📄 snort.c
字号:
if (*p == 0) return 0;
while (*p)
len += strlen(*p++) + 1;
buf = (char *) malloc (len);
if (buf == NULL)
{
FatalError("malloc() failed: %s\n", strerror(errno));
}
p = argv;
dst = buf;
while ((src = *p++) != NULL)
{
while ((*dst++ = *src++) != '\0');
dst[-1] = ' ';
}
dst[-1] = '\0';
return buf;
}
/****************************************************************************
*
* Function: strip(char *)
*
* Purpose: Strips a data buffer of CR/LF/TABs. Replaces CR/LF's with
* NULL and TABs with spaces.
*
* Arguments: data => ptr to the data buf to be stripped
*
* Returns: size of the newly stripped string
*
****************************************************************************/
int strip(char *data)
{
int size;
char *end;
char *idx;
idx = data;
end = data + strlen(data);
size = end - idx;
while (idx != end)
{
if ((*idx == '\n') ||
(*idx == '\r'))
{
*idx = 0;
size--;
}
if (*idx == '\t')
{
*idx = ' ';
}
idx++;
}
return size;
}
void strip_quotes(char *data)
{
if(index(data, '"') != NULL)
{
*(index(data,'"')) = ' ';
}
if(strrchr(data,'"') != NULL)
{
*(strrchr(data,'"')) = ' ';
}
return;
}
/****************************************************************************
*
* Function: InitNetMasks()
*
* Purpose: Loads the netmask struct in network order. Yes, I know I could
* just load the array when I define it, but this is what occurred
* to me when I wrote this at 3:00 AM.
*
* Arguments: None.
*
* Returns: void function
*
****************************************************************************/
void InitNetmasks()
{
netmasks[0] = 0x0;
netmasks[1] = 0x80000000;
netmasks[2] = 0xC0000000;
netmasks[3] = 0xE0000000;
netmasks[4] = 0xF0000000;
netmasks[5] = 0xF8000000;
netmasks[6] = 0xFC000000;
netmasks[7] = 0xFE000000;
netmasks[8] = 0xFF000000;
netmasks[9] = 0xFF800000;
netmasks[10] = 0xFFC00000;
netmasks[11] = 0xFFE00000;
netmasks[12] = 0xFFF00000;
netmasks[13] = 0xFFF80000;
netmasks[14] = 0xFFFC0000;
netmasks[15] = 0xFFFE0000;
netmasks[16] = 0xFFFF0000;
netmasks[17] = 0xFFFF8000;
netmasks[18] = 0xFFFFC000;
netmasks[19] = 0xFFFFE000;
netmasks[20] = 0xFFFFF000;
netmasks[21] = 0xFFFFF800;
netmasks[22] = 0xFFFFFC00;
netmasks[23] = 0xFFFFFE00;
netmasks[24] = 0xFFFFFF00;
netmasks[25] = 0xFFFFFF80;
netmasks[26] = 0xFFFFFFC0;
netmasks[27] = 0xFFFFFFE0;
netmasks[28] = 0xFFFFFFF0;
netmasks[29] = 0xFFFFFFF8;
netmasks[30] = 0xFFFFFFFC;
netmasks[31] = 0xFFFFFFFE;
netmasks[32] = 0xFFFFFFFF;
}
/****************************************************************************
*
* Function: GoDaemon()
*
* Purpose: Puts the program into daemon mode, nice and quiet like....
*
* Arguments: None.
*
* Returns: void function
*
****************************************************************************/
void GoDaemon(void)
{
pid_t fs;
printf("Initializing daemon mode\n");
if (getppid() != 1)
{
fs=fork();
if (fs > 0)
exit(0); /* parent */
if (fs < 0)
{
perror("fork");
exit(1);
}
setsid();
}
/* redirect stdin/stdout/stderr to /dev/null */
close(0);
close(1);
close(2);
#ifdef DEBUG
open("/tmp/snort.debug", O_CREAT|O_RDWR);
#else
open("/dev/null",O_RDWR);
#endif
dup(0);
dup(0);
umask(077);
return;
}
/****************************************************************************
*
* Function: SanityChecks()
*
* Purpose: CyberPsychotic sez: basically we only check if logdir exist and
* writable, since it might screw the whole thing in the middle. Any
* other checks could be performed here as well.
*
* Arguments: None.
*
* Returns: void function
*
****************************************************************************/
void SanityChecks(void)
{
struct stat st;
struct stat pt;
stat(pv.log_dir,&st);
if (!S_ISDIR(st.st_mode) || access(pv.log_dir,W_OK) == -1)
{
FatalError("\n[!] ERROR:"
"Can not get write to logging directory %s.\n"
"(directory doesn't "
"exist or permissions are set incorrectly)\n\n",
pv.log_dir);
}
#ifndef _PATH_VARRUN
strncpy(_PATH_VARRUN, "/var/run/", 10);
#endif
stat(_PATH_VARRUN, &pt);
if(!S_ISDIR(pt.st_mode) || access(_PATH_VARRUN, W_OK) == -1)
{
ErrorMessage("[?] NOTICE: _PATH_VARRUN is unavailable!\n => Logging Snort PID to log directory (%s)\n", pv.log_dir);
#ifndef _PATH_VARRUN
sprintf(pv.pid_path,"%s/", pv.log_dir );
#endif
}
else
{
strncpy(pv.pid_path, _PATH_VARRUN, strlen(_PATH_VARRUN));
}
}
/****************************************************************************
*
* Function: read_infile(char *)
*
* Purpose: Reads the BPF filters in from a file. Ripped from tcpdump.
*
* Arguments: fname => the name of the file containing the BPF filters
*
* Returns: the processed BPF string
*
****************************************************************************/
char *read_infile(char *fname)
{
register int fd, cc;
register char *cp;
struct stat buf;
fd = open(fname, O_RDONLY);
if (fd < 0)
PrintFmtError("can't open %s: %s", fname, pcap_strerror(errno));
if (fstat(fd, &buf) < 0)
PrintFmtError("can't stat %s: %s", fname, pcap_strerror(errno));
cp = malloc((u_int)buf.st_size + 1);
cc = read(fd, cp, (int)buf.st_size);
if (cc < 0)
PrintFmtError("read %s: %s", fname, pcap_strerror(errno));
if (cc != buf.st_size)
PrintFmtError("short read %s (%d != %d)", fname, cc, (int)buf.st_size);
cp[(int)buf.st_size] = '\0';
return(cp);
}
/****************************************************************************
*
* Function: InitProtoNames()
*
* Purpose: Initializes the protocol names
*
* Arguments: None.
*
* Returns: void function
*
****************************************************************************/
void InitProtoNames()
{
int i;
int j;
struct protoent *pt;
/* I should really think about filling this in more completely.... */
strncpy(protocol_names[IPPROTO_ICMP], "ICMP", 5);
strncpy(protocol_names[IPPROTO_TCP], "TCP", 4);
strncpy(protocol_names[IPPROTO_UDP], "UDP", 4);
for(i=0;i<256;i++)
{
pt = getprotobynumber(i);
if(pt)
{
strncpy(protocol_names[i], pt->p_name, 10);
}
else
{
sprintf(protocol_names[i],"PROTO%03d",i);
}
}
for(i=0;i<256;i++)
{
for(j=0;j<10;j++)
{
if(isalpha((int)protocol_names[i][j]))
{
protocol_names[i][j] = toupper((int)protocol_names[i][j]);
}
}
}
}
/*
* error message printing routines. in daemon mode these would go into
* syslog.
*
* first would allow to print formatted error messages (similar to printf) and
* the second is similar to perror.
*
*/
void PrintFmtError(char *fmt, ...)
{
char buf[STD_BUF+1];
va_list ap;
va_start(ap,fmt);
vsprintf(buf,fmt,ap);
if (pv.daemon_flag)
syslog(LOG_CONS|LOG_DAEMON|LOG_ERR,
"%s",buf);
else
ErrorMessage("%s\n",buf);
}
void PrintError(char *str)
{
if (pv.daemon_flag)
syslog(LOG_CONS|LOG_DAEMON|LOG_ERR,"%s:%m",str);
else
perror(str);
}
/*
* Function: ErrorMessage(const char *, ...)
*
* Purpose: Print a message to stderr.
*
* Arguments: format => the formatted error string to print out
* ... => format commands/fillers
*
* Returns: void function
*/
void ErrorMessage(const char *format, ...)
{
char buf[STD_BUF];
va_list ap;
va_start(ap, format);
if (pv.daemon_flag)
{
vsprintf(buf,format,ap);
syslog(LOG_CONS|LOG_DAEMON|LOG_ERR, "%s",buf);
}
else
{
vfprintf(stderr, format, ap);
}
}
/*
* Function: FatalError(const char *, ...)
*
* Purpose: When a fatal error occurs, this function prints the error message
* and cleanly shuts down the program
*
* Arguments: format => the formatted error string to print out
* ... => format commands/fillers
*
* Returns: void function
*/
void FatalError(const char *format, ...)
{
char buf[STD_BUF];
va_list ap;
va_start(ap, format);
if (pv.daemon_flag)
{
vsprintf(buf,format,ap);
syslog(LOG_CONS|LOG_DAEMON|LOG_ERR, "%s",buf);
}
else
{
vfprintf(stderr, format, ap);
}
exit(1);
}
/****************************************************************************
*
* Function: CreatePidFile(char *)
*
* Purpose: Creates a PID file
*
* Arguments: Interface opened.
*
* Returns: void function
*
****************************************************************************/
void CreatePidFile(char *intf)
{
FILE *pid_file;
sprintf(pv.pid_filename, "%ssnort_%s.pid", pv.pid_path, intf);
pid_file = fopen(pv.pid_filename, "w");
if (pid_file)
{
fprintf(pid_file, "%d\n", (int) getpid());
fclose(pid_file);
}
else
{
ErrorMessage("Failed to create pid file %s", pv.pid_filename);
pv.pid_filename[0] = 0;
}
}
/****************************************************************************
*
* Function: SetUidGid(char *)
*
* Purpose: Sets safe UserID and GroupID if needed
*
* Arguments: none
*
* Returns: void function
*
****************************************************************************/
void SetUidGid(void)
{
if(pv.group_name != NULL)
{
if(setgid(pv.groupid) < 0)
FatalError("[!] ERROR: Can not set gid: %lu\n",(u_long) pv.groupid);
#ifdef DEBUG
printf("Set gid to %lu\n",pv.groupid);
#endif
}
if(pv.user_name != NULL)
{
if(getuid() == 0 && initgroups(pv.user_name, pv.groupid) < 0)
{
FatalError("[!] ERROR: Can not initgroups(%s,%lu)",
pv.user_name,(u_long) pv.groupid);
}
/** just to be on a safe side ... **/
endgrent();
endpwent();
if(setuid(pv.userid) < 0)
{
FatalError("Can not set uid: %lu\n",(u_long) pv.userid);
}
#ifdef DEBUG
printf("Set gid to %lu\n",pv.groupid);
#endif
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -