plugbase.h File Reference

#include "rules.h"
#include <sys/ioctl.h>
#include <net/route.h>
#include <net/if.h>

Go to the source code of this file.

Defines
#define	SMALLBUFFER   32
#define	NT_OUTPUT_ALERT   0x1
#define	NT_OUTPUT_LOG   0x2
#define	NT_OUTPUT_SPECIAL   0x4
#define	DETECTION_KEYWORD   0
#define	RESPONSE_KEYWORD   1
#define	PP_ALL   0xffffffff
#define	PP_LOADBALANCING   0x00000001
#define	PP_PORTSCAN   0x00000002
#define	PP_HTTPINSPECT   0x00000004
#define	PP_PORTSCAN_IGNORE_HOSTS   0x00000008
#define	PP_RPCDECODE   0x00000010
#define	PP_BO   0x00000020
#define	PP_TELNEG   0x00000040
#define	PP_STREAM4   0x00000080
#define	PP_FRAG2   0x00000100
#define	PP_ARPSPOOF   0x00000200
#define	PP_ASN1DECODE   0x00000400
#define	PP_FNORD   0x00000800
#define	PP_CONVERSATION   0x00001000
#define	PP_PORTSCAN2   0x00002000
#define	PP_HTTPFLOW   0x00004000
#define	PP_PERFMONITOR   0x00008000
#define	PP_STREAM4_REASSEMBLE   0x00010000
#define	PP_FRAG3   0x00020000
#define	PP_SFPORTSCAN   0x00100000
#define	ENCODING_HEX   0
#define	ENCODING_BASE64   1
#define	ENCODING_ASCII   2
#define	DETAIL_FAST   0
#define	DETAIL_FULL   1
Typedefs
typedef _KeywordXlate	KeywordXlate
typedef _KeywordXlateList	KeywordXlateList
typedef _PreprocessKeywordNode	PreprocessKeywordNode
typedef _PreprocessKeywordList	PreprocessKeywordList
typedef _PreprocessFuncNode	PreprocessFuncNode
typedef _PluginSignalFuncNode	PluginSignalFuncNode
Functions
void	InitPlugIns ()
void	RegisterPlugin (char *, void(*func)(char *, OptTreeNode *, int))
void	DumpPlugIns ()
OptFpList *	AddOptFuncToList (int(*func)(Packet *, struct _OptTreeNode *, struct _OptFpList *), OptTreeNode *)
void	AddRspFuncToList (int(*func)(Packet *, struct _RspFpList *), OptTreeNode *, void *)
void	InitPreprocessors ()
void	RegisterPreprocessor (char *, void(*func)(u_char *))
void	DumpPreprocessors ()
PreprocessFuncNode *	AddFuncToPreprocList (void(*func)(Packet *, void *))
int	PacketIsIP (Packet *)
int	PacketIsTCP (Packet *)
int	PacketIsUDP (Packet *)
int	PacketIsICMP (Packet *)
int	DestinationIpIsHomenet (Packet *)
int	SourceIpIsHomenet (Packet *)
int	IsTcpSessionTraffic (Packet *)
int	CheckNet (struct in_addr *, struct in_addr *)
void	AddFuncToRestartList (void(*func)(int, void *), void *)
void	AddFuncToCleanExitList (void(*func)(int, void *), void *)
void	AddFuncToShutdownList (void(*func)(int, void *), void *)
PluginSignalFuncNode *	AddFuncToSignalList (void(*func)(int, void *), void *, PluginSignalFuncNode *)
char *	GetUniqueName (char *)
char *	GetIP (char *)
char *	GetHostname ()
int	GetLocalTimezone ()
char *	GetTimestamp (register const struct timeval *, int)
char *	GetCurrentTimestamp ()
char *	base64 (u_char *, int)
char *	ascii (u_char *, int)
char *	hex (u_char *, int)
char *	fasthex (u_char *, int)

---

Define Documentation

#define DETAIL_FAST   0

Definition at line 188 of file plugbase.h. Referenced by ParseDatabaseArgs().

#define DETAIL_FULL   1

Definition at line 189 of file plugbase.h. Referenced by ParseDatabaseArgs().

#define DETECTION_KEYWORD   0

Definition at line 67 of file plugbase.h.

#define ENCODING_ASCII   2

Definition at line 187 of file plugbase.h. Referenced by Database(), and ParseDatabaseArgs().

#define ENCODING_BASE64   1

Definition at line 186 of file plugbase.h. Referenced by Database(), and ParseDatabaseArgs().

#define ENCODING_HEX   0

Definition at line 185 of file plugbase.h. Referenced by Database(), and ParseDatabaseArgs().

#define NT_OUTPUT_ALERT   0x1

Definition at line 63 of file plugbase.h. Referenced by ActivateOutputPlugin(), AddFuncToOutputList(), AlertCSVInit(), AlertCSVSetup(), AlertFastInit(), AlertFastSetup(), AlertFullInit(), AlertFullSetup(), AlertSyslogInit(), AlertSyslogSetup(), AlertUnixSockInit(), AlertUnixSockSetup(), DatabaseInit(), DatabaseSetup(), ParseOutputPlugin(), ProcessAlertCommandLine(), SetOutputList(), UnifiedAlertInit(), UnifiedInit(), and UnifiedSetup().

#define NT_OUTPUT_LOG   0x2

Definition at line 64 of file plugbase.h. Referenced by ActivateOutputPlugin(), AddFuncToOutputList(), DatabaseInit(), LogAsciiInit(), LogAsciiSetup(), LogNullInit(), LogNullSetup(), LogTcpdumpInit(), LogTcpdumpSetup(), ParseOutputPlugin(), ProcessLogCommandLine(), SetOutputList(), UnifiedInit(), UnifiedLogInit(), and UnifiedSetup().

#define NT_OUTPUT_SPECIAL   0x4

Definition at line 65 of file plugbase.h. Referenced by ActivateOutputPlugin(), ParseOutputPlugin(), and UnifiedSetup().

#define PP_ALL   0xffffffff

Definition at line 83 of file plugbase.h. Referenced by Preprocess().

#define PP_ARPSPOOF   0x00000200

Definition at line 93 of file plugbase.h. Referenced by DetectARPattacks().

#define PP_ASN1DECODE   0x00000400

Definition at line 94 of file plugbase.h.

#define PP_BO   0x00000020

Definition at line 89 of file plugbase.h. Referenced by BoFind().

#define PP_CONVERSATION   0x00001000

Definition at line 96 of file plugbase.h. Referenced by ConvFunc().

#define PP_FNORD   0x00000800

Definition at line 95 of file plugbase.h.

#define PP_FRAG2   0x00000100

Definition at line 92 of file plugbase.h. Referenced by Frag2Defrag().

#define PP_FRAG3   0x00020000

Definition at line 101 of file plugbase.h. Referenced by Frag3Defrag().

#define PP_HTTPFLOW   0x00004000

Definition at line 98 of file plugbase.h.

#define PP_HTTPINSPECT   0x00000004

Definition at line 86 of file plugbase.h. Referenced by HttpInspect().

#define PP_LOADBALANCING   0x00000001

Definition at line 84 of file plugbase.h.

#define PP_PERFMONITOR   0x00008000

Definition at line 99 of file plugbase.h. Referenced by ProcessPerfMonitor().

#define PP_PORTSCAN   0x00000002

Definition at line 85 of file plugbase.h. Referenced by PortscanPreprocFunction(), and SnortHttpInspect().

#define PP_PORTSCAN2   0x00002000

Definition at line 97 of file plugbase.h. Referenced by Frag3Defrag().

#define PP_PORTSCAN_IGNORE_HOSTS   0x00000008

Definition at line 87 of file plugbase.h.

#define PP_RPCDECODE   0x00000010

Definition at line 88 of file plugbase.h. Referenced by PreprocRpcDecode().

#define PP_SFPORTSCAN   0x00100000

Definition at line 102 of file plugbase.h. Referenced by PortscanDetect().

#define PP_STREAM4   0x00000080

Definition at line 91 of file plugbase.h. Referenced by NotForStream4(), and SnortHttpInspect().

#define PP_STREAM4_REASSEMBLE   0x00010000

Definition at line 100 of file plugbase.h.

#define PP_TELNEG   0x00000040

Definition at line 90 of file plugbase.h. Referenced by NormalizeTelnet().

#define RESPONSE_KEYWORD   1

Definition at line 68 of file plugbase.h.

#define SMALLBUFFER   32

Definition at line 61 of file plugbase.h. Referenced by GetCurrentTimestamp(), and GetTimestamp().

---

Typedef Documentation

typedef struct _KeywordXlate KeywordXlate

typedef struct _KeywordXlateList KeywordXlateList

typedef struct _PluginSignalFuncNode PluginSignalFuncNode

typedef struct _PreprocessFuncNode PreprocessFuncNode

typedef struct _PreprocessKeywordList PreprocessKeywordList

typedef struct _PreprocessKeywordNode PreprocessKeywordNode

---

Function Documentation

void AddFuncToCleanExitList (  void(*)(int, void *)  func, void *  )

Definition at line 1014 of file plugbase.c. References AddFuncToSignalList(). Referenced by AlertCSVInit(), AlertFastInit(), AlertFullInit(), AlertSyslogInit(), AlertUnixSockInit(), ARPspoofInit(), DatabaseInit(), FlowInit(), FlowPSInit(), Frag2Init(), Frag3Init(), LogAsciiInit(), LogNullInit(), LogTcpdumpInit(), ParsePerfMonitorArgs(), Stream4Init(), TemplateInit(), UnifiedAlertInit(), UnifiedInit(), UnifiedLogInit(), and XLINK2STATEInit().

PreprocessFuncNode* AddFuncToPreprocList (  void(*)(Packet *, void *)  func  )

Definition at line 553 of file plugbase.c. References _PreprocessFuncNode::func, _PreprocessFuncNode::next, and NULL. Referenced by ARPspoofInit(), BoInit(), ConvInit(), FlowInit(), Frag2Init(), Frag3Init(), HttpInspectInit(), PerfMonitorInit(), PortscanInit(), RpcDecodeInit(), Stream4Init(), TelNegInit(), TemplateInit(), and XLINK2STATEInit().

void AddFuncToRestartList (  void(*)(int, void *)  func, void *  )

Definition at line 1009 of file plugbase.c. References AddFuncToSignalList(). Referenced by AlertCSVInit(), AlertFastInit(), AlertFullInit(), AlertSyslogInit(), AlertUnixSockInit(), ARPspoofInit(), DatabaseInit(), FlowInit(), FlowPSInit(), Frag2Init(), Frag3Init(), LogAsciiInit(), LogNullInit(), LogTcpdumpInit(), Stream4Init(), TemplateInit(), UnifiedAlertInit(), UnifiedInit(), UnifiedLogInit(), and XLINK2STATEInit().

void AddFuncToShutdownList (  void(*)(int, void *)  func, void *  )

Definition at line 1019 of file plugbase.c. References AddFuncToSignalList(). Referenced by Stream4Init().

PluginSignalFuncNode* AddFuncToSignalList (  void(*)(int, void *)  func, void *  , PluginSignalFuncNode *  )

Definition at line 1024 of file plugbase.c. References _PluginSignalFuncNode::arg, _PluginSignalFuncNode::func, _PluginSignalFuncNode::next, and NULL. Referenced by AddFuncToCleanExitList(), AddFuncToRestartList(), and AddFuncToShutdownList().

OptFpList* AddOptFuncToList (  int(*)(Packet *, struct _OptTreeNode *, struct _OptFpList *)  func, OptTreeNode *  )

Definition at line 297 of file plugbase.c. References DEBUG_CONFIGRULES, DEBUG_WRAP, errno, FatalError(), _OptFpList::next, NULL, _OptTreeNode::opt_func, and _OptFpList::OptTestFunc. Referenced by Asn1Init(), ByteJumpInit(), ByteTestInit(), FlowBitsInit(), FragBitsInit(), FragOffsetInit(), FTPBounceInit(), IcmpCodeCheckInit(), IcmpIdCheckInit(), IcmpSeqCheckInit(), IcmpTypeCheckInit(), IpIdCheckInit(), IpOptionInit(), IpProtoInit(), IpSameCheckInit(), IpTosCheckInit(), IsDataAtInit(), ParseDsize(), ParseFlowArgs(), ParseRuleOptions(), ParseTtl(), PayloadSearchInit(), PayloadSearchListInit(), PayloadSearchUri(), RpcCheckInit(), SessionInit(), SnortPcreInit(), TcpAckCheckInit(), TCPFlagCheckInit(), TcpSeqCheckInit(), TcpWinCheckInit(), and TemplateInit().

void AddRspFuncToList (  int(*)(Packet *, struct _RspFpList *)  func, OptTreeNode *  , void *  )

Definition at line 366 of file plugbase.c. References DEBUG_CONFIGRULES, DEBUG_WRAP, errno, FatalError(), _RspFpList::next, NULL, _RspFpList::params, _RspFpList::ResponseFunc, and _OptTreeNode::rsp_func.

char* ascii (  u_char *  , int  )

Definition at line 1379 of file plugbase.c. References LogMessage(), memset, and NULL. Referenced by Database().

char* base64 (  u_char *  , int  )

Definition at line 1298 of file plugbase.c. References ErrorMessage(), and output. Referenced by Database().

int CheckNet (  struct in_addr *  , struct in_addr *  )

Definition at line 999 of file plugbase.c.

int DestinationIpIsHomenet (  Packet *   )

Definition at line 979 of file plugbase.c. References _progvars::homenet, _IPHdr::ip_dst, _Packet::iph, _progvars::netmask, and pv.

void DumpPlugIns (   )

Definition at line 264 of file plugbase.c. References _KeywordXlateList::entry, _KeywordXlate::func, _KeywordXlate::keyword, _KeywordXlateList::next, NULL, pv, and _progvars::quiet_flag. Referenced by SnortMain().

void DumpPreprocessors (   )

Definition at line 533 of file plugbase.c. References _PreprocessKeywordList::entry, _PreprocessKeywordNode::func, _PreprocessKeywordNode::keyword, _PreprocessKeywordList::next, NULL, pv, and _progvars::quiet_flag. Referenced by SnortMain().

char* fasthex (  u_char *  , int  )

Definition at line 1483 of file plugbase.c. References index, and NULL. Referenced by Database(), and mSearch().

char* GetCurrentTimestamp (   )

Definition at line 1243 of file plugbase.c. References bzero, GetLocalTimezone(), gettimeofday(), pv, SMALLBUFFER, snprintf, and _progvars::use_utc. Referenced by Database().

char* GetHostname (   )

Definition at line 1145 of file plugbase.c. References DWORD. Referenced by GetUniqueName().

char* GetIP (  char *   )

Definition at line 1099 of file plugbase.c. References FatalError(), ifreq::ifr_name, and NULL. Referenced by GetUniqueName().

int GetLocalTimezone (   )

Definition at line 1212 of file plugbase.c. Referenced by DatabaseInit(), and GetCurrentTimestamp().

char* GetTimestamp (  register const struct timeval *  , int  )

Definition at line 1172 of file plugbase.c. References pv, SMALLBUFFER, snprintf, and _progvars::use_utc. Referenced by Database().

char* GetUniqueName (  char *   )

Definition at line 1068 of file plugbase.c. References GetHostname(), GetIP(), LogMessage(), NULL, pv, snprintf, and _progvars::verbose_flag. Referenced by DatabaseInit().

char* hex (  u_char *  , int  )

Definition at line 1461 of file plugbase.c. References snprintf. Referenced by SnortPcre(), and uniSearchReal().

void InitPlugIns (   )

Definition at line 147 of file plugbase.c. References LogMessage(), pv, _progvars::quiet_flag, SetupAsn1(), SetupByteJump(), SetupByteTest(), SetupClientServer(), SetupDsizeCheck(), SetupFlowBits(), SetupFragBits(), SetupFragOffset(), SetupFTPBounce(), SetupIcmpCodeCheck(), SetupIcmpIdCheck(), SetupIcmpSeqCheck(), SetupIcmpTypeCheck(), SetupIpIdCheck(), SetupIpOptionCheck(), SetupIpProto(), SetupIpSameCheck(), SetupIpTosCheck(), SetupIsDataAt(), SetupPatternMatch(), SetupPcre(), SetupRpcCheck(), SetupSession(), SetupTcpAckCheck(), SetupTCPFlagCheck(), SetupTcpSeqCheck(), SetupTcpWinCheck(), and SetupTtlCheck(). Referenced by SnortMain().

void InitPreprocessors (   )

Definition at line 420 of file plugbase.c. References LogMessage(), pv, _progvars::quiet_flag, SetupARPspoof(), SetupBo(), SetupConv(), SetupFlow(), SetupFrag2(), SetupFrag3(), SetupHttpInspect(), SetupPerfMonitor(), SetupPortscan(), SetupPortscanIgnoreHosts(), SetupPsng(), SetupRpcDecode(), SetupScan2(), SetupStream4(), SetupTelNeg(), and SetupXLINK2STATE(). Referenced by SnortMain().

int IsTcpSessionTraffic (  Packet *   )

int PacketIsICMP (  Packet *   )

Definition at line 969 of file plugbase.c. References _Packet::icmph, _Packet::iph, and NULL.

int PacketIsIP (  Packet *   )

Definition at line 939 of file plugbase.c. References _Packet::iph, and NULL.

int PacketIsTCP (  Packet *   )

Definition at line 949 of file plugbase.c. References _Packet::iph, NULL, and _Packet::tcph. Referenced by NormalizeTelnet(), PreprocRpcDecode(), and XLINK2STATEDetect().

int PacketIsUDP (  Packet *   )

Definition at line 959 of file plugbase.c. References _Packet::iph, NULL, and _Packet::udph. Referenced by BoFind().

void RegisterPlugin (  char *  , void(*)(char *, OptTreeNode *, int)  func )

Definition at line 207 of file plugbase.c. References DEBUG_PLUGIN, DEBUG_WRAP, _KeywordXlateList::entry, FatalError(), _KeywordXlate::func, _KeywordXlate::keyword, _KeywordXlateList::next, NULL, and strcasecmp. Referenced by SetupAsn1(), SetupByteJump(), SetupByteTest(), SetupClientServer(), SetupDsizeCheck(), SetupFlowBits(), SetupFragBits(), SetupFragOffset(), SetupFTPBounce(), SetupIcmpCodeCheck(), SetupIcmpIdCheck(), SetupIcmpSeqCheck(), SetupIcmpTypeCheck(), SetupIpIdCheck(), SetupIpOptionCheck(), SetupIpProto(), SetupIpSameCheck(), SetupIpTosCheck(), SetupIsDataAt(), SetupPatternMatch(), SetupPcre(), SetupRpcCheck(), SetupSession(), SetupTcpAckCheck(), SetupTCPFlagCheck(), SetupTcpSeqCheck(), SetupTcpWinCheck(), SetupTemplate(), and SetupTtlCheck().

void RegisterPreprocessor (  char *  , void(*)(u_char *)  func )

Definition at line 466 of file plugbase.c. References DEBUG_PLUGIN, DEBUG_WRAP, _PreprocessKeywordList::entry, FatalError(), file_line, file_name, _PreprocessKeywordNode::func, _PreprocessKeywordNode::keyword, _PreprocessKeywordList::next, NULL, and strcasecmp. Referenced by SetupARPspoof(), SetupBo(), SetupConv(), SetupFlow(), SetupFlowPS(), SetupFrag2(), SetupFrag3(), SetupHttpInspect(), SetupPerfMonitor(), SetupPortscan(), SetupPortscanIgnoreHosts(), SetupPsng(), SetupRpcDecode(), SetupScan2(), SetupStream4(), SetupTelNeg(), SetupTemplate(), and SetupXLINK2STATE().

int SourceIpIsHomenet (  Packet *   )

Definition at line 990 of file plugbase.c. References _progvars::homenet, _IPHdr::ip_src, _Packet::iph, _progvars::netmask, and pv.

---