Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src / output-plugins

spo_unified.c File Reference

#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <time.h>
#include "decode.h"
#include "rules.h"
#include "util.h"
#include "plugbase.h"
#include "spo_plugbase.h"
#include "parser.h"
#include "debug.h"
#include "mstring.h"
#include "stream.h"
#include "event.h"
#include "generators.h"
#include "snort_packet_header.h"
#include "snort.h"

Go to the source code of this file.

Defines

#define SNORT_MAGIC   0xa1b2c3d4
#define ALERT_MAGIC   0xDEAD4137
#define LOG_MAGIC   0xDEAD1080
#define SNORT_VERSION_MAJOR   1
#define SNORT_VERSION_MINOR   2
#define UNIFIED_MAGIC   0x2dac5ceb
#define UNIFIED_TYPE_ALERT   0x1
#define UNIFIED_TYPE_PACKET_ALERT   0x2

Typedefs

typedef _UnifiedLogFileHeader UnifiedLogFileHeader
typedef _UnifiedAlertFileHeader UnifiedAlertFileHeader
typedef _UnifiedLog UnifiedLog
typedef _UnifiedAlert UnifiedAlert
typedef _UnifiedConfig UnifiedConfig
typedef _FileHeader FileHeader
typedef _DataHeader DataHeader

Functions

static UnifiedConfigUnifiedParseArgs (char *, char *)
static void UnifiedCleanExit (int, void *)
static void UnifiedRestart (int, void *)
static void UnifiedInit (u_char *)
static void UnifiedInitFile (UnifiedConfig *)
static void UnifiedRotateFile (UnifiedConfig *)
static void UnifiedLogAlert (Packet *, char *, void *, Event *)
static void UnifiedLogPacketAlert (Packet *, char *, void *, Event *)
static void RealUnifiedLogAlert (Packet *, char *, void *, Event *, DataHeader *)
static void RealUnifiedLogPacketAlert (Packet *, char *, void *, Event *, DataHeader *)
void RealUnifiedLogStreamAlert (Packet *, char *, void *, Event *, DataHeader *)
static void UnifiedAlertInit (u_char *)
static void UnifiedInitAlertFile (UnifiedConfig *)
static void UnifiedAlertRotateFile (UnifiedConfig *data)
static void OldUnifiedLogAlert (Packet *, char *, void *, Event *)
static void UnifiedLogInit (u_char *)
static void UnifiedInitLogFile (UnifiedConfig *)
static void OldUnifiedLogPacketAlert (Packet *, char *, void *, Event *)
static void UnifiedLogRotateFile (UnifiedConfig *data)
void UnifiedSetup ()
int UnifiedLogData (u_int32_t type, u_int32_t length, void *data)

Variables

u_int16_t event_id
OptTreeNodeotn_tmp
int thiszone
static UnifiedConfigunifiedConfig
static char write_pkt_buffer [sizeof(DataHeader)+IP_MAXPACKET]

Define Documentation

#define ALERT_MAGIC   0xDEAD4137
 

Definition at line 73 of file spo_unified.c.

Referenced by UnifiedInitAlertFile().

#define LOG_MAGIC   0xDEAD1080
 

Definition at line 74 of file spo_unified.c.

Referenced by UnifiedInitLogFile().

#define SNORT_MAGIC   0xa1b2c3d4
 

Definition at line 72 of file spo_unified.c.

#define SNORT_VERSION_MAJOR   1
 

Definition at line 75 of file spo_unified.c.

Referenced by UnifiedInitLogFile().

#define SNORT_VERSION_MINOR   2
 

Definition at line 76 of file spo_unified.c.

Referenced by UnifiedInitLogFile().

#define UNIFIED_MAGIC   0x2dac5ceb
 

Definition at line 169 of file spo_unified.c.

Referenced by UnifiedInitFile().

#define UNIFIED_TYPE_ALERT   0x1
 

Definition at line 171 of file spo_unified.c.

Referenced by UnifiedLogAlert().

#define UNIFIED_TYPE_PACKET_ALERT   0x2
 

Definition at line 172 of file spo_unified.c.

Referenced by UnifiedLogPacketAlert().

Typedef Documentation

typedef struct _DataHeader DataHeader
 

typedef struct _FileHeader FileHeader
 

typedef struct _UnifiedAlert UnifiedAlert
 

typedef struct _UnifiedAlertFileHeader UnifiedAlertFileHeader
 

typedef struct _UnifiedConfig UnifiedConfig
 

typedef struct _UnifiedLog UnifiedLog
 

typedef struct _UnifiedLogFileHeader UnifiedLogFileHeader
 

Function Documentation

void OldUnifiedLogAlert Packet ,
char *  ,
void *  ,
Event
[static]
 

Definition at line 941 of file spo_unified.c.

References NULL, and RealUnifiedLogAlert().

Referenced by UnifiedAlertInit().

void OldUnifiedLogPacketAlert Packet ,
char *  ,
void *  ,
Event
[static]
 

Definition at line 1058 of file spo_unified.c.

References pcap_pkthdr::caplen, _SnortPktHeader::caplen, _StreamPacketData::chuck, _Event::classification, _UnifiedConfig::current, _Stream::data, DEBUG_LOG, DEBUG_WRAP, _Packet::eh, errno, _EtherHdr::ether_dst, _EtherHdr::ether_src, _EtherHdr::ether_type, _UnifiedLog::event, event_id, _Event::event_id, _progvars::event_log_id, _Event::event_reference, FatalError(), _UnifiedLog::flags, GENERATOR_TAG, _UnifiedConfig::limit, memcpy, memset, NULL, _Packet::packet_flags, _Packet::pkt, _StreamPacketData::pkt, PKT_REBUILT_STREAM, _Packet::pkth, _StreamPacketData::pkth, _UnifiedLog::pkth, _SnortPktHeader::pktlen, _Event::priority, pv, _Event::ref_time, SEG_UNASSEMBLED, _Event::sig_generator, _Event::sig_id, _Event::sig_rev, _UnifiedConfig::stream, _Packet::streamptr, TAG_LOG_PKT, _SnortPktHeader::ts, ubi_btFirst(), ubi_btNext(), and UnifiedLogRotateFile().

Referenced by UnifiedLogInit().

void RealUnifiedLogAlert Packet ,
char *  ,
void *  ,
Event ,
DataHeader
[static]
 

Definition at line 392 of file spo_unified.c.

References bzero, _Event::classification, _ICMPHdr::code, _UnifiedConfig::current, _Stream::data, DEBUG_LOG, DEBUG_WRAP, _Packet::dp, errno, _Event::event_id, _Event::event_reference, FatalError(), _Packet::icmph, _IPHdr::ip_dst, _IPHdr::ip_proto, _IPHdr::ip_src, _Packet::iph, _UnifiedConfig::limit, NULL, _Packet::packet_flags, PKT_REBUILT_STREAM, _StreamPacketData::pkth, _Packet::pkth, _Event::priority, _Event::ref_time, _Event::sig_generator, _Event::sig_id, _Event::sig_rev, _Packet::sp, _UnifiedConfig::stream, _Packet::streamptr, _SnortPktHeader::ts, pcap_pkthdr::ts, _ICMPHdr::type, ubi_btFirst(), UnifiedAlertRotateFile(), and UnifiedRotateFile().

Referenced by OldUnifiedLogAlert(), and UnifiedLogAlert().

void RealUnifiedLogPacketAlert Packet ,
char *  ,
void *  ,
Event ,
DataHeader
[static]
 

Definition at line 510 of file spo_unified.c.

References pcap_pkthdr::caplen, _SnortPktHeader::caplen, _Event::classification, _UnifiedConfig::current, DEBUG_LOG, DEBUG_WRAP, errno, _UnifiedLog::event, _Event::event_id, _Event::event_reference, FatalError(), _UnifiedLog::flags, _UnifiedConfig::limit, memcpy, NULL, _Packet::packet_flags, _Packet::pkt, _Packet::pkth, _UnifiedLog::pkth, _SnortPktHeader::pktlen, _Event::priority, _Event::ref_time, _Event::sig_generator, _Event::sig_id, _Event::sig_rev, _UnifiedConfig::stream, _SnortPktHeader::ts, UnifiedLogRotateFile(), and UnifiedRotateFile().

Referenced by UnifiedLogPacketAlert().

void RealUnifiedLogStreamAlert Packet p,
char *  msg,
void *  arg,
Event event,
DataHeader dHdr
 

Log a set of packets stored in the stream reassembler

Definition at line 600 of file spo_unified.c.

References _SnortPktHeader::caplen, _StreamPacketData::chuck, _Event::classification, _UnifiedConfig::current, _Stream::data, DEBUG_LOG, DEBUG_WRAP, errno, _UnifiedLog::event, _Event::event_id, _Event::event_reference, FatalError(), GENERATOR_TAG, _UnifiedConfig::limit, memcpy, NULL, _StreamPacketData::pkt, _StreamPacketData::pkth, _UnifiedLog::pkth, _Event::priority, _Event::ref_time, SEG_UNASSEMBLED, _Event::sig_generator, _Event::sig_id, _Event::sig_rev, _UnifiedConfig::stream, _Packet::streamptr, TAG_LOG_PKT, ubi_btFirst(), ubi_btNext(), UnifiedLogRotateFile(), and UnifiedRotateFile().

Referenced by UnifiedLogPacketAlert().

void UnifiedAlertInit u_char *   )  [static]
 

Definition at line 866 of file spo_unified.c.

References AddFuncToCleanExitList(), AddFuncToOutputList(), AddFuncToRestartList(), _progvars::alert_plugin_active, DEBUG_INIT, DEBUG_WRAP, NT_OUTPUT_ALERT, OldUnifiedLogAlert(), pv, UnifiedCleanExit(), UnifiedInitAlertFile(), UnifiedParseArgs(), and UnifiedRestart().

Referenced by UnifiedSetup().

void UnifiedAlertRotateFile UnifiedConfig data  )  [static]
 

Definition at line 946 of file spo_unified.c.

References _UnifiedConfig::current, _UnifiedConfig::stream, and UnifiedInitAlertFile().

Referenced by RealUnifiedLogAlert().

static void UnifiedCleanExit int  ,
void * 
[static]
 

Definition at line 826 of file spo_unified.c.

References DEBUG_FLOW, DEBUG_WRAP, _UnifiedConfig::filename, and _UnifiedConfig::stream.

Referenced by UnifiedAlertInit(), UnifiedInit(), and UnifiedLogInit().

void UnifiedInit u_char *   )  [static]
 

Definition at line 247 of file spo_unified.c.

References AddFuncToCleanExitList(), AddFuncToOutputList(), AddFuncToRestartList(), _progvars::alert_plugin_active, FatalError(), _progvars::log_plugin_active, NT_OUTPUT_ALERT, NT_OUTPUT_LOG, pv, UnifiedCleanExit(), UnifiedInitFile(), UnifiedLogAlert(), UnifiedLogPacketAlert(), UnifiedParseArgs(), and UnifiedRestart().

Referenced by UnifiedSetup().

void UnifiedInitAlertFile UnifiedConfig  )  [static]
 

Definition at line 895 of file spo_unified.c.

References ALERT_MAGIC, bzero, DEBUG_LOG, DEBUG_WRAP, errno, FatalError(), _UnifiedConfig::filename, _progvars::log_dir, _UnifiedAlertFileHeader::magic, NULL, pv, snprintf, STD_BUF, _UnifiedConfig::stream, thiszone, _UnifiedAlertFileHeader::timezone, _UnifiedAlertFileHeader::version_major, and _UnifiedAlertFileHeader::version_minor.

Referenced by UnifiedAlertInit(), and UnifiedAlertRotateFile().

static void UnifiedInitFile UnifiedConfig  )  [static]
 

Definition at line 282 of file spo_unified.c.

References bzero, errno, FatalError(), _UnifiedConfig::filename, _FileHeader::flags, _progvars::log_dir, _FileHeader::magic, NULL, pv, snprintf, STD_BUF, _UnifiedConfig::stream, and UNIFIED_MAGIC.

Referenced by UnifiedInit(), and UnifiedRotateFile().

void UnifiedInitLogFile UnifiedConfig  )  [static]
 

Definition at line 990 of file spo_unified.c.

References bzero, datalink, DLT_EN10MB, errno, FatalError(), _UnifiedConfig::filename, _UnifiedLogFileHeader::linktype, _progvars::log_dir, LOG_MAGIC, _UnifiedLogFileHeader::magic, NULL, pv, _UnifiedLogFileHeader::sigfigs, snaplen, _UnifiedLogFileHeader::snaplen, SNORT_VERSION_MAJOR, SNORT_VERSION_MINOR, snprintf, STD_BUF, _UnifiedConfig::stream, thiszone, _UnifiedLogFileHeader::timezone, _UnifiedLogFileHeader::version_major, and _UnifiedLogFileHeader::version_minor.

Referenced by UnifiedLogInit(), and UnifiedLogRotateFile().

void UnifiedLogAlert Packet ,
char *  ,
void *  ,
Event
[static]
 

Definition at line 382 of file spo_unified.c.

References _DataHeader::length, RealUnifiedLogAlert(), _DataHeader::type, and UNIFIED_TYPE_ALERT.

Referenced by UnifiedInit().

int UnifiedLogData u_int32_t  type,
u_int32_t  length,
void *  data
 

Definition at line 334 of file spo_unified.c.

References errno, FatalError(), IP_MAXPACKET, _DataHeader::length, LogMessage(), memcpy, memset, _UnifiedConfig::stream, _DataHeader::type, and write_pkt_buffer.

void UnifiedLogInit u_char *   )  [static]
 

Definition at line 956 of file spo_unified.c.

References AddFuncToCleanExitList(), AddFuncToOutputList(), AddFuncToRestartList(), DEBUG_INIT, DEBUG_WRAP, _progvars::log_bitmap, _progvars::log_plugin_active, LOG_UNIFIED, NT_OUTPUT_LOG, OldUnifiedLogPacketAlert(), pv, UnifiedCleanExit(), UnifiedInitLogFile(), UnifiedParseArgs(), and UnifiedRestart().

Referenced by UnifiedSetup().

void UnifiedLogPacketAlert Packet ,
char *  ,
void *  ,
Event
[static]
 

Definition at line 489 of file spo_unified.c.

References DEBUG_LOG, DEBUG_WRAP, _DataHeader::length, _Packet::packet_flags, PKT_REBUILT_STREAM, RealUnifiedLogPacketAlert(), RealUnifiedLogStreamAlert(), _DataHeader::type, and UNIFIED_TYPE_PACKET_ALERT.

Referenced by UnifiedInit().

void UnifiedLogRotateFile UnifiedConfig data  )  [static]
 

Definition at line 1266 of file spo_unified.c.

References _UnifiedConfig::current, _UnifiedConfig::stream, and UnifiedInitLogFile().

Referenced by OldUnifiedLogPacketAlert(), RealUnifiedLogPacketAlert(), and RealUnifiedLogStreamAlert().

UnifiedConfig * UnifiedParseArgs char *  ,
char * 
[static]
 

Definition at line 735 of file spo_unified.c.

References DEBUG_PLUGIN, DEBUG_WRAP, FatalError(), file_line, file_name, _UnifiedConfig::filename, index, _UnifiedConfig::limit, LogMessage(), mSplit(), NULL, and strcasecmp.

Referenced by UnifiedAlertInit(), UnifiedInit(), and UnifiedLogInit().

static void UnifiedRestart int  ,
void * 
[static]
 

Definition at line 852 of file spo_unified.c.

References DEBUG_FLOW, DEBUG_WRAP, _UnifiedConfig::filename, and _UnifiedConfig::stream.

Referenced by UnifiedAlertInit(), UnifiedInit(), and UnifiedLogInit().

void UnifiedRotateFile UnifiedConfig  )  [static]
 

Definition at line 324 of file spo_unified.c.

References _UnifiedConfig::current, _UnifiedConfig::stream, and UnifiedInitFile().

Referenced by RealUnifiedLogAlert(), RealUnifiedLogPacketAlert(), and RealUnifiedLogStreamAlert().

void UnifiedSetup  ) 
 

Definition at line 225 of file spo_unified.c.

References DEBUG_INIT, DEBUG_WRAP, NT_OUTPUT_ALERT, NT_OUTPUT_LOG, NT_OUTPUT_SPECIAL, RegisterOutputPlugin(), UnifiedAlertInit(), UnifiedInit(), and UnifiedLogInit().

Referenced by InitOutputPlugins().

Variable Documentation

u_int16_t event_id
 

Definition at line 99 of file detect.c.

OptTreeNode* otn_tmp
 

Definition at line 80 of file parser.c.

int thiszone
 

Definition at line 149 of file snort.c.

Referenced by DeleteSession(), SnortMain(), ts_print(), UnifiedInitAlertFile(), and UnifiedInitLogFile().

UnifiedConfig* unifiedConfig [static]
 

Definition at line 211 of file spo_unified.c.

char write_pkt_buffer[sizeof(DataHeader)+IP_MAXPACKET] [static]
 

Definition at line 332 of file spo_unified.c.

Referenced by UnifiedLogData().

Generated on Sun May 14 14:51:23 2006 by  doxygen 1.4.2