sensor.c

Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前

/*
* This file is part of Firestorm NIDS
* Copyright (c) 2002 Gianni Tedesco
* This program is released under the terms of the GNU GPL version 2
*
* This file is the entry point of the firestorm sensor;
* it is responsible for initialising all other components.
* It is also where the plugin import callback routine lives.
*/
#include <config.h>
#include <time.h>
#include <signal.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>

#include <config.h>
#include <firestorm.h>
#include <args.h>
#include <packet.h>
#include <conf.h>
#include <alert.h>
#include <cleanup.h>
#include <loader.h>
#include <preproc.h>
#include <signature.h>
#include <matcher.h>
#include <decode.h>
#include <sensor.h>
#include <capture.h>
#include <detect.h>

char default_config[]="/etc/firestorm.conf";

/* Initialised forwards, cleaned up backwards */
proc_subsys_init subsys_init[]={
	decode_init,
	preproc_init,
	capture_init,
	alert_init,
	NULL
};

/* Resources to export to plugins */
struct {
	const char *name;
	void *data;
}exports[]={
	/* Generic */
	{"mesg",		mesg},
	{"args.parse",		args_parse},
	{"serial_number",	serial_number},

	/* Object lookup */
	{"decode.subproto", 	decode_subproto},
	{"decode.proto", 	decode_proto},
	{"matcher.find",	matcher_find},

	/* Needed for signature engines */
	{"alert",		alert},
	{"generator.add",	generator_add},
	{"detect.add_sig",	detect_add_sig},
	{"detect.free_sig",	detect_free_sig},
	{"detect.set",		detect_set},
	{"detect",		detect},

	{NULL, NULL}
};

void *plugin_callback(const char *item)
{
	u_int32_t i;

	for(i=0; exports[i].name; i++) {
		if ( !strcmp(exports[i].name, item) ) {
			return exports[i].data;
		}
	}

	mesg(M_ERR,"resource: request for unknown object: '%s'", item);
	return NULL;
}

#ifdef HAVE_SIGACTION
void deadly_signal(int signum, siginfo_t *info, void *foo)
{
	mesg(M_INFO,"signal: Got signal %u from pid=%u uid=%u: cleaning up",
		signum, info->si_pid, info->si_uid);
#else
void deadly_signal(int signum)
{
	mesg(M_INFO,"signal: Got signal %u, cleaning up", signum);
#endif
	capture_stop();
}

#ifdef HAVE_SIGACTION
void hup_signal(int signum, siginfo_t *info, void *foo)
{
	mesg(M_INFO,"signal: Got signal %u from pid=%u uid=%u: rehupping",
		signum, info->si_pid, info->si_uid);
#else
void hup_signal(int signum)
{
	mesg(M_INFO,"signal: Got signal %u, rehupping", signum);
#endif
	capture_interrupt();
}

int main(int argc, char **argv)
{
#ifdef HAVE_SIGACTION
	struct sigaction sig;
#endif
	u_int32_t i;

	mesg_init();

	mesg(M_INFO,"Firestorm v" VERSION);
	mesg(M_INFO,"Copyright (c) 2002 Gianni Tedesco");
	mesg(M_INFO,"This program is released under the terms of the "
		"GNU GPL version 2 (see: COPYING)");

#ifdef HAVE_TZSET
	/* Set timezone from locale */
	tzset();
#endif

	/* Initialise our subsystems */
	for(i=0; subsys_init[i]; i++)
		subsys_init[i]();

	/* Initialise plugin subsystem */
	loader_init(plugin_callback);

	if ( argc > 2 ) {
		cleanup(EXIT_ERR, "bad command line arguments");
	}

	/* Read in all configurations */
	conf_go(argc==2 ? argv[1] : default_config);

	mesg(M_INFO,"signature: %u signatures loaded", signature_count);

	/* Catch INT and TERM for clean exits */
	/* Catch HUP to rotate logs */
	/* Ignore SIGPIPE (for stormwall fifo) */
#ifdef HAVE_SIGACTION
	sig.sa_sigaction=deadly_signal;
	sig.sa_flags=SA_SIGINFO;
	sigemptyset(&sig.sa_mask);
	sigaddset(&sig.sa_mask, SIGINT);
	sigaddset(&sig.sa_mask, SIGTERM);
	sigaction(SIGINT, &sig, NULL);
	sigaction(SIGTERM, &sig, NULL);

	sig.sa_sigaction=hup_signal;
	sig.sa_flags=SA_SIGINFO;
	sigemptyset(&sig.sa_mask);
	sigaddset(&sig.sa_mask, SIGHUP);
	sigaction(SIGHUP, &sig, NULL);

	sig.sa_handler=SIG_IGN;
	sig.sa_flags=SA_SIGINFO;
	sigemptyset(&sig.sa_mask);
	sigaction(SIGPIPE, &sig, NULL);
#else
	signal(SIGINT, deadly_signal);
	signal(SIGTERM, deadly_signal);
	signal(SIGHUP, hup_signal);
	signal(SIGPIPE, SIG_IGN);
#endif

	capture_go();

	cleanup(EXIT_OK, "Firestorm exiting normally");
	exit(0);
}