From dd86b51dbc29a737f8ed3911509b476e6a0143b5 Mon Sep 17 00:00:00 2001 From: William Metcalf Date: Wed, 12 Aug 2009 18:07:00 -0500 Subject: [PATCH] added optional option to specify signature file to load --- configure.in | 9 ------- src/detect.c | 69 ++++++++++++++++++---------------------------------- src/detect.h | 2 +- src/eidps.c | 13 +++++++--- 4 files changed, 34 insertions(+), 59 deletions(-) diff --git a/configure.in b/configure.in index 052a9ea4b9..023e010d6e 100644 --- a/configure.in +++ b/configure.in @@ -250,15 +250,6 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found ...)]) CFLAGS="${CFLAGS} -DUNITTESTS" fi -# enable the loading of sigs XXX remove this when we get a config language - AC_ARG_ENABLE(loadsigs, - [ --enable-loadsigs Enable Loading of Signatures], - [ enable_loadsigs=yes - ]) - if test "$enable_loadsigs" = "yes"; then - CFLAGS="${CFLAGS} -DLOADSIGS" - fi - AC_SUBST(CFLAGS) AC_SUBST(LDFLAGS) AC_SUBST(CPPFLAGS) diff --git a/src/detect.c b/src/detect.c index f76481283a..b8559a9f0c 100644 --- a/src/detect.c +++ b/src/detect.c @@ -138,7 +138,7 @@ void DetectExitPrintStats(ThreadVars *tv, void *data) { (float)(pmt->pkts_uri_searched/(float)(pmt->pkts_uri_scanned)*100)); } -void SigLoadSignatures (void) +void SigLoadSignatures (char *sig_file) { Signature *prevsig = NULL, *sig; @@ -275,54 +275,33 @@ void SigLoadSignatures (void) } */ -//#define LOADSIGS -#ifdef LOADSIGS - int good = 0, bad = 0; - //FILE *fp = fopen("/etc/vips/rules/bleeding-all.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/bleeding-all-no1.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/iponly.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/iponly-small.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/all.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/eidps.http.sigs", "r"); - //FILE *fp = fopen("/home/victor/rules/emerging-dshield.rules", "r"); - FILE *fp = fopen("local.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/emerging-web.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/emerging-policy.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/emerging-p2p.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/emerging-web-small.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/web-misc.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/imap.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/emerging-malware.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/vips-all.sigs", "r"); - //FILE *fp = fopen("/home/victor/rules/all_noip.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/all_iplists.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/funky.rules", "r"); - //FILE *fp = fopen("/etc/vips/rules/zango.rules", "r"); - //FILE *fp = fopen("/home/victor/rules/vips-vrt-all.sigs", "r"); - //FILE *fp = fopen("/home/victor/rules/test-many-ips.rules", "r"); - if (fp == NULL) { - printf("ERROR, could not open sigs file\n"); - exit(1); - } - char line[8192] = ""; - while(fgets(line, (int)sizeof(line), fp) != NULL) { - if (line[0] == '\n' || line[0] == ' ' || line[0] == '#' || line[0] == '\t') - continue; + if(sig_file != NULL){ + int good = 0, bad = 0; + FILE *fp = fopen(sig_file, "r"); - //if (i > 1000) break; + if (fp == NULL) { + printf("ERROR, could not open sigs file\n"); + exit(1); + } + char line[8192] = ""; + while(fgets(line, (int)sizeof(line), fp) != NULL) { + if (line[0] == '\n' || line[0] == ' ' || line[0] == '#' || line[0] == '\t') + continue; - sig = SigInit(g_de_ctx, line); - if (sig) { - prevsig->next = sig; - prevsig = sig; - good++; - } else { - bad++; + //if (i > 1000) break; + + sig = SigInit(g_de_ctx, line); + if (sig) { + prevsig->next = sig; + prevsig = sig; + good++; + } else { + bad++; + } } + fclose(fp); + printf("SigLoadSignatures: %d successfully loaded from file. %d sigs failed to load\n", good, bad); } - fclose(fp); - printf("SigLoadSignatures: %d successfully loaded from file. %d sigs failed to load\n", good, bad); -#endif /* Setup the signature group lookup structure and * pattern matchers */ diff --git a/src/detect.h b/src/detect.h index d0bea15f76..35d43904ba 100644 --- a/src/detect.h +++ b/src/detect.h @@ -350,7 +350,7 @@ typedef struct SigGroupHead_ { #define SIGMATCH_NOOPT 0x01 -void SigLoadSignatures (void); +void SigLoadSignatures (char *); void SigTableSetup(void); enum { diff --git a/src/eidps.c b/src/eidps.c index 8ea4bcbfdd..1ef6f339a2 100644 --- a/src/eidps.c +++ b/src/eidps.c @@ -824,6 +824,7 @@ void usage(const char *progname) printf("\t-i : run in pcap live mode\n"); printf("\t-r : run in pcap file/offline mode\n"); printf("\t-q : run in inline nfqueue mode\n"); + printf("\t-s : path to signature file (optional)\n"); #ifdef UNITTESTS printf("\t-u : run the unittests and exit\n"); #endif /* UNITTESTS */ @@ -835,8 +836,9 @@ int main(int argc, char **argv) sigset_t set; int opt; int mode; - char *pcap_file; - char *pcap_dev; + char *pcap_file = NULL; + char *pcap_dev = NULL; + char *sig_file = NULL; int nfq_id; sigaddset(&set, SIGINT); @@ -846,7 +848,7 @@ int main(int argc, char **argv) setup_signal_handler(SIGHUP, handle_sighup); //pthread_sigmask(SIG_BLOCK, &set, 0); - while ((opt = getopt(argc, argv, "hi:q:r:u")) != -1) { + while ((opt = getopt(argc, argv, "hi:q:r:u:s:")) != -1) { switch (opt) { case 'h': usage(argv[0]); @@ -864,6 +866,9 @@ int main(int argc, char **argv) mode = MODE_PCAP_FILE; pcap_file = optarg; break; + case 's': + sig_file = optarg; + break; case 'u': #ifdef UNITTESTS mode = MODE_UNITTEST; @@ -973,7 +978,7 @@ int main(int argc, char **argv) FlowInitConfig(FLOW_VERBOSE); - SigLoadSignatures(); + SigLoadSignatures(sig_file); struct timeval start_time; memset(&start_time, 0, sizeof(start_time));