📄 rules.c
字号:
* * Arguments: (*func)() => function pointer to the detection module * otn => pointer to the current OptTreeNode * * Returns: void function * ***************************************************************************/void AddOptFuncToList(int (*func) (Packet *, struct _OptTreeNode *, struct _OptFpList *), OptTreeNode * otn){ OptFpList *idx; /* index pointer */#ifdef DEBUG printf("Adding new rule to list\n");#endif /* set the index pointer to the start of this OTN's function list */ idx = otn->opt_func; /* if there are no nodes on the function list... */ if(idx == NULL) { /* calloc the list head */ otn->opt_func = (OptFpList *) calloc(sizeof(OptFpList), sizeof(char)); if(otn->opt_func == NULL) { FatalError("ERROR => AddOptFuncToList new node calloc failed: %s\n", strerror(errno)); } /* set the head function */ otn->opt_func->OptTestFunc = func; } else { /* walk to the end of the list */ while(idx->next != NULL) { idx = idx->next; } /* allocate a new node on the end of the list */ idx->next = (OptFpList *) calloc(sizeof(OptFpList), sizeof(char)); if(idx->next == NULL) { FatalError("ERROR => AddOptFuncToList new node calloc failed: %s\n", strerror(errno)); } /* move up to the new node */ idx = idx->next; /* link the function to the new node */ idx->OptTestFunc = func;#ifdef DEBUG printf("Set OptTestFunc to %p\n", func);#endif }}/**************************************************************************** * * Function: AddRspFuncToList(int (*func)(), OptTreeNode *) * * Purpose: Adds Response function to OTN * * Arguments: (*func)() => function pointer to the response module * otn => pointer to the current OptTreeNode * * Returns: void function * ***************************************************************************/void AddRspFuncToList(int (*func) (Packet *, struct _RspFpList *), RuleTreeNode * rtn, void *params){ RspFpList *idx; /* index pointer */#ifdef DEBUG printf("Adding response to list\n");#endif /* set the index pointer to the start of this OTN's function list */ idx = rtn->rsp_func; /* if there are no nodes on the function list... */ if(idx == NULL) { /* calloc the list head */ rtn->rsp_func = (RspFpList *) calloc(sizeof(RspFpList), sizeof(char)); if(rtn->rsp_func == NULL) { FatalError("ERROR => AddRspFuncToList new node calloc failed: %s\n", strerror(errno)); } /* set the head function */ rtn->rsp_func->ResponseFunc = func; rtn->rsp_func->params = params; } else { /* walk to the end of the list */ while(idx->next != NULL) { idx = idx->next; } /* allocate a new node on the end of the list */ idx->next = (RspFpList *) calloc(sizeof(RspFpList), sizeof(char)); if(idx->next == NULL) { FatalError("ERROR => AddRspFuncToList new node calloc failed: %s\n", strerror(errno)); } /* link the function to the new node */ idx->next->ResponseFunc = func; idx->next->params = params;#ifdef DEBUG printf("Set ResponseFunc to %p\n", func);#endif }}/**************************************************************************** * * Function: ParsePreprocessor(char *) * * Purpose: Walks the preprocessor function list looking for the user provided * keyword. Once found, call the preprocessor's initialization * function. * * Arguments: rule => the preprocessor initialization string from the rules file * * Returns: void function * ***************************************************************************/void ParsePreprocessor(char *rule){ char **toks; /* pointer to the tokenized array parsed from * the rules list */ char **pp_head; /* parsed keyword list, with preprocessor * keyword being the 2nd element */ char *funcname; /* the ptr to the actual preprocessor keyword */ char *pp_args = NULL; /* parsed list of arguments to the * preprocessor */ int num_toks; /* number of tokens returned by the mSplit * function */ int found = 0; /* flag var */ PreprocessKeywordList *pl_idx; /* index into the preprocessor * keyword/func list */ /* break out the arguments from the keywords */ toks = mSplit(rule, ":", 2, &num_toks, '\\'); if(num_toks >= 1) { /*#ifdef DEBUG printf("toks[1] = %s\n", toks[1]);#endif */ /* the args are everything after the ":" */ pp_args = toks[1]; } /* split the head section for the preprocessor keyword */ pp_head = mSplit(toks[0], " ", 2, &num_toks, '\\'); /* set a pointer to the actual keyword */ funcname = pp_head[1]; /* set the index to the head of the keyword list */ pl_idx = PreprocessKeywords; /* walk the keyword list */ while(pl_idx != NULL) {#ifdef DEBUG printf("comparing: \"%s\" => \"%s\"\n", funcname, pl_idx->entry.keyword);#endif /* compare the keyword against the current list element's keyword */ if(!strcasecmp(funcname, pl_idx->entry.keyword)) { pl_idx->entry.func(pp_args); found = 1; } if(!found) { pl_idx = pl_idx->next; } else break; } if(!found) { printf("\n*WARNING*: unknown preprocessor \"%s\", ignoring!\n\n", funcname); }}void AddFuncToPreprocList(void (*func) (Packet *)){ PreprocessFuncNode *idx; idx = PreprocessList; if(idx == NULL) { PreprocessList = (PreprocessFuncNode *) calloc(sizeof(PreprocessFuncNode), sizeof(char)); PreprocessList->func = func; } else { while(idx->next != NULL) idx = idx->next; idx->next = (PreprocessFuncNode *) calloc(sizeof(PreprocessFuncNode), sizeof(char)); idx = idx->next; idx->func = func; } return;}void ParseOutputPlugin(char *rule){ char **toks; char **pp_head; char *funcname; char *pp_args = NULL; int num_toks; int found = 0; OutputKeywordList *pl_idx; toks = mSplit(rule, ":", 2, &num_toks, '\\'); if(num_toks >= 1) { pp_args = toks[1]; } pp_head = mSplit(toks[0], " ", 2, &num_toks, '\\'); funcname = pp_head[1]; pl_idx = OutputKeywords; while(pl_idx != NULL) {#ifdef DEBUG printf("comparing: \"%s\" => \"%s\"\n", funcname, pl_idx->entry.keyword);#endif if(!strcasecmp(funcname, pl_idx->entry.keyword)) { switch(pl_idx->entry.node_type) { case NT_OUTPUT_ALERT: if(!pv.alert_cmd_override) { if(AlertFunc == NULL) { AlertFunc = CallAlertPlugins; } /* call the configuration function for the plugin */ pl_idx->entry.func(pp_args); } else { ErrorMessage("WARNING: command line overrides rules file alert plugin!\n"); } break; case NT_OUTPUT_LOG: if(!pv.log_cmd_override) { if(LogFunc == NULL) { LogFunc = CallLogPlugins; } /* call the configuration function for the plugin */ pl_idx->entry.func(pp_args); } else { ErrorMessage("WARNING: command line overrides rules file logging plugin!\n"); } break; } found = 1; } if(!found) { pl_idx = pl_idx->next; } else { break; } } if(!found) { printf("\n*WARNING*: unknown output plugin \"%s\", ignoring!\n\n", funcname); }}/* * frees the existing OutputList ands sets it a single node for the * function argument */void SetOutputList(void (*func) (Packet *, char *, void *), char node_type, void *arg){ OutputFuncNode *idx; OutputFuncNode *prev; switch(node_type) { case NT_OUTPUT_ALERT: prev = AlertList; break; case NT_OUTPUT_LOG: prev = LogList; break; default: return; } while(prev != NULL) { idx = prev->next; free(prev); prev = idx; } AddFuncToOutputList(func, node_type, arg); return; }void AddFuncToOutputList(void (*func) (Packet *, char *, void *), char node_type, void *arg){ switch(node_type) { case NT_OUTPUT_ALERT: if(head_tmp != NULL) head_tmp->AlertList = AppendOutputFuncList(func, arg, head_tmp->AlertList); else AlertList = AppendOutputFuncList(func, arg, AlertList); break; case NT_OUTPUT_LOG: if(head_tmp != NULL) head_tmp->LogList = AppendOutputFuncList(func, arg, head_tmp->LogList); else LogList = AppendOutputFuncList(func, arg, LogList); break; default: /* just to be error-prone */ FatalError("Unknown nodetype: %i. Possible bug, please report\n", node_type); } return;}OutputFuncNode *AppendOutputFuncList(void (*func) (Packet *, char *, void *), void *arg, OutputFuncNode * list){ OutputFuncNode *idx = list; if(idx == NULL) { idx = (OutputFuncNode *) calloc(sizeof(OutputFuncNode), sizeof(char)); idx->func = func; idx->arg = arg; list = idx; } else { while(idx->next != NULL) idx = idx->next; idx->next = (OutputFuncNode *) calloc(sizeof(OutputFuncNode), sizeof(char)); idx = idx->next; idx->func = func; idx->arg = arg; } idx->next = NULL; return list;}/**************************************************************************** * * Function: ParseRuleOptions(char *, int) * * Purpose: Process an individual rule's options and add it to the * appropriate rule chain * * Arguments: rule => rule string * rule_type => enumerated rule type (alert, pass, log) * * Returns: void function * ***************************************************************************/void ParseRuleOptions(char *rule, int rule_type, int protocol){ char **toks = NULL; char **opts; char *idx; char *aux; int num_toks; int i; int num_opts; int found = 0; OptTreeNode *otn_idx; KeywordXlateList *kw_idx; /* set the OTN to the beginning of the list */ otn_idx = rtn_tmp->down; /* * make a new one and stick it either at the end of the list or hang it * off the RTN pointer */ if(otn_idx != NULL) { /* loop to the end of the list */ while(otn_idx->next != NULL) { otn_idx = otn_idx->next; } /* setup the new node */ otn_idx->next = (OptTreeNode *) calloc(sizeof(OptTreeNode), sizeof(char)); /* set the global temp ptr */ otn_tmp = otn_idx->next; if(otn_tmp == NULL) { FatalError("ERROR: Unable to alloc OTN: %s", strerror(errno)); } otn_tmp->next = NULL; opt_count++; } else { /* first entry on the chain, make a new node and attach it */ otn_idx = (OptTreeNode *) calloc(sizeof(OptTreeNode), sizeof(char)); bzero((char *) otn_idx, sizeof(OptTreeNode)); otn_tmp = otn_idx; if(otn_tmp == NULL) { FatalError("ERROR: Unable to alloc OTN!\n"); } otn_tmp->next = NULL; rtn_tmp->down = otn_tmp; opt_count++; } otn_tmp->chain_node_number = opt_count; otn_tmp->type = rule_type; otn_tmp->proto_node = rtn_tmp; /* add link to parent RuleTreeNode */ otn_tmp->rtn = rtn_tmp; /* find the start of the options block */ idx = index(rule, '('); i = 0; if(idx != NULL) { idx++; /* find the end of the options block */ aux = strrchr(idx, ')');⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -