aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added optional option to specify signature file to load

Browse Source
remotes/origin/master-1.0.x
William Metcalf 16 years ago committed by Victor Julien
parent 73217d60b9
commit dd86b51dbc
4 changed files with 34 additions and 59 deletions
Show Stats Download Patch File Download Diff File

9
configure.in
Unescape Escape View File

@ -250,15 +250,6 @@ AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found ...)])
CFLAGS="${CFLAGS} -DUNITTESTS" CFLAGS="${CFLAGS} -DUNITTESTS"
fi fi
# enable the loading of sigs XXX remove this when we get a config language
AC_ARG_ENABLE(loadsigs,
[ --enable-loadsigs Enable Loading of Signatures],
[ enable_loadsigs=yes
])
if test "$enable_loadsigs" = "yes"; then
CFLAGS="${CFLAGS} -DLOADSIGS"
fi
AC_SUBST(CFLAGS) AC_SUBST(CFLAGS)
AC_SUBST(LDFLAGS) AC_SUBST(LDFLAGS)
AC_SUBST(CPPFLAGS) AC_SUBST(CPPFLAGS)

31
src/detect.c
Unescape Escape View File

@ -138,7 +138,7 @@ void DetectExitPrintStats(ThreadVars *tv, void *data) {
(float)(pmt->pkts_uri_searched/(float)(pmt->pkts_uri_scanned)*100)); (float)(pmt->pkts_uri_searched/(float)(pmt->pkts_uri_scanned)*100));
} }
void SigLoadSignatures (void) void SigLoadSignatures (char *sig_file)
{ {
Signature *prevsig = NULL, *sig; Signature *prevsig = NULL, *sig;
@ -275,31 +275,10 @@ void SigLoadSignatures (void)
} }
*/ */
//#define LOADSIGS if(sig_file != NULL){
#ifdef LOADSIGS
int good = 0, bad = 0; int good = 0, bad = 0;
//FILE *fp = fopen("/etc/vips/rules/bleeding-all.rules", "r"); FILE *fp = fopen(sig_file, "r");
//FILE *fp = fopen("/home/victor/rules/bleeding-all-no1.rules", "r");
//FILE *fp = fopen("/home/victor/rules/iponly.rules", "r");
//FILE *fp = fopen("/home/victor/rules/iponly-small.rules", "r");
//FILE *fp = fopen("/home/victor/rules/all.rules", "r");
//FILE *fp = fopen("/home/victor/rules/eidps.http.sigs", "r");
//FILE *fp = fopen("/home/victor/rules/emerging-dshield.rules", "r");
FILE *fp = fopen("local.rules", "r");
//FILE *fp = fopen("/home/victor/rules/emerging-web.rules", "r");
//FILE *fp = fopen("/home/victor/rules/emerging-policy.rules", "r");
//FILE *fp = fopen("/home/victor/rules/emerging-p2p.rules", "r");
//FILE *fp = fopen("/home/victor/rules/emerging-web-small.rules", "r");
//FILE *fp = fopen("/home/victor/rules/web-misc.rules", "r");
//FILE *fp = fopen("/home/victor/rules/imap.rules", "r");
//FILE *fp = fopen("/home/victor/rules/emerging-malware.rules", "r");
//FILE *fp = fopen("/home/victor/rules/vips-all.sigs", "r");
//FILE *fp = fopen("/home/victor/rules/all_noip.rules", "r");
//FILE *fp = fopen("/home/victor/rules/all_iplists.rules", "r");
//FILE *fp = fopen("/home/victor/rules/funky.rules", "r");
//FILE *fp = fopen("/etc/vips/rules/zango.rules", "r");
//FILE *fp = fopen("/home/victor/rules/vips-vrt-all.sigs", "r");
//FILE *fp = fopen("/home/victor/rules/test-many-ips.rules", "r");
if (fp == NULL) { if (fp == NULL) {
printf("ERROR, could not open sigs file\n"); printf("ERROR, could not open sigs file\n");
exit(1); exit(1);
@ -322,7 +301,7 @@ void SigLoadSignatures (void)
} }
fclose(fp); fclose(fp);
printf("SigLoadSignatures: %d successfully loaded from file. %d sigs failed to load\n", good, bad); printf("SigLoadSignatures: %d successfully loaded from file. %d sigs failed to load\n", good, bad);
#endif }
/* Setup the signature group lookup structure and /* Setup the signature group lookup structure and
* pattern matchers */ * pattern matchers */

2
src/detect.h
Unescape Escape View File

@ -350,7 +350,7 @@ typedef struct SigGroupHead_ {
#define SIGMATCH_NOOPT 0x01 #define SIGMATCH_NOOPT 0x01
void SigLoadSignatures (void); void SigLoadSignatures (char *);
void SigTableSetup(void); void SigTableSetup(void);
enum { enum {

13
src/eidps.c
Unescape Escape View File

@ -824,6 +824,7 @@ void usage(const char *progname)
printf("\t-i <dev> : run in pcap live mode\n"); printf("\t-i <dev> : run in pcap live mode\n");
printf("\t-r <path>: run in pcap file/offline mode\n"); printf("\t-r <path>: run in pcap file/offline mode\n");
printf("\t-q <qid> : run in inline nfqueue mode\n"); printf("\t-q <qid> : run in inline nfqueue mode\n");
printf("\t-s <path>: path to signature file (optional)\n");
#ifdef UNITTESTS #ifdef UNITTESTS
printf("\t-u : run the unittests and exit\n"); printf("\t-u : run the unittests and exit\n");
#endif /* UNITTESTS */ #endif /* UNITTESTS */
@ -835,8 +836,9 @@ int main(int argc, char **argv)
sigset_t set; sigset_t set;
int opt; int opt;
int mode; int mode;
char *pcap_file; char *pcap_file = NULL;
char *pcap_dev; char *pcap_dev = NULL;
char *sig_file = NULL;
int nfq_id; int nfq_id;
sigaddset(&set, SIGINT); sigaddset(&set, SIGINT);
@ -846,7 +848,7 @@ int main(int argc, char **argv)
setup_signal_handler(SIGHUP, handle_sighup); setup_signal_handler(SIGHUP, handle_sighup);
//pthread_sigmask(SIG_BLOCK, &set, 0); //pthread_sigmask(SIG_BLOCK, &set, 0);
while ((opt = getopt(argc, argv, "hi:q:r:u")) != -1) { while ((opt = getopt(argc, argv, "hi:q:r:u:s:")) != -1) {
switch (opt) { switch (opt) {
case 'h': case 'h':
usage(argv[0]); usage(argv[0]);
@ -864,6 +866,9 @@ int main(int argc, char **argv)
mode = MODE_PCAP_FILE; mode = MODE_PCAP_FILE;
pcap_file = optarg; pcap_file = optarg;
break; break;
case 's':
sig_file = optarg;
break;
case 'u': case 'u':
#ifdef UNITTESTS #ifdef UNITTESTS
mode = MODE_UNITTEST; mode = MODE_UNITTEST;
@ -973,7 +978,7 @@ int main(int argc, char **argv)
FlowInitConfig(FLOW_VERBOSE); FlowInitConfig(FLOW_VERBOSE);
SigLoadSignatures(); SigLoadSignatures(sig_file);
struct timeval start_time; struct timeval start_time;
memset(&start_time, 0, sizeof(start_time)); memset(&start_time, 0, sizeof(start_time));

Write Preview
Loading…
Cancel
Save