OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Martin Roesch (roeschmd.prestige.net)
Date: Fri Mar 16 2001 - 21:14:00 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Patched and committed.

         -Marty

    Brian Caswell wrote:
    >
    > Many of you are pissy about my changes to the rules.
    >
    > For those of you that are using ghetto output plugins without support
    > for references, I've developed the ghetto patch for you.
    >
    > This adds a ghetto commandline option to merge references back into the
    > msg.
    >
    > use "-G" to use this ghetto functionality.
    >
    > As you might have guessed, the G is for ghetto.
    >
    > -brian
    >
    > ------------------------------------------------------------------------
    > Index: rules.c
    > ===================================================================
    > RCS file: /cvsroot/snort/snort/rules.c,v
    > retrieving revision 1.48
    > diff -u -r1.48 rules.c
    > --- rules.c 2001/03/14 20:07:15 1.48
    > +++ rules.c 2001/03/15 22:59:07
    > -1555,6 +1555,12
    > OptTreeNode *otn_idx;
    > KeywordXlateList *kw_idx;
    >
    > + ReferenceData *ds_ptr; /* data struct pointer */
    > + char *newmsg;
    > + char *realmsg;
    > +
    > +
    > +
    > /* set the OTN to the beginning of the list */
    > otn_idx = rtn_tmp->down;
    >
    > -1740,8 +1746,40
    > --num_toks;
    > i++;
    > }
    > +
    > +
    > + if((pv.ghetto_msg_flag) && (otn_tmp != NULL))
    > + {
    > +
    > +#ifdef DEBUG
    > + printf("Adding ghetto references\n");
    > +#endif
    > + ds_ptr = (ReferenceData *)otn_tmp->ds_list[PLUGIN_REFERENCE_NUMBER];
    > +
    > + realmsg = calloc(strlen(otn_tmp->message), sizeof(char));
    > + newmsg = calloc(strlen(otn_tmp->message), sizeof(char));
    > + strncat(realmsg, otn_tmp->message, strlen(otn_tmp->message) +1);
    > +
    > + while (ds_ptr != NULL)
    > + {
    > + newmsg = calloc(strlen(otn_tmp->message), sizeof(char));
    > + strncat(newmsg, " - ", 3);
    > + strncat(newmsg, ds_ptr->system, strlen(ds_ptr->system) +1);
    > + strncat(newmsg, " ", 1);
    > + strncat(newmsg, ds_ptr->id, strlen(ds_ptr->id) +1);
    > +
    > + strncat(realmsg, newmsg, strlen(newmsg) +1);
    > +#ifdef DEBUG
    > + printf("Added %s %s : currently %s\n", ds_ptr->id, ds_ptr->system, realmsg);
    > +#endif
    > + ds_ptr = ds_ptr->next;
    > + }
    > + strncat(newmsg, otn_tmp->message, strlen(otn_tmp->message) +1);
    > + otn_tmp->message = realmsg;
    > + }
    > +
    > #ifdef DEBUG
    > - printf("OptListEnd\n");
    > + printf("OptListEnd\n");
    > #endif
    >
    > AddOptFuncToList(OptListEnd, otn_tmp);
    > Index: snort.c
    > ===================================================================
    > RCS file: /cvsroot/snort/snort/snort.c,v
    > retrieving revision 1.75
    > diff -u -r1.75 snort.c
    > --- snort.c 2001/03/14 22:05:31 1.75
    > +++ snort.c 2001/03/15 22:59:08
    > -523,6 +523,7
    > fputs(" -e Display the second layer header info\n", stderr);
    > fputs(" -F <bpf> Read BPF filters from file <bpf>\n", stderr);
    > fputs(" -g <gname> Run snort gid as <gname> group (or gid) after initialization\n", stderr);
    > + fputs(" -G Add reference IDs back into MSG. (Ghetto backwards compatability)", stderr);
    > fputs(" -h <hn> Home network = <hn>\n", stderr);
    > fputs(" -i <if> Listen on interface <if>\n", stderr);
    > fputs(" -I Add Interface name to alert output\n", stderr);
    > -598,7 +599,7
    >
    > /* loop through each command line var and process it */
    > while((ch = getopt(argc, argv,
    > - "XL:IOCqS:pNA:m:F:DM:br:xeh:l:dc:n:P:i:vV?aso6u:g:t:Uy")) != -1)
    > + "XL:IOCqS:pNA:m:F:DM:br:xeh:l:dc:n:P:i:GvV?aso6u:g:t:Uy")) != -1)
    > {
    > DebugMessage(DEBUG_INIT, "Processing cmd line switch: %c\n", ch);
    > switch(ch)
    > -717,6 +718,14
    > groupid = gr->gr_gid;
    > }
    > break;
    > +
    > + case 'G': /* ghetto backwards compatability msgs */
    > + pv.ghetto_msg_flag = 1;
    > +#ifdef DEBUG
    > + printf("Ghetto Messages enabled\n");
    > +#endif
    > +
    > + break;
    >
    > case 'h': /* set home network to x, this will help
    > * determine what to set logging diectories
    > Index: snort.h
    > ===================================================================
    > RCS file: /cvsroot/snort/snort/snort.h,v
    > retrieving revision 1.30
    > diff -u -r1.30 snort.h
    > --- snort.h 2001/03/14 20:07:15 1.30
    > +++ snort.h 2001/03/15 22:59:09
    > -200,6 +200,7
    > char *binLogFile;
    > int use_utc;
    > int include_year;
    > + int ghetto_msg_flag;
    > } PV;
    >
    > /* struct to collect packet statistics */ 

    --
Martin Roesch
roeschmd.prestige.net
http://www.snort.org

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users