abs_builddir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([abs_top_builddir])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([INSTALL])
m4trace:configure.ac:213: -1- AC_SUBST_TRACE([MKDIR_P])
m4trace:configure.ac:213: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])

3
bayesian.c Normal file → Executable file
View file

@ -97,7 +97,7 @@ AI_alert_bayesian_correlation ( const AI_snort_alert *a, const AI_snort_alert *b
unsigned int corr_count = 0,
corr_count_a = 0;
BOOL is_a_correlated = false;
bool is_a_correlated = false;
AI_bayesian_correlation_key bayesian_key;
AI_bayesian_correlation *found = NULL;
@ -181,4 +181,3 @@ AI_alert_bayesian_correlation ( const AI_snort_alert *a, const AI_snort_alert *b
} /* ----- end of function AI_alert_bayesian_correlation ----- */
/** @} */

5
cluster.c Normal file → Executable file
View file

@ -211,7 +211,7 @@ __AI_get_min_hierarchy_node ( int val, hierarchy_node *root )
* \return True if they are equal, false otherwise
*/
PRIVATE BOOL
PRIVATE bool
__AI_equal_alerts ( AI_snort_alert *a1, AI_snort_alert *a2 )
{
if ( a1->gid != a2->gid || a1->sid != a2->sid || a1->rev != a2->rev )
@ -599,7 +599,7 @@ __AI_cluster_thread ( void* arg )
* \return True if 'node' is already in 'root', false otherwise
*/
PRIVATE BOOL
PRIVATE bool
__AI_check_duplicate ( hierarchy_node *node, hierarchy_node *root )
{
int i;
@ -754,4 +754,3 @@ AI_get_clustered_alerts ()
} /* ----- end of function AI_get_clustered_alerts ----- */
/** @} */

347
compile Executable file
View file

@ -0,0 +1,347 @@
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
scriptversion=2012-10-14.11; # UTC
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
nl='
'
# We need space, tab and new line, in precisely that order. Quoting is
# there to prevent tools from complaining about whitespace usage.
IFS=" "" $nl"
file_conv=
# func_file_conv build_file lazy
# Convert a $build file to $host form and store it in $file
# Currently only supports Windows hosts. If the determined conversion
# type is listed in (the comma separated) LAZY, no conversion will
# take place.
func_file_conv ()
{
file=$1
case $file in
/ | /[!/]*) # absolute file, and not a UNC file
if test -z "$file_conv"; then
# lazily determine how to convert abs files
case `uname -s` in
MINGW*)
file_conv=mingw
;;
CYGWIN*)
file_conv=cygwin
;;
*)
file_conv=wine
;;
esac
fi
case $file_conv/,$2, in
*,$file_conv,*)
;;
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
cygwin/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
file=`winepath -w "$file" || echo "$file"`
;;
esac
;;
esac
}
# func_cl_dashL linkdir
# Make cl look for libraries in LINKDIR
func_cl_dashL ()
{
func_file_conv "$1"
if test -z "$lib_path"; then
lib_path=$file
else
lib_path="$lib_path;$file"
fi
linker_opts="$linker_opts -LIBPATH:$file"
}
# func_cl_dashl library
# Do a library search-path lookup for cl
func_cl_dashl ()
{
lib=$1
found=no
save_IFS=$IFS
IFS=';'
for dir in $lib_path $LIB
do
IFS=$save_IFS
if $shared && test -f "$dir/$lib.dll.lib"; then
found=yes
lib=$dir/$lib.dll.lib
break
fi
if test -f "$dir/$lib.lib"; then
found=yes
lib=$dir/$lib.lib
break
fi
if test -f "$dir/lib$lib.a"; then
found=yes
lib=$dir/lib$lib.a
break
fi
done
IFS=$save_IFS
if test "$found" != yes; then
lib=$lib.lib
fi
}
# func_cl_wrapper cl arg...
# Adjust compile command to suit cl
func_cl_wrapper ()
{
# Assume a capable shell
lib_path=
shared=:
linker_opts=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
eat=1
case $2 in
*.o | *.[oO][bB][jJ])
func_file_conv "$2"
set x "$@" -Fo"$file"
shift
;;
*)
func_file_conv "$2"
set x "$@" -Fe"$file"
shift
;;
esac
;;
-I)
eat=1
func_file_conv "$2" mingw
set x "$@" -I"$file"
shift
;;
-I*)
func_file_conv "${1#-I}" mingw
set x "$@" -I"$file"
shift
;;
-l)
eat=1
func_cl_dashl "$2"
set x "$@" "$lib"
shift
;;
-l*)
func_cl_dashl "${1#-l}"
set x "$@" "$lib"
shift
;;
-L)
eat=1
func_cl_dashL "$2"
;;
-L*)
func_cl_dashL "${1#-L}"
;;
-static)
shared=false
;;
-Wl,*)
arg=${1#-Wl,}
save_ifs="$IFS"; IFS=','
for flag in $arg; do
IFS="$save_ifs"
linker_opts="$linker_opts $flag"
done
IFS="$save_ifs"
;;
-Xlinker)
eat=1
linker_opts="$linker_opts $2"
;;
-*)
set x "$@" "$1"
shift
;;
*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
func_file_conv "$1"
set x "$@" -Tp"$file"
shift
;;
*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
func_file_conv "$1" mingw
set x "$@" "$file"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -n "$linker_opts"; then
linker_opts="-link$linker_opts"
fi
exec "$@" $linker_opts
exit 1
}
eat=
case $1 in
'')
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: compile [--help] [--version] PROGRAM [ARGS]
Wrapper for compilers which do not understand '-c -o'.
Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
arguments, and rename the output as expected.
If you are trying to build a whole package this is not the
right script to run: please start by reading the file 'INSTALL'.
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v | --v*)
echo "compile $scriptversion"
exit $?
;;
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
ofile=
cfile=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
# So we strip '-o arg' only if arg is an object.
eat=1
case $2 in
*.o | *.obj)
ofile=$2
;;
*)
set x "$@" -o "$2"
shift
;;
esac
;;
*.c)
cfile=$1
set x "$@" "$1"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -z "$ofile" || test -z "$cfile"; then
# If no '-o' option was seen then we might have been invoked from a
# pattern rule where we don't need one. That is ok -- this is a
# normal compilation that the losing compiler can handle. If no
# '.c' file was seen then we are probably linking. That is also
# ok.
exec "$@"
fi
# Name of file we expect compiler to create.
cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
# Create the lock directory.
# Note: use '[/\\:.-]' here to ensure that we don't use the same name
# that we are using for the .o file. Also, base the name on the expected
# object file name, since that is what matters with a parallel build.
lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
while true; do
if mkdir "$lockdir" >/dev/null 2>&1; then
break
fi
sleep 1
done
# FIXME: race condition here if user kills between mkdir and trap.
trap "rmdir '$lockdir'; exit 1" 1 2 15
# Run the compile.
"$@"
ret=$?
if test -f "$cofile"; then
test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
elif test -f "${cofile}bj"; then
test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
fi
rmdir "$lockdir"
exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

402
config.guess vendored
View file

@ -1,14 +1,12 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
# Free Software Foundation, Inc.
# Copyright 1992-2015 Free Software Foundation, Inc.
timestamp='2009-11-20'
timestamp='2015-08-20'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
@ -17,26 +15,22 @@ timestamp='2009-11-20'
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
# 02110-1301, USA.
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Originally written by Per Bothner. Please send patches (context
# diff format) to <config-patches@gnu.org> and include a ChangeLog
# entry.
# the same distribution terms that you use for the rest of that
# program. This Exception is an additional permission under section 7
# of the GNU General Public License, version 3 ("GPLv3").
#
# This script attempts to guess a canonical system name similar to
# config.sub. If it succeeds, it prints the system name on stdout, and
# exits with 0. Otherwise, it exits with 1.
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
#
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
#
# Please send patches to <config-patches@gnu.org>.
me=`echo "$0" | sed -e 's,.*/,,'`
@ -56,8 +50,7 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
Copyright 1992-2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -139,12 +132,33 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
case "${UNAME_SYSTEM}" in
Linux|GNU|GNU/*)
# If the system lacks a compiler, then just pick glibc.
# We could probably try harder.
LIBC=gnu
eval $set_cc_for_build
cat <<-EOF > $dummy.c
#include <features.h>
#if defined(__UCLIBC__)
LIBC=uclibc
#elif defined(__dietlibc__)
LIBC=dietlibc
#else
LIBC=gnu
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
;;
esac
# Note: order is significant - the case branches are not exclusive.
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:NetBSD:*:*)
# NetBSD (nbsd) targets should (where applicable) match one or
# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
# switched to ELF, *-*-netbsd* would select the old
# object file format. This provides both forward
@ -154,20 +168,27 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
/usr/sbin/$sysctl 2>/dev/null || echo unknown)`
UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
/sbin/$sysctl 2>/dev/null || \
/usr/sbin/$sysctl 2>/dev/null || \
echo unknown)`
case "${UNAME_MACHINE_ARCH}" in
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
sh5el) machine=sh5le-unknown ;;
earmv*)
arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
machine=${arch}${endian}-unknown
;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently, or will in the future.
case "${UNAME_MACHINE_ARCH}" in
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ELF__
@ -183,6 +204,13 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
os=netbsd
;;
esac
# Determine ABI tags.
case "${UNAME_MACHINE_ARCH}" in
earm*)
expr='s/^earmv[0-9]/-eabi/;s/eb$//'
abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
;;
esac
# The OS release
# Debian GNU/NetBSD machines have a different userland, and
# thus, need a distinct triplet. However, they do not need
@ -193,13 +221,17 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
release='-gnu'
;;
*)
release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
;;
esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
echo "${machine}-${os}${release}"
echo "${machine}-${os}${release}${abi}"
exit ;;
*:Bitrig:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE}
exit ;;
*:OpenBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
@ -217,6 +249,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:MirBSD:*:*)
echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
exit ;;
*:Sortix:*:*)
echo ${UNAME_MACHINE}-unknown-sortix
exit ;;
alpha:OSF1:*:*)
case $UNAME_RELEASE in
*4.0)
@ -269,7 +304,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
exit ;;
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
exitcode=$?
trap '' 0
exit $exitcode ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
@ -300,7 +338,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
exit ;;
arm:riscos:*:*|arm:RISCOS:*:*)
arm*:riscos:*:*|arm*:RISCOS:*:*)
echo arm-unknown-riscos
exit ;;
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
@ -551,15 +589,16 @@ EOF
echo rs6000-ibm-aix3.2
fi
exit ;;
*:AIX:*:[456])
*:AIX:*:[4567])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
IBM_ARCH=rs6000
else
IBM_ARCH=powerpc
fi
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
if [ -x /usr/bin/lslpp ] ; then
IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
else
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
@ -788,21 +827,26 @@ EOF
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
exit ;;
*:FreeBSD:*:*)
case ${UNAME_MACHINE} in
pc98)
echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
UNAME_PROCESSOR=`/usr/bin/uname -p`
case ${UNAME_PROCESSOR} in
amd64)
echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
*)
echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
esac
exit ;;
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
exit ;;
*:MINGW64*:*)
echo ${UNAME_MACHINE}-pc-mingw64
exit ;;
*:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
exit ;;
*:MSYS*:*)
echo ${UNAME_MACHINE}-pc-msys
exit ;;
i*:windows32*:*)
# uname -m includes "-pc" on this system.
echo ${UNAME_MACHINE}-mingw32
@ -848,15 +892,22 @@ EOF
exit ;;
*:GNU:*:*)
# the GNU system
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
exit ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
exit ;;
aarch64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
aarch64_be:Linux:*:*)
UNAME_MACHINE=aarch64_be
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
EV5) UNAME_MACHINE=alphaev5 ;;
@ -868,50 +919,57 @@ EOF
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
objdump --private-headers /bin/sh | grep -q ld.so.1
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
arc:Linux:*:* | arceb:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
arm*:Linux:*:*)
eval $set_cc_for_build
if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_EABI__
then
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
else
echo ${UNAME_MACHINE}-unknown-linux-gnueabi
if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_PCS_VFP
then
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
else
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf
fi
fi
exit ;;
avr32*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
cris:Linux:*:*)
echo cris-axis-linux-gnu
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;;
crisv32:Linux:*:*)
echo crisv32-axis-linux-gnu
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;;
e2k:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
frv:Linux:*:*)
echo frv-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
hexagon:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
i*86:Linux:*:*)
LIBC=gnu
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#ifdef __dietlibc__
LIBC=dietlibc
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
echo ${UNAME_MACHINE}-pc-linux-${LIBC}
exit ;;
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
m32r*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
m68*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
mips:Linux:*:* | mips64:Linux:*:*)
eval $set_cc_for_build
@ -930,51 +988,63 @@ EOF
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
;;
or32:Linux:*:*)
echo or32-unknown-linux-gnu
openrisc*:Linux:*:*)
echo or1k-unknown-linux-${LIBC}
exit ;;
or32:Linux:*:* | or1k*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
padre:Linux:*:*)
echo sparc-unknown-linux-gnu
echo sparc-unknown-linux-${LIBC}
exit ;;
parisc64:Linux:*:* | hppa64:Linux:*:*)
echo hppa64-unknown-linux-gnu
echo hppa64-unknown-linux-${LIBC}
exit ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
PA7*) echo hppa1.1-unknown-linux-gnu ;;
PA8*) echo hppa2.0-unknown-linux-gnu ;;
*) echo hppa-unknown-linux-gnu ;;
PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
*) echo hppa-unknown-linux-${LIBC} ;;
esac
exit ;;
ppc64:Linux:*:*)
echo powerpc64-unknown-linux-gnu
echo powerpc64-unknown-linux-${LIBC}
exit ;;
ppc:Linux:*:*)
echo powerpc-unknown-linux-gnu
echo powerpc-unknown-linux-${LIBC}
exit ;;
ppc64le:Linux:*:*)
echo powerpc64le-unknown-linux-${LIBC}
exit ;;
ppcle:Linux:*:*)
echo powerpcle-unknown-linux-${LIBC}
exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux
echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
exit ;;
sh64*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
sh*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
sparc:Linux:*:* | sparc64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
tile*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
vax:Linux:*:*)
echo ${UNAME_MACHINE}-dec-linux-gnu
echo ${UNAME_MACHINE}-dec-linux-${LIBC}
exit ;;
x86_64:Linux:*:*)
echo x86_64-unknown-linux-gnu
echo ${UNAME_MACHINE}-pc-linux-${LIBC}
exit ;;
xtensa*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
@ -1178,6 +1248,9 @@ EOF
BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
echo i586-pc-haiku
exit ;;
x86_64:Haiku:*:*)
echo x86_64-unknown-haiku
exit ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
exit ;;
@ -1204,19 +1277,31 @@ EOF
exit ;;
*:Darwin:*:*)
UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
case $UNAME_PROCESSOR in
i386)
eval $set_cc_for_build
if test "$UNAME_PROCESSOR" = unknown ; then
UNAME_PROCESSOR=powerpc
fi
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
UNAME_PROCESSOR="x86_64"
fi
fi ;;
unknown) UNAME_PROCESSOR=powerpc ;;
case $UNAME_PROCESSOR in
i386) UNAME_PROCESSOR=x86_64 ;;
powerpc) UNAME_PROCESSOR=powerpc64 ;;
esac
fi
fi
elif test "$UNAME_PROCESSOR" = i386 ; then
# Avoid executing cc on OS X 10.9, as it ships with a stub
# that puts up a graphical alert prompting to install
# developer tools. Any system running Mac OS X 10.7 or
# later (Darwin 11 and later) is required to have a 64-bit
# processor. This is not true of the ARM version of Darwin
# that Apple uses in portable devices.
UNAME_PROCESSOR=x86_64
fi
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
@ -1230,7 +1315,10 @@ EOF
*:QNX:*:4*)
echo i386-pc-qnx
exit ;;
NSE-?:NONSTOP_KERNEL:*:*)
NEO-?:NONSTOP_KERNEL:*:*)
echo neo-tandem-nsk${UNAME_RELEASE}
exit ;;
NSE-*:NONSTOP_KERNEL:*:*)
echo nse-tandem-nsk${UNAME_RELEASE}
exit ;;
NSR-?:NONSTOP_KERNEL:*:*)
@ -1299,159 +1387,11 @@ EOF
i*86:AROS:*:*)
echo ${UNAME_MACHINE}-pc-aros
exit ;;
x86_64:VMkernel:*:*)
echo ${UNAME_MACHINE}-unknown-esx
exit ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
eval $set_cc_for_build
cat >$dummy.c <<EOF
#ifdef _SEQUENT_
# include <sys/types.h>
# include <sys/utsname.h>
#endif
main ()
{
#if defined (sony)
#if defined (MIPSEB)
/* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
I don't know.... */
printf ("mips-sony-bsd\n"); exit (0);
#else
#include <sys/param.h>
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
"4"
#else
""
#endif
); exit (0);
#endif
#endif
#if defined (__arm) && defined (__acorn) && defined (__unix)
printf ("arm-acorn-riscix\n"); exit (0);
#endif
#if defined (hp300) && !defined (hpux)
printf ("m68k-hp-bsd\n"); exit (0);
#endif
#if defined (NeXT)
#if !defined (__ARCHITECTURE__)
#define __ARCHITECTURE__ "m68k"
#endif
int version;
version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
if (version < 4)
printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
else
printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
exit (0);
#endif
#if defined (MULTIMAX) || defined (n16)
#if defined (UMAXV)
printf ("ns32k-encore-sysv\n"); exit (0);
#else
#if defined (CMU)
printf ("ns32k-encore-mach\n"); exit (0);
#else
printf ("ns32k-encore-bsd\n"); exit (0);
#endif
#endif
#endif
#if defined (__386BSD__)
printf ("i386-pc-bsd\n"); exit (0);
#endif
#if defined (sequent)
#if defined (i386)
printf ("i386-sequent-dynix\n"); exit (0);
#endif
#if defined (ns32000)
printf ("ns32k-sequent-dynix\n"); exit (0);
#endif
#endif
#if defined (_SEQUENT_)
struct utsname un;
uname(&un);
if (strncmp(un.version, "V2", 2) == 0) {
printf ("i386-sequent-ptx2\n"); exit (0);
}
if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
printf ("i386-sequent-ptx1\n"); exit (0);
}
printf ("i386-sequent-ptx\n"); exit (0);
#endif
#if defined (vax)
# if !defined (ultrix)
# include <sys/param.h>
# if defined (BSD)
# if BSD == 43
printf ("vax-dec-bsd4.3\n"); exit (0);
# else
# if BSD == 199006
printf ("vax-dec-bsd4.3reno\n"); exit (0);
# else
printf ("vax-dec-bsd\n"); exit (0);
# endif
# endif
# else
printf ("vax-dec-bsd\n"); exit (0);
# endif
# else
printf ("vax-dec-ultrix\n"); exit (0);
# endif
#endif
#if defined (alliant) && defined (i860)
printf ("i860-alliant-bsd\n"); exit (0);
#endif
exit (1);
}
EOF
$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
{ echo "$SYSTEM_NAME"; exit; }
# Apollos put the system type in the environment.
test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
# Convex versions that predate uname can use getsysinfo(1)
if [ -x /usr/convex/getsysinfo ]
then
case `getsysinfo -f cpu_type` in
c1*)
echo c1-convex-bsd
exit ;;
c2*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit ;;
c34*)
echo c34-convex-bsd
exit ;;
c38*)
echo c38-convex-bsd
exit ;;
c4*)
echo c4-convex-bsd
exit ;;
esac
fi
cat >&2 <<EOF
$0: unable to guess system type

310
config.h Normal file
View file

@ -0,0 +1,310 @@
/* config.h. Generated from config.h.in by configure. */
/* config.h.in. Generated from configure.ac by autoheader. */
/* Define if AIX */
/* #undef AIX */
/* Define if broken SIOCGIFMTU */
/* #undef BROKEN_SIOCGIFMTU */
/* Define if BSDi */
/* #undef BSDI */
/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP
systems. This function is required for `alloca.c' support on those systems.
*/
/* #undef CRAY_STACKSEG_END */
/* Define to 1 if using `alloca.c'. */
/* #undef C_ALLOCA */
/* Define if FreeBSD */
/* #undef FREEBSD */
/* Define to 1 if you have the `accept' function. */
#define HAVE_ACCEPT 1
/* Define to 1 if you have the `alarm' function. */
#define HAVE_ALARM 1
/* Define to 1 if you have `alloca', as a function or macro. */
#define HAVE_ALLOCA 1
/* Define to 1 if you have <alloca.h> and it should be used (not on Ultrix).
*/
#define HAVE_ALLOCA_H 1
/* Define to 1 if you have the `bind' function. */
#define HAVE_BIND 1
/* Define to 1 if the system has the type `boolean'. */
/* #undef HAVE_BOOLEAN */
/* Define to 1 if you have the `connect' function. */
#define HAVE_CONNECT 1
/* Define to 1 if you have the <dirent.h> header file. */
#define HAVE_DIRENT_H 1
/* Define to 1 if you have the <dlfcn.h> header file. */
#define HAVE_DLFCN_H 1
/* Define to 1 if the system has the type `int16_t'. */
#define HAVE_INT16_T 1
/* Define to 1 if the system has the type `int32_t'. */
#define HAVE_INT32_T 1
/* Define to 1 if the system has the type `int64_t'. */
#define HAVE_INT64_T 1
/* Define to 1 if the system has the type `int8_t'. */
#define HAVE_INT8_T 1
/* Define to 1 if you have the <inttypes.h> header file. */
#define HAVE_INTTYPES_H 1
/* Define to 1 if you have the `dl' library (-ldl). */
#define HAVE_LIBDL 1
/* Define to 1 if you have the `gvc' library (-lgvc). */
/* #undef HAVE_LIBGVC */
/* Define to 1 if you have the `m' library (-lm). */
#define HAVE_LIBM 1
/* Define to 1 if you have the `mysqlclient' library (-lmysqlclient). */
#define HAVE_LIBMYSQLCLIENT 1
/* Define to 1 if you have the `pq' library (-lpq). */
/* #undef HAVE_LIBPQ */
/* Define to 1 if you have the `pthread' library (-lpthread). */
#define HAVE_LIBPTHREAD 1
/* Define to 1 if you have the `python2.6' library (-lpython2.6). */
/* #undef HAVE_LIBPYTHON2_6 */
/* Define to 1 if you have the `xml2' library (-lxml2). */
#define HAVE_LIBXML2 1
/* Define to 1 if you have the <limits.h> header file. */
#define HAVE_LIMITS_H 1
/* Define to 1 if you have the `listen' function. */
#define HAVE_LISTEN 1
/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
to 0 otherwise. */
#define HAVE_MALLOC 1
/* Define to 1 if you have the <math.h> header file. */
#define HAVE_MATH_H 1
/* Define to 1 if you have the `memmove' function. */
#define HAVE_MEMMOVE 1
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the `memset' function. */
#define HAVE_MEMSET 1
/* Define to 1 if the system has the type `ptrdiff_t'. */
#define HAVE_PTRDIFF_T 1
/* Define to 1 if your system has a GNU libc compatible `realloc' function,
and to 0 otherwise. */
#define HAVE_REALLOC 1
/* Define to 1 if you have the `regcomp' function. */
#define HAVE_REGCOMP 1
/* Define to 1 if you have the `socket' function. */
#define HAVE_SOCKET 1
/* Define to 1 if stdbool.h conforms to C99. */
#define HAVE_STDBOOL_H 1
/* Define to 1 if you have the <stddef.h> header file. */
#define HAVE_STDDEF_H 1
/* Define to 1 if you have the <stdint.h> header file. */
#define HAVE_STDINT_H 1
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the `strcasecmp' function. */
#define HAVE_STRCASECMP 1
/* Define to 1 if you have the `strdup' function. */
#define HAVE_STRDUP 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the `strstr' function. */
#define HAVE_STRSTR 1
/* Define to 1 if you have the `strtol' function. */
#define HAVE_STRTOL 1
/* Define to 1 if you have the `strtoul' function. */
#define HAVE_STRTOUL 1
/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1
/* Define to 1 if you have the <sys/time.h> header file. */
#define HAVE_SYS_TIME_H 1
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if the system has the type `uint16_t'. */
#define HAVE_UINT16_T 1
/* Define to 1 if the system has the type `uint32_t'. */
#define HAVE_UINT32_T 1
/* Define to 1 if the system has the type `uint64_t'. */
#define HAVE_UINT64_T 1
/* Define to 1 if the system has the type `uint8_t'. */
#define HAVE_UINT8_T 1
/* Define to 1 if you have the <unistd.h> header file. */
#define HAVE_UNISTD_H 1
/* Define to 1 if the system has the type `u_int16_t'. */
#define HAVE_U_INT16_T 1
/* Define to 1 if the system has the type `u_int32_t'. */
#define HAVE_U_INT32_T 1
/* Define to 1 if the system has the type `u_int64_t'. */
#define HAVE_U_INT64_T 1
/* Define to 1 if the system has the type `u_int8_t'. */
#define HAVE_U_INT8_T 1
/* Check if the compiler supports visibility */
#define HAVE_VISIBILITY 1
/* Define to 1 if you have the <wchar.h> header file. */
#define HAVE_WCHAR_H 1
/* Define to 1 if the system has the type `_Bool'. */
#define HAVE__BOOL 1
/* Define if HP-UX 10 or 11 */
/* #undef HPUX */
/* Define if Irix 6 */
/* #undef IRIX */
/* Define if Linux */
#define LINUX 1
/* Define to the sub-directory where libtool stores uninstalled libraries. */
#define LT_OBJDIR ".libs/"
/* Define if MacOS */
/* #undef MACOS */
/* Define if OpenBSD < 2.3 */
/* #undef OPENBSD */
/* Define if Tru64 */
/* #undef OSF1 */
/* Package name */
#define PACKAGE "sf_ai_preprocessor"
/* Bug report address */
#define PACKAGE_BUGREPORT "blacklight@autistici.org"
/* Package full name */
#define PACKAGE_NAME "sf_ai_preprocessor"
/* Package string */
#define PACKAGE_STRING "Snort AI preprocessor"
/* Package tarname */
#define PACKAGE_TARNAME "snort_ai_preproc"
/* Define to the home page for this package. */
#define PACKAGE_URL ""
/* Package version */
#define PACKAGE_VERSION "0.1.0"
/* Define if pcap timeout is ignored */
#define PCAP_TIMEOUT_IGNORED 1
/* Installation prefix */
#define PREFIX "/usr"
/* Define if Solaris */
/* #undef SOLARIS */
/* If using the C implementation of alloca, define if you know the
direction of stack growth for your system; otherwise it will be
automatically deduced at runtime.
STACK_DIRECTION > 0 => grows toward higher addresses
STACK_DIRECTION < 0 => grows toward lower addresses
STACK_DIRECTION = 0 => direction of growth unknown */
/* #undef STACK_DIRECTION */
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Define if SunOS */
/* #undef SUNOS */
/* Use SUP_IP6 */
#define SUP_IP6 /**/
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
#define TIME_WITH_SYS_TIME 1
/* Module version */
#define VERSION "0.1.0"
/* Define if words are big endian */
/* #undef WORDS_BIGENDIAN */
/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
#define below would cause a syntax error. */
/* #undef _UINT32_T */
/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
#define below would cause a syntax error. */
/* #undef _UINT8_T */
/* Define to rpl_malloc if the replacement function should be used. */
/* #undef malloc */
/* Define to rpl_realloc if the replacement function should be used. */
/* #undef realloc */
/* Define to `unsigned int' if <sys/types.h> does not define. */
/* #undef size_t */
/* Define to the type of an unsigned integer type of width exactly 16 bits if
such a type exists and the standard includes do not define it. */
/* #undef uint16_t */
/* Define to the type of an unsigned integer type of width exactly 32 bits if
such a type exists and the standard includes do not define it. */
/* #undef uint32_t */
/* Define to the type of an unsigned integer type of width exactly 8 bits if
such a type exists and the standard includes do not define it. */
/* #undef uint8_t */

View file

@ -209,8 +209,7 @@
/* Define if Linux */
#undef LINUX
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
/* Define to the sub-directory where libtool stores uninstalled libraries. */
#undef LT_OBJDIR
/* Define if MacOS */

309
config.h.in~ Normal file
View file

@ -0,0 +1,309 @@
/* config.h.in. Generated from configure.ac by autoheader. */
/* Define if AIX */
#undef AIX
/* Define if broken SIOCGIFMTU */
#undef BROKEN_SIOCGIFMTU
/* Define if BSDi */
#undef BSDI
/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP
systems. This function is required for `alloca.c' support on those systems.
*/
#undef CRAY_STACKSEG_END
/* Define to 1 if using `alloca.c'. */
#undef C_ALLOCA
/* Define if FreeBSD */
#undef FREEBSD
/* Define to 1 if you have the `accept' function. */
#undef HAVE_ACCEPT
/* Define to 1 if you have the `alarm' function. */
#undef HAVE_ALARM
/* Define to 1 if you have `alloca', as a function or macro. */
#undef HAVE_ALLOCA
/* Define to 1 if you have <alloca.h> and it should be used (not on Ultrix).
*/
#undef HAVE_ALLOCA_H
/* Define to 1 if you have the `bind' function. */
#undef HAVE_BIND
/* Define to 1 if the system has the type `boolean'. */
#undef HAVE_BOOLEAN
/* Define to 1 if you have the `connect' function. */
#undef HAVE_CONNECT
/* Define to 1 if you have the <dirent.h> header file. */
#undef HAVE_DIRENT_H
/* Define to 1 if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H
/* Define to 1 if the system has the type `int16_t'. */
#undef HAVE_INT16_T
/* Define to 1 if the system has the type `int32_t'. */
#undef HAVE_INT32_T
/* Define to 1 if the system has the type `int64_t'. */
#undef HAVE_INT64_T
/* Define to 1 if the system has the type `int8_t'. */
#undef HAVE_INT8_T
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define to 1 if you have the `dl' library (-ldl). */
#undef HAVE_LIBDL
/* Define to 1 if you have the `gvc' library (-lgvc). */
#undef HAVE_LIBGVC
/* Define to 1 if you have the `m' library (-lm). */
#undef HAVE_LIBM
/* Define to 1 if you have the `mysqlclient' library (-lmysqlclient). */
#undef HAVE_LIBMYSQLCLIENT
/* Define to 1 if you have the `pq' library (-lpq). */
#undef HAVE_LIBPQ
/* Define to 1 if you have the `pthread' library (-lpthread). */
#undef HAVE_LIBPTHREAD
/* Define to 1 if you have the `python2.6' library (-lpython2.6). */
#undef HAVE_LIBPYTHON2_6
/* Define to 1 if you have the `xml2' library (-lxml2). */
#undef HAVE_LIBXML2
/* Define to 1 if you have the <limits.h> header file. */
#undef HAVE_LIMITS_H
/* Define to 1 if you have the `listen' function. */
#undef HAVE_LISTEN
/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
to 0 otherwise. */
#undef HAVE_MALLOC
/* Define to 1 if you have the <math.h> header file. */
#undef HAVE_MATH_H
/* Define to 1 if you have the `memmove' function. */
#undef HAVE_MEMMOVE
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the `memset' function. */
#undef HAVE_MEMSET
/* Define to 1 if the system has the type `ptrdiff_t'. */
#undef HAVE_PTRDIFF_T
/* Define to 1 if your system has a GNU libc compatible `realloc' function,
and to 0 otherwise. */
#undef HAVE_REALLOC
/* Define to 1 if you have the `regcomp' function. */
#undef HAVE_REGCOMP
/* Define to 1 if you have the `socket' function. */
#undef HAVE_SOCKET
/* Define to 1 if stdbool.h conforms to C99. */
#undef HAVE_STDBOOL_H
/* Define to 1 if you have the <stddef.h> header file. */
#undef HAVE_STDDEF_H
/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
/* Define to 1 if you have the `strcasecmp' function. */
#undef HAVE_STRCASECMP
/* Define to 1 if you have the `strdup' function. */
#undef HAVE_STRDUP
/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define to 1 if you have the `strstr' function. */
#undef HAVE_STRSTR
/* Define to 1 if you have the `strtol' function. */
#undef HAVE_STRTOL
/* Define to 1 if you have the `strtoul' function. */
#undef HAVE_STRTOUL
/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
/* Define to 1 if you have the <sys/time.h> header file. */
#undef HAVE_SYS_TIME_H
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if the system has the type `uint16_t'. */
#undef HAVE_UINT16_T
/* Define to 1 if the system has the type `uint32_t'. */
#undef HAVE_UINT32_T
/* Define to 1 if the system has the type `uint64_t'. */
#undef HAVE_UINT64_T
/* Define to 1 if the system has the type `uint8_t'. */
#undef HAVE_UINT8_T
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Define to 1 if the system has the type `u_int16_t'. */
#undef HAVE_U_INT16_T
/* Define to 1 if the system has the type `u_int32_t'. */
#undef HAVE_U_INT32_T
/* Define to 1 if the system has the type `u_int64_t'. */
#undef HAVE_U_INT64_T
/* Define to 1 if the system has the type `u_int8_t'. */
#undef HAVE_U_INT8_T
/* Check if the compiler supports visibility */
#undef HAVE_VISIBILITY
/* Define to 1 if you have the <wchar.h> header file. */
#undef HAVE_WCHAR_H
/* Define to 1 if the system has the type `_Bool'. */
#undef HAVE__BOOL
/* Define if HP-UX 10 or 11 */
#undef HPUX
/* Define if Irix 6 */
#undef IRIX
/* Define if Linux */
#undef LINUX
/* Define to the sub-directory where libtool stores uninstalled libraries. */
#undef LT_OBJDIR
/* Define if MacOS */
#undef MACOS
/* Define if OpenBSD < 2.3 */
#undef OPENBSD
/* Define if Tru64 */
#undef OSF1
/* Package name */
#undef PACKAGE
/* Bug report address */
#undef PACKAGE_BUGREPORT
/* Package full name */
#undef PACKAGE_NAME
/* Package string */
#undef PACKAGE_STRING
/* Package tarname */
#undef PACKAGE_TARNAME
/* Define to the home page for this package. */
#undef PACKAGE_URL
/* Package version */
#undef PACKAGE_VERSION
/* Define if pcap timeout is ignored */
#undef PCAP_TIMEOUT_IGNORED
/* Installation prefix */
#undef PREFIX
/* Define if Solaris */
#undef SOLARIS
/* If using the C implementation of alloca, define if you know the
direction of stack growth for your system; otherwise it will be
automatically deduced at runtime.
STACK_DIRECTION > 0 => grows toward higher addresses
STACK_DIRECTION < 0 => grows toward lower addresses
STACK_DIRECTION = 0 => direction of growth unknown */
#undef STACK_DIRECTION
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define if SunOS */
#undef SUNOS
/* Use SUP_IP6 */
#undef SUP_IP6
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
#undef TIME_WITH_SYS_TIME
/* Module version */
#undef VERSION
/* Define if words are big endian */
#undef WORDS_BIGENDIAN
/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
#define below would cause a syntax error. */
#undef _UINT32_T
/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
#define below would cause a syntax error. */
#undef _UINT8_T
/* Define to rpl_malloc if the replacement function should be used. */
#undef malloc
/* Define to rpl_realloc if the replacement function should be used. */
#undef realloc
/* Define to `unsigned int' if <sys/types.h> does not define. */
#undef size_t
/* Define to the type of an unsigned integer type of width exactly 16 bits if
such a type exists and the standard includes do not define it. */
#undef uint16_t
/* Define to the type of an unsigned integer type of width exactly 32 bits if
such a type exists and the standard includes do not define it. */
#undef uint32_t
/* Define to the type of an unsigned integer type of width exactly 8 bits if
such a type exists and the standard includes do not define it. */
#undef uint8_t

2548
config.log Normal file

File diff suppressed because it is too large Load diff

2032
config.status Executable file

File diff suppressed because it is too large Load diff

282
config.sub vendored
View file

@ -1,38 +1,31 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
# Free Software Foundation, Inc.
# Copyright 1992-2015 Free Software Foundation, Inc.
timestamp='2009-11-20'
timestamp='2015-08-20'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
# can handle that machine. It does not imply ALL GNU software can.
#
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
# 02110-1301, USA.
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# the same distribution terms that you use for the rest of that
# program. This Exception is an additional permission under section 7
# of the GNU General Public License, version 3 ("GPLv3").
# Please send patches to <config-patches@gnu.org>. Submit a context
# diff and a properly formatted GNU ChangeLog entry.
# Please send patches to <config-patches@gnu.org>.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
@ -75,8 +68,7 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
Copyright 1992-2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -123,13 +115,18 @@ esac
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
android-linux)
os=-linux-android
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
;;
*)
basic_machine=`echo $1 | sed 's/-[^-]*$//'`
if [ $basic_machine != $1 ]
@ -152,7 +149,7 @@ case $os in
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-apple | -axis | -knuth | -cray | -microblaze)
-apple | -axis | -knuth | -cray | -microblaze*)
os=
basic_machine=$1
;;
@ -221,6 +218,12 @@ case $os in
-isc*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-lynx*178)
os=-lynxos178
;;
-lynx*5)
os=-lynxos5
;;
-lynx*)
os=-lynxos
;;
@ -245,20 +248,29 @@ case $basic_machine in
# Some are omitted here because they have special meanings below.
1750a | 580 \
| a29k \
| aarch64 | aarch64_be \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
| arc | arceb \
| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
| avr | avr32 \
| ba \
| be32 | be64 \
| bfin \
| c4x | clipper \
| c4x | c8051 | clipper \
| d10v | d30v | dlx | dsp16xx \
| fido | fr30 | frv \
| e2k | epiphany \
| fido | fr30 | frv | ft32 \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| hexagon \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
| k1om \
| le32 | le64 \
| lm32 \
| m32c | m32r | m32rle | m68000 | m68k | m88k \
| maxq | mb | microblaze | mcore | mep | metag \
| maxq | mb | microblaze | microblazeel | mcore | mep | metag \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
@ -272,38 +284,55 @@ case $basic_machine in
| mips64vr5900 | mips64vr5900el \
| mipsisa32 | mipsisa32el \
| mipsisa32r2 | mipsisa32r2el \
| mipsisa32r6 | mipsisa32r6el \
| mipsisa64 | mipsisa64el \
| mipsisa64r2 | mipsisa64r2el \
| mipsisa64r6 | mipsisa64r6el \
| mipsisa64sb1 | mipsisa64sb1el \
| mipsisa64sr71k | mipsisa64sr71kel \
| mipsr5900 | mipsr5900el \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
| moxie \
| mt \
| msp430 \
| nios | nios2 \
| nds32 | nds32le | nds32be \
| nios | nios2 | nios2eb | nios2el \
| ns16k | ns32k \
| or32 \
| open8 | or1k | or1knd | or32 \
| pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
| powerpc | powerpc64 | powerpc64le | powerpcle \
| pyramid \
| rx \
| riscv32 | riscv64 \
| rl78 | rx \
| score \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
| spu | strongarm \
| tahoe | thumb | tic4x | tic80 | tron \
| spu \
| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
| ubicom32 \
| v850 | v850e \
| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
| visium \
| we32k \
| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
| x86 | xc16x | xstormy16 | xtensa \
| z8k | z80)
basic_machine=$basic_machine-unknown
;;
m6811 | m68hc11 | m6812 | m68hc12 | picochip)
# Motorola 68HC11/12.
c54x)
basic_machine=tic54x-unknown
;;
c55x)
basic_machine=tic55x-unknown
;;
c6x)
basic_machine=tic6x-unknown
;;
leon|leon[3-9])
basic_machine=sparc-$basic_machine
;;
m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
basic_machine=$basic_machine-unknown
os=-none
;;
@ -313,6 +342,21 @@ case $basic_machine in
basic_machine=mt-unknown
;;
strongarm | thumb | xscale)
basic_machine=arm-unknown
;;
xgate)
basic_machine=$basic_machine-unknown
os=-none
;;
xscaleeb)
basic_machine=armeb-unknown
;;
xscaleel)
basic_machine=armel-unknown
;;
# We use `pc' rather than `unknown'
# because (1) that's what they normally are, and
# (2) the word "unknown" tends to confuse beginning users.
@ -327,25 +371,32 @@ case $basic_machine in
# Recognize the basic CPU types with company name.
580-* \
| a29k-* \
| aarch64-* | aarch64_be-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \
| ba-* \
| be32-* | be64-* \
| bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
| clipper-* | craynv-* | cydra-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* \
| c8051-* | clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
| e2k-* | elxsi-* \
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| hexagon-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
| k1om-* \
| le32-* | le64-* \
| lm32-* \
| m32c-* | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
| m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
| microblaze-* | microblazeel-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
@ -359,33 +410,43 @@ case $basic_machine in
| mips64vr5900-* | mips64vr5900el-* \
| mipsisa32-* | mipsisa32el-* \
| mipsisa32r2-* | mipsisa32r2el-* \
| mipsisa32r6-* | mipsisa32r6el-* \
| mipsisa64-* | mipsisa64el-* \
| mipsisa64r2-* | mipsisa64r2el-* \
| mipsisa64r6-* | mipsisa64r6el-* \
| mipsisa64sb1-* | mipsisa64sb1el-* \
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
| mipsr5900-* | mipsr5900el-* \
| mipstx39-* | mipstx39el-* \
| mmix-* \
| mt-* \
| msp430-* \
| nios-* | nios2-* \
| nds32-* | nds32le-* | nds32be-* \
| nios-* | nios2-* | nios2eb-* | nios2el-* \
| none-* | np1-* | ns16k-* | ns32k-* \
| open8-* \
| or1k*-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pyramid-* \
| romp-* | rs6000-* | rx-* \
| riscv32-* | riscv64-* \
| rl78-* | romp-* | rs6000-* | rx-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
| tahoe-* | thumb-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
| tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tile*-* \
| tron-* \
| ubicom32-* \
| v850-* | v850e-* | vax-* \
| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
| vax-* \
| visium-* \
| we32k-* \
| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
| x86-* | x86_64-* | xc16x-* | xps100-* \
| xstormy16-* | xtensa*-* \
| ymp-* \
| z8k-* | z80-*)
@ -460,6 +521,9 @@ case $basic_machine in
basic_machine=i386-pc
os=-aros
;;
asmjs)
basic_machine=asmjs-unknown
;;
aux)
basic_machine=m68k-apple
os=-aux
@ -480,6 +544,15 @@ case $basic_machine in
basic_machine=powerpc-ibm
os=-cnk
;;
c54x-*)
basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
c55x-*)
basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
c6x-*)
basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
c90)
basic_machine=c90-cray
os=-unicos
@ -516,7 +589,7 @@ case $basic_machine in
basic_machine=craynv-cray
os=-unicosmp
;;
cr16)
cr16 | cr16-*)
basic_machine=cr16-unknown
os=-elf
;;
@ -674,7 +747,6 @@ case $basic_machine in
i370-ibm* | ibm*)
basic_machine=i370-ibm
;;
# I'm not sure what "Sysv32" means. Should this be sysv3.2?
i*86v32)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv32
@ -713,6 +785,9 @@ case $basic_machine in
basic_machine=m68k-isi
os=-sysv
;;
leon-*|leon[3-9]-*)
basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'`
;;
m68knommu)
basic_machine=m68k-unknown
os=-linux
@ -732,11 +807,15 @@ case $basic_machine in
basic_machine=ns32k-utek
os=-sysv
;;
microblaze)
microblaze*)
basic_machine=microblaze-xilinx
;;
mingw64)
basic_machine=x86_64-pc
os=-mingw64
;;
mingw32)
basic_machine=i386-pc
basic_machine=i686-pc
os=-mingw32
;;
mingw32ce)
@ -764,6 +843,10 @@ case $basic_machine in
basic_machine=powerpc-unknown
os=-morphos
;;
moxiebox)
basic_machine=moxie-unknown
os=-moxiebox
;;
msdos)
basic_machine=i386-pc
os=-msdos
@ -771,10 +854,18 @@ case $basic_machine in
ms1-*)
basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
;;
msys)
basic_machine=i686-pc
os=-msys
;;
mvs)
basic_machine=i370-ibm
os=-mvs
;;
nacl)
basic_machine=le32-unknown
os=-nacl
;;
ncr3000)
basic_machine=i486-ncr
os=-sysv4
@ -839,6 +930,12 @@ case $basic_machine in
np1)
basic_machine=np1-gould
;;
neo-tandem)
basic_machine=neo-tandem
;;
nse-tandem)
basic_machine=nse-tandem
;;
nsr-tandem)
basic_machine=nsr-tandem
;;
@ -921,9 +1018,10 @@ case $basic_machine in
;;
power) basic_machine=power-ibm
;;
ppc) basic_machine=powerpc-unknown
ppc | ppcbe) basic_machine=powerpc-unknown
;;
ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
ppc-* | ppcbe-*)
basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
basic_machine=powerpcle-unknown
@ -948,7 +1046,11 @@ case $basic_machine in
basic_machine=i586-unknown
os=-pw32
;;
rdos)
rdos | rdos64)
basic_machine=x86_64-pc
os=-rdos
;;
rdos32)
basic_machine=i386-pc
os=-rdos
;;
@ -1017,6 +1119,9 @@ case $basic_machine in
basic_machine=i860-stratus
os=-sysv4
;;
strongarm-* | thumb-*)
basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
sun2)
basic_machine=m68000-sun
;;
@ -1073,20 +1178,8 @@ case $basic_machine in
basic_machine=t90-cray
os=-unicos
;;
tic54x | c54x*)
basic_machine=tic54x-unknown
os=-coff
;;
tic55x | c55x*)
basic_machine=tic55x-unknown
os=-coff
;;
tic6x | c6x*)
basic_machine=tic6x-unknown
os=-coff
;;
tile*)
basic_machine=tile-unknown
basic_machine=$basic_machine-unknown
os=-linux-gnu
;;
tx39)
@ -1156,6 +1249,9 @@ case $basic_machine in
xps | xps100)
basic_machine=xps100-honeywell
;;
xscale-* | xscalee[bl]-*)
basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
;;
ymp)
basic_machine=ymp-cray
os=-unicos
@ -1281,28 +1377,29 @@ case $os in
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
| -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
| -sym* | -kopensolaris* \
| -sym* | -kopensolaris* | -plan9* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
| -aos* | -aros* \
| -aos* | -aros* | -cloudabi* | -sortix* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
| -openbsd* | -solidbsd* \
| -bitrig* | -openbsd* | -solidbsd* \
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* | -cegcc* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* \
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
| -linux-newlib* | -linux-musl* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@ -1426,15 +1523,14 @@ case $os in
-aros*)
os=-aros
;;
-kaos*)
os=-kaos
;;
-zvmoe)
os=-zvmoe
;;
-dicos*)
os=-dicos
;;
-nacl*)
;;
-none)
;;
*)
@ -1475,6 +1571,21 @@ case $basic_machine in
c4x-* | tic4x-*)
os=-coff
;;
c8051-*)
os=-elf
;;
hexagon-*)
os=-elf
;;
tic54x-*)
os=-coff
;;
tic55x-*)
os=-coff
;;
tic6x-*)
os=-coff
;;
# This must come before the *-dec entry.
pdp10-*)
os=-tops20
@ -1493,9 +1604,6 @@ case $basic_machine in
;;
m68000-sun)
os=-sunos3
# This also exists in the configure program, but was not the
# default.
# os=-sunos4
;;
m68*-cisco)
os=-aout

5047
configure vendored

File diff suppressed because it is too large Load diff

5
correlation.c Normal file → Executable file
View file

@ -239,7 +239,7 @@ __AI_correlated_alerts_to_json ()
for ( pkt_iterator = alert_iterator->stream; pkt_iterator; pkt_iterator = pkt_iterator->next )
{
encoded_pkt = NULL;
pkt_len = pkt_iterator->pkt->pcap_header->len + pkt_iterator->pkt->payload_size;
pkt_len = pkt_iterator->pkt->pcap_header->caplen + pkt_iterator->pkt->payload_size;
if ( !( encoded_pkt = (char*) calloc ( 4*pkt_len + 1, sizeof ( char ))))
{
@ -305,7 +305,7 @@ __AI_correlated_alerts_to_json ()
{
if ( !pkt_iterator->pkt->ip4_header )
{
pkt_len = pkt_iterator->pkt->pcap_header->len +
pkt_len = pkt_iterator->pkt->pcap_header->caplen +
pkt_iterator->pkt->tcp_options_length +
pkt_iterator->pkt->payload_size;
} else {
@ -754,4 +754,3 @@ AI_alert_correlation_thread ( void *arg )
} /* ----- end of function AI_alert_correlation_thread ----- */
/** @} */

5
db.h Normal file → Executable file
View file

@ -52,8 +52,8 @@
const char* DB_do_error();
const char* DB_do_out_error();
BOOL DB_is_gone();
BOOL DB_is_out_gone();
bool DB_is_gone();
bool DB_is_out_gone();
#endif
#ifdef HAVE_LIBPQ
@ -100,4 +100,3 @@
#endif
#endif

5
include/bitop.h Normal file → Executable file
View file

@ -3,7 +3,8 @@
**
** bitopt.c
**
** Copyright (C) 2002-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2002-2013 Sourcefire, Inc.
** Dan Roelker <droelker@sourcefire.com>
** Marc Norton <mnorton@sourcefire.com>
**
@ -20,7 +21,7 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**
** NOTES
** 5.15.02 - Initial Source Code. Norton/Roelker

14
include/cpuclock.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/*
** Copyright (C) 2006-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2006-2013 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
@ -14,19 +15,12 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifndef CPU_CLOCK_TICKS_H
#define CPU_CLOCK_TICKS_H
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "debug.h"
#include "sf_types.h" /* for uint64_t */
/* Assembly to find clock ticks. */
#ifdef WIN32
#include <windows.h>
@ -116,7 +110,7 @@ __inline void __cputicks_msc(uint64_t *val)
#endif /* I386 || AMD64 || X86_64 */
#endif /* WIN32 */
static INLINE double get_ticks_per_usec (void)
static inline double get_ticks_per_usec (void)
{
uint64_t start = 0, end = 0;
get_clockticks(start);

18
include/event.h Normal file → Executable file
View file

@ -1,6 +1,7 @@
/* $Id$ */
/*
** Copyright (C) 2002-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2002-2013 Sourcefire, Inc.
** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
@ -16,28 +17,24 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/* D E F I N E S ************************************************************/
#ifndef __EVENT_H__
#define __EVENT_H__
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef OSF1
#include <sys/bitypes.h>
#endif
#include <sys/types.h>
#ifndef WIN32
#include <sys/time.h>
#endif
#include "pcap_pkthdr32.h"
#if defined(FEAT_OPEN_APPID)
#define MAX_EVENT_APPNAME_LEN 64
#endif /* defined(FEAT_OPEN_APPID) */
typedef struct _Event
{
uint32_t sig_generator; /* which part of snort generated the alert? */
@ -51,6 +48,9 @@ typedef struct _Event
*/
struct sf_timeval32 ref_time; /* reference time for the event reference */
#if defined(FEAT_OPEN_APPID)
char app_name[MAX_EVENT_APPNAME_LEN];
#endif /* defined(FEAT_OPEN_APPID) */
/* Don't add to this structure because this is the serialized data
* struct for unified logging.
*/

692
include/file_api.h Executable file
View file

@ -0,0 +1,692 @@
/*
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* ** Copyright (C) 2012-2013 Sourcefire, Inc.
* ** AUTHOR: Hui Cao
* **
* ** This program is free software; you can redistribute it and/or modify
* ** it under the terms of the GNU General Public License Version 2 as
* ** published by the Free Software Foundation. You may not use, modify or
* ** distribute this program under any other version of the GNU General
* ** Public License.
* **
* ** This program is distributed in the hope that it will be useful,
* ** but WITHOUT ANY WARRANTY; without even the implied warranty of
* ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* ** GNU General Public License for more details.
* **
* ** You should have received a copy of the GNU General Public License
* ** along with this program; if not, write to the Free Software
* ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* */
/* file_api.h
*
* Purpose: Definition of the FileAPI. To be used as a common interface
* for file process access for other preprocessors and detection
* plugins.
*
* Author(s): Hui Cao <hcao@sourcefire.com>
*
* NOTES
* 5.25.12 - Initial Source Code. Hcao
*/
#ifndef FILE_API_H_
#define FILE_API_H_
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <sys/types.h>
#include "sfPolicy.h"
#define ENABLE_FILE_TYPE_IDENTIFICATION 0x1
#define ENABLE_FILE_SIGNATURE_SHA256 0x2
#define ENABLE_FILE_CAPTURE 0x4
#define FILE_ALL_ON 0xFFFFFFFF
#define FILE_ALL_OFF 0x00000000
#define MAX_FILE 1024
#define MAX_EMAIL 1024
#define MAX_UNICODE_FILE_NAME 1024
#define FILE_RESUME_BLOCK 0x01
#define FILE_RESUME_LOG 0x02
/*
* Generator id. Define here the same as the official register
* in generators.h
*/
#define GENERATOR_FILE_TYPE 146
#define GENERATOR_FILE_SIGNATURE 147
#define FILE_SIGNATURE_SHA256 1
#define FILE_SIGNATURE_SHA256_STR "(file) malware detected"
typedef enum _File_Verdict
{
FILE_VERDICT_UNKNOWN = 0,
FILE_VERDICT_LOG,
FILE_VERDICT_STOP,
FILE_VERDICT_BLOCK,
FILE_VERDICT_REJECT,
FILE_VERDICT_PENDING,
FILE_VERDICT_STOP_CAPTURE,
FILE_VERDICT_MAX
} File_Verdict;
typedef enum _FilePosition
{
SNORT_FILE_POSITION_UNKNOWN,
SNORT_FILE_START,
SNORT_FILE_MIDDLE,
SNORT_FILE_END,
SNORT_FILE_FULL
} FilePosition;
typedef enum _FileCaptureState
{
FILE_CAPTURE_SUCCESS = 0,
FILE_CAPTURE_MIN, /*smaller than file capture min*/
FILE_CAPTURE_MAX, /*larger than file capture max*/
FILE_CAPTURE_MEMCAP, /*memcap reached, no more file buffer*/
FILE_CAPTURE_FAIL /*Other file capture failures*/
} FileCaptureState;
typedef enum _FileSigState
{
FILE_SIG_PROCESSING = 0,
FILE_SIG_DEPTH_FAIL, /*larger than file signature depth*/
FILE_SIG_DONE
} FileSigState;
typedef enum _FileProcessType
{
SNORT_FILE_TYPE_ID,
SNORT_FILE_SHA256,
SNORT_FILE_CAPTURE
} FileProcessType;
typedef struct _FileState
{
FileCaptureState capture_state;
FileSigState sig_state;
} FileState;
typedef struct _FileCacheStatus
{
uint64_t prunes; /* number of file entries pruned due to memcap*/
uint64_t segment_mem_in_use; /* memory used currently */
uint64_t segment_mem_in_use_max; /* Maximal memory usage */
} FileCacheStatus;
struct s_MAIL_LogState;
struct _DecodeConfig;
struct s_MAIL_LogConfig;
struct _MimeDataPafInfo;
struct _MimeState;
struct _FileCaptureInfo;
typedef struct _FileCaptureInfo FileCaptureInfo;
struct _SnortConfig;
struct _FileContext;
struct _FileCache;
typedef struct _FileSession
{
struct _FileContext *current_context;
struct _FileContext *main_context;
struct _FileContext *pending_context;
uint32_t max_file_id;
struct _FileCache *file_cache;
uint64_t file_id;
} FileSession;
#define FILE_API_VERSION 4
#define DEFAULT_FILE_ID 0
typedef uint32_t (*File_policy_callback_func) (void* ssnptr, int16_t app_id, bool upload);
typedef File_Verdict (*File_type_callback_func) (void* p, void* ssnptr,
uint32_t file_type_id, bool upload, uint32_t file_id);
typedef File_Verdict (*File_signature_callback_func) (void* p, void* ssnptr,
uint8_t* file_sig, uint64_t file_size, FileState *state, bool upload,
uint32_t file_id);
typedef void (*Log_file_action_func) (void* ssnptr, int action);
typedef int (*File_process_func)( void* p, uint8_t* file_data, int data_size, FilePosition position,
bool upload, bool suspend_block_verdict);
typedef int (*Get_file_name_func) (void* ssnptr, uint8_t **file_name, uint32_t *name_len);
typedef uint64_t (*Get_file_size_func) (void* ssnptr);
typedef bool (*Get_file_direction_func) (void* ssnptr);
typedef uint8_t *(*Get_file_sig_sha256_func) (void* ssnptr);
typedef void (*Set_file_name_func) (void* ssnptr, uint8_t *, uint32_t, bool);
typedef void (*Set_file_direction_func) (void* ssnptr, bool);
typedef int64_t (*Get_file_depth_func) (void);
typedef void (*Set_file_policy_func)(File_policy_callback_func);
typedef void (*Enable_file_type_func)(File_type_callback_func);
typedef void (*Enable_file_signature_func)(File_signature_callback_func);
typedef void (*Enable_file_capture_func)(File_signature_callback_func);
typedef void (*Set_file_action_log_func)(Log_file_action_func);
typedef int (*Set_log_buffers_func)(struct s_MAIL_LogState **log_state, struct s_MAIL_LogConfig *conf, void *mempool);
typedef void* (*Init_mime_mempool_func)(int max_mime_mem, int max_depth, void *mempool, const char *preproc_name);
typedef void* (*Init_log_mempool_func)(uint32_t email_hdrs_log_depth, uint32_t memcap, void *mempool, const char *preproc_name);
typedef int (*File_resume_block_add_file_func)(void *pkt, uint32_t file_sig,
uint32_t timeout, File_Verdict verdict, uint32_t file_type_id, uint8_t *signature);
typedef File_Verdict (*File_resume_block_check_func)(void *pkt, uint32_t file_sig);
typedef uint32_t (*Str_to_hash_func)(uint8_t *str, int length );
typedef void (*File_signature_lookup_func)(void* p, bool is_retransmit);
typedef void (*Set_mime_decode_config_defaults_func)(struct _DecodeConfig *decode_conf);
typedef void (*Set_mime_log_config_defaults_func)(struct s_MAIL_LogConfig *log_config);
typedef int (*Parse_mime_decode_args_func)(struct _DecodeConfig *decode_conf, char *arg, const char *preproc_name);
typedef const uint8_t * (*Process_mime_data_func)(void *packet, const uint8_t *start, const uint8_t *end,
struct _MimeState *mime_ssn, bool upload, bool paf_enabled);
typedef void (*Free_mime_session_func)(struct _MimeState *mime_ssn);
typedef bool (*Is_decoding_enabled_func)(struct _DecodeConfig *decode_conf);
typedef bool (*Is_decoding_conf_changed_func)(struct _DecodeConfig *configNext, struct _DecodeConfig *config, const char *preproc_name);
typedef bool (*Check_decoding_conf_func)(struct _DecodeConfig *configNext, struct _DecodeConfig *config, const char *preproc_name);
typedef bool (*Is_mime_log_enabled_func)(struct s_MAIL_LogConfig *log_config);
typedef void (*Finalize_mime_position_func)(void *ssnptr, void *decode_state, FilePosition *position);
typedef File_Verdict (*Get_file_verdict_func)(void *ssnptr);
typedef void (*Render_block_verdict_func)(void *ctx, void *p);
typedef FileCaptureState (*Reserve_file_func)(void *ssnptr, FileCaptureInfo **file_mem);
typedef void* (*Get_file_func)(FileCaptureInfo *file_mem, uint8_t **buff, int *size);
typedef void (*Release_file_func)(FileCaptureInfo *data);
typedef size_t (*File_capture_size_func)(FileCaptureInfo *file_mem);
typedef bool (*Is_file_service_enabled)(void);
typedef bool (*Check_paf_abort_func)(void* ssn);
typedef void (*Update_file_name_func) (struct s_MAIL_LogState *log_state);
typedef FilePosition (*GetFilePosition)(void *pkt);
typedef void (*Reset_mime_paf_state_func)(struct _MimeDataPafInfo *data_info);
/* Process data boundary and flush each file based on boundary*/
typedef bool (*Process_mime_paf_data_func)(struct _MimeDataPafInfo *data_info, uint8_t data);
typedef bool (*Check_data_end_func)(void *end_state, uint8_t data);
typedef uint32_t (*Get_file_type_id)(void *);
typedef uint32_t (*Get_new_file_instance)(void *);
/*Context based file process functions*/
typedef struct _FileContext* (*Create_file_context_func)(void *ssnptr);
typedef void (*Init_file_context_func)(void *ssnptr, bool upload, struct _FileContext *ctx);
typedef struct _FileContext* (*Get_file_context_func)(void *ssnptr);
typedef bool (*Set_file_context_func)(void *ssnptr, struct _FileContext *ctx);
typedef int (*Process_file_func)( struct _FileContext *ctx, void *p,
uint8_t *file_data, int data_size, FilePosition position,
bool suspend_block_verdict);
typedef void *(*File_cache_update_entry_func) (struct _FileCache *fileCache, void* p, uint64_t file_id,
uint8_t *file_name, uint32_t file_name_size, uint64_t file_size);
typedef int (*File_segment_process_func)( struct _FileCache *fileCache, void* p, uint64_t file_id,
uint64_t file_size, const uint8_t* file_data, int data_size, uint64_t offset,
bool upload);
typedef struct _FileCache * (*File_cache_create_func)(uint64_t memcap, uint32_t cleanup_files);
typedef void (*File_cache_free_func)(struct _FileCache *fileCache);
typedef FileCacheStatus * (*File_cache_status_func)(struct _FileCache *fileCache);
typedef int64_t (*Get_max_file_capture_size)(void *ssn);
typedef struct _file_api
{
int version;
/* Check if file type id is enabled.
*
* Arguments: None
*
* Returns:
* (bool) true file processing is enabled
* (bool) false file processing is disabled
*/
Is_file_service_enabled is_file_service_enabled;
/* File process function, called by preprocessors that provides file data
*
* Arguments:
* void* p: packet pointer
* uint8_t* file_data: file data
* int data_size: file data size
* FilePosition: file position
* bool upload: upload or not
* Returns:
* 1: continue processing/log/block this file
* 0: ignore this file (no further processing needed)
*/
File_process_func file_process;
/*-----File property functions--------*/
/* Get file name and the length of file name
* Note: this is updated after file processing. It will be available
* for file event logging, but might not be available during file type
* callback or file signature callback, because those callbacks are called
* during file processing.
*
* Arguments:
* void* ssnptr: session pointer
* uint8_t **file_name: address for file name to be saved
* uint32_t *name_len: address to save file name length
* Returns
* 1: file name available,
* 0: file name is unavailable
*/
Get_file_name_func get_file_name;
/* Get file size
* Note: this is updated after file processing. It will be available
* for file event logging, but might not be available during file type
* callback or file signature callback, because those callbacks are called
* during file processing.
*
* Arguments:
* void* ssnptr: session pointer
*
* Returns
* uint64_t: file size
* Note: 0 means file size is unavailable
*/
Get_file_size_func get_file_size;
/* Get number of bytes processed
*
* Arguments:
* void* ssnptr: session pointer
*
* Returns
* uint64_t: processed file data size
*/
Get_file_size_func get_file_processed_size;
/* Get file direction
*
* Arguments:
* void* ssnptr: session pointer
*
* Returns
* 1: upload
* 0: download
*/
Get_file_direction_func get_file_direction;
/* Get file signature sha256
*
* Arguments:
* void* ssnptr: session pointer
*
* Returns
* char *: pointer to sha256
* NULL: sha256 is not available
*/
Get_file_sig_sha256_func get_sig_sha256;
/* Set file name and the length of file name
*
* Arguments:
* void* ssnptr: session pointer
* uint8_t *file_name: file name to be saved
* uint32_t name_len: file name length
* bool save_in_context: true if file name is saved in context
* instead of session
* Returns
* None
*/
Set_file_name_func set_file_name;
/* Get file direction
*
* Arguments:
* void* ssnptr: session pointer
* bool:
* 1 - upload
* 0 - download
* Returns
* None
*/
Set_file_direction_func set_file_direction;
/*----------File call backs--------------*/
/* Set file policy callback. This callback is called in the beginning
* of session. This callback will decide whether to do file type ID,
* file signature, or file capture
*
* Arguments:
* File_policy_callback_func
* Returns
* None
*/
Set_file_policy_func set_file_policy_callback;
/* Enable file type ID and set file type callback.
* File type callback is called when file type is identified. Callback
* will return a verdict based on file type
*
* Arguments:
* File_type_callback_func
* Returns
* None
*/
Enable_file_type_func enable_file_type;
/* Enable file signature and set file signature callback.
* File signature callback is called when file signature is calculated.
* Callback will return a verdict based on file signature.
* SHA256 is calculated after file transfer is finished.
*
* Arguments:
* File_signature_callback_func
* Returns
* None
*/
Enable_file_signature_func enable_file_signature;
/* Enable file capture and set file signature callback.
* File signature callback is called when file signature is calculated.
* Callback will return a verdict based on file signature.
* SHA256 is calculated after file transfer is finished.
*
* Note: file signature and file capture will use the same callback, but
* enabled separately.
*
* Arguments:
* File_signature_callback_func
* Returns
* None
*/
Enable_file_signature_func enable_file_capture;
/* Set file action log callback.
* File action log callback is called when file resume is detected.
* It allows file events to be generated for a resumed file download
*
* Arguments:
* Log_file_action_func
* Returns
* None
*/
Set_file_action_log_func set_file_action_log_callback;
/*--------------File configurations-------------*/
/* Get file depth required for all file processings enabled
*
* Arguments:
* None
*
* Returns:
* int64_t: file depth in bytes
*/
Get_file_depth_func get_max_file_depth;
/*--------------Common functions used for MIME processing-------------*/
Set_log_buffers_func set_log_buffers;
Init_mime_mempool_func init_mime_mempool;
Init_log_mempool_func init_log_mempool;
Set_mime_decode_config_defaults_func set_mime_decode_config_defauts;
Set_mime_log_config_defaults_func set_mime_log_config_defauts;
Parse_mime_decode_args_func parse_mime_decode_args;
Process_mime_data_func process_mime_data;
Free_mime_session_func free_mime_session;
Is_decoding_enabled_func is_decoding_enabled;
Is_decoding_conf_changed_func is_decoding_conf_changed;
Check_decoding_conf_func check_decoding_conf;
Is_mime_log_enabled_func is_mime_log_enabled;
Finalize_mime_position_func finalize_mime_position;
Reset_mime_paf_state_func reset_mime_paf_state;
Process_mime_paf_data_func process_mime_paf_data;
Check_data_end_func check_data_end;
Check_paf_abort_func check_paf_abort;
/*--------------Other helper functions-------------*/
File_resume_block_add_file_func file_resume_block_add_file;
File_resume_block_check_func file_resume_block_check;
Str_to_hash_func str_to_hash;
File_signature_lookup_func file_signature_lookup;
Get_file_verdict_func get_file_verdict;
Render_block_verdict_func render_block_verdict;
/*
* Preserve the file in memory until it is released
* This function must be called in packet processing thread
* Arguments:
* void *ssnptr: session pointer
* void **file_mem: the pointer to store the memory block
* that stores file and its metadata.
* It will set NULL if no memory or fail to store
*
* Returns:
* FileCaptureState:
* FILE_CAPTURE_SUCCESS = 0,
* FILE_CAPTURE_MIN,
* FILE_CAPTURE_MAX,
* FILE_CAPTURE_MEMCAP,
* FILE_CAPTURE_FAIL
*/
Reserve_file_func reserve_file;
/*
* Get the file that is reserved in memory. To get a full file,
* this function must be called iteratively until NULL is returned
* This function can be called in out of band thread
*
* Arguments:
* void *file_mem: the memory block working on
* uint8_t **buff: address to store buffer address
* int *size: address to store size of file
*
* Returns:
* the next memory block
* If NULL: no memory or fail to get file
*/
Get_file_func read_file;
/*
* Get the file size captured in the file buffer
* This function can be called in out of band thread
*
* Arguments:
* void *file_mem: the first memory block of file buffer
*
* Returns:
* the size of file
* If 0: no memory or fail to read file
*/
File_capture_size_func get_file_capture_size;
/*
* Release the file that is reserved in memory.
* This function can be called in out of band thread.
*
* Arguments:
* void *data: the memory block that stores file and its metadata
*
* Returns:
* None
*/
Release_file_func release_file;
/* Return the file rule id associated with a session.
*
* Arguments:
* void *ssnptr: session pointer
*
* Returns:
* (u32) file-rule id on session; FILE_TYPE_UNKNOWN otherwise.
*/
Get_file_type_id get_file_type_id;
/* Create a file context to use
*
* Arguments:
* void* ssnptr: session pointer
* Returns:
* FileContext *: file context created.
*/
Create_file_context_func create_file_context;
/* Intialize a file context
*
* Arguments:
* void* ssnptr: session pointer
* Returns:
* FileContext *: file context.
*/
Init_file_context_func init_file_context;
/* Set file context to be the current
*
* Arguments:
* void* ssnptr: session pointer
* FileContext *: file context that will be current
* Returns:
* True: changed successfully
* False: fail to change
*/
Set_file_context_func set_current_file_context;
/* Get current file context
*
* Arguments:
* void* ssnptr: session pointer
* Returns:
* FileContext *: current file context
*/
Get_file_context_func get_current_file_context;
/* Get main file context that used by preprocessors
*
* Arguments:
* void* ssnptr: session pointer
* Returns:
* FileContext *: main file context
*/
Get_file_context_func get_main_file_context;
/* Process file function, called by preprocessors that provides file data
*
* Arguments:
* void* ctx: file context that will be processed
* void* p: packet pointer
* uint8_t* file_data: file data
* int data_size: file data size
* FilePosition: file position
* bool suspend_block_verdict: used for smb to allow file pass
* Returns:
* 1: continue processing/log/block this file
* 0: ignore this file (no further processing needed)
*/
Process_file_func process_file;
/* Create the file cache that store file segments and properties.
*
* Arguments:
* uint64_t: total memory available for file cache, including file contexts
* uint32_t: maximal number of files pruned when memcap is reached
* Returns:
* struct _FileCache *: file cache pointer
*/
File_cache_create_func file_cache_create;
/* Free the file cache that store file segments and properties.
*
* Arguments:
* struct _FileCache *: file cache pointer
* Returns:
* None
*/
File_cache_free_func file_cache_free;
/* Get the status of file cache for troubleshooting.
*
* Arguments:
* struct _FileCache *: file cache pointer
* Returns:
* FileCacheStatus *: status of file cache
*/
File_cache_status_func file_cache_status;
/* Get a new file entry in the file cache, if already exists, update file name
*
* Arguments:
* struct _FileCache *: file cache that stores file segments
* void* : packet pointer
* uint64_t: file id that is unique
* uint8_t *: file name
* uint32_t: file name size
* Returns:
* None
*/
File_cache_update_entry_func file_cache_update_entry;
/* Process file segment, when file segment is in order, file data will be
* processed; otherwise it is stored.
*
* Arguments:
* struct _FileCache *: file cache that stores file segments
* void* : packet pointer
* uint64_t: file id that is unique
* uint64_t: total file size,
* const uint8_t*: file data
* int: file data size
* uint64_t: file data offset in the file
* bool: true for upload, false for download
* Returns:
* 1: continue processing/log/block this file
* 0: ignore this file (no further processing needed)
*/
File_segment_process_func file_segment_process;
/* Return a unique file instance number
*
* Arguments:
* void *ssnptr: session pointer
* Returns:
* (u32) a unique file instance id.
*/
Get_new_file_instance get_new_file_instance;
GetFilePosition get_file_position;
Get_max_file_capture_size get_max_file_capture_size;
} FileAPI;
/* To be set by Stream */
extern FileAPI *file_api;
static inline void initFilePosition(FilePosition *position,
uint64_t processed_size)
{
*position = SNORT_FILE_START;
if (processed_size)
*position = SNORT_FILE_MIDDLE;
}
static inline void updateFilePosition(FilePosition *position,
uint64_t processed_size)
{
if ((*position == SNORT_FILE_END) || (*position == SNORT_FILE_FULL))
*position = SNORT_FILE_START;
else if (processed_size)
*position = SNORT_FILE_MIDDLE;
}
static inline void finalFilePosition(FilePosition *position)
{
if (*position == SNORT_FILE_START)
*position = SNORT_FILE_FULL;
else if (*position != SNORT_FILE_FULL)
*position = SNORT_FILE_END;
}
static inline bool isFileStart(FilePosition position)
{
return ((position == SNORT_FILE_START) || (position == SNORT_FILE_FULL));
}
static inline bool isFileEnd(FilePosition position)
{
return ((position == SNORT_FILE_END) || (position == SNORT_FILE_FULL));
}
#endif /* FILE_API_H_ */

28
include/idle_processing.h Executable file
View file

@ -0,0 +1,28 @@
/****************************************************************************
*
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2011-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
#ifndef _IDLE_PROCESSING_H
#define _IDLE_PROCESSING_H
typedef void (*IdleProcessingHandler)(void);
#endif /* _IDLE_PROCESSING_H */

166
include/ipv6_port.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/*
** Copyright (C) 2007-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2007-2013 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
@ -14,24 +15,19 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifndef IPV6_PORT_H
#define IPV6_PORT_H
#include "sf_types.h"
#include "debug.h"
#include "snort_debug.h"
/* ///////////////// */
/*****************/
/* IPv6 and IPv4 */
#ifdef SUP_IP6
#include "sf_ip.h"
typedef sfip_t snort_ip;
typedef sfip_t *snort_ip_p;
#define IpAddrNode sfip_node_t
#define IpAddrSet sfip_var_t
#define IpAddrSetContains(x,y) sfvar_ip_in(x, y)
@ -42,43 +38,46 @@ typedef sfip_t *snort_ip_p;
#endif
#define inet_ntoa sfip_ntoa
#define GET_SRC_IP(p) (p->iph_api->iph_ret_src(p))
#define GET_DST_IP(p) (p->iph_api->iph_ret_dst(p))
#define GET_SRC_IP(p) ((p)->iph_api->iph_ret_src(p))
#define GET_DST_IP(p) ((p)->iph_api->iph_ret_dst(p))
#define GET_ORIG_SRC(p) (p->orig_ipv4h_api->orig_iph_ret_src(p))
#define GET_ORIG_DST(p) (p->orig_ipv4h_api->orig_iph_ret_dst(p))
#define GET_ORIG_SRC(p) ((p)->orig_ipv4h_api->orig_iph_ret_src(p))
#define GET_ORIG_DST(p) ((p)->orig_ipv4h_api->orig_iph_ret_dst(p))
/* These are here for backwards compatibility */
#define GET_SRC_ADDR(x) GET_SRC_IP(x)
#define GET_DST_ADDR(x) GET_DST_IP(x)
#define IP_EQUALITY(x,y) (sfip_compare(x,y) == SFIP_EQUAL)
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset(x,y) == SFIP_EQUAL)
#define IP_LESSER(x,y) (sfip_compare(x,y) == SFIP_LESSER)
#define IP_GREATER(x,y) (sfip_compare(x,y) == SFIP_GREATER)
#define IP_EQUALITY(x,y) (sfip_compare((x),(y)) == SFIP_EQUAL)
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset((x),(y)) == SFIP_EQUAL)
#define IP_LESSER(x,y) (sfip_compare((x),(y)) == SFIP_LESSER)
#define IP_GREATER(x,y) (sfip_compare((x),(y)) == SFIP_GREATER)
#define GET_IPH_TOS(p) p->iph_api->iph_ret_tos(p)
#define GET_IPH_LEN(p) p->iph_api->iph_ret_len(p)
#define GET_IPH_TTL(p) p->iph_api->iph_ret_ttl(p)
#define GET_IPH_ID(p) p->iph_api->iph_ret_id(p)
#define GET_IPH_OFF(p) p->iph_api->iph_ret_off(p)
#define GET_IPH_VER(p) p->iph_api->iph_ret_ver(p)
#define GET_IPH_PROTO(p) p->iph_api->iph_ret_proto(p)
#define IS_IP4(x) ((x)->family == AF_INET)
#define IS_IP6(x) ((x)->family == AF_INET6)
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h_api->orig_iph_ret_proto(p)
#define GET_ORIG_IPH_VER(p) p->orig_ipv4h_api->orig_iph_ret_ver(p)
#define GET_ORIG_IPH_LEN(p) p->orig_ipv4h_api->orig_iph_ret_len(p)
#define GET_ORIG_IPH_OFF(p) p->orig_ipv4h_api->orig_iph_ret_off(p)
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h_api->orig_iph_ret_proto(p)
#define IS_OUTER_IP4(x) ((x)->outer_family == AF_INET)
#define IS_OUTER_IP6(x) ((x)->outer_family == AF_INET6)
#define GET_IPH_TOS(p) (p)->iph_api->iph_ret_tos(p)
#define GET_IPH_LEN(p) (p)->iph_api->iph_ret_len(p)
#define GET_IPH_TTL(p) (p)->iph_api->iph_ret_ttl(p)
#define GET_IPH_ID(p) (p)->iph_api->iph_ret_id(p)
#define GET_IPH_OFF(p) (p)->iph_api->iph_ret_off(p)
#define GET_IPH_VER(p) (p)->iph_api->iph_ret_ver(p)
#define GET_IPH_PROTO(p) ((uint8_t)(IS_IP6(p) ? ((p)->ip6h->next) : ((p)->iph_api->iph_ret_proto(p))))
#define GET_ORIG_IPH_PROTO(p) (p)->orig_ipv4h_api->orig_iph_ret_proto(p)
#define GET_ORIG_IPH_VER(p) (p)->orig_ipv4h_api->orig_iph_ret_ver(p)
#define GET_ORIG_IPH_LEN(p) (p)->orig_ipv4h_api->orig_iph_ret_len(p)
#define GET_ORIG_IPH_OFF(p) (p)->orig_ipv4h_api->orig_iph_ret_off(p)
#define IS_IP4(x) (x->family == AF_INET)
#define IS_IP6(x) (x->family == AF_INET6)
/* XXX make sure these aren't getting confused with sfip_is_valid within the code */
#define IPH_IS_VALID(p) iph_is_valid(p)
#define IP_CLEAR(x) x.bits = x.family = x.ip32[0] = x.ip32[1] = x.ip32[2] = x.ip32[3] = 0;
#define IP_CLEAR(x) (x).family = (x).ia32[0] = (x).ia32[1] = (x).ia32[2] = (x).ia32[3] = 0;
#define IS_SET(x) sfip_is_set(&x)
#define IP_IS_SET(x) sfip_is_set(&x)
/* This loop trickery is intentional. If each copy is performed
* individually on each field, then the following expression gets broken:
@ -88,17 +87,9 @@ typedef sfip_t *snort_ip_p;
* If the macro is instead enclosed in braces, then having a semicolon
* trailing the macro causes compile breakage.
* So: use loop. */
#define IP_COPY_VALUE(x,y) \
do { \
x.bits = y->bits; \
x.family = y->family; \
x.ip32[0] = y->ip32[0]; \
x.ip32[1] = y->ip32[1]; \
x.ip32[2] = y->ip32[2]; \
x.ip32[3] = y->ip32[3]; \
} while(0)
#define IP_COPY_VALUE(dst, src) sfip_set_ip(&(dst), src)
#define GET_IPH_HLEN(p) (p->iph_api->iph_ret_hlen(p))
#define GET_IPH_HLEN(p) ((p)->iph_api->iph_ret_hlen(p))
#define SET_IPH_HLEN(p, val)
#define GET_IP_DGMLEN(p) IS_IP6(p) ? (ntohs(GET_IPH_LEN(p)) + (GET_IPH_HLEN(p) << 2)) : ntohs(GET_IPH_LEN(p))
@ -107,95 +98,18 @@ typedef sfip_t *snort_ip_p;
#define IP_ARG(ipt) (&ipt)
#define IP_PTR(ipp) (ipp)
#define IP_VAL(ipt) (*ipt)
#define IP_SIZE(ipp) (sfip_size(ipp))
static INLINE int sfip_equal (snort_ip* ip1, snort_ip* ip2)
#define GET_INNER_SRC_IP(p) (IS_IP6(p) ? (&((p)->inner_ip6h.ip_addrs->ip_src)):(&((p)->inner_ip4h.ip_addrs->ip_src)))
#define GET_INNER_DST_IP(p) (IS_IP6(p) ? (&((p)->inner_ip6h.ip_addrs->ip_dst)):(&((p)->inner_ip4h.ip_addrs->ip_dst)))
#define GET_OUTER_SRC_IP(p) (IS_OUTER_IP6(p) ? (&((p)->outer_ip6h.ip_addrs->ip_src)):(&((p)->outer_ip4h.ip_addrs->ip_src)))
#define GET_OUTER_DST_IP(p) (IS_OUTER_IP6(p) ? (&((p)->outer_ip6h.ip_addrs->ip_dst)):(&((p)->outer_ip4h.ip_addrs->ip_dst)))
#if 0
static inline int sfip_equal (sfaddr_t* ip1, sfaddr_t* ip2)
{
if ( ip1->family != ip2->family )
{
return 0;
}
if ( ip1->family == AF_INET )
{
return _ip4_cmp(ip1->ip32[0], ip2->ip32[0]) == SFIP_EQUAL;
}
if ( ip1->family == AF_INET6 )
{
return _ip6_cmp(ip1, ip2) == SFIP_EQUAL;
}
return 0;
}
#else
/* ///////////// */
/* IPv4 only */
#include <sys/types.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
typedef u_int32_t snort_ip; /* 32 bits only -- don't use unsigned long */
typedef u_int32_t snort_ip_p; /* 32 bits only -- don't use unsigned long */
#define IP_SRC_EQUALITY(x,y) (x->ip_addr == (y->ip4_header->source.s_addr & x->netmask))
#define IP_DST_EQUALITY(x,y) (x->ip_addr == (y->ip4_header->destination.s_addr & x->netmask))
#define GET_SRC_IP(x) x->ip4_header->source.s_addr
#define GET_DST_IP(x) x->ip4_header->destination.s_addr
#define GET_ORIG_SRC(p) (p->orig_ipv4h->ip_src.s_addr)
#define GET_ORIG_DST(p) (p->orig_ipv4h->ip_dst.s_addr)
#define GET_SRC_ADDR(x) x->ip4_header->source
#define GET_DST_ADDR(x) x->ip4_header->destination
#define IP_CLEAR_SRC(x) x->ip4_header->source.s_addr = 0
#define IP_CLEAR_DST(x) x->ip4_header->destination.s_addr = 0
#define IP_EQUALITY(x,y) (x == y)
#define IP_EQUALITY_UNSET(x,y) (x == y)
#define IP_LESSER(x,y) (x < y)
#define IP_GREATER(x,y) (x > y)
#define GET_IPH_PROTO(p) p->ip4_header->proto
#define GET_IPH_TOS(p) p->ip4_header->type_service
#define GET_IPH_LEN(p) p->ip4_header->data_length
#define GET_IPH_TTL(p) p->ip4_header->time_to_live
#define GET_IPH_VER(p) ((p->ip4_header->version_headerlength & 0xf0) >> 4)
#define GET_IPH_ID(p) p->ip4_header->identifier
#define GET_IPH_OFF(p) p->ip4_header->offset
#define GET_ORIG_IPH_VER(p) IP_VER(p->orig_ipv4h)
#define GET_ORIG_IPH_LEN(p) p->orig_ipv4h->data_length
#define GET_ORIG_IPH_OFF(p) p->orig_ipv4h->offset
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h->proto
#define IS_IP4(x) 1
#define IS_IP6(x) 0
#define IPH_IS_VALID(p) p->ip4_header
#define IP_CLEAR(x) x = 0;
#define IS_SET(x) x
#define IP_COPY_VALUE(x,y) x = y
#define GET_IPH_HLEN(p) ((p)->ip4_header->version_headerlength & 0x0f)
#define SET_IPH_HLEN(p, val) (((IPHdr *)(p)->iph)->version_headerlength = (unsigned char)(((p)->ip4_header->ip_verhl & 0xf0) | ((val) & 0x0f)))
#define GET_IP_DGMLEN(p) ntohs(GET_IPH_LEN(p))
#define GET_IP_PAYLEN(p) ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2)
#define IP_ARG(ipt) (ipt)
#define IP_PTR(ipp) (&ipp)
#define IP_VAL(ipt) (ipt)
#define IP_SIZE(ipp) (sizeof(ipp))
static INLINE int sfip_equal (snort_ip ip1, snort_ip ip2)
{
return IP_EQUALITY(ip1, ip2);
}
#endif /* SUP_IP6 */
#if !defined(IPPROTO_IPIP) && defined(WIN32) /* Needed for some Win32 */
#define IPPROTO_IPIP 4

166
include/ipv6_port.h.new Normal file → Executable file
View file

@ -1,5 +1,6 @@
/*
** Copyright (C) 2007-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2007-2013 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
@ -14,24 +15,19 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifndef IPV6_PORT_H
#define IPV6_PORT_H
#include "sf_types.h"
#include "debug.h"
#include "snort_debug.h"
///////////////////
/*****************/
/* IPv6 and IPv4 */
#ifdef SUP_IP6
#include "sf_ip.h"
typedef sfip_t snort_ip;
typedef sfip_t *snort_ip_p;
#define IpAddrNode sfip_node_t
#define IpAddrSet sfip_var_t
#define IpAddrSetContains(x,y) sfvar_ip_in(x, y)
@ -42,43 +38,46 @@ typedef sfip_t *snort_ip_p;
#endif
#define inet_ntoa sfip_ntoa
#define GET_SRC_IP(p) (p->iph_api->iph_ret_src(p))
#define GET_DST_IP(p) (p->iph_api->iph_ret_dst(p))
#define GET_SRC_IP(p) ((p)->iph_api->iph_ret_src(p))
#define GET_DST_IP(p) ((p)->iph_api->iph_ret_dst(p))
#define GET_ORIG_SRC(p) (p->orig_iph_api->orig_iph_ret_src(p))
#define GET_ORIG_DST(p) (p->orig_iph_api->orig_iph_ret_dst(p))
#define GET_ORIG_SRC(p) ((p)->orig_iph_api->orig_iph_ret_src(p))
#define GET_ORIG_DST(p) ((p)->orig_iph_api->orig_iph_ret_dst(p))
/* These are here for backwards compatibility */
#define GET_SRC_ADDR(x) GET_SRC_IP(x)
#define GET_DST_ADDR(x) GET_DST_IP(x)
#define IP_EQUALITY(x,y) (sfip_compare(x,y) == SFIP_EQUAL)
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset(x,y) == SFIP_EQUAL)
#define IP_LESSER(x,y) (sfip_compare(x,y) == SFIP_LESSER)
#define IP_GREATER(x,y) (sfip_compare(x,y) == SFIP_GREATER)
#define IP_EQUALITY(x,y) (sfip_compare((x),(y)) == SFIP_EQUAL)
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset((x),(y)) == SFIP_EQUAL)
#define IP_LESSER(x,y) (sfip_compare((x),(y)) == SFIP_LESSER)
#define IP_GREATER(x,y) (sfip_compare((x),(y)) == SFIP_GREATER)
#define GET_IPH_TOS(p) p->iph_api->iph_ret_tos(p)
#define GET_IPH_LEN(p) p->iph_api->iph_ret_len(p)
#define GET_IPH_TTL(p) p->iph_api->iph_ret_ttl(p)
#define GET_IPH_ID(p) p->iph_api->iph_ret_id(p)
#define GET_IPH_OFF(p) p->iph_api->iph_ret_off(p)
#define GET_IPH_VER(p) p->iph_api->iph_ret_ver(p)
#define GET_IPH_PROTO(p) p->iph_api->iph_ret_proto(p)
#define IS_IP4(x) ((x)->family == AF_INET)
#define IS_IP6(x) ((x)->family == AF_INET6)
#define GET_ORIG_IPH_PROTO(p) p->orig_iph_api->orig_iph_ret_proto(p)
#define GET_ORIG_IPH_VER(p) p->orig_iph_api->orig_iph_ret_ver(p)
#define GET_ORIG_IPH_LEN(p) p->orig_iph_api->orig_iph_ret_len(p)
#define GET_ORIG_IPH_OFF(p) p->orig_iph_api->orig_iph_ret_off(p)
#define GET_ORIG_IPH_PROTO(p) p->orig_iph_api->orig_iph_ret_proto(p)
#define IS_OUTER_IP4(x) ((x)->outer_family == AF_INET)
#define IS_OUTER_IP6(x) ((x)->outer_family == AF_INET6)
#define GET_IPH_TOS(p) (p)->iph_api->iph_ret_tos(p)
#define GET_IPH_LEN(p) (p)->iph_api->iph_ret_len(p)
#define GET_IPH_TTL(p) (p)->iph_api->iph_ret_ttl(p)
#define GET_IPH_ID(p) (p)->iph_api->iph_ret_id(p)
#define GET_IPH_OFF(p) (p)->iph_api->iph_ret_off(p)
#define GET_IPH_VER(p) (p)->iph_api->iph_ret_ver(p)
#define GET_IPH_PROTO(p) ((uint8_t)(IS_IP6(p) ? ((p)->ip6h->next) : ((p)->iph_api->iph_ret_proto(p))))
#define GET_ORIG_IPH_PROTO(p) (p)->orig_iph_api->orig_iph_ret_proto(p)
#define GET_ORIG_IPH_VER(p) (p)->orig_iph_api->orig_iph_ret_ver(p)
#define GET_ORIG_IPH_LEN(p) (p)->orig_iph_api->orig_iph_ret_len(p)
#define GET_ORIG_IPH_OFF(p) (p)->orig_iph_api->orig_iph_ret_off(p)
#define IS_IP4(x) (x->family == AF_INET)
#define IS_IP6(x) (x->family == AF_INET6)
/* XXX make sure these aren't getting confused with sfip_is_valid within the code */
#define IPH_IS_VALID(p) iph_is_valid(p)
#define IP_CLEAR(x) x.bits = x.family = x.ip32[0] = x.ip32[1] = x.ip32[2] = x.ip32[3] = 0;
#define IP_CLEAR(x) (x).family = (x).ia32[0] = (x).ia32[1] = (x).ia32[2] = (x).ia32[3] = 0;
#define IS_SET(x) sfip_is_set(&x)
#define IP_IS_SET(x) sfip_is_set(&x)
/* This loop trickery is intentional. If each copy is performed
* individually on each field, then the following expression gets broken:
@ -88,17 +87,9 @@ typedef sfip_t *snort_ip_p;
* If the macro is instead enclosed in braces, then having a semicolon
* trailing the macro causes compile breakage.
* So: use loop. */
#define IP_COPY_VALUE(x,y) \
do { \
x.bits = y->bits; \
x.family = y->family; \
x.ip32[0] = y->ip32[0]; \
x.ip32[1] = y->ip32[1]; \
x.ip32[2] = y->ip32[2]; \
x.ip32[3] = y->ip32[3]; \
} while(0)
#define IP_COPY_VALUE(dst, src) sfip_set_ip(&(dst), src)
#define GET_IPH_HLEN(p) (p->iph_api->iph_ret_hlen(p))
#define GET_IPH_HLEN(p) ((p)->iph_api->iph_ret_hlen(p))
#define SET_IPH_HLEN(p, val)
#define GET_IP_DGMLEN(p) IS_IP6(p) ? (ntohs(GET_IPH_LEN(p)) + (GET_IPH_HLEN(p) << 2)) : ntohs(GET_IPH_LEN(p))
@ -107,95 +98,18 @@ typedef sfip_t *snort_ip_p;
#define IP_ARG(ipt) (&ipt)
#define IP_PTR(ipp) (ipp)
#define IP_VAL(ipt) (*ipt)
#define IP_SIZE(ipp) (sfip_size(ipp))
static INLINE int sfip_equal (snort_ip* ip1, snort_ip* ip2)
#define GET_INNER_SRC_IP(p) (IS_IP6(p) ? (&((p)->inner_ip6h.ip_addrs->ip_src)):(&((p)->inner_ip4h.ip_addrs->ip_src)))
#define GET_INNER_DST_IP(p) (IS_IP6(p) ? (&((p)->inner_ip6h.ip_addrs->ip_dst)):(&((p)->inner_ip4h.ip_addrs->ip_dst)))
#define GET_OUTER_SRC_IP(p) (IS_OUTER_IP6(p) ? (&((p)->outer_ip6h.ip_addrs->ip_src)):(&((p)->outer_ip4h.ip_addrs->ip_src)))
#define GET_OUTER_DST_IP(p) (IS_OUTER_IP6(p) ? (&((p)->outer_ip6h.ip_addrs->ip_dst)):(&((p)->outer_ip4h.ip_addrs->ip_dst)))
#if 0
static inline int sfip_equal (sfaddr_t* ip1, sfaddr_t* ip2)
{
if ( ip1->family != ip2->family )
{
return 0;
}
if ( ip1->family == AF_INET )
{
return _ip4_cmp(ip1->ip32[0], ip2->ip32[0]) == SFIP_EQUAL;
}
if ( ip1->family == AF_INET6 )
{
return _ip6_cmp(ip1, ip2) == SFIP_EQUAL;
}
return 0;
}
#else
///////////////
/* IPv4 only */
#include <sys/types.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
typedef u_int32_t snort_ip; /* 32 bits only -- don't use unsigned long */
typedef u_int32_t snort_ip_p; /* 32 bits only -- don't use unsigned long */
#define IP_SRC_EQUALITY(x,y) (x->ip_addr == (y->iph->ip_src.s_addr & x->netmask))
#define IP_DST_EQUALITY(x,y) (x->ip_addr == (y->iph->ip_dst.s_addr & x->netmask))
#define GET_SRC_IP(x) x->iph->ip_src.s_addr
#define GET_DST_IP(x) x->iph->ip_dst.s_addr
#define GET_ORIG_SRC(p) (p->orig_iph->ip_src.s_addr)
#define GET_ORIG_DST(p) (p->orig_iph->ip_dst.s_addr)
#define GET_SRC_ADDR(x) x->iph->ip_src
#define GET_DST_ADDR(x) x->iph->ip_dst
#define IP_CLEAR_SRC(x) x->iph->ip_src.s_addr = 0
#define IP_CLEAR_DST(x) x->iph->ip_dst.s_addr = 0
#define IP_EQUALITY(x,y) (x == y)
#define IP_EQUALITY_UNSET(x,y) (x == y)
#define IP_LESSER(x,y) (x < y)
#define IP_GREATER(x,y) (x > y)
#define GET_IPH_PROTO(p) p->iph->ip_proto
#define GET_IPH_TOS(p) p->iph->ip_tos
#define GET_IPH_LEN(p) p->iph->ip_len
#define GET_IPH_TTL(p) p->iph->ip_ttl
#define GET_IPH_VER(p) ((p->iph->ip_verhl & 0xf0) >> 4)
#define GET_IPH_ID(p) p->iph->ip_id
#define GET_IPH_OFF(p) p->iph->ip_off
#define GET_ORIG_IPH_VER(p) IP_VER(p->orig_iph)
#define GET_ORIG_IPH_LEN(p) p->orig_iph->ip_len
#define GET_ORIG_IPH_OFF(p) p->orig_iph->ip_off
#define GET_ORIG_IPH_PROTO(p) p->orig_iph->ip_proto
#define IS_IP4(x) 1
#define IS_IP6(x) 0
#define IPH_IS_VALID(p) p->iph
#define IP_CLEAR(x) x = 0;
#define IS_SET(x) x
#define IP_COPY_VALUE(x,y) x = y
#define GET_IPH_HLEN(p) ((p)->iph->ip_verhl & 0x0f)
#define SET_IPH_HLEN(p, val) (((IPHdr *)(p)->iph)->ip_verhl = (unsigned char)(((p)->iph->ip_verhl & 0xf0) | ((val) & 0x0f)))
#define GET_IP_DGMLEN(p) ntohs(GET_IPH_LEN(p))
#define GET_IP_PAYLEN(p) ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2)
#define IP_ARG(ipt) (ipt)
#define IP_PTR(ipp) (&ipp)
#define IP_VAL(ipt) (ipt)
#define IP_SIZE(ipp) (sizeof(ipp))
static INLINE int sfip_equal (snort_ip ip1, snort_ip ip2)
{
return IP_EQUALITY(ip1, ip2);
}
#endif /* SUP_IP6 */
#if !defined(IPPROTO_IPIP) && defined(WIN32) /* Needed for some Win32 */
#define IPPROTO_IPIP 4

52
include/mpse_methods.h Executable file
View file

@ -0,0 +1,52 @@
/*
** mpse.h
**
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2002-2013 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU Gener*
*/
#ifndef _MPSE_METHODS_H_
#define _MPSE_METHODS_H_
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
/*
* Pattern Matching Methods
*/
//#define MPSE_MWM 1
#define MPSE_AC 2
//#define MPSE_KTBM 3
#define MPSE_LOWMEM 4
//#define MPSE_AUTO 5
#define MPSE_ACF 6
#define MPSE_ACS 7
#define MPSE_ACB 8
#define MPSE_ACSB 9
#define MPSE_AC_BNFA 10
#define MPSE_AC_BNFA_Q 11
#define MPSE_ACF_Q 12
#define MPSE_LOWMEM_Q 13
#ifdef INTEL_SOFT_CPM
#define MPSE_INTEL_CPM 14
#endif /* INTEL_SOFT_CPM */
typedef enum {
MPSE_PATTERN_CASE,
MPSE_PATTERN_NOCASE
} tMpseCaseEnum;
#endif

52
include/mpse_methods.h.new Executable file
View file

@ -0,0 +1,52 @@
/*
** mpse.h
**
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2002-2013 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU Gener*
*/
#ifndef _MPSE_METHODS_H_
#define _MPSE_METHODS_H_
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
/*
* Pattern Matching Methods
*/
//#define MPSE_MWM 1
#define MPSE_AC 2
//#define MPSE_KTBM 3
#define MPSE_LOWMEM 4
//#define MPSE_AUTO 5
#define MPSE_ACF 6
#define MPSE_ACS 7
#define MPSE_ACB 8
#define MPSE_ACSB 9
#define MPSE_AC_BNFA 10
#define MPSE_AC_BNFA_Q 11
#define MPSE_ACF_Q 12
#define MPSE_LOWMEM_Q 13
#ifdef INTEL_SOFT_CPM
#define MPSE_INTEL_CPM 14
#endif /* INTEL_SOFT_CPM */
typedef enum {
MPSE_PATTERN_CASE,
MPSE_PATTERN_NOCASE
} tMpseCaseEnum;
#endif

12
include/obfuscation.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/******************************************************************************
* Copyright (C) 2009-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2009-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -14,16 +15,15 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
******************************************************************************/
#ifndef __OBFUSCATION_H__
#define __OBFUSCATION_H__
#include "sf_types.h"
#include <daq.h>
#include "sf_snort_packet.h"
#include <pcap.h>
/*******************************************************************************
@ -69,7 +69,7 @@ typedef enum _ObRet
* obfuscation character.
*
* Arguments
* struct pcap_pkthdr *pkth
* DAQ_PktHdr_t *pkth
* The pcap header that contains the packet caplen and timestamps
* uint8_t *packet_data
* A pointer to the current offset into the packet data. NULL if
@ -89,7 +89,7 @@ typedef enum _ObRet
******************************************************************************/
typedef ObRet (*ObfuscationCallback)
(
const struct pcap_pkthdr *pkth,
const DAQ_PktHdr_t *pkth,
const uint8_t *packet_data,
ob_size_t length,
ob_char_t ob_char,

12
include/obfuscation.h.new Normal file → Executable file
View file

@ -1,5 +1,6 @@
/******************************************************************************
* Copyright (C) 2009-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2009-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -14,16 +15,15 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
******************************************************************************/
#ifndef __OBFUSCATION_H__
#define __OBFUSCATION_H__
#include "sf_types.h"
#include <daq.h>
#include "decode.h"
#include <pcap.h>
/*******************************************************************************
@ -69,7 +69,7 @@ typedef enum _ObRet
* obfuscation character.
*
* Arguments
* struct pcap_pkthdr *pkth
* DAQ_PktHdr_t *pkth
* The pcap header that contains the packet caplen and timestamps
* uint8_t *packet_data
* A pointer to the current offset into the packet data. NULL if
@ -89,7 +89,7 @@ typedef enum _ObRet
******************************************************************************/
typedef ObRet (*ObfuscationCallback)
(
const struct pcap_pkthdr *pkth,
const DAQ_PktHdr_t *pkth,
const uint8_t *packet_data,
ob_size_t length,
ob_char_t ob_char,

38
include/packet_time.h Executable file
View file

@ -0,0 +1,38 @@
/****************************************************************************
*
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2003-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
#ifndef _PACKET_TIME_H
#define _PACKET_TIME_H
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifndef WIN32
#include <sys/time.h>
#endif
void packet_time_update(const struct timeval *cur_tv);
time_t packet_time(void);
void packet_gettimeofday(struct timeval *tv);
#endif /* _PACKET_TIME_H */

38
include/packet_time.h.new Executable file
View file

@ -0,0 +1,38 @@
/****************************************************************************
*
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2003-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
#ifndef _PACKET_TIME_H
#define _PACKET_TIME_H
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifndef WIN32
#include <sys/time.h>
#endif
void packet_time_update(const struct timeval *cur_tv);
time_t packet_time(void);
void packet_gettimeofday(struct timeval *tv);
#endif /* _PACKET_TIME_H */

24
include/pcap_pkthdr32.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/*
** Copyright (C) 2007-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2007-2013 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
@ -14,29 +15,14 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifndef __PCAP_PKTHDR32_H__
#define __PCAP_PKTHDR32_H__
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef WIN32
#include <winsock2.h>
#else
#include <sys/time.h>
#endif
#include <stdlib.h>
#include <time.h>
#include <sys/types.h>
#include "sf_types.h"
/* we must use fixed size of 32 bits, because on-disk
* format of savefiles uses 32-bit tv_sec (and tv_usec)
*/
@ -53,9 +39,9 @@ struct pcap_pkthdr32
{
struct sf_timeval32 ts; /* packet timestamp */
uint32_t caplen; /* packet capture length */
uint32_t pktlen; /* packet "real" length */
uint32_t len; /* packet "real" length */
};
#endif /* __PCAP_PKTHDR32_H__ */
#endif // __PCAP_PKTHDR32_H__

12
include/plugin_enum.h Normal file → Executable file
View file

@ -1,7 +1,8 @@
/* $Id$ */
/****************************************************************************
*
* Copyright (C) 2003-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2003-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -16,7 +17,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -47,7 +48,7 @@ enum {
PLUGIN_PATTERN_MATCH, /* AND match */
PLUGIN_PATTERN_MATCH_OR,
PLUGIN_PATTERN_MATCH_URI,
PLUGIN_RESPOND,
PLUGIN_RESPONSE,
PLUGIN_RPC_CHECK,
PLUGIN_SESSION,
PLUGIN_TCP_ACK_CHECK,
@ -60,6 +61,11 @@ enum {
PLUGIN_URILEN_CHECK,
PLUGIN_DYNAMIC,
PLUGIN_FLOWBIT,
PLUGIN_FILE_DATA,
PLUGIN_BASE64_DECODE,
#if defined(FEAT_OPEN_APPID)
PLUGIN_APPID,
#endif /* defined(FEAT_OPEN_APPID) */
PLUGIN_MAX /* sentinel value */
};

166
include/preprocids.h Normal file → Executable file
View file

@ -1,6 +1,7 @@
/****************************************************************************
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -15,13 +16,17 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
#ifndef _PREPROC_IDS_H
#define _PREPROC_IDS_H
#include <stdint.h>
#ifdef DUMP_BUFFER
#include "sf_types.h"
#endif
/*
** Preprocessor Communication Defines
** ----------------------------------
@ -36,55 +41,164 @@
** another module, it must come first in the order.
*/
// currently 64 bits (preprocessors)
// are available.
#define PP_BO 0
#define PP_DCERPC 1
#define PP_APP_ID 1
#define PP_DNS 2
#define PP_FRAG3 3
#define PP_FTPTELNET 4
#define PP_HTTPINSPECT 5
#define PP_PERFMONITOR 6
#define PP_RPCDECODE 7
#define PP_RULES 8
#define PP_SHARED_RULES 8
#define PP_SFPORTSCAN 9
#define PP_SMTP 10
#define PP_SSH 11
#define PP_SSL 12
#define PP_STREAM5 13
#define PP_STREAM 13
#define PP_TELNET 14
#define PP_ARPSPOOF 15
#define PP_DCE2 16
#define PP_SDF 17
#define PP_NORMALIZE 18
#define PP_ISAKMP 19 // used externally
#define PP_SESSION 20
#define PP_SIP 21
#define PP_POP 22
#define PP_IMAP 23
#define PP_NETWORK_DISCOVERY 24 // used externally
#define PP_FW_RULE_ENGINE 25 // used externally
#define PP_REPUTATION 26
#define PP_GTP 27
#define PP_MODBUS 28
#define PP_DNP3 29
#define PP_FILE 30
#define PP_FILE_INSPECT 31
#define PP_NAP_RULE_ENGINE 32
#define PP_PREFILTER_RULE_ENGINE 33 // used externally
#define PP_HTTPMOD 34
#define PP_HTTP2 35
#define PP_MAX 36
/* used externally */
#define PP_ISAKMP 18
#define PP_SKYPE 19
#define PP_ENABLE_ALL (~0)
#define PP_DISABLE_ALL 0x0
/* currently 32 bits (preprocessors) */
/* are available. most of these can */
/* be deleted: */
#if 0
#define PP_ASN1DECODE 17
#define PP_CONVERSATION 18
#define PP_FLOW 19
#define PP_FRAG2 20
#define PP_FNORD 21
#define PP_HTTPFLOW 22
#define PP_LOADBALANCING 24
#define PP_PORTSCAN 25
#define PP_PORTSCAN2 26
#define PP_PORTSCAN_IGNORE_HOSTS 27
#ifdef WIN32
#ifndef UINT64_C
#define UINT64_C(v) (v)
#endif
#endif
#define PP_ALL_ON 0xFFFFFFFF
#define PP_ALL_OFF 0x00000000
// preprocessors that run before or as part of Network Analysis Policy processing... If enabled by
// configuration they are never disabled
#define PP_CLASS_NETWORK ( ( UINT64_C(1) << PP_FRAG3 ) | ( UINT64_C(1) << PP_PERFMONITOR ) | \
( UINT64_C(1) << PP_SFPORTSCAN ) | ( UINT64_C(1) << PP_STREAM ) | \
( UINT64_C(1) << PP_NORMALIZE ) | ( UINT64_C(1) << PP_SESSION ) | \
( UINT64_C(1) << PP_REPUTATION ) )
#define PRIORITY_FIRST 0x0
#define PRIORITY_NETWORK 0x10
// Firewall and Application ID & Netowrk Discovery preprocessors...also always run if enabled by configuration
#define PP_CLASS_NGFW ( ( UINT64_C(1) << PP_APP_ID ) | ( UINT64_C(1) << PP_FW_RULE_ENGINE ) | \
( UINT64_C(1) << PP_NETWORK_DISCOVERY ) | ( UINT64_C(1) << PP_PREFILTER_RULE_ENGINE ) | \
( UINT64_C(1) << PP_HTTPMOD) )
// Application preprocessors...once the application or protocol for a stream is determined only preprocessors
// that analyze that type of stream are enabled (usually there is only 1...)
#define PP_CLASS_PROTO_APP ( ( UINT64_C(1) << PP_BO ) | ( UINT64_C(1) << PP_DNS ) | \
( UINT64_C(1) << PP_FTPTELNET ) | ( UINT64_C(1) << PP_HTTPINSPECT ) | \
( UINT64_C(1) << PP_RPCDECODE ) | ( UINT64_C(1) << PP_SHARED_RULES ) | \
( UINT64_C(1) << PP_SMTP ) | ( UINT64_C(1) << PP_SSH ) | \
( UINT64_C(1) << PP_SSL ) | ( UINT64_C(1) << PP_TELNET ) | \
( UINT64_C(1) << PP_ARPSPOOF ) | ( UINT64_C(1) << PP_DCE2 ) | \
( UINT64_C(1) << PP_SDF ) | ( UINT64_C(1) << PP_ISAKMP) | \
( UINT64_C(1) << PP_POP ) | ( UINT64_C(1) << PP_IMAP ) | \
( UINT64_C(1) << PP_GTP ) | ( UINT64_C(1) << PP_MODBUS ) | \
( UINT64_C(1) << PP_DNP3 ) | ( UINT64_C(1) << PP_FILE ) | \
( UINT64_C(1) << PP_FILE_INSPECT ) )
#define PP_DEFINED_GLOBAL ( ( UINT64_C(1) << PP_APP_ID ) | ( UINT64_C(1) << PP_FW_RULE_ENGINE ) | \
( UINT64_C(1) << PP_NETWORK_DISCOVERY ) | ( UINT64_C(1) << PP_PERFMONITOR) | \
( UINT64_C(1) << PP_SESSION ) | ( UINT64_C(1) << PP_PREFILTER_RULE_ENGINE ) )
#define PP_CORE_ORDER_SESSION 0
#define PP_CORE_ORDER_IPREP 1
#define PP_CORE_ORDER_NAP 2
#define PP_CORE_ORDER_NORML 3
#define PP_CORE_ORDER_FRAG3 4
#define PP_CORE_ORDER_PREFILTER 5 // used externally
#define PP_CORE_ORDER_STREAM 6
#define PRIORITY_CORE 0x0
#define PRIORITY_CORE_LAST 0x0f
#define PRIORITY_FIRST 0x10
#define PRIORITY_NETWORK 0x20
#define PRIORITY_TRANSPORT 0x100
#define PRIORITY_TUNNEL 0x105
#define PRIORITY_SCANNER 0x110
#define PRIORITY_APPLICATION 0x200
#define PRIORITY_LAST 0xffff
#ifdef DUMP_BUFFER
/* dump_alert_only makes sure that bufferdump happens only when a rule is
triggered.
dumped_state avoids repeatition of buffer dump for a packet that has an
alert, when --buffer-dump is given as command line option.
dump_enabled gets set when --buffer-dump or --buffer-dump-alert option
is given.
*/
extern bool dump_alert_only;
extern bool dumped_state;
extern bool dump_enabled;
#define MAX_BUFFER_DUMP_FUNC 13
#define MAX_HTTP_BUFFER_DUMP 16
#define MAX_SMTP_BUFFER_DUMP 7
#define MAX_SIP_BUFFER_DUMP 16
#define MAX_DNP3_BUFFER_DUMP 4
#define MAX_POP_BUFFER_DUMP 7
#define MAX_MODBUS_BUFFER_DUMP 3
#define MAX_SSH_BUFFER_DUMP 11
#define MAX_DNS_BUFFER_DUMP 10
#define MAX_DCERPC2_BUFFER_DUMP 7
#define MAX_FTPTELNET_BUFFER_DUMP 7
#define MAX_IMAP_BUFFER_DUMP 4
#define MAX_SSL_BUFFER_DUMP 4
#define MAX_GTP_BUFFER_DUMP 6
typedef enum {
HTTP_BUFFER_DUMP_FUNC,
SMTP_BUFFER_DUMP_FUNC,
SIP_BUFFER_DUMP_FUNC,
DNP3_BUFFER_DUMP_FUNC,
POP_BUFFER_DUMP_FUNC,
MODBUS_BUFFER_DUMP_FUNC,
SSH_BUFFER_DUMP_FUNC,
DNS_BUFFER_DUMP_FUNC,
DCERPC2_BUFFER_DUMP_FUNC,
FTPTELNET_BUFFER_DUMP_FUNC,
IMAP_BUFFER_DUMP_FUNC,
SSL_BUFFER_DUMP_FUNC,
GTP_BUFFER_DUMP_FUNC
} BUFFER_DUMP_FUNC;
typedef struct _TraceBuffer {
char *buf_name;
char *buf_content;
uint16_t length;
} TraceBuffer;
typedef uint64_t BufferDumpEnableMask;
extern TraceBuffer *(*getBuffers[MAX_BUFFER_DUMP_FUNC])(void);
extern BufferDumpEnableMask bdmask;
#endif
typedef uint64_t PreprocEnableMask;
#endif /* _PREPROC_IDS_H */

122
include/profiler.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/*
** Copyright (C) 2005-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2005-2013 Sourcefire, Inc.
** Author: Steven Sturges <ssturges@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
@ -15,7 +16,7 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/* $Id$ */
@ -25,7 +26,6 @@
#ifdef PERF_PROFILING
#include "sf_types.h"
#include "cpuclock.h"
/* Sort preferences for rule profiling */
@ -38,50 +38,54 @@
#define PROFILE_SORT_TOTAL_TICKS 7
/* MACROS that handle profiling of rules and preprocessors */
#define PROFILE_VARS uint64_t ticks_start = 0, ticks_end = 0, ticks_delta = 0
#define PROFILE_VARS_NAMED(name) uint64_t name##_ticks_start, name##_ticks_end
#define PROFILE_VARS PROFILE_VARS_NAMED(snort)
#define PROFILE_START \
get_clockticks(ticks_start);
#define PROFILE_START_NAMED(name) \
get_clockticks(name##_ticks_start)
#define PROFILE_END \
get_clockticks(ticks_end); \
ticks_delta = ticks_end - ticks_start;
#define PROFILE_END_NAMED(name) \
get_clockticks(name##_ticks_end)
#define NODE_PROFILE_END \
PROFILE_END_NAMED(node); \
node_ticks_delta = node_ticks_end - node_ticks_start
#ifndef PROFILING_RULES
#define PROFILING_RULES ScProfileRules()
#endif
#define NODE_PROFILE_VARS uint64_t ticks_start = 0, ticks_end = 0, ticks_delta = 0, node_deltas = 0
#define NODE_PROFILE_VARS uint64_t node_ticks_start, node_ticks_end, node_ticks_delta, node_deltas = 0
#define NODE_PROFILE_START(node) \
if (PROFILING_RULES) { \
node->checks++; \
PROFILE_START; \
PROFILE_START_NAMED(node); \
}
#define NODE_PROFILE_END_MATCH(node) \
if (PROFILING_RULES) { \
PROFILE_END; \
node->ticks += ticks_delta + node_deltas; \
node->ticks_match += ticks_delta + node_deltas; \
NODE_PROFILE_END; \
node->ticks += node_ticks_delta + node_deltas; \
node->ticks_match += node_ticks_delta + node_deltas; \
}
#define NODE_PROFILE_END_NOMATCH(node) \
if (PROFILING_RULES) { \
PROFILE_END; \
node->ticks += ticks_delta + node_deltas; \
node->ticks_no_match += ticks_delta + node_deltas; \
NODE_PROFILE_END; \
node->ticks += node_ticks_delta + node_deltas; \
node->ticks_no_match += node_ticks_delta + node_deltas; \
}
#define NODE_PROFILE_TMPSTART(node) \
if (PROFILING_RULES) { \
PROFILE_START; \
PROFILE_START_NAMED(node); \
}
#define NODE_PROFILE_TMPEND(node) \
if (PROFILING_RULES) { \
PROFILE_END; \
node_deltas += ticks_delta; \
NODE_PROFILE_END; \
node_deltas += node_ticks_delta; \
}
#define OTN_PROFILE_ALERT(otn) otn->alerts++;
@ -90,43 +94,65 @@
#define PROFILING_PREPROCS ScProfilePreprocs()
#endif
#define PREPROC_PROFILE_START(ppstat) \
#define PREPROC_PROFILE_START_NAMED(name, ppstat) \
if (PROFILING_PREPROCS) { \
ppstat.checks++; \
PROFILE_START; \
ppstat.ticks_start = ticks_start; \
PROFILE_START_NAMED(name); \
ppstat.ticks_start = name##_ticks_start; \
}
#define PREPROC_PROFILE_START(ppstat) PREPROC_PROFILE_START_NAMED(snort, ppstat)
#define PREPROC_PROFILE_REENTER_START(ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_START; \
ppstat.ticks_start = ticks_start; \
#define PREPROC_PROFILE_START_NAMED_PI(name, ppstat) \
{ \
ppstat.checks++; \
PROFILE_START_NAMED(name); \
ppstat.ticks_start = name##_ticks_start; \
}
#define PREPROC_PROFILE_START_PI(ppstat) PREPROC_PROFILE_START_NAMED_PI(snort, ppstat)
#define PREPROC_PROFILE_TMPSTART(ppstat) \
#define PREPROC_PROFILE_REENTER_START_NAMED(name, ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_START; \
ppstat.ticks_start = ticks_start; \
PROFILE_START_NAMED(name); \
ppstat.ticks_start = name##_ticks_start; \
}
#define PREPROC_PROFILE_REENTER_START(ppstat) PREPROC_PROFILE_REENTER_START_NAMED(snort, ppstat)
#define PREPROC_PROFILE_END(ppstat) \
#define PREPROC_PROFILE_TMPSTART_NAMED(name, ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_END; \
PROFILE_START_NAMED(name); \
ppstat.ticks_start = name##_ticks_start; \
}
#define PREPROC_PROFILE_TMPSTART(ppstat) PREPROC_PROFILE_TMPSTART_NAMED(snort, ppstat)
#define PREPROC_PROFILE_END_NAMED(name, ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_END_NAMED(name); \
ppstat.exits++; \
ppstat.ticks += ticks_end - ppstat.ticks_start; \
ppstat.ticks += name##_ticks_end - ppstat.ticks_start; \
}
#define PREPROC_PROFILE_END(ppstat) PREPROC_PROFILE_END_NAMED(snort, ppstat)
#define PREPROC_PROFILE_REENTER_END(ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_END; \
ppstat.ticks += ticks_end - ppstat.ticks_start; \
#define PREPROC_PROFILE_END_NAMED_PI(name, ppstat) \
{ \
PROFILE_END_NAMED(name); \
ppstat.exits++; \
ppstat.ticks += name##_ticks_end - ppstat.ticks_start; \
}
#define PREPROC_PROFILE_END_PI(ppstat) PREPROC_PROFILE_END_NAMED_PI(snort, ppstat)
#define PREPROC_PROFILE_TMPEND(ppstat) \
#define PREPROC_PROFILE_REENTER_END_NAMED(name, ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_END; \
ppstat.ticks += ticks_end - ppstat.ticks_start; \
PROFILE_END_NAMED(name); \
ppstat.ticks += name##_ticks_end - ppstat.ticks_start; \
}
#define PREPROC_PROFILE_REENTER_END(ppstat) PREPROC_PROFILE_REENTER_END_NAMED(snort, ppstat)
#define PREPROC_PROFILE_TMPEND_NAMED(name, ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_END_NAMED(name); \
ppstat.ticks += name##_ticks_end - ppstat.ticks_start; \
}
#define PREPROC_PROFILE_TMPEND(ppstat) PREPROC_PROFILE_TMPEND_NAMED(snort, ppstat)
/************** Profiling API ******************/
void ShowRuleProfiles(void);
@ -139,12 +165,16 @@ typedef struct _PreprocStats
uint64_t exits;
} PreprocStats;
typedef void (*FreeFunc)(PreprocStats *stats);
typedef struct _PreprocStatsNode
{
PreprocStats *stats;
char *name;
int layer;
FreeFunc freefn;
PreprocStats *parent;
struct _PreprocStatsNode *next;
} PreprocStatsNode;
@ -157,7 +187,8 @@ typedef struct _ProfileConfig
} ProfileConfig;
void RegisterPreprocessorProfile(char *keyword, PreprocStats *stats, int layer, PreprocStats *parent);
typedef void (*StatsNodeFreeFunc)(PreprocStats *stats);
void RegisterPreprocessorProfile(const char *keyword, PreprocStats *stats, int layer, PreprocStats *parent, StatsNodeFreeFunc freefn);
void ShowPreprocProfiles(void);
void ResetRuleProfiling(void);
void ResetPreprocProfiling(void);
@ -165,6 +196,7 @@ void CleanupPreprocStatsNodeList(void);
extern PreprocStats totalPerfStats;
#else
#define PROFILE_VARS
#define PROFILE_VARS_NAMED(name)
#define NODE_PROFILE_VARS
#define NODE_PROFILE_START(node)
#define NODE_PROFILE_END_MATCH(node)
@ -173,11 +205,19 @@ extern PreprocStats totalPerfStats;
#define NODE_PROFILE_TMPEND(node)
#define OTN_PROFILE_ALERT(otn)
#define PREPROC_PROFILE_START(ppstat)
#define PREPROC_PROFILE_START_NAMED(name, ppstat)
#define PREPROC_PROFILE_START_PI(ppstat)
#define PREPROC_PROFILE_REENTER_START(ppstat)
#define PREPROC_PROFILE_REENTER_START_NAMED(name, ppstat)
#define PREPROC_PROFILE_TMPSTART(ppstat)
#define PREPROC_PROFILE_TMPSTART_NAMED(name, ppstat)
#define PREPROC_PROFILE_END(ppstat)
#define PREPROC_PROFILE_END_NAMED(name, ppstat)
#define PREPROC_PROFILE_END_PI(ppstat)
#define PREPROC_PROFILE_REENTER_END(ppstat)
#define PREPROC_PROFILE_REENTER_END_NAMED(name, ppstat)
#define PREPROC_PROFILE_TMPEND(ppstat)
#define PREPROC_PROFILE_TMPEND_NAMED(name, ppstat)
#endif
#endif /* __PROFILER_H__ */

22
include/rule_option_types.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2008-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -14,7 +15,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
#ifndef RULE_OPTION_TYPES__H
@ -26,6 +27,7 @@ typedef enum _option_type_t
RULE_OPTION_TYPE_ASN1,
RULE_OPTION_TYPE_BYTE_TEST,
RULE_OPTION_TYPE_BYTE_JUMP,
RULE_OPTION_TYPE_BYTE_EXTRACT,
RULE_OPTION_TYPE_FLOW,
RULE_OPTION_TYPE_CVS,
RULE_OPTION_TYPE_DSIZE,
@ -44,6 +46,10 @@ typedef enum _option_type_t
RULE_OPTION_TYPE_IP_TOS,
RULE_OPTION_TYPE_IS_DATA_AT,
RULE_OPTION_TYPE_FILE_DATA,
RULE_OPTION_TYPE_FILE_TYPE,
RULE_OPTION_TYPE_BASE64_DECODE,
RULE_OPTION_TYPE_BASE64_DATA,
RULE_OPTION_TYPE_PKT_DATA,
RULE_OPTION_TYPE_CONTENT,
RULE_OPTION_TYPE_CONTENT_URI,
RULE_OPTION_TYPE_PCRE,
@ -60,13 +66,17 @@ typedef enum _option_type_t
RULE_OPTION_TYPE_TCP_SEQ,
RULE_OPTION_TYPE_TCP_WIN,
RULE_OPTION_TYPE_TTL,
RULE_OPTION_TYPE_URILEN
#ifdef DYNAMIC_PLUGIN
,
RULE_OPTION_TYPE_URILEN,
RULE_OPTION_TYPE_HDR_OPT_CHECK,
RULE_OPTION_TYPE_PREPROCESSOR,
#if !defined(FEAT_OPEN_APPID)
RULE_OPTION_TYPE_DYNAMIC
#endif
#else /* defined(FEAT_OPEN_APPID) */
RULE_OPTION_TYPE_DYNAMIC,
RULE_OPTION_TYPE_APPID
#endif /* defined(FEAT_OPEN_APPID) */
,RULE_OPTION_TYPE_BYTE_MATH
} option_type_t;
#endif /* RULE_OPTION_TYPES__H */

961
include/session_api.h Executable file
View file

@ -0,0 +1,961 @@
/* $Id$ */
/*
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2004-2013 Sourcefire, Inc.
* ** AUTHOR: d mcpherson
* **
* ** This program is free software; you can redistribute it and/or modify
* ** it under the terms of the GNU General Public License Version 2 as
* ** published by the Free Software Foundation. You may not use, modify or
* ** distribute this program under any other version of the GNU General
* ** Public License.
* **
* ** This program is distributed in the hope that it will be useful,
* ** but WITHOUT ANY WARRANTY; without even the implied warranty of
* ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* ** GNU General Public License for more details.
* **
* ** You should have received a copy of the GNU General Public License
* ** along with this program; if not, write to the Free Software
* ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* */
/* session_api.h
*
* Purpose: Definition of the SessionAPI. To be used as a common interface
* for other preprocessors and detection plugins that require a
* session context for execution.
*
* Arguments:
*
* Effect:
*
* Comments:
*
* Any comments?
*
*/
#ifndef _SESSION_API_H_
#define _SESSION_API_H_
#include <sys/types.h>
#include "ipv6_port.h"
#include "preprocids.h" /* IDs are used when setting preproc specific data */
#include "bitop.h"
#include "sf_snort_packet.h"
#include "sfPolicy.h"
/* default limits */
#define STREAM_DEFAULT_PRUNE_QUANTA 30 /* seconds to timeout a session */
#define STREAM_DEFAULT_MEMCAP 8388608 /* 8MB */
#define STREAM_DEFAULT_PRUNE_LOG_MAX 1048576 /* 1MB */
#define STREAM_RIDICULOUS_HI_MEMCAP ( 1024 * 1024 * 1024 ) /* 1GB */
#define STREAM_RIDICULOUS_LOW_MEMCAP 32768 /* 32k*/
#define STREAM_RIDICULOUS_MAX_SESSIONS ( 1024 * 1024 ) /* 1 million sessions */
#define STREAM_DEFAULT_MAX_TCP_SESSIONS 262144 /* 256k TCP sessions by default */
#define STREAM_DEFAULT_MAX_UDP_SESSIONS 131072 /* 128k UDP sessions by default */
#define STREAM_DEFAULT_MAX_ICMP_SESSIONS 65536 /* 64k ICMP sessions by default */
#define STREAM_DEFAULT_MAX_IP_SESSIONS 16384 /* 16k IP sessions by default */
#define STREAM_DEFAULT_TCP_CACHE_PRUNING_TIMEOUT 30 /* 30 seconds */
#define STREAM_DEFAULT_TCP_CACHE_NOMINAL_TIMEOUT ( 60 * 60 ) /* 1 hour */
#define STREAM_DEFAULT_UDP_CACHE_PRUNING_TIMEOUT 30 /* 30 seconds */
#define STREAM_DEFAULT_UDP_CACHE_NOMINAL_TIMEOUT ( 3 * 60 ) /* 3 minutes */
#define STREAM_MAX_CACHE_TIMEOUT ( 12 * 60 * 60 ) /* 12 hours */
#define STREAM_MIN_PRUNE_LOG_MAX 1024 /* 1k packet data stored */
#define STREAM_MAX_PRUNE_LOG_MAX STREAM_RIDICULOUS_HI_MEMCAP /* 1GB packet data stored */
#define STREAM_DELAY_SESSION_DELETION true /* set if session deletion to be delayed */
#define STREAM_DELAY_TIMEOUT_AFTER_CONNECTION_ENDED (3 * 60) /* 3 minutes */
#define STREAM_EXPECTED_CHANNEL_TIMEOUT 300
#ifdef ACTIVE_RESPONSE
#define STREAM_DEFAULT_MAX_ACTIVE_RESPONSES 0 /* default to no responses */
#define STREAM_DEFAULT_MIN_RESPONSE_SECONDS 1 /* wait at least 1 second between resps */
#define STREAM_MAX_ACTIVE_RESPONSES_MAX 25 /* banging your head against the wall */
#define STREAM_MIN_RESPONSE_SECONDS_MAX 300 /* we want to stop the flow soonest */
#endif
#define EXPECT_FLAG_ALWAYS 0x01
#define SSN_MISSING_NONE 0x00
#define SSN_MISSING_BEFORE 0x01
#define SSN_MISSING_AFTER 0x02
#define SSN_MISSING_BOTH (SSN_MISSING_BEFORE | SSN_MISSING_AFTER)
#define SSN_DIR_NONE 0x0
#define SSN_DIR_FROM_CLIENT 0x1
#define SSN_DIR_FROM_SENDER 0x1
#define SSN_DIR_TO_SERVER 0x1
#define SSN_DIR_FROM_SERVER 0x2
#define SSN_DIR_FROM_RESPONDER 0x2
#define SSN_DIR_TO_CLIENT 0x2
#define SSN_DIR_BOTH 0x3
#define SSNFLAG_SEEN_CLIENT 0x00000001
#define SSNFLAG_SEEN_SENDER 0x00000001
#define SSNFLAG_SEEN_SERVER 0x00000002
#define SSNFLAG_SEEN_RESPONDER 0x00000002
#define SSNFLAG_SEEN_BOTH (SSNFLAG_SEEN_SERVER | SSNFLAG_SEEN_CLIENT) /* used to check asymetric traffic */
#define SSNFLAG_ESTABLISHED 0x00000004
#define SSNFLAG_NMAP 0x00000008
#define SSNFLAG_ECN_CLIENT_QUERY 0x00000010
#define SSNFLAG_ECN_SERVER_REPLY 0x00000020
#define SSNFLAG_HTTP_1_1 0x00000040 /* has stream seen HTTP 1.1? */
#define SSNFLAG_SEEN_PMATCH 0x00000080 /* seen pattern match? */
#define SSNFLAG_MIDSTREAM 0x00000100 /* picked up midstream */
#define SSNFLAG_CLIENT_FIN 0x00000200 /* server sent fin */
#define SSNFLAG_SERVER_FIN 0x00000400 /* client sent fin */
#define SSNFLAG_CLIENT_PKT 0x00000800 /* packet is from the client */
#define SSNFLAG_SERVER_PKT 0x00001000 /* packet is from the server */
#define SSNFLAG_COUNTED_INITIALIZE 0x00002000
#define SSNFLAG_COUNTED_ESTABLISH 0x00004000
#define SSNFLAG_COUNTED_CLOSING 0x00008000
#define SSNFLAG_TIMEDOUT 0x00010000
#define SSNFLAG_PRUNED 0x00020000
#define SSNFLAG_RESET 0x00040000
#define SSNFLAG_DROP_CLIENT 0x00080000
#define SSNFLAG_DROP_SERVER 0x00100000
#define SSNFLAG_LOGGED_QUEUE_FULL 0x00200000
#define SSNFLAG_STREAM_ORDER_BAD 0x00400000
#define SSNFLAG_FORCE_BLOCK 0x00800000
#define SSNFLAG_CLIENT_SWAP 0x01000000
#define SSNFLAG_CLIENT_SWAPPED 0x02000000
#define SSNFLAG_DETECTION_DISABLED 0x04000000
#define SSNFLAG_HTTP_2 0x08000000
#define SSNFLAG_HTTP_2_UPG 0x10000000
#define SSNFLAG_FREE_APP_DATA 0x20000000
#define SSNFLAG_ALL 0xFFFFFFFF /* all that and a bag of chips */
#define SSNFLAG_NONE 0x00000000 /* nothing, an MT bag of chips */
// HA Session flags helper macros
#define HA_IGNORED_SESSION_FLAGS ( SSNFLAG_COUNTED_INITIALIZE | SSNFLAG_COUNTED_ESTABLISH | \
SSNFLAG_COUNTED_CLOSING | SSNFLAG_LOGGED_QUEUE_FULL)
#define HA_CRITICAL_SESSION_FLAGS ( SSNFLAG_DROP_CLIENT | SSNFLAG_DROP_SERVER | SSNFLAG_RESET )
#define HA_TCP_MAJOR_SESSION_FLAGS ( SSNFLAG_ESTABLISHED )
#define UNKNOWN_PORT 0
#define TCP_HZ 100
#define SESSION_API_VERSION1 1
/* NOTE: The XFF_BUILTING_NAMES value must match the code in snort_httpinspect.c that
adds the builtin names to the list. */
#define HTTP_XFF_FIELD_X_FORWARDED_FOR "X-Forwarded-For"
#define HTTP_XFF_FIELD_TRUE_CLIENT_IP "True-Client-IP"
#define HTTP_XFF_BUILTIN_NAMES (2)
#define HTTP_MAX_XFF_FIELDS 8
typedef struct _StreamSessionKey
{
/* XXX If this data structure changes size, HashKeyCmp must be updated! */
uint32_t ip_l[4]; /* Low IP */
uint32_t ip_h[4]; /* High IP */
uint16_t port_l; /* Low Port - 0 if ICMP */
uint16_t port_h; /* High Port - 0 if ICMP */
uint16_t vlan_tag;
uint8_t protocol;
char pad;
uint32_t mplsLabel; /* MPLS label */
uint16_t addressSpaceId;
uint16_t addressSpaceIdPad1;
/* XXX If this data structure changes size, HashKeyCmp must be updated! */
} StreamSessionKey;
typedef StreamSessionKey SessionKey;
typedef void ( *StreamAppDataFree )( void * );
typedef struct _StreamAppData
{
uint32_t protocol;
void *dataPointer;
struct _StreamAppData *next;
struct _StreamAppData *prev;
StreamAppDataFree freeFunc;
} StreamAppData;
typedef struct _StreamFlowData
{
BITOP boFlowbits;
unsigned char flowb[1];
} StreamFlowData;
typedef struct _StreamSessionLimits
{
uint32_t tcp_session_limit;
uint32_t udp_session_limit;
uint32_t icmp_session_limit;
uint32_t ip_session_limit;
} StreamSessionLimits;
typedef struct _StreamHAState
{
uint32_t session_flags;
#ifdef TARGET_BASED
int16_t ipprotocol;
int16_t application_protocol;
#endif
char direction;
char ignore_direction; /* flag to ignore traffic on this session */
} StreamHAState;
typedef enum {
SE_REXMIT,
SE_EOF,
SE_MAX
} Stream_Event;
//typedef void (*LogExtraData)(void *ssnptr, void *config, LogFunction *funcs, uint32_t max_count,
// uint32_t xtradata_mask, uint32_t id, uint32_t sec);
#ifdef ENABLE_HA
typedef uint32_t ( *StreamHAProducerFunc )( void *ssnptr, uint8_t *buf );
typedef int ( *StreamHAConsumerFunc )( void *ssnptr, const uint8_t *data, uint8_t length );
#endif
// Protocol types for creating session cache
#define SESSION_PROTO_TCP 0x00
#define SESSION_PROTO_UDP 0x01
#define SESSION_PROTO_ICMP 0x02
#define SESSION_PROTO_IP 0x03
#define SESSION_PROTO_MAX 0x04
// Snort Policy Types
#define SNORT_NAP_POLICY 0x00
#define SNORT_IPS_POLICY 0x01
struct _SnortConfig;
struct _ExpectNode;
typedef void( *SessionCleanup )( void *ssn );
typedef void ( *nap_selector )( SFSnortPacket *p, bool client_packet );
typedef void (*MandatoryEarlySessionCreatorFn)(void *ssn, struct _ExpectNode*);
typedef char** (*GetHttpXffPrecedenceFunc)(void* ssn, uint32_t flags, int* nFields);
typedef struct _session_api
{
int version;
/* Create a protocol specific cache for session control blocks
*
* Parameters:
* Session procotol type
* Protocol Session Control Block Size
* Cleanup callback function
*/
void *(*init_session_cache)(uint32_t, uint32_t, SessionCleanup);
/* Lookup and return pointer to Session Control Block
*
* Parameters
* Session Cache
* Packet
* Session Key
*/
void *(*get_session)(void *, SFSnortPacket *, SessionKey *);
/* Populate a session key from the Packet
*
* Parameters
* Packet
* Stream session key pointer
*/
void (*populate_session_key)(SFSnortPacket *, StreamSessionKey *);
/* Lookup session by IP and Port from packet and return pointer to Session Control Block
*
* Parameters
* Source IP
* Source Port
* Destination IP
* Destination Port
* Protocol
* VLAN
* MPLS ID
* Address Space ID
* Session Key
*/
int (*get_session_key_by_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char, uint16_t,
uint32_t, uint16_t, SessionKey *);
/* Lookup by session key and return Session Control Block
*
* Parameters
* Session Cache (protocol specific)
* Session Key
*
*/
void *(*get_session_by_key)(void *, const SessionKey *);
/* Create a new session
*
* Parameters
* Session Cache (protocol specific)
* Packet
* Session Key
*
*/
void *(*create_session)(void *, SFSnortPacket *, const SessionKey *);
/* Is session verified by protocol
*
* Parameters
* Session Control Block
*/
bool (*is_session_verified)( void * );
/* remove session from oneway list
*
* Parameters
* protocol
* Session Control Block
*/
void (*remove_session_from_oneway_list)( uint32_t, void * );
/* Delete a session
*
* Parameters
* Session cache (protocol specific)
* Session Control Block
* Reason
*/
int (*delete_session)(void *, void *, char *);
/* Delete a session but without providing the session cache.
*
* Parameters
* Session Control Block
* Reason
*/
int (*delete_session_by_key)(void *, char *);
/* Print session cache
*
* Parameters
* Session cache (protocol specific)
*
*/
void (*print_session_cache)(void *);
/* Delete session cache
*
* Parameters
* protocol
*
*/
int (*delete_session_cache)( uint32_t protocol );
/* Purge session cache
*
* Parameters
* Session cache (protocol specific)
*
*/
int (*purge_session_cache)(void *);
/* Prune session cache
*
* Parameters
* Session cache (protocol specific)
* Time
* Session Control Block
* Mem Check
*
*/
int (*prune_session_cache)(void *, uint32_t, void *, int);
/* Clean memory pool for protocol sessions by protocol
*
* Parameters
* protocol
*
*/
void (*clean_protocol_session_pool)( uint32_t );
/* Free protocol session memory by protocol
*
* Parameters
* protocol
* Session Pointer
*/
void (*free_protocol_session_pool)( uint32_t, void * );
/* Allocate session from protocol session pool
*
* Parameters
* protocol
*/
void *(*alloc_protocol_session)( uint32_t );
/* Get session count
*
* Parameters
* Session cache (protocol specific)
*
*/
int (*get_session_count)(void *);
/* Get prune count by protocol
*
* Parameters
* protocol
*/
uint32_t (*get_session_prune_count)( uint32_t protocol );
/* Reset prune count by protocol
*
* Parameters
* protocol
*/
void (*reset_session_prune_count)( uint32_t protocol );
/* Check session timeout
*
* Parameters
* Flow count
* Current time
*/
void (*check_session_timeout)( uint32_t, time_t );
/* Return status of protocol tracking for specified protocol
*
* Parameters
* proto
*
*/
int (*protocol_tracking_enabled)( IpProto proto );
/* Set packet direction flag
*
* Parameters
* Packet
* Session Control Block
*
*/
void (*set_packet_direction_flag)(SFSnortPacket *, void *);
/* Free session application data
*
* Parameters
* Session Control Block
*
*/
void (*free_application_data)(void *);
/* Get direction of packet
*
* Parameters:
* Packet
*/
uint32_t (*get_packet_direction)(SFSnortPacket *);
/* Disable inspection for a sesion.
*
* Parameters
* Session Ptr
* Packet
*/
void (*disable_inspection)(void *, SFSnortPacket *);
/* Stop inspection for session, up to count bytes (-1 to ignore
* for life or until resume).
*
* If response flag is set, automatically resume inspection up to
* count bytes when a data packet in the other direction is seen.
*
* Also marks the packet to be ignored
*
* Parameters
* Session Ptr
* Packet
* Direction
* Bytes
* Response Flag
*/
void (*stop_inspection)(void *, SFSnortPacket *, char, int32_t, int);
/* Turn off inspection for potential session.
* Adds session identifiers to a hash table.
* TCP only.
*
* Parameters
* IP addr #1
* Port #1
* IP addr #2
* Port #2
* Protocol
* Preprocessor ID
* Direction
* Flags (permanent)
*
* Returns
* 0 on success
* -1 on failure
*/
int (*ignore_session)(const SFSnortPacket *, sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, uint8_t,
uint32_t, char, char, struct _ExpectNode**);
/* Get direction that data is being ignored.
*
* Parameters
* Session Ptr
*/
int (*get_ignore_direction)(void *);
/* Resume inspection for session.
*
* Parameters
* Session Ptr
* Direction
*/
void (*resume_inspection)(void *, char);
/* Drop traffic arriving on session.
*
* Parameters
* Session Ptr
* Direction
*/
void (*drop_traffic)(SFSnortPacket *, void *, char);
/* Set a reference to application data for a session
*
* Parameters
* Session Ptr
* Application Protocol
* Application Data reference (pointer)
* Application Data free function
*
* Returns
* 0 on success
* -1 on failure
*/
int (*set_application_data)(void *, uint32_t, void *, StreamAppDataFree);
/* Set a reference to application data for a session
*
* Parameters
* Session Ptr
* Application Protocol
*
* Returns
* Application Data reference (pointer)
*/
void *(*get_application_data)(void *, uint32_t);
/*
* Set Expiration Timeout
*
* Parameters
* Packet
* Session Ptr
* timeout
*/
void (*set_expire_timer)( SFSnortPacket *, void *, uint32_t );
/* Get Expriration Timeou
*
* Parameters
* Packet
* Session Ptr
*
*/
int (*get_expire_timer)( SFSnortPacket *, void *);
/* Sets the flags for a session
* This ORs the supplied flags with the previous values
*
* Parameters
* Session Ptr
* Flags
*
* Returns
* New Flags
*/
uint32_t (*set_session_flags)(void *, uint32_t);
/* Gets the flags for a session
*
* Parameters
* Session Ptr
*/
uint32_t (*get_session_flags)(void *);
/* Get the runtime policy index for policy type
* specified
*
* Parameters
* Session Ptr
* Policy Type: NAP or IPS
*/
tSfPolicyId (*get_runtime_policy)(void *, int);
/* Set the runtime policy index for policy type
* specified
*
* Parameters
* Session Ptr
* Policy Type: NAP or IPS
* Index for this policy
*/
void (*set_runtime_policy)(void *, int, tSfPolicyId);
/* Get Flowbits data
*
* Parameters
* Packet
*
* Returns
* Ptr to Flowbits Data
*/
StreamFlowData *(*get_flow_data)(SFSnortPacket *p);
/* Set if Session Deletion to be delayed
*
* Parameters
* Session Ptr
* bool to set/unset delay_session_deletion_flag
*
*/
void (*set_session_deletion_delayed)(void *, bool);
/* Returns if SessionDeletion to be delayed or not
*
* Parameters
* Session Ptr
*
* Returns
* bool value denoting if sessionDeletion Delayed or not
*
*/
bool (*is_session_deletion_delayed)(void *);
#ifdef TARGET_BASED
/* Register preproc handler for the specifed application id
*
* Parameters
* Preprocessor Id
* Application ID
*/
void (*register_service_handler)(uint32_t, int16_t);
/* Get the protocol identifier from a stream
*
* Parameters
* Session Ptr
*
* Returns
* integer protocol identifier
*/
int16_t (*get_application_protocol_id)(void *);
/* Set the protocol identifier for a stream
*
* Parameters
* Session Ptr
* ID
*
* Returns
* integer protocol identifier
*/
int16_t (*set_application_protocol_id)(void *, int16_t);
/* Get server IP address. This could be used either during packet processing or when
* a session is being closed. Caller should make a deep copy if return value is needed
* for later use.
*
* Arguments
* void * - session pointer
* uint32_t - direction. Valid values are SSN_DIR_SERVER or SSN_DIR_CLIENT
*
* Returns
* IP address. Contents at the buffer should not be changed. The
*/
sfaddr_t* (*get_session_ip_address)(void *, uint32_t);
/* Get server/client ports.
*
* Arguments
* void * - session pointer
* uint16_t *client_port - client port pointer
* uint16_t *server_port - server port pointer
*
* Returns
* Ports.
*/
void (*get_session_ports)(void *, uint16_t *client_port, uint16_t *server_port);
#endif
/** Get an independent bit to allow an entity to enable and
* disable port session tracking and syn session creation
* without affecting the status of set by other entities.
* Returns a bitmask (with the bit range 3-15) or 0, if no bits
* are available.
*/
uint16_t (*get_preprocessor_status_bit)(void);
#ifdef ACTIVE_RESPONSE
// initialize response count and expiration time
void (*init_active_response)(SFSnortPacket *, void *);
#endif
// Get the TTL value used at session setup
// outer=0 to get inner ip ttl for ip in ip; else outer=1
uint8_t (*get_session_ttl)(void *ssnptr, char direction, int outer);
/* Turn off inspection for potential session.
* Adds session identifiers to a hash table.
* TCP only.
*
* Parameters
* Control Channel Packet
* IP addr #1
* Port #1
* IP addr #2
* Port #2
* Protocol
* ID,
* Preprocessor ID calling this function,
* Preprocessor specific data,
* Preprocessor data free function. If NULL, then static buffer is assumed.
*
* Returns
* 0 on success
* -1 on failure
*/
int (*set_application_protocol_id_expected)(const SFSnortPacket *, sfaddr_t*, uint16_t, sfaddr_t*, uint16_t,
uint8_t, int16_t, uint32_t, void*, void (*)(void*), struct _ExpectNode**);
#ifdef ENABLE_HA
/* Register a high availability producer and consumer function pair for a
* particular preprocessor ID and subcode combination.
*
* Parameters
* Processor ID
* Subcode
* Maximum Message Size
* Message Producer Function
* Message Consumer Function
*
* Returns
* >= 0 on success
* The returned value is the bit number in the HA pending bitmask and
* should be stored for future calls to set_ha_pending_bit().
* < 0 on failure
*/
int (*register_ha_funcs)(uint32_t preproc_id, uint8_t subcode, uint8_t size,
StreamHAProducerFunc produce, StreamHAConsumerFunc consume);
/* Indicate a pending high availability update for a given session.
*
* Parameters
* Session Ptr
* HA Pending Update Bit
*/
void (*set_ha_pending_bit)(void *, int bit);
/* Attempt to process any pending HA events for the given session
*
* Parameters
* Session Ptr
* DAQ SFSnortPacket Header for the packet being processed (Could be NULL)
*/
void (*process_ha)(void *, const DAQ_PktHdr_t *);
#endif
//Retrieve the maximum session limits for the given policy
void (*get_max_session_limits)(tSfPolicyId, StreamSessionLimits*);
/* Set direction that data is being ignored.
*
* Parameters
* Session Ptr
*/
int (*set_ignore_direction)(void *, int);
/** Retrieve stream session pointer based on the lookup tuples for
* cases where Snort does not have an active packet that is
* relevant.
*
* Parameters
* IP addr #1
* Port #1 (0 for non TCP/UDP)
* IP addr #2
* Port #2 (0 for non TCP/UDP)
* Protocol
* VLAN ID
* MPLS ID
* Address Space ID
*
* Returns
* Stream session pointer
*/
void *(*get_session_ptr_from_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char,
uint16_t, uint32_t, uint16_t);
/** Retrieve the session key given a stream session pointer.
*
* Parameters
* Session Ptr
*
* Returns
* Stream session key
*/
const StreamSessionKey *(*get_key_from_session_ptr)(const void *);
/* Delete the session if it is in the closed session state.
*
* Parameters
* Packet
*/
void (*check_session_closed)(SFSnortPacket *);
/* Create a session key from the Packet
*
* Parameters
* Packet
*/
StreamSessionKey *(*get_session_key)(SFSnortPacket *);
/* Get the application data from the session key
*
* Parameters
* SessionKey *
* Application Protocol
*/
void *(*get_application_data_from_key)(const StreamSessionKey *, uint32_t);
/** Retrieve application session data based on the lookup tuples for
* cases where Snort does not have an active packet that is
* relevant.
*
* Parameters
* IP addr #1
* Port #1 (0 for non TCP/UDP)
* IP addr #2
* Port #2 (0 for non TCP/UDP)
* Protocol
* VLAN ID
* MPLS ID
* Address Space ID
* Preprocessor ID
*
* Returns
* Application Data reference (pointer)
*/
void *(*get_application_data_from_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char,
uint16_t, uint32_t, uint16_t, uint32_t);
void (*disable_preproc_for_session)( void *, uint32_t );
void (*enable_preproc_for_port)( struct _SnortConfig *, uint32_t, uint32_t, uint16_t );
void (*enable_preproc_all_ports)( struct _SnortConfig *, uint32_t, uint32_t );
void (*enable_preproc_all_ports_all_policies)( struct _SnortConfig *, uint32_t, uint32_t );
bool (*is_preproc_enabled_for_port)( uint32_t, uint16_t );
void (*register_nap_selector)( nap_selector );
void (*register_mandatory_early_session_creator)(struct _SnortConfig *,
MandatoryEarlySessionCreatorFn callback);
void* (*get_application_data_from_expected_node)(struct _ExpectNode*, uint32_t);
int (*add_application_data_to_expected_node)(struct _ExpectNode*, uint32_t, void*, void (*)(void*));
void (*register_get_http_xff_precedence)(GetHttpXffPrecedenceFunc );
char** (*get_http_xff_precedence)(void* ssn, uint32_t flags, int* nFields);
struct _ExpectNode* (*get_next_expected_node)(struct _ExpectNode*);
} SessionAPI;
/* To be set by Session */
extern SessionAPI *session_api;
/**Port Inspection States. Port can be either ignored,
* or inspected or session tracked. The values are bitmasks.
*/
typedef enum {
/**Dont monitor the port. */
PORT_MONITOR_NONE = 0x00,
/**Inspect the port. */
PORT_MONITOR_INSPECT = 0x01,
/**perform session tracking on the port. */
PORT_MONITOR_SESSION = 0x02
} PortMonitorStates;
#define PORT_MONITOR_SESSION_BITS 0xFFFE
#define PP_SESSION_PRIORITY PRIORITY_CORE + PP_CORE_ORDER_SESSION
// Utility functions
//
/*********************************************************************
* Function: isPortEnabled
*
* Checks to see if a port is enabled in the port array mask
* passed in.
*
* Arguments:
* uint8_t *
* Pointer to a port array mask.
* const uint16_t
* The port to check for in the mask.
*
* Returns:
* bool
* true if the port is set.
* false if the port is not set.
*
*********************************************************************/
static inline bool isPortEnabled( const uint8_t *port_array, const uint16_t port )
{
return port_array[ ( port / 8 ) ] & ( 1 << ( port % 8 ) );
}
/*********************************************************************
* Function: enablePort()
*
* Enable a port in the port array mask passed in.
*
* Arguments:
* uint8_t *
* Pointer to a port array mask.
* const uint16_t
* The port to set in the port array mask.
*
* Returns: None
*
*********************************************************************/
static inline void enablePort( uint8_t *port_array, const uint16_t port )
{
port_array[ ( port / 8 ) ] |= ( 1 << ( port % 8 ) );
}
/*********************************************************************
* Function: disablePort()
*
* Disable a port in the port array mask passed in.
*
* Arguments:
* uint8_t *
* Pointer to a port array mask.
* const uint16_t
* The port to set in the port array mask.
*
* Returns: None
*
*********************************************************************/
static inline void disablePort( uint8_t *port_array, const uint16_t port )
{
port_array[ ( port / 8 ) ] &= ~( 1 << ( port % 8 ) );
}
#endif /* SESSION_API_H_ */

961
include/session_api.h.new Executable file
View file

@ -0,0 +1,961 @@
/* $Id$ */
/*
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2004-2013 Sourcefire, Inc.
* ** AUTHOR: d mcpherson
* **
* ** This program is free software; you can redistribute it and/or modify
* ** it under the terms of the GNU General Public License Version 2 as
* ** published by the Free Software Foundation. You may not use, modify or
* ** distribute this program under any other version of the GNU General
* ** Public License.
* **
* ** This program is distributed in the hope that it will be useful,
* ** but WITHOUT ANY WARRANTY; without even the implied warranty of
* ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* ** GNU General Public License for more details.
* **
* ** You should have received a copy of the GNU General Public License
* ** along with this program; if not, write to the Free Software
* ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* */
/* session_api.h
*
* Purpose: Definition of the SessionAPI. To be used as a common interface
* for other preprocessors and detection plugins that require a
* session context for execution.
*
* Arguments:
*
* Effect:
*
* Comments:
*
* Any comments?
*
*/
#ifndef _SESSION_API_H_
#define _SESSION_API_H_
#include <sys/types.h>
#include "ipv6_port.h"
#include "preprocids.h" /* IDs are used when setting preproc specific data */
#include "bitop.h"
#include "decode.h"
#include "sfPolicy.h"
/* default limits */
#define STREAM_DEFAULT_PRUNE_QUANTA 30 /* seconds to timeout a session */
#define STREAM_DEFAULT_MEMCAP 8388608 /* 8MB */
#define STREAM_DEFAULT_PRUNE_LOG_MAX 1048576 /* 1MB */
#define STREAM_RIDICULOUS_HI_MEMCAP ( 1024 * 1024 * 1024 ) /* 1GB */
#define STREAM_RIDICULOUS_LOW_MEMCAP 32768 /* 32k*/
#define STREAM_RIDICULOUS_MAX_SESSIONS ( 1024 * 1024 ) /* 1 million sessions */
#define STREAM_DEFAULT_MAX_TCP_SESSIONS 262144 /* 256k TCP sessions by default */
#define STREAM_DEFAULT_MAX_UDP_SESSIONS 131072 /* 128k UDP sessions by default */
#define STREAM_DEFAULT_MAX_ICMP_SESSIONS 65536 /* 64k ICMP sessions by default */
#define STREAM_DEFAULT_MAX_IP_SESSIONS 16384 /* 16k IP sessions by default */
#define STREAM_DEFAULT_TCP_CACHE_PRUNING_TIMEOUT 30 /* 30 seconds */
#define STREAM_DEFAULT_TCP_CACHE_NOMINAL_TIMEOUT ( 60 * 60 ) /* 1 hour */
#define STREAM_DEFAULT_UDP_CACHE_PRUNING_TIMEOUT 30 /* 30 seconds */
#define STREAM_DEFAULT_UDP_CACHE_NOMINAL_TIMEOUT ( 3 * 60 ) /* 3 minutes */
#define STREAM_MAX_CACHE_TIMEOUT ( 12 * 60 * 60 ) /* 12 hours */
#define STREAM_MIN_PRUNE_LOG_MAX 1024 /* 1k packet data stored */
#define STREAM_MAX_PRUNE_LOG_MAX STREAM_RIDICULOUS_HI_MEMCAP /* 1GB packet data stored */
#define STREAM_DELAY_SESSION_DELETION true /* set if session deletion to be delayed */
#define STREAM_DELAY_TIMEOUT_AFTER_CONNECTION_ENDED (3 * 60) /* 3 minutes */
#define STREAM_EXPECTED_CHANNEL_TIMEOUT 300
#ifdef ACTIVE_RESPONSE
#define STREAM_DEFAULT_MAX_ACTIVE_RESPONSES 0 /* default to no responses */
#define STREAM_DEFAULT_MIN_RESPONSE_SECONDS 1 /* wait at least 1 second between resps */
#define STREAM_MAX_ACTIVE_RESPONSES_MAX 25 /* banging your head against the wall */
#define STREAM_MIN_RESPONSE_SECONDS_MAX 300 /* we want to stop the flow soonest */
#endif
#define EXPECT_FLAG_ALWAYS 0x01
#define SSN_MISSING_NONE 0x00
#define SSN_MISSING_BEFORE 0x01
#define SSN_MISSING_AFTER 0x02
#define SSN_MISSING_BOTH (SSN_MISSING_BEFORE | SSN_MISSING_AFTER)
#define SSN_DIR_NONE 0x0
#define SSN_DIR_FROM_CLIENT 0x1
#define SSN_DIR_FROM_SENDER 0x1
#define SSN_DIR_TO_SERVER 0x1
#define SSN_DIR_FROM_SERVER 0x2
#define SSN_DIR_FROM_RESPONDER 0x2
#define SSN_DIR_TO_CLIENT 0x2
#define SSN_DIR_BOTH 0x3
#define SSNFLAG_SEEN_CLIENT 0x00000001
#define SSNFLAG_SEEN_SENDER 0x00000001
#define SSNFLAG_SEEN_SERVER 0x00000002
#define SSNFLAG_SEEN_RESPONDER 0x00000002
#define SSNFLAG_SEEN_BOTH (SSNFLAG_SEEN_SERVER | SSNFLAG_SEEN_CLIENT) /* used to check asymetric traffic */
#define SSNFLAG_ESTABLISHED 0x00000004
#define SSNFLAG_NMAP 0x00000008
#define SSNFLAG_ECN_CLIENT_QUERY 0x00000010
#define SSNFLAG_ECN_SERVER_REPLY 0x00000020
#define SSNFLAG_HTTP_1_1 0x00000040 /* has stream seen HTTP 1.1? */
#define SSNFLAG_SEEN_PMATCH 0x00000080 /* seen pattern match? */
#define SSNFLAG_MIDSTREAM 0x00000100 /* picked up midstream */
#define SSNFLAG_CLIENT_FIN 0x00000200 /* server sent fin */
#define SSNFLAG_SERVER_FIN 0x00000400 /* client sent fin */
#define SSNFLAG_CLIENT_PKT 0x00000800 /* packet is from the client */
#define SSNFLAG_SERVER_PKT 0x00001000 /* packet is from the server */
#define SSNFLAG_COUNTED_INITIALIZE 0x00002000
#define SSNFLAG_COUNTED_ESTABLISH 0x00004000
#define SSNFLAG_COUNTED_CLOSING 0x00008000
#define SSNFLAG_TIMEDOUT 0x00010000
#define SSNFLAG_PRUNED 0x00020000
#define SSNFLAG_RESET 0x00040000
#define SSNFLAG_DROP_CLIENT 0x00080000
#define SSNFLAG_DROP_SERVER 0x00100000
#define SSNFLAG_LOGGED_QUEUE_FULL 0x00200000
#define SSNFLAG_STREAM_ORDER_BAD 0x00400000
#define SSNFLAG_FORCE_BLOCK 0x00800000
#define SSNFLAG_CLIENT_SWAP 0x01000000
#define SSNFLAG_CLIENT_SWAPPED 0x02000000
#define SSNFLAG_DETECTION_DISABLED 0x04000000
#define SSNFLAG_HTTP_2 0x08000000
#define SSNFLAG_HTTP_2_UPG 0x10000000
#define SSNFLAG_FREE_APP_DATA 0x20000000
#define SSNFLAG_ALL 0xFFFFFFFF /* all that and a bag of chips */
#define SSNFLAG_NONE 0x00000000 /* nothing, an MT bag of chips */
// HA Session flags helper macros
#define HA_IGNORED_SESSION_FLAGS ( SSNFLAG_COUNTED_INITIALIZE | SSNFLAG_COUNTED_ESTABLISH | \
SSNFLAG_COUNTED_CLOSING | SSNFLAG_LOGGED_QUEUE_FULL)
#define HA_CRITICAL_SESSION_FLAGS ( SSNFLAG_DROP_CLIENT | SSNFLAG_DROP_SERVER | SSNFLAG_RESET )
#define HA_TCP_MAJOR_SESSION_FLAGS ( SSNFLAG_ESTABLISHED )
#define UNKNOWN_PORT 0
#define TCP_HZ 100
#define SESSION_API_VERSION1 1
/* NOTE: The XFF_BUILTING_NAMES value must match the code in snort_httpinspect.c that
adds the builtin names to the list. */
#define HTTP_XFF_FIELD_X_FORWARDED_FOR "X-Forwarded-For"
#define HTTP_XFF_FIELD_TRUE_CLIENT_IP "True-Client-IP"
#define HTTP_XFF_BUILTIN_NAMES (2)
#define HTTP_MAX_XFF_FIELDS 8
typedef struct _StreamSessionKey
{
/* XXX If this data structure changes size, HashKeyCmp must be updated! */
uint32_t ip_l[4]; /* Low IP */
uint32_t ip_h[4]; /* High IP */
uint16_t port_l; /* Low Port - 0 if ICMP */
uint16_t port_h; /* High Port - 0 if ICMP */
uint16_t vlan_tag;
uint8_t protocol;
char pad;
uint32_t mplsLabel; /* MPLS label */
uint16_t addressSpaceId;
uint16_t addressSpaceIdPad1;
/* XXX If this data structure changes size, HashKeyCmp must be updated! */
} StreamSessionKey;
typedef StreamSessionKey SessionKey;
typedef void ( *StreamAppDataFree )( void * );
typedef struct _StreamAppData
{
uint32_t protocol;
void *dataPointer;
struct _StreamAppData *next;
struct _StreamAppData *prev;
StreamAppDataFree freeFunc;
} StreamAppData;
typedef struct _StreamFlowData
{
BITOP boFlowbits;
unsigned char flowb[1];
} StreamFlowData;
typedef struct _StreamSessionLimits
{
uint32_t tcp_session_limit;
uint32_t udp_session_limit;
uint32_t icmp_session_limit;
uint32_t ip_session_limit;
} StreamSessionLimits;
typedef struct _StreamHAState
{
uint32_t session_flags;
#ifdef TARGET_BASED
int16_t ipprotocol;
int16_t application_protocol;
#endif
char direction;
char ignore_direction; /* flag to ignore traffic on this session */
} StreamHAState;
typedef enum {
SE_REXMIT,
SE_EOF,
SE_MAX
} Stream_Event;
//typedef void (*LogExtraData)(void *ssnptr, void *config, LogFunction *funcs, uint32_t max_count,
// uint32_t xtradata_mask, uint32_t id, uint32_t sec);
#ifdef ENABLE_HA
typedef uint32_t ( *StreamHAProducerFunc )( void *ssnptr, uint8_t *buf );
typedef int ( *StreamHAConsumerFunc )( void *ssnptr, const uint8_t *data, uint8_t length );
#endif
// Protocol types for creating session cache
#define SESSION_PROTO_TCP 0x00
#define SESSION_PROTO_UDP 0x01
#define SESSION_PROTO_ICMP 0x02
#define SESSION_PROTO_IP 0x03
#define SESSION_PROTO_MAX 0x04
// Snort Policy Types
#define SNORT_NAP_POLICY 0x00
#define SNORT_IPS_POLICY 0x01
struct _SnortConfig;
struct _ExpectNode;
typedef void( *SessionCleanup )( void *ssn );
typedef void ( *nap_selector )( Packet *p, bool client_packet );
typedef void (*MandatoryEarlySessionCreatorFn)(void *ssn, struct _ExpectNode*);
typedef char** (*GetHttpXffPrecedenceFunc)(void* ssn, uint32_t flags, int* nFields);
typedef struct _session_api
{
int version;
/* Create a protocol specific cache for session control blocks
*
* Parameters:
* Session procotol type
* Protocol Session Control Block Size
* Cleanup callback function
*/
void *(*init_session_cache)(uint32_t, uint32_t, SessionCleanup);
/* Lookup and return pointer to Session Control Block
*
* Parameters
* Session Cache
* Packet
* Session Key
*/
void *(*get_session)(void *, Packet *, SessionKey *);
/* Populate a session key from the Packet
*
* Parameters
* Packet
* Stream session key pointer
*/
void (*populate_session_key)(Packet *, StreamSessionKey *);
/* Lookup session by IP and Port from packet and return pointer to Session Control Block
*
* Parameters
* Source IP
* Source Port
* Destination IP
* Destination Port
* Protocol
* VLAN
* MPLS ID
* Address Space ID
* Session Key
*/
int (*get_session_key_by_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char, uint16_t,
uint32_t, uint16_t, SessionKey *);
/* Lookup by session key and return Session Control Block
*
* Parameters
* Session Cache (protocol specific)
* Session Key
*
*/
void *(*get_session_by_key)(void *, const SessionKey *);
/* Create a new session
*
* Parameters
* Session Cache (protocol specific)
* Packet
* Session Key
*
*/
void *(*create_session)(void *, Packet *, const SessionKey *);
/* Is session verified by protocol
*
* Parameters
* Session Control Block
*/
bool (*is_session_verified)( void * );
/* remove session from oneway list
*
* Parameters
* protocol
* Session Control Block
*/
void (*remove_session_from_oneway_list)( uint32_t, void * );
/* Delete a session
*
* Parameters
* Session cache (protocol specific)
* Session Control Block
* Reason
*/
int (*delete_session)(void *, void *, char *);
/* Delete a session but without providing the session cache.
*
* Parameters
* Session Control Block
* Reason
*/
int (*delete_session_by_key)(void *, char *);
/* Print session cache
*
* Parameters
* Session cache (protocol specific)
*
*/
void (*print_session_cache)(void *);
/* Delete session cache
*
* Parameters
* protocol
*
*/
int (*delete_session_cache)( uint32_t protocol );
/* Purge session cache
*
* Parameters
* Session cache (protocol specific)
*
*/
int (*purge_session_cache)(void *);
/* Prune session cache
*
* Parameters
* Session cache (protocol specific)
* Time
* Session Control Block
* Mem Check
*
*/
int (*prune_session_cache)(void *, uint32_t, void *, int);
/* Clean memory pool for protocol sessions by protocol
*
* Parameters
* protocol
*
*/
void (*clean_protocol_session_pool)( uint32_t );
/* Free protocol session memory by protocol
*
* Parameters
* protocol
* Session Pointer
*/
void (*free_protocol_session_pool)( uint32_t, void * );
/* Allocate session from protocol session pool
*
* Parameters
* protocol
*/
void *(*alloc_protocol_session)( uint32_t );
/* Get session count
*
* Parameters
* Session cache (protocol specific)
*
*/
int (*get_session_count)(void *);
/* Get prune count by protocol
*
* Parameters
* protocol
*/
uint32_t (*get_session_prune_count)( uint32_t protocol );
/* Reset prune count by protocol
*
* Parameters
* protocol
*/
void (*reset_session_prune_count)( uint32_t protocol );
/* Check session timeout
*
* Parameters
* Flow count
* Current time
*/
void (*check_session_timeout)( uint32_t, time_t );
/* Return status of protocol tracking for specified protocol
*
* Parameters
* proto
*
*/
int (*protocol_tracking_enabled)( IpProto proto );
/* Set packet direction flag
*
* Parameters
* Packet
* Session Control Block
*
*/
void (*set_packet_direction_flag)(Packet *, void *);
/* Free session application data
*
* Parameters
* Session Control Block
*
*/
void (*free_application_data)(void *);
/* Get direction of packet
*
* Parameters:
* Packet
*/
uint32_t (*get_packet_direction)(Packet *);
/* Disable inspection for a sesion.
*
* Parameters
* Session Ptr
* Packet
*/
void (*disable_inspection)(void *, Packet *);
/* Stop inspection for session, up to count bytes (-1 to ignore
* for life or until resume).
*
* If response flag is set, automatically resume inspection up to
* count bytes when a data packet in the other direction is seen.
*
* Also marks the packet to be ignored
*
* Parameters
* Session Ptr
* Packet
* Direction
* Bytes
* Response Flag
*/
void (*stop_inspection)(void *, Packet *, char, int32_t, int);
/* Turn off inspection for potential session.
* Adds session identifiers to a hash table.
* TCP only.
*
* Parameters
* IP addr #1
* Port #1
* IP addr #2
* Port #2
* Protocol
* Preprocessor ID
* Direction
* Flags (permanent)
*
* Returns
* 0 on success
* -1 on failure
*/
int (*ignore_session)(const Packet *, sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, uint8_t,
uint32_t, char, char, struct _ExpectNode**);
/* Get direction that data is being ignored.
*
* Parameters
* Session Ptr
*/
int (*get_ignore_direction)(void *);
/* Resume inspection for session.
*
* Parameters
* Session Ptr
* Direction
*/
void (*resume_inspection)(void *, char);
/* Drop traffic arriving on session.
*
* Parameters
* Session Ptr
* Direction
*/
void (*drop_traffic)(Packet *, void *, char);
/* Set a reference to application data for a session
*
* Parameters
* Session Ptr
* Application Protocol
* Application Data reference (pointer)
* Application Data free function
*
* Returns
* 0 on success
* -1 on failure
*/
int (*set_application_data)(void *, uint32_t, void *, StreamAppDataFree);
/* Set a reference to application data for a session
*
* Parameters
* Session Ptr
* Application Protocol
*
* Returns
* Application Data reference (pointer)
*/
void *(*get_application_data)(void *, uint32_t);
/*
* Set Expiration Timeout
*
* Parameters
* Packet
* Session Ptr
* timeout
*/
void (*set_expire_timer)( Packet *, void *, uint32_t );
/* Get Expriration Timeou
*
* Parameters
* Packet
* Session Ptr
*
*/
int (*get_expire_timer)( Packet *, void *);
/* Sets the flags for a session
* This ORs the supplied flags with the previous values
*
* Parameters
* Session Ptr
* Flags
*
* Returns
* New Flags
*/
uint32_t (*set_session_flags)(void *, uint32_t);
/* Gets the flags for a session
*
* Parameters
* Session Ptr
*/
uint32_t (*get_session_flags)(void *);
/* Get the runtime policy index for policy type
* specified
*
* Parameters
* Session Ptr
* Policy Type: NAP or IPS
*/
tSfPolicyId (*get_runtime_policy)(void *, int);
/* Set the runtime policy index for policy type
* specified
*
* Parameters
* Session Ptr
* Policy Type: NAP or IPS
* Index for this policy
*/
void (*set_runtime_policy)(void *, int, tSfPolicyId);
/* Get Flowbits data
*
* Parameters
* Packet
*
* Returns
* Ptr to Flowbits Data
*/
StreamFlowData *(*get_flow_data)(Packet *p);
/* Set if Session Deletion to be delayed
*
* Parameters
* Session Ptr
* bool to set/unset delay_session_deletion_flag
*
*/
void (*set_session_deletion_delayed)(void *, bool);
/* Returns if SessionDeletion to be delayed or not
*
* Parameters
* Session Ptr
*
* Returns
* bool value denoting if sessionDeletion Delayed or not
*
*/
bool (*is_session_deletion_delayed)(void *);
#ifdef TARGET_BASED
/* Register preproc handler for the specifed application id
*
* Parameters
* Preprocessor Id
* Application ID
*/
void (*register_service_handler)(uint32_t, int16_t);
/* Get the protocol identifier from a stream
*
* Parameters
* Session Ptr
*
* Returns
* integer protocol identifier
*/
int16_t (*get_application_protocol_id)(void *);
/* Set the protocol identifier for a stream
*
* Parameters
* Session Ptr
* ID
*
* Returns
* integer protocol identifier
*/
int16_t (*set_application_protocol_id)(void *, int16_t);
/* Get server IP address. This could be used either during packet processing or when
* a session is being closed. Caller should make a deep copy if return value is needed
* for later use.
*
* Arguments
* void * - session pointer
* uint32_t - direction. Valid values are SSN_DIR_SERVER or SSN_DIR_CLIENT
*
* Returns
* IP address. Contents at the buffer should not be changed. The
*/
sfaddr_t* (*get_session_ip_address)(void *, uint32_t);
/* Get server/client ports.
*
* Arguments
* void * - session pointer
* uint16_t *client_port - client port pointer
* uint16_t *server_port - server port pointer
*
* Returns
* Ports.
*/
void (*get_session_ports)(void *, uint16_t *client_port, uint16_t *server_port);
#endif
/** Get an independent bit to allow an entity to enable and
* disable port session tracking and syn session creation
* without affecting the status of set by other entities.
* Returns a bitmask (with the bit range 3-15) or 0, if no bits
* are available.
*/
uint16_t (*get_preprocessor_status_bit)(void);
#ifdef ACTIVE_RESPONSE
// initialize response count and expiration time
void (*init_active_response)(Packet *, void *);
#endif
// Get the TTL value used at session setup
// outer=0 to get inner ip ttl for ip in ip; else outer=1
uint8_t (*get_session_ttl)(void *ssnptr, char direction, int outer);
/* Turn off inspection for potential session.
* Adds session identifiers to a hash table.
* TCP only.
*
* Parameters
* Control Channel Packet
* IP addr #1
* Port #1
* IP addr #2
* Port #2
* Protocol
* ID,
* Preprocessor ID calling this function,
* Preprocessor specific data,
* Preprocessor data free function. If NULL, then static buffer is assumed.
*
* Returns
* 0 on success
* -1 on failure
*/
int (*set_application_protocol_id_expected)(const Packet *, sfaddr_t*, uint16_t, sfaddr_t*, uint16_t,
uint8_t, int16_t, uint32_t, void*, void (*)(void*), struct _ExpectNode**);
#ifdef ENABLE_HA
/* Register a high availability producer and consumer function pair for a
* particular preprocessor ID and subcode combination.
*
* Parameters
* Processor ID
* Subcode
* Maximum Message Size
* Message Producer Function
* Message Consumer Function
*
* Returns
* >= 0 on success
* The returned value is the bit number in the HA pending bitmask and
* should be stored for future calls to set_ha_pending_bit().
* < 0 on failure
*/
int (*register_ha_funcs)(uint32_t preproc_id, uint8_t subcode, uint8_t size,
StreamHAProducerFunc produce, StreamHAConsumerFunc consume);
/* Indicate a pending high availability update for a given session.
*
* Parameters
* Session Ptr
* HA Pending Update Bit
*/
void (*set_ha_pending_bit)(void *, int bit);
/* Attempt to process any pending HA events for the given session
*
* Parameters
* Session Ptr
* DAQ Packet Header for the packet being processed (Could be NULL)
*/
void (*process_ha)(void *, const DAQ_PktHdr_t *);
#endif
//Retrieve the maximum session limits for the given policy
void (*get_max_session_limits)(tSfPolicyId, StreamSessionLimits*);
/* Set direction that data is being ignored.
*
* Parameters
* Session Ptr
*/
int (*set_ignore_direction)(void *, int);
/** Retrieve stream session pointer based on the lookup tuples for
* cases where Snort does not have an active packet that is
* relevant.
*
* Parameters
* IP addr #1
* Port #1 (0 for non TCP/UDP)
* IP addr #2
* Port #2 (0 for non TCP/UDP)
* Protocol
* VLAN ID
* MPLS ID
* Address Space ID
*
* Returns
* Stream session pointer
*/
void *(*get_session_ptr_from_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char,
uint16_t, uint32_t, uint16_t);
/** Retrieve the session key given a stream session pointer.
*
* Parameters
* Session Ptr
*
* Returns
* Stream session key
*/
const StreamSessionKey *(*get_key_from_session_ptr)(const void *);
/* Delete the session if it is in the closed session state.
*
* Parameters
* Packet
*/
void (*check_session_closed)(Packet *);
/* Create a session key from the Packet
*
* Parameters
* Packet
*/
StreamSessionKey *(*get_session_key)(Packet *);
/* Get the application data from the session key
*
* Parameters
* SessionKey *
* Application Protocol
*/
void *(*get_application_data_from_key)(const StreamSessionKey *, uint32_t);
/** Retrieve application session data based on the lookup tuples for
* cases where Snort does not have an active packet that is
* relevant.
*
* Parameters
* IP addr #1
* Port #1 (0 for non TCP/UDP)
* IP addr #2
* Port #2 (0 for non TCP/UDP)
* Protocol
* VLAN ID
* MPLS ID
* Address Space ID
* Preprocessor ID
*
* Returns
* Application Data reference (pointer)
*/
void *(*get_application_data_from_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char,
uint16_t, uint32_t, uint16_t, uint32_t);
void (*disable_preproc_for_session)( void *, uint32_t );
void (*enable_preproc_for_port)( struct _SnortConfig *, uint32_t, uint32_t, uint16_t );
void (*enable_preproc_all_ports)( struct _SnortConfig *, uint32_t, uint32_t );
void (*enable_preproc_all_ports_all_policies)( struct _SnortConfig *, uint32_t, uint32_t );
bool (*is_preproc_enabled_for_port)( uint32_t, uint16_t );
void (*register_nap_selector)( nap_selector );
void (*register_mandatory_early_session_creator)(struct _SnortConfig *,
MandatoryEarlySessionCreatorFn callback);
void* (*get_application_data_from_expected_node)(struct _ExpectNode*, uint32_t);
int (*add_application_data_to_expected_node)(struct _ExpectNode*, uint32_t, void*, void (*)(void*));
void (*register_get_http_xff_precedence)(GetHttpXffPrecedenceFunc );
char** (*get_http_xff_precedence)(void* ssn, uint32_t flags, int* nFields);
struct _ExpectNode* (*get_next_expected_node)(struct _ExpectNode*);
} SessionAPI;
/* To be set by Session */
extern SessionAPI *session_api;
/**Port Inspection States. Port can be either ignored,
* or inspected or session tracked. The values are bitmasks.
*/
typedef enum {
/**Dont monitor the port. */
PORT_MONITOR_NONE = 0x00,
/**Inspect the port. */
PORT_MONITOR_INSPECT = 0x01,
/**perform session tracking on the port. */
PORT_MONITOR_SESSION = 0x02
} PortMonitorStates;
#define PORT_MONITOR_SESSION_BITS 0xFFFE
#define PP_SESSION_PRIORITY PRIORITY_CORE + PP_CORE_ORDER_SESSION
// Utility functions
//
/*********************************************************************
* Function: isPortEnabled
*
* Checks to see if a port is enabled in the port array mask
* passed in.
*
* Arguments:
* uint8_t *
* Pointer to a port array mask.
* const uint16_t
* The port to check for in the mask.
*
* Returns:
* bool
* true if the port is set.
* false if the port is not set.
*
*********************************************************************/
static inline bool isPortEnabled( const uint8_t *port_array, const uint16_t port )
{
return port_array[ ( port / 8 ) ] & ( 1 << ( port % 8 ) );
}
/*********************************************************************
* Function: enablePort()
*
* Enable a port in the port array mask passed in.
*
* Arguments:
* uint8_t *
* Pointer to a port array mask.
* const uint16_t
* The port to set in the port array mask.
*
* Returns: None
*
*********************************************************************/
static inline void enablePort( uint8_t *port_array, const uint16_t port )
{
port_array[ ( port / 8 ) ] |= ( 1 << ( port % 8 ) );
}
/*********************************************************************
* Function: disablePort()
*
* Disable a port in the port array mask passed in.
*
* Arguments:
* uint8_t *
* Pointer to a port array mask.
* const uint16_t
* The port to set in the port array mask.
*
* Returns: None
*
*********************************************************************/
static inline void disablePort( uint8_t *port_array, const uint16_t port )
{
port_array[ ( port / 8 ) ] &= ~( 1 << ( port % 8 ) );
}
#endif /* SESSION_API_H_ */

57
include/sfPolicy.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2008-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -14,7 +15,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -24,16 +25,17 @@
#include "sf_ip.h"
#include "ipv6_port.h"
#include "sfrt.h"
#include "debug.h"
#include "snort_debug.h"
/**Number of additional policies allocated with each re-alloc operation. */
#define POLICY_ALLOCATION_CHUNK 10
#define SF_VLAN_BINDING_MAX 4096
#define SF_POLICY_ID_BINDING_MAX 4096
#define SF_NETWORK_BINDING_MAX 4096
#define SF_VLAN_UNBOUND 0xffffffff
#define SF_POLICY_UNBOUND 0xffffffff
#define SF_DEFAULT_POLICY_ID 0
/* vlan id or address range is reduced to policy id. and subsequent processing is done using policy id only. */
/*vlan id or address range is reduced to policy id. and subsequent processing is done using policy id only. */
typedef struct
{
@ -48,6 +50,7 @@ typedef struct
typedef enum {
SF_BINDING_TYPE_VLAN,
SF_BINDING_TYPE_NETWORK,
SF_BINDING_TYPE_POLICY_ID,
SF_BINDING_TYPE_UNKNOWN
} tSF_BINDING_TYPE;
@ -64,15 +67,13 @@ typedef struct
unsigned int numActivePolicies;
/**vlan to policyId bindings. */
tSfPolicyId vlanBindings[SF_VLAN_BINDING_MAX];
/**policyId to policyId bindings. */
tSfPolicyId policyIdBindings[SF_POLICY_ID_BINDING_MAX];
/**Network to policyId bindings. */
table_t *netBindTable;
} tSfPolicyConfig;
extern tSfPolicyId runtimePolicyId;
extern tSfPolicyId parserPolicyId;
tSfPolicyConfig * sfPolicyInit(
void
);
@ -104,27 +105,40 @@ void sfVlanDeleteBinding(
tSfPolicyConfig *,
int
);
int sfPolicyIdAddBinding(
tSfPolicyConfig *,
int,
char *
);
tSfPolicyId sfPolicyIdGetBinding(
tSfPolicyConfig *,
int
);
void sfPolicyIdDeleteBinding(
tSfPolicyConfig *,
int
);
unsigned int sfGetApplicablePolicyId(
tSfPolicyConfig *,
int,
snort_ip_p,
snort_ip_p
sfaddr_t*,
sfaddr_t*
);
int sfNetworkAddBinding(
tSfPolicyConfig *,
sfip_t *,
sfcidr_t *,
char *
);
unsigned int sfNetworkGetBinding(
tSfPolicyConfig *,
snort_ip_p
sfaddr_t*
);
void sfNetworkDeleteBinding(
tSfPolicyConfig *,
snort_ip_p
sfaddr_t*
);
static INLINE tSfPolicyId sfGetDefaultPolicy(
static inline tSfPolicyId sfGetDefaultPolicy(
tSfPolicyConfig *config
)
{
@ -134,7 +148,7 @@ static INLINE tSfPolicyId sfGetDefaultPolicy(
return config->defaultPolicyId;
}
static INLINE void sfSetDefaultPolicy(
static inline void sfSetDefaultPolicy(
tSfPolicyConfig *config,
tSfPolicyId policyId
)
@ -145,7 +159,7 @@ static INLINE void sfSetDefaultPolicy(
config->defaultPolicyId = policyId;
}
static INLINE tSfPolicyId sfPolicyNumAllocated(
static inline tSfPolicyId sfPolicyNumAllocated(
tSfPolicyConfig *config
)
{
@ -155,10 +169,15 @@ static INLINE tSfPolicyId sfPolicyNumAllocated(
return config->numAllocatedPolicies;
}
/* dynamic array functions */
/*dynamic array functions */
int sfDynArrayCheckBounds (
void ** dynArray,
unsigned int index,
unsigned int *maxElements
);
typedef tSfPolicyId (*GetPolicyFunc)(void);
struct _SnortConfig;
typedef tSfPolicyId (*GetParserPolicyFunc)(struct _SnortConfig *);
#endif

45
include/sfPolicyUserData.c Normal file → Executable file
View file

@ -1,5 +1,6 @@
/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2008-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -14,18 +15,20 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "stdlib.h"
#include "string.h"
#include "sf_types.h"
#include "sfPolicy.h"
#include "sfPolicyUserData.h"
tSfPolicyId runtimePolicyId = 0;
tSfPolicyId parserPolicyId = 0;
/** @defgroup sfPolicyConfig Sourcefire policy configuration module
*
* Create a user policy configuration context. A context provides facility for creating
@ -90,7 +93,7 @@ int sfPolicyUserDataSet (
if (policyId >= pContext->numAllocatedPolicies)
{
/*expand the array*/
//expand the array
ppTmp = (void **)calloc(policyId+POLICY_ALLOCATION_CHUNK, sizeof(void *));
if (!(ppTmp))
{
@ -109,7 +112,7 @@ int sfPolicyUserDataSet (
if (pContext->userConfig[policyId])
{
/*dont overwrite existing configuration*/
//dont overwrite existing configuration
return -1;
}
@ -139,6 +142,29 @@ void * sfPolicyUserDataClear (
}
int sfPolicyUserDataIterate (
struct _SnortConfig *sc,
tSfPolicyUserContextId pContext,
int (*callback)(struct _SnortConfig *sc, tSfPolicyUserContextId pContext, tSfPolicyId policyId, void* config)
)
{
tSfPolicyId policyId;
int ret = 0;
//must not use numActivePolicies because the callback may delete a policy
for (policyId = 0; policyId < pContext->numAllocatedPolicies; policyId++)
{
if (pContext->userConfig[policyId])
{
ret = callback(sc, pContext, policyId, pContext->userConfig[policyId]);
if (ret != 0)
break;
}
}
return ret;
}
int sfPolicyUserDataFreeIterate (
tSfPolicyUserContextId pContext,
int (*callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void* config)
)
@ -146,7 +172,7 @@ int sfPolicyUserDataIterate (
tSfPolicyId policyId;
int ret = 0;
/*must not use numActivePolicies because the callback may delete a policy*/
//must not use numActivePolicies because the callback may delete a policy
for (policyId = 0; policyId < pContext->numAllocatedPolicies; policyId++)
{
if (pContext->userConfig[policyId])
@ -160,6 +186,5 @@ int sfPolicyUserDataIterate (
return ret;
}
/** @} */
/** @} */ //

84
include/sfPolicyUserData.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2008-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -14,7 +15,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -25,7 +26,6 @@
#include "ipv6_port.h"
#include "sfPolicy.h"
#include "sf_dynamic_preprocessor.h"
extern DynamicPreprocessorData _dpd;
typedef struct
{
@ -51,94 +51,68 @@ typedef struct
typedef tSfPolicyUserContext * tSfPolicyUserContextId;
tSfPolicyUserContextId sfPolicyConfigCreate(
void
);
tSfPolicyUserContextId sfPolicyConfigCreate( void );
void sfPolicyConfigDelete( tSfPolicyUserContextId pContext );
void sfPolicyConfigDelete(
tSfPolicyUserContextId pContext
);
/* Functions for setting, getting and clearing policy ids */
static INLINE void sfPolicyUserPolicySet (
tSfPolicyUserContextId pContext,
tSfPolicyId policyId
)
//Functions for setting, getting and clearing policy ids
static inline void sfPolicyUserPolicySet ( tSfPolicyUserContextId pContext, tSfPolicyId policyId )
{
pContext->currentPolicyId = policyId;
}
static INLINE tSfPolicyId sfPolicyUserPolicyGet (
tSfPolicyUserContextId pContext
)
static inline tSfPolicyId sfPolicyUserPolicyGet ( tSfPolicyUserContextId pContext )
{
return pContext->currentPolicyId;
}
static INLINE unsigned int sfPolicyUserPolicyGetActive (
tSfPolicyUserContextId pContext
)
static inline unsigned int sfPolicyUserPolicyGetActive ( tSfPolicyUserContextId pContext )
{
return (pContext->numActivePolicies);
}
/* Functions for setting, getting and clearing user data specific to policies. */
int sfPolicyUserDataSet (
tSfPolicyUserContextId pContext,
tSfPolicyId policyId,
void *config
);
static INLINE void * sfPolicyUserDataGet (
tSfPolicyUserContextId pContext,
tSfPolicyId policyId
)
//Functions for setting, getting and clearing user data specific to policies.
int sfPolicyUserDataSet ( tSfPolicyUserContextId pContext, tSfPolicyId policyId, void *config );
static inline void * sfPolicyUserDataGet ( tSfPolicyUserContextId pContext, tSfPolicyId policyId )
{
if ((pContext != NULL) && (policyId < pContext->numAllocatedPolicies))
{
if (pContext && policyId < pContext->numAllocatedPolicies)
return pContext->userConfig[policyId];
}
return NULL;
}
static INLINE int sfPolicyUserDataSetDefault (
tSfPolicyUserContextId pContext,
void *config
)
static inline int sfPolicyUserDataSetDefault ( tSfPolicyUserContextId pContext, void *config )
{
return sfPolicyUserDataSet (pContext, _dpd.getDefaultPolicy(), config);
}
static INLINE void * sfPolicyUserDataGetDefault (
tSfPolicyUserContextId pContext
)
static inline void * sfPolicyUserDataGetDefault ( tSfPolicyUserContextId pContext )
{
return sfPolicyUserDataGet (pContext, _dpd.getDefaultPolicy());
}
static INLINE int sfPolicyUserDataSetCurrent (
tSfPolicyUserContextId pContext,
void *config
)
static inline int sfPolicyUserDataSetCurrent ( tSfPolicyUserContextId pContext, void *config )
{
return sfPolicyUserDataSet (pContext, pContext->currentPolicyId, config);
}
static INLINE void * sfPolicyUserDataGetCurrent (
tSfPolicyUserContextId pContext
)
static inline void * sfPolicyUserDataGetCurrent ( tSfPolicyUserContextId pContext )
{
return sfPolicyUserDataGet (pContext, pContext->currentPolicyId);
}
void * sfPolicyUserDataClear (
tSfPolicyUserContextId pContext,
tSfPolicyId policyId
);
void *sfPolicyUserDataClear( tSfPolicyUserContextId pContext, tSfPolicyId policyId );
int sfPolicyUserDataIterate (
int sfPolicyUserDataIterate( struct _SnortConfig *sc, tSfPolicyUserContextId pContext,
int ( *callback )( struct _SnortConfig *sc,
tSfPolicyUserContextId pContext,
int (*callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void* config)
);
tSfPolicyId policyId,
void *config ) );
int sfPolicyUserDataFreeIterate( tSfPolicyUserContextId pContext,
int ( *callback )( tSfPolicyUserContextId pContext,
tSfPolicyId policyId,
void *config ) );
#endif

73
include/sf_dynamic_common.h Normal file → Executable file
View file

@ -12,9 +12,10 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
*/
#ifndef _SF_DYNAMIC_COMMON_H_
@ -26,33 +27,57 @@
#include <stdint.h>
#endif
typedef void (*LogMsgFunc)(const char *, ...);
typedef void (*DebugMsgFunc)(int, char *, ...);
#ifdef HAVE_WCHAR_H
typedef void (*DebugWideMsgFunc)(int, wchar_t *, ...);
typedef enum {
SF_FLAG_ALT_DECODE = 0x0001,
SF_FLAG_ALT_DETECT = 0x0002,
SF_FLAG_DETECT_ALL = 0xffff
} SFDetectFlagType;
#ifdef SF_WCHAR
#include <wchar.h>
typedef void (*DebugWideMsgFunc)(uint64_t, const wchar_t *, ...);
#endif
typedef uint32_t (*GetSnortInstance)(void);
#define STD_BUF 1024
#define MAX_URIINFOS 10
#define HTTP_BUFFER_URI 0
#define HTTP_BUFFER_RAW_URI 1
#define HTTP_BUFFER_HEADER 2
#define HTTP_BUFFER_RAW_HEADER 3
#define HTTP_BUFFER_CLIENT_BODY 4
#define HTTP_BUFFER_METHOD 5
#define HTTP_BUFFER_COOKIE 6
#define HTTP_BUFFER_RAW_COOKIE 7
#define HTTP_BUFFER_STAT_CODE 8
#define HTTP_BUFFER_STAT_MSG 9
typedef struct _UriInfo
#ifndef DECODE_BLEN
#define DECODE_BLEN 65535
/* must be defined the same as in detection_util.h */
typedef enum
{
uint8_t *uriBuffer;
uint16_t uriLength;
uint32_t uriDecodeFlags;
HTTP_BUFFER_NONE,
HTTP_BUFFER_URI,
HTTP_BUFFER_HEADER,
HTTP_BUFFER_CLIENT_BODY,
HTTP_BUFFER_METHOD,
HTTP_BUFFER_COOKIE,
HTTP_BUFFER_STAT_CODE,
HTTP_BUFFER_STAT_MSG,
HTTP_BUFFER_RAW_URI,
HTTP_BUFFER_RAW_HEADER,
HTTP_BUFFER_RAW_COOKIE,
HTTP_BUFFER_MAX
} HTTP_BUFFER;
#endif
} UriInfo;
typedef struct {
const uint8_t *data;
uint16_t len;
} SFDataPointer;
typedef struct {
uint8_t data[DECODE_BLEN];
uint16_t len;
} SFDataBuffer;
typedef void (*LogMsgFunc)(const char *, ...);
typedef void (*DebugMsgFunc)(uint64_t, const char *, ...);
typedef int (*GetAltDetectFunc)(uint8_t **, uint16_t *);
typedef void (*SetAltDetectFunc)(uint8_t *,uint16_t );
typedef int (*IsDetectFlagFunc)(SFDetectFlagType);
typedef void (*DetectFlagDisableFunc)(SFDetectFlagType);
typedef void (*SetHttpBufferFunc)(HTTP_BUFFER, const uint8_t*, unsigned);
typedef const uint8_t* (*GetHttpBufferFunc)(HTTP_BUFFER, unsigned*);
#endif /* _SF_DYNAMIC_COMMON_H_ */

52
include/sf_dynamic_define.h Normal file → Executable file
View file

@ -12,9 +12,10 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (C) 2007-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2007-2013 Sourcefire, Inc.
*
* Author: Russ Combs
*
@ -29,10 +30,14 @@
/* the OPTION_TYPE_* and FLOW_* values
* are used as args to the hasFunc()
* which replaces the prior has*Func()s.
*
* Try to add values to the end (just before OPTION_TYPE_MAX). Also, look
* at OptionConverterArray in sf_convert_dynamic.c to make sure types align.
*/
typedef enum {
OPTION_TYPE_PREPROCESSOR,
OPTION_TYPE_CONTENT,
OPTION_TYPE_PROTECTED_CONTENT,
OPTION_TYPE_PCRE,
OPTION_TYPE_FLOWBIT,
OPTION_TYPE_FLOWFLAGS,
@ -44,10 +49,16 @@ typedef enum {
OPTION_TYPE_BYTE_EXTRACT,
OPTION_TYPE_SET_CURSOR,
OPTION_TYPE_LOOP,
OPTION_TYPE_FILE_DATA,
OPTION_TYPE_PKT_DATA,
OPTION_TYPE_BASE64_DATA,
OPTION_TYPE_BASE64_DECODE,
OPTION_TYPE_BYTE_MATH,
OPTION_TYPE_MAX
} DynamicOptionType;
#define FLOW_ESTABLISHED 0x0010
/* beware: these are redefined from sf_snort_packet.h FLAG_*! */
#define FLOW_ESTABLISHED 0x0008
#define FLOW_FR_SERVER 0x0040
#define FLOW_TO_CLIENT 0x0040 /* Just for convenience */
#define FLOW_TO_SERVER 0x0080
@ -58,30 +69,45 @@ typedef enum {
#define SNORT_PCRE_OVERRIDE_MATCH_LIMIT 0x8000000
#ifndef SF_SO_PUBLIC
#if defined _WIN32 || defined __CYGWIN__
# if defined SF_SNORT_ENGINE_DLL || defined SF_SNORT_DETECTION_DLL || defined SF_SNORT_PREPROC_DLL
# if defined SF_SNORT_ENGINE_DLL || defined SF_SNORT_DETECTION_DLL || \
defined SF_SNORT_PREPROC_DLL
# ifdef __GNUC__
# define SO_PUBLIC __attribute__((dllexport))
# define SF_SO_PUBLIC __attribute__((dllexport))
# else
# define SO_PUBLIC __declspec(dllexport)
# define SF_SO_PUBLIC __declspec(dllexport)
# endif
# else
# ifdef __GNUC__
# define SO_PUBLIC __attribute__((dllimport))
# define SF_SO_PUBLIC __attribute__((dllimport))
# else
# define SO_PUBLIC __declspec(dllimport)
# define SF_SO_PUBLIC __declspec(dllimport)
# endif
# endif
# define DLL_LOCAL
#else
# ifdef HAVE_VISIBILITY
# define SO_PUBLIC __attribute__ ((visibility("default")))
# define SO_PRIVATE __attribute__ ((visibility("hidden")))
# ifdef SF_VISIBILITY
# define SF_SO_PUBLIC __attribute__ ((visibility("default")))
# define SF_SO_PRIVATE __attribute__ ((visibility("hidden")))
# else
# define SO_PUBLIC
# define SO_PRIVATE
# define SF_SO_PUBLIC
# define SF_SO_PRIVATE
# endif
#endif
#endif
/* Parameters are rule info pointer, int to indicate URI or NORM,
* and list pointer */
/* low nibble must be HTTP_BUFFER_* (see sf_dynamic_common.h) */
/* FIXTHIS eliminate these redefines */
#define CONTENT_HTTP_URI 0x00000001
#define CONTENT_HTTP_HEADER 0x00000002
#define CONTENT_HTTP_CLIENT_BODY 0x00000003
#define CONTENT_HTTP_METHOD 0x00000004
#define CONTENT_NORMAL 0x00010000
#define CONTENT_HTTP 0x00000007
#endif /* _SF_DYNAMIC_DEFINE_H_ */

90
include/sf_dynamic_engine.h Normal file → Executable file
View file

@ -12,9 +12,10 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
* Author: Steven Sturges
*
@ -24,10 +25,6 @@
#ifndef _SF_DYNAMIC_ENGINE_H_
#define _SF_DYNAMIC_ENGINE_H_
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifndef WIN32
#include <sys/types.h>
#else
@ -36,7 +33,6 @@
#include "sf_dynamic_define.h"
#include "sf_dynamic_meta.h"
#include "sf_types.h"
/* specifies that a function does not return
* used for quieting Visual Studio warnings
@ -70,56 +66,58 @@ typedef struct _FPContentInfo
char is_relative;
char fp;
char fp_only;
u_int16_t fp_offset;
u_int16_t fp_length;
char uri_buffer;
uint16_t fp_offset;
uint16_t fp_length;
struct _FPContentInfo *next;
} FPContentInfo;
/* Parameters are rule info pointer, int to indicate URI or NORM,
* and list pointer */
#define CONTENT_NORMAL 0x01
#define CONTENT_HTTP_URI 0x02
#define CONTENT_HTTP_HEADER 0x04
#define CONTENT_HTTP_CLIENT_BODY 0x08
#define CONTENT_HTTP_METHOD 0x10
#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\
CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD)
typedef int (*GetDynamicContentsFunction)(void *, int, FPContentInfo **);
typedef int (*GetDynamicPreprocOptFpContentsFunc)(void *, FPContentInfo **);
typedef void (*RuleFreeFunc)(void *);
/* ruleInfo is passed to OTNCheckFunction when the fast pattern matches. */
struct _SnortConfig;
typedef int (*RegisterRule)(
u_int32_t, u_int32_t, void *,
struct _SnortConfig *,
uint32_t, uint32_t, void *,
OTNCheckFunction, OTNHasFunction,
int, GetDynamicContentsFunction, RuleFreeFunc,
GetDynamicPreprocOptFpContentsFunc
);
typedef u_int32_t (*RegisterBit)(char *, int);
typedef int (*CheckFlowbit)(void *, int, u_int32_t);
typedef int (*DetectAsn1)(void *, void *, const u_int8_t *);
typedef int (*PreprocOptionEval)(void *p, const u_int8_t **cursor, void *dataPtr);
typedef int (*PreprocOptionInit)(char *, char *, void **dataPtr);
typedef void *(*RegisterBit)(void *);
typedef void (*UnregisterBit)(void *);
typedef int (*CheckFlowbit)(void *, void *);
typedef int (*DetectAsn1)(void *, void *, const uint8_t *);
typedef int (*PreprocOptionEval)(void *p, const uint8_t **cursor, void *dataPtr);
typedef int (*PreprocOptionInit)(struct _SnortConfig *, char *, char *, void **dataPtr);
typedef void (*PreprocOptionCleanup)(void *dataPtr);
typedef int (*SfUnfold)(const uint8_t *, uint32_t , uint8_t *, uint32_t , uint32_t *);
typedef int (*SfBase64Decode)(uint8_t *, uint32_t , uint8_t *, uint32_t , uint32_t *);
#define PREPROC_OPT_EQUAL 0
#define PREPROC_OPT_NOT_EQUAL 1
typedef u_int32_t (*PreprocOptionHash)(void *);
typedef uint32_t (*PreprocOptionHash)(void *);
typedef int (*PreprocOptionKeyCompare)(void *, void *);
/* Function prototype for rule options that want to add patterns to the
* fast pattern matcher */
typedef int (*PreprocOptionFastPatternFunc)
(void *rule_opt_data, int protocol, int direction, FPContentInfo **info);
typedef int (*PreprocOptionOtnHandler)(void *);
typedef int (*PreprocOptionOtnHandler)(struct _SnortConfig *, void *);
typedef int (*PreprocOptionByteOrderFunc)(void *, int32_t);
typedef int (*RegisterPreprocRuleOpt)(
struct _SnortConfig *,
char *, PreprocOptionInit, PreprocOptionEval,
PreprocOptionCleanup, PreprocOptionHash, PreprocOptionKeyCompare,
PreprocOptionOtnHandler, PreprocOptionFastPatternFunc);
typedef int (*PreprocRuleOptInit)(void *);
typedef int (*PreprocRuleOptInit)(struct _SnortConfig *, void *);
typedef void (*SetRuleData)(void *, void *);
typedef void *(*GetRuleData)(void *);
typedef void (*SessionDataFree)(void *);
typedef int (*SetRuleData)(void *, void *, uint32_t, SessionDataFree);
typedef void *(*GetRuleData)(void *, uint32_t);
typedef void * (*AllocRuleData)(size_t);
typedef void (*FreeRuleData)(void *);
/* Info Data passed to dynamic engine plugin must include:
* version
@ -134,17 +132,22 @@ typedef void *(*GetRuleData)(void *);
*/
#include "sf_dynamic_common.h"
#define ENGINE_DATA_VERSION 5
#define ENGINE_DATA_VERSION 10
typedef void *(*PCRECompileFunc)(const char *, int, const char **, int *, const unsigned char *);
typedef void *(*PCREStudyFunc)(const void *, int, const char **);
typedef int (*PCREExecFunc)(const void *, const void *, const char *, int, int, int, int *, int);
typedef void (*PCRECapture)(struct _SnortConfig *, const void *, const void *);
typedef void(*PCREOvectorInfo)(int **, int *);
typedef struct _DynamicEngineData
{
int version;
u_int8_t *altBuffer;
UriInfo *uriBuffers[MAX_URIINFOS];
SFDataBuffer *altBuffer;
SFDataPointer *altDetect;
SFDataPointer *fileDataBuf;
RegisterRule ruleRegister;
RegisterBit flowbitRegister;
CheckFlowbit flowbitCheck;
@ -160,7 +163,7 @@ typedef struct _DynamicEngineData
GetRuleData getRuleData;
DebugMsgFunc debugMsg;
#ifdef HAVE_WCHAR_H
#ifdef SF_WCHAR
DebugWideMsgFunc debugWideMsg;
#endif
@ -170,13 +173,30 @@ typedef struct _DynamicEngineData
PCRECompileFunc pcreCompile;
PCREStudyFunc pcreStudy;
PCREExecFunc pcreExec;
SfUnfold sfUnfold;
SfBase64Decode sfbase64decode;
GetAltDetectFunc GetAltDetect;
SetAltDetectFunc SetAltDetect;
IsDetectFlagFunc Is_DetectFlag;
DetectFlagDisableFunc DetectFlag_Disable;
AllocRuleData allocRuleData;
FreeRuleData freeRuleData;
UnregisterBit flowbitUnregister;
PCRECapture pcreCapture;
PCREOvectorInfo pcreOvectorInfo;
GetHttpBufferFunc getHttpBuffer;
} DynamicEngineData;
extern DynamicEngineData _ded;
/* Function prototypes for Dynamic Engine Plugins */
void CloseDynamicEngineLibs(void);
void LoadAllDynamicEngineLibs(char *path);
int LoadDynamicEngineLib(char *library_name, int indent);
void LoadAllDynamicEngineLibs(const char * const path);
int LoadDynamicEngineLib(const char * const library_name, int indent);
typedef int (*InitEngineLibFunc)(DynamicEngineData *);
typedef int (*CompatibilityFunc)(DynamicPluginMeta *meta, DynamicPluginMeta *lib);

16
include/sf_dynamic_meta.h Normal file → Executable file
View file

@ -12,9 +12,10 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
* Author: Steven Sturges
*
@ -24,11 +25,22 @@
#ifndef _SF_DYNAMIC_META_H_
#define _SF_DYNAMIC_META_H_
/* Required version and name of the engine */
#ifndef REQ_ENGINE_LIB_MAJOR
#define REQ_ENGINE_LIB_MAJOR 3
#endif
#ifndef REQ_ENGINE_LIB_MINOR
/* FIXTHIS need to update dynamic-plugins/sf_engine/examples/sfsnort_dynamic_detection_lib.c */
#define REQ_ENGINE_LIB_MINOR 0
#endif
#define REQ_ENGINE_LIB_NAME "SF_SNORT_DETECTION_ENGINE"
#define MAX_NAME_LEN 1024
#define TYPE_ENGINE 0x01
#define TYPE_DETECTION 0x02
#define TYPE_PREPROCESSOR 0x04
#define TYPE_SIDE_CHANNEL 0x08
typedef struct _DynamicPluginMeta
{

135
include/sf_dynamic_preproc_lib.c Normal file → Executable file
View file

@ -1,6 +1,7 @@
/* $Id$ */
/*
** Copyright (C) 2005-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2005-2013 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
@ -15,21 +16,27 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <stdarg.h>
#include <stdlib.h>
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "sf_types.h"
#include "sf_dynamic_define.h"
#include "sf_preproc_info.h"
#include "sf_snort_packet.h"
#include "sf_dynamic_preproc_lib.h"
#include "sf_dynamic_meta.h"
#include "sf_dynamic_preprocessor.h"
#include "sf_dynamic_common.h"
#include "sf_dynamic_define.h"
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <stdarg.h>
#include <stdlib.h>
DynamicPreprocessorData _dpd;
@ -49,116 +56,23 @@ NORETURN void DynamicPreprocessorFatalMessage(const char *format, ...)
exit(1);
}
PREPROC_LINKAGE int InitializePreprocessor(DynamicPreprocessorData *dpd)
{
int i;
if (dpd->version < PREPROCESSOR_DATA_VERSION)
{
printf("ERROR version %d < %d\n", dpd->version,
PREPROCESSOR_DATA_VERSION);
return -1;
}
if (dpd->size != sizeof(DynamicPreprocessorData))
{
return -1;
printf("ERROR size %d != %u\n", dpd->size, (unsigned)sizeof(*dpd));
return -2;
}
_dpd.version = dpd->version;
_dpd.size = dpd->size;
_dpd.altBuffer = dpd->altBuffer;
_dpd.altBufferLen = dpd->altBufferLen;
for (i=0;i<MAX_URIINFOS;i++)
{
_dpd.uriBuffers[i] = dpd->uriBuffers[i];
}
_dpd.logMsg = dpd->logMsg;
_dpd.errMsg = dpd->errMsg;
_dpd.fatalMsg = dpd->fatalMsg;
_dpd.debugMsg = dpd->debugMsg;
_dpd.registerPreproc = dpd->registerPreproc;
_dpd.addPreproc = dpd->addPreproc;
_dpd.addPreprocRestart = dpd->addPreprocRestart;
_dpd.addPreprocExit = dpd->addPreprocExit;
_dpd.addPreprocConfCheck = dpd->addPreprocConfCheck;
_dpd.preprocOptRegister = dpd->preprocOptRegister;
_dpd.addPreprocProfileFunc = dpd->addPreprocProfileFunc;
_dpd.profilingPreprocsFunc = dpd->profilingPreprocsFunc;
_dpd.totalPerfStats = dpd->totalPerfStats;
_dpd.alertAdd = dpd->alertAdd;
_dpd.genSnortEvent = dpd->genSnortEvent;
_dpd.thresholdCheck = dpd->thresholdCheck;
_dpd.inlineMode = dpd->inlineMode;
_dpd.inlineDrop = dpd->inlineDrop;
_dpd.detect = dpd->detect;
_dpd.disableDetect = dpd->disableDetect;
_dpd.disableAllDetect = dpd->disableAllDetect;
_dpd.setPreprocBit = dpd->setPreprocBit;
_dpd.streamAPI = dpd->streamAPI;
_dpd.searchAPI = dpd->searchAPI;
_dpd.config_file = dpd->config_file;
_dpd.config_line = dpd->config_line;
_dpd.printfappend = dpd->printfappend;
_dpd.tokenSplit = dpd->tokenSplit;
_dpd.tokenFree = dpd->tokenFree;
_dpd.getRuleInfoByName = dpd->getRuleInfoByName;
_dpd.getRuleInfoById = dpd->getRuleInfoById;
_dpd.preprocess = dpd->preprocess;
_dpd.debugMsgFile = dpd->debugMsgFile;
_dpd.debugMsgLine = dpd->debugMsgLine;
_dpd.registerPreprocStats = dpd->registerPreprocStats;
_dpd.addPreprocReset = dpd->addPreprocReset;
_dpd.addPreprocResetStats = dpd->addPreprocResetStats;
_dpd.addPreprocReassemblyPkt = dpd->addPreprocReassemblyPkt;
_dpd.setPreprocReassemblyPktBit = dpd->setPreprocReassemblyPktBit;
_dpd.disablePreprocessors = dpd->disablePreprocessors;
#ifdef SUP_IP6
_dpd.ip6Build = dpd->ip6Build;
_dpd.ip6SetCallbacks = dpd->ip6SetCallbacks;
#endif
_dpd.logAlerts = dpd->logAlerts;
_dpd.resetAlerts = dpd->resetAlerts;
_dpd.pushAlerts = dpd->pushAlerts;
_dpd.popAlerts = dpd->popAlerts;
#ifdef TARGET_BASED
_dpd.findProtocolReference = dpd->findProtocolReference;
_dpd.addProtocolReference = dpd->addProtocolReference;
_dpd.isAdaptiveConfigured = dpd->isAdaptiveConfigured;
#endif
_dpd.preprocOptOverrideKeyword = dpd->preprocOptOverrideKeyword;
_dpd.isPreprocEnabled = dpd->isPreprocEnabled;
#ifdef SNORT_RELOAD
_dpd.addPreprocReloadVerify = dpd->addPreprocReloadVerify;
#endif
_dpd.getRuntimePolicy = dpd->getRuntimePolicy;
_dpd.getParserPolicy = dpd->getParserPolicy;
_dpd.getDefaultPolicy = dpd->getDefaultPolicy;
_dpd.setParserPolicy = dpd->setParserPolicy;
_dpd.setFileDataPtr = dpd->setFileDataPtr;
_dpd.SnortStrtol = dpd->SnortStrtol;
_dpd.SnortStrtoul = dpd->SnortStrtoul;
_dpd.fpEvalRTN = dpd->fpEvalRTN;
_dpd.portObjectCharPortArray = dpd->portObjectCharPortArray;
_dpd.obApi = dpd->obApi;
_dpd = *dpd;
DYNAMIC_PREPROC_SETUP();
return 0;
}
@ -170,11 +84,8 @@ PREPROC_LINKAGE int LibVersion(DynamicPluginMeta *dpm)
dpm->major = MAJOR_VERSION;
dpm->minor = MINOR_VERSION;
dpm->build = BUILD_VERSION;
strncpy(dpm->uniqueName, PREPROC_NAME, MAX_NAME_LEN);
strncpy(dpm->uniqueName, PREPROC_NAME, MAX_NAME_LEN-1);
dpm->uniqueName[MAX_NAME_LEN-1] = '\0';
return 0;
}
/* Variables to check type of InitializeEngine and LibVersion */
/*PREPROC_LINKAGE InitEngineLibFunc initEngineFunc = &InitializeEngine;*/
/*PREPROC_LINKAGE LibVersionFunc libVersionFunc = &LibVersion;*/

9
include/sf_dynamic_preproc_lib.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/*
** Copyright (C) 2005-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2005-2013 Sourcefire, Inc.
** Author: Steven Sturges
**
** This program is free software; you can redistribute it and/or modify
@ -15,7 +16,7 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/* $Id$ */
@ -28,12 +29,12 @@
#ifdef WIN32
#ifdef SF_SNORT_PREPROC_DLL
#define BUILDING_SO
#define PREPROC_LINKAGE SO_PUBLIC
#define PREPROC_LINKAGE SF_SO_PUBLIC
#else
#define PREPROC_LINKAGE
#endif
#else /* WIN32 */
#define PREPROC_LINKAGE SO_PUBLIC
#define PREPROC_LINKAGE SF_SO_PUBLIC
#endif
#endif /* __SF_DYNAMIC_PREPROC_LIB_H_ */

423
include/sf_dynamic_preprocessor.h Normal file → Executable file
View file

@ -12,9 +12,10 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
* Author: Steven Sturges
*
@ -24,17 +25,13 @@
#ifndef _SF_DYNAMIC_PREPROCESSOR_H_
#define _SF_DYNAMIC_PREPROCESSOR_H_
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <ctype.h>
#ifdef HAVE_WCHAR_H
#ifdef SF_WCHAR
#include <wchar.h>
#endif
#include "sf_dynamic_meta.h"
#include "ipv6_port.h"
#include "sf_types.h"
#include "obfuscation.h"
/* specifies that a function does not return
* used for quieting Visual Studio warnings
@ -58,91 +55,246 @@
#endif
#endif
#define PREPROCESSOR_DATA_VERSION 5
#define PREPROCESSOR_DATA_VERSION 12
#include "sf_dynamic_common.h"
#include "sf_dynamic_engine.h"
#include "session_api.h"
#include "stream_api.h"
#include "str_search.h"
#include "obfuscation.h"
#include "sfcontrol.h"
#ifdef SIDE_CHANNEL
#include "sidechannel_define.h"
#endif
#include "idle_processing.h"
#include "file_api.h"
struct _PreprocStats;
#define MINIMUM_DYNAMIC_PREPROC_ID 10000
typedef void (*PreprocessorInitFunc)(char *);
typedef void * (*AddPreprocFunc)(void (*func)(void *, void *), u_int16_t, u_int32_t, u_int32_t);
typedef void (*AddPreprocExit)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocRestart)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocConfCheck)(void (*func) (void));
typedef int (*AlertQueueAdd)(unsigned int, unsigned int, unsigned int,
unsigned int, unsigned int, char *, void *);
typedef void (*PreprocessorInitFunc)(struct _SnortConfig *, char *);
typedef void * (*AddPreprocFunc)(struct _SnortConfig *, void (*pp_func)(void *, void *), uint16_t, uint32_t, uint32_t);
typedef void * (*AddMetaEvalFunc)(struct _SnortConfig *, void (*meta_eval_func)(int, const uint8_t *),
uint16_t priority, uint32_t preproc_id);
typedef void (*AddPreprocExit)(void (*pp_exit_func) (int, void *), void *arg, uint16_t, uint32_t);
typedef void (*AddPreprocUnused)(void (*pp_unused_func) (int, void *), void *arg, uint16_t, uint32_t);
typedef void (*AddPreprocConfCheck)(struct _SnortConfig *, int (*pp_conf_chk_func) (struct _SnortConfig *));
typedef void (*AddToPostConfList)(struct _SnortConfig *sc, void (*post_config_func)(struct _SnortConfig *, int , void *), void *arg);
typedef int (*AlertQueueAdd)(uint32_t, uint32_t, uint32_t,
uint32_t, uint32_t, const char *, void *);
typedef uint32_t (*GenSnortEvent)(SFSnortPacket *p, uint32_t gid, uint32_t sid, uint32_t rev,
uint32_t classification, uint32_t priority, char *msg);
uint32_t classification, uint32_t priority, const char *msg);
#ifdef SNORT_RELOAD
typedef void (*PreprocessorReloadFunc)(char *);
typedef int (*PreprocessorReloadVerifyFunc)(void);
typedef void * (*PreprocessorReloadSwapFunc)(void);
typedef void (*PreprocessorReloadFunc)(struct _SnortConfig *, char *, void **);
typedef int (*PreprocessorReloadVerifyFunc)(struct _SnortConfig *, void *);
typedef void * (*PreprocessorReloadSwapFunc)(struct _SnortConfig *, void *);
typedef void (*PreprocessorReloadSwapFreeFunc)(void *);
#endif
#ifndef SNORT_RELOAD
typedef void (*PreprocRegisterFunc)(char *, PreprocessorInitFunc);
typedef void (*PreprocRegisterFunc)(const char *, PreprocessorInitFunc);
#else
typedef void (*PreprocRegisterFunc)(char *, PreprocessorInitFunc,
typedef void (*PreprocRegisterFunc)(const char *, PreprocessorInitFunc,
PreprocessorReloadFunc,
PreprocessorReloadVerifyFunc,
PreprocessorReloadSwapFunc,
PreprocessorReloadSwapFreeFunc);
typedef void (*AddPreprocReloadVerifyFunc)(PreprocessorReloadVerifyFunc);
typedef void *(*GetRelatedReloadDataFunc)(struct _SnortConfig *, const char *);
#endif
typedef int (*ThresholdCheckFunc)(unsigned int, unsigned int, snort_ip_p, snort_ip_p, long);
typedef int (*InlineDropFunc)(void *);
typedef int (*ThresholdCheckFunc)(unsigned int, unsigned int, sfaddr_t*, sfaddr_t*, long);
typedef void (*InlineDropFunc)(void *);
typedef bool (*ActivePacketWasDroppedFunc)(void);
typedef bool (*InlineRetryFunc)(void *);
typedef void (*ActiveEnableFunc)(int);
typedef void (*DisableDetectFunc)(void *);
typedef int (*SetPreprocBitFunc)(void *, u_int32_t);
typedef int (*EnablePreprocessorFunc)(void *, uint32_t);
typedef int (*DetectFunc)(void *);
typedef void *(*GetRuleInfoByNameFunc)(char *);
typedef void *(*GetRuleInfoByIdFunc)(int);
typedef int (*printfappendfunc)(char *, int, const char *, ...);
typedef char ** (*TokenSplitFunc)(const char *, const char *, const int, int *, const char);
typedef void (*TokenFreeFunc)(char ***, int);
typedef void (*AddPreprocProfileFunc)(char *, void *, int, void *);
typedef void (*PreprocStatsNodeFreeFunc)(struct _PreprocStats *stats);
typedef void (*AddPreprocProfileFunc)(const char *, void *, int, void *, PreprocStatsNodeFreeFunc freefn);
typedef int (*ProfilingFunc)(void);
typedef int (*PreprocessFunc)(void *);
typedef void (*PreprocStatsRegisterFunc)(char *, void (*func)(int));
typedef void (*AddPreprocReset)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocResetStats)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocReassemblyPktFunc)(void * (*func)(void), u_int32_t);
typedef int (*SetPreprocReassemblyPktBitFunc)(void *, u_int32_t);
typedef void (*DisablePreprocessorsFunc)(void *);
#ifdef TARGET_BASED
typedef int16_t (*FindProtocolReferenceFunc)(char *);
typedef int16_t (*AddProtocolReferenceFunc)(char *);
typedef int (*IsAdaptiveConfiguredFunc)(tSfPolicyId, int);
#ifdef DUMP_BUFFER
typedef void (*BufferDumpRegisterFunc)(TraceBuffer * (*)(), unsigned int);
#endif
typedef void (*PreprocStatsRegisterFunc)(const char *, void (*pp_stats_func)(int));
typedef void (*AddPreprocReset)(void (*pp_rst_func) (int, void *), void *arg, uint16_t, uint32_t);
typedef void (*AddPreprocResetStats)(void (*pp_rst_stats_func) (int, void *), void *arg, uint16_t, uint32_t);
typedef void (*AddPreprocReassemblyPktFunc)(void * (*pp_reass_pkt_func)(void), uint32_t);
typedef int (*SetPreprocReassemblyPktBitFunc)(void *, uint32_t);
typedef void (*DisablePreprocessorsFunc)(void *);
typedef char** (*DynamicGetHttpXffFieldsFunc)(int* nFields);
#ifdef TARGET_BASED
typedef int16_t (*FindProtocolReferenceFunc)(const char *);
typedef int16_t (*AddProtocolReferenceFunc)(const char *);
#if defined(FEAT_OPEN_APPID)
typedef const char * (*FindProtocolNameFunc)(int16_t);
#endif /* defined(FEAT_OPEN_APPID) */
typedef int (*IsAdaptiveConfiguredFunc)(void);
typedef int (*IsAdaptiveConfiguredForSnortConfigFunc)(struct _SnortConfig *);
#endif
#ifdef SUP_IP6
typedef void (*IP6BuildFunc)(void *, const void *, int);
#define SET_CALLBACK_IP 0
#define SET_CALLBACK_ICMP_ORIG 1
typedef void (*IP6SetCallbacksFunc)(void *, int, char);
#endif
typedef void (*AddKeywordOverrideFunc)(char *, char *, PreprocOptionInit,
typedef void (*AddKeywordOverrideFunc)(struct _SnortConfig *, char *, char *, PreprocOptionInit,
PreprocOptionEval, PreprocOptionCleanup, PreprocOptionHash,
PreprocOptionKeyCompare, PreprocOptionOtnHandler,
PreprocOptionFastPatternFunc);
typedef void (*AddKeywordByteOrderFunc)(char *, PreprocOptionByteOrderFunc);
typedef int (*IsPreprocEnabledFunc)(u_int32_t);
typedef int (*IsPreprocEnabledFunc)(struct _SnortConfig *, uint32_t);
typedef char * (*PortArrayFunc)(char *, void *, int *);
typedef int (*AlertQueueLog)(void *);
typedef void (*AlertQueueControl)(void); /* reset, push, and pop */
typedef tSfPolicyId (*GetPolicyFunc)(void);
typedef void (*SetPolicyFunc)(tSfPolicyId);
typedef int (*GetInlineMode)(void);
typedef void (*SetFileDataPtrFunc)(const u_char *);
typedef void (*SetPolicyFunc)(struct _SnortConfig *, tSfPolicyId);
typedef tSfPolicyId (*GetPolicyFromIdFunc)(uint16_t );
typedef void (*ChangePolicyFunc)(tSfPolicyId, void *p);
typedef void (*SetFileDataPtrFunc)(uint8_t *,uint16_t );
typedef void (*DetectResetFunc)(uint8_t *,uint16_t );
typedef void (*SetAltDecodeFunc)(uint16_t );
typedef void (*DetectFlagEnableFunc)(SFDetectFlagType);
typedef long (*DynamicStrtol)(const char *, char **, int);
typedef unsigned long(*DynamicStrtoul)(const char *, char **, int);
typedef const char* (*DynamicStrnStr)(const char *, int, const char *);
typedef const char* (*DynamicStrcasestr)(const char *, int, const char *);
typedef int (*DynamicStrncpy)(char *, const char *, size_t );
typedef const char* (*DynamicStrnPbrk)(const char *, int , const char *);
typedef int (*EvalRTNFunc)(void *rtn, void *p, int check_ports);
typedef void* (*EncodeNew)(void);
typedef void (*EncodeDelete)(void*);
typedef void (*EncodeUpdate)(void*);
typedef int (*EncodeFormat)(uint32_t, const void*, void*, int);
typedef void* (*NewGrinderPktPtr)(void *, void *, uint8_t *);
typedef void (*DeleteGrinderPktPtr)(void*);
typedef bool (*PafEnabledFunc)(void);
typedef time_t (*SCPacketTimeFunc)(void);
typedef void (*SCGetPktTimeOfDay)(struct timeval *tv);
#ifdef SIDE_CHANNEL
typedef bool (*SCEnabledFunc)(void);
typedef int (*SCRegisterRXHandlerFunc)(uint16_t type, SCMProcessMsgFunc processMsgFunc, void *data);
typedef int (*SCPreallocMessageTXFunc)(uint32_t length, SCMsgHdr **hdr, uint8_t **msg_ptr, void **msg_handle);
typedef int (*SCEnqueueMessageTXFunc)(SCMsgHdr *hdr, const uint8_t *msg, uint32_t length, void *msg_handle, SCMQMsgFreeFunc msgFreeFunc);
#endif
typedef char* (*GetLogDirectory)(void);
typedef int (*ControlSocketRegisterHandlerFunc)(uint16_t, OOBPreControlFunc, IBControlFunc,
OOBPostControlFunc);
typedef int (*RegisterIdleHandler)(IdleProcessingHandler);
#ifdef ACTIVE_RESPONSE
#define SND_BLK_RESP_FLAG_DO_CLIENT 1
#define SND_BLK_RESP_FLAG_DO_SERVER 2
typedef void (*DynamicSendBlockResponse)(void *packet, const uint8_t* buffer, uint32_t buffer_len, unsigned flags);
typedef void (*ActiveInjectDataFunc)(void *, uint32_t, const uint8_t *, uint32_t);
typedef void (*ActiveResponseFunc )(void *, const uint8_t *, uint32_t , uint32_t);
// NOTE: DynamicActive_ResponseFunc must match func ptr def Active_ResponseFunc in active.h
typedef void (*DynamicActive_ResponseFunc)(SFSnortPacket *packet, void* data);
typedef int (*ActiveQueueResponseFunc )(DynamicActive_ResponseFunc cb, void *);
#endif
typedef int (*DynamicSetFlowId)(const void* p, uint32_t id);
#ifdef HAVE_DAQ_EXT_MODFLOW
typedef int (*DynamicModifyFlow)(const DAQ_PktHdr_t *hdr, const DAQ_ModFlow_t* mod);
#endif
#ifdef HAVE_DAQ_QUERYFLOW
typedef int (*DynamicQueryFlow)(const DAQ_PktHdr_t *hdr, DAQ_QueryFlow_t* query);
#endif
typedef int (*DynamicIsStrEmpty)(const char * );
typedef void (*AddPeriodicCheck)(void (*pp_check_func) (int, void *), void *arg, uint16_t, uint32_t, uint32_t);
typedef void (*AddPostConfigFuncs)(struct _SnortConfig *, void (*pp_post_config_func) (struct _SnortConfig *, void *), void *arg);
typedef int (*AddOutPutModule)(const char *filename);
typedef int (*CanWhitelist)(void);
typedef void (*DisableAllPoliciesFunc)(struct _SnortConfig *);
typedef int (*ReenablePreprocBitFunc)(struct _SnortConfig *, unsigned int preproc_id);
typedef int (*DynamicCheckValueInRangeFunc)(const char *, char *,
unsigned long lo, unsigned long hi, unsigned long *value);
typedef bool (*DynamicReadyForProcessFunc) (void* pkt);
typedef int (*SslAppIdLookupFunc)(void * ssnptr, const char * serverName, const char * commonName, int32_t *serviceAppId, int32_t *clientAppId, int32_t *payloadAppId);
typedef void (*RegisterSslAppIdLookupFunc)(SslAppIdLookupFunc);
typedef int32_t (*GetAppIdFunc)(void *ssnptr);
typedef void (*RegisterGetAppIdFunc)(GetAppIdFunc);
typedef struct urlQueryContext* (*UrlQueryCreateFunc)(const char *url);
typedef void (*UrlQueryDestroyFunc)(struct urlQueryContext *context);
typedef int (*UrlQueryMatchFunc)(void *ssnptr, struct urlQueryContext *context, uint16_t inUrlCat, uint16_t inUrlMinRep, uint16_t inUrlMaxRep);
typedef void (*RegisterUrlQueryFunc)(UrlQueryCreateFunc, UrlQueryDestroyFunc,UrlQueryMatchFunc);
typedef int (*UserGroupIdGetFunc)(void *ssnptr, uint32_t *userId, uint32_t *realmId, unsigned *groupIdArray, unsigned groupIdArrayLen);
typedef void (*RegisterUserGroupIdGetFunc)(UserGroupIdGetFunc);
typedef int (*GeoIpAddressLookupFunc)(const sfaddr_t *snortIp, uint16_t *geo);
typedef void (*RegisterGeoIpAddressLookupFunc)(GeoIpAddressLookupFunc);
typedef void (*UpdateSSLSSnLogDataFunc)(void *ssnptr, uint8_t logging_on, uint8_t action_is_block, const char *ssl_cert_fingerprint,
uint32_t ssl_cert_fingerprint_len, uint32_t ssl_cert_status, uint8_t *ssl_policy_id,
uint32_t ssl_policy_id_len, uint32_t ssl_rule_id, uint16_t ssl_cipher_suite, uint8_t ssl_version,
uint16_t ssl_actual_action, uint16_t ssl_expected_action, uint32_t ssl_url_category,
uint16_t ssl_flow_status, uint32_t ssl_flow_error, uint32_t ssl_flow_messages,
uint64_t ssl_flow_flags, char *ssl_server_name, uint8_t *ssl_session_id, uint8_t session_id_len,
uint8_t *ssl_ticket_id, uint8_t ticket_id_len);
typedef void (*RegisterUpdateSSLSSnLogDataFunc)(UpdateSSLSSnLogDataFunc);
typedef void (*EndSSLSSnLogDataFunc)(void *ssnptr, uint32_t ssl_flow_messages, uint64_t ssl_flow_flags) ;
typedef void (*RegisterEndSSLSSnLogDataFunc)(EndSSLSSnLogDataFunc);
typedef int (*GetSSLActualActionFunc)(void *ssnptr, uint16_t *action);
typedef void (*RegisterGetSSLActualActionFunc)(GetSSLActualActionFunc);
typedef void (*GetIntfDataFunc)(void *ssnptr,int32_t *ingressIntfIndex, int32_t *egressIntfIndex,
int32_t *ingressZoneIndex, int32_t *egressZoneIndex) ;
typedef void (*RegisterGetIntfDataFunc)(GetIntfDataFunc);
//
// SSL Callbacks
//
typedef bool (*DynamicIsSSLPolicyEnabledFunc)(struct _SnortConfig *sc);
typedef void (*DynamicSetSSLPolicyEnabledFunc)(struct _SnortConfig *sc, tSfPolicyId policy, bool value);
typedef void (*SetSSLCallbackFunc)(void *);
typedef void* (*GetSSLCallbackFunc)(void);
typedef int (*_LoadLibraryFunc)(const char * const path, int indent);
typedef void (*LoadAllLibsFunc)(const char * const path, _LoadLibraryFunc loadFunc);
typedef void * _PluginHandle;
typedef _PluginHandle (*OpenDynamicLibraryFunc)(const char * const library_name, int useGlobal);
typedef void (*_dlsym_func)(void);
typedef _dlsym_func (*GetSymbolFunc)(_PluginHandle handle, char * symbol, DynamicPluginMeta * meta, int fatal);
typedef void (*CloseDynamicLibraryFunc)(_PluginHandle handle);
#if defined(FEAT_OPEN_APPID)
typedef bool (*IsAppIdRequiredFunc)(void);
typedef void (*RegisterIsAppIdRequiredFunc)(IsAppIdRequiredFunc);
typedef void (*UnregisterIsAppIdRequiredFunc)(IsAppIdRequiredFunc);
struct AppIdApi;
#endif /* defined(FEAT_OPEN_APPID) */
typedef bool (*ReadModeFunc)(void);
typedef int (*GetPerfIndicatorsFunc)(void *Request);
typedef bool (*IsTestModeFunc)(void);
typedef struct _SnortConfig* (*GetCurrentSnortConfigFunc)(void);
#define ENC_DYN_FWD 0x80000000
#define ENC_DYN_NET 0x10000000
/* Info Data passed to dynamic preprocessor plugin must include:
* version
* Pointer to AltDecodeBuffer
@ -157,17 +309,22 @@ typedef struct _DynamicPreprocessorData
int version;
int size;
u_int8_t *altBuffer;
unsigned int altBufferLen;
UriInfo *uriBuffers[MAX_URIINFOS];
SFDataBuffer *altBuffer;
SFDataPointer *altDetect;
SFDataPointer *fileDataBuf;
LogMsgFunc logMsg;
LogMsgFunc errMsg;
LogMsgFunc fatalMsg;
DebugMsgFunc debugMsg;
PreprocRegisterFunc registerPreproc;
#ifdef SNORT_RELOAD
GetRelatedReloadDataFunc getRelatedReloadData;
#endif
AddPreprocFunc addPreproc;
AddPreprocRestart addPreprocRestart;
AddPreprocFunc addPreprocAllPolicies;
GetSnortInstance getSnortInstance;
AddPreprocExit addPreprocExit;
AddPreprocConfCheck addPreprocConfCheck;
RegisterPreprocRuleOpt preprocOptRegister;
@ -178,16 +335,17 @@ typedef struct _DynamicPreprocessorData
AlertQueueAdd alertAdd;
GenSnortEvent genSnortEvent;
ThresholdCheckFunc thresholdCheck;
GetInlineMode inlineMode;
InlineDropFunc inlineDrop;
#ifdef ACTIVE_RESPONSE
ActiveEnableFunc activeSetEnabled;
#endif
DetectFunc detect;
DisableDetectFunc disableDetect;
DisableDetectFunc disableAllDetect;
DisableDetectFunc disablePacketAnalysis;
EnablePreprocessorFunc enablePreprocessor;
SetPreprocBitFunc setPreprocBit;
SessionAPI *sessionAPI;
StreamAPI *streamAPI;
SearchAPI *searchAPI;
@ -199,27 +357,24 @@ typedef struct _DynamicPreprocessorData
GetRuleInfoByNameFunc getRuleInfoByName;
GetRuleInfoByIdFunc getRuleInfoById;
#ifdef HAVE_WCHAR_H
#ifdef SF_WCHAR
DebugWideMsgFunc debugWideMsg;
#endif
PreprocessFunc preprocess;
#ifdef DUMP_BUFFER
BufferDumpRegisterFunc registerBufferTracer;
#endif
char **debugMsgFile;
int *debugMsgLine;
PreprocStatsRegisterFunc registerPreprocStats;
AddPreprocReset addPreprocReset;
AddPreprocResetStats addPreprocResetStats;
AddPreprocReassemblyPktFunc addPreprocReassemblyPkt;
SetPreprocReassemblyPktBitFunc setPreprocReassemblyPktBit;
DisablePreprocessorsFunc disablePreprocessors;
#ifdef SUP_IP6
IP6BuildFunc ip6Build;
IP6SetCallbacksFunc ip6SetCallbacks;
#endif
AlertQueueLog logAlerts;
AlertQueueControl resetAlerts;
@ -230,34 +385,161 @@ typedef struct _DynamicPreprocessorData
FindProtocolReferenceFunc findProtocolReference;
AddProtocolReferenceFunc addProtocolReference;
IsAdaptiveConfiguredFunc isAdaptiveConfigured;
IsAdaptiveConfiguredForSnortConfigFunc isAdaptiveConfiguredForSnortConfig;
#endif
AddKeywordOverrideFunc preprocOptOverrideKeyword;
AddKeywordByteOrderFunc preprocOptByteOrderKeyword;
IsPreprocEnabledFunc isPreprocEnabled;
#ifdef SNORT_RELOAD
AddPreprocReloadVerifyFunc addPreprocReloadVerify;
#endif
PortArrayFunc portObjectCharPortArray;
GetPolicyFunc getRuntimePolicy;
GetPolicyFunc getParserPolicy;
GetPolicyFunc getNapRuntimePolicy;
GetPolicyFunc getIpsRuntimePolicy;
GetParserPolicyFunc getParserPolicy;
GetPolicyFunc getDefaultPolicy;
SetPolicyFunc setParserPolicy;
SetFileDataPtrFunc setFileDataPtr;
DetectResetFunc DetectReset;
SetAltDecodeFunc SetAltDecode;
GetAltDetectFunc GetAltDetect;
SetAltDetectFunc SetAltDetect;
IsDetectFlagFunc Is_DetectFlag;
DetectFlagDisableFunc DetectFlag_Disable;
DynamicStrtol SnortStrtol;
DynamicStrtoul SnortStrtoul;
DynamicStrnStr SnortStrnStr;
DynamicStrncpy SnortStrncpy;
DynamicStrnPbrk SnortStrnPbrk;
DynamicStrcasestr SnortStrcasestr;
EvalRTNFunc fpEvalRTN;
ObfuscationApi *obApi;
EncodeNew encodeNew;
EncodeDelete encodeDelete;
EncodeFormat encodeFormat;
EncodeUpdate encodeUpdate;
NewGrinderPktPtr newGrinderPkt;
DeleteGrinderPktPtr deleteGrinderPkt;
AddPreprocFunc addDetect;
PafEnabledFunc isPafEnabled;
SCPacketTimeFunc pktTime;
SCGetPktTimeOfDay getPktTimeOfDay;
#ifdef SIDE_CHANNEL
SCEnabledFunc isSCEnabled;
SCRegisterRXHandlerFunc scRegisterRXHandler;
SCPreallocMessageTXFunc scAllocMessageTX;
SCEnqueueMessageTXFunc scEnqueueMessageTX;
#endif
GetLogDirectory getLogDirectory;
ControlSocketRegisterHandlerFunc controlSocketRegisterHandler;
RegisterIdleHandler registerIdleHandler;
GetPolicyFromIdFunc getPolicyFromId;
ChangePolicyFunc changeNapRuntimePolicy;
ChangePolicyFunc changeIpsRuntimePolicy;
InlineDropFunc inlineDropPacket;
InlineDropFunc inlineForceDropPacket;
InlineDropFunc inlineDropSessionAndReset;
InlineDropFunc inlineForceDropSession;
InlineDropFunc inlineForceDropSessionAndReset;
ActivePacketWasDroppedFunc active_PacketWasDropped;
InlineRetryFunc inlineRetryPacket;
DynamicIsStrEmpty SnortIsStrEmpty;
AddMetaEvalFunc addMetaEval;
#ifdef ACTIVE_RESPONSE
DynamicSendBlockResponse dynamicSendBlockResponse;
#endif
DynamicSetFlowId dynamicSetFlowId;
#ifdef HAVE_DAQ_EXT_MODFLOW
DynamicModifyFlow dynamicModifyFlow;
#endif
#ifdef HAVE_DAQ_QUERYFLOW
DynamicQueryFlow dynamicQueryFlow;
#endif
AddPeriodicCheck addPeriodicCheck;
AddPostConfigFuncs addPostConfigFunc;
AddToPostConfList addFuncToPostConfigList;
char **snort_conf_dir;
AddOutPutModule addOutputModule;
CanWhitelist canWhitelist;
FileAPI *fileAPI;
DisableAllPoliciesFunc disableAllPolicies;
ReenablePreprocBitFunc reenablePreprocBit;
DynamicCheckValueInRangeFunc checkValueInRange;
SetHttpBufferFunc setHttpBuffer;
GetHttpBufferFunc getHttpBuffer;
#ifdef ACTIVE_RESPONSE
ActiveInjectDataFunc activeInjectData;
ActiveResponseFunc activeSendResponse;
ActiveQueueResponseFunc activeQueueResponse;
#endif
GetSSLCallbackFunc getSSLCallback;
SetSSLCallbackFunc setSSLCallback;
SslAppIdLookupFunc sslAppIdLookup;
RegisterSslAppIdLookupFunc registerSslAppIdLookup;
GetAppIdFunc getAppId;
RegisterGetAppIdFunc registerGetAppId;
UrlQueryCreateFunc urlQueryCreate;
UrlQueryDestroyFunc urlQueryDestroy;
UrlQueryMatchFunc urlQueryMatch;
RegisterUrlQueryFunc registerUrlQuery;
UserGroupIdGetFunc userGroupIdGet;
RegisterUserGroupIdGetFunc registerUserGroupIdGet;
GeoIpAddressLookupFunc geoIpAddressLookup;
RegisterGeoIpAddressLookupFunc registerGeoIpAddressLookup;
UpdateSSLSSnLogDataFunc updateSSLSSnLogData;
RegisterUpdateSSLSSnLogDataFunc registerUpdateSSLSSnLogData;
EndSSLSSnLogDataFunc endSSLSSnLogData;
RegisterEndSSLSSnLogDataFunc registerEndSSLSSnLogData;
GetSSLActualActionFunc getSSLActualAction;
RegisterGetSSLActualActionFunc registerGetSSLActualAction;
GetIntfDataFunc getIntfData;
RegisterGetIntfDataFunc registerGetIntfData;
DynamicReadyForProcessFunc readyForProcess;
DynamicIsSSLPolicyEnabledFunc isSSLPolicyEnabled;
DynamicSetSSLPolicyEnabledFunc setSSLPolicyEnabled;
/* Preproc's fetch Snort performance indicators. Used by IAB. */
GetPerfIndicatorsFunc getPerfIndicators;
LoadAllLibsFunc loadAllLibs;
OpenDynamicLibraryFunc openDynamicLibrary;
GetSymbolFunc getSymbol;
CloseDynamicLibraryFunc closeDynamicLibrary;
DynamicGetHttpXffFieldsFunc getHttpXffFields;
#if defined(FEAT_OPEN_APPID)
struct AppIdApi *appIdApi;
RegisterIsAppIdRequiredFunc registerIsAppIdRequired;
UnregisterIsAppIdRequiredFunc unregisterIsAppIdRequired;
IsAppIdRequiredFunc isAppIdRequired;
#endif /* defined(FEAT_OPEN_APPID) */
ReadModeFunc isReadMode;
IsTestModeFunc isTestMode;
GetCurrentSnortConfigFunc getCurrentSnortConfig;
} DynamicPreprocessorData;
/* Function prototypes for Dynamic Preprocessor Plugins */
void CloseDynamicPreprocessorLibs(void);
int LoadDynamicPreprocessor(char *library_name, int indent);
void LoadAllDynamicPreprocessors(char *path);
int LoadDynamicPreprocessor(const char * const library_name, int indent);
void LoadAllDynamicPreprocessors(const char * const path);
typedef int (*InitPreprocessorLibFunc)(DynamicPreprocessorData *);
int InitDynamicPreprocessors(void);
@ -268,4 +550,5 @@ void RemoveDuplicatePreprocessorPlugins(void);
*/
NORETURN void DynamicPreprocessorFatalMessage(const char *format, ...);
extern DynamicPreprocessorData _dpd;
#endif /* _SF_DYNAMIC_PREPROCESSOR_H_ */

427
include/sf_dynamic_preprocessor.h.new Normal file → Executable file
View file

@ -12,9 +12,10 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
* Author: Steven Sturges
*
@ -24,17 +25,13 @@
#ifndef _SF_DYNAMIC_PREPROCESSOR_H_
#define _SF_DYNAMIC_PREPROCESSOR_H_
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <ctype.h>
#ifdef HAVE_WCHAR_H
#ifdef SF_WCHAR
#include <wchar.h>
#endif
#include "sf_dynamic_meta.h"
#include "ipv6_port.h"
#include "sf_types.h"
#include "obfuscation.h"
/* specifies that a function does not return
* used for quieting Visual Studio warnings
@ -58,92 +55,247 @@
#endif
#endif
#define PREPROCESSOR_DATA_VERSION 5
#define PREPROCESSOR_DATA_VERSION 12
#include "sf_dynamic_common.h"
#include "sf_dynamic_engine.h"
#include "session_api.h"
#include "stream_api.h"
#include "str_search.h"
#include "obfuscation.h"
#include "sfportobject.h"
/*#include "sfportobject.h" */
#include "sfcontrol.h"
#ifdef SIDE_CHANNEL
#include "sidechannel_define.h"
#endif
#include "idle_processing.h"
#include "file_api.h"
struct _PreprocStats;
#define MINIMUM_DYNAMIC_PREPROC_ID 10000
typedef void (*PreprocessorInitFunc)(char *);
typedef void * (*AddPreprocFunc)(void (*func)(void *, void *), u_int16_t, u_int32_t, u_int32_t);
typedef void (*AddPreprocExit)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocRestart)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocConfCheck)(void (*func) (void));
typedef int (*AlertQueueAdd)(unsigned int, unsigned int, unsigned int,
unsigned int, unsigned int, char *, void *);
typedef void (*PreprocessorInitFunc)(struct _SnortConfig *, char *);
typedef void * (*AddPreprocFunc)(struct _SnortConfig *, void (*pp_func)(void *, void *), uint16_t, uint32_t, uint32_t);
typedef void * (*AddMetaEvalFunc)(struct _SnortConfig *, void (*meta_eval_func)(int, const uint8_t *),
uint16_t priority, uint32_t preproc_id);
typedef void (*AddPreprocExit)(void (*pp_exit_func) (int, void *), void *arg, uint16_t, uint32_t);
typedef void (*AddPreprocUnused)(void (*pp_unused_func) (int, void *), void *arg, uint16_t, uint32_t);
typedef void (*AddPreprocConfCheck)(struct _SnortConfig *, int (*pp_conf_chk_func) (struct _SnortConfig *));
typedef void (*AddToPostConfList)(struct _SnortConfig *sc, void (*post_config_func)(struct _SnortConfig *, int , void *), void *arg);
typedef int (*AlertQueueAdd)(uint32_t, uint32_t, uint32_t,
uint32_t, uint32_t, const char *, void *);
typedef uint32_t (*GenSnortEvent)(Packet *p, uint32_t gid, uint32_t sid, uint32_t rev,
uint32_t classification, uint32_t priority, char *msg);
uint32_t classification, uint32_t priority, const char *msg);
#ifdef SNORT_RELOAD
typedef void (*PreprocessorReloadFunc)(char *);
typedef int (*PreprocessorReloadVerifyFunc)(void);
typedef void * (*PreprocessorReloadSwapFunc)(void);
typedef void (*PreprocessorReloadFunc)(struct _SnortConfig *, char *, void **);
typedef int (*PreprocessorReloadVerifyFunc)(struct _SnortConfig *, void *);
typedef void * (*PreprocessorReloadSwapFunc)(struct _SnortConfig *, void *);
typedef void (*PreprocessorReloadSwapFreeFunc)(void *);
#endif
#ifndef SNORT_RELOAD
typedef void (*PreprocRegisterFunc)(char *, PreprocessorInitFunc);
typedef void (*PreprocRegisterFunc)(const char *, PreprocessorInitFunc);
#else
typedef void (*PreprocRegisterFunc)(char *, PreprocessorInitFunc,
typedef void (*PreprocRegisterFunc)(const char *, PreprocessorInitFunc,
PreprocessorReloadFunc,
PreprocessorReloadVerifyFunc,
PreprocessorReloadSwapFunc,
PreprocessorReloadSwapFreeFunc);
typedef void (*AddPreprocReloadVerifyFunc)(PreprocessorReloadVerifyFunc);
typedef void *(*GetRelatedReloadDataFunc)(struct _SnortConfig *, const char *);
#endif
typedef int (*ThresholdCheckFunc)(unsigned int, unsigned int, snort_ip_p, snort_ip_p, long);
typedef int (*InlineDropFunc)(void *);
typedef int (*ThresholdCheckFunc)(unsigned int, unsigned int, sfaddr_t*, sfaddr_t*, long);
typedef void (*InlineDropFunc)(void *);
typedef bool (*ActivePacketWasDroppedFunc)(void);
typedef bool (*InlineRetryFunc)(void *);
typedef void (*ActiveEnableFunc)(int);
typedef void (*DisableDetectFunc)(void *);
typedef int (*SetPreprocBitFunc)(void *, u_int32_t);
typedef int (*EnablePreprocessorFunc)(void *, uint32_t);
typedef int (*DetectFunc)(void *);
typedef void *(*GetRuleInfoByNameFunc)(char *);
typedef void *(*GetRuleInfoByIdFunc)(int);
typedef int (*printfappendfunc)(char *, int, const char *, ...);
typedef char ** (*TokenSplitFunc)(const char *, const char *, const int, int *, const char);
typedef void (*TokenFreeFunc)(char ***, int);
typedef void (*AddPreprocProfileFunc)(char *, void *, int, void *);
typedef void (*PreprocStatsNodeFreeFunc)(struct _PreprocStats *stats);
typedef void (*AddPreprocProfileFunc)(const char *, void *, int, void *, PreprocStatsNodeFreeFunc freefn);
typedef int (*ProfilingFunc)(void);
typedef int (*PreprocessFunc)(void *);
typedef void (*PreprocStatsRegisterFunc)(char *, void (*func)(int));
typedef void (*AddPreprocReset)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocResetStats)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocReassemblyPktFunc)(void * (*func)(void), u_int32_t);
typedef int (*SetPreprocReassemblyPktBitFunc)(void *, u_int32_t);
typedef void (*DisablePreprocessorsFunc)(void *);
#ifdef TARGET_BASED
typedef int16_t (*FindProtocolReferenceFunc)(char *);
typedef int16_t (*AddProtocolReferenceFunc)(char *);
typedef int (*IsAdaptiveConfiguredFunc)(tSfPolicyId, int);
#ifdef DUMP_BUFFER
typedef void (*BufferDumpRegisterFunc)(TraceBuffer * (*)(), unsigned int);
#endif
typedef void (*PreprocStatsRegisterFunc)(const char *, void (*pp_stats_func)(int));
typedef void (*AddPreprocReset)(void (*pp_rst_func) (int, void *), void *arg, uint16_t, uint32_t);
typedef void (*AddPreprocResetStats)(void (*pp_rst_stats_func) (int, void *), void *arg, uint16_t, uint32_t);
typedef void (*AddPreprocReassemblyPktFunc)(void * (*pp_reass_pkt_func)(void), uint32_t);
typedef int (*SetPreprocReassemblyPktBitFunc)(void *, uint32_t);
typedef void (*DisablePreprocessorsFunc)(void *);
typedef char** (*DynamicGetHttpXffFieldsFunc)(int* nFields);
#ifdef TARGET_BASED
typedef int16_t (*FindProtocolReferenceFunc)(const char *);
typedef int16_t (*AddProtocolReferenceFunc)(const char *);
#if defined(FEAT_OPEN_APPID)
typedef const char * (*FindProtocolNameFunc)(int16_t);
#endif /* defined(FEAT_OPEN_APPID) */
typedef int (*IsAdaptiveConfiguredFunc)(void);
typedef int (*IsAdaptiveConfiguredForSnortConfigFunc)(struct _SnortConfig *);
#endif
#ifdef SUP_IP6
typedef void (*IP6BuildFunc)(void *, const void *, int);
#define SET_CALLBACK_IP 0
#define SET_CALLBACK_ICMP_ORIG 1
typedef void (*IP6SetCallbacksFunc)(void *, int, char);
#endif
typedef void (*AddKeywordOverrideFunc)(char *, char *, PreprocOptionInit,
typedef void (*AddKeywordOverrideFunc)(struct _SnortConfig *, char *, char *, PreprocOptionInit,
PreprocOptionEval, PreprocOptionCleanup, PreprocOptionHash,
PreprocOptionKeyCompare, PreprocOptionOtnHandler,
PreprocOptionFastPatternFunc);
typedef void (*AddKeywordByteOrderFunc)(char *, PreprocOptionByteOrderFunc);
typedef int (*IsPreprocEnabledFunc)(u_int32_t);
typedef int (*IsPreprocEnabledFunc)(struct _SnortConfig *, uint32_t);
typedef char * (*PortArrayFunc)(char *, PortObject *, int *);
typedef int (*AlertQueueLog)(void *);
typedef void (*AlertQueueControl)(void); // reset, push, and pop
typedef tSfPolicyId (*GetPolicyFunc)(void);
typedef void (*SetPolicyFunc)(tSfPolicyId);
typedef int (*GetInlineMode)(void);
typedef void (*SetFileDataPtrFunc)(const u_char *);
typedef void (*AlertQueueControl)(void); /* reset, push, and pop */
typedef void (*SetPolicyFunc)(struct _SnortConfig *, tSfPolicyId);
typedef tSfPolicyId (*GetPolicyFromIdFunc)(uint16_t );
typedef void (*ChangePolicyFunc)(tSfPolicyId, void *p);
typedef void (*SetFileDataPtrFunc)(uint8_t *,uint16_t );
typedef void (*DetectResetFunc)(uint8_t *,uint16_t );
typedef void (*SetAltDecodeFunc)(uint16_t );
typedef void (*DetectFlagEnableFunc)(SFDetectFlagType);
typedef long (*DynamicStrtol)(const char *, char **, int);
typedef unsigned long(*DynamicStrtoul)(const char *, char **, int);
typedef const char* (*DynamicStrnStr)(const char *, int, const char *);
typedef const char* (*DynamicStrcasestr)(const char *, int, const char *);
typedef int (*DynamicStrncpy)(char *, const char *, size_t );
typedef const char* (*DynamicStrnPbrk)(const char *, int , const char *);
typedef int (*EvalRTNFunc)(void *rtn, void *p, int check_ports);
typedef void* (*EncodeNew)(void);
typedef void (*EncodeDelete)(void*);
typedef void (*EncodeUpdate)(void*);
typedef int (*EncodeFormat)(uint32_t, const void*, void*, int);
typedef void* (*NewGrinderPktPtr)(void *, void *, uint8_t *);
typedef void (*DeleteGrinderPktPtr)(void*);
typedef bool (*PafEnabledFunc)(void);
typedef time_t (*SCPacketTimeFunc)(void);
typedef void (*SCGetPktTimeOfDay)(struct timeval *tv);
#ifdef SIDE_CHANNEL
typedef bool (*SCEnabledFunc)(void);
typedef int (*SCRegisterRXHandlerFunc)(uint16_t type, SCMProcessMsgFunc processMsgFunc, void *data);
typedef int (*SCPreallocMessageTXFunc)(uint32_t length, SCMsgHdr **hdr, uint8_t **msg_ptr, void **msg_handle);
typedef int (*SCEnqueueMessageTXFunc)(SCMsgHdr *hdr, const uint8_t *msg, uint32_t length, void *msg_handle, SCMQMsgFreeFunc msgFreeFunc);
#endif
typedef char* (*GetLogDirectory)(void);
typedef int (*ControlSocketRegisterHandlerFunc)(uint16_t, OOBPreControlFunc, IBControlFunc,
OOBPostControlFunc);
typedef int (*RegisterIdleHandler)(IdleProcessingHandler);
#ifdef ACTIVE_RESPONSE
#define SND_BLK_RESP_FLAG_DO_CLIENT 1
#define SND_BLK_RESP_FLAG_DO_SERVER 2
typedef void (*DynamicSendBlockResponse)(void *packet, const uint8_t* buffer, uint32_t buffer_len, unsigned flags);
typedef void (*ActiveInjectDataFunc)(void *, uint32_t, const uint8_t *, uint32_t);
typedef void (*ActiveResponseFunc )(void *, const uint8_t *, uint32_t , uint32_t);
// NOTE: DynamicActive_ResponseFunc must match func ptr def Active_ResponseFunc in active.h
typedef void (*DynamicActive_ResponseFunc)(Packet *packet, void* data);
typedef int (*ActiveQueueResponseFunc )(DynamicActive_ResponseFunc cb, void *);
#endif
typedef int (*DynamicSetFlowId)(const void* p, uint32_t id);
#ifdef HAVE_DAQ_EXT_MODFLOW
typedef int (*DynamicModifyFlow)(const DAQ_PktHdr_t *hdr, const DAQ_ModFlow_t* mod);
#endif
#ifdef HAVE_DAQ_QUERYFLOW
typedef int (*DynamicQueryFlow)(const DAQ_PktHdr_t *hdr, DAQ_QueryFlow_t* query);
#endif
typedef int (*DynamicIsStrEmpty)(const char * );
typedef void (*AddPeriodicCheck)(void (*pp_check_func) (int, void *), void *arg, uint16_t, uint32_t, uint32_t);
typedef void (*AddPostConfigFuncs)(struct _SnortConfig *, void (*pp_post_config_func) (struct _SnortConfig *, void *), void *arg);
typedef int (*AddOutPutModule)(const char *filename);
typedef int (*CanWhitelist)(void);
typedef void (*DisableAllPoliciesFunc)(struct _SnortConfig *);
typedef int (*ReenablePreprocBitFunc)(struct _SnortConfig *, unsigned int preproc_id);
typedef int (*DynamicCheckValueInRangeFunc)(const char *, char *,
unsigned long lo, unsigned long hi, unsigned long *value);
typedef bool (*DynamicReadyForProcessFunc) (void* pkt);
typedef int (*SslAppIdLookupFunc)(void * ssnptr, const char * serverName, const char * commonName, int32_t *serviceAppId, int32_t *clientAppId, int32_t *payloadAppId);
typedef void (*RegisterSslAppIdLookupFunc)(SslAppIdLookupFunc);
typedef int32_t (*GetAppIdFunc)(void *ssnptr);
typedef void (*RegisterGetAppIdFunc)(GetAppIdFunc);
typedef struct urlQueryContext* (*UrlQueryCreateFunc)(const char *url);
typedef void (*UrlQueryDestroyFunc)(struct urlQueryContext *context);
typedef int (*UrlQueryMatchFunc)(void *ssnptr, struct urlQueryContext *context, uint16_t inUrlCat, uint16_t inUrlMinRep, uint16_t inUrlMaxRep);
typedef void (*RegisterUrlQueryFunc)(UrlQueryCreateFunc, UrlQueryDestroyFunc,UrlQueryMatchFunc);
typedef int (*UserGroupIdGetFunc)(void *ssnptr, uint32_t *userId, uint32_t *realmId, unsigned *groupIdArray, unsigned groupIdArrayLen);
typedef void (*RegisterUserGroupIdGetFunc)(UserGroupIdGetFunc);
typedef int (*GeoIpAddressLookupFunc)(const sfaddr_t *snortIp, uint16_t *geo);
typedef void (*RegisterGeoIpAddressLookupFunc)(GeoIpAddressLookupFunc);
typedef void (*UpdateSSLSSnLogDataFunc)(void *ssnptr, uint8_t logging_on, uint8_t action_is_block, const char *ssl_cert_fingerprint,
uint32_t ssl_cert_fingerprint_len, uint32_t ssl_cert_status, uint8_t *ssl_policy_id,
uint32_t ssl_policy_id_len, uint32_t ssl_rule_id, uint16_t ssl_cipher_suite, uint8_t ssl_version,
uint16_t ssl_actual_action, uint16_t ssl_expected_action, uint32_t ssl_url_category,
uint16_t ssl_flow_status, uint32_t ssl_flow_error, uint32_t ssl_flow_messages,
uint64_t ssl_flow_flags, char *ssl_server_name, uint8_t *ssl_session_id, uint8_t session_id_len,
uint8_t *ssl_ticket_id, uint8_t ticket_id_len);
typedef void (*RegisterUpdateSSLSSnLogDataFunc)(UpdateSSLSSnLogDataFunc);
typedef void (*EndSSLSSnLogDataFunc)(void *ssnptr, uint32_t ssl_flow_messages, uint64_t ssl_flow_flags) ;
typedef void (*RegisterEndSSLSSnLogDataFunc)(EndSSLSSnLogDataFunc);
typedef int (*GetSSLActualActionFunc)(void *ssnptr, uint16_t *action);
typedef void (*RegisterGetSSLActualActionFunc)(GetSSLActualActionFunc);
typedef void (*GetIntfDataFunc)(void *ssnptr,int32_t *ingressIntfIndex, int32_t *egressIntfIndex,
int32_t *ingressZoneIndex, int32_t *egressZoneIndex) ;
typedef void (*RegisterGetIntfDataFunc)(GetIntfDataFunc);
//
// SSL Callbacks
//
typedef bool (*DynamicIsSSLPolicyEnabledFunc)(struct _SnortConfig *sc);
typedef void (*DynamicSetSSLPolicyEnabledFunc)(struct _SnortConfig *sc, tSfPolicyId policy, bool value);
typedef void (*SetSSLCallbackFunc)(void *);
typedef void* (*GetSSLCallbackFunc)(void);
typedef int (*_LoadLibraryFunc)(const char * const path, int indent);
typedef void (*LoadAllLibsFunc)(const char * const path, _LoadLibraryFunc loadFunc);
typedef void * _PluginHandle;
typedef _PluginHandle (*OpenDynamicLibraryFunc)(const char * const library_name, int useGlobal);
typedef void (*_dlsym_func)(void);
typedef _dlsym_func (*GetSymbolFunc)(_PluginHandle handle, char * symbol, DynamicPluginMeta * meta, int fatal);
typedef void (*CloseDynamicLibraryFunc)(_PluginHandle handle);
#if defined(FEAT_OPEN_APPID)
typedef bool (*IsAppIdRequiredFunc)(void);
typedef void (*RegisterIsAppIdRequiredFunc)(IsAppIdRequiredFunc);
typedef void (*UnregisterIsAppIdRequiredFunc)(IsAppIdRequiredFunc);
struct AppIdApi;
#endif /* defined(FEAT_OPEN_APPID) */
typedef bool (*ReadModeFunc)(void);
typedef int (*GetPerfIndicatorsFunc)(void *Request);
typedef bool (*IsTestModeFunc)(void);
typedef struct _SnortConfig* (*GetCurrentSnortConfigFunc)(void);
#define ENC_DYN_FWD 0x80000000
#define ENC_DYN_NET 0x10000000
/* Info Data passed to dynamic preprocessor plugin must include:
* version
* Pointer to AltDecodeBuffer
@ -158,17 +310,22 @@ typedef struct _DynamicPreprocessorData
int version;
int size;
u_int8_t *altBuffer;
unsigned int altBufferLen;
UriInfo *uriBuffers[MAX_URIINFOS];
SFDataBuffer *altBuffer;
SFDataPointer *altDetect;
SFDataPointer *fileDataBuf;
LogMsgFunc logMsg;
LogMsgFunc errMsg;
LogMsgFunc fatalMsg;
DebugMsgFunc debugMsg;
PreprocRegisterFunc registerPreproc;
#ifdef SNORT_RELOAD
GetRelatedReloadDataFunc getRelatedReloadData;
#endif
AddPreprocFunc addPreproc;
AddPreprocRestart addPreprocRestart;
AddPreprocFunc addPreprocAllPolicies;
GetSnortInstance getSnortInstance;
AddPreprocExit addPreprocExit;
AddPreprocConfCheck addPreprocConfCheck;
RegisterPreprocRuleOpt preprocOptRegister;
@ -179,16 +336,17 @@ typedef struct _DynamicPreprocessorData
AlertQueueAdd alertAdd;
GenSnortEvent genSnortEvent;
ThresholdCheckFunc thresholdCheck;
GetInlineMode inlineMode;
InlineDropFunc inlineDrop;
#ifdef ACTIVE_RESPONSE
ActiveEnableFunc activeSetEnabled;
#endif
DetectFunc detect;
DisableDetectFunc disableDetect;
DisableDetectFunc disableAllDetect;
DisableDetectFunc disablePacketAnalysis;
EnablePreprocessorFunc enablePreprocessor;
SetPreprocBitFunc setPreprocBit;
SessionAPI *sessionAPI;
StreamAPI *streamAPI;
SearchAPI *searchAPI;
@ -200,27 +358,24 @@ typedef struct _DynamicPreprocessorData
GetRuleInfoByNameFunc getRuleInfoByName;
GetRuleInfoByIdFunc getRuleInfoById;
#ifdef HAVE_WCHAR_H
#ifdef SF_WCHAR
DebugWideMsgFunc debugWideMsg;
#endif
PreprocessFunc preprocess;
#ifdef DUMP_BUFFER
BufferDumpRegisterFunc registerBufferTracer;
#endif
char **debugMsgFile;
int *debugMsgLine;
PreprocStatsRegisterFunc registerPreprocStats;
AddPreprocReset addPreprocReset;
AddPreprocResetStats addPreprocResetStats;
AddPreprocReassemblyPktFunc addPreprocReassemblyPkt;
SetPreprocReassemblyPktBitFunc setPreprocReassemblyPktBit;
DisablePreprocessorsFunc disablePreprocessors;
#ifdef SUP_IP6
IP6BuildFunc ip6Build;
IP6SetCallbacksFunc ip6SetCallbacks;
#endif
AlertQueueLog logAlerts;
AlertQueueControl resetAlerts;
@ -231,34 +386,161 @@ typedef struct _DynamicPreprocessorData
FindProtocolReferenceFunc findProtocolReference;
AddProtocolReferenceFunc addProtocolReference;
IsAdaptiveConfiguredFunc isAdaptiveConfigured;
IsAdaptiveConfiguredForSnortConfigFunc isAdaptiveConfiguredForSnortConfig;
#endif
AddKeywordOverrideFunc preprocOptOverrideKeyword;
AddKeywordByteOrderFunc preprocOptByteOrderKeyword;
IsPreprocEnabledFunc isPreprocEnabled;
#ifdef SNORT_RELOAD
AddPreprocReloadVerifyFunc addPreprocReloadVerify;
#endif
PortArrayFunc portObjectCharPortArray;
GetPolicyFunc getRuntimePolicy;
GetPolicyFunc getParserPolicy;
GetPolicyFunc getNapRuntimePolicy;
GetPolicyFunc getIpsRuntimePolicy;
GetParserPolicyFunc getParserPolicy;
GetPolicyFunc getDefaultPolicy;
SetPolicyFunc setParserPolicy;
SetFileDataPtrFunc setFileDataPtr;
DetectResetFunc DetectReset;
SetAltDecodeFunc SetAltDecode;
GetAltDetectFunc GetAltDetect;
SetAltDetectFunc SetAltDetect;
IsDetectFlagFunc Is_DetectFlag;
DetectFlagDisableFunc DetectFlag_Disable;
DynamicStrtol SnortStrtol;
DynamicStrtoul SnortStrtoul;
DynamicStrnStr SnortStrnStr;
DynamicStrncpy SnortStrncpy;
DynamicStrnPbrk SnortStrnPbrk;
DynamicStrcasestr SnortStrcasestr;
EvalRTNFunc fpEvalRTN;
ObfuscationApi *obApi;
EncodeNew encodeNew;
EncodeDelete encodeDelete;
EncodeFormat encodeFormat;
EncodeUpdate encodeUpdate;
NewGrinderPktPtr newGrinderPkt;
DeleteGrinderPktPtr deleteGrinderPkt;
AddPreprocFunc addDetect;
PafEnabledFunc isPafEnabled;
SCPacketTimeFunc pktTime;
SCGetPktTimeOfDay getPktTimeOfDay;
#ifdef SIDE_CHANNEL
SCEnabledFunc isSCEnabled;
SCRegisterRXHandlerFunc scRegisterRXHandler;
SCPreallocMessageTXFunc scAllocMessageTX;
SCEnqueueMessageTXFunc scEnqueueMessageTX;
#endif
GetLogDirectory getLogDirectory;
ControlSocketRegisterHandlerFunc controlSocketRegisterHandler;
RegisterIdleHandler registerIdleHandler;
GetPolicyFromIdFunc getPolicyFromId;
ChangePolicyFunc changeNapRuntimePolicy;
ChangePolicyFunc changeIpsRuntimePolicy;
InlineDropFunc inlineDropPacket;
InlineDropFunc inlineForceDropPacket;
InlineDropFunc inlineDropSessionAndReset;
InlineDropFunc inlineForceDropSession;
InlineDropFunc inlineForceDropSessionAndReset;
ActivePacketWasDroppedFunc active_PacketWasDropped;
InlineRetryFunc inlineRetryPacket;
DynamicIsStrEmpty SnortIsStrEmpty;
AddMetaEvalFunc addMetaEval;
#ifdef ACTIVE_RESPONSE
DynamicSendBlockResponse dynamicSendBlockResponse;
#endif
DynamicSetFlowId dynamicSetFlowId;
#ifdef HAVE_DAQ_EXT_MODFLOW
DynamicModifyFlow dynamicModifyFlow;
#endif
#ifdef HAVE_DAQ_QUERYFLOW
DynamicQueryFlow dynamicQueryFlow;
#endif
AddPeriodicCheck addPeriodicCheck;
AddPostConfigFuncs addPostConfigFunc;
AddToPostConfList addFuncToPostConfigList;
char **snort_conf_dir;
AddOutPutModule addOutputModule;
CanWhitelist canWhitelist;
FileAPI *fileAPI;
DisableAllPoliciesFunc disableAllPolicies;
ReenablePreprocBitFunc reenablePreprocBit;
DynamicCheckValueInRangeFunc checkValueInRange;
SetHttpBufferFunc setHttpBuffer;
GetHttpBufferFunc getHttpBuffer;
#ifdef ACTIVE_RESPONSE
ActiveInjectDataFunc activeInjectData;
ActiveResponseFunc activeSendResponse;
ActiveQueueResponseFunc activeQueueResponse;
#endif
GetSSLCallbackFunc getSSLCallback;
SetSSLCallbackFunc setSSLCallback;
SslAppIdLookupFunc sslAppIdLookup;
RegisterSslAppIdLookupFunc registerSslAppIdLookup;
GetAppIdFunc getAppId;
RegisterGetAppIdFunc registerGetAppId;
UrlQueryCreateFunc urlQueryCreate;
UrlQueryDestroyFunc urlQueryDestroy;
UrlQueryMatchFunc urlQueryMatch;
RegisterUrlQueryFunc registerUrlQuery;
UserGroupIdGetFunc userGroupIdGet;
RegisterUserGroupIdGetFunc registerUserGroupIdGet;
GeoIpAddressLookupFunc geoIpAddressLookup;
RegisterGeoIpAddressLookupFunc registerGeoIpAddressLookup;
UpdateSSLSSnLogDataFunc updateSSLSSnLogData;
RegisterUpdateSSLSSnLogDataFunc registerUpdateSSLSSnLogData;
EndSSLSSnLogDataFunc endSSLSSnLogData;
RegisterEndSSLSSnLogDataFunc registerEndSSLSSnLogData;
GetSSLActualActionFunc getSSLActualAction;
RegisterGetSSLActualActionFunc registerGetSSLActualAction;
GetIntfDataFunc getIntfData;
RegisterGetIntfDataFunc registerGetIntfData;
DynamicReadyForProcessFunc readyForProcess;
DynamicIsSSLPolicyEnabledFunc isSSLPolicyEnabled;
DynamicSetSSLPolicyEnabledFunc setSSLPolicyEnabled;
/* Preproc's fetch Snort performance indicators. Used by IAB. */
GetPerfIndicatorsFunc getPerfIndicators;
LoadAllLibsFunc loadAllLibs;
OpenDynamicLibraryFunc openDynamicLibrary;
GetSymbolFunc getSymbol;
CloseDynamicLibraryFunc closeDynamicLibrary;
DynamicGetHttpXffFieldsFunc getHttpXffFields;
#if defined(FEAT_OPEN_APPID)
struct AppIdApi *appIdApi;
RegisterIsAppIdRequiredFunc registerIsAppIdRequired;
UnregisterIsAppIdRequiredFunc unregisterIsAppIdRequired;
IsAppIdRequiredFunc isAppIdRequired;
#endif /* defined(FEAT_OPEN_APPID) */
ReadModeFunc isReadMode;
IsTestModeFunc isTestMode;
GetCurrentSnortConfigFunc getCurrentSnortConfig;
} DynamicPreprocessorData;
/* Function prototypes for Dynamic Preprocessor Plugins */
void CloseDynamicPreprocessorLibs(void);
int LoadDynamicPreprocessor(char *library_name, int indent);
void LoadAllDynamicPreprocessors(char *path);
int LoadDynamicPreprocessor(const char * const library_name, int indent);
void LoadAllDynamicPreprocessors(const char * const path);
typedef int (*InitPreprocessorLibFunc)(DynamicPreprocessorData *);
int InitDynamicPreprocessors(void);
@ -269,4 +551,5 @@ void RemoveDuplicatePreprocessorPlugins(void);
*/
NORETURN void DynamicPreprocessorFatalMessage(const char *format, ...);
extern DynamicPreprocessorData _dpd;
#endif /* _SF_DYNAMIC_PREPROCESSOR_H_ */

516
include/sf_ip.c Normal file → Executable file
View file

@ -1,5 +1,6 @@
/*
** Copyright (C) 1998-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 1998-2013 Sourcefire, Inc.
** Adam Keeton
** Kevin Liu <kliu@sourcefire.com>
**
@ -17,7 +18,7 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*
@ -37,32 +38,24 @@
#include <string.h>
#include <ctype.h>
#include <math.h> /* For ceil */
#include "sf_types.h" /* For bool */
#include "sf_ip.h"
/* For inet_pton */
#ifndef WIN32
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#endif /* WIN32 */
#if 0
/* Support function .. but could see some external uses */
static INLINE int sfip_length(sfip_t *ip) {
ARG_CHECK1(ip, 0);
if(sfip_family(ip) == AF_INET) return 4;
return 16;
}
#endif
/* Support function */
// note that an ip6 address may have a trailing dotted quad form
// but that it always has at least 2 ':'s; furthermore there is
// no valid ip4 format (including mask) with 2 ':'s
// we don't have to figure out if the format is entirely legal
// we just have to be able to tell correct formats apart
static INLINE int sfip_str_to_fam(const char *str) {
static inline int sfip_str_to_fam(const char *str) {
const char* s;
ARG_CHECK1(str, 0);
s = strchr(str, (int)':');
@ -72,104 +65,14 @@ static INLINE int sfip_str_to_fam(const char *str) {
}
/* Place-holder allocation incase we want to do something more indepth later */
static INLINE sfip_t *_sfip_alloc() {
static inline sfcidr_t *_sfip_alloc() {
/* Note: using calloc here instead of SnortAlloc since the dynamic libs
* can't presently resolve SnortAlloc */
return (sfip_t*)calloc(sizeof(sfip_t), 1);
}
/* Masks off 'val' bits from the IP contained within 'ip' */
static INLINE int sfip_cidr_mask(sfip_t *ip, int val) {
int i;
unsigned int mask = 0;
unsigned int *p;
int index = (int)ceil(val / 32.0) - 1;
ARG_CHECK1(ip, SFIP_ARG_ERR);
p = ip->ip32;
if( val < 0 ||
((sfip_family(ip) == AF_INET6) && val > 128) ||
((sfip_family(ip) == AF_INET) && val > 32) ) {
return SFIP_ARG_ERR;
}
/* Build the netmask by converting "val" into
* the corresponding number of bits that are set */
for(i = 0; i < 32- (val - (index * 32)); i++)
mask = (mask<<1) + 1;
p[index] = htonl((ntohl(p[index]) & ~mask));
index++;
/* 0 off the rest of the IP */
for( ; index<4; index++) p[index] = 0;
return SFIP_SUCCESS;
}
/* Allocate IP address from a character array describing the IP */
sfip_t *sfip_alloc(const char *ip, SFIP_RET *status) {
SFIP_RET tmp;
sfip_t *ret;
if(!ip) {
if(status)
*status = SFIP_ARG_ERR;
return NULL;
}
if((ret = _sfip_alloc()) == NULL) {
if(status)
*status = SFIP_ALLOC_ERR;
return NULL;
}
if( (tmp = sfip_pton(ip, ret)) != SFIP_SUCCESS) {
if(status)
*status = tmp;
sfip_free(ret);
return NULL;
}
if(status)
*status = SFIP_SUCCESS;
return ret;
}
/* Allocate IP address from an array of 8 byte integers */
sfip_t *sfip_alloc_raw(void *ip, int family, SFIP_RET *status) {
sfip_t *ret;
if(!ip) {
if(status)
*status = SFIP_ARG_ERR;
return NULL;
}
if((ret = _sfip_alloc()) == NULL) {
if(status)
*status = SFIP_ALLOC_ERR;
return NULL;
}
ret->bits = (family==AF_INET?32:128);
ret->family = family;
/* XXX Replace with appropriate "high speed" copy */
memcpy(ret->ip8, ip, ret->bits/8);
if(status)
*status = SFIP_SUCCESS;
return ret;
return (sfcidr_t*)calloc(sizeof(sfcidr_t), 1);
}
/* Support function for _netmask_str_to_bit_count */
static INLINE int _count_bits(unsigned int val) {
static inline int _count_bits(unsigned int val) {
unsigned int count;
for (count = 0; val; count++) {
@ -181,10 +84,10 @@ static INLINE int _count_bits(unsigned int val) {
/* Support function for sfip_pton. Used for converting a netmask string
* into a number of bits to mask off */
static INLINE int _netmask_str_to_bit_count(char *mask, int family) {
u_int32_t buf[4];
static inline int _netmask_str_to_bit_count(char *mask, int family) {
uint32_t buf[4];
int bits, i, nBits, nBytes;
u_int8_t* bytes = (u_int8_t*)buf;
uint8_t* bytes = (uint8_t*)buf;
/* XXX
* Mask not validated.
@ -223,12 +126,50 @@ static INLINE int _netmask_str_to_bit_count(char *mask, int family) {
return bits;
}
/* Masks off 'val' bits from the IP contained within 'ip' */
static inline int sfip_cidr_mask(sfaddr_t *ip, int val) {
uint32_t *p;
int index = (int)ceil(val / 32.0) - 1;
int bits;
ARG_CHECK1(ip, SFIP_ARG_ERR);
p = sfaddr_get_ip6_ptr(ip);
if( val < 0 || val > 128)
return SFIP_ARG_ERR;
if (val == 128)
return SFIP_SUCCESS;
/* Build the netmask by converting "val" into
* the corresponding number of bits that are set */
bits = 32 - (val - (index * 32));
if (bits)
{
unsigned int mask;
mask = ~0;
mask >>= bits;
mask <<= bits;
p[index] &= htonl(mask);
}
index++;
/* 0 off the rest of the IP */
for( ; index<4; index++) p[index] = 0;
return SFIP_SUCCESS;
}
/* Parses "src" and stores results in "dst" */
SFIP_RET sfip_pton(const char *src, sfip_t *dst) {
static SFIP_RET _sfip_pton(const char *src, sfaddr_t *dst, uint16_t *srcBits) {
char *mask;
char *sfip_buf;
char *ip;
int bits;
int family;
if(!dst || !src)
return SFIP_ARG_ERR;
@ -237,7 +178,7 @@ SFIP_RET sfip_pton(const char *src, sfip_t *dst) {
return SFIP_ALLOC_ERR;
ip = sfip_buf;
dst->family = sfip_str_to_fam(src);
family = sfip_str_to_fam(src);
/* skip whitespace or opening bracket */
while(isspace((int)*ip) || (*ip == '[')) ip++;
@ -253,8 +194,8 @@ SFIP_RET sfip_pton(const char *src, sfip_t *dst) {
while(isspace((int)*mask)) mask++;
/* verify a leading digit */
if(((dst->family == AF_INET6) && !isxdigit((int)*mask)) ||
((dst->family == AF_INET) && !isdigit((int)*mask))) {
if(((family == AF_INET6) && !isxdigit((int)*mask)) ||
((family == AF_INET) && !isdigit((int)*mask))) {
free(sfip_buf);
return SFIP_CIDR_ERR;
}
@ -267,7 +208,7 @@ SFIP_RET sfip_pton(const char *src, sfip_t *dst) {
}
else if(
/* If this is IPv4, ia ':' may used specified to indicate a netmask */
((dst->family == AF_INET) && (mask = strchr(ip, (int)':')) != NULL) ||
((family == AF_INET) && (mask = strchr(ip, (int)':')) != NULL) ||
/* We've already skipped the leading whitespace, if there is more
* whitespace, then there's probably a netmask specified after it. */
@ -282,29 +223,30 @@ SFIP_RET sfip_pton(const char *src, sfip_t *dst) {
/* Make sure we're either looking at a valid digit, or a leading
* colon, such as can be the case with IPv6 */
if(((dst->family == AF_INET) && isdigit((int)*mask)) ||
((dst->family == AF_INET6) && (isxdigit((int)*mask) || *mask == ':'))) {
if(((family == AF_INET) && isdigit((int)*mask)) ||
((family == AF_INET6) && (isxdigit((int)*mask) || *mask == ':'))) {
bits = _netmask_str_to_bit_count(mask, sfip_str_to_fam(mask));
}
/* No netmask */
else {
if(dst->family == AF_INET) bits = 32;
if(family == AF_INET) bits = 32;
else bits = 128;
}
}
/* No netmask */
else {
if(dst->family == AF_INET) bits = 32;
if(family == AF_INET) bits = 32;
else bits = 128;
}
if(inet_pton(dst->family, ip, dst->ip8) < 1) {
if(sfip_convert_ip_text_to_binary(family, ip, sfaddr_get_ip6_ptr(dst)) != SFIP_SUCCESS) {
free(sfip_buf);
return SFIP_INET_PARSE_ERR;
}
dst->family = family;
/* Store mask */
dst->bits = bits;
bits += (family == AF_INET && bits >= 0) ? 96 : 0;
/* Apply mask */
if(sfip_cidr_mask(dst, bits) != SFIP_SUCCESS) {
@ -312,24 +254,176 @@ SFIP_RET sfip_pton(const char *src, sfip_t *dst) {
return SFIP_INVALID_MASK;
}
*srcBits = bits;
free(sfip_buf);
return SFIP_SUCCESS;
}
/* Sets existing IP, "dst", to be source IP, "src" */
SFIP_RET sfip_set_raw(sfip_t *dst, void *src, int family) {
/* Allocate IP address from a character array describing the IP */
sfcidr_t *sfip_alloc(const char *ip, SFIP_RET *status) {
SFIP_RET tmp;
sfcidr_t *ret;
ARG_CHECK3(dst, src, dst->ip32, SFIP_ARG_ERR);
if(!ip) {
if(status)
*status = SFIP_ARG_ERR;
return NULL;
}
if((ret = _sfip_alloc()) == NULL) {
if(status)
*status = SFIP_ALLOC_ERR;
return NULL;
}
if( (tmp = sfip_pton(ip, ret)) != SFIP_SUCCESS) {
if(status)
*status = tmp;
sfip_free(ret);
return NULL;
}
if(status)
*status = SFIP_SUCCESS;
return ret;
}
/* Allocate IP address from a character array describing the IP */
sfaddr_t *sfaddr_alloc(const char *ip, SFIP_RET *status) {
SFIP_RET tmp;
sfaddr_t *ret;
uint16_t bits;
if(!ip) {
if(status)
*status = SFIP_ARG_ERR;
return NULL;
}
if((ret = (sfaddr_t*)calloc(sizeof(sfaddr_t), 1)) == NULL) {
if(status)
*status = SFIP_ALLOC_ERR;
return NULL;
}
if( (tmp = _sfip_pton(ip, ret, &bits)) != SFIP_SUCCESS ) {
if(status)
*status = tmp;
sfaddr_free(ret);
return NULL;
}
if (bits != 128)
{
if(status)
*status = SFIP_INET_PARSE_ERR;
sfaddr_free(ret);
return NULL;
}
if(status)
*status = SFIP_SUCCESS;
return ret;
}
/* Allocate IP address from an array of 8 byte integers */
sfaddr_t *sfip_alloc_raw(void *ip, int family, SFIP_RET *status) {
sfaddr_t *ret;
if(!ip) {
if(status)
*status = SFIP_ARG_ERR;
return NULL;
}
if((ret = (sfaddr_t*)calloc(sizeof(sfaddr_t), 1)) == NULL) {
if(status)
*status = SFIP_ALLOC_ERR;
return NULL;
}
sfip_set_raw(ret, ip, family);
if(status)
*status = SFIP_SUCCESS;
return ret;
}
/* Converts string IP format to an array of values. Also checks IP address format.
Specifically look for issues that inet_pton either overlooks or is inconsistent
about. */
SFIP_RET sfip_convert_ip_text_to_binary( const int family, const char *ip, void *dst)
{
const char *my_ip;
sfaddr_t* addr;
my_ip = ip;
if( my_ip == NULL )
return( SFIP_FAILURE );
/* Across platforms, inet_pton() is inconsistent about leading 0's in
AF_INET (ie IPv4 addresses. */
if( family == AF_INET ) {
char chr;
bool new_octet;
new_octet = true;
while( (chr = *my_ip++) != '\0') {
/* If we are at the first char of a new octet, look for a leading zero
followed by another digit */
if( new_octet && (chr == '0') && isdigit(*my_ip))
return( SFIP_INET_PARSE_ERR );
/* when we see an octet separator, set the flag to start looking for a
leading zero. */
new_octet = (chr == '.');
}
addr = (sfaddr_t*)dst;
addr->ia32[0] = addr->ia32[1] = addr->ia16[4] = 0;
addr->ia16[5] = 0xFFFF;
dst = &addr->ia32[3];
}
if( inet_pton(family, ip, dst) < 1 )
return( SFIP_INET_PARSE_ERR );
return( SFIP_SUCCESS ); /* Otherwise, ip is OK */
}
SFIP_RET sfaddr_pton(const char *src, sfaddr_t *dst) {
SFIP_RET ret;
uint16_t bits;
ret = _sfip_pton(src, dst, &bits);
if (ret == SFIP_SUCCESS && bits != 128)
return SFIP_INET_PARSE_ERR;
return ret;
}
SFIP_RET sfip_pton(const char *src, sfcidr_t *dst) {
return _sfip_pton(src, &dst->addr, &dst->bits);
}
/* Sets existing IP, "dst", to be source IP, "src" */
SFIP_RET sfip_set_raw(sfaddr_t *dst, const void *src, int family) {
ARG_CHECK3(dst, src, sfaddr_get_ip6_ptr(dst), SFIP_ARG_ERR);
dst->family = family;
if(family == AF_INET) {
dst->ip32[0] = *(u_int32_t*)src;
memset(&dst->ip32[1], 0, 12);
dst->bits = 32;
dst->ia32[0] = dst->ia32[1] = dst->ia16[4] = 0;
dst->ia16[5] = 0xFFFF;
dst->ia32[3] = *(uint32_t*)src;
} else if(family == AF_INET6) {
memcpy(dst->ip8, src, 16);
dst->bits = 128;
memcpy(sfaddr_get_ip6_ptr(dst), src, 16);
} else {
return SFIP_ARG_ERR;
}
@ -337,32 +431,18 @@ SFIP_RET sfip_set_raw(sfip_t *dst, void *src, int family) {
return SFIP_SUCCESS;
}
/* Sets existing IP, "dst", to be source IP, "src" */
SFIP_RET sfip_set_ip(sfip_t *dst, sfip_t *src) {
ARG_CHECK2(dst, src, SFIP_ARG_ERR);
dst->family = src->family;
dst->bits = src->bits;
dst->ip32[0] = src->ip32[0];
dst->ip32[1] = src->ip32[1];
dst->ip32[2] = src->ip32[2];
dst->ip32[3] = src->ip32[3];
return SFIP_SUCCESS;
}
/* Obfuscates an IP
* Makes 'ip': ob | (ip & mask) */
void sfip_obfuscate(sfip_t *ob, sfip_t *ip) {
unsigned int *ob_p, *ip_p;
void sfip_obfuscate(sfcidr_t *ob, sfaddr_t *ip) {
uint32_t *ob_p, *ip_p;
int index, i;
unsigned int mask = 0;
if(!ob || !ip)
return;
ob_p = ob->ip32;
ip_p = ip->ip32;
ob_p = sfip_get_ip6_ptr(ob);
ip_p = sfaddr_get_ip6_ptr(ip);
/* Build the netmask by converting "val" into
* the corresponding number of bits that are set */
@ -392,43 +472,21 @@ void sfip_obfuscate(sfip_t *ob, sfip_t *ip) {
* XXX sfip_contains assumes that "ip" is
* not less-specific than "net" XXX
*/
SFIP_RET sfip_contains(sfip_t *net, sfip_t *ip) {
SFIP_RET sfip_contains(const sfcidr_t *net, const sfaddr_t *ip) {
unsigned int bits, mask, temp, i;
int net_fam, ip_fam;
unsigned int *p1, *p2;
const uint32_t *p1, *p2;
/* SFIP_CONTAINS is returned here due to how IpAddrSetContains
* handles zero'ed IPs" */
ARG_CHECK2(net, ip, SFIP_CONTAINS);
bits = sfip_bits(net);
net_fam = sfip_family(net);
ip_fam = sfip_family(ip);
/* If the families are mismatched, check if we're really comparing
* an IPv4 with a mapped IPv4 (in IPv6) address. */
if(net_fam != ip_fam) {
if((net_fam != AF_INET) || !sfip_ismapped(ip))
return SFIP_ARG_ERR;
/* Both are really IPv4. Only compare last 4 bytes of 'ip'*/
p1 = net->ip32;
p2 = &ip->ip32[3];
/* Mask off bits */
bits = 32 - bits;
temp = (ntohl(*p2) >> bits) << bits;
if(ntohl(*p1) == temp) return SFIP_CONTAINS;
return SFIP_NOT_CONTAINS;
}
p1 = net->ip32;
p2 = ip->ip32;
p1 = sfip_get_ip6_ptr(net);
p2 = sfaddr_get_ip6_ptr(ip);
/* Iterate over each 32 bit segment */
for(i=0; i < bits/32 && i < 3; i++, p1++, p2++) {
for(i=0; i < bits/32; i++, p1++, p2++) {
if(*p1 != *p2)
return SFIP_NOT_CONTAINS;
}
@ -451,33 +509,37 @@ SFIP_RET sfip_contains(sfip_t *net, sfip_t *ip) {
}
void sfip_raw_ntop(int family, const void *ip_raw, char *buf, int bufsize) {
int i;
if(!ip_raw || !buf || !bufsize ||
void sfip_raw_ntop(int family, const void *ip_raw, char *buf, int bufsize)
{
if(!ip_raw || !buf ||
(family != AF_INET && family != AF_INET6) ||
/* Make sure if it's IPv6 that the buf is large enough. */
/* Need atleast a max of 8 fields of 4 bytes plus 7 for colons in
* between. Need 1 more byte for null. */
(family == AF_INET6 && bufsize < 8*4 + 7 + 1) ||
(family == AF_INET6 && bufsize < INET6_ADDRSTRLEN) ||
/* Make sure if it's IPv4 that the buf is large enough. */
/* 4 fields of 3 numbers, plus 3 dots and a null byte */
(family == AF_INET && bufsize < 3*4 + 4) )
(family == AF_INET && bufsize < INET_ADDRSTRLEN) )
{
if(buf && bufsize > 0) buf[0] = 0;
return;
}
#if defined(HAVE_INET_NTOP) && !defined(REG_TEST)
if (!inet_ntop(family, ip_raw, buf, bufsize))
snprintf(buf, bufsize, "ERROR");
#else
/* 4 fields of at most 3 characters each */
if(family == AF_INET) {
u_int8_t *p = (u_int8_t*)ip_raw;
int i;
uint8_t *p = (uint8_t*)ip_raw;
for(i=0; p < ((u_int8_t*)ip_raw) + 4; p++) {
for(i=0; p < ((uint8_t*)ip_raw) + 4; p++) {
i += sprintf(&buf[i], "%d", *p);
/* If this is the last iteration, this could technically cause one
* extra byte to be written past the end. */
if(i < bufsize && ((p + 1) < ((u_int8_t*)ip_raw+4)))
if(i < bufsize && ((p + 1) < ((uint8_t*)ip_raw+4)))
buf[i] = '.';
i++;
@ -495,83 +557,77 @@ void sfip_raw_ntop(int family, const void *ip_raw, char *buf, int bufsize) {
#endif
}
else {
u_int16_t *p = (u_int16_t*)ip_raw;
int i;
uint16_t *p = (uint16_t*)ip_raw;
for(i=0; p < ((u_int16_t*)ip_raw) + 8; p++) {
for(i=0; p < ((uint16_t*)ip_raw) + 8; p++) {
i += sprintf(&buf[i], "%04x", ntohs(*p));
/* If this is the last iteration, this could technically cause one
* extra byte to be written past the end. */
if(i < bufsize && ((p + 1) < ((u_int16_t*)ip_raw) + 8))
if(i < bufsize && ((p + 1) < ((uint16_t*)ip_raw) + 8))
buf[i] = ':';
i++;
}
}
#endif
}
void sfip_ntop(const sfaddr_t *ip, char *buf, int bufsize)
{
int family;
if(!ip)
{
if(buf && bufsize > 0) buf[0] = 0;
return;
}
family = sfaddr_family(ip);
sfip_raw_ntop(family, sfaddr_get_ptr(ip), buf, bufsize);
}
/* Uses a static buffer to return a string representation of the IP */
char *sfip_to_str(const sfip_t *ip) {
/* IPv6 addresses will be at most 8 fields, of 4 characters each,
* with 7 colons inbetween, one NULL, and one fudge byte for sloppy use
* in sfip_to_strbuf */
static char buf[8*4 + 7 + 1 + 1];
char *sfip_to_str(const sfaddr_t *ip)
{
static char buf[INET6_ADDRSTRLEN];
if(!ip)
return NULL;
sfip_raw_ntop(sfip_family(ip), ip->ip32, buf, sizeof(buf));
sfip_ntop(ip, buf, sizeof(buf));
return buf;
}
void sfip_free(sfip_t *ip) {
void sfip_free(sfcidr_t *ip) {
if(ip) free(ip);
}
void sfaddr_free(sfaddr_t *ip) {
if(ip) free(ip);
}
/* Returns 1 if the IP is non-zero. 0 otherwise */
int sfip_is_loopback(sfip_t *ip) {
unsigned int *p;
int sfip_is_loopback(const sfaddr_t *ip) {
ARG_CHECK1(ip, 0);
if(sfip_family(ip) == AF_INET) {
// 127.0.0.0/8 is IPv4 loopback
return (ip->ip8[0] == 0x7f);
/* Check the first 80 bits in an IPv6 address, and */
/* verify they're zero. If not, it's not a loopback */
if(ip->ia32[0] || ip->ia32[1] || ip->ia16[4])
return 0;
if(ip->ia16[5] == 0xFFFF)
{
/* ::ffff:7f00:0/104 is ipv4 compatible ipv6 */
return (ip->ia8[12] == 0x7f);
}
p = ip->ip32;
/* Check the first 64 bits in an IPv6 address, and */
/* verify they're zero. If not, it's not a loopback */
if(p[0] || p[1]) return 0;
/* Check if the 3rd 32-bit int is zero */
if ( p[2] == 0 ) {
if(!ip->ia16[5])
{
/* ::7f00:0/104 is ipv4 compatible ipv6 */
/* ::1 is the IPv6 loopback */
return ( (ip->ip8[12] == 0x7f) || (ntohl(p[3]) == 0x1) );
}
/* Check the 3rd 32-bit int for a mapped IPv4 address */
if ( ntohl(p[2]) == 0xffff ) {
/* ::ffff:127.0.0.0/104 is IPv4 loopback mapped over IPv6 */
return ( ip->ip8[12] == 0x7f );
return (ip->ia32[3] == htonl(0x1) || ip->ia8[12] == 0x7f);
}
return 0;
}
int sfip_ismapped(sfip_t *ip) {
unsigned int *p;
ARG_CHECK1(ip, 0);
if(sfip_family(ip) == AF_INET)
return 0;
p = ip->ip32;
if(p[0] || p[1] || (ntohl(p[2]) != 0xffff && p[2] != 0)) return 0;
return 1;
}

423
include/sf_ip.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/*
** Copyright (C) 1998-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 1998-2013 Sourcefire, Inc.
** Adam Keeton
** Kevin Liu <kliu@sourcefire.com>
*
@ -18,7 +19,7 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*
@ -30,23 +31,18 @@
#ifndef SF_IP_H
#define SF_IP_H
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifndef WIN32
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#endif
#ifdef SF_IP_TEST
#define INLINE inline
#else
#include "debug.h" /* for INLINE definition */
#ifdef WIN32
#include <ws2tcpip.h>
#endif
#include "sf_types.h"
#include "snort_debug.h" /* for inline definition */
/* define SFIP_ROBUST to check pointers passed into the sfip libs.
* Robustification should not be enabled if the client code is trustworthy.
@ -76,24 +72,97 @@
#endif
typedef struct _ip {
int family;
int bits;
#ifndef WIN32
#if !defined(s6_addr8)
#define s6_addr8 __u6_addr.__u6_addr8
#endif
#if !defined(s6_addr16)
#define s6_addr16 __u6_addr.__u6_addr16
#endif
#if !defined(s6_addr32)
#define s6_addr32 __u6_addr.__u6_addr32
#endif
/* see sfip_size(): these address bytes
* must be the last field in this struct */
union
{
u_int8_t u6_addr8[16];
u_int16_t u6_addr16[8];
u_int32_t u6_addr32[4];
/* u_int64_t u6_addr64[2]; */
} ip;
#define ip8 ip.u6_addr8
#define ip16 ip.u6_addr16
#define ip32 ip.u6_addr32
/* #define ip64 ip.u6_addr64 */
} sfip_t;
#ifdef _WIN32
#pragma pack(push,1)
#endif
struct _sfaddr
{
struct in6_addr ip;
uint16_t family;
# define ia8 ip.s6_addr
# define ia16 ip.s6_addr16
# define ia32 ip.s6_addr32
#ifdef _WIN32
};
#pragma pack(pop)
#else
} __attribute__((__packed__));
#endif
typedef struct _sfaddr sfaddr_t;
#ifdef _WIN32
#pragma pack(push,1)
#endif
struct _ip {
sfaddr_t addr;
uint16_t bits;
# define ip8 addr.ip.s6_addr
# define ip16 addr.ip.s6_addr16
# define ip32 addr.ip.s6_addr32
# define ip_family addr.family
#ifdef _WIN32
};
#pragma pack(pop)
#else
} __attribute__((__packed__));
#endif
typedef struct _ip sfcidr_t;
#else // WIN32 Build
#if !defined(s6_addr8)
#define s6_addr8 u.u6_addr8
#endif
#if !defined(s6_addr16)
#define s6_addr16 u.u6_addr16
#endif
#if !defined(s6_addr32)
#define s6_addr32 u.u6_addr32
#endif
struct sf_in6_addr {
union {
uint8_t u6_addr8[16];
uint16_t u6_addr16[8];
uint32_t u6_addr32[4];
} in6_u;
};
#pragma pack(push,1)
struct _sfaddr {
struct in6_addr ip;
uint16_t family;
# define ia8 ip.s6_addr
# define ia16 ip.s6_addr16
# define ia32 ip.s6_addr32
};
typedef struct _sfaddr sfaddr_t;
struct _ip {
sfaddr_t addr;
uint16_t bits;
# define ip8 addr.ip.s6_addr
# define ip16 addr.ip.s6_addr16
# define ip32 addr.ip.s6_addr32
# define ip_family addr.family
};
typedef struct _ip sfcidr_t;
#pragma pack(pop)
#endif // WIN32
typedef enum _return_values {
SFIP_SUCCESS=0,
@ -112,7 +181,8 @@ typedef enum _return_values {
SFIP_LOOKUP_FAILURE, /* Failed to lookup a variable from the table */
SFIP_UNMATCHED_BRACKET, /* IP lists that are missing a closing bracket */
SFIP_NOT_ANY, /* For !any */
SFIP_CONFLICT /* For IP conflicts in IP lists */
SFIP_CONFLICT, /* For IP conflicts in IP lists */
SFIP_INVALID_VAR /* variable definition is invalid */
} SFIP_RET;
@ -120,51 +190,62 @@ typedef enum _return_values {
/* Parses "src" and stores results in "dst" */
/* If the conversion is invalid, returns SFIP_FAILURE */
SFIP_RET sfip_pton(const char *src, sfip_t *dst);
SFIP_RET sfaddr_pton(const char *src, sfaddr_t *dst);
SFIP_RET sfip_pton(const char *src, sfcidr_t *dst);
/* Allocate IP address from a character array describing the IP */
sfip_t *sfip_alloc(const char *ip, SFIP_RET *status);
sfcidr_t *sfip_alloc(const char *ip, SFIP_RET *status);
/* Frees an sfip_t */
void sfip_free(sfip_t *ip);
/* Frees an sfcidr_t */
void sfip_free(sfcidr_t *ip);
/* Allocate IP address from a character array describing the IP */
sfaddr_t *sfaddr_alloc(const char *ip, SFIP_RET *status);
/* Frees an sfaddr_t */
void sfaddr_free(sfaddr_t *ip);
/* Allocate IP address from an array of integers. The array better be
* long enough for the given family! */
sfip_t *sfip_alloc_raw(void *ip, int family, SFIP_RET *status);
sfaddr_t *sfip_alloc_raw(void *ip, int family, SFIP_RET *status);
/* Sets existing IP, "dst", to a raw source IP (4 or 16 bytes,
* according to family) */
SFIP_RET sfip_set_raw(sfip_t *dst, void *src, int src_family);
SFIP_RET sfip_set_raw(sfaddr_t *dst, const void *src, int src_family);
/* Sets existing IP, "dst", to be source IP, "src" */
SFIP_RET sfip_set_ip(sfip_t *dst, sfip_t *src);
#define sfip_set_ip(dst, src) *(dst) = *(src)
/* Obfuscates an IP */
void sfip_obfuscate(sfip_t *ob, sfip_t *ip);
/* return required size (eg for hashing)
* requires that address bytes be the last field in sfip_t */
static INLINE unsigned int sfip_size(sfip_t* ipt)
{
if ( ipt->family == AF_INET6 ) return sizeof(*ipt);
return (unsigned int)((ipt->ip.u6_addr8+4) - (u_int8_t*)ipt);
}
void sfip_obfuscate(sfcidr_t *ob, sfaddr_t *ip);
/* Member-access *******************************************************/
#define sfip_get_ip4_value(x) ((x)->ip32[3])
#define sfaddr_get_ip4_value(x) ((x)->ia32[3])
#define sfip_get_ip4_ptr(x) (&(x)->ip32[3])
#define sfip_get_ip6_ptr(x) ((x)->ip32)
#define sfip_get_ptr(x) (((x)->ip_family == AF_INET) ? &(x)->ip32[3] : (x)->ip32)
#define sfaddr_get_ip4_ptr(x) (&(x)->ia32[3])
#define sfaddr_get_ip6_ptr(x) ((x)->ia32)
#define sfaddr_get_ptr(x) (((x)->family == AF_INET) ? &(x)->ia32[3] : (x)->ia32)
/* Returns the family of "ip", either AF_INET or AF_INET6 */
/* XXX This is a performance critical function,
* need to determine if it's safe to not check these pointers */
/* ARG_CHECK1(ip, 0); */
#define sfip_family(ip) ip->family
#define sfaddr_family(x) ((x)->family)
#define sfip_family(x) ((x)->ip_family)
/* Returns the number of bits used for masking "ip" */
static INLINE unsigned char sfip_bits(sfip_t *ip) {
static inline unsigned char sfip_bits(const sfcidr_t *ip) {
ARG_CHECK1(ip, 0);
return (unsigned char)ip->bits;
}
static INLINE void sfip_set_bits(sfip_t *p, int bits) {
static inline void sfip_set_bits(sfcidr_t *p, int bits) {
if(!p)
return;
@ -175,7 +256,7 @@ static INLINE void sfip_set_bits(sfip_t *p, int bits) {
}
/* Returns the raw IP address as an in6_addr */
/* inline struct in6_addr sfip_to_raw(sfip_t *); */
/*inline struct in6_addr sfip_to_raw(sfcidr_t *); */
@ -183,28 +264,44 @@ static INLINE void sfip_set_bits(sfip_t *p, int bits) {
/* Check if ip is contained within the network specified by net */
/* Returns SFIP_EQUAL if so */
SFIP_RET sfip_contains(sfip_t *net, sfip_t *ip);
SFIP_RET sfip_contains(const sfcidr_t *net, const sfaddr_t *ip);
/* Returns 1 if the IP is non-zero. 0 otherwise */
/* XXX This is a performance critical function, \
* need to determine if it's safe to not check these pointers */\
static INLINE int sfip_is_set(sfip_t *ip) {
static inline int sfraw_is_set(const struct in6_addr *addr) {
/* ARG_CHECK1(ip, -1); */
return ip->ip32[0] ||
( (ip->family == AF_INET6) &&
(ip->ip32[1] ||
ip->ip32[2] ||
ip->ip32[3] || ip->bits != 128)) || ((ip->family == AF_INET) && ip->bits != 32) ;
return (addr->s6_addr32[3] || addr->s6_addr32[0] || addr->s6_addr32[1] || addr->s6_addr16[4] ||
(addr->s6_addr16[5] && addr->s6_addr16[5] != 0xFFFF)) ? 1 : 0;
}
static inline int sfaddr_is_set(const sfaddr_t *addr) {
/* ARG_CHECK1(ip, -1); */
return ((addr->family == AF_INET && addr->ia32[3]) ||
(addr->family == AF_INET6 &&
(addr->ia32[0] || addr->ia32[1] || addr->ia32[3] || addr->ia16[4] ||
(addr->ia16[5] && addr->ia16[5] != 0xFFFF)))) ? 1 : 0;
}
static inline int sfip_is_set(const sfcidr_t *ip) {
/* ARG_CHECK1(ip, -1); */
return (sfaddr_is_set(&ip->addr) ||
((ip->ip_family == AF_INET || ip->ip_family == AF_INET6) &&
ip->bits != 128)) ? 1 : 0;
}
/* Return 1 if the IP is a loopback IP */
int sfip_is_loopback(sfip_t *ip);
int sfip_is_loopback(const sfaddr_t *ip);
/* Returns 1 if the IPv6 address appears mapped. 0 otherwise. */
int sfip_ismapped(sfip_t *ip);
static inline int sfip_ismapped(const sfaddr_t *ip) {
ARG_CHECK1(ip, 0);
return (ip->ia32[0] || ip->ia32[1] || ip->ia16[4] || (ip->ia16[5] != 0xffff && ip->ia16[5])) ? 0 : 1;
}
/* Support function for sfip_compare */
static INLINE SFIP_RET _ip4_cmp(u_int32_t ip1, u_int32_t ip2) {
static inline SFIP_RET _ip4_cmp(u_int32_t ip1, u_int32_t ip2) {
u_int32_t hip1 = htonl(ip1);
u_int32_t hip2 = htonl(ip2);
if(hip1 < hip2) return SFIP_LESSER;
@ -213,9 +310,9 @@ static INLINE SFIP_RET _ip4_cmp(u_int32_t ip1, u_int32_t ip2) {
}
/* Support function for sfip_compare */
static INLINE SFIP_RET _ip6_cmp(sfip_t *ip1, sfip_t *ip2) {
static inline SFIP_RET _ip6_cmp(const sfaddr_t *ip1, const sfaddr_t *ip2) {
SFIP_RET ret;
u_int32_t *p1, *p2;
const uint32_t *p1, *p2;
/* XXX
* Argument are assumed trusted!
@ -223,8 +320,8 @@ static INLINE SFIP_RET _ip6_cmp(sfip_t *ip1, sfip_t *ip2) {
* on validated pointers.
* XXX */
p1 = ip1->ip32;
p2 = ip2->ip32;
p1 = sfaddr_get_ip6_ptr(ip1);
p2 = sfaddr_get_ip6_ptr(ip2);
if( (ret = _ip4_cmp(p1[0], p2[0])) != SFIP_EQUAL) return ret;
if( (ret = _ip4_cmp(p1[1], p2[1])) != SFIP_EQUAL) return ret;
@ -239,7 +336,7 @@ static INLINE SFIP_RET _ip6_cmp(sfip_t *ip1, sfip_t *ip2) {
* or greater than ip2 In the case of mismatched families, the IPv4 address
* is converted to an IPv6 representation. */
/* XXX-IPv6 Should add version of sfip_compare that just tests equality */
static INLINE SFIP_RET sfip_compare(sfip_t *ip1, sfip_t *ip2) {
static inline SFIP_RET sfip_compare(const sfaddr_t *ip1, const sfaddr_t *ip2) {
int f1,f2;
ARG_CHECK2(ip1, ip2, SFIP_ARG_ERR);
@ -247,32 +344,15 @@ static INLINE SFIP_RET sfip_compare(sfip_t *ip1, sfip_t *ip2) {
/* This is being done because at some points in the existing Snort code,
* an unset IP is considered to match anything. Thus, if either IP is not
* set here, it's considered equal. */
if(!sfip_is_set(ip1) || !sfip_is_set(ip2)) return SFIP_EQUAL;
if(!sfaddr_is_set(ip1) || !sfaddr_is_set(ip2)) return SFIP_EQUAL;
f1 = sfip_family(ip1);
f2 = sfip_family(ip2);
f1 = sfaddr_family(ip1);
f2 = sfaddr_family(ip2);
if(f1 == AF_INET && f2 == AF_INET) {
return _ip4_cmp(*ip1->ip32, *ip2->ip32);
return _ip4_cmp(sfaddr_get_ip4_value(ip1), sfaddr_get_ip4_value(ip2));
}
/* Mixed families not presently supported */
#if 0
else if(f1 == AF_INET && f2 == AF_INET6) {
conv = sfip_4to6(ip1);
return _ip6_cmp(&conv, ip2);
} else if(f1 == AF_INET6 && f2 == AF_INET) {
conv = sfip_4to6(ip2);
return _ip6_cmp(ip1, &conv);
}
else {
return _ip6_cmp(ip1, ip2);
}
#endif
else if(f1 == AF_INET6 && f2 == AF_INET6) {
return _ip6_cmp(ip1, ip2);
}
return SFIP_FAILURE;
}
/* Compares two IPs
@ -280,7 +360,7 @@ static INLINE SFIP_RET sfip_compare(sfip_t *ip1, sfip_t *ip2) {
* or greater than ip2 In the case of mismatched families, the IPv4 address
* is converted to an IPv6 representation. */
/* XXX-IPv6 Should add version of sfip_compare that just tests equality */
static INLINE SFIP_RET sfip_compare_unset(sfip_t *ip1, sfip_t *ip2) {
static inline SFIP_RET sfip_compare_unset(const sfaddr_t *ip1, const sfaddr_t *ip2) {
int f1,f2;
ARG_CHECK2(ip1, ip2, SFIP_ARG_ERR);
@ -289,49 +369,32 @@ static INLINE SFIP_RET sfip_compare_unset(sfip_t *ip1, sfip_t *ip2) {
* unset is considered to match nothing. This is the opposite of
* sfip_compare(), defined above. Thus, if either IP is not
* set here, it's considered not equal. */
if(!sfip_is_set(ip1) || !sfip_is_set(ip2)) return SFIP_FAILURE;
if(!sfaddr_is_set(ip1) || !sfaddr_is_set(ip2)) return SFIP_FAILURE;
f1 = sfip_family(ip1);
f2 = sfip_family(ip2);
f1 = sfaddr_family(ip1);
f2 = sfaddr_family(ip2);
if(f1 == AF_INET && f2 == AF_INET) {
return _ip4_cmp(*ip1->ip32, *ip2->ip32);
return _ip4_cmp(sfaddr_get_ip4_value(ip1), sfaddr_get_ip4_value(ip2));
}
/* Mixed families not presently supported */
#if 0
else if(f1 == AF_INET && f2 == AF_INET6) {
conv = sfip_4to6(ip1);
return _ip6_cmp(&conv, ip2);
} else if(f1 == AF_INET6 && f2 == AF_INET) {
conv = sfip_4to6(ip2);
return _ip6_cmp(ip1, &conv);
}
else {
return _ip6_cmp(ip1, ip2);
}
#endif
else if(f1 == AF_INET6 && f2 == AF_INET6) {
return _ip6_cmp(ip1, ip2);
}
return SFIP_FAILURE;
}
static INLINE int sfip_fast_lt4(sfip_t *ip1, sfip_t *ip2) {
return *ip1->ip32 < *ip2->ip32;
static inline int sfip_fast_lt4(const sfaddr_t *ip1, const sfaddr_t *ip2) {
return sfaddr_get_ip4_value(ip1) < sfaddr_get_ip4_value(ip2);
}
static INLINE int sfip_fast_gt4(sfip_t *ip1, sfip_t *ip2) {
return *ip1->ip32 > *ip2->ip32;
static inline int sfip_fast_gt4(const sfaddr_t *ip1, const sfaddr_t *ip2) {
return sfaddr_get_ip4_value(ip1) > sfaddr_get_ip4_value(ip2);
}
static INLINE int sfip_fast_eq4(sfip_t *ip1, sfip_t *ip2) {
return *ip1->ip32 == *ip2->ip32;
static inline int sfip_fast_eq4(const sfaddr_t *ip1, const sfaddr_t *ip2) {
return sfaddr_get_ip4_value(ip1) == sfaddr_get_ip4_value(ip2);
}
static INLINE int sfip_fast_lt6(sfip_t *ip1, sfip_t *ip2) {
u_int32_t *p1, *p2;
static inline int sfip_fast_lt6(const sfaddr_t *ip1, const sfaddr_t *ip2) {
const uint32_t *p1, *p2;
p1 = ip1->ip32;
p2 = ip2->ip32;
p1 = sfaddr_get_ip6_ptr(ip1);
p2 = sfaddr_get_ip6_ptr(ip2);
if(*p1 < *p2) return 1;
else if(*p1 > *p2) return 0;
@ -348,11 +411,11 @@ static INLINE int sfip_fast_lt6(sfip_t *ip1, sfip_t *ip2) {
return 0;
}
static INLINE int sfip_fast_gt6(sfip_t *ip1, sfip_t *ip2) {
u_int32_t *p1, *p2;
static inline int sfip_fast_gt6(const sfaddr_t *ip1, const sfaddr_t *ip2) {
const uint32_t *p1, *p2;
p1 = ip1->ip32;
p2 = ip2->ip32;
p1 = sfaddr_get_ip6_ptr(ip1);
p2 = sfaddr_get_ip6_ptr(ip2);
if(*p1 > *p2) return 1;
else if(*p1 < *p2) return 0;
@ -369,11 +432,11 @@ static INLINE int sfip_fast_gt6(sfip_t *ip1, sfip_t *ip2) {
return 0;
}
static INLINE int sfip_fast_eq6(sfip_t *ip1, sfip_t *ip2) {
u_int32_t *p1, *p2;
static inline int sfip_fast_eq6(const sfaddr_t *ip1, const sfaddr_t *ip2) {
const uint32_t *p1, *p2;
p1 = ip1->ip32;
p2 = ip2->ip32;
p1 = sfaddr_get_ip6_ptr(ip1);
p2 = sfaddr_get_ip6_ptr(ip2);
if(*p1 != *p2) return 0;
if(p1[1] != p2[1]) return 0;
@ -384,31 +447,35 @@ static INLINE int sfip_fast_eq6(sfip_t *ip1, sfip_t *ip2) {
}
/* Checks if ip2 is equal to ip1 or contained within the CIDR ip1 */
static INLINE int sfip_fast_cont4(sfip_t *ip1, sfip_t *ip2) {
u_int32_t shift = 32 - sfip_bits(ip1);
u_int32_t ip = ntohl(*ip2->ip32);
static inline int sfip_fast_cont4(const sfcidr_t *ip1, const sfaddr_t *ip2) {
uint32_t shift = 128 - sfip_bits(ip1);
uint32_t ip = ntohl(sfaddr_get_ip4_value(ip2));
uint32_t ip3 = ntohl(sfip_get_ip4_value(ip1));
ip >>= shift;
ip <<= shift;
return ntohl(*ip1->ip32) == ip;
if(ip3 == 0)
return 1;
return (ip3 == ip);
}
/* Checks if ip2 is equal to ip1 or contained within the CIDR ip1 */
static INLINE int sfip_fast_cont6(sfip_t *ip1, sfip_t *ip2) {
u_int32_t ip;
static inline int sfip_fast_cont6(const sfcidr_t *ip1, const sfaddr_t *ip2) {
uint32_t ip;
int i, bits = sfip_bits(ip1);
int words = bits / 32;
bits = 32 - (bits % 32);
for ( i = 0; i < words; i++ ) {
if ( ip1->ip32[i] != ip2->ip32[i] )
if ( ip1->ip32[i] != ip2->ia32[i] )
return 0;
}
if ( bits == 32 ) return 1;
ip = ntohl(ip2->ip32[i]);
ip = ntohl(ip2->ia32[i]);
ip >>= bits;
ip <<= bits;
@ -416,6 +483,89 @@ static INLINE int sfip_fast_cont6(sfip_t *ip1, sfip_t *ip2) {
return ntohl(ip1->ip32[i]) == ip;
}
/* Compares two IPs
* Returns 1 for equal and 0 for not equal
*/
static inline int sfip_fast_equals_raw(const sfaddr_t *ip1, const sfaddr_t *ip2)
{
int f1,f2;
ARG_CHECK2(ip1, ip2, 0);
f1 = sfaddr_family(ip1);
f2 = sfaddr_family(ip2);
if(f1 == AF_INET)
{
if(f2 != AF_INET)
return 0;
if (sfip_fast_eq4(ip1, ip2))
return 1;
}
else if(f1 == AF_INET6)
{
if(f2 != AF_INET6)
return 0;
if (sfip_fast_eq6(ip1, ip2))
return 1;
}
return 0;
}
/********************************************************************
* Function: sfip_is_private()
*
* Checks if the address is local
*
* Arguments:
* sfcidr_t * - IP address to check
*
* Returns:
* 1 if the IP is in local network
* 0 otherwise
*
********************************************************************/
static inline int sfip_is_private(const sfaddr_t *ip)
{
ARG_CHECK1(ip, 0);
/* Check the first 80 bits in an IPv6 address, and */
/* verify they're zero. If not, it's not a loopback */
if(ip->ia32[0] || ip->ia32[1] || ip->ia16[4]) return 0;
if ( ip->ia16[5] == 0xffff ) {
/* ::ffff: IPv4 mapped over IPv6 */
/*
* 10.0.0.0 - 10.255.255.255 (10/8 prefix)
* 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
* 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
* */
return ( (ip->ia8[12] == 10)
||((ip->ia8[12] == 172) && ((ip->ia8[13] & 0xf0 ) == 16))
||((ip->ia8[12] == 192) && (ip->ia8[13] == 168)) );
}
/* Check if the 3rd 32-bit int is zero */
if ( !ip->ia16[5] ) {
/* ::ipv4 compatible ipv6 */
/* ::1 is the IPv6 loopback */
return ( (ip->ia8[12] == 10)
||((ip->ia8[12] == 172) && ((ip->ia8[13] & 0xf0 ) == 16))
||((ip->ia8[12] == 192) && (ip->ia8[13] == 168))
|| (ip->ia32[3] == htonl(0x1)) );
}
return 0;
}
static inline void sfaddr_copy_to_raw(struct in6_addr *dst, const sfaddr_t *src)
{
dst->s6_addr32[0] = src->ia32[0];
dst->s6_addr32[1] = src->ia32[1];
dst->s6_addr32[2] = src->ia32[2];
dst->s6_addr32[3] = src->ia32[3];
}
#define sfip_equals(x,y) (sfip_compare(&x, &y) == SFIP_EQUAL)
#define sfip_not_equals !sfip_equals
#define sfip_clear(x) memset(x, 0, 16)
@ -423,9 +573,14 @@ static INLINE int sfip_fast_cont6(sfip_t *ip1, sfip_t *ip2) {
/* Printing ************************************************************/
/* Uses a static buffer to return a string representation of the IP */
char *sfip_to_str(const sfip_t *ip);
char *sfip_to_str(const sfaddr_t *ip);
#define sfip_ntoa(x) sfip_to_str(x)
void sfip_raw_ntop(int family, const void *ip_raw, char *buf, int bufsize);
void sfip_ntop(const sfaddr_t *ip, char *buf, int bufsize);
/* Conversions *********************************************************/
SFIP_RET sfip_convert_ip_text_to_binary( const int, const char *src, void *dst );
#endif /* SF_IP_H */

25
include/sf_ipvar.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/*
** Copyright (C) 1998-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 1998-2013 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
@ -14,7 +15,7 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*
@ -41,15 +42,12 @@ typedef enum _modes {
SFIP_TABLE
} MODES;
/* Used by the "list" mode. A doubly linked list of sfip_t objects. */
/* Used by the "list" mode. A doubly linked list of sfcidr_t objects. */
typedef struct _ip_node {
sfip_t *ip;
#ifdef SUP_IP6
#define ip_addr ip; /* To ease porting Snort */
#endif
sfcidr_t *ip;
struct _ip_node *next;
int flags;
/* XXX */
// XXX
int addr_flags; /* Flags used exlusively by Snort */
/* Keeping these variables seperate keeps
* this from stepping on Snort's toes. */
@ -68,13 +66,14 @@ typedef struct _var_t {
/* The mode above will select whether to use the sfip_node_t linked list
* or the IP routing table */
/* sfrt rt; */
// sfrt rt;
/* Linked list of IP variables for the variable table */
struct _var_t *next;
uint32_t id;
char *name;
char *value;
} sfip_var_t;
/* A variable table for storing and looking up variables */
@ -125,12 +124,14 @@ void sfvar_free(sfip_var_t *var);
/* Returns non-zero if ip is contained in 'var', 0 otherwise */
/* If either argument is NULL, 0 is returned. */
int sfvar_ip_in(sfip_var_t *var, sfip_t *ip);
int sfvar_ip_in(sfip_var_t *var, sfaddr_t *ip);
/* Prints the variable "var" to the file descriptor 'f' */
void sfvar_print(FILE *f, sfip_var_t *var);
void sfvar_print(const char *prefix, sfip_var_t *var);
void sfip_set_print(const char *prefix, sfip_node_t *head);
void sfip_set_print(FILE *f, sfip_node_t *head);
void sfvar_print_to_file(FILE *f, sfip_var_t *var);
void sfip_set_print_to_file(FILE *f, sfip_node_t *head);
/* Returns the node's flags */
int sfvar_flags(sfip_node_t *node);

112
include/sf_protocols.h Executable file
View file

@ -0,0 +1,112 @@
/* $Id$ */
/****************************************************************************
*
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
#ifndef __SF_PROTOCOLS_H__
#define __SF_PROTOCOLS_H__
typedef uint8_t IpProto;
typedef enum {
PROTO_ETH, /* DecodeEthPkt */
PROTO_FPATH, /* FabricPath - handled by DecodeEthPkt */
PROTO_CISCO_META, /* Cisco Metadata - handled by DecodeEthPkt */
PROTO_IP4, /* DecodeIP */
/* DecodeIPOptions - handled with IP4 */
PROTO_ICMP4, /* DecodeICMP */
PROTO_ICMP_IP4, /* DecodeICMPEmbeddedIP */
PROTO_UDP, /* DecodeUDP */
PROTO_TCP, /* DecodeTCP */
/* DecodeTCPOptions - handled with TCP */
PROTO_IP6, /* DecodeIPV6 */
/* DecodeIPV6Extensions - nothing to do here, calls below */
PROTO_IP6_HOP_OPTS, /* DecodeIPV6Options - ip6 hop, dst, rte, and frag exts */
PROTO_IP6_DST_OPTS,
PROTO_ICMP6, /* DecodeICMP6 */
PROTO_ICMP_IP6, /* DecodeICMPEmbeddedIP6 */
PROTO_VLAN, /* DecodeVlan */
#ifdef GRE
PROTO_GRE, /* DecodeGRE */
/* DecodeTransBridging - basically same as DecodeEthPkt */
PROTO_ERSPAN, /* DecodeERSPANType2 and DecodeERSPANType3 */
#endif
PROTO_PPPOE, /* DecodePPPoEPkt */
PROTO_PPP_ENCAP, /* DecodePppPktEncapsulated */
PROTO_MPLS, /* DecodeMPLS - decoder changes pkth len/caplen! */
/* DecodeEthOverMPLS - basically same as straight eth */
PROTO_ARP, /* DecodeARP */
PROTO_GTP, /* DecodeGTP */
PROTO_AH, /* DecodeAH - Authentication Header (IPSec stuff) */
#ifndef NO_NON_ETHER_DECODER
PROTO_TR, /* DecodeTRPkt */
PROTO_FDDI, /* DecodeFDDIPkt */
PROTO_LSLL, /* DecodeLinuxSLLPkt sockaddr_ll for "any" device and */
/* certain misbehaving link layer encapsulations */
PROTO_80211, /* DecodeIEEE80211Pkt */
PROTO_SLIP, /* DecodeSlipPkt - actually, based on header size, this */
/* must be CSLIP (TCP/IP header compression) but all it */
/* does is skip over the presumed header w/o expanding */
/* and then jumps into IP4 decoding only; also, the actual */
/* esc/end sequences must already have been removed because */
/* there is no attempt to do that. */
PROTO_L2I4, /* DecodeI4LRawIPPkt - always skips 2 bytes and then does */
/* IP4 decoding only */
PROTO_L2I4C, /* DecodeI4LCiscoIPPkt -always skips 4 bytes and then does */
/* IP4 decoding only */
PROTO_CHDLC, /* DecodeChdlcPkt - skips 4 bytes and decodes IP4 only. */
PROTO_PFLOG, /* DecodePflog */
PROTO_OLD_PFLOG, /* DecodeOldPflog */
PROTO_PPP, /* DecodePppPkt - weird - optionally skips addr and cntl */
/* bytes; what about flag and protocol? */
/* calls only DecodePppPktEncapsulated. */
PROTO_PPP_SERIAL, /* DecodePppSerialPkt - also weird - requires addr, cntl, */
/* and proto (no flag) but optionally skips only 2 bytes */
/* (presumably the trailer w/chksum is already stripped) */
/* Calls either DecodePppPktEncapsulated or DecodeChdlcPkt. */
PROTO_ENC, /* DecodeEncPkt - skips 12 bytes and decodes IP4 only. */
/* (add family + "spi" + "flags" - don't know what this is) */
PROTO_EAP, /* DecodeEAP */
PROTO_EAPOL, /* DecodeEapol - leaf decoder */
PROTO_EAPOL_KEY, /* DecodeEapolKey - leaf decoder */
#endif /* NO_NON_ETHER_DECODER */
PROTO_MAX
} PROTO_ID;
/* DecodeIPX - just counts; no decoding */
/* DecodeEthLoopback - same as ipx */
/* DecodeRawPkt - jumps straight into IP4 decoding */
/* there is nothing to do */
/* DecodeNullPkt - same as DecodeRawPkt */
typedef struct {
PROTO_ID proto;
uint16_t length;
uint8_t* start;
} Layer;
#endif /* __PROTOCOLS_H__ */

653
include/sf_snort_packet.h Normal file → Executable file
View file

@ -14,9 +14,10 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
* Author: Steve Sturges
* Andy Mullican
@ -30,10 +31,6 @@
#ifndef _SF_SNORT_PACKET_H_
#define _SF_SNORT_PACKET_H_
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifndef WIN32
#include <sys/types.h>
#include <netinet/in.h>
@ -42,27 +39,64 @@
#include <windows.h>
#endif
#include <daq.h>
#include <sfbpf_dlt.h>
#include "sf_ip.h"
#include "sf_protocols.h"
#include "preprocids.h"
#define VLAN_HDR_LEN 4
/* for vrt backwards compatibility */
#define pcap_header pkt_header
typedef int (*LogFunction)(void *ssnptr, uint8_t **buf, uint32_t *len, uint32_t *type);
typedef DAQ_PktHdr_t SFDAQ_PktHdr_t;
#define VTH_PRIORITY(vh) ((ntohs((vh)->vth_pri_cfi_vlan) & 0xe000) >> 13)
#define VTH_CFI(vh) ((ntohs((vh)->vth_pri_cfi_vlan) & 0x1000) >> 12)
#define VTH_VLAN(vh) ((uint16_t)(ntohs((vh)->vth_pri_cfi_vlan) & 0x0FFF))
typedef struct _VlanHeader
{
u_int16_t vth_pri_cfi_vlan;
u_int16_t vth_proto; /* protocol field... */
uint16_t vth_pri_cfi_vlan;
uint16_t vth_proto; /* protocol field... */
} VlanHeader;
/* #define NO_NON_ETHER_DECODER */
/*#define NO_NON_ETHER_DECODER */
#define ETHER_HDR_LEN 14
#define ETHERNET_TYPE_IP 0x0800
#define ETHERNET_TYPE_IPV6 0x86dd
#define ETHERNET_TYPE_8021Q 0x8100
/*
* Cisco MetaData header
*/
typedef struct _CiscoMetaHdr
{
uint8_t version; // This must be 1
uint8_t length; //This is the header size in bytes / 8
} CiscoMetaHdr;
/*
* Cisco MetaData header options
*/
typedef struct _CiscoMetaOpt
{
uint16_t opt_len_type; /* 3-bit length + 13-bit type. Length of 0 = 4. Type must be 1. */
uint16_t sgt; /* Can be any value except 0xFFFF */
} CiscoMetaOpt;
typedef struct _EtherHeader
{
u_int8_t ether_destination[6];
u_int8_t ether_source[6];
u_int16_t ethernet_type;
uint8_t ether_destination[6];
uint8_t ether_source[6];
uint16_t ethernet_type;
} EtherHeader;
@ -90,20 +124,21 @@ typedef struct _EtherHeader
typedef struct _IPV4Header
{
u_int8_t version_headerlength;
u_int8_t type_service;
u_int16_t data_length;
u_int16_t identifier;
u_int16_t offset;
u_int8_t time_to_live;
u_int8_t proto;
u_int16_t checksum;
uint8_t version_headerlength;
uint8_t type_service;
uint16_t data_length;
uint16_t identifier;
uint16_t offset;
uint8_t time_to_live;
uint8_t proto;
uint16_t checksum;
struct in_addr source;
struct in_addr destination;
} IPV4Header;
#define MAX_LOG_FUNC 32
#define MAX_IP_OPTIONS 40
#define MAX_IP6_EXTENSIONS 40
/* ip option codes */
#define IPOPTION_EOL 0x00
#define IPOPTION_NOP 0x01
@ -118,9 +153,9 @@ typedef struct _IPV4Header
typedef struct _IPOptions
{
u_int8_t option_code;
u_int8_t length;
u_int8_t *option_data;
uint8_t option_code;
uint8_t length;
uint8_t *option_data;
} IPOptions;
@ -128,15 +163,15 @@ typedef struct _IPOptions
typedef struct _TCPHeader
{
u_int16_t source_port;
u_int16_t destination_port;
u_int32_t sequence;
u_int32_t acknowledgement;
u_int8_t offset_reserved;
u_int8_t flags;
u_int16_t window;
u_int16_t checksum;
u_int16_t urgent_pointer;
uint16_t source_port;
uint16_t destination_port;
uint32_t sequence;
uint32_t acknowledgement;
uint8_t offset_reserved;
uint8_t flags;
uint16_t window;
uint16_t checksum;
uint16_t urgent_pointer;
} TCPHeader;
#define TCPHEADER_FIN 0x01
@ -145,8 +180,8 @@ typedef struct _TCPHeader
#define TCPHEADER_PUSH 0x08
#define TCPHEADER_ACK 0x10
#define TCPHEADER_URG 0x20
#define TCPHEADER_RES2 0x40
#define TCPHEADER_RES1 0x80
#define TCPHEADER_ECE 0x40
#define TCPHEADER_CWR 0x80
#define TCPHEADER_NORESERVED (TCPHEADER_FIN|TCPHEADER_SYN|TCPHEADER_RST \
|TCPHEADER_PUSH|TCPHEADER_ACK|TCPHEADER_URG)
@ -171,28 +206,28 @@ typedef IPOptions TCPOptions;
typedef struct _UDPHeader
{
u_int16_t source_port;
u_int16_t destination_port;
u_int16_t data_length;
u_int16_t checksum;
uint16_t source_port;
uint16_t destination_port;
uint16_t data_length;
uint16_t checksum;
} UDPHeader;
typedef struct _ICMPSequenceID
{
u_int16_t id;
u_int16_t seq;
uint16_t id;
uint16_t seq;
} ICMPSequenceID;
typedef struct _ICMPHeader
{
u_int8_t type;
u_int8_t code;
u_int16_t checksum;
uint8_t type;
uint8_t code;
uint16_t checksum;
union
{
/* type 12 */
u_int8_t parameter_problem_ptr;
uint8_t parameter_problem_ptr;
/* type 5 */
struct in_addr gateway_addr;
@ -211,16 +246,16 @@ typedef struct _ICMPHeader
/* type 3/code=4 (Path MTU, RFC 1191) */
struct path_mtu
{
u_int16_t voidInfo;
u_int16_t next_mtu;
uint16_t voidInfo;
uint16_t next_mtu;
} path_mtu;
/* type 9 */
struct router_advertisement
{
u_int8_t number_addrs;
u_int8_t entry_size;
u_int16_t lifetime;
uint8_t number_addrs;
uint8_t entry_size;
uint16_t lifetime;
} router_advertisement;
} icmp_header_union;
@ -243,9 +278,9 @@ typedef struct _ICMPHeader
/* timestamp */
struct timestamp
{
u_int32_t orig;
u_int32_t receive;
u_int32_t transmit;
uint32_t orig;
uint32_t receive;
uint32_t transmit;
} timestamp;
/* IP header for unreach */
@ -258,12 +293,12 @@ typedef struct _ICMPHeader
/* Router Advertisement */
struct router_address
{
u_int32_t addr;
u_int32_t preference;
uint32_t addr;
uint32_t preference;
} router_address;
/* type 17, 18 */
u_int32_t mask;
uint32_t mask;
char data[1];
@ -293,57 +328,80 @@ typedef struct _ICMPHeader
#define ICMP_ADDRESS_REQUEST 17 /* Address Mask Request */
#define ICMP_ADDRESS_REPLY 18 /* Address Mask Reply */
#define CHECKSUM_INVALID_IP 0x01
#define CHECKSUM_INVALID_TCP 0x02
#define CHECKSUM_INVALID_UDP 0x04
#define CHECKSUM_INVALID_ICMP 0x08
#define CHECKSUM_INVALID_IGMP 0x10
#define INVALID_CHECKSUM_IP 0x01
#define INVALID_CHECKSUM_TCP 0x02
#define INVALID_CHECKSUM_UDP 0x04
#define INVALID_CHECKSUM_ICMP 0x08
#define INVALID_CHECKSUM_IGMP 0x10
#define INVALID_CHECKSUM_ALL 0x1F
#define INVALID_TTL 0x20
typedef struct _IPv6Extension
{
u_int8_t option_type;
const u_int8_t *option_data;
uint8_t option_type;
const uint8_t *option_data;
} IP6Extension;
typedef struct _IPAddresses
{
sfaddr_t ip_src; /* source IP */
sfaddr_t ip_dst; /* dest IP */
} IPAddresses;
typedef struct _IPv4Hdr
{
u_int8_t ip_verhl; /* version & header length */
u_int8_t ip_tos; /* type of service */
u_int16_t ip_len; /* datagram length */
u_int16_t ip_id; /* identification */
u_int16_t ip_off; /* fragment offset */
u_int8_t ip_ttl; /* time to live field */
u_int8_t ip_proto; /* datagram protocol */
u_int16_t ip_csum; /* checksum */
sfip_t ip_src; /* source IP */
sfip_t ip_dst; /* dest IP */
uint8_t ip_verhl; /* version & header length */
uint8_t ip_tos; /* type of service */
uint16_t ip_len; /* datagram length */
uint16_t ip_id; /* identification */
uint16_t ip_off; /* fragment offset */
uint8_t ip_ttl; /* time to live field */
uint8_t ip_proto; /* datagram protocol */
uint16_t ip_csum; /* checksum */
IPAddresses* ip_addrs; /* IP addresses*/
} IP4Hdr;
typedef struct _IP6RawHdr
{
uint32_t vcl; /* version, class, and label */
uint16_t payload_len; /* length of the payload */
uint8_t next_header; /* same values as ip4 protocol field + new ip6 values */
uint8_t hop_limit; /* same usage as ip4 ttl */
struct in6_addr src_addr;
struct in6_addr dst_addr;
} IP6RawHdr;
#define ip6_vcl vcl
#define ip6_payload_len payload_len
#define ip6_next_header next_header
#define ip6_hop_limit hop_limit
#define ip6_hops hop_limit
typedef struct _IPv6Hdr
{
u_int32_t vcl; /* version, class, and label */
u_int16_t len; /* length of the payload */
u_int8_t next; /* next header
uint32_t vcl; /* version, class, and label */
uint16_t len; /* length of the payload */
uint8_t next; /* next header
* Uses the same flags as
* the IPv4 protocol field */
u_int8_t hop_lmt; /* hop limit */
sfip_t ip_src;
sfip_t ip_dst;
uint8_t hop_lmt; /* hop limit */
IPAddresses* ip_addrs; /* IP addresses*/
} IP6Hdr;
typedef struct _IP6FragHdr
{
u_int8_t ip6f_nxt; /* next header */
u_int8_t ip6f_reserved; /* reserved field */
u_int16_t ip6f_offlg; /* offset, reserved, and flag */
u_int32_t ip6f_ident; /* identification */
uint8_t ip6f_nxt; /* next header */
uint8_t ip6f_reserved; /* reserved field */
uint16_t ip6f_offlg; /* offset, reserved, and flag */
uint32_t ip6f_ident; /* identification */
} IP6FragHdr;
typedef struct _ICMP6
{
u_int8_t type;
u_int8_t code;
u_int16_t csum;
uint8_t type;
uint8_t code;
uint16_t csum;
} ICMP6Hdr;
@ -359,79 +417,44 @@ typedef struct _ICMP6
struct _SFSnortPacket;
/* IPHeader access calls */
sfip_t * ip4_ret_src(struct _SFSnortPacket *);
sfip_t * ip4_ret_dst(struct _SFSnortPacket *);
u_int16_t ip4_ret_tos(struct _SFSnortPacket *);
u_int8_t ip4_ret_ttl(struct _SFSnortPacket *);
u_int16_t ip4_ret_len(struct _SFSnortPacket *);
u_int32_t ip4_ret_id(struct _SFSnortPacket *);
u_int8_t ip4_ret_proto(struct _SFSnortPacket *);
u_int16_t ip4_ret_off(struct _SFSnortPacket *);
u_int8_t ip4_ret_ver(struct _SFSnortPacket *);
u_int8_t ip4_ret_hlen(struct _SFSnortPacket *);
sfip_t * orig_ip4_ret_src(struct _SFSnortPacket *);
sfip_t * orig_ip4_ret_dst(struct _SFSnortPacket *);
u_int16_t orig_ip4_ret_tos(struct _SFSnortPacket *);
u_int8_t orig_ip4_ret_ttl(struct _SFSnortPacket *);
u_int16_t orig_ip4_ret_len(struct _SFSnortPacket *);
u_int32_t orig_ip4_ret_id(struct _SFSnortPacket *);
u_int8_t orig_ip4_ret_proto(struct _SFSnortPacket *);
u_int16_t orig_ip4_ret_off(struct _SFSnortPacket *);
u_int8_t orig_ip4_ret_ver(struct _SFSnortPacket *);
u_int8_t orig_ip4_ret_hlen(struct _SFSnortPacket *);
sfip_t * ip6_ret_src(struct _SFSnortPacket *);
sfip_t * ip6_ret_dst(struct _SFSnortPacket *);
u_int16_t ip6_ret_toc(struct _SFSnortPacket *);
u_int8_t ip6_ret_hops(struct _SFSnortPacket *);
u_int16_t ip6_ret_len(struct _SFSnortPacket *);
u_int32_t ip6_ret_id(struct _SFSnortPacket *);
u_int8_t ip6_ret_next(struct _SFSnortPacket *);
u_int16_t ip6_ret_off(struct _SFSnortPacket *);
u_int8_t ip6_ret_ver(struct _SFSnortPacket *);
u_int8_t ip6_ret_hlen(struct _SFSnortPacket *);
sfip_t * orig_ip6_ret_src(struct _SFSnortPacket *);
sfip_t * orig_ip6_ret_dst(struct _SFSnortPacket *);
u_int16_t orig_ip6_ret_toc(struct _SFSnortPacket *);
u_int8_t orig_ip6_ret_hops(struct _SFSnortPacket *);
u_int16_t orig_ip6_ret_len(struct _SFSnortPacket *);
u_int32_t orig_ip6_ret_id(struct _SFSnortPacket *);
u_int8_t orig_ip6_ret_next(struct _SFSnortPacket *);
u_int16_t orig_ip6_ret_off(struct _SFSnortPacket *);
u_int8_t orig_ip6_ret_ver(struct _SFSnortPacket *);
u_int8_t orig_ip6_ret_hlen(struct _SFSnortPacket *);
typedef struct _IPH_API
{
sfip_t * (*iph_ret_src)(struct _SFSnortPacket *);
sfip_t * (*iph_ret_dst)(struct _SFSnortPacket *);
u_int16_t (*iph_ret_tos)(struct _SFSnortPacket *);
u_int8_t (*iph_ret_ttl)(struct _SFSnortPacket *);
u_int16_t (*iph_ret_len)(struct _SFSnortPacket *);
u_int32_t (*iph_ret_id)(struct _SFSnortPacket *);
u_int8_t (*iph_ret_proto)(struct _SFSnortPacket *);
u_int16_t (*iph_ret_off)(struct _SFSnortPacket *);
u_int8_t (*iph_ret_ver)(struct _SFSnortPacket *);
u_int8_t (*iph_ret_hlen)(struct _SFSnortPacket *);
sfaddr_t * (*iph_ret_src)(const struct _SFSnortPacket *);
sfaddr_t * (*iph_ret_dst)(const struct _SFSnortPacket *);
uint16_t (*iph_ret_tos)(const struct _SFSnortPacket *);
uint8_t (*iph_ret_ttl)(const struct _SFSnortPacket *);
uint16_t (*iph_ret_len)(const struct _SFSnortPacket *);
uint32_t (*iph_ret_id)(const struct _SFSnortPacket *);
uint8_t (*iph_ret_proto)(const struct _SFSnortPacket *);
uint16_t (*iph_ret_off)(const struct _SFSnortPacket *);
uint8_t (*iph_ret_ver)(const struct _SFSnortPacket *);
uint8_t (*iph_ret_hlen)(const struct _SFSnortPacket *);
sfip_t * (*orig_iph_ret_src)(struct _SFSnortPacket *);
sfip_t * (*orig_iph_ret_dst)(struct _SFSnortPacket *);
u_int16_t (*orig_iph_ret_tos)(struct _SFSnortPacket *);
u_int8_t (*orig_iph_ret_ttl)(struct _SFSnortPacket *);
u_int16_t (*orig_iph_ret_len)(struct _SFSnortPacket *);
u_int16_t (*orig_iph_ret_id)(struct _SFSnortPacket *);
u_int8_t (*orig_iph_ret_proto)(struct _SFSnortPacket *);
u_int16_t (*orig_iph_ret_off)(struct _SFSnortPacket *);
u_int8_t (*orig_iph_ret_ver)(struct _SFSnortPacket *);
u_int8_t (*orig_iph_ret_hlen)(struct _SFSnortPacket *);
sfaddr_t * (*orig_iph_ret_src)(const struct _SFSnortPacket *);
sfaddr_t * (*orig_iph_ret_dst)(const struct _SFSnortPacket *);
uint16_t (*orig_iph_ret_tos)(const struct _SFSnortPacket *);
uint8_t (*orig_iph_ret_ttl)(const struct _SFSnortPacket *);
uint16_t (*orig_iph_ret_len)(const struct _SFSnortPacket *);
uint32_t (*orig_iph_ret_id)(const struct _SFSnortPacket *);
uint8_t (*orig_iph_ret_proto)(const struct _SFSnortPacket *);
uint16_t (*orig_iph_ret_off)(const struct _SFSnortPacket *);
uint8_t (*orig_iph_ret_ver)(const struct _SFSnortPacket *);
uint8_t (*orig_iph_ret_hlen)(const struct _SFSnortPacket *);
char version;
} IPH_API;
#ifdef SUP_IP6
typedef enum {
PSEUDO_PKT_IP,
PSEUDO_PKT_TCP,
PSEUDO_PKT_DCE_RPKT,
PSEUDO_PKT_SMB_SEG,
PSEUDO_PKT_DCE_SEG,
PSEUDO_PKT_DCE_FRAG,
PSEUDO_PKT_SMB_TRANS,
PSEUDO_PKT_PS,
PSEUDO_PKT_SDF,
PSEUDO_PKT_MAX
} PseudoPacketType;
#include "ipv6_port.h"
@ -443,52 +466,84 @@ typedef struct _IPH_API
extern IPH_API ip4;
extern IPH_API ip6;
#define iph_is_valid(p) (p->family != NO_IP)
#define iph_is_valid(p) ((p)->family != NO_IP)
#define NO_IP 0
#define IP6_HDR_LEN 40
#endif
typedef struct _MplsHdr
{
u_int32_t label;
u_int8_t exp;
u_int8_t bos;
u_int8_t ttl;
uint32_t label;
uint8_t exp;
uint8_t bos;
uint8_t ttl;
} MplsHdr;
typedef struct _H2PriSpec
{
uint32_t stream_id;
uint32_t weight;
uint8_t exclusive;
} H2PriSpec;
typedef struct _H2Hdr
{
uint32_t length;
uint32_t stream_id;
uint8_t type;
uint8_t flags;
uint8_t reserved;
H2PriSpec pri;
} H2Hdr;
#define MAX_PROTO_LAYERS 32
typedef struct {
PROTO_ID proto_id;
uint16_t proto_length;
uint8_t* proto_start;
} ProtoLayer;
// for backwards compatibility with VRT .so rules
#define stream_session_ptr stream_session
// forward declaration for snort list management type
struct sfSDList;
// forward declaration for snort expected session created due to this packet.
struct _ExpectNode;
typedef struct _SFSnortPacket
{
const struct pcap_pkthdr *pcap_header; /* Is this GPF'd? */
const u_int8_t *pkt_data;
const SFDAQ_PktHdr_t *pkt_header; /* Is this GPF'd? */
const uint8_t *pkt_data;
void *ether_arp_header;
const EtherHeader *ether_header;
const void *vlan_tag_header;
const VlanHeader *vlan_tag_header;
void *ether_header_llc;
void *ether_header_other;
const void *ppp_over_ether_header;
const void *gre_header;
u_int32_t *mpls;
uint32_t *mpls;
const CiscoMetaHdr *cmdh; /* Cisco Metadata Header */
const IPV4Header *ip4_header, *orig_ip4_header;
const IPV4Header *inner_ip4_header;
const IPV4Header *outer_ip4_header;
const TCPHeader *tcp_header, *orig_tcp_header;
const UDPHeader *udp_header, *orig_udp_header;
const UDPHeader *inner_udph; /* if Teredo + UDP, this will be the inner UDP header */
const UDPHeader *outer_udph; /* if Teredo + UDP, this will be the outer UDP header */
const ICMPHeader *icmp_header, *orig_icmp_header;
const u_int8_t *payload;
const u_int8_t *ip_payload;
const u_int8_t *outer_ip_payload;
const u_int8_t *ip_frag_start;
const u_int8_t *ip4_options_data;
const u_int8_t *tcp_options_data;
const uint8_t *payload;
const uint8_t *ip_payload;
const uint8_t *outer_ip_payload;
void *stream_session_ptr;
void *stream_session;
void *fragmentation_tracking_ptr;
void *flow_ptr;
void *stream_ptr;
IP4Hdr *ip4h, *orig_ip4h;
IP6Hdr *ip6h, *orig_ip6h;
@ -499,64 +554,50 @@ typedef struct _SFSnortPacket
IPH_API* outer_iph_api;
IPH_API* outer_orig_iph_api;
IP4Hdr inner_ip4h, inner_orig_ip4h;
IP6Hdr inner_ip6h, inner_orig_ip6h;
IP4Hdr outer_ip4h, outer_orig_ip4h;
IP6Hdr outer_ip6h, outer_orig_ip6h;
MplsHdr mplsHdr;
int family;
int orig_family;
int outer_family;
int number_bytes_to_check;
/* int ip_payload_length; */
/* int ip_payload_offset; */
PreprocEnableMask preprocessor_bit_mask;
u_int32_t preprocessor_bit_mask;
u_int32_t preproc_reassembly_pkt_bit_mask;
uint64_t flags;
u_int32_t pcap_cap_len;
u_int32_t http_pipeline_count;
u_int32_t flags;
u_int16_t proto_bits;
u_int16_t data_flags;
uint32_t xtradata_mask;
u_int16_t payload_size;
u_int16_t ip_payload_size;
u_int16_t normalized_payload_size;
u_int16_t actual_ip_length;
u_int16_t outer_ip_payload_size;
uint16_t proto_bits;
u_int16_t ip_fragment_offset;
u_int16_t ip_frag_length;
u_int16_t ip4_options_length;
u_int16_t tcp_options_length;
uint16_t payload_size;
uint16_t ip_payload_size;
uint16_t normalized_payload_size;
uint16_t actual_ip_length;
uint16_t outer_ip_payload_size;
u_int16_t src_port;
u_int16_t dst_port;
u_int16_t orig_src_port;
u_int16_t orig_dst_port;
uint16_t ip_fragment_offset;
uint16_t ip_frag_length;
uint16_t ip4_options_length;
uint16_t tcp_options_length;
uint16_t src_port;
uint16_t dst_port;
uint16_t orig_src_port;
uint16_t orig_dst_port;
int16_t application_protocol_ordinal;
u_int8_t ip_fragmented;
u_int8_t ip_more_fragments;
u_int8_t ip_dont_fragment;
u_int8_t ip_reserved;
uint8_t ip_fragmented;
uint8_t ip_more_fragments;
uint8_t ip_dont_fragment;
uint8_t ip_reserved;
u_int8_t num_uris;
u_int8_t checksums_invalid;
u_int8_t encapsulated;
uint8_t num_ip_options;
uint8_t num_tcp_options;
uint8_t num_ip6_extensions;
uint8_t ip6_frag_extension;
u_int8_t num_ip_options;
u_int8_t num_tcp_options;
u_int8_t num_ip6_extensions;
u_int8_t ip6_frag_extension;
u_char ip_last_option_invalid_flag;
u_char tcp_last_option_invalid_flag;
uint8_t invalid_flags;
uint8_t encapsulated;
uint8_t GTPencapsulated;
uint8_t next_layer_index;
#ifndef NO_NON_ETHER_DECODER
const void *fddi_header;
@ -572,28 +613,65 @@ typedef struct _SFSnortPacket
void *pflog1_header;
void *pflog2_header;
void *pflog3_header;
void *pflog4_header;
#ifdef DLT_LINUX_SLL
const void *sll_header;
#endif
#ifdef DLT_IEEE802_11
const void *wifi_header;
const void *ppp_over_ether_header;
#endif
const void *ether_eapol_header;
const void *eapol_headear;
const u_int8_t *eapol_type;
const uint8_t *eapol_type;
void *eapol_key;
#endif
IPOptions ip_options[MAX_IP_OPTIONS];
TCPOptions tcp_options[MAX_TCP_OPTIONS];
IP6Extension ip6_extensions[MAX_IP6_EXTENSIONS];
IP6Extension *ip6_extensions;
CiscoMetaOpt *cmd_options; /* Cisco Metadata header options */
const uint8_t *ip_frag_start;
const uint8_t *ip4_options_data;
const uint8_t *tcp_options_data;
const IP6RawHdr* raw_ip6_header;
ProtoLayer proto_layers[MAX_PROTO_LAYERS];
IPAddresses inner_ips, inner_orig_ips;
IP4Hdr inner_ip4h, inner_orig_ip4h;
IP6Hdr inner_ip6h, inner_orig_ip6h;
IPAddresses outer_ips, outer_orig_ips;
IP4Hdr outer_ip4h, outer_orig_ip4h;
IP6Hdr outer_ip6h, outer_orig_ip6h;
MplsHdr mplsHdr;
H2Hdr *h2Hdr;
PseudoPacketType pseudo_type;
uint16_t max_payload;
/**policyId provided in configuration file. Used for correlating configuration
* with event output
*/
uint16_t config_policy_id;
uint16_t configPolicyId;
uint32_t iplist_id;
unsigned char iprep_layer;
uint8_t ps_proto; /* Used for portscan and unified2 logging */
uint8_t ips_os_selected;
void *cur_pp;
// Expected session created due to this packet.
struct _ExpectNode* expectedSession;
} SFSnortPacket;
#define IP_INNER_LAYER 1
#define IP_OUTTER_LAYER 0
#define PKT_ZERO_LEN offsetof(SFSnortPacket, ip_options)
#define PROTO_BIT__IP 0x0001
@ -601,14 +679,13 @@ typedef struct _SFSnortPacket
#define PROTO_BIT__TCP 0x0004
#define PROTO_BIT__UDP 0x0008
#define PROTO_BIT__ICMP 0x0010
#define PROTO_BIT__TEREDO 0x0020
#define PROTO_BIT__ALL 0xffff
#define DATA_FLAGS_GZIP 0x0002
#define IsIP(p) (IPH_IS_VALID(p))
#define IsTCP(p) (IsIP(p) && (GET_IPH_PROTO(p) == IPPROTO_TCP))
#define IsUDP(p) (IsIP(p) && (GET_IPH_PROTO(p) == IPPROTO_UDP))
#define IsICMP(p) (IsIP(p) && (GET_IPH_PROTO(p) == IPPROTO_ICMP))
#define IsTCP(p) (IsIP(p) && p->tcp_header)
#define IsUDP(p) (IsIP(p) && p->udp_header)
#define IsICMP(p) (IsIP(p) && p->icmp_header)
#define SET_IP4_VER(ip_header, value) \
((ip_header)->version_headerlength = \
@ -621,46 +698,104 @@ typedef struct _SFSnortPacket
((tcp_header)->offset_reserved = \
(unsigned char)(((tcp_header)->offset_reserved & 0x0f) | (value << 4)))
#define FLAG_REBUILT_FRAG 0x00000001
#define FLAG_REBUILT_STREAM 0x00000002
#define FLAG_STREAM_UNEST_UNI 0x00000004
#define FLAG_STREAM_UNEST_BI 0x00000008
#define FLAG_STREAM_EST 0x00000010
#define FLAG_FROM_SERVER 0x00000040
#define FLAG_FROM_CLIENT 0x00000080
#define FLAG_HTTP_DECODE 0x00000100
#define FLAG_STREAM_INSERT 0x00000400
#define FLAG_ALT_DECODE 0x00000800
#define FLAG_STREAM_TWH 0x00001000
#define FLAG_IGNORE_PORT 0x00002000 /* this packet should be ignored, based on port */
#define FLAG_PASS_RULE 0x00004000 /* this packet has matched a pass rule */
#define FLAG_NO_DETECT 0x00008000 /* this packet should not be preprocessed */
#define FLAG_PREPROC_RPKT 0x00010000 /* set in original packet to indicate a preprocessor
* has a reassembled packet */
#define FLAG_DCE_RPKT 0x00020000 /* this is a DCE/RPC reassembled packet */
#define FLAG_IP_RULE 0x00040000 /* this packet being evaluated against an ip rule */
#define BIT(i) (0x1 << (i-1))
/* beware: some flags are redefined in dynamic-plugins/sf_dynamic_define.h! */
#define FLAG_REBUILT_FRAG 0x00000001 /* is a rebuilt fragment */
#define FLAG_REBUILT_STREAM 0x00000002 /* is a rebuilt stream */
#define FLAG_STREAM_UNEST_UNI 0x00000004 /* is from an unestablished stream and
* we've only seen traffic in one direction */
#define FLAG_STREAM_EST 0x00000008 /* is from an established stream */
#define FLAG_STREAM_INSERT 0x00000010 /* this packet has been queued for stream reassembly */
#define FLAG_STREAM_TWH 0x00000020 /* packet completes the 3-way handshake */
#define FLAG_FROM_SERVER 0x00000040 /* this packet came from the server
side of a connection (TCP) */
#define FLAG_FROM_CLIENT 0x00000080 /* this packet came from the client
side of a connection (TCP) */
#define FLAG_PDU_HEAD 0x00000100 /* start of PDU */
#define FLAG_PDU_TAIL 0x00000200 /* end of PDU */
#define FLAG_UNSURE_ENCAP 0x00000400 /* packet may have incorrect encapsulation layer. */
/* don't alert if "next layer" is invalid. */
#define FLAG_HTTP_DECODE 0x00000800 /* this packet has normalized http */
#define FLAG_IGNORE_PORT 0x00001000 /* this packet should be ignored, based on port */
#define FLAG_NO_DETECT 0x00002000 /* this packet should not be preprocessed */
#define FLAG_ALLOW_MULTIPLE_DETECT 0x00004000 /* packet has either pipelined mime attachements */
/* or pipeline http requests */
#define FLAG_PAYLOAD_OBFUSCATE 0x00008000
#define FLAG_STATELESS 0x00010000 /* Packet has matched a stateless rule */
#define FLAG_PASS_RULE 0x00020000 /* this packet has matched a pass rule */
#define FLAG_IP_RULE 0x00040000 /* this packet is being evaluated against an IP rule */
#define FLAG_IP_RULE_2ND 0x00080000 /* this packet is being evaluated against an IP rule */
#define FLAG_SMB_SEG 0x00100000 /* this is an SMB desegmented packet */
#define FLAG_DCE_SEG 0x00200000 /* this is a DCE/RPC desegmented packet */
#define FLAG_DCE_FRAG 0x00400000 /* this is a DCE/RPC defragmented packet */
#define FLAG_SMB_TRANS 0x00800000 /* this is an SMB Transact reassembled packet */
#define FLAG_DCE_PKT 0x01000000 /* this is a DCE packet processed by DCE/RPC preprocessor */
#define FLAG_RPC_PKT 0x02000000 /* this is an ONC RPC packet processed by rpc decode preprocessor */
#define FLAG_LOGGED 0x00100000 /* this packet has been logged */
#define FLAG_PSEUDO 0x00200000 /* is a pseudo packet */
#define FLAG_MODIFIED 0x00400000 /* packet had normalizations, etc. */
#ifdef NORMALIZER
#define FLAG_RESIZED 0x00800000 /* packet has new size; must set modified too */
#endif
#define FLAG_HTTP_RESP_BODY 0x04000000 /* this packet contains non-zipped HTTP response Body */
/* neither of these flags will be set for (full) retransmissions or non-data segments */
/* a partial overlap results in out of sequence condition */
/* out of sequence condition is sticky */
#define FLAG_STREAM_ORDER_OK 0x01000000 /* this segment is in order, w/o gaps */
#define FLAG_STREAM_ORDER_BAD 0x02000000 /* this stream had at least one gap */
#define FLAG_REASSEMBLED_OLD 0x04000000 /* for backwards compat with so rules */
#define FLAG_STATELESS 0x10000000 /* Packet has matched a stateless rule */
#define FLAG_INLINE_DROP 0x20000000
#define FLAG_OBFUSCATED 0x40000000 /* this packet has been obfuscated */
#define FLAG_LOGGED 0x80000000 /* this packet has been logged */
#define FLAG_IPREP_SOURCE_TRIGGERED 0x08000000
#define FLAG_IPREP_DATA_SET 0x10000000
#define FLAG_FILE_EVENT_SET 0x20000000
#define FLAG_EARLY_REASSEMBLY 0x40000000 /* this packet. part of the expected stream, should have stream reassembly set */
#define FLAG_RETRANSMIT 0x80000000 /* this packet is identified as re-transmitted one */
#define FLAG_PURGE 0x0100000000 /* Stream will not flush the data */
#define FLAG_PDU_FULL (FLAG_PDU_HEAD | FLAG_PDU_TAIL)
#define REASSEMBLED_PACKET_FLAGS (FLAG_REBUILT_STREAM|FLAG_REASSEMBLED_OLD)
#define SFTARGET_UNKNOWN_PROTOCOL -1
/* Only include application layer reassembled data
* flags here - no PKT_REBUILT_FRAG */
#define REASSEMBLED_PACKET_FLAGS \
(FLAG_REBUILT_STREAM|FLAG_SMB_SEG|FLAG_DCE_SEG|FLAG_DCE_FRAG|FLAG_SMB_TRANS)
static inline int PacketWasCooked(const SFSnortPacket* p)
{
return ( p->flags & FLAG_PSEUDO ) != 0;
}
static inline int IsPortscanPacket(const SFSnortPacket *p)
{
return ((p->flags & FLAG_PSEUDO) && (p->pseudo_type == PSEUDO_PKT_PS));
}
static inline uint8_t GetEventProto(const SFSnortPacket *p)
{
if (IsPortscanPacket(p))
return p->ps_proto;
return IPH_IS_VALID(p) ? GET_IPH_PROTO(p) : 0;
}
static inline int PacketHasFullPDU (const SFSnortPacket* p)
{
return ( (p->flags & FLAG_PDU_FULL) == FLAG_PDU_FULL );
}
static inline int PacketHasStartOfPDU (const SFSnortPacket* p)
{
return ( (p->flags & FLAG_PDU_HEAD) != 0 );
}
static inline int PacketHasPAFPayload (const SFSnortPacket* p)
{
return ( (p->flags & FLAG_REBUILT_STREAM) || (p->flags & FLAG_PDU_TAIL) );
}
static inline void SetExtraData (SFSnortPacket* p, uint32_t xid)
{
p->xtradata_mask |= BIT(xid);
}
#endif /* _SF_SNORT_PACKET_H_ */

309
include/sf_snort_plugin_api.h Normal file → Executable file
View file

@ -14,9 +14,10 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
* Author: Steve Sturges
* Andy Mullican
@ -29,10 +30,6 @@
#ifndef SF_SNORT_PLUGIN_API_H_
#define SF_SNORT_PLUGIN_API_H_
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "pcre.h"
#include "stdio.h"
@ -57,16 +54,18 @@
#ifdef WIN32
# ifdef SF_SNORT_ENGINE_DLL
# define ENGINE_LINKAGE SO_PUBLIC
# define ENGINE_LINKAGE SF_SO_PUBLIC
# else
# define ENGINE_LINKAGE
# endif
#else /* WIN32 */
# define ENGINE_LINKAGE SO_PUBLIC
# define ENGINE_LINKAGE SF_SO_PUBLIC
#endif
#define RULE_MATCH 1
#define RULE_NOMATCH 0
#define RULE_MATCH 1
#define RULE_NOALERT 2
#define RULE_FAILED_BIT 3
#define RULE_DIRECTIONAL 0
#define RULE_BIDIRECTIONAL 1
@ -76,49 +75,68 @@
#define CONTENT_TYPE_MISMATCH -1
#define CONTENT_TYPE_MISSING -2
#define CONTENT_CURSOR_ERROR -3
#define CONTENT_HASH_ERROR -4
#define CURSOR_IN_BOUNDS 1
#define CURSOR_OUT_OF_BOUNDS 0
/* Defined in sf_dynamic_define.h */
/* #define SNORT_PCRE_OVERRIDE_MATCH_LIMIT 0x80000000 */
//==========================================
// these are all part of the same mask:
//------------------------------------------
// low nibble must be same as HTTP_BUFFER_*
// see detection_util.h for enum
// TBD include BUF_* as well in a single enum?
#define CONTENT_BUF_NONE 0x00000000
#define CONTENT_BUF_URI 0x00000001
#define CONTENT_BUF_HEADER 0x00000002
#define CONTENT_BUF_POST 0x00000003
#define CONTENT_NOCASE 0x01
#define CONTENT_RELATIVE 0x02
#define CONTENT_UNICODE2BYTE 0x04
#define CONTENT_UNICODE4BYTE 0x08
#define CONTENT_FAST_PATTERN 0x10
#define CONTENT_END_BUFFER 0x20
#define CONTENT_BUF_METHOD 0x00000004
#define CONTENT_BUF_COOKIE 0x00000005
#define CONTENT_BUF_STAT_CODE 0x00000006
#define CONTENT_BUF_STAT_MSG 0x00000007
#define CONTENT_BUF_NORMALIZED 0x100
#define CONTENT_BUF_RAW 0x200
#define CONTENT_BUF_URI 0x400
#define CONTENT_BUF_POST 0x800
#define CONTENT_BUF_HEADER 0x2000
#define CONTENT_BUF_METHOD 0x4000
#define CONTENT_BUF_COOKIE 0x8000
#define CONTENT_BUF_RAW_URI 0x10000
#define CONTENT_BUF_RAW_HEADER 0x20000
#define CONTENT_BUF_RAW_COOKIE 0x40000
#define CONTENT_BUF_STAT_CODE 0x80000
#define CONTENT_BUF_STAT_MSG 0x100000
#define CONTENT_BUF_RAW_URI 0x00000008
#define CONTENT_BUF_RAW_HEADER 0x00000009
#define CONTENT_BUF_RAW_COOKIE 0x0000000A
#define CONTENT_BUF_HTTP 0x0000000F
//------------------------------------------
/* This option implies the fast pattern flag */
#define CONTENT_FAST_PATTERN_ONLY 0x200000
#define BUF_FILE_DATA 0x00000010
#define BUF_FILE_DATA_MIME 0x00000020
#define BUF_BASE64_DECODE 0x00000040
#define BYTE_LITTLE_ENDIAN 0x0000
#define BYTE_BIG_ENDIAN 0x1000
#define CONTENT_BUF_NORMALIZED 0x00000100
#define CONTENT_BUF_RAW 0x00000200
#define CONTENT_END_BUFFER 0x00000400
#define EXTRACT_AS_BYTE 0x010000
#define EXTRACT_AS_STRING 0x020000
#define EXTRACT_AS_DEC 0x100000
#define EXTRACT_AS_OCT 0x200000
#define EXTRACT_AS_HEX 0x400000
#define EXTRACT_AS_BIN 0x800000
#define CONTENT_NOCASE 0x00001000
#define CONTENT_RELATIVE 0x00002000
#define NOT_FLAG 0x00004000
#define JUMP_FROM_BEGINNING 0x01000000
#define JUMP_ALIGN 0x02000000
#define CONTENT_FAST_PATTERN 0x00010000
#define CONTENT_FAST_PATTERN_ONLY 0x00020000 // implies fast pattern
#define JUMP_FROM_BEGINNING 0x00040000
#define JUMP_ALIGN 0x00080000
#define NOT_FLAG 0x10000000
#define CONTENT_UNICODE2BYTE 0x00100000
#define CONTENT_UNICODE4BYTE 0x00200000
#define BYTE_LITTLE_ENDIAN 0x00400000
#define BYTE_BIG_ENDIAN 0x00800000
#define EXTRACT_AS_DEC 0x01000000
#define EXTRACT_AS_OCT 0x02000000
#define EXTRACT_AS_HEX 0x04000000
#define EXTRACT_AS_BIN 0x08000000
#define EXTRACT_AS_BYTE 0x10000000
#define EXTRACT_AS_STRING 0x20000000
#define JUMP_FROM_END 0x40000000
#define PROTECTED_CONTENT_HASH_MD5 (1)
#define PROTECTED_CONTENT_HASH_SHA256 (2)
#define PROTECTED_CONTENT_HASH_SHA512 (3)
//==========================================
#define CHECK_EQ 0
#define CHECK_NEQ 1
@ -130,35 +148,66 @@
#define CHECK_XOR 7
#define CHECK_ALL 8
#define CHECK_ATLEASTONE 9
#define CHECK_NONE 10
#define CHECK_ADD 10
#define CHECK_SUB 11
#define CHECK_MUL 12
#define CHECK_DIV 13
#define CHECK_LS 14
#define CHECK_RS 15
#define CHECK_NONE 16
#define HTTP_CONTENT(cf) (cf & CONTENT_BUF_HTTP)
#define NORMAL_CONTENT_BUFS ( CONTENT_BUF_NORMALIZED | CONTENT_BUF_RAW )
#define URI_CONTENT_BUFS ( CONTENT_BUF_URI | CONTENT_BUF_POST \
| CONTENT_BUF_COOKIE | CONTENT_BUF_HEADER | CONTENT_BUF_METHOD \
| CONTENT_BUF_RAW_URI | CONTENT_BUF_RAW_HEADER | CONTENT_BUF_RAW_COOKIE \
| CONTENT_BUF_STAT_CODE | CONTENT_BUF_STAT_MSG )
#define URI_FAST_PATTERN_BUFS ( CONTENT_BUF_URI | CONTENT_BUF_METHOD \
| CONTENT_BUF_HEADER | CONTENT_BUF_POST )
static inline int IsHttpFastPattern (uint32_t cf)
{
cf = HTTP_CONTENT(cf);
return ( cf == CONTENT_BUF_URI || cf == CONTENT_BUF_HEADER ||
cf == CONTENT_BUF_POST );
}
typedef struct _ContentInfo
{
const u_int8_t *pattern;
u_int32_t depth;
const uint8_t *pattern;
uint32_t depth;
int32_t offset;
u_int32_t flags; /* must include a CONTENT_BUF_X */
uint32_t flags; /* must include a CONTENT_BUF_X */
void *boyer_ptr;
u_int8_t *patternByteForm;
u_int32_t patternByteFormLength;
u_int32_t incrementLength;
u_int16_t fp_offset;
u_int16_t fp_length;
u_int8_t fp_only;
uint8_t *patternByteForm;
uint32_t patternByteFormLength;
uint32_t incrementLength;
uint16_t fp_offset;
uint16_t fp_length;
uint8_t fp_only;
char *offset_refId; /* To match up with a DynamicElement refId */
char *depth_refId; /* To match up with a DynamicElement refId */
int32_t *offset_location;
uint32_t *depth_location;
} ContentInfo;
typedef struct _ProtectedContentInfo
{
const uint8_t *pattern;
uint32_t depth;
int32_t offset;
uint32_t flags; /* must include a CONTENT_BUF_X */
uint8_t hash_type;
uint32_t protected_length;
uint8_t *patternByteForm;
uint32_t patternByteFormLength;
char *offset_refId; /* To match up with a DynamicElement refId */
char *depth_refId; /* To match up with a DynamicElement refId */
int32_t *offset_location;
uint32_t *depth_location;
} ProtectedContentInfo;
typedef struct _CursorInfo
{
int32_t offset;
u_int32_t flags; /* specify one of CONTENT_BUF_X */
uint32_t flags; /* specify one of CONTENT_BUF_X */
char *offset_refId; /* To match up with a DynamicElement refId */
int32_t *offset_location;
} CursorInfo;
/*
@ -178,8 +227,8 @@ typedef struct _PCREInfo
char *expr;
void *compiled_expr;
void *compiled_extra;
u_int32_t compile_flags;
u_int32_t flags; /* must include a CONTENT_BUF_X */
uint32_t compile_flags;
uint32_t flags; /* must include a CONTENT_BUF_X */
int32_t offset;
} PCREInfo;
@ -190,39 +239,54 @@ typedef struct _PCREInfo
#define FLOWBIT_ISNOTSET 0x10
#define FLOWBIT_RESET 0x20
#define FLOWBIT_NOALERT 0x40
#define FLOWBIT_SETX 0x80
typedef struct _FlowBitsInfo
{
char *flowBitsName;
u_int8_t operation;
u_int32_t id;
u_int32_t flags;
uint8_t operation;
uint16_t id;
uint32_t flags;
char *groupName;
uint8_t eval;
uint16_t *ids;
uint8_t num_ids;
} FlowBitsInfo;
typedef struct _ByteData
{
u_int32_t bytes; /* Number of bytes to extract */
u_int32_t op; /* Type of byte comparison, for checkValue */
u_int32_t value; /* Value to compare value against, for checkValue, or extracted value */
uint32_t bytes; /* Number of bytes to extract */
uint32_t op; /* Type of byte comparison, for checkValue */
uint32_t value; /* Value to compare value against, for checkValue, or extracted value */
int32_t offset; /* Offset from cursor */
u_int32_t multiplier; /* Used for byte jump -- 32bits is MORE than enough */
u_int32_t flags; /* must include a CONTENT_BUF_X */
uint32_t multiplier; /* Used for byte jump -- 32bits is MORE than enough */
uint32_t flags; /* must include a CONTENT_BUF_X */
int32_t post_offset;/* Use for byte jump -- adjust cusor by this much after the jump */
char *offset_refId; /* To match up with a DynamicElement refId */
char *value_refId; /* To match up with a DynamicElement refId */
int32_t *offset_location;
uint32_t *value_location;
uint32_t bitmask_val;
char *postoffset_refId; /* To match up with a DynamicElement refId */
char *refId; /* To match up with a DynamicElement refId */
} ByteData;
typedef struct _ByteExtract
{
u_int32_t bytes; /* Number of bytes to extract */
uint32_t bytes; /* Number of bytes to extract */
int32_t offset; /* Offset from cursor */
u_int32_t multiplier; /* Multiply value by this (similar to byte jump) */
u_int32_t flags; /* must include a CONTENT_BUF_X */
uint32_t multiplier; /* Multiply value by this (similar to byte jump) */
uint32_t flags; /* must include a CONTENT_BUF_X */
char *refId; /* To match up with a DynamicElement refId */
void *memoryLocation; /* Location to store the data extracted */
uint8_t align; /* Align to 2 or 4 bit boundary after extraction */
uint32_t bitmask_val;
} ByteExtract;
typedef struct _FlowFlags
{
u_int32_t flags; /* FLOW_* values */
uint32_t flags; /* FLOW_* values */
} FlowFlags;
@ -238,7 +302,7 @@ typedef struct _Asn1Context
unsigned int max_length;
int offset;
int offset_type;
u_int32_t flags;
uint32_t flags;
} Asn1Context;
#define IP_HDR_ID 0x0001 /* IP Header ID */
@ -265,11 +329,11 @@ typedef struct _Asn1Context
typedef struct _HdrOptCheck
{
u_int16_t hdrField; /* Field to check */
u_int32_t op; /* Type of comparison */
u_int32_t value; /* Value to compare value against */
u_int32_t mask_value; /* bits of value to ignore */
u_int32_t flags;
uint16_t hdrField; /* Field to check */
uint32_t op; /* Type of comparison */
uint32_t value; /* Value to compare value against */
uint32_t mask_value; /* bits of value to ignore */
uint32_t flags;
} HdrOptCheck;
#define DYNAMIC_TYPE_INT_STATIC 1
@ -292,24 +356,32 @@ typedef struct _LoopInfo
DynamicElement *start; /* Starting value of FOR loop (i=start) */
DynamicElement *end; /* Ending value of FOR loop (i OP end) */
DynamicElement *increment; /* Increment value of FOR loop (i+= increment) */
u_int32_t op; /* Type of comparison for loop termination */
uint32_t op; /* Type of comparison for loop termination */
CursorInfo *cursorAdjust; /* How to move cursor each iteration of loop */
struct _Rule *subRule; /* Pointer to SubRule & options to evaluate within
* the loop */
u_int8_t initialized; /* Loop initialized properly (safeguard) */
u_int32_t flags; /* can be used to negate loop results, specifies
uint8_t initialized; /* Loop initialized properly (safeguard) */
uint32_t flags; /* can be used to negate loop results, specifies
* relative. */
} LoopInfo;
typedef struct _base64DecodeData
{
uint32_t bytes;
uint32_t offset;
uint8_t relative;
}base64DecodeData;
typedef struct _PreprocessorOption
{
const char *optionName;
const char *optionParameters;
u_int32_t flags;
uint32_t flags;
PreprocOptionInit optionInit;
PreprocOptionEval optionEval;
void *dataPtr;
PreprocOptionFastPatternFunc optionFpFunc;
PreprocOptionCleanup optionCleanup;
} PreprocessorOption;
typedef struct _RuleOption
@ -319,6 +391,7 @@ typedef struct _RuleOption
{
void *ptr;
ContentInfo *content;
ProtectedContentInfo *protectedContent;
CursorInfo *cursor;
PCREInfo *pcre;
FlowBitsInfo *flowBit;
@ -328,13 +401,14 @@ typedef struct _RuleOption
Asn1Context *asn1;
HdrOptCheck *hdrData;
LoopInfo *loop;
base64DecodeData *bData;
PreprocessorOption *preprocOpt;
} option_u;
} RuleOption;
typedef struct _IPInfo
{
u_int8_t protocol;
uint8_t protocol;
char * src_addr;
char * src_port; /* 0 for non TCP/UDP */
char direction; /* non-zero is bi-directional */
@ -357,11 +431,11 @@ typedef struct _RuleMetaData {
typedef struct _RuleInformation
{
u_int32_t genID;
u_int32_t sigID;
u_int32_t revision;
uint32_t genID;
uint32_t sigID;
uint32_t revision;
char *classification; /* String format of classification name */
u_int32_t priority;
uint32_t priority;
char *message;
RuleReference **references; /* NULL terminated array of references */
RuleMetaData **meta; /* NULL terminated array of references */
@ -379,45 +453,64 @@ typedef struct _Rule
ruleEvalFunc evalFunc;
char initialized; /* Rule Initialized, used internally */
u_int32_t numOptions; /* Rule option count, used internally */
uint32_t numOptions; /* Rule option count, used internally */
char noAlert; /* Flag with no alert, used internally */
void *ruleData; /* Hash table for dynamic data pointers */
} Rule;
ENGINE_LINKAGE int RegisterRules(Rule **rules);
struct _SnortConfig;
ENGINE_LINKAGE int RegisterRules(struct _SnortConfig *sc, Rule **rules);
ENGINE_LINKAGE int DumpRules(char *rulesFileName, Rule **rules);
ENGINE_LINKAGE int contentMatch(void *p, ContentInfo* content, const u_int8_t **cursor);
ENGINE_LINKAGE int contentMatch(void *p, ContentInfo* content, const uint8_t **cursor);
ENGINE_LINKAGE int protectedContentMatch(void *p, ProtectedContentInfo* content, const uint8_t **cursor);
ENGINE_LINKAGE int checkFlow(void *p, FlowFlags *flowFlags);
ENGINE_LINKAGE int extractValue(void *p, ByteExtract *byteExtract, const u_int8_t *cursor);
ENGINE_LINKAGE int extractValue(void *p, ByteExtract *byteExtract, const uint8_t *cursor);
ENGINE_LINKAGE int processFlowbits(void *p, FlowBitsInfo *flowBits);
ENGINE_LINKAGE int getBuffer(void *p, int flags, const u_int8_t **start, const u_int8_t **end);
ENGINE_LINKAGE int setCursor(void *p, CursorInfo *cursorInfo, const u_int8_t **cursor);
ENGINE_LINKAGE int checkCursor(void *p, CursorInfo *cursorInfo, const u_int8_t *cursor);
ENGINE_LINKAGE int checkValue(void *p, ByteData *byteData, u_int32_t value, const u_int8_t *cursor);
ENGINE_LINKAGE int getBuffer(void *p, int flags, const uint8_t **start, const uint8_t **end);
ENGINE_LINKAGE int setCursor(void *p, CursorInfo *cursorInfo, const uint8_t **cursor);
ENGINE_LINKAGE int fileData(void *p, CursorInfo* cursorInfo, const uint8_t **cursor);
ENGINE_LINKAGE int pktData(void *p, CursorInfo* cursorInfo, const uint8_t **cursor);
ENGINE_LINKAGE int base64Data(void *p, CursorInfo* cursorInfo, const uint8_t **cursor);
ENGINE_LINKAGE int base64Decode(void *p, base64DecodeData *data, const uint8_t *cursor);
ENGINE_LINKAGE int checkCursor(void *p, CursorInfo *cursorInfo, const uint8_t *cursor);
ENGINE_LINKAGE int checkValue(void *p, ByteData *byteData, uint32_t value, const uint8_t *cursor);
/* Same as extractValue plus checkValue */
ENGINE_LINKAGE int byteTest(void *p, ByteData *byteData, const u_int8_t *cursor);
ENGINE_LINKAGE int byteTest(void *p, ByteData *byteData, const uint8_t *cursor);
ENGINE_LINKAGE int byteMath(void *p, ByteData *byteData, const uint8_t *cursor);
/* Same as extractValue plus setCursor */
ENGINE_LINKAGE int byteJump(void *p, ByteData *byteData, const u_int8_t **cursor);
ENGINE_LINKAGE int pcreMatch(void *p, PCREInfo* pcre, const u_int8_t **cursor);
ENGINE_LINKAGE int detectAsn1(void *p, Asn1Context* asn1, const u_int8_t *cursor);
ENGINE_LINKAGE int byteJump(void *p, ByteData *byteData, const uint8_t **cursor);
ENGINE_LINKAGE int pcreMatch(void *p, PCREInfo* pcre, const uint8_t **cursor);
ENGINE_LINKAGE int detectAsn1(void *p, Asn1Context* asn1, const uint8_t *cursor);
ENGINE_LINKAGE int checkHdrOpt(void *p, HdrOptCheck *optData);
ENGINE_LINKAGE int loopEval(void *p, LoopInfo *loop, const u_int8_t **cursor);
ENGINE_LINKAGE int preprocOptionEval(void *p, PreprocessorOption *preprocOpt, const u_int8_t **cursor);
ENGINE_LINKAGE void setTempCursor(const u_int8_t **temp_cursor, const u_int8_t **cursor);
ENGINE_LINKAGE void revertTempCursor(const u_int8_t **temp_cursor, const u_int8_t **cursor);
ENGINE_LINKAGE int loopEval(void *p, LoopInfo *loop, const uint8_t **cursor);
ENGINE_LINKAGE int preprocOptionEval(void *p, PreprocessorOption *preprocOpt, const uint8_t **cursor);
ENGINE_LINKAGE void setTempCursor(const uint8_t **temp_cursor, const uint8_t **cursor);
ENGINE_LINKAGE void revertTempCursor(const uint8_t **temp_cursor, const uint8_t **cursor);
ENGINE_LINKAGE int ruleMatch(void *p, Rule *rule);
ENGINE_LINKAGE int MatchDecryptedRC4(
const u_int8_t *key, u_int16_t keylen, const u_int8_t *encrypted_data,
u_int8_t *plain_data, u_int16_t datalen
const uint8_t *key, uint16_t keylen, const uint8_t *encrypted_data,
uint8_t *plain_data, uint16_t datalen
);
ENGINE_LINKAGE void storeRuleData(void *p, void *rule_data);
ENGINE_LINKAGE void *getRuleData(void *p);
ENGINE_LINKAGE int storeRuleData(void *, void *, uint32_t, SessionDataFree);
ENGINE_LINKAGE void *getRuleData(void *, uint32_t);
ENGINE_LINKAGE void *allocRuleData(size_t);
ENGINE_LINKAGE void freeRuleData(void *);
ENGINE_LINKAGE int isDetectFlag(SFDetectFlagType df);
ENGINE_LINKAGE void detectFlagDisable(SFDetectFlagType df);
ENGINE_LINKAGE int getAltDetect(uint8_t **bufPtr, uint16_t *altLenPtr);
ENGINE_LINKAGE void setAltDetect(uint8_t *buf, uint16_t altLen);
ENGINE_LINKAGE int pcreExecWrapper(const PCREInfo *pcre_info, const char *buf, int len, int start_offset,
int options, int *ovector, int ovecsize);
static inline int invertMatchResult(int retVal)
{
return (retVal <= RULE_NOMATCH) ? RULE_MATCH : RULE_NOMATCH;
}
#endif /* SF_SNORT_PLUGIN_API_H_ */

44
include/sf_types.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/*
** Copyright (C) 2007-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2007-2013 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
@ -14,7 +15,7 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifndef __SF_TYPES_H__
@ -83,7 +84,6 @@ typedef uint64_t u_int64_t;
typedef u_int64_t uint64_t;
# endif /* !defined(HAVE_UINT64_T) && !defined(HAVE_U_INT64_T) */
# endif /* !defined(HAVE_UINT64_T) || !defined(HAVE_U_INT64_T) */
# ifndef HAVE_INT8_T
typedef char int8_t;
# endif
@ -104,7 +104,6 @@ typedef long long int int64_t;
typedef long int int64_t;
# endif
# endif
# ifndef WIN32
# ifdef HAVE_INTTYPES_H
/* <inttypes.h> includes <stdint.h> */
@ -137,6 +136,7 @@ typedef unsigned int uintptr_t;
# endif /* SIZEOF_UNSIGNED_LONG_INT == 8 */
# define PRIu64 _SF_PREFIX "u"
# define PRIi64 _SF_PREFIX "i"
# define PRIx64 _SF_PREFIX "x"
#endif /* PRIu64 */
/* use these macros (and those in <inttypes.h>)
@ -150,6 +150,10 @@ typedef unsigned int uintptr_t;
#define CSVi64 STDi64 ","
#define FMTi64(fmt) "%" fmt PRIi64
#define STDx64 "%" PRIx64
#define CSVx64 STDx64 ","
#define FMTx64(fmt) "%" fmt PRIx64
#ifndef UINT8_MAX
# define UINT8_MAX 0xff
#endif
@ -177,8 +181,36 @@ typedef unsigned int uintptr_t;
# define PATH_MAX 4096
#endif
#define MAXPORTS 65536
#define MAXPORTS_STORAGE 8192
/* utilities */
#ifndef boolean
#ifndef HAVE_BOOLEAN
typedef unsigned char boolean;
#endif
#endif
#ifndef TRUE
# define TRUE 1
#endif
#ifndef FALSE
# define FALSE 0
#endif
#ifdef HAVE_STDBOOL_H
# include <stdbool.h>
#else
# ifndef HAVE__BOOL
# ifdef __cplusplus
typedef bool _Bool;
# else
# define _Bool signed char
# endif
# endif
# define bool _Bool
# define false 0
# define true 1
# define __bool_true_false_are_defined 1
#endif
#endif /* __SF_TYPES_H__ */

7
include/sf_vartable.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/*
** Copyright (C) 1998-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 1998-2013 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
@ -14,7 +15,7 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*
@ -37,7 +38,7 @@ vartable_t * sfvt_alloc_table(void);
void sfvt_free_table(vartable_t *table);
/* Adds the variable described by "str" to the table "table" */
SFIP_RET sfvt_add_str(vartable_t *table, char *str);
SFIP_RET sfvt_add_str(vartable_t *table, char *str, sfip_var_t **);
SFIP_RET sfvt_define(vartable_t *table, char *name, char *value);
/* Adds the variable described by "str" to the variable "dst",

68
include/sfcontrol.h Executable file
View file

@ -0,0 +1,68 @@
/*
**
** sfcontrol.c
**
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2002-2013 Sourcefire, Inc.
** Author(s): Ron Dempster <rdempster@sourcefire.com>
**
** NOTES
** 5.16.11 - Initial Source Code. Dempster
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**
*/
#ifndef __SF_CONTROL_H__
#define __SF_CONTROL_H__
#define CONTROL_FILE "SNORT.sock"
#define CS_TYPE_HUP_DAQ 0x0001
#define CS_TYPE_RELOAD 0x0002
#define CS_TYPE_IS_PROCESSING 0x0003
#define CS_TYPE_DUMP_PACKETS 0x0004
#define CS_TYPE_MAX 0x1FFF
#define CS_HEADER_VERSION 0x0001
#define CS_HEADER_SUCCESS 0x0000
#define CS_HEADER_ERROR 0x0001
#define CS_HEADER_DATA 0x0009
#pragma pack(1)
typedef struct _CS_MESSAGE_DATA_HEADER
{
/* All values must be in network byte order */
int32_t code;
uint16_t length; /* Data length. Does not include this header */
} CSMessageDataHeader;
#pragma pack()
typedef struct _CS_MESSAGE_HEADER
{
/* All values must be in network byte order */
uint16_t version;
uint16_t type;
uint32_t length; /* Does not include the header */
} CSMessageHeader;
struct _THREAD_ELEMENT;
typedef int (*ControlDataSendFunc)(struct _THREAD_ELEMENT *te, const uint8_t *data, uint16_t length);
typedef int (*OOBPreControlFunc)(uint16_t type, const uint8_t *data, uint32_t length, void **new_context, char *statusBuf, int statusBuf_len);
typedef int (*IBControlFunc)(uint16_t type, void *new_context, void **old_context);
typedef void (*OOBPostControlFunc)(uint16_t type, void *old_context, struct _THREAD_ELEMENT *te, ControlDataSendFunc f);
#endif

17
include/sfghash.h Normal file → Executable file
View file

@ -1,6 +1,7 @@
/****************************************************************************
*
* Copyright (C) 2003-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2003-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -15,7 +16,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -59,8 +60,8 @@ typedef struct _sfghash_node
{
struct _sfghash_node * next, * prev;
void * key; /* Copy of, or Pointer to, the Users key */
void * data; /* Pointer to the users data, this is never copied! */
const void * key; /* Copy of, or Pointer to, the Users key */
void *data; /* The users data, this is never copied! */
} SFGHASH_NODE;
@ -93,14 +94,14 @@ typedef struct _sfghash
*/
SFGHASH * sfghash_new( int nrows, int keysize, int userkeys, void (*userfree)(void*p) );
void sfghash_delete( SFGHASH * h );
int sfghash_add ( SFGHASH * h, void * key, void * data );
int sfghash_remove( SFGHASH * h, void * key);
int sfghash_add( SFGHASH * t, const void * const key, void * const data );
int sfghash_remove( SFGHASH * h, const void * const key);
int sfghash_count( SFGHASH * h);
void * sfghash_find( SFGHASH * h, void * key );
void * sfghash_find( SFGHASH * h, const void * const key );
SFGHASH_NODE * sfghash_find_node( SFGHASH * t, const void * const key);
int sfghash_find2(SFGHASH *, void *, void **);
SFGHASH_NODE * sfghash_findfirst( SFGHASH * h );
SFGHASH_NODE * sfghash_findnext ( SFGHASH * h );
void sfghash_splaymode( SFGHASH * t, int n );
int sfghash_set_keyops( SFGHASH *h ,
unsigned (*hash_fcn)( SFHASHFCN * p,

5
include/sfhashfcn.h Normal file → Executable file
View file

@ -1,6 +1,7 @@
/****************************************************************************
*
* Copyright (C) 2003-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2003-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -15,7 +16,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/

400
include/sfrt.c Normal file → Executable file
View file

@ -1,6 +1,7 @@
/****************************************************************************
*
* Copyright (C) 2006-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2006-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -15,7 +16,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -84,6 +85,7 @@
#include "config.h"
#endif
#include "sf_types.h"
#include "sfrt.h"
char *rt_error_messages[] =
@ -102,6 +104,8 @@ char *rt_error_messages[] =
#endif
};
static inline int allocateTableIndex(table_t *table);
/* Create new lookup table
* @param table_type Type of table. Uses the types enumeration in route.h
* @param ip_type IPv4 or IPv6. Uses the types enumeration in route.h
@ -117,14 +121,6 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
return NULL;
}
#ifndef SUP_IP6
/* IPv6 is not supported */
if(ip_type == IPv6)
{
free(table);
return NULL;
}
#endif
/* If this limit is exceeded, there will be no way to distinguish
* between pointers and indeces into the data table. Only
@ -152,6 +148,7 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
/* Maximum allowable number of stored entries */
table->max_size = data_size;
table->lastAllocatedIndex = 0;
table->data = (GENERIC*)calloc(sizeof(GENERIC) * table->max_size, 1);
@ -168,9 +165,7 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
/* This will point to the actual table lookup algorithm */
table->rt = NULL;
#ifdef SUP_IP6
table->rt6 = NULL;
#endif
/* index 0 will be used for failed lookups, so set this to 1 */
table->num_ent = 1;
@ -185,6 +180,9 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
table->lookup = sfrt_lct_lookup;
table->free = sfrt_lct_free;
table->usage = sfrt_lct_usage;
table->print = NULL;
table->remove = NULL;
table->rt = sfrt_lct_new(data_size);
free(table->data);
free(table);
@ -200,16 +198,16 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
case DIR_8x4:
case DIR_4x8:
case DIR_2x16:
#ifdef SUP_IP6
case DIR_16_4x4_16x5_4x4:
case DIR_16x7_4x4:
case DIR_16x8:
case DIR_8x16:
#endif
table->insert = sfrt_dir_insert;
table->lookup = sfrt_dir_lookup;
table->free = sfrt_dir_free;
table->usage = sfrt_dir_usage;
table->print = sfrt_dir_print;
table->remove = sfrt_dir_remove;
break;
@ -248,7 +246,6 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
table->rt = sfrt_dir_new(mem_cap, 16,
2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2);
break;
#ifdef SUP_IP6
case DIR_16_4x4_16x5_4x4:
table->rt = sfrt_dir_new(mem_cap, 5, 16,4,4,4,4);
table->rt6 = sfrt_dir_new(mem_cap, 14, 16,4,4,4,4,16,16,16,16,16,4,4,4,4);
@ -262,29 +259,23 @@ table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_ca
table->rt6 = sfrt_dir_new(mem_cap, 8, 16,16,16,16,16,16,16,16);
break;
case DIR_8x16:
table->rt = sfrt_dir_new(mem_cap, 4, 8,8,8,8);
table->rt = sfrt_dir_new(mem_cap, 4, 16,8,4,4);
table->rt6 = sfrt_dir_new(mem_cap, 16,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8);
break;
#endif
};
if(!table->rt)
if((!table->rt) || (!table->rt6))
{
if (table->rt)
table->free( table->rt );
if (table->rt6)
table->free( table->rt6 );
free(table->data);
free(table);
return NULL;
}
#ifdef SUP_IP6
if (!table->rt6)
{
table->free( table->rt );
free(table->data);
free(table);
}
#endif
return table;
}
@ -315,7 +306,6 @@ void sfrt_free(table_t *table)
table->free( table->rt );
}
#ifdef SUP_IP6
if(!table->rt6)
{
/* This should not have happened either */
@ -324,23 +314,19 @@ void sfrt_free(table_t *table)
{
table->free( table->rt6 );
}
#endif
free(table);
}
/* Perform a lookup on value contained in "ip" */
GENERIC sfrt_lookup(void *adr, table_t* table)
GENERIC sfrt_lookup(sfaddr_t* ip, table_t* table)
{
tuple_t tuple;
#ifdef SUP_IP6
sfip_t *ip;
#else
uint32_t ip;
#endif
void *rt = NULL;
uint32_t* adr;
int numAdrDwords;
void *rt;
if(!adr)
if(!ip)
{
return NULL;
}
@ -350,35 +336,22 @@ GENERIC sfrt_lookup(void *adr, table_t* table)
return NULL;
}
#ifdef SUP_IP6
ip = adr;
if (ip->family == AF_INET)
if (sfaddr_family(ip) == AF_INET)
{
adr = sfaddr_get_ip4_ptr(ip);
numAdrDwords = 1;
rt = table->rt;
}
else if (ip->family == AF_INET6)
else
{
adr = sfaddr_get_ip6_ptr(ip);
numAdrDwords = 4;
rt = table->rt6;
}
#else
/* IPv6 not yet supported */
if(table->ip_type == IPv6)
{
return NULL;
}
ip = *(uint32_t*)adr;
rt = table->rt;
#endif
tuple = table->lookup(adr, numAdrDwords, rt);
if (!rt)
{
return NULL;
}
tuple = table->lookup(ip, rt);
if(tuple.index >= table->num_ent)
if(tuple.index >= table->max_size)
{
return NULL;
}
@ -388,14 +361,41 @@ GENERIC sfrt_lookup(void *adr, table_t* table)
void sfrt_iterate(table_t* table, sfrt_iterator_callback userfunc)
{
uint32_t index;
uint32_t index, count;
if (!table)
return;
for (index = 0; index < table->num_ent; index++)
for (index = 0, count = 0;
index < table->max_size;
index++)
{
if (table->data[index])
{
userfunc(table->data[index]);
if (++count == table->num_ent) break;
}
}
return;
}
void sfrt_iterate_with_snort_config(struct _SnortConfig *sc, table_t* table, sfrt_sc_iterator_callback userfunc)
{
uint32_t index, count;
if (!table)
return;
for (index = 0, count = 0;
index < table->max_size;
index++)
{
if (table->data[index])
{
userfunc(sc, table->data[index]);
if (++count == table->num_ent) break;
}
}
return;
@ -403,17 +403,42 @@ void sfrt_iterate(table_t* table, sfrt_iterator_callback userfunc)
int sfrt_iterate2(table_t* table, sfrt_iterator_callback3 userfunc)
{
uint32_t index;
uint32_t index, count;
if (!table)
return 0;
for (index = 0; index < table->num_ent; index++)
for (index = 0, count = 0;
index < table->max_size;
index++)
{
if (table->data[index])
{
int ret = userfunc(table->data[index]);
if (ret != 0)
return ret;
if (++count == table->num_ent) break;
}
}
return 0;
}
int sfrt_iterate2_with_snort_config(struct _SnortConfig *sc, table_t* table, sfrt_sc_iterator_callback3 userfunc)
{
uint32_t index, count;
if (!table)
return 0;
for (index = 0, count = 0;
index < table->max_size;
index++)
{
if (table->data[index])
{
int ret = userfunc(sc, table->data[index]);
if (ret != 0)
return ret;
if (++count == table->num_ent) break;
}
}
@ -426,94 +451,80 @@ void sfrt_cleanup2(
void *data
)
{
uint32_t index;
uint32_t index, count;
if (!table)
return;
for (index = 0; index < table->num_ent; index++)
for (index = 0, count = 0;
index < table->max_size;
index++)
{
if (table->data[index])
{
cleanup_func(table->data[index], data);
/* cleanup_func is supposed to free memory associated with this
* table->data[index]. Set that to NULL.
*/
table->data[index] = NULL;
if (++count == table->num_ent) break;
}
}
}
void sfrt_cleanup(table_t* table, sfrt_iterator_callback cleanup_func)
{
uint32_t index;
uint32_t index, count;
if (!table)
return;
for (index = 0; index < table->num_ent; index++)
for (index = 0, count = 0;
index < table->max_size;
index++)
{
if (table->data[index])
{
cleanup_func(table->data[index]);
/* cleanup_func is supposed to free memory associated with this
* table->data[index]. Set that to NULL.
*/
table->data[index] = NULL;
if (++count == table->num_ent) break;
}
}
return;
}
GENERIC sfrt_search(void *adr, unsigned char len, table_t *table)
GENERIC sfrt_search(sfaddr_t* ip, table_t *table)
{
#ifdef SUP_IP6
sfip_t *ip;
#else
uint32_t ip;
#endif
uint32_t* adr;
int numAdrDwords;
tuple_t tuple;
void *rt = NULL;
if ((adr == NULL) || (table == NULL) || (len == 0))
if ((ip == NULL) || (table == NULL))
return NULL;
#ifdef SUP_IP6
ip = adr;
if (ip->family == AF_INET)
if (sfaddr_family(ip) == AF_INET)
{
adr = sfaddr_get_ip4_ptr(ip);
numAdrDwords = 1;
rt = table->rt;
}
else if (ip->family == AF_INET6)
else
{
adr = sfaddr_get_ip6_ptr(ip);
numAdrDwords = 4;
rt = table->rt6;
}
#else
/* IPv6 not yet supported */
if(table->ip_type == IPv6)
{
return NULL;
}
ip = *(uint32_t*)adr;
rt = table->rt;
#endif
/* IPv6 not yet supported */
if (table->ip_type == IPv6)
return NULL;
tuple = table->lookup(adr, numAdrDwords, rt);
if( (table->ip_type == IPv4 && len > 32) ||
(table->ip_type == IPv6 && len > 128) )
{
return NULL;
}
#ifdef SUP_IP6
ip = adr;
#else
ip = *(uint32_t*)adr;
#endif
tuple = table->lookup(ip, rt);
if (tuple.length != len)
if(tuple.index >= table->max_size)
return NULL;
return table->data[tuple.index];
@ -521,20 +532,18 @@ GENERIC sfrt_search(void *adr, unsigned char len, table_t *table)
/* Insert "ip", of length "len", into "table", and have it point to "ptr" */
/* Insert "ip", of length "len", into "table", and have it point to "ptr" */
int sfrt_insert(void *adr, unsigned char len, GENERIC ptr,
int sfrt_insert(sfcidr_t* ip, unsigned char len, GENERIC ptr,
int behavior, table_t *table)
{
int index;
int newIndex = 0;
int res;
#ifdef SUP_IP6
sfip_t *ip;
#else
uint32_t ip;
#endif
uint32_t* adr;
int numAdrDwords;
tuple_t tuple;
void *rt = NULL;
if(!adr)
if(!ip)
{
return RT_INSERT_FAILURE;
}
@ -547,18 +556,11 @@ int sfrt_insert(void *adr, unsigned char len, GENERIC ptr,
return RT_INSERT_FAILURE;
}
if( (table->ip_type == IPv4 && len > 32) ||
(table->ip_type == IPv6 && len > 128) )
if (len > 128)
{
return RT_INSERT_FAILURE;
}
#ifdef SUP_IP6
ip = adr;
#else
ip = *(uint32_t*)adr;
#endif
/* Check if we can reuse an existing data table entry by
* seeing if there is an existing entry with the same length. */
/* Only perform this if the table is not an LC-trie */
@ -567,24 +569,29 @@ int sfrt_insert(void *adr, unsigned char len, GENERIC ptr,
{
#endif
#ifdef SUP_IP6
if (ip->family == AF_INET)
if (sfaddr_family(&ip->addr) == AF_INET)
{
if (len < 96)
{
return RT_INSERT_FAILURE;
}
len -= 96;
adr = sfip_get_ip4_ptr(ip);
numAdrDwords = 1;
rt = table->rt;
}
else if (ip->family == AF_INET6)
else
{
adr = sfip_get_ip6_ptr(ip);
numAdrDwords = 4;
rt = table->rt6;
}
#else
rt = table->rt;
#endif
if (!rt)
{
return RT_INSERT_FAILURE;
}
tuple = table->lookup(ip, table->rt);
tuple = table->lookup(adr, numAdrDwords, rt);
#ifdef SUPPORT_LCTRIE
}
@ -602,35 +609,43 @@ int sfrt_insert(void *adr, unsigned char len, GENERIC ptr,
return RT_POLICY_TABLE_EXCEEDED;
}
index = table->num_ent;
table->num_ent++;
index = newIndex = allocateTableIndex(table);
if (!index)
return RT_POLICY_TABLE_EXCEEDED;
}
else
{
index = tuple.index;
}
/* Insert value into policy table */
table->data[ index ] = ptr;
/* The actual value that is looked-up is an index
* into the data table. */
res = table->insert(ip, len, index, behavior, rt);
res = table->insert(adr, numAdrDwords, len, index, behavior, rt);
/* Check if we ran out of memory. If so, need to decrement
* table->num_ent */
if(res == MEM_ALLOC_FAILURE)
if ((res == RT_SUCCESS) && newIndex)
{
/* From the control flow above, it's possible table->num_ent was not
* incremented. It should be safe to decrement here, because the only
* time it will be incremented above is when we are potentially
* mallocing one or more new entries (It's not incremented when we
* overwrite an existing entry). */
table->num_ent--;
table->num_ent++;
table->data[ index ] = ptr;
}
return res;
}
/** Pretty print table
* Pretty print sfrt table.
* @param table - routing table.
*/
void sfrt_print(table_t *table)
{
if(!table || !table->print )
{
return;
}
if (table->rt)
table->print(table->rt);
if (table->rt6)
table->print(table->rt6);
}
uint32_t sfrt_num_entries(table_t *table)
{
@ -653,16 +668,115 @@ uint32_t sfrt_usage(table_t *table)
usage = table->allocated + table->usage( table->rt );
#ifdef SUP_IP6
if (table->rt6)
{
usage += table->usage( table->rt6 );
}
#endif
return usage;
}
/** Remove subnet from sfrt table.
* Remove subnet identified by ip/len and return associated data.
* @param ip - IP address
* @param len - length of netmask
* @param ptr - void ** that is set to value associated with subnet
* @param behavior - RT_FAVOR_SPECIFIC or RT_FAVOR_TIME
* @note - For RT_FAVOR_TIME behavior, if partial subnet is removed then table->data[x] is nulled. Any remaining entries
* will then point to null data. This can cause hung or crosslinked data. RT_FAVOR_SPECIFIC does not have this drawback.
* hung or crosslinked entries.
*/
int sfrt_remove(sfcidr_t* ip, unsigned char len, GENERIC *ptr,
int behavior, table_t *table)
{
int index;
uint32_t* adr;
int numAdrDwords;
void *rt = NULL;
if(!ip)
{
return RT_REMOVE_FAILURE;
}
if (len == 0)
return RT_REMOVE_FAILURE;
if(!table || !table->data || !table->remove || !table->lookup )
{
//remove operation will fail for LCT since this operation is not implemented
return RT_REMOVE_FAILURE;
}
if (len > 128)
{
return RT_REMOVE_FAILURE;
}
#ifdef SUPPORT_LCTRIE
if(table->table_type != LCT)
{
#endif
if (sfaddr_family(&ip->addr) == AF_INET)
{
if (len < 96)
{
return RT_REMOVE_FAILURE;
}
len -= 96;
adr = sfip_get_ip4_ptr(ip);
numAdrDwords = 1;
rt = table->rt;
}
else
{
adr = sfip_get_ip6_ptr(ip);
numAdrDwords = 4;
rt = table->rt6;
}
#ifdef SUPPORT_LCTRIE
}
#endif
/* The actual value that is looked-up is an index
* into the data table. */
index = table->remove(adr, numAdrDwords, len, behavior, rt);
/* Remove value into policy table. See TBD in function header*/
if (index)
{
*ptr = table->data[ index ];
table->data[ index ] = NULL;
table->num_ent--;
}
return RT_SUCCESS;
}
/**allocate first unused index value. With delete operation, index values can be non-contiguous.
* Index 0 is error in this function but this is valid entry in table->data that is used
* for failure case. Calling function must check for 0 and take appropriate error action.
*/
static inline int allocateTableIndex(table_t *table)
{
uint32_t index;
//0 is special index for failed entries.
for (index = table->lastAllocatedIndex+1;
index != table->lastAllocatedIndex;
index = (index+1) % table->max_size)
{
if (index && !table->data[index])
{
table->lastAllocatedIndex = index;
return index;
}
}
return 0;
}
#ifdef DEBUG_SFRT
#define NUM_IPS 32

122
include/sfrt.h Normal file → Executable file
View file

@ -1,6 +1,7 @@
/****************************************************************************
*
* Copyright (C) 2006-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2006-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -15,7 +16,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -96,21 +97,13 @@
#ifndef _SFRT_H_
#define _SFRT_H_
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <stdlib.h>
#include <sys/types.h>
#include "sfrt_trie.h"
#include "debug.h"
#include "snort_debug.h"
#include "ipv6_port.h"
#ifdef SUP_IP6
typedef sfip_t *IP;
#else
typedef uint32_t IP;
#endif
typedef sfcidr_t *IP;
typedef void* GENERIC; /* To be replaced with a pointer to a policy */
typedef struct
{
@ -120,7 +113,7 @@ typedef struct
#include "sfrt_dir.h"
/* #define SUPPORT_LCTRIE */
/*#define SUPPORT_LCTRIE */
#ifdef SUPPORT_LCTRIE
#include "sfrt_lctrie.h"
#endif
@ -137,12 +130,10 @@ enum types
DIR_8x4,
DIR_4x8,
DIR_2x16,
#ifdef SUP_IP6
DIR_16_4x4_16x5_4x4,
DIR_16x7_4x4,
DIR_16x8,
DIR_8x16,
#endif
IPv4,
IPv6
};
@ -154,13 +145,13 @@ enum return_codes
RT_POLICY_TABLE_EXCEEDED,
DIR_INSERT_FAILURE,
DIR_LOOKUP_FAILURE,
MEM_ALLOC_FAILURE
MEM_ALLOC_FAILURE,
#ifdef SUPPORT_LCTRIE
,
LCT_COMPILE_FAILURE,
LCT_INSERT_FAILURE,
LCT_LOOKUP_FAILURE
LCT_LOOKUP_FAILURE,
#endif
RT_REMOVE_FAILURE
};
/* Defined in sfrt.c */
@ -169,7 +160,8 @@ extern char *rt_error_messages[];
enum
{
RT_FAVOR_TIME,
RT_FAVOR_SPECIFIC
RT_FAVOR_SPECIFIC,
RT_FAVOR_ALL
};
/*******************************************************************/
@ -179,38 +171,112 @@ typedef struct
GENERIC *data; /* data table. Each IP points to an entry here */
uint32_t num_ent; /* Number of entries in the policy table */
uint32_t max_size; /* Max size of policies array */
uint32_t lastAllocatedIndex; /* Index allocated last. Search for unused index
starts from this value and then wraps around at max_size.*/
char ip_type; /* Only IPs of this family will be used */
char table_type;
uint32_t allocated;
void *rt; /* Actual "routing" table */
#ifdef SUP_IP6
void *rt6; /* Actual "routing" table */
#endif
tuple_t (*lookup)(IP ip, GENERIC);
int (*insert)(IP ip, int len, word index, int behavior, GENERIC);
void (*free)(void *);
uint32_t (*usage)(void *);
tuple_t (*lookup)(uint32_t* adr, int numAdrDwords, GENERIC tbl);
int (*insert)(uint32_t* adr, int numAdrDwords, int len, word index, int behavior, GENERIC tbl);
void (*free)(GENERIC tbl);
uint32_t (*usage)(GENERIC tbl);
void (*print)(GENERIC tbl);
word (*remove)(uint32_t* adr, int numAdrDwords, int len, int behavior, GENERIC tbl);
} table_t;
/*******************************************************************/
/* Abstracted routing table API */
table_t * sfrt_new(char type, char ip_type, long data_size, uint32_t mem_cap);
void sfrt_free(table_t *table);
GENERIC sfrt_lookup(void *adr, table_t* table);
GENERIC sfrt_search(void *adr, unsigned char len, table_t *table);
GENERIC sfrt_lookup(sfaddr_t* ip, table_t* table);
GENERIC sfrt_search(sfaddr_t* ip, table_t *table);
typedef void (*sfrt_iterator_callback)(void *);
struct _SnortConfig;
typedef void (*sfrt_sc_iterator_callback)(struct _SnortConfig *, void *);
typedef int (*sfrt_sc_iterator_callback3)(struct _SnortConfig *, void *);
typedef void (*sfrt_iterator_callback2)(void *, void *);
typedef int (*sfrt_iterator_callback3)(void *);
void sfrt_iterate(table_t* table, sfrt_iterator_callback userfunc);
void sfrt_iterate_with_snort_config(struct _SnortConfig *sc, table_t* table, sfrt_sc_iterator_callback userfunc);
int sfrt_iterate2(table_t* table, sfrt_iterator_callback3 userfunc);
int sfrt_iterate2_with_snort_config(struct _SnortConfig *sc, table_t* table, sfrt_sc_iterator_callback3 userfunc);
void sfrt_cleanup(table_t* table, sfrt_iterator_callback userfunc);
void sfrt_cleanup2(table_t*, sfrt_iterator_callback2, void *);
int sfrt_insert(void *adr, unsigned char len, GENERIC ptr,
int sfrt_insert(sfcidr_t* ip, unsigned char len, GENERIC ptr,
int behavior, table_t *table);
int sfrt_remove(sfcidr_t* ip, unsigned char len, GENERIC *ptr,
int behavior, table_t *table);
uint32_t sfrt_usage(table_t *table);
void sfrt_print(table_t *table);
uint32_t sfrt_num_entries(table_t *table);
/* Perform a lookup on value contained in "ip"
* For performance reason, we use this simplified version instead of sfrt_lookup
* Note: this only applied to table setting: DIR_8x16 (DIR_16_8_4x2 for IPV4), DIR_8x4*/
static inline GENERIC sfrt_dir8x_lookup(sfaddr_t *ip, table_t* table)
{
dir_sub_table_t *subtable;
int i;
void *rt = NULL;
int index;
if (sfaddr_family(ip) == AF_INET)
{
rt = table->rt;
subtable = ((dir_table_t *)rt)->sub_table;
/* 16 bits*/
index = ntohs(ip->ia16[6]);
if( !subtable->entries[index] || subtable->lengths[index] )
{
return table->data[subtable->entries[index]];
}
subtable = (dir_sub_table_t *) subtable->entries[index];
/* 8 bits*/
index = ip->ia8[14];
if( !subtable->entries[index] || subtable->lengths[index] )
{
return table->data[subtable->entries[index]];
}
subtable = (dir_sub_table_t *) subtable->entries[index];
/* 4 bits */
index = ip->ia8[15] >> 4;
if( !subtable->entries[index] || subtable->lengths[index] )
{
return table->data[subtable->entries[index]];
}
subtable = (dir_sub_table_t *) subtable->entries[index];
/* 4 bits */
index = ip->ia8[15] & 0xF;
if( !subtable->entries[index] || subtable->lengths[index] )
{
return table->data[subtable->entries[index]];
}
}
else
{
rt = table->rt6;
subtable = ((dir_table_t *)rt)->sub_table;
for (i = 0; i < 16; i++)
{
index = ip->ia8[i];
if( !subtable->entries[index] || subtable->lengths[index] )
{
return table->data[subtable->entries[index]];
}
subtable = (dir_sub_table_t *) subtable->entries[index];
}
}
return NULL;
}
#endif

418
include/sfrt_dir.c Normal file → Executable file
View file

@ -1,6 +1,7 @@
/****************************************************************************
*
* Copyright (C) 2006-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2006-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -15,7 +16,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -35,23 +36,14 @@
#include <stdarg.h> /* For variadic */
#include <stdio.h>
#include <string.h> /* For memset */
#include "sf_types.h"
#include "sfrt.h"
#include "sfrt_dir.h"
#if SIZEOF_UNSIGNED_LONG_INT == 8
#define ARCH_WIDTH 64
#else
#define ARCH_WIDTH 32
#endif
#ifdef SUP_IP6
typedef struct {
IP ip;
uint32_t* adr;
int bits;
} IPLOOKUP;
#else
typedef IP IPLOOKUP;
#endif
/* Create new "sub" table of 2^width entries */
static dir_sub_table_t *_sub_table_new(dir_table_t *root, uint32_t dimension,
@ -101,7 +93,7 @@ static dir_sub_table_t *_sub_table_new(dir_table_t *root, uint32_t dimension,
* to how specific the insertion that set the entry was. It is necessary
* so that the entry is not overwritten by less general routing
* information if "RT_FAVOR_SPECIFIC" insertions are being performed. */
sub->lengths = (char*)malloc(sub->num_entries);
sub->lengths = (uint8_t*)malloc(sub->num_entries);
if(!sub->lengths)
{
@ -114,12 +106,17 @@ static dir_sub_table_t *_sub_table_new(dir_table_t *root, uint32_t dimension,
for(index = 0; index < sub->num_entries; index++)
{
sub->entries[index] = prefill;
sub->lengths[index] = (char)bit_length;
sub->lengths[index] = (uint8_t)bit_length;
}
sub->cur_num = 0;
root->allocated += sizeof(dir_sub_table_t) + sizeof(word) * sub->num_entries;
if (prefill)
sub->filledEntries = sub->num_entries;
else
sub->filledEntries = 0;
root->allocated += sizeof(dir_sub_table_t) + sizeof(word) * sub->num_entries + sub->num_entries;
root->cur_num++;
@ -245,7 +242,7 @@ void sfrt_dir_free(void *tbl)
free(table);
}
static INLINE void _dir_fill_all(uint32_t *allocated, uint32_t index, uint32_t fill,
static inline void _dir_fill_all(uint32_t *allocated, uint32_t index, uint32_t fill,
word length, uint32_t val, dir_sub_table_t *table)
{
@ -254,17 +251,24 @@ static INLINE void _dir_fill_all(uint32_t *allocated, uint32_t index, uint32_t f
{
/* Before overwriting this entry, verify there's not an existing
* pointer ... otherwise free it to avoid a huge memory leak. */
if( table->entries[index] && !table->lengths[index])
if(table->entries[index])
{
if (!table->lengths[index])
{
_sub_table_free(allocated, (dir_sub_table_t*)table->entries[index]);
}
}
else
{
table->filledEntries++;
}
table->entries[index] = val;
table->lengths[index] = (char)length;
table->lengths[index] = (uint8_t)length;
}
}
static INLINE void _dir_fill_less_specific(int index, int fill,
static inline void _dir_fill_less_specific(int index, int fill,
word length, uint32_t val, dir_sub_table_t *table)
{
@ -290,12 +294,103 @@ static INLINE void _dir_fill_less_specific(int index, int fill,
}
else if(length >= (word)table->lengths[index])
{
if (!table->entries[index])
{
table->filledEntries++;
}
table->entries[index] = val;
table->lengths[index] = (char)length;
}
}
}
/*Remove entries all this level and discard any more specific entries.
*
* @note RT_FAVOR_TIME behavior can cause hung or crosslinked entries if part of a subnet
* (which was added) are deleted. Same issue is there when a more general subnet overwrites
* a specific subnet. table->data[] entry for more specific subnet is not cleared.
*
* @note RT_FAVOR_TIME can cause orphaned table->data[] entries if the entire subnet
* is replaced by more specific sudnets.
*/
static inline uint32_t _dir_remove_all(uint32_t *allocated, uint32_t index, uint32_t fill,
word length, dir_sub_table_t *table)
{
uint32_t valueIndex = 0;
/* Fill entries */
for(; index < fill; index++)
{
/* Before overwriting this entry, verify there's not an existing
* pointer ... otherwise free it to avoid a huge memory leak. */
if (table->entries[index])
{
if (!table->lengths[index])
{
_sub_table_free(allocated, (dir_sub_table_t*)table->entries[index]);
}
if(length == (word)table->lengths[index])
{
valueIndex = table->entries[index];
}
table->filledEntries--;
//zero value here works since sfrt uses 0 for failed entries.
table->entries[index] = 0;
table->lengths[index] = 0;
}
}
return valueIndex;
}
/**Remove entries which match in address/length in all subtables.
* @note RT_FAVOR_SPECIFIC can cause orphaned table->data[] entries if the entire subnet
* is replaced by more specific subnets.
*/
static inline uint32_t _dir_remove_less_specific(uint32_t *allocated, int index, int fill,
word length, dir_sub_table_t *table)
{
uint32_t valueIndexRet = 0;
uint32_t valueIndex = 0;
for(; index < fill; index++)
{
if( !table->lengths[index] && table->entries[index])
{
dir_sub_table_t *next = (dir_sub_table_t*)table->entries[index];
valueIndex = _dir_remove_less_specific(allocated, 0, 1 << next->width, length, next);
if (valueIndex)
{
valueIndexRet = valueIndex;
}
if (!next->filledEntries) //table can be collapsed.
{
_sub_table_free(allocated, next);
table->entries[index] = 0;
table->lengths[index] = 0;
table->filledEntries--;
}
}
else if(length == (word)table->lengths[index])
{
if (table->entries[index])
{
table->filledEntries--;
valueIndexRet = table->entries[index];
}
table->entries[index] = 0;
table->lengths[index] = 0;
}
}
return valueIndexRet;
}
/* Sub table insertion
* This is called by dir_insert and recursively to find the the sub table
* that should house the value "ptr"
@ -311,16 +406,9 @@ static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
word index;
uint32_t fill;
#ifdef SUP_IP6
{
uint32_t local_index, i;
/* need to handle bits usage across multiple 32bit vals within IPv6. */
if (ip->ip->family == AF_INET)
{
i=0;
}
else if (ip->ip->family == AF_INET6)
{
if (ip->bits < 32 )
{
i=0;
@ -337,19 +425,9 @@ static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
{
i=3;
}
local_index = ip->adr[i] << (ip->bits %32);
index = local_index >> (sizeof(local_index)*8 - sub_table->width);
}
else
{
return RT_INSERT_FAILURE;
}
local_index = ip->ip->ip32[i] << (ip->bits %32);
index = local_index >> (ARCH_WIDTH - sub_table->width);
}
#else
IPLOOKUP iplu;
/* Index is determined by the highest 'len' bits in 'ip' */
index = *ip >> (ARCH_WIDTH - sub_table->width);
#endif
/* Check if this is the last table to traverse to */
if(sub_table->width >= cur_len)
@ -396,6 +474,11 @@ static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
(word) _sub_table_new(root_table, current_depth+1,
(word) next_sub, sub_table->lengths[index]);
if (!next_sub)
{
sub_table->filledEntries++;
}
sub_table->cur_num++;
sub_table->lengths[index] = 0;
@ -409,17 +492,10 @@ static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
}
/* Recurse to next level. Rightshift off appropriate number of
* bits and update the length accordingly. */
#ifdef SUP_IP6
ip->bits += sub_table->width;
_dir_sub_insert(ip, length,
return (_dir_sub_insert(ip, length,
cur_len - sub_table->width, ptr, current_depth+1,
behavior, next_sub, root_table);
#else
iplu = *ip << sub_table->width;
_dir_sub_insert(&iplu, length,
cur_len - sub_table->width, ptr, current_depth+1,
behavior, next_sub, root_table);
#endif
behavior, next_sub, root_table));
}
return RT_SUCCESS;
@ -430,17 +506,14 @@ static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
* @param len Number of bits of the IP used for lookup
* @param ptr Information to be associated with this IP range
* @param master_table The table that describes all, returned by dir_new */
int sfrt_dir_insert(IP ip, int len, word data_index,
int sfrt_dir_insert(uint32_t* adr, int numAdrDwords, int len, word data_index,
int behavior, void *table)
{
dir_table_t *root = (dir_table_t*)table;
#ifdef SUP_IP6
uint32_t h_adr[4];
IPLOOKUP iplu;
iplu.ip = ip;
iplu.adr = h_adr;
iplu.bits = 0;
#else
IPLOOKUP iplu = ip;
#endif
/* Validate arguments */
if(!root || !root->sub_table)
@ -448,6 +521,23 @@ int sfrt_dir_insert(IP ip, int len, word data_index,
return DIR_INSERT_FAILURE;
}
h_adr[0] = ntohl(adr[0]);
if (len > 96)
{
h_adr[1] = ntohl(adr[1]);
h_adr[2] = ntohl(adr[2]);
h_adr[3] = ntohl(adr[3]);
}
else if (len > 64)
{
h_adr[1] = ntohl(adr[1]);
h_adr[2] = ntohl(adr[2]);
}
else if (len > 32)
{
h_adr[1] = ntohl(adr[1]);
}
/* Find the sub table in which to insert */
return _dir_sub_insert(&iplu, len, len, (GENERIC)data_index,
0, behavior, root->sub_table, root);
@ -458,16 +548,9 @@ int sfrt_dir_insert(IP ip, int len, word data_index,
static tuple_t _dir_sub_lookup(IPLOOKUP *ip, dir_sub_table_t *table)
{
word index;
#ifdef SUP_IP6
{
uint32_t local_index, i;
/* need to handle bits usage across multiple 32bit vals within IPv6. */
if (ip->ip->family == AF_INET)
{
i=0;
}
else if (ip->ip->family == AF_INET6)
{
if (ip->bits < 32 )
{
i=0;
@ -484,19 +567,9 @@ static tuple_t _dir_sub_lookup(IPLOOKUP *ip, dir_sub_table_t *table)
{
i=3;
}
local_index = ip->adr[i] << (ip->bits %32);
index = local_index >> (sizeof(local_index)*8 - table->width);
}
else
{
tuple_t ret = { 0, 0 };
return ret;
}
local_index = ip->ip->ip32[i] << (ip->bits %32);
index = local_index >> (ARCH_WIDTH - table->width);
}
#else
IPLOOKUP iplu;
index = *ip >> (ARCH_WIDTH - table->width);
#endif
if( !table->entries[index] || table->lengths[index] )
{
@ -507,26 +580,19 @@ static tuple_t _dir_sub_lookup(IPLOOKUP *ip, dir_sub_table_t *table)
return ret;
}
#ifdef SUP_IP6
ip->bits += table->width;
return _dir_sub_lookup( ip, (dir_sub_table_t *)table->entries[index]);
#else
iplu = *ip << table->width;
return _dir_sub_lookup( &iplu, (dir_sub_table_t *)table->entries[index]);
#endif
}
/* Lookup information associated with the value "ip" */
tuple_t sfrt_dir_lookup(IP ip, void *tbl)
tuple_t sfrt_dir_lookup(uint32_t* adr, int numAdrDwords, void *tbl)
{
dir_table_t *root = (dir_table_t*)tbl;
#ifdef SUP_IP6
uint32_t h_adr[4];
int i;
IPLOOKUP iplu;
iplu.ip = ip;
iplu.adr = h_adr;
iplu.bits = 0;
#else
IPLOOKUP iplu = ip;
#endif
if(!root || !root->sub_table)
{
@ -535,6 +601,11 @@ tuple_t sfrt_dir_lookup(IP ip, void *tbl)
return ret;
}
for (i = 0; i < numAdrDwords; i++)
{
h_adr[i] = ntohl(adr[i]);
}
return _dir_sub_lookup(&iplu, root->sub_table);
}
@ -549,3 +620,182 @@ uint32_t sfrt_dir_usage(void *table)
return ((dir_table_t*)(table))->allocated;
}
static void _sub_table_print(dir_sub_table_t *sub, uint32_t level, dir_table_t *table) {
int index;
char label[100];
memset(label, ' ', sizeof(label));
label[level*5] = '\0';
printf("%sCurrent Nodes: %d, Filled Entries: %d, table Width: %d\n", label, sub->cur_num, sub->filledEntries, sub->width);
for(index=0; index < sub->num_entries; index++)
{
if (sub->lengths[index] || sub->entries[index])
printf("%sIndex: %d, Length: %d, dataIndex: %d\n", label, index, sub->lengths[index],
(uint32_t)sub->entries[index]);
if( !sub->lengths[index] && sub->entries[index] ) {
_sub_table_print((dir_sub_table_t*) sub->entries[index], level+1, table);
}
}
}
/* Print a table.
* Prints a table and its subtable. This is used for debugging purpose only.
* @param table The table that describes all, returned by dir_new
*/
void sfrt_dir_print(void *tbl) {
dir_table_t *table = (dir_table_t*)tbl;
if(!table) {
return;
}
printf ("Nodes in use: %d\n", table->cur_num);
if(table->sub_table) {
_sub_table_print(table->sub_table, 1, table);
}
}
/* Sub table removal
* Recursive function to drill down to subnet table and remove entries.
* @param ip IP address structure
* @param length Number of bits of the IP used to specify this CIDR
* @param cur_len Number of bits of the IP left at this depth
* @param current_depth Number of levels down from root_table.
* @param behavior RT_FAVOR_SPECIFIC or RT_FAVOR_TIME
* @param root_table The table that describes all, returned by dir_new
* @returns index of entry removed. Returns 0, which is a valid index, as failure code.
* Calling function should treat 0 index as failure case.*/
static int _dir_sub_remove(IPLOOKUP *ip, int length, int cur_len,
int current_depth, int behavior,
dir_sub_table_t *sub_table, dir_table_t *root_table)
{
word index;
uint32_t fill;
uint32_t valueIndex = 0;
{
uint32_t local_index, i;
/* need to handle bits usage across multiple 32bit vals within IPv6. */
if (ip->bits < 32 )
{
i=0;
}
else if (ip->bits < 64)
{
i=1;
}
else if (ip->bits < 96)
{
i=2;
}
else
{
i=3;
}
local_index = ip->adr[i] << (ip->bits %32);
index = local_index >> (sizeof(local_index)*8 - sub_table->width);
}
/* Check if this is the last table to traverse to */
if(sub_table->width >= cur_len)
{
/* Calculate how many entries need to be removed (filled with 0)
* in this table. If the table is 24 bits wide, and the entry
* is 20 bytes long, 2^4 entries need to be filled. */
fill = 1 << (sub_table->width - cur_len);
index = (index >> (sub_table->width - cur_len)) <<
(sub_table->width - cur_len);
fill += index;
/* Remove and overwrite without consedering CIDR specificity*/
if(behavior == RT_FAVOR_TIME)
{
valueIndex = _dir_remove_all(&root_table->allocated, index, fill, length, sub_table);
}
/* Remove and overwrite only less specific CIDR */
else
{
valueIndex = _dir_remove_less_specific(&root_table->allocated, index, fill, length, sub_table);
}
}
else
{
/* traverse to a next sub-table down*/
dir_sub_table_t *next_sub = (dir_sub_table_t *)sub_table->entries[index];
/*subtable was never added. */
if(!next_sub || sub_table->lengths[index])
{
return 0;
}
/* Recurse to next level. Rightshift off appropriate number of
* bits and update the length accordingly. */
ip->bits += sub_table->width;
valueIndex = _dir_sub_remove(ip, length,
cur_len - sub_table->width, current_depth+1,
behavior, next_sub, root_table);
if (!next_sub->filledEntries)
{
_sub_table_free(&root_table->allocated, next_sub);
sub_table->entries[index] = 0;
sub_table->lengths[index] = 0;
sub_table->filledEntries--;
root_table->cur_num--;
}
}
return valueIndex;
}
/* Remove entry into DIR-n-m tables
* @param ip IP address structure
* @param len Number of bits of the IP used for lookup
* @param behavior RT_FAVOR_SPECIFIC or RT_FAVOR_TIME
* @param table The table that describes all, returned by dir_new
* @return index to data or 0 on failure. Calling function should check for 0 since
* this is valid index for failed operation.
*/
word sfrt_dir_remove(uint32_t* adr, int numAdrDwords, int len, int behavior, void *table)
{
dir_table_t *root = (dir_table_t*)table;
uint32_t h_adr[4];
IPLOOKUP iplu;
iplu.adr = h_adr;
iplu.bits = 0;
/* Validate arguments */
if(!root || !root->sub_table)
{
return 0;
}
h_adr[0] = ntohl(adr[0]);
if (len > 96)
{
h_adr[1] = ntohl(adr[1]);
h_adr[2] = ntohl(adr[2]);
h_adr[3] = ntohl(adr[3]);
}
else if (len > 64)
{
h_adr[1] = ntohl(adr[1]);
h_adr[2] = ntohl(adr[2]);
}
else if (len > 32)
{
h_adr[1] = ntohl(adr[1]);
}
/* Find the sub table in which to remove */
return _dir_sub_remove(&iplu, len, len, 0, behavior, root->sub_table, root);
}

21
include/sfrt_dir.h Normal file → Executable file
View file

@ -1,6 +1,7 @@
/****************************************************************************
*
* Copyright (C) 2006-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2006-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -15,7 +16,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -31,9 +32,6 @@
#ifndef SFRT_DIR_H_
#define SFRT_DIR_H_
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
/*******************************************************************/
/* DIR-n-m data structures
* Each table in the DIR-n-m method is represented by a
@ -41,13 +39,18 @@
typedef struct
{
word *entries;
char *lengths;
uint8_t *lengths;
int num_entries; /* Number of entries in this table */
int width; /* width of this table. */
/* While one determines the other, this way fewer
* calculations are needed at runtime, since both
* are used. */
int cur_num; /* Present number of used nodes */
/** number of entries filled including chidren sub_tables. This is used
* for freeing sub_tables when all entried are freed by delete operation.
*/
int filledEntries;
} dir_sub_table_t;
/* Master data structure for the DIR-n-m derivative */
@ -72,10 +75,12 @@ typedef struct
/* DIR-n-m functions, these are not intended to be called directly */
dir_table_t * sfrt_dir_new(uint32_t mem_cap, int count,...);
void sfrt_dir_free(void *);
tuple_t sfrt_dir_lookup(IP ip, void *table);
int sfrt_dir_insert(IP ip, int len, word data_index,
tuple_t sfrt_dir_lookup(uint32_t* adr, int numAdrDwords, void *table);
int sfrt_dir_insert(uint32_t* adr, int numAdrDwords, int len, word data_index,
int behavior, void *table);
uint32_t sfrt_dir_usage(void *table);
void sfrt_dir_print(void *table);
word sfrt_dir_remove(uint32_t* adr, int numAdrDwords, int len, int behavior, void *table);
#endif /* SFRT_DIR_H_ */

24
include/sfrt_trie.h Normal file → Executable file
View file

@ -1,6 +1,7 @@
/****************************************************************************
*
* Copyright (C) 2006-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2006-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -15,7 +16,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -68,7 +69,7 @@ typedef unsigned long word;
/* The trie is represented by an array and each node in
the trie is compactly represented using only 32 bits:
5 + 5 + 22 = branch + skip + adr */
typedef word trie_node_t;
typedef word node_t;
#define NOPRE -1 /* an empty prefix pointer */
@ -137,7 +138,7 @@ typedef struct { /* compact version of above */
typedef struct routtablerec *routtable_t;
struct routtablerec {
trie_node_t *trie; /* the main trie search structure */
node_t *trie; /* the main trie search structure */
int triesize;
comp_base_t *base; /* the base vector */
int basesize;
@ -149,19 +150,4 @@ struct routtablerec {
int dirty; /* Whether or not the table needs to be rebuilt */
};
/* utilities */
#ifndef boolean
#ifndef HAVE_BOOLEAN
typedef unsigned char boolean;
#endif
#endif
#ifndef TRUE
# define TRUE 1
#endif
#ifndef FALSE
# define FALSE 0
#endif
#endif

37
include/sfsnort_dynamic_detection_lib.c Normal file → Executable file
View file

@ -1,4 +1,29 @@
/****************************************************************************
*
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "sf_dynamic_define.h"
#include "sf_snort_plugin_api.h"
#include "sf_dynamic_meta.h"
#include "detection_lib_meta.h"
@ -8,12 +33,12 @@
extern Rule *rules[];
DETECTION_LINKAGE int InitializeDetection()
DETECTION_LINKAGE int InitializeDetection(struct _SnortConfig *sc)
{
return RegisterRules(rules);
return RegisterRules(sc, rules);
}
DETECTION_LINKAGE int DumpSkeletonRules()
DETECTION_LINKAGE int DumpSkeletonRules(void)
{
return DumpRules(DETECTION_LIB_NAME, rules);
}
@ -25,7 +50,8 @@ DETECTION_LINKAGE int LibVersion(DynamicPluginMeta *dpm)
dpm->major = DETECTION_LIB_MAJOR;
dpm->minor = DETECTION_LIB_MINOR;
dpm->build = DETECTION_LIB_BUILD;
strncpy(dpm->uniqueName, DETECTION_LIB_NAME, MAX_NAME_LEN);
strncpy(dpm->uniqueName, DETECTION_LIB_NAME, MAX_NAME_LEN-1);
dpm->uniqueName[MAX_NAME_LEN-1] = '\0';
return 0;
}
@ -36,6 +62,7 @@ DETECTION_LINKAGE int EngineVersion(DynamicPluginMeta *dpm)
dpm->major = REQ_ENGINE_LIB_MAJOR;
dpm->minor = REQ_ENGINE_LIB_MINOR;
dpm->build = 0;
strncpy(dpm->uniqueName, REQ_ENGINE_LIB_NAME, MAX_NAME_LEN);
strncpy(dpm->uniqueName, REQ_ENGINE_LIB_NAME, MAX_NAME_LEN-1);
dpm->uniqueName[MAX_NAME_LEN-1] = '\0';
return 0;
}

30
include/sfsnort_dynamic_detection_lib.h Normal file → Executable file
View file

@ -1,15 +1,37 @@
/****************************************************************************
*
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
#ifndef SFSNORT_DYNAMIC_DETECTION_LIB_H_
#define SFSNORT_DYNAMIC_DETECTION_LIB_H_
#ifdef WIN32
#ifdef SF_SNORT_DETECTION_DLL
#define DETECTION_LINKAGE __declspec(dllexport)
#define BUILDING_SO
#define DETECTION_LINKAGE SF_SO_PUBLIC
#else
#define DETECTION_LINKAGE __declspec(dllimport)
#define DETECTION_LINKAGE
#endif
#else /* WIN32 */
#define DETECTION_LINKAGE
#endif /* WIN32 */
#define DETECTION_LINKAGE SF_SO_PUBLIC
#endif
#endif /* SFSNORT_DYNAMIC_DETECTION_LIB_H_ */

67
include/sidechannel_define.h Executable file
View file

@ -0,0 +1,67 @@
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2012-2013 Sourcefire, Inc.
*
* Author: Michael Altizer <maltizer@sourcefire.com>
*
*/
#ifndef __SIDE_CHANNEL_DEFINE_H__
#define __SIDE_CHANNEL_DEFINE_H__
#include <stdint.h>
#define SC_USE_DMQ 1
/* You get 16 bits worth of types. Use them wisely. */
enum
{
SC_MSG_TYPE_NONE = 0,
SC_MSG_TYPE_FLOW_STATE_TRACKING,
SC_MSG_TYPE_SSL_STATE_TRACKING,
SC_MSG_TYPE_ANY = 0xFFFF
};
typedef struct _SC_MESSAGE_HEADER
{
uint16_t type;
uint64_t timestamp;
} SCMsgHdr;
typedef struct _SC_MESSAGE_QUEUE_NODE *SCMessageQueueNodePtr;
typedef void (*SCMQMsgFreeFunc)(void *);
typedef int (*SCMConfigFunc)(char *);
typedef int (*SCMInitFunc)(void);
typedef int (*SCMPostInitFunc)(void);
typedef void (*SCMStatsFunc)(int exiting);
typedef void (*SCMIdleFunc)(void);
typedef int (*SCMProcessMsgFunc)(SCMsgHdr *hdr, const uint8_t *msg, uint32_t length);
typedef void (*SCMShutdownFunc)(void);
typedef struct _SCM_FUNCTION_BUNDLE {
SCMConfigFunc configFunc;
SCMInitFunc initFunc;
SCMPostInitFunc postInitFunc;
SCMIdleFunc idleFunc;
SCMStatsFunc statsFunc;
SCMShutdownFunc shutdownFunc;
} SCMFunctionBundle;
#endif /* __SIDE_CHANNEL_DEFINE_H__ */

38
include/signature.h Normal file → Executable file
View file

@ -1,6 +1,7 @@
/* $Id$ */
/*
** Copyright (C) 2002-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2002-2013 Sourcefire, Inc.
** Author(s): Andrew R. Baker <andrewb@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
@ -16,14 +17,11 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifndef __SIGNATURE_H__
#define __SIGNATURE_H__
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef OSF1
#include <sys/bitypes.h>
#endif
@ -101,6 +99,13 @@ typedef struct _ServiceInfo
char *service;
int16_t service_ordinal;
} ServiceInfo;
typedef enum _ServiceOverride {
ServiceOverride_ElsePorts = 0,
ServiceOverride_AndPorts,
ServiceOverride_OrPorts,
ServiceOverride_Nil
} ServiceOverride;
#endif
typedef struct _SigInfo
@ -111,17 +116,22 @@ typedef struct _SigInfo
uint32_t class_id;
ClassType *classType;
uint32_t priority;
char *message;
const char *message;
ReferenceNode *refs;
int shared; /* shared object rule */
int rule_type; /* 0-std rule, 1-decoder, rule, 3 preprocessor rule */
int rule_flushing; /* 0-disabled, 1-enabled */
char shared; /* shared object rule */
char dup_opt_func; /* has soid, and refers to another shared object rule */
char rule_type; /* 0-std rule, 1-decoder, rule, 3 preprocessor rule */
char rule_flushing; /* 0-disabled, 1-enabled */
OtnKey otnKey;
#ifdef TARGET_BASED
unsigned int num_services;
ServiceInfo *services;
char *os;
ServiceOverride service_override;
#endif
#if defined(FEAT_OPEN_APPID)
unsigned int num_appid;
#endif /* defined(FEAT_OPEN_APPID) */
} SigInfo;
void * SoRuleOtnLookupNew(void);
@ -139,4 +149,12 @@ void OtnRemove(void *, void *, struct _OptTreeNode *);
void OtnDeleteData(void *data);
void OtnFree(void *data);
static inline bool IsPreprocDecoderRule(char rule_type)
{
if ((rule_type == SI_RULE_TYPE_DECODE)
|| (rule_type == SI_RULE_TYPE_PREPROC))
return true;
return false;
}
#endif /* SIGNATURE */

38
include/signature.h.new Normal file → Executable file
View file

@ -1,6 +1,7 @@
/* $Id$ */
/*
** Copyright (C) 2002-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2002-2013 Sourcefire, Inc.
** Author(s): Andrew R. Baker <andrewb@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
@ -16,14 +17,11 @@
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifndef __SIGNATURE_H__
#define __SIGNATURE_H__
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef OSF1
#include <sys/bitypes.h>
#endif
@ -103,6 +101,13 @@ typedef struct _ServiceInfo
char *service;
int16_t service_ordinal;
} ServiceInfo;
typedef enum _ServiceOverride {
ServiceOverride_ElsePorts = 0,
ServiceOverride_AndPorts,
ServiceOverride_OrPorts,
ServiceOverride_Nil
} ServiceOverride;
#endif
typedef struct _SigInfo
@ -113,17 +118,22 @@ typedef struct _SigInfo
uint32_t class_id;
ClassType *classType;
uint32_t priority;
char *message;
const char *message;
ReferenceNode *refs;
int shared; /* shared object rule */
int rule_type; /* 0-std rule, 1-decoder, rule, 3 preprocessor rule */
int rule_flushing; /* 0-disabled, 1-enabled */
char shared; /* shared object rule */
char dup_opt_func; /* has soid, and refers to another shared object rule */
char rule_type; /* 0-std rule, 1-decoder, rule, 3 preprocessor rule */
char rule_flushing; /* 0-disabled, 1-enabled */
OtnKey otnKey;
#ifdef TARGET_BASED
unsigned int num_services;
ServiceInfo *services;
char *os;
ServiceOverride service_override;
#endif
#if defined(FEAT_OPEN_APPID)
unsigned int num_appid;
#endif /* defined(FEAT_OPEN_APPID) */
} SigInfo;
SFGHASH * SoRuleOtnLookupNew(void);
@ -141,4 +151,12 @@ void OtnRemove(SFGHASH *, SFGHASH *, struct _OptTreeNode *);
void OtnDeleteData(void *data);
void OtnFree(void *data);
static inline bool IsPreprocDecoderRule(char rule_type)
{
if ((rule_type == SI_RULE_TYPE_DECODE)
|| (rule_type == SI_RULE_TYPE_PREPROC))
return true;
return false;
}
#endif /* SIGNATURE */

248
include/snort_bounds.h Executable file
View file

@ -0,0 +1,248 @@
#ifndef _BOUNDS_H
#define _BOUNDS_H
/*
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2003-2013 Sourcefire, Inc.
** Chris Green <cmg@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**
*/
#ifdef OSF1
#include <sys/bitypes.h>
#endif
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <stdarg.h>
#ifdef DEBUG
#include <assert.h>
#endif
#include <unistd.h>
#define SAFEMEM_ERROR 0
#define SAFEMEM_SUCCESS 1
#ifdef DEBUG
#define ERRORRET assert(0==1)
#else
#define ERRORRET return SAFEMEM_ERROR;
#endif /* DEBUG */
#define MAXPORTS 65536
#define MAXPORTS_STORAGE 8192
/*
* Check to make sure that p is less than or equal to the ptr range
* pointers
*
* 1 means it's in bounds, 0 means it's not
*/
static inline int inBounds(const uint8_t *start, const uint8_t *end, const uint8_t *p)
{
if ((p >= start) && (p < end))
return 1;
return 0;
}
static inline int SafeMemCheck(void *dst, size_t n,
const void *start, const void *end)
{
void *tmp;
if (n < 1)
return SAFEMEM_ERROR;
if ((dst == NULL) || (start == NULL) || (end == NULL))
return SAFEMEM_ERROR;
tmp = ((uint8_t *)dst) + (n - 1);
if (tmp < dst)
return SAFEMEM_ERROR;
if (!inBounds(start, end, dst) || !inBounds(start, end, tmp))
return SAFEMEM_ERROR;
return SAFEMEM_SUCCESS;
}
/**
* A Safer Memcpy
*
* @param dst where to copy to
* @param src where to copy from
* @param n number of bytes to copy
* @param start start of the dest buffer
* @param end end of the dst buffer
*
* @return SAFEMEM_ERROR on failure, SAFEMEM_SUCCESS on success
*/
static inline int SafeMemcpy(void *dst, const void *src, size_t n, const void *start, const void *end)
{
if (!n)
return SAFEMEM_SUCCESS;
if (SafeMemCheck(dst, n, start, end) != SAFEMEM_SUCCESS)
ERRORRET;
if (src == NULL)
ERRORRET;
memcpy(dst, src, n);
return SAFEMEM_SUCCESS;
}
/**
* A Safer Memmove
* dst and src can be in the same buffer
*
* @param dst where to copy to
* @param src where to copy from
* @param n number of bytes to copy
* @param start start of the dest buffer
* @param end end of the dst buffer
*
* @return SAFEMEM_ERROR on failure, SAFEMEM_SUCCESS on success
*/
static inline int SafeMemmove(void *dst, const void *src, size_t n, const void *start, const void *end)
{
if (SafeMemCheck(dst, n, start, end) != SAFEMEM_SUCCESS)
ERRORRET;
if (src == NULL)
ERRORRET;
memmove(dst, src, n);
return SAFEMEM_SUCCESS;
}
/**
* A Safer Memmove
* dst and src can be in the same buffer
*
* @param dst where to copy to
* @param src where to copy from
* @param n number of bytes to copy
* @param start start of the dest buffer
* @param end end of the dst buffer
*
* @return SAFEMEM_ERROR on failure, SAFEMEM_SUCCESS on success
*/
static inline int SafeBoundsMemmove(void *dst, const void *src, size_t n, const void *start, const void *end)
{
size_t overlap = 0;
if (SafeMemCheck(dst, n, start, end) != SAFEMEM_SUCCESS)
ERRORRET;
if (src == NULL)
ERRORRET;
if( src == dst )
{
return SAFEMEM_SUCCESS;
}
else if(inBounds(dst, ((uint8_t *)dst + n), src))
{
overlap = (uint8_t *)src - (uint8_t *)dst;
memcpy(dst, src , overlap);
memmove(((uint8_t *)dst + overlap), ((uint8_t *)src + overlap), (n - overlap));
}
else if(inBounds(src, ((uint8_t *)src + n), dst))
{
overlap = (uint8_t *)dst - (uint8_t *)src;
memcpy(((uint8_t *)dst + overlap), ((uint8_t *)src + overlap), (n - overlap));
memmove(dst, src, overlap);
}
else
{
memcpy(dst, src, n);
}
return SAFEMEM_SUCCESS;
}
/**
* A Safer Memset
* dst and src can be in the same buffer
*
* @param dst where to copy to
* @param c character to set memory with
* @param n number of bytes to set
* @param start start of the dst buffer
* @param end end of the dst buffer
*
* @return SAFEMEM_ERROR on failure, SAFEMEM_SUCCESS on success
*/
static inline int SafeMemset(void *dst, uint8_t c, size_t n, const void *start, const void *end)
{
if (SafeMemCheck(dst, n, start, end) != SAFEMEM_SUCCESS)
ERRORRET;
memset(dst, c, n);
return SAFEMEM_SUCCESS;
}
/**
* A Safer *a = *b
*
* @param start start of the dst buffer
* @param end end of the dst buffer
* @param dst the location to write to
* @param src the source to read from
*
* @return 0 on failure, 1 on success
*/
static inline int SafeWrite(uint8_t *start, uint8_t *end, uint8_t *dst, uint8_t *src)
{
if(!inBounds(start, end, dst))
{
ERRORRET;
}
*dst = *src;
return 1;
}
static inline int SafeRead(uint8_t *start, uint8_t *end, uint8_t *src, uint8_t *read)
{
if(!inBounds(start,end, src))
{
ERRORRET;
}
*read = *start;
return 1;
}
/* An wrapper around snprintf to make it safe.
*
* This wrapper of snprintf returns the number of bytes written to the buffer.
*/
static inline size_t SafeSnprintf(char *str, size_t size, const char *format, ...)
{
va_list ap;
int ret;
if (size == 0) return 0;
va_start(ap, format);
ret = vsnprintf(str, size, format, ap);
va_end(ap);
if (ret < 0 || (size_t)ret > size)
return 0;
return (size_t)ret;
}
#endif /* _BOUNDS_H */

120
include/snort_debug.h Executable file
View file

@ -0,0 +1,120 @@
/* $Id$ */
/*
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2002-2013 Sourcefire, Inc.
** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifndef DEBUG_H
#define DEBUG_H
#include <ctype.h>
#ifdef SF_WCHAR
/* ISOC99 is defined to get required prototypes */
#ifndef __USE_ISOC99
#define __USE_ISOC99
#endif
#include <wchar.h>
#endif
/* this env var uses the lower 32 bits of the flags: */
#define DEBUG_VARIABLE "SNORT_DEBUG"
#define DEBUG_INIT 0x0000000000000001LL
#define DEBUG_PARSER 0x0000000000000002LL
#define DEBUG_MSTRING 0x0000000000000004LL
#define DEBUG_PORTLISTS 0x0000000000000008LL
#define DEBUG_ATTRIBUTE 0x0000000000000010LL
#define DEBUG_PLUGIN 0x0000000000000020LL
#define DEBUG_PLUGBASE 0x0000000000000040LL
#define DEBUG_DECODE 0x0000000000000080LL
#define DEBUG_DATALINK 0x0000000000000100LL
#define DEBUG_CONFIGRULES 0x0000000000000200LL
#define DEBUG_RULES 0x0000000000000400LL
#define DEBUG_DETECT 0x0000000000000800LL
#define DEBUG_PATTERN_MATCH 0x0000000000001000LL
#define DEBUG_FLOW 0x0000000000002000LL
#define DEBUG_LOG 0x0000000000004000LL
#define DEBUG_FLOWBITS 0x0000000000008000LL
#define DEBUG_FILE 0x0000000000010000LL
#define DEBUG_CONTROL 0x0000000000020000LL
#define DEBUG_EXP 0x0000000080000000LL
/* this env var uses the upper 32 bits of the flags: */
#define DEBUG_PP_VAR "SNORT_PP_DEBUG"
#define DEBUG_FRAG 0x0000000100000000LL
#define DEBUG_STREAM 0x0000000200000000LL
#define DEBUG_STREAM_STATE 0x0000000400000000LL
#define DEBUG_STREAM_PAF 0x0000000800000000LL
#define DEBUG_HTTP_DECODE 0x0000001000000000LL
#define DEBUG_HTTPINSPECT 0x0000002000000000LL
#define DEBUG_ASN1 0x0000004000000000LL
#define DEBUG_DNS 0x0000008000000000LL
#define DEBUG_FTPTELNET 0x0000010000000000LL
#define DEBUG_GTP 0x0000020000000000LL
#define DEBUG_IMAP 0x0000040000000000LL
#define DEBUG_POP 0x0000080000000000LL
#define DEBUG_RPC 0x0000100000000000LL
#define DEBUG_SIP 0x0000200000000000LL
#define DEBUG_SKYPE 0x0000400000000000LL
#define DEBUG_SSL 0x0000800000000000LL
#define DEBUG_SMTP 0x0001000000000000LL
#define DEBUG_APPID 0x0002000000000000LL
#define DEBUG_PP_EXP 0x8000000000000000LL
void DebugMessageFunc(uint64_t dbg, const char *fmt, ...);
#ifdef SF_WCHAR
void DebugWideMessageFunc(uint64_t dbg, const wchar_t *fmt, ...);
#endif
#ifdef DEBUG_MSGS
extern char *DebugMessageFile;
extern int DebugMessageLine;
#define DebugMessage *_dpd.debugMsgFile = __FILE__; *_dpd.debugMsgLine = __LINE__; _dpd.debugMsg
#define DebugWideMessage *_dpd.debugMsgFile = __FILE__; *_dpd.debugMsgLine = __LINE__; _dpd.debugWideMsg
uint64_t GetDebugLevel (void);
int DebugThis(uint64_t level);
#else /* DEBUG_MSGS */
#ifdef WIN32
/* Visual C++ uses the keyword "__inline" rather than "__inline__" */
#define __inline__ __inline
#endif
#endif /* DEBUG_MSGS */
#ifdef DEBUG_MSGS
#define DEBUG_WRAP(code) code
void DebugMessageFunc(uint64_t dbg, const char *fmt, ...);
#ifdef SF_WCHAR
void DebugWideMessageFunc(uint64_t dbg, const wchar_t *fmt, ...);
#endif
#else /* DEBUG_MSGS */
#define DEBUG_WRAP(code)
/* I would use DebugMessage(dbt,fmt...) but that only works with GCC */
#endif /* DEBUG_MSGS */
#endif /* DEBUG_H */

120
include/snort_debug.h.new Executable file
View file

@ -0,0 +1,120 @@
/* $Id$ */
/*
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
** Copyright (C) 2002-2013 Sourcefire, Inc.
** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifndef DEBUG_H
#define DEBUG_H
#include <ctype.h>
#ifdef SF_WCHAR
/* ISOC99 is defined to get required prototypes */
#ifndef __USE_ISOC99
#define __USE_ISOC99
#endif
#include <wchar.h>
#endif
/* this env var uses the lower 32 bits of the flags: */
#define DEBUG_VARIABLE "SNORT_DEBUG"
#define DEBUG_INIT 0x0000000000000001LL
#define DEBUG_PARSER 0x0000000000000002LL
#define DEBUG_MSTRING 0x0000000000000004LL
#define DEBUG_PORTLISTS 0x0000000000000008LL
#define DEBUG_ATTRIBUTE 0x0000000000000010LL
#define DEBUG_PLUGIN 0x0000000000000020LL
#define DEBUG_PLUGBASE 0x0000000000000040LL
#define DEBUG_DECODE 0x0000000000000080LL
#define DEBUG_DATALINK 0x0000000000000100LL
#define DEBUG_CONFIGRULES 0x0000000000000200LL
#define DEBUG_RULES 0x0000000000000400LL
#define DEBUG_DETECT 0x0000000000000800LL
#define DEBUG_PATTERN_MATCH 0x0000000000001000LL
#define DEBUG_FLOW 0x0000000000002000LL
#define DEBUG_LOG 0x0000000000004000LL
#define DEBUG_FLOWBITS 0x0000000000008000LL
#define DEBUG_FILE 0x0000000000010000LL
#define DEBUG_CONTROL 0x0000000000020000LL
#define DEBUG_EXP 0x0000000080000000LL
/* this env var uses the upper 32 bits of the flags: */
#define DEBUG_PP_VAR "SNORT_PP_DEBUG"
#define DEBUG_FRAG 0x0000000100000000LL
#define DEBUG_STREAM 0x0000000200000000LL
#define DEBUG_STREAM_STATE 0x0000000400000000LL
#define DEBUG_STREAM_PAF 0x0000000800000000LL
#define DEBUG_HTTP_DECODE 0x0000001000000000LL
#define DEBUG_HTTPINSPECT 0x0000002000000000LL
#define DEBUG_ASN1 0x0000004000000000LL
#define DEBUG_DNS 0x0000008000000000LL
#define DEBUG_FTPTELNET 0x0000010000000000LL
#define DEBUG_GTP 0x0000020000000000LL
#define DEBUG_IMAP 0x0000040000000000LL
#define DEBUG_POP 0x0000080000000000LL
#define DEBUG_RPC 0x0000100000000000LL
#define DEBUG_SIP 0x0000200000000000LL
#define DEBUG_SKYPE 0x0000400000000000LL
#define DEBUG_SSL 0x0000800000000000LL
#define DEBUG_SMTP 0x0001000000000000LL
#define DEBUG_APPID 0x0002000000000000LL
#define DEBUG_PP_EXP 0x8000000000000000LL
void DebugMessageFunc(uint64_t dbg, const char *fmt, ...);
#ifdef SF_WCHAR
void DebugWideMessageFunc(uint64_t dbg, const wchar_t *fmt, ...);
#endif
#ifdef DEBUG_MSGS
extern char *DebugMessageFile;
extern int DebugMessageLine;
#define DebugMessage DebugMessageFile = __FILE__; DebugMessageLine = __LINE__; DebugMessageFunc
#define DebugWideMessage DebugMessageFile = __FILE__; DebugMessageLine = __LINE__; DebugWideMessageFunc
uint64_t GetDebugLevel (void);
int DebugThis(uint64_t level);
#else /* DEBUG_MSGS */
#ifdef WIN32
/* Visual C++ uses the keyword "__inline" rather than "__inline__" */
#define __inline__ __inline
#endif
#endif /* DEBUG_MSGS */
#ifdef DEBUG_MSGS
#define DEBUG_WRAP(code) code
void DebugMessageFunc(uint64_t dbg, const char *fmt, ...);
#ifdef SF_WCHAR
void DebugWideMessageFunc(uint64_t dbg, const wchar_t *fmt, ...);
#endif
#else /* DEBUG_MSGS */
#define DEBUG_WRAP(code)
/* I would use DebugMessage(dbt,fmt...) but that only works with GCC */
#endif /* DEBUG_MSGS */
#endif /* DEBUG_H */

20
include/str_search.h Normal file → Executable file
View file

@ -1,6 +1,7 @@
/****************************************************************************
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -15,7 +16,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -23,6 +24,12 @@
#ifndef __STR_SEARCH_H__
#define __STR_SEARCH_H__
#include "mpse_methods.h"
/*search pattern case sensitivity */
#define STR_SEARCH_CASE_SENSITIVE 0
#define STR_SEARCH_CASE_INSENSITIVE 1
/* Function prototypes */
typedef int (*MatchFunction)(void *, void *, int, void *, void *);
@ -38,10 +45,14 @@ int SearchFindString(unsigned int mpse_id, const char *str, unsigned int str_le
void * SearchInstanceNew( void );
void * SearchInstanceNewEx( unsigned method );
void SearchInstanceFree( void * insance );
void SearchInstanceAdd( void * instance, const char *pat, unsigned int pat_len, int id);
void SearchInstanceAddEx( void * instance, const char *pat, unsigned int pat_len, void* id, unsigned nocase);
void SearchInstancePrepPatterns( void * instance );
int SearchInstanceFindString( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction);
int SearchInstanceFindStringAll( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction, void *userData);
int SearchInstanceSFindString( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction, int *state);
typedef struct _search_api
{
@ -64,10 +75,15 @@ typedef struct _search_api
int (*search_put_handle)(unsigned int);
void * (*search_instance_new)(void);
void * (*search_instance_new_ex)(unsigned method);
void (*search_instance_free)(void * instance);
void (*search_instance_add) (void * instance, const char *s, unsigned int s_len, int s_id);
void (*search_instance_add_ex) (void * instance, const char *s, unsigned int s_len, void* s_id, unsigned nocase);
void (*search_instance_prep)(void * instance );
int (*search_instance_find)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction);
int (*search_instance_find_all)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction, void *userData);
char * (*search_instance_find_end)(char *match_ptr, int buflen, char *search_str, int search_len);
int (*stateful_search_instance_find)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction, int *state);
} SearchAPI;

20
include/str_search.h.new Normal file → Executable file
View file

@ -1,6 +1,7 @@
/****************************************************************************
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2005-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -15,7 +16,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -23,6 +24,12 @@
#ifndef __STR_SEARCH_H__
#define __STR_SEARCH_H__
#include "mpse_methods.h"
/*search pattern case sensitivity */
#define STR_SEARCH_CASE_SENSITIVE 0
#define STR_SEARCH_CASE_INSENSITIVE 1
/* Function prototypes */
typedef int (*MatchFunction)(void *, void *, int, void *, void *);
@ -38,10 +45,14 @@ int SearchFindString(unsigned int mpse_id, const char *str, unsigned int str_le
void * SearchInstanceNew( void );
void * SearchInstanceNewEx( unsigned method );
void SearchInstanceFree( void * insance );
void SearchInstanceAdd( void * instance, const char *pat, unsigned int pat_len, int id);
void SearchInstanceAddEx( void * instance, const char *pat, unsigned int pat_len, void* id, unsigned nocase);
void SearchInstancePrepPatterns( void * instance );
int SearchInstanceFindString( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction);
int SearchInstanceFindStringAll( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction, void *userData);
int SearchInstanceSFindString( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction, int *state);
typedef struct _search_api
{
@ -64,10 +75,15 @@ typedef struct _search_api
int (*search_put_handle)(unsigned int);
void * (*search_instance_new)(void);
void * (*search_instance_new_ex)(unsigned method);
void (*search_instance_free)(void * instance);
void (*search_instance_add) (void * instance, const char *s, unsigned int s_len, int s_id);
void (*search_instance_add_ex) (void * instance, const char *s, unsigned int s_len, void* s_id, unsigned nocase);
void (*search_instance_prep)(void * instance );
int (*search_instance_find)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction);
int (*search_instance_find_all)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction, void *userData);
char * (*search_instance_find_end)(char *match_ptr, int buflen, char *search_str, int search_len);
int (*stateful_search_instance_find)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction, int *state);
} SearchAPI;

593
include/stream_api.h Normal file → Executable file
View file

@ -1,7 +1,7 @@
/* $Id$ */
/*
* ** Copyright (C) 2005-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* ** Copyright (C) 2005-2013 Sourcefire, Inc.
* ** AUTHOR: Steven Sturges
* **
* ** This program is free software; you can redistribute it and/or modify
@ -17,7 +17,7 @@
* **
* ** You should have received a copy of the GNU General Public License
* ** along with this program; if not, write to the Free Software
* ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* */
/* stream_api.h
@ -39,6 +39,10 @@
#ifndef STREAM_API_H_
#define STREAM_API_H_
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
#include "ipv6_port.h"
@ -46,90 +50,115 @@
#include "bitop.h"
#include "sf_snort_packet.h"
#include "sfPolicy.h"
#include "session_api.h"
#define IGNORE_FLAG_ALWAYS 0x01
#define SSN_MISSING_NONE 0x00
#define SSN_MISSING_BEFORE 0x01
#define SSN_MISSING_AFTER 0x02
#define SSN_MISSING_BOTH (SSN_MISSING_BEFORE | SSN_MISSING_AFTER)
#define SSN_DIR_NONE 0x0
#define SSN_DIR_CLIENT 0x1
#define SSN_DIR_SENDER 0x1
#define SSN_DIR_SERVER 0x2
#define SSN_DIR_RESPONDER 0x2
#define SSN_DIR_BOTH 0x03
#define SSNFLAG_SEEN_CLIENT 0x00000001
#define SSNFLAG_SEEN_SENDER 0x00000001
#define SSNFLAG_SEEN_SERVER 0x00000002
#define SSNFLAG_SEEN_RESPONDER 0x00000002
#define SSNFLAG_ESTABLISHED 0x00000004
#define SSNFLAG_NMAP 0x00000008
#define SSNFLAG_ECN_CLIENT_QUERY 0x00000010
#define SSNFLAG_ECN_SERVER_REPLY 0x00000020
#define SSNFLAG_HTTP_1_1 0x00000040 /* has stream seen HTTP 1.1? */
#define SSNFLAG_SEEN_PMATCH 0x00000080 /* seen pattern match? */
#define SSNFLAG_MIDSTREAM 0x00000100 /* picked up midstream */
#define SSNFLAG_CLIENT_FIN 0x00000200 /* server sent fin */
#define SSNFLAG_SERVER_FIN 0x00000400 /* client sent fin */
#define SSNFLAG_CLIENT_PKT 0x00000800 /* packet is from the client */
#define SSNFLAG_SERVER_PKT 0x00001000 /* packet is from the server */
#define SSNFLAG_COUNTED_INITIALIZE 0x00002000
#define SSNFLAG_COUNTED_ESTABLISH 0x00004000
#define SSNFLAG_COUNTED_CLOSING 0x00008000
#define SSNFLAG_TIMEDOUT 0x00010000
#define SSNFLAG_PRUNED 0x00020000
#define SSNFLAG_RESET 0x00040000
#define SSNFLAG_DROP_CLIENT 0x00080000
#define SSNFLAG_DROP_SERVER 0x00100000
#define SSNFLAG_LOGGED_QUEUE_FULL 0x00200000
#define SSNFLAG_ALL 0xFFFFFFFF /* all that and a bag of chips */
#define SSNFLAG_NONE 0x00000000 /* nothing, an MT bag of chips */
#define STREAM_FLPOLICY_NONE 0x00
#define STREAM_FLPOLICY_FOOTPRINT 0x01 /* size-based footprint flush */
#define STREAM_FLPOLICY_LOGICAL 0x02 /* queued bytes-based flush */
#define STREAM_FLPOLICY_RESPONSE 0x03 /* flush when we see response */
#define STREAM_FLPOLICY_SLIDING_WINDOW 0x04 /* flush on sliding window */
typedef enum {
STREAM_FLPOLICY_NONE,
STREAM_FLPOLICY_FOOTPRINT, /* size-based footprint flush */
STREAM_FLPOLICY_LOGICAL, /* queued bytes-based flush */
STREAM_FLPOLICY_RESPONSE, /* flush when we see response */
STREAM_FLPOLICY_SLIDING_WINDOW, /* flush on sliding window */
#if 0
#define STREAM_FLPOLICY_CONSUMED 0x05 /* purge consumed bytes */
STREAM_FLPOLICY_CONSUMED, /* purge consumed bytes */
#endif
#define STREAM_FLPOLICY_IGNORE 0x06 /* ignore this traffic */
STREAM_FLPOLICY_IGNORE, /* ignore this traffic */
STREAM_FLPOLICY_PROTOCOL, /* protocol aware flushing (PAF) */
#ifdef NORMALIZER
STREAM_FLPOLICY_FOOTPRINT_IPS, /* protocol agnostic ips */
STREAM_FLPOLICY_PROTOCOL_IPS, /* protocol aware ips */
#endif
STREAM_FLPOLICY_FOOTPRINT_NOACK, /* protocol aware ips */
STREAM_FLPOLICY_PROTOCOL_NOACK, /* protocol aware ips */
#define STREAM_FLPOLICY_MAX STREAM_FLPOLICY_IGNORE
STREAM_FLPOLICY_DISABLED, /* reassembly disabled for this traffic */
STREAM_FLPOLICY_MAX
} FlushPolicy;
typedef enum {
PAF_TYPE_SERVICE,
PAF_TYPE_PORT
}PafType;
#define STREAM_FLPOLICY_SET_ABSOLUTE 0x01
#define STREAM_FLPOLICY_SET_APPEND 0x02
#define UNKNOWN_PORT 0
#define STREAM_API_VERSION5 6
#define STREAM_API_VERSION5 5
typedef void (*LogExtraData)(void *ssnptr, void *config, LogFunction *funcs, uint32_t max_count, uint32_t xtradata_mask, uint32_t id, uint32_t sec);
typedef void (*StreamAppDataFree)(void *);
typedef int (*PacketIterator)
(
struct pcap_pkthdr *,
typedef int (*PacketIterator)( DAQ_PktHdr_t *,
uint8_t *, /* pkt pointer */
void * /* user-defined data pointer */
);
typedef int (*StreamSegmentIterator)
(
struct pcap_pkthdr *,
typedef int (*StreamSegmentIterator)( DAQ_PktHdr_t *,
uint8_t *, /* pkt pointer */
uint8_t *, /* payload pointer */
uint32_t, /* sequence number */
void * /* user-defined data pointer */
);
typedef struct _StreamFlowData
{
BITOP boFlowbits;
unsigned char flowb[1];
} StreamFlowData;
/* for protocol aware flushing (PAF): */
typedef enum {
PAF_ABORT, /* non-paf operation */
PAF_START, /* internal use only */
PAF_SEARCH, /* searching for next flush point */
PAF_FLUSH, /* flush at given offset */
PAF_LIMIT, /* if paf_max is reached, flush up to given offset*/
PAF_SKIP, /* skip ahead to given offset */
PAF_PERFORMED_LMT_FLUSH, /* previously performed PAF_LIMIT */
PAF_DISCARD_START, /*start of the discard point */
PAF_DISCARD_END, /*end of the discard point */
PAF_IGNORE, /* Used for HTTP2.0*/
} PAF_Status;
typedef PAF_Status (*PAF_Callback)( /* return your scan state */
void* session, /* session pointer */
void** user, /* arbitrary user data hook */
const uint8_t* data, /* in order segment data as it arrives */
uint32_t len, /* length of data */
uint64_t *flags, /* packet flags indicating direction of data */
uint32_t* fp, /* flush point (offset) relative to data */
uint32_t * fp_eoh /* flush point (offset) at end-of-header */
);
typedef void (*PAF_Free_Callback)(
void* user /* arbitrary user data hook */
);
#if defined(FEAT_OPEN_APPID)
typedef struct s_HEADER_LOCATION {
const uint8_t *start;
unsigned len;
} HEADER_LOCATION;
typedef struct _HttpParsedHeaders
{
HEADER_LOCATION host, url, method, userAgent, referer, via, responseCode, server, xWorkingWith, contentType;
} HttpParsedHeaders;
typedef void (*Http_Processor_Callback)(
SFSnortPacket *p,
HttpParsedHeaders *headers
);
typedef enum {
APP_PROTOID_SERVICE,
APP_PROTOID_CLIENT,
APP_PROTOID_PAYLOAD,
APP_PROTOID_MISC,
APP_PROTOID_MAX
} AppProtoIdIndex;
#endif /* defined(FEAT_OPEN_APPID) */
typedef unsigned int ServiceEventType;
typedef void (*ServiceEventNotifierFunc)(void *ssnptr, ServiceEventType eventType, void *eventData);
typedef void (*Stream_Callback)(SFSnortPacket *);
struct _ExpectNode;
typedef struct _stream_api
{
int version;
@ -145,123 +174,6 @@ typedef struct _stream_api
*/
int (*alert_inline_midstream_drops)(void);
/* Set direction of session
*
* Parameters:
* Session Ptr
* New Direction
* IP
* Port
*/
void (*update_direction)(void *, char, snort_ip_p, uint16_t );
/* Get direction of packet
*
* Parameters:
* Packet
*/
uint32_t (*get_packet_direction)(SFSnortPacket *);
/* Stop inspection for session, up to count bytes (-1 to ignore
* for life or until resume).
*
* If response flag is set, automatically resume inspection up to
* count bytes when a data packet in the other direction is seen.
*
* Also marks the packet to be ignored
*
* Parameters
* Session Ptr
* Packet
* Direction
* Bytes
* Response Flag
*/
void (*stop_inspection)(void *, SFSnortPacket *, char, int32_t, int);
/* Turn off inspection for potential session.
* Adds session identifiers to a hash table.
* TCP only.
*
* Parameters
* IP addr #1
* Port #1
* IP addr #2
* Port #2
* Protocol
* Direction
* Flags (permanent)
*
* Returns
* 0 on success
* -1 on failure
*/
int (*ignore_session)(snort_ip_p, uint16_t, snort_ip_p, uint16_t,
char, char, char);
/* Resume inspection for session.
*
* Parameters
* Session Ptr
* Direction
*/
void (*resume_inspection)(void *, char);
/* Drop traffic arriving on session.
*
* Parameters
* Session Ptr
* Direction
*/
void (*drop_traffic)(void *, char);
/* Drop retransmitted packet arriving on session.
*
* Parameters
* Packet
*/
void (*drop_packet)(SFSnortPacket *);
/* Set a reference to application data for a session
*
* Parameters
* Session Ptr
* Application Protocol
* Application Data reference (pointer)
* Application Data free function
*/
void (*set_application_data)(void *, uint32_t, void *, StreamAppDataFree);
/* Set a reference to application data for a session
*
* Parameters
* Session Ptr
* Application Protocol
*
* Returns
* Application Data reference (pointer)
*/
void *(*get_application_data)(void *, uint32_t);
/* Sets the flags for a session
* This ORs the supplied flags with the previous values
*
* Parameters
* Session Ptr
* Flags
*
* Returns
* New Flags
*/
uint32_t (*set_session_flags)(void *, uint32_t);
/* Gets the flags for a session
*
* Parameters
* Session Ptr
*/
uint32_t (*get_session_flags)(void *);
/* Flushes the stream on an alert
* Side that is flushed is the same as the packet.
*
@ -270,6 +182,14 @@ typedef struct _stream_api
*/
int (*alert_flush_stream)(SFSnortPacket *);
/* Flushes the stream on arrival of packet
* Side that is flushed is the same side of the packet.
*
* Parameters
* Packet
*/
int (*request_flush_stream)(SFSnortPacket *);
/* Flushes the stream on arrival of another packet
* Side that is flushed is the opposite of the packet.
*
@ -334,15 +254,19 @@ typedef struct _stream_api
*/
int (*check_session_alerted)(void *, SFSnortPacket *p, uint32_t, uint32_t);
/* Get Flowbits data
/* Set Extra Data Logging
*
* Parameters
* Session Ptr
* Packet
*
* gen ID
* sig ID
* Returns
* Ptr to Flowbits Data
* 0 success
* -1 failure ( no alerts )
*
*/
StreamFlowData *(*get_flow_data)(SFSnortPacket *p);
int (*update_session_alert)(void *, SFSnortPacket *p, uint32_t, uint32_t, uint32_t, uint32_t);
/* Set reassembly flush policy/direction for given session
*
@ -355,8 +279,19 @@ typedef struct _stream_api
* Returns
* direction(s) of reassembly for session
*/
/* XXX Do not attempt to set flush policy to PROTOCOL or PROTOCOL_IPS. */
char (*set_reassembly)(void *, uint8_t, char, char);
/* Set direction of session
*
* Parameters:
* Session Ptr
* New Direction
* IP
* Port
*/
void (*update_direction)(void *, char, sfaddr_t*, uint16_t );
/* Get reassembly direction for given session
*
* Parameters
@ -417,40 +352,12 @@ typedef struct _stream_api
*/
char (*missed_packets)(void *, char);
#ifdef TARGET_BASED
/* Get the protocol identifier from a stream
/* Drop retransmitted packet arriving on session.
*
* Parameters
* Session Ptr
*
* Returns
* integer protocol identifier
* Packet
*/
int16_t (*get_application_protocol_id)(void *);
/* Set the protocol identifier for a stream
*
* Parameters
* Session Ptr
* ID
*
* Returns
* integer protocol identifier
*/
int16_t (*set_application_protocol_id)(void *, int16_t);
/** Set service to either ignore, inspect or maintain session state.
* If this is called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*set_service_filter_status)(int service, int status, tSfPolicyId policyId, int parsing);
#endif
/** Set port to either ignore, inspect or maintain session state.
* If this is called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*set_port_filter_status)(int protocol, uint16_t port, int status, tSfPolicyId policyId, int parsing);
void (*drop_packet)(SFSnortPacket *);
/* Get the current flush point
*
@ -472,45 +379,259 @@ typedef struct _stream_api
*/
void (*set_flush_point)(void *, char, uint32_t);
#ifdef TARGET_BASED
// register for stateful scanning of in-order payload to determine flush points
// autoEnable allows PAF regardless of s5 ports config
uint8_t (*register_paf_port)( struct _SnortConfig *sc, tSfPolicyId, uint16_t server_port, bool toServer,
PAF_Callback, bool autoEnable);
// get any paf user data stored for this session
void** (*get_paf_user_data)(void* ssnptr, bool toServer, uint8_t id);
bool (*is_paf_active)(void* ssn, bool toServer);
bool (*activate_paf)(void* ssn, int dir, int16_t service, uint8_t type);
/** Set flag to force sessions to be created on SYN packets.
* This function can only be used with independent bits
* acquired from get_preprocessor_status_bit. If this is called
* during parsing a preprocessor configuration, make sure to
* set the parsing argument to 1.
*/
void (*set_tcp_syn_session_status)(struct _SnortConfig *sc, uint16_t status, tSfPolicyId policyId, int parsing);
/** Unset flag that forces sessions to be created on SYN
* packets. This function can only be used with independent
* bits acquired from get_preprocessor_status_bit. If this is
* called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*unset_tcp_syn_session_status)(struct _SnortConfig *sc, uint16_t status, tSfPolicyId policyId, int parsing);
//Register callbacks for extra data logging
uint32_t (*reg_xtra_data_cb)(LogFunction );
//Register Extra Data Log Function
void (*reg_xtra_data_log)(LogExtraData, void *);
//Get the Extra data map
uint32_t (*get_xtra_data_map)(LogFunction **);
// register for stateful scanning of in-order payload to determine flush points
// autoEnable allows PAF regardless of s5 ports config
uint8_t (*register_paf_service)(
struct _SnortConfig *sc, tSfPolicyId, uint16_t service, bool toServer,
PAF_Callback, bool autoEnable);
void (*set_extra_data)(void*, SFSnortPacket *, uint32_t);
void (*clear_extra_data)(void*, SFSnortPacket *, uint32_t);
// These methods may move to Session:
//
/* Set port to either ignore, inspect or maintain session state.
* If this is called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*set_port_filter_status)(struct _SnortConfig *sc, IpProto protocol, uint16_t port, uint16_t status,
tSfPolicyId policyId, int parsing);
/* Unset port to maintain session state. This function can only
* be used with independent bits acquired from
* get_preprocessor_status_bit. If this is called during
* parsing a preprocessor configuration, make sure to set the
* parsing argument to 1.
*/
void (*unset_port_filter_status)(struct _SnortConfig *sc, IpProto protocol, uint16_t port, uint16_t status,
tSfPolicyId policyId, int parsing);
/* Set service to either ignore, inspect or maintain session state.
* If this is called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*set_service_filter_status)( struct _SnortConfig *sc, int service, int status,
tSfPolicyId policyId, int parsing );
/* Register specified port for reassembly on specified network. If network is NULL the
* port is register for reassembly on the default stream network policy
*/
void (*register_reassembly_port)( char *, uint16_t, int );
/* Unregister specified port for reassembly on specified network. If network is NULL the
* port is unregistered for reassembly on the default stream network policy
*/
void (*unregister_reassembly_port)( char *, uint16_t, int );
/* Time out the specified session.
*
* Parameters
* Session Ptr
*/
void (*expire_session)(void *);
/* register returns a non-zero id for use with set; zero is error */
unsigned (*register_event_handler)(Stream_Callback);
bool (*set_event_handler)(void* ssnptr, unsigned id, Stream_Event);
void (*set_reset_policy)(void* ssn, int dir, uint16_t policy, uint16_t mss);
void (*set_session_decrypted)(void *ssn, bool enable);
bool (*is_session_decrypted)(void *ssn);
/* Turn off inspection for potential session.
* Adds session identifiers to a hash table.
* TCP only.
*
* Parameters
* Control Channel Packet
* IP addr #1
* Port #1
* IP addr #2
* Port #2
* Protocol
* ID
* ID,
* Preprocessor ID calling this function,
* Preprocessor specific data,
* Preprocessor data free function. If NULL, then static buffer is assumed.
* Preprocessor event handler callback ID (used when calling set_event_handler)
* Preprocessor event on which to callback (only used when cbId is not NULL )
*
* Returns
* 0 on success
* -1 on failure
*/
int (*set_application_protocol_id_expected)(snort_ip_p, uint16_t, snort_ip_p, uint16_t,
char, int16_t);
#endif
} StreamAPI;
int (*set_application_protocol_id_expected_preassign_callback)(const SFSnortPacket *, sfaddr_t*, uint16_t,
sfaddr_t*, uint16_t, uint8_t, int16_t, uint32_t, void*, void (*)(void*), unsigned, Stream_Event,
struct _ExpectNode**);
/* To be set by Stream5 (or Stream4) */
extern StreamAPI *stream_api;
// print and reset normalization statistics
void (*print_normalization_stats)(void);
void (*reset_normalization_stats)(void);
/**Port Inspection States. Port can be either ignored,
* or inspected or session tracked. The values are bitmasks.
#if defined(FEAT_OPEN_APPID)
/* set detected service, client, payload and misc Applicaiton Id.
*
* Parameters
* Session Ptr
* Snort Protocol Id for service application
* Snort Protocol Id for client application
* Snort Protocol Id for payload application
* Snort Protocol Id for misc application
*/
typedef enum {
/**Dont monitor the port. */
PORT_MONITOR_NONE = 0x00,
void (*set_application_id)(void* ssnptr, int16_t serviceAppid, int16_t clientAppid, int16_t payloadAppId, int16_t miscAppid);
/**Inspect the port. */
PORT_MONITOR_INSPECT = 0x01,
/* get detected service, client, payload and misc Applicaiton Id.
*
* Parameters
* Session Ptr
* Snort Protocol Id for service application
* Snort Protocol Id for client application
* Snort Protocol Id for payload application
* Snort Protocol Id for misc application
*/
void (*get_application_id)(void* ssnptr, int16_t *serviceAppid, int16_t *clientAppid, int16_t *payloadAppId, int16_t *miscAppid);
/**perform session tracking on the port. */
PORT_MONITOR_SESSION = 0x02
} PortMonitorStates;
/* Register callback function for processing HTTP headers extracted by HTTP preprocessor.
*
* Parameters
* Callback function pointer
*/
int (*register_http_header_callback)(Http_Processor_Callback);
#endif /* defined(FEAT_OPEN_APPID) */
/* function to publish events
*
* Parameters
* preprocId - preprocess identifier
* ssnptr - sesssion pointer
* eventType - type of event enumerated in ServiceEventType
* eventData - void data pointer. Structure must be agreed between publisher and subscriber.
*/
bool (*service_event_publish)(unsigned int preprocId, void *ssnptr, ServiceEventType eventType, void *eventData);
/* function for subcribing to events.
*
* Parameters
* preprocId - preprocess identifier
* eventType - type of event enumerated in ServiceEventType
* Callback function pointer
*/
bool (*service_event_subscribe)(unsigned int preprocId, ServiceEventType eventType, ServiceEventNotifierFunc cb);
/* function to register for customized free function
*
* Parameters
* id - registered paf identifier
* Callback function pointer
*/
void (*register_paf_free)(uint8_t id, PAF_Free_Callback);
/* function to return the wire packet
*
* Parameters
* None
*/
SFSnortPacket *(*get_wire_packet)(void);
/* function which returns the forward dir or reverse dir to h2_paf
*
* Parameter
* None
*/
uint8_t (*get_flush_policy_dir)(void);
/* function returns if its a http/2 session
*
* Parameters
* Session Pointer
*/
bool (*is_session_http2)(void *ssn);
/* function sets http/2 session flag
*
* Parameters
* Session Pointer
*/
void (*set_session_http2)(void *ssn);
bool (*is_show_rebuilt_packets_enabled)();
/* function returns if its a http/2 session Upgrade
*
* Parameters
* Session Pointer
*/
bool (*is_session_http2_upg)(void *ssn);
/* function sets http/2 session Upgrade flag
*
* Parameters
* Session Pointer
*/
void (*set_session_http2_upg)(void *ssn);
/* function for setting proto_flags
*
* Parameters
* ssnptr - sesssion pointer
* flags - flags
*/
void (*set_proto_flags)(void* ssnptr, uint32_t flags);
/* function for unsetting proto_flags
*
* Parameters
* ssnptr - sesssion pointer
* flags - flags
*/
void (*unset_proto_flags)(void* ssnptr, uint32_t flags);
/* Gets the proto_flags for a session
*
* Parameters
* ssnptr - sesssion pointer
*/
uint32_t (*get_proto_flags)(void *ssnptr);
} StreamAPI;
/* To be set by Stream */
extern StreamAPI *stream_api;
#endif /* STREAM_API_H_ */

593
include/stream_api.h.new Normal file → Executable file
View file

@ -1,7 +1,7 @@
/* $Id$ */
/*
* ** Copyright (C) 2005-2010 Sourcefire, Inc.
** Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* ** Copyright (C) 2005-2013 Sourcefire, Inc.
* ** AUTHOR: Steven Sturges
* **
* ** This program is free software; you can redistribute it and/or modify
@ -17,7 +17,7 @@
* **
* ** You should have received a copy of the GNU General Public License
* ** along with this program; if not, write to the Free Software
* ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* */
/* stream_api.h
@ -39,6 +39,10 @@
#ifndef STREAM_API_H_
#define STREAM_API_H_
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
#include "ipv6_port.h"
@ -46,90 +50,115 @@
#include "bitop.h"
#include "decode.h"
#include "sfPolicy.h"
#include "session_api.h"
#define IGNORE_FLAG_ALWAYS 0x01
#define SSN_MISSING_NONE 0x00
#define SSN_MISSING_BEFORE 0x01
#define SSN_MISSING_AFTER 0x02
#define SSN_MISSING_BOTH (SSN_MISSING_BEFORE | SSN_MISSING_AFTER)
#define SSN_DIR_NONE 0x0
#define SSN_DIR_CLIENT 0x1
#define SSN_DIR_SENDER 0x1
#define SSN_DIR_SERVER 0x2
#define SSN_DIR_RESPONDER 0x2
#define SSN_DIR_BOTH 0x03
#define SSNFLAG_SEEN_CLIENT 0x00000001
#define SSNFLAG_SEEN_SENDER 0x00000001
#define SSNFLAG_SEEN_SERVER 0x00000002
#define SSNFLAG_SEEN_RESPONDER 0x00000002
#define SSNFLAG_ESTABLISHED 0x00000004
#define SSNFLAG_NMAP 0x00000008
#define SSNFLAG_ECN_CLIENT_QUERY 0x00000010
#define SSNFLAG_ECN_SERVER_REPLY 0x00000020
#define SSNFLAG_HTTP_1_1 0x00000040 /* has stream seen HTTP 1.1? */
#define SSNFLAG_SEEN_PMATCH 0x00000080 /* seen pattern match? */
#define SSNFLAG_MIDSTREAM 0x00000100 /* picked up midstream */
#define SSNFLAG_CLIENT_FIN 0x00000200 /* server sent fin */
#define SSNFLAG_SERVER_FIN 0x00000400 /* client sent fin */
#define SSNFLAG_CLIENT_PKT 0x00000800 /* packet is from the client */
#define SSNFLAG_SERVER_PKT 0x00001000 /* packet is from the server */
#define SSNFLAG_COUNTED_INITIALIZE 0x00002000
#define SSNFLAG_COUNTED_ESTABLISH 0x00004000
#define SSNFLAG_COUNTED_CLOSING 0x00008000
#define SSNFLAG_TIMEDOUT 0x00010000
#define SSNFLAG_PRUNED 0x00020000
#define SSNFLAG_RESET 0x00040000
#define SSNFLAG_DROP_CLIENT 0x00080000
#define SSNFLAG_DROP_SERVER 0x00100000
#define SSNFLAG_LOGGED_QUEUE_FULL 0x00200000
#define SSNFLAG_ALL 0xFFFFFFFF /* all that and a bag of chips */
#define SSNFLAG_NONE 0x00000000 /* nothing, an MT bag of chips */
#define STREAM_FLPOLICY_NONE 0x00
#define STREAM_FLPOLICY_FOOTPRINT 0x01 /* size-based footprint flush */
#define STREAM_FLPOLICY_LOGICAL 0x02 /* queued bytes-based flush */
#define STREAM_FLPOLICY_RESPONSE 0x03 /* flush when we see response */
#define STREAM_FLPOLICY_SLIDING_WINDOW 0x04 /* flush on sliding window */
typedef enum {
STREAM_FLPOLICY_NONE,
STREAM_FLPOLICY_FOOTPRINT, /* size-based footprint flush */
STREAM_FLPOLICY_LOGICAL, /* queued bytes-based flush */
STREAM_FLPOLICY_RESPONSE, /* flush when we see response */
STREAM_FLPOLICY_SLIDING_WINDOW, /* flush on sliding window */
#if 0
#define STREAM_FLPOLICY_CONSUMED 0x05 /* purge consumed bytes */
STREAM_FLPOLICY_CONSUMED, /* purge consumed bytes */
#endif
#define STREAM_FLPOLICY_IGNORE 0x06 /* ignore this traffic */
STREAM_FLPOLICY_IGNORE, /* ignore this traffic */
STREAM_FLPOLICY_PROTOCOL, /* protocol aware flushing (PAF) */
#ifdef NORMALIZER
STREAM_FLPOLICY_FOOTPRINT_IPS, /* protocol agnostic ips */
STREAM_FLPOLICY_PROTOCOL_IPS, /* protocol aware ips */
#endif
STREAM_FLPOLICY_FOOTPRINT_NOACK, /* protocol aware ips */
STREAM_FLPOLICY_PROTOCOL_NOACK, /* protocol aware ips */
#define STREAM_FLPOLICY_MAX STREAM_FLPOLICY_IGNORE
STREAM_FLPOLICY_DISABLED, /* reassembly disabled for this traffic */
STREAM_FLPOLICY_MAX
} FlushPolicy;
typedef enum {
PAF_TYPE_SERVICE,
PAF_TYPE_PORT
}PafType;
#define STREAM_FLPOLICY_SET_ABSOLUTE 0x01
#define STREAM_FLPOLICY_SET_APPEND 0x02
#define UNKNOWN_PORT 0
#define STREAM_API_VERSION5 6
#define STREAM_API_VERSION5 5
typedef void (*LogExtraData)(void *ssnptr, void *config, LogFunction *funcs, uint32_t max_count, uint32_t xtradata_mask, uint32_t id, uint32_t sec);
typedef void (*StreamAppDataFree)(void *);
typedef int (*PacketIterator)
(
struct pcap_pkthdr *,
typedef int (*PacketIterator)( DAQ_PktHdr_t *,
uint8_t *, /* pkt pointer */
void * /* user-defined data pointer */
);
typedef int (*StreamSegmentIterator)
(
struct pcap_pkthdr *,
typedef int (*StreamSegmentIterator)( DAQ_PktHdr_t *,
uint8_t *, /* pkt pointer */
uint8_t *, /* payload pointer */
uint32_t, /* sequence number */
void * /* user-defined data pointer */
);
typedef struct _StreamFlowData
{
BITOP boFlowbits;
unsigned char flowb[1];
} StreamFlowData;
/* for protocol aware flushing (PAF): */
typedef enum {
PAF_ABORT, /* non-paf operation */
PAF_START, /* internal use only */
PAF_SEARCH, /* searching for next flush point */
PAF_FLUSH, /* flush at given offset */
PAF_LIMIT, /* if paf_max is reached, flush up to given offset*/
PAF_SKIP, /* skip ahead to given offset */
PAF_PERFORMED_LMT_FLUSH, /* previously performed PAF_LIMIT */
PAF_DISCARD_START, /*start of the discard point */
PAF_DISCARD_END, /*end of the discard point */
PAF_IGNORE, /* Used for HTTP2.0*/
} PAF_Status;
typedef PAF_Status (*PAF_Callback)( /* return your scan state */
void* session, /* session pointer */
void** user, /* arbitrary user data hook */
const uint8_t* data, /* in order segment data as it arrives */
uint32_t len, /* length of data */
uint64_t *flags, /* packet flags indicating direction of data */
uint32_t* fp, /* flush point (offset) relative to data */
uint32_t * fp_eoh /* flush point (offset) at end-of-header */
);
typedef void (*PAF_Free_Callback)(
void* user /* arbitrary user data hook */
);
#if defined(FEAT_OPEN_APPID)
typedef struct s_HEADER_LOCATION {
const uint8_t *start;
unsigned len;
} HEADER_LOCATION;
typedef struct _HttpParsedHeaders
{
HEADER_LOCATION host, url, method, userAgent, referer, via, responseCode, server, xWorkingWith, contentType;
} HttpParsedHeaders;
typedef void (*Http_Processor_Callback)(
Packet *p,
HttpParsedHeaders *headers
);
typedef enum {
APP_PROTOID_SERVICE,
APP_PROTOID_CLIENT,
APP_PROTOID_PAYLOAD,
APP_PROTOID_MISC,
APP_PROTOID_MAX
} AppProtoIdIndex;
#endif /* defined(FEAT_OPEN_APPID) */
typedef unsigned int ServiceEventType;
typedef void (*ServiceEventNotifierFunc)(void *ssnptr, ServiceEventType eventType, void *eventData);
typedef void (*Stream_Callback)(Packet *);
struct _ExpectNode;
typedef struct _stream_api
{
int version;
@ -145,123 +174,6 @@ typedef struct _stream_api
*/
int (*alert_inline_midstream_drops)(void);
/* Set direction of session
*
* Parameters:
* Session Ptr
* New Direction
* IP
* Port
*/
void (*update_direction)(void *, char, snort_ip_p, uint16_t );
/* Get direction of packet
*
* Parameters:
* Packet
*/
uint32_t (*get_packet_direction)(Packet *);
/* Stop inspection for session, up to count bytes (-1 to ignore
* for life or until resume).
*
* If response flag is set, automatically resume inspection up to
* count bytes when a data packet in the other direction is seen.
*
* Also marks the packet to be ignored
*
* Parameters
* Session Ptr
* Packet
* Direction
* Bytes
* Response Flag
*/
void (*stop_inspection)(void *, Packet *, char, int32_t, int);
/* Turn off inspection for potential session.
* Adds session identifiers to a hash table.
* TCP only.
*
* Parameters
* IP addr #1
* Port #1
* IP addr #2
* Port #2
* Protocol
* Direction
* Flags (permanent)
*
* Returns
* 0 on success
* -1 on failure
*/
int (*ignore_session)(snort_ip_p, uint16_t, snort_ip_p, uint16_t,
char, char, char);
/* Resume inspection for session.
*
* Parameters
* Session Ptr
* Direction
*/
void (*resume_inspection)(void *, char);
/* Drop traffic arriving on session.
*
* Parameters
* Session Ptr
* Direction
*/
void (*drop_traffic)(void *, char);
/* Drop retransmitted packet arriving on session.
*
* Parameters
* Packet
*/
void (*drop_packet)(Packet *);
/* Set a reference to application data for a session
*
* Parameters
* Session Ptr
* Application Protocol
* Application Data reference (pointer)
* Application Data free function
*/
void (*set_application_data)(void *, uint32_t, void *, StreamAppDataFree);
/* Set a reference to application data for a session
*
* Parameters
* Session Ptr
* Application Protocol
*
* Returns
* Application Data reference (pointer)
*/
void *(*get_application_data)(void *, uint32_t);
/* Sets the flags for a session
* This ORs the supplied flags with the previous values
*
* Parameters
* Session Ptr
* Flags
*
* Returns
* New Flags
*/
uint32_t (*set_session_flags)(void *, uint32_t);
/* Gets the flags for a session
*
* Parameters
* Session Ptr
*/
uint32_t (*get_session_flags)(void *);
/* Flushes the stream on an alert
* Side that is flushed is the same as the packet.
*
@ -270,6 +182,14 @@ typedef struct _stream_api
*/
int (*alert_flush_stream)(Packet *);
/* Flushes the stream on arrival of packet
* Side that is flushed is the same side of the packet.
*
* Parameters
* Packet
*/
int (*request_flush_stream)(Packet *);
/* Flushes the stream on arrival of another packet
* Side that is flushed is the opposite of the packet.
*
@ -334,15 +254,19 @@ typedef struct _stream_api
*/
int (*check_session_alerted)(void *, Packet *p, uint32_t, uint32_t);
/* Get Flowbits data
/* Set Extra Data Logging
*
* Parameters
* Session Ptr
* Packet
*
* gen ID
* sig ID
* Returns
* Ptr to Flowbits Data
* 0 success
* -1 failure ( no alerts )
*
*/
StreamFlowData *(*get_flow_data)(Packet *p);
int (*update_session_alert)(void *, Packet *p, uint32_t, uint32_t, uint32_t, uint32_t);
/* Set reassembly flush policy/direction for given session
*
@ -355,8 +279,19 @@ typedef struct _stream_api
* Returns
* direction(s) of reassembly for session
*/
/* XXX Do not attempt to set flush policy to PROTOCOL or PROTOCOL_IPS. */
char (*set_reassembly)(void *, uint8_t, char, char);
/* Set direction of session
*
* Parameters:
* Session Ptr
* New Direction
* IP
* Port
*/
void (*update_direction)(void *, char, sfaddr_t*, uint16_t );
/* Get reassembly direction for given session
*
* Parameters
@ -417,40 +352,12 @@ typedef struct _stream_api
*/
char (*missed_packets)(void *, char);
#ifdef TARGET_BASED
/* Get the protocol identifier from a stream
/* Drop retransmitted packet arriving on session.
*
* Parameters
* Session Ptr
*
* Returns
* integer protocol identifier
* Packet
*/
int16_t (*get_application_protocol_id)(void *);
/* Set the protocol identifier for a stream
*
* Parameters
* Session Ptr
* ID
*
* Returns
* integer protocol identifier
*/
int16_t (*set_application_protocol_id)(void *, int16_t);
/** Set service to either ignore, inspect or maintain session state.
* If this is called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*set_service_filter_status)(int service, int status, tSfPolicyId policyId, int parsing);
#endif
/** Set port to either ignore, inspect or maintain session state.
* If this is called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*set_port_filter_status)(int protocol, uint16_t port, int status, tSfPolicyId policyId, int parsing);
void (*drop_packet)(Packet *);
/* Get the current flush point
*
@ -472,45 +379,259 @@ typedef struct _stream_api
*/
void (*set_flush_point)(void *, char, uint32_t);
#ifdef TARGET_BASED
// register for stateful scanning of in-order payload to determine flush points
// autoEnable allows PAF regardless of s5 ports config
uint8_t (*register_paf_port)( struct _SnortConfig *sc, tSfPolicyId, uint16_t server_port, bool toServer,
PAF_Callback, bool autoEnable);
// get any paf user data stored for this session
void** (*get_paf_user_data)(void* ssnptr, bool toServer, uint8_t id);
bool (*is_paf_active)(void* ssn, bool toServer);
bool (*activate_paf)(void* ssn, int dir, int16_t service, uint8_t type);
/** Set flag to force sessions to be created on SYN packets.
* This function can only be used with independent bits
* acquired from get_preprocessor_status_bit. If this is called
* during parsing a preprocessor configuration, make sure to
* set the parsing argument to 1.
*/
void (*set_tcp_syn_session_status)(struct _SnortConfig *sc, uint16_t status, tSfPolicyId policyId, int parsing);
/** Unset flag that forces sessions to be created on SYN
* packets. This function can only be used with independent
* bits acquired from get_preprocessor_status_bit. If this is
* called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*unset_tcp_syn_session_status)(struct _SnortConfig *sc, uint16_t status, tSfPolicyId policyId, int parsing);
//Register callbacks for extra data logging
uint32_t (*reg_xtra_data_cb)(LogFunction );
//Register Extra Data Log Function
void (*reg_xtra_data_log)(LogExtraData, void *);
//Get the Extra data map
uint32_t (*get_xtra_data_map)(LogFunction **);
// register for stateful scanning of in-order payload to determine flush points
// autoEnable allows PAF regardless of s5 ports config
uint8_t (*register_paf_service)(
struct _SnortConfig *sc, tSfPolicyId, uint16_t service, bool toServer,
PAF_Callback, bool autoEnable);
void (*set_extra_data)(void*, Packet *, uint32_t);
void (*clear_extra_data)(void*, Packet *, uint32_t);
// These methods may move to Session:
//
/* Set port to either ignore, inspect or maintain session state.
* If this is called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*set_port_filter_status)(struct _SnortConfig *sc, IpProto protocol, uint16_t port, uint16_t status,
tSfPolicyId policyId, int parsing);
/* Unset port to maintain session state. This function can only
* be used with independent bits acquired from
* get_preprocessor_status_bit. If this is called during
* parsing a preprocessor configuration, make sure to set the
* parsing argument to 1.
*/
void (*unset_port_filter_status)(struct _SnortConfig *sc, IpProto protocol, uint16_t port, uint16_t status,
tSfPolicyId policyId, int parsing);
/* Set service to either ignore, inspect or maintain session state.
* If this is called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*set_service_filter_status)( struct _SnortConfig *sc, int service, int status,
tSfPolicyId policyId, int parsing );
/* Register specified port for reassembly on specified network. If network is NULL the
* port is register for reassembly on the default stream network policy
*/
void (*register_reassembly_port)( char *, uint16_t, int );
/* Unregister specified port for reassembly on specified network. If network is NULL the
* port is unregistered for reassembly on the default stream network policy
*/
void (*unregister_reassembly_port)( char *, uint16_t, int );
/* Time out the specified session.
*
* Parameters
* Session Ptr
*/
void (*expire_session)(void *);
/* register returns a non-zero id for use with set; zero is error */
unsigned (*register_event_handler)(Stream_Callback);
bool (*set_event_handler)(void* ssnptr, unsigned id, Stream_Event);
void (*set_reset_policy)(void* ssn, int dir, uint16_t policy, uint16_t mss);
void (*set_session_decrypted)(void *ssn, bool enable);
bool (*is_session_decrypted)(void *ssn);
/* Turn off inspection for potential session.
* Adds session identifiers to a hash table.
* TCP only.
*
* Parameters
* Control Channel Packet
* IP addr #1
* Port #1
* IP addr #2
* Port #2
* Protocol
* ID
* ID,
* Preprocessor ID calling this function,
* Preprocessor specific data,
* Preprocessor data free function. If NULL, then static buffer is assumed.
* Preprocessor event handler callback ID (used when calling set_event_handler)
* Preprocessor event on which to callback (only used when cbId is not NULL )
*
* Returns
* 0 on success
* -1 on failure
*/
int (*set_application_protocol_id_expected)(snort_ip_p, uint16_t, snort_ip_p, uint16_t,
char, int16_t);
#endif
} StreamAPI;
int (*set_application_protocol_id_expected_preassign_callback)(const Packet *, sfaddr_t*, uint16_t,
sfaddr_t*, uint16_t, uint8_t, int16_t, uint32_t, void*, void (*)(void*), unsigned, Stream_Event,
struct _ExpectNode**);
/* To be set by Stream5 (or Stream4) */
extern StreamAPI *stream_api;
// print and reset normalization statistics
void (*print_normalization_stats)(void);
void (*reset_normalization_stats)(void);
/**Port Inspection States. Port can be either ignored,
* or inspected or session tracked. The values are bitmasks.
#if defined(FEAT_OPEN_APPID)
/* set detected service, client, payload and misc Applicaiton Id.
*
* Parameters
* Session Ptr
* Snort Protocol Id for service application
* Snort Protocol Id for client application
* Snort Protocol Id for payload application
* Snort Protocol Id for misc application
*/
typedef enum {
/**Dont monitor the port. */
PORT_MONITOR_NONE = 0x00,
void (*set_application_id)(void* ssnptr, int16_t serviceAppid, int16_t clientAppid, int16_t payloadAppId, int16_t miscAppid);
/**Inspect the port. */
PORT_MONITOR_INSPECT = 0x01,
/* get detected service, client, payload and misc Applicaiton Id.
*
* Parameters
* Session Ptr
* Snort Protocol Id for service application
* Snort Protocol Id for client application
* Snort Protocol Id for payload application
* Snort Protocol Id for misc application
*/
void (*get_application_id)(void* ssnptr, int16_t *serviceAppid, int16_t *clientAppid, int16_t *payloadAppId, int16_t *miscAppid);
/**perform session tracking on the port. */
PORT_MONITOR_SESSION = 0x02
} PortMonitorStates;
/* Register callback function for processing HTTP headers extracted by HTTP preprocessor.
*
* Parameters
* Callback function pointer
*/
int (*register_http_header_callback)(Http_Processor_Callback);
#endif /* defined(FEAT_OPEN_APPID) */
/* function to publish events
*
* Parameters
* preprocId - preprocess identifier
* ssnptr - sesssion pointer
* eventType - type of event enumerated in ServiceEventType
* eventData - void data pointer. Structure must be agreed between publisher and subscriber.
*/
bool (*service_event_publish)(unsigned int preprocId, void *ssnptr, ServiceEventType eventType, void *eventData);
/* function for subcribing to events.
*
* Parameters
* preprocId - preprocess identifier
* eventType - type of event enumerated in ServiceEventType
* Callback function pointer
*/
bool (*service_event_subscribe)(unsigned int preprocId, ServiceEventType eventType, ServiceEventNotifierFunc cb);
/* function to register for customized free function
*
* Parameters
* id - registered paf identifier
* Callback function pointer
*/
void (*register_paf_free)(uint8_t id, PAF_Free_Callback);
/* function to return the wire packet
*
* Parameters
* None
*/
Packet *(*get_wire_packet)(void);
/* function which returns the forward dir or reverse dir to h2_paf
*
* Parameter
* None
*/
uint8_t (*get_flush_policy_dir)(void);
/* function returns if its a http/2 session
*
* Parameters
* Session Pointer
*/
bool (*is_session_http2)(void *ssn);
/* function sets http/2 session flag
*
* Parameters
* Session Pointer
*/
void (*set_session_http2)(void *ssn);
bool (*is_show_rebuilt_packets_enabled)();
/* function returns if its a http/2 session Upgrade
*
* Parameters
* Session Pointer
*/
bool (*is_session_http2_upg)(void *ssn);
/* function sets http/2 session Upgrade flag
*
* Parameters
* Session Pointer
*/
void (*set_session_http2_upg)(void *ssn);
/* function for setting proto_flags
*
* Parameters
* ssnptr - sesssion pointer
* flags - flags
*/
void (*set_proto_flags)(void* ssnptr, uint32_t flags);
/* function for unsetting proto_flags
*
* Parameters
* ssnptr - sesssion pointer
* flags - flags
*/
void (*unset_proto_flags)(void* ssnptr, uint32_t flags);
/* Gets the proto_flags for a session
*
* Parameters
* ssnptr - sesssion pointer
*/
uint32_t (*get_proto_flags)(void *ssnptr);
} StreamAPI;
/* To be set by Stream */
extern StreamAPI *stream_api;
#endif /* STREAM_API_H_ */

9
include/treenodes.h Normal file → Executable file
View file

@ -1,5 +1,6 @@
/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2008-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -14,7 +15,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -105,6 +106,9 @@ typedef struct _OptTreeNode
unsigned short proto_node_num;
uint8_t failedCheckBits;
char generated;
uint16_t longestPatternLen;
int rule_state; /* Enabled or Disabled */
@ -122,7 +126,6 @@ typedef struct _OptTreeNode
uint64_t ppm_suspend_time; /* PPM */
uint64_t ppm_disable_cnt; /*PPM */
char generated;
uint32_t num_detection_opts;
/**unique index generated in ruleIndexMap.

9
include/treenodes.h.new Normal file → Executable file
View file

@ -1,5 +1,6 @@
/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
* Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
* Copyright (C) 2008-2013 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
@ -14,7 +15,7 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
****************************************************************************/
@ -103,6 +104,9 @@ typedef struct _OptTreeNode
unsigned short proto_node_num;
uint8_t failedCheckBits;
char generated;
uint16_t longestPatternLen;
int rule_state; /* Enabled or Disabled */
@ -120,7 +124,6 @@ typedef struct _OptTreeNode
uint64_t ppm_suspend_time; /* PPM */
uint64_t ppm_disable_cnt; /*PPM */
char generated;
uint32_t num_detection_opts;
/**unique index generated in ruleIndexMap.

42
include_bak/bitop.h Normal file
View file

@ -0,0 +1,42 @@
/*
** $Id$
**
** bitopt.c
**
** Copyright (C) 2002-2010 Sourcefire, Inc.
** Dan Roelker <droelker@sourcefire.com>
** Marc Norton <mnorton@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
**
** NOTES
** 5.15.02 - Initial Source Code. Norton/Roelker
** 5.23.02 - Moved bitop functions to bitop.h to inline. Norton/Roelker
** 1.21.04 - Added static initialization. Roelker
** 9.13.05 - Separated type and inline func definitions. Sturges
**
*/
#ifndef _BITOP_H
#define _BITOP_H
typedef struct _BITOP {
unsigned char *pucBitBuffer;
unsigned int uiBitBufferSize;
unsigned int uiMaxBits;
} BITOP;
#endif /* _BITOP_H */

135
include_bak/cpuclock.h Normal file
View file

@ -0,0 +1,135 @@
/*
** Copyright (C) 2006-2010 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef CPU_CLOCK_TICKS_H
#define CPU_CLOCK_TICKS_H
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "debug.h"
#include "sf_types.h" /* for uint64_t */
/* Assembly to find clock ticks. */
#ifdef WIN32
#include <windows.h>
/* INTEL WINDOWS */
__inline void __cputicks_msc(uint64_t *val)
{
__int64 t;
__asm
{
rdtsc;
mov dword PTR [t],eax;
mov dword PTR [t+4],edx;
}
*val = (uint64_t)t;
}
#define get_clockticks(val) __cputicks_msc(&val)
/*
#define get_clockticks(val) \
QueryPerformanceCounter((PLARGE_INTEGER)&val)
*/
#else
#include <unistd.h>
/* INTEL LINUX/BSD/.. */
#if (defined(__i386) || defined(__amd64) || defined(__x86_64__))
#define get_clockticks(val) \
{ \
uint32_t a, d; \
__asm__ __volatile__ ("rdtsc" : "=a" (a), "=d" (d)); \
val = ((uint64_t)a) | (((uint64_t)d) << 32); \
}
#else
#if (defined(__ia64) && defined(__GNUC__) )
#define get_clockticks(val) \
{ \
__asm__ __volatile__ ("mov %0=ar.itc" : "=r"(val)); \
}
#else
#if (defined(__ia64) && defined(__hpux))
#include <machine/sys/inline.h>
#define get_clockticks(val) \
{ \
val = _Asm_mov_from_ar (_AREG_ITC); \
}
#else
/* POWER PC */
#if (defined(__GNUC__) && (defined(__powerpc__) || (defined(__ppc__))))
#define get_clockticks(val) \
{ \
uint32_t tbu0, tbu1, tbl; \
do \
{ \
__asm__ __volatile__ ("mftbu %0" : "=r"(tbu0)); \
__asm__ __volatile__ ("mftb %0" : "=r"(tbl)); \
__asm__ __volatile__ ("mftbu %0" : "=r"(tbu1)); \
} while (tbu0 != tbu1); \
val = ((uint64_t)tbl) | (((uint64_t)tbu0) << 32); \
}
#else
/* SPARC */
#ifdef SPARCV9
#ifdef _LP64
#define get_clockticks(val) \
{ \
__asm__ __volatile__("rd %%tick, %0" : "=r"(val)); \
}
#else
#define get_clockticks(val) \
{ \
uint32_t a, b; \
__asm__ __volatile__("rd %%tick, %0\n" \
"srlx %0, 32, %1" \
: "=r"(a), "=r"(b)); \
val = ((uint64_t)a) | (((uint64_t)b) << 32); \
}
#endif /* _LP64 */
#else
#define get_clockticks(val)
#endif /* SPARC */
#endif /* POWERPC || PPC */
#endif /* IA64 && HPUX */
#endif /* IA64 && GNUC */
#endif /* I386 || AMD64 || X86_64 */
#endif /* WIN32 */
static INLINE double get_ticks_per_usec (void)
{
uint64_t start = 0, end = 0;
get_clockticks(start);
#ifdef WIN32
Sleep(1000);
#else
sleep(1);
#endif
get_clockticks(end);
return (double)(end-start)/1e6;
}
#endif /* CPU_CLOCK_TICKS_H */

76
include_bak/event.h Normal file
View file

@ -0,0 +1,76 @@
/* $Id$ */
/*
** Copyright (C) 2002-2010 Sourcefire, Inc.
** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* D E F I N E S ************************************************************/
#ifndef __EVENT_H__
#define __EVENT_H__
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef OSF1
#include <sys/bitypes.h>
#endif
#include <sys/types.h>
#ifndef WIN32
#include <sys/time.h>
#endif
#include "pcap_pkthdr32.h"
typedef struct _Event
{
uint32_t sig_generator; /* which part of snort generated the alert? */
uint32_t sig_id; /* sig id for this generator */
uint32_t sig_rev; /* sig revision for this id */
uint32_t classification; /* event classification */
uint32_t priority; /* event priority */
uint32_t event_id; /* event ID */
uint32_t event_reference; /* reference to other events that have gone off,
* such as in the case of tagged packets...
*/
struct sf_timeval32 ref_time; /* reference time for the event reference */
/* Don't add to this structure because this is the serialized data
* struct for unified logging.
*/
} Event;
#if 0
typedef struct _EventID
{
uint32_t sequence;
uint32_t seconds;
} EventID;
typedef struct _Event
{
EventID id;
uint32_t uSeconds;
SigInfo sigInfo;
} Event;
#endif
#endif /* __EVENT_H__ */

204
include_bak/ipv6_port.h Normal file
View file

@ -0,0 +1,204 @@
/*
** Copyright (C) 2007-2010 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef IPV6_PORT_H
#define IPV6_PORT_H
#include "sf_types.h"
#include "debug.h"
/* ///////////////// */
/* IPv6 and IPv4 */
#ifdef SUP_IP6
#include "sf_ip.h"
typedef sfip_t snort_ip;
typedef sfip_t *snort_ip_p;
#define IpAddrNode sfip_node_t
#define IpAddrSet sfip_var_t
#define IpAddrSetContains(x,y) sfvar_ip_in(x, y)
#define IpAddrSetPrint sfvar_print
#ifdef inet_ntoa
#undef inet_ntoa
#endif
#define inet_ntoa sfip_ntoa
#define GET_SRC_IP(p) (p->iph_api->iph_ret_src(p))
#define GET_DST_IP(p) (p->iph_api->iph_ret_dst(p))
#define GET_ORIG_SRC(p) (p->orig_ipv4h_api->orig_iph_ret_src(p))
#define GET_ORIG_DST(p) (p->orig_ipv4h_api->orig_iph_ret_dst(p))
/* These are here for backwards compatibility */
#define GET_SRC_ADDR(x) GET_SRC_IP(x)
#define GET_DST_ADDR(x) GET_DST_IP(x)
#define IP_EQUALITY(x,y) (sfip_compare(x,y) == SFIP_EQUAL)
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset(x,y) == SFIP_EQUAL)
#define IP_LESSER(x,y) (sfip_compare(x,y) == SFIP_LESSER)
#define IP_GREATER(x,y) (sfip_compare(x,y) == SFIP_GREATER)
#define GET_IPH_TOS(p) p->iph_api->iph_ret_tos(p)
#define GET_IPH_LEN(p) p->iph_api->iph_ret_len(p)
#define GET_IPH_TTL(p) p->iph_api->iph_ret_ttl(p)
#define GET_IPH_ID(p) p->iph_api->iph_ret_id(p)
#define GET_IPH_OFF(p) p->iph_api->iph_ret_off(p)
#define GET_IPH_VER(p) p->iph_api->iph_ret_ver(p)
#define GET_IPH_PROTO(p) p->iph_api->iph_ret_proto(p)
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h_api->orig_iph_ret_proto(p)
#define GET_ORIG_IPH_VER(p) p->orig_ipv4h_api->orig_iph_ret_ver(p)
#define GET_ORIG_IPH_LEN(p) p->orig_ipv4h_api->orig_iph_ret_len(p)
#define GET_ORIG_IPH_OFF(p) p->orig_ipv4h_api->orig_iph_ret_off(p)
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h_api->orig_iph_ret_proto(p)
#define IS_IP4(x) (x->family == AF_INET)
#define IS_IP6(x) (x->family == AF_INET6)
/* XXX make sure these aren't getting confused with sfip_is_valid within the code */
#define IPH_IS_VALID(p) iph_is_valid(p)
#define IP_CLEAR(x) x.bits = x.family = x.ip32[0] = x.ip32[1] = x.ip32[2] = x.ip32[3] = 0;
#define IS_SET(x) sfip_is_set(&x)
/* This loop trickery is intentional. If each copy is performed
* individually on each field, then the following expression gets broken:
*
* if(conditional) IP_COPY_VALUE(a,b);
*
* If the macro is instead enclosed in braces, then having a semicolon
* trailing the macro causes compile breakage.
* So: use loop. */
#define IP_COPY_VALUE(x,y) \
do { \
x.bits = y->bits; \
x.family = y->family; \
x.ip32[0] = y->ip32[0]; \
x.ip32[1] = y->ip32[1]; \
x.ip32[2] = y->ip32[2]; \
x.ip32[3] = y->ip32[3]; \
} while(0)
#define GET_IPH_HLEN(p) (p->iph_api->iph_ret_hlen(p))
#define SET_IPH_HLEN(p, val)
#define GET_IP_DGMLEN(p) IS_IP6(p) ? (ntohs(GET_IPH_LEN(p)) + (GET_IPH_HLEN(p) << 2)) : ntohs(GET_IPH_LEN(p))
#define GET_IP_PAYLEN(p) IS_IP6(p) ? ntohs(GET_IPH_LEN(p)) : (ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2))
#define IP_ARG(ipt) (&ipt)
#define IP_PTR(ipp) (ipp)
#define IP_VAL(ipt) (*ipt)
#define IP_SIZE(ipp) (sfip_size(ipp))
static INLINE int sfip_equal (snort_ip* ip1, snort_ip* ip2)
{
if ( ip1->family != ip2->family )
{
return 0;
}
if ( ip1->family == AF_INET )
{
return _ip4_cmp(ip1->ip32[0], ip2->ip32[0]) == SFIP_EQUAL;
}
if ( ip1->family == AF_INET6 )
{
return _ip6_cmp(ip1, ip2) == SFIP_EQUAL;
}
return 0;
}
#else
/* ///////////// */
/* IPv4 only */
#include <sys/types.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
typedef u_int32_t snort_ip; /* 32 bits only -- don't use unsigned long */
typedef u_int32_t snort_ip_p; /* 32 bits only -- don't use unsigned long */
#define IP_SRC_EQUALITY(x,y) (x->ip_addr == (y->ip4_header->source.s_addr & x->netmask))
#define IP_DST_EQUALITY(x,y) (x->ip_addr == (y->ip4_header->destination.s_addr & x->netmask))
#define GET_SRC_IP(x) x->ip4_header->source.s_addr
#define GET_DST_IP(x) x->ip4_header->destination.s_addr
#define GET_ORIG_SRC(p) (p->orig_ipv4h->ip_src.s_addr)
#define GET_ORIG_DST(p) (p->orig_ipv4h->ip_dst.s_addr)
#define GET_SRC_ADDR(x) x->ip4_header->source
#define GET_DST_ADDR(x) x->ip4_header->destination
#define IP_CLEAR_SRC(x) x->ip4_header->source.s_addr = 0
#define IP_CLEAR_DST(x) x->ip4_header->destination.s_addr = 0
#define IP_EQUALITY(x,y) (x == y)
#define IP_EQUALITY_UNSET(x,y) (x == y)
#define IP_LESSER(x,y) (x < y)
#define IP_GREATER(x,y) (x > y)
#define GET_IPH_PROTO(p) p->ip4_header->proto
#define GET_IPH_TOS(p) p->ip4_header->type_service
#define GET_IPH_LEN(p) p->ip4_header->data_length
#define GET_IPH_TTL(p) p->ip4_header->time_to_live
#define GET_IPH_VER(p) ((p->ip4_header->version_headerlength & 0xf0) >> 4)
#define GET_IPH_ID(p) p->ip4_header->identifier
#define GET_IPH_OFF(p) p->ip4_header->offset
#define GET_ORIG_IPH_VER(p) IP_VER(p->orig_ipv4h)
#define GET_ORIG_IPH_LEN(p) p->orig_ipv4h->data_length
#define GET_ORIG_IPH_OFF(p) p->orig_ipv4h->offset
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h->proto
#define IS_IP4(x) 1
#define IS_IP6(x) 0
#define IPH_IS_VALID(p) p->ip4_header
#define IP_CLEAR(x) x = 0;
#define IS_SET(x) x
#define IP_COPY_VALUE(x,y) x = y
#define GET_IPH_HLEN(p) ((p)->ip4_header->version_headerlength & 0x0f)
#define SET_IPH_HLEN(p, val) (((IPHdr *)(p)->iph)->version_headerlength = (unsigned char)(((p)->ip4_header->ip_verhl & 0xf0) | ((val) & 0x0f)))
#define GET_IP_DGMLEN(p) ntohs(GET_IPH_LEN(p))
#define GET_IP_PAYLEN(p) ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2)
#define IP_ARG(ipt) (ipt)
#define IP_PTR(ipp) (&ipp)
#define IP_VAL(ipt) (ipt)
#define IP_SIZE(ipp) (sizeof(ipp))
static INLINE int sfip_equal (snort_ip ip1, snort_ip ip2)
{
return IP_EQUALITY(ip1, ip2);
}
#endif /* SUP_IP6 */
#if !defined(IPPROTO_IPIP) && defined(WIN32) /* Needed for some Win32 */
#define IPPROTO_IPIP 4
#endif
#endif /* IPV6_PORT_H */

204
include_bak/ipv6_port.h.new Normal file
View file

@ -0,0 +1,204 @@
/*
** Copyright (C) 2007-2010 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef IPV6_PORT_H
#define IPV6_PORT_H
#include "sf_types.h"
#include "debug.h"
///////////////////
/* IPv6 and IPv4 */
#ifdef SUP_IP6
#include "sf_ip.h"
typedef sfip_t snort_ip;
typedef sfip_t *snort_ip_p;
#define IpAddrNode sfip_node_t
#define IpAddrSet sfip_var_t
#define IpAddrSetContains(x,y) sfvar_ip_in(x, y)
#define IpAddrSetPrint sfvar_print
#ifdef inet_ntoa
#undef inet_ntoa
#endif
#define inet_ntoa sfip_ntoa
#define GET_SRC_IP(p) (p->iph_api->iph_ret_src(p))
#define GET_DST_IP(p) (p->iph_api->iph_ret_dst(p))
#define GET_ORIG_SRC(p) (p->orig_iph_api->orig_iph_ret_src(p))
#define GET_ORIG_DST(p) (p->orig_iph_api->orig_iph_ret_dst(p))
/* These are here for backwards compatibility */
#define GET_SRC_ADDR(x) GET_SRC_IP(x)
#define GET_DST_ADDR(x) GET_DST_IP(x)
#define IP_EQUALITY(x,y) (sfip_compare(x,y) == SFIP_EQUAL)
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset(x,y) == SFIP_EQUAL)
#define IP_LESSER(x,y) (sfip_compare(x,y) == SFIP_LESSER)
#define IP_GREATER(x,y) (sfip_compare(x,y) == SFIP_GREATER)
#define GET_IPH_TOS(p) p->iph_api->iph_ret_tos(p)
#define GET_IPH_LEN(p) p->iph_api->iph_ret_len(p)
#define GET_IPH_TTL(p) p->iph_api->iph_ret_ttl(p)
#define GET_IPH_ID(p) p->iph_api->iph_ret_id(p)
#define GET_IPH_OFF(p) p->iph_api->iph_ret_off(p)
#define GET_IPH_VER(p) p->iph_api->iph_ret_ver(p)
#define GET_IPH_PROTO(p) p->iph_api->iph_ret_proto(p)
#define GET_ORIG_IPH_PROTO(p) p->orig_iph_api->orig_iph_ret_proto(p)
#define GET_ORIG_IPH_VER(p) p->orig_iph_api->orig_iph_ret_ver(p)
#define GET_ORIG_IPH_LEN(p) p->orig_iph_api->orig_iph_ret_len(p)
#define GET_ORIG_IPH_OFF(p) p->orig_iph_api->orig_iph_ret_off(p)
#define GET_ORIG_IPH_PROTO(p) p->orig_iph_api->orig_iph_ret_proto(p)
#define IS_IP4(x) (x->family == AF_INET)
#define IS_IP6(x) (x->family == AF_INET6)
/* XXX make sure these aren't getting confused with sfip_is_valid within the code */
#define IPH_IS_VALID(p) iph_is_valid(p)
#define IP_CLEAR(x) x.bits = x.family = x.ip32[0] = x.ip32[1] = x.ip32[2] = x.ip32[3] = 0;
#define IS_SET(x) sfip_is_set(&x)
/* This loop trickery is intentional. If each copy is performed
* individually on each field, then the following expression gets broken:
*
* if(conditional) IP_COPY_VALUE(a,b);
*
* If the macro is instead enclosed in braces, then having a semicolon
* trailing the macro causes compile breakage.
* So: use loop. */
#define IP_COPY_VALUE(x,y) \
do { \
x.bits = y->bits; \
x.family = y->family; \
x.ip32[0] = y->ip32[0]; \
x.ip32[1] = y->ip32[1]; \
x.ip32[2] = y->ip32[2]; \
x.ip32[3] = y->ip32[3]; \
} while(0)
#define GET_IPH_HLEN(p) (p->iph_api->iph_ret_hlen(p))
#define SET_IPH_HLEN(p, val)
#define GET_IP_DGMLEN(p) IS_IP6(p) ? (ntohs(GET_IPH_LEN(p)) + (GET_IPH_HLEN(p) << 2)) : ntohs(GET_IPH_LEN(p))
#define GET_IP_PAYLEN(p) IS_IP6(p) ? ntohs(GET_IPH_LEN(p)) : (ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2))
#define IP_ARG(ipt) (&ipt)
#define IP_PTR(ipp) (ipp)
#define IP_VAL(ipt) (*ipt)
#define IP_SIZE(ipp) (sfip_size(ipp))
static INLINE int sfip_equal (snort_ip* ip1, snort_ip* ip2)
{
if ( ip1->family != ip2->family )
{
return 0;
}
if ( ip1->family == AF_INET )
{
return _ip4_cmp(ip1->ip32[0], ip2->ip32[0]) == SFIP_EQUAL;
}
if ( ip1->family == AF_INET6 )
{
return _ip6_cmp(ip1, ip2) == SFIP_EQUAL;
}
return 0;
}
#else
///////////////
/* IPv4 only */
#include <sys/types.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
typedef u_int32_t snort_ip; /* 32 bits only -- don't use unsigned long */
typedef u_int32_t snort_ip_p; /* 32 bits only -- don't use unsigned long */
#define IP_SRC_EQUALITY(x,y) (x->ip_addr == (y->iph->ip_src.s_addr & x->netmask))
#define IP_DST_EQUALITY(x,y) (x->ip_addr == (y->iph->ip_dst.s_addr & x->netmask))
#define GET_SRC_IP(x) x->iph->ip_src.s_addr
#define GET_DST_IP(x) x->iph->ip_dst.s_addr
#define GET_ORIG_SRC(p) (p->orig_iph->ip_src.s_addr)
#define GET_ORIG_DST(p) (p->orig_iph->ip_dst.s_addr)
#define GET_SRC_ADDR(x) x->iph->ip_src
#define GET_DST_ADDR(x) x->iph->ip_dst
#define IP_CLEAR_SRC(x) x->iph->ip_src.s_addr = 0
#define IP_CLEAR_DST(x) x->iph->ip_dst.s_addr = 0
#define IP_EQUALITY(x,y) (x == y)
#define IP_EQUALITY_UNSET(x,y) (x == y)
#define IP_LESSER(x,y) (x < y)
#define IP_GREATER(x,y) (x > y)
#define GET_IPH_PROTO(p) p->iph->ip_proto
#define GET_IPH_TOS(p) p->iph->ip_tos
#define GET_IPH_LEN(p) p->iph->ip_len
#define GET_IPH_TTL(p) p->iph->ip_ttl
#define GET_IPH_VER(p) ((p->iph->ip_verhl & 0xf0) >> 4)
#define GET_IPH_ID(p) p->iph->ip_id
#define GET_IPH_OFF(p) p->iph->ip_off
#define GET_ORIG_IPH_VER(p) IP_VER(p->orig_iph)
#define GET_ORIG_IPH_LEN(p) p->orig_iph->ip_len
#define GET_ORIG_IPH_OFF(p) p->orig_iph->ip_off
#define GET_ORIG_IPH_PROTO(p) p->orig_iph->ip_proto
#define IS_IP4(x) 1
#define IS_IP6(x) 0
#define IPH_IS_VALID(p) p->iph
#define IP_CLEAR(x) x = 0;
#define IS_SET(x) x
#define IP_COPY_VALUE(x,y) x = y
#define GET_IPH_HLEN(p) ((p)->iph->ip_verhl & 0x0f)
#define SET_IPH_HLEN(p, val) (((IPHdr *)(p)->iph)->ip_verhl = (unsigned char)(((p)->iph->ip_verhl & 0xf0) | ((val) & 0x0f)))
#define GET_IP_DGMLEN(p) ntohs(GET_IPH_LEN(p))
#define GET_IP_PAYLEN(p) ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2)
#define IP_ARG(ipt) (ipt)
#define IP_PTR(ipp) (&ipp)
#define IP_VAL(ipt) (ipt)
#define IP_SIZE(ipp) (sizeof(ipp))
static INLINE int sfip_equal (snort_ip ip1, snort_ip ip2)
{
return IP_EQUALITY(ip1, ip2);
}
#endif /* SUP_IP6 */
#if !defined(IPPROTO_IPIP) && defined(WIN32) /* Needed for some Win32 */
#define IPPROTO_IPIP 4
#endif
#endif /* IPV6_PORT_H */

272
include_bak/obfuscation.h Normal file
View file

@ -0,0 +1,272 @@
/******************************************************************************
* Copyright (C) 2009-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
******************************************************************************/
#ifndef __OBFUSCATION_H__
#define __OBFUSCATION_H__
#include "sf_types.h"
#include "sf_snort_packet.h"
#include <pcap.h>
/*******************************************************************************
* Macros
******************************************************************************/
/* This should be defined to be greater than or equal to the maximum
* amount of data expected to be obfuscated */
#define OB_LENGTH_MAX UINT16_MAX
/*******************************************************************************
* Types
******************************************************************************/
typedef uint8_t ob_char_t;
typedef uint16_t ob_size_t;
typedef enum _ObRet
{
OB_RET_SUCCESS,
OB_RET_ERROR,
OB_RET_OVERFLOW
} ObRet;
/*******************************************************************************
* Callback to use for obfuscating payload or stream segments - see API below.
*
* The first chunk of a payload or stream segment whether needing obfuscation
* or not will pass a valid pcap_pkthdr struct. Subsequent calls will pass NULL
* for this structure. This is useful, especially for the stream segment API
* call to know when a new segment begins. Any new "payload" will have a valid
* pcap_pkthdr struct.
*
* If the slice sent in has a non-NULL packet data pointer, the data should *NOT*
* be obfuscated.
*
* If the chunk sent in has a NULL packet data pointer, then that chunk of data
* should be obfuscated with the obfuscation character.
*
* The length passed in is the amount of data that should be copied from the
* packet data pointer or the amount of data that should be written with the
* obfuscation character.
*
* Arguments
* struct pcap_pkthdr *pkth
* The pcap header that contains the packet caplen and timestamps
* uint8_t *packet_data
* A pointer to the current offset into the packet data. NULL if
* obfuscation of the payload slice is required.
* ob_char_t ob_char
* The obfuscation character to use if packet_data is NULL.
* ob_size_t length
* The amount of data to be logged or obfuscated.
* void *user_data
* The user data passed in to the API functions obfuscatePayload() or
* obfuscateStreamSegments below.
*
* Returns
* OB_RET_SUCCESS if all is good
* OB_RET_ERROR if the rest of the obfuscation should not be done
*
******************************************************************************/
typedef ObRet (*ObfuscationCallback)
(
const struct pcap_pkthdr *pkth,
const uint8_t *packet_data,
ob_size_t length,
ob_char_t ob_char,
void *user_data
);
/*******************************************************************************
* Obfuscation API
******************************************************************************/
typedef struct _ObfuscationApi
{
/*
* Resets/clears any entries that have been added
* Should be done per packet aquisition
*
* Arguments
* None
*
* Returns
* None
*/
void (*resetObfuscationEntries)(void);
/*
* Adds an obfuscation entry to the queue
*
* Arguments
* SFSnortPacket *p
* The SFSnortPacket struct that has the payload data that should be obfuscated
* ob_size_t offset
* The offset from the beginning of the payload to start obfuscation
* ob_size_t length
* The amount of data to obfuscate
* ob_char_t ob_char
* The character to use when obfuscating
*
* There are two types of entries that can be added. A slice entry that
* has an offset and length less than OB_LENGTH_MAX and an entry with
* length OB_LENGTH_MAX that implies obfuscating from offset to the end
* of the packet data.
*
* NOTE --
* There is a fixed size of slice entries and OB_LENGTH_MAX entries.
* If OB_RET_OVERFLOW is returned when attempting to add a slice entry,
* a second call can be made to add an OB_LENGTH_MAX entry. Only one
* OB_LENGTH_MAX entry can be associated with each Packet. If there is
* already an OB_LENGTH_MAX entry for the packet, the lower of the two
* offsets will be used. Although you should check for OB_RET_OVERFLOW
* when attempting to add an OB_LENGTH_MAX entry, the fixed size should
* be more than enough space to store an entry for each possible packet
* that could be in the system at the time.
*
* Returns
* OB_RET_SUCCESS on sucess
* OB_RET_ERROR on error
* OB_RET_OVERFLOW if there is no space left to add an entry
*/
ObRet (*addObfuscationEntry)(SFSnortPacket *p, ob_size_t offset,
ob_size_t length, ob_char_t ob_char);
/*
* Determines if there are any obfuscation entries associated with
* the given Packet
*
* Arguments
* SFSnortPacket *
* The SFSnortPacket to check
*
* Returns
* 1 if the packet requires obfuscation
* 0 if it doesn't
*/
int (*payloadObfuscationRequired)(SFSnortPacket *p);
/*
* Obfuscate the payload associated with the Packet. Mainly for use by the
* output system to print or log an obfuscated payload. The callback will
* be called for both payload segments that need obfuscation and those that
* don't. See comment on ObfuscationCallback above.
*
* Arguments
* SFSnortPacket *
* The SFSnortPacket whose payload should be obfuscated
* ObfuscationCallback
* The function that will be called for each obfuscated and
* non-obfuscated segment in the payload
* void *
* User data that will be passed to the callback
*
* Returns
* OB_RET_SUCCESS on sucess
* OB_RET_ERROR on error
*/
ObRet (*obfuscatePacket)(SFSnortPacket *p,
ObfuscationCallback callback, void *user_data);
/*
* Obfuscate the stream segments associated with the Packet. Mainly for use
* by the output system to print or log the stream segments associated with
* a SFSnortPacket that have been marked as needing obfuscation. The callback will
* be called for both stream segments that need obfuscation and those that
* don't. It will be called for all stream segments. See comment on
* ObfuscationCallback above.
*
* Arguments
* SFSnortPacket *
* The SFSnortPacket whose stream segments should be obfuscated
* ObfuscationCallback
* The function that will be called for each obfuscated and
* non-obfuscated part of the stream segments.
* void *
* User data that will be passed to the callback
*
* Returns
* OB_RET_SUCCESS on sucess
* OB_RET_ERROR on error
*/
ObRet (*obfuscatePacketStreamSegments)(SFSnortPacket *p,
ObfuscationCallback callback, void *user_data);
/*
* Obfuscates the SFSnortPacket payload and returns payload and payload length
* in parameters
*
* NOTE
* *payload will be set to NULL, so don't pass in an already
* allocated pointer.
* *payload_len will be zeroed.
*
* The payload returned is dynamically allocated and MUST be free'd.
*
* Arguments
* SFSnortPacket *
* The SFSnortPacket whose payload should be obfuscated
* uint8_t **payload
* A pointer to a payload pointer so it can be allocated, returned
* and accessed.
* ob_size_t *payload_len
* A pointer to an ob_size_t so the length can be returned.
*
* Returns
* OB_RET_ERROR if the payload could not be obfuscated
* the pointers to payload and payload_len will not be valid
* OB_RET_SUCCESS if the payload was obfuscated
* the pointers to payload and payload_len will be valid
*/
ObRet (*getObfuscatedPayload)(SFSnortPacket *p, uint8_t **payload,
ob_size_t *payload_len);
/*
* Prints the current obfuscation entries.
*
* Arguments
* int sorted
* Print the sorted entries and sort if necessary.
*
* Returns
* None
*/
void (*printObfuscationEntries)(int sorted);
} ObfuscationApi;
/* For access when including header */
extern ObfuscationApi *obApi;
#endif /* __OBFUSCATION_H__ */

View file

@ -0,0 +1,272 @@
/******************************************************************************
* Copyright (C) 2009-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
******************************************************************************/
#ifndef __OBFUSCATION_H__
#define __OBFUSCATION_H__
#include "sf_types.h"
#include "decode.h"
#include <pcap.h>
/*******************************************************************************
* Macros
******************************************************************************/
/* This should be defined to be greater than or equal to the maximum
* amount of data expected to be obfuscated */
#define OB_LENGTH_MAX UINT16_MAX
/*******************************************************************************
* Types
******************************************************************************/
typedef uint8_t ob_char_t;
typedef uint16_t ob_size_t;
typedef enum _ObRet
{
OB_RET_SUCCESS,
OB_RET_ERROR,
OB_RET_OVERFLOW
} ObRet;
/*******************************************************************************
* Callback to use for obfuscating payload or stream segments - see API below.
*
* The first chunk of a payload or stream segment whether needing obfuscation
* or not will pass a valid pcap_pkthdr struct. Subsequent calls will pass NULL
* for this structure. This is useful, especially for the stream segment API
* call to know when a new segment begins. Any new "payload" will have a valid
* pcap_pkthdr struct.
*
* If the slice sent in has a non-NULL packet data pointer, the data should *NOT*
* be obfuscated.
*
* If the chunk sent in has a NULL packet data pointer, then that chunk of data
* should be obfuscated with the obfuscation character.
*
* The length passed in is the amount of data that should be copied from the
* packet data pointer or the amount of data that should be written with the
* obfuscation character.
*
* Arguments
* struct pcap_pkthdr *pkth
* The pcap header that contains the packet caplen and timestamps
* uint8_t *packet_data
* A pointer to the current offset into the packet data. NULL if
* obfuscation of the payload slice is required.
* ob_char_t ob_char
* The obfuscation character to use if packet_data is NULL.
* ob_size_t length
* The amount of data to be logged or obfuscated.
* void *user_data
* The user data passed in to the API functions obfuscatePayload() or
* obfuscateStreamSegments below.
*
* Returns
* OB_RET_SUCCESS if all is good
* OB_RET_ERROR if the rest of the obfuscation should not be done
*
******************************************************************************/
typedef ObRet (*ObfuscationCallback)
(
const struct pcap_pkthdr *pkth,
const uint8_t *packet_data,
ob_size_t length,
ob_char_t ob_char,
void *user_data
);
/*******************************************************************************
* Obfuscation API
******************************************************************************/
typedef struct _ObfuscationApi
{
/*
* Resets/clears any entries that have been added
* Should be done per packet aquisition
*
* Arguments
* None
*
* Returns
* None
*/
void (*resetObfuscationEntries)(void);
/*
* Adds an obfuscation entry to the queue
*
* Arguments
* Packet *p
* The Packet struct that has the payload data that should be obfuscated
* ob_size_t offset
* The offset from the beginning of the payload to start obfuscation
* ob_size_t length
* The amount of data to obfuscate
* ob_char_t ob_char
* The character to use when obfuscating
*
* There are two types of entries that can be added. A slice entry that
* has an offset and length less than OB_LENGTH_MAX and an entry with
* length OB_LENGTH_MAX that implies obfuscating from offset to the end
* of the packet data.
*
* NOTE --
* There is a fixed size of slice entries and OB_LENGTH_MAX entries.
* If OB_RET_OVERFLOW is returned when attempting to add a slice entry,
* a second call can be made to add an OB_LENGTH_MAX entry. Only one
* OB_LENGTH_MAX entry can be associated with each Packet. If there is
* already an OB_LENGTH_MAX entry for the packet, the lower of the two
* offsets will be used. Although you should check for OB_RET_OVERFLOW
* when attempting to add an OB_LENGTH_MAX entry, the fixed size should
* be more than enough space to store an entry for each possible packet
* that could be in the system at the time.
*
* Returns
* OB_RET_SUCCESS on sucess
* OB_RET_ERROR on error
* OB_RET_OVERFLOW if there is no space left to add an entry
*/
ObRet (*addObfuscationEntry)(Packet *p, ob_size_t offset,
ob_size_t length, ob_char_t ob_char);
/*
* Determines if there are any obfuscation entries associated with
* the given Packet
*
* Arguments
* Packet *
* The Packet to check
*
* Returns
* 1 if the packet requires obfuscation
* 0 if it doesn't
*/
int (*payloadObfuscationRequired)(Packet *p);
/*
* Obfuscate the payload associated with the Packet. Mainly for use by the
* output system to print or log an obfuscated payload. The callback will
* be called for both payload segments that need obfuscation and those that
* don't. See comment on ObfuscationCallback above.
*
* Arguments
* Packet *
* The Packet whose payload should be obfuscated
* ObfuscationCallback
* The function that will be called for each obfuscated and
* non-obfuscated segment in the payload
* void *
* User data that will be passed to the callback
*
* Returns
* OB_RET_SUCCESS on sucess
* OB_RET_ERROR on error
*/
ObRet (*obfuscatePacket)(Packet *p,
ObfuscationCallback callback, void *user_data);
/*
* Obfuscate the stream segments associated with the Packet. Mainly for use
* by the output system to print or log the stream segments associated with
* a Packet that have been marked as needing obfuscation. The callback will
* be called for both stream segments that need obfuscation and those that
* don't. It will be called for all stream segments. See comment on
* ObfuscationCallback above.
*
* Arguments
* Packet *
* The Packet whose stream segments should be obfuscated
* ObfuscationCallback
* The function that will be called for each obfuscated and
* non-obfuscated part of the stream segments.
* void *
* User data that will be passed to the callback
*
* Returns
* OB_RET_SUCCESS on sucess
* OB_RET_ERROR on error
*/
ObRet (*obfuscatePacketStreamSegments)(Packet *p,
ObfuscationCallback callback, void *user_data);
/*
* Obfuscates the Packet payload and returns payload and payload length
* in parameters
*
* NOTE
* *payload will be set to NULL, so don't pass in an already
* allocated pointer.
* *payload_len will be zeroed.
*
* The payload returned is dynamically allocated and MUST be free'd.
*
* Arguments
* Packet *
* The Packet whose payload should be obfuscated
* uint8_t **payload
* A pointer to a payload pointer so it can be allocated, returned
* and accessed.
* ob_size_t *payload_len
* A pointer to an ob_size_t so the length can be returned.
*
* Returns
* OB_RET_ERROR if the payload could not be obfuscated
* the pointers to payload and payload_len will not be valid
* OB_RET_SUCCESS if the payload was obfuscated
* the pointers to payload and payload_len will be valid
*/
ObRet (*getObfuscatedPayload)(Packet *p, uint8_t **payload,
ob_size_t *payload_len);
/*
* Prints the current obfuscation entries.
*
* Arguments
* int sorted
* Print the sorted entries and sort if necessary.
*
* Returns
* None
*/
void (*printObfuscationEntries)(int sorted);
} ObfuscationApi;
/* For access when including header */
extern ObfuscationApi *obApi;
#endif /* __OBFUSCATION_H__ */

View file

@ -0,0 +1,61 @@
/*
** Copyright (C) 2007-2010 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PCAP_PKTHDR32_H__
#define __PCAP_PKTHDR32_H__
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef WIN32
#include <winsock2.h>
#else
#include <sys/time.h>
#endif
#include <stdlib.h>
#include <time.h>
#include <sys/types.h>
#include "sf_types.h"
/* we must use fixed size of 32 bits, because on-disk
* format of savefiles uses 32-bit tv_sec (and tv_usec)
*/
struct sf_timeval32
{
uint32_t tv_sec; /* seconds */
uint32_t tv_usec; /* microseconds */
};
/* this is equivalent to the pcap pkthdr struct, but we need
* a 32 bit one for unified output
*/
struct pcap_pkthdr32
{
struct sf_timeval32 ts; /* packet timestamp */
uint32_t caplen; /* packet capture length */
uint32_t pktlen; /* packet "real" length */
};
#endif /* __PCAP_PKTHDR32_H__ */

67
include_bak/plugin_enum.h Normal file
View file

@ -0,0 +1,67 @@
/* $Id$ */
/****************************************************************************
*
* Copyright (C) 2003-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
/*
Purpose: Enumerate all the various detection plugins entries for
otn->ds_list[]
No more grepping to make your own plugin!
*/
#ifndef _PLUGIN_ENUM_H
#define _PLUGIN_ENUM_H
enum {
PLUGIN_CLIENTSERVER,
PLUGIN_DSIZE_CHECK,
PLUGIN_FRAG_BITS,
PLUGIN_FRAG_OFFSET,
PLUGIN_ICMP_CODE,
PLUGIN_ICMP_ID_CHECK,
PLUGIN_ICMP_SEQ_CHECK,
PLUGIN_ICMP_TYPE,
PLUGIN_IPOPTION_CHECK,
PLUGIN_IP_ID_CHECK,
PLUGIN_IP_PROTO_CHECK,
PLUGIN_IP_SAME_CHECK,
PLUGIN_IP_TOS_CHECK,
PLUGIN_PATTERN_MATCH, /* AND match */
PLUGIN_PATTERN_MATCH_OR,
PLUGIN_PATTERN_MATCH_URI,
PLUGIN_RESPOND,
PLUGIN_RPC_CHECK,
PLUGIN_SESSION,
PLUGIN_TCP_ACK_CHECK,
PLUGIN_TCP_FLAG_CHECK,
PLUGIN_TCP_SEQ_CHECK,
PLUGIN_TCP_WIN_CHECK,
PLUGIN_TTL_CHECK,
PLUGIN_BYTE_TEST,
PLUGIN_PCRE,
PLUGIN_URILEN_CHECK,
PLUGIN_DYNAMIC,
PLUGIN_FLOWBIT,
PLUGIN_MAX /* sentinel value */
};
#endif /* _PLUGIN_ENUM_H */

90
include_bak/preprocids.h Normal file
View file

@ -0,0 +1,90 @@
/****************************************************************************
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
#ifndef _PREPROC_IDS_H
#define _PREPROC_IDS_H
/*
** Preprocessor Communication Defines
** ----------------------------------
** These defines allow preprocessors to be turned
** on and off for each packet. Preprocessors can be
** turned off and on before preprocessing occurs and
** during preprocessing.
**
** Currently, the order in which the preprocessors are
** placed in the snort.conf determine the order of
** evaluation. So if one module wants to turn off
** another module, it must come first in the order.
*/
#define PP_BO 0
#define PP_DCERPC 1
#define PP_DNS 2
#define PP_FRAG3 3
#define PP_FTPTELNET 4
#define PP_HTTPINSPECT 5
#define PP_PERFMONITOR 6
#define PP_RPCDECODE 7
#define PP_RULES 8
#define PP_SFPORTSCAN 9
#define PP_SMTP 10
#define PP_SSH 11
#define PP_SSL 12
#define PP_STREAM5 13
#define PP_TELNET 14
#define PP_ARPSPOOF 15
#define PP_DCE2 16
#define PP_SDF 17
/* used externally */
#define PP_ISAKMP 18
#define PP_SKYPE 19
/* currently 32 bits (preprocessors) */
/* are available. most of these can */
/* be deleted: */
#if 0
#define PP_ASN1DECODE 17
#define PP_CONVERSATION 18
#define PP_FLOW 19
#define PP_FRAG2 20
#define PP_FNORD 21
#define PP_HTTPFLOW 22
#define PP_LOADBALANCING 24
#define PP_PORTSCAN 25
#define PP_PORTSCAN2 26
#define PP_PORTSCAN_IGNORE_HOSTS 27
#endif
#define PP_ALL_ON 0xFFFFFFFF
#define PP_ALL_OFF 0x00000000
#define PRIORITY_FIRST 0x0
#define PRIORITY_NETWORK 0x10
#define PRIORITY_TRANSPORT 0x100
#define PRIORITY_TUNNEL 0x105
#define PRIORITY_SCANNER 0x110
#define PRIORITY_APPLICATION 0x200
#define PRIORITY_LAST 0xffff
#endif /* _PREPROC_IDS_H */

183
include_bak/profiler.h Normal file
View file

@ -0,0 +1,183 @@
/*
** Copyright (C) 2005-2010 Sourcefire, Inc.
** Author: Steven Sturges <ssturges@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* $Id$ */
#ifndef __PROFILER_H__
#define __PROFILER_H__
#ifdef PERF_PROFILING
#include "sf_types.h"
#include "cpuclock.h"
/* Sort preferences for rule profiling */
#define PROFILE_SORT_CHECKS 1
#define PROFILE_SORT_MATCHES 2
#define PROFILE_SORT_NOMATCHES 3
#define PROFILE_SORT_AVG_TICKS 4
#define PROFILE_SORT_AVG_TICKS_PER_MATCH 5
#define PROFILE_SORT_AVG_TICKS_PER_NOMATCH 6
#define PROFILE_SORT_TOTAL_TICKS 7
/* MACROS that handle profiling of rules and preprocessors */
#define PROFILE_VARS uint64_t ticks_start = 0, ticks_end = 0, ticks_delta = 0
#define PROFILE_START \
get_clockticks(ticks_start);
#define PROFILE_END \
get_clockticks(ticks_end); \
ticks_delta = ticks_end - ticks_start;
#ifndef PROFILING_RULES
#define PROFILING_RULES ScProfileRules()
#endif
#define NODE_PROFILE_VARS uint64_t ticks_start = 0, ticks_end = 0, ticks_delta = 0, node_deltas = 0
#define NODE_PROFILE_START(node) \
if (PROFILING_RULES) { \
node->checks++; \
PROFILE_START; \
}
#define NODE_PROFILE_END_MATCH(node) \
if (PROFILING_RULES) { \
PROFILE_END; \
node->ticks += ticks_delta + node_deltas; \
node->ticks_match += ticks_delta + node_deltas; \
}
#define NODE_PROFILE_END_NOMATCH(node) \
if (PROFILING_RULES) { \
PROFILE_END; \
node->ticks += ticks_delta + node_deltas; \
node->ticks_no_match += ticks_delta + node_deltas; \
}
#define NODE_PROFILE_TMPSTART(node) \
if (PROFILING_RULES) { \
PROFILE_START; \
}
#define NODE_PROFILE_TMPEND(node) \
if (PROFILING_RULES) { \
PROFILE_END; \
node_deltas += ticks_delta; \
}
#define OTN_PROFILE_ALERT(otn) otn->alerts++;
#ifndef PROFILING_PREPROCS
#define PROFILING_PREPROCS ScProfilePreprocs()
#endif
#define PREPROC_PROFILE_START(ppstat) \
if (PROFILING_PREPROCS) { \
ppstat.checks++; \
PROFILE_START; \
ppstat.ticks_start = ticks_start; \
}
#define PREPROC_PROFILE_REENTER_START(ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_START; \
ppstat.ticks_start = ticks_start; \
}
#define PREPROC_PROFILE_TMPSTART(ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_START; \
ppstat.ticks_start = ticks_start; \
}
#define PREPROC_PROFILE_END(ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_END; \
ppstat.exits++; \
ppstat.ticks += ticks_end - ppstat.ticks_start; \
}
#define PREPROC_PROFILE_REENTER_END(ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_END; \
ppstat.ticks += ticks_end - ppstat.ticks_start; \
}
#define PREPROC_PROFILE_TMPEND(ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_END; \
ppstat.ticks += ticks_end - ppstat.ticks_start; \
}
/************** Profiling API ******************/
void ShowRuleProfiles(void);
/* Preprocessor stats info */
typedef struct _PreprocStats
{
uint64_t ticks, ticks_start;
uint64_t checks;
uint64_t exits;
} PreprocStats;
typedef struct _PreprocStatsNode
{
PreprocStats *stats;
char *name;
int layer;
PreprocStats *parent;
struct _PreprocStatsNode *next;
} PreprocStatsNode;
typedef struct _ProfileConfig
{
int num;
int sort;
int append;
char *filename;
} ProfileConfig;
void RegisterPreprocessorProfile(char *keyword, PreprocStats *stats, int layer, PreprocStats *parent);
void ShowPreprocProfiles(void);
void ResetRuleProfiling(void);
void ResetPreprocProfiling(void);
void CleanupPreprocStatsNodeList(void);
extern PreprocStats totalPerfStats;
#else
#define PROFILE_VARS
#define NODE_PROFILE_VARS
#define NODE_PROFILE_START(node)
#define NODE_PROFILE_END_MATCH(node)
#define NODE_PROFILE_END_NOMATCH(node)
#define NODE_PROFILE_TMPSTART(node)
#define NODE_PROFILE_TMPEND(node)
#define OTN_PROFILE_ALERT(otn)
#define PREPROC_PROFILE_START(ppstat)
#define PREPROC_PROFILE_REENTER_START(ppstat)
#define PREPROC_PROFILE_TMPSTART(ppstat)
#define PREPROC_PROFILE_END(ppstat)
#define PREPROC_PROFILE_REENTER_END(ppstat)
#define PREPROC_PROFILE_TMPEND(ppstat)
#endif
#endif /* __PROFILER_H__ */

View file

@ -0,0 +1,72 @@
/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
#ifndef RULE_OPTION_TYPES__H
#define RULE_OPTION_TYPES__H
typedef enum _option_type_t
{
RULE_OPTION_TYPE_LEAF_NODE,
RULE_OPTION_TYPE_ASN1,
RULE_OPTION_TYPE_BYTE_TEST,
RULE_OPTION_TYPE_BYTE_JUMP,
RULE_OPTION_TYPE_FLOW,
RULE_OPTION_TYPE_CVS,
RULE_OPTION_TYPE_DSIZE,
RULE_OPTION_TYPE_FLOWBIT,
RULE_OPTION_TYPE_FTPBOUNCE,
RULE_OPTION_TYPE_ICMP_CODE,
RULE_OPTION_TYPE_ICMP_ID,
RULE_OPTION_TYPE_ICMP_SEQ,
RULE_OPTION_TYPE_ICMP_TYPE,
RULE_OPTION_TYPE_IP_FRAGBITS,
RULE_OPTION_TYPE_IP_FRAG_OFFSET,
RULE_OPTION_TYPE_IP_ID,
RULE_OPTION_TYPE_IP_OPTION,
RULE_OPTION_TYPE_IP_PROTO,
RULE_OPTION_TYPE_IP_SAME,
RULE_OPTION_TYPE_IP_TOS,
RULE_OPTION_TYPE_IS_DATA_AT,
RULE_OPTION_TYPE_FILE_DATA,
RULE_OPTION_TYPE_CONTENT,
RULE_OPTION_TYPE_CONTENT_URI,
RULE_OPTION_TYPE_PCRE,
#ifdef ENABLE_REACT
RULE_OPTION_TYPE_REACT,
#endif
#ifdef ENABLE_RESPOND
RULE_OPTION_TYPE_RESPOND,
#endif
RULE_OPTION_TYPE_RPC_CHECK,
RULE_OPTION_TYPE_SESSION,
RULE_OPTION_TYPE_TCP_ACK,
RULE_OPTION_TYPE_TCP_FLAG,
RULE_OPTION_TYPE_TCP_SEQ,
RULE_OPTION_TYPE_TCP_WIN,
RULE_OPTION_TYPE_TTL,
RULE_OPTION_TYPE_URILEN
#ifdef DYNAMIC_PLUGIN
,
RULE_OPTION_TYPE_HDR_OPT_CHECK,
RULE_OPTION_TYPE_PREPROCESSOR,
RULE_OPTION_TYPE_DYNAMIC
#endif
} option_type_t;
#endif /* RULE_OPTION_TYPES__H */

Some files were not shown because too many files have changed in this diff Show more