1 /*
2 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 ** Copyright (C) 2002-2013 Sourcefire, Inc.
4 ** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
5 ** Copyright (C) 2000-2001 Andrew R. Baker <andrewb@uab.edu>
6 **
7 ** This program is free software; you can redistribute it and/or modify
8 ** it under the terms of the GNU General Public License Version 2 as
9 ** published by the Free Software Foundation. You may not use, modify or
10 ** distribute this program under any other version of the GNU General
11 ** Public License.
12 **
13 ** This program is distributed in the hope that it will be useful,
14 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
15 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 ** GNU General Public License for more details.
17 **
18 ** You should have received a copy of the GNU General Public License
19 ** along with this program; if not, write to the Free Software
20 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
21 */
22
23 /* $Id$ */
24 #ifndef __PARSER_H__
25 #define __PARSER_H__
26
27 #ifdef HAVE_CONFIG_H
28 # include "config.h"
29 #endif
30
31 #include <stdio.h>
32 #include <sfPolicy.h>
33
34 #include "rules.h"
35 #include "treenodes.h"
36 #include "decode.h"
37 #include "sflsq.h"
38 #include "snort.h"
39 #include "util.h"
40
41
42 /* Macros *********************************************************************/
43 /* Rule keywords */
44 #define SNORT_CONF_KEYWORD__ACTIVATE "activate"
45 #define SNORT_CONF_KEYWORD__ALERT "alert"
46 #define SNORT_CONF_KEYWORD__DROP "drop"
47 #define SNORT_CONF_KEYWORD__BLOCK "block"
48 #define SNORT_CONF_KEYWORD__DYNAMIC "dynamic"
49 #define SNORT_CONF_KEYWORD__LOG "log"
50 #define SNORT_CONF_KEYWORD__PASS "pass"
51 #define SNORT_CONF_KEYWORD__REJECT "reject"
52 #define SNORT_CONF_KEYWORD__SDROP "sdrop"
53 #define SNORT_CONF_KEYWORD__SBLOCK "sblock"
54
55 /* Include keyword */
56 #define SNORT_CONF_KEYWORD__INCLUDE "include"
57
58 /* Rest of the keywords */
59 #define SNORT_CONF_KEYWORD__ATTRIBUTE_TABLE "attribute_table"
60 #define SNORT_CONF_KEYWORD__CONFIG "config"
61 #define SNORT_CONF_KEYWORD__DYNAMIC_DETECTION "dynamicdetection"
62 #define SNORT_CONF_KEYWORD__DYNAMIC_ENGINE "dynamicengine"
63 #define SNORT_CONF_KEYWORD__DYNAMIC_PREPROC "dynamicpreprocessor"
64 #define SNORT_CONF_KEYWORD__DYNAMIC_OUTPUT "dynamicoutput"
65 #ifdef SIDE_CHANNEL
66 # define SNORT_CONF_KEYWORD__DYNAMIC_SIDE_CHAN "dynamicsidechannel"
67 #endif
68 #define SNORT_CONF_KEYWORD__EVENT_FILTER "event_filter"
69 # define SNORT_CONF_KEYWORD__IPVAR "ipvar"
70 #define SNORT_CONF_KEYWORD__OUTPUT "output"
71 #define SNORT_CONF_KEYWORD__PORTVAR "portvar"
72 #define SNORT_CONF_KEYWORD__PREPROCESSOR "preprocessor"
73 #define SNORT_CONF_KEYWORD__RATE_FILTER "rate_filter"
74 #define SNORT_CONF_KEYWORD__RULE_STATE "rule_state"
75 #define SNORT_CONF_KEYWORD__RULE_TYPE "ruletype"
76 #ifdef SIDE_CHANNEL
77 # define SNORT_CONF_KEYWORD__SIDE_CHANNEL "sidechannel"
78 #endif
79 #define SNORT_CONF_KEYWORD__SUPPRESS "suppress"
80 #define SNORT_CONF_KEYWORD__THRESHOLD "threshold"
81 #define SNORT_CONF_KEYWORD__VAR "var"
82 #define SNORT_CONF_KEYWORD__VERSION "version"
83 #define SNORT_CONF_KEYWORD__FILE "file"
84
85 /* Config options */
86 #define CONFIG_OPT__ALERT_FILE "alertfile"
87 #define CONFIG_OPT__ALERT_WITH_IFACE_NAME "alert_with_interface_name"
88 #define CONFIG_OPT__AUTOGEN_PREPROC_DECODER_RULES "autogenerate_preprocessor_decoder_rules"
89 #define CONFIG_OPT__ASN1 "asn1"
90 #define CONFIG_OPT__BINDING "binding"
91 #define CONFIG_OPT__BPF_FILE "bpf_file"
92 #define CONFIG_OPT__CHECKSUM_DROP "checksum_drop"
93 #define CONFIG_OPT__CHECKSUM_MODE "checksum_mode"
94 #define CONFIG_OPT__CHROOT_DIR "chroot"
95 #define CONFIG_OPT__CLASSIFICATION "classification"
96 #define CONFIG_OPT__DAEMON "daemon"
97 #define CONFIG_OPT__DECODE_DATA_LINK "decode_data_link"
98 #define CONFIG_OPT__DECODE_ESP "decode_esp"
99 #define CONFIG_OPT__DEFAULT_RULE_STATE "default_rule_state"
100 #define CONFIG_OPT__DETECTION "detection"
101 #define CONFIG_OPT__DETECTION_FILTER "detection_filter"
102 #define CONFIG_OPT__PROTECTED_CONTENT "protected_content"
103 #ifdef INLINE_FAILOPEN
104 # define CONFIG_OPT__DISABLE_INLINE_FAILOPEN "disable_inline_init_failopen"
105 #endif
106 #define CONFIG_OPT__DISABLE_DECODE_ALERTS "disable_decode_alerts"
107 #define CONFIG_OPT__DISABLE_DECODE_DROPS "disable_decode_drops"
108 #define CONFIG_OPT__DISABLE_IP_OPT_ALERTS "disable_ipopt_alerts"
109 #define CONFIG_OPT__DISABLE_IP_OPT_DROPS "disable_ipopt_drops"
110 #define CONFIG_OPT__DISABLE_TCP_OPT_ALERTS "disable_tcpopt_alerts"
111 #define CONFIG_OPT__DISABLE_TCP_OPT_DROPS "disable_tcpopt_drops"
112 #define CONFIG_OPT__DISABLE_TCP_OPT_EXP_ALERTS "disable_tcpopt_experimental_alerts"
113 #define CONFIG_OPT__DISABLE_TCP_OPT_EXP_DROPS "disable_tcpopt_experimental_drops"
114 #define CONFIG_OPT__DISABLE_TCP_OPT_OBS_ALERTS "disable_tcpopt_obsolete_alerts"
115 #define CONFIG_OPT__DISABLE_TCP_OPT_OBS_DROPS "disable_tcpopt_obsolete_drops"
116 #define CONFIG_OPT__DISABLE_TTCP_ALERTS "disable_ttcp_alerts"
117 #define CONFIG_OPT__DISABLE_TCP_OPT_TTCP_ALERTS "disable_tcpopt_ttcp_alerts"
118 #define CONFIG_OPT__DISABLE_TTCP_DROPS "disable_ttcp_drops"
119 #define CONFIG_OPT__DUMP_CHARS_ONLY "dump_chars_only"
120 #define CONFIG_OPT__DUMP_PAYLOAD "dump_payload"
121 #define CONFIG_OPT__DUMP_PAYLOAD_VERBOSE "dump_payload_verbose"
122 #define CONFIG_OPT__ENABLE_DECODE_DROPS "enable_decode_drops"
123 #define CONFIG_OPT__ENABLE_DECODE_OVERSIZED_ALERTS "enable_decode_oversized_alerts"
124 #define CONFIG_OPT__ENABLE_DECODE_OVERSIZED_DROPS "enable_decode_oversized_drops"
125 #define CONFIG_OPT__ENABLE_DEEP_TEREDO_INSPECTION "enable_deep_teredo_inspection"
126 #define CONFIG_OPT__ENABLE_GTP_DECODING "enable_gtp"
127 #define CONFIG_OPT__ENABLE_IP_OPT_DROPS "enable_ipopt_drops"
128 #ifdef MPLS
129 # define CONFIG_OPT__ENABLE_MPLS_MULTICAST "enable_mpls_multicast"
130 # define CONFIG_OPT__ENABLE_MPLS_OVERLAPPING_IP "enable_mpls_overlapping_ip"
131 #endif /* MPLS */
132 #define CONFIG_OPT__ENABLE_TCP_OPT_DROPS "enable_tcpopt_drops"
133 #define CONFIG_OPT__ENABLE_TCP_OPT_EXP_DROPS "enable_tcpopt_experimental_drops"
134 #define CONFIG_OPT__ENABLE_TCP_OPT_OBS_DROPS "enable_tcpopt_obsolete_drops"
135 #define CONFIG_OPT__ENABLE_TTCP_DROPS "enable_ttcp_drops"
136 #define CONFIG_OPT__ENABLE_TCP_OPT_TTCP_DROPS "enable_tcpopt_ttcp_drops"
137 #define CONFIG_OPT__EVENT_FILTER "event_filter"
138 #define CONFIG_OPT__EVENT_QUEUE "event_queue"
139 #define CONFIG_OPT__EVENT_TRACE "event_trace"
140 # define CONFIG_OPT__REACT "react"
141 #ifdef ENABLE_RESPONSE3
142 # define CONFIG_OPT__FLEXRESP2_INTERFACE "flexresp2_interface"
143 # define CONFIG_OPT__FLEXRESP2_ATTEMPTS "flexresp2_attempts"
144 # define CONFIG_OPT__FLEXRESP2_MEMCAP "flexresp2_memcap"
145 # define CONFIG_OPT__FLEXRESP2_ROWS "flexresp2_rows"
146 #endif // ENABLE_RESPONSE3
147 #ifdef ACTIVE_RESPONSE
148 # define CONFIG_OPT__RESPONSE "response"
149 #endif
150 #define CONFIG_OPT__FLOWBITS_SIZE "flowbits_size"
151 #define CONFIG_OPT__IGNORE_PORTS "ignore_ports"
152 #define CONFIG_OPT__ALERT_VLAN "include_vlan_in_alerts"
153 #define CONFIG_OPT__INTERFACE "interface"
154 #define CONFIG_OPT__IPV6_FRAG "ipv6_frag"
155 #define CONFIG_OPT__LAYER2RESETS "layer2resets"
156 #define CONFIG_OPT__LOG_DIR "logdir"
157 #define CONFIG_OPT__DAQ_TYPE "daq"
158 #define CONFIG_OPT__DAQ_MODE "daq_mode"
159 #define CONFIG_OPT__DAQ_VAR "daq_var"
160 #define CONFIG_OPT__DAQ_DIR "daq_dir"
161 #define CONFIG_OPT__DIRTY_PIG "dirty_pig"
162 #ifdef TARGET_BASED
163 # define CONFIG_OPT__MAX_ATTRIBUTE_HOSTS "max_attribute_hosts"
164 # define CONFIG_OPT__MAX_ATTRIBUTE_SERVICES_PER_HOST "max_attribute_services_per_host"
165 # define CONFIG_OPT__MAX_METADATA_SERVICES "max_metadata_services"
166 #define CONFIG_OPT__DISABLE_ATTRIBUTE_RELOAD "disable-attribute-reload-thread"
167 #endif /* TARGET_BASED */
168 #ifdef MPLS
169 # define CONFIG_OPT__MAX_MPLS_LABELCHAIN_LEN "max_mpls_labelchain_len"
170 # define CONFIG_OPT__MPLS_PAYLOAD_TYPE "mpls_payload_type"
171 #endif /* MPLS */
172 #define CONFIG_OPT__MIN_TTL "min_ttl"
173 #ifdef NORMALIZER
174 #define CONFIG_OPT__NEW_TTL "new_ttl"
175 #endif
176 #define CONFIG_OPT__NO_LOG "nolog"
177 #define CONFIG_OPT__NO_PCRE "nopcre"
178 #define CONFIG_OPT__NO_PROMISCUOUS "no_promisc"
179 #define CONFIG_OPT__OBFUSCATE "obfuscate"
180 #define CONFIG_OPT__ORDER "order"
181 #define CONFIG_OPT__PAF_MAX "paf_max"
182 #define CONFIG_OPT__PCRE_MATCH_LIMIT "pcre_match_limit"
183 #define CONFIG_OPT__PCRE_MATCH_LIMIT_RECURSION "pcre_match_limit_recursion"
184 #define CONFIG_OPT__PKT_COUNT "pkt_count"
185 #define CONFIG_OPT__PKT_SNAPLEN "snaplen"
186 #define CONFIG_OPT__PID_PATH "pidpath"
187 #define CONFIG_OPT__POLICY "policy_id"
188 #define CONFIG_OPT__IPS_POLICY_MODE "policy_mode"
189 #define CONFIG_OPT__NAP_POLICY_MODE "na_policy_mode"
190 #define CONFIG_OPT__POLICY_VERSION "policy_version"
191 #ifdef PPM_MGR
192 # define CONFIG_OPT__PPM "ppm"
193 #endif
194 #ifdef PERF_PROFILING
195 # define CONFIG_OPT__PROFILE_PREPROCS "profile_preprocs"
196 # define CONFIG_OPT__PROFILE_RULES "profile_rules"
197 #endif /* PERF_PROFILING */
198 #define CONFIG_OPT__QUIET "quiet"
199 #define CONFIG_OPT__RATE_FILTER "rate_filter"
200 #define CONFIG_OPT__REFERENCE "reference"
201 #define CONFIG_OPT__REFERENCE_NET "reference_net"
202 #define CONFIG_OPT__SET_GID "set_gid"
203 #define CONFIG_OPT__SET_UID "set_uid"
204 #define CONFIG_OPT__SHOW_YEAR "show_year"
205 #define CONFIG_OPT__SO_RULE_MEMCAP "so_rule_memcap"
206 #define CONFIG_OPT__STATEFUL "stateful"
207 #define CONFIG_OPT__TAGGED_PACKET_LIMIT "tagged_packet_limit"
208 #define CONFIG_OPT__THRESHOLD "threshold"
209 #define CONFIG_OPT__UMASK "umask"
210 #define CONFIG_OPT__UTC "utc"
211 #define CONFIG_OPT__VERBOSE "verbose"
212 #define CONFIG_OPT__VLAN_AGNOSTIC "vlan_agnostic"
213 #define CONFIG_OPT__ADDRESSSPACE_AGNOSTIC "addressspace_agnostic"
214 #define CONFIG_OPT__LOG_IPV6_EXTRA "log_ipv6_extra_data"
215 #define CONFIG_OPT__DUMP_DYNAMIC_RULES_PATH "dump-dynamic-rules-path"
216 #define CONFIG_OPT__CONTROL_SOCKET_DIR "cs_dir"
217 #define CONFIG_OPT__FILE "file"
218 #define CONFIG_OPT__TUNNEL_BYPASS "tunnel_verdicts"
219 #ifdef SIDE_CHANNEL
220 # define CONFIG_OPT__SIDE_CHANNEL "sidechannel"
221 #endif
222 #define CONFIG_OPT__MAX_IP6_EXTENSIONS "max_ip6_extensions"
223 #define CONFIG_OPT__DISABLE_REPLACE "disable_replace"
224 #ifdef DUMP_BUFFER
225 #define CONFIG_OPT__BUFFER_DUMP "buffer_dump"
226 #define CONFIG_OPT__BUFFER_DUMP_ALERT "buffer_dump_alert"
227 #endif
228 /* exported values */
229 extern char *file_name;
230 extern int file_line;
231
232
233 /* rule setup funcs */
234 SnortConfig * ParseSnortConf(void);
235 void ParseRules(SnortConfig *);
236 IpsPortFilter** ParseIpsPortList (SnortConfig*, IpProto);
237
238 void ParseOutput(SnortConfig *, SnortPolicy *, char *);
239 void OrderRuleLists(SnortConfig *, char *);
240 void PrintRuleOrder(RuleListNode *);
241
242 char * VarGet(SnortConfig *, char *);
243 char * ProcessFileOption(SnortConfig *, const char *);
244 void SetRuleStates(SnortConfig *);
245 int GetPcaps(SF_LIST *, SF_QUEUE *);
246
247 void ParserCleanup(void);
248 void FreeRuleLists(SnortConfig *);
249 void VarTablesFree(SnortConfig *);
250 void PortTablesFree(rule_port_tables_t *);
251 int CompareIPNodes(IpAddrNode *, IpAddrNode *);
252
253 void ResolveOutputPlugins(SnortConfig *, SnortConfig *);
254 void ConfigureOutputPlugins(SnortConfig *);
255 void ConfigurePreprocessors(SnortConfig *, int);
256 void ConfigureSideChannelModules(SnortConfig *);
257
258 NORETURN void ParseError(const char *, ...);
259 void ParseWarning(const char *, ...);
260 void ParseMessage(const char *, ...);
261
262 void ConfigAlertBeforePass(SnortConfig *, char *);
263 void ConfigAlertFile(SnortConfig *, char *);
264 void ConfigAlertWithInterfaceName(SnortConfig *, char *);
265 void ConfigAsn1(SnortConfig *, char *);
266 void ConfigAutogenPreprocDecoderRules(SnortConfig *, char *);
267 void ConfigBinding(SnortConfig *, char *);
268 void ConfigBpfFile(SnortConfig *, char *);
269 void ConfigChecksumDrop(SnortConfig *, char *);
270 void ConfigChecksumMode(SnortConfig *, char *);
271 void ConfigChrootDir(SnortConfig *, char *);
272 void ConfigClassification(SnortConfig *, char *);
273 void ConfigCreatePidFile(SnortConfig *, char *);
274 void ConfigDaemon(SnortConfig *, char *);
275 void ConfigDecodeDataLink(SnortConfig *, char *);
276 void ConfigDefaultRuleState(SnortConfig *, char *);
277 void ConfigDetection(SnortConfig *, char *);
278 void ConfigDetectionFilter(SnortConfig *, char *);
279 void ConfigDisableDecodeAlerts(SnortConfig *, char *);
280 void ConfigDisableDecodeDrops(SnortConfig *, char *);
281 #ifdef INLINE_FAILOPEN
282 void ConfigDisableInlineFailopen(SnortConfig *, char *);
283 #endif
284 void ConfigDisableIpOptAlerts(SnortConfig *, char *);
285 void ConfigDisableIpOptDrops(SnortConfig *, char *);
286 void ConfigDisableTcpOptAlerts(SnortConfig *, char *);
287 void ConfigDisableTcpOptDrops(SnortConfig *, char *);
288 void ConfigDisableTcpOptExperimentalAlerts(SnortConfig *, char *);
289 void ConfigDisableTcpOptExperimentalDrops(SnortConfig *, char *);
290 void ConfigDisableTcpOptObsoleteAlerts(SnortConfig *, char *);
291 void ConfigDisableTcpOptObsoleteDrops(SnortConfig *, char *);
292 void ConfigDisableTTcpAlerts(SnortConfig *, char *);
293 void ConfigDisableTTcpDrops(SnortConfig *, char *);
294 void ConfigDumpCharsOnly(SnortConfig *, char *);
295 void ConfigDumpPayload(SnortConfig *, char *);
296 void ConfigDumpPayloadVerbose(SnortConfig *, char *);
297 void ConfigEnableDecodeDrops(SnortConfig *, char *);
298 void ConfigEnableDecodeOversizedAlerts(SnortConfig *, char *);
299 void ConfigEnableDecodeOversizedDrops(SnortConfig *, char *);
300 void ConfigEnableDeepTeredoInspection(SnortConfig *sc, char *args);
301 void ConfigEnableGTPDecoding(SnortConfig *sc, char *args);
302 void ConfigEnableEspDecoding(SnortConfig *sc, char *args);
303 void ConfigEnableIpOptDrops(SnortConfig *, char *);
304 #ifdef MPLS
305 void ConfigEnableMplsMulticast(SnortConfig *, char *);
306 void ConfigEnableMplsOverlappingIp(SnortConfig *, char *);
307 #endif
308 void ConfigEnableTcpOptDrops(SnortConfig *, char *);
309 void ConfigEnableTcpOptExperimentalDrops(SnortConfig *, char *);
310 void ConfigEnableTcpOptObsoleteDrops(SnortConfig *, char *);
311 void ConfigEnableTTcpDrops(SnortConfig *, char *);
312 void ConfigEventFilter(SnortConfig *, char *);
313 void ConfigEventQueue(SnortConfig *, char *);
314 void ConfigEventTrace(SnortConfig *, char *);
315 #ifdef ENABLE_RESPONSE3
316 void ConfigFlexresp2Interface(SnortConfig *, char *);
317 void ConfigFlexresp2Attempts(SnortConfig *, char *);
318 void ConfigFlexresp2Memcap(SnortConfig *, char *);
319 void ConfigFlexresp2Rows(SnortConfig *, char *);
320 #endif
321 #ifdef ACTIVE_RESPONSE
322 void ConfigResponse(SnortConfig*, char*);
323 #endif
324 void ConfigReact(SnortConfig*, char*);
325 void ConfigFlowbitsSize(SnortConfig *, char *);
326 void ConfigIgnorePorts(SnortConfig *, char *);
327 void ConfigIncludeVlanInAlert(SnortConfig *, char *);
328 void ConfigInterface(SnortConfig *, char *);
329 void ConfigIpv6Frag(SnortConfig *, char *);
330 void ConfigLayer2Resets(SnortConfig *, char *);
331 void ConfigLogDir(SnortConfig *, char *);
332 void ConfigDaqType(SnortConfig *, char *);
333 void ConfigDaqMode(SnortConfig *, char *);
334 void ConfigDaqVar(SnortConfig *, char *);
335 void ConfigDaqDir(SnortConfig *, char *);
336 void ConfigDirtyPig(SnortConfig *, char *);
337 #ifdef TARGET_BASED
338 void ConfigMaxAttributeHosts(SnortConfig *, char *);
339 void ConfigMaxAttributeServicesPerHost(SnortConfig *, char *);
340 void ConfigMaxMetadataServices(SnortConfig *, char *);
341 void ConfigDisableAttributeReload(SnortConfig *, char *);
342 #endif
343 #ifdef MPLS
344 void ConfigMaxMplsLabelChain(SnortConfig *, char *);
345 void ConfigMplsPayloadType(SnortConfig *, char *);
346 #endif
347 void ConfigMinTTL(SnortConfig *, char *);
348 #ifdef NORMALIZER
349 void ConfigNewTTL(SnortConfig *, char *);
350 #endif
351 void ConfigNoLog(SnortConfig *, char *);
352 void ConfigNoLoggingTimestamps(SnortConfig *, char *);
353 void ConfigNoPcre(SnortConfig *, char *);
354 void ConfigNoPromiscuous(SnortConfig *, char *);
355 void ConfigObfuscate(SnortConfig *, char *);
356 void ConfigObfuscationMask(SnortConfig *, char *);
357 void ConfigPafMax(SnortConfig *, char *);
358 void ConfigRateFilter(SnortConfig *, char *);
359 void ConfigRuleListOrder(SnortConfig *, char *);
360 void ConfigPacketCount(SnortConfig *, char *);
361 void ConfigPacketSnaplen(SnortConfig *, char *);
362 void ConfigPcreMatchLimit(SnortConfig *, char *);
363 void ConfigPcreMatchLimitRecursion(SnortConfig *, char *);
364 void ConfigPerfFile(SnortConfig *sc, char *);
365 void ConfigDumpPeriodicMemStatsFile(SnortConfig *, char *);
366 void ConfigPidPath(SnortConfig *, char *);
367 void ConfigPolicy(SnortConfig *, char *);
368 void ConfigIpsPolicyMode(SnortConfig *, char *);
369 void ConfigNapPolicyMode(SnortConfig *, char *);
370 void ConfigPolicyVersion(SnortConfig *, char *);
371 void ConfigProtectedContent(SnortConfig *, char *);
372 #ifdef PPM_MGR
373 void ConfigPPM(SnortConfig *, char *);
374 #endif
375 void ConfigProcessAllEvents(SnortConfig *, char *);
376 #ifdef PERF_PROFILING
377 void ConfigProfilePreprocs(SnortConfig *, char *);
378 void ConfigProfileRules(SnortConfig *, char *);
379 #endif
380 void ConfigQuiet(SnortConfig *, char *);
381 void ConfigReadPcapFile(SnortConfig *, char *);
382 void ConfigReference(SnortConfig *, char *);
383 void ConfigReferenceNet(SnortConfig *, char *);
384 void ConfigSetGid(SnortConfig *, char *);
385 void ConfigSetUid(SnortConfig *, char *);
386 void ConfigShowYear(SnortConfig *, char *);
387 void ConfigSoRuleMemcap(SnortConfig *, char *);
388 void ConfigStateful(SnortConfig *, char *);
389 void ConfigTaggedPacketLimit(SnortConfig *, char *);
390 void ConfigThreshold(SnortConfig *, char *);
391 #ifdef TIMESTATS
392 void ConfigTimestatsInterval(SnortConfig *, char *);
393 #endif
394 void ConfigTreatDropAsAlert(SnortConfig *, char *);
395 void ConfigTreatDropAsIgnore(SnortConfig *, char *);
396 void ConfigUmask(SnortConfig *, char *);
397 void ConfigUtc(SnortConfig *, char *);
398 void ConfigVerbose(SnortConfig *, char *);
399 void ConfigVlanAgnostic(SnortConfig *, char *);
400 void ConfigAddressSpaceAgnostic(SnortConfig *, char *);
401 void ConfigLogIPv6Extra(SnortConfig *, char *);
402 void ConfigDumpDynamicRulesPath(SnortConfig *, char *);
403 void ConfigControlSocketDirectory(SnortConfig *, char *);
404 void ConfigFile(SnortConfig *, char *);
405 void ConfigTunnelVerdicts(SnortConfig*, char*);
406 void ConfigMaxIP6Extensions(SnortConfig *, char*);
407 void ConfigDisableReplace(SnortConfig *, char*);
408 #ifdef DUMP_BUFFER
409 void ConfigBufferDump(SnortConfig *, char *);
410 #endif
411
412 int addRtnToOtn(
413 SnortConfig *sc,
414 OptTreeNode *otn,
415 tSfPolicyId policyId,
416 RuleTreeNode *rtn
417 );
418
419 RuleTreeNode* deleteRtnFromOtn(
420 SnortConfig *sc,
421 OptTreeNode *otn,
422 tSfPolicyId policyId
423 );
424
425 // use this so mSplit doesn't split IP lists (try c = ';')
426 char* FixSeparators (char* rule, char c, const char* err);
427
428 // use this as an alternative to mSplit when you just want name, value
429 void GetNameValue (char* arg, char** nam, char** val, const char* err);
430
431 /*Get RTN for a given OTN and policyId.
432 *
433 * @param otn pointer to structure OptTreeNode.
434 * @param policyId policy id
435 *
436 * @return pointer to deleted RTN, NULL otherwise.
437 */
getRtnFromOtn(OptTreeNode * otn,tSfPolicyId policyId)438 static inline RuleTreeNode *getRtnFromOtn(OptTreeNode *otn, tSfPolicyId policyId)
439 {
440 if (otn && otn->proto_nodes && (otn->proto_node_num > (unsigned)policyId))
441 {
442 return otn->proto_nodes[policyId];
443 }
444
445 return NULL;
446 }
447
448 /**Get rtn from otn for the current policy.
449 */
getParserRtnFromOtn(SnortConfig * sc,OptTreeNode * otn)450 static inline RuleTreeNode *getParserRtnFromOtn(SnortConfig *sc, OptTreeNode *otn)
451 {
452 return getRtnFromOtn(otn, getParserPolicy(sc));
453 }
454
getRuntimeRtnFromOtn(OptTreeNode * otn)455 static inline RuleTreeNode *getRuntimeRtnFromOtn(OptTreeNode *otn)
456 {
457 return getRtnFromOtn(otn, getIpsRuntimePolicy());
458 }
459
460 SnortPolicy * SnortPolicyNew(void);
461 void SnortPolicyFree(SnortPolicy *pPolicy);
462
463 #endif /* __PARSER_H__ */
464
465