[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/README
|
@@ -16,7 +16,7 @@
1. COPYRIGHT
------------------------------------------------------------------------------
-Copyright (C)2008-2010 Ian Firns <firnsy@securixlive.com>
+Copyright (C)2008-2012 Ian Firns <firnsy@securixlive.com>
Copyright (C)2008-2010 SecurixLive <dev@securixlive.com>
This program is free software; you can redistribute it and/or modify
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/RELEASE.NOTES
^
|
@@ -1,3 +1,35 @@
+2012-10-24 - Barnyard 2.1.10
+ [*] Additions
+ * spo_database. Support of encrypted connections to postgresql is now
+ available. See README.database for the appropriate options.
+
+ * spo_sguil. Fixed issue with duplication of alerts.
+
+ * Completely re-written database plugin for performance optimisation
+ against the original DB schema.
+
+ NOTE: If you have intentions of running this new version we highly
+ recommende you to clean two database tables for better performance:
+ reference and sig_reference, not doing so will not break anything but
+ could slow the startup caching process).
+
+ * New Bro output plugin (thanks to Seth Hall)
+
+ * A new syslog plugin (syslog_full) that support local and remote TCP and
+ UDP syslog.
+
+ [*] Improvements
+
+ * Improved support against the latest Unified 2 format. Extended
+ headers are read, however no plugins use the information currently.
+
+ * Improved core IPv6 support.
+
+ * Compile under cygwin
+
+ * And many, many bugfixes.
+
+
2010-12-27 - Barnyard 2.1.9
[*] Additions
* spo_database. Support of encrypted connections to postgresql is now
@@ -35,7 +67,7 @@
scripting the barnyard2 process. We welcome any suggestions for
improvements to these return codes.
- * spooler. The spooler now incorporates an improved event cache that will
+ * spooler. The spooler now incorporates an improved event cache that willg
in time facilitate improved correlation for TCP portscans and similar
events.
@@ -48,7 +80,7 @@
[*] Improvements
* core. Barnyard2 has had the appropriate changes from snort 2.8.5.1 pushed
into the core.
-
+g
* database. Fixed a duplication issue introduced with the alignment of the
snort 2.8.4.1 code base. Thanks to Jonathan Tullet.
@@ -65,9 +97,9 @@
* log_tcpdump. The output of tcpdump will now match the linktype being
used by the packet. The output format can be explicitly defined or auto
adapting.
-
+g
-2009-07-15 - Barnyard 2.1.6
+2009-07-15 - Barnyard 2.1.6g
[*] Improvements
* Waldo Files. Waldo files not being honoured has been fixed. The issue of
no new waldo files being created or updated was caused by a number of key
@@ -98,7 +130,7 @@
[*] Improvements
* core. Barnyard2 has had the appropriate changes from snort 2.8.4.1 pushed
into the core.
-
+g
In addition an issue with non-unique pid files being generated when
multiple instances were running has been fixed. Thanks to Jon. B. Bayer
@@ -127,7 +159,7 @@
updated and does not restrict to specific generator id's. This will be
re-addressed if sid to gid maps ever happen. Thanks to Jason Wallace.
- * spooler. Fixed an issue with blank permissions when creating waldo
+ * spooler. Fixed an issue with blank permissions when creating waldog
files from scratch. Thanks to Jason Wallace.
@@ -158,7 +190,7 @@
* spo_sguil. Fixed inconsistencies between the documentated and the actual
configuration requirements for the sguil output plugin. The parameters
- can be either comma (",") or space (" ") separated. The documentation
+ can be either comma (",") or space (" ") separated. The documentationg
refers to space separated only.
@@ -182,7 +214,7 @@
2008-11-11 - Barnyard 2.0.5
[*] Improvements
- * spo_sguil. Modifed the parameter parsing of the configuration to now
+ * spo_sguil. Modifed the parameter parsing of the configuration to nowg
expect "key=value" pairs and not "key value" pairs. This aligns with
traditional spo_database plugin.
@@ -236,11 +268,11 @@
2008-06-01 - Barnyard 2.0.2
[*] Additions
- * More databases (experimental). The spo_databsae plugin was able to be
+ * More databases (experimental). The spo_databsae plugin was able to beg
ported across with little effort. This means there is now database
support for MSSQL, MYSQL, Postgresql, any unixOBDC and Oracle. Awesome!
- * Sguil support (experimental). We have started converting the original
+ * Sguil support (experimental). We have started converting the originalg
Sguil plugin to the new API. This is a big milestone as it will now
allow us to start working on a more contemporary frontend for Sguil.
@@ -256,22 +288,22 @@
2008-05-10 - Barnyard 2.0.1
[*] Additions
- * Unified2 support. Since the release of Snort 2.8.0 a new output plugin
- named 'unified2' will address all the shortfalls of the original
+ * Unified2 support. Since the release of Snort 2.8.0 a new output pluging
+ named 'unified2' will address all the shortfalls of the originalg
unified output plugin. The new format supports multiple records in the
one format as well as expansion for additional records such as packet
statistics, etc in the future.
-
+g
* 64-bit support. Support for 64-bit systems has been considered from the
outset. However, given that we don't have any 64-bit machines to test
the current builds on we will wait for community feedback on this.
-
+g
[*] Improvements
* Plugin structure. Given that we initially fused majority of the current
- Snort core with the original barnyard code and improved from there we
+ Snort core with the original barnyard code and improved from there weg
have attained/retained a similar output plugin API to that of Snort.
This requires only slight modification to existing Snort output plugins
to work with Barnyard. This may change to full compatibility in the
future depending on feedback.
-
+g
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/configure.in
^
|
@@ -4,7 +4,7 @@
AC_PREREQ(2.50)
AC_INIT(src/barnyard2.c)
AM_CONFIG_HEADER(config.h)
-AM_INIT_AUTOMAKE(barnyard2,1.10-beta2)
+AM_INIT_AUTOMAKE(barnyard2,1.10)
AC_CONFIG_MACRO_DIR([m4])
LT_INIT
@@ -325,26 +325,29 @@
if test "x$CYGWIN" = "x1" ; then
- echo
- echo " ERROR: You will need to get Winpcap, install libraries and headers in your path"
- echo " Downlad from http://www.winpcap.org, uncompress it and copy */Lib/* to your lib path (/lib)"
- echo " and */Include/* to your include path (/usr/include)"
- echo " or use the --with-libpcap-* options, if you have it installed"
- echo " in unusual place. Also check if your libpcap depends on another"
- echo " shared library that may be installed in an unusual place"
+
+ echo
+ echo " ERROR: You will need to get Winpcap headers in your path"
+ echo " Downlad from http://www.winpcap.org, uncompress it and copy"
+ echo " */Include/* to your include path (/usr/include)"
+ echo " or use the --with-libpcap-headers* options, if you have it installed"
+ echo " in unusual place."
+ echo
- exit 1
+ exit 1
else
-
+
echo
- echo " ERROR! Libpcap library/headers (libpcap.a (or .so)/pcap.h)"
+ echo " ERROR! Libpcap headers (pcap.h)"
echo " not found, go get it from http://www.tcpdump.org"
- echo " or use the --with-libpcap-* options, if you have it installed"
- echo " in unusual place. Also check if your libpcap depends on another"
- echo " shared library that may be installed in an unusual place"
+ echo " or use the --with-libpcap-headers=* options, if you have it installed"
+ echo " in unusual place."
+ echo
+
exit 1
+
fi
fi
@@ -385,26 +388,26 @@
if test "x$LPFRING_PCAP" = "xno"; then
if test "x$CYGWIN" = "1" ; then
-
- echo
- echo " ERROR: You will need to get Winpcap, install libraries and headers in your path"
+
+ echo
+ echo " Warning: You will need to get Winpcap, install libraries and headers in your path "
+ echo " to compile barnyard2 with the output plugin LogTcpdump"
echo " Downlad from http://www.winpcap.org, uncompress it and copy */Lib/* to your lib path (/lib)"
echo " and */Include/* to your include path (/usr/include)"
echo " or use the --with-libpcap-* options, if you have it installed"
- echo " in unusual place. Also check if your libpcap depends on another"
- echo " shared library that may be installed in an unusual place"
-
- exit 1
+ echo " in unusual place."
+ echo
else
-
+
echo
- echo " ERROR! Libpcap library/headers (libpcap.a (or .so)/pcap.h)"
- echo " not found, go get it from http://www.tcpdump.org"
+ echo " Warning: you will need Libpcap library/headers (libpcap.a (or .so)/pcap.h) in your path"
+ echo " to compile barnyard2 with the output plugin LogTcpdump"
+ echo " You can download source from from http://www.tcpdump.org"
echo " or use the --with-libpcap-* options, if you have it installed"
- echo " in unusual place. Also check if your libpcap depends on another"
- echo " shared library that may be installed in an unusual place"
- exit 1
+ echo " in unusual place."
+ echo
+
fi
|
[-]
[+]
|
Added |
barnyard2-git.tar.bz2/schemas/SCHEMA_ACCESS
^
|
@@ -0,0 +1,95 @@
+The default schema creation scripts does not create ACL's for database access.
+This file define what type of access barnyard2 require for the database output plugin to work correctly.
+
+=============
+TABLE : sensor
+=============
+INSERT
+SELECT
+UPDATE
+=============
+
+=============
+TABLE : event
+=============
+SELECT
+INSERT
+=============
+
+=============
+TABLE : iphdr
+=============
+SELECT
+INSERT
+=============
+
+=============
+TABLE : tcphdr
+=============
+SELECT
+INSERT
+=============
+
+=============
+TABLE : udphdr
+=============
+SELECT
+INSERT
+=============
+
+=============
+TABLE : opt
+=============
+SELECT
+INSERT
+=============
+
+=============
+TABLE : icmphdr
+=============
+SELECT
+INSERT
+=============
+
+=============
+TABLE : data
+=============
+SELECT
+INSERT
+=============
+
+=============
+TABLE : reference_system
+=============
+INSERT
+SELECT
+=============
+
+=============
+TABLE : reference
+=============
+INSERT
+SELECT
+=============
+
+=============
+TABLE : sig_class
+=============
+INSERT
+SELECT
+=============
+
+=============
+TABLE : signature
+=============
+INSERT
+SELECT
+UPDATE
+=============
+
+=============
+TABLE : sig_reference
+=============
+SELECT
+INSERT
+=============
\ No newline at end of file
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/barnyard2.c
^
|
@@ -1083,7 +1083,7 @@
struct timeval difftime;
struct timezone tz;
- bzero((char *) &tz, sizeof(tz));
+ memset((char *) &tz, 0, sizeof(tz)); /* bzero() deprecated, replaced by memset() */
gettimeofday(&endtime, &tz);
TIMERSUB(&endtime, &starttime, &difftime);
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/barnyard2.h
^
|
@@ -1,5 +1,5 @@
/*
-** Copyright (C) 2008-2011 Ian Firns (SecurixLive) <dev@securixlive.com>
+** Copyright (C) 2008-2012 Ian Firns (SecurixLive) <dev@securixlive.com>
**
** Copyright (C) 2005-2009 Sourcefire, Inc.
** Copyright (C) 1998-2005 Martin Roesch <roesch@sourcefire.com>
@@ -62,8 +62,8 @@
#define PROGRAM_NAME "Barnyard"
#define VER_MAJOR "2"
#define VER_MINOR "1"
-#define VER_REVISION "10-beta2"
-#define VER_BUILD "266"
+#define VER_REVISION "10"
+#define VER_BUILD "310"
#define STD_BUF 1024
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/debug.c
^
|
@@ -28,10 +28,14 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <wchar.h>
+
#include "debug.h"
#include "barnyard2.h"
+
+
#ifdef DEBUG
int debuglevel = DEBUG_ALL;
char *DebugMessageFile = NULL;
@@ -130,10 +134,11 @@
if(BcDaemonMode())
{
-#ifdef WIN32
+#if defined(WIN32) && (defined(__USE_ISOC95) || defined(__USE_UNIX98))
_vsnwprintf(buf, STD_BUF, fmt, ap);
#else
-#ifdef HAVE_VSWPRINTF
+#if defined(HAVE_VSWPRINTF) && (defined(__USE_ISOC95) || defined(__USE_UNIX98))
+
vswprintf(buf, STD_BUF, fmt, ap);
#endif
#endif
@@ -141,11 +146,11 @@
}
else
{
-#ifdef HAVE_WPRINTF
+#if defined(HAVE_WPRINTF) && (defined(__USE_ISOC95) || defined(__USE_UNIX98))
vwprintf(fmt, ap);
#endif
}
-
+
va_end(ap);
}
#endif
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/input-plugins/spi_unified2.c
^
|
@@ -1,6 +1,6 @@
/*
**
-** Copyright (C) 2008-2011 Ian Firns (SecurixLive) <dev@securixlive.com>
+** Copyright (C) 2008-2012 Ian Firns (SecurixLive) <dev@securixlive.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/input-plugins/spi_unified2.h
^
|
@@ -1,6 +1,6 @@
/*
**
-** Copyright (C) 2008-2011 Ian Firns (SecurixLive) <dev@securixlive.com>
+** Copyright (C) 2008-2012 Ian Firns (SecurixLive) <dev@securixlive.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/log.c
^
|
@@ -362,7 +362,7 @@
DEBUG_WRAP(DebugMessage(DEBUG_LOG, "PrintIPPkt type = %d\n", type););
- bzero((char *) timestamp, TIMEBUF_SIZE);
+ memset((char *) timestamp, 0, TIMEBUF_SIZE); /* bzero() deprecated, replaced with memset */
ts_print((struct timeval *) & p->pkth->ts, timestamp);
/* dump the timestamp */
@@ -864,8 +864,8 @@
const uint8_t *mac_src = NULL;
const uint8_t *mac_dst = NULL;
- bzero((struct in_addr *) &ip_addr, sizeof(struct in_addr));
- bzero((char *) timestamp, TIMEBUF_SIZE);
+ memset((struct in_addr *) &ip_addr, 0, sizeof(struct in_addr)); /* bzero() deprecated, replaced with memset() */
+ memset((char *) timestamp, 0, TIMEBUF_SIZE); /* bzero() deprecated, replaced with memset() */
ts_print((struct timeval *) & p->pkth->ts, timestamp);
/* determine what to use as MAC src and dst */
@@ -1468,7 +1468,7 @@
if (fp == NULL || p == NULL)
return;
- bzero((char *) &op, sizeof(Packet));
+ memset((char *) &op, 0, sizeof(Packet)); /* bzero() deprecated, replaced with memset() */
orig_p = &op;
orig_p->iph = p->orig_iph;
@@ -1718,7 +1718,7 @@
switch(p->tcp_options[i].code)
{
case TCPOPT_MAXSEG:
- bzero((char *) tmp, 5);
+ memset((char *) tmp, 0, 5); /* bzero() deprecated, replaced with memset() */
fwrite("MSS: ", 5, 1, fp);
if (p->tcp_options[i].data)
memcpy(tmp, p->tcp_options[i].data, 2);
@@ -1741,11 +1741,11 @@
break;
case TCPOPT_SACK:
- bzero((char *) tmp, 5);
+ memset((char *) tmp, 0, 5); /* bzero() deprecated, replaced by memset() */
if (p->tcp_options[i].data && (p->tcp_options[i].len >= 2))
memcpy(tmp, p->tcp_options[i].data, 2);
fprintf(fp, "Sack: %u@", EXTRACT_16BITS(tmp));
- bzero((char *) tmp, 5);
+ memset((char *) tmp, 0, 5); /* bzero() deprecated, replaced by memset() */
if (p->tcp_options[i].data && (p->tcp_options[i].len >= 4))
memcpy(tmp, (p->tcp_options[i].data) + 2, 2);
fprintf(fp, "%u ", EXTRACT_16BITS(tmp));
@@ -1756,46 +1756,46 @@
break;
case TCPOPT_ECHO:
- bzero((char *) tmp, 5);
+ memset((char *) tmp, 0, 5); /* bzero() deprecated, replaced by memset() */
if (p->tcp_options[i].data)
memcpy(tmp, p->tcp_options[i].data, 4);
fprintf(fp, "Echo: %u ", EXTRACT_32BITS(tmp));
break;
case TCPOPT_ECHOREPLY:
- bzero((char *) tmp, 5);
+ memset((char *) tmp, 0, 5); /* bzero() deprecated, replaced by memset() */
if (p->tcp_options[i].data)
memcpy(tmp, p->tcp_options[i].data, 4);
fprintf(fp, "Echo Rep: %u ", EXTRACT_32BITS(tmp));
break;
case TCPOPT_TIMESTAMP:
- bzero((char *) tmp, 5);
+ memset((char *) tmp, 0, 5); /* bzero() deprecated, replaced by memset() */
if (p->tcp_options[i].data)
memcpy(tmp, p->tcp_options[i].data, 4);
fprintf(fp, "TS: %u ", EXTRACT_32BITS(tmp));
- bzero((char *) tmp, 5);
+ memset((char *) tmp, 0, 5); /* bzero() deprecated, replaced by memset() */
if (p->tcp_options[i].data)
memcpy(tmp, (p->tcp_options[i].data) + 4, 4);
fprintf(fp, "%u ", EXTRACT_32BITS(tmp));
break;
case TCPOPT_CC:
- bzero((char *) tmp, 5);
+ memset((char *) tmp, 0, 5); /* bzero() deprecated, replaced by memset() */
if (p->tcp_options[i].data)
memcpy(tmp, p->tcp_options[i].data, 4);
fprintf(fp, "CC %u ", EXTRACT_32BITS(tmp));
break;
case TCPOPT_CCNEW:
- bzero((char *) tmp, 5);
+ memset((char *) tmp, 0, 5); /* bzero() deprecated, replaced by memset() */
if (p->tcp_options[i].data)
memcpy(tmp, p->tcp_options[i].data, 4);
fprintf(fp, "CCNEW: %u ", EXTRACT_32BITS(tmp));
break;
case TCPOPT_CCECHO:
- bzero((char *) tmp, 5);
+ memset((char *) tmp, 0, 5); /* bzero() deprecated, replaced by memset() */
if (p->tcp_options[i].data)
memcpy(tmp, p->tcp_options[i].data, 4);
fprintf(fp, "CCECHO: %u ", EXTRACT_32BITS(tmp));
@@ -1848,7 +1848,7 @@
char timestamp[TIMEBUF_SIZE];
- bzero((char *) timestamp, TIMEBUF_SIZE);
+ memset((char *) timestamp, 0, TIMEBUF_SIZE); /* bzero() deprecated, replaced by memset() */
ts_print((struct timeval *) & p->pkth->ts, timestamp);
/* dump the timestamp */
@@ -2022,7 +2022,7 @@
char timestamp[TIMEBUF_SIZE];
- bzero((char *) timestamp, TIMEBUF_SIZE);
+ memset((char *) timestamp, 0, TIMEBUF_SIZE); /* bzero() deprecated, replaced by memset() */
ts_print((struct timeval *) & p->pkth->ts, timestamp);
/* dump the timestamp */
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/log_text.c
^
|
@@ -1603,7 +1603,8 @@
switch(ntohs(p->ah->ea_hdr.ar_op))
{
case ARPOP_REQUEST:
- bcopy((void *)p->ah->arp_tpa, (void *) &ip_addr, sizeof(ip_addr));
+ /* bcopy() deprecated, replaced with memmove() */
+ memmove((void *) &ip_addr, (void *)p->ah->arp_tpa, sizeof(ip_addr));
TextLog_Print(log, "ARP who-has %s", inet_ntoa(ip_addr));
if(memcmp((char *) ezero, (char *) p->ah->arp_tha, 6) != 0)
@@ -1612,8 +1613,8 @@
p->ah->arp_tha[1], p->ah->arp_tha[2], p->ah->arp_tha[3],
p->ah->arp_tha[4], p->ah->arp_tha[5]);
}
- bcopy((void *)p->ah->arp_spa, (void *) &ip_addr, sizeof(ip_addr));
-
+ /* bcopy() deprecated, replaced with memmove() */
+ memmove((void *) &ip_addr, (void *)p->ah->arp_spa, sizeof(ip_addr));
TextLog_Print(log, " tell %s", inet_ntoa(ip_addr));
if(memcmp((char *) mac_src, (char *) p->ah->arp_sha, 6) != 0)
@@ -1625,7 +1626,8 @@
break;
case ARPOP_REPLY:
- bcopy((void *)p->ah->arp_spa, (void *) &ip_addr, sizeof(ip_addr));
+ /* bcopy() deprecated, replaced with memmove() */
+ memmove((void *) &ip_addr, (void *)p->ah->arp_spa, sizeof(ip_addr));
TextLog_Print(log, "ARP reply %s", inet_ntoa(ip_addr));
/* print out the originating request if we're on a weirder
@@ -1658,7 +1660,8 @@
break;
case ARPOP_RREPLY:
- bcopy((void *)p->ah->arp_tpa, (void *) &ip_addr, sizeof(ip_addr));
+ /* bcopy() deprecated, replaced with memmove() */
+ memmove((void *) &ip_addr, (void *)p->ah->arp_tpa, sizeof(ip_addr));
TextLog_Print(log, "RARP reply %X:%X:%X:%X:%X:%X at %s",
p->ah->arp_tha[0], p->ah->arp_tha[1], p->ah->arp_tha[2],
p->ah->arp_tha[3], p->ah->arp_tha[4], p->ah->arp_tha[5],
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/map.c
^
|
@@ -1,6 +1,6 @@
/*
**
-** Copyright (C) 2008-2011 Ian Firns (SecurixLive) <dev@securixlive.com>
+** Copyright (C) 2008-2012 Ian Firns (SecurixLive) <dev@securixlive.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
@@ -258,7 +258,7 @@
return -1;
}
- bzero(buf, BUFFER_SIZE);
+ memset(buf, 0, BUFFER_SIZE); /* bzero() deprecated, replaced with memset() */
while ( fgets(buf, BUFFER_SIZE, fd) != NULL )
{
@@ -459,7 +459,7 @@
return -1;
}
- bzero(buf, BUFFER_SIZE);
+ memset(buf, 0, BUFFER_SIZE); /* bzero() deprecated, replaced with memset() */
while ( fgets(buf, BUFFER_SIZE, fd) != NULL )
{
@@ -513,7 +513,7 @@
return -1;
}
- bzero(buf, BUFFER_SIZE);
+ memset(buf, 0, BUFFER_SIZE); /* bzero() deprecated, replaced by memset() */
while(fgets(buf, BUFFER_SIZE, fd) != NULL)
{
@@ -705,7 +705,7 @@
return -1;
}
- bzero(buf, BUFFER_SIZE);
+ memset(buf, 0, BUFFER_SIZE); /* bzero() deprecated, replaced by memset() */
while( fgets(buf, BUFFER_SIZE, fd) != NULL )
{
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/map.h
^
|
@@ -1,6 +1,6 @@
/*
**
-** Copyright (C) 2008-2011 Ian Firns (SecurixLive) <dev@securixlive.com>
+** Copyright (C) 2008-2012 Ian Firns (SecurixLive) <dev@securixlive.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_alert_bro.c
^
|
@@ -31,6 +31,7 @@
#ifdef BROCCOLI
+#include <string.h>
#include <sys/types.h>
#include <stdlib.h>
#ifdef HAVE_STRINGS_H
@@ -120,6 +121,24 @@
AddFuncToRestartList(AlertBroRestart, 0);
}
+#ifdef SUP_IP6
+static INLINE void map_broccoli_addr(BroAddr* a, const snort_ip_p i)
+{
+ if ( i->family == AF_INET )
+ {
+ memcpy(a->addr, BRO_IPV4_MAPPED_PREFIX, sizeof(BRO_IPV4_MAPPED_PREFIX));
+ memcpy(&a->addr[3], i->ip.u6_addr32, sizeof(uint32_t));
+ }
+ else if ( i->family == AF_INET6 )
+ memcpy(a->addr, &i->ip, sizeof(a->addr));
+}
+#else
+static INLINE void map_broccoli_addr(BroAddr* a, const struct in_addr i)
+{
+ memcpy(a->addr, BRO_IPV4_MAPPED_PREFIX, sizeof(BRO_IPV4_MAPPED_PREFIX));
+ memcpy(&a->addr[3], &i, sizeof(uint32_t));
+}
+#endif
/*
* Function: AlertBro(Packet *)
@@ -139,6 +158,8 @@
Unified2EventCommon *uevent = (Unified2EventCommon *) event;
BroPort src_p;
BroPort dst_p;
+ BroAddr src_addr;
+ BroAddr dst_addr;
if ( p == NULL || event == NULL )
{
@@ -150,7 +171,7 @@
if(p && IPH_IS_VALID(p))
{
- ev = bro_event_new("barnyard_alert");
+ ev = bro_event_new("Barnyard2::barnyard_alert");
// First value
BroRecord *packet_id = bro_record_new();
@@ -164,44 +185,47 @@
src_p.port_proto = dst_p.port_proto = GET_IPH_PROTO(p);
if((GET_IPH_PROTO(p) == IPPROTO_ICMP) && p->icmph)
{
- src_p.port_num = htons(p->icmph->type);
- dst_p.port_num = htons(p->icmph->code);
+ src_p.port_num = p->icmph->type;
+ dst_p.port_num = p->icmph->code;
} else {
src_p.port_num = p->sp;
dst_p.port_num = p->dp;
}
}
-
- bro_record_add_val(packet_id, "src_ip", BRO_TYPE_IPADDR, NULL, &GET_SRC_ADDR(p));
+
+ map_broccoli_addr(&src_addr, GET_SRC_ADDR(p));
+ bro_record_add_val(packet_id, "src_ip", BRO_TYPE_IPADDR, NULL, &src_addr);
bro_record_add_val(packet_id, "src_p", BRO_TYPE_PORT, NULL, &src_p);
- bro_record_add_val(packet_id, "dst_ip", BRO_TYPE_IPADDR, NULL, &GET_DST_ADDR(p));
+ map_broccoli_addr(&dst_addr, GET_DST_ADDR(p));
+ bro_record_add_val(packet_id, "dst_ip", BRO_TYPE_IPADDR, NULL, &dst_addr);
bro_record_add_val(packet_id, "dst_p", BRO_TYPE_PORT, NULL, &dst_p);
- bro_event_add_val(ev, BRO_TYPE_RECORD, "packet_id", packet_id);
+ bro_event_add_val(ev, BRO_TYPE_RECORD, "Barnyard2::PacketID", packet_id);
bro_record_free(packet_id);
// Second value
BroRecord *sad = bro_record_new();
- uint32_t sensor_id_hl = ntohl(uevent->sensor_id);
+ uint64_t sensor_id_hl = ntohl(uevent->sensor_id);
bro_record_add_val(sad, "sensor_id", BRO_TYPE_COUNT, NULL, &sensor_id_hl);
double ts = (double) ntohl(uevent->event_second) + (((double) ntohl(uevent->event_microsecond))/1000000);
bro_record_add_val(sad, "ts", BRO_TYPE_TIME, NULL, &ts);
- uint32_t signature_id_hl = ntohl(uevent->signature_id);
+ uint64_t signature_id_hl = ntohl(uevent->signature_id);
bro_record_add_val(sad, "signature_id", BRO_TYPE_COUNT, NULL, &signature_id_hl);
- uint32_t generator_id_hl = ntohl(uevent->generator_id);
+ uint64_t generator_id_hl = ntohl(uevent->generator_id);
bro_record_add_val(sad, "generator_id", BRO_TYPE_COUNT, NULL, &generator_id_hl);
- uint32_t signature_revision_hl = ntohl(uevent->signature_revision);
+ uint64_t signature_revision_hl = ntohl(uevent->signature_revision);
bro_record_add_val(sad, "signature_revision", BRO_TYPE_COUNT, NULL, &signature_revision_hl);
- uint32_t classification_id_hl = ntohl(uevent->classification_id);
+ uint64_t classification_id_hl = ntohl(uevent->classification_id);
bro_record_add_val(sad, "classification_id", BRO_TYPE_COUNT, NULL, &classification_id_hl);
BroString class_bs;
cn = ClassTypeLookupById(barnyard2_conf, ntohl(uevent->classification_id));
bro_string_init(&class_bs);
- bro_string_set(&class_bs, cn->name);
+ if ( cn )
+ bro_string_set(&class_bs, cn->name);
bro_record_add_val(sad, "classification", BRO_TYPE_STRING, NULL, &class_bs);
bro_string_cleanup(&class_bs);
- uint32_t priority_id_hl = ntohl(uevent->priority_id);
+ uint64_t priority_id_hl = ntohl(uevent->priority_id);
bro_record_add_val(sad, "priority_id", BRO_TYPE_COUNT, NULL, &priority_id_hl);
- uint32_t event_id_hl = ntohl(uevent->event_id);
+ uint64_t event_id_hl = ntohl(uevent->event_id);
bro_record_add_val(sad, "event_id", BRO_TYPE_COUNT, NULL, &event_id_hl);
//BroSet *ref_set = bro_set_new();
//BroString ref_name_bs;
@@ -217,7 +241,7 @@
//bro_record_add_val(sad, "references", BRO_TYPE_SET, NULL, ref_set);
//bro_set_free(ref_set);
- bro_event_add_val(ev, BRO_TYPE_RECORD, "barnyard_alert_data", sad);
+ bro_event_add_val(ev, BRO_TYPE_RECORD, "Barnyard2::AlertData", sad);
bro_record_free(sad);
// Third value
@@ -271,4 +295,4 @@
FatalError("Could not connect to Bro!\n");
}
-#endif /* BROCCOLI */
\ No newline at end of file
+#endif /* BROCCOLI */
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_alert_fwsam.c
^
|
@@ -2,7 +2,7 @@
** spo_alert_fwsam.c
**
** Copyright (c) 2001-2005 Frank Knobbe <frank@knobbe.us>
-** Portions Copyright (c) 2011 Ian Firns <firnsy@securixlive.com>
+** Portions Copyright (c) 2012 Ian Firns <firnsy@securixlive.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
@@ -977,8 +977,11 @@
SigNode *sn = NULL;
ClassType *cn = NULL;
- ReferenceNode *rn = NULL;
+ /*
+ ** Remove Compiler warning.
+ ReferenceNode *rn = NULL;
+ */
if(event==NULL)
{
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_alert_fwsam.h
^
|
@@ -3,7 +3,7 @@
** spo_alert_fwsam.h
**
** Copyright (c) 2001-2005 Frank Knobbe <frank@knobbe.us>
-** Copyright (c) 2011 Ian Firns <firnsy@securixlive.com>
+** Copyright (c) 2012 Ian Firns <firnsy@securixlive.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_alert_unixsock.c
^
|
@@ -176,17 +176,18 @@
DEBUG_WRAP(DebugMessage(DEBUG_LOG, "Logging Alert data!\n"););
- bzero((char *)&alertpkt,sizeof(alertpkt));
+ memset((char *)&alertpkt, 0, sizeof(alertpkt)); /* bzero() deprecated, replaced with memset() */
if (event)
{
- bcopy((const void *)event,(void *)&alertpkt.event,sizeof(Unified2EventCommon));
+ memmove((void *) &alertpkt.event, (const void *)event, sizeof(Unified2EventCommon)); /* bcopy() deprecated, replaced by memmove() */
}
if(p && p->pkt)
{
- bcopy((const void *)p->pkth,(void *)&alertpkt.pkth,sizeof(struct pcap_pkthdr));
- bcopy((const void *)p->pkt,alertpkt.pkt,
- alertpkt.pkth.caplen > SNAPLEN? SNAPLEN : alertpkt.pkth.caplen);
+ /* bcopy() deprecated, replaced by memmove() */
+ memmove((void *) &alertpkt.pkth, (const void *)p->pkth, sizeof(struct pcap_pkthdr));
+ memmove(alertpkt.pkt, (const void *)p->pkt,
+ alertpkt.pkth.caplen > SNAPLEN ? SNAPLEN : alertpkt.pkth.caplen);
}
else
alertpkt.val|=NOPACKET_STRUCT;
@@ -196,8 +197,9 @@
if (sn != NULL)
{
- bcopy((const void *)sn->msg,(void *)alertpkt.alertmsg,
- strlen(sn->msg)>ALERTMSG_LENGTH-1 ? ALERTMSG_LENGTH - 1 : strlen(sn->msg));
+ /* bcopy() deprecated, replaced by memmove() */
+ memmove((void *) alertpkt.alertmsg, (const void *) sn->msg,
+ strlen(sn->msg) > ALERTMSG_LENGTH-1 ? ALERTMSG_LENGTH - 1 : strlen(sn->msg));
}
/* some data which will help monitoring utility to dissect packet */
@@ -285,7 +287,7 @@
srv);
}
- bzero((char *) &alertaddr, sizeof(alertaddr));
+ memset((char *) &alertaddr, 0, sizeof(alertaddr)); /* bzero() deprecated, replaced with memset() */
/* 108 is the size of sun_path */
strncpy(alertaddr.sun_path, srv, 108);
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_database.c
^
|
@@ -30,11 +30,74 @@
* documentation or the snortdb web site for configuration
* information
*
- * Special thanks to: Rusell Fuleton <russell.fulton@gmail.com> for helping us stress test
- * this in production produce the required fix for bugs experienced.
+ * Special thanks to: Rusell Fuleton <russell.fulton@gmail.com> for helping us stress test
+ * this in production for us.
*
*/
+/******** fatals *******************************************************/
+
+
+/* these strings deliberately break fatal error messages into
+ chunks with lengths < 509 to keep ISO C89 compilers happy
+ */
+
+static const char* FATAL_NO_SENSOR_1 =
+ " When this plugin starts, a SELECT query is run to find the sensor id for the\n"
+ " currently running sensor. If the sensor id is not found, the plugin will run\n"
+ " an INSERT query to insert the proper data and generate a new sensor id. Then a\n"
+ " SELECT query is run to get the newly allocated sensor id. If that fails then\n"
+ " this error message is generated.\n";
+
+static const char* FATAL_NO_SENSOR_2 =
+ " Some possible causes for this error are:\n"
+ " * the user does not have proper INSERT or SELECT privileges\n"
+ " * the sensor table does not exist\n"
+ "\n"
+ " If you are _absolutely_ certain that you have the proper privileges set and\n"
+ " that your database structure is built properly please let me know if you\n"
+ " continue to get this error. You can contact me at (roman@danyliw.com).\n";
+
+static const char* FATAL_BAD_SCHEMA_1 =
+ "database: The underlying database has not been initialized correctly. This\n"
+ " version of Snort requires version %d of the DB schema. Your DB\n"
+ " doesn't appear to have any records in the 'schema' table.\n%s";
+
+static const char* FATAL_BAD_SCHEMA_2 =
+ " Please re-run the appropriate DB creation script (e.g. create_mysql,\n"
+ " create_postgresql, create_oracle, create_mssql) located in the\n"
+ " contrib\\ directory.\n\n"
+ " See the database documentation for cursory details (doc/README.database).\n"
+ " and the URL to the most recent database plugin documentation.\n";
+
+static const char* FATAL_OLD_SCHEMA_1 =
+ "database: The underlying database seems to be running an older version of\n"
+ " the DB schema (current version=%d, required minimum version= %d).\n\n"
+ " If you have an existing database with events logged by a previous\n"
+ " version of snort, this database must first be upgraded to the latest\n"
+ " schema (see the snort-users mailing list archive or DB plugin\n"
+ " documention for details).\n%s\n";
+
+static const char* FATAL_OLD_SCHEMA_2 =
+ " If migrating old data is not desired, merely create a new instance\n"
+ " of the snort database using the appropriate DB creation script\n"
+ " (e.g. create_mysql, create_postgresql, create_oracle, create_mssql)\n"
+ " located in the contrib\\ directory.\n\n"
+ " See the database documentation for cursory details (doc/README.database).\n"
+ " and the URL to the most recent database plugin documentation.\n";
+
+static const char* FATAL_NO_SUPPORT_1 =
+ "If this build of snort was obtained as a binary distribution (e.g., rpm,\n"
+ "or Windows), then check for alternate builds that contains the necessary\n"
+ "'%s' support.\n\n"
+ "If this build of snort was compiled by you, then re-run the\n"
+ "the ./configure script using the '--with-%s' switch.\n"
+ "For non-standard installations of a database, the '--with-%s=DIR'\n%s";
+
+static const char* FATAL_NO_SUPPORT_2 =
+ "syntax may need to be used to specify the base directory of the DB install.\n\n"
+ "See the database documentation for cursory details (doc/README.database).\n"
+ "and the URL to the most recent database plugin documentation.\n";
#include "output-plugins/spo_database.h"
@@ -301,7 +364,8 @@
}
data->cid++;
-
+
+
if( UpdateLastCid(data, data->sid, data->cid) < 0 )
{
FatalError("database Unable to construct query - output error or truncation\n");
@@ -501,16 +565,22 @@
#endif /* ENABLE_POSTGRESQL */
#ifdef ENABLE_ODBC
+ case DB_ODBC:
+ data->dbRH[data->dbtype_id].dbConnectionStatus = dbConnectionStatusODBC;
+ data->dbRH[data->dbtype_id].dbConnectionCount = 0;
+ break;
+#endif /* ENABLE ODBC */
+
#ifdef ENABLE_ORACLE
#ifdef ENABLE_MSSQL
case DB_MSSQL:
case DB_ORACLE:
- case DB_ODBC:
+
FatalError("database The database family you want to use is currently not supported by this build \n");
break;
#endif /* ENABLE MSSQL */
#endif /* ENABLE ORACLE */
-#endif /* ENABLE ODBC */
+
default:
FatalError("database Unknown database type defined: [%lu] \n",data->dbtype_id);
break;
@@ -598,7 +668,7 @@
DatabaseCleanInsert(data);
if( (SnortSnprintf(data->SQL_INSERT, data->SQL_INSERT_SIZE,
"INSERT INTO sensor (hostname, interface, detail, encoding, last_cid) "
- "VALUES ('%s','%s',%u,%u, 0)",
+ "VALUES ('%s','%s',%u,%u, 0);",
escapedSensorName, escapedInterfaceName,
data->detail, data->encoding)) != SNORT_SNPRINTF_SUCCESS)
{
@@ -631,7 +701,7 @@
DatabaseCleanInsert(data);
if( (SnortSnprintf(data->SQL_INSERT, data->SQL_INSERT_SIZE,
"INSERT INTO sensor (hostname, interface, filter, detail, encoding, last_cid) "
- "VALUES ('%s','%s','%s',%u,%u, 0)",
+ "VALUES ('%s','%s','%s',%u,%u, 0);",
escapedSensorName, escapedInterfaceName,
escapedBPFFilter, data->detail, data->encoding)) != SNORT_SNPRINTF_SUCCESS)
{
@@ -664,7 +734,7 @@
DatabaseCleanInsert(data);
if( (SnortSnprintf(data->SQL_INSERT, data->SQL_INSERT_SIZE,
"INSERT INTO sensor (hostname, interface, detail, encoding, last_cid) "
- "VALUES ('%s','%s',%u,%u, 0)",
+ "VALUES ('%s','%s',%u,%u, 0);",
escapedSensorName, escapedInterfaceName,
data->detail, data->encoding)) != SNORT_SNPRINTF_SUCCESS)
{
@@ -697,7 +767,7 @@
DatabaseCleanInsert(data);
if( (SnortSnprintf(data->SQL_INSERT, data->SQL_INSERT_SIZE,
"INSERT INTO sensor (hostname, interface, filter, detail, encoding, last_cid) "
- "VALUES ('%s','%s','%s',%u,%u, 0)",
+ "VALUES ('%s','%s','%s',%u,%u, 0);",
escapedSensorName, escapedInterfaceName,
escapedBPFFilter, data->detail, data->encoding)) != SNORT_SNPRINTF_SUCCESS)
{
@@ -1134,23 +1204,60 @@
}
}
#endif
-
+
dbarg = strtok(NULL, "=");
}
-
- if(data->dbname == NULL)
+
+ if(data->dbtype_id == DB_ODBC)
{
- ErrorMessage("ERROR database: must enter database name in configuration file\n\n");
- DatabasePrintUsage();
- FatalError("");
+ /* Print Transaction Warning */
+ if(data->dbname == NULL)
+ {
+ ErrorMessage("database: no DSN was specified, unable to try to initialize ODBC connection. (use [dbname] parameter, in configuration file to set DSN)\n");
+ FatalError("");
+ }
+ else
+ {
+ LogMessage("database: will use DSN [%s] for ODBC Connection setup \n",
+ data->dbname);
+ }
+
+ if(data->host != NULL)
+ {
+ ErrorMessage("database: [host] [%s] will not be used, we will use infromation from the DSN [%s], make sure your setup is ok. \n",
+ data->host,
+ data->dbname);
+ }
+
+ if(data->user != NULL)
+ {
+ ErrorMessage("database: [user] [%s] will not be used, we will use infromation from the DSN [%s], make sure your setup is ok. \n",
+ data->user,
+ data->dbname);
+ }
+
+ if(data->port != NULL)
+ {
+ ErrorMessage("database: [port] [%s] will not be used, we will use infromation from the DSN [%s], make sure your setup is ok. \n",
+ data->port,
+ data->dbname);
+ }
}
- else if(data->host == NULL)
+ else
{
- ErrorMessage("ERROR database: must enter host in configuration file\n\n");
- DatabasePrintUsage();
- FatalError("");
+ if(data->dbname == NULL)
+ {
+ ErrorMessage("ERROR database: must enter database name in configuration file\n\n");
+ DatabasePrintUsage();
+ FatalError("");
+ }
+ else if(data->host == NULL)
+ {
+ ErrorMessage("ERROR database: must enter host in configuration file\n\n");
+ DatabasePrintUsage();
+ FatalError("");
+ }
}
-
if(data->dbRH[data->dbtype_id].dbConnectionLimit == 0)
{
@@ -1171,7 +1278,11 @@
return;
}
-
+/*
+** This function will either insert a "new" signature, present in file and not in db and update
+** the cache information (db_sig_id) or update an existing signature using its db_sig_id.
+**
+*/
u_int32_t dbSignatureInformationUpdate(DatabaseData *data,cacheSignatureObj *iUpdateSig)
{
@@ -1184,35 +1295,48 @@
return 1;
}
-
DatabaseCleanSelect(data);
DatabaseCleanInsert(data);
- switch(data->dbtype_id)
+ if( SnortSnprintf(data->SQL_SELECT,data->SQL_SELECT_SIZE,
+ SQL_SELECT_SPECIFIC_SIGNATURE,
+ iUpdateSig->obj.sid,
+ iUpdateSig->obj.gid,
+ iUpdateSig->obj.rev,
+ iUpdateSig->obj.class_id,
+ iUpdateSig->obj.priority_id,
+ iUpdateSig->obj.message))
{
-#if defined(ENABLE_POSTGRESQL)
- case DB_POSTGRESQL:
- if( SnortSnprintf(data->SQL_SELECT,data->SQL_SELECT_SIZE,
- PGSQL_SQL_SELECT_SPECIFIC_SIGNATURE,
- iUpdateSig->obj.sid,
- iUpdateSig->obj.gid,
- iUpdateSig->obj.rev,
+ /* XXX */
+ LogMessage("ERROR database: calling SnortSnprintf() on data->SQL_SELECT in [%s()] \n",
+ __FUNCTION__);
+
+ return 1;
+ }
+
+ if(iUpdateSig->flag & CACHE_BOTH ||
+ iUpdateSig->flag & CACHE_DATABASE_ONLY)
+ {
+ if( SnortSnprintf(data->SQL_INSERT,data->SQL_INSERT_SIZE,
+ SQL_UPDATE_SPECIFIC_SIGNATURE,
iUpdateSig->obj.class_id,
iUpdateSig->obj.priority_id,
- iUpdateSig->obj.message))
+ iUpdateSig->obj.rev,
+ iUpdateSig->obj.db_id))
{
/* XXX */
- LogMessage("ERROR database: calling SnortSnprintf() on data->SQL_SELECT in [%s()] \n",
+
+ LogMessage("ERROR database: calling SnortSnprintf() on data->SQL_INSERT in [%s()] \n",
__FUNCTION__);
-
+
return 1;
}
- break;
-#endif
- default:
- if( SnortSnprintf(data->SQL_SELECT,data->SQL_SELECT_SIZE,
- SQL_SELECT_SPECIFIC_SIGNATURE,
+ }
+ else
+ {
+ if( SnortSnprintf(data->SQL_INSERT,data->SQL_INSERT_SIZE,
+ SQL_INSERT_SIGNATURE,
iUpdateSig->obj.sid,
iUpdateSig->obj.gid,
iUpdateSig->obj.rev,
@@ -1221,27 +1345,11 @@
iUpdateSig->obj.message))
{
/* XXX */
- LogMessage("ERROR database: calling SnortSnprintf() on data->SQL_SELECT in [%s()] \n",
+ LogMessage("ERROR database: calling SnortSnprintf() on data->SQL_INSERT in [%s()] \n",
__FUNCTION__);
return 1;
}
- break;
- }
-
-
- if( SnortSnprintf(data->SQL_INSERT,data->SQL_INSERT_SIZE,
- SQL_UPDATE_SPECIFIC_SIGNATURE,
- iUpdateSig->obj.class_id,
- iUpdateSig->obj.priority_id,
- iUpdateSig->obj.rev,
- iUpdateSig->obj.db_id))
- {
- /* XXX */
- LogMessage("ERROR database: calling SnortSnprintf() on data->SQL_INSERT in [%s()] \n",
- __FUNCTION__);
-
- return 1;
}
@@ -1270,43 +1378,52 @@
return 1;
}
-
-
- if(db_sig_id != iUpdateSig->obj.db_id)
+
+ if(iUpdateSig->flag & CACHE_INTERNAL_ONLY)
{
- /* XXX */
- LogMessage("ERROR database: Returned signature_id [%u] is not equal to updated signature_id [%u] in [%s()] \n",
- db_sig_id,
- iUpdateSig->obj.db_id,
- __FUNCTION__);
+ iUpdateSig->flag ^=(CACHE_INTERNAL_ONLY | CACHE_BOTH);
+ iUpdateSig->obj.db_id = db_sig_id;
- return 1;
+ }
+ else if(iUpdateSig->flag & CACHE_BOTH ||
+ iUpdateSig->flag & CACHE_DATABASE_ONLY)
+ {
+ if(db_sig_id != iUpdateSig->obj.db_id)
+ {
+ /* XXX */
+ LogMessage("ERROR database: Returned signature_id [%u] is not equal to updated signature_id [%u] in [%s()] \n",
+ db_sig_id,
+ iUpdateSig->obj.db_id,
+ __FUNCTION__);
+
+ return 1;
+ }
}
return 0;
}
+
+/* NOTE: -elz this function need to be broken up.. */
int dbProcessSignatureInformation(DatabaseData *data,void *event, u_int32_t event_type,
u_int32_t *psig_id)
{
-
- cacheSignatureObj *unInitSig = NULL;
+ cacheSignatureObj unInitSig;
dbSignatureObj sigInsertObj= {0};
-
+ u_int32_t x =0;
u_int32_t db_classification_id = 0;
-
u_int32_t sigMatchCount = 0;
- u_int32_t x =0;
-
u_int32_t sid = 0;
u_int32_t gid = 0;
u_int32_t revision = 0;
u_int32_t priority = 0;
u_int32_t classification = 0;
-
+ u_int32_t sigMsgLen = 0;
+ u_int8_t reuseSigMsg = 0;
+
if( (data == NULL) ||
(event == NULL) ||
(psig_id == NULL))
@@ -1315,6 +1432,8 @@
return 1;
}
+ memset(&unInitSig,'\0',sizeof(cacheSignatureObj));
+
*psig_id = 0;
sid = ntohl(((Unified2EventCommon *)event)->signature_id);
@@ -1328,8 +1447,7 @@
For sanity purpose the sig_class table SHOULD have internal classification id to prevent possible
miss classification tagging ... but this is not happening with the old schema.
*/
-
-
+
#if DEBUG
DEBUG_WRAP(DebugMessage(DB_DEBUG,"[%s()], Classification cachelookup [class_id: %u]\n",
@@ -1339,7 +1457,6 @@
db_classification_id = cacheEventClassificationLookup(data->mc.cacheClassificationHead,classification);
-
/*
This function comes with a little twist where it return the number of matching couple for
gid sid up to a maximum of 255 (arbitrary defined) this is a static buffer and it is cleaned every call
@@ -1358,103 +1475,86 @@
data->mc.plgSigCompare,
gid,sid)) > 0 )
{
- /* We only have one match */
- if(sigMatchCount == 1)
+ for(x = 0 ; x < sigMatchCount ; x++)
{
- if( (data->mc.plgSigCompare[0].cacheSigObj->obj.rev == revision) &&
- (data->mc.plgSigCompare[0].cacheSigObj->obj.class_id == db_classification_id) &&
- (data->mc.plgSigCompare[0].cacheSigObj->obj.priority_id == priority))
- {
-
- *psig_id = data->mc.plgSigCompare[0].cacheSigObj->obj.db_id;
+ if( (data->mc.plgSigCompare[x].cacheSigObj->obj.rev == revision) &&
+ (data->mc.plgSigCompare[x].cacheSigObj->obj.class_id == db_classification_id) &&
+ (data->mc.plgSigCompare[x].cacheSigObj->obj.priority_id == priority))
+ {
+ /* Added for bugcheck */
+ assert( data->mc.plgSigCompare[x].cacheSigObj->obj.db_id != 0);
+ *psig_id = data->mc.plgSigCompare[x].cacheSigObj->obj.db_id;
return 0;
}
- /* We hit a case where the signature never has been present beside being inserted by the process from the map file*/
- if(data->mc.plgSigCompare[0].cacheSigObj->obj.rev == 0)
+ /* If we have an "uninitialized signature save it */
+ if( data->mc.plgSigCompare[x].cacheSigObj->obj.rev == 0 ||
+ data->mc.plgSigCompare[x].cacheSigObj->obj.rev < revision)
{
- data->mc.plgSigCompare[0].cacheSigObj->obj.rev = revision;
- data->mc.plgSigCompare[0].cacheSigObj->obj.class_id = db_classification_id;
- data->mc.plgSigCompare[0].cacheSigObj->obj.priority_id = priority;
+ memcpy(&unInitSig,data->mc.plgSigCompare[x].cacheSigObj,sizeof(cacheSignatureObj));
- /* UPDATE the signature information */
- if( (dbSignatureInformationUpdate(data,data->mc.plgSigCompare[0].cacheSigObj)))
- {
- /* XXX */
- LogMessage("[%s()] Line[%u], call to dbSignatureInformationUpdate failed for [gid :%u ] [sid: %u] [rev: %u] \n",
- __FUNCTION__,
- __LINE__,
- gid,
- sid,
- revision);
- return 1;
- }
-
- *psig_id = data->mc.plgSigCompare[0].cacheSigObj->obj.db_id;
- return 0;
- }
-
- }
- else
- {
- for(x = 0 ; x < sigMatchCount ; x++)
- {
- /* If we have an "uninitialized signature save it */
- if(data->mc.plgSigCompare[x].cacheSigObj->obj.rev == 0)
- {
- unInitSig = data->mc.plgSigCompare[x].cacheSigObj;
- }
-
- if( (data->mc.plgSigCompare[x].cacheSigObj->obj.rev == revision) &&
- (data->mc.plgSigCompare[x].cacheSigObj->obj.class_id == db_classification_id) &&
- (data->mc.plgSigCompare[x].cacheSigObj->obj.priority_id == priority))
+ /*
+ ** We assume that we have the same signature, but with a smaller revision
+ ** set the unInitSig db_id to 0 for post processing if we do not find a matching
+ ** signature, and get the lastest revision
+ */
+ if( (data->mc.plgSigCompare[x].cacheSigObj->obj.rev < revision) ||
+ (data->mc.plgSigCompare[x].cacheSigObj->obj.rev > unInitSig.obj.rev))
{
- *psig_id = data->mc.plgSigCompare[x].cacheSigObj->obj.db_id;
- return 0;
+ unInitSig.obj.db_id = 0;
}
}
-
- if(unInitSig != NULL)
- {
-
-#if DEBUG
- DEBUG_WRAP(DebugMessage(DB_DEBUG,"[%s()], [%u] signatures where found in cache for [gid: %u] [sid: %u] but non matched\n"
- "updating database [db_sig_id: %u] with [rev: 0] to [rev: %u] \n",
- __FUNCTION__,
- sigMatchCount,
- gid,
- sid,
- unInitSig->obj.db_id,
- revision));
-#endif
-
- unInitSig->obj.rev = revision;
- unInitSig->obj.class_id = db_classification_id;
- unInitSig->obj.priority_id = priority;
-
- /* UPDATE the signature information */
- if( (dbSignatureInformationUpdate(data,unInitSig)))
- {
- /* XXX */
- LogMessage("[%s()] Line[%u], call to dbSignatureInformationUpdate failed for [gid :%u ] [sid: %u] [rev: %u] \n",
- __FUNCTION__,
- __LINE__,
- gid,
- sid,
- revision);
- return 1;
- }
-
- *psig_id = unInitSig->obj.db_id;
- return 0;
- }
}
}
-
-
- /* To avoid possible collision with an older barnyard process or avoid signature insertion race condition
- we will look in the database if the signature exist, if it does, we will insert it in
- cache else we will insert in db and cache */
+
+/*
+ This shouldn't be needed since unitialized signature are not inserted anymore, thus preventing the need for update
+ if(unInitSig.obj.db_id != 0)
+ {
+ #if DEBUG
+ DEBUG_WRAP(DebugMessage(DB_DEBUG,"[%s()], [%u] signatures where found in cache for [gid: %u] [sid: %u] but non matched\n"
+ "updating database [db_sig_id: %u] with [rev: 0] to [rev: %u] \n",
+ __FUNCTION__,
+ sigMatchCount,
+ gid,
+ sid,
+ unInitSig.obj.db_id,
+ revision));
+ #endif
+
+ unInitSig.obj.rev = revision;
+ unInitSig.obj.class_id = db_classification_id;
+ unInitSig.obj.priority_id = priority;
+
+
+ if( (dbSignatureInformationUpdate(data,&unInitSig)))
+ {
+
+ LogMessage("[%s()] Line[%u], call to dbSignatureInformationUpdate failed for : \n"
+ "[gid :%u] [sid: %u] [upd_rev: %u] [upd class: %u] [upd pri %u]\n",
+ __FUNCTION__,
+ __LINE__,
+ gid, \
+ sid,
+ revision,
+ db_classification_id,
+ priority);
+ return 1;
+ }
+
+
+ assert( unInitSig.obj.db_id != 0);
+
+ *psig_id = unInitSig.obj.db_id;
+ return 0;
+ }
+*/
+ /*
+ To avoid possible collision with an older barnyard process or
+ avoid signature insertion race condition we will look in the
+ database if the signature exist, if it does, we will insert it in
+ cache else we will insert in db and cache
+ */
sigInsertObj.sid = sid;
sigInsertObj.gid = gid;
@@ -1464,28 +1564,67 @@
if( SignatureLookupDatabase(data,&sigInsertObj))
{
- /* The signature was not found we will have to insert it */
- LogMessage("WARNING [%s()]: [Event: %u] with [gid: %u] [sid: %u] [rev: %u] [classification: %u] [priority: %u]\n"
- "\t Was not found in barnyard2 signature cache, this could lead to display inconsistency.\n"
- "\t To prevent this warning, make sure your sid-msg.map and gen-msg.map file are up to date with the snort process logging to the unified2 file.\n"
- "\t The inserted signature will not have its information present in the sig_reference table. \n"
- "\t Note that the message inserted in the signature table will be snort default message \"Snort Alert [gid:sid:revision]\" \n"
- "\t You can allways update the message via a SQL query if you want it to be displayed correctly by your favorite interface\n",
- __FUNCTION__,
- ntohl(((Unified2EventCommon *)event)->event_id),
- gid,
- sid,
- revision,
- db_classification_id,
- priority);
-
- if( SnortSnprintf(sigInsertObj.message,SIG_MSG_LEN,"Snort Alert [%u:%u:%u]",
- gid,sid,revision))
+ if(unInitSig.obj.sid != 0 && unInitSig.obj.gid != 0)
{
- /* XXX */
- return 1;
+ sigMsgLen = strlen(unInitSig.obj.message);
+
+ if( (sigMsgLen > 1) &&
+ (sigMsgLen < SIG_MSG_LEN))
+ {
+ reuseSigMsg = 1;
+ }
}
+ if(reuseSigMsg)
+ {
+ /* The signature was not found we will have to insert it */
+ LogMessage("WARNING [%s()]: [Event: %u] with [gid: %u] [sid: %u] [rev: %u] [classification: %u] [priority: %u] Signature Message -> \"[%s]\"\n"
+ "\t was not found in barnyard2 signature cache, this could mean its is the first time the signature is processed, and will be inserted\n"
+ "\t in the database with the above information, this message should only be printed once for each signature that is not present in the database\n"
+ "\t The new inserted signature will not have its information present in the sig_reference table,it should be present on restart\n"
+ "\t if the information is present in the sid-msg.map file. \n"
+ "\t You can allways update the message via a SQL query if you want it to be displayed correctly by your favorite interface\n\n",
+ __FUNCTION__,
+ ntohl(((Unified2EventCommon *)event)->event_id),
+ gid,
+ sid,
+ revision,
+ db_classification_id,
+ priority,
+ unInitSig.obj.message);
+
+ if( SnortSnprintf(sigInsertObj.message,SIG_MSG_LEN,"%s",
+ unInitSig.obj.message))
+ {
+ /* XXX */
+ return 1;
+ }
+ }
+ else
+ {
+ /* The signature does not exist we will have to insert it */
+ LogMessage("WARNING [%s()]: [Event: %u] with [gid: %u] [sid: %u] [rev: %u] [classification: %u] [priority: %u]\n"
+ "\t was not found in barnyard2 signature cache, this could lead to display inconsistency.\n"
+ "\t To prevent this warning, make sure that your sid-msg.map and gen-msg.map file are up to date with the snort process logging to the spool file.\n"
+ "\t The new inserted signature will not have its information present in the sig_reference table. \n"
+ "\t Note that the message inserted in the signature table will be snort default message \"Snort Alert [gid:sid:revision]\" \n"
+ "\t You can allways update the message via a SQL query if you want it to be displayed correctly by your favorite interface\n\n",
+ __FUNCTION__,
+ ntohl(((Unified2EventCommon *)event)->event_id),
+ gid,
+ sid,
+ revision,
+ db_classification_id,
+ priority);
+
+
+ if( SnortSnprintf(sigInsertObj.message,SIG_MSG_LEN,"Snort Alert [%u:%u:%u]",
+ gid,sid,revision))
+ {
+ /* XXX */
+ return 1;
+ }
+ }
if( (SignatureCacheInsertObj(&sigInsertObj,&data->mc,0)))
{
@@ -1494,13 +1633,12 @@
__FUNCTION__);
goto func_err;
}
-
/*
There is some little overhead traversing the list once
the insertion is done on the HEAD so
unless you run 1M rules and still there it should
- complete in just a few more jiffies, also its better his way
+ complete in just a few more jiffies, also its better this way
than to query the database everytime isin't.
*/
if(SignaturePopulateDatabase(data,data->mc.cacheSignatureHead,1))
@@ -1510,7 +1648,6 @@
__FUNCTION__);
goto func_err;
}
-
}
else
{
@@ -1524,6 +1661,9 @@
}
+ /* Added for bugcheck */
+ assert( data->mc.cacheSignatureHead->obj.db_id != 0);
+
*psig_id = data->mc.cacheSignatureHead->obj.db_id;
return 0;
@@ -1685,13 +1825,15 @@
switch(data->dbtype_id)
{
+
case DB_ORACLE:
+
if((data->DBschema_version >= 105) )
{
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"event (sid,cid,signature,timestamp) "
- "VALUES (%u, %u, %u, TO_DATE('%s', 'YYYY-MM-DD HH24:MI:SS'))",
+ "VALUES (%u, %u, %u, TO_DATE('%s', 'YYYY-MM-DD HH24:MI:SS'));",
data->sid,
data->cid,
i_sig_id,
@@ -1708,14 +1850,14 @@
dosent break anything so just go down please
*/
goto GenericEVENTQUERYJMP;
-
+
}
-
- break;
- case DB_ODBC:
+ break;
- if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
+
+/* -elz: ODBC with {ts ....} string for timestamp!? nha...
+ if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"event (sid,cid,signature,timestamp) "
"VALUES (%u, %u, %u, {ts '%s'})",
@@ -1726,19 +1868,20 @@
{
goto bad_query;
}
-
break;
+*/
case DB_MSSQL:
case DB_MYSQL:
case DB_POSTGRESQL:
+ case DB_ODBC:
default:
GenericEVENTQUERYJMP:
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"event (sid,cid,signature,timestamp) "
- "VALUES (%u, %u, %u, '%s')",
+ "VALUES (%u, %u, %u, '%s');",
data->sid,
data->cid,
i_sig_id,
@@ -1751,7 +1894,6 @@
}
-
/* We do not log fragments! They are assumed to be handled
by the fragment reassembly pre-processor */
@@ -1759,15 +1901,18 @@
{
if((!p->frag_flag) && (IPH_IS_VALID(p)))
{
- if( (SQLQueryPtr=SQL_GetNextQuery(data)) == NULL)
- {
- goto bad_query;
- }
+
switch(GET_IPH_PROTO(p))
{
case IPPROTO_ICMP:
+
+ if( (SQLQueryPtr=SQL_GetNextQuery(data)) == NULL)
+ {
+ goto bad_query;
+ }
+
/* IPPROTO_ICMP */
if(p->icmph)
{
@@ -1777,7 +1922,7 @@
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"icmphdr (sid, cid, icmp_type, icmp_code, icmp_csum, icmp_id, icmp_seq) "
- "VALUES (%u,%u,%u,%u,%u,%u,%u)",
+ "VALUES (%u,%u,%u,%u,%u,%u,%u);",
data->sid,
data->cid,
p->icmph->type,
@@ -1794,7 +1939,7 @@
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"icmphdr (sid, cid, icmp_type, icmp_code) "
- "VALUES (%u,%u,%u,%u)",
+ "VALUES (%u,%u,%u,%u);",
data->sid,
data->cid,
p->icmph->type,
@@ -1819,15 +1964,20 @@
/* IPPROTO_TCP */
case IPPROTO_TCP:
+ if( (SQLQueryPtr=SQL_GetNextQuery(data)) == NULL)
+ {
+ goto bad_query;
+ }
+
/*** Build a query for the TCP Header ***/
if(data->detail)
{
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"tcphdr (sid, cid, tcp_sport, tcp_dport, "
- " tcp_seq, tcp_ack, tcp_off, tcp_res, "
- " tcp_flags, tcp_win, tcp_csum, tcp_urp) "
- "VALUES (%u,%u,%u,%u,%lu,%lu,%u,%u,%u,%u,%u,%u)",
+ "tcp_seq, tcp_ack, tcp_off, tcp_res, "
+ "tcp_flags, tcp_win, tcp_csum, tcp_urp) "
+ "VALUES (%u,%u,%u,%u,%lu,%lu,%u,%u,%u,%u,%u,%u);",
data->sid,
data->cid,
ntohs(p->tcph->th_sport),
@@ -1849,7 +1999,7 @@
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"tcphdr (sid,cid,tcp_sport,tcp_dport,tcp_flags) "
- "VALUES (%u,%u,%u,%u,%u)",
+ "VALUES (%u,%u,%u,%u,%u);",
data->sid,
data->cid,
ntohs(p->tcph->th_sport),
@@ -1902,7 +2052,7 @@
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"opt (sid,cid,optid,opt_proto,opt_code,opt_len,opt_data) "
- "VALUES (%u,%u,%u,%u,%u,%u,:1)|%s",
+ "VALUES (%u,%u,%u,%u,%u,%u,:1);|%s",
data->sid,
data->cid,
i,
@@ -1922,7 +2072,7 @@
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"opt (sid,cid,optid,opt_proto,opt_code,opt_len,opt_data) "
- "VALUES (%u,%u,%u,%u,%u,%u,'%s')",
+ "VALUES (%u,%u,%u,%u,%u,%u,'%s');",
data->sid,
data->cid,
i,
@@ -1946,13 +2096,17 @@
case IPPROTO_UDP:
/*** Build the query for the UDP Header ***/
-
+ if( (SQLQueryPtr=SQL_GetNextQuery(data)) == NULL)
+ {
+ goto bad_query;
+ }
+
if(data->detail)
{
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"udphdr (sid, cid, udp_sport, udp_dport, udp_len, udp_csum) "
- "VALUES (%u, %u, %u, %u, %u, %u)",
+ "VALUES (%u, %u, %u, %u, %u, %u);",
data->sid,
data->cid,
ntohs(p->udph->uh_sport),
@@ -1968,7 +2122,7 @@
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"udphdr (sid, cid, udp_sport, udp_dport) "
- "VALUES (%u, %u, %u, %u)",
+ "VALUES (%u, %u, %u, %u);",
data->sid,
data->cid,
ntohs(p->udph->uh_sport),
@@ -1980,7 +2134,7 @@
break;
/* IPPROTO_UDP */
-
+
/* DEFAULT */
default:
/* Do nothing ... */
@@ -2002,9 +2156,9 @@
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"iphdr (sid, cid, ip_src, ip_dst, ip_ver, ip_hlen, "
- " ip_tos, ip_len, ip_id, ip_flags, ip_off,"
- " ip_ttl, ip_proto, ip_csum) "
- "VALUES (%u,%u,%lu,%lu,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u)",
+ "ip_tos, ip_len, ip_id, ip_flags, ip_off,"
+ "ip_ttl, ip_proto, ip_csum) "
+ "VALUES (%u,%u,%lu,%lu,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u);",
data->sid,
data->cid,
(u_long)ntohl(p->iph->ip_src.s_addr),
@@ -2028,7 +2182,7 @@
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"iphdr (sid, cid, ip_src, ip_dst, ip_proto) "
- "VALUES (%u,%u,%lu,%lu,%u)",
+ "VALUES (%u,%u,%lu,%lu,%u);",
data->sid,
data->cid,
(u_long)ntohl(p->iph->ip_src.s_addr),
@@ -2082,7 +2236,7 @@
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"opt (sid,cid,optid,opt_proto,opt_code,opt_len,opt_data) "
- "VALUES (%u,%u,%u,%u,%u,%u,:1)|%s",
+ "VALUES (%u,%u,%u,%u,%u,%u,:1);|%s",
data->sid,
data->cid,
i,
@@ -2100,7 +2254,7 @@
if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"opt (sid,cid,optid,opt_proto,opt_code,opt_len,opt_data) "
- "VALUES (%u,%u,%u,%u,%u,%u,'%s')",
+ "VALUES (%u,%u,%u,%u,%u,%u,'%s');",
data->sid,
data->cid,
i,
@@ -2178,10 +2332,10 @@
* packet_payload data after query, which later in Insert()
* will be cut off and uploaded with OCIBindByPos().
*/
- if( (SnortSnprintf(SQLQueryPtr, (p->dsize * 2) + MAX_QUERY_LENGTH - 3,
+ if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"data (sid,cid,data_payload) "
- "VALUES (%u,%u,:1)|%s",
+ "VALUES (%u,%u,:1);|%s",
data->sid,
data->cid,
//packet_data_not_escaped)) != SNORT_SNPRINTF_SUCCESS)
@@ -2192,10 +2346,10 @@
break;
default:
- if( (SnortSnprintf(SQLQueryPtr, (p->dsize * 2) + MAX_QUERY_LENGTH - 3,
+ if( (SnortSnprintf(SQLQueryPtr, MAX_QUERY_LENGTH,
"INSERT INTO "
"data (sid,cid,data_payload) "
- "VALUES (%u,%u,'%s')",
+ "VALUES (%u,%u,'%s');",
data->sid,
data->cid,
//packet_data)) != SNORT_SNPRINTF_SUCCESS)
@@ -2291,15 +2445,14 @@
{
/* XXX */
setTransactionCallFail(&data->dbRH[data->dbtype_id]);
- goto bad_query;
-
+ FatalError("[dbProcessSignatureInformation()]: Failed, stoping processing \n");
}
if( dbProcessEventInformation(data,p,event,event_type,sig_id))
{
/* XXX */
setTransactionCallFail(&data->dbRH[data->dbtype_id]);
- goto bad_query;
+ FatalError("[dbProcessEventInformation()]: Failed, stoping processing \n");
}
@@ -2318,6 +2471,9 @@
if (Insert(CurrentQuery,data,1))
{
setTransactionCallFail(&data->dbRH[data->dbtype_id]);
+ ErrorMessage("[%s()]: Insertion of Query [%s] failed\n",
+ __FUNCTION__,
+ CurrentQuery);
goto bad_query;
break;
}
@@ -2343,7 +2499,8 @@
SQL_Cleanup(data);
/* Increment the cid*/
- data->cid++;
+ data->cid++;
+ //LogMessage("Inserted a new event \n");
/* Normal Exit Path */
return;
@@ -2544,8 +2701,12 @@
u_int32_t snort_escape_string_STATIC(char *from, u_int32_t buffer_max_len ,DatabaseData *data)
{
+
+
+#if defined(ENABLE_POSTGRESQL)
int error = 0;
size_t write_len = 0;
+#endif /* defined(ENABLE_POSRGRESQL) */
char * to = NULL;
char * to_start = NULL;
@@ -2625,7 +2786,10 @@
/* Historically these were together in a common "else".
* Keeping it that way until somebody complains...
*/
-#ifdef ENABLE_MYSQL
+
+#if defined( ENABLE_MYSQL ) || defined (ENABLE_ODBC)
+//#ifdef ENABLE_MYSQL
+ case DB_ODBC:
case DB_MYSQL:
for(end=from+from_length; from != end; from++)
{
@@ -2669,7 +2833,7 @@
*to++= '\\';
break;
case '/':
- *to++= '\\'; /* / --> \\/ */
+ *to++= '\\'; /* / --> \/ */
*to++= '/';
break;
case '\'': /* ' --> \' */
@@ -2696,7 +2860,7 @@
}
}
break;
-#endif /* MYSQL */
+#endif /* defined( ENABLE_MYSQL ) || defined (ENABLE_ODBC) */
#ifdef ENABLE_POSTGRESQL
case DB_POSTGRESQL:
@@ -2724,7 +2888,6 @@
break;
#endif /* ENABLE_POSTGRESQL*/
default:
-
for (end=from+from_length; from != end; from++)
{
switch(*from)
@@ -2733,6 +2896,10 @@
*to++= '\'';
*to++= '\'';
break;
+ case '\\': /* \ --> \\ */
+ *to++= '\\';
+ *to++= '\\';
+ break;
default: /* copy character directly */
*to++= *from;
}
@@ -2877,8 +3044,9 @@
DatabaseCleanSelect(data);
#if defined(ENABLE_MSSQL) || defined(ENABLE_ODBC)
- if ( data->dbtype_id == DB_MSSQL ||
- (data->dbtype_id==DB_ODBC && data->u_underlying_dbtype_id==DB_MSSQL) )
+// if ( data->dbtype_id == DB_MSSQL ||
+ // (data->dbtype_id==DB_ODBC && data->u_underlying_dbtype_id==DB_MSSQL) )
+ if(data->dbtype_id == DB_ODBC)
{
/* "schema" is a keyword in SQL Server, so use square brackets
* to indicate that we are referring to the table
@@ -2969,11 +3137,11 @@
#ifdef ENABLE_ODBC
case DB_ODBC:
setTransactionState(&data->dbRH[data->dbtype_id]);
- /* Do nothing. ODBC will implicitly create a transaction. */
- /* CHECKME -elz i will have to check on that */
return 0;
break;
#endif
+
+
#ifdef ENABLE_MSSQL
case DB_MSSQL:
setTransactionState(&data->dbRH[data->dbtype_id]);
@@ -2995,6 +3163,8 @@
break;
#endif
+
+
default:
setTransactionState(&data->dbRH[data->dbtype_id]);
if( Insert("BEGIN;", data,0))
@@ -3040,31 +3210,11 @@
#ifdef ENABLE_ODBC
case DB_ODBC:
- if( SQLEndTran(SQL_HANDLE_DBC, data->u_connection, SQL_COMMIT) != SQL_SUCCESS )
- {
- ODBC_SQLRETURN ret;
- ODBC_SQLCHAR sqlState[6];
- ODBC_SQLCHAR msg[SQL_MAX_MESSAGE_LENGTH];
- SQLINTEGER nativeError;
- SQLSMALLINT errorIndex = 1;
- SQLSMALLINT msgLen;
-
- while ((ret = SQLGetDiagRec( SQL_HANDLE_DBC
- , data->u_connection
- , errorIndex
- , sqlState
- , &nativeError
- , msg
- , SQL_MAX_MESSAGE_LENGTH
- , &msgLen)) != SQL_NO_DATA)
- {
- DEBUG_WRAP(LogMessage("database commit: %s\n", msg););
- errorIndex++;
- }
-
- goto transaction_success;
-
- }
+ //if( SQLEndTran(SQL_HANDLE_DBC, data->u_connection, SQL_COMMIT) != SQL_SUCCESS )
+ //{
+ //ODBCPrintError(data,SQL_HANDLE_DBC);
+ //}
+ goto transaction_success;
break;
#endif
@@ -3087,6 +3237,7 @@
return Insert("COMMIT WORK", data,1);
break;
#endif
+
default:
if( Insert("COMMIT;", data,1))
@@ -3163,35 +3314,21 @@
switch(data->dbtype_id)
{
+
#ifdef ENABLE_ODBC
- case DB_ODBC:
+ case DB_ODBC:
+
+// if( SQLEndTran(SQL_HANDLE_DBC, data->u_connection, SQL_ROLLBACK) != SQL_SUCCESS )
+// {
+// ODBCPrintError(data,SQL_HANDLE_DBC);
+// return 1;
+// }
+ return 0;
+ break;
+#endif
+
- if( SQLEndTran(SQL_HANDLE_DBC, data->u_connection, SQL_ROLLBACK) != SQL_SUCCESS )
- {
- ODBC_SQLRETURN ret;
- ODBC_SQLCHAR sqlState[6];
- ODBC_SQLCHAR msg[SQL_MAX_MESSAGE_LENGTH];
- SQLINTEGER nativeError;
- SQLSMALLINT errorIndex = 1;
- SQLSMALLINT msgLen;
-
- while ((ret = SQLGetDiagRec( SQL_HANDLE_DBC
- , data->u_connection
- , errorIndex
- , sqlState
- , &nativeError
- , msg
- , SQL_MAX_MESSAGE_LENGTH
- , &msgLen)) != SQL_NO_DATA)
- {
- DEBUG_WRAP(LogMessage("database rollback: %s\n", msg););
- errorIndex++;
- }
- return 0;
- }
- break;
-#endif
#ifdef ENABLE_MSSQL
case DB_MSSQL:
return Insert("ROLLBACK TRANSACTION;", data,0);
@@ -3224,7 +3361,16 @@
******************************************************************************/
int Insert(char * query, DatabaseData * data,u_int32_t inTransac)
{
+
+#ifdef ENABLE_ODBC
+ long fRes = 0;
+#endif
+
+
+#if defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL)
int result = 0;
+#endif /* defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL) */
+
if( (query == NULL) ||
(data == NULL) ||
@@ -3311,44 +3457,36 @@
}
#endif
-
+
#ifdef ENABLE_ODBC
if(data->dbtype_id == DB_ODBC)
{
- if(SQLAllocStmt(data->u_connection, &data->u_statement) == SQL_SUCCESS)
+ if(SQLAllocHandle(SQL_HANDLE_STMT,data->u_connection, &data->u_statement) == SQL_SUCCESS)
{
- if(SQLPrepare(data->u_statement, (ODBC_SQLCHAR *)query, SQL_NTS) == SQL_SUCCESS)
- {
- if(SQLExecute(data->u_statement) == SQL_SUCCESS)
- {
- result = 0;
- }
- else
- {
- ODBC_SQLRETURN ret;
- ODBC_SQLCHAR sqlState[6];
- ODBC_SQLCHAR msg[SQL_MAX_MESSAGE_LENGTH];
- SQLINTEGER nativeError;
- SQLSMALLINT errorIndex = 1;
- SQLSMALLINT msgLen;
-
- /* assume no error unless nativeError tells us otherwise */
- while ((ret = SQLGetDiagRec( SQL_HANDLE_STMT
- , data->u_statement
- , errorIndex
- , sqlState
- , &nativeError
- , msg
- , SQL_MAX_MESSAGE_LENGTH
- , &msgLen)) != SQL_NO_DATA)
- {
- DEBUG_WRAP(LogMessage("database: %s\n", msg););
- errorIndex++;
- }
- }
- }
- SQLFreeStmt(data->u_statement, SQL_DROP);
- }
+ fRes = SQLExecDirect(data->u_statement,(ODBC_SQLCHAR *)query, SQL_NTS);
+
+ if( (fRes != SQL_SUCCESS) ||
+ (fRes != SQL_SUCCESS_WITH_INFO))
+ {
+ result = 0;
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 0;
+ }
+ else
+ {
+ LogMessage("execdirect failed \n");
+ }
+ }
+ else
+ {
+ LogMessage("stmtalloc failed \n");
+ }
+
+ LogMessage("[%s()], failed insert [%s], \n",
+ __FUNCTION__,
+ query);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
}
#endif
@@ -3356,7 +3494,7 @@
if(data->dbtype_id == DB_ORACLE)
{
char *blob = NULL;
-
+
/* If BLOB type - split query to actual SQL and blob to BLOB data */
if(strncasecmp(query,"INSERT INTO data",16)==0 || strncasecmp(query,"INSERT INTO opt",15)==0)
{
@@ -3453,7 +3591,10 @@
******************************************************************************/
int Select(char * query, DatabaseData * data,u_int32_t *rval)
{
+
+#if defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL)
int result = 0;
+#endif /* defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL) */
if( (query == NULL) ||
(data == NULL) ||
@@ -3473,8 +3614,10 @@
/* XXX */
return 1;
}
-
+#if defined(ENABLE_MYSQL)
Select_reconnect:
+#endif /* defined(ENABLE_MYSQL) */
+
if( (data->dbRH[data->dbtype_id].dbConnectionStatus(&data->dbRH[data->dbtype_id])))
{
/* XXX */
@@ -3604,28 +3747,56 @@
#ifdef ENABLE_ODBC
case DB_ODBC:
- if(SQLAllocStmt(data->u_connection, &data->u_statement) == SQL_SUCCESS)
- if(SQLPrepare(data->u_statement, (ODBC_SQLCHAR *)query, SQL_NTS) == SQL_SUCCESS)
- if(SQLExecute(data->u_statement) == SQL_SUCCESS)
- if(SQLRowCount(data->u_statement, &data->u_rows) == SQL_SUCCESS)
+ if(SQLAllocHandle(SQL_HANDLE_STMT,data->u_connection, &data->u_statement) == SQL_SUCCESS)
+ {
+ //if(SQLPrepare(data->u_statement, (ODBC_SQLCHAR *)query, SQL_NTS) == SQL_SUCCESS)
+ //{
+ //if(SQLExecute(data->u_statement) == SQL_SUCCESS)
+ if(SQLExecDirect(data->u_statement,(ODBC_SQLCHAR *)query, SQL_NTS) == SQL_SUCCESS)
+ {
+ if(SQLRowCount(data->u_statement, &data->u_rows) == SQL_SUCCESS)
+ {
if(data->u_rows)
{
if(data->u_rows > 1)
{
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
ErrorMessage("ERROR database: Query [%s] returned more than one result\n", query);
result = 0;
+ return 1;
}
else
{
if(SQLFetch(data->u_statement) == SQL_SUCCESS)
- if(SQLGetData(data->u_statement,1,SQL_INTEGER,&data->u_col,
+ {
+ if(SQLGetData(data->u_statement,1,SQL_INTEGER,
+ &data->u_col,
sizeof(data->u_col), NULL) == SQL_SUCCESS)
- result = (int)data->u_col;
- }
- }
+ {
+ *rval = (int)data->u_col;
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+
+
+ }
+ }
+ else
+ {
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 1;
+ }
+ }
+ }
+ else
+ {
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 1;
+ }
+ }
+ }
+ }
break;
#endif
-
+
#ifdef ENABLE_ORACLE
case DB_ORACLE:
@@ -3719,6 +3890,11 @@
******************************************************************************/
void Connect(DatabaseData * data)
{
+
+#ifdef ENABLE_ODBC
+ ODBC_SQLRETURN ret;
+#endif /* ENABLE_ODBC */
+
if(data == NULL)
{
/* XXX */
@@ -3812,11 +3988,8 @@
#ifdef ENABLE_ODBC
case DB_ODBC:
-
- ODBC_SQLRETURN ret;
-
data->u_underlying_dbtype_id = DB_UNDEFINED;
-
+
if(!(SQLAllocEnv(&data->u_handle) == SQL_SUCCESS))
{
FatalError("database unable to allocate ODBC environment\n");
@@ -3838,56 +4011,70 @@
* You can ignore messages 5701 and 5703; they are only informational.
*/
ret = SQLConnect( data->u_connection
- , (ODBC_SQLCHAR *)data->dbRH[data->dbtype_id]->dbname
- , SQL_NTS
- , (ODBC_SQLCHAR *)data->user
- , SQL_NTS
- , (ODBC_SQLCHAR *)data->password
- , SQL_NTS);
- if( ret != SQL_SUCCESS )
- {
- int encounteredFailure = 1; /* assume there is an error */
- char odbcError[2000];
+ , (ODBC_SQLCHAR *)data->dbname
+ , SQL_NTS
+ , (ODBC_SQLCHAR *)data->user
+ , SQL_NTS
+ , (ODBC_SQLCHAR *)data->password
+ , SQL_NTS);
+
+ if( (ret != SQL_SUCCESS) &&
+ (ret != SQL_SUCCESS_WITH_INFO))
+ {
+ ODBCPrintError(data,SQL_HANDLE_DBC);
+ FatalError("database ODBC unable to connect.\n");
+ }
+
+/* NOTE: -elz
+ The code below was commented for review, since we want to streamline the api and remove
+ all SQLGetDiagRec call's.
+
+*/
+ //int encounteredFailure = 1; /* assume there is an error */
+ /*
+ char odbcError[2000];
odbcError[0] = '\0';
-
+
if( ret == SQL_SUCCESS_WITH_INFO )
{
- ODBC_SQLCHAR sqlState[6];
- ODBC_SQLCHAR msg[SQL_MAX_MESSAGE_LENGTH];
- SQLINTEGER nativeError;
- SQLSMALLINT errorIndex = 1;
- SQLSMALLINT msgLen;
-
- /* assume no error unless nativeError tells us otherwise */
- encounteredFailure = 0;
-
- while ((ret = SQLGetDiagRec( SQL_HANDLE_DBC
- , data->u_connection
- , errorIndex
- , sqlState
- , &nativeError
- , msg
- , SQL_MAX_MESSAGE_LENGTH
- , &msgLen)) != SQL_NO_DATA)
- {
- if( strstr((const char *)msg, "SQL Server") != NULL )
- {
- data->u_underlying_dbtype_id = DB_MSSQL;
- }
-
- if( nativeError!=5701 && nativeError!=5703 )
- {
- encounteredFailure = 1;
- strncat(odbcError, (const char *)msg, sizeof(odbcError));
- }
- errorIndex++;
- }
- }
- if( encounteredFailure )
- {
- FatalError("database ODBC unable to connect. %s\n", odbcError);
- }
- }
+
+ ODBC_SQLCHAR sqlState[6];
+ ODBC_SQLCHAR msg[SQL_MAX_MESSAGE_LENGTH];
+ SQLINTEGER nativeError;
+ SQLSMALLINT errorIndex = 1;
+ SQLSMALLINT msgLen;
+ */
+ /* assume no error unless nativeError tells us otherwise */
+ //encounteredFailure = 0;
+/*
+ while ((ret = SQLGetDiagRec( SQL_HANDLE_DBC
+ , data->u_connection
+ , errorIndex
+ , sqlState
+ , &nativeError
+ , msg
+ , SQL_MAX_MESSAGE_LENGTH
+ , &msgLen)) != SQL_NO_DATA)
+ {
+ if( strstr((const char *)msg, "SQL Server") != NULL )
+ {
+ data->u_underlying_dbtype_id = DB_MSSQL;
+ }
+
+ if( nativeError!=5701 && nativeError!=5703 )
+ {
+ encounteredFailure = 1;
+ strncat(odbcError, (const char *)msg, sizeof(odbcError));
+ }
+ errorIndex++;
+ }
+ }
+ if( encounteredFailure )
+ {
+
+ }
+*/
+
break;
#endif
@@ -4193,7 +4380,7 @@
resetTransactionState(&data->dbRH[data->dbtype_id]);
- MasterCacheFlush(data);
+ MasterCacheFlush(data,CACHE_FLUSH_ALL);
SQL_Finalize(data);
@@ -4232,8 +4419,8 @@
if(data != NULL)
{
- MasterCacheFlush(data);
-
+ MasterCacheFlush(data,CACHE_FLUSH_ALL);
+
resetTransactionState(&data->dbRH[data->dbtype_id]);
UpdateLastCid(data,
@@ -4698,6 +4885,112 @@
}
#endif
+#ifdef ENABLE_ODBC
+u_int32_t dbConnectionStatusODBC(dbReliabilityHandle *pdbRH)
+{
+ DatabaseData *data = NULL;
+ u_int32_t StateFail = 0;
+ ODBC_SQLRETURN ret;
+ ODBC_SQLCHAR sqlState[6];
+ ODBC_SQLCHAR msg[SQL_MAX_MESSAGE_LENGTH] = {0};
+ SQLINTEGER nativeError;
+ SQLSMALLINT errorIndex = 1;
+ SQLSMALLINT msgLen;
+
+ //DEBUGGGGGGGGGGGGGGGGGGG
+ return 0;
+ //DEBUGGGGGGGGGGGGGGGGGGG
+
+ if( (pdbRH == NULL) ||
+ (pdbRH->dbdata == NULL))
+ {
+ /* XXX */
+ return 1;
+ }
+ data = pdbRH->dbdata;
+
+ if(data->u_connection != NULL)
+ {
+ while ( (ret = SQLGetDiagRec( SQL_HANDLE_DBC
+ , data->u_connection
+ , errorIndex
+ , sqlState
+ , &nativeError
+ , msg
+ , SQL_MAX_MESSAGE_LENGTH
+ , &msgLen)) == SQL_SUCCESS)
+ {
+ if(StateFail == 0)
+ {
+ /* Destroy the statement handle */
+ if(data->u_statement != NULL)
+ {
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ }
+
+ if(data->u_connection != NULL)
+ {
+ SQLFreeHandle(SQL_HANDLE_DBC,data->u_connection);
+ }
+
+ if(data->u_handle != NULL)
+ {
+ SQLFreeHandle(SQL_HANDLE_ENV,data->u_statement);
+ }
+
+ if(checkTransactionState(pdbRH))
+ {
+ /* ResetState for the caller */
+ setReconnectState(pdbRH,1);
+ setTransactionCallFail(pdbRH);
+ setTransactionState(pdbRH);
+ }
+ StateFail = 1;
+
+ if(!(SQLAllocEnv(&data->u_handle) == SQL_SUCCESS))
+ {
+ FatalError("database unable to allocate ODBC environment\n");
+ }
+
+ if(!(SQLAllocConnect(data->u_handle, &data->u_connection) == SQL_SUCCESS))
+ {
+ FatalError("database unable to allocate ODBC connection handle\n");
+ }
+
+ /* The SQL Server ODBC driver always returns SQL_SUCCESS_WITH_INFO
+ * on a successful SQLConnect, SQLDriverConnect, or SQLBrowseConnect.
+ * When an ODBC application calls SQLGetDiagRec after getting
+ * SQL_SUCCESS_WITH_INFO, it can receive the following messages:
+ * 5701 - Indicates that SQL Server put the user's context into the
+ * default database defined in the data source, or into the
+ * default database defined for the login ID used in the
+ * connection if the data source did not have a default database.
+ * 5703 - Indicates the language being used on the server.
+ * You can ignore messages 5701 and 5703; they are only informational.
+ */
+ ret = SQLConnect( data->u_connection
+ , (ODBC_SQLCHAR *)data->dbname
+ , SQL_NTS
+ , (ODBC_SQLCHAR *)data->user
+ , SQL_NTS
+ , (ODBC_SQLCHAR *)data->password
+ , SQL_NTS);
+
+ if( (ret != SQL_SUCCESS) &&
+ (ret != SQL_SUCCESS_WITH_INFO))
+ {
+ ODBCPrintError(data,SQL_HANDLE_DBC);
+ FatalError("database ODBC unable to connect.\n");
+ }
+ }
+ }
+ }
+
+ return 0;
+
+}
+#endif /* ENABLE_ODBC */
+
#ifdef ENABLE_POSTGRESQL
u_int32_t dbConnectionStatusPOSTGRESQL(dbReliabilityHandle *pdbRH)
{
@@ -4788,8 +5081,8 @@
}
#endif
-#ifdef ENABLE_ODBC
-u_int32_t dbConnectionStatusODBC(dbReliabilityHandle *pdbRH)
+#ifdef ENABLE_ORACLE
+u_int32_t dbConnectionStatusORACLE(dbReliabilityHandle *pdbRH)
{
if( (pdbRH == NULL) ||
(pdbRH->dbdata == NULL))
@@ -4802,8 +5095,8 @@
}
#endif
-#ifdef ENABLE_ORACLE
-u_int32_t dbConnectionStatusORACLE(dbReliabilityHandle *pdbRH)
+#ifdef ENABLE_MSSQL
+u_int32_t dbConnectionStatusMSSQL(struct dbReliabilityHandle *pdbRH);
{
if( (pdbRH == NULL) ||
(pdbRH->dbdata == NULL))
@@ -4816,17 +5109,67 @@
}
#endif
-#ifdef ENABLE_MSSQL
-u_int32_t dbConnectionStatusMSSQL(struct dbReliabilityHandle *pdbRH);
+#ifdef ENABLE_ODBC
+void ODBCPrintError(DatabaseData *data,SQLSMALLINT iHandleType)
{
- if( (pdbRH == NULL) ||
- (pdbRH->dbdata == NULL))
+ ODBC_SQLRETURN ret;
+ ODBC_SQLCHAR sqlState[6];
+ ODBC_SQLCHAR msg[SQL_MAX_MESSAGE_LENGTH];
+ SQLINTEGER nativeError;
+ SQLSMALLINT errorIndex = 1;
+ SQLSMALLINT msgLen;
+
+ void * selected_handle;
+
+ if(data == NULL)
{
- /* XXX */
- return 1;
+ /* XXX */
+ return;
+ }
+
+ switch(iHandleType)
+ {
+
+ case SQL_HANDLE_DBC:
+ selected_handle = data->u_connection;
+ break;
+
+ case SQL_HANDLE_STMT:
+ selected_handle = data->u_statement;
+ break;
+
+ default:
+ LogMessage("Database [%s()]: Unknown statement type [%u] \n",
+ __FUNCTION__,
+ iHandleType);
+ return;
+ break;
+ }
+
+ /* assume no errror unless nativeError tells us otherwise */
+ while ( (ret = SQLGetDiagRec( iHandleType
+ , selected_handle
+ , errorIndex
+ , sqlState
+ , &nativeError
+ , msg
+ , SQL_MAX_MESSAGE_LENGTH
+ , &msgLen)) == SQL_SUCCESS)
+ {
+ ErrorMessage("[%s()]: Error Index [%u] Error Message [%s] \n",
+ __FUNCTION__,
+ errorIndex,
+ msg);
+
+ DEBUG_WRAP(LogMessage("database: %s\n", msg););
+ errorIndex++;
}
- return 0;
+
+ return;
}
-#endif
+#endif /* ENABLE_ODBC */
+
+
+
/* Database Reliability */
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_database.h
^
|
@@ -19,8 +19,10 @@
** along with this program; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-* Special thanks to: Rusell Fuleton <russell.fulton@gmail.com> for helping us stress test
-* this in production produce the required fix for bugs experienced.
+**
+** Special thanks to: Rusell Fuleton <russell.fulton@gmail.com> for helping us stress test
+** this in production for us.
+**
*/
@@ -36,6 +38,8 @@
#include "config.h"
#endif
+#include <assert.h>
+
#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
@@ -123,7 +127,7 @@
DB_MSSQL = 3,
DB_ORACLE = 4,
DB_ODBC = 5,
- DB_ENUM_MAX_VAL = DB_ODBC /* This value has to be updated if a new dbms is inserted in the enum
+ DB_ENUM_MAX_VAL = DB_ODBC+1 /* This value has to be updated if a new dbms is inserted in the enum
This is used for different function pointers used by the module depending on operation mode
*/
};
@@ -517,72 +521,7 @@
#define LATEST_DB_SCHEMA_VERSION 107
-/******** fatals *******************************************************/
-/*
- NOTE: -elz
- Some of those messages have been removed but they will be added and cleaned before release
-*/
-/* these strings deliberately break fatal error messages into
- chunks with lengths < 509 to keep ISO C89 compilers happy
- */
-
-static const char* FATAL_NO_SENSOR_1 =
- " When this plugin starts, a SELECT query is run to find the sensor id for the\n"
- " currently running sensor. If the sensor id is not found, the plugin will run\n"
- " an INSERT query to insert the proper data and generate a new sensor id. Then a\n"
- " SELECT query is run to get the newly allocated sensor id. If that fails then\n"
- " this error message is generated.\n";
-
-static const char* FATAL_NO_SENSOR_2 =
- " Some possible causes for this error are:\n"
- " * the user does not have proper INSERT or SELECT privileges\n"
- " * the sensor table does not exist\n"
- "\n"
- " If you are _absolutely_ certain that you have the proper privileges set and\n"
- " that your database structure is built properly please let me know if you\n"
- " continue to get this error. You can contact me at (roman@danyliw.com).\n";
-
-static const char* FATAL_BAD_SCHEMA_1 =
- "database: The underlying database has not been initialized correctly. This\n"
- " version of Snort requires version %d of the DB schema. Your DB\n"
- " doesn't appear to have any records in the 'schema' table.\n%s";
-
-static const char* FATAL_BAD_SCHEMA_2 =
- " Please re-run the appropriate DB creation script (e.g. create_mysql,\n"
- " create_postgresql, create_oracle, create_mssql) located in the\n"
- " contrib\\ directory.\n\n"
- " See the database documentation for cursory details (doc/README.database).\n"
- " and the URL to the most recent database plugin documentation.\n";
-
-static const char* FATAL_OLD_SCHEMA_1 =
- "database: The underlying database seems to be running an older version of\n"
- " the DB schema (current version=%d, required minimum version= %d).\n\n"
- " If you have an existing database with events logged by a previous\n"
- " version of snort, this database must first be upgraded to the latest\n"
- " schema (see the snort-users mailing list archive or DB plugin\n"
- " documention for details).\n%s\n";
-
-static const char* FATAL_OLD_SCHEMA_2 =
- " If migrating old data is not desired, merely create a new instance\n"
- " of the snort database using the appropriate DB creation script\n"
- " (e.g. create_mysql, create_postgresql, create_oracle, create_mssql)\n"
- " located in the contrib\\ directory.\n\n"
- " See the database documentation for cursory details (doc/README.database).\n"
- " and the URL to the most recent database plugin documentation.\n";
-
-static const char* FATAL_NO_SUPPORT_1 =
- "If this build of snort was obtained as a binary distribution (e.g., rpm,\n"
- "or Windows), then check for alternate builds that contains the necessary\n"
- "'%s' support.\n\n"
- "If this build of snort was compiled by you, then re-run the\n"
- "the ./configure script using the '--with-%s' switch.\n"
- "For non-standard installations of a database, the '--with-%s=DIR'\n%s";
-
-static const char* FATAL_NO_SUPPORT_2 =
- "syntax may need to be used to specify the base directory of the DB install.\n\n"
- "See the database documentation for cursory details (doc/README.database).\n"
- "and the URL to the most recent database plugin documentation.\n";
void DatabaseSetup(void);
@@ -600,7 +539,7 @@
/* this is for debugging purposes only */
static char g_CurrentStatement[2048];
#define SAVESTATEMENT(str) strncpy(g_CurrentStatement, str, sizeof(g_CurrentStatement) - 1);
- #define CLEARSTATEMENT() bzero((char *) g_CurrentStatement, sizeof(g_CurrentStatement));
+ #define CLEARSTATEMENT() memset((char *) g_CurrentStatement, 0, sizeof(g_CurrentStatement));
#else
#define SAVESTATEMENT(str) NULL;
#define CLEARSTATEMENT() NULL;
@@ -671,9 +610,14 @@
u_int32_t SignatureCacheInsertObj(dbSignatureObj *iSigObj,MasterCache *iMasterCache,u_int32_t from);
u_int32_t SignaturePopulateDatabase(DatabaseData *data,cacheSignatureObj *cacheHead,int inTransac);
u_int32_t SignatureLookupDatabase(DatabaseData *data,dbSignatureObj *sObj);
-void MasterCacheFlush(DatabaseData *data);
+void MasterCacheFlush(DatabaseData *data,u_int32_t flushFlag);
u_int32_t dbConnectionStatusPOSTGRESQL(dbReliabilityHandle *pdbRH);
+u_int32_t dbConnectionStatusODBC(dbReliabilityHandle *pdbRH);
+u_int32_t dbConnectionStatusMYSQL(dbReliabilityHandle *pdbRH);
+#ifdef ENABLE_ODBC
+void ODBCPrintError(DatabaseData *data,SQLSMALLINT iSTMT_type);
+#endif
#endif /* __SPO_DATABASE_H__ */
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_database_cache.c
^
|
@@ -19,23 +19,16 @@
* Theses caches are built by combining existing caches from the snort map files and config files,
* The goal is to reduce the number of database interaction to a minimum so the output plugins
* is more performant especially under heavy load of events.
+ *
*
* Note that the default schema compatibility is kept intact
- * Maintainers : The Barnyard2 Team <firnsy@gmail.com> <beenph@gmail.com> - 2011
+ * Maintainers : The Barnyard2 Team <firnsy@gmail.com> <beenph@gmail.com> - 2011-2012
*
* Special thanks to: Rusell Fuleton <russell.fulton@gmail.com> for helping us stress test
- * this in production produce the required fix for bugs experienced.
+ * this in production for us.
*
*/
-/*-- TODO */
-/*
- Standardize datbase DB API to work with abstract structure form
- so that it is easyer to work with a standard row fetching mechanism
- for example (less code dup's and easyer to make transforms.
- ++ This will be present in the next version of the schema database plugin.
-*/
-/*-- TODO */
#include "output-plugins/spo_database.h"
#include "output-plugins/spo_database_cache.h"
@@ -44,13 +37,12 @@
cacheSignatureObj *cacheGetSignatureNodeUsingDBid(cacheSignatureObj *iHead,u_int32_t lookupId);
cacheReferenceObj *cacheGetReferenceNodeUsingDBid(cacheSystemObj *iHead,u_int32_t lookupId);
-u_int32_t cacheSignatureReferenceLookup(dbSignatureReferenceObj *iLookup,cacheSignatureReferenceObj *iHead);
u_int32_t cacheSignatureLookup(dbSignatureObj *iLookup,cacheSignatureObj *iHead);
u_int32_t cacheClassificationLookup(dbClassificationObj *iLookup,cacheClassificationObj *iHead);
u_int32_t cacheSystemLookup(dbSystemObj *iLookup,cacheSystemObj *iHead,cacheSystemObj **rcacheSystemObj);
u_int32_t cacheReferenceLookup(dbReferenceObj *iLookup,cacheReferenceObj *iHead,cacheReferenceObj **retRefLookupNode);
-u_int32_t dbSignatureReferenceLookup(dbSignatureReferenceObj *iLookup,cacheSignatureReferenceObj *iHead,cacheSignatureReferenceObj **retSigRef);
+u_int32_t dbSignatureReferenceLookup(dbSignatureReferenceObj *iLookup,cacheSignatureReferenceObj *iHead,cacheSignatureReferenceObj **retSigRef,u_int32_t refCondCheck);
u_int32_t dbReferenceLookup(dbReferenceObj *iLookup,cacheReferenceObj *iHead);
u_int32_t dbSystemLookup(dbSystemObj *iLookup,cacheSystemObj *iHead);
u_int32_t dbSignatureLookup(dbSignatureObj *iLookup,cacheSignatureObj *iHead);
@@ -72,10 +64,11 @@
u_int32_t SignatureCacheSynchronize(DatabaseData *data,cacheSignatureObj **cacheHead);
/* SIGNATURE FUNCTIONS */
+/* REFERENCE FUNCTIONS */
u_int32_t ReferencePullDataStore(DatabaseData *data, dbReferenceObj **iArrayPtr,u_int32_t *array_length);
u_int32_t ReferenceCacheUpdateDBid(dbReferenceObj *iDBList,u_int32_t array_length,cacheSystemObj **cacheHead);
u_int32_t ReferencePopulateDatabase(DatabaseData *data,cacheReferenceObj *cacheHead);
-
+/* REFERENCE FUNCTIONS */
/* SYSTEM FUNCTIONS */
u_int32_t SystemPopulateDatabase(DatabaseData *data,cacheSystemObj *cacheHead);
@@ -95,6 +88,7 @@
u_int32_t SignatureReferencePopulateDatabase(DatabaseData *data,cacheSignatureReferenceObj *cacheHead);
u_int32_t SigRefSynchronize(DatabaseData *data,cacheSignatureReferenceObj **cacheHead,cacheSignatureObj *cacheSigHead);
+u_int32_t SignatureReferencePreGenerate(cacheSignatureObj *iHead);
/* SIGNATURE REFERENCE FUNCTIONS */
@@ -109,11 +103,10 @@
/* Destructor */
-void MasterCacheFlush(DatabaseData *data);
+void MasterCacheFlush(DatabaseData *data,u_int32_t flushFlag);
/* Destructor */
-
extern SigNode *sigTypes;
@@ -446,7 +439,6 @@
* and return the cacheSignatureReferenceObj found (if any)
* @note ref_seq is not compared because it could have changed and it is
* handled elsewhere.
- * @note Used in context db->internaCache lookup (if found remove CACHE_INTERNAL_ONLY and set CACHE_BOTH flag)
*
* @param iLookup
* @param iHead
@@ -456,7 +448,7 @@
* 0 NOT FOUND
* 1 FOUND
*/
-u_int32_t dbSignatureReferenceLookup(dbSignatureReferenceObj *iLookup,cacheSignatureReferenceObj *iHead,cacheSignatureReferenceObj **retSigRef)
+u_int32_t dbSignatureReferenceLookup(dbSignatureReferenceObj *iLookup,cacheSignatureReferenceObj *iHead,cacheSignatureReferenceObj **retSigRef,u_int32_t refCondCheck)
{
if( (iLookup == NULL) ||
@@ -471,34 +463,32 @@
while(iHead != NULL)
{
- //((iLookup->db_ref_id == iHead->obj.db_ref_id) &&
- /*
- SHOULD BUT WE DO NOT.
- There is a little issue where definition in file for signature reference order could
- be different than the one defined in the database and mabey for some reason the revision
- wouldn't have changed as with the rule body,
- thus we define this as a fatal error
- to prevent wrongly inserted data.
- if( memcmp(&iHead->obj,iLookup,sizeof(dbSignatureReferenceObj)) == 0)
- */
- /*
- This condition is actualy build on the primary key restriction on the table.
- THIS TABLE WILL BE GONE, because the amount of effort it require to
- populate is quite useless compared to its value, its clearly an artefact.
- */
- if( (iLookup->ref_seq == iHead->obj.ref_seq) &&
- (iLookup->db_sig_id == iHead->obj.db_sig_id))
+
+ if(refCondCheck == 0)
{
- /* Found */
- *retSigRef = iHead;
- if( iHead->flag & CACHE_INTERNAL_ONLY)
+ if( (iLookup->ref_seq == iHead->obj.ref_seq) &&
+ (iLookup->db_sig_id == iHead->obj.db_sig_id))
{
- iHead->flag ^= (CACHE_INTERNAL_ONLY | CACHE_BOTH);
+ /* Found */
+ *retSigRef = iHead;
+ return 1;
}
-
- return 1;
}
+ else if(refCondCheck == 1)
+ {
+ if( (iLookup->db_ref_id == iHead->obj.db_ref_id) &&
+ (iLookup->db_sig_id == iHead->obj.db_sig_id))
+ {
+ /* Found */
+ *retSigRef = iHead;
+ return 1;
+ }
+
+ }
+
+
+
iHead = iHead->next;
}
@@ -623,6 +613,7 @@
*/
u_int32_t dbSignatureLookup(dbSignatureObj *iLookup,cacheSignatureObj *iHead)
{
+
if( (iLookup == NULL))
{
/* XXX */
@@ -644,7 +635,7 @@
(iLookup->gid == iHead->obj.gid))
{
/* Found */
-
+
/*
If the object in current list has a revision of 0,
and that a match is found for gid/sid (we are probably being called from the initialization
@@ -718,12 +709,12 @@
iLookup,
iHead);
}
-
+
if(iHead == NULL)
{
return 0;
}
-
+
while(iHead != NULL)
{
if( (strncasecmp(iLookup->sig_class_name,iHead->obj.sig_class_name,strlen(iHead->obj.sig_class_name)) == 0))
@@ -784,8 +775,6 @@
u_int32_t tItr = 0;
u_int32_t refFound = 0;
-
-
if( (iMasterCache == NULL) ||
(cSobj == NULL))
{
@@ -818,7 +807,6 @@
sys_LobjNode.ref_system_name);
}
-
}
if(cNode->system->url != NULL)
@@ -836,6 +824,7 @@
}
sysRetCacheNode = NULL;
+
if(cacheSystemLookup(&sys_LobjNode,iMasterCache->cacheSystemHead,&sysRetCacheNode) == 0)
{
if( (sys_TobjNode = SnortAlloc(sizeof(cacheSystemObj))) == NULL)
@@ -865,6 +854,16 @@
strncpy(ref_LobjNode.ref_tag,cNode->id,REF_TAG_LEN);
ref_LobjNode.ref_tag[REF_TAG_LEN-1] = '\0'; //safety
+
+ if( (snort_escape_string_STATIC(ref_LobjNode.ref_tag,REF_TAG_LEN,data)))
+ {
+ FatalError("database [%s()], Failed a call to snort_escape_string_STATIC() for string : \n"
+ "[%s], Exiting. \n",
+ __FUNCTION__,
+ ref_LobjNode.ref_tag);
+ }
+
+
/* Lookup Reference node */
if((cacheReferenceLookup(&ref_LobjNode,sysRetCacheNode->obj.refList,&retRefLookupNode) == 0))
{
@@ -873,11 +872,10 @@
/* XXX */
return 1;
}
-
+
#if DEBUG
file_reference_object_count++;
#endif
-
memcpy(&ref_TobjNode->obj,&ref_LobjNode,sizeof(dbReferenceObj));
ref_TobjNode->flag ^= CACHE_INTERNAL_ONLY;
@@ -915,8 +913,6 @@
}
}
}
- sysRetCacheNode = sysRetCacheNode->next;
-
}
else
{
@@ -1021,15 +1017,14 @@
strncpy(lookupNode.message,cNode->msg,SIG_MSG_LEN);
lookupNode.message[SIG_MSG_LEN-1] = '\0'; //safety
- //Safety escape value.
- if( (snort_escape_string_STATIC(lookupNode.message,SIG_MSG_LEN,data)))
- {
- FatalError("database [%s()], Failed a call to snort_escape_string_STATIC() for string : \n"
- "[%s], Exiting. \n",
- __FUNCTION__,
- lookupNode.message);
- }
+ if( (snort_escape_string_STATIC(lookupNode.message,SIG_MSG_LEN,data)))
+ {
+ FatalError("database [%s()], Failed a call to snort_escape_string_STATIC() for string : \n"
+ "[%s], Exiting. \n",
+ __FUNCTION__,
+ lookupNode.message);
+ }
}
else
{
@@ -1050,12 +1045,12 @@
}
memcpy(&TobjNode->obj,&lookupNode,sizeof(dbSignatureObj));
-
+
TobjNode->flag ^= CACHE_INTERNAL_ONLY;
TobjNode->next = iMasterCache->cacheSignatureHead;
iMasterCache->cacheSignatureHead = TobjNode;
-
+
if(cNode->refs != NULL)
{
if( (ConvertReferenceCache(cNode->refs,iMasterCache,TobjNode,data)))
@@ -1116,7 +1111,9 @@
if( (cNode = *iHead) == NULL)
{
- /* Nothing to do */
+ LogMessage("[%s()], No classification was found in the classification file,\n"
+ "\t make sure that you have valid records in your database (sig_class) table, else this might result in complete signature logging. \n",
+ __FUNCTION__);
return 0;
}
@@ -1129,14 +1126,12 @@
/*
-- config classification:shortname,short description,priority
-
NOTE: -elz i wongly assumed , short description was logged, while it
was actually shortname that should have been logged, this is why
this part of the code is now commented :)
-
so using cNode->type instead of cNode->name
*/
-
+
if(cNode->type != NULL)
{
strncpy(LobjNode.obj.sig_class_name,cNode->type,CLASS_NAME_LEN);
@@ -1203,9 +1198,20 @@
*/
u_int32_t ClassificationPullDataStore(DatabaseData *data, dbClassificationObj **iArrayPtr,u_int32_t *array_length)
{
- u_int32_t queryColCount =0;
+
+
+
+#if (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL))
u_int32_t curr_row = 0;
+ u_int32_t queryColCount =0;
+#endif /* (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL)) */
+
+#ifdef ENABLE_ODBC
+ dbClassificationObj tClassObj = {0};
+ SQLSMALLINT col_count = 0;
+#endif /* ENABLE_ODBC */
+
#ifdef ENABLE_MYSQL
int result = 0;
#endif
@@ -1302,7 +1308,7 @@
}
mysql_free_result(data->m_result);
data->m_result = NULL;
- LogMessage("[%s()]: No signature found in database ... \n",
+ LogMessage("[%s()]: No Classification found in database ... \n",
__FUNCTION__);
return 0;
}
@@ -1415,7 +1421,6 @@
#ifdef ENABLE_POSTGRESQL
case DB_POSTGRESQL:
-
data->p_result = PQexec(data->p_connection,data->SQL_SELECT);
pgStatus = PQresultStatus(data->p_result);
@@ -1523,26 +1528,156 @@
#endif /* ENABLE_POSTGRESQL */
-#ifdef ENABLE_ORACLE
- case DB_ORACLE:
- LogMessage("[%s()], is not yet implemented for DBMS configured\n",
- __FUNCTION__);
-
- break;
-#endif /* ENABLE_ORACLE */
#ifdef ENABLE_ODBC
case DB_ODBC:
- LogMessage("[%s()], is not yet implemented for DBMS configured\n",
- __FUNCTION__);
+
+ if(SQLAllocHandle(SQL_HANDLE_STMT,data->u_connection, &data->u_statement) == SQL_SUCCESS)
+ {
+ if(SQLExecDirect(data->u_statement,(ODBC_SQLCHAR *)data->SQL_SELECT, SQL_NTS) == SQL_SUCCESS)
+ {
+ if( SQLNumResultCols(data->u_statement,&col_count) == SQL_SUCCESS)
+ {
+ if(col_count == NUM_ROW_CLASSIFICATION)
+ {
+ if(SQLRowCount(data->u_statement, &data->u_rows) != SQL_SUCCESS)
+ {
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ FatalError("[%s()]: SQLRowCount() call failed \n",
+ __FUNCTION__);
+ }
+
+ if(data->u_rows)
+ {
+ if( (*iArrayPtr = SnortAlloc( (sizeof(dbClassificationObj) * data->u_rows))) == NULL)
+ {
+ goto ODBCError;
+ }
+
+ *array_length = data->u_rows;
+
+ }
+ else
+ {
+ /* We have no records */
+ *array_length = 0;
+ return 0;
+ }
+
+ }
+ else
+ {
+ FatalError("[%s()]: The number of column returned does not match [%u] \n",
+ __FUNCTION__,
+ NUM_ROW_CLASSIFICATION);
+ }
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLNumResultCols() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLExecDirect() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+
+ }
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLAllocStmt() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ SQLINTEGER col1_len = 0;
+ SQLINTEGER col2_len = 0;
+
+ /* Bind template object */
+ if( SQLBindCol(data->u_statement,1,SQL_C_LONG,&tClassObj.db_sig_class_id,sizeof(u_int32_t),&col1_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ if( SQLBindCol(data->u_statement,2,SQL_C_CHAR,&tClassObj.sig_class_name,(sizeof(char) * CLASS_NAME_LEN) ,&col2_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ for(curr_row = 0; curr_row < data->u_rows;curr_row++)
+ {
+ dbClassificationObj *cPtr = &(*iArrayPtr)[curr_row];
+
+ /* fetch */
+ if( SQLFetch(data->u_statement) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLFetch error on record [%u] \n",
+ __FUNCTION__,
+ curr_row+1);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+ else
+ {
+ if( (col1_len == SQL_NO_TOTAL || col1_len == SQL_NULL_DATA) ||
+ (col2_len == SQL_NO_TOTAL || col2_len == SQL_NULL_DATA))
+ {
+ FatalError("[%s()] Seem's like we have some null data ...\n",
+ __FUNCTION__);
+ }
+
+
+ /* Copy object */
+ if( (memcpy(cPtr,&tClassObj,sizeof(dbClassificationObj))) != cPtr)
+ {
+ FatalError("[%s()] : memcpy error ..\n",
+ __FUNCTION__);
+ }
+
+ /* Clear temp obj */
+ memset(&tClassObj,'\0',sizeof(dbClassificationObj));
+ }
+ }
+
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 0;
+
+ ODBCError:
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 1;
+
+
break;
#endif /* ENABLE_ODBC */
+#ifdef ENABLE_ORACLE
+ case DB_ORACLE:
+ LogMessage("[%s()], is not yet implemented for DBMS configured\n",
+ __FUNCTION__);
+
+ break;
+#endif /* ENABLE_ORACLE */
+
+
#ifdef ENABLE_MSSQL
- case DB_MSSQL:
- LogMessage("[%s()], is not yet implemented for DBMS configured\n",
+ case DB_MSSQL:
+ LogMessage("[%s()], is not yet implemented for DBMS configured\n",
__FUNCTION__);
- break;
+ break;
#endif /* ENABLE_MSSQL */
default:
@@ -1576,10 +1711,10 @@
*/
u_int32_t ClassificationCacheUpdateDBid(dbClassificationObj *iDBList,u_int32_t array_length,cacheClassificationObj **cacheHead)
{
-
- dbClassificationObj *cObj = NULL;
- cacheClassificationObj *TobjNode = NULL;
+
+ cacheClassificationObj *TobjNode = NULL;
+ dbClassificationObj *cObj = NULL;
int x = 0;
@@ -1590,6 +1725,14 @@
/* XXX */
return 1;
}
+
+
+ /* Set default db object classification id as invocation require */
+ for(x = 0 ; x < array_length ; x++)
+ {
+ cObj = &iDBList[x];
+ cObj->sig_class_id = x+1;
+ }
for(x = 0 ; x < array_length ; x++)
{
@@ -1636,9 +1779,8 @@
*/
u_int32_t ClassificationPopulateDatabase(DatabaseData *data,cacheClassificationObj *cacheHead)
{
-
u_int32_t db_class_id;
-
+
if( (data == NULL) ||
(cacheHead == NULL))
{
@@ -1652,7 +1794,7 @@
/* XXX */
return 1;
}
-
+
if( (data->dbRH[data->dbtype_id].dbConnectionStatus(&data->dbRH[data->dbtype_id])))
{
/* XXX */
@@ -1684,53 +1826,21 @@
DatabaseCleanInsert(data);
- switch(data->dbtype_id)
- {
-#if defined(ENABLE_POSTGRESQL)
- case DB_POSTGRESQL:
- if( (SnortSnprintf(data->SQL_INSERT, MAX_QUERY_LENGTH,
- PGSQL_SQL_INSERT_CLASSIFICATION,
- cacheHead->obj.sig_class_name)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
-#endif
- default:
- if( (SnortSnprintf(data->SQL_INSERT, MAX_QUERY_LENGTH,
- SQL_INSERT_CLASSIFICATION,
- cacheHead->obj.sig_class_name)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
+ if( (SnortSnprintf(data->SQL_INSERT, MAX_QUERY_LENGTH,
+ SQL_INSERT_CLASSIFICATION,
+ cacheHead->obj.sig_class_name)) != SNORT_SNPRINTF_SUCCESS)
+ {
+ /* XXX */
+ goto TransactionFail;
}
-
- DatabaseCleanSelect(data);
- switch(data->dbtype_id)
- {
-#if defined(ENABLE_POSTGRESQL)
- case DB_POSTGRESQL:
- if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
- PGSQL_SQL_SELECT_SPECIFIC_CLASSIFICATION,
- cacheHead->obj.sig_class_name)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
-#endif
- default:
- if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
- SQL_SELECT_SPECIFIC_CLASSIFICATION,
- cacheHead->obj.sig_class_name)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
+
+
+ if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
+ SQL_SELECT_SPECIFIC_CLASSIFICATION,
+ cacheHead->obj.sig_class_name)) != SNORT_SNPRINTF_SUCCESS)
+ {
+ /* XXX */
goto TransactionFail;
- }
- break;
}
if(Insert(data->SQL_INSERT,data,1))
@@ -1749,7 +1859,6 @@
}
- cacheHead->flag ^= (CACHE_INTERNAL_ONLY | CACHE_BOTH);
cacheHead = cacheHead->next;
@@ -1776,12 +1885,11 @@
*/
u_int32_t ClassificationCacheSynchronize(DatabaseData *data,cacheClassificationObj **cacheHead)
{
-
dbClassificationObj *dbClassArray = NULL;
u_int32_t array_length = 0;
if( (data == NULL) ||
- (*cacheHead == NULL))
+ (cacheHead == NULL))
{
/* XXX */
return 1;
@@ -1793,11 +1901,11 @@
return 1;
}
+
#if DEBUG
db_classification_object_count=array_length;
#endif
-
-
+
if( array_length > 0 )
{
if( (ClassificationCacheUpdateDBid(dbClassArray,array_length,cacheHead)) )
@@ -1823,14 +1931,26 @@
array_length = 0;
}
- if(ClassificationPopulateDatabase(data,*cacheHead))
+
+ if(*cacheHead == NULL)
{
- LogMessage("[%s()], Call to ClassificationPopulateDatabase() failed \n",
+ LogMessage("\n[%s()]: Make sure that your (config classification_config argument in your barnyard2 configuration file) or --classification or -C argument point \n"
+ "\t to a file containing at least some valid classification or that that your database sig_class table contain data\n\n",
__FUNCTION__);
-
return 1;
}
+ if(*cacheHead != NULL)
+ {
+ if(ClassificationPopulateDatabase(data,*cacheHead))
+ {
+ LogMessage("[%s()], Call to ClassificationPopulateDatabase() failed \n",
+ __FUNCTION__);
+
+ return 1;
+ }
+ }
+
/* out list will behave now */
return 0;
}
@@ -1915,11 +2035,29 @@
return 1;
}
+ if(db_sig_id == 0)
+ {
+
+#if DEBUG
+ DEBUG_WRAP(DebugMessage(DB_DEBUG,"[%s()]: A lookup received a result but a result of 0 shouldn't be returned,\n"
+ "\t this shouldn't happen for sid[%u] sid[%u] rev[%u] class_id[%u] priority_id[%u] \n",
+ __FUNCTION__,
+ sObj->sid,
+ sObj->gid,
+ sObj->rev,
+ sObj->class_id,
+ sObj->priority_id));
+#endif
+ return 1;
+ }
+
/* Found */
sObj->db_id = db_sig_id;
return 0;
}
+
+
/**
* Populate the signature table with record that are not present in the database.
*
@@ -1968,10 +2106,21 @@
while(cacheHead != NULL)
{
+
+ /* This condition block is a shortcut in the signature insertion code.
+ ** Preventing signature that have not been under "revision" (rev == 0) to be inserted in the database.
+ ** It will also prevent the code to take wrong execution path downstream.
+ */
+ if( ((cacheHead->flag & CACHE_INTERNAL_ONLY) &&
+ (((cacheHead->obj.gid != 1 && cacheHead->obj.gid != 3)) ||
+ ((cacheHead->obj.gid == 1 || cacheHead->obj.gid == 3) && cacheHead->obj.rev != 0))))
+ {
+ /* This condition block is a shortcut in the signature insertion code.
+ ** Preventing signature that have not been under "revision" (rev == 0) to be inserted in the database.
+ ** It will also prevent the code to take wrong execution path downstream.
+ */
- if(cacheHead->flag & CACHE_INTERNAL_ONLY)
- {
-
+
#if DEBUG
inserted_signature_object_count++;
#endif
@@ -1986,76 +2135,36 @@
*/
DatabaseCleanInsert(data);
- switch(data->dbtype_id)
- {
-#if defined(ENABLE_POSTGRESQL)
- case DB_POSTGRESQL:
- if( (SnortSnprintf(data->SQL_INSERT, MAX_QUERY_LENGTH,
- PGSQL_SQL_INSERT_SIGNATURE,
- cacheHead->obj.sid,
- cacheHead->obj.gid,
- cacheHead->obj.rev,
- cacheHead->obj.class_id,
- cacheHead->obj.priority_id,
- cacheHead->obj.message)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
-#endif
- default:
- if( (SnortSnprintf(data->SQL_INSERT, MAX_QUERY_LENGTH,
- SQL_INSERT_SIGNATURE,
- cacheHead->obj.sid,
- cacheHead->obj.gid,
- cacheHead->obj.rev,
- cacheHead->obj.class_id,
- cacheHead->obj.priority_id,
- cacheHead->obj.message)) != SNORT_SNPRINTF_SUCCESS)
- {
+
+
+ if( (SnortSnprintf(data->SQL_INSERT, MAX_QUERY_LENGTH,
+ SQL_INSERT_SIGNATURE,
+ cacheHead->obj.sid,
+ cacheHead->obj.gid,
+ cacheHead->obj.rev,
+ cacheHead->obj.class_id,
+ cacheHead->obj.priority_id,
+ cacheHead->obj.message)) != SNORT_SNPRINTF_SUCCESS)
+ {
/* XXX */
- goto TransactionFail;
- }
- break;
+ goto TransactionFail;
}
-
+
DatabaseCleanSelect(data);
- switch(data->dbtype_id)
- {
-#if defined(ENABLE_POSTGRESQL)
- case DB_POSTGRESQL:
- if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
- PGSQL_SQL_SELECT_SPECIFIC_SIGNATURE,
- cacheHead->obj.sid,
- cacheHead->obj.gid,
- cacheHead->obj.rev,
- cacheHead->obj.class_id,
- cacheHead->obj.priority_id,
- cacheHead->obj.message)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
-#endif
- default:
- if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
- SQL_SELECT_SPECIFIC_SIGNATURE,
- cacheHead->obj.sid,
- cacheHead->obj.gid,
- cacheHead->obj.rev,
- cacheHead->obj.class_id,
- cacheHead->obj.priority_id,
- cacheHead->obj.message)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
+ if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
+ SQL_SELECT_SPECIFIC_SIGNATURE,
+ cacheHead->obj.sid,
+ cacheHead->obj.gid,
+ cacheHead->obj.rev,
+ cacheHead->obj.class_id,
+ cacheHead->obj.priority_id,
+ cacheHead->obj.message)) != SNORT_SNPRINTF_SUCCESS)
+ {
+ /* XXX */
+ goto TransactionFail;
}
-
+
if(Insert(data->SQL_INSERT,data,1))
{
/* XXX */
@@ -2070,7 +2179,7 @@
cacheHead->obj.db_id = db_sig_id;
-
+
cacheHead->flag ^= (CACHE_INTERNAL_ONLY | CACHE_BOTH);
}
@@ -2170,14 +2279,29 @@
u_int32_t SignaturePullDataStore(DatabaseData *data, dbSignatureObj **iArrayPtr,u_int32_t *array_length)
{
- u_int32_t queryColCount =0;
+#if (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL) || defined(ENABLE_ODBC))
u_int32_t curr_row = 0;
+#endif /* (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL) || defined(ENABLE_ODBC)) */
+
+
+#if (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL))
+ u_int32_t queryColCount =0;
+#endif /* (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL)) */
+
+
+#ifdef ENABLE_ODBC
+ dbSignatureObj tSigObj = {0};
+ SQLSMALLINT col_count = 0;
+#endif /* ENABLE_ODBC */
+
#ifdef ENABLE_MYSQL
int result = 0;
#endif
+
#ifdef ENABLE_POSTGRESQL
+
char *pg_val = NULL;
int num_row = 0;
u_int32_t curr_col = 0;
@@ -2523,6 +2647,198 @@
#endif /* ENABLE_POSTGRESQL */
+
+#ifdef ENABLE_ODBC
+ case DB_ODBC:
+ if(SQLAllocHandle(SQL_HANDLE_STMT,data->u_connection, &data->u_statement) == SQL_SUCCESS)
+ {
+ if(SQLExecDirect(data->u_statement,(ODBC_SQLCHAR *)data->SQL_SELECT, SQL_NTS) == SQL_SUCCESS)
+ {
+ if( SQLNumResultCols(data->u_statement,&col_count) == SQL_SUCCESS)
+ {
+ if(col_count == NUM_ROW_SIGNATURE)
+ {
+ if(SQLRowCount(data->u_statement, &data->u_rows) != SQL_SUCCESS)
+ {
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ FatalError("[%s()]: SQLRowCount() call failed \n",
+ __FUNCTION__);
+ }
+
+ if(data->u_rows)
+ {
+ if( (*iArrayPtr = SnortAlloc( (sizeof(dbSignatureObj) * data->u_rows))) == NULL)
+ {
+ goto ODBCError;
+ }
+
+ *array_length = data->u_rows;
+
+ }
+ else
+ {
+ /* We have no records */
+ *array_length = 0;
+ return 0;
+ }
+
+ }
+ else
+ {
+ FatalError("[%s()]: The number of column returned does not match [%u] \n",
+ __FUNCTION__,
+ NUM_ROW_SIGNATURE);
+ }
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLNumResultCols() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLExecDirect() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+
+ }
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLAllocStmt() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ SQLINTEGER col1_len = 0;
+ SQLINTEGER col2_len = 0;
+ SQLINTEGER col3_len = 0;
+ SQLINTEGER col4_len = 0;
+ SQLINTEGER col5_len = 0;
+ SQLINTEGER col6_len = 0;
+ SQLINTEGER col7_len = 0;
+
+ /* Bind template object */
+ if( SQLBindCol(data->u_statement,1,SQL_C_LONG,&tSigObj.db_id,sizeof(u_int32_t),&col1_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ if( SQLBindCol(data->u_statement,2,SQL_C_LONG,&tSigObj.sid,sizeof(u_int32_t),&col2_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ if( SQLBindCol(data->u_statement,3,SQL_C_LONG,&tSigObj.gid,sizeof(u_int32_t) ,&col3_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ if( SQLBindCol(data->u_statement,4,SQL_C_LONG,&tSigObj.rev,sizeof(u_int32_t) ,&col4_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ if( SQLBindCol(data->u_statement,5,SQL_C_LONG,&tSigObj.class_id,sizeof(u_int32_t) ,&col4_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ if( SQLBindCol(data->u_statement,6,SQL_C_LONG,&tSigObj.priority_id,sizeof(u_int32_t) ,&col5_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ if( SQLBindCol(data->u_statement,7,SQL_C_CHAR,tSigObj.message, (sizeof(char)*SIG_MSG_LEN) ,&col6_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ for(curr_row = 0; curr_row < data->u_rows ;curr_row++)
+ {
+ dbSignatureObj *cPtr = &(*iArrayPtr)[curr_row];
+
+ /* fetch */
+ if( SQLFetch(data->u_statement) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLFetch error on record [%u] \n",
+ __FUNCTION__,
+ curr_row+1);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+ else
+ {
+ if( (col1_len == SQL_NO_TOTAL || col1_len == SQL_NULL_DATA) ||
+ (col2_len == SQL_NO_TOTAL || col2_len == SQL_NULL_DATA) ||
+ (col3_len == SQL_NO_TOTAL || col3_len == SQL_NULL_DATA) ||
+ (col4_len == SQL_NO_TOTAL || col4_len == SQL_NULL_DATA) ||
+ (col5_len == SQL_NO_TOTAL || col5_len == SQL_NULL_DATA) ||
+ (col6_len == SQL_NO_TOTAL || col6_len == SQL_NULL_DATA) ||
+ (col7_len == SQL_NO_TOTAL || col7_len == SQL_NULL_DATA))
+ {
+ FatalError("[%s()] Seem's like we have some null data ...\n",
+ __FUNCTION__);
+ }
+
+ /* Copy object */
+ if( (memcpy(cPtr,&tSigObj,sizeof(dbSignatureObj))) != cPtr)
+ {
+ FatalError("[%s()] : memcpy error ..\n",
+ __FUNCTION__);
+ }
+
+ cPtr->message[SIG_MSG_LEN-1] = '\0';
+ if( (snort_escape_string_STATIC(cPtr->message,SIG_MSG_LEN,data)))
+ {
+ FatalError("database [%s()], Failed a call to snort_escape_string_STATIC() for string : \n"
+ "[%s], Exiting. \n",
+ __FUNCTION__,
+ cPtr->message);
+ }
+
+ /* Clear temp obj */
+ memset(&tSigObj,'\0',sizeof(dbSignatureObj));
+ }
+ }
+
+
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 0;
+
+ ODBCError:
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 1;
+
+ break;
+#endif /* ENABLE_ODBC */
+
#ifdef ENABLE_ORACLE
case DB_ORACLE:
LogMessage("[%s()], is not yet implemented for DBMS configured\n",
@@ -2531,12 +2847,7 @@
break;
#endif /* ENABLE_ORACLE */
-#ifdef ENABLE_ODBC
- case DB_ODBC:
- LogMessage("[%s()], is not yet implemented for DBMS configured\n",
- __FUNCTION__);
- break;
-#endif /* ENABLE_ODBC */
+
#ifdef ENABLE_MSSQL
case DB_MSSQL:
@@ -2557,6 +2868,59 @@
}
+/**
+ * Find signature with the same SID and GID and set Ref. If Ref is found,
+ * also check for CACHE_BOTH FLAG
+ *
+ * @param cacheHead
+ *
+ * @return
+ * 0 OK
+ * 1 ERROR
+ */
+u_int32_t SignatureReferencePreGenerate(cacheSignatureObj *iHead)
+{
+ cacheSignatureObj *cObj = NULL;
+ cacheSignatureObj *searchObj = NULL;
+ if( iHead == NULL)
+ {
+ /* XXX */
+ return 1;
+ }
+
+ cObj = iHead;
+
+ while(cObj != NULL)
+ {
+ if( (cObj->flag & CACHE_BOTH) &&
+ (cObj->obj.rev != 0) &&
+ (cObj->obj.ref_count > 0))
+ {
+ searchObj = iHead;
+
+ while(searchObj != NULL)
+ {
+ if( (searchObj != cObj) &&
+ (cObj->obj.sid == searchObj->obj.sid) &&
+ (cObj->obj.gid == searchObj->obj.gid) &&
+ /* Only set lesser revision rule with refs */
+ (cObj->obj.rev < searchObj->obj.rev))
+ {
+ searchObj->obj.ref_count = cObj->obj.ref_count;
+ memcpy(searchObj->obj.ref,cObj->obj.ref, (sizeof(cacheReferenceObj *)*MAX_REF_OBJ));
+ }
+
+ searchObj = searchObj->next;
+ }
+ }
+
+ cObj = cObj->next;
+ }
+
+ return 0;
+
+}
+
/**
* Wrapper function for signature cache synchronization
*
@@ -2601,7 +2965,7 @@
dbSigArray = NULL;
array_length = 0;
}
-
+
LogMessage("[%s()], Call to SignatureCacheUpdateDBid() failed \n",
__FUNCTION__);
return 1;
@@ -2623,8 +2987,13 @@
return 1;
}
- /* Stop right there sailor! */
- //CleanExit(0);
+ /* Equilibrate references thru sibblings.*/
+ if(SignatureReferencePreGenerate(*cacheHead))
+ {
+ LogMessage("[%s()], Call to SignatureReferencePreGenerate failed \n",
+ __FUNCTION__);
+ return 1;
+ }
/* Well done */
return 0;
@@ -2652,10 +3021,19 @@
*/
u_int32_t ReferencePullDataStore(DatabaseData *data, dbReferenceObj **iArrayPtr,u_int32_t *array_length)
{
- u_int32_t queryColCount =0;
- u_int32_t curr_row = 0;
-
+#if (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL) || defined(ENABLE_ODBC))
+ u_int32_t curr_row = 0;
+#endif /* (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL) || defined(ENABLE_ODBC)) */
+
+#if (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL))
+ u_int32_t queryColCount =0;
+#endif /* (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL)) */
+
+#ifdef ENABLE_ODBC
+ dbReferenceObj tRefObj = {0};
+ SQLSMALLINT col_count = 0;
+#endif /* ENABLE_ODBC */
#ifdef ENABLE_MYSQL
int result = 0;
@@ -2803,11 +3181,11 @@
/* Do nothing for now but could be used to do a consistency check */
cPtr->system_id = strtoul(row[i],NULL,10);
break;
-
+
case 2:
strncpy(cPtr->ref_tag,row[i],REF_TAG_LEN);
cPtr->ref_tag[REF_TAG_LEN-1] = '\0'; //toasty.
-
+
//Safety escape value.
if( (snort_escape_string_STATIC(cPtr->ref_tag,REF_TAG_LEN,data)))
{
@@ -2816,7 +3194,7 @@
__FUNCTION__,
cPtr->ref_tag);
}
-
+
break;
@@ -2933,7 +3311,7 @@
case 2:
strncpy(cPtr->ref_tag,pg_val,REF_TAG_LEN);
cPtr->ref_tag[REF_TAG_LEN-1] = '\0'; //toasty.
-
+
//Safety escape value.
if( (snort_escape_string_STATIC(cPtr->ref_tag,REF_TAG_LEN,data)))
{
@@ -2983,31 +3361,166 @@
#endif /* ENABLE_POSTGRESQL */
-#ifdef ENABLE_ORACLE
- case DB_ORACLE:
- LogMessage("[%s()], is not yet implemented for DBMS configured\n",
- __FUNCTION__);
-
- break;
-#endif /* ENABLE_ORACLE */
-
#ifdef ENABLE_ODBC
case DB_ODBC:
- LogMessage("[%s()], is not yet implemented for DBMS configured\n",
- __FUNCTION__);
- break;
-#endif /* ENABLE_ODBC */
-
-#ifdef ENABLE_MSSQL
- case DB_MSSQL:
- LogMessage("[%s()], is not yet implemented for DBMS configured\n",
- __FUNCTION__);
- break;
-#endif /* ENABLE_MSSQL */
-
- default:
+ if(SQLAllocHandle(SQL_HANDLE_STMT,data->u_connection, &data->u_statement) == SQL_SUCCESS)
+ {
+ if(SQLExecDirect(data->u_statement,(ODBC_SQLCHAR *)data->SQL_SELECT, SQL_NTS) == SQL_SUCCESS)
+ {
+ if( SQLNumResultCols(data->u_statement,&col_count) == SQL_SUCCESS)
+ {
+ if(col_count == NUM_ROW_REF)
+ {
+ if(SQLRowCount(data->u_statement, &data->u_rows) != SQL_SUCCESS)
+ {
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ FatalError("[%s()]: SQLRowCount() call failed \n",
+ __FUNCTION__);
+ }
+
+ if(data->u_rows)
+ {
+ if( (*iArrayPtr = SnortAlloc( (sizeof(dbReferenceObj) * data->u_rows))) == NULL)
+ {
+ goto ODBCError;
+ }
+
+ *array_length = data->u_rows;
+
+ }
+ else
+ {
+ /* We have no records */
+ *array_length = 0;
+ return 0;
+ }
+
+ }
+ else
+ {
+ FatalError("[%s()]: The number of column returned does not match [%u] \n",
+ __FUNCTION__,
+ NUM_ROW_CLASSIFICATION);
+ }
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLNumResultCols() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLExecDirect() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLAllocStmt() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ SQLINTEGER col1_len = 0;
+ SQLINTEGER col2_len = 0;
+ SQLINTEGER col3_len = 0;
+
+ /* Bind template object */
+ if( SQLBindCol(data->u_statement,1,SQL_C_LONG,&tRefObj.ref_id,sizeof(u_int32_t),&col1_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ if( SQLBindCol(data->u_statement,2,SQL_C_LONG,&tRefObj.system_id,sizeof(u_int32_t),&col2_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ if( SQLBindCol(data->u_statement,3,SQL_C_CHAR,&tRefObj.ref_tag,(sizeof(char) *REF_TAG_LEN) ,&col3_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
- LogMessage("[%s()], is not yet implemented for DBMS configured\n",
+ for(curr_row = 0; curr_row < data->u_rows;curr_row++)
+ {
+ dbReferenceObj *cPtr = &(*iArrayPtr)[curr_row];
+
+ /* fetch */
+ if( SQLFetch(data->u_statement) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLFetch error on record [%u] \n",
+ __FUNCTION__,
+ curr_row+1);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+ else
+ {
+ if( (col1_len == SQL_NO_TOTAL || col1_len == SQL_NULL_DATA) ||
+ (col2_len == SQL_NO_TOTAL || col2_len == SQL_NULL_DATA) ||
+ (col3_len == SQL_NO_TOTAL || col3_len == SQL_NULL_DATA))
+ {
+ FatalError("[%s()] Seem's like we have some null data ...\n",
+ __FUNCTION__);
+ }
+
+ /* Copy object */
+ if( (memcpy(cPtr,&tRefObj,sizeof(dbReferenceObj))) != cPtr)
+ {
+ FatalError("[%s()] : memcpy error ..\n",
+ __FUNCTION__);
+ }
+
+ /* Clear temp obj */
+ memset(&tRefObj,'\0',sizeof(dbReferenceObj));
+ }
+ }
+
+
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 0;
+
+ ODBCError:
+
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 1;
+
+ break;
+#endif /* ENABLE_ODBC */
+
+#ifdef ENABLE_ORACLE
+ case DB_ORACLE:
+ LogMessage("[%s()], is not yet implemented for DBMS configured\n",
+ __FUNCTION__);
+
+ break;
+#endif /* ENABLE_ORACLE */
+
+#ifdef ENABLE_MSSQL
+ case DB_MSSQL:
+ LogMessage("[%s()], is not yet implemented for DBMS configured\n",
+ __FUNCTION__);
+ break;
+#endif /* ENABLE_MSSQL */
+
+ default:
+
+ LogMessage("[%s()], is not yet implemented for DBMS configured\n",
__FUNCTION__);
break;
@@ -3031,9 +3544,19 @@
u_int32_t SystemPullDataStore(DatabaseData *data, dbSystemObj **iArrayPtr,u_int32_t *array_length)
{
- u_int32_t queryColCount =0;
+#if (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL) || defined(ENABLE_ODBC))
u_int32_t curr_row = 0;
+#endif /* (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL) || defined(ENABLE_ODBC)) */
+#if (defined(ENABLE_ODBC))
+ dbSystemObj tSystemObj = {0};
+ SQLSMALLINT col_count = 0;
+#endif /* (defined(ENABLE_ODBC)) */
+
+#if (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL))
+ u_int32_t queryColCount =0;
+#endif /* (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL)) */
+
#ifdef ENABLE_MYSQL
int result = 0;
#endif
@@ -3352,6 +3875,142 @@
#endif /* ENABLE_POSTGRESQL */
+#ifdef ENABLE_ODBC
+ case DB_ODBC:
+
+ if(SQLAllocHandle(SQL_HANDLE_STMT,data->u_connection, &data->u_statement) == SQL_SUCCESS)
+ {
+
+ if(SQLExecDirect(data->u_statement,(ODBC_SQLCHAR *)data->SQL_SELECT, SQL_NTS) == SQL_SUCCESS)
+ {
+ if( SQLNumResultCols(data->u_statement,&col_count) == SQL_SUCCESS)
+ {
+ if(col_count == NUM_ROW_REFERENCE_SYSTEM)
+ {
+ if(SQLRowCount(data->u_statement, &data->u_rows) != SQL_SUCCESS)
+ {
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ FatalError("[%s()]: SQLRowCount() call failed \n",
+ __FUNCTION__);
+ }
+
+ if(data->u_rows)
+ {
+ if( (*iArrayPtr = SnortAlloc( (sizeof(dbSystemObj) * data->u_rows))) == NULL)
+ {
+ goto ODBCError;
+ }
+
+ *array_length = data->u_rows;
+
+ }
+ else
+ {
+ /* We have no records */
+ *array_length = 0;
+ return 0;
+ }
+
+ }
+ else
+ {
+ FatalError("[%s()]: The number of column returned does not match [%u] \n",
+ __FUNCTION__,
+ NUM_ROW_REFERENCE_SYSTEM);
+ }
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLNumResultCols() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLExecDirect() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+
+ }
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLAllocStmt() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ SQLINTEGER col1_len = 0;
+ SQLINTEGER col2_len = 0;
+
+ /* Bind template object */
+ if( SQLBindCol(data->u_statement,1,SQL_C_LONG,&tSystemObj.db_ref_system_id,sizeof(u_int32_t),&col1_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ if( SQLBindCol(data->u_statement,2,SQL_C_CHAR,&tSystemObj.ref_system_name,(sizeof(char) * SYSTEM_NAME_LEN) ,&col2_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ for(curr_row = 0; curr_row < data->u_rows;curr_row++)
+ {
+ dbSystemObj *cPtr = &(*iArrayPtr)[curr_row];
+
+ /* fetch */
+ if( SQLFetch(data->u_statement) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLFetch error on record [%u] \n",
+ __FUNCTION__,
+ curr_row+1);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+ else
+ {
+ if( (col1_len == SQL_NO_TOTAL || col1_len == SQL_NULL_DATA) ||
+ (col2_len == SQL_NO_TOTAL || col2_len == SQL_NULL_DATA))
+ {
+ FatalError("[%s()] Seem's like we have some null data ...\n",
+ __FUNCTION__);
+ }
+
+
+ /* Copy object */
+ if( (memcpy(cPtr,&tSystemObj,sizeof(dbSystemObj))) != cPtr)
+ {
+ FatalError("[%s()] : memcpy error ..\n",
+ __FUNCTION__);
+ }
+
+ /* Clear temp obj */
+ memset(&tSystemObj,'\0',sizeof(dbSystemObj));
+ }
+ }
+
+
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 0;
+
+ ODBCError:
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 1;
+
+ break;
+#endif /* ENABLE_ODBC */
+
#ifdef ENABLE_ORACLE
case DB_ORACLE:
LogMessage("[%s()], is not yet implemented for DBMS configured\n",
@@ -3360,13 +4019,6 @@
break;
#endif /* ENABLE_ORACLE */
-#ifdef ENABLE_ODBC
- case DB_ODBC:
- LogMessage("[%s()], is not yet implemented for DBMS configured\n",
- __FUNCTION__);
- break;
-#endif /* ENABLE_ODBC */
-
#ifdef ENABLE_MSSQL
case DB_MSSQL:
LogMessage("[%s()], is not yet implemented for DBMS configured\n",
@@ -3422,7 +4074,7 @@
if( (TobjNode = SnortAlloc(sizeof(cacheSystemObj))) == NULL)
{
/* XXX */
- printf("Failed to allocate ? \n");
+ LogMessage("[%s()]: Error Failed to allocate..\n",__FUNCTION__);
return 1;
}
@@ -3557,69 +4209,28 @@
inserted_reference_object_count++;
#endif
- if( (snort_escape_string_STATIC(cacheHead->obj.ref_tag,REF_TAG_LEN,data)))
- {
- FatalError("database [%s()], Failed a call to snort_escape_string_STATIC() for string : \n"
- "[%s], Exiting. \n",
- __FUNCTION__,
- &cacheHead->obj.ref_tag);
- }
+ /* Removed the escaping because we live escaped in the cache */
DatabaseCleanInsert(data);
-
- switch(data->dbtype_id)
- {
-#if defined(ENABLE_POSTGRESQL)
- case DB_POSTGRESQL:
- if( (SnortSnprintf(data->SQL_INSERT, MAX_QUERY_LENGTH,
- PGSQL_SQL_INSERT_SPECIFIC_REF,
- cacheHead->obj.parent->obj.db_ref_system_id,
- cacheHead->obj.ref_tag)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
-#endif
- default:
- if( (SnortSnprintf(data->SQL_INSERT, MAX_QUERY_LENGTH,
- SQL_INSERT_SPECIFIC_REF,
- cacheHead->obj.parent->obj.db_ref_system_id,
- cacheHead->obj.ref_tag)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
+
+ if( (SnortSnprintf(data->SQL_INSERT, MAX_QUERY_LENGTH,
+ SQL_INSERT_SPECIFIC_REF,
+ cacheHead->obj.parent->obj.db_ref_system_id,
+ cacheHead->obj.ref_tag)) != SNORT_SNPRINTF_SUCCESS)
+ {
+ /* XXX */
+ goto TransactionFail;
}
DatabaseCleanSelect(data);
- switch(data->dbtype_id)
- {
-#if defined(ENABLE_POSTGRESQL)
- case DB_POSTGRESQL:
- if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
- PGSQL_SQL_SELECT_SPECIFIC_REF,
- cacheHead->obj.parent->obj.db_ref_system_id,
- cacheHead->obj.ref_tag)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
-#endif
- default:
-
- if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
- SQL_SELECT_SPECIFIC_REF,
- cacheHead->obj.parent->obj.db_ref_system_id,
- cacheHead->obj.ref_tag)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
+ if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
+ SQL_SELECT_SPECIFIC_REF,
+ cacheHead->obj.parent->obj.db_ref_system_id,
+ cacheHead->obj.ref_tag)) != SNORT_SNPRINTF_SUCCESS)
+ {
+ /* XXX */
+ goto TransactionFail;
}
if(Insert(data->SQL_INSERT,data,1))
@@ -3718,55 +4329,22 @@
DatabaseCleanInsert(data);
- switch(data->dbtype_id)
- {
-#if defined(ENABLE_POSTGRESQL)
- case DB_POSTGRESQL:
- if( (SnortSnprintf(data->SQL_INSERT, MAX_QUERY_LENGTH,
- PGSQL_SQL_INSERT_SPECIFIC_REFERENCE_SYSTEM,
- cacheHead->obj.ref_system_name)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
-#endif
- default:
- if( (SnortSnprintf(data->SQL_INSERT, MAX_QUERY_LENGTH,
- SQL_INSERT_SPECIFIC_REFERENCE_SYSTEM,
+ if( (SnortSnprintf(data->SQL_INSERT, MAX_QUERY_LENGTH,
+ SQL_INSERT_SPECIFIC_REFERENCE_SYSTEM,
cacheHead->obj.ref_system_name)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
+ {
+ /* XXX */
+ goto TransactionFail;
}
-
- DatabaseCleanSelect(data);
- switch(data->dbtype_id)
- {
-#if defined(ENABLE_POSTGRESQL)
- case DB_POSTGRESQL:
- if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
- PGSQL_SQL_SELECT_SPECIFIC_REFERENCE_SYSTEM,
- cacheHead->obj.ref_system_name)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
-
- break;
-#endif
- default:
- if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
- SQL_SELECT_SPECIFIC_REFERENCE_SYSTEM,
- cacheHead->obj.ref_system_name)) != SNORT_SNPRINTF_SUCCESS)
- {
- /* XXX */
- goto TransactionFail;
- }
- break;
+ DatabaseCleanSelect(data);
+
+ if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
+ SQL_SELECT_SPECIFIC_REFERENCE_SYSTEM,
+ cacheHead->obj.ref_system_name)) != SNORT_SNPRINTF_SUCCESS)
+ {
+ /* XXX */
+ goto TransactionFail;
}
if(Insert(data->SQL_INSERT,data,1))
@@ -3830,13 +4408,14 @@
u_int32_t array_length = 0;
- if( (data == NULL) ||
+ if( (data == NULL) ||
(*cacheHead == NULL))
{
/* XXX */
return 1;
}
-
+
+
if( (SystemPullDataStore(data,&dbSysArray,&array_length)))
{
/* XXX */
@@ -3985,29 +4564,34 @@
while(sigHead != NULL)
{
- for(node_count = 0; node_count < sigHead->obj.ref_count; node_count++)
+ /* Do not generate sig_ref for internal sig, since they are not inserted,
+ db_id is 0 and this is corrupting the process */
+ if(sigHead->obj.db_id != 0)
{
- memset(&lookupNode,'\0',sizeof(dbSignatureReferenceObj));
- lookupNode.db_ref_id = sigHead->obj.ref[node_count]->obj.ref_id;
- lookupNode.db_sig_id = sigHead->obj.db_id;
- lookupNode.ref_seq = (node_count + 1);
-
- if( (cacheSignatureReferenceLookup(&lookupNode,*iHead)) == 0 )
+ for(node_count = 0; node_count < sigHead->obj.ref_count; node_count++)
{
- if( (newNode = SnortAlloc(sizeof(cacheSignatureReferenceObj))) == NULL)
- {
- /* XXX */
- return 1;
- }
-
- memcpy(&newNode->obj,&lookupNode,sizeof(dbSignatureReferenceObj));
- newNode->flag ^= CACHE_INTERNAL_ONLY;
+ memset(&lookupNode,'\0',sizeof(dbSignatureReferenceObj));
+ lookupNode.db_ref_id = sigHead->obj.ref[node_count]->obj.ref_id;
+ lookupNode.db_sig_id = sigHead->obj.db_id;
+ lookupNode.ref_seq = (node_count + 1);
- newNode->next = *iHead;
- *iHead = newNode;
+ if( (cacheSignatureReferenceLookup(&lookupNode,*iHead)) == 0 )
+ {
+ if( (newNode = SnortAlloc(sizeof(cacheSignatureReferenceObj))) == NULL)
+ {
+ /* XXX */
+ return 1;
+ }
+
+ memcpy(&newNode->obj,&lookupNode,sizeof(dbSignatureReferenceObj));
+ newNode->flag ^= CACHE_INTERNAL_ONLY;
+
+ newNode->next = *iHead;
+ *iHead = newNode;
#if DEBUG
- file_sigref_object_count++;
+ file_sigref_object_count++;
#endif
+ }
}
}
sigHead = sigHead->next;
@@ -4031,9 +4615,19 @@
u_int32_t SignatureReferencePullDataStore(DatabaseData *data, dbSignatureReferenceObj **iArrayPtr,u_int32_t *array_length)
{
- u_int32_t queryColCount =0;
+#if (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL) || defined(ENABLE_ODBC))
u_int32_t curr_row = 0;
-
+#endif /* (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL) || defined(ENABLE_ODBC)) */
+
+#if (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL))
+ u_int32_t queryColCount =0;
+#endif /* (defined(ENABLE_MYSQL) || defined(ENABLE_POSTGRESQL)) */
+
+#ifdef ENABLE_ODBC
+ dbSignatureReferenceObj tSigRefObj = {0};
+ SQLSMALLINT col_count = 0;
+#endif /* ENABLE_ODBC */
+
#ifdef ENABLE_MYSQL
int result = 0;
#endif
@@ -4330,6 +4924,152 @@
#endif /* ENABLE_POSTGRESQL */
+#ifdef ENABLE_ODBC
+ case DB_ODBC:
+
+ if(SQLAllocHandle(SQL_HANDLE_STMT,data->u_connection, &data->u_statement) == SQL_SUCCESS)
+ {
+ if(SQLExecDirect(data->u_statement,(ODBC_SQLCHAR *)data->SQL_SELECT, SQL_NTS) == SQL_SUCCESS)
+ {
+ if( SQLNumResultCols(data->u_statement,&col_count) == SQL_SUCCESS)
+ {
+ if(col_count == NUM_ROW_SIGREF)
+ {
+ if(SQLRowCount(data->u_statement, &data->u_rows) != SQL_SUCCESS)
+ {
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ FatalError("[%s()]: SQLRowCount() call failed \n",
+ __FUNCTION__);
+ }
+
+ if(data->u_rows)
+ {
+ if( (*iArrayPtr = SnortAlloc( (sizeof(dbSignatureReferenceObj) * data->u_rows))) == NULL)
+ {
+ goto ODBCError;
+ }
+
+ *array_length = data->u_rows;
+ }
+ else
+ {
+ /* We have no records */
+ *array_length = 0;
+ return 0;
+ }
+
+ }
+ else
+ {
+ FatalError("[%s()]: The number of column returned does not match [%u] \n",
+ __FUNCTION__,
+ NUM_ROW_CLASSIFICATION);
+ }
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLNumResultCols() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLExecDirect() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+
+ }
+ }
+ else
+ {
+ LogMessage("[%s()]: SQLAllocStmt() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ SQLINTEGER col1_len = 0;
+ SQLINTEGER col2_len = 0;
+ SQLINTEGER col3_len = 0;
+
+ /* Bind template object */
+ if( SQLBindCol(data->u_statement,1,SQL_C_LONG,&tSigRefObj.db_ref_id,sizeof(u_int32_t),&col1_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ if( SQLBindCol(data->u_statement,2,SQL_C_LONG,&tSigRefObj.db_sig_id,sizeof(u_int32_t),&col1_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+ if( SQLBindCol(data->u_statement,3,SQL_C_LONG,&tSigRefObj.ref_seq,sizeof(u_int32_t),&col1_len) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLBindCol() call failed \n",
+ __FUNCTION__);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+
+
+ for(curr_row = 0; curr_row < data->u_rows;curr_row++)
+ {
+ dbSignatureReferenceObj *cPtr = &(*iArrayPtr)[curr_row];
+
+ /* fetch */
+ if( SQLFetch(data->u_statement) != SQL_SUCCESS)
+ {
+ LogMessage("[%s()]: SQLFetch error on record [%u] \n",
+ __FUNCTION__,
+ curr_row+1);
+ ODBCPrintError(data,SQL_HANDLE_STMT);
+ goto ODBCError;
+ }
+ else
+ {
+ if( (col1_len == SQL_NO_TOTAL || col1_len == SQL_NULL_DATA) ||
+ (col2_len == SQL_NO_TOTAL || col2_len == SQL_NULL_DATA) ||
+ (col3_len == SQL_NO_TOTAL || col3_len == SQL_NULL_DATA))
+ {
+ FatalError("[%s()] Seem's like we have some null data ...\n",
+ __FUNCTION__);
+ }
+
+ /* Copy object */
+ if( (memcpy(cPtr,&tSigRefObj,sizeof(dbSignatureReferenceObj))) != cPtr)
+ {
+ FatalError("[%s()] : memcpy error ..\n",
+ __FUNCTION__);
+ }
+
+ /* Clear temp obj */
+ memset(&tSigRefObj,'\0',sizeof(dbSignatureReferenceObj));
+ }
+ }
+
+
+
+
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 0;
+
+ ODBCError:
+ SQLFreeHandle(SQL_HANDLE_STMT,data->u_statement);
+ return 1;
+
+ break;
+#endif /* ENABLE_ODBC */
+
#ifdef ENABLE_ORACLE
case DB_ORACLE:
LogMessage("[%s()], is not yet implemented for DBMS configured\n",
@@ -4338,13 +5078,6 @@
break;
#endif /* ENABLE_ORACLE */
-#ifdef ENABLE_ODBC
- case DB_ODBC:
- LogMessage("[%s()], is not yet implemented for DBMS configured\n",
- __FUNCTION__);
- break;
-#endif /* ENABLE_ODBC */
-
#ifdef ENABLE_MSSQL
case DB_MSSQL:
LogMessage("[%s()], is not yet implemented for DBMS configured\n",
@@ -4429,6 +5162,8 @@
/**
* Merge internal SignatureReference cache with database data, detect difference, tag known node for database update
*
+ * @note This function cost alot but its the price to pay to sync and make sure we respect the db constraint
+ *
* @param iDBList
* @param array_length
* @param cacheHead
@@ -4445,18 +5180,17 @@
cacheSignatureObj *sigCacheHead,
cacheSystemObj *systemCacheHead)
{
- cacheSignatureObj *sigObj = NULL;
- cacheSignatureReferenceObj *cTobjNode = NULL;
-
- cacheReferenceObj *refObj = NULL;
+
+ cacheSignatureReferenceObj *cCheck = NULL;
+ cacheSignatureReferenceObj *cacheLookup = NULL;
+ cacheSignatureReferenceObj *tempCache = NULL;
+ cacheSignatureReferenceObj *tNode = NULL;
+ cacheSignatureReferenceObj *rNode = NULL;
dbSignatureReferenceObj *cObj = NULL;
- dbSignatureReferenceObj *tObj = NULL;
- u_int32_t refMaxPos = 0;
-
+ u_int32_t maxSeq = 0;
int x = 0;
- int y = 0;
if( (iDBList == NULL) ||
(cacheHead == NULL) ||
@@ -4475,81 +5209,133 @@
return 0;
}
+ /* Build a temporary list from db records */
for(x = 0 ; x < array_length ; x++)
{
- cObj = &iDBList[x];
- refMaxPos = 0;
- cTobjNode = NULL; /* In case something goes wrong.... */
+ cObj = &iDBList[x];
- if( (dbSignatureReferenceLookup(cObj,*cacheHead,&cTobjNode) == 0))
- {
- if( (cTobjNode = SnortAlloc(sizeof(cacheSignatureReferenceObj))) == NULL)
- {
- /* XXX */
- return 1;
- }
- memcpy(&cTobjNode->obj,&cObj,sizeof(dbSignatureReferenceObj));
- cTobjNode->flag ^= CACHE_DATABASE_ONLY;
- cTobjNode->next = *cacheHead;
- *cacheHead = cTobjNode;
+ if(tempCache != NULL)
+ {
+ if( (dbSignatureReferenceLookup(cObj,tempCache,&rNode,0) == 0))
+ {
+ if( (tNode = SnortAlloc(sizeof(cacheSignatureReferenceObj))) == NULL)
+ {
+ /* XXX */
+ goto f_err;
+ }
+
+ memcpy(&tNode->obj,cObj,sizeof(dbSignatureReferenceObj));
+ tNode->flag ^= CACHE_DATABASE_ONLY;
+ tNode->next = tempCache;
+ tempCache = tNode;
+ }
+ else
+ {
+ LogMessage("Warning [%s()] : sig_id [%u] ref_id [%u] ref_seq [%u] Duplicate found in database with database constraint? Ignoring element in temporary cache \n",
+ cObj->db_sig_id,
+ cObj->db_ref_id,
+ cObj->ref_seq);
+ }
}
else
{
- if( (cTobjNode->obj.db_ref_id ==cObj->db_ref_id) &&
- (cTobjNode->obj.db_sig_id ==cObj->db_sig_id) &&
- (cTobjNode->obj.ref_seq != cObj->ref_seq))
- {
- /*
- Find the max ref for a node of same sig_id in dblist
- a good sql query would suffice ...honestly further this
- is from database interaction ...the better it is.
- */
- for(y = 0; y < array_length ; y++)
- {
- tObj = &iDBList[y];
- if( (cObj->db_sig_id == tObj->db_sig_id) &&
- (tObj->ref_seq > refMaxPos))
- {
- refMaxPos = tObj->ref_seq;
+ if( (tNode = SnortAlloc(sizeof(cacheSignatureReferenceObj))) == NULL)
+ {
+ /* XXX */
+ goto f_err;
+ }
+ memcpy(&tNode->obj,cObj,sizeof(dbSignatureReferenceObj));
+ tNode->flag ^= CACHE_DATABASE_ONLY;
+ tNode->next = tempCache;
+ tempCache = tNode;
+
+ }
+ }
+
- if( refMaxPos > MAX_REF_OBJ)
- {
- /* XXX */
- LogMessage("[%s()]: To many ref's for you my dear! \n",
- __FUNCTION__);
- return 1;
- }
- }
- }
-
- if( (sigObj = cacheGetSignatureNodeUsingDBid(sigCacheHead,cObj->db_sig_id)) == NULL)
- {
- /* XXX */
- return 1;
- }
-
- if( (refObj = cacheGetReferenceNodeUsingDBid(systemCacheHead,cTobjNode->obj.db_ref_id)) == NULL)
+ cacheLookup = *cacheHead;
+
+ while(cacheLookup != NULL)
+ {
+ maxSeq = 0;
+
+ /* Look if we have colision with the databases entry*/
+ /* sig_id,ref_id */
+ /* if we have such collision, get Largest ref_id, bump it */
+ if(dbSignatureReferenceLookup(&cacheLookup->obj,tempCache,&rNode,1))
+ {
+ if(cacheLookup->obj.ref_seq > rNode->obj.ref_seq)
+ {
+ cacheLookup->obj.ref_seq = rNode->obj.ref_seq;
+ }
+ cacheLookup->flag ^=(CACHE_BOTH | CACHE_INTERNAL_ONLY);
+ }
+ else
+ {
+ /* Validate in internal cache */
+ cCheck = *cacheHead;
+
+ while(cCheck != NULL)
+ {
+ if(cCheck->obj.db_sig_id == cacheLookup->obj.db_sig_id)
{
- /* XXX */
- return 1;
+ if(cCheck->obj.ref_seq > maxSeq)
+ {
+ maxSeq = cCheck->obj.ref_seq;
+ }
}
- memcpy(&cTobjNode->obj,cObj,sizeof(dbSignatureReferenceObj));
-
- /* Set the reference at the new signature position */
- sigObj->obj.ref[refMaxPos] = refObj;
- sigObj->obj.ref_count = refMaxPos+1;
+ cCheck = cCheck->next;
}
+
+ /* Validate in temp cache */
+ cCheck = tempCache;
+
+ while(cCheck != NULL)
+ {
+ if(cCheck->obj.db_sig_id == cacheLookup->obj.db_sig_id)
+ {
+ if(cCheck->obj.ref_seq > maxSeq)
+ {
+ maxSeq = cCheck->obj.ref_seq;
+ }
+ }
+
+ cCheck = cCheck->next;
+ }
+
+ cacheLookup->obj.ref_seq = maxSeq+1;
+
}
+
+ cacheLookup = cacheLookup->next;
}
+
+ while(tempCache != NULL)
+ {
+ tNode = tempCache->next;
+ free(tempCache);
+ tempCache = tNode;
+ }
return 0;
+
+f_err:
+ while(tempCache != NULL)
+ {
+ tNode = tempCache->next;
+ free(tempCache);
+ tempCache = tNode;
+ }
+ return 1;
+
}
/**
* Populate the sig_reference table with record that are not present in the database.
*
+ * @note Transaction isolation is done at row level to prevent possible race condition with an other starting process
* @param data
* @param cacheHead
*
@@ -4588,7 +5374,7 @@
data->SQL_SELECT);
}
- BeginTransaction(data);
+
while(cacheHead != NULL)
{
@@ -4607,12 +5393,11 @@
cacheHead->obj.ref_seq)) != SNORT_SNPRINTF_SUCCESS)
{
/* XXX */
- goto TransactionFail;
+ //goto TransactionFail;
+ goto f_exit;
}
-
-
- DatabaseCleanSelect(data);
+ DatabaseCleanSelect(data);
if( (SnortSnprintf(data->SQL_SELECT, MAX_QUERY_LENGTH,
SQL_SELECT_SPECIFIC_SIGREF,
cacheHead->obj.db_ref_id,
@@ -4620,34 +5405,49 @@
cacheHead->obj.ref_seq)) != SNORT_SNPRINTF_SUCCESS)
{
/* XXX */
- goto TransactionFail;
- }
-
- if(Insert(data->SQL_INSERT,data,1))
- {
- /* XXX */
- goto TransactionFail;
+ //goto TransactionFail;
+ goto f_exit;
}
- row_validate = 0;
+ /* Prevent race.. */
+ usleep(100);
- if(Select(data->SQL_SELECT,data,&row_validate))
+ if(Select(data->SQL_SELECT,data,&row_validate))
{
- /* XXX */
- goto TransactionFail;
- }
-
- if(row_validate != cacheHead->obj.db_ref_id)
- {
- /* XXX */
- LogMessage("[%s()]: Couldn't validate insertion of values inserted INSERTED[%u], RECEIVED[%u] this is inconsistance and we quit.\n",
- __FUNCTION__,
- cacheHead->obj.db_ref_id,
- row_validate);
-
- goto TransactionFail;
+ /* Entry was not found */
+ if(row_validate == 0)
+ {
+ BeginTransaction(data);
+
+ if(Insert(data->SQL_INSERT,data,1))
+ {
+ /* XXX */
+ goto TransactionFail;
+ }
+
+ row_validate = 0;
+
+ if(Select(data->SQL_SELECT,data,&row_validate))
+ {
+ /* XXX */
+ goto TransactionFail;
+ }
+
+ if(row_validate != cacheHead->obj.db_ref_id)
+ {
+ /* XXX */
+ LogMessage("[%s()]: Couldn't validate insertion of values inserted INSERTED[%u], RECEIVED[%u] this is inconsistance and we quit.\n",
+ __FUNCTION__,
+ cacheHead->obj.db_ref_id,
+ row_validate);
+
+ goto TransactionFail;
+ }
+
+ CommitTransaction(data);
+ }
}
-
+
if(cacheHead->flag & CACHE_INTERNAL_ONLY)
{
cacheHead->flag ^=(CACHE_INTERNAL_ONLY | CACHE_BOTH);
@@ -4658,12 +5458,13 @@
}
- CommitTransaction(data);
+
return 0;
TransactionFail:
RollbackTransaction(data);
+f_exit:
return 1;
}
@@ -4696,7 +5497,6 @@
return 1;
}
- /* We initialize the structure in a la */
if( (GenerateSigRef(cacheHead,cacheSigHead)))
{
/* XXX */
@@ -4800,7 +5600,7 @@
*
* @param data
*/
-void MasterCacheFlush(DatabaseData *data)
+void MasterCacheFlush(DatabaseData *data,u_int32_t flushFlag)
{
cacheSignatureObj *MCcacheSignature;
@@ -4817,8 +5617,25 @@
/* XXX */
return ;
}
+
+
+ /* Just clean the array's. */
+ if( (flushFlag & CACHE_FLUSH_SIGREF) &&
+ (!(flushFlag & CACHE_FLUSH_SIGNATURE)) &&
+ (data->mc.cacheSignatureHead != NULL))
+ {
+ MCcacheSignature = data->mc.cacheSignatureHead;
+
+ while( MCcacheSignature != NULL)
+ {
+ MCcacheSignature->obj.ref_count = 0;
+ memset(MCcacheSignature->obj.ref,'\0',(sizeof(cacheReferenceObj *) * MAX_REF_OBJ));
+ MCcacheSignature= MCcacheSignature->next;
+ }
+ }
- if( (data->mc.cacheSignatureHead != NULL))
+ if( (data->mc.cacheSignatureHead != NULL) &&
+ (flushFlag & CACHE_FLUSH_SIGNATURE))
{
MCcacheSignature = data->mc.cacheSignatureHead;
@@ -4831,8 +5648,12 @@
data->mc.cacheSignatureHead = NULL;
}
+
+
- if( (data->mc.cacheClassificationHead!= NULL) )
+
+ if( (data->mc.cacheClassificationHead!= NULL) &&
+ (flushFlag & CACHE_FLUSH_CLASSIFICATION))
{
MCcacheClassification = data->mc.cacheClassificationHead;
@@ -4845,9 +5666,10 @@
data->mc.cacheClassificationHead = NULL;
}
-
-
- if( ( data->mc.cacheSigReferenceHead != NULL) )
+
+
+ if( ( data->mc.cacheSigReferenceHead != NULL) &&
+ (flushFlag & CACHE_FLUSH_SIGREF))
{
MCcacheSigReference = data->mc.cacheSigReferenceHead;
@@ -4860,8 +5682,9 @@
data->mc.cacheSigReferenceHead = NULL;
}
-
- if( (data->mc.cacheSystemHead != NULL) )
+
+ if( (data->mc.cacheSystemHead != NULL) &&
+ (flushFlag & CACHE_FLUSH_SYSTEM_REF))
{
MCcacheSystem = data->mc.cacheSystemHead;
@@ -4881,7 +5704,7 @@
}
MCcacheSystem->obj.refList = NULL;
-
+
}
free(MCcacheSystem);
@@ -4934,23 +5757,29 @@
//System Synchronize
- if( (SystemCacheSynchronize(data,&data->mc.cacheSystemHead)))
+ if(data->mc.cacheSystemHead != NULL)
{
- /* XXX */
- LogMessage("[%s()]:, SystemCacheSyncronize() call failed. \n",
- __FUNCTION__);
- return 1;
+ if( (SystemCacheSynchronize(data,&data->mc.cacheSystemHead)))
+ {
+ /* XXX */
+ LogMessage("[%s()]:, SystemCacheSyncronize() call failed. \n",
+ __FUNCTION__);
+ return 1;
+ }
+
+ //SigRef Synchronize
+ if( (SigRefSynchronize(data,&data->mc.cacheSigReferenceHead,data->mc.cacheSignatureHead)))
+ {
+ /* XXX */
+ LogMessage("[%s()]: SigRefSynchronize() call failed \n",
+ __FUNCTION__);
+ return 1;
+ }
}
-
- //SigRef Synchronize
- if( (SigRefSynchronize(data,&data->mc.cacheSigReferenceHead,data->mc.cacheSignatureHead)))
+ else
{
- /* XXX */
- LogMessage("[%s()]: SigRefSynchronize() call failed \n",
- __FUNCTION__);
- return 1;
+ LogMessage("\n[%s()],INFO: No system was found in cache (from signature map file), will not process or synchronize informations found in the database \n\n",__FUNCTION__);
}
-
#if DEBUG
DEBUG_WRAP(DebugMessage(DB_DEBUG,"================================================"
@@ -4988,9 +5817,16 @@
DEBUG_WRAP(DebugMessage(DB_DEBUG,"================================================"
"===============================\n\n"));
+
sleep(5);
#endif
+
+
+ /* Since we do not need reference and sig_reference clear those cache (free memory) and clean signature reference list and count */
+ MasterCacheFlush(data,CACHE_FLUSH_SYSTEM_REF|CACHE_FLUSH_SIGREF|CACHE_FLUSH_SIGREF);
+ /* Since we do not need reference and sig_reference clear those cache (free memory) and clean signature reference list and count */
+
return 0;
}
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_database_cache.h
^
|
@@ -17,10 +17,10 @@
*/
/*
- * Maintainers : The Barnyard2 Team <firnsy@gmail.com> <beenph@gmail.com> 2011-20xx
+ * Maintainers : The Barnyard2 Team <firnsy@gmail.com> <beenph@gmail.com> 2011-2012
*
* Special thanks to: Rusell Fuleton <russell.fulton@gmail.com> for helping us stress test
- * this in production produce the required fix for bugs experienced.
+ * this in production for us.
*
*
*/
@@ -84,9 +84,17 @@
#define NUM_ROW_CLASSIFICATION 2
#define NUM_ROW_SIGNATURE 7
-
+/*
#if defined(ENABLE_POSTGRESQL)
+** Note : ELZ
+**
+** Initially i tought that using E'' would escape some issue.
+** It turns out it would also create other issue like automatically
+** encode special sequence and its not a good thing since in initial testing non of the signature has such char, but it turned out
+** some had and it would wreck logical havock, so to prevent bugs Queries have been keept commented but the code has been reverted to normal behavior.
+** Ref: http://www.postgresql.org/docs/9.1/static/datatype-binary.html
+
#define PGSQL_SQL_INSERT_SPECIFIC_REFERENCE_SYSTEM "INSERT INTO reference_system (ref_system_name) VALUES (E'%s');"
#define PGSQL_SQL_SELECT_SPECIFIC_REFERENCE_SYSTEM "SELECT ref_system_id FROM reference_system WHERE ref_system_name = E'%s';"
#define PGSQL_SQL_INSERT_SPECIFIC_REF "INSERT INTO reference (ref_system_id,ref_tag) VALUES ('%u',E'%s');"
@@ -101,10 +109,12 @@
"(sig_class_id = '%u') AND " \
"(sig_priority = '%u') AND " \
"(sig_name = E'%s'); " \
-
#endif
+*/
//#if defined(ENABLE_MYSQL) || defined (ENABLE_ODBC) || defined (ENABLE_ORACLE) || defined (ENABLE_MSSQL)
+//#endif
+
#define SQL_INSERT_SPECIFIC_REFERENCE_SYSTEM "INSERT INTO reference_system (ref_system_name) VALUES ('%s');"
#define SQL_SELECT_SPECIFIC_REFERENCE_SYSTEM "SELECT ref_system_id FROM reference_system WHERE ref_system_name = '%s';"
@@ -121,8 +131,6 @@
"(sig_priority = '%u') AND " \
"(sig_name = '%s'); " \
-//#endif
-
/* Used for backward compatibility with older barnyard process */
#define SQL_SELECT_SPECIFIC_SIGNATURE_WITHOUT_MESSAGE "SELECT sig_id FROM signature WHERE " \
@@ -139,8 +147,8 @@
#define SQL_SELECT_SPECIFIC_SIGREF "SELECT ref_id FROM sig_reference WHERE (ref_id = '%u') AND (sig_id = '%u') AND (ref_seq='%u');"
#define SQL_SELECT_ALL_REFERENCE_SYSTEM "SELECT ref_system_id, ref_system_name FROM reference_system;"
#define SQL_SELECT_ALL_REF "SELECT ref_id, ref_system_id, ref_tag FROM reference; "
-#define SQL_SELECT_ALL_CLASSIFICATION "SELECT sig_class_id, sig_class_name FROM sig_class; "
-#define SQL_SELECT_ALL_SIGNATURE "SELECT sig_id, sig_sid, sig_gid, sig_rev, sig_class_id, sig_priority, sig_name FROM signature;"
+#define SQL_SELECT_ALL_CLASSIFICATION "SELECT sig_class_id, sig_class_name FROM sig_class ORDER BY sig_class_id ASC; "
+#define SQL_SELECT_ALL_SIGNATURE "SELECT sig_id, sig_sid, sig_gid,sig_rev, sig_class_id, sig_priority, sig_name FROM signature;"
#define SQL_UPDATE_SPECIFIC_SIGNATURE "UPDATE signature SET " \
"sig_class_id = '%u'," \
"sig_priority = '%u'," \
@@ -155,12 +163,16 @@
#define CACHE_INTERNAL_ONLY 0x00000001
#define CACHE_DATABASE_ONLY 0x00000010
#define CACHE_BOTH 0x00000100 /* Digging a grave */
-
-
#endif /* CACHE_FLAGS */
-
+#ifndef CACHE_FLUSH_FLAGS
+#define CACHE_FLUSH_SIGNATURE 0x00000001
+#define CACHE_FLUSH_CLASSIFICATION 0x00000002
+#define CACHE_FLUSH_SYSTEM_REF 0x00000004
+#define CACHE_FLUSH_SIGREF 0x00000008
+#define CACHE_FLUSH_ALL 0xFFFFFFFF
+#endif /* CACHE_FLUSH_FLAGS*/
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_log_ascii.c
^
|
@@ -205,9 +205,9 @@
#endif
/* zero out our buffers */
- bzero((char *) log_path, STD_BUF);
- bzero((char *) log_file, STD_BUF);
- bzero((char *) proto, 5);
+ memset((char *) log_path, 0, STD_BUF); /* bzero() deprecated, replaced by memset() */
+ memset((char *) log_file, 0, STD_BUF); /* bzero() deprecated, replaced by memset() */
+ memset((char *) proto, 0, 5); /* bzero() deprecated, replaced by memset() */
if (mode == GENERIC_LOG || mode == DUMP || mode == BOGUS ||
mode == NON_IP || mode == ARP)
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_log_tcpdump.c
^
|
@@ -45,6 +45,8 @@
#include "config.h"
#endif
+#ifdef HAVE_LIBPCAP
+
#ifdef HAVE_STRINGS_H
#include <strings.h>
#endif
@@ -596,3 +598,4 @@
log_tcpdump_ptr->size += dumpSize;
}
+#endif /* HAVE_LIBPCAP */
\ No newline at end of file
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_platypus.c
^
|
@@ -1,5 +1,5 @@
/*
-** Copyright (C) 2008-2011 Ian Firns (SecurixLive) <dev@securixlive.com>
+** Copyright (C) 2008-2012 Ian Firns (SecurixLive) <dev@securixlive.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
@@ -90,7 +90,7 @@
int PlatypusAgentInit(SpoPlatypusData *);
int PlatypusAgentEventSend(SpoPlatypusData *, char *);
int PlatypusAgentSend(SpoPlatypusData *, char *);
-int PlatypusAgentReceive();
+int PlatypusAgentReceive(SpoPlatypusData *, char *);
char *PlatypusTimestamp(u_int32_t, u_int32_t);
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_platypus.h
^
|
@@ -1,5 +1,5 @@
/*
-** Copyright (C) 2008-2011 Ian Firns (SecurixLive) <dev@securixlive.com>
+** Copyright (C) 2008-2012 Ian Firns (SecurixLive) <dev@securixlive.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_sguil.c
^
|
@@ -1,5 +1,5 @@
/*
-** Copyright (C) 2008-2011 Ian Firns (SecurixLive) <dev@securixlive.com>
+** Copyright (C) 2008-2012 Ian Firns (SecurixLive) <dev@securixlive.com>
** Copyright (C) 2002-2005 Robert (Bamm) Visscher <bamm@sguil.net>
**
** This program is free software; you can redistribute it and/or modify
@@ -112,7 +112,7 @@
int SguilSensorAgentInit(SpoSguilData *);
int SguilRTEventMsg(SpoSguilData *, char *);
int SguilSendAgentMsg(SpoSguilData *, char *);
-int SguilRecvAgentMsg();
+int SguilRecvAgentMsg(SpoSguilData *, char *);
char *SguilTimestamp(u_int32_t);
@@ -230,7 +230,7 @@
ClassType *cn = NULL;
Tcl_DString list;
- bzero(buffer, TMP_BUFFER);
+ memset(buffer, 0, TMP_BUFFER); /* bzero() deprecated, replaced by memset() */
if ( event == NULL || arg == NULL )
{
@@ -239,7 +239,7 @@
if(p != NULL)
{
- if((p->ip6h != NULL)
+ if(p->ip6h != NULL)
{
LogMessage("[%s] Received a IPv6 Packets, ignoring \n",
__FUNCTION__);
@@ -592,7 +592,7 @@
{
char buffer[TMP_BUFFER];
- bzero(buffer, TMP_BUFFER);
+ memset(buffer, 0, TMP_BUFFER); /* bzero() deprecated, replaced by memset() */
SnortSnprintf(buffer, TMP_BUFFER, "%u", ntohl(p->iph->ip_src.s_addr));
Tcl_DStringAppendElement(list, buffer);
@@ -667,7 +667,7 @@
int i;
char buffer[TMP_BUFFER];
- bzero(buffer, TMP_BUFFER);
+ memset(buffer, 0, TMP_BUFFER); /* bzero() deprecated, replaced by memset() */
if (!p->icmph)
{
@@ -742,7 +742,7 @@
int i;
char buffer[TMP_BUFFER];
- bzero(buffer, TMP_BUFFER);
+ memset(buffer, 0, TMP_BUFFER); /* bzero() deprecated, replaced by memset() */
/* empty elements for icmp data */
for(i=0; i < 5; i++)
@@ -804,7 +804,7 @@
int i;
char buffer[TMP_BUFFER];
- bzero(buffer, TMP_BUFFER);
+ memset(buffer, 0, TMP_BUFFER); /* bzero() deprecated, replaced by memset() */
/* empty elements for ICMP data */
for(i=0; i < 5; i++)
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/output-plugins/spo_sguil.h
^
|
@@ -1,5 +1,5 @@
/*
-** Copyright (C) 2008-2011 Ian Firns (SecurixLive) <dev@securixlive.com>
+** Copyright (C) 2008-2012 Ian Firns (SecurixLive) <dev@securixlive.com>
** Copyright (C) 2002-2005 Robert (Bamm) Visscher <bamm@sguil.net>
**
** This program is free software; you can redistribute it and/or modify
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/parser.c
^
|
@@ -1100,7 +1100,7 @@
if(!string || !*string || !strchr(string, '$'))
return(string);
- bzero((char *) estring, PARSERULE_SIZE);
+ memset((char *) estring, 0, PARSERULE_SIZE); /* bzero() deprecated, replaced by memset() */
i = j = 0;
l_string = strlen(string);
@@ -1119,7 +1119,7 @@
if(c == '$' && !quote_toggle)
{
- bzero((char *) rawvarname, sizeof(rawvarname));
+ memset((char *) rawvarname, 0, sizeof(rawvarname)); /* bzero() deprecated, replaced by memset() */
varname_completed = 0;
name_only = 1;
iv = i;
@@ -1159,8 +1159,8 @@
varcontents = NULL;
- bzero((char *) varname, sizeof(varname));
- bzero((char *) varaux, sizeof(varaux));
+ memset((char *) varname, 0, sizeof(varname)); /* bzero() deprecated, replaced by memset() */
+ memset((char *) varaux, 0, sizeof(varaux)); /* bzero() deprecated, replaced by memset() */
varmodifier = ' ';
p = strchr(rawvarname, ':');
@@ -1177,7 +1177,7 @@
else
SnortStrncpy(varname, rawvarname, sizeof(varname));
- bzero((char *) varbuffer, sizeof(varbuffer));
+ memset((char *) varbuffer, 0, sizeof(varbuffer)); /* bzero() deprecated, replaced by memset() */
varcontents = VarSearch(bc, varname);
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/plugbase.c
^
|
@@ -324,7 +324,11 @@
AlertCEFSetup();
AlertSyslogSetup();
+
+#ifdef HAVE_LIBPCAP
LogTcpdumpSetup();
+#endif /* HAVE_LIBPCAP */
+
DatabaseSetup();
AlertFastSetup();
AlertFullSetup();
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/sfutil/sf_ipvar.c
^
|
@@ -36,7 +36,10 @@
#define LIST_OPEN '['
#define LIST_CLOSE ']'
+/*
+** Remove compiler warning
static SFIP_RET sfvar_list_compare(sfip_node_t *, sfip_node_t *);
+*/
static INLINE sfip_var_t *_alloc_var(void)
{
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/spooler.c
^
|
@@ -1,6 +1,6 @@
/*
**
-** Copyright (C) 2008-2011 Ian Firns (SecurixLive) <dev@securixlive.com>
+** Copyright (C) 2008-2012 Ian Firns (SecurixLive) <dev@securixlive.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
@@ -41,7 +41,7 @@
#include "unified2.h"
#include "util.h"
-#define CACHED_EVENTS_MAX 64
+#define CACHED_EVENTS_MAX 256
/*
** PRIVATE FUNCTIONS
@@ -450,18 +450,20 @@
LogMessage("ERROR: Unable to create spooler!\n");
exit_signal = -1;
pc_ret = -1;
- continue;
+ continue;
}
+ else
+ {
+ /* Make sure we create a new waldo even if we did not have processed an event */
+ spooler->record_idx = 0;
+ spoolerWriteWaldo(&barnyard2_conf->waldo, spooler);
+
+ waiting_logged = 0;
+
+ /* set timestamp to ensure we look for a newer file next time */
+ timestamp = extension + 1;
+ }
- /* Make sure we create a new waldo even if we did not have processed an event */
- spooler->record_idx = 0;
- spoolerWriteWaldo(&barnyard2_conf->waldo, spooler);
-
- waiting_logged = 0;
-
- /* set timestamp to ensure we look for a newer file next time */
- timestamp = extension + 1;
-
continue;
}
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/spooler.h
^
|
@@ -1,6 +1,6 @@
/*
**
-** Copyright (C) 2008-2011 Ian Firns (SecurixLive) <dev@securixlive.com>
+** Copyright (C) 2008-2012 Ian Firns (SecurixLive) <dev@securixlive.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License Version 2 as
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/unified2.h
^
|
@@ -1,6 +1,6 @@
/*
**
-** Copyright (C) 2008-2011 Ian Firns (SecurixLive) <dev@securixlive.com>
+** Copyright (C) 2008-2012 Ian Firns (SecurixLive) <dev@securixlive.com>
**
** Copyright (C) 2002-2009 Sourcefire, Inc.
** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/util.c
^
|
@@ -150,7 +150,7 @@
" ______ -*> Barnyard2 <*-\n"
" / ,,_ \\ Version %s.%s.%s (Build %s)%s%s\n"
" |o\" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/\n"
- " + '''' + (C) Copyright 2008-2011 Ian Firns <firnsy@securixlive.com>\n"
+ " + '''' + (C) Copyright 2008-2012 Ian Firns <firnsy@securixlive.com>\n"
"\n"
, VER_MAJOR, VER_MINOR, VER_REVISION, VER_BUILD,
#ifdef DEBUG
@@ -201,7 +201,7 @@
if(!tvp)
{
/* manual page (for linux) says tz is never used, so.. */
- bzero((char *) &tz, sizeof(tz));
+ memset((char *) &tz, 0, sizeof(tz)); /* bzero() deprecated, replaced by memset() */
gettimeofday(&tv, &tz);
tvp = &tv;
}
@@ -2100,7 +2100,7 @@
buf = (char *)SnortAlloc(SMALLBUFFER * sizeof(char));
- bzero((char *)&tz,sizeof(tz));
+ memset((char *)&tz, 0, sizeof(tz)); /* bzero() deprecated, replaced by memset() */
gettimeofday(&tv,&tz);
tvp = &tv;
@@ -2677,3 +2677,43 @@
return val;
}
+
+
+/*
+ Tough to be a solution for a issue where it was not needed
+ but kept if its ever needed.
+*/
+u_int32_t string_sanitize_character(char *input,char ichar)
+{
+ char *cindex = NULL;
+
+ u_int32_t orig_len = 0;
+ u_int32_t end_len = 0;
+
+ if( (input == NULL) ||
+ (ichar == 0x00))
+ {
+ /* XXX */
+ return 1;
+ }
+
+ orig_len = strlen(input) + 1;
+
+ while( (cindex = index(input,ichar)) != NULL)
+ {
+
+ if( (end_len = strlen(cindex)) > orig_len)
+ {
+ /* Could be far fetched ...but who know's...*/
+ /* XXX */
+ return 1;
+ }
+
+ memcpy(cindex,cindex+1,strlen((cindex)));
+ cindex[end_len] = '\0';
+ cindex = NULL;
+ }
+
+ return 0;
+}
+
|
[-]
[+]
|
Changed |
barnyard2-git.tar.bz2/src/util.h
^
|
@@ -221,6 +221,8 @@
u_int32_t GetCurrentTimestamp_STATIC(char *buf);
+u_int32_t string_sanitize_character(char *input,char ichar);
+
/***********************************************************
|