1 /*
2 ** Copyright (C) 2002-2009 Sourcefire, Inc.
3 ** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
4 ** Copyright (C) 2000-2001 Andrew R. Baker <andrewb@uab.edu>
5 **
6 ** This program is free software; you can redistribute it and/or modify
7 ** it under the terms of the GNU General Public License Version 2 as
8 ** published by the Free Software Foundation.  You may not use, modify or
9 ** distribute this program under any other version of the GNU General
10 ** Public License.
11 **
12 ** This program is distributed in the hope that it will be useful,
13 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
14 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 ** GNU General Public License for more details.
16 **
17 ** You should have received a copy of the GNU General Public License
18 ** along with this program; if not, write to the Free Software
19 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
20 */
21 
22 /* $Id$ */
23 #ifndef __PARSER_H__
24 #define __PARSER_H__
25 
26 #ifdef HAVE_CONFIG_H
27 # include "config.h"
28 #endif
29 
30 #include <stdio.h>
31 
32 #include "rules.h"
33 #include "decode.h"
34 #include "barnyard2.h"
35 #include "util.h"
36 
37 /* Macros *********************************************************************/
38 #define BARNYARD2_CONF_KEYWORD__CONFIG               "config"
39 #define BARNYARD2_CONF_KEYWORD__INPUT                "input"
40 #define BARNYARD2_CONF_KEYWORD__OUTPUT               "output"
41 #define BARNYARD2_CONF_KEYWORD__IPVAR                "ipvar"
42 #define BARNYARD2_CONF_KEYWORD__VAR                  "var"
43 #define BARNYARD2_CONF_KEYWORD__VERSION              "version"
44 
45 /* Config options */
46 #define CONFIG_OPT__DISABLE_ALERT_ON_EACH_PACKET_IN_STREAM  "disable_alert_on_each_packet_in_stream"
47 #define CONFIG_OPT__EVENT_CACHE_SIZE                "event_cache_size"
48 #define CONFIG_OPT__ALERT_ON_EACH_PACKET_IN_STREAM  "alert_on_each_packet_in_stream"
49 #define CONFIG_OPT__ALERT_WITH_IFACE_NAME           "alert_with_interface_name"
50 #define CONFIG_OPT__ARCHIVE_DIR                     "archivedir"
51 #define CONFIG_OPT__CHROOT_DIR                      "chroot"
52 #define CONFIG_OPT__CLASSIFICATION                  "classification"
53 #define CONFIG_OPT__CLASSIFICATION_FILE             "classification_file"
54 #define CONFIG_OPT__DAEMON                          "daemon"
55 #define CONFIG_OPT__DECODE_DATA_LINK                "decode_data_link"
56 #define CONFIG_OPT__DUMP_CHARS_ONLY                 "dump_chars_only"
57 #define CONFIG_OPT__DUMP_PAYLOAD                    "dump_payload"
58 #define CONFIG_OPT__DUMP_PAYLOAD_VERBOSE            "dump_payload_verbose"
59 #define CONFIG_OPT__GEN_FILE                        "gen_file"
60 #define CONFIG_OPT__HOSTNAME                        "hostname"
61 #define CONFIG_OPT__INTERFACE                       "interface"
62 #define CONFIG_OPT__LOG_DIR                         "logdir"
63 #define CONFIG_OPT__OBFUSCATE                       "obfuscate"
64 #define CONFIG_OPT__PID_PATH                        "pidpath"
65 #define CONFIG_OPT__PROCESS_NEW_RECORDS_ONLY        "process_new_records_only"
66 #define CONFIG_OPT__QUIET                           "quiet"
67 #define CONFIG_OPT__REFERENCE                       "reference"
68 #define CONFIG_OPT__REFERENCE_FILE                  "reference_file"
69 #define CONFIG_OPT__REFERENCE_NET                   "reference_net"
70 #define CONFIG_OPT__SET_GID                         "set_gid"
71 #define CONFIG_OPT__SET_UID                         "set_uid"
72 #define CONFIG_OPT__SHOW_YEAR                       "show_year"
73 #define CONFIG_OPT__SID_FILE                        "sid_file"
74 #define CONFIG_OPT__STATEFUL                        "stateful"
75 #define CONFIG_OPT__UMASK                           "umask"
76 #define CONFIG_OPT__UTC                             "utc"
77 #define CONFIG_OPT__VERBOSE                         "verbose"
78 #define CONFIG_OPT__WALDO_FILE                      "waldo_file"
79 #define CONFIG_OPT__SIGSUPPRESS                     "sig_suppress"
80 #ifdef MPLS
81 # define CONFIG_OPT__MAX_MPLS_LABELCHAIN_LEN        "max_mpls_labelchain_len"
82 # define CONFIG_OPT__MPLS_PAYLOAD_TYPE              "mpls_payload_type"
83 #endif  /* MPLS */
84 
85 
86 
87 /* exported values */
88 extern char *file_name;
89 extern int file_line;
90 
91 /* rule setup funcs */
92 Barnyard2Config * ParseBarnyard2Conf(void);
93 
94 void ParseInput(Barnyard2Config *, char *);
95 void ParseOutput(Barnyard2Config *, char *);
96 void OrderRuleLists(Barnyard2Config *, char *);
97 
98 char * VarGet(char *);
99 char * ProcessFileOption(Barnyard2Config *, const char *);
100 void SetRuleStates(Barnyard2Config *);
101 
102 void ParserCleanup(void);
103 void FreeRuleLists(Barnyard2Config *);
104 void VarTablesFree(Barnyard2Config *);
105 
106 void ResolveOutputPlugins(Barnyard2Config *, Barnyard2Config *);
107 void ConfigureInputPlugins(Barnyard2Config *);
108 void ConfigureOutputPlugins(Barnyard2Config *);
109 
110 NORETURN void ParseError(const char *, ...);
111 void ParseMessage(const char *, ...);
112 
113 void ConfigDisableAlertOnEachPacketInStream(Barnyard2Config *, char *);
114 void ConfigAlertOnEachPacketInStream(Barnyard2Config *, char *);
115 void ConfigAlertWithInterfaceName(Barnyard2Config *, char *);
116 void ConfigArchiveDir(Barnyard2Config *, char *);
117 void ConfigChrootDir(Barnyard2Config *, char *);
118 void ConfigClassification(Barnyard2Config *, char *);
119 void ConfigClassificationFile(Barnyard2Config *, char *);
120 void ConfigCreatePidFile(Barnyard2Config *, char *);
121 void ConfigDaemon(Barnyard2Config *, char *);
122 void ConfigDecodeDataLink(Barnyard2Config *, char *);
123 void ConfigDumpCharsOnly(Barnyard2Config *, char *);
124 void ConfigDumpPayload(Barnyard2Config *, char *);
125 void ConfigDumpPayloadVerbose(Barnyard2Config *, char *);
126 void ConfigGenFile(Barnyard2Config *, char *);
127 void ConfigHostname(Barnyard2Config *, char *);
128 void ConfigInterface(Barnyard2Config *, char *);
129 void ConfigLogDir(Barnyard2Config *, char *);
130 void ConfigNoLoggingTimestamps(Barnyard2Config *, char *);
131 void ConfigObfuscate(Barnyard2Config *, char *);
132 void ConfigObfuscationMask(Barnyard2Config *, char *);
133 void ConfigPidPath(Barnyard2Config *, char *);
134 void ConfigProcessNewRecordsOnly(Barnyard2Config *, char *);
135 void ConfigQuiet(Barnyard2Config *, char *);
136 void ConfigReference(Barnyard2Config *, char *);
137 void ConfigReferenceFile(Barnyard2Config *, char *);
138 void ConfigReferenceNet(Barnyard2Config *, char *);
139 void ConfigSetGid(Barnyard2Config *, char *);
140 void ConfigSetUid(Barnyard2Config *, char *);
141 void ConfigSidFile(Barnyard2Config *, char *);
142 void ConfigShowYear(Barnyard2Config *, char *);
143 void ConfigStateful(Barnyard2Config *, char *);
144 void ConfigSpoolFilebase(Barnyard2Config *, char *);
145 void ConfigSpoolDirectory(Barnyard2Config *, char *);
146 void ConfigUmask(Barnyard2Config *, char *);
147 void ConfigUtc(Barnyard2Config *, char *);
148 void ConfigVerbose(Barnyard2Config *, char *);
149 void ConfigWaldoFile(Barnyard2Config *, char *);
150 void ConfigSetEventCacheSize(Barnyard2Config *, char *);
151 #ifdef MPLS
152 void ConfigMaxMplsLabelChain(Barnyard2Config *, char *);
153 void ConfigMplsPayloadType(Barnyard2Config *, char *);
154 #endif
155 void ConfigSigSuppress(Barnyard2Config *, char *);
156 void DisplaySigSuppress(SigSuppress_list **);
157 
158 
159 // use this so mSplit doesn't split IP lists (try c = ';')
160 char* FixSeparators (char* rule, char c, const char* err);
161 
162 // use this as an alternative to mSplit when you just want name, value
163 void GetNameValue (char* arg, char** nam, char** val, const char* err);
164 
165 #endif /* __PARSER_H__ */
166 
167