Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src

fpdetect.c File Reference

#include "snort.h"
#include "detect.h"
#include "debug.h"
#include "util.h"
#include "tag.h"
#include "rules.h"
#include "pcrm.h"
#include "fpcreate.h"
#include "fpdetect.h"
#include "mpse.h"
#include "bitop.h"
#include "perf-event.h"
#include "sfthreshold.h"
#include "event_queue.h"
#include "inline.h"
#include "sp_pattern_match.h"
#include "spp_frag3.h"

Go to the source code of this file.

Defines

#define MAX_EVENT_MATCH   100
#define FPSW

Functions

static INLINE int fpEvalOTN (OptTreeNode *List, Packet *p)
static INLINE int fpEvalRTN (RuleTreeNode *rtn, Packet *p, int check_ports)
static INLINE int fpEvalHeader (PORT_GROUP *port_group, Packet *p, int check_ports)
static INLINE int fpEvalRTNSW (RuleTreeNode *rtn, OptTreeNode *otn, Packet *p, int check_ports)
static INLINE int fpEvalHeaderIp (Packet *p, int ip_proto)
static INLINE int fpEvalHeaderIcmp (Packet *p)
static INLINE int fpEvalHeaderTcp (Packet *p)
static INLINE int fpEvalHeaderUdp (Packet *p)
static INLINE int fpEvalHeaderSW (PORT_GROUP *port_group, Packet *p, int check_ports)
static int otnx_match (void *id, int index, void *data)
static INLINE int fpAddMatch (OTNX_MATCH_DATA *omd, OTNX *otnx, int pLen)
static INLINE int fpAddSessionAlert (Packet *p, OTNX *otnx)
static INLINE int fpSessionAlerted (Packet *p, OTNX *otnx)
int OtnXMatchDataInitialize ()
int fpSetDetectionOptions (FPDETECT *detect_options)
int fpLogEvent (RuleTreeNode *rtn, OptTreeNode *otn, Packet *p)
static INLINE void InitMatchInfo (OTNX_MATCH_DATA *o)
static INLINE int fpFinalSelectEvent (OTNX_MATCH_DATA *o, Packet *p)
int fpEvalPacket (Packet *p)

Variables

static FPDETECTfpDetect
PV pv
int active_dynamic_nodes
u_int16_t event_id
char check_tags_flag
OptTreeNodeotn_tmp
u_int8_t DecodeBuffer [DECODE_BLEN]
u_int8_tdoe_ptr
static OTNX_MATCH_DATA omd

Define Documentation

#define FPSW
 

Definition at line 72 of file fpdetect.c.

#define MAX_EVENT_MATCH   100
 

Definition at line 62 of file fpdetect.c.

Referenced by fpAddMatch().

Function Documentation

static INLINE int fpAddMatch OTNX_MATCH_DATA omd,
OTNX otnx,
int  pLen
[static]
 

Definition at line 410 of file fpdetect.c.

References _RuleListNode::evalIndex, MATCH_INFO::iMatchCount, MATCH_INFO::iMatchIndex, MATCH_INFO::iMatchMaxLen, _RuleTreeNode::listhead, MATCH_INFO::MatchArray, OTNX_MATCH_DATA::matchInfo, MAX_EVENT_MATCH, _FPDETECT::max_queue_events, _otnx_::otn, _OptTreeNode::rtn, and _ListHead::ruleListNode.

Referenced by fpEvalHeaderSW(), and otnx_match().

static INLINE int fpAddSessionAlert Packet p,
OTNX otnx
[static]
 

Definition at line 921 of file fpdetect.c.

References _Session::alert_count, _Session::alert_gid, _Session::alert_sid, _SigInfo::generator, _SigInfo::id, MAX_SESSION_ALERTS, _otnx_::otn, _OptTreeNode::sigInfo, and _Packet::ssnptr.

Referenced by fpFinalSelectEvent().

static INLINE int fpEvalHeader PORT_GROUP port_group,
Packet p,
int  check_ports
[static]
 

Definition at line 996 of file fpdetect.c.

References doe_ptr, fpEvalOTN(), fpEvalRTN(), fpLogEvent(), NULL, _otnx_::otn, PORT_GROUP::pgHead, PORT_GROUP::pgHeadNC, _rule_node_::rnNext, _rule_node_::rnRuleData, and _otnx_::rtn.

Referenced by fpEvalHeaderIcmp(), and fpEvalHeaderIp().

static INLINE int fpEvalHeaderIcmp Packet p  )  [static]
 

Definition at line 1404 of file fpdetect.c.

References fpEvalHeader(), fpEvalHeaderSW(), fpFinalSelectEvent(), _Packet::icmph, InitMatchInfo(), prmFindRuleGroupIcmp(), and _ICMPHdr::type.

Referenced by fpEvalPacket().

static INLINE int fpEvalHeaderIp Packet p,
int  ip_proto
[static]
 

Definition at line 1457 of file fpdetect.c.

References fpEvalHeader(), fpEvalHeaderSW(), fpFinalSelectEvent(), InitMatchInfo(), and prmFindRuleGroupIp().

Referenced by fpEvalPacket().

static INLINE int fpEvalHeaderSW PORT_GROUP port_group,
Packet p,
int  check_ports
[static]
 

Definition at line 1084 of file fpdetect.c.

References _Packet::alt_dsize, boResetBITOP(), PORT_GROUP::boRuleNodeID, OTNX_MATCH_DATA::check_ports, _Packet::data, _HttpUri::decode_flags, DecodeBuffer, doe_ptr, _Packet::dsize, fpAddMatch(), fpEvalOTN(), fpEvalRTN(), HTTPURI_PIPELINE_REQ, _FPDETECT::inspect_stream_insert, mpseSearch(), mpseSetRuleMask(), NULL, _otnx_::otn, otnx_match(), OTNX_MATCH_DATA::p, _Packet::packet_flags, OTNX_MATCH_DATA::pg, PORT_GROUP::pgHeadNC, PORT_GROUP::pgNQEvents, PORT_GROUP::pgPatData, PORT_GROUP::pgPatDataUri, PORT_GROUP::pgQEvents, PKT_ALT_DECODE, PKT_STREAM_INSERT, _rule_node_::rnNext, _rule_node_::rnRuleData, _otnx_::rtn, UpdateNQEvents(), UpdateQEvents(), _HttpUri::uri, _Packet::uri_count, URI_COUNT, and UriBufs.

Referenced by fpEvalHeaderIcmp(), fpEvalHeaderIp(), fpEvalHeaderTcp(), and fpEvalHeaderUdp().

static INLINE int fpEvalHeaderTcp Packet p  )  [static]
 

Definition at line 1342 of file fpdetect.c.

References _Packet::dp, fpEvalHeaderSW(), fpFinalSelectEvent(), InitMatchInfo(), prmFindRuleGroupTcp(), and _Packet::sp.

Referenced by fpEvalPacket().

static INLINE int fpEvalHeaderUdp Packet p  )  [static]
 

Definition at line 1280 of file fpdetect.c.

References _Packet::dp, fpEvalHeaderSW(), fpFinalSelectEvent(), InitMatchInfo(), prmFindRuleGroupUdp(), and _Packet::sp.

Referenced by fpEvalPacket().

static INLINE int fpEvalOTN OptTreeNode List,
Packet p
[static]
 

Definition at line 475 of file fpdetect.c.

References _OptTreeNode::active_flag, _runtime_config::capabilities, _OptTreeNode::chain_node_number, DEBUG_DETECT, DEBUG_WRAP, _OptTreeNode::established, FatalError(), _SigInfo::id, InlineMode(), NULL, _OptTreeNode::opt_func, _OptFpList::OptTestFunc, _Packet::packet_flags, PKT_STREAM_EST, _OptTreeNode::rtn, RULE_DROP, RULE_DYNAMIC, RULE_SDROP, _Session::session_flags, _OptTreeNode::sigInfo, snort_runtime, SSNFLAG_MIDSTREAM, _Packet::ssnptr, _Capabilities::stateful_inspection, _RuleTreeNode::type, _OptTreeNode::type, and _OptTreeNode::unestablished.

Referenced by fpEvalHeader(), fpEvalHeaderSW(), and fpEvalRTNSW().

int fpEvalPacket Packet p  ) 
 

Definition at line 1533 of file fpdetect.c.

References DEBUG_DETECT, DEBUG_WRAP, fpEvalHeaderIcmp(), fpEvalHeaderIp(), fpEvalHeaderTcp(), fpEvalHeaderUdp(), _Packet::icmph, _IPHdr::ip_proto, _Packet::iph, NULL, _Packet::tcph, and _Packet::udph.

Referenced by Detect().

static INLINE int fpEvalRTN RuleTreeNode rtn,
Packet p,
int  check_ports
[static]
 

Definition at line 579 of file fpdetect.c.

References active_dynamic_nodes, _RuleTreeNode::active_flag, BIDIRECTIONAL, DEBUG_DETECT, DEBUG_WRAP, _Packet::dp, EXCEPT_DST_PORT, _RuleTreeNode::flags, _RuleTreeNode::head_node_number, _RuleTreeNode::ldp, NULL, RULE_DYNAMIC, _RuleTreeNode::rule_func, _RuleFpList::RuleHeadFunc, and _RuleTreeNode::type.

Referenced by fpEvalHeader(), and fpEvalHeaderSW().

static INLINE int fpEvalRTNSW RuleTreeNode rtn,
OptTreeNode otn,
Packet p,
int  check_ports
[static]
 

Definition at line 655 of file fpdetect.c.

References active_dynamic_nodes, _RuleTreeNode::active_flag, BIDIRECTIONAL, DEBUG_DETECT, DEBUG_WRAP, doe_ptr, _Packet::dp, EXCEPT_DST_PORT, _RuleTreeNode::flags, fpEvalOTN(), _RuleTreeNode::head_node_number, _RuleTreeNode::ldp, NULL, RULE_DYNAMIC, _RuleTreeNode::rule_func, _RuleFpList::RuleHeadFunc, and _RuleTreeNode::type.

Referenced by otnx_match().

static INLINE int fpFinalSelectEvent OTNX_MATCH_DATA o,
Packet p
[static]
 

Definition at line 842 of file fpdetect.c.

References _SigInfo::class_id, fpAddFragAlert(), fpAddSessionAlert(), fpFragAlerted(), fpSessionAlerted(), _Packet::fragtracker, _SigInfo::generator, _SigInfo::id, MATCH_INFO::iMatchCount, OTNX_MATCH_DATA::iMatchInfoArraySize, MATCH_INFO::MatchArray, OTNX_MATCH_DATA::matchInfo, _SigInfo::message, NULL, _otnx_::otn, _SigInfo::priority, _SigInfo::rev, _OptTreeNode::sigInfo, SnortEventqAdd(), and _Packet::ssnptr.

Referenced by fpEvalHeaderIcmp(), fpEvalHeaderIp(), fpEvalHeaderTcp(), and fpEvalHeaderUdp().

int fpLogEvent RuleTreeNode rtn,
OptTreeNode otn,
Packet p
 

Definition at line 210 of file fpdetect.c.

References ActivateAction(), AlertAction(), _progvars::assurance_mode, ASSURE_EST, check_tags_flag, DEBUG_DETECT, DEBUG_WRAP, DropAction(), DynamicAction(), _OptTreeNode::event_data, event_id, InlineDrop(), InlineMode(), _IPHdr::ip_dst, _IPHdr::ip_src, _Packet::iph, LogAction(), _Packet::packet_flags, PassAction(), PKT_REBUILT_STREAM, PKT_STREAM_UNEST_UNI, _Packet::pkth, _Event::ref_time, RULE_ACTIVATE, RULE_ALERT, RULE_DROP, RULE_DYNAMIC, RULE_LOG, RULE_PASS, RULE_REINJECT, RULE_REJECT, RULE_REJECTBOTH, RULE_REJECTDST, RULE_REJECTSRC, RULE_SDROP, SetTags(), sfthreshold_test(), _Event::sig_generator, _Event::sig_id, _OptTreeNode::stateless, TriggerResponses(), pcap_pkthdr::ts, and _RuleTreeNode::type.

Referenced by fpEvalHeader(), and LogSnortEvents().

static INLINE int fpSessionAlerted Packet p,
OTNX otnx
[static]
 

Definition at line 963 of file fpdetect.c.

References _Session::alert_gid, _Session::alert_sid, _SigInfo::generator, _SigInfo::id, _otnx_::otn, PKT_REBUILT_STREAM, and _OptTreeNode::sigInfo.

Referenced by fpFinalSelectEvent().

int fpSetDetectionOptions FPDETECT detect_options  ) 
 

Definition at line 188 of file fpdetect.c.

Referenced by fpInitDetectionEngine().

static INLINE void InitMatchInfo OTNX_MATCH_DATA o  )  [static]
 

Definition at line 371 of file fpdetect.c.

References MATCH_INFO::iMatchCount, MATCH_INFO::iMatchIndex, OTNX_MATCH_DATA::iMatchInfoArraySize, MATCH_INFO::iMatchMaxLen, and OTNX_MATCH_DATA::matchInfo.

Referenced by fpEvalHeaderIcmp(), fpEvalHeaderIp(), fpEvalHeaderTcp(), and fpEvalHeaderUdp().

static int otnx_match void *  id,
int  index,
void *  data
[static]
 

Definition at line 749 of file fpdetect.c.

References boIsBitSet(), PORT_GROUP::boRuleNodeID, boSetBit(), OTNX_MATCH_DATA::check_ports, DEBUG_DETECT, DEBUG_WRAP, fpAddMatch(), fpEvalRTNSW(), _SigInfo::id, _rule_node_::iRuleNodeID, _otnx_::otn, OTNX_MATCH_DATA::p, _PatternMatchData::pattern_size, _pmx_::PatternMatchData, OTNX_MATCH_DATA::pg, PORT_GROUP::pgNQEvents, PORT_GROUP::pgQEvents, _rule_node_::rnRuleData, _otnx_::rtn, _pmx_::RuleNode, _OptTreeNode::sigInfo, UpdateNQEvents(), and UpdateQEvents().

Referenced by fpEvalHeaderSW().

int OtnXMatchDataInitialize  ) 
 

Definition at line 160 of file fpdetect.c.

References FatalError(), OTNX_MATCH_DATA::iMatchInfoArraySize, OTNX_MATCH_DATA::matchInfo, and _progvars::num_rule_types.

Referenced by SnortMain().

Variable Documentation

int active_dynamic_nodes
 

Definition at line 95 of file parser.c.

char check_tags_flag
 

Definition at line 100 of file detect.c.

u_int8_t DecodeBuffer[DECODE_BLEN]
 

Definition at line 45 of file decode.c.

u_int8_t* doe_ptr
 

Definition at line 72 of file sp_pattern_match.c.

u_int16_t event_id
 

Definition at line 99 of file detect.c.

FPDETECT* fpDetect [static]
 

Definition at line 86 of file fpdetect.c.

OTNX_MATCH_DATA omd [static]
 

Definition at line 157 of file fpdetect.c.

OptTreeNode* otn_tmp
 

Definition at line 80 of file parser.c.

PV pv
 

Definition at line 129 of file snort.c.

Referenced by AlertCSVInit(), AlertFast(), AlertFastInit(), AlertFull(), AlertFullInit(), AlertSyslog(), AlertSyslogInit(), AlertUnixSockInit(), CallAlertFuncs(), CallAlertPlugins(), CallLogFuncs(), CallLogPlugins(), CallSigOutputFuncs(), CheckFromClient(), CheckFromServer(), CheckLogDir(), CreatePidFile(), CreateRuleType(), DecodeARP(), DecodeChdlcPkt(), DecodeEAP(), DecodeEapol(), DecodeEapolKey(), DecodeEthPkt(), DecodeFDDIPkt(), DecodeICMP(), DecodeIEEE80211Pkt(), DecodeIP(), DecodeIPOnly(), DecodeIPOptions(), DecodeNullPkt(), DecodeOldPflog(), DecodePflog(), DecodePPPoEPkt(), DecodePppPkt(), DecodePppPktEncapsulated(), DecodePppSerialPkt(), DecodeTCP(), DecodeTCPOptions(), DecodeTRPkt(), DecodeUDP(), DecodeVlan(), DestinationIpIsHomenet(), DropStats(), DumpOutputPlugins(), DumpPlugIns(), DumpPreprocessors(), ErrorMessage(), FatalError(), FlowCleanExit(), FlowPreprocessor(), FlowPSCleanExit(), FlowPSOutputConfig(), Frag2Defrag(), Frag3Defrag(), GenHomenet(), GenObfuscationMask(), GetCurrentTimestamp(), GetPktDropStats(), GetTimestamp(), GetUniqueName(), InitDecoderFlags(), InitOutputPlugins(), InitPlugIns(), InitPreprocessors(), IntegrityCheck(), IntegrityCheckRules(), IPHdrTests(), LogAsciiInit(), LogMessage(), LogNullInit(), LogStream(), NotForStream4(), ObfuscatePacket(), OldUnifiedLogPacketAlert(), OpenAlertFile(), OpenAlertSock(), OpenLogFile(), OpenSessionFile(), OpenStatsFile(), ParseConfig(), ParseFrag2Args(), ParseOutputPlugin(), ParsePerfMonitorArgs(), ParsePortList(), ParsePortscanArgs(), ParseRulesFile(), ParseRuleTypeDeclaration(), ParseScanmungeArgs(), ParseSyslogArgs(), PortscanPreprocFunction(), Print2ndHeader(), PrintEapolPkt(), PrintError(), PrintIPHeader(), PrintIPPkt(), PrintNetData(), PrintWifiPkt(), ProcessAlertFileOption(), ProcessFileOption(), ProcessPerfMonitor(), ProcessResetMac(), ReassembleStream4(), SetEvent(), SourceIpIsHomenet(), Stream4Init(), ts_print(), UnifiedAlertInit(), UnifiedInit(), UnifiedInitAlertFile(), UnifiedInitFile(), UnifiedInitLogFile(), UnifiedLogInit(), and vsyslog().

Generated on Sun May 14 14:51:23 2006 by  doxygen 1.4.2