?? match_dns.c
字號:
/* * This file is part of firestorm NIDS * Copyright (c) 2002 Gianni Tedesco */#include <stdlib.h>#include <stdio.h>#include <errno.h>#include <string.h>#include <netinet/in.h>#include <firestorm.h>#include <packet.h>#include <alert.h>#include <signature.h>#include <matcher.h>#include <plugin.h>PLUGIN_STD_DEFS();struct dns_hdr { u_int16_t id; u_int16_t flags; u_int16_t questions; u_int16_t answers; u_int16_t auth; u_int16_t additional;};u_int16_t dns_rflag=__constant_htons(1<<8);u_int16_t dns_qflag=__constant_htons(1<<15);int dns_compare(void *p1, void *p2){ return 0;}int dnsr_match(struct packet *p, void *priv, unsigned int l, int n){ struct dns_hdr *dnshdr; if ( l+2 >= p->llen ) return n^0; if ( p->layer[l+2].h.raw + sizeof(struct dns_hdr) >= p->end ) return n^0; dnshdr=p->layer[l+2].h.raw; return n ^ ((dnshdr->flags&dns_rflag)==1) && ((dnshdr->flags&dns_qflag)==0);}int dnsi_match(struct packet *p, void *priv, unsigned int l, int n){ struct dns_hdr *dnshdr; if ( l+2 >= p->llen ) return n^0; if ( p->layer[l+2].h.raw + sizeof(struct dns_hdr) >= p->end ) return n^0; dnshdr=p->layer[l+2].h.raw; return n ^ ((dnshdr->flags&dns_rflag)==0) && ((dnshdr->flags&dns_qflag)==0);}proc_match_match dnsr_validate(char *args, void **priv,{ if ( args ) return NULL; *priv=NULL; return dnsr_match;}proc_match_match dnsi_validate(char *args, void **priv, struct criteria *m, u_int32_t *c){ if ( args ) return NULL; *priv=NULL; return dnsi_match;}struct matcher dns_matchers[]={ matcher_init("dns_recursive", MCOST_APP+2, dnsr_validate, dns_compare, NULL), matcher_init("dns_iterative", MCOST_APP+2, dnsi_validate, dns_compare, NULL), matcher_null()};int PLUGIN_MATCHER (struct matcher_api *m){ object_check(m); if ( !m->matcher_add(dns_matchers) ) return PLUGIN_ERR_FAIL; return PLUGIN_ERR_OK;}int PLUGIN_INIT (struct plugin_in *in, struct plugin_out *out){ plugin_check(in, out); PLUGIN_ID("match.dns", "DNS matching routines"); PLUGIN_VERSION(0, 1); PLUGIN_AUTHOR("Gianni Tedesco", "gianni@scaramanga.co.uk"); PLUGIN_LICENSE("GPL"); return PLUGIN_ERR_OK;}int PLUGIN_UNLOAD (int code) { return PLUGIN_ERR_OK;}?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -