0001-added-support-to-print-the-known-protocols-in-the-al.patch - Suricata - Open Information Security Foundation

Bug #235 » 0001-added-support-to-print-the-known-protocols-in-the-al.patch

Gurvinder Singh, 09/12/2010 12:06 AM

     #define DEFAULT_LOG_FILENAME "fast.log"
     #define MODULE_NAME "AlertFastLog"
     #define PROTO_FILE  "/etc/protocols"
     TmEcode AlertFastLog (ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
     TmEcode AlertFastLogIPv4(ThreadVars *, Packet *, void *, PacketQueue *, PacketQueue *);
-...
     void AlertFastLogRegisterTests(void);
     static void AlertFastLogDeInitCtx(OutputCtx *);
     /* Structure to hold the information related to known protocol in /etc/protocols */
     static char *known_proto[255];
     void TmModuleAlertFastLogRegister (void) {
         tmm_modules[TMM_ALERTFASTLOG].name = MODULE_NAME;
         tmm_modules[TMM_ALERTFASTLOG].ThreadInit = AlertFastLogThreadInit;
-...
             inet_ntop(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip));
             inet_ntop(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip));
             fprintf(aft->file_ctx->fp, "%s  [**] [%" PRIu32 ":%" PRIu32 ":%" PRIu32 "] %s [**] [Classification: %s] [Priority: %" PRIu32 "] {%" PRIu32 "} %s:%" PRIu32 " -> %s:%" PRIu32 "",
                     timebuf, pa->gid, pa->sid, pa->rev, pa->msg, pa->class_msg, pa->prio, IPV4_GET_IPPROTO(p), srcip, p->sp, dstip, p->dp);
             if ((IPV4_GET_IPPROTO(p) > 0) && (IPV4_GET_IPPROTO(p) < 255) &&
                     known_proto[IPV4_GET_IPPROTO(p)] != NULL)
+            {
                 fprintf(aft->file_ctx->fp, "%s  [**] [%" PRIu32 ":%" PRIu32 ":%"
                         PRIu32 "] %s [**] [Classification: %s] [Priority: %"PRIu32"]"
                         " {%s} %s:%" PRIu32 " -> %s:%" PRIu32 "", timebuf,
                         pa->gid, pa->sid, pa->rev, pa->msg, pa->class_msg, pa->prio,
                         known_proto[IPV4_GET_IPPROTO(p)], srcip, p->sp, dstip, p->dp);
             } else {
                 fprintf(aft->file_ctx->fp, "%s  [**] [%" PRIu32 ":%" PRIu32 ":%"
                         PRIu32 "] %s [**] [Classification: %s] [Priority: %"PRIu32"]"
                         " {PROTO:%03" PRIu32 "} %s:%" PRIu32 " -> %s:%" PRIu32 "", timebuf,
                         pa->gid, pa->sid, pa->rev, pa->msg, pa->class_msg, pa->prio,
                         IPV4_GET_IPPROTO(p), srcip, p->sp, dstip, p->dp);
+            }
             if(pa->references != NULL)  {
                 fprintf(aft->file_ctx->fp," ");
-...
             inet_ntop(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip));
             inet_ntop(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip));
             fprintf(aft->file_ctx->fp, "%s  [**] [%" PRIu32 ":%" PRIu32 ":%" PRIu32 "] %s [**] [Classification: %s] [Priority: %" PRIu32 "] {%" PRIu32 "} %s:%" PRIu32 " -> %s:%" PRIu32 "",
                     timebuf, pa->gid, pa->sid, pa->rev, pa->msg, pa->class_msg, pa->prio, IPV6_GET_L4PROTO(p), srcip, p->sp, dstip, p->dp);
             if ((IPV6_GET_L4PROTO(p) > 0) && (IPV6_GET_L4PROTO(p) < 255) &&
                     known_proto[IPV6_GET_L4PROTO(p)] != NULL)
+            {
                 fprintf(aft->file_ctx->fp, "%s  [**] [%" PRIu32 ":%" PRIu32 ":%"
                         "" PRIu32 "] %s [**] [Classification: %s] [Priority: %"
                         "" PRIu32 "] {%s} %s:%" PRIu32 " -> %s:%" PRIu32 "",
                         timebuf, pa->gid, pa->sid, pa->rev, pa->msg, pa->class_msg,
                         pa->prio, known_proto[IPV6_GET_L4PROTO(p)], srcip, p->sp,
                         dstip, p->dp);
             } else {
                 fprintf(aft->file_ctx->fp, "%s  [**] [%" PRIu32 ":%" PRIu32 ":%"
                         "" PRIu32 "] %s [**] [Classification: %s] [Priority: %"
                         "" PRIu32 "] {PROTO:%03" PRIu32 "} %s:%" PRIu32 " -> %s:%" PRIu32 "",
                         timebuf, pa->gid, pa->sid, pa->rev, pa->msg, pa->class_msg,
                         pa->prio, IPV6_GET_L4PROTO(p), srcip, p->sp, dstip, p->dp);
+            }
             if(pa->references != NULL)  {
                 fprintf(aft->file_ctx->fp," ");
-...
         /* clear memory */
         memset(aft, 0, sizeof(AlertFastLogThread));
         /* clears the memory of loaded protocol names */
         for (uint8_t cnt=0;cnt < 255;cnt++) {
             if(known_proto[cnt] != NULL)
                 SCFree(known_proto[cnt]);
+        }
         SCFree(aft);
         return TM_ECODE_OK;
+    }
-...
         output_ctx->data = logfile_ctx;
         output_ctx->DeInit = AlertFastLogDeInitCtx;
         /* Load the known protocols name from the /etc/protocols file */
         FILE *fp = fopen(PROTO_FILE,"r");
         if (fp != NULL) {
             char line[200];
             char *ptr = NULL;
             while(fgets(line, sizeof(line), fp) != NULL) {
                 if (line[0] == '#')
                     continue;
                 char *name = strtok_r(line," \t", &ptr);
                 if (name == NULL)
                     continue;
                 char *proto_ch = strtok_r(NULL," \t", &ptr);
                 if (proto_ch == NULL)
                     continue;
                 int proto = atoi(proto_ch);
                 if (proto >= 255)
                     continue;
                 char *cname = strtok_r(NULL, " \t", &ptr);
                 if (cname != NULL) {
                     known_proto[proto] = strdup(cname);
                 } else {
                     known_proto[proto] = strdup(name);
+                }
+            }
             fclose(fp);
+        }
         SCLogInfo("Fast log output initialized, filename: %s", filename);
         return output_ctx;

« Previous
1
2
Next »

(1-1/2)

Project

General

Profile

Suricata

Bug #235 » 0001-added-support-to-print-the-known-protocols-in-the-al.patch