"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/parser.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

parser.c  (snort-2.9.16.1):parser.c  (snort-2.9.17)
skipping to change at line 104 skipping to change at line 104
#include "sfPolicy.h" #include "sfPolicy.h"
#include "sfutil/mpse.h" #include "sfutil/mpse.h"
#include "sfutil/sfrim.h" #include "sfutil/sfrim.h"
#include "sfutil/sfportobject.h" #include "sfutil/sfportobject.h"
#include "sfutil/strvec.h" #include "sfutil/strvec.h"
#include "active.h" #include "active.h"
#include "file_config.h" #include "file_config.h"
#include "file_service_config.h" #include "file_service_config.h"
#include "dynamic-plugins/sp_dynamic.h" #include "dynamic-plugins/sp_dynamic.h"
#include "dynamic-output/plugins/output.h" #include "dynamic-output/plugins/output.h"
#include "stream_common.h"
#ifdef SIDE_CHANNEL #ifdef SIDE_CHANNEL
# include "sidechannel.h" # include "sidechannel.h"
#endif #endif
#ifdef TARGET_BASED #ifdef TARGET_BASED
# include "sftarget_reader.h" # include "sftarget_reader.h"
#endif #endif
/* Macros *********************************************************************/ /* Macros *********************************************************************/
skipping to change at line 1814 skipping to change at line 1815
*/ */
if (dst_flag) if (dst_flag)
rtn->dst_portobject = portobject; rtn->dst_portobject = portobject;
else else
rtn->src_portobject = portobject; rtn->src_portobject = portobject;
return 0; return 0;
} }
/*
* ParseIpsPortList() will create portlist for portocol specific and only for IP
S policy at the snort
* process bringup, it will be used to enable/disable detection on packet.
*/
IpsPortFilter** ParseIpsPortList (SnortConfig *sc, IpProto protocol)
{
tSfPolicyId policyId;
IpsPortFilter *ips_portfilter;
bool ignore_any = false;
// Allocate memory for each policy to hold port filter list
IpsPortFilter **ips_port_filter_list = ( IpsPortFilter** ) SnortAlloc( sizeo
f(IpsPortFilter*) * sfPolicyNumAllocated(sc->policy_config) );
if ( !ips_port_filter_list )
{
ParseError("IPS portlist memory allocation failed\n");
return NULL;
}
ignore_any = getStreamIgnoreAnyConfig(sc, protocol);
for (policyId = 0; policyId < sfPolicyNumAllocated(sc->policy_config); polic
yId++)
{
ips_portfilter = NULL;
// Create port filter list for default and IPS policy
if ( (policyId == 0) || (!getStreamPolicyConfig(policyId, 0)) )
{
ips_portfilter = ( IpsPortFilter* ) SnortAlloc( sizeof(IpsPortFilter
) );
if ( ips_portfilter )
{
ips_portfilter->parserPolicyId = policyId;
setPortFilterList(sc, ips_portfilter->port_filter, IPPROTO_UDP,
ignore_any, policyId);
ips_port_filter_list[ policyId ] = ips_portfilter;
} else
{
ParseError("Failed to allocate memory for port filter list polic
y id :%d \n",policyId);
return NULL;
}
} else
{
// NAP policy port filter list is created in pre-processor check
ips_port_filter_list[ policyId ] = NULL;
}
}
return ips_port_filter_list;
}
/**************************************************************************** /****************************************************************************
* *
* Function: CheckForIPListConflicts * Function: CheckForIPListConflicts
* *
* Purpose: Checks For IP List Conflicts in a RuleTreeNode. Such as * Purpose: Checks For IP List Conflicts in a RuleTreeNode. Such as
* negations that are overlapping and more general are not allowed. * negations that are overlapping and more general are not allowed.
* *
* For example, the following is not allowed: * For example, the following is not allowed:
* *
* [1.1.0.0/16,!1.0.0.0/8] * [1.1.0.0/16,!1.0.0.0/8]
skipping to change at line 3041 skipping to change at line 3088
RuleTreeNode *rtn = *rtn_addr; RuleTreeNode *rtn = *rtn_addr;
otn = (OptTreeNode *)SnortAlloc(sizeof(OptTreeNode)); otn = (OptTreeNode *)SnortAlloc(sizeof(OptTreeNode));
otn->chain_node_number = otn_count; otn->chain_node_number = otn_count;
otn->proto = protocol; otn->proto = protocol;
otn->event_data.sig_generator = GENERATOR_SNORT_ENGINE; otn->event_data.sig_generator = GENERATOR_SNORT_ENGINE;
otn->sigInfo.generator = GENERATOR_SNORT_ENGINE; otn->sigInfo.generator = GENERATOR_SNORT_ENGINE;
otn->sigInfo.rule_type = SI_RULE_TYPE_DETECT; /* standard rule */ otn->sigInfo.rule_type = SI_RULE_TYPE_DETECT; /* standard rule */
otn->sigInfo.rule_flushing = SI_RULE_FLUSHING_ON; /* usually just standar d rules cause a flush*/ otn->sigInfo.rule_flushing = SI_RULE_FLUSHING_ON; /* usually just standar d rules cause a flush*/
#ifdef TARGET_BASED
otn->sigInfo.service_override = ServiceOverride_Nil; otn->sigInfo.service_override = ServiceOverride_Nil;
#endif
/* Set the default rule state */ /* Set the default rule state */
otn->rule_state = ScDefaultRuleStateNewConf(sc); otn->rule_state = ScDefaultRuleStateNewConf(sc);
if (rule_opts == NULL) if (rule_opts == NULL)
{ {
DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES, "No rule options.\n");); DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES, "No rule options.\n"););
if (ScRequireRuleSidNewConf(sc)) if (ScRequireRuleSidNewConf(sc))
ParseError("Each rule must contain a Rule-sid."); ParseError("Each rule must contain a Rule-sid.");
skipping to change at line 5254 skipping to change at line 5303
while (1) while (1)
{ {
input = ReadLine(fp); input = ReadLine(fp);
if (input == NULL) if (input == NULL)
ParseError("Rule type declaration syntax error: %s.", arg); ParseError("Rule type declaration syntax error: %s.", arg);
toks = mSplit(input, " \t", 2, &num_toks, 0); toks = mSplit(input, " \t", 2, &num_toks, 0);
/* Just continue for blank line */ /* Just continue for blank line */
if (toks == NULL) if (toks == NULL)
{
free (input);
continue; continue;
}
/* Got end of rule type */ /* Got end of rule type */
if ((num_toks == 1) && (strcmp(toks[0], "}") == 0)) if ((num_toks == 1) && (strcmp(toks[0], "}") == 0))
{ {
free(input); free(input);
mSplitFree(&toks, num_toks); mSplitFree(&toks, num_toks);
break; break;
} }
free(input); free(input);
skipping to change at line 5348 skipping to change at line 5400
while (1) while (1)
{ {
input = ReadLine(fp); input = ReadLine(fp);
if (input == NULL) if (input == NULL)
ParseError("Rule type declaration syntax error: %s.", arg); ParseError("Rule type declaration syntax error: %s.", arg);
toks = mSplit(input, " \t", 2, &num_toks, 0); toks = mSplit(input, " \t", 2, &num_toks, 0);
/* Just continue for blank line */ /* Just continue for blank line */
if (toks == NULL) if (toks == NULL)
{
free(input);
continue; continue;
}
/* Got end of rule type */ /* Got end of rule type */
if ((num_toks == 1) && (strcmp(toks[0], "}") == 0)) if ((num_toks == 1) && (strcmp(toks[0], "}") == 0))
{ {
free(input); free(input);
mSplitFree(&toks, num_toks); mSplitFree(&toks, num_toks);
break; break;
} }
if ((num_toks != 2) || if ((num_toks != 2) ||
skipping to change at line 6112 skipping to change at line 6167
free(new_line); free(new_line);
new_line = NULL; new_line = NULL;
} }
/* set the flag to let us know the next line is /* set the flag to let us know the next line is
* a continuation line */ * a continuation line */
continuation = 1; continuation = 1;
} }
} }
if (saved_line != NULL)
free(saved_line);
fclose(fp); fclose(fp);
free(buf); free(buf);
} }
static int ContinuationCheck(char *rule) static int ContinuationCheck(char *rule)
{ {
char *idx; /* indexing var for moving around on the string */ char *idx; /* indexing var for moving around on the string */
idx = rule + strlen(rule) - 1; idx = rule + strlen(rule) - 1;
skipping to change at line 11285 skipping to change at line 11343
*/ */
rpt->tcp_src->pt_lrc = DEFAULT_LARGE_RULE_GROUP; rpt->tcp_src->pt_lrc = DEFAULT_LARGE_RULE_GROUP;
rpt->tcp_dst->pt_lrc = DEFAULT_LARGE_RULE_GROUP; rpt->tcp_dst->pt_lrc = DEFAULT_LARGE_RULE_GROUP;
rpt->udp_src->pt_lrc = DEFAULT_LARGE_RULE_GROUP; rpt->udp_src->pt_lrc = DEFAULT_LARGE_RULE_GROUP;
rpt->udp_dst->pt_lrc = DEFAULT_LARGE_RULE_GROUP; rpt->udp_dst->pt_lrc = DEFAULT_LARGE_RULE_GROUP;
rpt->icmp_src->pt_lrc= DEFAULT_LARGE_RULE_GROUP; rpt->icmp_src->pt_lrc= DEFAULT_LARGE_RULE_GROUP;
rpt->icmp_dst->pt_lrc= DEFAULT_LARGE_RULE_GROUP; rpt->icmp_dst->pt_lrc= DEFAULT_LARGE_RULE_GROUP;
rpt->ip_src->pt_lrc = DEFAULT_LARGE_RULE_GROUP; rpt->ip_src->pt_lrc = DEFAULT_LARGE_RULE_GROUP;
rpt->ip_dst->pt_lrc = DEFAULT_LARGE_RULE_GROUP; rpt->ip_dst->pt_lrc = DEFAULT_LARGE_RULE_GROUP;
#ifndef TARGET_BASED #ifdef TARGET_BASED
// if TARGET_BASED is not enabled, ensure that these // if TARGET_BASED is not enabled, ensure that these
// port tables are NULL. // port tables are NULL.
rpt->ns_tcp_src = NULL; rpt->ns_tcp_src = NULL;
rpt->ns_tcp_dst = NULL; rpt->ns_tcp_dst = NULL;
rpt->ns_udp_src = NULL; rpt->ns_udp_src = NULL;
rpt->ns_udp_dst = NULL; rpt->ns_udp_dst = NULL;
rpt->ns_icmp_src = NULL; rpt->ns_icmp_src = NULL;
rpt->ns_icmp_dst = NULL; rpt->ns_icmp_dst = NULL;
rpt->ns_ip_src = NULL; rpt->ns_ip_src = NULL;
rpt->ns_ip_dst = NULL; rpt->ns_ip_dst = NULL;
 End of changes. 10 change blocks. 
1 lines changed or deleted 65 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)