Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src / output-plugins

spo_database.c File Reference

#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include "event.h"
#include "decode.h"
#include "rules.h"
#include "plugbase.h"
#include "spo_plugbase.h"
#include "parser.h"
#include "debug.h"
#include "util.h"
#include "snort.h"
#include "inline.h"

Go to the source code of this file.

Defines

#define ENABLE_DB_TRANSACTIONS
#define MAX_QUERY_LENGTH   8192
#define KEYWORD_POSTGRESQL   "postgresql"
#define KEYWORD_MYSQL   "mysql"
#define KEYWORD_ODBC   "odbc"
#define KEYWORD_ORACLE   "oracle"
#define KEYWORD_MSSQL   "mssql"
#define KEYWORD_HOST   "host"
#define KEYWORD_PORT   "port"
#define KEYWORD_USER   "user"
#define KEYWORD_PASSWORD   "password"
#define KEYWORD_DBNAME   "dbname"
#define KEYWORD_SENSORNAME   "sensor_name"
#define KEYWORD_ENCODING   "encoding"
#define KEYWORD_ENCODING_HEX   "hex"
#define KEYWORD_ENCODING_BASE64   "base64"
#define KEYWORD_ENCODING_ASCII   "ascii"
#define KEYWORD_DETAIL   "detail"
#define KEYWORD_DETAIL_FULL   "full"
#define KEYWORD_DETAIL_FAST   "fast"
#define KEYWORD_IGNOREBPF   "ignore_bpf"
#define KEYWORD_IGNOREBPF_NO   "no"
#define KEYWORD_IGNOREBPF_ZERO   "0"
#define KEYWORD_IGNOREBPF_YES   "yes"
#define KEYWORD_IGNOREBPF_ONE   "1"
#define LATEST_DB_SCHEMA_VERSION   106

Typedefs

typedef enum db_types_en dbtype_t
typedef _SQLQuery SQLQuery
typedef _SharedDatabaseData SharedDatabaseData
typedef _DatabaseData DatabaseData
typedef _SharedDatabaseDataNode SharedDatabaseDataNode

Enumerations

enum  db_types_en {
  DB_UNDEFINED = 0, DB_MYSQL = 1, DB_POSTGRESQL = 2, DB_MSSQL = 3,
  DB_ORACLE = 4, DB_ODBC = 5
}

Functions

void DatabaseInit (u_char *)
DatabaseDataParseDatabaseArgs (char *)
void Database (Packet *, char *, void *, Event *)
char * snort_escape_string (char *, DatabaseData *)
void SpoDatabaseCleanExitFunction (int, void *)
void SpoDatabaseRestartFunction (int, void *)
void InitDatabase ()
int UpdateLastCid (DatabaseData *, int, int)
int GetLastCid (DatabaseData *, int)
int CheckDBVersion (DatabaseData *)
void BeginTransaction (DatabaseData *data)
void CommitTransaction (DatabaseData *data)
void RollbackTransaction (DatabaseData *data)
int Insert (char *, DatabaseData *)
int Select (char *, DatabaseData *)
void Connect (DatabaseData *)
void DatabasePrintUsage ()
void FreeSharedDataList ()
void DatabaseSetup ()
void FreeQueryNode (SQLQuery *node)
SQLQueryNewQueryNode (SQLQuery *parent, int query_size)
void Disconnect (DatabaseData *data)

Variables

PV pv
OptTreeNodeotn_tmp
static SharedDatabaseDataNodesharedDataList = NULL
static int instances = 0

Define Documentation

#define ENABLE_DB_TRANSACTIONS
 

Definition at line 45 of file spo_database.c.

#define KEYWORD_DBNAME   "dbname"
 

Definition at line 202 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_DETAIL   "detail"
 

Definition at line 208 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_DETAIL_FAST   "fast"
 

Definition at line 210 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_DETAIL_FULL   "full"
 

Definition at line 209 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_ENCODING   "encoding"
 

Definition at line 204 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_ENCODING_ASCII   "ascii"
 

Definition at line 207 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_ENCODING_BASE64   "base64"
 

Definition at line 206 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_ENCODING_HEX   "hex"
 

Definition at line 205 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_HOST   "host"
 

Definition at line 198 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_IGNOREBPF   "ignore_bpf"
 

Definition at line 211 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_IGNOREBPF_NO   "no"
 

Definition at line 212 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_IGNOREBPF_ONE   "1"
 

Definition at line 215 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_IGNOREBPF_YES   "yes"
 

Definition at line 214 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_IGNOREBPF_ZERO   "0"
 

Definition at line 213 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_MSSQL   "mssql"
 

Definition at line 196 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_MYSQL   "mysql"
 

Definition at line 193 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_ODBC   "odbc"
 

Definition at line 194 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_ORACLE   "oracle"
 

Definition at line 195 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_PASSWORD   "password"
 

Definition at line 201 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_PORT   "port"
 

Definition at line 199 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_POSTGRESQL   "postgresql"
 

Definition at line 192 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_SENSORNAME   "sensor_name"
 

Definition at line 203 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define KEYWORD_USER   "user"
 

Definition at line 200 of file spo_database.c.

Referenced by ParseDatabaseArgs().

#define LATEST_DB_SCHEMA_VERSION   106
 

Definition at line 218 of file spo_database.c.

Referenced by DatabaseInit().

#define MAX_QUERY_LENGTH   8192
 

Definition at line 191 of file spo_database.c.

Referenced by CheckDBVersion(), Database(), DatabaseInit(), GetLastCid(), NewQueryNode(), and UpdateLastCid().

Typedef Documentation

typedef struct _DatabaseData DatabaseData
 

typedef enum db_types_en dbtype_t
 

Definition at line 113 of file spo_database.c.

typedef struct _SharedDatabaseData SharedDatabaseData
 

typedef struct _SharedDatabaseDataNode SharedDatabaseDataNode
 

typedef struct _SQLQuery SQLQuery
 

Enumeration Type Documentation

enum db_types_en
 

Enumeration values:
DB_UNDEFINED 
DB_MYSQL 
DB_POSTGRESQL 
DB_MSSQL 
DB_ORACLE 
DB_ODBC 

Definition at line 104 of file spo_database.c.

Function Documentation

void BeginTransaction DatabaseData data  ) 
 

Definition at line 1960 of file spo_database.c.

References DB_MSSQL, DB_ODBC, DB_ORACLE, _SharedDatabaseData::dbtype_id, Insert(), and _DatabaseData::shared.

Referenced by Database().

int CheckDBVersion DatabaseData  ) 
 

Definition at line 1908 of file spo_database.c.

References DB_MSSQL, DB_MYSQL, DB_ODBC, _SharedDatabaseData::dbtype_id, MAX_QUERY_LENGTH, NULL, Select(), _DatabaseData::shared, SnortAlloc(), and snprintf.

Referenced by DatabaseInit().

void CommitTransaction DatabaseData data  ) 
 

Definition at line 1994 of file spo_database.c.

References DB_MSSQL, DB_ODBC, DB_ORACLE, _SharedDatabaseData::dbtype_id, DEBUG_WRAP, Insert(), LogMessage(), and _DatabaseData::shared.

Referenced by Database().

void Connect DatabaseData  ) 
 

Definition at line 2455 of file spo_database.c.

References DB_MSSQL, DB_MYSQL, DB_ODBC, DB_ORACLE, DB_POSTGRESQL, DB_UNDEFINED, _SharedDatabaseData::dbname, _SharedDatabaseData::dbtype_id, ErrorMessage(), FatalError(), _SharedDatabaseData::host, mysql_errno(), mysql_error(), mysql_init(), mysql_real_connect(), NULL, _DatabaseData::password, _DatabaseData::port, _DatabaseData::shared, strstr(), and _DatabaseData::user.

Referenced by DatabaseInit().

void Database Packet ,
char *  ,
void *  ,
Event
 

Definition at line 918 of file spo_database.c.

References ascii(), base64(), BeginTransaction(), _SharedDatabaseData::cid, _SigInfo::classType, _Options::code, _ICMPHdr::code, CommitTransaction(), _ICMPHdr::csum, _Packet::data, _Options::data, _SharedDatabaseDataNode::data, DB_MSSQL, DB_ODBC, DB_ORACLE, DB_POSTGRESQL, _DatabaseData::DBschema_version, _SharedDatabaseData::dbtype_id, _DatabaseData::detail, _Packet::dsize, _DatabaseData::encoding, ENCODING_ASCII, ENCODING_BASE64, ENCODING_HEX, ErrorMessage(), fasthex(), _Packet::frag_flag, _Packet::frag_offset, FreeQueryNode(), GetCurrentTimestamp(), GetTimestamp(), _Packet::icmph, _ReferenceNode::id, Insert(), int(), _IPHdr::ip_csum, _IPHdr::ip_dst, IP_HLEN, _IPHdr::ip_id, _IPHdr::ip_len, _Packet::ip_option_count, _Packet::ip_options, _IPHdr::ip_proto, _IPHdr::ip_src, _IPHdr::ip_tos, _IPHdr::ip_ttl, IP_VER, _Packet::iph, _Options::len, MAX_QUERY_LENGTH, memset, _ReferenceSystemNode::name, NewQueryNode(), _SQLQuery::next, _ReferenceNode::next, NULL, _Packet::pkth, _Event::priority, _SigInfo::refs, RollbackTransaction(), Select(), _DatabaseData::shared, _SharedDatabaseData::sid, _Event::sig_id, _Event::sig_rev, _OptTreeNode::sigInfo, snort_escape_string(), SnortAlloc(), snprintf, _ReferenceNode::system, TCP_OFFSET, _Packet::tcp_option_count, _Packet::tcp_options, TCP_X2, _Packet::tcph, _TCPHdr::th_ack, _TCPHdr::th_dport, _TCPHdr::th_flags, _TCPHdr::th_seq, _TCPHdr::th_sport, _TCPHdr::th_sum, _TCPHdr::th_urp, _TCPHdr::th_win, pcap_pkthdr::ts, _ICMPHdr::type, _ClassType::type, _DatabaseData::tz, _Packet::udph, _UDPHdr::uh_chk, _UDPHdr::uh_dport, _UDPHdr::uh_len, _UDPHdr::uh_sport, and _SQLQuery::val.

Referenced by DatabaseInit().

void DatabaseInit u_char *   ) 
 

Definition at line 310 of file spo_database.c.

References AddFuncToCleanExitList(), AddFuncToOutputList(), AddFuncToRestartList(), _progvars::alert_plugin_active, CheckDBVersion(), _SharedDatabaseData::cid, Connect(), _SharedDatabaseDataNode::data, Database(), _SharedDatabaseData::dbname, _DatabaseData::DBschema_version, _SharedDatabaseData::dbtype_id, _DatabaseData::detail, _DatabaseData::encoding, ErrorMessage(), _DatabaseData::facility, FatalError(), GetLastCid(), GetLocalTimezone(), GetUniqueName(), _SharedDatabaseData::host, _DatabaseData::ignore_bpf, InlineMode(), Insert(), instances, _progvars::interface, LATEST_DB_SCHEMA_VERSION, _progvars::log_plugin_active, MAX_QUERY_LENGTH, _SharedDatabaseDataNode::next, NT_OUTPUT_ALERT, NT_OUTPUT_LOG, NULL, ParseDatabaseArgs(), _progvars::pcap_cmd, PRINT_INTERFACE, _progvars::quiet_flag, Select(), _DatabaseData::sensor_name, _DatabaseData::shared, _SharedDatabaseData::sid, snort_escape_string(), SnortAlloc(), snprintf, SpoDatabaseCleanExitFunction(), SpoDatabaseRestartFunction(), strcasecmp, strncasecmp, _DatabaseData::tz, and UpdateLastCid().

Referenced by DatabaseSetup().

void DatabasePrintUsage  ) 
 

Definition at line 2744 of file spo_database.c.

Referenced by ParseDatabaseArgs().

void DatabaseSetup  ) 
 

Definition at line 290 of file spo_database.c.

References DatabaseInit(), DEBUG_INIT, DEBUG_WRAP, NT_OUTPUT_ALERT, and RegisterOutputPlugin().

Referenced by InitOutputPlugins().

void Disconnect DatabaseData data  ) 
 

Definition at line 2687 of file spo_database.c.

References DB_MSSQL, DB_MYSQL, DB_ODBC, DB_POSTGRESQL, _SharedDatabaseData::dbname, _SharedDatabaseData::dbtype_id, mysql_close(), NULL, _progvars::quiet_flag, and _DatabaseData::shared.

Referenced by SpoDatabaseCleanExitFunction(), and SpoDatabaseRestartFunction().

void FreeQueryNode SQLQuery node  ) 
 

Definition at line 865 of file spo_database.c.

References _SQLQuery::next, NULL, and _SQLQuery::val.

Referenced by Database().

void FreeSharedDataList  ) 
 

Definition at line 2832 of file spo_database.c.

References _SharedDatabaseDataNode::data, _SharedDatabaseDataNode::next, and NULL.

Referenced by SpoDatabaseCleanExitFunction(), and SpoDatabaseRestartFunction().

int GetLastCid DatabaseData ,
int 
 

Definition at line 1881 of file spo_database.c.

References MAX_QUERY_LENGTH, NULL, Select(), SnortAlloc(), and snprintf.

Referenced by DatabaseInit().

void InitDatabase  ) 
 

int Insert char *  ,
DatabaseData
 

Definition at line 2108 of file spo_database.c.

References DB_MSSQL, DB_MYSQL, DB_ODBC, DB_ORACLE, DB_POSTGRESQL, _SharedDatabaseData::dbtype_id, DEBUG_LOG, DEBUG_WRAP, ErrorMessage(), int(), LogMessage(), mysql_errno(), mysql_error(), mysql_query(), NULL, and _DatabaseData::shared.

Referenced by BeginTransaction(), CommitTransaction(), Database(), DatabaseInit(), RollbackTransaction(), and UpdateLastCid().

SQLQuery* NewQueryNode SQLQuery parent,
int  query_size
 

Definition at line 877 of file spo_database.c.

References MAX_QUERY_LENGTH, _SQLQuery::next, NULL, SnortAlloc(), and _SQLQuery::val.

Referenced by Database().

DatabaseData * ParseDatabaseArgs char *   ) 
 

Definition at line 646 of file spo_database.c.

References _SharedDatabaseDataNode::data, DatabasePrintUsage(), DB_MSSQL, DB_MYSQL, DB_ODBC, DB_ORACLE, DB_POSTGRESQL, DB_UNDEFINED, _SharedDatabaseData::dbname, _SharedDatabaseData::dbtype_id, _DatabaseData::detail, DETAIL_FAST, DETAIL_FULL, _DatabaseData::encoding, ENCODING_ASCII, ENCODING_BASE64, ENCODING_HEX, ErrorMessage(), _DatabaseData::facility, FatalError(), _SharedDatabaseData::host, _DatabaseData::ignore_bpf, KEYWORD_DBNAME, KEYWORD_DETAIL, KEYWORD_DETAIL_FAST, KEYWORD_DETAIL_FULL, KEYWORD_ENCODING, KEYWORD_ENCODING_ASCII, KEYWORD_ENCODING_BASE64, KEYWORD_ENCODING_HEX, KEYWORD_HOST, KEYWORD_IGNOREBPF, KEYWORD_IGNOREBPF_NO, KEYWORD_IGNOREBPF_ONE, KEYWORD_IGNOREBPF_YES, KEYWORD_IGNOREBPF_ZERO, KEYWORD_MSSQL, KEYWORD_MYSQL, KEYWORD_ODBC, KEYWORD_ORACLE, KEYWORD_PASSWORD, KEYWORD_PORT, KEYWORD_POSTGRESQL, KEYWORD_SENSORNAME, KEYWORD_USER, NULL, _DatabaseData::password, _DatabaseData::port, _progvars::quiet_flag, _DatabaseData::sensor_name, _DatabaseData::shared, SnortAlloc(), strncasecmp, and _DatabaseData::user.

Referenced by DatabaseInit().

void RollbackTransaction DatabaseData data  ) 
 

Definition at line 2049 of file spo_database.c.

References DB_MSSQL, DB_ODBC, DB_ORACLE, _SharedDatabaseData::dbtype_id, DEBUG_WRAP, Insert(), LogMessage(), and _DatabaseData::shared.

Referenced by Database().

int Select char *  ,
DatabaseData
 

Definition at line 2267 of file spo_database.c.

References DB_MSSQL, DB_MYSQL, DB_ODBC, DB_ORACLE, DB_POSTGRESQL, _SharedDatabaseData::dbtype_id, DEBUG_LOG, DEBUG_WRAP, ErrorMessage(), int(), mysql_errno(), mysql_error(), mysql_fetch_row(), mysql_free_result(), mysql_query(), mysql_use_result(), NULL, and _DatabaseData::shared.

Referenced by CheckDBVersion(), Database(), DatabaseInit(), and GetLastCid().

char * snort_escape_string char *  ,
DatabaseData
 

Definition at line 1700 of file spo_database.c.

References DB_MSSQL, DB_MYSQL, DB_ORACLE, DB_POSTGRESQL, _SharedDatabaseData::dbtype_id, int(), _DatabaseData::shared, and SnortAlloc().

Referenced by Database(), and DatabaseInit().

void SpoDatabaseCleanExitFunction int  ,
void * 
 

Definition at line 2792 of file spo_database.c.

References _SharedDatabaseData::cid, _SharedDatabaseDataNode::data, DEBUG_LOG, DEBUG_WRAP, Disconnect(), FreeSharedDataList(), instances, NULL, _DatabaseData::shared, _SharedDatabaseData::sid, and UpdateLastCid().

Referenced by DatabaseInit().

void SpoDatabaseRestartFunction int  ,
void * 
 

Definition at line 2812 of file spo_database.c.

References _SharedDatabaseData::cid, _SharedDatabaseDataNode::data, DEBUG_LOG, DEBUG_WRAP, Disconnect(), FreeSharedDataList(), instances, NULL, _DatabaseData::shared, _SharedDatabaseData::sid, and UpdateLastCid().

Referenced by DatabaseInit().

int UpdateLastCid DatabaseData ,
int  ,
int 
 

Definition at line 1853 of file spo_database.c.

References Insert(), MAX_QUERY_LENGTH, NULL, SnortAlloc(), and snprintf.

Referenced by DatabaseInit(), SpoDatabaseCleanExitFunction(), and SpoDatabaseRestartFunction().

Variable Documentation

int instances = 0 [static]
 

Definition at line 247 of file spo_database.c.

Referenced by DatabaseInit(), SpoDatabaseCleanExitFunction(), and SpoDatabaseRestartFunction().

OptTreeNode* otn_tmp
 

Definition at line 80 of file parser.c.

PV pv
 

Definition at line 129 of file snort.c.

SharedDatabaseDataNode* sharedDataList = NULL [static]
 

Definition at line 246 of file spo_database.c.

Generated on Sun May 14 14:51:23 2006 by  doxygen 1.4.2