📄 snort.c
字号:
printf(" IPv6: %-10ld (%.3f%%)\n", pc.ipv6, CalcPct((float) pc.ipv6, recv));
printf(" IPX: %-10ld (%.3f%%)\n", pc.ipx, CalcPct((float) pc.ipx, recv));
printf(" OTHER: %-10ld (%.3f%%)\n", pc.other, CalcPct((float) pc.other, recv));
puts("\n\n===============================================================================\n");
exit_or_exec(0, sig);
exit(0);
} */
if(pd == NULL)
exit(1);
/* collect the packet stats */
/* if( pcap_stats(pd, &ps) )
{
pcap_perror(pd, "pcap_stats");
}
else
{
recv = ps.ps_recv;
drop = ps.ps_drop;
LogMessage("\n\n===============================================================================\n");
LogMessage("Snort received %d packets", ps.ps_recv);
if( ps.ps_recv )
{
#ifndef LINUX
LogMessage(" and dropped %d(%.3f%%) packets\n\n", ps.ps_drop,
CalcPct(drop, recv));
#else
LogMessage(".\nPacket loss statistics are unavailable under Linux. Sorry!\n\n");
#endif
}
else
{
LogMessage(".\n");
}
LogMessage("Breakdown by protocol:\n");
LogMessage(" TCP: %-10ld (%.3f%%)\n", pc.tcp, CalcPct((float) pc.tcp, recv));
LogMessage(" UDP: %-10ld (%.3f%%)\n", pc.udp, CalcPct((float) pc.udp, recv));
LogMessage(" ICMP: %-10ld (%.3f%%)\n", pc.icmp, CalcPct((float) pc.icmp, recv));
LogMessage(" FRAGS: %-10ld (%.3f%%)\n", pc.icmp, CalcPct((float) pc.frags, recv));
LogMessage(" ARP: %-10ld (%.3f%%)\n", pc.arp, CalcPct((float) pc.arp, recv));
LogMessage(" IPv6: %-10ld (%.3f%%)\n", pc.ipv6, CalcPct((float) pc.ipv6, recv));
LogMessage(" IPX: %-10ld (%.3f%%)\n", pc.ipx, CalcPct((float) pc.ipx, recv));
LogMessage(" OTHER: %-10ld (%.3f%%)\n", pc.other, CalcPct((float) pc.other, recv));
LogMessage("===============================================================================\n");
}*/
#ifdef WIN32
WSACleanup();
#endif
pcap_close(pd);
exit_or_exec(0, sig);
exit(0);
}
/*
*
* exit_or_exec()
* Arguments: status, signal received.
*
* This function performs exec on SIGHUP signal and exit otherwise
*
*/
void exit_or_exec(int stat, int sig)
{
/* make sure everything that needs to go to the screen gets there */
fflush(stdout);
if(sig != SIGHUP)
{
exit(stat);
}
else
{
LogMessage("Received SIGHUP. Restarting");
#ifdef PARANOID
execv(progname, progargs);
#else
execvp(progname, progargs);
#endif
LogMessage("Restarting %s failed", progname);
exit(1);
}
}
/****************************************************************************
*
* Function: CalcPct(float, float)
*
* Purpose: Calculate the percentage of a value compared to a total
*
* Arguments: cnt => the numerator in the equation
* total => the denominator in the calculation
*
* Returns: pct -> the percentage of cnt to value
*
****************************************************************************/
float CalcPct(float cnt, float total)
{
float pct;
if(cnt > 0.0)
pct = cnt / total;
else
return 0.0;
pct *= 100.0;
return pct;
}
/****************************************************************************
*
* Function: DisplayBanner()
*
* Purpose: Show valuable proggie info
*
* Arguments: None.
*
* Returns: 0 all the time
*
****************************************************************************/
int DisplayBanner()
{
#ifdef WIN32
/* Give me credit too ;) -- Mike Davis */
fprintf(stderr, "\n-*> Snort! <*-\nVersion %s\nBy Martin Roesch (roesch@clark.net, www.snort.org)\nWIN32 Port By Michael Davis (mike@datanerds.net, www.datanerds.net/~mike)\n", VERSION);
#else
fprintf(stderr, "\n-*> Snort! <*-\nVersion %s\nBy Martin Roesch (roesch@clark.net, www.snort.org)\n", VERSION);
#endif
return 0;
}
/****************************************************************************
*
* Function: ts_print(register const struct, char *)
*
* Purpose: Generate a time stamp and stuff it in a buffer. This one has
* millisecond precision. Oh yeah, I ripped this code off from
* TCPdump, props to those guys.
*
* Arguments: timeval => clock struct coming out of libpcap
* timebuf => buffer to stuff timestamp into
*
* Returns: void function
*
****************************************************************************/
void ts_print(register const struct timeval * tvp, char *timebuf)
{
register int s;
struct timeval tv;
struct timezone tz;
struct tm *lt; /* place to stick the adjusted clock data */
/* if null was passed, we use current time */
if(!tvp)
{
/* manual page (for linux) says tz is never used, so.. */
bzero((char *) &tz, sizeof(tz));
gettimeofday(&tv, &tz);
tvp = &tv;
}
lt = localtime((time_t *) & tvp->tv_sec);
s = (tvp->tv_sec + thiszone) % 86400;
(void) sprintf(timebuf, "%02d/%02d-%02d:%02d:%02d.%06u ", lt->tm_mon + 1,
lt->tm_mday, s / 3600, (s % 3600) / 60, s % 60,
(u_int) tvp->tv_usec);
}
/****************************************************************************
*
* Function: gmt2local(time_t)
*
* Purpose: Figures out how to adjust the current clock reading based on the
* timezone you're in. Ripped off from TCPdump.
*
* Arguments: time_t => offset from GMT
*
* Returns: offset seconds from GMT
*
****************************************************************************/
int gmt2local(time_t t)
{
register int dt, dir;
register struct tm *gmt, *loc;
struct tm sgmt;
if(t == 0)
t = time(NULL);
gmt = &sgmt;
*gmt = *gmtime(&t);
loc = localtime(&t);
dt = (loc->tm_hour - gmt->tm_hour) * 60 * 60 +
(loc->tm_min - gmt->tm_min) * 60;
/*
* If the year or julian day is different, we span 00:00 GMT and must add
* or subtract a day. Check the year first to avoid problems when the
* julian day wraps.
*/
dir = loc->tm_year - gmt->tm_year;
if(dir == 0)
dir = loc->tm_yday - gmt->tm_yday;
dt += dir * 24 * 60 * 60;
return(dt);
}
/****************************************************************************
*
* Function: copy_argv(u_char **)
*
* Purpose: Copies a 2D array (like argv) into a flat string. Stolen from
* TCPDump.
*
* Arguments: argv => 2D array to flatten
*
* Returns: Pointer to the flat string
*
****************************************************************************/
char *copy_argv(char **argv)
{
char **p;
u_int len = 0;
char *buf;
char *src, *dst;
void ftlerr(char *,...);
p = argv;
if(*p == 0)
return 0;
while(*p)
len += strlen(*p++) + 1;
buf = (char *) malloc(len);
if(buf == NULL)
{
FatalError("malloc() failed: %s\n", strerror(errno));
}
p = argv;
dst = buf;
while((src = *p++) != NULL)
{
while((*dst++ = *src++) != '\0');
dst[-1] = ' ';
}
dst[-1] = '\0';
return buf;
}
/****************************************************************************
*
* Function: strip(char *)
*
* Purpose: Strips a data buffer of CR/LF/TABs. Replaces CR/LF's with
* NULL and TABs with spaces.
*
* Arguments: data => ptr to the data buf to be stripped
*
* Returns: size of the newly stripped string
*
****************************************************************************/
int strip(char *data)
{
int size;
char *end;
char *idx;
idx = data;
end = data + strlen(data);
size = end - idx;
while(idx != end)
{
if((*idx == '\n') ||
(*idx == '\r'))
{
*idx = 0;
size--;
}
if(*idx == '\t')
{
*idx = ' ';
}
idx++;
}
return size;
}
/****************************************************************************
*
* Function: InitNetMasks()
*
* Purpose: Loads the netmask struct in network order. Yes, I know I could
* just load the array when I define it, but this is what occurred
* to me when I wrote this at 3:00 AM.
*
* Arguments: None.
*
* Returns: void function
*
****************************************************************************/
void InitNetmasks()
{
netmasks[0] = 0x0;
netmasks[1] = 0x80000000;
netmasks[2] = 0xC0000000;
netmasks[3] = 0xE0000000;
netmasks[4] = 0xF0000000;
netmasks[5] = 0xF8000000;
netmasks[6] = 0xFC000000;
netmasks[7] = 0xFE000000;
netmasks[8] = 0xFF000000;
netmasks[9] = 0xFF800000;
netmasks[10] = 0xFFC00000;
netmasks[11] = 0xFFE00000;
netmasks[12] = 0xFFF00000;
netmasks[13] = 0xFFF80000;
netmasks[14] = 0xFFFC0000;
netmasks[15] = 0xFFFE0000;
netmasks[16] = 0xFFFF0000;
netmasks[17] = 0xFFFF8000;
netmasks[18] = 0xFFFFC000;
netmasks[19] = 0xFFFFE000;
netmasks[20] = 0xFFFFF000;
netmasks[21] = 0xFFFFF800;
netmasks[22] = 0xFFFFFC00;
netmasks[23] = 0xFFFFFE00;
netmasks[24] = 0xFFFFFF00;
netmasks[25] = 0xFFFFFF80;
netmasks[26] = 0xFFFFFFC0;
netmasks[27] = 0xFFFFFFE0;
netmasks[28] = 0xFFFFFFF0;
netmasks[29] = 0xFFFFFFF8;
netmasks[30] = 0xFFFFFFFC;
netmasks[31] = 0xFFFFFFFE;
netmasks[32] = 0xFFFFFFFF;
}
/****************************************************************************
*
* Function: GoDaemon()
*
* Purpose: Puts the program into daemon mode, nice and quiet like....
*
* Arguments: None.
*
* Returns: void function
*
****************************************************************************/
void GoDaemon(void)
{
#ifndef WIN32
pid_t fs;
printf("Initializing daemon mode\n");
if(getppid() != 1)
{
fs = fork();
if(fs > 0)
exit(0); /* parent */
if(fs < 0)
{
perror("fork");
exit(1);
}
setsid();
}
/* redirect stdin/stdout/stderr to /dev/null */
close(0);
close(1);
close(2);
#ifdef DEBUG
open("/tmp/snort.debug", O_CREAT | O_RDWR);
#else
open("/dev/null", O_RDWR);
#endif
dup(0);
dup(0);
umask(077);
#endif
return;
}
/****************************************************************************
*
* Function: SanityChecks()
*
* Purpose: CyberPsychotic sez: basically we only check if logdir exist and
* writable, since it might screw the whole thing in the middle. Any
* other checks could be performed here as well.
*
* Arguments: None.
*
* Returns: void function
*
****************************************************************************/
void SanityChecks(void)
{
struct stat st;
struct stat pt;
char log_dir[STD_BUF + 1];
#ifdef WIN32
char dir[STD_BUF + 1];
#endif
snprintf(log_dir, STD_BUF, "%s%s", chrootdir == NULL ? "" : chrootdir, pv.log_dir);
stat(log_dir, &st);
if(!S_ISDIR(st.st_mode) || access(log_dir, W_OK) == -1)
{
FatalError("\n[!] ERROR: "
"Can not get write access to logging directory %s.\n"
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -