Permalink
Browse files

Current Working build

  • Loading branch information...
1 parent 9820c15 commit e62dfb01c614e0c0a08f85f194b543b8f6d0a4a0 @binf binf committed Sep 2, 2011
Showing with 8,292 additions and 2,319 deletions.
  1. +11 −0 src/barnyard2.c
  2. +51 −35 src/map.c
  3. +25 −20 src/map.h
  4. +2 −1 src/output-plugins/Makefile.am
  5. +3,136 −2,237 src/output-plugins/spo_database.c
  6. +643 −0 src/output-plugins/spo_database.h
  7. +3,931 −0 src/output-plugins/spo_database_cache.c
  8. +131 −0 src/output-plugins/spo_database_cache.h
  9. +17 −6 src/spooler.c
  10. +333 −20 src/util.c
  11. +12 −0 src/util.h
View
@@ -993,12 +993,17 @@ static void SigExitHandler(int signal)
if (exit_signal != 0)
return;
+
+
/* Don't want to have to wait to start processing packets before
* getting out of dodge */
if (barnyard2_initializing)
_exit(0);
exit_signal = signal;
+
+ Barnyard2Cleanup(signal);
+
}
static void SigUsrHandler(int signal)
@@ -1007,11 +1012,17 @@ static void SigUsrHandler(int signal)
return;
usr_signal = signal;
+
+ Barnyard2Cleanup(signal);
+
+
}
static void SigHupHandler(int signal)
{
hup_signal = 1;
+ Barnyard2Cleanup(signal);
+
}
/****************************************************************************
View
@@ -31,7 +31,11 @@
** Ideas stolen liberally from:
** 1. the orginal barnyard (A. Baker, M. Roesch)
**
+**
+**
+**
** TODO:
+** -ERROR CHECKING..........!@#$%@
** 1. Convert existing linked lists to adaptive splayed trees.
*/
@@ -272,7 +276,7 @@ int ReadReferenceFile(Barnyard2Config *bc, const char *file)
if(num_toks > 1)
{
ParseReferenceSystemConfig(bc, toks[1]);
- count++;
+ count++;
}
mSplitFree(&toks, num_toks);
@@ -291,6 +295,7 @@ int ReadReferenceFile(Barnyard2Config *bc, const char *file)
/************************ Class/Priority Implementation ***********************/
/* NOTE: This lookup can only be done during parse time */
+/* Wut ...*/
ClassType * ClassTypeLookupByType(Barnyard2Config *bc, char *type)
{
ClassType *node;
@@ -315,6 +320,7 @@ ClassType * ClassTypeLookupByType(Barnyard2Config *bc, char *type)
}
/* NOTE: This lookup can only be done during parse time */
+/* Wut ...*/
ClassType * ClassTypeLookupById(Barnyard2Config *bc, int id)
{
ClassType *node;
@@ -440,12 +446,12 @@ int ReadClassificationFile(Barnyard2Config *bc, const char *file)
char *index;
char **toks;
int num_toks;
- int count = 0;
-
-
+ int count = 0;
+
+
DEBUG_WRAP(DebugMessage(DEBUG_MAPS, "map: opening file %s\n", file););
- if((fd = fopen(file, "r")) == NULL)
+ if((fd = fopen(file, "r")) == NULL)
{
LogMessage("ERROR: Unable to open Classification file '%s' (%s)\n",
file, strerror(errno));
@@ -471,7 +477,7 @@ int ReadClassificationFile(Barnyard2Config *bc, const char *file)
if(num_toks > 1)
{
ParseClassificationConfig(bc, toks[1]);
- count++;
+ count++;
}
mSplitFree(&toks, num_toks);
@@ -524,7 +530,9 @@ int ReadSidFile(Barnyard2Config *bc, const char *file)
count++;
}
}
-
+
+ //LogMessage("Read [%u] signature \n",count);
+
if(fd != NULL)
fclose(fd);
@@ -620,6 +628,8 @@ void ParseSidMapLine(Barnyard2Config *bc, char *data)
}
mSplitFree(&toks, num_toks);
+
+ return;
}
SigNode *GetSigByGidSid(u_int32_t gid, u_int32_t sid)
@@ -644,13 +654,13 @@ SigNode *GetSigByGidSid(u_int32_t gid, u_int32_t sid)
}
/* create a default message since we didn't find any match */
- sn = CreateSigNode(&sigTypes);
+ sn = CreateSigNode(&sigTypes);
sn->generator = gid;
sn->id = sid;
sn->rev = 0;
sn->msg = (char *)SnortAlloc(42);
snprintf(sn->msg, 42, "Snort Alert [%u:%u:%u]", gid, sid, 0);
-
+
return sn;
}
@@ -668,12 +678,15 @@ SigNode *CreateSigNode(SigNode **head)
sn = *head;
while (sn->next != NULL)
- sn = sn->next;
-
+ sn = sn->next;
+
sn->next = (SigNode *) SnortAlloc(sizeof(SigNode));
-
+
return sn->next;
}
+
+ /* XXX */
+ return NULL;
}
int ReadGenFile(Barnyard2Config *bc, const char *file)
@@ -706,33 +719,36 @@ int ReadGenFile(Barnyard2Config *bc, const char *file)
if( (*index != '#') && (*index != 0x0a) && (index != NULL) )
{
ParseGenMapLine(index);
- count++;
+ count++;
}
}
+ //LogMessage("Read [%u] gen \n",count);
+
if(fd != NULL)
fclose(fd);
return 0;
}
+
void ParseGenMapLine(char *data)
{
char **toks;
int num_toks;
int i;
char *idx;
SigNode *sn;
-
+
toks = mSplitSpecial(data, "||", 32, &num_toks, '\0');
-
+
if(num_toks < 2)
{
LogMessage("WARNING: Ignoring bad line in SID file: \"%s\"\n", data);
- return;
+ return;
}
-
- sn = CreateSigNode(&sigTypes);
+
+ sn = CreateSigNode(&sigTypes);
for(i=0; i<num_toks; i++)
{
@@ -742,24 +758,24 @@ void ParseGenMapLine(char *data)
switch(i)
{
- case 0: /* gen */
- //TODO: error checking on conversion
- sn->generator = strtoul(idx, NULL, 10);
- break;
-
- case 1: /* sid */
- //TODO: error checking on conversion
- sn->id = strtoul(idx, NULL, 10);
- break;
-
- case 2: /* msg */
- sn->msg = SnortStrdup(idx);
- break;
-
- default:
- break;
+ case 0: /* gen */
+ //TODO: error checking on conversion
+ sn->generator = strtoul(idx, NULL, 10);
+ break;
+
+ case 1: /* sid */
+ //TODO: error checking on conversion
+ sn->id = strtoul(idx, NULL, 10);
+ break;
+
+ case 2: /* msg */
+ sn->msg = SnortStrdup(idx);
+ break;
+
+ default:
+ break;
}
}
-
+
mSplitFree(&toks, num_toks);
}
View
@@ -64,6 +64,7 @@ typedef struct _ReferenceSystemNode
char *name;
char *url;
struct _ReferenceSystemNode *next;
+
} ReferenceSystemNode;
ReferenceSystemNode * ReferenceSystemAdd(ReferenceSystemNode **, char *, char *);
@@ -77,9 +78,9 @@ void DeleteReferenceSystems(struct _Barnyard2Config *);
typedef struct _ReferenceNode
{
- char *id;
- ReferenceSystemNode *system;
- struct _ReferenceNode *next;
+ char *id;
+ ReferenceSystemNode *system;
+ struct _ReferenceNode *next;
} ReferenceNode;
ReferenceNode * AddReference(struct _Barnyard2Config *, ReferenceNode **, char *, char *);
@@ -88,36 +89,40 @@ void DeleteReferences(struct _Barnyard2Config *);
typedef struct _ClassType
{
- char *type;
- uint32_t id;
- char *name; /* "pretty" name */
- uint32_t priority;
- struct _ClassType *next;
-} ClassType;
+ char *type;
+ char *name; /* "pretty" name */
+ uint32_t id;
+ uint32_t priority;
+ struct _ClassType *next;
-ClassType * ClassTypeLookupByType(struct _Barnyard2Config *, char *);
-ClassType * ClassTypeLookupById(struct _Barnyard2Config *, int);
-int ReadClassificationFile(struct _Barnyard2Config *, const char *);
-void ParseClassificationConfig(struct _Barnyard2Config *, char *args);
-
-void DeleteClassTypes();
+} ClassType;
typedef struct _SigNode
{
uint32_t generator; /* generator ID */
uint32_t id; /* Snort ID */
uint32_t rev; /* revision (for future expansion) */
- uint32_t class_id;
- ClassType *classType;
- uint32_t priority;
- char *msg; /* messages */
+ uint32_t class_id;
+ uint32_t priority;
+ char *msg; /* messages */
+ ClassType *classType;
ReferenceNode *refs; /* references (eg bugtraq) */
-
struct _SigNode *next;
+
} SigNode;
+
+
+ClassType * ClassTypeLookupByType(struct _Barnyard2Config *, char *);
+ClassType * ClassTypeLookupById(struct _Barnyard2Config *, int);
+
+int ReadClassificationFile(struct _Barnyard2Config *, const char *);
+void ParseClassificationConfig(struct _Barnyard2Config *, char *args);
+
+void DeleteClassTypes();
+
SigNode *GetSigByGidSid(uint32_t, uint32_t);
int ReadSidFile(struct _Barnyard2Config *, const char *);
@@ -21,6 +21,7 @@ spo_log_null.c spo_log_null.h \
spo_log_tcpdump.c spo_log_tcpdump.h \
spo_platypus.c spo_platypus.h \
spo_sguil.c spo_sguil.h \
-spo_database.c spo_database.h
+spo_database.c spo_database.h \
+spo_database_cache.c spo_database_cache.h
INCLUDES = -I.. -I ../sfutil
Oops, something went wrong.

0 comments on commit e62dfb0

Please sign in to comment.