"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/parser.h" (16 Oct 2020, 21075 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "parser.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /*
    2 ** Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    3 ** Copyright (C) 2002-2013 Sourcefire, Inc.
    4 ** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
    5 ** Copyright (C) 2000-2001 Andrew R. Baker <andrewb@uab.edu>
    6 **
    7 ** This program is free software; you can redistribute it and/or modify
    8 ** it under the terms of the GNU General Public License Version 2 as
    9 ** published by the Free Software Foundation.  You may not use, modify or
   10 ** distribute this program under any other version of the GNU General
   11 ** Public License.
   12 **
   13 ** This program is distributed in the hope that it will be useful,
   14 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
   15 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16 ** GNU General Public License for more details.
   17 **
   18 ** You should have received a copy of the GNU General Public License
   19 ** along with this program; if not, write to the Free Software
   20 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   21 */
   22 
   23 /* $Id$ */
   24 #ifndef __PARSER_H__
   25 #define __PARSER_H__
   26 
   27 #ifdef HAVE_CONFIG_H
   28 # include "config.h"
   29 #endif
   30 
   31 #include <stdio.h>
   32 #include <sfPolicy.h>
   33 
   34 #include "rules.h"
   35 #include "treenodes.h"
   36 #include "decode.h"
   37 #include "sflsq.h"
   38 #include "snort.h"
   39 #include "util.h"
   40 
   41 
   42 /* Macros *********************************************************************/
   43 /* Rule keywords */
   44 #define SNORT_CONF_KEYWORD__ACTIVATE   "activate"
   45 #define SNORT_CONF_KEYWORD__ALERT      "alert"
   46 #define SNORT_CONF_KEYWORD__DROP       "drop"
   47 #define SNORT_CONF_KEYWORD__BLOCK      "block"
   48 #define SNORT_CONF_KEYWORD__DYNAMIC    "dynamic"
   49 #define SNORT_CONF_KEYWORD__LOG        "log"
   50 #define SNORT_CONF_KEYWORD__PASS       "pass"
   51 #define SNORT_CONF_KEYWORD__REJECT    "reject"
   52 #define SNORT_CONF_KEYWORD__SDROP     "sdrop"
   53 #define SNORT_CONF_KEYWORD__SBLOCK    "sblock"
   54 
   55 /* Include keyword */
   56 #define SNORT_CONF_KEYWORD__INCLUDE  "include"
   57 
   58 /* Rest of the keywords */
   59 #define SNORT_CONF_KEYWORD__ATTRIBUTE_TABLE      "attribute_table"
   60 #define SNORT_CONF_KEYWORD__CONFIG               "config"
   61 #define SNORT_CONF_KEYWORD__DYNAMIC_DETECTION    "dynamicdetection"
   62 #define SNORT_CONF_KEYWORD__DYNAMIC_ENGINE       "dynamicengine"
   63 #define SNORT_CONF_KEYWORD__DYNAMIC_PREPROC      "dynamicpreprocessor"
   64 #define SNORT_CONF_KEYWORD__DYNAMIC_OUTPUT       "dynamicoutput"
   65 #ifdef SIDE_CHANNEL
   66 # define SNORT_CONF_KEYWORD__DYNAMIC_SIDE_CHAN  "dynamicsidechannel"
   67 #endif
   68 #define SNORT_CONF_KEYWORD__EVENT_FILTER         "event_filter"
   69 # define SNORT_CONF_KEYWORD__IPVAR               "ipvar"
   70 #define SNORT_CONF_KEYWORD__OUTPUT               "output"
   71 #define SNORT_CONF_KEYWORD__PORTVAR              "portvar"
   72 #define SNORT_CONF_KEYWORD__PREPROCESSOR         "preprocessor"
   73 #define SNORT_CONF_KEYWORD__RATE_FILTER          "rate_filter"
   74 #define SNORT_CONF_KEYWORD__RULE_STATE           "rule_state"
   75 #define SNORT_CONF_KEYWORD__RULE_TYPE            "ruletype"
   76 #ifdef SIDE_CHANNEL
   77 # define SNORT_CONF_KEYWORD__SIDE_CHANNEL         "sidechannel"
   78 #endif
   79 #define SNORT_CONF_KEYWORD__SUPPRESS             "suppress"
   80 #define SNORT_CONF_KEYWORD__THRESHOLD            "threshold"
   81 #define SNORT_CONF_KEYWORD__VAR                  "var"
   82 #define SNORT_CONF_KEYWORD__VERSION              "version"
   83 #define SNORT_CONF_KEYWORD__FILE                 "file"
   84 
   85 /* Config options */
   86 #define CONFIG_OPT__ALERT_FILE                      "alertfile"
   87 #define CONFIG_OPT__ALERT_WITH_IFACE_NAME           "alert_with_interface_name"
   88 #define CONFIG_OPT__AUTOGEN_PREPROC_DECODER_RULES   "autogenerate_preprocessor_decoder_rules"
   89 #define CONFIG_OPT__ASN1                            "asn1"
   90 #define CONFIG_OPT__BINDING                         "binding"
   91 #define CONFIG_OPT__BPF_FILE                        "bpf_file"
   92 #define CONFIG_OPT__CHECKSUM_DROP                   "checksum_drop"
   93 #define CONFIG_OPT__CHECKSUM_MODE                   "checksum_mode"
   94 #define CONFIG_OPT__CHROOT_DIR                      "chroot"
   95 #define CONFIG_OPT__CLASSIFICATION                  "classification"
   96 #define CONFIG_OPT__DAEMON                          "daemon"
   97 #define CONFIG_OPT__DECODE_DATA_LINK                "decode_data_link"
   98 #define CONFIG_OPT__DECODE_ESP                      "decode_esp"
   99 #define CONFIG_OPT__DEFAULT_RULE_STATE              "default_rule_state"
  100 #define CONFIG_OPT__DETECTION                       "detection"
  101 #define CONFIG_OPT__DETECTION_FILTER                "detection_filter"
  102 #define CONFIG_OPT__PROTECTED_CONTENT               "protected_content"
  103 #ifdef INLINE_FAILOPEN
  104 # define CONFIG_OPT__DISABLE_INLINE_FAILOPEN         "disable_inline_init_failopen"
  105 #endif
  106 #define CONFIG_OPT__DISABLE_DECODE_ALERTS           "disable_decode_alerts"
  107 #define CONFIG_OPT__DISABLE_DECODE_DROPS            "disable_decode_drops"
  108 #define CONFIG_OPT__DISABLE_IP_OPT_ALERTS           "disable_ipopt_alerts"
  109 #define CONFIG_OPT__DISABLE_IP_OPT_DROPS            "disable_ipopt_drops"
  110 #define CONFIG_OPT__DISABLE_TCP_OPT_ALERTS          "disable_tcpopt_alerts"
  111 #define CONFIG_OPT__DISABLE_TCP_OPT_DROPS           "disable_tcpopt_drops"
  112 #define CONFIG_OPT__DISABLE_TCP_OPT_EXP_ALERTS      "disable_tcpopt_experimental_alerts"
  113 #define CONFIG_OPT__DISABLE_TCP_OPT_EXP_DROPS       "disable_tcpopt_experimental_drops"
  114 #define CONFIG_OPT__DISABLE_TCP_OPT_OBS_ALERTS      "disable_tcpopt_obsolete_alerts"
  115 #define CONFIG_OPT__DISABLE_TCP_OPT_OBS_DROPS       "disable_tcpopt_obsolete_drops"
  116 #define CONFIG_OPT__DISABLE_TTCP_ALERTS             "disable_ttcp_alerts"
  117 #define CONFIG_OPT__DISABLE_TCP_OPT_TTCP_ALERTS     "disable_tcpopt_ttcp_alerts"
  118 #define CONFIG_OPT__DISABLE_TTCP_DROPS              "disable_ttcp_drops"
  119 #define CONFIG_OPT__DUMP_CHARS_ONLY                 "dump_chars_only"
  120 #define CONFIG_OPT__DUMP_PAYLOAD                    "dump_payload"
  121 #define CONFIG_OPT__DUMP_PAYLOAD_VERBOSE            "dump_payload_verbose"
  122 #define CONFIG_OPT__ENABLE_DECODE_DROPS             "enable_decode_drops"
  123 #define CONFIG_OPT__ENABLE_DECODE_OVERSIZED_ALERTS  "enable_decode_oversized_alerts"
  124 #define CONFIG_OPT__ENABLE_DECODE_OVERSIZED_DROPS   "enable_decode_oversized_drops"
  125 #define CONFIG_OPT__ENABLE_DEEP_TEREDO_INSPECTION   "enable_deep_teredo_inspection"
  126 #define CONFIG_OPT__ENABLE_GTP_DECODING             "enable_gtp"
  127 #define CONFIG_OPT__ENABLE_IP_OPT_DROPS             "enable_ipopt_drops"
  128 #ifdef MPLS
  129 # define CONFIG_OPT__ENABLE_MPLS_MULTICAST          "enable_mpls_multicast"
  130 # define CONFIG_OPT__ENABLE_MPLS_OVERLAPPING_IP     "enable_mpls_overlapping_ip"
  131 #endif  /* MPLS */
  132 #define CONFIG_OPT__ENABLE_TCP_OPT_DROPS            "enable_tcpopt_drops"
  133 #define CONFIG_OPT__ENABLE_TCP_OPT_EXP_DROPS        "enable_tcpopt_experimental_drops"
  134 #define CONFIG_OPT__ENABLE_TCP_OPT_OBS_DROPS        "enable_tcpopt_obsolete_drops"
  135 #define CONFIG_OPT__ENABLE_TTCP_DROPS               "enable_ttcp_drops"
  136 #define CONFIG_OPT__ENABLE_TCP_OPT_TTCP_DROPS       "enable_tcpopt_ttcp_drops"
  137 #define CONFIG_OPT__EVENT_FILTER                    "event_filter"
  138 #define CONFIG_OPT__EVENT_QUEUE                     "event_queue"
  139 #define CONFIG_OPT__EVENT_TRACE                     "event_trace"
  140 # define CONFIG_OPT__REACT                          "react"
  141 #ifdef ENABLE_RESPONSE3
  142 # define CONFIG_OPT__FLEXRESP2_INTERFACE            "flexresp2_interface"
  143 # define CONFIG_OPT__FLEXRESP2_ATTEMPTS             "flexresp2_attempts"
  144 # define CONFIG_OPT__FLEXRESP2_MEMCAP               "flexresp2_memcap"
  145 # define CONFIG_OPT__FLEXRESP2_ROWS                 "flexresp2_rows"
  146 #endif // ENABLE_RESPONSE3
  147 #ifdef ACTIVE_RESPONSE
  148 # define CONFIG_OPT__RESPONSE                       "response"
  149 #endif
  150 #define CONFIG_OPT__FLOWBITS_SIZE                   "flowbits_size"
  151 #define CONFIG_OPT__IGNORE_PORTS                    "ignore_ports"
  152 #define CONFIG_OPT__ALERT_VLAN                      "include_vlan_in_alerts"
  153 #define CONFIG_OPT__INTERFACE                       "interface"
  154 #define CONFIG_OPT__IPV6_FRAG                       "ipv6_frag"
  155 #define CONFIG_OPT__LAYER2RESETS                    "layer2resets"
  156 #define CONFIG_OPT__LOG_DIR                         "logdir"
  157 #define CONFIG_OPT__DAQ_TYPE                        "daq"
  158 #define CONFIG_OPT__DAQ_MODE                        "daq_mode"
  159 #define CONFIG_OPT__DAQ_VAR                         "daq_var"
  160 #define CONFIG_OPT__DAQ_DIR                         "daq_dir"
  161 #define CONFIG_OPT__DIRTY_PIG                       "dirty_pig"
  162 #ifdef TARGET_BASED
  163 # define CONFIG_OPT__MAX_ATTRIBUTE_HOSTS            "max_attribute_hosts"
  164 # define CONFIG_OPT__MAX_ATTRIBUTE_SERVICES_PER_HOST "max_attribute_services_per_host"
  165 # define CONFIG_OPT__MAX_METADATA_SERVICES          "max_metadata_services"
  166 #define CONFIG_OPT__DISABLE_ATTRIBUTE_RELOAD        "disable-attribute-reload-thread"
  167 #endif  /* TARGET_BASED */
  168 #ifdef MPLS
  169 # define CONFIG_OPT__MAX_MPLS_LABELCHAIN_LEN        "max_mpls_labelchain_len"
  170 # define CONFIG_OPT__MPLS_PAYLOAD_TYPE              "mpls_payload_type"
  171 #endif  /* MPLS */
  172 #define CONFIG_OPT__MIN_TTL                         "min_ttl"
  173 #ifdef NORMALIZER
  174 #define CONFIG_OPT__NEW_TTL                         "new_ttl"
  175 #endif
  176 #define CONFIG_OPT__NO_LOG                          "nolog"
  177 #define CONFIG_OPT__NO_PCRE                         "nopcre"
  178 #define CONFIG_OPT__NO_PROMISCUOUS                  "no_promisc"
  179 #define CONFIG_OPT__OBFUSCATE                       "obfuscate"
  180 #define CONFIG_OPT__ORDER                           "order"
  181 #define CONFIG_OPT__PAF_MAX                         "paf_max"
  182 #define CONFIG_OPT__PCRE_MATCH_LIMIT                "pcre_match_limit"
  183 #define CONFIG_OPT__PCRE_MATCH_LIMIT_RECURSION      "pcre_match_limit_recursion"
  184 #define CONFIG_OPT__PKT_COUNT                       "pkt_count"
  185 #define CONFIG_OPT__PKT_SNAPLEN                     "snaplen"
  186 #define CONFIG_OPT__PID_PATH                        "pidpath"
  187 #define CONFIG_OPT__POLICY                          "policy_id"
  188 #define CONFIG_OPT__IPS_POLICY_MODE                 "policy_mode"
  189 #define CONFIG_OPT__NAP_POLICY_MODE                 "na_policy_mode"
  190 #define CONFIG_OPT__POLICY_VERSION                  "policy_version"
  191 #ifdef PPM_MGR
  192 # define CONFIG_OPT__PPM                            "ppm"
  193 #endif
  194 #ifdef PERF_PROFILING
  195 # define CONFIG_OPT__PROFILE_PREPROCS               "profile_preprocs"
  196 # define CONFIG_OPT__PROFILE_RULES                  "profile_rules"
  197 #endif  /* PERF_PROFILING */
  198 #define CONFIG_OPT__QUIET                           "quiet"
  199 #define CONFIG_OPT__RATE_FILTER                     "rate_filter"
  200 #define CONFIG_OPT__REFERENCE                       "reference"
  201 #define CONFIG_OPT__REFERENCE_NET                   "reference_net"
  202 #define CONFIG_OPT__SET_GID                         "set_gid"
  203 #define CONFIG_OPT__SET_UID                         "set_uid"
  204 #define CONFIG_OPT__SHOW_YEAR                       "show_year"
  205 #define CONFIG_OPT__SO_RULE_MEMCAP                  "so_rule_memcap"
  206 #define CONFIG_OPT__STATEFUL                        "stateful"
  207 #define CONFIG_OPT__TAGGED_PACKET_LIMIT             "tagged_packet_limit"
  208 #define CONFIG_OPT__THRESHOLD                       "threshold"
  209 #define CONFIG_OPT__UMASK                           "umask"
  210 #define CONFIG_OPT__UTC                             "utc"
  211 #define CONFIG_OPT__VERBOSE                         "verbose"
  212 #define CONFIG_OPT__VLAN_AGNOSTIC                   "vlan_agnostic"
  213 #define CONFIG_OPT__ADDRESSSPACE_AGNOSTIC           "addressspace_agnostic"
  214 #define CONFIG_OPT__LOG_IPV6_EXTRA                  "log_ipv6_extra_data"
  215 #define CONFIG_OPT__DUMP_DYNAMIC_RULES_PATH         "dump-dynamic-rules-path"
  216 #define CONFIG_OPT__CONTROL_SOCKET_DIR              "cs_dir"
  217 #define CONFIG_OPT__FILE                            "file"
  218 #define CONFIG_OPT__TUNNEL_BYPASS                   "tunnel_verdicts"
  219 #ifdef SIDE_CHANNEL
  220 # define CONFIG_OPT__SIDE_CHANNEL                   "sidechannel"
  221 #endif
  222 #define CONFIG_OPT__MAX_IP6_EXTENSIONS              "max_ip6_extensions"
  223 #define CONFIG_OPT__DISABLE_REPLACE                 "disable_replace"
  224 #ifdef DUMP_BUFFER
  225 #define CONFIG_OPT__BUFFER_DUMP                     "buffer_dump"
  226 #define CONFIG_OPT__BUFFER_DUMP_ALERT               "buffer_dump_alert"
  227 #endif
  228 /* exported values */
  229 extern char *file_name;
  230 extern int file_line;
  231 
  232 
  233 /* rule setup funcs */
  234 SnortConfig * ParseSnortConf(void);
  235 void ParseRules(SnortConfig *);
  236 IpsPortFilter** ParseIpsPortList (SnortConfig*, IpProto);
  237 
  238 void ParseOutput(SnortConfig *, SnortPolicy *, char *);
  239 void OrderRuleLists(SnortConfig *, char *);
  240 void PrintRuleOrder(RuleListNode *);
  241 
  242 char * VarGet(SnortConfig *, char *);
  243 char * ProcessFileOption(SnortConfig *, const char *);
  244 void SetRuleStates(SnortConfig *);
  245 int GetPcaps(SF_LIST *, SF_QUEUE *);
  246 
  247 void ParserCleanup(void);
  248 void FreeRuleLists(SnortConfig *);
  249 void VarTablesFree(SnortConfig *);
  250 void PortTablesFree(rule_port_tables_t *);
  251 int CompareIPNodes(IpAddrNode *, IpAddrNode *);
  252 
  253 void ResolveOutputPlugins(SnortConfig *, SnortConfig *);
  254 void ConfigureOutputPlugins(SnortConfig *);
  255 void ConfigurePreprocessors(SnortConfig *, int);
  256 void ConfigureSideChannelModules(SnortConfig *);
  257 
  258 NORETURN void ParseError(const char *, ...);
  259 void ParseWarning(const char *, ...);
  260 void ParseMessage(const char *, ...);
  261 
  262 void ConfigAlertBeforePass(SnortConfig *, char *);
  263 void ConfigAlertFile(SnortConfig *, char *);
  264 void ConfigAlertWithInterfaceName(SnortConfig *, char *);
  265 void ConfigAsn1(SnortConfig *, char *);
  266 void ConfigAutogenPreprocDecoderRules(SnortConfig *, char *);
  267 void ConfigBinding(SnortConfig *, char *);
  268 void ConfigBpfFile(SnortConfig *, char *);
  269 void ConfigChecksumDrop(SnortConfig *, char *);
  270 void ConfigChecksumMode(SnortConfig *, char *);
  271 void ConfigChrootDir(SnortConfig *, char *);
  272 void ConfigClassification(SnortConfig *, char *);
  273 void ConfigCreatePidFile(SnortConfig *, char *);
  274 void ConfigDaemon(SnortConfig *, char *);
  275 void ConfigDecodeDataLink(SnortConfig *, char *);
  276 void ConfigDefaultRuleState(SnortConfig *, char *);
  277 void ConfigDetection(SnortConfig *, char *);
  278 void ConfigDetectionFilter(SnortConfig *, char *);
  279 void ConfigDisableDecodeAlerts(SnortConfig *, char *);
  280 void ConfigDisableDecodeDrops(SnortConfig *, char *);
  281 #ifdef INLINE_FAILOPEN
  282 void ConfigDisableInlineFailopen(SnortConfig *, char *);
  283 #endif
  284 void ConfigDisableIpOptAlerts(SnortConfig *, char *);
  285 void ConfigDisableIpOptDrops(SnortConfig *, char *);
  286 void ConfigDisableTcpOptAlerts(SnortConfig *, char *);
  287 void ConfigDisableTcpOptDrops(SnortConfig *, char *);
  288 void ConfigDisableTcpOptExperimentalAlerts(SnortConfig *, char *);
  289 void ConfigDisableTcpOptExperimentalDrops(SnortConfig *, char *);
  290 void ConfigDisableTcpOptObsoleteAlerts(SnortConfig *, char *);
  291 void ConfigDisableTcpOptObsoleteDrops(SnortConfig *, char *);
  292 void ConfigDisableTTcpAlerts(SnortConfig *, char *);
  293 void ConfigDisableTTcpDrops(SnortConfig *, char *);
  294 void ConfigDumpCharsOnly(SnortConfig *, char *);
  295 void ConfigDumpPayload(SnortConfig *, char *);
  296 void ConfigDumpPayloadVerbose(SnortConfig *, char *);
  297 void ConfigEnableDecodeDrops(SnortConfig *, char *);
  298 void ConfigEnableDecodeOversizedAlerts(SnortConfig *, char *);
  299 void ConfigEnableDecodeOversizedDrops(SnortConfig *, char *);
  300 void ConfigEnableDeepTeredoInspection(SnortConfig *sc, char *args);
  301 void ConfigEnableGTPDecoding(SnortConfig *sc, char *args);
  302 void ConfigEnableEspDecoding(SnortConfig *sc, char *args);
  303 void ConfigEnableIpOptDrops(SnortConfig *, char *);
  304 #ifdef MPLS
  305 void ConfigEnableMplsMulticast(SnortConfig *, char *);
  306 void ConfigEnableMplsOverlappingIp(SnortConfig *, char *);
  307 #endif
  308 void ConfigEnableTcpOptDrops(SnortConfig *, char *);
  309 void ConfigEnableTcpOptExperimentalDrops(SnortConfig *, char *);
  310 void ConfigEnableTcpOptObsoleteDrops(SnortConfig *, char *);
  311 void ConfigEnableTTcpDrops(SnortConfig *, char *);
  312 void ConfigEventFilter(SnortConfig *, char *);
  313 void ConfigEventQueue(SnortConfig *, char *);
  314 void ConfigEventTrace(SnortConfig *, char *);
  315 #ifdef ENABLE_RESPONSE3
  316 void ConfigFlexresp2Interface(SnortConfig *, char *);
  317 void ConfigFlexresp2Attempts(SnortConfig *, char *);
  318 void ConfigFlexresp2Memcap(SnortConfig *, char *);
  319 void ConfigFlexresp2Rows(SnortConfig *, char *);
  320 #endif
  321 #ifdef ACTIVE_RESPONSE
  322 void ConfigResponse(SnortConfig*, char*);
  323 #endif
  324 void ConfigReact(SnortConfig*, char*);
  325 void ConfigFlowbitsSize(SnortConfig *, char *);
  326 void ConfigIgnorePorts(SnortConfig *, char *);
  327 void ConfigIncludeVlanInAlert(SnortConfig *, char *);
  328 void ConfigInterface(SnortConfig *, char *);
  329 void ConfigIpv6Frag(SnortConfig *, char *);
  330 void ConfigLayer2Resets(SnortConfig *, char *);
  331 void ConfigLogDir(SnortConfig *, char *);
  332 void ConfigDaqType(SnortConfig *, char *);
  333 void ConfigDaqMode(SnortConfig *, char *);
  334 void ConfigDaqVar(SnortConfig *, char *);
  335 void ConfigDaqDir(SnortConfig *, char *);
  336 void ConfigDirtyPig(SnortConfig *, char *);
  337 #ifdef TARGET_BASED
  338 void ConfigMaxAttributeHosts(SnortConfig *, char *);
  339 void ConfigMaxAttributeServicesPerHost(SnortConfig *, char *);
  340 void ConfigMaxMetadataServices(SnortConfig *, char *);
  341 void ConfigDisableAttributeReload(SnortConfig *, char *);
  342 #endif
  343 #ifdef MPLS
  344 void ConfigMaxMplsLabelChain(SnortConfig *, char *);
  345 void ConfigMplsPayloadType(SnortConfig *, char *);
  346 #endif
  347 void ConfigMinTTL(SnortConfig *, char *);
  348 #ifdef NORMALIZER
  349 void ConfigNewTTL(SnortConfig *, char *);
  350 #endif
  351 void ConfigNoLog(SnortConfig *, char *);
  352 void ConfigNoLoggingTimestamps(SnortConfig *, char *);
  353 void ConfigNoPcre(SnortConfig *, char *);
  354 void ConfigNoPromiscuous(SnortConfig *, char *);
  355 void ConfigObfuscate(SnortConfig *, char *);
  356 void ConfigObfuscationMask(SnortConfig *, char *);
  357 void ConfigPafMax(SnortConfig *, char *);
  358 void ConfigRateFilter(SnortConfig *, char *);
  359 void ConfigRuleListOrder(SnortConfig *, char *);
  360 void ConfigPacketCount(SnortConfig *, char *);
  361 void ConfigPacketSnaplen(SnortConfig *, char *);
  362 void ConfigPcreMatchLimit(SnortConfig *, char *);
  363 void ConfigPcreMatchLimitRecursion(SnortConfig *, char *);
  364 void ConfigPerfFile(SnortConfig *sc, char *);
  365 void ConfigPidPath(SnortConfig *, char *);
  366 void ConfigPolicy(SnortConfig *, char *);
  367 void ConfigIpsPolicyMode(SnortConfig *, char *);
  368 void ConfigNapPolicyMode(SnortConfig *, char *);
  369 void ConfigPolicyVersion(SnortConfig *, char *);
  370 void ConfigProtectedContent(SnortConfig *, char *);
  371 #ifdef PPM_MGR
  372 void ConfigPPM(SnortConfig *, char *);
  373 #endif
  374 void ConfigProcessAllEvents(SnortConfig *, char *);
  375 #ifdef PERF_PROFILING
  376 void ConfigProfilePreprocs(SnortConfig *, char *);
  377 void ConfigProfileRules(SnortConfig *, char *);
  378 #endif
  379 void ConfigQuiet(SnortConfig *, char *);
  380 void ConfigReadPcapFile(SnortConfig *, char *);
  381 void ConfigReference(SnortConfig *, char *);
  382 void ConfigReferenceNet(SnortConfig *, char *);
  383 void ConfigSetGid(SnortConfig *, char *);
  384 void ConfigSetUid(SnortConfig *, char *);
  385 void ConfigShowYear(SnortConfig *, char *);
  386 void ConfigSoRuleMemcap(SnortConfig *, char *);
  387 void ConfigStateful(SnortConfig *, char *);
  388 void ConfigTaggedPacketLimit(SnortConfig *, char *);
  389 void ConfigThreshold(SnortConfig *, char *);
  390 #ifdef TIMESTATS
  391 void ConfigTimestatsInterval(SnortConfig *, char *);
  392 #endif
  393 void ConfigTreatDropAsAlert(SnortConfig *, char *);
  394 void ConfigTreatDropAsIgnore(SnortConfig *, char *);
  395 void ConfigUmask(SnortConfig *, char *);
  396 void ConfigUtc(SnortConfig *, char *);
  397 void ConfigVerbose(SnortConfig *, char *);
  398 void ConfigVlanAgnostic(SnortConfig *, char *);
  399 void ConfigAddressSpaceAgnostic(SnortConfig *, char *);
  400 void ConfigLogIPv6Extra(SnortConfig *, char *);
  401 void ConfigDumpDynamicRulesPath(SnortConfig *, char *);
  402 void ConfigControlSocketDirectory(SnortConfig *, char *);
  403 void ConfigFile(SnortConfig *, char *);
  404 void ConfigTunnelVerdicts(SnortConfig*, char*);
  405 void ConfigMaxIP6Extensions(SnortConfig *, char*);
  406 void ConfigDisableReplace(SnortConfig *, char*);
  407 #ifdef DUMP_BUFFER
  408 void ConfigBufferDump(SnortConfig *, char *);
  409 #endif
  410 
  411 int addRtnToOtn(
  412         SnortConfig *sc,
  413         OptTreeNode *otn,
  414         tSfPolicyId policyId,
  415         RuleTreeNode *rtn
  416         );
  417 
  418 RuleTreeNode* deleteRtnFromOtn(
  419         SnortConfig *sc,
  420         OptTreeNode *otn,
  421         tSfPolicyId policyId
  422         );
  423 
  424 // use this so mSplit doesn't split IP lists (try c = ';')
  425 char* FixSeparators (char* rule, char c, const char* err);
  426 
  427 // use this as an alternative to mSplit when you just want name, value
  428 void GetNameValue (char* arg, char** nam, char** val, const char* err);
  429 
  430 /*Get RTN for a given OTN and policyId.
  431  *
  432  * @param otn pointer to structure OptTreeNode.
  433  * @param policyId policy id
  434  *
  435  * @return pointer to deleted RTN, NULL otherwise.
  436  */
  437 static inline RuleTreeNode *getRtnFromOtn(OptTreeNode *otn, tSfPolicyId policyId)
  438 {
  439     if (otn && otn->proto_nodes && (otn->proto_node_num > (unsigned)policyId))
  440     {
  441         return otn->proto_nodes[policyId];
  442     }
  443 
  444     return NULL;
  445 }
  446 
  447 /**Get rtn from otn for the current policy.
  448  */
  449 static inline RuleTreeNode *getParserRtnFromOtn(SnortConfig *sc, OptTreeNode *otn)
  450 {
  451     return getRtnFromOtn(otn, getParserPolicy(sc));
  452 }
  453 
  454 static inline RuleTreeNode *getRuntimeRtnFromOtn(OptTreeNode *otn)
  455 {
  456     return getRtnFromOtn(otn, getIpsRuntimePolicy());
  457 }
  458 
  459 SnortPolicy * SnortPolicyNew(void);
  460 void SnortPolicyFree(SnortPolicy *pPolicy);
  461 
  462 #endif /* __PARSER_H__ */
  463