added optional option to specify signature file to load

remotes/origin/master-1.0.x
William Metcalf 16 years ago committed by Victor Julien
parent 73217d60b9
commit dd86b51dbc

@ -250,15 +250,6 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found ...)])
CFLAGS="${CFLAGS} -DUNITTESTS"
fi
# enable the loading of sigs XXX remove this when we get a config language
AC_ARG_ENABLE(loadsigs,
[ --enable-loadsigs Enable Loading of Signatures],
[ enable_loadsigs=yes
])
if test "$enable_loadsigs" = "yes"; then
CFLAGS="${CFLAGS} -DLOADSIGS"
fi
AC_SUBST(CFLAGS)
AC_SUBST(LDFLAGS)
AC_SUBST(CPPFLAGS)

@ -138,7 +138,7 @@ void DetectExitPrintStats(ThreadVars *tv, void *data) {
(float)(pmt->pkts_uri_searched/(float)(pmt->pkts_uri_scanned)*100));
}
void SigLoadSignatures (void)
void SigLoadSignatures (char *sig_file)
{
Signature *prevsig = NULL, *sig;
@ -275,54 +275,33 @@ void SigLoadSignatures (void)
}
*/
//#define LOADSIGS
#ifdef LOADSIGS
int good = 0, bad = 0;
//FILE *fp = fopen("/etc/vips/rules/bleeding-all.rules", "r");
//FILE *fp = fopen("/home/victor/rules/bleeding-all-no1.rules", "r");
//FILE *fp = fopen("/home/victor/rules/iponly.rules", "r");
//FILE *fp = fopen("/home/victor/rules/iponly-small.rules", "r");
//FILE *fp = fopen("/home/victor/rules/all.rules", "r");
//FILE *fp = fopen("/home/victor/rules/eidps.http.sigs", "r");
//FILE *fp = fopen("/home/victor/rules/emerging-dshield.rules", "r");
FILE *fp = fopen("local.rules", "r");
//FILE *fp = fopen("/home/victor/rules/emerging-web.rules", "r");
//FILE *fp = fopen("/home/victor/rules/emerging-policy.rules", "r");
//FILE *fp = fopen("/home/victor/rules/emerging-p2p.rules", "r");
//FILE *fp = fopen("/home/victor/rules/emerging-web-small.rules", "r");
//FILE *fp = fopen("/home/victor/rules/web-misc.rules", "r");
//FILE *fp = fopen("/home/victor/rules/imap.rules", "r");
//FILE *fp = fopen("/home/victor/rules/emerging-malware.rules", "r");
//FILE *fp = fopen("/home/victor/rules/vips-all.sigs", "r");
//FILE *fp = fopen("/home/victor/rules/all_noip.rules", "r");
//FILE *fp = fopen("/home/victor/rules/all_iplists.rules", "r");
//FILE *fp = fopen("/home/victor/rules/funky.rules", "r");
//FILE *fp = fopen("/etc/vips/rules/zango.rules", "r");
//FILE *fp = fopen("/home/victor/rules/vips-vrt-all.sigs", "r");
//FILE *fp = fopen("/home/victor/rules/test-many-ips.rules", "r");
if (fp == NULL) {
printf("ERROR, could not open sigs file\n");
exit(1);
}
char line[8192] = "";
while(fgets(line, (int)sizeof(line), fp) != NULL) {
if (line[0] == '\n' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
continue;
if(sig_file != NULL){
int good = 0, bad = 0;
FILE *fp = fopen(sig_file, "r");
//if (i > 1000) break;
if (fp == NULL) {
printf("ERROR, could not open sigs file\n");
exit(1);
}
char line[8192] = "";
while(fgets(line, (int)sizeof(line), fp) != NULL) {
if (line[0] == '\n' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
continue;
sig = SigInit(g_de_ctx, line);
if (sig) {
prevsig->next = sig;
prevsig = sig;
good++;
} else {
bad++;
//if (i > 1000) break;
sig = SigInit(g_de_ctx, line);
if (sig) {
prevsig->next = sig;
prevsig = sig;
good++;
} else {
bad++;
}
}
fclose(fp);
printf("SigLoadSignatures: %d successfully loaded from file. %d sigs failed to load\n", good, bad);
}
fclose(fp);
printf("SigLoadSignatures: %d successfully loaded from file. %d sigs failed to load\n", good, bad);
#endif
/* Setup the signature group lookup structure and
* pattern matchers */

@ -350,7 +350,7 @@ typedef struct SigGroupHead_ {
#define SIGMATCH_NOOPT 0x01
void SigLoadSignatures (void);
void SigLoadSignatures (char *);
void SigTableSetup(void);
enum {

@ -824,6 +824,7 @@ void usage(const char *progname)
printf("\t-i <dev> : run in pcap live mode\n");
printf("\t-r <path>: run in pcap file/offline mode\n");
printf("\t-q <qid> : run in inline nfqueue mode\n");
printf("\t-s <path>: path to signature file (optional)\n");
#ifdef UNITTESTS
printf("\t-u : run the unittests and exit\n");
#endif /* UNITTESTS */
@ -835,8 +836,9 @@ int main(int argc, char **argv)
sigset_t set;
int opt;
int mode;
char *pcap_file;
char *pcap_dev;
char *pcap_file = NULL;
char *pcap_dev = NULL;
char *sig_file = NULL;
int nfq_id;
sigaddset(&set, SIGINT);
@ -846,7 +848,7 @@ int main(int argc, char **argv)
setup_signal_handler(SIGHUP, handle_sighup);
//pthread_sigmask(SIG_BLOCK, &set, 0);
while ((opt = getopt(argc, argv, "hi:q:r:u")) != -1) {
while ((opt = getopt(argc, argv, "hi:q:r:u:s:")) != -1) {
switch (opt) {
case 'h':
usage(argv[0]);
@ -864,6 +866,9 @@ int main(int argc, char **argv)
mode = MODE_PCAP_FILE;
pcap_file = optarg;
break;
case 's':
sig_file = optarg;
break;
case 'u':
#ifdef UNITTESTS
mode = MODE_UNITTEST;
@ -973,7 +978,7 @@ int main(int argc, char **argv)
FlowInitConfig(FLOW_VERBOSE);
SigLoadSignatures();
SigLoadSignatures(sig_file);
struct timeval start_time;
memset(&start_time, 0, sizeof(start_time));

Loading…
Cancel
Save