added optional option to specify signature file to load

16 years ago · dd86b51dbc
parent 73217d60b9
commit dd86b51dbc
4 changed files with 34 additions and 59 deletions
--- a/configure.in
+++ b/configure.in
@ -250,15 +250,6 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found ...)])
    CFLAGS="${CFLAGS} -DUNITTESTS"
    fi

-# enable the loading of sigs XXX remove this when we get a config language
-    AC_ARG_ENABLE(loadsigs,
-            [  --enable-loadsigs  Enable Loading of Signatures],
-            [ enable_loadsigs=yes
-            ])
-    if test "$enable_loadsigs" = "yes"; then
-    CFLAGS="${CFLAGS} -DLOADSIGS"
-    fi
-
 AC_SUBST(CFLAGS)
 AC_SUBST(LDFLAGS)
 AC_SUBST(CPPFLAGS)
--- a/src/detect.c
+++ b/src/detect.c
@ -138,7 +138,7 @@ void DetectExitPrintStats(ThreadVars *tv, void *data) {
        (float)(pmt->pkts_uri_searched/(float)(pmt->pkts_uri_scanned)*100));
 }

-void SigLoadSignatures (void)
+void SigLoadSignatures (char *sig_file)
 {
    Signature *prevsig = NULL, *sig;

@ -275,54 +275,33 @@ void SigLoadSignatures (void)
    }
 */

-//#define LOADSIGS
-#ifdef LOADSIGS
-    int good = 0, bad = 0;
-    //FILE *fp = fopen("/etc/vips/rules/bleeding-all.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/bleeding-all-no1.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/iponly.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/iponly-small.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/all.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/eidps.http.sigs", "r");
-    //FILE *fp = fopen("/home/victor/rules/emerging-dshield.rules", "r");
-    FILE *fp = fopen("local.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/emerging-web.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/emerging-policy.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/emerging-p2p.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/emerging-web-small.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/web-misc.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/imap.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/emerging-malware.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/vips-all.sigs", "r");
-    //FILE *fp = fopen("/home/victor/rules/all_noip.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/all_iplists.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/funky.rules", "r");
-    //FILE *fp = fopen("/etc/vips/rules/zango.rules", "r");
-    //FILE *fp = fopen("/home/victor/rules/vips-vrt-all.sigs", "r");
-    //FILE *fp = fopen("/home/victor/rules/test-many-ips.rules", "r");
-    if (fp == NULL) {
-        printf("ERROR, could not open sigs file\n");
-        exit(1);
-    }
-    char line[8192] = "";
-    while(fgets(line, (int)sizeof(line), fp) != NULL) {
-        if (line[0] == '\n' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
-            continue;
+    if(sig_file != NULL){
+        int good = 0, bad = 0;
+        FILE *fp = fopen(sig_file, "r");

-        //if (i > 1000) break;
+        if (fp == NULL) {
+            printf("ERROR, could not open sigs file\n");
+            exit(1);
+        }
+        char line[8192] = "";
+        while(fgets(line, (int)sizeof(line), fp) != NULL) {
+            if (line[0] == '\n' || line[0] == ' ' || line[0] == '#' || line[0] == '\t')
+                continue;

-        sig = SigInit(g_de_ctx, line);
-        if (sig) {
-            prevsig->next = sig;
-            prevsig = sig;
-            good++;
-        } else {
-            bad++;
+            //if (i > 1000) break;
+
+            sig = SigInit(g_de_ctx, line);
+            if (sig) {
+                prevsig->next = sig;
+                prevsig = sig;
+                good++;
+            } else {
+                bad++;
+            }
        }
+        fclose(fp);
+        printf("SigLoadSignatures: %d successfully loaded from file. %d sigs failed to load\n", good, bad);
    }
-    fclose(fp);
-    printf("SigLoadSignatures: %d successfully loaded from file. %d sigs failed to load\n", good, bad);
-#endif

    /* Setup the signature group lookup structure and
     * pattern matchers */
--- a/src/detect.h
+++ b/src/detect.h
@ -350,7 +350,7 @@ typedef struct SigGroupHead_ {

 #define SIGMATCH_NOOPT  0x01

-void SigLoadSignatures (void);
+void SigLoadSignatures (char *);
 void SigTableSetup(void);

 enum {
--- a/src/eidps.c
+++ b/src/eidps.c
@ -824,6 +824,7 @@ void usage(const char *progname)
    printf("\t-i <dev> : run in pcap live mode\n");
    printf("\t-r <path>: run in pcap file/offline mode\n");
    printf("\t-q <qid> : run in inline nfqueue mode\n");
+    printf("\t-s <path>: path to signature file (optional)\n");
 #ifdef UNITTESTS
    printf("\t-u       : run the unittests and exit\n");
 #endif /* UNITTESTS */
@ -835,8 +836,9 @@ int main(int argc, char **argv)
    sigset_t set;
    int opt;
    int mode;
-    char *pcap_file;
-    char *pcap_dev;
+    char *pcap_file = NULL;
+    char *pcap_dev = NULL;
+    char *sig_file = NULL;
    int nfq_id;

    sigaddset(&set, SIGINT); 
@ -846,7 +848,7 @@ int main(int argc, char **argv)
    setup_signal_handler(SIGHUP, handle_sighup);
    //pthread_sigmask(SIG_BLOCK, &set, 0);

-    while ((opt = getopt(argc, argv, "hi:q:r:u")) != -1) {
+    while ((opt = getopt(argc, argv, "hi:q:r:u:s:")) != -1) {
        switch (opt) {
        case 'h':
            usage(argv[0]);
@ -864,6 +866,9 @@ int main(int argc, char **argv)
            mode = MODE_PCAP_FILE;
            pcap_file = optarg;
            break;
+        case 's':
+            sig_file = optarg;
+            break;
        case 'u':
 #ifdef UNITTESTS
            mode = MODE_UNITTEST;
@ -973,7 +978,7 @@ int main(int argc, char **argv)

    FlowInitConfig(FLOW_VERBOSE);

-    SigLoadSignatures();
+    SigLoadSignatures(sig_file);

    struct timeval start_time;
    memset(&start_time, 0, sizeof(start_time));