snort 免费的软件.docx
《snort 免费的软件.docx》由会员分享,可在线阅读,更多相关《snort 免费的软件.docx(76页珍藏版)》请在冰豆网上搜索。
snort免费的软件
这是一个免费的软件,你可以在GUN通用公共许可协议系统下进行重新配置或修改,通过免费软件开发发行版本2或你自己买的有使用权的任意一个都可以。
这个项目是分散式的,比较有用,本软件不提供任何保证,甚至不会包括可售性和适用于任何特定目的的保证。
可以看得相关GUN通用公共许可协议的更多详细资料。
你应该接受一个复制的GUN通用公共许可协议在项目以外。
#include"log.h"
externOptTreeNode*otn_tmp;/*globalptrtocurrentruledata*/
char*data_dump_buffer;/*printoutbufferforPrintNetData*/
intdump_ready;/*flagtoindicatestatusofprintoutbuffer*/
intdump_size;/*sizeofprintoutbuffer*/
staticunsignedcharezero[6];/*crapforARP*/
/*
*Function:
OpenLogFile()
*
*Purpose:
Createthelogdirectoryandfiletoputthepacketloginto.
*Thisfunctionsucks,I'vegottofindabetterwaytodothis
*thisstuff.
*
*Arguments:
None.
*
*Returns:
0onsuccess,exitsonerror
*/
intOpenLogFile(intmode,Packet*p)
{
charlog_path[STD_BUF+1];/*pathtologfile*/
charlog_file[STD_BUF+1];/*nameoflogfile*/
charproto[5];/*loggedpacketprotocol*/
/*zerooutourbuffers*/
bzero((char*)log_path,STD_BUF+1);
bzero((char*)log_file,STD_BUF+1);
bzero((char*)proto,5);
if(mode==GENERIC_LOG)
{
snprintf(log_file,STD_BUF,"%s%s/log",
chrootdir==NULL?
"":
chrootdir,pv.log_dir);
if((log_ptr=fopen(log_file,"a"))==NULL)
{
FatalError("ERROR:
OpenLogFile()=>fopen(%s)logfile:
%s\n",
log_file,strerror(errno));
}
return0;
}
if(mode==DUMP)
{
snprintf(log_file,STD_BUF,"%s%s/PACKET_FRAG",
chrootdir==NULL?
"":
chrootdir,pv.log_dir);
if((log_ptr=fopen(log_file,"a"))==NULL)
{
FatalError("ERROR:
OpenLogFile()=>fopen(%s)logfile:
%s\n",
log_file,strerror(errno));
}
return0;
}
if(mode==BOGUS)
{
snprintf(log_file,STD_BUF,"%s%s/PACKET_BOGUS",
chrootdir==NULL?
"":
chrootdir,pv.log_dir);
if((log_ptr=fopen(log_file,"a"))==NULL)
{
FatalError("ERROR:
OpenLogFile()=>fopen(%s)logfile:
%s\n",
log_file,strerror(errno));
}
return0;
}
if(mode==NON_IP)
{
snprintf(log_file,STD_BUF,"%s%s/PACKET_NONIP",
chrootdir==NULL?
"":
chrootdir,pv.log_dir);
if((log_ptr=fopen(log_file,"a"))==NULL)
{
FatalError("ERROR:
OpenLogFile()=>fopen(%s)logfile:
%s\n",
log_file,strerror(errno));
}
return0;
}
if(mode==ARP)
{
snprintf(log_file,STD_BUF,"%s%s/ARP",
chrootdir==NULL?
"":
chrootdir,pv.log_dir);
if((log_ptr=fopen(log_file,"a"))==NULL)
{
FatalError("ERROR:
OpenLogFile()=>fopen(%s)logfile:
%s\n",
log_file,strerror(errno));
}
return0;
}
if(otn_tmp!
=NULL)
{
if(otn_tmp->logto!
=NULL)
{
snprintf(log_file,STD_BUF,"%s%s/%s",
chrootdir==NULL?
"":
chrootdir,pv.log_dir,otn_tmp->logto);
if((log_ptr=fopen(log_file,"a"))==NULL)
{
FatalError("ERROR:
OpenLogFile()=>fopen(%s)logfile:
%s\n",log_file,strerror(errno));
}
return0;
}
}
/*figureoutwhichwaythispacketisheadedinrelationtothehomenet*/
if((p->iph->ip_dst.s_addr&mask)==pv.homenet)
{
if((p->iph->ip_src.s_addr&mask)!
=pv.homenet)
{
snprintf(log_path,STD_BUF,"%s%s/%s",
chrootdir==NULL?
"":
chrootdir,pv.log_dir,inet_ntoa(p->iph->ip_src));
}
else
{
if(p->sp>=p->dp)
{
snprintf(log_path,STD_BUF,"%s%s/%s",
chrootdir==NULL?
"":
chrootdir,pv.log_dir,inet_ntoa(p->iph->ip_src));
}
else
{
snprintf(log_path,STD_BUF,"%s%s/%s",
chrootdir==NULL?
"":
chrootdir,pv.log_dir,inet_ntoa(p->iph->ip_dst));
}
}
}
else
{
if((p->iph->ip_src.s_addr&mask)==pv.homenet)
{
snprintf(log_path,STD_BUF,"%s%s/%s",
chrootdir==NULL?
"":
chrootdir,pv.log_dir,inet_ntoa(p->iph->ip_dst));
}
else
{
if(p->sp>=p->dp)
{
snprintf(log_path,STD_BUF,"%s%s/%s",
chrootdir==NULL?
"":
chrootdir,pv.log_dir,inet_ntoa(p->iph->ip_src));
}
else
{
snprintf(log_path,STD_BUF,"%s%s/%s",
chrootdir==NULL?
"":
chrootdir,pv.log_dir,inet_ntoa(p->iph->ip_dst));
}
}
}
#ifdefDEBUG
ErrorMessage("Creatingdirectory:
%s\n",log_path);
#endif
/*buildthelogdirectory*/
if(mkdir(log_path,S_IRWXU|S_IRWXG|S_IROTH|S_IXOTH))
{
if(errno!
=EEXIST)
{
FatalError("ERROR:
OpenLogFile()=>mkdir(%s)logdirectory:
%s\n",log_path,strerror(errno));
}
}
#ifdefDEBUG
printf("DirectoryCreated!
\n");
#endif
/*buildthelogfilename*/
if(p->iph->ip_proto==IPPROTO_TCP||
p->iph->ip_proto==IPPROTO_UDP)
{
if(p->frag_flag)
{
#ifdefWIN32
snprintf(log_file,STD_BUF,"%s/IP_FRAG.ids",log_path);
#else
snprintf(log_file,STD_BUF,"%s/IP_FRAG",log_path);
#endif
}
else
{
if(p->sp>=p->dp)
{
#ifdefWIN32
snprintf(log_file,STD_BUF,"%s/%s_%d-%d.ids",log_path,
#else
snprintf(log_file,STD_BUF,"%s/%s:
%d-%d",log_path,
#endif
protocol_names[p->iph->ip_proto],p->sp,p->dp);
}
else
{
#ifdefWIN32
snprintf(log_file,STD_BUF,"%s/%s_%d-%d.ids",log_path,
#else
snprintf(log_file,STD_BUF,"%s/%s:
%d-%d",log_path,
#endif
protocol_names[p->iph->ip_proto],p->dp,p->sp);
}
}
}
else
{
if(p->frag_flag)
{
#ifdefWIN32
snprintf(log_file,STD_BUF,"%s/IP_FRAG.ids",log_path);
#else
snprintf(log_file,STD_BUF,"%s/IP_FRAG",log_path);
#endif
}
else
{
if(p->iph->ip_proto==IPPROTO_ICMP)
{
#ifdefWIN32
snprintf(log_file,STD_BUF,"%s/%s_%s.ids",log_path,"ICMP",IcmpFileName(p));
#else
snprintf(log_file,STD_BUF,"%s/%s_%s",log_path,"ICMP",IcmpFileName(p));
#endif
}
else
{
#ifdefWIN32
snprintf(log_file,STD_BUF,"%s/PROTO%d.ids",log_path,p->iph->ip_proto);
#else
snprintf(log_file,STD_BUF,"%s/PROTO%d",log_path,p->iph->ip_proto);
#endif
}
}
}
#ifdefDEBUG
printf("Openingfile:
%s\n",log_file);
#endif
/*finallyopenthelogfile*/
if((log_ptr=fopen(log_file,"a"))==NULL)
{
FatalError("ERROR:
OpenLogFile()=>fopen(%s)logfile:
%s\n",
log_file,strerror(errno));
}
#ifdefDEBUG
printf("Fileopened...\n");
#endif
return0;
}
/*
*Function:
PrintNetData(FILE*,u_char*,int)
*
*Purpose:
Doasidebysidedumpofabuffer,hexdumpofbufferbyteson
*theleft,decodedASCIIontheright.
*
*Arguments:
fp=>ptrtostreamtoprintto
*start=>pointertobufferdata
*len=>lengthofdatabuffer
*
*Returns:
voidfunction
*/
voidPrintNetData(FILE*fp,u_char*start,constintlen)
{
char*end;/*ptrtobufferend*/
inti;/*counter*/
intj;/*counter*/
intdbuf_size;/*databuffersize*/
intdone;/*flag*/
char*data;/*indexpointer*/
char*frame_ptr;/*weuse66byteframesforaprintedline*/
char*d_ptr;/*datapointerintotheframe*/
char*c_ptr;/*charpointerintotheframe*/
charconv[]="0123456789ABCDEF";/*xlationlookuptable*/
/*initialization*/
done=0;
if(start==NULL)
{
printf("GotNULLptrinPrintNetData()\n");
return;
}
/*zero,printaandgetout*/
if(!
len)
{
fputc('\n',fp);
return;
}
/*
*ifwe'vealreadypreparedthisparticulardatabuffer,justprintit
*outagaintosavetime
*/
if(dump_ready)
{
fwrite(data_dump_buffer,dump_size,1,fp);
fflush(fp);
return;
}
end=start+(len-1);/*settheendofbufferptr*/
if(len>pv.mtus[0])
{
if(pv.verbose_flag)
{
printf("Gotbogusbufferlength(%d)forPrintNetData,defaultingto16bytes!
\n",len);
}
if(pv.verbose_bytedump_flag==1)
{
dbuf_size=(FRAME_SIZE+8)+(FRAME_SIZE+8)+1;
}
else
{
dbuf_size=FRAME_SIZE+FRAME_SIZE+1;
}
/*dbuf_size=66+67;*/
end=start+15;
}
else
{
if(pv.verbose_bytedump_flag==1)
{
/*figureouthowbigtheprintoutdatabufferhastobe*/
dbuf_size=((len/16)*(FRAME_SIZE+8))+(FRAME_SIZE+8)+1;
}
else
{
/*figureouthowbigtheprintoutdatabufferhastobe*/
dbuf_size=((len/16)*FRAME_SIZE)+FRAME_SIZE+1;
}
/*dbuf_size=((len/16)*66)+67;*/
}
/*generatethebuffer*/
data_dump_buffer=(char*)malloc(dbuf_size);
/*makesureitgotallocatedproperly*/
if(data_dump_buffer==NULL)
{
ErrorMessage("Failedallocating%Xbytes!
(Length:
%X)\n",
dbuf_size,len);
perror("PrintNetData()");
CleanExit(SIGQUIT);
}
/*cleanitout*/
memset(data_dump_buffer,0x20,dbuf_size);
/*setthebytebufferpointertostepthruthedatabuffer*/
data=start;
/*settheframepointertothestartoftheprintoutbuffer*/
frame_ptr=data_dump_buffer;
/*initializecountersandframeindexpointers*/
i=0;
j=0;
/*loopthruthewholebuffer*/
while(!
done)
{
if(pv.verbose_bytedump_flag==1)
{
d_ptr=frame_ptr+8;
c_ptr=(frame_ptr+8+C_OFFSET);
sprintf(frame_ptr,"0x%04X:
",j);
j+=16;
}
else
{
d_ptr=frame_ptr;
c_ptr=(frame_ptr+C_OFFSET);
}
/*process16bytesperframe*/
for(i=0;i<16;i++)
{
/*
*lookuptheASCIIvalueofthefirstnybbleofthecurrent
*databuffer
*/
*d_ptr=conv[((*data&0xFF)>>4)];
d_ptr++;
/*lookupthesecondnybble*/
*d_ptr=conv[((*data&0xFF)&0x0F)];
d_ptr++;
/*putaspaceinbetween*/
*d_ptr=0x20;
d_ptr++;
/*printoutthecharequivalent*/
if(*data>0x1F&&*data<0x7F)
*c_ptr=(*data&0xFF);
else
*c_ptr=0x2E;
c_ptr++;
/*incrementthepointerorfinishup*/
if(datadata++;
else
{
/*finishupthebufferprintoutandsetthe"ready"flags*/
done=1;
dump_ready=1;
*c_ptr='\n';
c_ptr++;
*c_ptr='\n';
c_ptr++;
*c_ptr=0;
dump_size=(int)(c_ptr-data_dump_buffer);
fwrite(data_dump_buffer,dump_size,1,fp);
return;
}
}
*c_ptr='\n';
if(pv.verbose_bytedump_flag==1)
{
frame_ptr+=(FRAME_SIZE+8);
}
else
{
frame_ptr+=FRAME_SIZE;
}
}
}
/*
*Function:
PrintCharData(FILE*,char*,int)
*
*Purpose:
Dumpth