Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src

parser.h File Reference

#include "rules.h"
#include "decode.h"
#include <stdio.h>

Go to the source code of this file.

Defines

#define ONE_CHECK(_onevar, xxx)

Functions

void ParseRulesFile (char *, int)
int ContinuationCheck (char *)
void ParseRule (FILE *, char *, int)
void ParsePreprocessor (char *)
void ParseOutputPlugin (char *)
void ParseRuleOptions (char *, int, int)
void ParseMessage (char *)
void ParseLogto (char *)
void DumpRuleChains ()
VarEntryVarDefine (char *, char *)
void VarDelete (char *)
void IntegrityCheckRules ()
void ParseListFile (char *, char *)
void LinkDynamicRules ()
void ParseActivatedBy (char *)
void ParseActivates (char *)
void ParseCount (char *)
char * VarSearch (char *name)
void CreateDefaultRules ()
void OrderRuleLists (char *)
void printRuleOrder ()
int CheckRule (char *)
int RuleType (char *)
int WhichProto (char *)
int ParsePort (char *, u_short *, u_short *, char *, int *)
int ConvPort (char *, char *)
char * VarGet (char *)
char * ExpandVars (char *)
char * CreateRule (char *, char *, char *)
VarEntryVarAlloc ()
ListHeadCreateRuleType (char *, int, int, ListHead *)
void ProcessAlertFileOption (char *)
char * ProcessFileOption (char *)
void ParseConfig (char *)
void ParseRuleTypeDeclaration (FILE *, char *)
char * ReadLine (FILE *)
int checkKeyowrd (char *)

Variables

char * file_name
int file_line

Define Documentation

#define ONE_CHECK _onevar,
xxx   ) 
 

Value:

(_onevar)++;                                                     \
   if ((_onevar) > 1)                                               \
   {                                                                \
       FatalError("%s(%d) => Only one '%s' option per rule\n",\
                       file_name, file_line, xxx);                  \
   }

Definition at line 35 of file parser.h.

Referenced by ParseRuleOptions().

Function Documentation

int checkKeyowrd char *   ) 
 

int CheckRule char *   ) 
 

Definition at line 370 of file parser.c.

References index.

Referenced by ParseRule().

int ContinuationCheck char *   ) 
 

Definition at line 342 of file parser.c.

References DEBUG_CONFIGRULES, and DEBUG_WRAP.

Referenced by ParseRulesFile().

int ConvPort char *  ,
char * 
 

Definition at line 2445 of file parser.c.

References FatalError(), file_line, file_name, and NULL.

Referenced by ParsePort().

void CreateDefaultRules  ) 
 

Definition at line 1235 of file detect.c.

References CreateRuleType(), RULE_ACTIVATE, RULE_ALERT, RULE_DROP, RULE_DYNAMIC, RULE_LOG, RULE_PASS, RULE_REINJECT, RULE_REJECT, RULE_REJECTBOTH, RULE_REJECTDST, RULE_REJECTSRC, and RULE_SDROP.

Referenced by SnortMain().

char* CreateRule char *  ,
char *  ,
char * 
 

ListHead* CreateRuleType char *  ,
int  ,
int  ,
ListHead
 

Definition at line 1274 of file detect.c.

References _ListHead::AlertList, _RuleListNode::evalIndex, _ListHead::IcmpList, _ListHead::IpList, _ListHead::LogList, _RuleListNode::mode, _RuleListNode::name, _RuleListNode::next, NULL, _progvars::num_rule_types, pv, _RuleListNode::RuleList, _ListHead::ruleListNode, _RuleListNode::rval, _ListHead::TcpList, and _ListHead::UdpList.

Referenced by CreateDefaultRules(), and ParseRuleTypeDeclaration().

void DumpRuleChains  ) 
 

Definition at line 430 of file parser.c.

References DumpChain(), _ListHead::IcmpList, _ListHead::IpList, _RuleListNode::name, _RuleListNode::next, NULL, _RuleListNode::RuleList, _ListHead::TcpList, and _ListHead::UdpList.

Referenced by ParseRulesFile().

char* ExpandVars char *   ) 
 

Definition at line 3015 of file parser.c.

References bzero, DEBUG_CONFIGRULES, DEBUG_WRAP, ErrorMessage(), FatalError(), file_line, file_name, NULL, PARSERULE_SIZE, and VarGet().

Referenced by ParseRule().

void IntegrityCheckRules  ) 
 

Definition at line 446 of file parser.c.

References DEBUG_CONFIGRULES, DEBUG_WRAP, _ListHead::IcmpList, IntegrityCheck(), _ListHead::IpList, _RuleListNode::name, _RuleListNode::next, NULL, pv, _progvars::quiet_flag, _RuleListNode::RuleList, _ListHead::TcpList, and _ListHead::UdpList.

Referenced by ParseRulesFile().

void LinkDynamicRules  ) 
 

Definition at line 3165 of file parser.c.

References _ListHead::IcmpList, SetLinks(), _ListHead::TcpList, and _ListHead::UdpList.

Referenced by ParseRulesFile().

void OrderRuleLists char *   ) 
 

Definition at line 1350 of file detect.c.

References addNodeToOrderedList(), FatalError(), LogMessage(), mSplit(), mSplitFree(), _RuleListNode::name, _RuleListNode::next, and NULL.

Referenced by ParseConfig(), and SnortMain().

void ParseActivatedBy char *   ) 
 

Definition at line 2670 of file parser.c.

References _RuleTreeNode::activate_list, _OptTreeNode::activated_by, _ActivateList::activated_by, errno, FatalError(), _ActivateList::next, and NULL.

Referenced by ParseRuleOptions().

void ParseActivates char *   ) 
 

Definition at line 2642 of file parser.c.

References _OptTreeNode::activates.

Referenced by ParseRuleOptions().

void ParseConfig char *   ) 
 

Definition at line 3518 of file parser.c.

References _progvars::alert_interface_flag, asn1_init_mem(), _progvars::assurance_mode, ASSURE_EST, bcopy, _progvars::char_data_flag, _progvars::checksums_mode, _progvars::chroot_dir, _progvars::daemon_flag, _progvars::data_flag, DEBUG_CONFIGRULES, DEBUG_INIT, DEBUG_WRAP, _DecoderFlags::decode_alerts, _progvars::decoder_flags, DO_ICMP_CHECKSUMS, DO_IP_CHECKSUMS, DO_TCP_CHECKSUMS, DO_UDP_CHECKSUMS, _DecoderFlags::drop_alerts, _DecoderFlags::drop_ipopt_decode, _DecoderFlags::drop_tcpopt_decode, _DecoderFlags::drop_tcpopt_experiment, _DecoderFlags::drop_tcpopt_obsolete, _DecoderFlags::drop_tcpopt_ttcp, ErrorMessage(), FatalError(), FatalPrintError(), file_line, file_name, FILEACCESSBITS, flow_set_daemon(), GenHomenet(), gr, groupid, groupname, _progvars::include_year, _progvars::interface, _DecoderFlags::ipopt_decode, _progvars::log_cmd_override, _progvars::log_dir, _progvars::log_mode, LOG_NONE, LogMessage(), _progvars::min_ttl, mSplit(), mSplitFree(), VarEntry::name, NULL, _progvars::obfuscation_flag, OpenPcap(), OrderRuleLists(), ParseClassificationConfig(), ParsePortList(), ParseReferenceSystemConfig(), pcap_close(), _progvars::pcap_cmd, pd, _progvars::pkt_cnt, _progvars::pkt_snaplen, PRINT_INTERFACE, ProcessAlertFileOption(), ProcessDetectionOptions(), ProcessEventQueue(), ProcessFlowbitsSize(), ProcessResetMac(), ProcessThresholdOptions(), _progvars::promisc_flag, pv, pw, _progvars::quiet_flag, read_infile(), _progvars::readfile, _progvars::readmode_flag, _progvars::rules_order_flag, _progvars::show2hdr_flag, snprintf, STD_BUF, strcasecmp, strlcpy, strtol(), _DecoderFlags::tcpopt_decode, _DecoderFlags::tcpopt_experiment, _DecoderFlags::tcpopt_obsolete, _DecoderFlags::tcpopt_ttcp, _progvars::use_utc, userid, username, _progvars::verbose_bytedump_flag, and _progvars::verbose_flag.

Referenced by ParseRule().

void ParseCount char *   ) 
 

Definition at line 2719 of file parser.c.

References _OptTreeNode::activation_counter, DEBUG_CONFIGRULES, and DEBUG_WRAP.

Referenced by ParseRuleOptions().

void ParseListFile char *  ,
char * 
 

void ParseLogto char *   ) 
 

Definition at line 2596 of file parser.c.

References bzero, index, _OptTreeNode::logto, and NULL.

Referenced by ParseRuleOptions().

void ParseMessage char *   ) 
 

Definition at line 2510 of file parser.c.

References DEBUG_CONFIGRULES, DEBUG_WRAP, ErrorMessage(), file_line, file_name, index, _SigInfo::message, NULL, and _OptTreeNode::sigInfo.

Referenced by ParseRuleOptions().

void ParseOutputPlugin char *   ) 
 

Definition at line 1512 of file parser.c.

References _progvars::alert_cmd_override, ErrorMessage(), FatalError(), file_line, file_name, _OutputKeywordNode::func, GetOutputPlugin(), _progvars::log_cmd_override, mSplit(), mSplitFree(), _OutputKeywordNode::node_type, NT_OUTPUT_ALERT, NT_OUTPUT_LOG, NT_OUTPUT_SPECIAL, NULL, and pv.

Referenced by ParseRule(), and ParseRuleTypeDeclaration().

int ParsePort char *  ,
u_short *  ,
u_short *  ,
char *  ,
int * 
 

Definition at line 2343 of file parser.c.

References ConvPort(), FatalError(), file_line, file_name, index, mSplit(), mSplitFree(), NULL, strcasecmp, and VarGet().

Referenced by ParsePortList(), ParseRule(), and ScanParseIp().

void ParsePreprocessor char *   ) 
 

Definition at line 1445 of file parser.c.

References DEBUG_CONFIGRULES, DEBUG_WRAP, _PreprocessKeywordList::entry, FatalError(), _PreprocessKeywordNode::func, _PreprocessKeywordNode::keyword, mSplit(), mSplitFree(), _PreprocessKeywordList::next, NULL, and strcasecmp.

Referenced by ParseRule().

void ParseRule FILE *  ,
char *  ,
int 
 

Definition at line 488 of file parser.c.

References ANY_DST_PORT, ANY_SRC_PORT, BIDIRECTIONAL, bzero, CheckRule(), DEBUG_CONFIGRULES, DEBUG_WRAP, DST, EXCEPT_DST_PORT, EXCEPT_SRC_PORT, ExpandVars(), FatalError(), file_line, file_name, InlineMode(), _RuleListNode::mode, mSplit(), mSplitFree(), _RuleListNode::name, _RuleListNode::next, NULL, ParseConfig(), ParseOutputPlugin(), ParsePort(), ParsePreprocessor(), PARSERULE_SIZE, ParseRuleOptions(), ParseRulesFile(), ParseRuleTypeDeclaration(), ParseSFSuppress(), ParseSFThreshold(), ProcessHeadNode(), ProcessIP(), RULE_ACTIVATE, RULE_ALERT, RULE_CONFIG, rule_count, RULE_DECLARE, RULE_DROP, RULE_DYNAMIC, RULE_INCLUDE, RULE_LOG, RULE_OUTPUT, RULE_PASS, RULE_PREPROCESS, RULE_REINJECT, RULE_REJECT, RULE_REJECTBOTH, RULE_REJECTDST, RULE_REJECTSRC, RULE_SDROP, RULE_SUPPRESS, RULE_THRESHOLD, RULE_UNKNOWN, RULE_VAR, _RuleListNode::RuleList, RuleType(), SRC, strcasecmp, strip(), VarDefine(), VarGet(), and WhichProto().

Referenced by ParseRulesFile().

void ParseRuleOptions char *  ,
int  ,
int 
 

Definition at line 1603 of file parser.c.

References AddOptFuncToList(), bzero, _OptTreeNode::chain_node_number, DEBUG_CONFIGRULES, DEBUG_INIT, DEBUG_WRAP, _RuleTreeNode::down, dynamic_rules_present, _KeywordXlateList::entry, errno, _OptTreeNode::event_data, FatalError(), file_line, file_name, _KeywordXlate::func, THDX_STRUCT::gen_id, GENERATOR_SNORT_ENGINE, _SigInfo::id, index, _KeywordXlate::keyword, MAX_RULE_OPTIONS, mSplit(), mSplitFree(), _KeywordXlateList::next, _OptTreeNode::next, NULL, ONE_CHECK, opt_count, OptListEnd(), ParseActivatedBy(), ParseActivates(), ParseClassType(), ParseCount(), ParseLogto(), ParseMessage(), ParsePriority(), ParseReference(), ParseRev(), ParseSID(), ParseTag(), ParseThreshold2(), _OptTreeNode::proto_node, _OptTreeNode::rtn, RULE_DYNAMIC, sfthreshold_create(), _Event::sig_generator, THDX_STRUCT::sig_id, _OptTreeNode::sigInfo, _OptTreeNode::stateless, strcasecmp, THD_TOO_MANY_THDOBJ, and _OptTreeNode::type.

Referenced by ParseRule().

void ParseRulesFile char *  ,
int 
 

Definition at line 151 of file parser.c.

References bzero, _progvars::config_dir, ContinuationCheck(), DEBUG_CONFIGRULES, DEBUG_WRAP, DumpRuleChains(), dynamic_rules_present, errno, FatalError(), file_line, file_name, head_count, index, IntegrityCheckRules(), LinkDynamicRules(), LogMessage(), MAX_LINE_LENGTH, NULL, opt_count, ParseRule(), PARSERULE_SIZE, pv, _progvars::quiet_flag, rule_count, strlcat(), and strlcpy.

Referenced by ParseRule(), and SnortMain().

void ParseRuleTypeDeclaration FILE *  ,
char * 
 

Definition at line 4293 of file parser.c.

References checkKeyword(), CreateRuleType(), DEBUG_CONFIGRULES, DEBUG_WRAP, FatalError(), file_line, file_name, mSplit(), mSplitFree(), NULL, _progvars::num_rule_types, ParseOutputPlugin(), pv, ReadLine(), RULE_ACTIVATE, RULE_ALERT, RULE_DYNAMIC, RULE_LOG, RULE_OUTPUT, RULE_PASS, RuleType(), and strcasecmp.

Referenced by ParseRule().

void printRuleOrder  ) 
 

Definition at line 1255 of file detect.c.

References printRuleListOrder().

Referenced by SnortMain().

void ProcessAlertFileOption char *   ) 
 

Definition at line 3280 of file parser.c.

References _progvars::alert_filename, DEBUG_CONFIGRULES, DEBUG_WRAP, ProcessFileOption(), and pv.

Referenced by ParseConfig().

char* ProcessFileOption char *   ) 
 

Definition at line 3289 of file parser.c.

References buffer, DEBUG_CONFIGRULES, DEBUG_WRAP, FatalError(), _progvars::log_dir, NULL, pv, _progvars::quiet_flag, STD_BUF, strlcat(), strlcpy, and strstr().

Referenced by AlertCSVParseArgs(), ParseAlertFastArgs(), ParseAlertFullArgs(), and ProcessAlertFileOption().

char* ReadLine FILE *   ) 
 

Definition at line 4393 of file parser.c.

References bzero, file_line, file_name, index, LogMessage(), MAX_LINE_LENGTH, and NULL.

Referenced by ParseRuleTypeDeclaration().

int RuleType char *   ) 
 

Definition at line 2030 of file parser.c.

References FatalError(), file_line, file_name, NULL, RULE_ACTIVATE, RULE_ALERT, RULE_CONFIG, RULE_DECLARE, RULE_DROP, RULE_DYNAMIC, RULE_INCLUDE, RULE_LOG, RULE_OUTPUT, RULE_PASS, RULE_PREPROCESS, RULE_REINJECT, RULE_REJECT, RULE_REJECTBOTH, RULE_REJECTDST, RULE_REJECTSRC, RULE_SDROP, RULE_SUPPRESS, RULE_THRESHOLD, RULE_UNKNOWN, RULE_VAR, and strcasecmp.

Referenced by checkKeyword(), ParseRule(), and ParseRuleTypeDeclaration().

struct VarEntry* VarAlloc  ) 
 

Definition at line 2840 of file parser.c.

References FatalError(), and NULL.

Referenced by VarDefine().

struct VarEntry* VarDefine char *  ,
char * 
 

Definition at line 2864 of file parser.c.

References FatalError(), file_line, file_name, VarEntry::flags, VarEntry::name, VarEntry::next, NULL, VarEntry::prev, strcasecmp, VarEntry::value, VAR_STATIC, and VarAlloc().

Referenced by DefineIfaceVar(), ParseCmdLine(), and ParseRule().

void VarDelete char *   ) 
 

Definition at line 2929 of file parser.c.

References VarEntry::name, VarEntry::next, NULL, VarEntry::prev, strcasecmp, and VarEntry::value.

char* VarGet char *   ) 
 

Definition at line 2978 of file parser.c.

References FatalError(), file_line, file_name, VarEntry::name, VarEntry::next, NULL, strcasecmp, and VarEntry::value.

Referenced by ExpandVars(), IpAddrSetParse(), ParsePort(), ParseRule(), ParseSyslogArgs(), PortscanIgnoreParseIP(), PortscanParseIP(), ProcessIP(), ScanParseIp(), and ScanParsePort().

char* VarSearch char *  name  ) 
 

Definition at line 4431 of file parser.c.

References VarEntry::name, VarEntry::next, NULL, strcasecmp, and VarEntry::value.

int WhichProto char *   ) 
 

Definition at line 2117 of file parser.c.

References ETHERNET_TYPE_ARP, ETHERNET_TYPE_IP, FatalError(), file_line, file_name, and strcasecmp.

Referenced by ParsePortList(), and ParseRule().

Variable Documentation

int file_line
 

Definition at line 88 of file parser.c.

char* file_name
 

Definition at line 87 of file parser.c.

Generated on Sun May 14 14:51:23 2006 by  doxygen 1.4.2