#include <sys/types.h>#include <unistd.h>#include <stdlib.h>#include <string.h>#include <sys/socket.h>#include <netinet/in.h>#include <arpa/inet.h>#include <time.h>#include <errno.h>#include "plugbase.h"#include "spo_plugbase.h"#include "snort.h"#include "debug.h"#include "util.h"#include "log.h"#include "detect.h"#include "preprocessors/spp_portscan.h"#include "preprocessors/spp_rpc_decode.h"#include "preprocessors/spp_bo.h"#include "preprocessors/spp_telnet_negotiation.h"#include "preprocessors/spp_stream4.h"#include "preprocessors/spp_frag2.h"#include "preprocessors/spp_arpspoof.h"#include "preprocessors/spp_conversation.h"#include "preprocessors/spp_portscan2.h"#include "preprocessors/spp_perfmonitor.h"#include "preprocessors/spp_httpinspect.h"#include "preprocessors/spp_flow.h"#include "preprocessors/spp_sfportscan.h"#include "preprocessors/spp_frag3.h"#include "preprocessors/spp_xlink2state.h"#include "preprocessors/spp_clamav.h"#include "detection-plugins/sp_pattern_match.h"#include "detection-plugins/sp_tcp_flag_check.h"#include "detection-plugins/sp_icmp_type_check.h"#include "detection-plugins/sp_icmp_code_check.h"#include "detection-plugins/sp_ttl_check.h"#include "detection-plugins/sp_ip_id_check.h"#include "detection-plugins/sp_tcp_ack_check.h"#include "detection-plugins/sp_tcp_seq_check.h"#include "detection-plugins/sp_dsize_check.h"#include "detection-plugins/sp_ipoption_check.h"#include "detection-plugins/sp_rpc_check.h"#include "detection-plugins/sp_icmp_id_check.h"#include "detection-plugins/sp_icmp_seq_check.h"#include "detection-plugins/sp_session.h"#include "detection-plugins/sp_ip_tos_check.h"#include "detection-plugins/sp_ip_fragbits.h"#include "detection-plugins/sp_tcp_win_check.h"#include "detection-plugins/sp_ip_same_check.h"#include "detection-plugins/sp_ip_proto.h"#include "detection-plugins/sp_clientserver.h"#include "detection-plugins/sp_byte_check.h"#include "detection-plugins/sp_byte_jump.h"#include "detection-plugins/sp_isdataat.h"#include "detection-plugins/sp_pcre.h"#include "detection-plugins/sp_flowbits.h"#include "detection-plugins/sp_asn1.h"#include "detection-plugins/sp_ftpbounce.h"#include "output-plugins/spo_alert_syslog.h"#include "output-plugins/spo_log_tcpdump.h"#include "output-plugins/spo_database.h"#include "output-plugins/spo_alert_fast.h"#include "output-plugins/spo_alert_full.h"#include "output-plugins/spo_alert_unixsock.h"#include "output-plugins/spo_csv.h"#include "output-plugins/spo_unified.h"#include "output-plugins/spo_log_null.h"#include "output-plugins/spo_log_ascii.h"Go to the source code of this file.
Functions | |
| void | InitPlugIns () |
| void | RegisterPlugin (char *keyword, void(*func)(char *, OptTreeNode *, int)) |
| void | DumpPlugIns () |
| OptFpList * | AddOptFuncToList (int(*func)(Packet *, struct _OptTreeNode *, struct _OptFpList *), OptTreeNode *otn) |
| void | AddRspFuncToList (int(*func)(Packet *, struct _RspFpList *), OptTreeNode *otn, void *params) |
| void | InitPreprocessors () |
| void | RegisterPreprocessor (char *keyword, void(*func)(u_char *)) |
| void | DumpPreprocessors () |
| PreprocessFuncNode * | AddFuncToPreprocList (void(*func)(Packet *, void *)) |
| OutputFuncNode * | AppendOutputFuncList (void(*)(Packet *, char *, void *, Event *), void *, OutputFuncNode *) |
| void | InitOutputPlugins () |
| int | ActivateOutputPlugin (char *plugin_name, char *plugin_options) |
| OutputKeywordNode * | GetOutputPlugin (char *plugin_name) |
| void | RegisterOutputPlugin (char *keyword, int type, void(*func)(u_char *)) |
| void | DumpOutputPlugins () |
| void | AddFuncToOutputList (void(*func)(Packet *, char *, void *, Event *), char node_type, void *arg) |
| void | SetOutputList (void(*func)(Packet *, char *, void *, Event *), char node_type, void *arg) |
| int | PacketIsIP (Packet *p) |
| int | PacketIsTCP (Packet *p) |
| int | PacketIsUDP (Packet *p) |
| int | PacketIsICMP (Packet *p) |
| int | DestinationIpIsHomenet (Packet *p) |
| int | SourceIpIsHomenet (Packet *p) |
| int | CheckNet (struct in_addr *compare, struct in_addr *compare2) |
| void | AddFuncToRestartList (void(*func)(int, void *), void *arg) |
| void | AddFuncToCleanExitList (void(*func)(int, void *), void *arg) |
| void | AddFuncToShutdownList (void(*func)(int, void *), void *arg) |
| PluginSignalFuncNode * | AddFuncToSignalList (void(*func)(int, void *), void *arg, PluginSignalFuncNode *list) |
| char * | GetUniqueName (char *iface) |
| char * | GetIP (char *iface) |
| char * | GetHostname () |
| char * | GetTimestamp (register const struct timeval *tvp, int tz) |
| int | GetLocalTimezone () |
| char * | GetCurrentTimestamp () |
| char * | base64 (u_char *xdata, int length) |
| char * | ascii (u_char *xdata, int length) |
| char * | hex (u_char *xdata, int length) |
| char * | fasthex (u_char *xdata, int length) |
Variables | |
| PluginSignalFuncNode * | PluginShutdownList |
| PluginSignalFuncNode * | PluginCleanExitList |
| PluginSignalFuncNode * | PluginRestartList |
| int | file_line |
| char * | file_name |
| KeywordXlateList * | KeywordList |
| PreprocessKeywordList * | PreprocessKeywords |
| PreprocessFuncNode * | PreprocessList |
| OutputKeywordList * | OutputKeywords |
| OutputFuncNode * | AlertList |
| OutputFuncNode * | LogList |
| ListHead * | head_tmp |
|
||||||||||||
|
Definition at line 627 of file plugbase.c. References _OutputKeywordNode::func, GetOutputPlugin(), LogMessage(), _OutputKeywordNode::node_type, NT_OUTPUT_ALERT, NT_OUTPUT_LOG, NT_OUTPUT_SPECIAL, and NULL. Referenced by ProcessAlertCommandLine(), and ProcessLogCommandLine(). |
|
||||||||||||
|
Definition at line 1014 of file plugbase.c. References AddFuncToSignalList(). Referenced by AlertCSVInit(), AlertFastInit(), AlertFullInit(), AlertSyslogInit(), AlertUnixSockInit(), ARPspoofInit(), DatabaseInit(), FlowInit(), FlowPSInit(), Frag2Init(), Frag3Init(), LogAsciiInit(), LogNullInit(), LogTcpdumpInit(), ParsePerfMonitorArgs(), Stream4Init(), TemplateInit(), UnifiedAlertInit(), UnifiedInit(), UnifiedLogInit(), and XLINK2STATEInit(). |
|
||||||||||||||||
|
Definition at line 821 of file plugbase.c. References _ListHead::AlertList, AppendOutputFuncList(), FatalError(), _ListHead::LogList, NT_OUTPUT_ALERT, NT_OUTPUT_LOG, and NULL. Referenced by AlertCSVInit(), AlertFastInit(), AlertFullInit(), AlertSyslogInit(), AlertUnixSockInit(), DatabaseInit(), LogAsciiInit(), LogNullInit(), LogTcpdumpInit(), SetOutputList(), UnifiedAlertInit(), UnifiedInit(), and UnifiedLogInit(). |
|
|
Definition at line 553 of file plugbase.c. References _PreprocessFuncNode::func, _PreprocessFuncNode::next, and NULL. Referenced by ARPspoofInit(), BoInit(), ConvInit(), FlowInit(), Frag2Init(), Frag3Init(), HttpInspectInit(), PerfMonitorInit(), PortscanInit(), RpcDecodeInit(), Stream4Init(), TelNegInit(), TemplateInit(), and XLINK2STATEInit(). |
|
||||||||||||
|
Definition at line 1009 of file plugbase.c. References AddFuncToSignalList(). Referenced by AlertCSVInit(), AlertFastInit(), AlertFullInit(), AlertSyslogInit(), AlertUnixSockInit(), ARPspoofInit(), DatabaseInit(), FlowInit(), FlowPSInit(), Frag2Init(), Frag3Init(), LogAsciiInit(), LogNullInit(), LogTcpdumpInit(), Stream4Init(), TemplateInit(), UnifiedAlertInit(), UnifiedInit(), UnifiedLogInit(), and XLINK2STATEInit(). |
|
||||||||||||
|
Definition at line 1019 of file plugbase.c. References AddFuncToSignalList(). Referenced by Stream4Init(). |
|
||||||||||||||||
|
Definition at line 1024 of file plugbase.c. References _PluginSignalFuncNode::arg, _PluginSignalFuncNode::func, _PluginSignalFuncNode::next, and NULL. Referenced by AddFuncToCleanExitList(), AddFuncToRestartList(), and AddFuncToShutdownList(). |
|
||||||||||||
|
||||||||||||||||
|
Definition at line 366 of file plugbase.c. References DEBUG_CONFIGRULES, DEBUG_WRAP, errno, FatalError(), _RspFpList::next, NULL, _RspFpList::params, _RspFpList::ResponseFunc, and _OptTreeNode::rsp_func. |
|
||||||||||||||||
|
Definition at line 852 of file plugbase.c. References _OutputFuncNode::arg, _OutputFuncNode::func, _OutputFuncNode::next, and NULL. Referenced by AddFuncToOutputList(). |
|
||||||||||||
|
Definition at line 1379 of file plugbase.c. References LogMessage(), memset, and NULL. Referenced by Database(). |
|
||||||||||||
|
Definition at line 1298 of file plugbase.c. References ErrorMessage(), and output. Referenced by Database(). |
|
||||||||||||
|
Definition at line 999 of file plugbase.c. |
|
|
Definition at line 979 of file plugbase.c. References _progvars::homenet, _IPHdr::ip_dst, _Packet::iph, _progvars::netmask, and pv. |
|
|
Definition at line 799 of file plugbase.c. References _OutputKeywordList::entry, _OutputKeywordNode::func, _OutputKeywordNode::keyword, _OutputKeywordList::next, NULL, pv, and _progvars::quiet_flag. Referenced by SnortMain(). |
|
|
Definition at line 264 of file plugbase.c. References _KeywordXlateList::entry, _KeywordXlate::func, _KeywordXlate::keyword, _KeywordXlateList::next, NULL, pv, and _progvars::quiet_flag. Referenced by SnortMain(). |
|
|
Definition at line 533 of file plugbase.c. References _PreprocessKeywordList::entry, _PreprocessKeywordNode::func, _PreprocessKeywordNode::keyword, _PreprocessKeywordList::next, NULL, pv, and _progvars::quiet_flag. Referenced by SnortMain(). |
|
||||||||||||
|
Definition at line 1483 of file plugbase.c. Referenced by Database(), and mSearch(). |
|
|
Definition at line 1243 of file plugbase.c. References bzero, GetLocalTimezone(), gettimeofday(), pv, SMALLBUFFER, snprintf, and _progvars::use_utc. Referenced by Database(). |
|
|
Definition at line 1145 of file plugbase.c. References DWORD. Referenced by GetUniqueName(). |
|
|
Definition at line 1099 of file plugbase.c. References FatalError(), ifreq::ifr_name, and NULL. Referenced by GetUniqueName(). |
|
|
Definition at line 1212 of file plugbase.c. Referenced by DatabaseInit(), and GetCurrentTimestamp(). |
|
|
Definition at line 699 of file plugbase.c. References _OutputKeywordList::entry, FatalError(), _OutputKeywordNode::keyword, _OutputKeywordList::next, NULL, and strcasecmp. Referenced by ActivateOutputPlugin(), and ParseOutputPlugin(). |
|
||||||||||||
|
Definition at line 1172 of file plugbase.c. References pv, SMALLBUFFER, snprintf, and _progvars::use_utc. Referenced by Database(). |
|
|
Definition at line 1068 of file plugbase.c. References GetHostname(), GetIP(), LogMessage(), NULL, pv, snprintf, and _progvars::verbose_flag. Referenced by DatabaseInit(). |
|
||||||||||||
|
Definition at line 1461 of file plugbase.c. References snprintf. Referenced by SnortPcre(), and uniSearchReal(). |
|
|
Definition at line 593 of file plugbase.c. References AlertCSVSetup(), AlertFastSetup(), AlertFullSetup(), AlertPreludeSetup(), AlertSFSocket_Setup(), AlertSyslogSetup(), AlertUnixSockSetup(), DatabaseSetup(), LogAsciiSetup(), LogMessage(), LogNullSetup(), LogTcpdumpSetup(), pv, _progvars::quiet_flag, and UnifiedSetup(). Referenced by SnortMain(). |
|
|
|
Definition at line 420 of file plugbase.c. References LogMessage(), pv, _progvars::quiet_flag, SetupARPspoof(), SetupBo(), SetupConv(), SetupFlow(), SetupFrag2(), SetupFrag3(), SetupHttpInspect(), SetupPerfMonitor(), SetupPortscan(), SetupPortscanIgnoreHosts(), SetupPsng(), SetupRpcDecode(), SetupScan2(), SetupStream4(), SetupTelNeg(), and SetupXLINK2STATE(). Referenced by SnortMain(). |
|
|
Definition at line 969 of file plugbase.c. References _Packet::icmph, _Packet::iph, and NULL. |
|
|
Definition at line 939 of file plugbase.c. References _Packet::iph, and NULL. |
|
|
Definition at line 949 of file plugbase.c. References _Packet::iph, NULL, and _Packet::tcph. Referenced by NormalizeTelnet(), PreprocRpcDecode(), and XLINK2STATEDetect(). |
|
|
Definition at line 959 of file plugbase.c. References _Packet::iph, NULL, and _Packet::udph. Referenced by BoFind(). |
|
||||||||||||||||
|
Definition at line 735 of file plugbase.c. References DEBUG_PLUGIN, DEBUG_WRAP, _OutputKeywordList::entry, FatalError(), file_line, file_name, _OutputKeywordNode::func, _OutputKeywordNode::keyword, _OutputKeywordList::next, _OutputKeywordNode::node_type, NULL, and strcasecmp. Referenced by AlertCSVSetup(), AlertFastSetup(), AlertFullSetup(), AlertSyslogSetup(), AlertUnixSockSetup(), DatabaseSetup(), LogAsciiSetup(), LogNullSetup(), LogTcpdumpSetup(), and UnifiedSetup(). |
|
||||||||||||
|
||||||||||||
|
Definition at line 466 of file plugbase.c. References DEBUG_PLUGIN, DEBUG_WRAP, _PreprocessKeywordList::entry, FatalError(), file_line, file_name, _PreprocessKeywordNode::func, _PreprocessKeywordNode::keyword, _PreprocessKeywordList::next, NULL, and strcasecmp. Referenced by SetupARPspoof(), SetupBo(), SetupConv(), SetupFlow(), SetupFlowPS(), SetupFrag2(), SetupFrag3(), SetupHttpInspect(), SetupPerfMonitor(), SetupPortscan(), SetupPortscanIgnoreHosts(), SetupPsng(), SetupRpcDecode(), SetupScan2(), SetupStream4(), SetupTelNeg(), SetupTemplate(), and SetupXLINK2STATE(). |
|
||||||||||||||||
|
Definition at line 886 of file plugbase.c. References AddFuncToOutputList(), _OutputFuncNode::next, NT_OUTPUT_ALERT, NT_OUTPUT_LOG, and NULL. Referenced by ProcessAlertCommandLine(), and ProcessLogCommandLine(). |
|
|
Definition at line 990 of file plugbase.c. References _progvars::homenet, _IPHdr::ip_src, _Packet::iph, _progvars::netmask, and pv. |
|
|
Definition at line 587 of file plugbase.c. |
|
|
|
|
|
|
|
|
|
|
|
Definition at line 145 of file plugbase.c. |
|
|
Definition at line 588 of file plugbase.c. |
|
|
Definition at line 586 of file plugbase.c. |
|
|
Definition at line 135 of file plugbase.c. |
|
|
Definition at line 136 of file plugbase.c. |
|
|
Definition at line 134 of file plugbase.c. |
|
|
Definition at line 417 of file plugbase.c. |
|
|
Definition at line 418 of file plugbase.c. |
1.4.2