blacklight
/
Snort_AIPreproc
mirror of https://github.com/BlackLight/Snort_AIPreproc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Using autotools now

This commit is contained in:
BlackLight 2010-09-05 15:27:35 +02:00
parent 5cb91e3427
commit 7174b93511
81 changed files with 81840 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
AUTHORS Normal file
View File

674
COPYING Normal file
View File

@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

3
ChangeLog
View File

@ -1,3 +1,6 @@
2010-09-05 Fabio "BlackLight" Manganiello <blacklight@autistici.org>
* all: Using autotools now
2010-09-04 Fabio "BlackLight" Manganiello <blacklight@autistici.org>
* mysql.c: This file now only contains the functions for managing MySQL
connections in the database wrapper

0
INSTALL Normal file
View File

30
Makefile.am Normal file
View File

@ -0,0 +1,30 @@
## Process this file with automake for generating Makefile.in
AUTOMAKE_OPTIONS=foreign no-dependencies
libdir = ${exec_prefix}/lib/snort_dynamicpreprocessor
lib_LTLIBRARIES = libsf_ai_preproc.la
libsf_ai_preproc_la_CFLAGS = -D_XOPEN_SOURCE -D_GNU_SOURCE -DDYNAMIC_PLUGIN -DSUP_IP6 -fvisibility=hidden -fno-strict-aliasing -Wall -fstack-protector
libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic
BUILT_SOURCES = \
include/sf_dynamic_preproc_lib.c \
include/sfPolicyUserData.c
nodist_libsf_ai_preproc_la_SOURCES = \
include/sf_dynamic_preproc_lib.c \
include/sfPolicyUserData.c
libsf_ai_preproc_la_SOURCES = \
alert_parser.c \
cluster.c \
db.c \
mysql.c \
regex.c \
spp_ai.c \
stream.c
ACLOCAL_AMFLAGS = -I m4
# AM_CFLAGS = -DHAVE_CONFIG_H -DDYNAMIC_PLUGIN -DSUP_IP6 -fvisibility=hidden -fno-strict-aliasing -Wall -fstack-protector
INCLUDES = -I./uthash -I./include

722
Makefile.in Normal file
View File

@ -0,0 +1,722 @@
# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
# Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = .
DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in $(srcdir)/config.h.in \
$(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \
TODO config.guess config.sub install-sh ltmain.sh missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
libsf_ai_preproc_la_LIBADD =
am_libsf_ai_preproc_la_OBJECTS = libsf_ai_preproc_la-alert_parser.lo \
libsf_ai_preproc_la-cluster.lo libsf_ai_preproc_la-db.lo \
libsf_ai_preproc_la-mysql.lo libsf_ai_preproc_la-regex.lo \
libsf_ai_preproc_la-spp_ai.lo libsf_ai_preproc_la-stream.lo
nodist_libsf_ai_preproc_la_OBJECTS = \
libsf_ai_preproc_la-sf_dynamic_preproc_lib.lo \
libsf_ai_preproc_la-sfPolicyUserData.lo
libsf_ai_preproc_la_OBJECTS = $(am_libsf_ai_preproc_la_OBJECTS) \
$(nodist_libsf_ai_preproc_la_OBJECTS)
libsf_ai_preproc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) \
$(libsf_ai_preproc_la_LDFLAGS) $(LDFLAGS) -o $@
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp =
am__depfiles_maybe =
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(libsf_ai_preproc_la_SOURCES) \
$(nodist_libsf_ai_preproc_la_SOURCES)
DIST_SOURCES = $(libsf_ai_preproc_la_SOURCES)
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
am__remove_distdir = \
{ test ! -d "$(distdir)" \
|| { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
&& rm -fr "$(distdir)"; }; }
DIST_ARCHIVES = $(distdir).tar.gz
GZIP_ENV = --best
distuninstallcheck_listfiles = find . -type f -print
distcleancheck_listfiles = find . -type f -print
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = ${exec_prefix}/lib/snort_dynamicpreprocessor
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AUTOMAKE_OPTIONS = foreign no-dependencies
lib_LTLIBRARIES = libsf_ai_preproc.la
libsf_ai_preproc_la_CFLAGS = -D_XOPEN_SOURCE -D_GNU_SOURCE -DDYNAMIC_PLUGIN -DSUP_IP6 -fvisibility=hidden -fno-strict-aliasing -Wall -fstack-protector
libsf_ai_preproc_la_LDFLAGS = -module -export-dynamic
BUILT_SOURCES = \
include/sf_dynamic_preproc_lib.c \
include/sfPolicyUserData.c
nodist_libsf_ai_preproc_la_SOURCES = \
include/sf_dynamic_preproc_lib.c \
include/sfPolicyUserData.c
libsf_ai_preproc_la_SOURCES = \
alert_parser.c \
cluster.c \
db.c \
mysql.c \
regex.c \
spp_ai.c \
stream.c
ACLOCAL_AMFLAGS = -I m4
# AM_CFLAGS = -DHAVE_CONFIG_H -DDYNAMIC_PLUGIN -DSUP_IP6 -fvisibility=hidden -fno-strict-aliasing -Wall -fstack-protector
INCLUDES = -I./uthash -I./include
all: $(BUILT_SOURCES) config.h
$(MAKE) $(AM_MAKEFLAGS) all-am
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
am--refresh:
@:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \
$(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \
&& exit 0; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
echo ' $(SHELL) ./config.status'; \
$(SHELL) ./config.status;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
$(SHELL) ./config.status --recheck
$(top_srcdir)/configure: $(am__configure_deps)
$(am__cd) $(srcdir) && $(AUTOCONF)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
$(am__aclocal_m4_deps):
config.h: stamp-h1
@if test ! -f $@; then \
rm -f stamp-h1; \
$(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
else :; fi
stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
@rm -f stamp-h1
cd $(top_builddir) && $(SHELL) ./config.status config.h
$(srcdir)/config.h.in: $(am__configure_deps)
($(am__cd) $(top_srcdir) && $(AUTOHEADER))
rm -f stamp-h1
touch $@
distclean-hdr:
-rm -f config.h stamp-h1
install-libLTLIBRARIES: $(lib_LTLIBRARIES)
@$(NORMAL_INSTALL)
test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
list2=; for p in $$list; do \
if test -f $$p; then \
list2="$$list2 $$p"; \
else :; fi; \
done; \
test -z "$$list2" || { \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
}
uninstall-libLTLIBRARIES:
@$(NORMAL_UNINSTALL)
@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
for p in $$list; do \
$(am__strip_dir) \
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
done
clean-libLTLIBRARIES:
-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
test "$$dir" != "$$p" || dir=.; \
echo "rm -f \"$${dir}/so_locations\""; \
rm -f "$${dir}/so_locations"; \
done
libsf_ai_preproc.la: $(libsf_ai_preproc_la_OBJECTS) $(libsf_ai_preproc_la_DEPENDENCIES)
$(libsf_ai_preproc_la_LINK) -rpath $(libdir) $(libsf_ai_preproc_la_OBJECTS) $(libsf_ai_preproc_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
.c.o:
$(COMPILE) -c $<
.c.obj:
$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
$(LTCOMPILE) -c -o $@ $<
libsf_ai_preproc_la-alert_parser.lo: alert_parser.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-alert_parser.lo `test -f 'alert_parser.c' || echo '$(srcdir)/'`alert_parser.c
libsf_ai_preproc_la-cluster.lo: cluster.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-cluster.lo `test -f 'cluster.c' || echo '$(srcdir)/'`cluster.c
libsf_ai_preproc_la-db.lo: db.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c
libsf_ai_preproc_la-mysql.lo: mysql.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-mysql.lo `test -f 'mysql.c' || echo '$(srcdir)/'`mysql.c
libsf_ai_preproc_la-regex.lo: regex.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-regex.lo `test -f 'regex.c' || echo '$(srcdir)/'`regex.c
libsf_ai_preproc_la-spp_ai.lo: spp_ai.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-spp_ai.lo `test -f 'spp_ai.c' || echo '$(srcdir)/'`spp_ai.c
libsf_ai_preproc_la-stream.lo: stream.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-stream.lo `test -f 'stream.c' || echo '$(srcdir)/'`stream.c
libsf_ai_preproc_la-sf_dynamic_preproc_lib.lo: include/sf_dynamic_preproc_lib.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-sf_dynamic_preproc_lib.lo `test -f 'include/sf_dynamic_preproc_lib.c' || echo '$(srcdir)/'`include/sf_dynamic_preproc_lib.c
libsf_ai_preproc_la-sfPolicyUserData.lo: include/sfPolicyUserData.c
$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsf_ai_preproc_la_CFLAGS) $(CFLAGS) -c -o libsf_ai_preproc_la-sfPolicyUserData.lo `test -f 'include/sfPolicyUserData.c' || echo '$(srcdir)/'`include/sfPolicyUserData.c
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
distclean-libtool:
-rm -f libtool config.lt
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
set x; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
$(am__remove_distdir)
test -d "$(distdir)" || mkdir "$(distdir)"
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
-test -n "$(am__skip_mode_fix)" \
|| find "$(distdir)" -type d ! -perm -755 \
-exec chmod u+rwx,go+rx {} \; -o \
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|| chmod -R a+r "$(distdir)"
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
$(am__remove_distdir)
dist-bzip2: distdir
tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
$(am__remove_distdir)
dist-lzma: distdir
tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
$(am__remove_distdir)
dist-xz: distdir
tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
$(am__remove_distdir)
dist-tarZ: distdir
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__remove_distdir)
dist-shar: distdir
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
$(am__remove_distdir)
dist-zip: distdir
-rm -f $(distdir).zip
zip -rq $(distdir).zip $(distdir)
$(am__remove_distdir)
dist dist-all: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
$(am__remove_distdir)
# This target untars the dist file and tries a VPATH configuration. Then
# it guarantees that the distribution is self-contained by making another
# tarfile.
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lzma*) \
lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
*.tar.xz*) \
xz -dc $(distdir).tar.xz | $(am__untar) ;;\
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
esac
chmod -R a-w $(distdir); chmod a+w $(distdir)
mkdir $(distdir)/_build
mkdir $(distdir)/_inst
chmod a-w $(distdir)
test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
&& am__cwd=`pwd` \
&& $(am__cd) $(distdir)/_build \
&& ../configure --srcdir=.. --prefix="$$dc_install_base" \
$(DISTCHECK_CONFIGURE_FLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) check \
&& $(MAKE) $(AM_MAKEFLAGS) install \
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
&& $(MAKE) $(AM_MAKEFLAGS) uninstall \
&& $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
distuninstallcheck \
&& chmod -R a-w "$$dc_install_base" \
&& ({ \
(cd ../.. && umask 077 && mkdir "$$dc_destdir") \
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
} || { rm -rf "$$dc_destdir"; exit 1; }) \
&& rm -rf "$$dc_destdir" \
&& $(MAKE) $(AM_MAKEFLAGS) dist \
&& rm -rf $(DIST_ARCHIVES) \
&& $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
&& cd "$$am__cwd" \
|| exit 1
$(am__remove_distdir)
@(echo "$(distdir) archives ready for distribution: "; \
list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
distuninstallcheck:
@$(am__cd) '$(distuninstallcheck_dir)' \
&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
|| { echo "ERROR: files left after uninstall:" ; \
if test -n "$(DESTDIR)"; then \
echo " (check DESTDIR support)"; \
fi ; \
$(distuninstallcheck_listfiles) ; \
exit 1; } >&2
distcleancheck: distclean
@if test '$(srcdir)' = . ; then \
echo "ERROR: distcleancheck can only run from a VPATH build" ; \
exit 1 ; \
fi
@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
|| { echo "ERROR: files left in build directory after distclean:" ; \
$(distcleancheck_listfiles) ; \
exit 1; } >&2
check-am: all-am
check: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) check-am
all-am: Makefile $(LTLIBRARIES) config.h
installdirs:
for dir in "$(DESTDIR)$(libdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
clean: clean-am
clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
mostlyclean-am
distclean: distclean-am
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-hdr distclean-libtool distclean-tags
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am: install-libLTLIBRARIES
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -rf $(top_srcdir)/autom4te.cache
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-libLTLIBRARIES
.MAKE: all check install install-am install-strip
.PHONY: CTAGS GTAGS all all-am am--refresh check check-am clean \
clean-generic clean-libLTLIBRARIES clean-libtool ctags dist \
dist-all dist-bzip2 dist-gzip dist-lzma dist-shar dist-tarZ \
dist-xz dist-zip distcheck distclean distclean-compile \
distclean-generic distclean-hdr distclean-libtool \
distclean-tags distcleancheck distdir distuninstallcheck dvi \
dvi-am html html-am info info-am install install-am \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-libLTLIBRARIES \
install-man install-pdf install-pdf-am install-ps \
install-ps-am install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
uninstall-am uninstall-libLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

2
Makefile → Makefile.orig
View File

@ -1,5 +1,7 @@
# Path to your Snort preprocess directory (default: /usr/lib/snort_dynamicpreprocessor)
# CHANGE THIS LINE IF YOU INSTALLED SNORT SOMEWHERE ELSE!!!!!!!!!!
# /bin/sh ./libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I./uthash -I./include -DDYNAMIC_PLUGIN -DSUP_IP6 -fvisibility=hidden -fno-strict-aliasing -Wall -fstack-protector -g -O2 -c -o alert_parser.lo alert_parser.c
# /bin/sh ./libtool --tag=CC --mode=link gcc -DDYNAMIC_PLUGIN -DSUP_IP6 -fvisibility=hidden -fno-strict-aliasing -Wall -fstack-protector -g -O2 -module -export-dynamic -o libsf_ai_preproc.la -rpath /home/blacklight/local/snort/lib/snort_dynamicpreprocessor alert_parser.lo cluster.lo db.lo mysql.lo regex.lo spp_ai.lo stream.lo sf_dynamic_preproc_lib.lo sfPolicyUserData.lo -lpthread -lmysqlclient
PREPROC_PATH=/home/blacklight/local/snort/lib/snort_dynamicpreprocessor
INCLUDES=-I. -I../../.. -I../include -I./uthash

0
NEWS Normal file
View File

0
README Normal file
View File

8917
aclocal.m4 vendored Normal file
View File

File diff suppressed because it is too large Load Diff

14494
autom4te.cache/output.0 Normal file
View File

File diff suppressed because it is too large Load Diff

14490
autom4te.cache/output.1 Normal file
View File

File diff suppressed because it is too large Load Diff

272
autom4te.cache/requests Normal file
View File

@ -0,0 +1,272 @@
# This file was generated by Autom4te Tue Aug 3 21:06:07 PDT 2010.
# It contains the lists of macros which have been traced.
# It can be safely removed.
@request = (
bless( [
'0',
1,
[
'/usr/share/autoconf'
],
[
'/usr/share/autoconf/autoconf/autoconf.m4f',
'/usr/share/aclocal/argz.m4',
'/usr/share/aclocal/libtool.m4',
'/usr/share/aclocal/ltdl.m4',
'/usr/share/aclocal/ltoptions.m4',
'/usr/share/aclocal/ltsugar.m4',
'/usr/share/aclocal/ltversion.m4',
'/usr/share/aclocal/lt~obsolete.m4',
'/usr/share/aclocal-1.11/amversion.m4',
'/usr/share/aclocal-1.11/auxdir.m4',
'/usr/share/aclocal-1.11/cond.m4',
'/usr/share/aclocal-1.11/depend.m4',
'/usr/share/aclocal-1.11/depout.m4',
'/usr/share/aclocal-1.11/init.m4',
'/usr/share/aclocal-1.11/install-sh.m4',
'/usr/share/aclocal-1.11/lead-dot.m4',
'/usr/share/aclocal-1.11/make.m4',
'/usr/share/aclocal-1.11/missing.m4',
'/usr/share/aclocal-1.11/mkdirp.m4',
'/usr/share/aclocal-1.11/options.m4',
'/usr/share/aclocal-1.11/runlog.m4',
'/usr/share/aclocal-1.11/sanity.m4',
'/usr/share/aclocal-1.11/silent.m4',
'/usr/share/aclocal-1.11/strip.m4',
'/usr/share/aclocal-1.11/substnot.m4',
'/usr/share/aclocal-1.11/tar.m4',
'configure.ac'
],
{
'AM_ENABLE_STATIC' => 1,
'AC_LIBTOOL_LANG_RC_CONFIG' => 1,
'_LT_AC_SHELL_INIT' => 1,
'AC_DEFUN' => 1,
'_LT_AC_LANG_CXX_CONFIG' => 1,
'AC_PROG_LIBTOOL' => 1,
'AM_PROG_MKDIR_P' => 1,
'AM_AUTOMAKE_VERSION' => 1,
'AM_SUBST_NOTMAKE' => 1,
'AM_MISSING_PROG' => 1,
'AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH' => 1,
'_LT_AC_LANG_C_CONFIG' => 1,
'AM_PROG_INSTALL_STRIP' => 1,
'_m4_warn' => 1,
'AC_LIBTOOL_OBJDIR' => 1,
'gl_FUNC_ARGZ' => 1,
'AM_SANITY_CHECK' => 1,
'LTOBSOLETE_VERSION' => 1,
'AC_LIBTOOL_LANG_GCJ_CONFIG' => 1,
'AC_LIBTOOL_PROG_COMPILER_PIC' => 1,
'LT_LIB_M' => 1,
'_LT_AC_CHECK_DLFCN' => 1,
'AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE' => 1,
'LTSUGAR_VERSION' => 1,
'_LT_PROG_LTMAIN' => 1,
'LT_SYS_SYMBOL_USCORE' => 1,
'_AM_PROG_TAR' => 1,
'AC_LIBTOOL_GCJ' => 1,
'LT_SYS_DLOPEN_DEPLIBS' => 1,
'LT_FUNC_DLSYM_USCORE' => 1,
'_LT_AC_LANG_F77' => 1,
'AC_LIBTOOL_CONFIG' => 1,
'AC_LTDL_DLLIB' => 1,
'_AM_SUBST_NOTMAKE' => 1,
'_AM_AUTOCONF_VERSION' => 1,
'AM_DISABLE_SHARED' => 1,
'_LTDL_SETUP' => 1,
'AM_PROG_LIBTOOL' => 1,
'_LT_AC_LANG_CXX' => 1,
'AM_PROG_LD' => 1,
'_LT_AC_FILE_LTDLL_C' => 1,
'AC_LIB_LTDL' => 1,
'AU_DEFUN' => 1,
'AC_PROG_NM' => 1,
'AC_LIBTOOL_DLOPEN' => 1,
'AC_PROG_LD' => 1,
'AC_PROG_LD_GNU' => 1,
'AC_ENABLE_FAST_INSTALL' => 1,
'AC_LIBTOOL_FC' => 1,
'LTDL_CONVENIENCE' => 1,
'_AM_SET_OPTION' => 1,
'AC_LTDL_PREOPEN' => 1,
'_LT_LINKER_BOILERPLATE' => 1,
'AC_LIBTOOL_LANG_CXX_CONFIG' => 1,
'AC_LIBTOOL_PROG_CC_C_O' => 1,
'gl_PREREQ_ARGZ' => 1,
'LT_SUPPORTED_TAG' => 1,
'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
'LT_PROG_RC' => 1,
'LT_SYS_MODULE_EXT' => 1,
'AC_DEFUN_ONCE' => 1,
'_LT_AC_LANG_GCJ' => 1,
'AC_LTDL_OBJDIR' => 1,
'_LT_PATH_TOOL_PREFIX' => 1,
'AC_LIBTOOL_RC' => 1,
'_LT_AC_PROG_ECHO_BACKSLASH' => 1,
'AC_DISABLE_FAST_INSTALL' => 1,
'AM_SILENT_RULES' => 1,
'include' => 1,
'_LT_AC_TRY_DLOPEN_SELF' => 1,
'_LT_AC_SYS_LIBPATH_AIX' => 1,
'LT_AC_PROG_SED' => 1,
'AM_ENABLE_SHARED' => 1,
'LTDL_INSTALLABLE' => 1,
'_LT_AC_LANG_GCJ_CONFIG' => 1,
'AC_ENABLE_SHARED' => 1,
'AC_LIBTOOL_SYS_HARD_LINK_LOCKS' => 1,
'AC_ENABLE_STATIC' => 1,
'_LT_AC_TAGVAR' => 1,
'AC_LIBTOOL_LANG_F77_CONFIG' => 1,
'AM_CONDITIONAL' => 1,
'LT_LIB_DLLOAD' => 1,
'LTVERSION_VERSION' => 1,
'LTDL_INIT' => 1,
'm4_include' => 1,
'AM_PROG_INSTALL_SH' => 1,
'AC_PROG_EGREP' => 1,
'AC_PATH_MAGIC' => 1,
'_AC_AM_CONFIG_HEADER_HOOK' => 1,
'AC_LTDL_SYSSEARCHPATH' => 1,
'AM_MAKE_INCLUDE' => 1,
'LT_CMD_MAX_LEN' => 1,
'_LT_AC_TAGCONFIG' => 1,
'm4_pattern_forbid' => 1,
'_LT_LINKER_OPTION' => 1,
'AC_LIBTOOL_COMPILER_OPTION' => 1,
'AC_DISABLE_SHARED' => 1,
'_LT_COMPILER_BOILERPLATE' => 1,
'AC_LIBTOOL_WIN32_DLL' => 1,
'AC_LIBTOOL_SETUP' => 1,
'AC_PROG_LD_RELOAD_FLAG' => 1,
'AC_LTDL_DLSYM_USCORE' => 1,
'AM_MISSING_HAS_RUN' => 1,
'LT_LANG' => 1,
'LT_SYS_DLSEARCH_PATH' => 1,
'LT_CONFIG_LTDL_DIR' => 1,
'AC_LIBTOOL_DLOPEN_SELF' => 1,
'LT_OUTPUT' => 1,
'AC_LIBTOOL_PROG_LD_SHLIBS' => 1,
'AC_WITH_LTDL' => 1,
'AC_LIBTOOL_LINKER_OPTION' => 1,
'LT_AC_PROG_RC' => 1,
'AC_LIBTOOL_CXX' => 1,
'LT_INIT' => 1,
'LT_AC_PROG_GCJ' => 1,
'LT_SYS_DLOPEN_SELF' => 1,
'AM_DEP_TRACK' => 1,
'AM_DISABLE_STATIC' => 1,
'_AC_PROG_LIBTOOL' => 1,
'_AM_IF_OPTION' => 1,
'AC_PATH_TOOL_PREFIX' => 1,
'm4_pattern_allow' => 1,
'AC_LIBTOOL_F77' => 1,
'AM_SET_LEADING_DOT' => 1,
'LT_AC_PROG_EGREP' => 1,
'_AM_DEPENDENCIES' => 1,
'AC_LIBTOOL_LANG_C_CONFIG' => 1,
'LTOPTIONS_VERSION' => 1,
'_LT_AC_SYS_COMPILER' => 1,
'AM_PROG_NM' => 1,
'AC_LIBLTDL_CONVENIENCE' => 1,
'AC_DEPLIBS_CHECK_METHOD' => 1,
'AC_LIBLTDL_INSTALLABLE' => 1,
'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1,
'AC_LTDL_ENABLE_INSTALL' => 1,
'LT_PROG_GCJ' => 1,
'AC_LIBTOOL_SYS_DYNAMIC_LINKER' => 1,
'AM_INIT_AUTOMAKE' => 1,
'AC_DISABLE_STATIC' => 1,
'LT_PATH_NM' => 1,
'AC_LTDL_SHLIBEXT' => 1,
'_LT_AC_LOCK' => 1,
'_LT_AC_LANG_RC_CONFIG' => 1,
'LT_SYS_MODULE_PATH' => 1,
'LT_WITH_LTDL' => 1,
'AC_LIBTOOL_POSTDEP_PREDEP' => 1,
'AC_LTDL_SHLIBPATH' => 1,
'AM_AUX_DIR_EXPAND' => 1,
'AC_LIBTOOL_PROG_COMPILER_NO_RTTI' => 1,
'_LT_AC_LANG_F77_CONFIG' => 1,
'_LT_COMPILER_OPTION' => 1,
'_AM_SET_OPTIONS' => 1,
'AM_RUN_LOG' => 1,
'_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
'AC_LTDL_SYS_DLOPEN_DEPLIBS' => 1,
'AC_LIBTOOL_SYS_OLD_ARCHIVE' => 1,
'AC_LIBTOOL_PICMODE' => 1,
'AC_CHECK_LIBM' => 1,
'LT_PATH_LD' => 1,
'AC_LIBTOOL_SYS_LIB_STRIP' => 1,
'_AM_MANGLE_OPTION' => 1,
'AC_LIBTOOL_SYS_MAX_CMD_LEN' => 1,
'AC_LTDL_SYMBOL_USCORE' => 1,
'AM_SET_DEPDIR' => 1,
'_LT_CC_BASENAME' => 1,
'_LT_LIBOBJ' => 1
}
], 'Autom4te::Request' ),
bless( [
'1',
1,
[
'/usr/share/autoconf'
],
[
'/usr/share/autoconf/autoconf/autoconf.m4f',
'aclocal.m4',
'configure.ac'
],
{
'AM_PROG_F77_C_O' => 1,
'_LT_AC_TAGCONFIG' => 1,
'm4_pattern_forbid' => 1,
'AC_INIT' => 1,
'AC_CANONICAL_TARGET' => 1,
'_AM_COND_IF' => 1,
'AC_CONFIG_LIBOBJ_DIR' => 1,
'AC_SUBST' => 1,
'AC_CANONICAL_HOST' => 1,
'AC_FC_SRCEXT' => 1,
'AC_PROG_LIBTOOL' => 1,
'AM_INIT_AUTOMAKE' => 1,
'AC_CONFIG_SUBDIRS' => 1,
'AM_AUTOMAKE_VERSION' => 1,
'LT_CONFIG_LTDL_DIR' => 1,
'AC_CONFIG_LINKS' => 1,
'AC_REQUIRE_AUX_FILE' => 1,
'LT_SUPPORTED_TAG' => 1,
'm4_sinclude' => 1,
'AM_MAINTAINER_MODE' => 1,
'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
'_m4_warn' => 1,
'AM_PROG_CXX_C_O' => 1,
'_AM_COND_ENDIF' => 1,
'AM_ENABLE_MULTILIB' => 1,
'AM_SILENT_RULES' => 1,
'AC_CONFIG_FILES' => 1,
'include' => 1,
'LT_INIT' => 1,
'AM_GNU_GETTEXT' => 1,
'AC_LIBSOURCE' => 1,
'AC_CANONICAL_BUILD' => 1,
'AM_PROG_FC_C_O' => 1,
'AC_FC_FREEFORM' => 1,
'AH_OUTPUT' => 1,
'AC_CONFIG_AUX_DIR' => 1,
'_AM_SUBST_NOTMAKE' => 1,
'AM_PROG_CC_C_O' => 1,
'm4_pattern_allow' => 1,
'sinclude' => 1,
'AM_CONDITIONAL' => 1,
'AC_CANONICAL_SYSTEM' => 1,
'AC_CONFIG_HEADERS' => 1,
'AC_DEFINE_TRACE_LITERAL' => 1,
'm4_include' => 1,
'_AM_COND_ELSE' => 1,
'AC_SUBST_TRACE' => 1
}
], 'Autom4te::Request' )
);

2372
autom4te.cache/traces.0 Normal file
View File

File diff suppressed because it is too large Load Diff

681
autom4te.cache/traces.1 Normal file
View File

@ -0,0 +1,681 @@
m4trace:configure.ac:5: -1- AC_INIT([Snort_AI_preproc], [0.1], [blacklight@autistici.org])
m4trace:configure.ac:5: -1- m4_pattern_forbid([^_?A[CHUM]_])
m4trace:configure.ac:5: -1- m4_pattern_forbid([_AC_])
m4trace:configure.ac:5: -1- m4_pattern_forbid([^LIBOBJS$], [do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS'])
m4trace:configure.ac:5: -1- m4_pattern_allow([^AS_FLAGS$])
m4trace:configure.ac:5: -1- m4_pattern_forbid([^_?m4_])
m4trace:configure.ac:5: -1- m4_pattern_forbid([^dnl$])
m4trace:configure.ac:5: -1- m4_pattern_forbid([^_?AS_])
m4trace:configure.ac:5: -1- AC_SUBST([SHELL])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([SHELL])
m4trace:configure.ac:5: -1- m4_pattern_allow([^SHELL$])
m4trace:configure.ac:5: -1- AC_SUBST([PATH_SEPARATOR])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PATH_SEPARATOR])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PATH_SEPARATOR$])
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_NAME], [m4_ifdef([AC_PACKAGE_NAME], ['AC_PACKAGE_NAME'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_NAME])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_NAME$])
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_TARNAME], [m4_ifdef([AC_PACKAGE_TARNAME], ['AC_PACKAGE_TARNAME'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_TARNAME])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_VERSION], [m4_ifdef([AC_PACKAGE_VERSION], ['AC_PACKAGE_VERSION'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_VERSION])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_VERSION$])
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_STRING], [m4_ifdef([AC_PACKAGE_STRING], ['AC_PACKAGE_STRING'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_STRING])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_STRING$])
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_BUGREPORT], [m4_ifdef([AC_PACKAGE_BUGREPORT], ['AC_PACKAGE_BUGREPORT'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_BUGREPORT])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
m4trace:configure.ac:5: -1- AC_SUBST([PACKAGE_URL], [m4_ifdef([AC_PACKAGE_URL], ['AC_PACKAGE_URL'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([PACKAGE_URL])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_URL$])
m4trace:configure.ac:5: -1- AC_SUBST([exec_prefix], [NONE])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([exec_prefix])
m4trace:configure.ac:5: -1- m4_pattern_allow([^exec_prefix$])
m4trace:configure.ac:5: -1- AC_SUBST([prefix], [NONE])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([prefix])
m4trace:configure.ac:5: -1- m4_pattern_allow([^prefix$])
m4trace:configure.ac:5: -1- AC_SUBST([program_transform_name], [s,x,x,])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([program_transform_name])
m4trace:configure.ac:5: -1- m4_pattern_allow([^program_transform_name$])
m4trace:configure.ac:5: -1- AC_SUBST([bindir], ['${exec_prefix}/bin'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([bindir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^bindir$])
m4trace:configure.ac:5: -1- AC_SUBST([sbindir], ['${exec_prefix}/sbin'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([sbindir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^sbindir$])
m4trace:configure.ac:5: -1- AC_SUBST([libexecdir], ['${exec_prefix}/libexec'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([libexecdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^libexecdir$])
m4trace:configure.ac:5: -1- AC_SUBST([datarootdir], ['${prefix}/share'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([datarootdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^datarootdir$])
m4trace:configure.ac:5: -1- AC_SUBST([datadir], ['${datarootdir}'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([datadir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^datadir$])
m4trace:configure.ac:5: -1- AC_SUBST([sysconfdir], ['${prefix}/etc'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([sysconfdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^sysconfdir$])
m4trace:configure.ac:5: -1- AC_SUBST([sharedstatedir], ['${prefix}/com'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([sharedstatedir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^sharedstatedir$])
m4trace:configure.ac:5: -1- AC_SUBST([localstatedir], ['${prefix}/var'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([localstatedir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^localstatedir$])
m4trace:configure.ac:5: -1- AC_SUBST([includedir], ['${prefix}/include'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([includedir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^includedir$])
m4trace:configure.ac:5: -1- AC_SUBST([oldincludedir], ['/usr/include'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([oldincludedir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^oldincludedir$])
m4trace:configure.ac:5: -1- AC_SUBST([docdir], [m4_ifset([AC_PACKAGE_TARNAME],
['${datarootdir}/doc/${PACKAGE_TARNAME}'],
['${datarootdir}/doc/${PACKAGE}'])])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([docdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^docdir$])
m4trace:configure.ac:5: -1- AC_SUBST([infodir], ['${datarootdir}/info'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([infodir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^infodir$])
m4trace:configure.ac:5: -1- AC_SUBST([htmldir], ['${docdir}'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([htmldir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^htmldir$])
m4trace:configure.ac:5: -1- AC_SUBST([dvidir], ['${docdir}'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([dvidir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^dvidir$])
m4trace:configure.ac:5: -1- AC_SUBST([pdfdir], ['${docdir}'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([pdfdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^pdfdir$])
m4trace:configure.ac:5: -1- AC_SUBST([psdir], ['${docdir}'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([psdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^psdir$])
m4trace:configure.ac:5: -1- AC_SUBST([libdir], ['${exec_prefix}/lib'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([libdir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^libdir$])
m4trace:configure.ac:5: -1- AC_SUBST([localedir], ['${datarootdir}/locale'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([localedir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^localedir$])
m4trace:configure.ac:5: -1- AC_SUBST([mandir], ['${datarootdir}/man'])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([mandir])
m4trace:configure.ac:5: -1- m4_pattern_allow([^mandir$])
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_NAME$])
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_NAME], [/* Define to the full name of this package. */
@%:@undef PACKAGE_NAME])
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Define to the one symbol short name of this package. */
@%:@undef PACKAGE_TARNAME])
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_VERSION$])
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Define to the version of this package. */
@%:@undef PACKAGE_VERSION])
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_STRING$])
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_STRING], [/* Define to the full name and version of this package. */
@%:@undef PACKAGE_STRING])
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Define to the address where bug reports for this package should be sent. */
@%:@undef PACKAGE_BUGREPORT])
m4trace:configure.ac:5: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_URL])
m4trace:configure.ac:5: -1- m4_pattern_allow([^PACKAGE_URL$])
m4trace:configure.ac:5: -1- AH_OUTPUT([PACKAGE_URL], [/* Define to the home page for this package. */
@%:@undef PACKAGE_URL])
m4trace:configure.ac:5: -1- AC_SUBST([DEFS])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([DEFS])
m4trace:configure.ac:5: -1- m4_pattern_allow([^DEFS$])
m4trace:configure.ac:5: -1- AC_SUBST([ECHO_C])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([ECHO_C])
m4trace:configure.ac:5: -1- m4_pattern_allow([^ECHO_C$])
m4trace:configure.ac:5: -1- AC_SUBST([ECHO_N])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([ECHO_N])
m4trace:configure.ac:5: -1- m4_pattern_allow([^ECHO_N$])
m4trace:configure.ac:5: -1- AC_SUBST([ECHO_T])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([ECHO_T])
m4trace:configure.ac:5: -1- m4_pattern_allow([^ECHO_T$])
m4trace:configure.ac:5: -1- AC_SUBST([LIBS])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([LIBS])
m4trace:configure.ac:5: -1- m4_pattern_allow([^LIBS$])
m4trace:configure.ac:5: -1- AC_SUBST([build_alias])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([build_alias])
m4trace:configure.ac:5: -1- m4_pattern_allow([^build_alias$])
m4trace:configure.ac:5: -1- AC_SUBST([host_alias])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([host_alias])
m4trace:configure.ac:5: -1- m4_pattern_allow([^host_alias$])
m4trace:configure.ac:5: -1- AC_SUBST([target_alias])
m4trace:configure.ac:5: -1- AC_SUBST_TRACE([target_alias])
m4trace:configure.ac:5: -1- m4_pattern_allow([^target_alias$])
m4trace:configure.ac:6: -1- AM_INIT_AUTOMAKE([1.10 -Wall no-define])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AM_[A-Z]+FLAGS$])
m4trace:configure.ac:6: -1- AM_AUTOMAKE_VERSION([1.11.1])
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([install-sh])
m4trace:configure.ac:6: -1- AC_SUBST([INSTALL_PROGRAM])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([INSTALL_PROGRAM])
m4trace:configure.ac:6: -1- m4_pattern_allow([^INSTALL_PROGRAM$])
m4trace:configure.ac:6: -1- AC_SUBST([INSTALL_SCRIPT])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([INSTALL_SCRIPT])
m4trace:configure.ac:6: -1- m4_pattern_allow([^INSTALL_SCRIPT$])
m4trace:configure.ac:6: -1- AC_SUBST([INSTALL_DATA])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([INSTALL_DATA])
m4trace:configure.ac:6: -1- m4_pattern_allow([^INSTALL_DATA$])
m4trace:configure.ac:6: -1- AC_SUBST([am__isrc], [' -I$(srcdir)'])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([am__isrc])
m4trace:configure.ac:6: -1- m4_pattern_allow([^am__isrc$])
m4trace:configure.ac:6: -1- _AM_SUBST_NOTMAKE([am__isrc])
m4trace:configure.ac:6: -1- AC_SUBST([CYGPATH_W])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([CYGPATH_W])
m4trace:configure.ac:6: -1- m4_pattern_allow([^CYGPATH_W$])
m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE])
m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE$])
m4trace:configure.ac:6: -1- AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([VERSION])
m4trace:configure.ac:6: -1- m4_pattern_allow([^VERSION$])
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([missing])
m4trace:configure.ac:6: -1- AC_SUBST([ACLOCAL])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ACLOCAL])
m4trace:configure.ac:6: -1- m4_pattern_allow([^ACLOCAL$])
m4trace:configure.ac:6: -1- AC_SUBST([AUTOCONF])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AUTOCONF])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AUTOCONF$])
m4trace:configure.ac:6: -1- AC_SUBST([AUTOMAKE])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AUTOMAKE])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AUTOMAKE$])
m4trace:configure.ac:6: -1- AC_SUBST([AUTOHEADER])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AUTOHEADER])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AUTOHEADER$])
m4trace:configure.ac:6: -1- AC_SUBST([MAKEINFO])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([MAKEINFO])
m4trace:configure.ac:6: -1- m4_pattern_allow([^MAKEINFO$])
m4trace:configure.ac:6: -1- AC_SUBST([install_sh])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([install_sh])
m4trace:configure.ac:6: -1- m4_pattern_allow([^install_sh$])
m4trace:configure.ac:6: -1- AC_SUBST([STRIP])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([STRIP])
m4trace:configure.ac:6: -1- m4_pattern_allow([^STRIP$])
m4trace:configure.ac:6: -1- AC_SUBST([INSTALL_STRIP_PROGRAM])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([INSTALL_STRIP_PROGRAM])
m4trace:configure.ac:6: -1- m4_pattern_allow([^INSTALL_STRIP_PROGRAM$])
m4trace:configure.ac:6: -1- AC_REQUIRE_AUX_FILE([install-sh])
m4trace:configure.ac:6: -1- AC_SUBST([MKDIR_P])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([MKDIR_P])
m4trace:configure.ac:6: -1- m4_pattern_allow([^MKDIR_P$])
m4trace:configure.ac:6: -1- AC_SUBST([mkdir_p], ["$MKDIR_P"])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([mkdir_p])
m4trace:configure.ac:6: -1- m4_pattern_allow([^mkdir_p$])
m4trace:configure.ac:6: -1- AC_SUBST([AWK])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AWK])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AWK$])
m4trace:configure.ac:6: -1- AC_SUBST([SET_MAKE])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([SET_MAKE])
m4trace:configure.ac:6: -1- m4_pattern_allow([^SET_MAKE$])
m4trace:configure.ac:6: -1- AC_SUBST([am__leading_dot])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([am__leading_dot])
m4trace:configure.ac:6: -1- m4_pattern_allow([^am__leading_dot$])
m4trace:configure.ac:6: -1- AC_SUBST([AMTAR])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([AMTAR])
m4trace:configure.ac:6: -1- m4_pattern_allow([^AMTAR$])
m4trace:configure.ac:6: -1- AC_SUBST([am__tar])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([am__tar])
m4trace:configure.ac:6: -1- m4_pattern_allow([^am__tar$])
m4trace:configure.ac:6: -1- AC_SUBST([am__untar])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([am__untar])
m4trace:configure.ac:6: -1- m4_pattern_allow([^am__untar$])
m4trace:configure.ac:8: -1- AC_CONFIG_HEADERS([config.h])
m4trace:configure.ac:10: -1- LT_INIT
m4trace:configure.ac:10: -1- m4_pattern_forbid([^_?LT_[A-Z_]+$])
m4trace:configure.ac:10: -1- m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])
m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])
m4trace:configure.ac:10: -1- AC_SUBST([LIBTOOL])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LIBTOOL])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LIBTOOL$])
m4trace:configure.ac:10: -1- AC_CANONICAL_HOST
m4trace:configure.ac:10: -1- AC_CANONICAL_BUILD
m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([config.sub])
m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([config.guess])
m4trace:configure.ac:10: -1- AC_SUBST([build], [$ac_cv_build])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([build])
m4trace:configure.ac:10: -1- m4_pattern_allow([^build$])
m4trace:configure.ac:10: -1- AC_SUBST([build_cpu], [$[1]])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([build_cpu])
m4trace:configure.ac:10: -1- m4_pattern_allow([^build_cpu$])
m4trace:configure.ac:10: -1- AC_SUBST([build_vendor], [$[2]])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([build_vendor])
m4trace:configure.ac:10: -1- m4_pattern_allow([^build_vendor$])
m4trace:configure.ac:10: -1- AC_SUBST([build_os])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([build_os])
m4trace:configure.ac:10: -1- m4_pattern_allow([^build_os$])
m4trace:configure.ac:10: -1- AC_SUBST([host], [$ac_cv_host])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([host])
m4trace:configure.ac:10: -1- m4_pattern_allow([^host$])
m4trace:configure.ac:10: -1- AC_SUBST([host_cpu], [$[1]])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([host_cpu])
m4trace:configure.ac:10: -1- m4_pattern_allow([^host_cpu$])
m4trace:configure.ac:10: -1- AC_SUBST([host_vendor], [$[2]])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([host_vendor])
m4trace:configure.ac:10: -1- m4_pattern_allow([^host_vendor$])
m4trace:configure.ac:10: -1- AC_SUBST([host_os])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([host_os])
m4trace:configure.ac:10: -1- m4_pattern_allow([^host_os$])
m4trace:configure.ac:10: -1- AC_SUBST([CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- AC_SUBST([CFLAGS])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CFLAGS])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CFLAGS$])
m4trace:configure.ac:10: -1- AC_SUBST([LDFLAGS])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LDFLAGS])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LDFLAGS$])
m4trace:configure.ac:10: -1- AC_SUBST([LIBS])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LIBS])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LIBS$])
m4trace:configure.ac:10: -1- AC_SUBST([CPPFLAGS])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPPFLAGS])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CPPFLAGS$])
m4trace:configure.ac:10: -1- AC_SUBST([CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- AC_SUBST([CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- AC_SUBST([CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- AC_SUBST([CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- AC_SUBST([ac_ct_CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([ac_ct_CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_CC$])
m4trace:configure.ac:10: -1- AC_SUBST([EXEEXT], [$ac_cv_exeext])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([EXEEXT])
m4trace:configure.ac:10: -1- m4_pattern_allow([^EXEEXT$])
m4trace:configure.ac:10: -1- AC_SUBST([OBJEXT], [$ac_cv_objext])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OBJEXT])
m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJEXT$])
m4trace:configure.ac:10: -1- AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DEPDIR])
m4trace:configure.ac:10: -1- m4_pattern_allow([^DEPDIR$])
m4trace:configure.ac:10: -1- AC_SUBST([am__include])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__include])
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__include$])
m4trace:configure.ac:10: -1- AC_SUBST([am__quote])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__quote])
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__quote$])
m4trace:configure.ac:10: -1- AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_TRUE])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_TRUE])
m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_TRUE$])
m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_FALSE])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_FALSE])
m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_FALSE$])
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_TRUE])
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_FALSE])
m4trace:configure.ac:10: -1- AC_SUBST([AMDEPBACKSLASH])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEPBACKSLASH])
m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEPBACKSLASH$])
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])
m4trace:configure.ac:10: -1- AC_SUBST([CCDEPMODE], [depmode=$am_cv_CC_dependencies_compiler_type])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CCDEPMODE])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CCDEPMODE$])
m4trace:configure.ac:10: -1- AM_CONDITIONAL([am__fastdepCC], [
test "x$enable_dependency_tracking" != xno \
&& test "$am_cv_CC_dependencies_compiler_type" = gcc3])
m4trace:configure.ac:10: -1- AC_SUBST([am__fastdepCC_TRUE])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__fastdepCC_TRUE])
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
m4trace:configure.ac:10: -1- AC_SUBST([am__fastdepCC_FALSE])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__fastdepCC_FALSE])
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
m4trace:configure.ac:10: -1- AC_SUBST([SED])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([SED])
m4trace:configure.ac:10: -1- m4_pattern_allow([^SED$])
m4trace:configure.ac:10: -1- AC_SUBST([GREP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([GREP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^GREP$])
m4trace:configure.ac:10: -1- AC_SUBST([EGREP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([EGREP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^EGREP$])
m4trace:configure.ac:10: -1- AC_SUBST([FGREP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([FGREP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^FGREP$])
m4trace:configure.ac:10: -1- AC_SUBST([GREP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([GREP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^GREP$])
m4trace:configure.ac:10: -1- AC_SUBST([LD])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LD])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LD$])
m4trace:configure.ac:10: -1- AC_SUBST([DUMPBIN])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DUMPBIN])
m4trace:configure.ac:10: -1- m4_pattern_allow([^DUMPBIN$])
m4trace:configure.ac:10: -1- AC_SUBST([ac_ct_DUMPBIN])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([ac_ct_DUMPBIN])
m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_DUMPBIN$])
m4trace:configure.ac:10: -1- AC_SUBST([DUMPBIN])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DUMPBIN])
m4trace:configure.ac:10: -1- m4_pattern_allow([^DUMPBIN$])
m4trace:configure.ac:10: -1- AC_SUBST([NM])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([NM])
m4trace:configure.ac:10: -1- m4_pattern_allow([^NM$])
m4trace:configure.ac:10: -1- AC_SUBST([LN_S], [$as_ln_s])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LN_S])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LN_S$])
m4trace:configure.ac:10: -1- AC_SUBST([OBJDUMP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OBJDUMP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJDUMP$])
m4trace:configure.ac:10: -1- AC_SUBST([OBJDUMP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OBJDUMP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJDUMP$])
m4trace:configure.ac:10: -1- AC_SUBST([AR])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AR])
m4trace:configure.ac:10: -1- m4_pattern_allow([^AR$])
m4trace:configure.ac:10: -1- AC_SUBST([STRIP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([STRIP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^STRIP$])
m4trace:configure.ac:10: -1- AC_SUBST([RANLIB])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([RANLIB])
m4trace:configure.ac:10: -1- m4_pattern_allow([^RANLIB$])
m4trace:configure.ac:10: -1- m4_pattern_allow([LT_OBJDIR])
m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([LT_OBJDIR])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LT_OBJDIR$])
m4trace:configure.ac:10: -1- AH_OUTPUT([LT_OBJDIR], [/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
@%:@undef LT_OBJDIR])
m4trace:configure.ac:10: -1- AC_SUBST([lt_ECHO])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([lt_ECHO])
m4trace:configure.ac:10: -1- m4_pattern_allow([^lt_ECHO$])
m4trace:configure.ac:10: -1- LT_SUPPORTED_TAG([CC])
m4trace:configure.ac:10: -1- AC_SUBST([DSYMUTIL])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DSYMUTIL])
m4trace:configure.ac:10: -1- m4_pattern_allow([^DSYMUTIL$])
m4trace:configure.ac:10: -1- AC_SUBST([NMEDIT])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([NMEDIT])
m4trace:configure.ac:10: -1- m4_pattern_allow([^NMEDIT$])
m4trace:configure.ac:10: -1- AC_SUBST([LIPO])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LIPO])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LIPO$])
m4trace:configure.ac:10: -1- AC_SUBST([OTOOL])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OTOOL])
m4trace:configure.ac:10: -1- m4_pattern_allow([^OTOOL$])
m4trace:configure.ac:10: -1- AC_SUBST([OTOOL64])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OTOOL64])
m4trace:configure.ac:10: -1- m4_pattern_allow([^OTOOL64$])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_DLFCN_H], [/* Define to 1 if you have the <dlfcn.h> header file. */
@%:@undef HAVE_DLFCN_H])
m4trace:configure.ac:10: -1- AC_SUBST([CPP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CPP$])
m4trace:configure.ac:10: -1- AC_SUBST([CPPFLAGS])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPPFLAGS])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CPPFLAGS$])
m4trace:configure.ac:10: -1- AC_SUBST([CPP])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPP])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CPP$])
m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
m4trace:configure.ac:10: -1- m4_pattern_allow([^STDC_HEADERS$])
m4trace:configure.ac:10: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
@%:@undef STDC_HEADERS])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
@%:@undef HAVE_SYS_TYPES_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
@%:@undef HAVE_SYS_STAT_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
@%:@undef HAVE_STDLIB_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
@%:@undef HAVE_STRING_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */
@%:@undef HAVE_MEMORY_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
@%:@undef HAVE_STRINGS_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
@%:@undef HAVE_INTTYPES_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
@%:@undef HAVE_STDINT_H])
m4trace:configure.ac:10: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
@%:@undef HAVE_UNISTD_H])
m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DLFCN_H])
m4trace:configure.ac:10: -1- m4_pattern_allow([^HAVE_DLFCN_H$])
m4trace:configure.ac:13: -1- AC_SUBST([CC])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:13: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:13: -1- AC_SUBST([CFLAGS])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([CFLAGS])
m4trace:configure.ac:13: -1- m4_pattern_allow([^CFLAGS$])
m4trace:configure.ac:13: -1- AC_SUBST([LDFLAGS])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([LDFLAGS])
m4trace:configure.ac:13: -1- m4_pattern_allow([^LDFLAGS$])
m4trace:configure.ac:13: -1- AC_SUBST([LIBS])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([LIBS])
m4trace:configure.ac:13: -1- m4_pattern_allow([^LIBS$])
m4trace:configure.ac:13: -1- AC_SUBST([CPPFLAGS])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([CPPFLAGS])
m4trace:configure.ac:13: -1- m4_pattern_allow([^CPPFLAGS$])
m4trace:configure.ac:13: -1- AC_SUBST([CC])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:13: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:13: -1- AC_SUBST([CC])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:13: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:13: -1- AC_SUBST([CC])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:13: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:13: -1- AC_SUBST([CC])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([CC])
m4trace:configure.ac:13: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:13: -1- AC_SUBST([ac_ct_CC])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([ac_ct_CC])
m4trace:configure.ac:13: -1- m4_pattern_allow([^ac_ct_CC$])
m4trace:configure.ac:13: -1- AC_SUBST([CCDEPMODE], [depmode=$am_cv_CC_dependencies_compiler_type])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([CCDEPMODE])
m4trace:configure.ac:13: -1- m4_pattern_allow([^CCDEPMODE$])
m4trace:configure.ac:13: -1- AM_CONDITIONAL([am__fastdepCC], [
test "x$enable_dependency_tracking" != xno \
&& test "$am_cv_CC_dependencies_compiler_type" = gcc3])
m4trace:configure.ac:13: -1- AC_SUBST([am__fastdepCC_TRUE])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([am__fastdepCC_TRUE])
m4trace:configure.ac:13: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
m4trace:configure.ac:13: -1- AC_SUBST([am__fastdepCC_FALSE])
m4trace:configure.ac:13: -1- AC_SUBST_TRACE([am__fastdepCC_FALSE])
m4trace:configure.ac:13: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
m4trace:configure.ac:13: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
m4trace:configure.ac:13: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
m4trace:configure.ac:14: -1- AC_SUBST([LN_S], [$as_ln_s])
m4trace:configure.ac:14: -1- AC_SUBST_TRACE([LN_S])
m4trace:configure.ac:14: -1- m4_pattern_allow([^LN_S$])
m4trace:configure.ac:15: -1- AC_SUBST([SET_MAKE])
m4trace:configure.ac:15: -1- AC_SUBST_TRACE([SET_MAKE])
m4trace:configure.ac:15: -1- m4_pattern_allow([^SET_MAKE$])
m4trace:configure.ac:18: -1- AH_OUTPUT([HAVE_LIBMYSQLCLIENT], [/* Define to 1 if you have the `mysqlclient\' library (-lmysqlclient). */
@%:@undef HAVE_LIBMYSQLCLIENT])
m4trace:configure.ac:18: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBMYSQLCLIENT])
m4trace:configure.ac:18: -1- m4_pattern_allow([^HAVE_LIBMYSQLCLIENT$])
m4trace:configure.ac:19: -1- AH_OUTPUT([HAVE_LIBPTHREAD], [/* Define to 1 if you have the `pthread\' library (-lpthread). */
@%:@undef HAVE_LIBPTHREAD])
m4trace:configure.ac:19: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPTHREAD])
m4trace:configure.ac:19: -1- m4_pattern_allow([^HAVE_LIBPTHREAD$])
m4trace:configure.ac:22: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ALLOCA_H])
m4trace:configure.ac:22: -1- m4_pattern_allow([^HAVE_ALLOCA_H$])
m4trace:configure.ac:22: -1- AH_OUTPUT([HAVE_ALLOCA_H], [/* Define to 1 if you have <alloca.h> and it should be used (not on Ultrix).
*/
@%:@undef HAVE_ALLOCA_H])
m4trace:configure.ac:22: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ALLOCA])
m4trace:configure.ac:22: -1- m4_pattern_allow([^HAVE_ALLOCA$])
m4trace:configure.ac:22: -1- AH_OUTPUT([HAVE_ALLOCA], [/* Define to 1 if you have `alloca\', as a function or macro. */
@%:@undef HAVE_ALLOCA])
m4trace:configure.ac:22: -1- AC_LIBSOURCE([alloca.c])
m4trace:configure.ac:22: -1- AC_SUBST([ALLOCA], [\${LIBOBJDIR}alloca.$ac_objext])
m4trace:configure.ac:22: -1- AC_SUBST_TRACE([ALLOCA])
m4trace:configure.ac:22: -1- m4_pattern_allow([^ALLOCA$])
m4trace:configure.ac:22: -1- AC_DEFINE_TRACE_LITERAL([C_ALLOCA])
m4trace:configure.ac:22: -1- m4_pattern_allow([^C_ALLOCA$])
m4trace:configure.ac:22: -1- AH_OUTPUT([C_ALLOCA], [/* Define to 1 if using `alloca.c\'. */
@%:@undef C_ALLOCA])
m4trace:configure.ac:22: -1- AC_DEFINE_TRACE_LITERAL([CRAY_STACKSEG_END])
m4trace:configure.ac:22: -1- m4_pattern_allow([^CRAY_STACKSEG_END$])
m4trace:configure.ac:22: -1- AH_OUTPUT([CRAY_STACKSEG_END], [/* Define to one of `_getb67\', `GETB67\', `getb67\' for Cray-2 and Cray-YMP
systems. This function is required for `alloca.c\' support on those systems.
*/
@%:@undef CRAY_STACKSEG_END])
m4trace:configure.ac:22: -1- AH_OUTPUT([STACK_DIRECTION], [/* If using the C implementation of alloca, define if you know the
direction of stack growth for your system; otherwise it will be
automatically deduced at runtime.
STACK_DIRECTION > 0 => grows toward higher addresses
STACK_DIRECTION < 0 => grows toward lower addresses
STACK_DIRECTION = 0 => direction of growth unknown */
@%:@undef STACK_DIRECTION])
m4trace:configure.ac:22: -1- AC_DEFINE_TRACE_LITERAL([STACK_DIRECTION])
m4trace:configure.ac:22: -1- m4_pattern_allow([^STACK_DIRECTION$])
m4trace:configure.ac:23: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
@%:@undef HAVE_INTTYPES_H])
m4trace:configure.ac:23: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */
@%:@undef HAVE_LIMITS_H])
m4trace:configure.ac:23: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */
@%:@undef HAVE_STDDEF_H])
m4trace:configure.ac:23: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
@%:@undef HAVE_STDLIB_H])
m4trace:configure.ac:23: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
@%:@undef HAVE_STRING_H])
m4trace:configure.ac:23: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
@%:@undef HAVE_UNISTD_H])
m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([HAVE__BOOL])
m4trace:configure.ac:26: -1- m4_pattern_allow([^HAVE__BOOL$])
m4trace:configure.ac:26: -1- AH_OUTPUT([HAVE__BOOL], [/* Define to 1 if the system has the type `_Bool\'. */
@%:@undef HAVE__BOOL])
m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDBOOL_H])
m4trace:configure.ac:26: -1- m4_pattern_allow([^HAVE_STDBOOL_H$])
m4trace:configure.ac:26: -1- AH_OUTPUT([HAVE_STDBOOL_H], [/* Define to 1 if stdbool.h conforms to C99. */
@%:@undef HAVE_STDBOOL_H])
m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([size_t])
m4trace:configure.ac:27: -1- m4_pattern_allow([^size_t$])
m4trace:configure.ac:27: -1- AH_OUTPUT([size_t], [/* Define to `unsigned int\' if <sys/types.h> does not define. */
@%:@undef size_t])
m4trace:configure.ac:28: -1- AC_DEFINE_TRACE_LITERAL([uint16_t])
m4trace:configure.ac:28: -1- m4_pattern_allow([^uint16_t$])
m4trace:configure.ac:28: -1- AH_OUTPUT([uint16_t], [/* Define to the type of an unsigned integer type of width exactly 16 bits if
such a type exists and the standard includes do not define it. */
@%:@undef uint16_t])
m4trace:configure.ac:29: -1- AC_DEFINE_TRACE_LITERAL([_UINT32_T])
m4trace:configure.ac:29: -1- m4_pattern_allow([^_UINT32_T$])
m4trace:configure.ac:29: -1- AH_OUTPUT([_UINT32_T], [/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
@%:@define below would cause a syntax error. */
@%:@undef _UINT32_T])
m4trace:configure.ac:29: -1- AC_DEFINE_TRACE_LITERAL([uint32_t])
m4trace:configure.ac:29: -1- m4_pattern_allow([^uint32_t$])
m4trace:configure.ac:29: -1- AH_OUTPUT([uint32_t], [/* Define to the type of an unsigned integer type of width exactly 32 bits if
such a type exists and the standard includes do not define it. */
@%:@undef uint32_t])
m4trace:configure.ac:30: -1- AC_DEFINE_TRACE_LITERAL([_UINT8_T])
m4trace:configure.ac:30: -1- m4_pattern_allow([^_UINT8_T$])
m4trace:configure.ac:30: -1- AH_OUTPUT([_UINT8_T], [/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
<pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
@%:@define below would cause a syntax error. */
@%:@undef _UINT8_T])
m4trace:configure.ac:30: -1- AC_DEFINE_TRACE_LITERAL([uint8_t])
m4trace:configure.ac:30: -1- m4_pattern_allow([^uint8_t$])
m4trace:configure.ac:30: -1- AH_OUTPUT([uint8_t], [/* Define to the type of an unsigned integer type of width exactly 8 bits if
such a type exists and the standard includes do not define it. */
@%:@undef uint8_t])
m4trace:configure.ac:31: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PTRDIFF_T])
m4trace:configure.ac:31: -1- m4_pattern_allow([^HAVE_PTRDIFF_T$])
m4trace:configure.ac:31: -1- AH_OUTPUT([HAVE_PTRDIFF_T], [/* Define to 1 if the system has the type `ptrdiff_t\'. */
@%:@undef HAVE_PTRDIFF_T])
m4trace:configure.ac:34: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
@%:@undef HAVE_STDLIB_H])
m4trace:configure.ac:34: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDLIB_H])
m4trace:configure.ac:34: -1- m4_pattern_allow([^HAVE_STDLIB_H$])
m4trace:configure.ac:34: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MALLOC])
m4trace:configure.ac:34: -1- m4_pattern_allow([^HAVE_MALLOC$])
m4trace:configure.ac:34: -1- AH_OUTPUT([HAVE_MALLOC], [/* Define to 1 if your system has a GNU libc compatible `malloc\' function, and
to 0 otherwise. */
@%:@undef HAVE_MALLOC])
m4trace:configure.ac:34: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MALLOC])
m4trace:configure.ac:34: -1- m4_pattern_allow([^HAVE_MALLOC$])
m4trace:configure.ac:34: -1- AC_LIBSOURCE([malloc.c])
m4trace:configure.ac:34: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS malloc.$ac_objext"])
m4trace:configure.ac:34: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:34: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:34: -1- AC_DEFINE_TRACE_LITERAL([malloc])
m4trace:configure.ac:34: -1- m4_pattern_allow([^malloc$])
m4trace:configure.ac:34: -1- AH_OUTPUT([malloc], [/* Define to rpl_malloc if the replacement function should be used. */
@%:@undef malloc])
m4trace:configure.ac:35: -1- AC_DEFINE_TRACE_LITERAL([TIME_WITH_SYS_TIME])
m4trace:configure.ac:35: -1- m4_pattern_allow([^TIME_WITH_SYS_TIME$])
m4trace:configure.ac:35: -1- AH_OUTPUT([TIME_WITH_SYS_TIME], [/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
@%:@undef TIME_WITH_SYS_TIME])
m4trace:configure.ac:35: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */
@%:@undef HAVE_SYS_TIME_H])
m4trace:configure.ac:35: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
@%:@undef HAVE_UNISTD_H])
m4trace:configure.ac:35: -1- AH_OUTPUT([HAVE_ALARM], [/* Define to 1 if you have the `alarm\' function. */
@%:@undef HAVE_ALARM])
m4trace:configure.ac:35: -1- AC_LIBSOURCE([mktime.c])
m4trace:configure.ac:35: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS mktime.$ac_objext"])
m4trace:configure.ac:35: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:35: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:36: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
@%:@undef HAVE_STDLIB_H])
m4trace:configure.ac:36: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDLIB_H])
m4trace:configure.ac:36: -1- m4_pattern_allow([^HAVE_STDLIB_H$])
m4trace:configure.ac:36: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOC])
m4trace:configure.ac:36: -1- m4_pattern_allow([^HAVE_REALLOC$])
m4trace:configure.ac:36: -1- AH_OUTPUT([HAVE_REALLOC], [/* Define to 1 if your system has a GNU libc compatible `realloc\' function,
and to 0 otherwise. */
@%:@undef HAVE_REALLOC])
m4trace:configure.ac:36: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOC])
m4trace:configure.ac:36: -1- m4_pattern_allow([^HAVE_REALLOC$])
m4trace:configure.ac:36: -1- AC_LIBSOURCE([realloc.c])
m4trace:configure.ac:36: -1- AC_SUBST([LIB@&t@OBJS], ["$LIB@&t@OBJS realloc.$ac_objext"])
m4trace:configure.ac:36: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:36: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:36: -1- AC_DEFINE_TRACE_LITERAL([realloc])
m4trace:configure.ac:36: -1- m4_pattern_allow([^realloc$])
m4trace:configure.ac:36: -1- AH_OUTPUT([realloc], [/* Define to rpl_realloc if the replacement function should be used. */
@%:@undef realloc])
m4trace:configure.ac:37: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the `memmove\' function. */
@%:@undef HAVE_MEMMOVE])
m4trace:configure.ac:37: -1- AH_OUTPUT([HAVE_MEMSET], [/* Define to 1 if you have the `memset\' function. */
@%:@undef HAVE_MEMSET])
m4trace:configure.ac:37: -1- AH_OUTPUT([HAVE_REGCOMP], [/* Define to 1 if you have the `regcomp\' function. */
@%:@undef HAVE_REGCOMP])
m4trace:configure.ac:37: -1- AH_OUTPUT([HAVE_STRCASECMP], [/* Define to 1 if you have the `strcasecmp\' function. */
@%:@undef HAVE_STRCASECMP])
m4trace:configure.ac:37: -1- AH_OUTPUT([HAVE_STRDUP], [/* Define to 1 if you have the `strdup\' function. */
@%:@undef HAVE_STRDUP])
m4trace:configure.ac:37: -1- AH_OUTPUT([HAVE_STRSTR], [/* Define to 1 if you have the `strstr\' function. */
@%:@undef HAVE_STRSTR])
m4trace:configure.ac:37: -1- AH_OUTPUT([HAVE_STRTOL], [/* Define to 1 if you have the `strtol\' function. */
@%:@undef HAVE_STRTOL])
m4trace:configure.ac:37: -1- AH_OUTPUT([HAVE_STRTOUL], [/* Define to 1 if you have the `strtoul\' function. */
@%:@undef HAVE_STRTOUL])
m4trace:configure.ac:39: -1- AC_CONFIG_FILES([Makefile])
m4trace:configure.ac:40: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
m4trace:configure.ac:40: -1- m4_pattern_allow([^LIB@&t@OBJS$])
m4trace:configure.ac:40: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([LTLIBOBJS])
m4trace:configure.ac:40: -1- m4_pattern_allow([^LTLIBOBJS$])
m4trace:configure.ac:40: -1- AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])
m4trace:configure.ac:40: -1- AC_SUBST([am__EXEEXT_TRUE])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([am__EXEEXT_TRUE])
m4trace:configure.ac:40: -1- m4_pattern_allow([^am__EXEEXT_TRUE$])
m4trace:configure.ac:40: -1- AC_SUBST([am__EXEEXT_FALSE])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([am__EXEEXT_FALSE])
m4trace:configure.ac:40: -1- m4_pattern_allow([^am__EXEEXT_FALSE$])
m4trace:configure.ac:40: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_TRUE])
m4trace:configure.ac:40: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_FALSE])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([top_builddir])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([top_build_prefix])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([srcdir])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([abs_srcdir])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([top_srcdir])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([abs_top_srcdir])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([builddir])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([abs_builddir])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([abs_top_builddir])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([INSTALL])
m4trace:configure.ac:40: -1- AC_SUBST_TRACE([MKDIR_P])
m4trace:configure.ac:40: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])

1502
config.guess vendored Executable file
View File

File diff suppressed because it is too large Load Diff

321
config.h.in Normal file
View File

@ -0,0 +1,321 @@
/* config.h. Generated from config.h.in by configure. */
/* config.h.in. Generated from configure.in by autoheader. */
/* Define if building universal (internal helper macro) */
/* #undef AC_APPLE_UNIVERSAL_BUILD */
/* Define if AIX */
/* #undef AIX */
/* Define if broken SIOCGIFMTU */
/* #undef BROKEN_SIOCGIFMTU */
/* Define if BSDi */
/* #undef BSDI */
/* Don't close opened shared objects for valgrind leak testing of dynamic
libraries */
/* #undef DISABLE_DLCLOSE_FOR_VALGRIND_TESTING */
/* Define if errlist is predefined */
#define ERRLIST_PREDEFINED 1
/* Define if FreeBSD */
/* #undef FREEBSD */
/* Define to 1 if the system has the type `boolean'. */
/* #undef HAVE_BOOLEAN */
/* Define to 1 if you have the <dlfcn.h> header file. */
#define HAVE_DLFCN_H 1
/* Define to 1 if you have the <dnet.h> header file. */
/* #undef HAVE_DNET_H */
/* Define to 1 if the system has the type `int16_t'. */
#define HAVE_INT16_T 1
/* Define to 1 if the system has the type `int32_t'. */
#define HAVE_INT32_T 1
/* Define to 1 if the system has the type `int64_t'. */
#define HAVE_INT64_T 1
/* Define to 1 if the system has the type `int8_t'. */
#define HAVE_INT8_T 1
/* Define to 1 if you have the <inttypes.h> header file. */
#define HAVE_INTTYPES_H 1
/* Define to 1 if you have the `c' library (-lc). */
/* #undef HAVE_LIBC */
/* Define to 1 if you have the `dl' library (-ldl). */
#define HAVE_LIBDL 1
/* Define to 1 if you have the `dnet' library (-ldnet). */
/* #undef HAVE_LIBDNET */
/* Define to 1 if you have the `ipq' library (-lipq). */
/* #undef HAVE_LIBIPQ */
/* Define to 1 if you have the `m' library (-lm). */
#define HAVE_LIBM 1
/* Define to 1 if you have the `net' library (-lnet). */
/* #undef HAVE_LIBNET */
/* Define to 1 if you have the <libnet.h> header file. */
/* #undef HAVE_LIBNET_H */
/* Define to 1 if you have the `nsl' library (-lnsl). */
#define HAVE_LIBNSL 1
/* Define to 1 if you have the `pcap' library (-lpcap). */
#define HAVE_LIBPCAP 1
/* Define to 1 if you have the `pcre' library (-lpcre). */
#define HAVE_LIBPCRE 1
/* Define to 1 if you have the `pfring' library (-lpfring). */
/* #undef HAVE_LIBPFRING */
/* Define to 1 if you have the `pq' library (-lpq). */
/* #undef HAVE_LIBPQ */
/* Define whether Prelude support is enabled */
/* #undef HAVE_LIBPRELUDE */
/* Define to 1 if you have the `rt' library (-lrt). */
/* #undef HAVE_LIBRT */
/* Define to 1 if you have the `socket' library (-lsocket). */
/* #undef HAVE_LIBSOCKET */
/* Define to 1 if you have the `z' library (-lz). */
#define HAVE_LIBZ 1
/* Define whether linuxthreads is being used */
/* #undef HAVE_LINUXTHREADS */
/* Define to 1 if you have the <math.h> header file. */
#define HAVE_MATH_H 1
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the <paths.h> header file. */
#define HAVE_PATHS_H 1
/* Can cleanup lex buffer stack created by pcap bpf filter */
/* #undef HAVE_PCAP_LEX_DESTROY */
/* Define to 1 if you have the <pcre.h> header file. */
#define HAVE_PCRE_H 1
/* Define to 1 if you have the <pfring.h> header file. */
/* #undef HAVE_PFRING_H */
/* Define to 1 if you have the `snprintf' function. */
#define HAVE_SNPRINTF 1
/* Define to 1 if you have the <stdint.h> header file. */
#define HAVE_STDINT_H 1
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the `strerror' function. */
#define HAVE_STRERROR 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the `strlcat' function. */
/* #undef HAVE_STRLCAT */
/* Define to 1 if you have the `strlcpy' function. */
/* #undef HAVE_STRLCPY */
/* Define to 1 if you have the `strtoul' function. */
/* #undef HAVE_STRTOUL */
/* Define to 1 if you have the <sys/sockio.h> header file. */
/* #undef HAVE_SYS_SOCKIO_H */
/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if the system has the type `uint16_t'. */
#define HAVE_UINT16_T 1
/* Define to 1 if the system has the type `uint32_t'. */
#define HAVE_UINT32_T 1
/* Define to 1 if the system has the type `uint64_t'. */
#define HAVE_UINT64_T 1
/* Define to 1 if the system has the type `uint8_t'. */
#define HAVE_UINT8_T 1
/* Define to 1 if you have the <unistd.h> header file. */
#define HAVE_UNISTD_H 1
/* Define to 1 if the system has the type `u_int16_t'. */
#define HAVE_U_INT16_T 1
/* Define to 1 if the system has the type `u_int32_t'. */
#define HAVE_U_INT32_T 1
/* Define to 1 if the system has the type `u_int64_t'. */
#define HAVE_U_INT64_T 1
/* Define to 1 if the system has the type `u_int8_t'. */
#define HAVE_U_INT8_T 1
/* Define if the compiler supports visibility declarations. */
#define HAVE_VISIBILITY 1
/* Define to 1 if you have the `vsnprintf' function. */
/* #undef HAVE_VSNPRINTF */
/* Define to 1 if you have the `vswprintf' function. */
#define HAVE_VSWPRINTF 1
/* Define to 1 if you have the <wchar.h> header file. */
#define HAVE_WCHAR_H 1
/* Define to 1 if you have the `wprintf' function. */
#define HAVE_WPRINTF 1
/* Define whether yylex_destroy is supported in flex version */
#define HAVE_YYLEX_DESTROY 1
/* Define to 1 if you have the <zlib.h> header file. */
/* #undef HAVE_ZLIB_H */
/* Define if the compiler understands __FUNCTION__. */
#define HAVE___FUNCTION__ 1
/* Define if the compiler understands __func__. */
/* #undef HAVE___func__ */
/* Define if HP-UX 10 or 11 */
/* #undef HPUX */
/* For INADDR_NONE definition */
/* #undef INADDR_NONE */
/* Define if Irix 6 */
/* #undef IRIX */
/* For libpcap versions that accumulate stats */
#define LIBPCAP_ACCUMULATES 1
/* Define if Linux */
#define LINUX 1
/* For Linux libpcap versions 0.9.0 to 0.9.4 */
/* #undef LINUX_LIBPCAP_DOUBLES_STATS */
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
#define LT_OBJDIR ".libs/"
/* Define if MacOS */
/* #undef MACOS */
/* For MySQL versions 5.0.13 and greater */
#define MYSQL_HAS_OPT_RECONNECT 1
/* For MySQL versions 5.0.13 to 5.0.18 */
/* #undef MYSQL_HAS_OPT_RECONNECT_BUG */
/* Define if OpenBSD < 2.3 */
/* #undef OPENBSD */
/* Define if Tru64 */
/* #undef OSF1 */
/* Name of package */
#define PACKAGE "snort"
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT ""
/* Define to the full name of this package. */
#define PACKAGE_NAME ""
/* Define to the full name and version of this package. */
#define PACKAGE_STRING ""
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME ""
/* Define to the home page for this package. */
#define PACKAGE_URL ""
/* Define to the version of this package. */
#define PACKAGE_VERSION ""
/* Define if pcap timeout is ignored */
#define PCAP_TIMEOUT_IGNORED 1
/* The size of `char', as computed by sizeof. */
#define SIZEOF_CHAR 1
/* The size of `int', as computed by sizeof. */
#define SIZEOF_INT 4
/* The size of `long int', as computed by sizeof. */
#define SIZEOF_LONG_INT 4
/* The size of `long long int', as computed by sizeof. */
#define SIZEOF_LONG_LONG_INT 8
/* The size of `short', as computed by sizeof. */
#define SIZEOF_SHORT 2
/* The size of `unsigned int', as computed by sizeof. */
#define SIZEOF_UNSIGNED_INT 4
/* The size of `unsigned long int', as computed by sizeof. */
#define SIZEOF_UNSIGNED_LONG_INT 4
/* The size of `unsigned long long int', as computed by sizeof. */
#define SIZEOF_UNSIGNED_LONG_LONG_INT 8
/* Define if Solaris */
/* #undef SOLARIS */
/* For sparc v9 with %time register */
/* #undef SPARCV9 */
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Define if SunOS */
/* #undef SUNOS */
/* Version number of package */
#define VERSION "2.8.6.1"
/* Define if words are big endian */
/* #undef WORDS_BIGENDIAN */
/* Define if words must align */
/* #undef WORDS_MUSTALIGN */
/* Define __FUNCTION__ as required. */
/* #undef __FUNCTION__ */
#ifndef ENABLE_MYSQL
#define ENABLE_MYSQL 1
#endif

2066
config.status Executable file
View File

File diff suppressed because it is too large Load Diff

1714
config.sub vendored Executable file
View File

File diff suppressed because it is too large Load Diff

14490
configure vendored Executable file
View File

File diff suppressed because it is too large Load Diff

41
configure.ac Normal file
View File

@ -0,0 +1,41 @@
# -*- Autoconf -*-
# Process this file with autoconf to produce a configure script.
AC_PREREQ([2.67])
AC_INIT([Snort_AI_preproc], [0.1], [blacklight@autistici.org])
AM_INIT_AUTOMAKE([1.10 -Wall no-define])
AC_CONFIG_SRCDIR([config.h.in])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
LT_INIT
# Checks for programs.
AC_PROG_CC
AC_PROG_LN_S
AC_PROG_MAKE_SET
# Checks for libraries.
AC_CHECK_LIB([mysqlclient], [mysql_query])
AC_CHECK_LIB([pthread], [pthread_create])
# Checks for header files.
AC_FUNC_ALLOCA
AC_CHECK_HEADERS([inttypes.h limits.h stddef.h stdlib.h string.h unistd.h])
# Checks for typedefs, structures, and compiler characteristics.
AC_HEADER_STDBOOL
AC_TYPE_SIZE_T
AC_TYPE_UINT16_T
AC_TYPE_UINT32_T
AC_TYPE_UINT8_T
AC_CHECK_TYPES([ptrdiff_t])
# Checks for library functions.
AC_FUNC_MALLOC
AC_FUNC_MKTIME
AC_FUNC_REALLOC
AC_CHECK_FUNCS([memmove memset regcomp strcasecmp strdup strstr strtol strtoul])
AC_CONFIG_FILES([Makefile])
AC_OUTPUT

42
include/bitop.h Normal file
View File

@ -0,0 +1,42 @@
/*
** $Id$
**
** bitopt.c
**
** Copyright (C) 2002-2010 Sourcefire, Inc.
** Dan Roelker <droelker@sourcefire.com>
** Marc Norton <mnorton@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
**
** NOTES
** 5.15.02 - Initial Source Code. Norton/Roelker
** 5.23.02 - Moved bitop functions to bitop.h to inline. Norton/Roelker
** 1.21.04 - Added static initialization. Roelker
** 9.13.05 - Separated type and inline func definitions. Sturges
**
*/
#ifndef _BITOP_H
#define _BITOP_H
typedef struct _BITOP {
unsigned char *pucBitBuffer;
unsigned int uiBitBufferSize;
unsigned int uiMaxBits;
} BITOP;
#endif /* _BITOP_H */

182
include/bounds.h Normal file
View File

@ -0,0 +1,182 @@
#ifndef _BOUNDS_H
#define _BOUNDS_H
/*
** Copyright (C) 2003-2010 Sourcefire, Inc.
** Chris Green <cmg@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
**
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef OSF1
#include <sys/bitypes.h>
#endif
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <assert.h>
#include <unistd.h>
#define SAFEMEM_ERROR 0
#define SAFEMEM_SUCCESS 1
#include "debug.h"
#ifndef DEBUG
#define ERRORRET return SAFEMEM_ERROR;
#else
#define ERRORRET assert(0==1)
#endif /* DEBUG */
#include "sf_types.h"
/*
* Check to make sure that p is less than or equal to the ptr range
* pointers
*
* 1 means it's in bounds, 0 means it's not
*/
static INLINE int inBounds(const uint8_t *start, const uint8_t *end, const uint8_t *p)
{
if ((p >= start) && (p < end))
return 1;
return 0;
}
static INLINE int SafeMemCheck(void *dst, size_t n,
const void *start, const void *end)
{
void *tmp;
if (n < 1)
return SAFEMEM_ERROR;
if ((dst == NULL) || (start == NULL) || (end == NULL))
return SAFEMEM_ERROR;
tmp = ((uint8_t *)dst) + (n - 1);
if (tmp < dst)
return SAFEMEM_ERROR;
if (!inBounds(start, end, dst) || !inBounds(start, end, tmp))
return SAFEMEM_ERROR;
return SAFEMEM_SUCCESS;
}
/**
* A Safer Memcpy
*
* @param dst where to copy to
* @param src where to copy from
* @param n number of bytes to copy
* @param start start of the dest buffer
* @param end end of the dst buffer
*
* @return SAFEMEM_ERROR on failure, SAFEMEM_SUCCESS on success
*/
static INLINE int SafeMemcpy(void *dst, const void *src, size_t n, const void *start, const void *end)
{
if (SafeMemCheck(dst, n, start, end) != SAFEMEM_SUCCESS)
ERRORRET;
if (src == NULL)
ERRORRET;
memcpy(dst, src, n);
return SAFEMEM_SUCCESS;
}
/**
* A Safer Memmove
* dst and src can be in the same buffer
*
* @param dst where to copy to
* @param src where to copy from
* @param n number of bytes to copy
* @param start start of the dest buffer
* @param end end of the dst buffer
*
* @return SAFEMEM_ERROR on failure, SAFEMEM_SUCCESS on success
*/
static INLINE int SafeMemmove(void *dst, const void *src, size_t n, const void *start, const void *end)
{
if (SafeMemCheck(dst, n, start, end) != SAFEMEM_SUCCESS)
ERRORRET;
if (src == NULL)
ERRORRET;
memmove(dst, src, n);
return SAFEMEM_SUCCESS;
}
/**
* A Safer Memset
* dst and src can be in the same buffer
*
* @param dst where to copy to
* @param c character to set memory with
* @param n number of bytes to set
* @param start start of the dst buffer
* @param end end of the dst buffer
*
* @return SAFEMEM_ERROR on failure, SAFEMEM_SUCCESS on success
*/
static INLINE int SafeMemset(void *dst, uint8_t c, size_t n, const void *start, const void *end)
{
if (SafeMemCheck(dst, n, start, end) != SAFEMEM_SUCCESS)
ERRORRET;
memset(dst, c, n);
return SAFEMEM_SUCCESS;
}
/**
* A Safer *a = *b
*
* @param start start of the dst buffer
* @param end end of the dst buffer
* @param dst the location to write to
* @param src the source to read from
*
* @return 0 on failure, 1 on success
*/
static INLINE int SafeWrite(uint8_t *start, uint8_t *end, uint8_t *dst, uint8_t *src)
{
if(!inBounds(start, end, dst))
{
ERRORRET;
}
*dst = *src;
return 1;
}
static INLINE int SafeRead(uint8_t *start, uint8_t *end, uint8_t *src, uint8_t *read)
{
if(!inBounds(start,end, src))
{
ERRORRET;
}
*read = *start;
return 1;
}
#endif /* _BOUNDS_H */

135
include/cpuclock.h Normal file
View File

@ -0,0 +1,135 @@
/*
** Copyright (C) 2006-2010 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef CPU_CLOCK_TICKS_H
#define CPU_CLOCK_TICKS_H
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "debug.h"
#include "sf_types.h" /* for uint64_t */
/* Assembly to find clock ticks. */
#ifdef WIN32
#include <windows.h>
/* INTEL WINDOWS */
__inline void __cputicks_msc(uint64_t *val)
{
__int64 t;
__asm
{
rdtsc;
mov dword PTR [t],eax;
mov dword PTR [t+4],edx;
}
*val = (uint64_t)t;
}
#define get_clockticks(val) __cputicks_msc(&val)
/*
#define get_clockticks(val) \
QueryPerformanceCounter((PLARGE_INTEGER)&val)
*/
#else
#include <unistd.h>
/* INTEL LINUX/BSD/.. */
#if (defined(__i386) || defined(__amd64) || defined(__x86_64__))
#define get_clockticks(val) \
{ \
uint32_t a, d; \
__asm__ __volatile__ ("rdtsc" : "=a" (a), "=d" (d)); \
val = ((uint64_t)a) | (((uint64_t)d) << 32); \
}
#else
#if (defined(__ia64) && defined(__GNUC__) )
#define get_clockticks(val) \
{ \
__asm__ __volatile__ ("mov %0=ar.itc" : "=r"(val)); \
}
#else
#if (defined(__ia64) && defined(__hpux))
#include <machine/sys/inline.h>
#define get_clockticks(val) \
{ \
val = _Asm_mov_from_ar (_AREG_ITC); \
}
#else
/* POWER PC */
#if (defined(__GNUC__) && (defined(__powerpc__) || (defined(__ppc__))))
#define get_clockticks(val) \
{ \
uint32_t tbu0, tbu1, tbl; \
do \
{ \
__asm__ __volatile__ ("mftbu %0" : "=r"(tbu0)); \
__asm__ __volatile__ ("mftb %0" : "=r"(tbl)); \
__asm__ __volatile__ ("mftbu %0" : "=r"(tbu1)); \
} while (tbu0 != tbu1); \
val = ((uint64_t)tbl) | (((uint64_t)tbu0) << 32); \
}
#else
/* SPARC */
#ifdef SPARCV9
#ifdef _LP64
#define get_clockticks(val) \
{ \
__asm__ __volatile__("rd %%tick, %0" : "=r"(val)); \
}
#else
#define get_clockticks(val) \
{ \
uint32_t a, b; \
__asm__ __volatile__("rd %%tick, %0\n" \
"srlx %0, 32, %1" \
: "=r"(a), "=r"(b)); \
val = ((uint64_t)a) | (((uint64_t)b) << 32); \
}
#endif /* _LP64 */
#else
#define get_clockticks(val)
#endif /* SPARC */
#endif /* POWERPC || PPC */
#endif /* IA64 && HPUX */
#endif /* IA64 && GNUC */
#endif /* I386 || AMD64 || X86_64 */
#endif /* WIN32 */
static INLINE double get_ticks_per_usec (void)
{
uint64_t start = 0, end = 0;
get_clockticks(start);
#ifdef WIN32
Sleep(1000);
#else
sleep(1);
#endif
get_clockticks(end);
return (double)(end-start)/1e6;
}
#endif /* CPU_CLOCK_TICKS_H */

120
include/debug.h Normal file
View File

@ -0,0 +1,120 @@
/* $Id$ */
/*
** Copyright (C) 2002-2010 Sourcefire, Inc.
** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef DEBUG_H
#define DEBUG_H
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#if !defined(INLINE)
#ifdef WIN32
#define INLINE __inline
#else /* WIN32 */
#define INLINE inline
#endif /* WIN32 */
#endif /* !def INLINE */
#include <ctype.h>
#ifdef HAVE_WCHAR_H
/* ISOC99 is defined to get required prototypes */
#ifndef __USE_ISOC99
#define __USE_ISOC99
#endif
#include <wchar.h>
#endif
#define DEBUG_VARIABLE "SNORT_DEBUG"
#define DEBUG_ALL 0xffffffff /* 4294967295 */
#define DEBUG_INIT 0x00000001 /* 1 */
#define DEBUG_CONFIGRULES 0x00000002 /* 2 */
#define DEBUG_PLUGIN 0x00000004 /* 4 */
#define DEBUG_DATALINK 0x00000008 /* 8 */
//#define DEBUG_IP 0x00000010 /* 16 */
//#define DEBUG_TCPUDP 0x00000020 /* 32 */
#define DEBUG_DECODE 0x00000040 /* 64 */
#define DEBUG_LOG 0x00000080 /* 128 */
#define DEBUG_MSTRING 0x00000100 /* 256 */
#define DEBUG_PARSER 0x00000200 /* 512 */
#define DEBUG_PLUGBASE 0x00000400 /* 1024 */
#define DEBUG_RULES 0x00000800 /* 2048 */
#define DEBUG_FLOW 0x00001000 /* 4096 */
#define DEBUG_STREAM 0x00002000 /* 8192 */
#define DEBUG_PATTERN_MATCH 0x00004000 /* 16384 */
#define DEBUG_DETECT 0x00008000 /* 32768 */
#define DEBUG_SKYPE 0x00010000 /* 65536 */
#define DEBUG_FRAG 0x00020000 /* 131072 */
#define DEBUG_HTTP_DECODE 0x00040000 /* 262144 */
//#define DEBUG_PORTSCAN2 0x00080000 /* 524288 / (+ conv2 ) 589824 */
#define DEBUG_RPC 0x00100000 /* 1048576 */
//#define DEBUG_FLOWSYS 0x00200000 /* 2097152 */
#define DEBUG_HTTPINSPECT 0x00400000 /* 4194304 */
#define DEBUG_STREAM_STATE 0x00800000 /* 8388608 */
#define DEBUG_ASN1 0x01000000 /* 16777216 */
#define DEBUG_FTPTELNET 0x02000000 /* 33554432 */
#define DEBUG_SMTP 0x04000000 /* 67108864 */
#define DEBUG_DCERPC 0x08000000 /* 134217728 */
#define DEBUG_DNS 0x10000000 /* 268435456 */
#define DEBUG_ATTRIBUTE 0x20000000 /* 536870912 */
#define DEBUG_PORTLISTS 0x40000000 /* 1073741824 */
#define DEBUG_SSL 0x80000000 /* 2147483648 */
void DebugMessageFunc(int dbg,char *fmt, ...);
#ifdef HAVE_WCHAR_H
void DebugWideMessageFunc(int dbg,wchar_t *fmt, ...);
#endif
#ifdef DEBUG
extern char *DebugMessageFile;
extern int DebugMessageLine;
#define DebugMessage *_dpd.debugMsgFile = __FILE__; *_dpd.debugMsgLine = __LINE__; _dpd.debugMsg
#define DebugWideMessage *_dpd.debugMsgFile = __FILE__; *_dpd.debugMsgLine = __LINE__; _dpd.debugWideMsg
int GetDebugLevel (void);
int DebugThis(int level);
#else
#ifdef WIN32
/* Visual C++ uses the keyword "__inline" rather than "__inline__" */
#define __inline__ __inline
#endif
#endif /* DEBUG */
#ifdef DEBUG
#define DEBUG_WRAP(code) code
void DebugMessageFunc(int dbg,char *fmt, ...);
#ifdef HAVE_WCHAR_H
void DebugWideMessageFunc(int dbg,wchar_t *fmt, ...);
#endif
#else
#define DEBUG_WRAP(code)
/* I would use DebugMessage(dbt,fmt...) but that only works with GCC */
#endif
#endif /* DEBUG_H */

120
include/debug.h.new Normal file
View File

@ -0,0 +1,120 @@
/* $Id$ */
/*
** Copyright (C) 2002-2010 Sourcefire, Inc.
** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef DEBUG_H
#define DEBUG_H
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#if !defined(INLINE)
#ifdef WIN32
#define INLINE __inline
#else /* WIN32 */
#define INLINE inline
#endif /* WIN32 */
#endif /* !def INLINE */
#include <ctype.h>
#ifdef HAVE_WCHAR_H
/* ISOC99 is defined to get required prototypes */
#ifndef __USE_ISOC99
#define __USE_ISOC99
#endif
#include <wchar.h>
#endif
#define DEBUG_VARIABLE "SNORT_DEBUG"
#define DEBUG_ALL 0xffffffff /* 4294967295 */
#define DEBUG_INIT 0x00000001 /* 1 */
#define DEBUG_CONFIGRULES 0x00000002 /* 2 */
#define DEBUG_PLUGIN 0x00000004 /* 4 */
#define DEBUG_DATALINK 0x00000008 /* 8 */
//#define DEBUG_IP 0x00000010 /* 16 */
//#define DEBUG_TCPUDP 0x00000020 /* 32 */
#define DEBUG_DECODE 0x00000040 /* 64 */
#define DEBUG_LOG 0x00000080 /* 128 */
#define DEBUG_MSTRING 0x00000100 /* 256 */
#define DEBUG_PARSER 0x00000200 /* 512 */
#define DEBUG_PLUGBASE 0x00000400 /* 1024 */
#define DEBUG_RULES 0x00000800 /* 2048 */
#define DEBUG_FLOW 0x00001000 /* 4096 */
#define DEBUG_STREAM 0x00002000 /* 8192 */
#define DEBUG_PATTERN_MATCH 0x00004000 /* 16384 */
#define DEBUG_DETECT 0x00008000 /* 32768 */
#define DEBUG_SKYPE 0x00010000 /* 65536 */
#define DEBUG_FRAG 0x00020000 /* 131072 */
#define DEBUG_HTTP_DECODE 0x00040000 /* 262144 */
//#define DEBUG_PORTSCAN2 0x00080000 /* 524288 / (+ conv2 ) 589824 */
#define DEBUG_RPC 0x00100000 /* 1048576 */
//#define DEBUG_FLOWSYS 0x00200000 /* 2097152 */
#define DEBUG_HTTPINSPECT 0x00400000 /* 4194304 */
#define DEBUG_STREAM_STATE 0x00800000 /* 8388608 */
#define DEBUG_ASN1 0x01000000 /* 16777216 */
#define DEBUG_FTPTELNET 0x02000000 /* 33554432 */
#define DEBUG_SMTP 0x04000000 /* 67108864 */
#define DEBUG_DCERPC 0x08000000 /* 134217728 */
#define DEBUG_DNS 0x10000000 /* 268435456 */
#define DEBUG_ATTRIBUTE 0x20000000 /* 536870912 */
#define DEBUG_PORTLISTS 0x40000000 /* 1073741824 */
#define DEBUG_SSL 0x80000000 /* 2147483648 */
void DebugMessageFunc(int dbg,char *fmt, ...);
#ifdef HAVE_WCHAR_H
void DebugWideMessageFunc(int dbg,wchar_t *fmt, ...);
#endif
#ifdef DEBUG
extern char *DebugMessageFile;
extern int DebugMessageLine;
#define DebugMessage DebugMessageFile = __FILE__; DebugMessageLine = __LINE__; DebugMessageFunc
#define DebugWideMessage DebugMessageFile = __FILE__; DebugMessageLine = __LINE__; DebugWideMessageFunc
int GetDebugLevel (void);
int DebugThis(int level);
#else
#ifdef WIN32
/* Visual C++ uses the keyword "__inline" rather than "__inline__" */
#define __inline__ __inline
#endif
#endif /* DEBUG */
#ifdef DEBUG
#define DEBUG_WRAP(code) code
void DebugMessageFunc(int dbg,char *fmt, ...);
#ifdef HAVE_WCHAR_H
void DebugWideMessageFunc(int dbg,wchar_t *fmt, ...);
#endif
#else
#define DEBUG_WRAP(code)
/* I would use DebugMessage(dbt,fmt...) but that only works with GCC */
#endif
#endif /* DEBUG_H */

76
include/event.h Normal file
View File

@ -0,0 +1,76 @@
/* $Id$ */
/*
** Copyright (C) 2002-2010 Sourcefire, Inc.
** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* D E F I N E S ************************************************************/
#ifndef __EVENT_H__
#define __EVENT_H__
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef OSF1
#include <sys/bitypes.h>
#endif
#include <sys/types.h>
#ifndef WIN32
#include <sys/time.h>
#endif
#include "pcap_pkthdr32.h"
typedef struct _Event
{
uint32_t sig_generator; /* which part of snort generated the alert? */
uint32_t sig_id; /* sig id for this generator */
uint32_t sig_rev; /* sig revision for this id */
uint32_t classification; /* event classification */
uint32_t priority; /* event priority */
uint32_t event_id; /* event ID */
uint32_t event_reference; /* reference to other events that have gone off,
* such as in the case of tagged packets...
*/
struct sf_timeval32 ref_time; /* reference time for the event reference */
/* Don't add to this structure because this is the serialized data
* struct for unified logging.
*/
} Event;
#if 0
typedef struct _EventID
{
uint32_t sequence;
uint32_t seconds;
} EventID;
typedef struct _Event
{
EventID id;
uint32_t uSeconds;
SigInfo sigInfo;
} Event;
#endif
#endif /* __EVENT_H__ */

204
include/ipv6_port.h Normal file
View File

@ -0,0 +1,204 @@
/*
** Copyright (C) 2007-2010 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef IPV6_PORT_H
#define IPV6_PORT_H
#include "sf_types.h"
#include "debug.h"
///////////////////
/* IPv6 and IPv4 */
#ifdef SUP_IP6
#include "sf_ip.h"
typedef sfip_t snort_ip;
typedef sfip_t *snort_ip_p;
#define IpAddrNode sfip_node_t
#define IpAddrSet sfip_var_t
#define IpAddrSetContains(x,y) sfvar_ip_in(x, y)
#define IpAddrSetPrint sfvar_print
#ifdef inet_ntoa
#undef inet_ntoa
#endif
#define inet_ntoa sfip_ntoa
#define GET_SRC_IP(p) (p->iph_api->iph_ret_src(p))
#define GET_DST_IP(p) (p->iph_api->iph_ret_dst(p))
#define GET_ORIG_SRC(p) (p->orig_ipv4h_api->orig_iph_ret_src(p))
#define GET_ORIG_DST(p) (p->orig_ipv4h_api->orig_iph_ret_dst(p))
/* These are here for backwards compatibility */
#define GET_SRC_ADDR(x) GET_SRC_IP(x)
#define GET_DST_ADDR(x) GET_DST_IP(x)
#define IP_EQUALITY(x,y) (sfip_compare(x,y) == SFIP_EQUAL)
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset(x,y) == SFIP_EQUAL)
#define IP_LESSER(x,y) (sfip_compare(x,y) == SFIP_LESSER)
#define IP_GREATER(x,y) (sfip_compare(x,y) == SFIP_GREATER)
#define GET_IPH_TOS(p) p->iph_api->iph_ret_tos(p)
#define GET_IPH_LEN(p) p->iph_api->iph_ret_len(p)
#define GET_IPH_TTL(p) p->iph_api->iph_ret_ttl(p)
#define GET_IPH_ID(p) p->iph_api->iph_ret_id(p)
#define GET_IPH_OFF(p) p->iph_api->iph_ret_off(p)
#define GET_IPH_VER(p) p->iph_api->iph_ret_ver(p)
#define GET_IPH_PROTO(p) p->iph_api->iph_ret_proto(p)
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h_api->orig_iph_ret_proto(p)
#define GET_ORIG_IPH_VER(p) p->orig_ipv4h_api->orig_iph_ret_ver(p)
#define GET_ORIG_IPH_LEN(p) p->orig_ipv4h_api->orig_iph_ret_len(p)
#define GET_ORIG_IPH_OFF(p) p->orig_ipv4h_api->orig_iph_ret_off(p)
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h_api->orig_iph_ret_proto(p)
#define IS_IP4(x) (x->family == AF_INET)
#define IS_IP6(x) (x->family == AF_INET6)
/* XXX make sure these aren't getting confused with sfip_is_valid within the code */
#define IPH_IS_VALID(p) iph_is_valid(p)
#define IP_CLEAR(x) x.bits = x.family = x.ip32[0] = x.ip32[1] = x.ip32[2] = x.ip32[3] = 0;
#define IS_SET(x) sfip_is_set(&x)
/* This loop trickery is intentional. If each copy is performed
* individually on each field, then the following expression gets broken:
*
* if(conditional) IP_COPY_VALUE(a,b);
*
* If the macro is instead enclosed in braces, then having a semicolon
* trailing the macro causes compile breakage.
* So: use loop. */
#define IP_COPY_VALUE(x,y) \
do { \
x.bits = y->bits; \
x.family = y->family; \
x.ip32[0] = y->ip32[0]; \
x.ip32[1] = y->ip32[1]; \
x.ip32[2] = y->ip32[2]; \
x.ip32[3] = y->ip32[3]; \
} while(0)
#define GET_IPH_HLEN(p) (p->iph_api->iph_ret_hlen(p))
#define SET_IPH_HLEN(p, val)
#define GET_IP_DGMLEN(p) IS_IP6(p) ? (ntohs(GET_IPH_LEN(p)) + (GET_IPH_HLEN(p) << 2)) : ntohs(GET_IPH_LEN(p))
#define GET_IP_PAYLEN(p) IS_IP6(p) ? ntohs(GET_IPH_LEN(p)) : (ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2))
#define IP_ARG(ipt) (&ipt)
#define IP_PTR(ipp) (ipp)
#define IP_VAL(ipt) (*ipt)
#define IP_SIZE(ipp) (sfip_size(ipp))
static INLINE int sfip_equal (snort_ip* ip1, snort_ip* ip2)
{
if ( ip1->family != ip2->family )
{
return 0;
}
if ( ip1->family == AF_INET )
{
return _ip4_cmp(ip1->ip32[0], ip2->ip32[0]) == SFIP_EQUAL;
}
if ( ip1->family == AF_INET6 )
{
return _ip6_cmp(ip1, ip2) == SFIP_EQUAL;
}
return 0;
}
#else
///////////////
/* IPv4 only */
#include <sys/types.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
typedef u_int32_t snort_ip; /* 32 bits only -- don't use unsigned long */
typedef u_int32_t snort_ip_p; /* 32 bits only -- don't use unsigned long */
#define IP_SRC_EQUALITY(x,y) (x->ip_addr == (y->ip4_header->source.s_addr & x->netmask))
#define IP_DST_EQUALITY(x,y) (x->ip_addr == (y->ip4_header->destination.s_addr & x->netmask))
#define GET_SRC_IP(x) x->ip4_header->source.s_addr
#define GET_DST_IP(x) x->ip4_header->destination.s_addr
#define GET_ORIG_SRC(p) (p->orig_ipv4h->ip_src.s_addr)
#define GET_ORIG_DST(p) (p->orig_ipv4h->ip_dst.s_addr)
#define GET_SRC_ADDR(x) x->ip4_header->source
#define GET_DST_ADDR(x) x->ip4_header->destination
#define IP_CLEAR_SRC(x) x->ip4_header->source.s_addr = 0
#define IP_CLEAR_DST(x) x->ip4_header->destination.s_addr = 0
#define IP_EQUALITY(x,y) (x == y)
#define IP_EQUALITY_UNSET(x,y) (x == y)
#define IP_LESSER(x,y) (x < y)
#define IP_GREATER(x,y) (x > y)
#define GET_IPH_PROTO(p) p->ip4_header->proto
#define GET_IPH_TOS(p) p->ip4_header->type_service
#define GET_IPH_LEN(p) p->ip4_header->data_length
#define GET_IPH_TTL(p) p->ip4_header->time_to_live
#define GET_IPH_VER(p) ((p->ip4_header->version_headerlength & 0xf0) >> 4)
#define GET_IPH_ID(p) p->ip4_header->identifier
#define GET_IPH_OFF(p) p->ip4_header->offset
#define GET_ORIG_IPH_VER(p) IP_VER(p->orig_ipv4h)
#define GET_ORIG_IPH_LEN(p) p->orig_ipv4h->data_length
#define GET_ORIG_IPH_OFF(p) p->orig_ipv4h->offset
#define GET_ORIG_IPH_PROTO(p) p->orig_ipv4h->proto
#define IS_IP4(x) 1
#define IS_IP6(x) 0
#define IPH_IS_VALID(p) p->ip4_header
#define IP_CLEAR(x) x = 0;
#define IS_SET(x) x
#define IP_COPY_VALUE(x,y) x = y
#define GET_IPH_HLEN(p) ((p)->ip4_header->version_headerlength & 0x0f)
#define SET_IPH_HLEN(p, val) (((IPHdr *)(p)->iph)->version_headerlength = (unsigned char)(((p)->ip4_header->ip_verhl & 0xf0) | ((val) & 0x0f)))
#define GET_IP_DGMLEN(p) ntohs(GET_IPH_LEN(p))
#define GET_IP_PAYLEN(p) ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2)
#define IP_ARG(ipt) (ipt)
#define IP_PTR(ipp) (&ipp)
#define IP_VAL(ipt) (ipt)
#define IP_SIZE(ipp) (sizeof(ipp))
static INLINE int sfip_equal (snort_ip ip1, snort_ip ip2)
{
return IP_EQUALITY(ip1, ip2);
}
#endif /* SUP_IP6 */
#if !defined(IPPROTO_IPIP) && defined(WIN32) /* Needed for some Win32 */
#define IPPROTO_IPIP 4
#endif
#endif /* IPV6_PORT_H */

204
include/ipv6_port.h.new Normal file
View File

@ -0,0 +1,204 @@
/*
** Copyright (C) 2007-2010 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef IPV6_PORT_H
#define IPV6_PORT_H
#include "sf_types.h"
#include "debug.h"
///////////////////
/* IPv6 and IPv4 */
#ifdef SUP_IP6
#include "sf_ip.h"
typedef sfip_t snort_ip;
typedef sfip_t *snort_ip_p;
#define IpAddrNode sfip_node_t
#define IpAddrSet sfip_var_t
#define IpAddrSetContains(x,y) sfvar_ip_in(x, y)
#define IpAddrSetPrint sfvar_print
#ifdef inet_ntoa
#undef inet_ntoa
#endif
#define inet_ntoa sfip_ntoa
#define GET_SRC_IP(p) (p->iph_api->iph_ret_src(p))
#define GET_DST_IP(p) (p->iph_api->iph_ret_dst(p))
#define GET_ORIG_SRC(p) (p->orig_iph_api->orig_iph_ret_src(p))
#define GET_ORIG_DST(p) (p->orig_iph_api->orig_iph_ret_dst(p))
/* These are here for backwards compatibility */
#define GET_SRC_ADDR(x) GET_SRC_IP(x)
#define GET_DST_ADDR(x) GET_DST_IP(x)
#define IP_EQUALITY(x,y) (sfip_compare(x,y) == SFIP_EQUAL)
#define IP_EQUALITY_UNSET(x,y) (sfip_compare_unset(x,y) == SFIP_EQUAL)
#define IP_LESSER(x,y) (sfip_compare(x,y) == SFIP_LESSER)
#define IP_GREATER(x,y) (sfip_compare(x,y) == SFIP_GREATER)
#define GET_IPH_TOS(p) p->iph_api->iph_ret_tos(p)
#define GET_IPH_LEN(p) p->iph_api->iph_ret_len(p)
#define GET_IPH_TTL(p) p->iph_api->iph_ret_ttl(p)
#define GET_IPH_ID(p) p->iph_api->iph_ret_id(p)
#define GET_IPH_OFF(p) p->iph_api->iph_ret_off(p)
#define GET_IPH_VER(p) p->iph_api->iph_ret_ver(p)
#define GET_IPH_PROTO(p) p->iph_api->iph_ret_proto(p)
#define GET_ORIG_IPH_PROTO(p) p->orig_iph_api->orig_iph_ret_proto(p)
#define GET_ORIG_IPH_VER(p) p->orig_iph_api->orig_iph_ret_ver(p)
#define GET_ORIG_IPH_LEN(p) p->orig_iph_api->orig_iph_ret_len(p)
#define GET_ORIG_IPH_OFF(p) p->orig_iph_api->orig_iph_ret_off(p)
#define GET_ORIG_IPH_PROTO(p) p->orig_iph_api->orig_iph_ret_proto(p)
#define IS_IP4(x) (x->family == AF_INET)
#define IS_IP6(x) (x->family == AF_INET6)
/* XXX make sure these aren't getting confused with sfip_is_valid within the code */
#define IPH_IS_VALID(p) iph_is_valid(p)
#define IP_CLEAR(x) x.bits = x.family = x.ip32[0] = x.ip32[1] = x.ip32[2] = x.ip32[3] = 0;
#define IS_SET(x) sfip_is_set(&x)
/* This loop trickery is intentional. If each copy is performed
* individually on each field, then the following expression gets broken:
*
* if(conditional) IP_COPY_VALUE(a,b);
*
* If the macro is instead enclosed in braces, then having a semicolon
* trailing the macro causes compile breakage.
* So: use loop. */
#define IP_COPY_VALUE(x,y) \
do { \
x.bits = y->bits; \
x.family = y->family; \
x.ip32[0] = y->ip32[0]; \
x.ip32[1] = y->ip32[1]; \
x.ip32[2] = y->ip32[2]; \
x.ip32[3] = y->ip32[3]; \
} while(0)
#define GET_IPH_HLEN(p) (p->iph_api->iph_ret_hlen(p))
#define SET_IPH_HLEN(p, val)
#define GET_IP_DGMLEN(p) IS_IP6(p) ? (ntohs(GET_IPH_LEN(p)) + (GET_IPH_HLEN(p) << 2)) : ntohs(GET_IPH_LEN(p))
#define GET_IP_PAYLEN(p) IS_IP6(p) ? ntohs(GET_IPH_LEN(p)) : (ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2))
#define IP_ARG(ipt) (&ipt)
#define IP_PTR(ipp) (ipp)
#define IP_VAL(ipt) (*ipt)
#define IP_SIZE(ipp) (sfip_size(ipp))
static INLINE int sfip_equal (snort_ip* ip1, snort_ip* ip2)
{
if ( ip1->family != ip2->family )
{
return 0;
}
if ( ip1->family == AF_INET )
{
return _ip4_cmp(ip1->ip32[0], ip2->ip32[0]) == SFIP_EQUAL;
}
if ( ip1->family == AF_INET6 )
{
return _ip6_cmp(ip1, ip2) == SFIP_EQUAL;
}
return 0;
}
#else
///////////////
/* IPv4 only */
#include <sys/types.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
typedef u_int32_t snort_ip; /* 32 bits only -- don't use unsigned long */
typedef u_int32_t snort_ip_p; /* 32 bits only -- don't use unsigned long */
#define IP_SRC_EQUALITY(x,y) (x->ip_addr == (y->iph->ip_src.s_addr & x->netmask))
#define IP_DST_EQUALITY(x,y) (x->ip_addr == (y->iph->ip_dst.s_addr & x->netmask))
#define GET_SRC_IP(x) x->iph->ip_src.s_addr
#define GET_DST_IP(x) x->iph->ip_dst.s_addr
#define GET_ORIG_SRC(p) (p->orig_iph->ip_src.s_addr)
#define GET_ORIG_DST(p) (p->orig_iph->ip_dst.s_addr)
#define GET_SRC_ADDR(x) x->iph->ip_src
#define GET_DST_ADDR(x) x->iph->ip_dst
#define IP_CLEAR_SRC(x) x->iph->ip_src.s_addr = 0
#define IP_CLEAR_DST(x) x->iph->ip_dst.s_addr = 0
#define IP_EQUALITY(x,y) (x == y)
#define IP_EQUALITY_UNSET(x,y) (x == y)
#define IP_LESSER(x,y) (x < y)
#define IP_GREATER(x,y) (x > y)
#define GET_IPH_PROTO(p) p->iph->ip_proto
#define GET_IPH_TOS(p) p->iph->ip_tos
#define GET_IPH_LEN(p) p->iph->ip_len
#define GET_IPH_TTL(p) p->iph->ip_ttl
#define GET_IPH_VER(p) ((p->iph->ip_verhl & 0xf0) >> 4)
#define GET_IPH_ID(p) p->iph->ip_id
#define GET_IPH_OFF(p) p->iph->ip_off
#define GET_ORIG_IPH_VER(p) IP_VER(p->orig_iph)
#define GET_ORIG_IPH_LEN(p) p->orig_iph->ip_len
#define GET_ORIG_IPH_OFF(p) p->orig_iph->ip_off
#define GET_ORIG_IPH_PROTO(p) p->orig_iph->ip_proto
#define IS_IP4(x) 1
#define IS_IP6(x) 0
#define IPH_IS_VALID(p) p->iph
#define IP_CLEAR(x) x = 0;
#define IS_SET(x) x
#define IP_COPY_VALUE(x,y) x = y
#define GET_IPH_HLEN(p) ((p)->iph->ip_verhl & 0x0f)
#define SET_IPH_HLEN(p, val) (((IPHdr *)(p)->iph)->ip_verhl = (unsigned char)(((p)->iph->ip_verhl & 0xf0) | ((val) & 0x0f)))
#define GET_IP_DGMLEN(p) ntohs(GET_IPH_LEN(p))
#define GET_IP_PAYLEN(p) ntohs(GET_IPH_LEN(p)) - (GET_IPH_HLEN(p) << 2)
#define IP_ARG(ipt) (ipt)
#define IP_PTR(ipp) (&ipp)
#define IP_VAL(ipt) (ipt)
#define IP_SIZE(ipp) (sizeof(ipp))
static INLINE int sfip_equal (snort_ip ip1, snort_ip ip2)
{
return IP_EQUALITY(ip1, ip2);
}
#endif /* SUP_IP6 */
#if !defined(IPPROTO_IPIP) && defined(WIN32) /* Needed for some Win32 */
#define IPPROTO_IPIP 4
#endif
#endif /* IPV6_PORT_H */

272
include/obfuscation.h Normal file
View File

@ -0,0 +1,272 @@
/******************************************************************************
* Copyright (C) 2009-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
******************************************************************************/
#ifndef __OBFUSCATION_H__
#define __OBFUSCATION_H__
#include "sf_types.h"
#include "sf_snort_packet.h"
#include <pcap.h>
/*******************************************************************************
* Macros
******************************************************************************/
/* This should be defined to be greater than or equal to the maximum
* amount of data expected to be obfuscated */
#define OB_LENGTH_MAX UINT16_MAX
/*******************************************************************************
* Types
******************************************************************************/
typedef uint8_t ob_char_t;
typedef uint16_t ob_size_t;
typedef enum _ObRet
{
OB_RET_SUCCESS,
OB_RET_ERROR,
OB_RET_OVERFLOW
} ObRet;
/*******************************************************************************
* Callback to use for obfuscating payload or stream segments - see API below.
*
* The first chunk of a payload or stream segment whether needing obfuscation
* or not will pass a valid pcap_pkthdr struct. Subsequent calls will pass NULL
* for this structure. This is useful, especially for the stream segment API
* call to know when a new segment begins. Any new "payload" will have a valid
* pcap_pkthdr struct.
*
* If the slice sent in has a non-NULL packet data pointer, the data should *NOT*
* be obfuscated.
*
* If the chunk sent in has a NULL packet data pointer, then that chunk of data
* should be obfuscated with the obfuscation character.
*
* The length passed in is the amount of data that should be copied from the
* packet data pointer or the amount of data that should be written with the
* obfuscation character.
*
* Arguments
* struct pcap_pkthdr *pkth
* The pcap header that contains the packet caplen and timestamps
* uint8_t *packet_data
* A pointer to the current offset into the packet data. NULL if
* obfuscation of the payload slice is required.
* ob_char_t ob_char
* The obfuscation character to use if packet_data is NULL.
* ob_size_t length
* The amount of data to be logged or obfuscated.
* void *user_data
* The user data passed in to the API functions obfuscatePayload() or
* obfuscateStreamSegments below.
*
* Returns
* OB_RET_SUCCESS if all is good
* OB_RET_ERROR if the rest of the obfuscation should not be done
*
******************************************************************************/
typedef ObRet (*ObfuscationCallback)
(
const struct pcap_pkthdr *pkth,
const uint8_t *packet_data,
ob_size_t length,
ob_char_t ob_char,
void *user_data
);
/*******************************************************************************
* Obfuscation API
******************************************************************************/
typedef struct _ObfuscationApi
{
/*
* Resets/clears any entries that have been added
* Should be done per packet aquisition
*
* Arguments
* None
*
* Returns
* None
*/
void (*resetObfuscationEntries)(void);
/*
* Adds an obfuscation entry to the queue
*
* Arguments
* SFSnortPacket *p
* The SFSnortPacket struct that has the payload data that should be obfuscated
* ob_size_t offset
* The offset from the beginning of the payload to start obfuscation
* ob_size_t length
* The amount of data to obfuscate
* ob_char_t ob_char
* The character to use when obfuscating
*
* There are two types of entries that can be added. A slice entry that
* has an offset and length less than OB_LENGTH_MAX and an entry with
* length OB_LENGTH_MAX that implies obfuscating from offset to the end
* of the packet data.
*
* NOTE --
* There is a fixed size of slice entries and OB_LENGTH_MAX entries.
* If OB_RET_OVERFLOW is returned when attempting to add a slice entry,
* a second call can be made to add an OB_LENGTH_MAX entry. Only one
* OB_LENGTH_MAX entry can be associated with each Packet. If there is
* already an OB_LENGTH_MAX entry for the packet, the lower of the two
* offsets will be used. Although you should check for OB_RET_OVERFLOW
* when attempting to add an OB_LENGTH_MAX entry, the fixed size should
* be more than enough space to store an entry for each possible packet
* that could be in the system at the time.
*
* Returns
* OB_RET_SUCCESS on sucess
* OB_RET_ERROR on error
* OB_RET_OVERFLOW if there is no space left to add an entry
*/
ObRet (*addObfuscationEntry)(SFSnortPacket *p, ob_size_t offset,
ob_size_t length, ob_char_t ob_char);
/*
* Determines if there are any obfuscation entries associated with
* the given Packet
*
* Arguments
* SFSnortPacket *
* The SFSnortPacket to check
*
* Returns
* 1 if the packet requires obfuscation
* 0 if it doesn't
*/
int (*payloadObfuscationRequired)(SFSnortPacket *p);
/*
* Obfuscate the payload associated with the Packet. Mainly for use by the
* output system to print or log an obfuscated payload. The callback will
* be called for both payload segments that need obfuscation and those that
* don't. See comment on ObfuscationCallback above.
*
* Arguments
* SFSnortPacket *
* The SFSnortPacket whose payload should be obfuscated
* ObfuscationCallback
* The function that will be called for each obfuscated and
* non-obfuscated segment in the payload
* void *
* User data that will be passed to the callback
*
* Returns
* OB_RET_SUCCESS on sucess
* OB_RET_ERROR on error
*/
ObRet (*obfuscatePacket)(SFSnortPacket *p,
ObfuscationCallback callback, void *user_data);
/*
* Obfuscate the stream segments associated with the Packet. Mainly for use
* by the output system to print or log the stream segments associated with
* a SFSnortPacket that have been marked as needing obfuscation. The callback will
* be called for both stream segments that need obfuscation and those that
* don't. It will be called for all stream segments. See comment on
* ObfuscationCallback above.
*
* Arguments
* SFSnortPacket *
* The SFSnortPacket whose stream segments should be obfuscated
* ObfuscationCallback
* The function that will be called for each obfuscated and
* non-obfuscated part of the stream segments.
* void *
* User data that will be passed to the callback
*
* Returns
* OB_RET_SUCCESS on sucess
* OB_RET_ERROR on error
*/
ObRet (*obfuscatePacketStreamSegments)(SFSnortPacket *p,
ObfuscationCallback callback, void *user_data);
/*
* Obfuscates the SFSnortPacket payload and returns payload and payload length
* in parameters
*
* NOTE
* *payload will be set to NULL, so don't pass in an already
* allocated pointer.
* *payload_len will be zeroed.
*
* The payload returned is dynamically allocated and MUST be free'd.
*
* Arguments
* SFSnortPacket *
* The SFSnortPacket whose payload should be obfuscated
* uint8_t **payload
* A pointer to a payload pointer so it can be allocated, returned
* and accessed.
* ob_size_t *payload_len
* A pointer to an ob_size_t so the length can be returned.
*
* Returns
* OB_RET_ERROR if the payload could not be obfuscated
* the pointers to payload and payload_len will not be valid
* OB_RET_SUCCESS if the payload was obfuscated
* the pointers to payload and payload_len will be valid
*/
ObRet (*getObfuscatedPayload)(SFSnortPacket *p, uint8_t **payload,
ob_size_t *payload_len);
/*
* Prints the current obfuscation entries.
*
* Arguments
* int sorted
* Print the sorted entries and sort if necessary.
*
* Returns
* None
*/
void (*printObfuscationEntries)(int sorted);
} ObfuscationApi;
/* For access when including header */
extern ObfuscationApi *obApi;
#endif /* __OBFUSCATION_H__ */

272
include/obfuscation.h.new Normal file
View File

@ -0,0 +1,272 @@
/******************************************************************************
* Copyright (C) 2009-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
******************************************************************************/
#ifndef __OBFUSCATION_H__
#define __OBFUSCATION_H__
#include "sf_types.h"
#include "decode.h"
#include <pcap.h>
/*******************************************************************************
* Macros
******************************************************************************/
/* This should be defined to be greater than or equal to the maximum
* amount of data expected to be obfuscated */
#define OB_LENGTH_MAX UINT16_MAX
/*******************************************************************************
* Types
******************************************************************************/
typedef uint8_t ob_char_t;
typedef uint16_t ob_size_t;
typedef enum _ObRet
{
OB_RET_SUCCESS,
OB_RET_ERROR,
OB_RET_OVERFLOW
} ObRet;
/*******************************************************************************
* Callback to use for obfuscating payload or stream segments - see API below.
*
* The first chunk of a payload or stream segment whether needing obfuscation
* or not will pass a valid pcap_pkthdr struct. Subsequent calls will pass NULL
* for this structure. This is useful, especially for the stream segment API
* call to know when a new segment begins. Any new "payload" will have a valid
* pcap_pkthdr struct.
*
* If the slice sent in has a non-NULL packet data pointer, the data should *NOT*
* be obfuscated.
*
* If the chunk sent in has a NULL packet data pointer, then that chunk of data
* should be obfuscated with the obfuscation character.
*
* The length passed in is the amount of data that should be copied from the
* packet data pointer or the amount of data that should be written with the
* obfuscation character.
*
* Arguments
* struct pcap_pkthdr *pkth
* The pcap header that contains the packet caplen and timestamps
* uint8_t *packet_data
* A pointer to the current offset into the packet data. NULL if
* obfuscation of the payload slice is required.
* ob_char_t ob_char
* The obfuscation character to use if packet_data is NULL.
* ob_size_t length
* The amount of data to be logged or obfuscated.
* void *user_data
* The user data passed in to the API functions obfuscatePayload() or
* obfuscateStreamSegments below.
*
* Returns
* OB_RET_SUCCESS if all is good
* OB_RET_ERROR if the rest of the obfuscation should not be done
*
******************************************************************************/
typedef ObRet (*ObfuscationCallback)
(
const struct pcap_pkthdr *pkth,
const uint8_t *packet_data,
ob_size_t length,
ob_char_t ob_char,
void *user_data
);
/*******************************************************************************
* Obfuscation API
******************************************************************************/
typedef struct _ObfuscationApi
{
/*
* Resets/clears any entries that have been added
* Should be done per packet aquisition
*
* Arguments
* None
*
* Returns
* None
*/
void (*resetObfuscationEntries)(void);
/*
* Adds an obfuscation entry to the queue
*
* Arguments
* Packet *p
* The Packet struct that has the payload data that should be obfuscated
* ob_size_t offset
* The offset from the beginning of the payload to start obfuscation
* ob_size_t length
* The amount of data to obfuscate
* ob_char_t ob_char
* The character to use when obfuscating
*
* There are two types of entries that can be added. A slice entry that
* has an offset and length less than OB_LENGTH_MAX and an entry with
* length OB_LENGTH_MAX that implies obfuscating from offset to the end
* of the packet data.
*
* NOTE --
* There is a fixed size of slice entries and OB_LENGTH_MAX entries.
* If OB_RET_OVERFLOW is returned when attempting to add a slice entry,
* a second call can be made to add an OB_LENGTH_MAX entry. Only one
* OB_LENGTH_MAX entry can be associated with each Packet. If there is
* already an OB_LENGTH_MAX entry for the packet, the lower of the two
* offsets will be used. Although you should check for OB_RET_OVERFLOW
* when attempting to add an OB_LENGTH_MAX entry, the fixed size should
* be more than enough space to store an entry for each possible packet
* that could be in the system at the time.
*
* Returns
* OB_RET_SUCCESS on sucess
* OB_RET_ERROR on error
* OB_RET_OVERFLOW if there is no space left to add an entry
*/
ObRet (*addObfuscationEntry)(Packet *p, ob_size_t offset,
ob_size_t length, ob_char_t ob_char);
/*
* Determines if there are any obfuscation entries associated with
* the given Packet
*
* Arguments
* Packet *
* The Packet to check
*
* Returns
* 1 if the packet requires obfuscation
* 0 if it doesn't
*/
int (*payloadObfuscationRequired)(Packet *p);
/*
* Obfuscate the payload associated with the Packet. Mainly for use by the
* output system to print or log an obfuscated payload. The callback will
* be called for both payload segments that need obfuscation and those that
* don't. See comment on ObfuscationCallback above.
*
* Arguments
* Packet *
* The Packet whose payload should be obfuscated
* ObfuscationCallback
* The function that will be called for each obfuscated and
* non-obfuscated segment in the payload
* void *
* User data that will be passed to the callback
*
* Returns
* OB_RET_SUCCESS on sucess
* OB_RET_ERROR on error
*/
ObRet (*obfuscatePacket)(Packet *p,
ObfuscationCallback callback, void *user_data);
/*
* Obfuscate the stream segments associated with the Packet. Mainly for use
* by the output system to print or log the stream segments associated with
* a Packet that have been marked as needing obfuscation. The callback will
* be called for both stream segments that need obfuscation and those that
* don't. It will be called for all stream segments. See comment on
* ObfuscationCallback above.
*
* Arguments
* Packet *
* The Packet whose stream segments should be obfuscated
* ObfuscationCallback
* The function that will be called for each obfuscated and
* non-obfuscated part of the stream segments.
* void *
* User data that will be passed to the callback
*
* Returns
* OB_RET_SUCCESS on sucess
* OB_RET_ERROR on error
*/
ObRet (*obfuscatePacketStreamSegments)(Packet *p,
ObfuscationCallback callback, void *user_data);
/*
* Obfuscates the Packet payload and returns payload and payload length
* in parameters
*
* NOTE
* *payload will be set to NULL, so don't pass in an already
* allocated pointer.
* *payload_len will be zeroed.
*
* The payload returned is dynamically allocated and MUST be free'd.
*
* Arguments
* Packet *
* The Packet whose payload should be obfuscated
* uint8_t **payload
* A pointer to a payload pointer so it can be allocated, returned
* and accessed.
* ob_size_t *payload_len
* A pointer to an ob_size_t so the length can be returned.
*
* Returns
* OB_RET_ERROR if the payload could not be obfuscated
* the pointers to payload and payload_len will not be valid
* OB_RET_SUCCESS if the payload was obfuscated
* the pointers to payload and payload_len will be valid
*/
ObRet (*getObfuscatedPayload)(Packet *p, uint8_t **payload,
ob_size_t *payload_len);
/*
* Prints the current obfuscation entries.
*
* Arguments
* int sorted
* Print the sorted entries and sort if necessary.
*
* Returns
* None
*/
void (*printObfuscationEntries)(int sorted);
} ObfuscationApi;
/* For access when including header */
extern ObfuscationApi *obApi;
#endif /* __OBFUSCATION_H__ */

61
include/pcap_pkthdr32.h Normal file
View File

@ -0,0 +1,61 @@
/*
** Copyright (C) 2007-2010 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __PCAP_PKTHDR32_H__
#define __PCAP_PKTHDR32_H__
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef WIN32
#include <winsock2.h>
#else
#include <sys/time.h>
#endif
#include <stdlib.h>
#include <time.h>
#include <sys/types.h>
#include "sf_types.h"
/* we must use fixed size of 32 bits, because on-disk
* format of savefiles uses 32-bit tv_sec (and tv_usec)
*/
struct sf_timeval32
{
uint32_t tv_sec; /* seconds */
uint32_t tv_usec; /* microseconds */
};
/* this is equivalent to the pcap pkthdr struct, but we need
* a 32 bit one for unified output
*/
struct pcap_pkthdr32
{
struct sf_timeval32 ts; /* packet timestamp */
uint32_t caplen; /* packet capture length */
uint32_t pktlen; /* packet "real" length */
};
#endif // __PCAP_PKTHDR32_H__

67
include/plugin_enum.h Normal file
View File

@ -0,0 +1,67 @@
/* $Id$ */
/****************************************************************************
*
* Copyright (C) 2003-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
/*
Purpose: Enumerate all the various detection plugins entries for
otn->ds_list[]
No more grepping to make your own plugin!
*/
#ifndef _PLUGIN_ENUM_H
#define _PLUGIN_ENUM_H
enum {
PLUGIN_CLIENTSERVER,
PLUGIN_DSIZE_CHECK,
PLUGIN_FRAG_BITS,
PLUGIN_FRAG_OFFSET,
PLUGIN_ICMP_CODE,
PLUGIN_ICMP_ID_CHECK,
PLUGIN_ICMP_SEQ_CHECK,
PLUGIN_ICMP_TYPE,
PLUGIN_IPOPTION_CHECK,
PLUGIN_IP_ID_CHECK,
PLUGIN_IP_PROTO_CHECK,
PLUGIN_IP_SAME_CHECK,
PLUGIN_IP_TOS_CHECK,
PLUGIN_PATTERN_MATCH, /* AND match */
PLUGIN_PATTERN_MATCH_OR,
PLUGIN_PATTERN_MATCH_URI,
PLUGIN_RESPOND,
PLUGIN_RPC_CHECK,
PLUGIN_SESSION,
PLUGIN_TCP_ACK_CHECK,
PLUGIN_TCP_FLAG_CHECK,
PLUGIN_TCP_SEQ_CHECK,
PLUGIN_TCP_WIN_CHECK,
PLUGIN_TTL_CHECK,
PLUGIN_BYTE_TEST,
PLUGIN_PCRE,
PLUGIN_URILEN_CHECK,
PLUGIN_DYNAMIC,
PLUGIN_FLOWBIT,
PLUGIN_MAX /* sentinel value */
};
#endif /* _PLUGIN_ENUM_H */

90
include/preprocids.h Normal file
View File

@ -0,0 +1,90 @@
/****************************************************************************
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
#ifndef _PREPROC_IDS_H
#define _PREPROC_IDS_H
/*
** Preprocessor Communication Defines
** ----------------------------------
** These defines allow preprocessors to be turned
** on and off for each packet. Preprocessors can be
** turned off and on before preprocessing occurs and
** during preprocessing.
**
** Currently, the order in which the preprocessors are
** placed in the snort.conf determine the order of
** evaluation. So if one module wants to turn off
** another module, it must come first in the order.
*/
#define PP_BO 0
#define PP_DCERPC 1
#define PP_DNS 2
#define PP_FRAG3 3
#define PP_FTPTELNET 4
#define PP_HTTPINSPECT 5
#define PP_PERFMONITOR 6
#define PP_RPCDECODE 7
#define PP_RULES 8
#define PP_SFPORTSCAN 9
#define PP_SMTP 10
#define PP_SSH 11
#define PP_SSL 12
#define PP_STREAM5 13
#define PP_TELNET 14
#define PP_ARPSPOOF 15
#define PP_DCE2 16
#define PP_SDF 17
// used externally
#define PP_ISAKMP 18
#define PP_SKYPE 19
// currently 32 bits (preprocessors)
// are available. most of these can
// be deleted:
#if 0
#define PP_ASN1DECODE 17
#define PP_CONVERSATION 18
#define PP_FLOW 19
#define PP_FRAG2 20
#define PP_FNORD 21
#define PP_HTTPFLOW 22
#define PP_LOADBALANCING 24
#define PP_PORTSCAN 25
#define PP_PORTSCAN2 26
#define PP_PORTSCAN_IGNORE_HOSTS 27
#endif
#define PP_ALL_ON 0xFFFFFFFF
#define PP_ALL_OFF 0x00000000
#define PRIORITY_FIRST 0x0
#define PRIORITY_NETWORK 0x10
#define PRIORITY_TRANSPORT 0x100
#define PRIORITY_TUNNEL 0x105
#define PRIORITY_SCANNER 0x110
#define PRIORITY_APPLICATION 0x200
#define PRIORITY_LAST 0xffff
#endif /* _PREPROC_IDS_H */

183
include/profiler.h Normal file
View File

@ -0,0 +1,183 @@
/*
** Copyright (C) 2005-2010 Sourcefire, Inc.
** Author: Steven Sturges <ssturges@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* $Id$ */
#ifndef __PROFILER_H__
#define __PROFILER_H__
#ifdef PERF_PROFILING
#include "sf_types.h"
#include "cpuclock.h"
/* Sort preferences for rule profiling */
#define PROFILE_SORT_CHECKS 1
#define PROFILE_SORT_MATCHES 2
#define PROFILE_SORT_NOMATCHES 3
#define PROFILE_SORT_AVG_TICKS 4
#define PROFILE_SORT_AVG_TICKS_PER_MATCH 5
#define PROFILE_SORT_AVG_TICKS_PER_NOMATCH 6
#define PROFILE_SORT_TOTAL_TICKS 7
/* MACROS that handle profiling of rules and preprocessors */
#define PROFILE_VARS uint64_t ticks_start = 0, ticks_end = 0, ticks_delta = 0
#define PROFILE_START \
get_clockticks(ticks_start);
#define PROFILE_END \
get_clockticks(ticks_end); \
ticks_delta = ticks_end - ticks_start;
#ifndef PROFILING_RULES
#define PROFILING_RULES ScProfileRules()
#endif
#define NODE_PROFILE_VARS uint64_t ticks_start = 0, ticks_end = 0, ticks_delta = 0, node_deltas = 0
#define NODE_PROFILE_START(node) \
if (PROFILING_RULES) { \
node->checks++; \
PROFILE_START; \
}
#define NODE_PROFILE_END_MATCH(node) \
if (PROFILING_RULES) { \
PROFILE_END; \
node->ticks += ticks_delta + node_deltas; \
node->ticks_match += ticks_delta + node_deltas; \
}
#define NODE_PROFILE_END_NOMATCH(node) \
if (PROFILING_RULES) { \
PROFILE_END; \
node->ticks += ticks_delta + node_deltas; \
node->ticks_no_match += ticks_delta + node_deltas; \
}
#define NODE_PROFILE_TMPSTART(node) \
if (PROFILING_RULES) { \
PROFILE_START; \
}
#define NODE_PROFILE_TMPEND(node) \
if (PROFILING_RULES) { \
PROFILE_END; \
node_deltas += ticks_delta; \
}
#define OTN_PROFILE_ALERT(otn) otn->alerts++;
#ifndef PROFILING_PREPROCS
#define PROFILING_PREPROCS ScProfilePreprocs()
#endif
#define PREPROC_PROFILE_START(ppstat) \
if (PROFILING_PREPROCS) { \
ppstat.checks++; \
PROFILE_START; \
ppstat.ticks_start = ticks_start; \
}
#define PREPROC_PROFILE_REENTER_START(ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_START; \
ppstat.ticks_start = ticks_start; \
}
#define PREPROC_PROFILE_TMPSTART(ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_START; \
ppstat.ticks_start = ticks_start; \
}
#define PREPROC_PROFILE_END(ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_END; \
ppstat.exits++; \
ppstat.ticks += ticks_end - ppstat.ticks_start; \
}
#define PREPROC_PROFILE_REENTER_END(ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_END; \
ppstat.ticks += ticks_end - ppstat.ticks_start; \
}
#define PREPROC_PROFILE_TMPEND(ppstat) \
if (PROFILING_PREPROCS) { \
PROFILE_END; \
ppstat.ticks += ticks_end - ppstat.ticks_start; \
}
/************** Profiling API ******************/
void ShowRuleProfiles(void);
/* Preprocessor stats info */
typedef struct _PreprocStats
{
uint64_t ticks, ticks_start;
uint64_t checks;
uint64_t exits;
} PreprocStats;
typedef struct _PreprocStatsNode
{
PreprocStats *stats;
char *name;
int layer;
PreprocStats *parent;
struct _PreprocStatsNode *next;
} PreprocStatsNode;
typedef struct _ProfileConfig
{
int num;
int sort;
int append;
char *filename;
} ProfileConfig;
void RegisterPreprocessorProfile(char *keyword, PreprocStats *stats, int layer, PreprocStats *parent);
void ShowPreprocProfiles(void);
void ResetRuleProfiling(void);
void ResetPreprocProfiling(void);
void CleanupPreprocStatsNodeList(void);
extern PreprocStats totalPerfStats;
#else
#define PROFILE_VARS
#define NODE_PROFILE_VARS
#define NODE_PROFILE_START(node)
#define NODE_PROFILE_END_MATCH(node)
#define NODE_PROFILE_END_NOMATCH(node)
#define NODE_PROFILE_TMPSTART(node)
#define NODE_PROFILE_TMPEND(node)
#define OTN_PROFILE_ALERT(otn)
#define PREPROC_PROFILE_START(ppstat)
#define PREPROC_PROFILE_REENTER_START(ppstat)
#define PREPROC_PROFILE_TMPSTART(ppstat)
#define PREPROC_PROFILE_END(ppstat)
#define PREPROC_PROFILE_REENTER_END(ppstat)
#define PREPROC_PROFILE_TMPEND(ppstat)
#endif
#endif /* __PROFILER_H__ */

72
include/rule_option_types.h Normal file
View File

@ -0,0 +1,72 @@
/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
#ifndef RULE_OPTION_TYPES__H
#define RULE_OPTION_TYPES__H
typedef enum _option_type_t
{
RULE_OPTION_TYPE_LEAF_NODE,
RULE_OPTION_TYPE_ASN1,
RULE_OPTION_TYPE_BYTE_TEST,
RULE_OPTION_TYPE_BYTE_JUMP,
RULE_OPTION_TYPE_FLOW,
RULE_OPTION_TYPE_CVS,
RULE_OPTION_TYPE_DSIZE,
RULE_OPTION_TYPE_FLOWBIT,
RULE_OPTION_TYPE_FTPBOUNCE,
RULE_OPTION_TYPE_ICMP_CODE,
RULE_OPTION_TYPE_ICMP_ID,
RULE_OPTION_TYPE_ICMP_SEQ,
RULE_OPTION_TYPE_ICMP_TYPE,
RULE_OPTION_TYPE_IP_FRAGBITS,
RULE_OPTION_TYPE_IP_FRAG_OFFSET,
RULE_OPTION_TYPE_IP_ID,
RULE_OPTION_TYPE_IP_OPTION,
RULE_OPTION_TYPE_IP_PROTO,
RULE_OPTION_TYPE_IP_SAME,
RULE_OPTION_TYPE_IP_TOS,
RULE_OPTION_TYPE_IS_DATA_AT,
RULE_OPTION_TYPE_FILE_DATA,
RULE_OPTION_TYPE_CONTENT,
RULE_OPTION_TYPE_CONTENT_URI,
RULE_OPTION_TYPE_PCRE,
#ifdef ENABLE_REACT
RULE_OPTION_TYPE_REACT,
#endif
#ifdef ENABLE_RESPOND
RULE_OPTION_TYPE_RESPOND,
#endif
RULE_OPTION_TYPE_RPC_CHECK,
RULE_OPTION_TYPE_SESSION,
RULE_OPTION_TYPE_TCP_ACK,
RULE_OPTION_TYPE_TCP_FLAG,
RULE_OPTION_TYPE_TCP_SEQ,
RULE_OPTION_TYPE_TCP_WIN,
RULE_OPTION_TYPE_TTL,
RULE_OPTION_TYPE_URILEN
#ifdef DYNAMIC_PLUGIN
,
RULE_OPTION_TYPE_HDR_OPT_CHECK,
RULE_OPTION_TYPE_PREPROCESSOR,
RULE_OPTION_TYPE_DYNAMIC
#endif
} option_type_t;
#endif /* RULE_OPTION_TYPES__H */

164
include/sfPolicy.h Normal file
View File

@ -0,0 +1,164 @@
/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
#ifndef _SF_POLICY_H_
#define _SF_POLICY_H_
#include "sf_ip.h"
#include "ipv6_port.h"
#include "sfrt.h"
#include "debug.h"
/**Number of additional policies allocated with each re-alloc operation. */
#define POLICY_ALLOCATION_CHUNK 10
#define SF_VLAN_BINDING_MAX 4096
#define SF_NETWORK_BINDING_MAX 4096
#define SF_VLAN_UNBOUND 0xffffffff
//vlan id or address range is reduced to policy id. and subsequent processing is done using policy id only.
typedef struct
{
/**number of vlans which are member of this group. When membership falls to 0, then this group should be deleted.
*/
unsigned int refCount;
char *filename;
unsigned int isConfigProcessed:1;
} tSfPolicy;
typedef enum {
SF_BINDING_TYPE_VLAN,
SF_BINDING_TYPE_NETWORK,
SF_BINDING_TYPE_UNKNOWN
} tSF_BINDING_TYPE;
typedef unsigned int tSfPolicyId;
typedef struct
{
/**group id assigned to each file name. The groupId is an abstract concept
* to tie multiple vlans into one group. */
tSfPolicy **ppPolicies;
tSfPolicyId defaultPolicyId;
/**policy id of configuration file or packet being processed. */
tSfPolicyId numAllocatedPolicies;
unsigned int numActivePolicies;
/**vlan to policyId bindings. */
tSfPolicyId vlanBindings[SF_VLAN_BINDING_MAX];
/**Network to policyId bindings. */
table_t *netBindTable;
} tSfPolicyConfig;
extern tSfPolicyId runtimePolicyId;
extern tSfPolicyId parserPolicyId;
tSfPolicyConfig * sfPolicyInit(
void
);
void sfPolicyFini(
tSfPolicyConfig *
);
int sfPolicyAdd(
tSfPolicyConfig *,
char *
);
void sfPolicyDelete(
tSfPolicyConfig *,
tSfPolicyId
);
char * sfPolicyGet(
tSfPolicyConfig *,
tSfPolicyId
);
int sfVlanAddBinding(
tSfPolicyConfig *,
int,
char *
);
tSfPolicyId sfVlanGetBinding(
tSfPolicyConfig *,
int
);
void sfVlanDeleteBinding(
tSfPolicyConfig *,
int
);
unsigned int sfGetApplicablePolicyId(
tSfPolicyConfig *,
int,
snort_ip_p,
snort_ip_p
);
int sfNetworkAddBinding(
tSfPolicyConfig *,
sfip_t *,
char *
);
unsigned int sfNetworkGetBinding(
tSfPolicyConfig *,
snort_ip_p
);
void sfNetworkDeleteBinding(
tSfPolicyConfig *,
snort_ip_p
);
static INLINE tSfPolicyId sfGetDefaultPolicy(
tSfPolicyConfig *config
)
{
if (config == NULL)
return 0;
return config->defaultPolicyId;
}
static INLINE void sfSetDefaultPolicy(
tSfPolicyConfig *config,
tSfPolicyId policyId
)
{
if ((config == NULL) || (policyId >= config->numAllocatedPolicies))
return;
config->defaultPolicyId = policyId;
}
static INLINE tSfPolicyId sfPolicyNumAllocated(
tSfPolicyConfig *config
)
{
if (config == NULL)
return 0;
return config->numAllocatedPolicies;
}
//dynamic array functions
int sfDynArrayCheckBounds (
void ** dynArray,
unsigned int index,
unsigned int *maxElements
);
#endif

0
sfPolicyUserData.c → include/sfPolicyUserData.c
View File

144
include/sfPolicyUserData.h Normal file
View File

@ -0,0 +1,144 @@
/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
#ifndef _SF_POLICY_USER_DATA_H_
#define _SF_POLICY_USER_DATA_H_
#include "sf_ip.h"
#include "ipv6_port.h"
#include "sfPolicy.h"
#include "sf_dynamic_preprocessor.h"
extern DynamicPreprocessorData _dpd;
typedef struct
{
/**policy id of configuration file or packet being processed.
*/
tSfPolicyId currentPolicyId;
/**Number of policies currently allocated.
*/
unsigned int numAllocatedPolicies;
/**Number of policies active. Since we use an array of policy pointers,
* number of allocated policies may be more than active policies. */
unsigned int numActivePolicies;
/**user configuration for a policy. This is a pointer to an array of pointers
* to user configuration.
*/
void **userConfig;
} tSfPolicyUserContext;
typedef tSfPolicyUserContext * tSfPolicyUserContextId;
tSfPolicyUserContextId sfPolicyConfigCreate(
void
);
void sfPolicyConfigDelete(
tSfPolicyUserContextId pContext
);
//Functions for setting, getting and clearing policy ids
static INLINE void sfPolicyUserPolicySet (
tSfPolicyUserContextId pContext,
tSfPolicyId policyId
)
{
pContext->currentPolicyId = policyId;
}
static INLINE tSfPolicyId sfPolicyUserPolicyGet (
tSfPolicyUserContextId pContext
)
{
return pContext->currentPolicyId;
}
static INLINE unsigned int sfPolicyUserPolicyGetActive (
tSfPolicyUserContextId pContext
)
{
return (pContext->numActivePolicies);
}
//Functions for setting, getting and clearing user data specific to policies.
int sfPolicyUserDataSet (
tSfPolicyUserContextId pContext,
tSfPolicyId policyId,
void *config
);
static INLINE void * sfPolicyUserDataGet (
tSfPolicyUserContextId pContext,
tSfPolicyId policyId
)
{
if ((pContext != NULL) && (policyId < pContext->numAllocatedPolicies))
{
return pContext->userConfig[policyId];
}
return NULL;
}
static INLINE int sfPolicyUserDataSetDefault (
tSfPolicyUserContextId pContext,
void *config
)
{
return sfPolicyUserDataSet (pContext, _dpd.getDefaultPolicy(), config);
}
static INLINE void * sfPolicyUserDataGetDefault (
tSfPolicyUserContextId pContext
)
{
return sfPolicyUserDataGet (pContext, _dpd.getDefaultPolicy());
}
static INLINE int sfPolicyUserDataSetCurrent (
tSfPolicyUserContextId pContext,
void *config
)
{
return sfPolicyUserDataSet (pContext, pContext->currentPolicyId, config);
}
static INLINE void * sfPolicyUserDataGetCurrent (
tSfPolicyUserContextId pContext
)
{
return sfPolicyUserDataGet (pContext, pContext->currentPolicyId);
}
void * sfPolicyUserDataClear (
tSfPolicyUserContextId pContext,
tSfPolicyId policyId
);
int sfPolicyUserDataIterate (
tSfPolicyUserContextId pContext,
int (*callback)(tSfPolicyUserContextId pContext, tSfPolicyId policyId, void* config)
);
#endif

58
include/sf_dynamic_common.h Normal file
View File

@ -0,0 +1,58 @@
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
*
*/
#ifndef _SF_DYNAMIC_COMMON_H_
#define _SF_DYNAMIC_COMMON_H_
#ifndef WIN32
#include <sys/types.h>
#else
#include <stdint.h>
#endif
typedef void (*LogMsgFunc)(const char *, ...);
typedef void (*DebugMsgFunc)(int, char *, ...);
#ifdef HAVE_WCHAR_H
typedef void (*DebugWideMsgFunc)(int, wchar_t *, ...);
#endif
#define STD_BUF 1024
#define MAX_URIINFOS 10
#define HTTP_BUFFER_URI 0
#define HTTP_BUFFER_RAW_URI 1
#define HTTP_BUFFER_HEADER 2
#define HTTP_BUFFER_RAW_HEADER 3
#define HTTP_BUFFER_CLIENT_BODY 4
#define HTTP_BUFFER_METHOD 5
#define HTTP_BUFFER_COOKIE 6
#define HTTP_BUFFER_RAW_COOKIE 7
#define HTTP_BUFFER_STAT_CODE 8
#define HTTP_BUFFER_STAT_MSG 9
typedef struct _UriInfo
{
uint8_t *uriBuffer;
uint16_t uriLength;
uint32_t uriDecodeFlags;
} UriInfo;
#endif /* _SF_DYNAMIC_COMMON_H_ */

87
include/sf_dynamic_define.h Normal file
View File

@ -0,0 +1,87 @@
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Copyright (C) 2007-2010 Sourcefire, Inc.
*
* Author: Russ Combs
*
* #defines required by the dynamic engine. These were factored out of
* sf_snort_plugin_api.h because they are required by fpcreate.c. They
* could have been placed in sf_dynamic_engine.h but that would have
* caused all the sf_engine/examples/ *.c to depend on that file.
*/
#ifndef _SF_DYNAMIC_DEFINE_H_
#define _SF_DYNAMIC_DEFINE_H_
/* the OPTION_TYPE_* and FLOW_* values
* are used as args to the hasFunc()
* which replaces the prior has*Func()s.
*/
typedef enum {
OPTION_TYPE_PREPROCESSOR,
OPTION_TYPE_CONTENT,
OPTION_TYPE_PCRE,
OPTION_TYPE_FLOWBIT,
OPTION_TYPE_FLOWFLAGS,
OPTION_TYPE_ASN1,
OPTION_TYPE_CURSOR,
OPTION_TYPE_HDR_CHECK,
OPTION_TYPE_BYTE_TEST,
OPTION_TYPE_BYTE_JUMP,
OPTION_TYPE_BYTE_EXTRACT,
OPTION_TYPE_SET_CURSOR,
OPTION_TYPE_LOOP,
OPTION_TYPE_MAX
} DynamicOptionType;
#define FLOW_ESTABLISHED 0x0010
#define FLOW_FR_SERVER 0x0040
#define FLOW_TO_CLIENT 0x0040 /* Just for convenience */
#define FLOW_TO_SERVER 0x0080
#define FLOW_FR_CLIENT 0x0080 /* Just for convenience */
#define FLOW_IGNORE_REASSEMBLED 0x1000
#define FLOW_ONLY_REASSEMBLED 0x2000
#define FLOW_ONLY_REASSMBLED FLOW_ONLY_REASSEMBLED
#define SNORT_PCRE_OVERRIDE_MATCH_LIMIT 0x8000000
#if defined _WIN32 || defined __CYGWIN__
# if defined SF_SNORT_ENGINE_DLL || defined SF_SNORT_DETECTION_DLL || defined SF_SNORT_PREPROC_DLL
# ifdef __GNUC__
# define SO_PUBLIC __attribute__((dllexport))
# else
# define SO_PUBLIC __declspec(dllexport)
# endif
# else
# ifdef __GNUC__
# define SO_PUBLIC __attribute__((dllimport))
# else
# define SO_PUBLIC __declspec(dllimport)
# endif
# endif
# define DLL_LOCAL
#else
# ifdef HAVE_VISIBILITY
# define SO_PUBLIC __attribute__ ((visibility("default")))
# define SO_PRIVATE __attribute__ ((visibility("hidden")))
# else
# define SO_PUBLIC
# define SO_PRIVATE
# endif
#endif
#endif /* _SF_DYNAMIC_DEFINE_H_ */

206
include/sf_dynamic_engine.h Normal file
View File

@ -0,0 +1,206 @@
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
*
* Author: Steven Sturges
*
* Dynamic Library Loading for Snort
*
*/
#ifndef _SF_DYNAMIC_ENGINE_H_
#define _SF_DYNAMIC_ENGINE_H_
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifndef WIN32
#include <sys/types.h>
#else
#include <stdint.h>
#endif
#include "sf_dynamic_define.h"
#include "sf_dynamic_meta.h"
#include "sf_types.h"
/* specifies that a function does not return
* used for quieting Visual Studio warnings
*/
#ifdef WIN32
#if _MSC_VER >= 1400
#define NORETURN __declspec(noreturn)
#else
#define NORETURN
#endif
#else
#define NORETURN
#endif
/* Function prototype used to evaluate a special OTN */
typedef int (*OTNCheckFunction)(void* pPacket, void* pRule);
/* flowFlag is FLOW_*; check flowFlag iff non-zero */
typedef int (*OTNHasFunction)(void* pRule, DynamicOptionType, int flowFlag);
/* Data struct & function prototype used to get list of
* Fast Pattern Content information. */
typedef struct _FPContentInfo
{
char *content;
int length;
int offset;
int depth;
char noCaseFlag;
char exception_flag;
char is_relative;
char fp;
char fp_only;
u_int16_t fp_offset;
u_int16_t fp_length;
struct _FPContentInfo *next;
} FPContentInfo;
/* Parameters are rule info pointer, int to indicate URI or NORM,
* and list pointer */
#define CONTENT_NORMAL 0x01
#define CONTENT_HTTP_URI 0x02
#define CONTENT_HTTP_HEADER 0x04
#define CONTENT_HTTP_CLIENT_BODY 0x08
#define CONTENT_HTTP_METHOD 0x10
#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\
CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD)
typedef int (*GetDynamicContentsFunction)(void *, int, FPContentInfo **);
typedef int (*GetDynamicPreprocOptFpContentsFunc)(void *, FPContentInfo **);
typedef void (*RuleFreeFunc)(void *);
/* ruleInfo is passed to OTNCheckFunction when the fast pattern matches. */
typedef int (*RegisterRule)(
u_int32_t, u_int32_t, void *,
OTNCheckFunction, OTNHasFunction,
int, GetDynamicContentsFunction, RuleFreeFunc,
GetDynamicPreprocOptFpContentsFunc
);
typedef u_int32_t (*RegisterBit)(char *, int);
typedef int (*CheckFlowbit)(void *, int, u_int32_t);
typedef int (*DetectAsn1)(void *, void *, const u_int8_t *);
typedef int (*PreprocOptionEval)(void *p, const u_int8_t **cursor, void *dataPtr);
typedef int (*PreprocOptionInit)(char *, char *, void **dataPtr);
typedef void (*PreprocOptionCleanup)(void *dataPtr);
#define PREPROC_OPT_EQUAL 0
#define PREPROC_OPT_NOT_EQUAL 1
typedef u_int32_t (*PreprocOptionHash)(void *);
typedef int (*PreprocOptionKeyCompare)(void *, void *);
/* Function prototype for rule options that want to add patterns to the
* fast pattern matcher */
typedef int (*PreprocOptionFastPatternFunc)
(void *rule_opt_data, int protocol, int direction, FPContentInfo **info);
typedef int (*PreprocOptionOtnHandler)(void *);
typedef int (*RegisterPreprocRuleOpt)(
char *, PreprocOptionInit, PreprocOptionEval,
PreprocOptionCleanup, PreprocOptionHash, PreprocOptionKeyCompare,
PreprocOptionOtnHandler, PreprocOptionFastPatternFunc);
typedef int (*PreprocRuleOptInit)(void *);
typedef void (*SetRuleData)(void *, void *);
typedef void *(*GetRuleData)(void *);
/* Info Data passed to dynamic engine plugin must include:
* version
* Pointer to AltDecodeBuffer
* Pointer to HTTP URI Buffers
* Pointer to function to register C Rule
* Pointer to function to register C Rule flowbits
* Pointer to function to check flowbit
* Pointer to function to do ASN1 Detection
* Pointer to functions to log Messages, Errors, Fatal Errors
* Directory path
*/
#include "sf_dynamic_common.h"
#define ENGINE_DATA_VERSION 5
typedef void *(*PCRECompileFunc)(const char *, int, const char **, int *, const unsigned char *);
typedef void *(*PCREStudyFunc)(const void *, int, const char **);
typedef int (*PCREExecFunc)(const void *, const void *, const char *, int, int, int, int *, int);
typedef struct _DynamicEngineData
{
int version;
u_int8_t *altBuffer;
UriInfo *uriBuffers[MAX_URIINFOS];
RegisterRule ruleRegister;
RegisterBit flowbitRegister;
CheckFlowbit flowbitCheck;
DetectAsn1 asn1Detect;
LogMsgFunc logMsg;
LogMsgFunc errMsg;
LogMsgFunc fatalMsg;
char *dataDumpDirectory;
PreprocRuleOptInit preprocRuleOptInit;
SetRuleData setRuleData;
GetRuleData getRuleData;
DebugMsgFunc debugMsg;
#ifdef HAVE_WCHAR_H
DebugWideMsgFunc debugWideMsg;
#endif
char **debugMsgFile;
int *debugMsgLine;
PCRECompileFunc pcreCompile;
PCREStudyFunc pcreStudy;
PCREExecFunc pcreExec;
} DynamicEngineData;
/* Function prototypes for Dynamic Engine Plugins */
void CloseDynamicEngineLibs(void);
void LoadAllDynamicEngineLibs(char *path);
int LoadDynamicEngineLib(char *library_name, int indent);
typedef int (*InitEngineLibFunc)(DynamicEngineData *);
typedef int (*CompatibilityFunc)(DynamicPluginMeta *meta, DynamicPluginMeta *lib);
int InitDynamicEngines(char *);
void RemoveDuplicateEngines(void);
int DumpDetectionLibRules(void);
int ValidateDynamicEngines(void);
/* This was necessary because of static code analysis not recognizing that
* fatalMsg did not return - use instead of fatalMsg
*/
NORETURN void DynamicEngineFatalMessage(const char *format, ...);
typedef struct _PreprocessorOptionInfo
{
PreprocOptionInit optionInit;
PreprocOptionEval optionEval;
PreprocOptionCleanup optionCleanup;
void *data;
PreprocOptionHash optionHash;
PreprocOptionKeyCompare optionKeyCompare;
PreprocOptionOtnHandler otnHandler;
PreprocOptionFastPatternFunc optionFpFunc;
} PreprocessorOptionInfo;
#endif /* _SF_DYNAMIC_ENGINE_H_ */

45
include/sf_dynamic_meta.h Normal file
View File

@ -0,0 +1,45 @@
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
*
* Author: Steven Sturges
*
* Dynamic Library Loading for Snort
*
*/
#ifndef _SF_DYNAMIC_META_H_
#define _SF_DYNAMIC_META_H_
#define MAX_NAME_LEN 1024
#define TYPE_ENGINE 0x01
#define TYPE_DETECTION 0x02
#define TYPE_PREPROCESSOR 0x04
typedef struct _DynamicPluginMeta
{
int type;
int major;
int minor;
int build;
char uniqueName[MAX_NAME_LEN];
char *libraryPath;
} DynamicPluginMeta;
typedef int (*LibVersionFunc)(DynamicPluginMeta *);
#endif /* _SF_DYNAMIC_META_H_ */

0
sf_dynamic_preproc_lib.c → include/sf_dynamic_preproc_lib.c
View File

39
include/sf_dynamic_preproc_lib.h Normal file
View File

@ -0,0 +1,39 @@
/*
** Copyright (C) 2005-2010 Sourcefire, Inc.
** Author: Steven Sturges
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* $Id$ */
/* Snort Dynamic Preprocessor */
#ifndef __SF_DYNAMIC_PREPROC_LIB_H_
#define __SF_DYNAMIC_PREPROC_LIB_H_
#ifdef WIN32
#ifdef SF_SNORT_PREPROC_DLL
#define BUILDING_SO
#define PREPROC_LINKAGE SO_PUBLIC
#else
#define PREPROC_LINKAGE
#endif
#else /* WIN32 */
#define PREPROC_LINKAGE SO_PUBLIC
#endif
#endif /* __SF_DYNAMIC_PREPROC_LIB_H_ */

271
include/sf_dynamic_preprocessor.h Normal file
View File

@ -0,0 +1,271 @@
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
*
* Author: Steven Sturges
*
* Dynamic Library Loading for Snort
*
*/
#ifndef _SF_DYNAMIC_PREPROCESSOR_H_
#define _SF_DYNAMIC_PREPROCESSOR_H_
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <ctype.h>
#ifdef HAVE_WCHAR_H
#include <wchar.h>
#endif
#include "sf_dynamic_meta.h"
#include "ipv6_port.h"
#include "sf_types.h"
/* specifies that a function does not return
* used for quieting Visual Studio warnings
*/
#ifdef WIN32
#if _MSC_VER >= 1400
#define NORETURN __declspec(noreturn)
#else
#define NORETURN
#endif
#else
#define NORETURN
#endif
#ifdef PERF_PROFILING
#ifndef PROFILE_PREPROCS_NOREDEF /* Don't redefine this from the main area */
#ifdef PROFILING_PREPROCS
#undef PROFILING_PREPROCS
#endif
#define PROFILING_PREPROCS _dpd.profilingPreprocsFunc()
#endif
#endif
#define PREPROCESSOR_DATA_VERSION 5
#include "sf_dynamic_common.h"
#include "sf_dynamic_engine.h"
#include "stream_api.h"
#include "str_search.h"
#include "obfuscation.h"
#define MINIMUM_DYNAMIC_PREPROC_ID 10000
typedef void (*PreprocessorInitFunc)(char *);
typedef void * (*AddPreprocFunc)(void (*func)(void *, void *), u_int16_t, u_int32_t, u_int32_t);
typedef void (*AddPreprocExit)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocRestart)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocConfCheck)(void (*func) (void));
typedef int (*AlertQueueAdd)(unsigned int, unsigned int, unsigned int,
unsigned int, unsigned int, char *, void *);
typedef uint32_t (*GenSnortEvent)(SFSnortPacket *p, uint32_t gid, uint32_t sid, uint32_t rev,
uint32_t classification, uint32_t priority, char *msg);
#ifdef SNORT_RELOAD
typedef void (*PreprocessorReloadFunc)(char *);
typedef int (*PreprocessorReloadVerifyFunc)(void);
typedef void * (*PreprocessorReloadSwapFunc)(void);
typedef void (*PreprocessorReloadSwapFreeFunc)(void *);
#endif
#ifndef SNORT_RELOAD
typedef void (*PreprocRegisterFunc)(char *, PreprocessorInitFunc);
#else
typedef void (*PreprocRegisterFunc)(char *, PreprocessorInitFunc,
PreprocessorReloadFunc,
PreprocessorReloadSwapFunc,
PreprocessorReloadSwapFreeFunc);
typedef void (*AddPreprocReloadVerifyFunc)(PreprocessorReloadVerifyFunc);
#endif
typedef int (*ThresholdCheckFunc)(unsigned int, unsigned int, snort_ip_p, snort_ip_p, long);
typedef int (*InlineDropFunc)(void *);
typedef void (*DisableDetectFunc)(void *);
typedef int (*SetPreprocBitFunc)(void *, u_int32_t);
typedef int (*DetectFunc)(void *);
typedef void *(*GetRuleInfoByNameFunc)(char *);
typedef void *(*GetRuleInfoByIdFunc)(int);
typedef int (*printfappendfunc)(char *, int, const char *, ...);
typedef char ** (*TokenSplitFunc)(const char *, const char *, const int, int *, const char);
typedef void (*TokenFreeFunc)(char ***, int);
typedef void (*AddPreprocProfileFunc)(char *, void *, int, void *);
typedef int (*ProfilingFunc)(void);
typedef int (*PreprocessFunc)(void *);
typedef void (*PreprocStatsRegisterFunc)(char *, void (*func)(int));
typedef void (*AddPreprocReset)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocResetStats)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocReassemblyPktFunc)(void * (*func)(void), u_int32_t);
typedef int (*SetPreprocReassemblyPktBitFunc)(void *, u_int32_t);
typedef void (*DisablePreprocessorsFunc)(void *);
#ifdef TARGET_BASED
typedef int16_t (*FindProtocolReferenceFunc)(char *);
typedef int16_t (*AddProtocolReferenceFunc)(char *);
typedef int (*IsAdaptiveConfiguredFunc)(tSfPolicyId, int);
#endif
#ifdef SUP_IP6
typedef void (*IP6BuildFunc)(void *, const void *, int);
#define SET_CALLBACK_IP 0
#define SET_CALLBACK_ICMP_ORIG 1
typedef void (*IP6SetCallbacksFunc)(void *, int, char);
#endif
typedef void (*AddKeywordOverrideFunc)(char *, char *, PreprocOptionInit,
PreprocOptionEval, PreprocOptionCleanup, PreprocOptionHash,
PreprocOptionKeyCompare, PreprocOptionOtnHandler,
PreprocOptionFastPatternFunc);
typedef int (*IsPreprocEnabledFunc)(u_int32_t);
typedef char * (*PortArrayFunc)(char *, void *, int *);
typedef int (*AlertQueueLog)(void *);
typedef void (*AlertQueueControl)(void); // reset, push, and pop
typedef tSfPolicyId (*GetPolicyFunc)(void);
typedef void (*SetPolicyFunc)(tSfPolicyId);
typedef int (*GetInlineMode)(void);
typedef void (*SetFileDataPtrFunc)(const u_char *);
typedef long (*DynamicStrtol)(const char *, char **, int);
typedef unsigned long(*DynamicStrtoul)(const char *, char **, int);
typedef int (*EvalRTNFunc)(void *rtn, void *p, int check_ports);
/* Info Data passed to dynamic preprocessor plugin must include:
* version
* Pointer to AltDecodeBuffer
* Pointer to HTTP URI Buffers
* Pointer to functions to log Messages, Errors, Fatal Errors
* Pointer to function to add preprocessor to list of configure Preprocs
* Pointer to function to regsiter preprocessor configuration keyword
* Pointer to function to create preprocessor alert
*/
typedef struct _DynamicPreprocessorData
{
int version;
int size;
u_int8_t *altBuffer;
unsigned int altBufferLen;
UriInfo *uriBuffers[MAX_URIINFOS];
LogMsgFunc logMsg;
LogMsgFunc errMsg;
LogMsgFunc fatalMsg;
DebugMsgFunc debugMsg;
PreprocRegisterFunc registerPreproc;
AddPreprocFunc addPreproc;
AddPreprocRestart addPreprocRestart;
AddPreprocExit addPreprocExit;
AddPreprocConfCheck addPreprocConfCheck;
RegisterPreprocRuleOpt preprocOptRegister;
AddPreprocProfileFunc addPreprocProfileFunc;
ProfilingFunc profilingPreprocsFunc;
void *totalPerfStats;
AlertQueueAdd alertAdd;
GenSnortEvent genSnortEvent;
ThresholdCheckFunc thresholdCheck;
GetInlineMode inlineMode;
InlineDropFunc inlineDrop;
DetectFunc detect;
DisableDetectFunc disableDetect;
DisableDetectFunc disableAllDetect;
SetPreprocBitFunc setPreprocBit;
StreamAPI *streamAPI;
SearchAPI *searchAPI;
char **config_file;
int *config_line;
printfappendfunc printfappend;
TokenSplitFunc tokenSplit;
TokenFreeFunc tokenFree;
GetRuleInfoByNameFunc getRuleInfoByName;
GetRuleInfoByIdFunc getRuleInfoById;
#ifdef HAVE_WCHAR_H
DebugWideMsgFunc debugWideMsg;
#endif
PreprocessFunc preprocess;
char **debugMsgFile;
int *debugMsgLine;
PreprocStatsRegisterFunc registerPreprocStats;
AddPreprocReset addPreprocReset;
AddPreprocResetStats addPreprocResetStats;
AddPreprocReassemblyPktFunc addPreprocReassemblyPkt;
SetPreprocReassemblyPktBitFunc setPreprocReassemblyPktBit;
DisablePreprocessorsFunc disablePreprocessors;
#ifdef SUP_IP6
IP6BuildFunc ip6Build;
IP6SetCallbacksFunc ip6SetCallbacks;
#endif
AlertQueueLog logAlerts;
AlertQueueControl resetAlerts;
AlertQueueControl pushAlerts;
AlertQueueControl popAlerts;
#ifdef TARGET_BASED
FindProtocolReferenceFunc findProtocolReference;
AddProtocolReferenceFunc addProtocolReference;
IsAdaptiveConfiguredFunc isAdaptiveConfigured;
#endif
AddKeywordOverrideFunc preprocOptOverrideKeyword;
IsPreprocEnabledFunc isPreprocEnabled;
#ifdef SNORT_RELOAD
AddPreprocReloadVerifyFunc addPreprocReloadVerify;
#endif
PortArrayFunc portObjectCharPortArray;
GetPolicyFunc getRuntimePolicy;
GetPolicyFunc getParserPolicy;
GetPolicyFunc getDefaultPolicy;
SetPolicyFunc setParserPolicy;
SetFileDataPtrFunc setFileDataPtr;
DynamicStrtol SnortStrtol;
DynamicStrtoul SnortStrtoul;
EvalRTNFunc fpEvalRTN;
ObfuscationApi *obApi;
} DynamicPreprocessorData;
/* Function prototypes for Dynamic Preprocessor Plugins */
void CloseDynamicPreprocessorLibs(void);
int LoadDynamicPreprocessor(char *library_name, int indent);
void LoadAllDynamicPreprocessors(char *path);
typedef int (*InitPreprocessorLibFunc)(DynamicPreprocessorData *);
int InitDynamicPreprocessors(void);
void RemoveDuplicatePreprocessorPlugins(void);
/* This was necessary because of static code analysis not recognizing that
* fatalMsg did not return - use instead of fatalMsg
*/
NORETURN void DynamicPreprocessorFatalMessage(const char *format, ...);
#endif /* _SF_DYNAMIC_PREPROCESSOR_H_ */

272
include/sf_dynamic_preprocessor.h.new Normal file
View File

@ -0,0 +1,272 @@
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
*
* Author: Steven Sturges
*
* Dynamic Library Loading for Snort
*
*/
#ifndef _SF_DYNAMIC_PREPROCESSOR_H_
#define _SF_DYNAMIC_PREPROCESSOR_H_
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <ctype.h>
#ifdef HAVE_WCHAR_H
#include <wchar.h>
#endif
#include "sf_dynamic_meta.h"
#include "ipv6_port.h"
#include "sf_types.h"
/* specifies that a function does not return
* used for quieting Visual Studio warnings
*/
#ifdef WIN32
#if _MSC_VER >= 1400
#define NORETURN __declspec(noreturn)
#else
#define NORETURN
#endif
#else
#define NORETURN
#endif
#ifdef PERF_PROFILING
#ifndef PROFILE_PREPROCS_NOREDEF /* Don't redefine this from the main area */
#ifdef PROFILING_PREPROCS
#undef PROFILING_PREPROCS
#endif
#define PROFILING_PREPROCS _dpd.profilingPreprocsFunc()
#endif
#endif
#define PREPROCESSOR_DATA_VERSION 5
#include "sf_dynamic_common.h"
#include "sf_dynamic_engine.h"
#include "stream_api.h"
#include "str_search.h"
#include "obfuscation.h"
#include "sfportobject.h"
#define MINIMUM_DYNAMIC_PREPROC_ID 10000
typedef void (*PreprocessorInitFunc)(char *);
typedef void * (*AddPreprocFunc)(void (*func)(void *, void *), u_int16_t, u_int32_t, u_int32_t);
typedef void (*AddPreprocExit)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocRestart)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocConfCheck)(void (*func) (void));
typedef int (*AlertQueueAdd)(unsigned int, unsigned int, unsigned int,
unsigned int, unsigned int, char *, void *);
typedef uint32_t (*GenSnortEvent)(Packet *p, uint32_t gid, uint32_t sid, uint32_t rev,
uint32_t classification, uint32_t priority, char *msg);
#ifdef SNORT_RELOAD
typedef void (*PreprocessorReloadFunc)(char *);
typedef int (*PreprocessorReloadVerifyFunc)(void);
typedef void * (*PreprocessorReloadSwapFunc)(void);
typedef void (*PreprocessorReloadSwapFreeFunc)(void *);
#endif
#ifndef SNORT_RELOAD
typedef void (*PreprocRegisterFunc)(char *, PreprocessorInitFunc);
#else
typedef void (*PreprocRegisterFunc)(char *, PreprocessorInitFunc,
PreprocessorReloadFunc,
PreprocessorReloadSwapFunc,
PreprocessorReloadSwapFreeFunc);
typedef void (*AddPreprocReloadVerifyFunc)(PreprocessorReloadVerifyFunc);
#endif
typedef int (*ThresholdCheckFunc)(unsigned int, unsigned int, snort_ip_p, snort_ip_p, long);
typedef int (*InlineDropFunc)(void *);
typedef void (*DisableDetectFunc)(void *);
typedef int (*SetPreprocBitFunc)(void *, u_int32_t);
typedef int (*DetectFunc)(void *);
typedef void *(*GetRuleInfoByNameFunc)(char *);
typedef void *(*GetRuleInfoByIdFunc)(int);
typedef int (*printfappendfunc)(char *, int, const char *, ...);
typedef char ** (*TokenSplitFunc)(const char *, const char *, const int, int *, const char);
typedef void (*TokenFreeFunc)(char ***, int);
typedef void (*AddPreprocProfileFunc)(char *, void *, int, void *);
typedef int (*ProfilingFunc)(void);
typedef int (*PreprocessFunc)(void *);
typedef void (*PreprocStatsRegisterFunc)(char *, void (*func)(int));
typedef void (*AddPreprocReset)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocResetStats)(void (*func) (int, void *), void *arg, u_int16_t, u_int32_t);
typedef void (*AddPreprocReassemblyPktFunc)(void * (*func)(void), u_int32_t);
typedef int (*SetPreprocReassemblyPktBitFunc)(void *, u_int32_t);
typedef void (*DisablePreprocessorsFunc)(void *);
#ifdef TARGET_BASED
typedef int16_t (*FindProtocolReferenceFunc)(char *);
typedef int16_t (*AddProtocolReferenceFunc)(char *);
typedef int (*IsAdaptiveConfiguredFunc)(tSfPolicyId, int);
#endif
#ifdef SUP_IP6
typedef void (*IP6BuildFunc)(void *, const void *, int);
#define SET_CALLBACK_IP 0
#define SET_CALLBACK_ICMP_ORIG 1
typedef void (*IP6SetCallbacksFunc)(void *, int, char);
#endif
typedef void (*AddKeywordOverrideFunc)(char *, char *, PreprocOptionInit,
PreprocOptionEval, PreprocOptionCleanup, PreprocOptionHash,
PreprocOptionKeyCompare, PreprocOptionOtnHandler,
PreprocOptionFastPatternFunc);
typedef int (*IsPreprocEnabledFunc)(u_int32_t);
typedef char * (*PortArrayFunc)(char *, PortObject *, int *);
typedef int (*AlertQueueLog)(void *);
typedef void (*AlertQueueControl)(void); // reset, push, and pop
typedef tSfPolicyId (*GetPolicyFunc)(void);
typedef void (*SetPolicyFunc)(tSfPolicyId);
typedef int (*GetInlineMode)(void);
typedef void (*SetFileDataPtrFunc)(const u_char *);
typedef long (*DynamicStrtol)(const char *, char **, int);
typedef unsigned long(*DynamicStrtoul)(const char *, char **, int);
typedef int (*EvalRTNFunc)(void *rtn, void *p, int check_ports);
/* Info Data passed to dynamic preprocessor plugin must include:
* version
* Pointer to AltDecodeBuffer
* Pointer to HTTP URI Buffers
* Pointer to functions to log Messages, Errors, Fatal Errors
* Pointer to function to add preprocessor to list of configure Preprocs
* Pointer to function to regsiter preprocessor configuration keyword
* Pointer to function to create preprocessor alert
*/
typedef struct _DynamicPreprocessorData
{
int version;
int size;
u_int8_t *altBuffer;
unsigned int altBufferLen;
UriInfo *uriBuffers[MAX_URIINFOS];
LogMsgFunc logMsg;
LogMsgFunc errMsg;
LogMsgFunc fatalMsg;
DebugMsgFunc debugMsg;
PreprocRegisterFunc registerPreproc;
AddPreprocFunc addPreproc;
AddPreprocRestart addPreprocRestart;
AddPreprocExit addPreprocExit;
AddPreprocConfCheck addPreprocConfCheck;
RegisterPreprocRuleOpt preprocOptRegister;
AddPreprocProfileFunc addPreprocProfileFunc;
ProfilingFunc profilingPreprocsFunc;
void *totalPerfStats;
AlertQueueAdd alertAdd;
GenSnortEvent genSnortEvent;
ThresholdCheckFunc thresholdCheck;
GetInlineMode inlineMode;
InlineDropFunc inlineDrop;
DetectFunc detect;
DisableDetectFunc disableDetect;
DisableDetectFunc disableAllDetect;
SetPreprocBitFunc setPreprocBit;
StreamAPI *streamAPI;
SearchAPI *searchAPI;
char **config_file;
int *config_line;
printfappendfunc printfappend;
TokenSplitFunc tokenSplit;
TokenFreeFunc tokenFree;
GetRuleInfoByNameFunc getRuleInfoByName;
GetRuleInfoByIdFunc getRuleInfoById;
#ifdef HAVE_WCHAR_H
DebugWideMsgFunc debugWideMsg;
#endif
PreprocessFunc preprocess;
char **debugMsgFile;
int *debugMsgLine;
PreprocStatsRegisterFunc registerPreprocStats;
AddPreprocReset addPreprocReset;
AddPreprocResetStats addPreprocResetStats;
AddPreprocReassemblyPktFunc addPreprocReassemblyPkt;
SetPreprocReassemblyPktBitFunc setPreprocReassemblyPktBit;
DisablePreprocessorsFunc disablePreprocessors;
#ifdef SUP_IP6
IP6BuildFunc ip6Build;
IP6SetCallbacksFunc ip6SetCallbacks;
#endif
AlertQueueLog logAlerts;
AlertQueueControl resetAlerts;
AlertQueueControl pushAlerts;
AlertQueueControl popAlerts;
#ifdef TARGET_BASED
FindProtocolReferenceFunc findProtocolReference;
AddProtocolReferenceFunc addProtocolReference;
IsAdaptiveConfiguredFunc isAdaptiveConfigured;
#endif
AddKeywordOverrideFunc preprocOptOverrideKeyword;
IsPreprocEnabledFunc isPreprocEnabled;
#ifdef SNORT_RELOAD
AddPreprocReloadVerifyFunc addPreprocReloadVerify;
#endif
PortArrayFunc portObjectCharPortArray;
GetPolicyFunc getRuntimePolicy;
GetPolicyFunc getParserPolicy;
GetPolicyFunc getDefaultPolicy;
SetPolicyFunc setParserPolicy;
SetFileDataPtrFunc setFileDataPtr;
DynamicStrtol SnortStrtol;
DynamicStrtoul SnortStrtoul;
EvalRTNFunc fpEvalRTN;
ObfuscationApi *obApi;
} DynamicPreprocessorData;
/* Function prototypes for Dynamic Preprocessor Plugins */
void CloseDynamicPreprocessorLibs(void);
int LoadDynamicPreprocessor(char *library_name, int indent);
void LoadAllDynamicPreprocessors(char *path);
typedef int (*InitPreprocessorLibFunc)(DynamicPreprocessorData *);
int InitDynamicPreprocessors(void);
void RemoveDuplicatePreprocessorPlugins(void);
/* This was necessary because of static code analysis not recognizing that
* fatalMsg did not return - use instead of fatalMsg
*/
NORETURN void DynamicPreprocessorFatalMessage(const char *format, ...);
#endif /* _SF_DYNAMIC_PREPROCESSOR_H_ */

577
include/sf_ip.c Normal file
View File

@ -0,0 +1,577 @@
/*
** Copyright (C) 1998-2010 Sourcefire, Inc.
** Adam Keeton
** Kevin Liu <kliu@sourcefire.com>
**
** $Id$
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/*
* Adam Keeton
* sf_ip.c
* 11/17/06
*
* Library for managing IP addresses of either v6 or v4 families.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <math.h> /* For ceil */
#include "sf_ip.h"
/* For inet_pton */
#ifndef WIN32
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#endif /* WIN32 */
#if 0
/* Support function .. but could see some external uses */
static INLINE int sfip_length(sfip_t *ip) {
ARG_CHECK1(ip, 0);
if(sfip_family(ip) == AF_INET) return 4;
return 16;
}
#endif
/* Support function */
// note that an ip6 address may have a trailing dotted quad form
// but that it always has at least 2 ':'s; furthermore there is
// no valid ip4 format (including mask) with 2 ':'s
// we don't have to figure out if the format is entirely legal
// we just have to be able to tell correct formats apart
static INLINE int sfip_str_to_fam(const char *str) {
const char* s;
ARG_CHECK1(str, 0);
s = strchr(str, (int)':');
if ( s && strchr(s+1, (int)':') ) return AF_INET6;
if ( strchr(str, (int)'.') ) return AF_INET;
return AF_UNSPEC;
}
/* Place-holder allocation incase we want to do something more indepth later */
static INLINE sfip_t *_sfip_alloc() {
/* Note: using calloc here instead of SnortAlloc since the dynamic libs
* can't presently resolve SnortAlloc */
return (sfip_t*)calloc(sizeof(sfip_t), 1);
}
/* Masks off 'val' bits from the IP contained within 'ip' */
static INLINE int sfip_cidr_mask(sfip_t *ip, int val) {
int i;
unsigned int mask = 0;
unsigned int *p;
int index = (int)ceil(val / 32.0) - 1;
ARG_CHECK1(ip, SFIP_ARG_ERR);
p = ip->ip32;
if( val < 0 ||
((sfip_family(ip) == AF_INET6) && val > 128) ||
((sfip_family(ip) == AF_INET) && val > 32) ) {
return SFIP_ARG_ERR;
}
/* Build the netmask by converting "val" into
* the corresponding number of bits that are set */
for(i = 0; i < 32- (val - (index * 32)); i++)
mask = (mask<<1) + 1;
p[index] = htonl((ntohl(p[index]) & ~mask));
index++;
/* 0 off the rest of the IP */
for( ; index<4; index++) p[index] = 0;
return SFIP_SUCCESS;
}
/* Allocate IP address from a character array describing the IP */
sfip_t *sfip_alloc(const char *ip, SFIP_RET *status) {
SFIP_RET tmp;
sfip_t *ret;
if(!ip) {
if(status)
*status = SFIP_ARG_ERR;
return NULL;
}
if((ret = _sfip_alloc()) == NULL) {
if(status)
*status = SFIP_ALLOC_ERR;
return NULL;
}
if( (tmp = sfip_pton(ip, ret)) != SFIP_SUCCESS) {
if(status)
*status = tmp;
sfip_free(ret);
return NULL;
}
if(status)
*status = SFIP_SUCCESS;
return ret;
}
/* Allocate IP address from an array of 8 byte integers */
sfip_t *sfip_alloc_raw(void *ip, int family, SFIP_RET *status) {
sfip_t *ret;
if(!ip) {
if(status)
*status = SFIP_ARG_ERR;
return NULL;
}
if((ret = _sfip_alloc()) == NULL) {
if(status)
*status = SFIP_ALLOC_ERR;
return NULL;
}
ret->bits = (family==AF_INET?32:128);
ret->family = family;
/* XXX Replace with appropriate "high speed" copy */
memcpy(ret->ip8, ip, ret->bits/8);
if(status)
*status = SFIP_SUCCESS;
return ret;
}
/* Support function for _netmask_str_to_bit_count */
static INLINE int _count_bits(unsigned int val) {
unsigned int count;
for (count = 0; val; count++) {
val &= val - 1;
}
return count;
}
/* Support function for sfip_pton. Used for converting a netmask string
* into a number of bits to mask off */
static INLINE int _netmask_str_to_bit_count(char *mask, int family) {
u_int32_t buf[4];
int bits, i, nBits, nBytes;
u_int8_t* bytes = (u_int8_t*)buf;
/* XXX
* Mask not validated.
* Only sfip_pton should be using this function, and using it safely.
* XXX */
if(inet_pton(family, mask, buf) < 1)
return -1;
bits = _count_bits(buf[0]);
if(family == AF_INET6) {
bits += _count_bits(buf[1]);
bits += _count_bits(buf[2]);
bits += _count_bits(buf[3]);
nBytes = 16;
} else {
nBytes = 4;
}
// now make sure that only the most significant bits are set
nBits = bits;
for ( i = 0; i < nBytes; i++ ) {
if ( nBits >= 8 ) {
if ( bytes[i] != 0xff ) return -1;
nBits -= 8;
} else if ( nBits == 0 ) {
if ( bytes[i] != 0x00 ) return -1;
} else {
if ( bytes[i] != ((0xff00 >> nBits) & 0xff) ) return -1;
nBits = 0;
}
}
return bits;
}
/* Parses "src" and stores results in "dst" */
SFIP_RET sfip_pton(const char *src, sfip_t *dst) {
char *mask;
char *sfip_buf;
char *ip;
int bits;
if(!dst || !src)
return SFIP_ARG_ERR;
if((sfip_buf = strdup(src)) == NULL)
return SFIP_ALLOC_ERR;
ip = sfip_buf;
dst->family = sfip_str_to_fam(src);
/* skip whitespace or opening bracket */
while(isspace((int)*ip) || (*ip == '[')) ip++;
/* check for and extract a mask in CIDR form */
if( (mask = strchr(ip, (int)'/')) != NULL ) {
/* NULL out this character so inet_pton will see the
* correct ending to the IP string */
char* end = mask++;
while ( (end > ip) && isspace((int)end[-1]) ) end--;
*end = 0;
while(isspace((int)*mask)) mask++;
/* verify a leading digit */
if(((dst->family == AF_INET6) && !isxdigit((int)*mask)) ||
((dst->family == AF_INET) && !isdigit((int)*mask))) {
free(sfip_buf);
return SFIP_CIDR_ERR;
}
/* Check if there's a netmask here instead of the number of bits */
if(strchr(mask, (int)'.') || strchr(mask, (int)':'))
bits = _netmask_str_to_bit_count(mask, sfip_str_to_fam(mask));
else
bits = atoi(mask);
}
else if(
/* If this is IPv4, ia ':' may used specified to indicate a netmask */
((dst->family == AF_INET) && (mask = strchr(ip, (int)':')) != NULL) ||
/* We've already skipped the leading whitespace, if there is more
* whitespace, then there's probably a netmask specified after it. */
(mask = strchr(ip, (int)' ')) != NULL
) {
char* end = mask++;
while ( (end > ip) && isspace((int)end[-1]) ) end--;
*end = 0; /* Now the IP will end at this point */
/* skip whitespace */
while(isspace((int)*mask)) mask++;
/* Make sure we're either looking at a valid digit, or a leading
* colon, such as can be the case with IPv6 */
if(((dst->family == AF_INET) && isdigit((int)*mask)) ||
((dst->family == AF_INET6) && (isxdigit((int)*mask) || *mask == ':'))) {
bits = _netmask_str_to_bit_count(mask, sfip_str_to_fam(mask));
}
/* No netmask */
else {
if(dst->family == AF_INET) bits = 32;
else bits = 128;
}
}
/* No netmask */
else {
if(dst->family == AF_INET) bits = 32;
else bits = 128;
}
if(inet_pton(dst->family, ip, dst->ip8) < 1) {
free(sfip_buf);
return SFIP_INET_PARSE_ERR;
}
/* Store mask */
dst->bits = bits;
/* Apply mask */
if(sfip_cidr_mask(dst, bits) != SFIP_SUCCESS) {
free(sfip_buf);
return SFIP_INVALID_MASK;
}
free(sfip_buf);
return SFIP_SUCCESS;
}
/* Sets existing IP, "dst", to be source IP, "src" */
SFIP_RET sfip_set_raw(sfip_t *dst, void *src, int family) {
ARG_CHECK3(dst, src, dst->ip32, SFIP_ARG_ERR);
dst->family = family;
if(family == AF_INET) {
dst->ip32[0] = *(u_int32_t*)src;
memset(&dst->ip32[1], 0, 12);
dst->bits = 32;
} else if(family == AF_INET6) {
memcpy(dst->ip8, src, 16);
dst->bits = 128;
} else {
return SFIP_ARG_ERR;
}
return SFIP_SUCCESS;
}
/* Sets existing IP, "dst", to be source IP, "src" */
SFIP_RET sfip_set_ip(sfip_t *dst, sfip_t *src) {
ARG_CHECK2(dst, src, SFIP_ARG_ERR);
dst->family = src->family;
dst->bits = src->bits;
dst->ip32[0] = src->ip32[0];
dst->ip32[1] = src->ip32[1];
dst->ip32[2] = src->ip32[2];
dst->ip32[3] = src->ip32[3];
return SFIP_SUCCESS;
}
/* Obfuscates an IP
* Makes 'ip': ob | (ip & mask) */
void sfip_obfuscate(sfip_t *ob, sfip_t *ip) {
unsigned int *ob_p, *ip_p;
int index, i;
unsigned int mask = 0;
if(!ob || !ip)
return;
ob_p = ob->ip32;
ip_p = ip->ip32;
/* Build the netmask by converting "val" into
* the corresponding number of bits that are set */
index = (int)ceil(ob->bits / 32.0) - 1;
for(i = 0; i < 32- (ob->bits - (index * 32)); i++)
mask = (mask<<1) + 1;
/* Note: The old-Snort obfuscation code uses !mask for masking.
* hence, this code uses the same algorithm as sfip_cidr_mask
* except the mask below is not negated. */
ip_p[index] = htonl((ntohl(ip_p[index]) & mask));
/* 0 off the start of the IP */
while ( index > 0 ) ip_p[--index] = 0;
/* OR remaining pieces */
ip_p[0] |= ob_p[0];
ip_p[1] |= ob_p[1];
ip_p[2] |= ob_p[2];
ip_p[3] |= ob_p[3];
}
/* Check if ip is contained within the network specified by net */
/* Returns SFIP_EQUAL if so.
* XXX sfip_contains assumes that "ip" is
* not less-specific than "net" XXX
*/
SFIP_RET sfip_contains(sfip_t *net, sfip_t *ip) {
unsigned int bits, mask, temp, i;
int net_fam, ip_fam;
unsigned int *p1, *p2;
/* SFIP_CONTAINS is returned here due to how IpAddrSetContains
* handles zero'ed IPs" */
ARG_CHECK2(net, ip, SFIP_CONTAINS);
bits = sfip_bits(net);
net_fam = sfip_family(net);
ip_fam = sfip_family(ip);
/* If the families are mismatched, check if we're really comparing
* an IPv4 with a mapped IPv4 (in IPv6) address. */
if(net_fam != ip_fam) {
if((net_fam != AF_INET) || !sfip_ismapped(ip))
return SFIP_ARG_ERR;
/* Both are really IPv4. Only compare last 4 bytes of 'ip'*/
p1 = net->ip32;
p2 = &ip->ip32[3];
/* Mask off bits */
bits = 32 - bits;
temp = (ntohl(*p2) >> bits) << bits;
if(ntohl(*p1) == temp) return SFIP_CONTAINS;
return SFIP_NOT_CONTAINS;
}
p1 = net->ip32;
p2 = ip->ip32;
/* Iterate over each 32 bit segment */
for(i=0; i < bits/32 && i < 3; i++, p1++, p2++) {
if(*p1 != *p2)
return SFIP_NOT_CONTAINS;
}
mask = 32 - (bits - 32*i);
if ( mask == 32 ) return SFIP_CONTAINS;
/* At this point, there are some number of remaining bits to check.
* Mask the bits we don't care about off of "ip" so we can compare
* the ints directly */
temp = ntohl(*p2);
temp = (temp >> mask) << mask;
/* If p1 was setup correctly through this library, there is no need to
* mask off any bits of its own. */
if(ntohl(*p1) == temp)
return SFIP_CONTAINS;
return SFIP_NOT_CONTAINS;
}
void sfip_raw_ntop(int family, const void *ip_raw, char *buf, int bufsize) {
int i;
if(!ip_raw || !buf || !bufsize ||
(family != AF_INET && family != AF_INET6) ||
/* Make sure if it's IPv6 that the buf is large enough. */
/* Need atleast a max of 8 fields of 4 bytes plus 7 for colons in
* between. Need 1 more byte for null. */
(family == AF_INET6 && bufsize < 8*4 + 7 + 1) ||
/* Make sure if it's IPv4 that the buf is large enough. */
/* 4 fields of 3 numbers, plus 3 dots and a null byte */
(family == AF_INET && bufsize < 3*4 + 4) )
{
if(buf && bufsize > 0) buf[0] = 0;
return;
}
/* 4 fields of at most 3 characters each */
if(family == AF_INET) {
u_int8_t *p = (u_int8_t*)ip_raw;
for(i=0; p < ((u_int8_t*)ip_raw) + 4; p++) {
i += sprintf(&buf[i], "%d", *p);
/* If this is the last iteration, this could technically cause one
* extra byte to be written past the end. */
if(i < bufsize && ((p + 1) < ((u_int8_t*)ip_raw+4)))
buf[i] = '.';
i++;
}
/* Check if this is really just an IPv4 address represented as 6,
* in compatible format */
#if 0
}
else if(!field[0] && !field[1] && !field[2]) {
unsigned char *p = (unsigned char *)(&ip->ip[12]);
for(i=0; p < &ip->ip[16]; p++)
i += sprintf(&buf[i], "%d.", *p);
#endif
}
else {
u_int16_t *p = (u_int16_t*)ip_raw;
for(i=0; p < ((u_int16_t*)ip_raw) + 8; p++) {
i += sprintf(&buf[i], "%04x", ntohs(*p));
/* If this is the last iteration, this could technically cause one
* extra byte to be written past the end. */
if(i < bufsize && ((p + 1) < ((u_int16_t*)ip_raw) + 8))
buf[i] = ':';
i++;
}
}
}
/* Uses a static buffer to return a string representation of the IP */
char *sfip_to_str(const sfip_t *ip) {
/* IPv6 addresses will be at most 8 fields, of 4 characters each,
* with 7 colons inbetween, one NULL, and one fudge byte for sloppy use
* in sfip_to_strbuf */
static char buf[8*4 + 7 + 1 + 1];
if(!ip)
return NULL;
sfip_raw_ntop(sfip_family(ip), ip->ip32, buf, sizeof(buf));
return buf;
}
void sfip_free(sfip_t *ip) {
if(ip) free(ip);
}
/* Returns 1 if the IP is non-zero. 0 otherwise */
int sfip_is_loopback(sfip_t *ip) {
unsigned int *p;
ARG_CHECK1(ip, 0);
if(sfip_family(ip) == AF_INET) {
// 127.0.0.0/8 is IPv4 loopback
return (ip->ip8[0] == 0x7f);
}
p = ip->ip32;
/* Check the first 64 bits in an IPv6 address, and */
/* verify they're zero. If not, it's not a loopback */
if(p[0] || p[1]) return 0;
/* Check if the 3rd 32-bit int is zero */
if ( p[2] == 0 ) {
/* ::7f00:0/104 is ipv4 compatible ipv6 */
/* ::1 is the IPv6 loopback */
return ( (ip->ip8[12] == 0x7f) || (ntohl(p[3]) == 0x1) );
}
/* Check the 3rd 32-bit int for a mapped IPv4 address */
if ( ntohl(p[2]) == 0xffff ) {
/* ::ffff:127.0.0.0/104 is IPv4 loopback mapped over IPv6 */
return ( ip->ip8[12] == 0x7f );
}
return 0;
}
int sfip_ismapped(sfip_t *ip) {
unsigned int *p;
ARG_CHECK1(ip, 0);
if(sfip_family(ip) == AF_INET)
return 0;
p = ip->ip32;
if(p[0] || p[1] || (ntohl(p[2]) != 0xffff && p[2] != 0)) return 0;
return 1;
}

431
include/sf_ip.h Normal file
View File

@ -0,0 +1,431 @@
/*
** Copyright (C) 1998-2010 Sourcefire, Inc.
** Adam Keeton
** Kevin Liu <kliu@sourcefire.com>
*
** $ID: $
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/*
* Adam Keeton
* sf_ip.h
* 11/17/06
*/
#ifndef SF_IP_H
#define SF_IP_H
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifndef WIN32
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#endif
#ifdef SF_IP_TEST
#define INLINE inline
#else
#include "debug.h" /* for INLINE definition */
#endif
#include "sf_types.h"
/* define SFIP_ROBUST to check pointers passed into the sfip libs.
* Robustification should not be enabled if the client code is trustworthy.
* Namely, if pointers are checked once in the client, or are pointers to
* data allocated on the stack, there's no need to check them again here.
* The intention is to prevent the same stack-allocated variable from being
* checked a dozen different times. */
#define SFIP_ROBUST
#ifdef SFIP_ROBUST
#define ARG_CHECK1(a, z) if(!a) return z;
#define ARG_CHECK2(a, b, z) if(!a || !b) return z;
#define ARG_CHECK3(a, b, c, z) if(!a || !b || !c) return z;
#elif defined(DEBUG)
#define ARG_CHECK1(a, z) assert(a);
#define ARG_CHECK2(a, b, z) assert(a); assert(b);
#define ARG_CHECK3(a, b, c, z) assert(a); assert(b); assert(c);
#else
#define ARG_CHECK1(a, z)
#define ARG_CHECK2(a, b, z)
#define ARG_CHECK3(a, b, c, z)
#endif
typedef struct _ip {
int family;
int bits;
/* see sfip_size(): these address bytes
* must be the last field in this struct */
union
{
u_int8_t u6_addr8[16];
u_int16_t u6_addr16[8];
u_int32_t u6_addr32[4];
// u_int64_t u6_addr64[2];
} ip;
#define ip8 ip.u6_addr8
#define ip16 ip.u6_addr16
#define ip32 ip.u6_addr32
// #define ip64 ip.u6_addr64
} sfip_t;
typedef enum _return_values {
SFIP_SUCCESS=0,
SFIP_FAILURE,
SFIP_LESSER,
SFIP_GREATER,
SFIP_EQUAL,
SFIP_ARG_ERR,
SFIP_CIDR_ERR,
SFIP_INET_PARSE_ERR,
SFIP_INVALID_MASK,
SFIP_ALLOC_ERR,
SFIP_CONTAINS,
SFIP_NOT_CONTAINS,
SFIP_DUPLICATE, /* Tried to add a duplicate variable name to table */
SFIP_LOOKUP_FAILURE, /* Failed to lookup a variable from the table */
SFIP_UNMATCHED_BRACKET, /* IP lists that are missing a closing bracket */
SFIP_NOT_ANY, /* For !any */
SFIP_CONFLICT /* For IP conflicts in IP lists */
} SFIP_RET;
/* IP allocations and setting ******************************************/
/* Parses "src" and stores results in "dst" */
/* If the conversion is invalid, returns SFIP_FAILURE */
SFIP_RET sfip_pton(const char *src, sfip_t *dst);
/* Allocate IP address from a character array describing the IP */
sfip_t *sfip_alloc(const char *ip, SFIP_RET *status);
/* Frees an sfip_t */
void sfip_free(sfip_t *ip);
/* Allocate IP address from an array of integers. The array better be
* long enough for the given family! */
sfip_t *sfip_alloc_raw(void *ip, int family, SFIP_RET *status);
/* Sets existing IP, "dst", to a raw source IP (4 or 16 bytes,
* according to family) */
SFIP_RET sfip_set_raw(sfip_t *dst, void *src, int src_family);
/* Sets existing IP, "dst", to be source IP, "src" */
SFIP_RET sfip_set_ip(sfip_t *dst, sfip_t *src);
/* Obfuscates an IP */
void sfip_obfuscate(sfip_t *ob, sfip_t *ip);
/* return required size (eg for hashing)
* requires that address bytes be the last field in sfip_t */
static INLINE unsigned int sfip_size(sfip_t* ipt)
{
if ( ipt->family == AF_INET6 ) return sizeof(*ipt);
return (unsigned int)((ipt->ip.u6_addr8+4) - (u_int8_t*)ipt);
}
/* Member-access *******************************************************/
/* Returns the family of "ip", either AF_INET or AF_INET6 */
/* XXX This is a performance critical function,
* need to determine if it's safe to not check these pointers */
// ARG_CHECK1(ip, 0);
#define sfip_family(ip) ip->family
/* Returns the number of bits used for masking "ip" */
static INLINE unsigned char sfip_bits(sfip_t *ip) {
ARG_CHECK1(ip, 0);
return (unsigned char)ip->bits;
}
static INLINE void sfip_set_bits(sfip_t *p, int bits) {
if(!p)
return;
if(bits < 0 || bits > 128) return;
p->bits = bits;
}
/* Returns the raw IP address as an in6_addr */
//inline struct in6_addr sfip_to_raw(sfip_t *);
/* IP Comparisons ******************************************************/
/* Check if ip is contained within the network specified by net */
/* Returns SFIP_EQUAL if so */
SFIP_RET sfip_contains(sfip_t *net, sfip_t *ip);
/* Returns 1 if the IP is non-zero. 0 otherwise */
/* XXX This is a performance critical function, \
* need to determine if it's safe to not check these pointers */\
static INLINE int sfip_is_set(sfip_t *ip) {
// ARG_CHECK1(ip, -1);
return ip->ip32[0] ||
( (ip->family == AF_INET6) &&
(ip->ip32[1] ||
ip->ip32[2] ||
ip->ip32[3] || ip->bits != 128)) || ((ip->family == AF_INET) && ip->bits != 32) ;
}
/* Return 1 if the IP is a loopback IP */
int sfip_is_loopback(sfip_t *ip);
/* Returns 1 if the IPv6 address appears mapped. 0 otherwise. */
int sfip_ismapped(sfip_t *ip);
/* Support function for sfip_compare */
static INLINE SFIP_RET _ip4_cmp(u_int32_t ip1, u_int32_t ip2) {
u_int32_t hip1 = htonl(ip1);
u_int32_t hip2 = htonl(ip2);
if(hip1 < hip2) return SFIP_LESSER;
if(hip1 > hip2) return SFIP_GREATER;
return SFIP_EQUAL;
}
/* Support function for sfip_compare */
static INLINE SFIP_RET _ip6_cmp(sfip_t *ip1, sfip_t *ip2) {
SFIP_RET ret;
u_int32_t *p1, *p2;
/* XXX
* Argument are assumed trusted!
* This function is presently only called by sfip_compare
* on validated pointers.
* XXX */
p1 = ip1->ip32;
p2 = ip2->ip32;
if( (ret = _ip4_cmp(p1[0], p2[0])) != SFIP_EQUAL) return ret;
if( (ret = _ip4_cmp(p1[1], p2[1])) != SFIP_EQUAL) return ret;
if( (ret = _ip4_cmp(p1[2], p2[2])) != SFIP_EQUAL) return ret;
if( (ret = _ip4_cmp(p1[3], p2[3])) != SFIP_EQUAL) return ret;
return ret;
}
/* Compares two IPs
* Returns SFIP_LESSER, SFIP_EQUAL, SFIP_GREATER, if ip1 is less than, equal to,
* or greater than ip2 In the case of mismatched families, the IPv4 address
* is converted to an IPv6 representation. */
/* XXX-IPv6 Should add version of sfip_compare that just tests equality */
static INLINE SFIP_RET sfip_compare(sfip_t *ip1, sfip_t *ip2) {
int f1,f2;
ARG_CHECK2(ip1, ip2, SFIP_ARG_ERR);
/* This is being done because at some points in the existing Snort code,
* an unset IP is considered to match anything. Thus, if either IP is not
* set here, it's considered equal. */
if(!sfip_is_set(ip1) || !sfip_is_set(ip2)) return SFIP_EQUAL;
f1 = sfip_family(ip1);
f2 = sfip_family(ip2);
if(f1 == AF_INET && f2 == AF_INET) {
return _ip4_cmp(*ip1->ip32, *ip2->ip32);
}
/* Mixed families not presently supported */
#if 0
else if(f1 == AF_INET && f2 == AF_INET6) {
conv = sfip_4to6(ip1);
return _ip6_cmp(&conv, ip2);
} else if(f1 == AF_INET6 && f2 == AF_INET) {
conv = sfip_4to6(ip2);
return _ip6_cmp(ip1, &conv);
}
else {
return _ip6_cmp(ip1, ip2);
}
#endif
else if(f1 == AF_INET6 && f2 == AF_INET6) {
return _ip6_cmp(ip1, ip2);
}
return SFIP_FAILURE;
}
/* Compares two IPs
* Returns SFIP_LESSER, SFIP_EQUAL, SFIP_GREATER, if ip1 is less than, equal to,
* or greater than ip2 In the case of mismatched families, the IPv4 address
* is converted to an IPv6 representation. */
/* XXX-IPv6 Should add version of sfip_compare that just tests equality */
static INLINE SFIP_RET sfip_compare_unset(sfip_t *ip1, sfip_t *ip2) {
int f1,f2;
ARG_CHECK2(ip1, ip2, SFIP_ARG_ERR);
/* This is to handle the special case when one of the values being
* unset is considered to match nothing. This is the opposite of
* sfip_compare(), defined above. Thus, if either IP is not
* set here, it's considered not equal. */
if(!sfip_is_set(ip1) || !sfip_is_set(ip2)) return SFIP_FAILURE;
f1 = sfip_family(ip1);
f2 = sfip_family(ip2);
if(f1 == AF_INET && f2 == AF_INET) {
return _ip4_cmp(*ip1->ip32, *ip2->ip32);
}
/* Mixed families not presently supported */
#if 0
else if(f1 == AF_INET && f2 == AF_INET6) {
conv = sfip_4to6(ip1);
return _ip6_cmp(&conv, ip2);
} else if(f1 == AF_INET6 && f2 == AF_INET) {
conv = sfip_4to6(ip2);
return _ip6_cmp(ip1, &conv);
}
else {
return _ip6_cmp(ip1, ip2);
}
#endif
else if(f1 == AF_INET6 && f2 == AF_INET6) {
return _ip6_cmp(ip1, ip2);
}
return SFIP_FAILURE;
}
static INLINE int sfip_fast_lt4(sfip_t *ip1, sfip_t *ip2) {
return *ip1->ip32 < *ip2->ip32;
}
static INLINE int sfip_fast_gt4(sfip_t *ip1, sfip_t *ip2) {
return *ip1->ip32 > *ip2->ip32;
}
static INLINE int sfip_fast_eq4(sfip_t *ip1, sfip_t *ip2) {
return *ip1->ip32 == *ip2->ip32;
}
static INLINE int sfip_fast_lt6(sfip_t *ip1, sfip_t *ip2) {
u_int32_t *p1, *p2;
p1 = ip1->ip32;
p2 = ip2->ip32;
if(*p1 < *p2) return 1;
else if(*p1 > *p2) return 0;
if(p1[1] < p2[1]) return 1;
else if(p1[1] > p2[1]) return 0;
if(p1[2] < p2[2]) return 1;
else if(p1[2] > p2[2]) return 0;
if(p1[3] < p2[3]) return 1;
else if(p1[3] > p2[3]) return 0;
return 0;
}
static INLINE int sfip_fast_gt6(sfip_t *ip1, sfip_t *ip2) {
u_int32_t *p1, *p2;
p1 = ip1->ip32;
p2 = ip2->ip32;
if(*p1 > *p2) return 1;
else if(*p1 < *p2) return 0;
if(p1[1] > p2[1]) return 1;
else if(p1[1] < p2[1]) return 0;
if(p1[2] > p2[2]) return 1;
else if(p1[2] < p2[2]) return 0;
if(p1[3] > p2[3]) return 1;
else if(p1[3] < p2[3]) return 0;
return 0;
}
static INLINE int sfip_fast_eq6(sfip_t *ip1, sfip_t *ip2) {
u_int32_t *p1, *p2;
p1 = ip1->ip32;
p2 = ip2->ip32;
if(*p1 != *p2) return 0;
if(p1[1] != p2[1]) return 0;
if(p1[2] != p2[2]) return 0;
if(p1[3] != p2[3]) return 0;
return 1;
}
/* Checks if ip2 is equal to ip1 or contained within the CIDR ip1 */
static INLINE int sfip_fast_cont4(sfip_t *ip1, sfip_t *ip2) {
u_int32_t shift = 32 - sfip_bits(ip1);
u_int32_t ip = ntohl(*ip2->ip32);
ip >>= shift;
ip <<= shift;
return ntohl(*ip1->ip32) == ip;
}
/* Checks if ip2 is equal to ip1 or contained within the CIDR ip1 */
static INLINE int sfip_fast_cont6(sfip_t *ip1, sfip_t *ip2) {
u_int32_t ip;
int i, bits = sfip_bits(ip1);
int words = bits / 32;
bits = 32 - (bits % 32);
for ( i = 0; i < words; i++ ) {
if ( ip1->ip32[i] != ip2->ip32[i] )
return 0;
}
if ( bits == 32 ) return 1;
ip = ntohl(ip2->ip32[i]);
ip >>= bits;
ip <<= bits;
return ntohl(ip1->ip32[i]) == ip;
}
#define sfip_equals(x,y) (sfip_compare(&x, &y) == SFIP_EQUAL)
#define sfip_not_equals !sfip_equals
#define sfip_clear(x) memset(x, 0, 16)
/* Printing ************************************************************/
/* Uses a static buffer to return a string representation of the IP */
char *sfip_to_str(const sfip_t *ip);
#define sfip_ntoa(x) sfip_to_str(x)
void sfip_raw_ntop(int family, const void *ip_raw, char *buf, int bufsize);
#endif // SF_IP_H

138
include/sf_ipvar.h Normal file
View File

@ -0,0 +1,138 @@
/*
** Copyright (C) 1998-2010 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/*
* Adam Keeton
* sf_ipvar.h
* 11/17/06
*/
#ifndef SF_IPVAR_H
#define SF_IPVAR_H
/* Flags */
#define SFIP_NEGATED 1
#define SFIP_ANY 2
#include <stdio.h>
#include "sf_ip.h"
/* Selects which mode a given variable is using to
* store and lookup IP addresses */
typedef enum _modes {
SFIP_LIST,
SFIP_TABLE
} MODES;
/* Used by the "list" mode. A doubly linked list of sfip_t objects. */
typedef struct _ip_node {
sfip_t *ip;
#ifdef SUP_IP6
#define ip_addr ip; /* To ease porting Snort */
#endif
struct _ip_node *next;
int flags;
// XXX
int addr_flags; /* Flags used exlusively by Snort */
/* Keeping these variables seperate keeps
* this from stepping on Snort's toes. */
/* Should merge them later */
} sfip_node_t;
/* An IP variable onkect */
typedef struct _var_t {
/* Selects whether or not to use the list, the table,
* or any other method added later */
MODES mode;
/* Linked lists. Switch to something faster later */
sfip_node_t *head;
sfip_node_t *neg_head;
/* The mode above will select whether to use the sfip_node_t linked list
* or the IP routing table */
// sfrt rt;
/* Linked list of IP variables for the variable table */
struct _var_t *next;
uint32_t id;
char *name;
} sfip_var_t;
/* A variable table for storing and looking up variables */
/* Expand later to use a faster data structure */
typedef struct _vartable_t {
sfip_var_t *head;
uint32_t id;
} vartable_t;
/* Creates a new variable that is an alias of another variable
* Does a "deep" copy so it owns it's own pointers */
sfip_var_t * sfvar_create_alias(const sfip_var_t *alias_from, const char *alias_to);
/* Returns 1 if the two variables are aliases of each other, 0 otherwise */
int sfvar_is_alias(const sfip_var_t *one, const sfip_var_t *two);
/* Allocates a new variable as according to "str" */
sfip_var_t *sfvar_alloc(vartable_t *table, char *str, SFIP_RET *status);
/* Makes sure there are no IP address conflicts in the variable */
/* Returns SFIP_CONFLICT if so */
SFIP_RET sfvar_validate(sfip_var_t *var);
/* Parses an IP list described by 'str' and saves the results in 'var'. */
SFIP_RET sfvar_parse_iplist(vartable_t *table, sfip_var_t *var,
char *str, int negation);
/* Allocaties and returns an IP node described by 'str' */
sfip_node_t *sfipnode_alloc(char *str, SFIP_RET *status);
/* Adds a deep copy of src to dst */
/* Ordering is not necessarily preserved */
SFIP_RET sfvar_add(sfip_var_t *dst, sfip_var_t *src);
/* Adds the nodes in 'src' to the variable 'dst' */
/* The mismatch of types is for ease-of-supporting Snort4 and
* Snort6 simultaneously */
SFIP_RET sfvar_add_node(sfip_var_t *dst, sfip_node_t *src, int negated);
/* Compares two variables. Necessary when building RTN structure */
SFIP_RET sfvar_compare(const sfip_var_t *one, const sfip_var_t *two);
/* Deep copy. Returns identical, new, linked list of sfipnodes. */
sfip_var_t *sfvar_deep_copy(const sfip_var_t *src);
/* Free an allocated variable */
void sfvar_free(sfip_var_t *var);
/* Returns non-zero if ip is contained in 'var', 0 otherwise */
/* If either argument is NULL, 0 is returned. */
int sfvar_ip_in(sfip_var_t *var, sfip_t *ip);
/* Prints the variable "var" to the file descriptor 'f' */
void sfvar_print(FILE *f, sfip_var_t *var);
void sfip_set_print(FILE *f, sfip_node_t *head);
/* Returns the node's flags */
int sfvar_flags(sfip_node_t *node);
#endif

666
include/sf_snort_packet.h Normal file
View File

@ -0,0 +1,666 @@
/*
* sf_snort_packet.h
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
*
* Author: Steve Sturges
* Andy Mullican
*
* Date: 5/2005
*
* Sourcefire Black-box Plugin API for rules
*
*/
#ifndef _SF_SNORT_PACKET_H_
#define _SF_SNORT_PACKET_H_
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifndef WIN32
#include <sys/types.h>
#include <netinet/in.h>
#else
#include <winsock2.h>
#include <windows.h>
#endif
#include "sf_ip.h"
#define VLAN_HDR_LEN 4
typedef struct _VlanHeader
{
u_int16_t vth_pri_cfi_vlan;
u_int16_t vth_proto; /* protocol field... */
} VlanHeader;
//#define NO_NON_ETHER_DECODER
#define ETHER_HDR_LEN 14
#define ETHERNET_TYPE_IP 0x0800
#define ETHERNET_TYPE_8021Q 0x8100
typedef struct _EtherHeader
{
u_int8_t ether_destination[6];
u_int8_t ether_source[6];
u_int16_t ethernet_type;
} EtherHeader;
/* We must twiddle to align the offset the ethernet header and align
* the IP header on solaris -- maybe this will work on HPUX too.
*/
#if defined (SOLARIS) || defined (SUNOS) || defined (__sparc__) || defined(__sparc64__) || defined (HPUX)
#define SUN_SPARC_TWIDDLE 2
#else
#define SUN_SPARC_TWIDDLE 0
#endif
#define IP_RESBIT 0x8000
#ifdef IP_DONTFRAG
#undef IP_DONTFRAG
#endif
#define IP_DONTFRAG 0x4000
#define IP_MOREFRAGS 0x2000
#ifndef IP_MAXPKT
#define IP_MAXPKT 65535 /* maximum packet size */
#endif /* IP_MAXPACKET */
#define IP_HDR_LEN 20
typedef struct _IPV4Header
{
u_int8_t version_headerlength;
u_int8_t type_service;
u_int16_t data_length;
u_int16_t identifier;
u_int16_t offset;
u_int8_t time_to_live;
u_int8_t proto;
u_int16_t checksum;
struct in_addr source;
struct in_addr destination;
} IPV4Header;
#define MAX_IP_OPTIONS 40
#define MAX_IP6_EXTENSIONS 40
/* ip option codes */
#define IPOPTION_EOL 0x00
#define IPOPTION_NOP 0x01
#define IPOPTION_RR 0x07
#define IPOPTION_RTRALT 0x94
#define IPOPTION_TS 0x44
#define IPOPTION_SECURITY 0x82
#define IPOPTION_LSRR 0x83
#define IPOPTION_LSRR_E 0x84
#define IPOPTION_SATID 0x88
#define IPOPTION_SSRR 0x89
typedef struct _IPOptions
{
u_int8_t option_code;
u_int8_t length;
u_int8_t *option_data;
} IPOptions;
#define TCP_HDR_LEN 20
typedef struct _TCPHeader
{
u_int16_t source_port;
u_int16_t destination_port;
u_int32_t sequence;
u_int32_t acknowledgement;
u_int8_t offset_reserved;
u_int8_t flags;
u_int16_t window;
u_int16_t checksum;
u_int16_t urgent_pointer;
} TCPHeader;
#define TCPHEADER_FIN 0x01
#define TCPHEADER_SYN 0x02
#define TCPHEADER_RST 0x04
#define TCPHEADER_PUSH 0x08
#define TCPHEADER_ACK 0x10
#define TCPHEADER_URG 0x20
#define TCPHEADER_RES2 0x40
#define TCPHEADER_RES1 0x80
#define TCPHEADER_NORESERVED (TCPHEADER_FIN|TCPHEADER_SYN|TCPHEADER_RST \
|TCPHEADER_PUSH|TCPHEADER_ACK|TCPHEADER_URG)
#define MAX_TCP_OPTIONS 40
/* tcp option codes */
#define TCPOPT_EOL 0x00
#define TCPOPT_NOP 0x01
#define TCPOPT_MSS 0x02
#define TCPOPT_WSCALE 0x03 /* window scale factor (rfc1072) */
#define TCPOPT_SACKOK 0x04 /* selective ack ok (rfc1072) */
#define TCPOPT_SACK 0x05 /* selective ack (rfc1072) */
#define TCPOPT_ECHO 0x06 /* echo (rfc1072) */
#define TCPOPT_ECHOREPLY 0x07 /* echo (rfc1072) */
#define TCPOPT_TIMESTAMP 0x08 /* timestamps (rfc1323) */
#define TCPOPT_CC 0x11 /* T/TCP CC options (rfc1644) */
#define TCPOPT_CCNEW 0x12 /* T/TCP CC options (rfc1644) */
#define TCPOPT_CCECHO 0x13 /* T/TCP CC options (rfc1644) */
typedef IPOptions TCPOptions;
#define UDP_HDR_LEN 8
typedef struct _UDPHeader
{
u_int16_t source_port;
u_int16_t destination_port;
u_int16_t data_length;
u_int16_t checksum;
} UDPHeader;
typedef struct _ICMPSequenceID
{
u_int16_t id;
u_int16_t seq;
} ICMPSequenceID;
typedef struct _ICMPHeader
{
u_int8_t type;
u_int8_t code;
u_int16_t checksum;
union
{
/* type 12 */
u_int8_t parameter_problem_ptr;
/* type 5 */
struct in_addr gateway_addr;
/* type 8, 0 */
ICMPSequenceID echo;
/* type 13, 14 */
ICMPSequenceID timestamp;
/* type 15, 16 */
ICMPSequenceID info;
int voidInfo;
/* type 3/code=4 (Path MTU, RFC 1191) */
struct path_mtu
{
u_int16_t voidInfo;
u_int16_t next_mtu;
} path_mtu;
/* type 9 */
struct router_advertisement
{
u_int8_t number_addrs;
u_int8_t entry_size;
u_int16_t lifetime;
} router_advertisement;
} icmp_header_union;
#define icmp_parameter_ptr icmp_header_union.parameter_problem_ptr
#define icmp_gateway_addr icmp_header_union.gateway_waddr
#define icmp_echo_id icmp_header_union.echo.id
#define icmp_echo_seq icmp_header_union.echo.seq
#define icmp_timestamp_id icmp_header_union.timestamp.id
#define icmp_timestamp_seq icmp_header_union.timestamp.seq
#define icmp_info_id icmp_header_union.info.id
#define icmp_info_seq icmp_header_union.info.seq
#define icmp_void icmp_header_union.void
#define icmp_nextmtu icmp_header_union.path_mtu.nextmtu
#define icmp_ra_num_addrs icmp_header_union.router_advertisement.number_addrs
#define icmp_ra_entry_size icmp_header_union.router_advertisement.entry_size
#define icmp_ra_lifetime icmp_header_union.router_advertisement.lifetime
union
{
/* timestamp */
struct timestamp
{
u_int32_t orig;
u_int32_t receive;
u_int32_t transmit;
} timestamp;
/* IP header for unreach */
struct ipv4_header
{
IPV4Header *ip;
/* options and then 64 bits of data */
} ipv4_header;
/* Router Advertisement */
struct router_address
{
u_int32_t addr;
u_int32_t preference;
} router_address;
/* type 17, 18 */
u_int32_t mask;
char data[1];
} icmp_data_union;
#define icmp_orig_timestamp icmp_data_union.timestamp.orig
#define icmp_recv_timestamp icmp_data_union.timestamp.receive
#define icmp_xmit_timestamp icmp_data_union.timestamp.transmit
#define icmp_ipheader icmp_data_union.ip_header
#define icmp_ra_addr0 icmp_data_union.router_address
#define icmp_mask icmp_data_union.mask
#define icmp_data icmp_data_union.data
} ICMPHeader;
#define ICMP_ECHO_REPLY 0 /* Echo Reply */
#define ICMP_DEST_UNREACHABLE 3 /* Destination Unreachable */
#define ICMP_SOURCE_QUENCH 4 /* Source Quench */
#define ICMP_REDIRECT 5 /* Redirect (change route) */
#define ICMP_ECHO_REQUEST 8 /* Echo Request */
#define ICMP_ROUTER_ADVERTISEMENT 9 /* Router Advertisement */
#define ICMP_ROUTER_SOLICITATION 10 /* Router Solicitation */
#define ICMP_TIME_EXCEEDED 11 /* Time Exceeded */
#define ICMP_PARAMETER_PROBLEM 12 /* Parameter Problem */
#define ICMP_TIMESTAMP_REQUEST 13 /* Timestamp Request */
#define ICMP_TIMESTAMP_REPLY 14 /* Timestamp Reply */
#define ICMP_INFO_REQUEST 15 /* Information Request */
#define ICMP_INFO_REPLY 16 /* Information Reply */
#define ICMP_ADDRESS_REQUEST 17 /* Address Mask Request */
#define ICMP_ADDRESS_REPLY 18 /* Address Mask Reply */
#define CHECKSUM_INVALID_IP 0x01
#define CHECKSUM_INVALID_TCP 0x02
#define CHECKSUM_INVALID_UDP 0x04
#define CHECKSUM_INVALID_ICMP 0x08
#define CHECKSUM_INVALID_IGMP 0x10
typedef struct _IPv6Extension
{
u_int8_t option_type;
const u_int8_t *option_data;
} IP6Extension;
typedef struct _IPv4Hdr
{
u_int8_t ip_verhl; /* version & header length */
u_int8_t ip_tos; /* type of service */
u_int16_t ip_len; /* datagram length */
u_int16_t ip_id; /* identification */
u_int16_t ip_off; /* fragment offset */
u_int8_t ip_ttl; /* time to live field */
u_int8_t ip_proto; /* datagram protocol */
u_int16_t ip_csum; /* checksum */
sfip_t ip_src; /* source IP */
sfip_t ip_dst; /* dest IP */
} IP4Hdr;
typedef struct _IPv6Hdr
{
u_int32_t vcl; /* version, class, and label */
u_int16_t len; /* length of the payload */
u_int8_t next; /* next header
* Uses the same flags as
* the IPv4 protocol field */
u_int8_t hop_lmt; /* hop limit */
sfip_t ip_src;
sfip_t ip_dst;
} IP6Hdr;
typedef struct _IP6FragHdr
{
u_int8_t ip6f_nxt; /* next header */
u_int8_t ip6f_reserved; /* reserved field */
u_int16_t ip6f_offlg; /* offset, reserved, and flag */
u_int32_t ip6f_ident; /* identification */
} IP6FragHdr;
typedef struct _ICMP6
{
u_int8_t type;
u_int8_t code;
u_int16_t csum;
} ICMP6Hdr;
#define ICMP6_UNREACH 1
#define ICMP6_BIG 2
#define ICMP6_TIME 3
#define ICMP6_PARAMS 4
#define ICMP6_ECHO 128
#define ICMP6_REPLY 129
/* Minus 1 due to the 'body' field */
#define ICMP6_MIN_HEADER_LEN (sizeof(ICMP6Hdr) )
struct _SFSnortPacket;
/* IPHeader access calls */
sfip_t * ip4_ret_src(struct _SFSnortPacket *);
sfip_t * ip4_ret_dst(struct _SFSnortPacket *);
u_int16_t ip4_ret_tos(struct _SFSnortPacket *);
u_int8_t ip4_ret_ttl(struct _SFSnortPacket *);
u_int16_t ip4_ret_len(struct _SFSnortPacket *);
u_int32_t ip4_ret_id(struct _SFSnortPacket *);
u_int8_t ip4_ret_proto(struct _SFSnortPacket *);
u_int16_t ip4_ret_off(struct _SFSnortPacket *);
u_int8_t ip4_ret_ver(struct _SFSnortPacket *);
u_int8_t ip4_ret_hlen(struct _SFSnortPacket *);
sfip_t * orig_ip4_ret_src(struct _SFSnortPacket *);
sfip_t * orig_ip4_ret_dst(struct _SFSnortPacket *);
u_int16_t orig_ip4_ret_tos(struct _SFSnortPacket *);
u_int8_t orig_ip4_ret_ttl(struct _SFSnortPacket *);
u_int16_t orig_ip4_ret_len(struct _SFSnortPacket *);
u_int32_t orig_ip4_ret_id(struct _SFSnortPacket *);
u_int8_t orig_ip4_ret_proto(struct _SFSnortPacket *);
u_int16_t orig_ip4_ret_off(struct _SFSnortPacket *);
u_int8_t orig_ip4_ret_ver(struct _SFSnortPacket *);
u_int8_t orig_ip4_ret_hlen(struct _SFSnortPacket *);
sfip_t * ip6_ret_src(struct _SFSnortPacket *);
sfip_t * ip6_ret_dst(struct _SFSnortPacket *);
u_int16_t ip6_ret_toc(struct _SFSnortPacket *);
u_int8_t ip6_ret_hops(struct _SFSnortPacket *);
u_int16_t ip6_ret_len(struct _SFSnortPacket *);
u_int32_t ip6_ret_id(struct _SFSnortPacket *);
u_int8_t ip6_ret_next(struct _SFSnortPacket *);
u_int16_t ip6_ret_off(struct _SFSnortPacket *);
u_int8_t ip6_ret_ver(struct _SFSnortPacket *);
u_int8_t ip6_ret_hlen(struct _SFSnortPacket *);
sfip_t * orig_ip6_ret_src(struct _SFSnortPacket *);
sfip_t * orig_ip6_ret_dst(struct _SFSnortPacket *);
u_int16_t orig_ip6_ret_toc(struct _SFSnortPacket *);
u_int8_t orig_ip6_ret_hops(struct _SFSnortPacket *);
u_int16_t orig_ip6_ret_len(struct _SFSnortPacket *);
u_int32_t orig_ip6_ret_id(struct _SFSnortPacket *);
u_int8_t orig_ip6_ret_next(struct _SFSnortPacket *);
u_int16_t orig_ip6_ret_off(struct _SFSnortPacket *);
u_int8_t orig_ip6_ret_ver(struct _SFSnortPacket *);
u_int8_t orig_ip6_ret_hlen(struct _SFSnortPacket *);
typedef struct _IPH_API
{
sfip_t * (*iph_ret_src)(struct _SFSnortPacket *);
sfip_t * (*iph_ret_dst)(struct _SFSnortPacket *);
u_int16_t (*iph_ret_tos)(struct _SFSnortPacket *);
u_int8_t (*iph_ret_ttl)(struct _SFSnortPacket *);
u_int16_t (*iph_ret_len)(struct _SFSnortPacket *);
u_int32_t (*iph_ret_id)(struct _SFSnortPacket *);
u_int8_t (*iph_ret_proto)(struct _SFSnortPacket *);
u_int16_t (*iph_ret_off)(struct _SFSnortPacket *);
u_int8_t (*iph_ret_ver)(struct _SFSnortPacket *);
u_int8_t (*iph_ret_hlen)(struct _SFSnortPacket *);
sfip_t * (*orig_iph_ret_src)(struct _SFSnortPacket *);
sfip_t * (*orig_iph_ret_dst)(struct _SFSnortPacket *);
u_int16_t (*orig_iph_ret_tos)(struct _SFSnortPacket *);
u_int8_t (*orig_iph_ret_ttl)(struct _SFSnortPacket *);
u_int16_t (*orig_iph_ret_len)(struct _SFSnortPacket *);
u_int16_t (*orig_iph_ret_id)(struct _SFSnortPacket *);
u_int8_t (*orig_iph_ret_proto)(struct _SFSnortPacket *);
u_int16_t (*orig_iph_ret_off)(struct _SFSnortPacket *);
u_int8_t (*orig_iph_ret_ver)(struct _SFSnortPacket *);
u_int8_t (*orig_iph_ret_hlen)(struct _SFSnortPacket *);
char version;
} IPH_API;
#ifdef SUP_IP6
#include "ipv6_port.h"
#define IP6_HEADER_LEN 40
#define IPH_API_V4 4
#define IPH_API_V6 6
extern IPH_API ip4;
extern IPH_API ip6;
#define iph_is_valid(p) (p->family != NO_IP)
#define NO_IP 0
#define IP6_HDR_LEN 40
#endif
typedef struct _MplsHdr
{
u_int32_t label;
u_int8_t exp;
u_int8_t bos;
u_int8_t ttl;
} MplsHdr;
typedef struct _SFSnortPacket
{
const struct pcap_pkthdr *pcap_header; /* Is this GPF'd? */
const u_int8_t *pkt_data;
void *ether_arp_header;
const EtherHeader *ether_header;
const void *vlan_tag_header;
void *ether_header_llc;
void *ether_header_other;
const void *gre_header;
u_int32_t *mpls;
const IPV4Header *ip4_header, *orig_ip4_header;
const IPV4Header *inner_ip4_header;
const IPV4Header *outer_ip4_header;
const TCPHeader *tcp_header, *orig_tcp_header;
const UDPHeader *udp_header, *orig_udp_header;
const ICMPHeader *icmp_header, *orig_icmp_header;
const u_int8_t *payload;
const u_int8_t *ip_payload;
const u_int8_t *outer_ip_payload;
const u_int8_t *ip_frag_start;
const u_int8_t *ip4_options_data;
const u_int8_t *tcp_options_data;
void *stream_session_ptr;
void *fragmentation_tracking_ptr;
void *flow_ptr;
void *stream_ptr;
IP4Hdr *ip4h, *orig_ip4h;
IP6Hdr *ip6h, *orig_ip6h;
ICMP6Hdr *icmp6h, *orig_icmp6h;
IPH_API* iph_api;
IPH_API* orig_iph_api;
IPH_API* outer_iph_api;
IPH_API* outer_orig_iph_api;
IP4Hdr inner_ip4h, inner_orig_ip4h;
IP6Hdr inner_ip6h, inner_orig_ip6h;
IP4Hdr outer_ip4h, outer_orig_ip4h;
IP6Hdr outer_ip6h, outer_orig_ip6h;
MplsHdr mplsHdr;
int family;
int orig_family;
int outer_family;
int number_bytes_to_check;
//int ip_payload_length;
//int ip_payload_offset;
u_int32_t preprocessor_bit_mask;
u_int32_t preproc_reassembly_pkt_bit_mask;
u_int32_t pcap_cap_len;
u_int32_t http_pipeline_count;
u_int32_t flags;
u_int16_t proto_bits;
u_int16_t data_flags;
u_int16_t payload_size;
u_int16_t ip_payload_size;
u_int16_t normalized_payload_size;
u_int16_t actual_ip_length;
u_int16_t outer_ip_payload_size;
u_int16_t ip_fragment_offset;
u_int16_t ip_frag_length;
u_int16_t ip4_options_length;
u_int16_t tcp_options_length;
u_int16_t src_port;
u_int16_t dst_port;
u_int16_t orig_src_port;
u_int16_t orig_dst_port;
int16_t application_protocol_ordinal;
u_int8_t ip_fragmented;
u_int8_t ip_more_fragments;
u_int8_t ip_dont_fragment;
u_int8_t ip_reserved;
u_int8_t num_uris;
u_int8_t checksums_invalid;
u_int8_t encapsulated;
u_int8_t num_ip_options;
u_int8_t num_tcp_options;
u_int8_t num_ip6_extensions;
u_int8_t ip6_frag_extension;
u_char ip_last_option_invalid_flag;
u_char tcp_last_option_invalid_flag;
#ifndef NO_NON_ETHER_DECODER
const void *fddi_header;
void *fddi_saps;
void *fddi_sna;
void *fddi_iparp;
void *fddi_other;
const void *tokenring_header;
void *tokenring_header_llc;
void *tokenring_header_mr;
void *pflog1_header;
void *pflog2_header;
void *pflog3_header;
const void *sll_header;
const void *wifi_header;
const void *ppp_over_ether_header;
const void *ether_eapol_header;
const void *eapol_headear;
const u_int8_t *eapol_type;
void *eapol_key;
#endif
IPOptions ip_options[MAX_IP_OPTIONS];
TCPOptions tcp_options[MAX_TCP_OPTIONS];
IP6Extension ip6_extensions[MAX_IP6_EXTENSIONS];
/**policyId provided in configuration file. Used for correlating configuration
* with event output
*/
uint16_t config_policy_id;
} SFSnortPacket;
#define PKT_ZERO_LEN offsetof(SFSnortPacket, ip_options)
#define PROTO_BIT__IP 0x0001
#define PROTO_BIT__ARP 0x0002
#define PROTO_BIT__TCP 0x0004
#define PROTO_BIT__UDP 0x0008
#define PROTO_BIT__ICMP 0x0010
#define PROTO_BIT__ALL 0xffff
#define DATA_FLAGS_GZIP 0x0002
#define IsIP(p) (IPH_IS_VALID(p))
#define IsTCP(p) (IsIP(p) && (GET_IPH_PROTO(p) == IPPROTO_TCP))
#define IsUDP(p) (IsIP(p) && (GET_IPH_PROTO(p) == IPPROTO_UDP))
#define IsICMP(p) (IsIP(p) && (GET_IPH_PROTO(p) == IPPROTO_ICMP))
#define SET_IP4_VER(ip_header, value) \
((ip_header)->version_headerlength = \
(unsigned char)(((ip_header)->version_headerlength & 0x0f) | (value << 4)))
#define SET_IP4_HLEN(ip_header, value) \
((ip_header)->version_headerlength = \
(unsigned char)(((ip_header)->version_headerlength & 0xf0) | (value & 0x0f)))
#define SET_TCP_HDR_OFFSET(tcp_header, value) \
((tcp_header)->offset_reserved = \
(unsigned char)(((tcp_header)->offset_reserved & 0x0f) | (value << 4)))
#define FLAG_REBUILT_FRAG 0x00000001
#define FLAG_REBUILT_STREAM 0x00000002
#define FLAG_STREAM_UNEST_UNI 0x00000004
#define FLAG_STREAM_UNEST_BI 0x00000008
#define FLAG_STREAM_EST 0x00000010
#define FLAG_FROM_SERVER 0x00000040
#define FLAG_FROM_CLIENT 0x00000080
#define FLAG_HTTP_DECODE 0x00000100
#define FLAG_STREAM_INSERT 0x00000400
#define FLAG_ALT_DECODE 0x00000800
#define FLAG_STREAM_TWH 0x00001000
#define FLAG_IGNORE_PORT 0x00002000 /* this packet should be ignored, based on port */
#define FLAG_PASS_RULE 0x00004000 /* this packet has matched a pass rule */
#define FLAG_NO_DETECT 0x00008000 /* this packet should not be preprocessed */
#define FLAG_PREPROC_RPKT 0x00010000 /* set in original packet to indicate a preprocessor
* has a reassembled packet */
#define FLAG_DCE_RPKT 0x00020000 /* this is a DCE/RPC reassembled packet */
#define FLAG_IP_RULE 0x00040000 /* this packet being evaluated against an ip rule */
#define FLAG_IP_RULE_2ND 0x00080000 /* this packet is being evaluated against an IP rule */
#define FLAG_SMB_SEG 0x00100000 /* this is an SMB desegmented packet */
#define FLAG_DCE_SEG 0x00200000 /* this is a DCE/RPC desegmented packet */
#define FLAG_DCE_FRAG 0x00400000 /* this is a DCE/RPC defragmented packet */
#define FLAG_SMB_TRANS 0x00800000 /* this is an SMB Transact reassembled packet */
#define FLAG_DCE_PKT 0x01000000 /* this is a DCE packet processed by DCE/RPC preprocessor */
#define FLAG_RPC_PKT 0x02000000 /* this is an ONC RPC packet processed by rpc decode preprocessor */
#define FLAG_HTTP_RESP_BODY 0x04000000 /* this packet contains non-zipped HTTP response Body */
#define FLAG_STATELESS 0x10000000 /* Packet has matched a stateless rule */
#define FLAG_INLINE_DROP 0x20000000
#define FLAG_OBFUSCATED 0x40000000 /* this packet has been obfuscated */
#define FLAG_LOGGED 0x80000000 /* this packet has been logged */
#define SFTARGET_UNKNOWN_PROTOCOL -1
/* Only include application layer reassembled data
* flags here - no PKT_REBUILT_FRAG */
#define REASSEMBLED_PACKET_FLAGS \
(FLAG_REBUILT_STREAM|FLAG_SMB_SEG|FLAG_DCE_SEG|FLAG_DCE_FRAG|FLAG_SMB_TRANS)
#endif /* _SF_SNORT_PACKET_H_ */

423
include/sf_snort_plugin_api.h Normal file
View File

@ -0,0 +1,423 @@
/*
* sf_snort_plugin.h
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
*
* Author: Steve Sturges
* Andy Mullican
*
* Date: 5/2005
*
* Sourcefire Black-box Plugin API for rules
*
*/
#ifndef SF_SNORT_PLUGIN_API_H_
#define SF_SNORT_PLUGIN_API_H_
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "pcre.h"
#include "stdio.h"
#ifndef WIN32
#include <netinet/in.h>
#include <sys/types.h>
#else
#include <winsock2.h>
#include <windows.h>
#endif
#include "sf_dynamic_define.h"
#include "sf_dynamic_engine.h"
#define ANY_NET "any"
#define HOME_NET "$HOME_NET"
#define EXTERNAL_NET "$EXTERNAL_NET"
#define ANY_PORT "any"
#define HTTP_SERVERS "$HTTP_SERVERS"
#define HTTP_PORTS "$HTTP_PORTS"
#define SMTP_SERVERS "$SMTP_SERVERS"
#ifdef WIN32
# ifdef SF_SNORT_ENGINE_DLL
# define ENGINE_LINKAGE SO_PUBLIC
# else
# define ENGINE_LINKAGE
# endif
#else /* WIN32 */
# define ENGINE_LINKAGE SO_PUBLIC
#endif
#define RULE_MATCH 1
#define RULE_NOMATCH 0
#define RULE_DIRECTIONAL 0
#define RULE_BIDIRECTIONAL 1
#define CONTENT_MATCH 1
#define CONTENT_NOMATCH 0
#define CONTENT_TYPE_MISMATCH -1
#define CONTENT_TYPE_MISSING -2
#define CONTENT_CURSOR_ERROR -3
#define CURSOR_IN_BOUNDS 1
#define CURSOR_OUT_OF_BOUNDS 0
/* Defined in sf_dynamic_define.h */
//#define SNORT_PCRE_OVERRIDE_MATCH_LIMIT 0x80000000
#define CONTENT_NOCASE 0x01
#define CONTENT_RELATIVE 0x02
#define CONTENT_UNICODE2BYTE 0x04
#define CONTENT_UNICODE4BYTE 0x08
#define CONTENT_FAST_PATTERN 0x10
#define CONTENT_END_BUFFER 0x20
#define CONTENT_BUF_NORMALIZED 0x100
#define CONTENT_BUF_RAW 0x200
#define CONTENT_BUF_URI 0x400
#define CONTENT_BUF_POST 0x800
#define CONTENT_BUF_HEADER 0x2000
#define CONTENT_BUF_METHOD 0x4000
#define CONTENT_BUF_COOKIE 0x8000
#define CONTENT_BUF_RAW_URI 0x10000
#define CONTENT_BUF_RAW_HEADER 0x20000
#define CONTENT_BUF_RAW_COOKIE 0x40000
#define CONTENT_BUF_STAT_CODE 0x80000
#define CONTENT_BUF_STAT_MSG 0x100000
/* This option implies the fast pattern flag */
#define CONTENT_FAST_PATTERN_ONLY 0x200000
#define BYTE_LITTLE_ENDIAN 0x0000
#define BYTE_BIG_ENDIAN 0x1000
#define EXTRACT_AS_BYTE 0x010000
#define EXTRACT_AS_STRING 0x020000
#define EXTRACT_AS_DEC 0x100000
#define EXTRACT_AS_OCT 0x200000
#define EXTRACT_AS_HEX 0x400000
#define EXTRACT_AS_BIN 0x800000
#define JUMP_FROM_BEGINNING 0x01000000
#define JUMP_ALIGN 0x02000000
#define NOT_FLAG 0x10000000
#define CHECK_EQ 0
#define CHECK_NEQ 1
#define CHECK_LT 2
#define CHECK_GT 3
#define CHECK_LTE 4
#define CHECK_GTE 5
#define CHECK_AND 6
#define CHECK_XOR 7
#define CHECK_ALL 8
#define CHECK_ATLEASTONE 9
#define CHECK_NONE 10
#define NORMAL_CONTENT_BUFS ( CONTENT_BUF_NORMALIZED | CONTENT_BUF_RAW )
#define URI_CONTENT_BUFS ( CONTENT_BUF_URI | CONTENT_BUF_POST \
| CONTENT_BUF_COOKIE | CONTENT_BUF_HEADER | CONTENT_BUF_METHOD \
| CONTENT_BUF_RAW_URI | CONTENT_BUF_RAW_HEADER | CONTENT_BUF_RAW_COOKIE \
| CONTENT_BUF_STAT_CODE | CONTENT_BUF_STAT_MSG )
#define URI_FAST_PATTERN_BUFS ( CONTENT_BUF_URI | CONTENT_BUF_METHOD \
| CONTENT_BUF_HEADER | CONTENT_BUF_POST )
typedef struct _ContentInfo
{
const u_int8_t *pattern;
u_int32_t depth;
int32_t offset;
u_int32_t flags; /* must include a CONTENT_BUF_X */
void *boyer_ptr;
u_int8_t *patternByteForm;
u_int32_t patternByteFormLength;
u_int32_t incrementLength;
u_int16_t fp_offset;
u_int16_t fp_length;
u_int8_t fp_only;
} ContentInfo;
typedef struct _CursorInfo
{
int32_t offset;
u_int32_t flags; /* specify one of CONTENT_BUF_X */
} CursorInfo;
/*
pcre.h provides flags:
PCRE_CASELESS
PCRE_MULTILINE
PCRE_DOTALL
PCRE_EXTENDED
PCRE_ANCHORED
PCRE_DOLLAR_ENDONLY
PCRE_UNGREEDY
*/
typedef struct _PCREInfo
{
char *expr;
void *compiled_expr;
void *compiled_extra;
u_int32_t compile_flags;
u_int32_t flags; /* must include a CONTENT_BUF_X */
int32_t offset;
} PCREInfo;
#define FLOWBIT_SET 0x01
#define FLOWBIT_UNSET 0x02
#define FLOWBIT_TOGGLE 0x04
#define FLOWBIT_ISSET 0x08
#define FLOWBIT_ISNOTSET 0x10
#define FLOWBIT_RESET 0x20
#define FLOWBIT_NOALERT 0x40
typedef struct _FlowBitsInfo
{
char *flowBitsName;
u_int8_t operation;
u_int32_t id;
u_int32_t flags;
} FlowBitsInfo;
typedef struct _ByteData
{
u_int32_t bytes; /* Number of bytes to extract */
u_int32_t op; /* Type of byte comparison, for checkValue */
u_int32_t value; /* Value to compare value against, for checkValue, or extracted value */
int32_t offset; /* Offset from cursor */
u_int32_t multiplier; /* Used for byte jump -- 32bits is MORE than enough */
u_int32_t flags; /* must include a CONTENT_BUF_X */
int32_t post_offset;/* Use for byte jump -- adjust cusor by this much after the jump */
} ByteData;
typedef struct _ByteExtract
{
u_int32_t bytes; /* Number of bytes to extract */
int32_t offset; /* Offset from cursor */
u_int32_t multiplier; /* Multiply value by this (similar to byte jump) */
u_int32_t flags; /* must include a CONTENT_BUF_X */
char *refId; /* To match up with a DynamicElement refId */
void *memoryLocation; /* Location to store the data extracted */
} ByteExtract;
typedef struct _FlowFlags
{
u_int32_t flags; /* FLOW_* values */
} FlowFlags;
#define ASN1_ABS_OFFSET 1
#define ASN1_REL_OFFSET 2
typedef struct _Asn1Context
{
int bs_overflow;
int double_overflow;
int print;
int length;
unsigned int max_length;
int offset;
int offset_type;
u_int32_t flags;
} Asn1Context;
#define IP_HDR_ID 0x0001 /* IP Header ID */
#define IP_HDR_PROTO 0x0002 /* IP Protocol */
#define IP_HDR_FRAGBITS 0x0003 /* Frag Flags set in IP Header */
#define IP_HDR_FRAGOFFSET 0x0004 /* Frag Offset set in IP Header */
#define IP_HDR_OPTIONS 0x0005 /* IP Options -- is option xx included */
#define IP_HDR_TTL 0x0006 /* IP Time to live */
#define IP_HDR_TOS 0x0007 /* IP Type of Service */
#define IP_HDR_OPTCHECK_MASK 0x000f
#define TCP_HDR_ACK 0x0010 /* TCP Ack Value */
#define TCP_HDR_SEQ 0x0020 /* TCP Seq Value */
#define TCP_HDR_FLAGS 0x0030 /* Flags set in TCP Header */
#define TCP_HDR_OPTIONS 0x0040 /* TCP Options -- is option xx included */
#define TCP_HDR_WIN 0x0050 /* TCP Window */
#define TCP_HDR_OPTCHECK_MASK 0x00f0
#define ICMP_HDR_CODE 0x1000 /* ICMP Header Code */
#define ICMP_HDR_TYPE 0x2000 /* ICMP Header Type */
#define ICMP_HDR_ID 0x3000 /* ICMP ID for ICMP_ECHO/ICMP_ECHO_REPLY */
#define ICMP_HDR_SEQ 0x4000 /* ICMP ID for ICMP_ECHO/ICMP_ECHO_REPLY */
#define ICMP_HDR_OPTCHECK_MASK 0xf000
typedef struct _HdrOptCheck
{
u_int16_t hdrField; /* Field to check */
u_int32_t op; /* Type of comparison */
u_int32_t value; /* Value to compare value against */
u_int32_t mask_value; /* bits of value to ignore */
u_int32_t flags;
} HdrOptCheck;
#define DYNAMIC_TYPE_INT_STATIC 1
#define DYNAMIC_TYPE_INT_REF 2
typedef struct _DynamicElement
{
char dynamicType; /* type of this field - static or reference */
char *refId; /* reference ID (NULL if static) */
union
{
void *voidPtr; /* Holder */
int32_t staticInt; /* Value of static */
int32_t *dynamicInt; /* Pointer to value of dynamic */
} data;
} DynamicElement;
typedef struct _LoopInfo
{
DynamicElement *start; /* Starting value of FOR loop (i=start) */
DynamicElement *end; /* Ending value of FOR loop (i OP end) */
DynamicElement *increment; /* Increment value of FOR loop (i+= increment) */
u_int32_t op; /* Type of comparison for loop termination */
CursorInfo *cursorAdjust; /* How to move cursor each iteration of loop */
struct _Rule *subRule; /* Pointer to SubRule & options to evaluate within
* the loop */
u_int8_t initialized; /* Loop initialized properly (safeguard) */
u_int32_t flags; /* can be used to negate loop results, specifies
* relative. */
} LoopInfo;
typedef struct _PreprocessorOption
{
const char *optionName;
const char *optionParameters;
u_int32_t flags;
PreprocOptionInit optionInit;
PreprocOptionEval optionEval;
void *dataPtr;
PreprocOptionFastPatternFunc optionFpFunc;
} PreprocessorOption;
typedef struct _RuleOption
{
DynamicOptionType optionType;
union
{
void *ptr;
ContentInfo *content;
CursorInfo *cursor;
PCREInfo *pcre;
FlowBitsInfo *flowBit;
ByteData *byte;
ByteExtract *byteExtract;
FlowFlags *flowFlags;
Asn1Context *asn1;
HdrOptCheck *hdrData;
LoopInfo *loop;
PreprocessorOption *preprocOpt;
} option_u;
} RuleOption;
typedef struct _IPInfo
{
u_int8_t protocol;
char * src_addr;
char * src_port; /* 0 for non TCP/UDP */
char direction; /* non-zero is bi-directional */
char * dst_addr;
char * dst_port; /* 0 for non TCP/UDP */
} IPInfo;
typedef struct _RuleReference
{
char *systemName;
char *refIdentifier;
} RuleReference;
#define REGISTER_RULE 1
#define DONT_REGISTER_RULE 0
typedef struct _RuleMetaData {
char *data;
} RuleMetaData;
typedef struct _RuleInformation
{
u_int32_t genID;
u_int32_t sigID;
u_int32_t revision;
char *classification; /* String format of classification name */
u_int32_t priority;
char *message;
RuleReference **references; /* NULL terminated array of references */
RuleMetaData **meta; /* NULL terminated array of references */
} RuleInformation;
typedef int (*ruleEvalFunc)(void *);
typedef struct _Rule
{
IPInfo ip;
RuleInformation info;
RuleOption **options; /* NULL terminated array of RuleOption union */
ruleEvalFunc evalFunc;
char initialized; /* Rule Initialized, used internally */
u_int32_t numOptions; /* Rule option count, used internally */
char noAlert; /* Flag with no alert, used internally */
void *ruleData; /* Hash table for dynamic data pointers */
} Rule;
ENGINE_LINKAGE int RegisterRules(Rule **rules);
ENGINE_LINKAGE int DumpRules(char *rulesFileName, Rule **rules);
ENGINE_LINKAGE int contentMatch(void *p, ContentInfo* content, const u_int8_t **cursor);
ENGINE_LINKAGE int checkFlow(void *p, FlowFlags *flowFlags);
ENGINE_LINKAGE int extractValue(void *p, ByteExtract *byteExtract, const u_int8_t *cursor);
ENGINE_LINKAGE int processFlowbits(void *p, FlowBitsInfo *flowBits);
ENGINE_LINKAGE int getBuffer(void *p, int flags, const u_int8_t **start, const u_int8_t **end);
ENGINE_LINKAGE int setCursor(void *p, CursorInfo *cursorInfo, const u_int8_t **cursor);
ENGINE_LINKAGE int checkCursor(void *p, CursorInfo *cursorInfo, const u_int8_t *cursor);
ENGINE_LINKAGE int checkValue(void *p, ByteData *byteData, u_int32_t value, const u_int8_t *cursor);
/* Same as extractValue plus checkValue */
ENGINE_LINKAGE int byteTest(void *p, ByteData *byteData, const u_int8_t *cursor);
/* Same as extractValue plus setCursor */
ENGINE_LINKAGE int byteJump(void *p, ByteData *byteData, const u_int8_t **cursor);
ENGINE_LINKAGE int pcreMatch(void *p, PCREInfo* pcre, const u_int8_t **cursor);
ENGINE_LINKAGE int detectAsn1(void *p, Asn1Context* asn1, const u_int8_t *cursor);
ENGINE_LINKAGE int checkHdrOpt(void *p, HdrOptCheck *optData);
ENGINE_LINKAGE int loopEval(void *p, LoopInfo *loop, const u_int8_t **cursor);
ENGINE_LINKAGE int preprocOptionEval(void *p, PreprocessorOption *preprocOpt, const u_int8_t **cursor);
ENGINE_LINKAGE void setTempCursor(const u_int8_t **temp_cursor, const u_int8_t **cursor);
ENGINE_LINKAGE void revertTempCursor(const u_int8_t **temp_cursor, const u_int8_t **cursor);
ENGINE_LINKAGE int ruleMatch(void *p, Rule *rule);
ENGINE_LINKAGE int MatchDecryptedRC4(
const u_int8_t *key, u_int16_t keylen, const u_int8_t *encrypted_data,
u_int8_t *plain_data, u_int16_t datalen
);
ENGINE_LINKAGE void storeRuleData(void *p, void *rule_data);
ENGINE_LINKAGE void *getRuleData(void *p);
ENGINE_LINKAGE int pcreExecWrapper(const PCREInfo *pcre_info, const char *buf, int len, int start_offset,
int options, int *ovector, int ovecsize);
#endif /* SF_SNORT_PLUGIN_API_H_ */

182
include/sf_types.h Normal file
View File

@ -0,0 +1,182 @@
/*
** Copyright (C) 2007-2010 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __SF_TYPES_H__
#define __SF_TYPES_H__
#include <sys/types.h>
#ifdef HAVE_CONFIG_H
#include "config.h"
#ifdef WIN32
# include "stdint.h"
# include "inttypes.h"
#else
/* Autoconf uses <sys/types.h>, <inttypes.h> and <stdint.h> as standard includes for
* determining if these exist so there shouldn't be any typedef conflicts with
* including <sys/types.h>, <inttypes.h> or <stdint.h> since these would be
* defined already */
# if !defined(HAVE_UINT8_T) || !defined(HAVE_U_INT8_T)
# if !defined(HAVE_UINT8_T) && !defined(HAVE_U_INT8_T)
typedef unsigned char u_int8_t;
typedef unsigned char uint8_t;
# elif defined(HAVE_UINT8_T)
typedef uint8_t u_int8_t;
# else
typedef u_int8_t uint8_t;
# endif /* !defined(HAVE_UINT8_T) && !defined(HAVE_U_INT8_T) */
# endif /* !defined(HAVE_UINT8_T) || !defined(HAVE_U_INT8_T) */
# if !defined(HAVE_UINT16_T) || !defined(HAVE_U_INT16_T)
# if !defined(HAVE_UINT16_T) && !defined(HAVE_U_INT16_T)
typedef unsigned short u_int16_t;
typedef unsigned short uint16_t;
# elif defined(HAVE_UINT16_T)
typedef uint16_t u_int16_t;
# else
typedef u_int16_t uint16_t;
# endif /* !defined(HAVE_UINT16_T) && !defined(HAVE_U_INT16_T) */
# endif /* !defined(HAVE_UINT16_T) || !defined(HAVE_U_INT16_T) */
# if !defined(HAVE_UINT32_T) || !defined(HAVE_U_INT32_T)
# if !defined(HAVE_UINT32_T) && !defined(HAVE_U_INT32_T)
# if SIZEOF_UNSIGNED_LONG_INT == 4
typedef unsigned long int u_int32_t;
typedef unsigned long int uint32_t;
# elif SIZEOF_UNSIGNED_INT == 4
typedef unsigned int u_int32_t;
typedef unsigned int uint32_t;
# endif /* SIZEOF_UNSIGNED_LONG_INT == 4 */
# elif defined(HAVE_UINT32_T)
typedef uint32_t u_int32_t;
# else
typedef u_int32_t uint32_t;
# endif /* !defined(HAVE_UINT32_T) && !defined(HAVE_U_INT32_T) */
# endif /* !defined(HAVE_UINT32_T) || !defined(HAVE_U_INT32_T) */
# if !defined(HAVE_UINT64_T) || !defined(HAVE_U_INT64_T)
# if !defined(HAVE_UINT64_T) && !defined(HAVE_U_INT64_T)
# if SIZEOF_UNSIGNED_LONG_LONG_INT == 8
typedef unsigned long long int u_int64_t;
typedef unsigned long long int uint64_t;
# elif SIZEOF_UNSIGNED_LONG_INT == 8
typedef unsigned long int u_int64_t;
typedef unsigned long int uint64_t;
# endif
# elif defined(HAVE_UINT64_T)
typedef uint64_t u_int64_t;
# else
typedef u_int64_t uint64_t;
# endif /* !defined(HAVE_UINT64_T) && !defined(HAVE_U_INT64_T) */
# endif /* !defined(HAVE_UINT64_T) || !defined(HAVE_U_INT64_T) */
# ifndef HAVE_INT8_T
typedef char int8_t;
# endif
# ifndef HAVE_INT16_T
typedef short int16_t;
# endif
# ifndef HAVE_INT32_T
# if SIZEOF_LONG_INT == 4
typedef long int int32_t;
# else
typedef int int32_t;
# endif
# endif
# ifndef HAVE_INT64_T
# if SIZEOF_LONG_LONG_INT == 8
typedef long long int int64_t;
# else
typedef long int int64_t;
# endif
# endif
# ifndef WIN32
# ifdef HAVE_INTTYPES_H
/* <inttypes.h> includes <stdint.h> */
# include <inttypes.h>
# elif HAVE_STDINT_H
# include <stdint.h>
# else
/* Solaris - if inttypes.h is present, it should bring this in */
# ifndef SYS_INT_TYPES_H
# if defined(_LP64) || defined(_I32LPx)
typedef long int intptr_t;
typedef unsigned long int uintptr_t;
# else
typedef int intptr_t;
typedef unsigned int uintptr_t;
# endif /* defined(_LP64) || defined(_I32LPx) */
# endif /* SYS_INT_TYPES_H */
# endif /* HAVE_INTTYPES_H elseif HAVE_STDINT_H */
# endif
#endif /* WIN32 */
#endif /* HAVE_CONFIG_H */
/* if PRIu64 isn't in <inttypes.h>
* we define it and similar here */
#ifndef PRIu64
# if SIZEOF_UNSIGNED_LONG_INT == 8
# define _SF_PREFIX "l"
# else
# define _SF_PREFIX "ll"
# endif /* SIZEOF_UNSIGNED_LONG_INT == 8 */
# define PRIu64 _SF_PREFIX "u"
# define PRIi64 _SF_PREFIX "i"
#endif /* PRIu64 */
/* use these macros (and those in <inttypes.h>)
* for 64 bit format portability
*/
#define STDu64 "%" PRIu64
#define CSVu64 STDu64 ","
#define FMTu64(fmt) "%" fmt PRIu64
#define STDi64 "%" PRIi64
#define CSVi64 STDi64 ","
#define FMTi64(fmt) "%" fmt PRIi64
#ifndef UINT8_MAX
# define UINT8_MAX 0xff
#endif
#ifndef USHRT_MAX
# define USHRT_MAX 0xffff
#endif
#ifndef UINT16_MAX
# define UINT16_MAX 0xffff
#endif
#ifndef UINT32_MAX
# define UINT32_MAX (4294967295U)
#endif
#ifndef UINT64_MAX
# if SIZEOF_UNSIGNED_LONG_INT == 8
# define UINT64_MAX (18446744073709551615UL)
# else
# define UINT64_MAX (18446744073709551615ULL)
# endif /* SIZEOF_UNSIGNED_LONG_INT == 8 */
#endif /* UINT64_MAX */
/* Somewhat arbitrary, but should be enough for this application
* since files shouldn't be buried too deep. This provides about
* 15 levels of 255 character path components */
#ifndef PATH_MAX
# define PATH_MAX 4096
#endif
#define MAXPORTS 65536
#define MAXPORTS_STORAGE 8192
#endif /* __SF_TYPES_H__ */

53
include/sf_vartable.h Normal file
View File

@ -0,0 +1,53 @@
/*
** Copyright (C) 1998-2010 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/*
* Adam Keeton
* sf_vartable.h
* 11/17/06
*
* Library for implementing a variable table.
* All API calls have the prefix "sfvt".
*/
#ifndef SF_VARTABLE_H
#define SF_VARTABLE_H
#include "ipv6_port.h"
#include "sf_ipvar.h"
/* Allocates new variable table */
vartable_t * sfvt_alloc_table(void);
void sfvt_free_table(vartable_t *table);
/* Adds the variable described by "str" to the table "table" */
SFIP_RET sfvt_add_str(vartable_t *table, char *str);
SFIP_RET sfvt_define(vartable_t *table, char *name, char *value);
/* Adds the variable described by "str" to the variable "dst",
* using the vartable for looking variables used within "str" */
SFIP_RET sfvt_add_to_var(vartable_t *table, sfip_var_t *dst, char *src);
/* Looks up a variable from the table using the name as the key */
sfip_var_t *sfvt_lookup_var(vartable_t *table, char *name);
/* Prints a table's contents */
void sfvt_print(FILE *f, vartable_t *table);
#endif

115
include/sfghash.h Normal file
View File

@ -0,0 +1,115 @@
/****************************************************************************
*
* Copyright (C) 2003-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
/*
*
* sfghash.h
*
* generic hash table - stores and maps key + data pairs
*
* Author: Marc Norton
*
*/
#ifndef _SFGHASH_
#define _SFGHASH_
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "sfhashfcn.h"
/*
* ERROR DEFINES
*/
#define SFGHASH_NOMEM -2
#define SFGHASH_ERR -1
#define SFGHASH_OK 0
#define SFGHASH_INTABLE 1
/*
* Flags for ghash_new: userkeys
*/
#define GH_COPYKEYS 0
#define GH_USERKEYS 1
/*
* Generic HASH NODE
*/
typedef struct _sfghash_node
{
struct _sfghash_node * next, * prev;
void * key; /* Copy of, or Pointer to, the Users key */
void * data; /* Pointer to the users data, this is never copied! */
} SFGHASH_NODE;
/*
* Generic HASH table
*/
typedef struct _sfghash
{
SFHASHFCN * sfhashfcn;
int keysize; /* bytes in key, if < 0 -> keys are strings */
int userkey; /* user owns the key */
SFGHASH_NODE ** table; /* array of node ptr's */
int nrows; /* # rows int the hash table use a prime number 211, 9871 */
unsigned count; /* total # nodes in table */
void (*userfree)( void * );
int crow; // findfirst/next row in table
SFGHASH_NODE * cnode; // findfirst/next node ptr
int splay;
} SFGHASH, SFDICT;
/*
* HASH PROTOTYPES
*/
SFGHASH * sfghash_new( int nrows, int keysize, int userkeys, void (*userfree)(void*p) );
void sfghash_delete( SFGHASH * h );
int sfghash_add ( SFGHASH * h, void * key, void * data );
int sfghash_remove( SFGHASH * h, void * key);
int sfghash_count( SFGHASH * h);
void * sfghash_find( SFGHASH * h, void * key );
int sfghash_find2(SFGHASH *, void *, void **);
SFGHASH_NODE * sfghash_findfirst( SFGHASH * h );
SFGHASH_NODE * sfghash_findnext ( SFGHASH * h );
void sfghash_splaymode( SFGHASH * t, int n );
int sfghash_set_keyops( SFGHASH *h ,
unsigned (*hash_fcn)( SFHASHFCN * p,
unsigned char *d,
int n),
int (*keycmp_fcn)( const void *s1,
const void *s2,
size_t n));
#endif

85
include/sfhashfcn.h Normal file
View File

@ -0,0 +1,85 @@
/****************************************************************************
*
* Copyright (C) 2003-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
/*
sfhashfcn.h
*/
#ifndef SFHASHFCN_INCLUDE
#define SFHASHFCN_INCLUDE
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <time.h>
#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
#define mix(a,b,c) \
{ \
a -= c; a ^= rot(c, 4); c += b; \
b -= a; b ^= rot(a, 6); a += c; \
c -= b; c ^= rot(b, 8); b += a; \
a -= c; a ^= rot(c,16); c += b; \
b -= a; b ^= rot(a,19); a += c; \
c -= b; c ^= rot(b, 4); b += a; \
}
#define final(a,b,c) \
{ \
c ^= b; c -= rot(b,14); \
a ^= c; a -= rot(c,11); \
b ^= a; b -= rot(a,25); \
c ^= b; c -= rot(b,16); \
a ^= c; a -= rot(c,4); \
b ^= a; b -= rot(a,14); \
c ^= b; c -= rot(b,24); \
}
typedef struct _SFHASHFCN {
unsigned seed;
unsigned scale;
unsigned hardener;
unsigned (*hash_fcn)(struct _SFHASHFCN * p,
unsigned char *d,
int n );
int (*keycmp_fcn)( const void *s1,
const void *s2,
size_t n);
} SFHASHFCN;
SFHASHFCN * sfhashfcn_new( int nrows );
void sfhashfcn_free( SFHASHFCN * p );
void sfhashfcn_static( SFHASHFCN * p );
unsigned sfhashfcn_hash( SFHASHFCN * p, unsigned char *d, int n );
int sfhashfcn_set_keyops( SFHASHFCN * p,
unsigned (*hash_fcn)( SFHASHFCN * p,
unsigned char *d,
int n),
int (*keycmp_fcn)( const void *s1,
const void *s2,
size_t n));
#endif

720
include/sfrt.c Normal file
View File

@ -0,0 +1,720 @@
/****************************************************************************
*
* Copyright (C) 2006-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
/*
* @file sfrt.c
* @author Adam Keeton <akeeton@sourcefire.com>
* @date Thu July 20 10:16:26 EDT 2006
*
* Route implements two different routing table lookup mechanisms. The table
* lookups have been adapted to return a void pointer so any information can
* be associated with each CIDR block.
*
* As of this writing, the two methods used are Stefan Nilsson and Gunnar
* Karlsson's LC-trie, and a multibit-trie method similar to Gupta et-al.'s
* DIR-n-m. Presently, the LC-trie is used primarily for testing purposes as
* the current implementation does not allow for fast dynamic inserts.
*
* The intended use is for a user to optionally specify large IP blocks and
* then more specific information will be written into the routing tables
* from RNA. Ideally, information will only move from less specific to more
* specific. If a more general information is to overwrite existing entries,
* the table should be free'ed and rebuilt.
*
*
* Implementation:
*
* The routing tables associate an index into a "data" table with each CIDR.
* Each entry in the data table stores a pointer to actual data. This
* implementation was chosen so each routing entry only needs one word to
* either index the data array, or point to another table.
*
* Inserts are performed by specifying a CIDR and a pointer to its associated
* data. Since a new routing table entry may overwrite previous entries,
* a flag selects whether the insert favors the most recent or favors the most
* specific. Favoring most specific should be the default behvior. If
* the user wishes to overwrite routing entries with more general data, the
* table should be flushed, rather than using favor-most-recent.
*
* Before modifying the routing or data tables, the insert function performs a
* lookup on the CIDR-to-be-insertted. If no entry or an entry *of differing
* bit length* is found, the data is insertted into the data table, and its
* index is used for the new routing table entry. If an entry is found that
* is as specific as the new CIDR, the index stored points to where the new
* data is written into the data table.
*
* If more specific CIDR blocks overwrote the data table, then the more
* general routing table entries that were not overwritten will be referencing
* the wrong data. Alternatively, less specific entries can only overwrite
* existing routing table entries if favor-most-recent inserts are used.
*
* Because there is no quick way to clean the data-table if a user wishes to
* use a favor-most-recent insert for more general data, the user should flush
* the table with sfrt_free and create one anew. Alternatively, a small
* memory leak occurs with the data table, as it will be storing pointers that
* no routing table entry cares about.
*
*
* The API calls that should be used are:
* sfrt_new - create new table
* sfrt_insert - insert entry
* sfrt_lookup - lookup entry
* sfrt_free - free table
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "sfrt.h"
char *rt_error_messages[] =
{
"Success",
"Insert Failure",
"Policy Table Exceeded",
"Dir Insert Failure",
"Dir Lookup Failure",
"Memory Allocation Failure"
#ifdef SUPPORT_LCTRIE
,
"LC Trie Compile Failure",
"LC Trie Insert Failure",
"LC Trie Lookup Failure"
#endif
};
/* Create new lookup table
* @param table_type Type of table. Uses the types enumeration in route.h
* @param ip_type IPv4 or IPv6. Uses the types enumeration in route.h
* @param data_size Max number of unique data entries
*
* Returns the new table. */
table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_cap)
{
table_t *table = (table_t*)malloc(sizeof(table_t));
if(!table)
{
return NULL;
}
#ifndef SUP_IP6
/* IPv6 is not supported */
if(ip_type == IPv6)
{
free(table);
return NULL;
}
#endif
/* If this limit is exceeded, there will be no way to distinguish
* between pointers and indeces into the data table. Only
* applies to DIR-n-m. */
#ifdef SUPPORT_LCTRIE
#if SIZEOF_LONG_INT == 8
if(data_size >= 0x800000000000000 && table_type == LCT)
#else
if(data_size >= 0x8000000 && table_type != LCT)
#endif
#else /* SUPPORT_LCTRIE */
#if SIZEOF_LONG_INT == 8
if(data_size >= 0x800000000000000)
#else
if(data_size >= 0x8000000)
#endif
#endif
{
free(table);
return NULL;
}
/* mem_cap is specified in megabytes, but internally uses bytes. Convert */
mem_cap *= 1024*1024;
/* Maximum allowable number of stored entries */
table->max_size = data_size;
table->data = (GENERIC*)calloc(sizeof(GENERIC) * table->max_size, 1);
if(!table->data)
{
free(table);
return NULL;
}
table->allocated = sizeof(table_t) + sizeof(GENERIC) * table->max_size;
table->ip_type = ip_type;
table->table_type = table_type;
/* This will point to the actual table lookup algorithm */
table->rt = NULL;
#ifdef SUP_IP6
table->rt6 = NULL;
#endif
/* index 0 will be used for failed lookups, so set this to 1 */
table->num_ent = 1;
switch(table_type)
{
#ifdef SUPPORT_LCTRIE
/* Setup LC-trie table */
case LCT:
/* LC trie is presently not allowed */
table->insert = sfrt_lct_insert;
table->lookup = sfrt_lct_lookup;
table->free = sfrt_lct_free;
table->usage = sfrt_lct_usage;
table->rt = sfrt_lct_new(data_size);
free(table->data);
free(table);
return NULL;
break;
#endif
/* Setup DIR-n-m table */
case DIR_24_8:
case DIR_16x2:
case DIR_16_8x2:
case DIR_16_4x4:
case DIR_8x4:
case DIR_4x8:
case DIR_2x16:
#ifdef SUP_IP6
case DIR_16_4x4_16x5_4x4:
case DIR_16x7_4x4:
case DIR_16x8:
case DIR_8x16:
#endif
table->insert = sfrt_dir_insert;
table->lookup = sfrt_dir_lookup;
table->free = sfrt_dir_free;
table->usage = sfrt_dir_usage;
break;
default:
free(table->data);
free(table);
return NULL;
};
/* Allocate the user-specified DIR-n-m table */
switch(table_type)
{
case DIR_24_8:
table->rt = sfrt_dir_new(mem_cap, 2, 24,8);
break;
case DIR_16x2:
table->rt = sfrt_dir_new(mem_cap, 2, 16,16);
break;
case DIR_16_8x2:
table->rt = sfrt_dir_new(mem_cap, 3, 16,8,8);
break;
case DIR_16_4x4:
table->rt = sfrt_dir_new(mem_cap, 5, 16,4,4,4,4);
break;
case DIR_8x4:
table->rt = sfrt_dir_new(mem_cap, 4, 8,8,8,8);
break;
/* There is no reason to use 4x8 except for benchmarking and
* comparison purposes. */
case DIR_4x8:
table->rt = sfrt_dir_new(mem_cap, 8, 4,4,4,4,4,4,4,4);
break;
/* There is no reason to use 2x16 except for benchmarking and
* comparison purposes. */
case DIR_2x16:
table->rt = sfrt_dir_new(mem_cap, 16,
2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2);
break;
#ifdef SUP_IP6
case DIR_16_4x4_16x5_4x4:
table->rt = sfrt_dir_new(mem_cap, 5, 16,4,4,4,4);
table->rt6 = sfrt_dir_new(mem_cap, 14, 16,4,4,4,4,16,16,16,16,16,4,4,4,4);
break;
case DIR_16x7_4x4:
table->rt = sfrt_dir_new(mem_cap, 5, 16,4,4,4,4);
table->rt6 = sfrt_dir_new(mem_cap, 11, 16,16,16,16,16,16,16,4,4,4,4);
break;
case DIR_16x8:
table->rt = sfrt_dir_new(mem_cap, 2, 16,16);
table->rt6 = sfrt_dir_new(mem_cap, 8, 16,16,16,16,16,16,16,16);
break;
case DIR_8x16:
table->rt = sfrt_dir_new(mem_cap, 4, 8,8,8,8);
table->rt6 = sfrt_dir_new(mem_cap, 16,
8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8);
break;
#endif
};
if(!table->rt)
{
free(table->data);
free(table);
return NULL;
}
#ifdef SUP_IP6
if (!table->rt6)
{
table->free( table->rt );
free(table->data);
free(table);
}
#endif
return table;
}
/* Free lookup table */
void sfrt_free(table_t *table)
{
if(!table)
{
/* What are you calling me for? */
return;
}
if(!table->data)
{
/* This really really should not have happened */
}
else
{
free(table->data);
}
if(!table->rt)
{
/* This should not have happened either */
}
else
{
table->free( table->rt );
}
#ifdef SUP_IP6
if(!table->rt6)
{
/* This should not have happened either */
}
else
{
table->free( table->rt6 );
}
#endif
free(table);
}
/* Perform a lookup on value contained in "ip" */
GENERIC sfrt_lookup(void *adr, table_t* table)
{
tuple_t tuple;
#ifdef SUP_IP6
sfip_t *ip;
#else
uint32_t ip;
#endif
void *rt = NULL;
if(!adr)
{
return NULL;
}
if(!table || !table->lookup)
{
return NULL;
}
#ifdef SUP_IP6
ip = adr;
if (ip->family == AF_INET)
{
rt = table->rt;
}
else if (ip->family == AF_INET6)
{
rt = table->rt6;
}
#else
/* IPv6 not yet supported */
if(table->ip_type == IPv6)
{
return NULL;
}
ip = *(uint32_t*)adr;
rt = table->rt;
#endif
if (!rt)
{
return NULL;
}
tuple = table->lookup(ip, rt);
if(tuple.index >= table->num_ent)
{
return NULL;
}
return table->data[tuple.index];
}
void sfrt_iterate(table_t* table, sfrt_iterator_callback userfunc)
{
uint32_t index;
if (!table)
return;
for (index = 0; index < table->num_ent; index++)
{
if (table->data[index])
userfunc(table->data[index]);
}
return;
}
int sfrt_iterate2(table_t* table, sfrt_iterator_callback3 userfunc)
{
uint32_t index;
if (!table)
return 0;
for (index = 0; index < table->num_ent; index++)
{
if (table->data[index])
{
int ret = userfunc(table->data[index]);
if (ret != 0)
return ret;
}
}
return 0;
}
void sfrt_cleanup2(
table_t* table,
sfrt_iterator_callback2 cleanup_func,
void *data
)
{
uint32_t index;
if (!table)
return;
for (index = 0; index < table->num_ent; index++)
{
if (table->data[index])
cleanup_func(table->data[index], data);
/* cleanup_func is supposed to free memory associated with this
* table->data[index]. Set that to NULL.
*/
table->data[index] = NULL;
}
}
void sfrt_cleanup(table_t* table, sfrt_iterator_callback cleanup_func)
{
uint32_t index;
if (!table)
return;
for (index = 0; index < table->num_ent; index++)
{
if (table->data[index])
cleanup_func(table->data[index]);
/* cleanup_func is supposed to free memory associated with this
* table->data[index]. Set that to NULL.
*/
table->data[index] = NULL;
}
return;
}
GENERIC sfrt_search(void *adr, unsigned char len, table_t *table)
{
#ifdef SUP_IP6
sfip_t *ip;
#else
uint32_t ip;
#endif
tuple_t tuple;
void *rt = NULL;
if ((adr == NULL) || (table == NULL) || (len == 0))
return NULL;
#ifdef SUP_IP6
ip = adr;
if (ip->family == AF_INET)
{
rt = table->rt;
}
else if (ip->family == AF_INET6)
{
rt = table->rt6;
}
#else
/* IPv6 not yet supported */
if(table->ip_type == IPv6)
{
return NULL;
}
ip = *(uint32_t*)adr;
rt = table->rt;
#endif
/* IPv6 not yet supported */
if (table->ip_type == IPv6)
return NULL;
if( (table->ip_type == IPv4 && len > 32) ||
(table->ip_type == IPv6 && len > 128) )
{
return NULL;
}
#ifdef SUP_IP6
ip = adr;
#else
ip = *(uint32_t*)adr;
#endif
tuple = table->lookup(ip, rt);
if (tuple.length != len)
return NULL;
return table->data[tuple.index];
}
/* Insert "ip", of length "len", into "table", and have it point to "ptr" */
/* Insert "ip", of length "len", into "table", and have it point to "ptr" */
int sfrt_insert(void *adr, unsigned char len, GENERIC ptr,
int behavior, table_t *table)
{
int index;
int res;
#ifdef SUP_IP6
sfip_t *ip;
#else
uint32_t ip;
#endif
tuple_t tuple;
void *rt = NULL;
if(!adr)
{
return RT_INSERT_FAILURE;
}
if (len == 0)
return RT_INSERT_FAILURE;
if(!table || !table->insert || !table->data || !table->lookup)
{
return RT_INSERT_FAILURE;
}
if( (table->ip_type == IPv4 && len > 32) ||
(table->ip_type == IPv6 && len > 128) )
{
return RT_INSERT_FAILURE;
}
#ifdef SUP_IP6
ip = adr;
#else
ip = *(uint32_t*)adr;
#endif
/* Check if we can reuse an existing data table entry by
* seeing if there is an existing entry with the same length. */
/* Only perform this if the table is not an LC-trie */
#ifdef SUPPORT_LCTRIE
if(table->table_type != LCT)
{
#endif
#ifdef SUP_IP6
if (ip->family == AF_INET)
{
rt = table->rt;
}
else if (ip->family == AF_INET6)
{
rt = table->rt6;
}
#else
rt = table->rt;
#endif
if (!rt)
{
return RT_INSERT_FAILURE;
}
tuple = table->lookup(ip, table->rt);
#ifdef SUPPORT_LCTRIE
}
#endif
#ifdef SUPPORT_LCTRIE
if(table->table_type == LCT || tuple.length != len)
{
#else
if(tuple.length != len)
{
#endif
if( table->num_ent >= table->max_size)
{
return RT_POLICY_TABLE_EXCEEDED;
}
index = table->num_ent;
table->num_ent++;
}
else
{
index = tuple.index;
}
/* Insert value into policy table */
table->data[ index ] = ptr;
/* The actual value that is looked-up is an index
* into the data table. */
res = table->insert(ip, len, index, behavior, rt);
/* Check if we ran out of memory. If so, need to decrement
* table->num_ent */
if(res == MEM_ALLOC_FAILURE)
{
/* From the control flow above, it's possible table->num_ent was not
* incremented. It should be safe to decrement here, because the only
* time it will be incremented above is when we are potentially
* mallocing one or more new entries (It's not incremented when we
* overwrite an existing entry). */
table->num_ent--;
}
return res;
}
uint32_t sfrt_num_entries(table_t *table)
{
if(!table || !table->rt || !table->allocated)
{
return 0;
}
/* There is always a root node, so subtract 1 for it */
return table->num_ent - 1;
}
uint32_t sfrt_usage(table_t *table)
{
uint32_t usage;
if(!table || !table->rt || !table->allocated || !table->usage)
{
return 0;
}
usage = table->allocated + table->usage( table->rt );
#ifdef SUP_IP6
if (table->rt6)
{
usage += table->usage( table->rt6 );
}
#endif
return usage;
}
#ifdef DEBUG_SFRT
#define NUM_IPS 32
#define NUM_DATA 4
int main()
{
table_t *dir;
uint32_t ip_list[NUM_IPS]; /* entirely arbitrary */
char data[NUM_DATA]; /* also entirely arbitrary */
uint32_t index, val;
for(index=0; index<NUM_IPS; index++)
{
ip_list[index] = (uint32_t)rand()%NUM_IPS;
data[index%NUM_DATA] = index%26 + 65; /* Random letter */
}
dir = sfrt_new(DIR_16x2, IPv4, NUM_IPS, 20);
if(!dir)
{
printf("Failed to create DIR\n");
return 1;
}
for(index=0; index < NUM_IPS; index++)
{
if(sfrt_insert(&ip_list[index], 32, &data[index%NUM_DATA],
RT_FAVOR_SPECIFIC, dir) != RT_SUCCESS)
{
printf("DIR Insertion failure\n");
return 1;
}
printf("%d\t %x: %c -> %c\n", index, ip_list[index],
data[index%NUM_DATA], *(uint32_t*)sfrt_lookup(&ip_list[index], dir));
}
for(index=0; index < NUM_IPS; index++)
{
val = *(uint32_t*)sfrt_lookup(&ip_list[index], dir);
printf("\t@%d\t%x: %c. originally:\t%c\n",
index, ip_list[index], val, data[index%NUM_DATA]);
}
printf("Usage: %d bytes\n", ((dir_table_t*)(dir->rt))->allocated);
sfrt_free(dir);
return 0;
}
#endif /* DEBUG_SFRT */

216
include/sfrt.h Normal file
View File

@ -0,0 +1,216 @@
/****************************************************************************
*
* Copyright (C) 2006-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
/*
* @file sfrt.h
* @author Adam Keeton <akeeton@sourcefire.com>
* @date Thu July 20 10:16:26 EDT 2006
*
* SFRT implements two different routing table lookup methods that have been
* adapted to return a void pointers. Any generic information may be
* associated with a given IP or CIDR block.
*
* As of this writing, the two methods used are Stefan Nilsson and Gunnar
* Karlsson's LC-trie, and a multibit-trie method similar to Gupta et-al.'s
* DIR-n-m. Presently, the LC-trie is used for testing purposes as the
* current implementation does not allow for fast, dynamic inserts.
*
* The intended use is to associate large IP blocks with specific information;
* such as what may be written into the table by RNA.
*
* NOTE: information should only move from less specific to more specific, ie:
*
* First insert: 1.1.0.0/16 -> some data
* Second insert: 1.1.2.3 -> some other data
*
* As opposed to:
*
* First insert: 1.1.2.3 -> some other data
* Second insert: 1.1.0.0/16 -> some data
*
* If more general information is to overwrite existing entries, the table
* should be free'ed and rebuilt. This is due to the difficulty of cleaning
* out stale entries with the current implementation. At runtime, this won't
* be a significant issue since inserts should apply to specific IP addresses
* and not entire blocks of IPs.
*
*
* Implementation:
*
* The routing tables associate an index into a "data" table with each CIDR.
* Each entry in the data table stores a pointer to actual data. This
* implementation was chosen so each routing entry only needs one word to
* either index the data array, or point to another table.
*
* Inserts are performed by specifying a CIDR and a pointer to its associated
* data. Since a new routing table entry may overwrite previous entries,
* a flag selects whether the insert favors the most recent or favors the most
* specific. Favoring most specific should be the default behvior. If
* the user wishes to overwrite routing entries with more general data, the
* table should be flushed, rather than using favor-most-recent.
*
* Before modifying the routing or data tables, the insert function performs a
* lookup on the CIDR-to-be-insertted. If no entry or an entry *of differing
* bit length* is found, the data is insertted into the data table, and its
* index is used for the new routing table entry. If an entry is found that
* is as specific as the new CIDR, the index stored points to where the new
* data is written into the data table.
*
* If more specific CIDR blocks overwrote the data table, then the more
* general routing table entries that were not overwritten will be referencing
* the wrong data. Alternatively, less specific entries can only overwrite
* existing routing table entries if favor-most-recent inserts are used.
*
* Because there is no quick way to clean the data-table if a user wishes to
* use a favor-most-recent insert for more general data, the user should flush
* the table with sfrt_free and create one anew. Alternatively, a small
* memory leak occurs with the data table, as it will be storing pointers that
* no routing table entry cares about.
*
*
* The API calls that should be used are:
* sfrt_new - create new table
* sfrt_insert - insert entry
* sfrt_lookup - lookup entry
* sfrt_free - free table
*/
#ifndef _SFRT_H_
#define _SFRT_H_
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <stdlib.h>
#include <sys/types.h>
#include "sfrt_trie.h"
#include "debug.h"
#include "ipv6_port.h"
#ifdef SUP_IP6
typedef sfip_t *IP;
#else
typedef uint32_t IP;
#endif
typedef void* GENERIC; /* To be replaced with a pointer to a policy */
typedef struct
{
word index;
word length;
} tuple_t;
#include "sfrt_dir.h"
//#define SUPPORT_LCTRIE
#ifdef SUPPORT_LCTRIE
#include "sfrt_lctrie.h"
#endif
enum types
{
#ifdef SUPPORT_LCTRIE
LCT,
#endif
DIR_24_8,
DIR_16x2,
DIR_16_8x2,
DIR_16_4x4,
DIR_8x4,
DIR_4x8,
DIR_2x16,
#ifdef SUP_IP6
DIR_16_4x4_16x5_4x4,
DIR_16x7_4x4,
DIR_16x8,
DIR_8x16,
#endif
IPv4,
IPv6
};
enum return_codes
{
RT_SUCCESS=0,
RT_INSERT_FAILURE,
RT_POLICY_TABLE_EXCEEDED,
DIR_INSERT_FAILURE,
DIR_LOOKUP_FAILURE,
MEM_ALLOC_FAILURE
#ifdef SUPPORT_LCTRIE
,
LCT_COMPILE_FAILURE,
LCT_INSERT_FAILURE,
LCT_LOOKUP_FAILURE
#endif
};
/* Defined in sfrt.c */
extern char *rt_error_messages[];
enum
{
RT_FAVOR_TIME,
RT_FAVOR_SPECIFIC
};
/*******************************************************************/
/* Master table struct. Abstracts DIR and LC-trie methods */
typedef struct
{
GENERIC *data; /* data table. Each IP points to an entry here */
uint32_t num_ent; /* Number of entries in the policy table */
uint32_t max_size; /* Max size of policies array */
char ip_type; /* Only IPs of this family will be used */
char table_type;
uint32_t allocated;
void *rt; /* Actual "routing" table */
#ifdef SUP_IP6
void *rt6; /* Actual "routing" table */
#endif
tuple_t (*lookup)(IP ip, GENERIC);
int (*insert)(IP ip, int len, word index, int behavior, GENERIC);
void (*free)(void *);
uint32_t (*usage)(void *);
} table_t;
/*******************************************************************/
/* Abstracted routing table API */
table_t * sfrt_new(char type, char ip_type, long data_size, uint32_t mem_cap);
void sfrt_free(table_t *table);
GENERIC sfrt_lookup(void *adr, table_t* table);
GENERIC sfrt_search(void *adr, unsigned char len, table_t *table);
typedef void (*sfrt_iterator_callback)(void *);
typedef void (*sfrt_iterator_callback2)(void *, void *);
typedef int (*sfrt_iterator_callback3)(void *);
void sfrt_iterate(table_t* table, sfrt_iterator_callback userfunc);
int sfrt_iterate2(table_t* table, sfrt_iterator_callback3 userfunc);
void sfrt_cleanup(table_t* table, sfrt_iterator_callback userfunc);
void sfrt_cleanup2(table_t*, sfrt_iterator_callback2, void *);
int sfrt_insert(void *adr, unsigned char len, GENERIC ptr,
int behavior, table_t *table);
uint32_t sfrt_usage(table_t *table);
uint32_t sfrt_num_entries(table_t *table);
#endif

551
include/sfrt_dir.c Normal file
View File

@ -0,0 +1,551 @@
/****************************************************************************
*
* Copyright (C) 2006-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
/*
* @file sfdir.c
* @author Adam Keeton <akeeton@sourcefire.com>
* @date Thu July 20 10:16:26 EDT 2006
*
* The implementation uses an multibit-trie that is similar to Gupta et-al's
* DIR-n-m.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <stdarg.h> /* For variadic */
#include <stdio.h>
#include <string.h> /* For memset */
#include "sfrt.h"
#include "sfrt_dir.h"
#if SIZEOF_UNSIGNED_LONG_INT == 8
#define ARCH_WIDTH 64
#else
#define ARCH_WIDTH 32
#endif
#ifdef SUP_IP6
typedef struct {
IP ip;
int bits;
} IPLOOKUP;
#else
typedef IP IPLOOKUP;
#endif
/* Create new "sub" table of 2^width entries */
static dir_sub_table_t *_sub_table_new(dir_table_t *root, uint32_t dimension,
uint32_t prefill, uint32_t bit_length)
{
int width = root->dimensions[dimension];
int len = 1 << width;
int index;
dir_sub_table_t *sub;
/* Check if creating this node will exceed the memory cap.
* The symbols in the conditional (other than cap), come from the
* allocs below. */
if( root->mem_cap < ( root->allocated +
sizeof(dir_sub_table_t) +
sizeof(word) * len + len ) ||
bit_length > 128)
{
return NULL;
}
/* Set up the initial prefilled "sub table" */
sub = (dir_sub_table_t*)malloc(sizeof(dir_sub_table_t));
if(!sub)
{
return NULL;
}
/* This keeps the width readily available rather than recalculating it
* from the number of entries during an insert or lookup */
sub->width = width;
/* need 2^sub->width entries */
sub->num_entries = len;
sub->entries = (word*)malloc(sizeof(word) * sub->num_entries);
if(!sub->entries)
{
free(sub);
return NULL;
}
/* A "length" needs to be stored with each entry above. The length refers
* to how specific the insertion that set the entry was. It is necessary
* so that the entry is not overwritten by less general routing
* information if "RT_FAVOR_SPECIFIC" insertions are being performed. */
sub->lengths = (char*)malloc(sub->num_entries);
if(!sub->lengths)
{
free(sub->entries);
free(sub);
return NULL;
}
/* Can't use memset here since prefill is multibyte */
for(index = 0; index < sub->num_entries; index++)
{
sub->entries[index] = prefill;
sub->lengths[index] = (char)bit_length;
}
sub->cur_num = 0;
root->allocated += sizeof(dir_sub_table_t) + sizeof(word) * sub->num_entries;
root->cur_num++;
return sub;
}
/* Create new dir-n-m root table with 'count' depth */
dir_table_t *sfrt_dir_new(uint32_t mem_cap, int count,...)
{
va_list ap;
uint32_t val;
int index;
dir_table_t* table = (dir_table_t*)malloc(sizeof(dir_table_t));
if(!table)
{
return NULL;
}
table->allocated = 0;
table->dimensions = (int*)malloc(sizeof(int)*count);
if(!table->dimensions)
{
free(table);
return NULL;
}
table->dim_size = count;
va_start(ap, count);
for(index=0; index < count; index++)
{
val = va_arg(ap, int);
table->dimensions[index] = val;
}
va_end(ap);
table->mem_cap = mem_cap;
table->cur_num = 0;
table->sub_table = _sub_table_new(table, 0, 0, 0);
if(!table->sub_table)
{
free(table->dimensions);
free(table);
return NULL;
}
table->allocated += sizeof(dir_table_t) + sizeof(int)*count;
return table;
}
/* Traverse "sub" tables, freeing each */
static void _sub_table_free(uint32_t *allocated, dir_sub_table_t *sub)
{
int index;
sub->cur_num--;
for(index=0; index < sub->num_entries; index++)
{
/* The following condition will only be true if
* this entry is a pointer */
if( !sub->lengths[index] && sub->entries[index] )
{
_sub_table_free( allocated, (dir_sub_table_t*) sub->entries[index]);
}
}
if(sub->entries)
{
/* This probably does not need to be checked
* since if it was not allocated, we would have errored out
* in _sub_table_new */
free(sub->entries);
*allocated -= sizeof(word) * sub->num_entries;
}
if(sub->lengths)
{
/* This probably does not need to be checked
* since if it was not allocated, we would have errored out
* in _sub_table_new */
free(sub->lengths);
*allocated -= sub->num_entries;
}
free(sub);
*allocated -= sizeof(dir_sub_table_t);
}
/* Free the DIR-n-m structure */
void sfrt_dir_free(void *tbl)
{
dir_table_t *table = (dir_table_t*)tbl;
if(!table)
{
return;
}
if(table->sub_table)
{
_sub_table_free(&table->allocated, table->sub_table);
}
if(table->dimensions)
{
free(table->dimensions);
}
free(table);
}
static INLINE void _dir_fill_all(uint32_t *allocated, uint32_t index, uint32_t fill,
word length, uint32_t val, dir_sub_table_t *table)
{
/* Fill entries */
for(; index < fill; index++)
{
/* Before overwriting this entry, verify there's not an existing
* pointer ... otherwise free it to avoid a huge memory leak. */
if( table->entries[index] && !table->lengths[index])
{
_sub_table_free(allocated, (dir_sub_table_t*)table->entries[index]);
}
table->entries[index] = val;
table->lengths[index] = (char)length;
}
}
static INLINE void _dir_fill_less_specific(int index, int fill,
word length, uint32_t val, dir_sub_table_t *table)
{
/* Fill entries */
for(; index < fill; index++)
{
/* If we encounter a pointer, and we're inserting at this level, we
* automatically know that this entry refers to more specific
* information. However, there might only be one more specific entry
* in the entire block, meaning the rest must be filled.
*
* For instance, imagine a 24-8 with 1.2.3/24 -> A and 1.2.3.4/32 -> B
* There will be a pointer at 1.2.3 in the first table. The second
* table needs to have 255 entries pointing A, and 1 entry pointing to
* B.
*
* Therefore, recurse to this next level. */
if( !table->lengths[index] && table->entries[index])
{
dir_sub_table_t *next = (dir_sub_table_t*)table->entries[index];
_dir_fill_less_specific(0, 1 << next->width, length, val, next);
}
else if(length >= (word)table->lengths[index])
{
table->entries[index] = val;
table->lengths[index] = (char)length;
}
}
}
/* Sub table insertion
* This is called by dir_insert and recursively to find the the sub table
* that should house the value "ptr"
* @param ip IP address structure
* @param cur_len Number of bits of the IP left at this depth
* @param length Number of bits of the IP used to specify this CIDR
* @param ptr Information to be associated with this IP range
* @param master_table The table that describes all, returned by dir_new */
static int _dir_sub_insert(IPLOOKUP *ip, int length, int cur_len, GENERIC ptr,
int current_depth, int behavior,
dir_sub_table_t *sub_table, dir_table_t *root_table)
{
word index;
uint32_t fill;
#ifdef SUP_IP6
{
uint32_t local_index, i;
/* need to handle bits usage across multiple 32bit vals within IPv6. */
if (ip->ip->family == AF_INET)
{
i=0;
}
else if (ip->ip->family == AF_INET6)
{
if (ip->bits < 32 )
{
i=0;
}
else if (ip->bits < 64)
{
i=1;
}
else if (ip->bits < 96)
{
i=2;
}
else
{
i=3;
}
}
else
{
return RT_INSERT_FAILURE;
}
local_index = ip->ip->ip32[i] << (ip->bits %32);
index = local_index >> (ARCH_WIDTH - sub_table->width);
}
#else
IPLOOKUP iplu;
/* Index is determined by the highest 'len' bits in 'ip' */
index = *ip >> (ARCH_WIDTH - sub_table->width);
#endif
/* Check if this is the last table to traverse to */
if(sub_table->width >= cur_len)
{
/* Calculate how many entries need to be filled
* in this table. If the table is 24 bits wide, and the entry
* is 20 bytes long, 2^4 entries need to be filled. */
fill = 1 << (sub_table->width - cur_len);
index = (index >> (sub_table->width - cur_len)) <<
(sub_table->width - cur_len);
fill += index;
/* Favor most recent CIDR */
if(behavior == RT_FAVOR_TIME)
{
_dir_fill_all(&root_table->allocated, index, fill, length,
(word)ptr, sub_table);
}
/* Fill over less specific CIDR */
else
{
_dir_fill_less_specific(index, fill, length, (word)ptr, sub_table);
}
}
/* Need to traverse to a sub-table */
else
{
dir_sub_table_t *next_sub =
(dir_sub_table_t *)sub_table->entries[index];
/* Check if we need to alloc a new sub table.
* If next_sub was 0/NULL, there's no entry at this index
* If the length is non-zero, there is an entry */
if(!next_sub || sub_table->lengths[index])
{
if( root_table->dim_size <= current_depth )
{
return RT_INSERT_FAILURE;
}
sub_table->entries[index] =
(word) _sub_table_new(root_table, current_depth+1,
(word) next_sub, sub_table->lengths[index]);
sub_table->cur_num++;
sub_table->lengths[index] = 0;
next_sub = (dir_sub_table_t *)sub_table->entries[index];
if(!next_sub)
{
return MEM_ALLOC_FAILURE;
}
}
/* Recurse to next level. Rightshift off appropriate number of
* bits and update the length accordingly. */
#ifdef SUP_IP6
ip->bits += sub_table->width;
_dir_sub_insert(ip, length,
cur_len - sub_table->width, ptr, current_depth+1,
behavior, next_sub, root_table);
#else
iplu = *ip << sub_table->width;
_dir_sub_insert(&iplu, length,
cur_len - sub_table->width, ptr, current_depth+1,
behavior, next_sub, root_table);
#endif
}
return RT_SUCCESS;
}
/* Insert entry into DIR-n-m tables
* @param ip IP address structure
* @param len Number of bits of the IP used for lookup
* @param ptr Information to be associated with this IP range
* @param master_table The table that describes all, returned by dir_new */
int sfrt_dir_insert(IP ip, int len, word data_index,
int behavior, void *table)
{
dir_table_t *root = (dir_table_t*)table;
#ifdef SUP_IP6
IPLOOKUP iplu;
iplu.ip = ip;
iplu.bits = 0;
#else
IPLOOKUP iplu = ip;
#endif
/* Validate arguments */
if(!root || !root->sub_table)
{
return DIR_INSERT_FAILURE;
}
/* Find the sub table in which to insert */
return _dir_sub_insert(&iplu, len, len, (GENERIC)data_index,
0, behavior, root->sub_table, root);
}
/* Traverse sub tables looking for match */
/* Called by dir_lookup and recursively */
static tuple_t _dir_sub_lookup(IPLOOKUP *ip, dir_sub_table_t *table)
{
word index;
#ifdef SUP_IP6
{
uint32_t local_index, i;
/* need to handle bits usage across multiple 32bit vals within IPv6. */
if (ip->ip->family == AF_INET)
{
i=0;
}
else if (ip->ip->family == AF_INET6)
{
if (ip->bits < 32 )
{
i=0;
}
else if (ip->bits < 64)
{
i=1;
}
else if (ip->bits < 96)
{
i=2;
}
else
{
i=3;
}
}
else
{
tuple_t ret = { 0, 0 };
return ret;
}
local_index = ip->ip->ip32[i] << (ip->bits %32);
index = local_index >> (ARCH_WIDTH - table->width);
}
#else
IPLOOKUP iplu;
index = *ip >> (ARCH_WIDTH - table->width);
#endif
if( !table->entries[index] || table->lengths[index] )
{
tuple_t ret;
ret.index = table->entries[index];
ret.length = (word)table->lengths[index];
return ret;
}
#ifdef SUP_IP6
ip->bits += table->width;
return _dir_sub_lookup( ip, (dir_sub_table_t *)table->entries[index]);
#else
iplu = *ip << table->width;
return _dir_sub_lookup( &iplu, (dir_sub_table_t *)table->entries[index]);
#endif
}
/* Lookup information associated with the value "ip" */
tuple_t sfrt_dir_lookup(IP ip, void *tbl)
{
dir_table_t *root = (dir_table_t*)tbl;
#ifdef SUP_IP6
IPLOOKUP iplu;
iplu.ip = ip;
iplu.bits = 0;
#else
IPLOOKUP iplu = ip;
#endif
if(!root || !root->sub_table)
{
tuple_t ret = { 0, 0 };
return ret;
}
return _dir_sub_lookup(&iplu, root->sub_table);
}
uint32_t sfrt_dir_usage(void *table)
{
if(!table)
{
return 0;
}
return ((dir_table_t*)(table))->allocated;
}

81
include/sfrt_dir.h Normal file
View File

@ -0,0 +1,81 @@
/****************************************************************************
*
* Copyright (C) 2006-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
/*
* @file sfdir.h
* @author Adam Keeton <akeeton@sourcefire.com>
* @date Thu July 20 10:16:26 EDT 2006
*
* The implementation uses an multibit-trie that is similar to Gupta et-al's
* DIR-n-m.
*/
#ifndef SFRT_DIR_H_
#define SFRT_DIR_H_
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
/*******************************************************************/
/* DIR-n-m data structures
* Each table in the DIR-n-m method is represented by a
* dir_sub_table_t. They are managed by a dir_table_t. */
typedef struct
{
word *entries;
char *lengths;
int num_entries; /* Number of entries in this table */
int width; /* width of this table. */
/* While one determines the other, this way fewer
* calculations are needed at runtime, since both
* are used. */
int cur_num; /* Present number of used nodes */
} dir_sub_table_t;
/* Master data structure for the DIR-n-m derivative */
typedef struct
{
int *dimensions; /* DIR-n-m will consist of any number of arbitrarily
* long tables. This variable keeps track of the
* dimensions */
int dim_size; /* And this variable keeps track of 'dimensions''s
* dimensions! */
uint32_t mem_cap; /* User-defined maximum memory that can be allocated
* for the DIR-n-m derivative */
int cur_num; /* Present number of used nodes */
uint32_t allocated;
dir_sub_table_t *sub_table;
} dir_table_t;
/*******************************************************************/
/* DIR-n-m functions, these are not intended to be called directly */
dir_table_t * sfrt_dir_new(uint32_t mem_cap, int count,...);
void sfrt_dir_free(void *);
tuple_t sfrt_dir_lookup(IP ip, void *table);
int sfrt_dir_insert(IP ip, int len, word data_index,
int behavior, void *table);
uint32_t sfrt_dir_usage(void *table);
#endif /* SFRT_DIR_H_ */

167
include/sfrt_trie.h Normal file
View File

@ -0,0 +1,167 @@
/****************************************************************************
*
* Copyright (C) 2006-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
/*
trie.h
A routing table for wordsized (32bits) bitstrings implemented as a
static level- and pathcompressed trie. For details please consult
Stefan Nilsson and Gunnar Karlsson. Fast Address Look-Up
for Internet Routers. International Conference of Broadband
Communications (BC'97).
http://www.hut.fi/~sni/papers/router/router.html
The code presented in this file has been tested with care but is
not guaranteed for any purpose. The writer does not offer any
warranties nor does he accept any liabilities with respect to
the code.
Stefan Nilsson, 4 nov 1997.
Laboratory of Information Processing Science
Helsinki University of Technology
Stefan.Nilsson@hut.fi
*/
/*
The trie is represented by an array and each node consists of an
unsigned word. The first 5 bits (31-27) indicate the logarithm
of the branching factor. The next 5 bits (26-22) indicate the
skip value. The final 22 (21-0) bits is an adress, either to
another internal node, or the base vector.
The maximum capacity is 2^21 strings (or a few more). The trie
is prefixfree. All strings that are prefixes of another string
are stored separately.
*/
#ifndef RT_TRIE_H
#define RT_TRIE_H
#define ADRSIZE 32 /* the number of bits in an address */
/* A 32-bit word is used to hold the bit patterns of
the addresses. In IPv6 this should be 128 bits.
The following typedef is machine dependent.
A word must be 32 bits long! */
typedef unsigned long word;
/* The trie is represented by an array and each node in
the trie is compactly represented using only 32 bits:
5 + 5 + 22 = branch + skip + adr */
typedef word node_t;
#define NOPRE -1 /* an empty prefix pointer */
#define SETBRANCH(branch) ((branch)<<27)
#define GETBRANCH(node) ((node)>>27)
#define SETSKIP(skip) ((skip)<<22)
#define GETSKIP(node) ((node)>>22 & 037)
#define SETADR(adr) (adr)
#define GETADR(node) ((node) & 017777777)
/* extract n bits from str starting at position p */
#define EXTRACT(p, n, str) ((str)<<(p)>>(32-(n)))
/* remove the first p bits from string */
#define REMOVE(p, str) ((str)<<(p)>>(p))
/* A next-hop table entry is a 32 bit string */
typedef word policy_t;
/* The routing table entries are initially stored in
a simple array */
typedef struct entryrec *entry_t;
struct entryrec {
word data; /* the routing entry */
int len; /* and its length */
policy_t policy; /* the corresponding next-hop */
int pre; /* this auxiliary variable is used in the */
}; /* construction of the final data structure */
/* base vector */
typedef struct baserec *base_t;
struct baserec {
word str; /* the routing entry */
int len; /* and its length */
int pre; /* pointer to prefix table, -1 if no prefix */
int policy; /* pointer to next-hop table */
};
typedef struct { /* compact version of above */
word str;
int len;
int pre;
int policy;
} comp_base_t;
/* prefix vector */
typedef struct prerec *pre_t;
struct prerec {
int len; /* the length of the prefix */
int pre; /* pointer to prefix, -1 if no prefix */
int policy; /* pointer to policy table */
};
typedef struct { /* compact version of above */
int len;
int pre;
int policy;
} comp_pre_t;
/* The complete routing table data structure consists of
a trie, a base vector, a prefix vector, and a next-hop table. */
typedef struct routtablerec *routtable_t;
struct routtablerec {
node_t *trie; /* the main trie search structure */
int triesize;
comp_base_t *base; /* the base vector */
int basesize;
comp_pre_t *pre; /* the prefix vector */
int presize;
policy_t *policy; /* the next-hop table */
int policysize;
int dirty; /* Whether or not the table needs to be rebuilt */
};
/* utilities */
#ifndef boolean
#ifndef HAVE_BOOLEAN
typedef unsigned char boolean;
#endif
#endif
#ifndef TRUE
# define TRUE 1
#endif
#ifndef FALSE
# define FALSE 0
#endif
#endif

41
include/sfsnort_dynamic_detection_lib.c Normal file
View File

@ -0,0 +1,41 @@
#include "sf_snort_plugin_api.h"
#include "sf_dynamic_meta.h"
#include "detection_lib_meta.h"
#include "stdio.h"
#include "string.h"
#include "sfsnort_dynamic_detection_lib.h"
extern Rule *rules[];
DETECTION_LINKAGE int InitializeDetection()
{
return RegisterRules(rules);
}
DETECTION_LINKAGE int DumpSkeletonRules()
{
return DumpRules(DETECTION_LIB_NAME, rules);
}
DETECTION_LINKAGE int LibVersion(DynamicPluginMeta *dpm)
{
dpm->type = TYPE_DETECTION;
dpm->major = DETECTION_LIB_MAJOR;
dpm->minor = DETECTION_LIB_MINOR;
dpm->build = DETECTION_LIB_BUILD;
strncpy(dpm->uniqueName, DETECTION_LIB_NAME, MAX_NAME_LEN);
return 0;
}
DETECTION_LINKAGE int EngineVersion(DynamicPluginMeta *dpm)
{
dpm->type = TYPE_ENGINE;
dpm->major = REQ_ENGINE_LIB_MAJOR;
dpm->minor = REQ_ENGINE_LIB_MINOR;
dpm->build = 0;
strncpy(dpm->uniqueName, REQ_ENGINE_LIB_NAME, MAX_NAME_LEN);
return 0;
}

15
include/sfsnort_dynamic_detection_lib.h Normal file
View File

@ -0,0 +1,15 @@
#ifndef SFSNORT_DYNAMIC_DETECTION_LIB_H_
#define SFSNORT_DYNAMIC_DETECTION_LIB_H_
#ifdef WIN32
#ifdef SF_SNORT_DETECTION_DLL
#define DETECTION_LINKAGE __declspec(dllexport)
#else
#define DETECTION_LINKAGE __declspec(dllimport)
#endif
#else /* WIN32 */
#define DETECTION_LINKAGE
#endif /* WIN32 */
#endif /* SFSNORT_DYNAMIC_DETECTION_LIB_H_ */

142
include/signature.h Normal file
View File

@ -0,0 +1,142 @@
/* $Id$ */
/*
** Copyright (C) 2002-2010 Sourcefire, Inc.
** Author(s): Andrew R. Baker <andrewb@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __SIGNATURE_H__
#define __SIGNATURE_H__
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef OSF1
#include <sys/bitypes.h>
#endif
#include <sys/types.h>
#include <stdio.h>
struct _OptTreeNode;
struct _SnortConfig;
struct _RuleTreeNode;
/* this contains a list of the URLs for various reference systems */
typedef struct _ReferenceSystemNode
{
char *name;
char *url;
struct _ReferenceSystemNode *next;
} ReferenceSystemNode;
ReferenceSystemNode * ReferenceSystemAdd(ReferenceSystemNode **, char *, char *);
ReferenceSystemNode * ReferenceSystemLookup(ReferenceSystemNode *, char *);
void ParseReferenceSystemConfig(char *args);
/* XXX: update to point to the ReferenceURLNode in the referenceURL list */
typedef struct _ReferenceNode
{
char *id;
ReferenceSystemNode *system;
struct _ReferenceNode *next;
} ReferenceNode;
ReferenceNode * AddReference(struct _SnortConfig *, ReferenceNode **, char *, char *);
void FPrintReference(FILE *, ReferenceNode *);
/* struct for rule classification */
typedef struct _ClassType
{
char *type; /* classification type */
int id; /* classification id */
char *name; /* "pretty" classification name */
int priority; /* priority */
struct _ClassType *next;
} ClassType;
void ParseClassificationConfig(char *);
/* NOTE: These lookups can only be done during parse time */
ClassType * ClassTypeLookupByType(struct _SnortConfig *, char *);
ClassType * ClassTypeLookupById(struct _SnortConfig *, int);
/*
* sid-gid -> otn mapping
*/
typedef struct _OtnKey
{
uint32_t gid;
uint32_t sid;
} OtnKey;
#define SI_RULE_FLUSHING_OFF 0
#define SI_RULE_FLUSHING_ON 1
#define SI_RULE_TYPE_DETECT 0
#define SI_RULE_TYPE_DECODE 1
#define SI_RULE_TYPE_PREPROC 2
#ifdef TARGET_BASED
typedef struct _ServiceInfo
{
char *service;
int16_t service_ordinal;
} ServiceInfo;
#endif
typedef struct _SigInfo
{
uint32_t generator;
uint32_t id;
uint32_t rev;
uint32_t class_id;
ClassType *classType;
uint32_t priority;
char *message;
ReferenceNode *refs;
int shared; /* shared object rule */
int rule_type; /* 0-std rule, 1-decoder, rule, 3 preprocessor rule */
int rule_flushing; /* 0-disabled, 1-enabled */
OtnKey otnKey;
#ifdef TARGET_BASED
unsigned int num_services;
ServiceInfo *services;
char *os;
#endif
} SigInfo;
void * SoRuleOtnLookupNew(void);
void SoRuleOtnLookupAdd(void *, struct _OptTreeNode *);
struct _OptTreeNode * SoRuleOtnLookup(void *, uint32_t gid, uint32_t sid);
struct _OptTreeNode * SoRuleOtnLookupNext(uint32_t gid, uint32_t sid);
void SoRuleOtnLookupFree(void *);
void * OtnLookupNew(void);
void OtnLookupAdd(void *, struct _OptTreeNode *);
struct _OptTreeNode * OtnLookup(void *, uint32_t gid, uint32_t sid);
void OtnLookupFree(void *);
void OtnRemove(void *, void *, struct _OptTreeNode *);
void OtnDeleteData(void *data);
void OtnFree(void *data);
#endif /* SIGNATURE */

144
include/signature.h.new Normal file
View File

@ -0,0 +1,144 @@
/* $Id$ */
/*
** Copyright (C) 2002-2010 Sourcefire, Inc.
** Author(s): Andrew R. Baker <andrewb@sourcefire.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation. You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __SIGNATURE_H__
#define __SIGNATURE_H__
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef OSF1
#include <sys/bitypes.h>
#endif
#include <sys/types.h>
#include <stdio.h>
#include "sfutil/sfghash.h"
#include "sf_types.h"
struct _OptTreeNode;
struct _SnortConfig;
struct _RuleTreeNode;
/* this contains a list of the URLs for various reference systems */
typedef struct _ReferenceSystemNode
{
char *name;
char *url;
struct _ReferenceSystemNode *next;
} ReferenceSystemNode;
ReferenceSystemNode * ReferenceSystemAdd(ReferenceSystemNode **, char *, char *);
ReferenceSystemNode * ReferenceSystemLookup(ReferenceSystemNode *, char *);
void ParseReferenceSystemConfig(char *args);
/* XXX: update to point to the ReferenceURLNode in the referenceURL list */
typedef struct _ReferenceNode
{
char *id;
ReferenceSystemNode *system;
struct _ReferenceNode *next;
} ReferenceNode;
ReferenceNode * AddReference(struct _SnortConfig *, ReferenceNode **, char *, char *);
void FPrintReference(FILE *, ReferenceNode *);
/* struct for rule classification */
typedef struct _ClassType
{
char *type; /* classification type */
int id; /* classification id */
char *name; /* "pretty" classification name */
int priority; /* priority */
struct _ClassType *next;
} ClassType;
void ParseClassificationConfig(char *);
/* NOTE: These lookups can only be done during parse time */
ClassType * ClassTypeLookupByType(struct _SnortConfig *, char *);
ClassType * ClassTypeLookupById(struct _SnortConfig *, int);
/*
* sid-gid -> otn mapping
*/
typedef struct _OtnKey
{
uint32_t gid;
uint32_t sid;
} OtnKey;
#define SI_RULE_FLUSHING_OFF 0
#define SI_RULE_FLUSHING_ON 1
#define SI_RULE_TYPE_DETECT 0
#define SI_RULE_TYPE_DECODE 1
#define SI_RULE_TYPE_PREPROC 2
#ifdef TARGET_BASED
typedef struct _ServiceInfo
{
char *service;
int16_t service_ordinal;
} ServiceInfo;
#endif
typedef struct _SigInfo
{
uint32_t generator;
uint32_t id;
uint32_t rev;
uint32_t class_id;
ClassType *classType;
uint32_t priority;
char *message;
ReferenceNode *refs;
int shared; /* shared object rule */
int rule_type; /* 0-std rule, 1-decoder, rule, 3 preprocessor rule */
int rule_flushing; /* 0-disabled, 1-enabled */
OtnKey otnKey;
#ifdef TARGET_BASED
unsigned int num_services;
ServiceInfo *services;
char *os;
#endif
} SigInfo;
SFGHASH * SoRuleOtnLookupNew(void);
void SoRuleOtnLookupAdd(SFGHASH *, struct _OptTreeNode *);
struct _OptTreeNode * SoRuleOtnLookup(SFGHASH *, uint32_t gid, uint32_t sid);
struct _OptTreeNode * SoRuleOtnLookupNext(uint32_t gid, uint32_t sid);
void SoRuleOtnLookupFree(SFGHASH *);
SFGHASH * OtnLookupNew(void);
void OtnLookupAdd(SFGHASH *, struct _OptTreeNode *);
struct _OptTreeNode * OtnLookup(SFGHASH *, uint32_t gid, uint32_t sid);
void OtnLookupFree(SFGHASH *);
void OtnRemove(SFGHASH *, SFGHASH *, struct _OptTreeNode *);
void OtnDeleteData(void *data);
void OtnFree(void *data);
#endif /* SIGNATURE */

77
include/str_search.h Normal file
View File

@ -0,0 +1,77 @@
/****************************************************************************
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
#ifndef __STR_SEARCH_H__
#define __STR_SEARCH_H__
/* Function prototypes */
typedef int (*MatchFunction)(void *, void *, int, void *, void *);
int SearchInit(unsigned int num);
int SearchGetHandle(void);
int SearchPutHandle(unsigned int id);
int SearchReInit(unsigned int i);
void SearchFree(void);
void SearchFreeId(unsigned id);
void SearchAdd(unsigned int mpse_id, const char *pat, unsigned int pat_len, int id);
void SearchPrepPatterns(unsigned int mpse_id);
int SearchFindString(unsigned int mpse_id, const char *str, unsigned int str_len, int confine, MatchFunction);
void * SearchInstanceNew( void );
void SearchInstanceFree( void * insance );
void SearchInstanceAdd( void * instance, const char *pat, unsigned int pat_len, int id);
void SearchInstancePrepPatterns( void * instance );
int SearchInstanceFindString( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction);
typedef struct _search_api
{
int (*search_init)(unsigned int);
int (*search_reinit)(unsigned int);
void (*search_free)(void);
void (*search_add)(unsigned int, const char *, unsigned int, int);
void (*search_prep)(unsigned int);
int (*search_find)(unsigned int, const char *, unsigned int, int, MatchFunction);
/* 6/1/06*/
void (*search_free_id)(unsigned id);
int (*search_get_handle)(void);
int (*search_put_handle)(unsigned int);
void * (*search_instance_new)(void);
void (*search_instance_free)(void * instance);
void (*search_instance_add) (void * instance, const char *s, unsigned int s_len, int s_id);
void (*search_instance_prep)(void * instance );
int (*search_instance_find)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction);
} SearchAPI;
extern SearchAPI *search_api;
#endif /* __STR_SEARCH_H__ */

77
include/str_search.h.new Normal file
View File

@ -0,0 +1,77 @@
/****************************************************************************
*
* Copyright (C) 2005-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
#ifndef __STR_SEARCH_H__
#define __STR_SEARCH_H__
/* Function prototypes */
typedef int (*MatchFunction)(void *, void *, int, void *, void *);
int SearchInit(unsigned int num);
int SearchGetHandle(void);
int SearchPutHandle(unsigned int id);
int SearchReInit(unsigned int i);
void SearchFree(void);
void SearchFreeId(unsigned id);
void SearchAdd(unsigned int mpse_id, const char *pat, unsigned int pat_len, int id);
void SearchPrepPatterns(unsigned int mpse_id);
int SearchFindString(unsigned int mpse_id, const char *str, unsigned int str_len, int confine, MatchFunction);
void * SearchInstanceNew( void );
void SearchInstanceFree( void * insance );
void SearchInstanceAdd( void * instance, const char *pat, unsigned int pat_len, int id);
void SearchInstancePrepPatterns( void * instance );
int SearchInstanceFindString( void * instance, const char *str, unsigned int str_len, int confine, MatchFunction);
typedef struct _search_api
{
int (*search_init)(unsigned int);
int (*search_reinit)(unsigned int);
void (*search_free)(void);
void (*search_add)(unsigned int, const char *, unsigned int, int);
void (*search_prep)(unsigned int);
int (*search_find)(unsigned int, const char *, unsigned int, int, MatchFunction);
/* 6/1/06*/
void (*search_free_id)(unsigned id);
int (*search_get_handle)(void);
int (*search_put_handle)(unsigned int);
void * (*search_instance_new)(void);
void (*search_instance_free)(void * instance);
void (*search_instance_add) (void * instance, const char *s, unsigned int s_len, int s_id);
void (*search_instance_prep)(void * instance );
int (*search_instance_find)(void * instance, const char *s, unsigned int s_len, int confine, MatchFunction);
} SearchAPI;
extern SearchAPI *search_api;
#endif /* __STR_SEARCH_H__ */

516
include/stream_api.h Normal file
View File

@ -0,0 +1,516 @@
/* $Id$ */
/*
* ** Copyright (C) 2005-2010 Sourcefire, Inc.
* ** AUTHOR: Steven Sturges
* **
* ** This program is free software; you can redistribute it and/or modify
* ** it under the terms of the GNU General Public License Version 2 as
* ** published by the Free Software Foundation. You may not use, modify or
* ** distribute this program under any other version of the GNU General
* ** Public License.
* **
* ** This program is distributed in the hope that it will be useful,
* ** but WITHOUT ANY WARRANTY; without even the implied warranty of
* ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* ** GNU General Public License for more details.
* **
* ** You should have received a copy of the GNU General Public License
* ** along with this program; if not, write to the Free Software
* ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* */
/* stream_api.h
*
* Purpose: Definition of the StreamAPI. To be used as a common interface
* for TCP (and later UDP & ICMP) Stream access for other
* preprocessors and detection plugins.
*
* Arguments:
*
* Effect:
*
* Comments:
*
* Any comments?
*
*/
#ifndef STREAM_API_H_
#define STREAM_API_H_
#include <sys/types.h>
#include "ipv6_port.h"
#include "preprocids.h" /* IDs are used when setting preproc specific data */
#include "bitop.h"
#include "sf_snort_packet.h"
#include "sfPolicy.h"
#define IGNORE_FLAG_ALWAYS 0x01
#define SSN_MISSING_NONE 0x00
#define SSN_MISSING_BEFORE 0x01
#define SSN_MISSING_AFTER 0x02
#define SSN_MISSING_BOTH (SSN_MISSING_BEFORE | SSN_MISSING_AFTER)
#define SSN_DIR_NONE 0x0
#define SSN_DIR_CLIENT 0x1
#define SSN_DIR_SENDER 0x1
#define SSN_DIR_SERVER 0x2
#define SSN_DIR_RESPONDER 0x2
#define SSN_DIR_BOTH 0x03
#define SSNFLAG_SEEN_CLIENT 0x00000001
#define SSNFLAG_SEEN_SENDER 0x00000001
#define SSNFLAG_SEEN_SERVER 0x00000002
#define SSNFLAG_SEEN_RESPONDER 0x00000002
#define SSNFLAG_ESTABLISHED 0x00000004
#define SSNFLAG_NMAP 0x00000008
#define SSNFLAG_ECN_CLIENT_QUERY 0x00000010
#define SSNFLAG_ECN_SERVER_REPLY 0x00000020
#define SSNFLAG_HTTP_1_1 0x00000040 /* has stream seen HTTP 1.1? */
#define SSNFLAG_SEEN_PMATCH 0x00000080 /* seen pattern match? */
#define SSNFLAG_MIDSTREAM 0x00000100 /* picked up midstream */
#define SSNFLAG_CLIENT_FIN 0x00000200 /* server sent fin */
#define SSNFLAG_SERVER_FIN 0x00000400 /* client sent fin */
#define SSNFLAG_CLIENT_PKT 0x00000800 /* packet is from the client */
#define SSNFLAG_SERVER_PKT 0x00001000 /* packet is from the server */
#define SSNFLAG_COUNTED_INITIALIZE 0x00002000
#define SSNFLAG_COUNTED_ESTABLISH 0x00004000
#define SSNFLAG_COUNTED_CLOSING 0x00008000
#define SSNFLAG_TIMEDOUT 0x00010000
#define SSNFLAG_PRUNED 0x00020000
#define SSNFLAG_RESET 0x00040000
#define SSNFLAG_DROP_CLIENT 0x00080000
#define SSNFLAG_DROP_SERVER 0x00100000
#define SSNFLAG_LOGGED_QUEUE_FULL 0x00200000
#define SSNFLAG_ALL 0xFFFFFFFF /* all that and a bag of chips */
#define SSNFLAG_NONE 0x00000000 /* nothing, an MT bag of chips */
#define STREAM_FLPOLICY_NONE 0x00
#define STREAM_FLPOLICY_FOOTPRINT 0x01 /* size-based footprint flush */
#define STREAM_FLPOLICY_LOGICAL 0x02 /* queued bytes-based flush */
#define STREAM_FLPOLICY_RESPONSE 0x03 /* flush when we see response */
#define STREAM_FLPOLICY_SLIDING_WINDOW 0x04 /* flush on sliding window */
#if 0
#define STREAM_FLPOLICY_CONSUMED 0x05 /* purge consumed bytes */
#endif
#define STREAM_FLPOLICY_IGNORE 0x06 /* ignore this traffic */
#define STREAM_FLPOLICY_MAX STREAM_FLPOLICY_IGNORE
#define STREAM_FLPOLICY_SET_ABSOLUTE 0x01
#define STREAM_FLPOLICY_SET_APPEND 0x02
#define UNKNOWN_PORT 0
#define STREAM_API_VERSION5 5
typedef void (*StreamAppDataFree)(void *);
typedef int (*PacketIterator)
(
struct pcap_pkthdr *,
uint8_t *, /* pkt pointer */
void * /* user-defined data pointer */
);
typedef int (*StreamSegmentIterator)
(
struct pcap_pkthdr *,
uint8_t *, /* pkt pointer */
uint8_t *, /* payload pointer */
uint32_t, /* sequence number */
void * /* user-defined data pointer */
);
typedef struct _StreamFlowData
{
BITOP boFlowbits;
unsigned char flowb[1];
} StreamFlowData;
typedef struct _stream_api
{
int version;
/*
* Drop on Inline Alerts for Midstream pickups
*
* Parameters
*,
* Returns
* 0 if not alerting
* !0 if alerting
*/
int (*alert_inline_midstream_drops)(void);
/* Set direction of session
*
* Parameters:
* Session Ptr
* New Direction
* IP
* Port
*/
void (*update_direction)(void *, char, snort_ip_p, uint16_t );
/* Get direction of packet
*
* Parameters:
* Packet
*/
uint32_t (*get_packet_direction)(SFSnortPacket *);
/* Stop inspection for session, up to count bytes (-1 to ignore
* for life or until resume).
*
* If response flag is set, automatically resume inspection up to
* count bytes when a data packet in the other direction is seen.
*
* Also marks the packet to be ignored
*
* Parameters
* Session Ptr
* Packet
* Direction
* Bytes
* Response Flag
*/
void (*stop_inspection)(void *, SFSnortPacket *, char, int32_t, int);
/* Turn off inspection for potential session.
* Adds session identifiers to a hash table.
* TCP only.
*
* Parameters
* IP addr #1
* Port #1
* IP addr #2
* Port #2
* Protocol
* Direction
* Flags (permanent)
*
* Returns
* 0 on success
* -1 on failure
*/
int (*ignore_session)(snort_ip_p, uint16_t, snort_ip_p, uint16_t,
char, char, char);
/* Resume inspection for session.
*
* Parameters
* Session Ptr
* Direction
*/
void (*resume_inspection)(void *, char);
/* Drop traffic arriving on session.
*
* Parameters
* Session Ptr
* Direction
*/
void (*drop_traffic)(void *, char);
/* Drop retransmitted packet arriving on session.
*
* Parameters
* Packet
*/
void (*drop_packet)(SFSnortPacket *);
/* Set a reference to application data for a session
*
* Parameters
* Session Ptr
* Application Protocol
* Application Data reference (pointer)
* Application Data free function
*/
void (*set_application_data)(void *, uint32_t, void *, StreamAppDataFree);
/* Set a reference to application data for a session
*
* Parameters
* Session Ptr
* Application Protocol
*
* Returns
* Application Data reference (pointer)
*/
void *(*get_application_data)(void *, uint32_t);
/* Sets the flags for a session
* This ORs the supplied flags with the previous values
*
* Parameters
* Session Ptr
* Flags
*
* Returns
* New Flags
*/
uint32_t (*set_session_flags)(void *, uint32_t);
/* Gets the flags for a session
*
* Parameters
* Session Ptr
*/
uint32_t (*get_session_flags)(void *);
/* Flushes the stream on an alert
* Side that is flushed is the same as the packet.
*
* Parameters
* Packet
*/
int (*alert_flush_stream)(SFSnortPacket *);
/* Flushes the stream on arrival of another packet
* Side that is flushed is the opposite of the packet.
*
* Parameters
* Packet
*/
int (*response_flush_stream)(SFSnortPacket *);
/* Calls user-provided callback function for each packet of
* a reassembled stream. If the callback function returns non-zero,
* iteration ends.
*
* Parameters
* Packet
* SFSnortPacket Iterator Function (called for each packet in the stream)
* user data (may be NULL)
*
* Returns
* number of packets
*/
int (*traverse_reassembled)(SFSnortPacket *, PacketIterator, void *userdata);
/* Calls user-provided callback function for each segment of
* a reassembled stream. If the callback function returns non-zero,
* iteration ends.
*
* Parameters
* Packet
* StreamSegmentIterator Function (called for each packet in the stream)
* user data (may be NULL)
*
* Returns
* number of packets
*/
int (*traverse_stream_segments)(SFSnortPacket *, StreamSegmentIterator, void *userdata);
/* Add session alert
*
* Parameters
* Session Ptr
* gen ID
* sig ID
*
* Returns
* 0 success
* -1 failure (max alerts reached)
*
*/
int (*add_session_alert)(void *, SFSnortPacket *p, uint32_t, uint32_t);
/* Check session alert
*
* Parameters
* Session Ptr
* Packet
* gen ID
* sig ID
*
* Returns
* 0 if not previously alerted
* !0 if previously alerted
*/
int (*check_session_alerted)(void *, SFSnortPacket *p, uint32_t, uint32_t);
/* Get Flowbits data
*
* Parameters
* Packet
*
* Returns
* Ptr to Flowbits Data
*/
StreamFlowData *(*get_flow_data)(SFSnortPacket *p);
/* Set reassembly flush policy/direction for given session
*
* Parameters
* Session Ptr
* Flush Policy
* Direction(s)
* Flags
*
* Returns
* direction(s) of reassembly for session
*/
char (*set_reassembly)(void *, uint8_t, char, char);
/* Get reassembly direction for given session
*
* Parameters
* Session Ptr
*
* Returns
* direction(s) of reassembly for session
*/
char (*get_reassembly_direction)(void *);
/* Get reassembly flush_policy for given session
*
* Parameters
* Session Ptr
* Direction
*
* Returns
* flush policy for specified direction
*/
char (*get_reassembly_flush_policy)(void *, char);
/* Get true/false as to whether stream data is in
* sequence or packets are missing
*
* Parameters
* Session Ptr
* Direction
*
* Returns
* true/false
*/
char (*is_stream_sequenced)(void *, char);
/* Get whether there are missing packets before, after or
* before and after reassembled buffer
*
* Parameters
* Session Ptr
* Direction
*
* Returns
* SSN_MISSING_BOTH if missing before and after
* SSN_MISSING_BEFORE if missing before
* SSN_MISSING_AFTER if missing after
* SSN_MISSING_NONE if none missing
*/
int (*missing_in_reassembled)(void *, char);
/* Get true/false as to whether packets were missed on
* the stream
*
* Parameters
* Session Ptr
* Direction
*
* Returns
* true/false
*/
char (*missed_packets)(void *, char);
#ifdef TARGET_BASED
/* Get the protocol identifier from a stream
*
* Parameters
* Session Ptr
*
* Returns
* integer protocol identifier
*/
int16_t (*get_application_protocol_id)(void *);
/* Set the protocol identifier for a stream
*
* Parameters
* Session Ptr
* ID
*
* Returns
* integer protocol identifier
*/
int16_t (*set_application_protocol_id)(void *, int16_t);
/** Set service to either ignore, inspect or maintain session state.
* If this is called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*set_service_filter_status)(int service, int status, tSfPolicyId policyId, int parsing);
#endif
/** Set port to either ignore, inspect or maintain session state.
* If this is called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*set_port_filter_status)(int protocol, uint16_t port, int status, tSfPolicyId policyId, int parsing);
/* Get the current flush point
*
* Arguments
* void * - session pointer
* char - direction
*
* Returns
* Current flush point for session
*/
uint32_t (*get_flush_point)(void *, char);
/* Set the next flush point
*
* Arguments
* void * - session pointer
* char - direction
* uint32_t - flush point size
*/
void (*set_flush_point)(void *, char, uint32_t);
#ifdef TARGET_BASED
/* Turn off inspection for potential session.
* Adds session identifiers to a hash table.
* TCP only.
*
* Parameters
* IP addr #1
* Port #1
* IP addr #2
* Port #2
* Protocol
* ID
*
* Returns
* 0 on success
* -1 on failure
*/
int (*set_application_protocol_id_expected)(snort_ip_p, uint16_t, snort_ip_p, uint16_t,
char, int16_t);
#endif
} StreamAPI;
/* To be set by Stream5 (or Stream4) */
extern StreamAPI *stream_api;
/**Port Inspection States. Port can be either ignored,
* or inspected or session tracked. The values are bitmasks.
*/
typedef enum {
/**Dont monitor the port. */
PORT_MONITOR_NONE = 0x00,
/**Inspect the port. */
PORT_MONITOR_INSPECT = 0x01,
/**perform session tracking on the port. */
PORT_MONITOR_SESSION = 0x02
} PortMonitorStates;
#endif /* STREAM_API_H_ */

516
include/stream_api.h.new Normal file
View File

@ -0,0 +1,516 @@
/* $Id$ */
/*
* ** Copyright (C) 2005-2010 Sourcefire, Inc.
* ** AUTHOR: Steven Sturges
* **
* ** This program is free software; you can redistribute it and/or modify
* ** it under the terms of the GNU General Public License Version 2 as
* ** published by the Free Software Foundation. You may not use, modify or
* ** distribute this program under any other version of the GNU General
* ** Public License.
* **
* ** This program is distributed in the hope that it will be useful,
* ** but WITHOUT ANY WARRANTY; without even the implied warranty of
* ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* ** GNU General Public License for more details.
* **
* ** You should have received a copy of the GNU General Public License
* ** along with this program; if not, write to the Free Software
* ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
* */
/* stream_api.h
*
* Purpose: Definition of the StreamAPI. To be used as a common interface
* for TCP (and later UDP & ICMP) Stream access for other
* preprocessors and detection plugins.
*
* Arguments:
*
* Effect:
*
* Comments:
*
* Any comments?
*
*/
#ifndef STREAM_API_H_
#define STREAM_API_H_
#include <sys/types.h>
#include "ipv6_port.h"
#include "preprocids.h" /* IDs are used when setting preproc specific data */
#include "bitop.h"
#include "decode.h"
#include "sfPolicy.h"
#define IGNORE_FLAG_ALWAYS 0x01
#define SSN_MISSING_NONE 0x00
#define SSN_MISSING_BEFORE 0x01
#define SSN_MISSING_AFTER 0x02
#define SSN_MISSING_BOTH (SSN_MISSING_BEFORE | SSN_MISSING_AFTER)
#define SSN_DIR_NONE 0x0
#define SSN_DIR_CLIENT 0x1
#define SSN_DIR_SENDER 0x1
#define SSN_DIR_SERVER 0x2
#define SSN_DIR_RESPONDER 0x2
#define SSN_DIR_BOTH 0x03
#define SSNFLAG_SEEN_CLIENT 0x00000001
#define SSNFLAG_SEEN_SENDER 0x00000001
#define SSNFLAG_SEEN_SERVER 0x00000002
#define SSNFLAG_SEEN_RESPONDER 0x00000002
#define SSNFLAG_ESTABLISHED 0x00000004
#define SSNFLAG_NMAP 0x00000008
#define SSNFLAG_ECN_CLIENT_QUERY 0x00000010
#define SSNFLAG_ECN_SERVER_REPLY 0x00000020
#define SSNFLAG_HTTP_1_1 0x00000040 /* has stream seen HTTP 1.1? */
#define SSNFLAG_SEEN_PMATCH 0x00000080 /* seen pattern match? */
#define SSNFLAG_MIDSTREAM 0x00000100 /* picked up midstream */
#define SSNFLAG_CLIENT_FIN 0x00000200 /* server sent fin */
#define SSNFLAG_SERVER_FIN 0x00000400 /* client sent fin */
#define SSNFLAG_CLIENT_PKT 0x00000800 /* packet is from the client */
#define SSNFLAG_SERVER_PKT 0x00001000 /* packet is from the server */
#define SSNFLAG_COUNTED_INITIALIZE 0x00002000
#define SSNFLAG_COUNTED_ESTABLISH 0x00004000
#define SSNFLAG_COUNTED_CLOSING 0x00008000
#define SSNFLAG_TIMEDOUT 0x00010000
#define SSNFLAG_PRUNED 0x00020000
#define SSNFLAG_RESET 0x00040000
#define SSNFLAG_DROP_CLIENT 0x00080000
#define SSNFLAG_DROP_SERVER 0x00100000
#define SSNFLAG_LOGGED_QUEUE_FULL 0x00200000
#define SSNFLAG_ALL 0xFFFFFFFF /* all that and a bag of chips */
#define SSNFLAG_NONE 0x00000000 /* nothing, an MT bag of chips */
#define STREAM_FLPOLICY_NONE 0x00
#define STREAM_FLPOLICY_FOOTPRINT 0x01 /* size-based footprint flush */
#define STREAM_FLPOLICY_LOGICAL 0x02 /* queued bytes-based flush */
#define STREAM_FLPOLICY_RESPONSE 0x03 /* flush when we see response */
#define STREAM_FLPOLICY_SLIDING_WINDOW 0x04 /* flush on sliding window */
#if 0
#define STREAM_FLPOLICY_CONSUMED 0x05 /* purge consumed bytes */
#endif
#define STREAM_FLPOLICY_IGNORE 0x06 /* ignore this traffic */
#define STREAM_FLPOLICY_MAX STREAM_FLPOLICY_IGNORE
#define STREAM_FLPOLICY_SET_ABSOLUTE 0x01
#define STREAM_FLPOLICY_SET_APPEND 0x02
#define UNKNOWN_PORT 0
#define STREAM_API_VERSION5 5
typedef void (*StreamAppDataFree)(void *);
typedef int (*PacketIterator)
(
struct pcap_pkthdr *,
uint8_t *, /* pkt pointer */
void * /* user-defined data pointer */
);
typedef int (*StreamSegmentIterator)
(
struct pcap_pkthdr *,
uint8_t *, /* pkt pointer */
uint8_t *, /* payload pointer */
uint32_t, /* sequence number */
void * /* user-defined data pointer */
);
typedef struct _StreamFlowData
{
BITOP boFlowbits;
unsigned char flowb[1];
} StreamFlowData;
typedef struct _stream_api
{
int version;
/*
* Drop on Inline Alerts for Midstream pickups
*
* Parameters
*,
* Returns
* 0 if not alerting
* !0 if alerting
*/
int (*alert_inline_midstream_drops)(void);
/* Set direction of session
*
* Parameters:
* Session Ptr
* New Direction
* IP
* Port
*/
void (*update_direction)(void *, char, snort_ip_p, uint16_t );
/* Get direction of packet
*
* Parameters:
* Packet
*/
uint32_t (*get_packet_direction)(Packet *);
/* Stop inspection for session, up to count bytes (-1 to ignore
* for life or until resume).
*
* If response flag is set, automatically resume inspection up to
* count bytes when a data packet in the other direction is seen.
*
* Also marks the packet to be ignored
*
* Parameters
* Session Ptr
* Packet
* Direction
* Bytes
* Response Flag
*/
void (*stop_inspection)(void *, Packet *, char, int32_t, int);
/* Turn off inspection for potential session.
* Adds session identifiers to a hash table.
* TCP only.
*
* Parameters
* IP addr #1
* Port #1
* IP addr #2
* Port #2
* Protocol
* Direction
* Flags (permanent)
*
* Returns
* 0 on success
* -1 on failure
*/
int (*ignore_session)(snort_ip_p, uint16_t, snort_ip_p, uint16_t,
char, char, char);
/* Resume inspection for session.
*
* Parameters
* Session Ptr
* Direction
*/
void (*resume_inspection)(void *, char);
/* Drop traffic arriving on session.
*
* Parameters
* Session Ptr
* Direction
*/
void (*drop_traffic)(void *, char);
/* Drop retransmitted packet arriving on session.
*
* Parameters
* Packet
*/
void (*drop_packet)(Packet *);
/* Set a reference to application data for a session
*
* Parameters
* Session Ptr
* Application Protocol
* Application Data reference (pointer)
* Application Data free function
*/
void (*set_application_data)(void *, uint32_t, void *, StreamAppDataFree);
/* Set a reference to application data for a session
*
* Parameters
* Session Ptr
* Application Protocol
*
* Returns
* Application Data reference (pointer)
*/
void *(*get_application_data)(void *, uint32_t);
/* Sets the flags for a session
* This ORs the supplied flags with the previous values
*
* Parameters
* Session Ptr
* Flags
*
* Returns
* New Flags
*/
uint32_t (*set_session_flags)(void *, uint32_t);
/* Gets the flags for a session
*
* Parameters
* Session Ptr
*/
uint32_t (*get_session_flags)(void *);
/* Flushes the stream on an alert
* Side that is flushed is the same as the packet.
*
* Parameters
* Packet
*/
int (*alert_flush_stream)(Packet *);
/* Flushes the stream on arrival of another packet
* Side that is flushed is the opposite of the packet.
*
* Parameters
* Packet
*/
int (*response_flush_stream)(Packet *);
/* Calls user-provided callback function for each packet of
* a reassembled stream. If the callback function returns non-zero,
* iteration ends.
*
* Parameters
* Packet
* Packet Iterator Function (called for each packet in the stream)
* user data (may be NULL)
*
* Returns
* number of packets
*/
int (*traverse_reassembled)(Packet *, PacketIterator, void *userdata);
/* Calls user-provided callback function for each segment of
* a reassembled stream. If the callback function returns non-zero,
* iteration ends.
*
* Parameters
* Packet
* StreamSegmentIterator Function (called for each packet in the stream)
* user data (may be NULL)
*
* Returns
* number of packets
*/
int (*traverse_stream_segments)(Packet *, StreamSegmentIterator, void *userdata);
/* Add session alert
*
* Parameters
* Session Ptr
* gen ID
* sig ID
*
* Returns
* 0 success
* -1 failure (max alerts reached)
*
*/
int (*add_session_alert)(void *, Packet *p, uint32_t, uint32_t);
/* Check session alert
*
* Parameters
* Session Ptr
* Packet
* gen ID
* sig ID
*
* Returns
* 0 if not previously alerted
* !0 if previously alerted
*/
int (*check_session_alerted)(void *, Packet *p, uint32_t, uint32_t);
/* Get Flowbits data
*
* Parameters
* Packet
*
* Returns
* Ptr to Flowbits Data
*/
StreamFlowData *(*get_flow_data)(Packet *p);
/* Set reassembly flush policy/direction for given session
*
* Parameters
* Session Ptr
* Flush Policy
* Direction(s)
* Flags
*
* Returns
* direction(s) of reassembly for session
*/
char (*set_reassembly)(void *, uint8_t, char, char);
/* Get reassembly direction for given session
*
* Parameters
* Session Ptr
*
* Returns
* direction(s) of reassembly for session
*/
char (*get_reassembly_direction)(void *);
/* Get reassembly flush_policy for given session
*
* Parameters
* Session Ptr
* Direction
*
* Returns
* flush policy for specified direction
*/
char (*get_reassembly_flush_policy)(void *, char);
/* Get true/false as to whether stream data is in
* sequence or packets are missing
*
* Parameters
* Session Ptr
* Direction
*
* Returns
* true/false
*/
char (*is_stream_sequenced)(void *, char);
/* Get whether there are missing packets before, after or
* before and after reassembled buffer
*
* Parameters
* Session Ptr
* Direction
*
* Returns
* SSN_MISSING_BOTH if missing before and after
* SSN_MISSING_BEFORE if missing before
* SSN_MISSING_AFTER if missing after
* SSN_MISSING_NONE if none missing
*/
int (*missing_in_reassembled)(void *, char);
/* Get true/false as to whether packets were missed on
* the stream
*
* Parameters
* Session Ptr
* Direction
*
* Returns
* true/false
*/
char (*missed_packets)(void *, char);
#ifdef TARGET_BASED
/* Get the protocol identifier from a stream
*
* Parameters
* Session Ptr
*
* Returns
* integer protocol identifier
*/
int16_t (*get_application_protocol_id)(void *);
/* Set the protocol identifier for a stream
*
* Parameters
* Session Ptr
* ID
*
* Returns
* integer protocol identifier
*/
int16_t (*set_application_protocol_id)(void *, int16_t);
/** Set service to either ignore, inspect or maintain session state.
* If this is called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*set_service_filter_status)(int service, int status, tSfPolicyId policyId, int parsing);
#endif
/** Set port to either ignore, inspect or maintain session state.
* If this is called during parsing a preprocessor configuration, make
* sure to set the parsing argument to 1.
*/
void (*set_port_filter_status)(int protocol, uint16_t port, int status, tSfPolicyId policyId, int parsing);
/* Get the current flush point
*
* Arguments
* void * - session pointer
* char - direction
*
* Returns
* Current flush point for session
*/
uint32_t (*get_flush_point)(void *, char);
/* Set the next flush point
*
* Arguments
* void * - session pointer
* char - direction
* uint32_t - flush point size
*/
void (*set_flush_point)(void *, char, uint32_t);
#ifdef TARGET_BASED
/* Turn off inspection for potential session.
* Adds session identifiers to a hash table.
* TCP only.
*
* Parameters
* IP addr #1
* Port #1
* IP addr #2
* Port #2
* Protocol
* ID
*
* Returns
* 0 on success
* -1 on failure
*/
int (*set_application_protocol_id_expected)(snort_ip_p, uint16_t, snort_ip_p, uint16_t,
char, int16_t);
#endif
} StreamAPI;
/* To be set by Stream5 (or Stream4) */
extern StreamAPI *stream_api;
/**Port Inspection States. Port can be either ignored,
* or inspected or session tracked. The values are bitmasks.
*/
typedef enum {
/**Dont monitor the port. */
PORT_MONITOR_NONE = 0x00,
/**Inspect the port. */
PORT_MONITOR_INSPECT = 0x01,
/**perform session tracking on the port. */
PORT_MONITOR_SESSION = 0x02
} PortMonitorStates;
#endif /* STREAM_API_H_ */

193
include/treenodes.h Normal file
View File

@ -0,0 +1,193 @@
/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
/* We moved the OptTreeNode and RuleTreeNode here to make them easier to
include in dynamic preprocessors. */
#ifndef TREENODES_H
#define TREENODES_H
#include "signature.h"
#include "sf_snort_packet.h"
#include "event.h"
#include "plugin_enum.h"
#include "rule_option_types.h"
struct _OptTreeNode; /* forward declaration of OTN data struct */
struct _RuleTreeNode; /* forward declaration of RTN data struct */
/* same as the rule header FP list */
typedef struct _OptFpList
{
/* context data for this test */
void *context;
int (*OptTestFunc)(void *option_data, SFSnortPacket *p);
struct _OptFpList *next;
unsigned char isRelative;
option_type_t type;
} OptFpList;
typedef struct _OptTreeNode
{
/* plugin/detection functions go here */
OptFpList *opt_func;
void *rsp_func; /* response functions */
void *outputFuncs; /* per sid enabled output functions */
/* the ds_list is absolutely essential for the plugin system to work,
it allows the plugin authors to associate "dynamic" data structures
with the rule system, letting them link anything they can come up
with to the rules list */
void *ds_list[PLUGIN_MAX]; /* list of plugin data struct pointers */
int chain_node_number;
int evalIndex; /* where this rule sits in the evaluation sets */
int proto; /* protocol, added for integrity checks
during rule parsing */
int session_flag; /* record session data */
char *logto; /* log file in which to write packets which
match this rule*/
/* metadata about signature */
SigInfo sigInfo;
uint8_t stateless; /* this rule can fire regardless of session state */
uint8_t established; /* this rule can only fire if it is established */
uint8_t unestablished;
Event event_data;
void* detection_filter; /* if present, evaluated last, after header checks */
void *tag;
/* stuff for dynamic rules activation/deactivation */
int active_flag;
int activation_counter;
int countdown;
int activates;
int activated_by;
struct _OptTreeNode *OTN_activation_ptr;
struct _RuleTreeNode *RTN_activation_ptr;
struct _OptTreeNode *next;
struct _OptTreeNode *nextSoid;
/* ptr to list of RTNs (head part) */
struct _RuleTreeNode **proto_nodes;
/**number of proto_nodes. */
unsigned short proto_node_num;
uint8_t failedCheckBits;
int rule_state; /* Enabled or Disabled */
#ifdef PERF_PROFILING
uint64_t ticks;
uint64_t ticks_match;
uint64_t ticks_no_match;
uint64_t checks;
uint64_t matches;
uint64_t alerts;
uint8_t noalerts;
#endif
int pcre_flag; /* PPM */
uint64_t ppm_suspend_time; /* PPM */
uint64_t ppm_disable_cnt; /*PPM */
char generated;
uint32_t num_detection_opts;
/**unique index generated in ruleIndexMap.
*/
int ruleIndex;
/* List of preprocessor registered fast pattern contents */
void *preproc_fp_list;
} OptTreeNode;
/* function pointer list for rule head nodes */
typedef struct _RuleFpList
{
/* context data for this test */
void *context;
/* rule check function pointer */
int (*RuleHeadFunc)(SFSnortPacket *, struct _RuleTreeNode *, struct _RuleFpList *, int);
/* pointer to the next rule function node */
struct _RuleFpList *next;
} RuleFpList;
typedef struct _RuleTreeNode
{
RuleFpList *rule_func; /* match functions.. (Bidirectional etc.. ) */
int head_node_number;
int type;
void *sip;
void *dip;
int proto;
void * src_portobject;
void * dst_portobject;
uint32_t flags; /* control flags */
/* stuff for dynamic rules activation/deactivation */
int active_flag;
int activation_counter;
int countdown;
void *activate_list;
#if 0
struct _RuleTreeNode *right; /* ptr to the next RTN in the list */
/** list of rule options to associate with this rule node */
OptTreeNode *down;
#endif
/**points to global parent RTN list (Drop/Alert) which contains this
* RTN.
*/
void *listhead;
/**reference count from otn. Multiple OTNs can reference this RTN with the same
* policy.
*/
unsigned int otnRefCount;
} RuleTreeNode;
#endif /* TREENODES_H */

191
include/treenodes.h.new Normal file
View File

@ -0,0 +1,191 @@
/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
/* We moved the OptTreeNode and RuleTreeNode here to make them easier to
include in dynamic preprocessors. */
#ifndef TREENODES_H
#define TREENODES_H
#include "rules.h"
#include "plugin_enum.h"
#include "rule_option_types.h"
struct _OptTreeNode; /* forward declaration of OTN data struct */
struct _RuleTreeNode; /* forward declaration of RTN data struct */
/* same as the rule header FP list */
typedef struct _OptFpList
{
/* context data for this test */
void *context;
int (*OptTestFunc)(void *option_data, Packet *p);
struct _OptFpList *next;
unsigned char isRelative;
option_type_t type;
} OptFpList;
typedef struct _OptTreeNode
{
/* plugin/detection functions go here */
OptFpList *opt_func;
RspFpList *rsp_func; /* response functions */
OutputFuncNode *outputFuncs; /* per sid enabled output functions */
/* the ds_list is absolutely essential for the plugin system to work,
it allows the plugin authors to associate "dynamic" data structures
with the rule system, letting them link anything they can come up
with to the rules list */
void *ds_list[PLUGIN_MAX]; /* list of plugin data struct pointers */
int chain_node_number;
int evalIndex; /* where this rule sits in the evaluation sets */
int proto; /* protocol, added for integrity checks
during rule parsing */
int session_flag; /* record session data */
char *logto; /* log file in which to write packets which
match this rule*/
/* metadata about signature */
SigInfo sigInfo;
uint8_t stateless; /* this rule can fire regardless of session state */
uint8_t established; /* this rule can only fire if it is established */
uint8_t unestablished;
Event event_data;
void* detection_filter; /* if present, evaluated last, after header checks */
TagData *tag;
/* stuff for dynamic rules activation/deactivation */
int active_flag;
int activation_counter;
int countdown;
int activates;
int activated_by;
struct _OptTreeNode *OTN_activation_ptr;
struct _RuleTreeNode *RTN_activation_ptr;
struct _OptTreeNode *next;
struct _OptTreeNode *nextSoid;
/* ptr to list of RTNs (head part) */
struct _RuleTreeNode **proto_nodes;
/**number of proto_nodes. */
unsigned short proto_node_num;
uint8_t failedCheckBits;
int rule_state; /* Enabled or Disabled */
#ifdef PERF_PROFILING
uint64_t ticks;
uint64_t ticks_match;
uint64_t ticks_no_match;
uint64_t checks;
uint64_t matches;
uint64_t alerts;
uint8_t noalerts;
#endif
int pcre_flag; /* PPM */
uint64_t ppm_suspend_time; /* PPM */
uint64_t ppm_disable_cnt; /*PPM */
char generated;
uint32_t num_detection_opts;
/**unique index generated in ruleIndexMap.
*/
int ruleIndex;
/* List of preprocessor registered fast pattern contents */
void *preproc_fp_list;
} OptTreeNode;
/* function pointer list for rule head nodes */
typedef struct _RuleFpList
{
/* context data for this test */
void *context;
/* rule check function pointer */
int (*RuleHeadFunc)(Packet *, struct _RuleTreeNode *, struct _RuleFpList *, int);
/* pointer to the next rule function node */
struct _RuleFpList *next;
} RuleFpList;
typedef struct _RuleTreeNode
{
RuleFpList *rule_func; /* match functions.. (Bidirectional etc.. ) */
int head_node_number;
RuleType type;
IpAddrSet *sip;
IpAddrSet *dip;
int proto;
PortObject * src_portobject;
PortObject * dst_portobject;
uint32_t flags; /* control flags */
/* stuff for dynamic rules activation/deactivation */
int active_flag;
int activation_counter;
int countdown;
ActivateListNode *activate_list;
#if 0
struct _RuleTreeNode *right; /* ptr to the next RTN in the list */
/** list of rule options to associate with this rule node */
OptTreeNode *down;
#endif
/**points to global parent RTN list (Drop/Alert) which contains this
* RTN.
*/
struct _ListHead *listhead;
/**reference count from otn. Multiple OTNs can reference this RTN with the same
* policy.
*/
unsigned int otnRefCount;
} RuleTreeNode;
#endif /* TREENODES_H */

520
install-sh Executable file
View File

@ -0,0 +1,520 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2009-04-28.21; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
# following copyright and license.
#
# Copyright (C) 1994 X Consortium
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
# Except as contained in this notice, the name of the X Consortium shall not
# be used in advertising or otherwise to promote the sale, use or other deal-
# ings in this Software without prior written authorization from the X Consor-
# tium.
#
#
# FSF changes to this file are in the public domain.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# `make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch.
nl='
'
IFS=" "" $nl"
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit=${DOITPROG-}
if test -z "$doit"; then
doit_exec=exec
else
doit_exec=$doit
fi
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
chgrpprog=${CHGRPPROG-chgrp}
chmodprog=${CHMODPROG-chmod}
chownprog=${CHOWNPROG-chown}
cmpprog=${CMPPROG-cmp}
cpprog=${CPPROG-cp}
mkdirprog=${MKDIRPROG-mkdir}
mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip}
posix_glob='?'
initialize_posix_glob='
test "$posix_glob" != "?" || {
if (set -f) 2>/dev/null; then
posix_glob=
else
posix_glob=:
fi
}
'
posix_mkdir=
# Desired mode of installed file.
mode=0755
chgrpcmd=
chmodcmd=$chmodprog
chowncmd=
mvcmd=$mvprog
rmcmd="$rmprog -f"
stripcmd=
src=
dst=
dir_arg=
dst_arg=
copy_on_change=false
no_target_directory=
usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
or: $0 [OPTION]... SRCFILES... DIRECTORY
or: $0 [OPTION]... -t DIRECTORY SRCFILES...
or: $0 [OPTION]... -d DIRECTORIES...
In the 1st form, copy SRCFILE to DSTFILE.
In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
In the 4th, create DIRECTORIES.
Options:
--help display this help and exit.
--version display version info and exit.
-c (ignored)
-C install only if different (preserve the last data modification time)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
-s $stripprog installed files.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
RMPROG STRIPPROG
"
while test $# -ne 0; do
case $1 in
-c) ;;
-C) copy_on_change=true;;
-d) dir_arg=true;;
-g) chgrpcmd="$chgrpprog $2"
shift;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
case $mode in
*' '* | *' '* | *'
'* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
-o) chowncmd="$chownprog $2"
shift;;
-s) stripcmd=$stripprog;;
-t) dst_arg=$2
shift;;
-T) no_target_directory=true;;
--version) echo "$0 $scriptversion"; exit $?;;
--) shift
break;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
*) break;;
esac
shift
done
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
# Otherwise, the last argument is the destination. Remove it from $@.
for arg
do
if test -n "$dst_arg"; then
# $@ is not empty: it contains at least $arg.
set fnord "$@" "$dst_arg"
shift # fnord
fi
shift # arg
dst_arg=$arg
done
fi
if test $# -eq 0; then
if test -z "$dir_arg"; then
echo "$0: no input file specified." >&2
exit 1
fi
# It's OK to call `install-sh -d' without argument.
# This can happen when creating conditional directories.
exit 0
fi
if test -z "$dir_arg"; then
trap '(exit $?); exit' 1 2 13 15
# Set umask so as not to create temps with too-generous modes.
# However, 'strip' requires both read and write access to temps.
case $mode in
# Optimize common cases.
*644) cp_umask=133;;
*755) cp_umask=22;;
*[0-7])
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
fi
for src
do
# Protect names starting with `-'.
case $src in
-*) src=./$src;;
esac
if test -n "$dir_arg"; then
dst=$src
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if test ! -f "$src" && test ! -d "$src"; then
echo "$0: $src does not exist." >&2
exit 1
fi
if test -z "$dst_arg"; then
echo "$0: no destination specified." >&2
exit 1
fi
dst=$dst_arg
# Protect names starting with `-'.
case $dst in
-*) dst=./$dst;;
esac
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
if test -d "$dst"; then
if test -n "$no_target_directory"; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstdir_status=0
else
# Prefer dirname, but fall back on a substitute if dirname fails.
dstdir=`
(dirname "$dst") 2>/dev/null ||
expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$dst" : 'X\(//\)[^/]' \| \
X"$dst" : 'X\(//\)$' \| \
X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
echo X"$dst" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'
`
test -d "$dstdir"
dstdir_status=$?
fi
fi
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writeable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
fi
trap '' 0;;
esac;;
esac
if
$posix_mkdir && (
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
# The umask is ridiculous, or mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
/*) prefix='/';;
-*) prefix='./';;
*) prefix='';;
esac
eval "$initialize_posix_glob"
oIFS=$IFS
IFS=/
$posix_glob set -f
set fnord $dstdir
shift
$posix_glob set +f
IFS=$oIFS
prefixes=
for d
do
test -z "$d" && continue
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
done
if test -n "$prefixes"; then
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
fi
fi
fi
if test -n "$dir_arg"; then
{ test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
{ test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
else
# Make a couple of temp file names in the proper directory.
dsttmp=$dstdir/_inst.$$_
rmtmp=$dstdir/_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $cpprog $src $dsttmp" command.
#
{ test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
{ test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
{ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
# If -C, don't bother to copy if it wouldn't change the file.
if $copy_on_change &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
eval "$initialize_posix_glob" &&
$posix_glob set -f &&
set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 &&
$posix_glob set +f &&
test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then
rm -f "$dsttmp"
else
# Rename the file to the real destination.
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
# The rename failed, perhaps because mv can't rename something else
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
{
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
}
fi || exit 1
trap '' 0
fi
done
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

41
libtool
View File

@ -1,7 +1,7 @@
#! /bin/sh
# libtool - Provide generalized library-building support services.
# Generated automatically by config.status (snort) 2.8.6.1
# Generated automatically by config.status (snort_ai_preproc) 0.1
# Libtool was configured on host wintermute:
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
#
@ -132,7 +132,7 @@ old_postuninstall_cmds=""
LTCC="gcc"
# LTCC compiler flags.
LTCFLAGS="-g -O2 -fvisibility=hidden -fno-strict-aliasing -Wall"
LTCFLAGS="-g -O2"
# Take the output of nm and produce a listing of raw symbols and C names.
global_symbol_pipe="sed -n -e 's/^.*[ ]\\([ABCDGIRSTW][ABCDGIRSTW]*\\)[ ][ ]*\\([_A-Za-z][_A-Za-z0-9]*\\)\$/\\1 \\2 \\2/p'"
@ -237,7 +237,7 @@ hardcode_into_libs=yes
sys_lib_search_path_spec="/usr/lib/gcc/i486-linux-gnu/4.4.4 /usr/lib /lib /usr/lib/i486-linux-gnu"
# Run-time system search path for libraries.
sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib /usr/lib/atlas /lib/i486-linux-gnu /usr/lib/i486-linux-gnu /usr/local/lib "
sys_lib_dlsearch_path_spec="/lib /usr/lib /usr/lib/atlas /lib/i486-linux-gnu /usr/lib/i486-linux-gnu /usr/local/lib "
# Whether dlopen is supported.
dlopen_support=unknown
@ -361,7 +361,7 @@ hardcode_automatic=no
inherit_rpath=no
# Whether libtool must link a program against all its dependency libraries.
link_all_deplibs=unknown
link_all_deplibs=no
# Fix the shell variable $srcfile for the compiler.
fix_srcfile_path=""
@ -456,7 +456,7 @@ hardcode_action=immediate
# compiler: $LTCC
# compiler flags: $LTCFLAGS
# linker: $LD (gnu? $with_gnu_ld)
# $progname: (GNU libtool) 2.2.6b
# $progname: (GNU libtool) 2.2.6b Debian-2.2.6b-2
# automake: $automake_version
# autoconf: $autoconf_version
#
@ -464,7 +464,7 @@ hardcode_action=immediate
PROGRAM=ltmain.sh
PACKAGE=libtool
VERSION=2.2.6b
VERSION="2.2.6b Debian-2.2.6b-2"
TIMESTAMP=""
package_revision=1.3017
@ -5520,7 +5520,10 @@ func_mode_link ()
case $pass in
dlopen) libs="$dlfiles" ;;
dlpreopen) libs="$dlprefiles" ;;
link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
link)
libs="$deplibs %DEPLIBS%"
test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
;;
esac
fi
if test "$linkmode,$pass" = "lib,dlpreopen"; then
@ -5831,19 +5834,19 @@ func_mode_link ()
# It is a libtool convenience library, so add in its objects.
convenience="$convenience $ladir/$objdir/$old_library"
old_convenience="$old_convenience $ladir/$objdir/$old_library"
tmp_libs=
for deplib in $dependency_libs; do
deplibs="$deplib $deplibs"
if $opt_duplicate_deps ; then
case "$tmp_libs " in
*" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
esac
fi
tmp_libs="$tmp_libs $deplib"
done
elif test "$linkmode" != prog && test "$linkmode" != lib; then
func_fatal_error "\`$lib' is not a convenience library"
fi
tmp_libs=
for deplib in $dependency_libs; do
deplibs="$deplib $deplibs"
if $opt_duplicate_deps ; then
case "$tmp_libs " in
*" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
esac
fi
tmp_libs="$tmp_libs $deplib"
done
continue
fi # $pass = conv
@ -6380,6 +6383,7 @@ func_mode_link ()
if test "$link_all_deplibs" != no; then
# Add the search paths of all dependency libraries
for deplib in $dependency_libs; do
path=
case $deplib in
-L*) path="$deplib" ;;
*.la)
@ -6693,6 +6697,9 @@ func_mode_link ()
revision="$number_minor"
lt_irix_increment=no
;;
*)
func_fatal_configuration "$modename: unknown library version type \`$version_type'"
;;
esac
;;
no)

8413
ltmain.sh Executable file
View File

File diff suppressed because it is too large Load Diff

1
m4/libtool.m4 vendored Symbolic link
View File

@ -0,0 +1 @@
/usr/share/aclocal/libtool.m4

1
m4/ltoptions.m4 vendored Symbolic link
View File

@ -0,0 +1 @@
/usr/share/aclocal/ltoptions.m4

1
m4/ltsugar.m4 vendored Symbolic link
View File

@ -0,0 +1 @@
/usr/share/aclocal/ltsugar.m4

1
m4/ltversion.m4 vendored Symbolic link
View File

@ -0,0 +1 @@
/usr/share/aclocal/ltversion.m4

1
m4/lt~obsolete.m4 vendored Symbolic link
View File

@ -0,0 +1 @@
/usr/share/aclocal/lt~obsolete.m4

376
missing Executable file
View File

@ -0,0 +1,376 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
scriptversion=2009-04-28.21; # UTC
# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
# 2008, 2009 Free Software Foundation, Inc.
# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
if test $# -eq 0; then
echo 1>&2 "Try \`$0 --help' for more information"
exit 1
fi
run=:
sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
# In the cases where this matters, `missing' is being run in the
# srcdir already.
if test -f configure.ac; then
configure_ac=configure.ac
else
configure_ac=configure.in
fi
msg="missing on your system"
case $1 in
--run)
# Try to run requested program, and just exit if it succeeds.
run=
shift
"$@" && exit 0
# Exit code 63 means version mismatch. This often happens
# when the user try to use an ancient version of a tool on
# a file that requires a minimum version. In this case we
# we should proceed has if the program had been absent, or
# if --run hadn't been passed.
if test $? = 63; then
run=:
msg="probably too old"
fi
;;
-h|--h|--he|--hel|--help)
echo "\
$0 [OPTION]... PROGRAM [ARGUMENT]...
Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
error status if there is no known handling for PROGRAM.
Options:
-h, --help display this help and exit
-v, --version output version information and exit
--run try to run the given command, and emulate it if it fails
Supported PROGRAM values:
aclocal touch file \`aclocal.m4'
autoconf touch file \`configure'
autoheader touch file \`config.h.in'
autom4te touch the output file, or create a stub one
automake touch all \`Makefile.in' files
bison create \`y.tab.[ch]', if possible, from existing .[ch]
flex create \`lex.yy.c', if possible, from existing .c
help2man touch the output file
lex create \`lex.yy.c', if possible, from existing .c
makeinfo touch the output file
tar try tar, gnutar, gtar, then tar without non-portable flags
yacc create \`y.tab.[ch]', if possible, from existing .[ch]
Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
\`g' are ignored when checking the name.
Send bug reports to <bug-automake@gnu.org>."
exit $?
;;
-v|--v|--ve|--ver|--vers|--versi|--versio|--version)
echo "missing $scriptversion (GNU Automake)"
exit $?
;;
-*)
echo 1>&2 "$0: Unknown \`$1' option"
echo 1>&2 "Try \`$0 --help' for more information"
exit 1
;;
esac
# normalize program name to check for.
program=`echo "$1" | sed '
s/^gnu-//; t
s/^gnu//; t
s/^g//; t'`
# Now exit if we have it, but it failed. Also exit now if we
# don't have it and --version was passed (most likely to detect
# the program). This is about non-GNU programs, so use $1 not
# $program.
case $1 in
lex*|yacc*)
# Not GNU programs, they don't have --version.
;;
tar*)
if test -n "$run"; then
echo 1>&2 "ERROR: \`tar' requires --run"
exit 1
elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
exit 1
fi
;;
*)
if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
# We have it, but it failed.
exit 1
elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
# Could not run --version or --help. This is probably someone
# running `$TOOL --version' or `$TOOL --help' to check whether
# $TOOL exists and not knowing $TOOL uses missing.
exit 1
fi
;;
esac
# If it does not exist, or fails to run (possibly an outdated version),
# try to emulate it.
case $program in
aclocal*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`acinclude.m4' or \`${configure_ac}'. You might want
to install the \`Automake' and \`Perl' packages. Grab them from
any GNU archive site."
touch aclocal.m4
;;
autoconf*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`${configure_ac}'. You might want to install the
\`Autoconf' and \`GNU m4' packages. Grab them from any GNU
archive site."
touch configure
;;
autoheader*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`acconfig.h' or \`${configure_ac}'. You might want
to install the \`Autoconf' and \`GNU m4' packages. Grab them
from any GNU archive site."
files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
test -z "$files" && files="config.h"
touch_files=
for f in $files; do
case $f in
*:*) touch_files="$touch_files "`echo "$f" |
sed -e 's/^[^:]*://' -e 's/:.*//'`;;
*) touch_files="$touch_files $f.in";;
esac
done
touch $touch_files
;;
automake*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
You might want to install the \`Automake' and \`Perl' packages.
Grab them from any GNU archive site."
find . -type f -name Makefile.am -print |
sed 's/\.am$/.in/' |
while read f; do touch "$f"; done
;;
autom4te*)
echo 1>&2 "\
WARNING: \`$1' is needed, but is $msg.
You might have modified some files without having the
proper tools for further handling them.
You can get \`$1' as part of \`Autoconf' from any GNU
archive site."
file=`echo "$*" | sed -n "$sed_output"`
test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
if test -f "$file"; then
touch $file
else
test -z "$file" || exec >$file
echo "#! /bin/sh"
echo "# Created by GNU Automake missing as a replacement of"
echo "# $ $@"
echo "exit 0"
chmod +x $file
exit 1
fi
;;
bison*|yacc*)
echo 1>&2 "\
WARNING: \`$1' $msg. You should only need it if
you modified a \`.y' file. You may need the \`Bison' package
in order for those modifications to take effect. You can get
\`Bison' from any GNU archive site."
rm -f y.tab.c y.tab.h
if test $# -ne 1; then
eval LASTARG="\${$#}"
case $LASTARG in
*.y)
SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
if test -f "$SRCFILE"; then
cp "$SRCFILE" y.tab.c
fi
SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
if test -f "$SRCFILE"; then
cp "$SRCFILE" y.tab.h
fi
;;
esac
fi
if test ! -f y.tab.h; then
echo >y.tab.h
fi
if test ! -f y.tab.c; then
echo 'main() { return 0; }' >y.tab.c
fi
;;
lex*|flex*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a \`.l' file. You may need the \`Flex' package
in order for those modifications to take effect. You can get
\`Flex' from any GNU archive site."
rm -f lex.yy.c
if test $# -ne 1; then
eval LASTARG="\${$#}"
case $LASTARG in
*.l)
SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
if test -f "$SRCFILE"; then
cp "$SRCFILE" lex.yy.c
fi
;;
esac
fi
if test ! -f lex.yy.c; then
echo 'main() { return 0; }' >lex.yy.c
fi
;;
help2man*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a dependency of a manual page. You may need the
\`Help2man' package in order for those modifications to take
effect. You can get \`Help2man' from any GNU archive site."
file=`echo "$*" | sed -n "$sed_output"`
test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
if test -f "$file"; then
touch $file
else
test -z "$file" || exec >$file
echo ".ab help2man is required to generate this page"
exit $?
fi
;;
makeinfo*)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a \`.texi' or \`.texinfo' file, or any other file
indirectly affecting the aspect of the manual. The spurious
call might also be the consequence of using a buggy \`make' (AIX,
DU, IRIX). You might want to install the \`Texinfo' package or
the \`GNU make' package. Grab either from any GNU archive site."
# The file to touch is that specified with -o ...
file=`echo "$*" | sed -n "$sed_output"`
test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
if test -z "$file"; then
# ... or it is the one specified with @setfilename ...
infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
file=`sed -n '
/^@setfilename/{
s/.* \([^ ]*\) *$/\1/
p
q
}' $infile`
# ... or it is derived from the source name (dir/f.texi becomes f.info)
test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
fi
# If the file does not exist, the user really needs makeinfo;
# let's fail without touching anything.
test -f $file || exit 1
touch $file
;;
tar*)
shift
# We have already tried tar in the generic part.
# Look for gnutar/gtar before invocation to avoid ugly error
# messages.
if (gnutar --version > /dev/null 2>&1); then
gnutar "$@" && exit 0
fi
if (gtar --version > /dev/null 2>&1); then
gtar "$@" && exit 0
fi
firstarg="$1"
if shift; then
case $firstarg in
*o*)
firstarg=`echo "$firstarg" | sed s/o//`
tar "$firstarg" "$@" && exit 0
;;
esac
case $firstarg in
*h*)
firstarg=`echo "$firstarg" | sed s/h//`
tar "$firstarg" "$@" && exit 0
;;
esac
fi
echo 1>&2 "\
WARNING: I can't seem to be able to run \`tar' with the given arguments.
You may want to install GNU tar or Free paxutils, or check the
command line arguments."
exit 1
;;
*)
echo 1>&2 "\
WARNING: \`$1' is needed, and is $msg.
You might have modified some files without having the
proper tools for further handling them. Check the \`README' file,
it often tells you about the needed prerequisites for installing
this package. You may also peek at any GNU archive site, in case
some other package would contain this missing \`$1' program."
exit 1
;;
esac
exit 0
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

15
sf_preproc_info.h
View File

@ -1,12 +1,13 @@
#ifndef SF_PREPROC_INFO_H_
#define SF_PREPROC_INFO_H_
#ifndef SF_PREPROC_INFO_H_
#define SF_PREPROC_INFO_H_
#define MAJOR_VERSION 1
#define MINOR_VERSION 0
#define BUILD_VERSION 1
#define PREPROC_NAME "SF_AI"
// #define VERSION "0.1.0"
#define MAJOR_VERSION 0
#define MINOR_VERSION 1
#define BUILD_VERSION 0
#define PREPROC_NAME "SF_AI"
#define DYNAMIC_PREPROC_SETUP AI_setup
#define DYNAMIC_PREPROC_SETUP AI_setup
extern void AI_setup();
#endif /* SF_PREPROC_INFO_H_ */