tcpip.c

Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前

#include "tcpip.h"

PLUGIN_STD_DEFS();

/* Mask to determine fragments */
unsigned short ipfmask=__constant_htons(IP_MF|IP_OFFMASK);

proc_preproc_activate preproc_activate;
proc_serial_number serial_number;
proc_matcher_find matcher_find;
proc_args_parse args_parse;
proc_generator_add generator_add;

/* Detection stuff */
proc_detect_add_sig detect_add_sig;
proc_detect_free_sig detect_free_sig;
proc_detect_set detect_set;
proc_detect detect;
proc_alert alert;
proc_dispatch dispatch;

struct alert *cur_alert;
unsigned int alert_depth;
unsigned int cur_depth;

int PLUGIN_PREPROC(struct preproc_api *p)
{
	int ok=0;

	object_check(p);

	preproc_activate=p->preproc_activate;
	args_parse=p->args_parse;

	ok+=p->preproc_add("ipfrag", ipfrag_init);
	ok+=p->preproc_add("tcpstream", tcpstream_init);

	return (ok) ? PLUGIN_ERR_OK : PLUGIN_ERR_FAIL;
}
	
int PLUGIN_DECODE(struct decode_api *d)
{
	int ok=0;

	object_check(d);

	dispatch=d->dispatch;

	/* Add the decoders */
	ok+=d->decode_add(&ipv4_p, ipv4_r);
	ok+=d->decode_add(&icmp_p, icmp_r);
	ok+=d->decode_add(&tcp_p, tcp_r);
	ok+=d->decode_add(&udp_p, udp_r);

	/* Add the generators */
	ok+=generator_add(&ip_gen);
	ok+=generator_add(&dip_gen);
	ok+=generator_add(&tcp_gen);
	ok+=generator_add(&udp_gen);
	ok+=generator_add(&icmp_gen);
	ok+=generator_add(&ipfrag_gen);
	ok+=generator_add(&tcpstream_gen);

	return (ok) ? PLUGIN_ERR_OK : PLUGIN_ERR_FAIL;
}

int PLUGIN_INIT (struct plugin_in *in, struct plugin_out *out)
{
	plugin_check(in, out);
	
	PLUGIN_ID("decode.tcpip", "The Internet Protocol");
	PLUGIN_VERSION(2, 0);
	PLUGIN_AUTHOR("Gianni Tedesco", "gianni@scaramanga.co.uk");
	PLUGIN_LICENSE("GPL");
	
	if ( !(matcher_find=in->import("matcher.find")) ) {
		return PLUGIN_ERR_OBJECT;
	}

	if ( !(generator_add=in->import("generator.add")) ) {
		return PLUGIN_ERR_OBJECT;
	}
	
	if ( !(serial_number=in->import("serial_number")) ) {
		return PLUGIN_ERR_OBJECT;
	}

	if ( !(alert=in->import("alert")) ) {
		return PLUGIN_ERR_OBJECT;
	}

	if ( !(detect_add_sig=in->import("detect.add_sig")) ) {
		return PLUGIN_ERR_OBJECT;
	}

	if ( !(detect_free_sig=in->import("detect.free_sig")) ) {		
		return PLUGIN_ERR_OBJECT;
	}

	if ( !(detect_set=in->import("detect.set")) ) {
		return PLUGIN_ERR_OBJECT;
	}

	if ( !(detect=in->import("detect")) ) {
		return PLUGIN_ERR_OBJECT;
	}

	return PLUGIN_ERR_OK;
}

int PLUGIN_UNLOAD (int code) {
	if ( use_ipfrag ) ipfrag_free();
	if ( tcp_stateful ) tcpstream_free();
	return PLUGIN_ERR_OK;
}