/* * spp_example.c * * Copyright (C) 2006-2007 Sourcefire,Inc * Steven A. Sturges <ssturges@sourcefire.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License Version 2 as * published by the Free Software Foundation.  You may not use, modify or * distribute this program under any other version of the GNU General * Public License. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * * Description: * * This file is part of an example of a dynamically loadable preprocessor. * * NOTES: * */#include <sys/types.h>#include <stdlib.h>#include <ctype.h>#include <string.h>#include "preprocids.h"#include "sf_snort_packet.h"#include "sf_dynamic_preproc_lib.h"#include "sf_dynamic_preprocessor.h"#include "debug.h"#define GENERATOR_EXAMPLE 256extern DynamicPreprocessorData _dpd;void ExampleInit(char *);void ExampleProcess(void *, void *);void ExampleSetup(){    _dpd.registerPreproc("dynamic_example", ExampleInit);    DEBUG_WRAP(_dpd.debugMsg(DEBUG_PLUGIN, "Preprocessor: Example is setup\n"););}u_int16_t portToCheck;void ExampleInit(char *args){    char *arg;    char *argEnd;    unsigned long port;    _dpd.logMsg("Example dynamic preprocessor configuration\n");    arg = strtok(args, " \t\n\r");    if(!strcasecmp("port", arg))    {        arg = strtok(NULL, "\t\n\r");        if (!arg)        {            _dpd.fatalMsg("ExamplePreproc: Missing port\n");        }        port = strtoul(arg, &argEnd, 10);        if (port < 0 || port > 65535)        {            _dpd.fatalMsg("ExamplePreproc: Invalid port %d\n", port);        }        portToCheck = port;        _dpd.logMsg("    Port: %d\n", portToCheck);    }    else    {        _dpd.fatalMsg("ExamplePreproc: Invalid option %s\n", arg);    }    /* Register the preprocessor function, Transport layer, ID 10000 */    _dpd.addPreproc(ExampleProcess, PRIORITY_TRANSPORT, 10000);    DEBUG_WRAP(_dpd.debugMsg(DEBUG_PLUGIN, "Preprocessor: Example is initialized\n"););}#define SRC_PORT_MATCH  1#define SRC_PORT_MATCH_STR "example_preprocessor: src port match"#define DST_PORT_MATCH  2#define DST_PORT_MATCH_STR "example_preprocessor: dest port match"void ExampleProcess(void *pkt, void *context){    SFSnortPacket *p = (SFSnortPacket *)pkt;    if (!p->ip4_header || p->ip4_header->proto != IPPROTO_TCP || !p->tcp_header)    {        /* Not for me, return */        return;    }    if (p->src_port == portToCheck)    {        /* Source port matched, log alert */        _dpd.alertAdd(GENERATOR_EXAMPLE, SRC_PORT_MATCH,                      1, 0, 3, SRC_PORT_MATCH_STR, 0);        return;    }    if (p->dst_port == portToCheck)    {        /* Destination port matched, log alert */        _dpd.alertAdd(GENERATOR_EXAMPLE, DST_PORT_MATCH,                      1, 0, 3, DST_PORT_MATCH_STR, 0);        return;    }}