File: sp_pkt_data.c

package info (click to toggle)
snort 2.9.2.2-3
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 53,752 kB
  • sloc: ansic: 214,625; sh: 13,872; makefile: 2,574; yacc: 505; perl: 496; lex: 260; sql: 213; sed: 14
file content (169 lines) | stat: -rw-r--r-- 5,021 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
/*
 ** Copyright (C) 1998-2012 Sourcefire, Inc.
 **
 ** This program is free software; you can redistribute it and/or modify
 ** it under the terms of the GNU General Public License Version 2 as
 ** published by the Free Software Foundation.  You may not use, modify or
 ** distribute this program under any other version of the GNU General
 ** Public License.
 **
 ** This program is distributed in the hope that it will be useful,
 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ** GNU General Public License for more details.
 **
 ** You should have received a copy of the GNU General Public License
 ** along with this program; if not, write to the Free Software
 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

/* sp_pkt_data
 *
 */

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <sys/types.h>
#include <stdlib.h>
#include <ctype.h>
#ifdef HAVE_STRINGS_H
#include <strings.h>
#endif
#include <errno.h>

#include "sf_types.h"
#include "snort_bounds.h"
#include "rules.h"
#include "decode.h"
#include "plugbase.h"
#include "parser.h"
#include "snort_debug.h"
#include "util.h"
#include "mstring.h"

#include "snort.h"
#include "profiler.h"
#include "sp_pkt_data.h"
#ifdef PERF_PROFILING
PreprocStats pktDataPerfStats;
extern PreprocStats ruleOTNEvalPerfStats;
#endif

#include "detection_options.h"
#include "detection_util.h"

extern char *file_name;  /* this is the file name from rules.c, generally used
                            for error messages */

extern int file_line;    /* this is the file line number from rules.c that is
                            used to indicate file lines for error messages */

static void PktDataInit(char *, OptTreeNode *, int);
void PktDataParse(char *, OptTreeNode *);
int  PktDataEval(void *option_data, Packet *p);

/****************************************************************************
 *
 * Function: SetupPktData()
 *
 * Purpose: Load 'er up
 *
 * Arguments: None.
 *
 * Returns: void function
 *
 ****************************************************************************/
void SetupPktData(void)
{
    /* map the keyword to an initialization/processing function */
    RegisterRuleOption("pkt_data", PktDataInit, NULL, OPT_TYPE_DETECTION, NULL);
#ifdef PERF_PROFILING
    RegisterPreprocessorProfile("pkt_data", &pktDataPerfStats, 3, &ruleOTNEvalPerfStats);
#endif

    DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Plugin: pkt_data Setup\n"););
}


/****************************************************************************
 *
 * Function: PktDataInit(char *, OptTreeNode *, int protocol)
 *
 * Purpose: Generic rule configuration function.  Handles parsing the rule
 *          information and attaching the associated detection function to
 *          the OTN.
 *
 * Arguments: data => rule arguments/data
 *            otn => pointer to the current rule option list node
 *            protocol => protocol the rule is on (we don't care in this case)
 *
 * Returns: void function
 *
 ****************************************************************************/
static void PktDataInit(char *data, OptTreeNode *otn, int protocol)
{
    OptFpList *fpl;

    PktDataParse(data, otn);

    fpl = AddOptFuncToList(PktDataEval, otn);
    fpl->type = RULE_OPTION_TYPE_PKT_DATA;

}



/****************************************************************************
 *
 * Function: PktDataParse(char *, OptTreeNode *)
 *
 * Purpose: This is the function that is used to process the option keyword's
 *          arguments and attach them to the rule's data structures.
 *
 * Arguments: data => argument data
 *            otn => pointer to the current rule's OTN
 *
 * Returns: void function
 *
 ****************************************************************************/
void PktDataParse(char *data, OptTreeNode *otn)
{
    if (!IsEmptyStr(data))
    {
        FatalError("%s(%d): pkt_data takes no arguments\n",
                file_name, file_line);
    }

}


/****************************************************************************
 *
 * Function: PktDataEval(char *, OptTreeNode *, OptFpList *)
 *
 * Purpose: Use this function to perform the particular detection routine
 *          that this rule keyword is supposed to encompass.
 *
 * Arguments: p => pointer to the decoded packet
 *            otn => pointer to the current rule's OTN
 *            fp_list => pointer to the function pointer list
 *
 * Returns: If the detection test fails, this function *must* return a zero!
 *          On success, it calls the next function in the detection list
 *
 ****************************************************************************/
int PktDataEval(void *option_data, Packet *p)
{
    int rval = DETECTION_OPTION_MATCH;
    PROFILE_VARS;

    PREPROC_PROFILE_START(pktDataPerfStats);

    SetDoePtr(NULL, DOE_BUF_STD);
    DetectFlag_Disable(FLAG_ALT_DETECT);

    PREPROC_PROFILE_END(pktDataPerfStats);
    return rval;
}