sf_attribute_table.y

著名的入侵检测系统snort的最新版本的源码

/*
** Copyright (C) 2006-2007 Sourcefire, Inc.
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
** published by the Free Software Foundation.  You may not use, modify or
** distribute this program under any other version of the GNU General
** Public License.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/

/*
 * Author: Steven Sturges
 * sf_attribute_table.y
 */

/*
 *
 * AttributeTable
 *
 * YACC Grammar/language definition
 */

%{
#ifdef TARGET_BASED
#include <stdlib.h>
#include <string.h>
#include "snort.h"
#include "util.h"
#include "sftarget_reader.h"
#include "log.h"
#include "debug.h"

#define YY_ACCEPT return 1;
#define YY_ABORT return 0;

extern ServiceClient sfat_client_or_service;
extern char *sfat_grammar_error;

extern int sfat_lex();
extern void sfat_error(char*);
%}

%union
{
  char stringValue[STD_BUF];
  u_int32_t numericValue;
  AttributeData data;
  MapData mapEntry;
}

%token SF_AT_COMMENT
%token SF_AT_WHITESPACE

%token SF_START_SNORT_ATTRIBUTES
%token SF_END_SNORT_ATTRIBUTES

%token SF_AT_START_MAP_TABLE
%token SF_AT_END_MAP_TABLE
%token SF_AT_START_ENTRY
%token SF_AT_END_ENTRY
%token SF_AT_START_ENTRY_ID
%token SF_AT_END_ENTRY_ID
%token SF_AT_START_ENTRY_VALUE
%token SF_AT_END_ENTRY_VALUE

%token SF_AT_START_ATTRIBUTE_TABLE
%token SF_AT_END_ATTRIBUTE_TABLE
%token SF_AT_START_HOST
%token SF_AT_END_HOST
%token SF_AT_START_HOST_IP
%token SF_AT_END_HOST_IP
%token <stringValue>  SF_AT_STRING
%token <numericValue> SF_AT_NUMERIC
/*
%token <stringValue> SF_AT_IPv4
%token <stringValue> SF_AT_IPv4CIDR
*/
%token SF_AT_IPv6
%token SF_AT_IPv6Cidr
%token SF_AT_START_OS
%token SF_AT_END_OS
%token SF_AT_START_ATTRIBUTE_VALUE
%token SF_AT_END_ATTRIBUTE_VALUE
%token SF_AT_START_ATTRIBUTE_ID
%token SF_AT_END_ATTRIBUTE_ID
%token SF_AT_START_CONFIDENCE
%token SF_AT_END_CONFIDENCE
%token SF_AT_START_NAME
%token SF_AT_END_NAME
%token SF_AT_START_VENDOR
%token SF_AT_END_VENDOR
%token SF_AT_START_VERSION
%token SF_AT_END_VERSION
%token SF_AT_START_FRAG_POLICY
%token SF_AT_END_FRAG_POLICY
%token SF_AT_START_STREAM_POLICY
%token SF_AT_END_STREAM_POLICY
%token SF_AT_START_SERVICES
%token SF_AT_END_SERVICES
%token SF_AT_START_SERVICE
%token SF_AT_END_SERVICE
%token SF_AT_START_CLIENTS
%token SF_AT_END_CLIENTS
%token SF_AT_START_CLIENT
%token SF_AT_END_CLIENT
%token SF_AT_START_IPPROTO
%token SF_AT_END_IPPROTO
%token SF_AT_START_PORT
%token SF_AT_END_PORT
%token SF_AT_START_PROTOCOL
%token SF_AT_END_PROTOCOL
%token SF_AT_START_APPLICATION
%token SF_AT_END_APPLICATION

%type <mapEntry> MapEntryData
%type <data> AttributeInfo
%type <stringValue> MapValue
%type <numericValue> MapId
%type <stringValue> AttributeValueString
%type <numericValue> AttributeValueNumber
%type <numericValue> AttributeConfidence
%type <numericValue> AttributeId

%%  /*  Grammar rules and actions follow  */

/* The Main Grammar... Either a mapping table and attribute table,
 * or just the attribute table by itself. */
AttributeGrammar:
  SnortAttributes
  {
    YY_ACCEPT;
  };

SnortAttributes:
  SF_START_SNORT_ATTRIBUTES MappingTable AttributeTable SF_END_SNORT_ATTRIBUTES
  {
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "SnortAttributes: Got Attribute Map & Table\n"););
  }
  |
  SF_START_SNORT_ATTRIBUTES AttributeTable SF_END_SNORT_ATTRIBUTES
  {
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "SnortAttributes: Got Attribute Table\n"););
  };

/* The name-id map table for data reduction */
MappingTable:
  SF_AT_START_MAP_TABLE ListOfMapEntries SF_AT_END_MAP_TABLE
  {
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "Got Attribute Map\n"););
  };

ListOfMapEntries:
   {
     DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "Empty Mapping Table\n"););
   }
   | MapEntry ListOfMapEntries;

MapEntry:
  MapEntryStart MapEntryData MapEntryEnd
  {
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "MapEntry: Name: %s, Id %d\n",
        $2.s_mapvalue, $2.l_mapid););
    SFAT_AddMapEntry(&$2);
  };

MapEntryStart:
  SF_AT_START_ENTRY;

MapEntryEnd:
  SF_AT_END_ENTRY;

MapEntryData:
  MapId MapValue
  {
    $$.l_mapid = $1;
    SnortStrncpy($$.s_mapvalue, $2, STD_BUF);
  };

MapValue:
  SF_AT_START_ENTRY_VALUE SF_AT_STRING SF_AT_END_ENTRY_VALUE
  {
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "MapValue: %s\n", $2);)
    SnortStrncpy($$, $2, STD_BUF);
  };

MapId:
  SF_AT_START_ENTRY_ID SF_AT_NUMERIC SF_AT_END_ENTRY_ID
  {
    $$ = $2;
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "MapId: %d\n", $2););
  };

/* The table of hosts and their respective attributes */
AttributeTable:
  SF_AT_START_ATTRIBUTE_TABLE ListOfHosts SF_AT_END_ATTRIBUTE_TABLE
  {
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "Got Attribute Table\n"););
  };

ListOfHosts:
  {
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "EmptyHostEntry\n"););
  }
  | ListOfHosts HostEntry;

HostEntry:
  HostEntryStart HostEntryData HostEntryEnd
  {
    if (SFAT_AddHostEntryToMap() != SFAT_OK)
    {
        YY_ABORT;
    }
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "Host Added\n"););
  };

HostEntryStart:
  SF_AT_START_HOST
  {
    /* Callback to create a host entry object */
    SFAT_CreateHostEntry();
  };

HostEntryEnd:
  SF_AT_END_HOST;

HostEntryData:
  IpCidr HostOS ServiceList ClientList
  {
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "HostEntryData\n"););
  }
  |
  IpCidr HostOS ClientList
  {
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "HostEntryData: No Services\n"););
  }
  |
  IpCidr HostOS ServiceList
  {
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "HostEntryData: No Clients\n"););
  }
  |
  IpCidr HostOS
  {
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "HostEntryData: No Services or Clients\n"););
  }
  ;

IpCidr:
  SF_AT_START_HOST_IP SF_AT_STRING SF_AT_END_HOST_IP
  {
    /* Convert IP/CIDR to Snort IPCidr Object */
    /* determine the number of bits (done in SetHostIp4) */
    if (SFAT_SetHostIp4($2) != SFAT_OK)
    {
        YY_ABORT;
    }
  };

HostOS:
  SF_AT_START_OS OSAttributes SF_AT_END_OS;
  
OSAttributes: OSAttribute | OSAttributes OSAttribute;

OSAttribute: OSName | OSVendor | OSVersion | OSStreamPolicy | OSFragPolicy;

OSName:
  SF_AT_START_NAME AttributeInfo SF_AT_END_NAME
  {
    /* Copy OSName */
    DEBUG_WRAP(PrintAttributeData("OS:Name", &$2););
    SFAT_SetOSAttribute(&$2, HOST_INFO_OS);
  };

OSVendor:
  SF_AT_START_VENDOR AttributeInfo SF_AT_END_VENDOR
  {
    /* Copy OSVendor */
    DEBUG_WRAP(PrintAttributeData("OS:Vendor", &$2););
    SFAT_SetOSAttribute(&$2, HOST_INFO_VENDOR);
  };

OSVersion:
  SF_AT_START_VERSION AttributeInfo SF_AT_END_VERSION
  {
    /* Copy OSVersion */
    DEBUG_WRAP(PrintAttributeData("OS:Version", &$2););
    SFAT_SetOSAttribute(&$2, HOST_INFO_VERSION);
  };

OSFragPolicy:
  SF_AT_START_FRAG_POLICY SF_AT_STRING SF_AT_END_FRAG_POLICY
  {
    /* Copy OSFragPolicy */
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "OS:FragPolicy: %s\n", $2););
    SFAT_SetOSPolicy($2, HOST_INFO_FRAG_POLICY);
  };

OSStreamPolicy:
  SF_AT_START_STREAM_POLICY SF_AT_STRING SF_AT_END_STREAM_POLICY
  {
    /* Copy OSStreamPolicy */
    DEBUG_WRAP(DebugMessage(DEBUG_ATTRIBUTE, "OS:StreamPolicy: %s\n", $2););
    SFAT_SetOSPolicy($2, HOST_INFO_STREAM_POLICY);
  };

AttributeInfo: