fpcreate.c File Reference

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "rules.h"
#include "parser.h"
#include "fpcreate.h"
#include "fpdetect.h"
#include "sp_pattern_match.h"
#include "sp_icmp_code_check.h"
#include "sp_icmp_type_check.h"
#include "sp_ip_proto.h"
#include "plugin_enum.h"
#include "util.h"
#include "mpse.h"
#include "bitop.h"

Go to the source code of this file.

Defines

#define MEMASSERT(p, s) if(!p){printf("No memory - file:%s %s !\n",__FILE__,s); exit(1);}

Functions

int prmFindRuleGroupIp (int ip_proto, PORT_GROUP **ip_group, PORT_GROUP **gen)

int prmFindRuleGroupIcmp (int type, PORT_GROUP **type_group, PORT_GROUP **gen)

int prmFindRuleGroupTcp (int dport, int sport, PORT_GROUP **src, PORT_GROUP **dst, PORT_GROUP **gen)

int prmFindRuleGroupUdp (int dport, int sport, PORT_GROUP **src, PORT_GROUP **dst, PORT_GROUP **gen)

static int OtnHasContent (OptTreeNode *otn)

static int OtnHasUriContent (OptTreeNode *otn)

static int CheckPorts (u_short high_port, u_short low_port)

int fpInitDetectionEngine ()

int fpSetDetectSearchMethod (char *method)

int fpSetDebugMode ()

int fpSetStreamInsert ()

int fpSetMaxQueueEvents (int iNum)

void BuildMultiPatGroupsUri (PORT_GROUP *pg)

static int IsPureNotRule (PatternMatchData *pmd)

static PatternMatchData * FindLongestPattern (PatternMatchData *pmd)

void BuildMultiPatGroup (PORT_GROUP *pg)

void BuildMultiPatternGroups (PORT_RULE_MAP *prm)

int fpCreateFastPacketDetection ()

int fpShowEventStats ()

Variables

static PORT_RULE_MAP * prmTcpRTNX = NULL

static PORT_RULE_MAP * prmUdpRTNX = NULL

static PORT_RULE_MAP * prmIpRTNX = NULL

static PORT_RULE_MAP * prmIcmpRTNX = NULL

static FPDETECT fpDetect

Define Documentation

#define MEMASSERT ( p,
s ) if(!p){printf("No memory - file:%s %s !\n",__FILE__,s); exit(1);}

Definition at line 55 of file fpcreate.c.
Referenced by acsmAddKey2(), acsmAddPattern(), acsmAddPattern2(), acsmCompile(), acsmCompile2(), acsmNew(), acsmNew2(), AddMatchListEntry(), BuildMultiPatGroup(), BuildMultiPatGroupsUri(), CopyMatchListEntry(), fpCreateFastPacketDetection(), queue_add(), and s_malloc().

Function Documentation

void BuildMultiPatGroup ( PORT_GROUP * pg )

Definition at line 470 of file fpcreate.c.
References boInitBITOP(), PORT_GROUP::boRuleNodeID, _otnx_::content_length, _PatternMatchData::depth, _OptTreeNode::ds_list, FindLongestPattern(), _rule_node_::iRuleNodeID, IsPureNotRule(), LogMessage(), MEMASSERT, _SigInfo::message, mpseAddPattern(), mpseNew(), mpsePrepPatterns(), _PatternMatchData::next, _PatternMatchData::nocase, NULL, _PatternMatchData::offset, _otnx_::otn, _PatternMatchData::pattern_buf, _PatternMatchData::pattern_size, _pmx_::PatternMatchData, PORT_GROUP::pgCount, PORT_GROUP::pgHead, PORT_GROUP::pgPatData, PLUGIN_PATTERN_MATCH, PLUGIN_PATTERN_MATCH_OR, prmAddNotNode(), prmGetFirstRule(), _rule_node_::rnNext, _rule_node_::rnRuleData, _otnx_::rtn, _pmx_::RuleNode, _FPDETECT::search_method, and _OptTreeNode::sigInfo.
Referenced by BuildMultiPatternGroups().

void BuildMultiPatGroupsUri ( PORT_GROUP * pg )

Definition at line 298 of file fpcreate.c.
References boInitBITOP(), PORT_GROUP::boRuleNodeID, _otnx_::content_length, _PatternMatchData::depth, _OptTreeNode::ds_list, _rule_node_::iRuleNodeID, MEMASSERT, mpseAddPattern(), mpseLargeShifts(), mpseNew(), mpsePrepPatterns(), _PatternMatchData::next, _PatternMatchData::nocase, NULL, _PatternMatchData::offset, _otnx_::otn, _PatternMatchData::pattern_buf, _PatternMatchData::pattern_size, _pmx_::PatternMatchData, PORT_GROUP::pgCount, PORT_GROUP::pgPatDataUri, PORT_GROUP::pgUriHead, PLUGIN_PATTERN_MATCH_URI, prmGetFirstRuleUri(), _rule_node_::rnNext, _rule_node_::rnRuleData, _otnx_::rtn, _pmx_::RuleNode, and _FPDETECT::search_method.
Referenced by BuildMultiPatternGroups().

void BuildMultiPatternGroups ( PORT_RULE_MAP * prm )

Definition at line 637 of file fpcreate.c.
References BuildMultiPatGroup(), BuildMultiPatGroupsUri(), MAX_PORTS, prmFindDstRuleGroup(), prmFindSrcRuleGroup(), and PORT_RULE_MAP::prmGeneric.
Referenced by fpCreateFastPacketDetection().

static int CheckPorts ( u_short high_port,

u_short low_port

) [static]

Definition at line 157 of file fpcreate.c.
Referenced by fpCreateFastPacketDetection(), and ReassembleStream4().

static PatternMatchData* FindLongestPattern ( PatternMatchData * pmd ) [static]

Definition at line 440 of file fpcreate.c.
References _PatternMatchData::next, NULL, and _PatternMatchData::pattern_size.
Referenced by BuildMultiPatGroup().

int fpCreateFastPacketDetection ( )

Definition at line 689 of file fpcreate.c.
References ANY_DST_PORT, ANY_SRC_PORT, BIDIRECTIONAL, BuildMultiPatternGroups(), CheckPorts(), _IpProtoData::comparison_flag, _otnx_::content_length, _FPDETECT::debug, _RuleTreeNode::down, _OptTreeNode::ds_list, _RuleTreeNode::flags, GREATER_THAN, _RuleTreeNode::hdp, _RuleTreeNode::hsp, _IcmpTypeCheckData::icmp_type, ICMP_TYPE_TEST_EQ, _ListHead::IcmpList, _ListHead::IpList, _RuleTreeNode::ldp, LESS_THAN, _RuleTreeNode::lsp, MEMASSERT, _SigInfo::message, _RuleListNode::next, _OptTreeNode::next, _RuleTreeNode::not_dp_flag, _IpProtoData::not_flag, _RuleTreeNode::not_sp_flag, NULL, _IcmpTypeCheckData::operator, _otnx_::otn, OtnHasContent(), OtnHasUriContent(), PLUGIN_ICMP_TYPE, PLUGIN_IP_PROTO_CHECK, prmAddRule(), prmAddRuleNC(), prmAddRuleUri(), prmCompileGroups(), prmNewMap(), prmShowStats(), _IpProtoData::protocol, _RuleTreeNode::right, _otnx_::rtn, _RuleListNode::RuleList, RuleLists, _OptTreeNode::sigInfo, _ListHead::TcpList, and _ListHead::UdpList.
Referenced by SnortMain().

int fpInitDetectionEngine ( )

Definition at line 180 of file fpcreate.c.
References fpSetDetectionOptions(), memset, and MPSE_MWM.
Referenced by SnortMain().

int fpSetDebugMode ( )

Definition at line 259 of file fpcreate.c.
References _FPDETECT::debug.
Referenced by ProcessDetectionOptions().

int fpSetDetectSearchMethod ( char * method )

Definition at line 205 of file fpcreate.c.
References LogMessage(), MPSE_AC, MPSE_ACB, MPSE_ACF, MPSE_ACS, MPSE_ACSB, MPSE_LOWMEM, MPSE_MWM, _FPDETECT::search_method, and strcasecmp.
Referenced by ProcessDetectionOptions().

int fpSetMaxQueueEvents ( int iNum )

Definition at line 279 of file fpcreate.c.
References _FPDETECT::max_queue_events.
Referenced by ProcessDetectionOptions().

int fpSetStreamInsert ( )

Definition at line 269 of file fpcreate.c.
References _FPDETECT::inspect_stream_insert.
Referenced by ProcessDetectionOptions().

int fpShowEventStats ( )

Definition at line 1113 of file fpcreate.c.
References _FPDETECT::debug, and prmShowEventStats().
Referenced by CleanExit(), and Restart().

static int IsPureNotRule ( PatternMatchData * pmd ) [static]

Definition at line 407 of file fpcreate.c.
References _PatternMatchData::exception_flag, and _PatternMatchData::next.
Referenced by BuildMultiPatGroup().

static int OtnHasContent ( OptTreeNode * otn ) [static]

Definition at line 112 of file fpcreate.c.
References _OptTreeNode::ds_list, PLUGIN_PATTERN_MATCH, and PLUGIN_PATTERN_MATCH_OR.
Referenced by fpCreateFastPacketDetection().

static int OtnHasUriContent ( OptTreeNode * otn ) [static]

Definition at line 124 of file fpcreate.c.
References _OptTreeNode::ds_list, and PLUGIN_PATTERN_MATCH_URI.
Referenced by fpCreateFastPacketDetection().

int prmFindRuleGroupIcmp ( int type,

PORT_GROUP ** type_group,

PORT_GROUP ** gen

)

Definition at line 89 of file fpcreate.c.
References prmFindRuleGroup().
Referenced by fpEvalHeaderIcmp().

int prmFindRuleGroupIp ( int ip_proto,

PORT_GROUP ** ip_group,

PORT_GROUP ** gen

)

Definition at line 83 of file fpcreate.c.
References prmFindRuleGroup().
Referenced by fpEvalHeaderIp().

int prmFindRuleGroupTcp ( int dport,

int sport,

PORT_GROUP ** src,

PORT_GROUP ** dst,

PORT_GROUP ** gen

)

Definition at line 95 of file fpcreate.c.
References prmFindRuleGroup().
Referenced by fpEvalHeaderTcp().

int prmFindRuleGroupUdp ( int dport,

int sport,

PORT_GROUP ** src,

PORT_GROUP ** dst,

PORT_GROUP ** gen

)

Definition at line 101 of file fpcreate.c.
References prmFindRuleGroup().
Referenced by fpEvalHeaderUdp().

Variable Documentation

FPDETECT fpDetect [static]

Definition at line 74 of file fpcreate.c.

PORT_RULE_MAP* prmIcmpRTNX = NULL [static]

Definition at line 72 of file fpcreate.c.

PORT_RULE_MAP* prmIpRTNX = NULL [static]

Definition at line 71 of file fpcreate.c.

PORT_RULE_MAP* prmTcpRTNX = NULL [static]

Definition at line 69 of file fpcreate.c.

PORT_RULE_MAP* prmUdpRTNX = NULL [static]

Definition at line 70 of file fpcreate.c.

Generated on Sun May 14 14:51:23 2006 by

1.4.2


Defines
#define	MEMASSERT(p, s) if(!p){printf("No memory - file:%s %s !\n",__FILE__,s); exit(1);}
Functions
int	prmFindRuleGroupIp (int ip_proto, PORT_GROUP ip_group, PORT_GROUP gen)
int	prmFindRuleGroupIcmp (int type, PORT_GROUP type_group, PORT_GROUP gen)
int	prmFindRuleGroupTcp (int dport, int sport, PORT_GROUP src, PORT_GROUP dst, PORT_GROUP **gen)
int	prmFindRuleGroupUdp (int dport, int sport, PORT_GROUP src, PORT_GROUP dst, PORT_GROUP **gen)
static int	OtnHasContent (OptTreeNode *otn)
static int	OtnHasUriContent (OptTreeNode *otn)
static int	CheckPorts (u_short high_port, u_short low_port)
int	fpInitDetectionEngine ()
int	fpSetDetectSearchMethod (char *method)
int	fpSetDebugMode ()
int	fpSetStreamInsert ()
int	fpSetMaxQueueEvents (int iNum)
void	BuildMultiPatGroupsUri (PORT_GROUP *pg)
static int	IsPureNotRule (PatternMatchData *pmd)
static PatternMatchData *	FindLongestPattern (PatternMatchData *pmd)
void	BuildMultiPatGroup (PORT_GROUP *pg)
void	BuildMultiPatternGroups (PORT_RULE_MAP *prm)
int	fpCreateFastPacketDetection ()
int	fpShowEventStats ()
Variables
static PORT_RULE_MAP *	prmTcpRTNX = NULL
static PORT_RULE_MAP *	prmUdpRTNX = NULL
static PORT_RULE_MAP *	prmIpRTNX = NULL
static PORT_RULE_MAP *	prmIcmpRTNX = NULL
static FPDETECT	fpDetect