Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src

snort.c File Reference

#include <errno.h>
#include <sys/types.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/stat.h>
#include <grp.h>
#include <pwd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <timersub.h>
#include "snort.h"
#include "rules.h"
#include "plugbase.h"
#include "signal.h"
#include "debug.h"
#include "util.h"
#include "parser.h"
#include "tag.h"
#include "log.h"
#include "detect.h"
#include "mstring.h"
#include "fpcreate.h"
#include "fpdetect.h"
#include "sfthreshold.h"
#include "packet_time.h"
#include "src/preprocessors/flow/flow_print.h"
#include "src/detection-plugins/sp_flowbits.h"
#include "src/preprocessors/spp_perfmonitor.h"
#include "src/preprocessors/spp_bait_and_switch.h"
#include "event_queue.h"
#include "asn1.h"
#include "inline.h"
#include "mpse.h"

Go to the source code of this file.

Defines

#define DLT_OLDPFLOG   17
#define FPUTS_WIN32(msg)
#define FPUTS_UNIX(msg)   fputs(msg,stdout)
#define FPUTS_BOTH(msg)   fputs(msg,stdout)

Functions

static char * ConfigFileSearch ()
static int ProcessAlertCommandLine ()
static int ProcessLogCommandLine ()
static void Restart ()
static void SigTermHandler (int signal)
static void SigIntHandler (int signal)
static void SigQuitHandler (int signal)
static void SigHupHandler (int signal)
static void SigUsrHandler (int signal)
int main (int argc, char *argv[])
int SnortMain (int argc, char *argv[])
void PcapProcessPacket (char *user, struct pcap_pkthdr *pkthdr, u_char *pkt)
void ProcessPacket (char *user, struct pcap_pkthdr *pkthdr, u_char *pkt, void *ft)
int ShowUsage (char *progname)
int ParseCmdLine (int argc, char *argv[])
int SetPktProcessor ()
void * InterfaceThread (void *arg)
int OpenPcap ()
void SigCantHupHandler (int signal)
void CleanExit (int exit_val)

Variables

OutputFuncNodeAlertList
OutputFuncNodeLogList
int errno
u_int8_t runMode = 0
PV pv
int datalink
char * progname
char ** progargs
char * username
char * groupname
unsigned long userid = 0
unsigned long groupid = 0
passwd * pw
group * gr
char * pcap_cmd
char * pktidx
pcap_tpd
int g_drop_pkt
FILE * alert
FILE * binlog_ptr
int flow
int thiszone
PacketCount pc
u_long netmasks [33]
pcap_pkthdrg_pkthdr
u_char * g_pkt
u_long g_caplen
char * protocol_names [256]
u_int snaplen
grinder_t grinder
runtime_config snort_runtime
char _PATH_VARRUN [STD_BUF]
SFPERF sfPerf
char * optarg
int optind
int opterr
int optopt
static struct timeval starttime
static struct timeval endtime
PluginSignalFuncNodePluginShutdownList
PluginSignalFuncNodePluginCleanExitList
PluginSignalFuncNodePluginRestartList

Define Documentation

#define DLT_OLDPFLOG   17
 

Definition at line 108 of file snort.c.

Referenced by SetPktProcessor().

#define FPUTS_BOTH msg   )     fputs(msg,stdout)
 

Referenced by ShowUsage().

#define FPUTS_UNIX msg   )     fputs(msg,stdout)
 

Referenced by ShowUsage().

#define FPUTS_WIN32 msg   ) 
 

Referenced by ShowUsage().

Function Documentation

void CleanExit int  exit_val  ) 
 

Definition at line 2417 of file snort.c.

References _PluginSignalFuncNode::arg, bzero, _progvars::done_processing, DropStats(), endtime, fpShowEventStats(), _PluginSignalFuncNode::func, gettimeofday(), InlineMode(), LogMessage(), _PluginSignalFuncNode::next, NULL, pcap_close(), _progvars::pid_filename, SIGQUIT, starttime, _progvars::test_mode_flag, and TIMERSUB.

Referenced by InterfaceThread(), SetPktProcessor(), SigIntHandler(), SigQuitHandler(), SigTermHandler(), and SnortMain().

static char * ConfigFileSearch  )  [static]
 

Definition at line 2212 of file snort.c.

References FatalError(), home_dir, and NULL.

Referenced by SnortMain().

void* InterfaceThread void *  arg  ) 
 

Definition at line 2006 of file snort.c.

References bzero, CleanExit(), _progvars::daemon_flag, _progvars::done_processing, ErrorMessage(), gettimeofday(), LOG_CONS, LOG_DAEMON, LOG_PID, NULL, pcap_geterr(), pcap_loop(), PcapProcessPacket(), _progvars::pkt_cnt, starttime, and syslog().

Referenced by SnortMain().

int main int  argc,
char *  argv[]
 

Definition at line 198 of file snort.c.

References FatalError(), and SnortMain().

int OpenPcap  ) 
 

Definition at line 2046 of file snort.c.

References datalink, DEBUG_INIT, DEBUG_WRAP, DefineIfaceVar(), ErrorMessage(), FatalError(), _progvars::interface, LogMessage(), MIN_SNAPLEN, NULL, _progvars::pcap_cmd, pcap_compile(), pcap_datalink(), PCAP_ERRBUF_SIZE, pcap_geterr(), pcap_lookupdev(), pcap_lookupnet(), pcap_open_live(), pcap_open_offline(), pcap_setfilter(), pcap_snapshot(), _progvars::pkt_snaplen, PRINT_INTERFACE, PROMISC, _progvars::promisc_flag, _progvars::quiet_flag, READ_TIMEOUT, _progvars::readfile, _progvars::readmode_flag, snaplen, SNAPLEN, and strstr().

Referenced by ParseConfig(), and SnortMain().

int ParseCmdLine int  argc,
char *  argv[]
 

Definition at line 967 of file snort.c.

References access, _progvars::alert_cmd_override, ALERT_CMG, ALERT_FAST, ALERT_FULL, _progvars::alert_interface_flag, _progvars::alert_mode, ALERT_NONE, ALERT_STDOUT, ALERT_SYSLOG, ALERT_UNSOCK, _progvars::assurance_mode, ASSURE_EST, bcopy, _progvars::binLogFile, _progvars::char_data_flag, _progvars::checksums_mode, _progvars::chroot_dir, _progvars::config_file, copy_argv(), _progvars::daemon_flag, _progvars::data_flag, DEBUG_INIT, DEBUG_WRAP, DisplayBanner(), DO_ICMP_CHECKSUMS, DO_IP_CHECKSUMS, DO_TCP_CHECKSUMS, DO_UDP_CHECKSUMS, _progvars::event_log_id, FatalError(), FatalPrintError(), FILEACCESSBITS, VarEntry::flags, flow_set_daemon(), GenHomenet(), GenObfuscationMask(), GetAdapterFromList(), getopt(), gr, groupid, groupname, _progvars::include_year, _progvars::inline_flag, InlineMode(), _progvars::interface, _progvars::line_buffer_flag, LOG_ASCII, _progvars::log_cmd_override, _progvars::log_dir, _progvars::log_mode, LOG_NONE, LOG_PCAP, LogMessage(), MAX_PIDFILE_SUFFIX, VarEntry::name, NULL, _progvars::obfuscation_flag, optarg, optind, optopt, _progvars::pcap_cmd, PCAP_ERRBUF_SIZE, pcap_lookupdev(), _progvars::pidfile_suffix, _progvars::pkt_cnt, _progvars::pkt_snaplen, PRINT_INTERFACE, PrintDeviceList(), progname, _progvars::promisc_flag, pw, _progvars::quiet_flag, read_infile(), _progvars::readfile, _progvars::readmode_flag, _progvars::rules_order_flag, SetPerfmonitorFile(), _progvars::show2hdr_flag, ShowUsage(), _progvars::showwifimgmt_flag, snprintf, STD_BUF, strcasecmp, strlcpy, strstr(), strtol(), strtoul(), _progvars::test_mode_flag, _progvars::use_utc, userid, username, VAR_STATIC, VarDefine(), _progvars::verbose_bytedump_flag, and _progvars::verbose_flag.

Referenced by SnortMain().

void PcapProcessPacket char *  user,
struct pcap_pkthdr pkthdr,
u_char *  pkt
 

Definition at line 749 of file snort.c.

References pcap_pkthdr::caplen, ClearDumpBuf(), NULL, packet_time_update(), ProcessPacket(), _SFPERF::sfBase, sfthreshold_reset(), SnortEventqReset(), _PacketCount::total, pcap_pkthdr::ts, and UpdateWireStats().

Referenced by InterfaceThread().

static int ProcessAlertCommandLine  )  [static]
 

Definition at line 2257 of file snort.c.

References ActivateOutputPlugin(), _progvars::alert_cmd_override, ALERT_CMG, ALERT_FAST, ALERT_FULL, _progvars::alert_mode, ALERT_NONE, ALERT_STDOUT, ALERT_SYSLOG, ALERT_UNSOCK, FatalError(), NoAlert(), NT_OUTPUT_ALERT, NULL, and SetOutputList().

Referenced by SnortMain().

static int ProcessLogCommandLine  )  [static]
 

Definition at line 2306 of file snort.c.

References ActivateOutputPlugin(), _progvars::binLogFile, FatalError(), LOG_ASCII, _progvars::log_cmd_override, _progvars::log_mode, LOG_NONE, LOG_PCAP, NoLog(), NT_OUTPUT_LOG, NULL, and SetOutputList().

Referenced by SnortMain().

void ProcessPacket char *  user,
struct pcap_pkthdr pkthdr,
u_char *  pkt,
void *  ft
 

Definition at line 779 of file snort.c.

References CallLogPlugins(), ClearDumpBuf(), DEBUG_DECODE, DEBUG_WRAP, g_drop_pkt, _progvars::min_ttl, MODE_IDS, MODE_PACKET_LOG, NULL, _Packet::packet_flags, PKT_IGNORE_PORT, PKT_REBUILT_FRAG, Preprocess(), PrintArpHeader(), PrintEapolPkt(), PrintIPPkt(), PrintWifiPkt(), runMode, _progvars::showwifimgmt_flag, and _progvars::verbose_flag.

Referenced by Frag3Rebuild(), PcapProcessPacket(), and RebuildFrag().

static void Restart  )  [static]
 

Definition at line 2544 of file snort.c.

References _PluginSignalFuncNode::arg, DropStats(), errno, fpShowEventStats(), _PluginSignalFuncNode::func, InlineMode(), LogMessage(), _PluginSignalFuncNode::next, NULL, pcap_close(), _progvars::pid_filename, progargs, progname, SIGHUP, and _progvars::test_mode_flag.

Referenced by SigHupHandler().

int SetPktProcessor  ) 
 

Definition at line 1703 of file snort.c.

References CleanExit(), datalink, DecodeChdlcPkt(), DecodeEncPkt(), DecodeEthPkt(), DecodeFDDIPkt(), DecodeI4LCiscoIPPkt(), DecodeI4LRawIPPkt(), DecodeIEEE80211Pkt(), DecodeLinuxSLLPkt(), DecodeNullPkt(), DecodeOldPflog(), DecodePflog(), DecodePppPkt(), DecodePppSerialPkt(), DecodeRawPkt(), DecodeSlipPkt(), DecodeTRPkt(), DLT_CHDLC, DLT_EN10MB, DLT_ENC, DLT_FDDI, DLT_IEEE802, DLT_IEEE802_11, DLT_LINUX_SLL, DLT_LOOP, DLT_NULL, DLT_OLDPFLOG, DLT_PFLOG, DLT_PPP, DLT_PPP_SERIAL, DLT_RAW, DLT_SLIP, ErrorMessage(), grinder, InlineMode(), _progvars::interface, LogMessage(), PRINT_INTERFACE, progname, _progvars::quiet_flag, _progvars::readmode_flag, and _progvars::show2hdr_flag.

Referenced by SnortMain().

int ShowUsage char *  progname  ) 
 

Definition at line 855 of file snort.c.

References FPUTS_BOTH, FPUTS_UNIX, FPUTS_WIN32, and SNAPLEN.

Referenced by ParseCmdLine(), and SnortMain().

void SigCantHupHandler int  signal  ) 
 

dummy signal handler for nonroot users or chroot.

Parameters:
signal signal to exec

Definition at line 2397 of file snort.c.

References LogMessage().

Referenced by SetChroot(), and SnortMain().

static void SigHupHandler int  signal  )  [static]
 

Definition at line 2356 of file snort.c.

References Restart().

Referenced by SnortMain().

static void SigIntHandler int  signal  )  [static]
 

Definition at line 2346 of file snort.c.

References CleanExit().

Referenced by SnortMain().

static void SigQuitHandler int  signal  )  [static]
 

Definition at line 2351 of file snort.c.

References CleanExit().

Referenced by SnortMain().

static void SigTermHandler int  signal  )  [static]
 

Definition at line 2341 of file snort.c.

References CleanExit().

Referenced by SnortMain().

static void SigUsrHandler int  signal  )  [static]
 

Definition at line 2361 of file snort.c.

References DropStats(), NULL, _progvars::quiet_flag, _progvars::rotate_perf_file, SIG_SETMASK, SIGNAL_SNORT_ROTATE_STATS, and SIGUSR1.

Referenced by SnortMain().

int SnortMain int  argc,
char *  argv[]
 

Definition at line 236 of file snort.c.

References _progvars::alert_cmd_override, _progvars::alert_filename, ALERT_FULL, _progvars::alert_mode, _progvars::alert_plugin_active, AlertPreludeSetupAfterSetuid(), asn1_init_mem(), _progvars::assurance_mode, ASSURE_ALL, CheckLogDir(), _progvars::checksums_mode, _progvars::chroot_dir, CleanExit(), _progvars::config_dir, _progvars::config_file, ConfigFileSearch(), CreateDefaultRules(), CreatePidFile(), _progvars::daemon_flag, DEBUG_INIT, DEBUG_WRAP, DEFAULT_LOG_DIR, DisplayBanner(), DO_ICMP_CHECKSUMS, DO_IP_CHECKSUMS, DO_TCP_CHECKSUMS, DO_UDP_CHECKSUMS, DumpOutputPlugins(), DumpPlugIns(), DumpPreprocessors(), errno, _progvars::event_log_id, FatalError(), FlowBitsVerify(), fpCreateFastPacketDetection(), fpInitDetectionEngine(), gmt2local(), GoDaemon(), init_winsock(), InitDecoderFlags(), InitNetmasks(), InitOutputPlugins(), InitPlugIns(), InitPreprocessors(), InitProtoNames(), InitTag(), InlineMode(), _progvars::interface, InterfaceThread(), _progvars::log_cmd_override, LOG_CONS, LOG_DAEMON, _progvars::log_dir, _progvars::log_mode, LOG_PCAP, LOG_PID, _progvars::log_plugin_active, LogMessage(), memset, MODE_IDS, MODE_PACKET_DUMP, MODE_PACKET_LOG, mpsePrintSummary(), NULL, openlog(), OpenPcap(), OrderRuleLists(), OtnXMatchDataInitialize(), ParseCmdLine(), ParseRulesFile(), _progvars::pidfile_suffix, _progvars::pkt_cnt, PRINT_INTERFACE, print_thresholding(), PrintError(), printRuleOrder(), ProcessAlertCommandLine(), ProcessLogCommandLine(), progargs, progname, _progvars::quiet_flag, _progvars::readfile, _progvars::readmode_flag, _progvars::rotate_perf_file, _progvars::rules_order_flag, runMode, SetChroot(), SetPktProcessor(), SetUidGid(), ShowUsage(), SIG_SETMASK, SIGALRM, SigCantHupHandler(), SIGHUP, SigHupHandler(), SigIntHandler(), SIGNAL_SNORT_ROTATE_STATS, SIGQUIT, SigQuitHandler(), SigTermHandler(), SIGUSR1, SigUsrHandler(), SnortEventqInit(), _progvars::test_mode_flag, thiszone, _progvars::use_utc, userid, and _progvars::verbose_flag.

Referenced by main().

Variable Documentation

char _PATH_VARRUN[STD_BUF]
 

Definition at line 167 of file snort.c.

Referenced by CreatePidFile().

FILE* alert
 

Definition at line 146 of file snort.c.

OutputFuncNode* AlertList
 

Definition at line 587 of file plugbase.c.

FILE* binlog_ptr
 

Definition at line 147 of file snort.c.

int datalink
 

Definition at line 130 of file snort.c.

Referenced by DropStats(), OpenPcap(), Print2ndHeader(), SetPktProcessor(), and UnifiedInitLogFile().

struct timeval endtime [static]
 

Definition at line 2005 of file snort.c.

Referenced by CleanExit().

int errno
 

Referenced by __pyx_f_4dnet___oserror(), _intf_get_aliases(), AddOptFuncToList(), addr_bcast(), addr_btom(), addr_btos(), addr_ntop(), addr_ntos(), addr_pton(), addr_ston(), AddRspFuncToList(), arg_to_fr(), arp_add(), arp_delete(), arp_get(), arp_loop(), arp_msg(), arp_open(), ByteTestParse(), copy_argv(), err(), eth_get(), eth_open(), eth_send(), eth_set(), fw_add(), fw_delete(), fw_loop(), fw_open(), intf_get_dst(), intf_get_src(), intf_open(), intf_set(), ip_add_option(), ip_open(), ip_send(), LoadStateTable(), OldUnifiedLogPacketAlert(), OpenAlertFile(), OpenAlertSock(), OpenLogFile(), OpenSessionFile(), OpenStatsFile(), ParseActivatedBy(), ParseRuleOptions(), ParseRulesFile(), PayloadSearchDepth(), PayloadSearchDistance(), PayloadSearchOffset(), PayloadSearchWithin(), read_infile(), RealUnifiedLogAlert(), RealUnifiedLogPacketAlert(), RealUnifiedLogStreamAlert(), Restart(), route_add(), route_delete(), route_get(), route_loop(), route_msg(), route_open(), SetChroot(), sfRotatePerformanceStatisticsFile(), SnortMain(), Stream4Init(), TcpdumpInitLogFile(), tun_fileno(), tun_name(), tun_open(), tun_recv(), tun_send(), UnifiedInitAlertFile(), UnifiedInitFile(), UnifiedInitLogFile(), UnifiedLogData(), vsyslog(), warn(), and xatou().

int flow
 

Definition at line 148 of file snort.c.

Referenced by ps_filter_ignore(), ps_tracker_update_ip(), ps_tracker_update_tcp(), and ps_tracker_update_udp().

u_long g_caplen
 

Definition at line 154 of file snort.c.

int g_drop_pkt
 

Definition at line 143 of file snort.c.

Referenced by ProcessPacket().

u_char* g_pkt
 

Definition at line 153 of file snort.c.

struct pcap_pkthdr* g_pkthdr
 

Definition at line 152 of file snort.c.

struct group* gr
 

Definition at line 138 of file snort.c.

Referenced by ParseCmdLine(), and ParseConfig().

grinder_t grinder
 

Definition at line 159 of file snort.c.

Referenced by SetPktProcessor().

unsigned long groupid = 0
 

Definition at line 136 of file snort.c.

Referenced by ParseCmdLine(), ParseConfig(), and SetUidGid().

char* groupname
 

Definition at line 134 of file snort.c.

Referenced by ParseCmdLine(), ParseConfig(), and SetUidGid().

OutputFuncNode* LogList
 

Definition at line 588 of file plugbase.c.

u_long netmasks[33]
 

Definition at line 151 of file snort.c.

Referenced by GenHomenet(), GenObfuscationMask(), InitNetmasks(), and ParseIP().

char* optarg
 

Definition at line 27 of file getopt.c.

Referenced by getopt(), and ParseCmdLine().

int opterr
 

Definition at line 30 of file getopt.c.

Referenced by getopt().

int optind
 

Definition at line 28 of file getopt.c.

Referenced by getopt(), and ParseCmdLine().

int optopt
 

Definition at line 32 of file getopt.c.

Referenced by getopt(), and ParseCmdLine().

PacketCount pc
 

Definition at line 150 of file snort.c.

Referenced by BuildPacket(), CallAlertFuncs(), CallAlertPlugins(), CallLogFuncs(), CallLogPlugins(), CreateNewSession(), DecodeARP(), DecodeChdlcPkt(), DecodeEAP(), DecodeEapol(), DecodeEapolKey(), DecodeEthLoopback(), DecodeEthPkt(), DecodeFDDIPkt(), DecodeI4LCiscoIPPkt(), DecodeI4LRawIPPkt(), DecodeICMP(), DecodeIEEE80211Pkt(), DecodeIP(), DecodeIPV6(), DecodeIPX(), DecodeOldPflog(), DecodePflog(), DecodeTCP(), DecodeTRPkt(), DecodeUDP(), DecodeVlan(), DirectLogTcpdump(), DropStats(), Frag2Alloc(), Frag2SelfPreserve(), Frag3NewTracker(), Frag3Rebuild(), GetEventsPerSecond(), LoadStateTable(), NewFragTracker(), PassAction(), PruneFragCache(), ReassembleStream4(), RebuildFrag(), RebuildTraverse(), SafeAlloc(), SpoLogTcpdumpCleanExitFunc(), SpoLogTcpdumpRestartFunc(), and TraverseFunc().

char* pcap_cmd
 

Definition at line 139 of file snort.c.

pcap_t* pd
 

Definition at line 141 of file snort.c.

Referenced by DropStats(), GetPktDropStats(), ParseConfig(), and TcpdumpInitLogFile().

char* pktidx
 

Definition at line 140 of file snort.c.

PluginSignalFuncNode* PluginCleanExitList
 

Definition at line 135 of file plugbase.c.

PluginSignalFuncNode* PluginRestartList
 

Definition at line 136 of file plugbase.c.

PluginSignalFuncNode* PluginShutdownList
 

Definition at line 134 of file plugbase.c.

char** progargs
 

Definition at line 132 of file snort.c.

Referenced by Restart(), and SnortMain().

char* progname
 

Definition at line 131 of file snort.c.

Referenced by ParseCmdLine(), Restart(), SetPktProcessor(), and SnortMain().

char* protocol_names[256]
 

Definition at line 155 of file snort.c.

Referenced by AlertFast(), AlertSyslog(), CleanupProtoNames(), InitProtoNames(), OpenLogFile(), and PrintIPHeader().

PV pv
 

Definition at line 129 of file snort.c.

struct passwd* pw
 

Definition at line 137 of file snort.c.

Referenced by ParseCmdLine(), and ParseConfig().

u_int8_t runMode = 0
 

Definition at line 128 of file snort.c.

Referenced by DecodeARP(), DecodeEAP(), DecodeEapol(), DecodeEapolKey(), DecodeICMP(), DecodeIEEE80211Pkt(), DecodeIP(), DecodeIPOptions(), DecodePPPoEPkt(), DecodeTCP(), DecodeTCPOptions(), DecodeTRPkt(), DecodeUDP(), DecodeVlan(), IPHdrTests(), ProcessPacket(), and SnortMain().

SFPERF sfPerf
 

Definition at line 170 of file snort.c.

u_int snaplen
 

Definition at line 156 of file snort.c.

runtime_config snort_runtime
 

Definition at line 160 of file snort.c.

Referenced by fpEvalOTN(), PreprocRpcDecode(), and Stream4Init().

struct timeval starttime [static]
 

Definition at line 2004 of file snort.c.

Referenced by CleanExit(), and InterfaceThread().

int thiszone
 

Definition at line 149 of file snort.c.

unsigned long userid = 0
 

Definition at line 135 of file snort.c.

Referenced by ParseCmdLine(), ParseConfig(), SetUidGid(), and SnortMain().

char* username
 

Definition at line 133 of file snort.c.

Referenced by ParseCmdLine(), ParseConfig(), and SetUidGid().

Generated on Sun May 14 14:51:27 2006 by  doxygen 1.4.2