00001 /* $Id$ */ 00002 /* Snort Preprocessor Plugin Source File for XLINK2STATE */ 00003 00004 /* spp_xlink2state 00005 * 00006 * Copyright (C) 2005 Sourcefire,Inc. 00007 * 00008 */ 00009 00010 #include <stdlib.h> 00011 00012 /* 00013 * If you're going to issue any alerts from this preproc you 00014 * should include generators.h and event_wrapper.h 00015 */ 00016 #include "generators.h" 00017 #include "event_wrapper.h" 00018 00019 #include "util.h" 00020 #include "plugbase.h" 00021 #include "parser.h" 00022 00023 /* 00024 * put in other includes as necessary 00025 */ 00026 #include "debug.h" 00027 00028 /* 00029 * your preprocessor header file goes here if necessary, don't forget 00030 * to include the header file in plugbase.h too! 00031 */ 00032 #include "spp_xlink2state.h" 00033 00034 /* 00035 * define any needed data structs for things like configuration 00036 */ 00037 #include "xlink2state.h" 00038 00039 /* 00040 * If you need to instantiate the preprocessor's 00041 * data structure, do it here 00042 */ 00043 00044 /* 00045 * function prototypes go here 00046 */ 00047 00048 static void XLINK2STATEInit(u_char *); 00049 static void XLINK2STATEDetect(Packet *, void *context); 00050 static void XLINK2STATECleanExitFunction(int, void *); 00051 static void XLINK2STATERestartFunction(int, void *); 00052 00053 00054 00055 /* 00056 * Function: SetupXLINK2STATE() 00057 * 00058 * Purpose: Registers the preprocessor keyword and initialization 00059 * function into the preprocessor list. This is the function that 00060 * gets called from InitPreprocessors() in plugbase.c. 00061 * 00062 * Arguments: None. 00063 * 00064 * Returns: void function 00065 * 00066 */ 00067 void SetupXLINK2STATE() 00068 { 00069 /* 00070 * link the preprocessor keyword to the init function in 00071 * the preproc list 00072 */ 00073 RegisterPreprocessor("xlink2state", XLINK2STATEInit); 00074 } 00075 00076 00077 /* 00078 * Function: XLINK2STATEInit(u_char *) 00079 * 00080 * Purpose: Calls the argument parsing function, performs final setup on data 00081 * structs, links the preproc function into the function list. 00082 * 00083 * Arguments: args => ptr to argument string 00084 * 00085 * Returns: void function 00086 * 00087 */ 00088 static void XLINK2STATEInit(u_char *args) 00089 { 00090 int bFirstConfig = 1; 00091 00092 /* 00093 * Parse the argument list from the rules file 00094 */ 00095 XLINK2STATE_ParseArgs(args); 00096 00097 /* 00098 * Perform any other initialization functions that are required here 00099 */ 00100 XLINK2STATE_Init(); 00101 00102 /* 00103 * Put the preprocessor function into the function list 00104 */ 00105 if ( bFirstConfig ) 00106 { 00107 AddFuncToPreprocList(XLINK2STATEDetect); 00108 AddFuncToCleanExitList(XLINK2STATECleanExitFunction, NULL); 00109 AddFuncToRestartList(XLINK2STATERestartFunction, NULL); 00110 bFirstConfig = 0; 00111 } 00112 } 00113 00114 00115 00116 00117 /* 00118 * Function: XLINK2STATEDetect(Packet *) 00119 * 00120 * Purpose: Perform the preprocessor's intended function. This can be 00121 * simple (statistics collection) or complex (IP defragmentation) 00122 * as you like. Try not to destroy the performance of the whole 00123 * system by trying to do too much.... 00124 * 00125 * Arguments: p => pointer to the current packet data struct 00126 * 00127 * Returns: void function 00128 * 00129 */ 00130 static void XLINK2STATEDetect(Packet *p, void *context) 00131 { 00132 if(!PacketIsTCP(p)) 00133 { 00134 return; 00135 } 00136 00137 SnortXLINK2STATE(p); 00138 00139 /* 00140 * if you need to issue an alert from your preprocessor, check out 00141 * event_wrapper.h, there are some useful helper functions there 00142 */ 00143 } 00144 00145 00146 /* 00147 * Function: XLINK2STATECleanExitFunction(int, void *) 00148 * 00149 * Purpose: This function gets called when Snort is exiting, if there's 00150 * any cleanup that needs to be performed (e.g. closing files) 00151 * it should be done here. 00152 * 00153 * Arguments: signal => the code of the signal that was issued to Snort 00154 * data => any arguments or data structs linked to this 00155 * function when it was registered, may be 00156 * needed to properly exit 00157 * 00158 * Returns: void function 00159 */ 00160 static void XLINK2STATECleanExitFunction(int signal, void *data) 00161 { 00162 00163 } 00164 00165 00166 /* 00167 * Function: XLINK2STATERestartFunction(int, void *) 00168 * 00169 * Purpose: This function gets called when Snort is restarting on a SIGHUP, 00170 * if there's any initialization or cleanup that needs to happen 00171 * it should be done here. 00172 * 00173 * Arguments: signal => the code of the signal that was issued to Snort 00174 * data => any arguments or data structs linked to this 00175 * functioin when it was registered, may be 00176 * needed to properly exit 00177 * 00178 * Returns: void function 00179 */ 00180 static void XLINK2STATERestartFunction(int signal, void *foo) 00181 { 00182 /* restart code goes here */ 00183 } 00184 00185