⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 rules.c

📁 该软件是一个有名的基于网络的入侵检测系统
💻 C
📖 第 1 页 / 共 5 页
字号:
🔍
12345 

    bzero((char *)otn_tmp->logto, strlen(sptr)+1);

    strncpy(otn_tmp->logto, sptr, strlen(sptr));
}



#ifdef ENABLE_RESPONSE
/****************************************************************************
 *
 * Function: ParseResponse(char *)
 *
 * Purpose: Figure out how to handle hostile connection attempts
 *
 * Arguments: type => string of comma-sepatared modifiers
 *
 * Returns: void function
 *
 ***************************************************************************/
void ParseResponse(char *type)
{
    char *p;

    while (isspace((int)*type))
        type++;

    if (! type || ! (*type))
        return;

    otn_tmp->response_flag = 0;

    p = strtok(type, ",");
    while (p)
    {
        if (!strncasecmp(p, "rst_snd", 7))
            otn_tmp->response_flag |= RESP_RST_SND;
        else if (!strncasecmp(p, "rst_rcv", 7))
            otn_tmp->response_flag |= RESP_RST_RCV;
        else if (!strncasecmp(p, "rst_all", 7))
            otn_tmp->response_flag |= (RESP_RST_SND | RESP_RST_RCV);
        else if (!strncasecmp(p, "icmp_net", 8))
            otn_tmp->response_flag |= RESP_BAD_NET;
        else if (!strncasecmp(p, "icmp_host", 9))
            otn_tmp->response_flag |= RESP_BAD_HOST;
        else if (!strncasecmp(p, "icmp_port", 9))
            otn_tmp->response_flag |= RESP_BAD_PORT;
        else if (!strncasecmp(p, "icmp_all", 9))
            otn_tmp->response_flag |= (RESP_BAD_NET | RESP_BAD_HOST | RESP_BAD_PORT);
        else
        {
            FatalError( "ERROR %s (%d): invalid response modifier: %s\n", file_name, file_line, p);
        }

        p = strtok(NULL, ",");
    }
}
#endif


/****************************************************************************
 *
 * Function: XferHeader(RuleTreeNode *, RuleTreeNode *)
 *
 * Purpose: Transfer the rule block header data from point A to point B
 *
 * Arguments: rule => the place to xfer from
 *            rtn => the place to xfer to
 *
 * Returns: void function
 *
 ***************************************************************************/
void XferHeader(RuleTreeNode *rule, RuleTreeNode *rtn)
{
    rtn->type = rule->type;
    rtn->sip = rule->sip;
    rtn->dip = rule->dip;
    rtn->smask = rule->smask;
    rtn->dmask = rule->dmask;
    rtn->hsp = rule->hsp;
    rtn->lsp = rule->lsp;
    rtn->hdp = rule->hdp;
    rtn->ldp = rule->ldp;
    rtn->flags = rule->flags;
}



/****************************************************************************
 *
 * Function: TestHeader(RuleTreeNode *, RuleTreeNode *)
 *
 * Purpose: Check to see if the two header blocks are identical
 *
 * Arguments: rule => uh
 *            rtn  => uuuuhhhhh....
 *
 * Returns: 1 if they match, 0 if they don't
 *
 ***************************************************************************/
int TestHeader(RuleTreeNode *rule, RuleTreeNode *rtn)
{
    if (rtn->sip == rule->sip)
    {
        if (rtn->dip == rule->dip)
        {
            if (rtn->dmask == rule->dmask)
            {
                if (rtn->smask == rule->smask)
                {
                    if (rtn->hsp == rule->hsp)
                    {
                        if (rtn->lsp == rule->lsp)
                        {
                            if (rtn->hdp == rule->hdp)
                            {
                                if (rtn->ldp == rule->ldp)
                                {
                                    if (rtn->flags == rule->flags)
                                    {
                                        return 1;
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }

    return 0;
}


/****************************************************************************
 *
 * Function: VarAlloc()
 *
 * Purpose: allocates memory for a variable
 *
 * Arguments: none
 *
 * Returns: pointer to new VarEntry
 *
 ***************************************************************************/
struct VarEntry *VarAlloc()
{
    struct VarEntry *new;

    if ((new = (struct VarEntry *)calloc(sizeof(struct VarEntry), sizeof(char))) == NULL)
    {
        FatalError( "ERROR: cannot allocate memory for VarEntry.");
    }

    new->name = NULL;
    new->value = NULL;
    new->prev = NULL;
    new->next = NULL;

    return(new);
}


/****************************************************************************
 *
 * Function: VarDefine(char *, char *)
 *
 * Purpose: define the contents of a variable
 *
 * Arguments: name => the name of the variable
 *            value => the contents of the variable
 *
 * Returns: void function
 *
 ***************************************************************************/
void VarDefine(char *name, char *value)
{
    struct VarEntry *p;
    int found = 0;


    if (! VarHead)
    {
        p = VarAlloc();
        p->name = strdup(name);
        p->value = strdup(value);
        p->prev = p;
        p->next = p;

        VarHead = p;

        return;
    }

    p = VarHead;

    do
    {
        if (strcasecmp(p->name, name) == 0)
        {
            found = 1;
            break;
        }

        p = p->next;
    } while (p != VarHead);

    if (found)
    {
        if (p->value)
            free(p->value);

        p->value = strdup(value);
    }
    else
    {
        p = VarAlloc();
        p->name = strdup(name);
        p->value = strdup(value);
        p->prev = VarHead;
        p->next = VarHead->next;
        p->next->prev = p;
        VarHead->next = p;
    }    
}


/****************************************************************************
 *
 * Function: VarDelete(char *)
 *
 * Purpose: deletes a defined variable
 *
 * Arguments: name => the name of the variable
 *
 * Returns: void function
 *
 ***************************************************************************/
void VarDelete(char *name)
{
    struct VarEntry *p;


    if (! VarHead)
        return;

    p = VarHead;

    do
    {
        if (strcasecmp(p->name, name) == 0)
        {
            p->prev->next = p->next;
            p->next->prev = p->prev;

            if (VarHead == p)
                if ((VarHead = p->next) == p)
                    VarHead = NULL;

            if (p->name)
                free(p->name);

            if (p->value)
                free(p->value);

            free(p);

            return;
        }

        p = p->next;

    } while (p != VarHead);
}


/****************************************************************************
 *
 * Function: VarGet(char *)
 *
 * Purpose: get the contents of a variable
 *
 * Arguments: name => the name of the variable
 *
 * Returns: char * to contents of variable or NULL
 *
 ***************************************************************************/
char *VarGet(char *name) 
{
    struct VarEntry *p;


    if (! VarHead)
        return(NULL);

    p = VarHead;

    do 
    {
        if (strcasecmp(p->name, name) == 0)
            return(p->value);

        p = p->next;

    } while (p != VarHead);

    return(NULL);
}



/****************************************************************************
 *
 * Function: ExpandVars(char *)
 *
 * Purpose: expand all variables in a string
 *
 * Arguments: string => the name of the variable
 *
 * Returns: char * to the expanded string
 *
 ***************************************************************************/
char *ExpandVars(char *string) 
{
    static char estring[1024];
    char rawvarname[128],
    varname[128],
    varaux[128],
    varbuffer[128],
    varmodifier,
    *varcontents;
    int varname_completed,
    c, i, j, iv, jv,
    l_string,
    name_only;


    if (!string || ! *string || ! strchr(string, '$'))
        return(string);

    bzero((char *)estring, sizeof(estring));

    i = j = 0;
    l_string = strlen(string);

    while (i < l_string && j < sizeof(estring) - 1)
    {
        c = string[i++];
        if (c == '$')
        {
            bzero((char *)rawvarname, sizeof(rawvarname));
            varname_completed = 0;
            name_only = 1;
            iv = i;
            jv = 0;

            if (string[i] == '(')
            {
                name_only = 0;
                iv = i + 1;
            }

            while (!varname_completed 
                   && iv < l_string 
                   && jv < sizeof(rawvarname) - 1)
            {
                c = string[iv++];

                if ((name_only && !(isalnum(c) || c == '_')) 
                    || (! name_only && c == ')'))
                {
                    varname_completed = 1;

                    if (name_only)
                        iv--;
                }
                else
                {
                    rawvarname[jv++] = c;
                }
            }

            if (varname_completed)
            {
                char *p;

                i = iv;

                varcontents = NULL;

                bzero((char *)varname, sizeof(varname));
                bzero((char *)varaux, sizeof(varaux));
                varmodifier = ' ';

                if ((p = strchr(rawvarname, ':')))
                {
                    strncpy(varname, rawvarname, p - rawvarname);

                    if (strlen(p) >= 2)
                    {
                        varmodifier = *(p + 1);
                        strcpy(varaux, p + 2);
                    }
                }
                else
                    strcpy(varname, rawvarname);

                bzero((char *)varbuffer, sizeof(varbuffer));

                varcontents = VarGet(varname);

                switch (varmodifier)
                {
                    case '-':
                        if (! varcontents || ! strlen(varcontents))
                            varcontents = varaux;
                        break;

                    case '?':
                        if (! varcontents || ! strlen(varcontents))
                        {
                            ErrorMessage("ERROR %s (%d): ", file_name, file_line);

                            if (strlen(varaux))
                                ErrorMessage("%s\n", varaux);
                            else
                                FatalError( "ERROR: Undefined variable \"%s\"\n", varname);
                        }

                        break;
                }

                if (varcontents)
                {
                    int l_varcontents = strlen(varcontents);

                    iv = 0;

                    while (iv < l_varcontents && j < sizeof(estring) - 1)
                        estring[j++] = varcontents[iv++];
                }
            }
            else
                estring[j++] = '$';
        }
        else
            estring[j++] = c;
    }

    return(estring);
}




/**  D E T E C T I O N   E N G I N E   S T A R T S   H E R E  **/
void Preprocess(Packet *p)
{
    PreprocessFuncNode *idx;

    do_detect = 1;
    idx = PreprocessList;

    while (idx != NULL)
    {
        idx->func(p);
        idx = idx->next;
    }

    if (!p->frag_flag && do_detect)
    {
        Detect(p);
    }
#ifdef DE
12345

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -