├── .gitignore ├── .gitmodules ├── Install.md ├── Makefile.dpdk ├── README.md ├── daq-2.0.6 ├── COPYING ├── ChangeLog ├── Makefile ├── Makefile.am ├── Makefile.in ├── README ├── aclocal.m4 ├── api │ ├── Makefile.am │ ├── Makefile.in │ ├── daq.h │ ├── daq_api.h │ ├── daq_base.c │ ├── daq_common.h │ └── daq_mod_ops.c ├── build.sh ├── compile ├── config.guess ├── config.h ├── config.h.in ├── config.sub ├── configure ├── configure.ac ├── daq.dsp ├── depcomp ├── install-sh ├── libtool ├── ltmain.sh ├── m4 │ ├── ax_cflags_gcc_option.m4 │ ├── libtool.m4 │ ├── ltoptions.m4 │ ├── ltsugar.m4 │ ├── ltversion.m4 │ ├── lt~obsolete.m4 │ └── sf.m4 ├── missing ├── os-daq-modules │ ├── Makefile │ ├── Makefile.am │ ├── Makefile.in │ ├── daq-modules-config │ ├── daq-modules-config.in │ ├── daq_afpacket.c │ ├── daq_dpdk.c │ ├── daq_dump.c │ ├── daq_ipfw.c │ ├── daq_ipq.c │ ├── daq_netmap.c │ ├── daq_netvm.c │ ├── daq_nfq.c │ ├── daq_pcap.c │ ├── daq_static_modules.c │ └── daq_static_modules.h └── sfbpf │ ├── IP6_misc.h │ ├── Makefile.am │ ├── Makefile.in │ ├── arcnet.h │ ├── atmuni31.h │ ├── bittypes.h │ ├── ethertype.h │ ├── gencode.h │ ├── grammar.y │ ├── ieee80211.h │ ├── ipnet.h │ ├── llc.h │ ├── namedb.h │ ├── nlpid.h │ ├── ppp.h │ ├── runlex.sh │ ├── scanner.l │ ├── sf-redefines.h │ ├── sf_bpf_filter.c │ ├── sf_bpf_printer.c │ ├── sf_gencode.c │ ├── sf_nametoaddr.c │ ├── sf_optimize.c │ ├── sfbpf-int.c │ ├── sfbpf-int.h │ ├── sfbpf.h │ ├── sfbpf_dlt.h │ ├── sll.h │ ├── sunatmpos.h │ └── win32-stdinc.h ├── install.sh ├── onvm-daq.png ├── patching-Makefile.sh ├── setenv.sh ├── snort-2.9.8.3 ├── COPYING ├── ChangeLog ├── LICENSE ├── Makefile.am ├── Makefile.in ├── RELEASE.NOTES ├── aclocal.m4 ├── build.sh ├── compile ├── config.guess ├── config.h.in ├── config.sub ├── configure ├── configure.in ├── depcomp ├── doc │ ├── AUTHORS │ ├── BUGS │ ├── CREDITS │ ├── INSTALL │ ├── Makefile.am │ ├── Makefile.in │ ├── NEWS │ ├── OpenDetectorDeveloperGuide.pdf │ ├── PROBLEMS │ ├── README │ ├── README.GTP │ ├── README.PLUGINS │ ├── README.PerfProfiling │ ├── README.SMTP │ ├── README.UNSOCK │ ├── README.WIN32 │ ├── README.active │ ├── README.alert_order │ ├── README.appid │ ├── README.asn1 │ ├── README.counts │ ├── README.csv │ ├── README.daq │ ├── README.dcerpc2 │ ├── README.decode │ ├── README.decoder_preproc_rules │ ├── README.dnp3 │ ├── README.dns │ ├── README.event_queue │ ├── README.file │ ├── README.file_ips │ ├── README.filters │ ├── README.flowbits │ ├── README.frag3 │ ├── README.ftptelnet │ ├── README.gre │ ├── README.ha │ ├── README.http_inspect │ ├── README.imap │ ├── README.ipip │ ├── README.ipv6 │ ├── README.modbus │ ├── README.multipleconfigs │ ├── README.normalize │ ├── README.pcap_readmode │ ├── README.pop │ ├── README.ppm │ ├── README.reload │ ├── README.reputation │ ├── README.sensitive_data │ ├── README.sfportscan │ ├── README.sip │ ├── README.ssh │ ├── README.ssl │ ├── README.stream5 │ ├── README.tag │ ├── README.thresholding │ ├── README.unified2 │ ├── README.variables │ ├── TODO │ ├── USAGE │ ├── WISHLIST │ ├── generators │ ├── snort_manual.pdf │ └── snort_manual.tex ├── etc │ ├── Makefile.am │ ├── Makefile.in │ ├── attribute_table.dtd │ ├── classification.config │ ├── file_magic.conf │ ├── gen-msg.map │ ├── reference.config │ ├── snort.conf │ ├── threshold.conf │ └── unicode.map ├── install-sh ├── ltmain.sh ├── m4 │ ├── Makefile.am │ ├── Makefile.in │ └── libprelude.m4 ├── missing ├── preproc_rules │ ├── Makefile.am │ ├── Makefile.in │ ├── decoder.rules │ ├── preprocessor.rules │ └── sensitive-data.rules ├── rpm │ ├── Makefile.am │ ├── Makefile.in │ ├── README.build_rpms │ ├── README.rpms │ ├── RPM-TODO │ ├── generate-all-rpms │ ├── snort.logrotate │ ├── snort.spec │ ├── snort.sysconfig │ └── snortd ├── simple-etc │ ├── attribute_table.dtd │ ├── classification.config │ ├── file_magic.conf │ ├── gen-msg.map │ ├── reference.config │ ├── rules │ │ ├── community.rules │ │ ├── iplists │ │ │ ├── black_list.rules │ │ │ └── white_list.rules │ │ ├── local.rules │ │ └── local.rules~ │ ├── sid-msg.map │ ├── snort-light.conf │ ├── snort.conf │ ├── threshold.conf │ └── unicode.map ├── snort.8 ├── snort.pc.in ├── src │ ├── Makefile.am │ ├── Makefile.in │ ├── active.c │ ├── active.h │ ├── appIdApi.h │ ├── build.h │ ├── byte_extract.c │ ├── byte_extract.h │ ├── cdefs.h │ ├── checksum.h │ ├── control │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── sfcontrol.c │ │ ├── sfcontrol.h │ │ └── sfcontrol_funcs.h │ ├── cpuclock.h │ ├── debug.c │ ├── decode.c │ ├── decode.h │ ├── detect.c │ ├── detect.h │ ├── detection-plugins │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── detection_leaf_node.c │ │ ├── detection_options.c │ │ ├── detection_options.h │ │ ├── sp_appid.c │ │ ├── sp_appid.h │ │ ├── sp_asn1.c │ │ ├── sp_asn1.h │ │ ├── sp_asn1_detect.c │ │ ├── sp_asn1_detect.h │ │ ├── sp_base64_data.c │ │ ├── sp_base64_data.h │ │ ├── sp_base64_decode.c │ │ ├── sp_base64_decode.h │ │ ├── sp_byte_check.c │ │ ├── sp_byte_check.h │ │ ├── sp_byte_extract.c │ │ ├── sp_byte_extract.h │ │ ├── sp_byte_jump.c │ │ ├── sp_byte_jump.h │ │ ├── sp_clientserver.c │ │ ├── sp_clientserver.h │ │ ├── sp_cvs.c │ │ ├── sp_cvs.h │ │ ├── sp_dsize_check.c │ │ ├── sp_dsize_check.h │ │ ├── sp_file_data.c │ │ ├── sp_file_data.h │ │ ├── sp_file_type.c │ │ ├── sp_file_type.h │ │ ├── sp_flowbits.c │ │ ├── sp_flowbits.h │ │ ├── sp_ftpbounce.c │ │ ├── sp_ftpbounce.h │ │ ├── sp_hdr_opt_wrap.c │ │ ├── sp_hdr_opt_wrap.h │ │ ├── sp_icmp_code_check.c │ │ ├── sp_icmp_code_check.h │ │ ├── sp_icmp_id_check.c │ │ ├── sp_icmp_id_check.h │ │ ├── sp_icmp_seq_check.c │ │ ├── sp_icmp_seq_check.h │ │ ├── sp_icmp_type_check.c │ │ ├── sp_icmp_type_check.h │ │ ├── sp_ip_fragbits.c │ │ ├── sp_ip_fragbits.h │ │ ├── sp_ip_id_check.c │ │ ├── sp_ip_id_check.h │ │ ├── sp_ip_proto.c │ │ ├── sp_ip_proto.h │ │ ├── sp_ip_same_check.c │ │ ├── sp_ip_same_check.h │ │ ├── sp_ip_tos_check.c │ │ ├── sp_ip_tos_check.h │ │ ├── sp_ipoption_check.c │ │ ├── sp_ipoption_check.h │ │ ├── sp_isdataat.c │ │ ├── sp_isdataat.h │ │ ├── sp_pattern_match.c │ │ ├── sp_pattern_match.h │ │ ├── sp_pcre.c │ │ ├── sp_pcre.h │ │ ├── sp_pkt_data.c │ │ ├── sp_pkt_data.h │ │ ├── sp_react.c │ │ ├── sp_react.h │ │ ├── sp_replace.c │ │ ├── sp_replace.h │ │ ├── sp_respond.h │ │ ├── sp_respond3.c │ │ ├── sp_rpc_check.c │ │ ├── sp_rpc_check.h │ │ ├── sp_session.c │ │ ├── sp_session.h │ │ ├── sp_tcp_ack_check.c │ │ ├── sp_tcp_ack_check.h │ │ ├── sp_tcp_flag_check.c │ │ ├── sp_tcp_flag_check.h │ │ ├── sp_tcp_seq_check.c │ │ ├── sp_tcp_seq_check.h │ │ ├── sp_tcp_win_check.c │ │ ├── sp_tcp_win_check.h │ │ ├── sp_ttl_check.c │ │ ├── sp_ttl_check.h │ │ ├── sp_urilen_check.c │ │ └── sp_urilen_check.h │ ├── detection_filter.c │ ├── detection_filter.h │ ├── detection_util.c │ ├── detection_util.h │ ├── dump.c │ ├── dump.h │ ├── dynamic-examples │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── dynamic-preprocessor │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── sf_preproc_info.h │ │ │ └── spp_example.c │ │ └── dynamic-rule │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── detection_lib_meta.h │ │ │ ├── rules.c │ │ │ ├── sid109.c │ │ │ └── sid637.c │ ├── dynamic-output │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── dynamic_output.dsp │ │ ├── libs │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── output_lib.c │ │ │ └── snort_output.pc.in │ │ └── plugins │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── output.h │ │ │ ├── output_api.h │ │ │ ├── output_base.c │ │ │ ├── output_common.h │ │ │ ├── output_lib.h │ │ │ └── output_plugin.c │ ├── dynamic-plugins │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── sf_convert_dynamic.c │ │ ├── sf_convert_dynamic.h │ │ ├── sf_dynamic_common.h │ │ ├── sf_dynamic_define.h │ │ ├── sf_dynamic_detection.h │ │ ├── sf_dynamic_engine.h │ │ ├── sf_dynamic_meta.h │ │ ├── sf_dynamic_plugins.c │ │ ├── sf_dynamic_preprocessor.h │ │ ├── sf_dynamic_side_channel.h │ │ ├── sf_engine │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── bmh.c │ │ │ ├── bmh.h │ │ │ ├── examples │ │ │ │ ├── Makefile.am │ │ │ │ ├── Makefile.in │ │ │ │ ├── sfsnort_dynamic_detection_lib.c │ │ │ │ └── sfsnort_dynamic_detection_lib.h │ │ │ ├── sf_decompression.c │ │ │ ├── sf_decompression.h │ │ │ ├── sf_snort_detection_engine.c │ │ │ ├── sf_snort_detection_engine.h │ │ │ ├── sf_snort_packet.h │ │ │ ├── sf_snort_plugin_api.c │ │ │ ├── sf_snort_plugin_api.h │ │ │ ├── sf_snort_plugin_byte.c │ │ │ ├── sf_snort_plugin_content.c │ │ │ ├── sf_snort_plugin_hdropts.c │ │ │ ├── sf_snort_plugin_loop.c │ │ │ ├── sf_snort_plugin_pcre.c │ │ │ └── sf_snort_plugin_rc4.c │ │ ├── sf_preproc_example │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── sf_dynamic_preproc_lib.c │ │ │ └── sf_dynamic_preproc_lib.h │ │ ├── sp_dynamic.c │ │ ├── sp_dynamic.h │ │ ├── sp_preprocopt.c │ │ └── sp_preprocopt.h │ ├── dynamic-preprocessors │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── appid │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── Makefile_defs │ │ │ ├── appId.c │ │ │ ├── appId.h │ │ │ ├── appIdApi.c │ │ │ ├── appIdConfig.c │ │ │ ├── appIdConfig.h │ │ │ ├── appIdStats.c │ │ │ ├── appIdStats.h │ │ │ ├── appInfoTable.c │ │ │ ├── appInfoTable.h │ │ │ ├── app_forecast.c │ │ │ ├── app_forecast.h │ │ │ ├── attribute.h │ │ │ ├── client_plugins │ │ │ │ ├── clientAppConfig.h │ │ │ │ ├── client_app_aim.c │ │ │ │ ├── client_app_aim.h │ │ │ │ ├── client_app_api.h │ │ │ │ ├── client_app_base.c │ │ │ │ ├── client_app_base.h │ │ │ │ ├── client_app_bit.c │ │ │ │ ├── client_app_bit_tracker.c │ │ │ │ ├── client_app_msn.c │ │ │ │ ├── client_app_msn.h │ │ │ │ ├── client_app_rtp.c │ │ │ │ ├── client_app_smtp.c │ │ │ │ ├── client_app_smtp.h │ │ │ │ ├── client_app_ssh.c │ │ │ │ ├── client_app_timbuktu.c │ │ │ │ ├── client_app_tns.c │ │ │ │ ├── client_app_vnc.c │ │ │ │ ├── client_app_ym.c │ │ │ │ └── client_app_ym.h │ │ │ ├── commonAppMatcher.c │ │ │ ├── commonAppMatcher.h │ │ │ ├── detector_plugins │ │ │ │ ├── detector_api.h │ │ │ │ ├── detector_base.c │ │ │ │ ├── detector_base.h │ │ │ │ ├── detector_dns.c │ │ │ │ ├── detector_dns.h │ │ │ │ ├── detector_http.c │ │ │ │ ├── detector_http.h │ │ │ │ ├── detector_imap.c │ │ │ │ ├── detector_kerberos.c │ │ │ │ ├── detector_pattern.c │ │ │ │ ├── detector_pattern.h │ │ │ │ ├── detector_pop3.c │ │ │ │ ├── detector_sip.c │ │ │ │ ├── detector_sip.h │ │ │ │ ├── http_url_patterns.c │ │ │ │ └── http_url_patterns.h │ │ │ ├── dns_defs.h │ │ │ ├── flow.c │ │ │ ├── flow.h │ │ │ ├── flow_error.h │ │ │ ├── fw_appid.c │ │ │ ├── fw_appid.h │ │ │ ├── hostPortAppCache.c │ │ │ ├── hostPortAppCache.h │ │ │ ├── httpCommon.h │ │ │ ├── lengthAppCache.c │ │ │ ├── lengthAppCache.h │ │ │ ├── luaDetectorApi.c │ │ │ ├── luaDetectorApi.h │ │ │ ├── luaDetectorFlowApi.c │ │ │ ├── luaDetectorFlowApi.h │ │ │ ├── luaDetectorModule.c │ │ │ ├── luaDetectorModule.h │ │ │ ├── service_plugins │ │ │ │ ├── dcerpc.c │ │ │ │ ├── dcerpc.h │ │ │ │ ├── serviceConfig.h │ │ │ │ ├── service_MDNS.c │ │ │ │ ├── service_MDNS.h │ │ │ │ ├── service_api.h │ │ │ │ ├── service_base.c │ │ │ │ ├── service_base.h │ │ │ │ ├── service_battle_field.c │ │ │ │ ├── service_battle_field.h │ │ │ │ ├── service_bgp.c │ │ │ │ ├── service_bgp.h │ │ │ │ ├── service_bit.c │ │ │ │ ├── service_bootp.c │ │ │ │ ├── service_bootp.h │ │ │ │ ├── service_dcerpc.c │ │ │ │ ├── service_dcerpc.h │ │ │ │ ├── service_direct_connect.c │ │ │ │ ├── service_direct_connect.h │ │ │ │ ├── service_flap.c │ │ │ │ ├── service_flap.h │ │ │ │ ├── service_ftp.c │ │ │ │ ├── service_ftp.h │ │ │ │ ├── service_irc.c │ │ │ │ ├── service_irc.h │ │ │ │ ├── service_lpr.c │ │ │ │ ├── service_lpr.h │ │ │ │ ├── service_mysql.c │ │ │ │ ├── service_mysql.h │ │ │ │ ├── service_netbios.c │ │ │ │ ├── service_netbios.h │ │ │ │ ├── service_nntp.c │ │ │ │ ├── service_nntp.h │ │ │ │ ├── service_ntp.c │ │ │ │ ├── service_ntp.h │ │ │ │ ├── service_radius.c │ │ │ │ ├── service_radius.h │ │ │ │ ├── service_rexec.c │ │ │ │ ├── service_rexec.h │ │ │ │ ├── service_rfb.c │ │ │ │ ├── service_rfb.h │ │ │ │ ├── service_rlogin.c │ │ │ │ ├── service_rlogin.h │ │ │ │ ├── service_rpc.c │ │ │ │ ├── service_rpc.h │ │ │ │ ├── service_rshell.c │ │ │ │ ├── service_rshell.h │ │ │ │ ├── service_rsync.c │ │ │ │ ├── service_rsync.h │ │ │ │ ├── service_rtmp.c │ │ │ │ ├── service_rtmp.h │ │ │ │ ├── service_smtp.c │ │ │ │ ├── service_smtp.h │ │ │ │ ├── service_snmp.c │ │ │ │ ├── service_snmp.h │ │ │ │ ├── service_ssh.c │ │ │ │ ├── service_ssh.h │ │ │ │ ├── service_ssl.c │ │ │ │ ├── service_ssl.h │ │ │ │ ├── service_telnet.c │ │ │ │ ├── service_telnet.h │ │ │ │ ├── service_tftp.c │ │ │ │ ├── service_tftp.h │ │ │ │ ├── service_timbuktu.c │ │ │ │ ├── service_tns.c │ │ │ │ └── service_util.h │ │ │ ├── service_state.c │ │ │ ├── service_state.h │ │ │ ├── spp_appid.c │ │ │ ├── spp_appid.h │ │ │ ├── thirdparty_appid_api.h │ │ │ ├── thirdparty_appid_types.h │ │ │ ├── thirdparty_appid_utils.c │ │ │ ├── thirdparty_appid_utils.h │ │ │ └── util │ │ │ │ ├── NetworkSet.c │ │ │ │ ├── NetworkSet.h │ │ │ │ ├── OutputFile.c │ │ │ │ ├── OutputFile.h │ │ │ │ ├── common_util.c │ │ │ │ ├── common_util.h │ │ │ │ ├── fw_avltree.c │ │ │ │ ├── fw_avltree.h │ │ │ │ ├── ip_funcs.c │ │ │ │ ├── ip_funcs.h │ │ │ │ ├── sf_mlmp.c │ │ │ │ ├── sf_mlmp.h │ │ │ │ ├── sf_multi_mpse.c │ │ │ │ ├── sf_multi_mpse.h │ │ │ │ ├── sfutil.c │ │ │ │ └── sfutil.h │ │ ├── dcerpc2 │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── dce2_cl.c │ │ │ ├── dce2_cl.h │ │ │ ├── dce2_co.c │ │ │ ├── dce2_co.h │ │ │ ├── dce2_config.c │ │ │ ├── dce2_config.h │ │ │ ├── dce2_debug.c │ │ │ ├── dce2_debug.h │ │ │ ├── dce2_event.c │ │ │ ├── dce2_event.h │ │ │ ├── dce2_http.c │ │ │ ├── dce2_http.h │ │ │ ├── dce2_list.c │ │ │ ├── dce2_list.h │ │ │ ├── dce2_memory.c │ │ │ ├── dce2_memory.h │ │ │ ├── dce2_paf.c │ │ │ ├── dce2_paf.h │ │ │ ├── dce2_roptions.c │ │ │ ├── dce2_roptions.h │ │ │ ├── dce2_session.h │ │ │ ├── dce2_smb.c │ │ │ ├── dce2_smb.h │ │ │ ├── dce2_smb2.c │ │ │ ├── dce2_smb2.h │ │ │ ├── dce2_stats.c │ │ │ ├── dce2_stats.h │ │ │ ├── dce2_tcp.c │ │ │ ├── dce2_tcp.h │ │ │ ├── dce2_udp.c │ │ │ ├── dce2_udp.h │ │ │ ├── dce2_utils.c │ │ │ ├── dce2_utils.h │ │ │ ├── includes │ │ │ │ ├── dcerpc.h │ │ │ │ └── smb.h │ │ │ ├── sf_dce2.dsp │ │ │ ├── snort_dce2.c │ │ │ ├── snort_dce2.h │ │ │ ├── spp_dce2.c │ │ │ └── spp_dce2.h │ │ ├── dnp3 │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── dnp3_map.c │ │ │ ├── dnp3_map.h │ │ │ ├── dnp3_paf.c │ │ │ ├── dnp3_paf.h │ │ │ ├── dnp3_reassembly.c │ │ │ ├── dnp3_reassembly.h │ │ │ ├── dnp3_roptions.c │ │ │ ├── dnp3_roptions.h │ │ │ ├── sf_dnp3.dsp │ │ │ ├── spp_dnp3.c │ │ │ └── spp_dnp3.h │ │ ├── dns │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── sf_dns.dsp │ │ │ ├── spp_dns.c │ │ │ └── spp_dns.h │ │ ├── dynamic_preprocessors.dsp │ │ ├── file │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── file_agent.c │ │ │ ├── file_agent.h │ │ │ ├── file_event_log.c │ │ │ ├── file_event_log.h │ │ │ ├── file_inspect_config.c │ │ │ ├── file_inspect_config.h │ │ │ ├── file_sha.c │ │ │ ├── file_sha.h │ │ │ ├── include │ │ │ │ ├── circular_buffer.c │ │ │ │ └── output_lib.c │ │ │ ├── sf_file.dsp │ │ │ ├── spp_file.c │ │ │ └── spp_file.h │ │ ├── ftptelnet │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── ftp_bounce_lookup.c │ │ │ ├── ftp_bounce_lookup.h │ │ │ ├── ftp_client.h │ │ │ ├── ftp_cmd_lookup.c │ │ │ ├── ftp_cmd_lookup.h │ │ │ ├── ftp_server.h │ │ │ ├── ftpp_eo.h │ │ │ ├── ftpp_eo_events.h │ │ │ ├── ftpp_eo_log.c │ │ │ ├── ftpp_eo_log.h │ │ │ ├── ftpp_include.h │ │ │ ├── ftpp_return_codes.h │ │ │ ├── ftpp_si.c │ │ │ ├── ftpp_si.h │ │ │ ├── ftpp_ui_client_lookup.c │ │ │ ├── ftpp_ui_client_lookup.h │ │ │ ├── ftpp_ui_config.c │ │ │ ├── ftpp_ui_config.h │ │ │ ├── ftpp_ui_server_lookup.c │ │ │ ├── ftpp_ui_server_lookup.h │ │ │ ├── hi_util_kmap.c │ │ │ ├── hi_util_kmap.h │ │ │ ├── hi_util_xmalloc.c │ │ │ ├── hi_util_xmalloc.h │ │ │ ├── pp_ftp.c │ │ │ ├── pp_ftp.h │ │ │ ├── pp_telnet.c │ │ │ ├── pp_telnet.h │ │ │ ├── sf_ftptelnet.dsp │ │ │ ├── snort_ftptelnet.c │ │ │ ├── snort_ftptelnet.h │ │ │ ├── spp_ftptelnet.c │ │ │ └── spp_ftptelnet.h │ │ ├── gtp │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── gtp_config.c │ │ │ ├── gtp_config.h │ │ │ ├── gtp_debug.h │ │ │ ├── gtp_parser.c │ │ │ ├── gtp_parser.h │ │ │ ├── gtp_roptions.c │ │ │ ├── gtp_roptions.h │ │ │ ├── sf_gtp.dsp │ │ │ ├── spp_gtp.c │ │ │ └── spp_gtp.h │ │ ├── imap │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── imap_config.c │ │ │ ├── imap_config.h │ │ │ ├── imap_log.c │ │ │ ├── imap_log.h │ │ │ ├── imap_paf.c │ │ │ ├── imap_paf.h │ │ │ ├── imap_util.c │ │ │ ├── imap_util.h │ │ │ ├── sf_imap.dsp │ │ │ ├── snort_imap.c │ │ │ ├── snort_imap.h │ │ │ ├── spp_imap.c │ │ │ └── spp_imap.h │ │ ├── libs │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── sf_preproc_info.h │ │ │ ├── sfcommon.h │ │ │ ├── sfdynamic_preproc_libs.dsp │ │ │ ├── sfparser.c │ │ │ └── snort_preproc.pc.in │ │ ├── modbus │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── modbus_decode.c │ │ │ ├── modbus_decode.h │ │ │ ├── modbus_paf.c │ │ │ ├── modbus_paf.h │ │ │ ├── modbus_roptions.c │ │ │ ├── modbus_roptions.h │ │ │ ├── sf_modbus.dsp │ │ │ ├── spp_modbus.c │ │ │ └── spp_modbus.h │ │ ├── pop │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── pop_config.c │ │ │ ├── pop_config.h │ │ │ ├── pop_log.c │ │ │ ├── pop_log.h │ │ │ ├── pop_paf.c │ │ │ ├── pop_paf.h │ │ │ ├── pop_util.c │ │ │ ├── pop_util.h │ │ │ ├── sf_pop.dsp │ │ │ ├── snort_pop.c │ │ │ ├── snort_pop.h │ │ │ ├── spp_pop.c │ │ │ └── spp_pop.h │ │ ├── reputation │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── reputation_config.c │ │ │ ├── reputation_config.h │ │ │ ├── reputation_debug.h │ │ │ ├── reputation_utils.c │ │ │ ├── reputation_utils.h │ │ │ ├── sf_reputation.dsp │ │ │ ├── shmem │ │ │ │ ├── sflinux_helpers.c │ │ │ │ ├── sflinux_helpers.h │ │ │ │ ├── shmem_common.h │ │ │ │ ├── shmem_config.c │ │ │ │ ├── shmem_config.h │ │ │ │ ├── shmem_datamgmt.c │ │ │ │ ├── shmem_datamgmt.h │ │ │ │ ├── shmem_lib.c │ │ │ │ ├── shmem_lib.h │ │ │ │ ├── shmem_mgmt.c │ │ │ │ └── shmem_mgmt.h │ │ │ ├── spp_reputation.c │ │ │ └── spp_reputation.h │ │ ├── sdf │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── sdf_credit_card.c │ │ │ ├── sdf_credit_card.h │ │ │ ├── sdf_detection_option.c │ │ │ ├── sdf_detection_option.h │ │ │ ├── sdf_pattern_match.c │ │ │ ├── sdf_pattern_match.h │ │ │ ├── sdf_us_ssn.c │ │ │ ├── sdf_us_ssn.h │ │ │ ├── sf_sdf.dsp │ │ │ ├── spp_sdf.c │ │ │ └── spp_sdf.h │ │ ├── sf_dynamic_initialize │ │ │ └── sf_dynamic_initialize.dsp │ │ ├── sip │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── sf_sip.dsp │ │ │ ├── sip_config.c │ │ │ ├── sip_config.h │ │ │ ├── sip_debug.h │ │ │ ├── sip_dialog.c │ │ │ ├── sip_dialog.h │ │ │ ├── sip_paf.c │ │ │ ├── sip_paf.h │ │ │ ├── sip_parser.c │ │ │ ├── sip_parser.h │ │ │ ├── sip_roptions.c │ │ │ ├── sip_roptions.h │ │ │ ├── sip_utils.c │ │ │ ├── sip_utils.h │ │ │ ├── spp_sip.c │ │ │ └── spp_sip.h │ │ ├── smtp │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── sf_smtp.dsp │ │ │ ├── smtp_config.c │ │ │ ├── smtp_config.h │ │ │ ├── smtp_log.c │ │ │ ├── smtp_log.h │ │ │ ├── smtp_normalize.c │ │ │ ├── smtp_normalize.h │ │ │ ├── smtp_paf.c │ │ │ ├── smtp_paf.h │ │ │ ├── smtp_util.c │ │ │ ├── smtp_util.h │ │ │ ├── smtp_xlink2state.c │ │ │ ├── smtp_xlink2state.h │ │ │ ├── snort_smtp.c │ │ │ ├── snort_smtp.h │ │ │ ├── spp_smtp.c │ │ │ └── spp_smtp.h │ │ ├── ssh │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── sf_ssh.dsp │ │ │ ├── spp_ssh.c │ │ │ └── spp_ssh.h │ │ ├── ssl │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── sf_ssl.dsp │ │ │ ├── ssl_setup.c │ │ │ └── ssl_setup.h │ │ ├── ssl_common │ │ │ ├── ssl.c │ │ │ ├── ssl.h │ │ │ ├── ssl_config.c │ │ │ ├── ssl_config.h │ │ │ ├── ssl_ha.c │ │ │ ├── ssl_ha.h │ │ │ ├── ssl_include.h │ │ │ ├── ssl_inspect.c │ │ │ ├── ssl_inspect.h │ │ │ └── ssl_session.h │ │ └── treenodes.sed │ ├── encode.c │ ├── encode.h │ ├── event.h │ ├── event_queue.c │ ├── event_queue.h │ ├── event_wrapper.c │ ├── event_wrapper.h │ ├── file-process │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── circular_buffer.c │ │ ├── circular_buffer.h │ │ ├── file_api.h │ │ ├── file_capture.c │ │ ├── file_capture.h │ │ ├── file_mail_common.h │ │ ├── file_mempool.c │ │ ├── file_mempool.h │ │ ├── file_mime_config.c │ │ ├── file_mime_config.h │ │ ├── file_mime_process.c │ │ ├── file_mime_process.h │ │ ├── file_resume_block.c │ │ ├── file_resume_block.h │ │ ├── file_segment_process.c │ │ ├── file_segment_process.h │ │ ├── file_service.c │ │ ├── file_service.h │ │ ├── file_service_config.c │ │ ├── file_service_config.h │ │ ├── file_stats.c │ │ ├── file_stats.h │ │ └── libs │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── file_config.c │ │ │ ├── file_config.h │ │ │ ├── file_identifier.c │ │ │ ├── file_identifier.h │ │ │ ├── file_lib.c │ │ │ └── file_lib.h │ ├── fpcreate.c │ ├── fpcreate.h │ ├── fpdetect.c │ ├── fpdetect.h │ ├── generators.h │ ├── hashstring.c │ ├── hashstring.h │ ├── idle_processing.c │ ├── idle_processing.h │ ├── idle_processing_funcs.h │ ├── ipv6_port.h │ ├── log.c │ ├── log.h │ ├── log_text.c │ ├── log_text.h │ ├── mempool.c │ ├── mempool.h │ ├── mstring.c │ ├── mstring.h │ ├── obfuscation.c │ ├── obfuscation.h │ ├── output-plugins │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── spo_alert_fast.c │ │ ├── spo_alert_fast.h │ │ ├── spo_alert_full.c │ │ ├── spo_alert_full.h │ │ ├── spo_alert_sf_socket.c │ │ ├── spo_alert_sf_socket.h │ │ ├── spo_alert_syslog.c │ │ ├── spo_alert_syslog.h │ │ ├── spo_alert_test.c │ │ ├── spo_alert_test.h │ │ ├── spo_alert_unixsock.c │ │ ├── spo_alert_unixsock.h │ │ ├── spo_csv.c │ │ ├── spo_csv.h │ │ ├── spo_log_ascii.c │ │ ├── spo_log_ascii.h │ │ ├── spo_log_null.c │ │ ├── spo_log_null.h │ │ ├── spo_log_tcpdump.c │ │ ├── spo_log_tcpdump.h │ │ ├── spo_unified2.c │ │ └── spo_unified2.h │ ├── packet_time.c │ ├── packet_time.h │ ├── parser.c │ ├── parser.h │ ├── parser │ │ ├── IpAddrSet.c │ │ ├── IpAddrSet.h │ │ ├── Makefile.am │ │ └── Makefile.in │ ├── pcap_pkthdr32.h │ ├── pcrm.c │ ├── pcrm.h │ ├── plugbase.c │ ├── plugbase.h │ ├── plugin_enum.h │ ├── ppm.c │ ├── ppm.h │ ├── preprocessors │ │ ├── HttpInspect │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── anomaly_detection │ │ │ │ ├── Makefile.am │ │ │ │ ├── Makefile.in │ │ │ │ └── hi_ad.c │ │ │ ├── client │ │ │ │ ├── Makefile.am │ │ │ │ ├── Makefile.in │ │ │ │ ├── hi_client.c │ │ │ │ └── hi_client_norm.c │ │ │ ├── event_output │ │ │ │ ├── Makefile.am │ │ │ │ ├── Makefile.in │ │ │ │ └── hi_eo_log.c │ │ │ ├── files │ │ │ │ ├── Makefile.am │ │ │ │ ├── Makefile.in │ │ │ │ ├── file_decomp.c │ │ │ │ ├── file_decomp_PDF.c │ │ │ │ └── file_decomp_SWF.c │ │ │ ├── include │ │ │ │ ├── Makefile.am │ │ │ │ ├── Makefile.in │ │ │ │ ├── file_decomp.h │ │ │ │ ├── file_decomp_PDF.h │ │ │ │ ├── file_decomp_SWF.h │ │ │ │ ├── hi_ad.h │ │ │ │ ├── hi_client.h │ │ │ │ ├── hi_client_norm.h │ │ │ │ ├── hi_client_stateful.h │ │ │ │ ├── hi_cmd_lookup.h │ │ │ │ ├── hi_eo.h │ │ │ │ ├── hi_eo_events.h │ │ │ │ ├── hi_eo_log.h │ │ │ │ ├── hi_include.h │ │ │ │ ├── hi_mi.h │ │ │ │ ├── hi_norm.h │ │ │ │ ├── hi_paf.h │ │ │ │ ├── hi_reqmethod_check.h │ │ │ │ ├── hi_return_codes.h │ │ │ │ ├── hi_server.h │ │ │ │ ├── hi_server_norm.h │ │ │ │ ├── hi_si.h │ │ │ │ ├── hi_stateful_inspect.h │ │ │ │ ├── hi_ui_config.h │ │ │ │ ├── hi_ui_iis_unicode_map.h │ │ │ │ ├── hi_ui_server_lookup.h │ │ │ │ ├── hi_uri.h │ │ │ │ ├── hi_util.h │ │ │ │ ├── hi_util_hbm.h │ │ │ │ ├── hi_util_kmap.h │ │ │ │ └── hi_util_xmalloc.h │ │ │ ├── mode_inspection │ │ │ │ ├── Makefile.am │ │ │ │ ├── Makefile.in │ │ │ │ └── hi_mi.c │ │ │ ├── normalization │ │ │ │ ├── Makefile.am │ │ │ │ ├── Makefile.in │ │ │ │ └── hi_norm.c │ │ │ ├── server │ │ │ │ ├── Makefile.am │ │ │ │ ├── Makefile.in │ │ │ │ ├── hi_server.c │ │ │ │ └── hi_server_norm.c │ │ │ ├── session_inspection │ │ │ │ ├── Makefile.am │ │ │ │ ├── Makefile.in │ │ │ │ └── hi_si.c │ │ │ ├── user_interface │ │ │ │ ├── Makefile.am │ │ │ │ ├── Makefile.in │ │ │ │ ├── hi_ui_config.c │ │ │ │ ├── hi_ui_iis_unicode_map.c │ │ │ │ └── hi_ui_server_lookup.c │ │ │ └── utils │ │ │ │ ├── Makefile.am │ │ │ │ ├── Makefile.in │ │ │ │ ├── hi_cmd_lookup.c │ │ │ │ ├── hi_paf.c │ │ │ │ ├── hi_util_hbm.c │ │ │ │ ├── hi_util_kmap.c │ │ │ │ └── hi_util_xmalloc.c │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── Session │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── session_common.c │ │ │ ├── session_common.h │ │ │ ├── session_expect.c │ │ │ ├── session_expect.h │ │ │ ├── snort_session.c │ │ │ ├── snort_session.h │ │ │ ├── stream5_ha.c │ │ │ └── stream5_ha.h │ │ ├── Stream6 │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── snort_stream_icmp.c │ │ │ ├── snort_stream_icmp.h │ │ │ ├── snort_stream_ip.c │ │ │ ├── snort_stream_ip.h │ │ │ ├── snort_stream_tcp.c │ │ │ ├── snort_stream_tcp.h │ │ │ ├── snort_stream_udp.c │ │ │ ├── snort_stream_udp.h │ │ │ ├── stream_common.c │ │ │ ├── stream_common.h │ │ │ ├── stream_paf.c │ │ │ └── stream_paf.h │ │ ├── normalize.c │ │ ├── normalize.h │ │ ├── perf-base.c │ │ ├── perf-base.h │ │ ├── perf-event.c │ │ ├── perf-event.h │ │ ├── perf-flow.c │ │ ├── perf-flow.h │ │ ├── perf.c │ │ ├── perf.h │ │ ├── perf_indicators.c │ │ ├── perf_indicators.h │ │ ├── portscan.c │ │ ├── portscan.h │ │ ├── session_api.c │ │ ├── session_api.h │ │ ├── sfprocpidstats.c │ │ ├── sfprocpidstats.h │ │ ├── sip_common.h │ │ ├── snort_httpinspect.c │ │ ├── snort_httpinspect.h │ │ ├── spp_arpspoof.c │ │ ├── spp_arpspoof.h │ │ ├── spp_bo.c │ │ ├── spp_bo.h │ │ ├── spp_frag3.c │ │ ├── spp_frag3.h │ │ ├── spp_httpinspect.c │ │ ├── spp_httpinspect.h │ │ ├── spp_normalize.c │ │ ├── spp_normalize.h │ │ ├── spp_perfmonitor.c │ │ ├── spp_perfmonitor.h │ │ ├── spp_rpc_decode.c │ │ ├── spp_rpc_decode.h │ │ ├── spp_session.c │ │ ├── spp_session.h │ │ ├── spp_sfportscan.c │ │ ├── spp_sfportscan.h │ │ ├── spp_stream6.c │ │ ├── spp_stream6.h │ │ ├── str_search.c │ │ ├── str_search.h │ │ ├── stream_api.c │ │ └── stream_api.h │ ├── preprocids.h │ ├── profiler.c │ ├── profiler.h │ ├── rate_filter.c │ ├── rate_filter.h │ ├── rule_option_types.h │ ├── rules.h │ ├── sf_protocols.h │ ├── sf_sdlist.c │ ├── sf_sdlist.h │ ├── sf_sdlist_types.h │ ├── sf_types.h │ ├── sfdaq.c │ ├── sfdaq.h │ ├── sfthreshold.c │ ├── sfthreshold.h │ ├── sfutil │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── Unified2_common.h │ │ ├── acsmx.c │ │ ├── acsmx.h │ │ ├── acsmx2.c │ │ ├── acsmx2.h │ │ ├── asn1.c │ │ ├── asn1.h │ │ ├── bitop.h │ │ ├── bitop_funcs.h │ │ ├── bnfa_search.c │ │ ├── bnfa_search.h │ │ ├── getopt.h │ │ ├── getopt1.h │ │ ├── getopt_long.c │ │ ├── intel-soft-cpm.c │ │ ├── intel-soft-cpm.h │ │ ├── ipobj.c │ │ ├── ipobj.h │ │ ├── md5.c │ │ ├── md5.h │ │ ├── mpse.c │ │ ├── mpse.h │ │ ├── mpse_methods.h │ │ ├── segment_mem.c │ │ ├── segment_mem.h │ │ ├── sfActionQueue.c │ │ ├── sfActionQueue.h │ │ ├── sfPolicy.c │ │ ├── sfPolicy.h │ │ ├── sfPolicyData.h │ │ ├── sfPolicyUserData.c │ │ ├── sfPolicyUserData.h │ │ ├── sf_base64decode.c │ │ ├── sf_base64decode.h │ │ ├── sf_email_attach_decode.c │ │ ├── sf_email_attach_decode.h │ │ ├── sf_ip.c │ │ ├── sf_ip.h │ │ ├── sf_iph.c │ │ ├── sf_iph.h │ │ ├── sf_ipvar.c │ │ ├── sf_ipvar.h │ │ ├── sf_sechash.c │ │ ├── sf_sechash.h │ │ ├── sf_seqnums.h │ │ ├── sf_textlog.c │ │ ├── sf_textlog.h │ │ ├── sf_vartable.c │ │ ├── sf_vartable.h │ │ ├── sfdebug.h │ │ ├── sfeventq.c │ │ ├── sfeventq.h │ │ ├── sfghash.c │ │ ├── sfghash.h │ │ ├── sfhashfcn.c │ │ ├── sfhashfcn.h │ │ ├── sfksearch.c │ │ ├── sfksearch.h │ │ ├── sflsq.c │ │ ├── sflsq.h │ │ ├── sfmemcap.c │ │ ├── sfmemcap.h │ │ ├── sfportobject.c │ │ ├── sfportobject.h │ │ ├── sfprimetable.c │ │ ├── sfprimetable.h │ │ ├── sfrf.c │ │ ├── sfrf.h │ │ ├── sfrim.c │ │ ├── sfrim.h │ │ ├── sfrt.c │ │ ├── sfrt.h │ │ ├── sfrt_dir.c │ │ ├── sfrt_dir.h │ │ ├── sfrt_flat.c │ │ ├── sfrt_flat.h │ │ ├── sfrt_flat_dir.c │ │ ├── sfrt_flat_dir.h │ │ ├── sfrt_trie.h │ │ ├── sfsnprintfappend.c │ │ ├── sfsnprintfappend.h │ │ ├── sfthd.c │ │ ├── sfthd.h │ │ ├── sfxhash.c │ │ ├── sfxhash.h │ │ ├── sha2.c │ │ ├── sha2.h │ │ ├── strvec.c │ │ ├── strvec.h │ │ ├── util_jsnorm.c │ │ ├── util_jsnorm.h │ │ ├── util_math.c │ │ ├── util_math.h │ │ ├── util_net.c │ │ ├── util_net.h │ │ ├── util_str.c │ │ ├── util_str.h │ │ ├── util_unfold.c │ │ ├── util_unfold.h │ │ ├── util_utf.c │ │ └── util_utf.h │ ├── side-channel │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── dmq.c │ │ ├── dmq.h │ │ ├── dynamic-plugins │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── sf_dynamic_side_channel_lib.c │ │ │ ├── sf_dynamic_side_channel_lib.h │ │ │ ├── sf_side_channel_info.h │ │ │ └── snort_side_channel.pc.in │ │ ├── plugins │ │ │ ├── Makefile.am │ │ │ ├── Makefile.in │ │ │ ├── sscm_logger.c │ │ │ └── sscm_logger.h │ │ ├── rbmq.c │ │ ├── rbmq.h │ │ ├── sidechannel.c │ │ ├── sidechannel.h │ │ └── sidechannel_define.h │ ├── signature.c │ ├── signature.h │ ├── snort.c │ ├── snort.h │ ├── snort_bounds.h │ ├── snort_debug.h │ ├── snprintf.c │ ├── snprintf.h │ ├── spo_plugbase.h │ ├── strlcatu.c │ ├── strlcatu.h │ ├── strlcpyu.c │ ├── strlcpyu.h │ ├── tag.c │ ├── tag.h │ ├── target-based │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── sf_attribute_table.y │ │ ├── sf_attribute_table_parser.l │ │ ├── sftarget_hostentry.c │ │ ├── sftarget_hostentry.h │ │ ├── sftarget_protocol_reference.c │ │ ├── sftarget_protocol_reference.h │ │ ├── sftarget_reader.c │ │ └── sftarget_reader.h │ ├── timersub.h │ ├── treenodes.h │ ├── util.c │ ├── util.h │ └── win32 │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── WIN32-Code │ │ ├── MSG00001.bin │ │ ├── getopt.c │ │ ├── getopt_long.c │ │ ├── inet_aton.c │ │ ├── inet_pton.c │ │ ├── misc.c │ │ ├── name.aps │ │ ├── name.h │ │ ├── name.mc │ │ ├── name.rc │ │ ├── strtok_r.c │ │ ├── syslog.c │ │ └── win32_service.c │ │ ├── WIN32-Includes │ │ ├── NET │ │ │ └── Bpf.h │ │ ├── NETINET │ │ │ ├── IF_ETHER.H │ │ │ ├── IN_SYSTM.H │ │ │ ├── IP.H │ │ │ ├── IP_ICMP.H │ │ │ ├── IP_VAR.H │ │ │ ├── TCP.H │ │ │ ├── TCPIP.H │ │ │ ├── TCP_VAR.H │ │ │ ├── UDP.H │ │ │ └── UDP_VAR.H │ │ ├── WinPCAP │ │ │ ├── Devioctl.h │ │ │ ├── Gnuc.h │ │ │ ├── Ntddndis.h │ │ │ ├── Ntddpack.h │ │ │ ├── Packet32.h │ │ │ ├── Win32-Extensions.h │ │ │ ├── bittypes.h │ │ │ ├── bucket_lookup.h │ │ │ ├── count_packets.h │ │ │ ├── ip6_misc.h │ │ │ ├── memory_t.h │ │ │ ├── normal_lookup.h │ │ │ ├── pcap-bpf.h │ │ │ ├── pcap-int.h │ │ │ ├── pcap-namedb.h │ │ │ ├── pcap-stdinc.h │ │ │ ├── pcap.h │ │ │ ├── pcap │ │ │ │ ├── bluetooth.h │ │ │ │ ├── bpf.h │ │ │ │ ├── namedb.h │ │ │ │ ├── pcap.h │ │ │ │ ├── sll.h │ │ │ │ ├── usb.h │ │ │ │ └── vlan.h │ │ │ ├── pthread.h │ │ │ ├── remote-ext.h │ │ │ ├── sched.h │ │ │ ├── semaphore.h │ │ │ ├── tcp_session.h │ │ │ ├── time_calls.h │ │ │ └── tme.h │ │ ├── config.h │ │ ├── getopt.h │ │ ├── getopt1.h │ │ ├── gnuc.h │ │ ├── inttypes.h │ │ ├── libdnet │ │ │ ├── dnet.h │ │ │ └── dnet │ │ │ │ ├── addr.h │ │ │ │ ├── arp.h │ │ │ │ ├── blob.h │ │ │ │ ├── eth.h │ │ │ │ ├── fw.h │ │ │ │ ├── icmp.h │ │ │ │ ├── intf.h │ │ │ │ ├── ip.h │ │ │ │ ├── ip6.h │ │ │ │ ├── os.h │ │ │ │ ├── rand.h │ │ │ │ ├── route.h │ │ │ │ ├── tcp.h │ │ │ │ ├── tun.h │ │ │ │ └── udp.h │ │ ├── pcre.h │ │ ├── pcreposix.h │ │ ├── rpc │ │ │ ├── auth.h │ │ │ ├── auth_unix.h │ │ │ ├── clnt.h │ │ │ ├── pmap_clnt.h │ │ │ ├── pmap_prot.h │ │ │ ├── pmap_rmt.h │ │ │ ├── rpc.h │ │ │ ├── rpc_des.h │ │ │ ├── rpc_msg.h │ │ │ ├── svc.h │ │ │ ├── svc_auth.h │ │ │ ├── types.h │ │ │ └── xdr.h │ │ ├── stdint.h │ │ ├── syslog.h │ │ ├── unistd.h │ │ └── zlib │ │ │ ├── zconf.h │ │ │ └── zlib.h │ │ ├── WIN32-Libraries │ │ ├── .cvswrappers │ │ ├── Packet.lib │ │ ├── libdnet │ │ │ └── dnet.lib │ │ ├── pcre.lib │ │ ├── wpcap.lib │ │ ├── zlib.lib │ │ └── zlib1.lib │ │ └── WIN32-Prj │ │ ├── LibnetNT.dll │ │ ├── Packet.dll │ │ ├── WanPacket.dll │ │ ├── build_all.dsp │ │ ├── build_releases.bat │ │ ├── npptools.dll │ │ ├── ntwdblib.dll │ │ ├── pcre.dll │ │ ├── sf_engine.dsp │ │ ├── sf_engine_initialize.dsp │ │ ├── snort.dep │ │ ├── snort.dsp │ │ ├── snort.dsw │ │ ├── snort_initialize.dsp │ │ ├── snort_installer.nsi │ │ ├── snort_installer_options.ini │ │ ├── wpcap.dll │ │ └── zlib1.dll ├── templates │ ├── Makefile.am │ ├── Makefile.in │ ├── sp_template.c │ ├── sp_template.h │ ├── spp_template.c │ └── spp_template.h ├── tools │ ├── Makefile.am │ ├── Makefile.in │ ├── appid_detector_builder.sh │ ├── control │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── README.snort_control │ │ ├── README.snort_dump_packets_control │ │ ├── sfcontrol.c │ │ └── snort_dump_packets.c │ ├── file_server │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── README.file_server │ │ └── file_server.c │ ├── u2boat │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── README.u2boat │ │ ├── u2boat.c │ │ └── u2boat.h │ ├── u2openappid │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ └── u2openappid.c │ ├── u2spewfoo │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── u2spewfoo.c │ │ └── u2spewfoo.dsp │ └── u2streamer │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── SpoolFileIterator.c │ │ ├── SpoolFileIterator.h │ │ ├── TimestampedFile.c │ │ ├── TimestampedFile.h │ │ ├── Unified2.c │ │ ├── Unified2.h │ │ ├── Unified2File.c │ │ ├── Unified2File.h │ │ ├── UnifiedLog.c │ │ ├── UnifiedLog.h │ │ ├── sf_error.c │ │ ├── sf_error.h │ │ └── u2streamer.c ├── verstuff.pl └── ylwrap └── snort-initialization.png /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Object files 5 | *.o 6 | *.ko 7 | *.obj 8 | *.elf 9 | 10 | # Linker output 11 | *.ilk 12 | *.map 13 | *.exp 14 | 15 | # Precompiled Headers 16 | *.gch 17 | *.pch 18 | 19 | # Libraries 20 | *.lib 21 | *.a 22 | *.la 23 | *.lo 24 | 25 | # Shared objects (inc. Windows DLLs) 26 | *.dll 27 | *.so 28 | *.so.* 29 | *.dylib 30 | 31 | # Executables 32 | *.exe 33 | *.out 34 | *.app 35 | *.i*86 36 | *.x86_64 37 | *.hex 38 | 39 | # Debug files 40 | *.dSYM/ 41 | *.su 42 | *.idb 43 | *.pdb 44 | 45 | # Kernel Module Compile Results 46 | *.mod* 47 | *.cmd 48 | .tmp_versions/ 49 | modules.order 50 | Module.symvers 51 | Mkfile.old 52 | dkms.conf 53 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "openNetVM"] 2 | path = openNetVM 3 | url = https://github.com/sdnfv/openNetVM 4 | -------------------------------------------------------------------------------- /daq-2.0.6/ChangeLog: -------------------------------------------------------------------------------- 1 | 2015-07-15 17:13 mialtize 2 | 3 | * ChangeLog, configure.ac, daq.spec, api/daq_api.h, 4 | os-daq-modules/daq_static_modules.c (IMS_5_4_0): Bugs Fixed: 5 | CSCuv26782 Change description: Add lost Netmap DAQ module. Sync 6 | Changelog from 2.0.5 release tarball. Bump to 2.0.6. Update RPM 7 | spec file for appropriate library name. Reviewedboard Link: 8 | http://kingart.cisco.com/reviews/r/30004/ Karma Granted By: Ron 9 | Testing Done: Documentation: 10 | 11 | -------------------------------------------------------------------------------- /daq-2.0.6/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS = foreign 2 | 3 | if BUILD_MODULES 4 | MODULES_DIR = os-daq-modules 5 | endif 6 | SUBDIRS = api sfbpf $(MODULES_DIR) 7 | 8 | ACLOCAL_AMFLAGS = -I m4 9 | 10 | EXTRA_DIST = \ 11 | daq.dsp 12 | -------------------------------------------------------------------------------- /daq-2.0.6/api/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS = foreign 2 | 3 | ACLOCAL_AMFLAGS = -I m4 4 | 5 | include_HEADERS = daq.h daq_api.h daq_common.h 6 | 7 | lib_LTLIBRARIES = libdaq.la libdaq_static.la 8 | 9 | libdaq_la_SOURCES = daq_base.c daq_mod_ops.c daq.h daq_api.h daq_common.h 10 | libdaq_la_LDFLAGS = -version-info 2:4:0 @XCCFLAGS@ 11 | libdaq_la_LIBADD = @LIBDL@ 12 | 13 | libdaq_static_la_SOURCES = daq_base.c daq_mod_ops.c daq.h daq_api.h daq_common.h 14 | libdaq_static_la_CFLAGS = -DSTATIC_MODULE_LIST 15 | libdaq_static_la_LDFLAGS = -static 16 | -------------------------------------------------------------------------------- /daq-2.0.6/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | aclocal 4 | autoconf 5 | autoheader 6 | automake -a 7 | ./configure --enable-static --disable-shared --with-dpdk-includes=$RTE_SDK/$RTE_TARGET/include --with-dpdk-libraries=$RTE_SDK/$RTE_TARGET/lib --with-netvm-includes=$ONVM_HOME/onvm --with-netvm-libraries=$ONVM_HOME/onvm 8 | make clean 9 | make -j4 10 | sudo make install 11 | sudo ldconfig 12 | -------------------------------------------------------------------------------- /daq-2.0.6/m4/ltversion.m4: -------------------------------------------------------------------------------- 1 | # ltversion.m4 -- version numbers -*- Autoconf -*- 2 | # 3 | # Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc. 4 | # Written by Scott James Remnant, 2004 5 | # 6 | # This file is free software; the Free Software Foundation gives 7 | # unlimited permission to copy and/or distribute it, with or without 8 | # modifications, as long as this notice is preserved. 9 | 10 | # @configure_input@ 11 | 12 | # serial 4179 ltversion.m4 13 | # This file is part of GNU Libtool 14 | 15 | m4_define([LT_PACKAGE_VERSION], [2.4.6]) 16 | m4_define([LT_PACKAGE_REVISION], [2.4.6]) 17 | 18 | AC_DEFUN([LTVERSION_VERSION], 19 | [macro_version='2.4.6' 20 | macro_revision='2.4.6' 21 | _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) 22 | _LT_DECL(, macro_revision, 0) 23 | ]) 24 | -------------------------------------------------------------------------------- /daq-2.0.6/os-daq-modules/daq-modules-config.in: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | # 4 | # Script to give the appropriate compiler flags and linker flags 5 | # to use when building code that uses LibDAQ modules. 6 | # 7 | 8 | prefix=@prefix@ 9 | exec_prefix=@exec_prefix@ 10 | LIBDIR=@libdir@ 11 | STATIC_LIBS="@STATIC_LIBS@" 12 | 13 | static=0 14 | show_libs=0 15 | while [ "$#" != 0 ] 16 | do 17 | case "$1" in 18 | 19 | --static) 20 | static=1 21 | ;; 22 | 23 | --libs) 24 | show_libs=1 25 | ;; 26 | 27 | esac 28 | shift 29 | done 30 | 31 | if [ "$static" = 1 ] 32 | then 33 | # 34 | # Include LIBS so that the flags include libraries containing 35 | # routines that LibDAQ uses. 36 | # 37 | if [ "$show_libs" = 1 ] ; then 38 | echo "-L$LIBDIR -ldaq_static_modules $STATIC_LIBS" 39 | fi 40 | fi 41 | -------------------------------------------------------------------------------- /daq-2.0.6/sfbpf/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS = foreign 2 | 3 | ACLOCAL_AMFLAGS = -I m4 4 | 5 | lib_LTLIBRARIES = libsfbpf.la 6 | 7 | include_HEADERS = sfbpf.h sfbpf_dlt.h 8 | 9 | libsfbpf_la_SOURCES = \ 10 | arcnet.h \ 11 | atmuni31.h \ 12 | bittypes.h \ 13 | ethertype.h \ 14 | gencode.h \ 15 | ieee80211.h \ 16 | IP6_misc.h \ 17 | ipnet.h \ 18 | llc.h \ 19 | namedb.h \ 20 | nlpid.h \ 21 | ppp.h \ 22 | sfbpf.h \ 23 | sfbpf_dlt.h \ 24 | sf-redefines.h \ 25 | sf_bpf_filter.c \ 26 | sf_bpf_printer.c \ 27 | sf_gencode.c \ 28 | sf_nametoaddr.c \ 29 | sf_optimize.c \ 30 | sfbpf-int.c \ 31 | sll.h \ 32 | sunatmpos.h 33 | 34 | EXTRA_DIST = grammar.y scanner.l \ 35 | win32-stdinc.h \ 36 | sfbpf-int.h \ 37 | sfbpf-int.c \ 38 | runlex.sh 39 | 40 | nodist_libsfbpf_la_SOURCES = sf_grammar.c sf_scanner.c tokdefs.h 41 | 42 | libsfbpf_la_CFLAGS = -Dyylval=sfbpf_lval 43 | libsfbpf_la_LDFLAGS = -version-info 0:1:0 @XCCFLAGS@ 44 | 45 | # use of $@ and $< here is a GNU idiom that borks BSD 46 | sf_scanner.c: $(srcdir)/scanner.l 47 | @rm -f $(srcdir)/sf_scanner.c 48 | $(srcdir)/runlex.sh $(V_LEX) -osf_scanner.c $(srcdir)/scanner.l 49 | 50 | sf_scanner.o: sf_scanner.c tokdefs.h 51 | 52 | tokdefs.h: sf_grammar.c 53 | sf_grammar.c: $(srcdir)/grammar.y 54 | @rm -f sf_grammar.c tokdefs.h 55 | $(V_YACC) -d $(srcdir)/grammar.y 56 | mv y.tab.c sf_grammar.c 57 | mv y.tab.h tokdefs.h 58 | 59 | CLEANFILES = sf_scanner.c sf_grammar.c tokdefs.h sf_scanner.h 60 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | ls | grep setenv.sh 2 | ANS=`echo $?` 3 | if [ $ANS == 1 ] 4 | then 5 | echo please run this script in situ 6 | exit 7 | fi 8 | 9 | ./setenv.sh 10 | 11 | # Base directory 12 | BASE_DIR=$(pwd) 13 | 14 | # update 15 | sudo apt-get update 16 | 17 | #compile onvm 18 | cd $ONVM_HOME/scripts 19 | ./install.sh 20 | 21 | cd $ONVM_HOME/onvm && make 22 | 23 | # Compile DAQ 24 | sudo apt-get install -y libpcap-dev libpcre3-dev libdumbnet-dev zlib1g-dev liblzma-dev libssl-dev autoconf 25 | 26 | cd $BASE_DIR/daq* 27 | 28 | aclocal 29 | autoconf 30 | autoheader 31 | automake -a 32 | autoreconf -fvi 33 | 34 | ./configure --enable-static --disable-shared --with-dpdk-includes=$RTE_SDK/$RTE_TARGET/include --with-dpdk-libraries=$RTE_SDK/$RTE_TARGET/lib --with-netvm-includes=$ONVM_HOME/onvm --with-netvm-libraries=$ONVM_HOME/onvm 35 | 36 | 37 | make clean 38 | make -j7 39 | sudo make install 40 | 41 | # Compile snort 42 | cd $BASE_DIR/snort-2.9* 43 | aclocal 44 | autoconf 45 | autoheader 46 | automake -a 47 | autoreconf -fvi 48 | ./configure --enable-static --disable-shared --with-dpdk-includes=$RTE_SDK/$RTE_TARGET/include --with-dpdk-libraries=$RTE_SDK/$RTE_TARGET/lib --with-netvm-includes=$ONVM_HOME/onvm --with-netvm-libraries=$ONVM_HOME/onvm 49 | 50 | make clean 51 | make -j7 52 | sudo make install 53 | 54 | sudo ldconfig 55 | 56 | sudo cp -r snort*/simple-etc /etc/snort 57 | sudo mkdir /usr/local/lib/snort_dynamicrules 58 | 59 | cd $BASE_DIR 60 | -------------------------------------------------------------------------------- /onvm-daq.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/onvm-daq.png -------------------------------------------------------------------------------- /snort-2.9.8.3/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id$ 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | SUBDIRS = src doc etc templates rpm m4 preproc_rules tools 4 | 5 | INCLUDES = @INCLUDES@ 6 | 7 | EXTRA_DIST = ChangeLog snort.8 LICENSE verstuff.pl RELEASE.NOTES snort.pc.in 8 | 9 | man_MANS = snort.8 10 | 11 | DISTCLEANFILES=stamp-h.in cflags.out cppflags.out 12 | 13 | dist-hook: 14 | # always ensure that the win32 build is in sync 15 | perl $(distdir)/verstuff.pl $(distdir) 16 | # work around a horrible doc/Makefile.am 17 | rm -rf $(distdir)/doc/signatures/CVS 18 | 19 | pkgconfigdir = $(libdir)/pkgconfig 20 | pkgconfig_DATA = snort.pc 21 | -------------------------------------------------------------------------------- /snort-2.9.8.3/RELEASE.NOTES: -------------------------------------------------------------------------------- 1 | 2016-04-25 - Snort 2.9.8.3 2 | [*] Improvements 3 | * Stability improvement for Stream6 preprocessor 4 | 5 | * Fixed multiple issues in HttpInspect preprocessor 6 | 7 | * Fixed an issue of incorrect masking of sensitive data 8 | -------------------------------------------------------------------------------- /snort-2.9.8.3/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | aclocal 4 | autoconf 5 | autoheader 6 | automake -a 7 | ./configure --enable-static --disable-shared --with-dpdk-includes=$RTE_SDK/$RTE_TARGET/include --with-dpdk-libraries=$RTE_SDK/$RTE_TARGET/lib --with-netvm-includes=$ONVM_HOME/onvm --with-netvm-libraries=$ONVM_HOME/onvm 8 | make clean 9 | make -j4 10 | sudo make install 11 | sudo ldconfig 12 | -------------------------------------------------------------------------------- /snort-2.9.8.3/doc/AUTHORS: -------------------------------------------------------------------------------- 1 | Author(s) of Snort 2 | 3 | Martin Roesch - roesch@sourcefire.com 4 | -------------------------------------------------------------------------------- /snort-2.9.8.3/doc/OpenDetectorDeveloperGuide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/doc/OpenDetectorDeveloperGuide.pdf -------------------------------------------------------------------------------- /snort-2.9.8.3/doc/PROBLEMS: -------------------------------------------------------------------------------- 1 | $Id$ 2 | 3 | This is the Snort problems file. It is used to document bugs that we 4 | can't work around and provide a bit of documentation in case someone 5 | finds a way to work around the problem. 6 | 7 | Platform: Linux/x86 8 | 9 | adapter dropping out of promiscous mode 10 | 11 | if you see syslog messages complaining of obsolete (PF_INET,SOCK_PACKET), 12 | upgrade to libpcap 0.7+ and things should work correctly. 13 | 14 | Platform: Mac OS X 15 | 16 | - TCP traffic checksums are not handed up properly from pcap when the 17 | checksum is generated from the host that is doing the sniffing. 18 | Passive mode should work fine. 19 | 20 | Platform: Linux/SPARC Linux/Alpha? 21 | 22 | - Bus Errors ( Rumored to be compiler problem ) 23 | 24 | Alignment problems. Patches welcome. 25 | 26 | Platform: HPUX 27 | 28 | - Bus Errorrs with Stream4 29 | 30 | Compiler doesn't like bitpacked notation access 31 | 32 | - HP-UX 10.x note from Chris Sylvain: 33 | 34 | if you run snort and receive the error message 35 | "Can't start DAQ error... 36 | recv_ack: promisc_phys: Invalid argument" 37 | it's because there's another program running using the DLPI service. 38 | 39 | The HP-UX implementation doesn't allow more than one libpcap program 40 | at a time to run, unlike Linux. 41 | -------------------------------------------------------------------------------- /snort-2.9.8.3/doc/TODO: -------------------------------------------------------------------------------- 1 | $Id$ 2 | 3 | - update the todo list 4 | 5 | -------------------------------------------------------------------------------- /snort-2.9.8.3/doc/WISHLIST: -------------------------------------------------------------------------------- 1 | $Id$ 2 | 3 | SIGNATURES 4 | ---- 5 | * UDP & ICMP flow. (Client = first person to talk?) 6 | * Distance from beginning of the stream 7 | * Distance between CONTENT and to NEWLINE 8 | * IP Ranges 9 | * Port ranges 10 | * SRC & DST ports not required for signatures of protocols that don't have 11 | ports 12 | 13 | PLUGINS 14 | ---- 15 | * unified IP formats (IPs are specified in the same way for every plugin) 16 | * Better portscan detection 17 | * coffee plugin. (Over $X high priority alarms during off hours = 18 | make big pot of coffee) 19 | * all plugin alerts contain the following configurations 20 | - priority 21 | - classtype 22 | - references 23 | - host ranges (IP ranges, just like rules) 24 | - port ranges (port ranges, just like rules) 25 | 26 | PROTOCOLS 27 | ---- 28 | * email parsing (i.e. flagging on an attachment name) 29 | * HTTP CGI Variables (GET & POST) 30 | * HTTP/1.1 decodes 31 | 32 | GENERAL 33 | ---- 34 | * method to reload signatures without killing state engine 35 | * self healing (dropping lots of packets? drop lower priority signatures) 36 | * regular statistic dumps 37 | * better access to protocol stats (I.e. 70% TCP, 20% UDP, 10% ICMP) 38 | * better access to port stats (I.e. 70% 80 , 20% 25, 10% 22) 39 | * multithreading 40 | * thresholds for all alerts (signatures & plugins) 41 | - X sid:313 alerts from Y hosts in Z seconds 42 | - X tcp overlap alerts from the same host in Y seconds 43 | -------------------------------------------------------------------------------- /snort-2.9.8.3/doc/snort_manual.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/doc/snort_manual.pdf -------------------------------------------------------------------------------- /snort-2.9.8.3/etc/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id$ 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | EXTRA_DIST = snort.conf classification.config gen-msg.map \ 5 | reference.config unicode.map threshold.conf attribute_table.dtd file_magic.conf 6 | -------------------------------------------------------------------------------- /snort-2.9.8.3/etc/attribute_table.dtd: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /snort-2.9.8.3/etc/reference.config: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | # The following defines URLs for the references found in the rules 3 | # 4 | # config reference: system URL 5 | 6 | config reference: bugtraq http://www.securityfocus.com/bid/ 7 | config reference: cve http://cve.mitre.org/cgi-bin/cvename.cgi?name= 8 | config reference: arachNIDS http://www.whitehats.com/info/IDS 9 | config reference: osvdb http://osvdb.org/show/osvdb/ 10 | 11 | # Note, this one needs a suffix as well.... lets add that in a bit. 12 | config reference: McAfee http://vil.nai.com/vil/content/v_ 13 | config reference: nessus http://cgi.nessus.org/plugins/dump.php3?id= 14 | config reference: url http:// 15 | config reference: msb http://technet.microsoft.com/en-us/security/bulletin/ 16 | 17 | -------------------------------------------------------------------------------- /snort-2.9.8.3/m4/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id$ 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | EXTRA_DIST = Makefile.am \ 5 | libprelude.m4 6 | -------------------------------------------------------------------------------- /snort-2.9.8.3/preproc_rules/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | EXTRA_DIST = preprocessor.rules decoder.rules sensitive-data.rules 4 | -------------------------------------------------------------------------------- /snort-2.9.8.3/preproc_rules/sensitive-data.rules: -------------------------------------------------------------------------------- 1 | alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA Credit Card Numbers"; metadata:service http, service smtp, service ftp-data, service imap, service pop3; sd_pattern:2,credit_card; classtype:sdf; sid:2; gid:138; rev:1;) 2 | alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA U.S. Social Security Numbers (with dashes)"; metadata:service http, service smtp, service ftp-data, service imap, service pop3; sd_pattern:2,us_social; classtype:sdf; sid:3; gid:138; rev:1;) 3 | #alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA U.S. Social Security Numbers (w/out dashes)"; metadata:service http, service smtp, service ftp-data, service imap, service pop3; sd_pattern:20,us_social_nodashes; classtype:sdf; sid:4; gid:138; rev:1;) 4 | alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA Email Addresses"; metadata:service http, service smtp, service ftp-data, service imap, service pop3; sd_pattern:20,email; classtype:sdf; sid:5; gid:138; rev:1;) 5 | alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110] (msg:"SENSITIVE-DATA U.S. Phone Numbers"; metadata:service http, service smtp, service ftp-data, service imap, service pop3; sd_pattern:20,(\d{3}) ?\d{3}-\d{4}; classtype:sdf; sid:6; gid:138; rev:1;) 6 | -------------------------------------------------------------------------------- /snort-2.9.8.3/rpm/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id$ 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | EXTRA_DIST = Makefile.am \ 5 | generate-all-rpms \ 6 | README.build_rpms \ 7 | README.rpms \ 8 | RPM-TODO \ 9 | snortd \ 10 | snort.logrotate \ 11 | snort.spec \ 12 | snort.sysconfig 13 | -------------------------------------------------------------------------------- /snort-2.9.8.3/rpm/RPM-TODO: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # Future releases 3 | - get to work better with the CVS current snapshot tarball? 4 | - build chroot RPM package 5 | 6 | -------------------------------------------------------------------------------- /snort-2.9.8.3/rpm/generate-all-rpms: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # $Id$ 3 | # Generate the "official" Snort.org RPMs. 4 | 5 | # The following will build 3 binary and 1 source RPM as follows: 6 | # snort-x.x.x-x.i386.rpm 7 | # snort-openappid-x.x.x-x.i386.rpm 8 | # snort-x.x.x-x.src.rpm 9 | # 10 | 11 | rpmbuild -bb --target i386 snort.spec 12 | rpmbuild -bb --target i386 --with openappid snort.spec 13 | rpmbuild -bs --target i386 snort.spec 14 | -------------------------------------------------------------------------------- /snort-2.9.8.3/rpm/snort.logrotate: -------------------------------------------------------------------------------- 1 | # /etc/logrotate.d/snort 2 | # $Id$ 3 | 4 | /var/log/snort/alert /var/log/snort/*log /var/log/snort/*/alert /var/log/snort/*/*log { 5 | daily 6 | rotate 7 7 | missingok 8 | compress 9 | sharedscripts 10 | postrotate 11 | /etc/init.d/snortd restart 1>/dev/null || true 12 | endscript 13 | } 14 | 15 | -------------------------------------------------------------------------------- /snort-2.9.8.3/simple-etc/attribute_table.dtd: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /snort-2.9.8.3/simple-etc/reference.config: -------------------------------------------------------------------------------- 1 | # $Id$ 2 | # The following defines URLs for the references found in the rules 3 | # 4 | # config reference: system URL 5 | 6 | config reference: bugtraq http://www.securityfocus.com/bid/ 7 | config reference: cve http://cve.mitre.org/cgi-bin/cvename.cgi?name= 8 | config reference: arachNIDS http://www.whitehats.com/info/IDS 9 | config reference: osvdb http://osvdb.org/show/osvdb/ 10 | 11 | # Note, this one needs a suffix as well.... lets add that in a bit. 12 | config reference: McAfee http://vil.nai.com/vil/content/v_ 13 | config reference: nessus http://cgi.nessus.org/plugins/dump.php3?id= 14 | config reference: url http:// 15 | config reference: msb http://technet.microsoft.com/en-us/security/bulletin/ 16 | 17 | -------------------------------------------------------------------------------- /snort-2.9.8.3/simple-etc/rules/iplists/black_list.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/simple-etc/rules/iplists/black_list.rules -------------------------------------------------------------------------------- /snort-2.9.8.3/simple-etc/rules/iplists/white_list.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/simple-etc/rules/iplists/white_list.rules -------------------------------------------------------------------------------- /snort-2.9.8.3/simple-etc/rules/local.rules: -------------------------------------------------------------------------------- 1 | alert icmp any any -> $HOME_NET any (msg:"ICMP test detected"; sid:1000001) 2 | drop tcp any any -> any 23 (msg: "Drop telnet packets"; sid: 1000002) 3 | drop icmp any any -> 10.10.142.34 any (msg: "Drop bourgogne packets"; sid: 1000003) 4 | pass ip any any -> any any 5 | -------------------------------------------------------------------------------- /snort-2.9.8.3/simple-etc/rules/local.rules~: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/simple-etc/rules/local.rules~ -------------------------------------------------------------------------------- /snort-2.9.8.3/simple-etc/sid-msg.map: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/simple-etc/sid-msg.map -------------------------------------------------------------------------------- /snort-2.9.8.3/snort.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | bindir=@bindir@ 4 | libdir=@libdir@ 5 | includedir=@includedir@ 6 | datarootdir=@datarootdir@ 7 | datadir=@datadir@ 8 | mandir=@infodir@ 9 | infodir=@infodir@ 10 | 11 | Name: Snort 12 | Description: Snort dynamic plugins/detection/rules 13 | URL: www.snort.org 14 | Version: @VERSION@ 15 | Libs: -L${libdir} -lcurl @LDFLAGS@ @LIBS@ 16 | Cflags: @CFLAGS@ @CPPFLAGS@ 17 | 18 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/build.h: -------------------------------------------------------------------------------- 1 | #define BUILD "383" 2 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/control/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libsfcontrol.a 4 | 5 | libsfcontrol_a_SOURCES = sfcontrol.c sfcontrol.h sfcontrol_funcs.h 6 | 7 | INCLUDES = @INCLUDES@ 8 | 9 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_asn1.h: -------------------------------------------------------------------------------- 1 | /**************************************************************************** 2 | * 3 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 4 | * Copyright (C) 2004-2013 Sourcefire, Inc. 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License Version 2 as 8 | * published by the Free Software Foundation. You may not use, modify or 9 | * distribute this program under any other version of the GNU General 10 | * Public License. 11 | * 12 | * This program is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | * 21 | ****************************************************************************/ 22 | 23 | #ifndef __SP_ASN1_H__ 24 | #define __SP_ASN1_H__ 25 | 26 | void SetupAsn1(void); 27 | uint32_t Asn1Hash(void *d); 28 | int Asn1Compare(void *l, void *r); 29 | #endif 30 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_base64_data.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2003-2013 Sourcefire, Inc. 4 | ** 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | 23 | #ifndef __SP_BASE64_DATA_H__ 24 | #define __SP_BASE64_DATA_H__ 25 | 26 | void SetupBase64Data(void); 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_dsize_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | #ifndef __SP_DSIZE_CHECK_H__ 24 | #define __SP_DSIZE_CHECK_H__ 25 | 26 | void SetupDsizeCheck(void); 27 | uint32_t DSizeCheckHash(void *d); 28 | int DSizeCheckCompare(void *l, void *r); 29 | 30 | #endif /* __SP_DSIZE_CHECK_H__ */ 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_file_data.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2003-2013 Sourcefire, Inc. 4 | ** 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | 23 | #ifndef __SP_FILE_DATA_H__ 24 | #define __SP_FILE_DATA_H__ 25 | 26 | typedef struct _FileData 27 | { 28 | uint8_t mime_decode_flag; 29 | }FileData; 30 | 31 | void SetupFileData(void); 32 | int FileDataCompare(void *, void *); 33 | uint32_t FileDataHash(void *); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_ftpbounce.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** Author: Steven Sturges 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | 24 | #ifndef __SP_FTP_BOUNCE_H__ 25 | #define __SP_FTP_BOUNCE_H__ 26 | 27 | void SetupFTPBounce(void); 28 | uint32_t FTPBounceHash(void *d); 29 | int FTPBounceCompare(void *l, void *r); 30 | 31 | #endif /* __SP_FTP_BOUNCE_H__ */ 32 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_icmp_code_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | #ifndef __SP_ICMP_CODE_CHECK_H__ 24 | #define __SP_ICMP_CODE_CHECK_H__ 25 | 26 | void SetupIcmpCodeCheck(void); 27 | uint32_t IcmpCodeCheckHash(void *d); 28 | int IcmpCodeCheckCompare(void *l, void *r); 29 | 30 | #endif /* __SP_ICMP_CODE_CHECK_H__ */ 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_icmp_id_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | /* ICMP ping ID field detection plugin */ 24 | 25 | #ifndef __SP_ICMP_ID_H__ 26 | #define __SP_ICMP_ID_H__ 27 | 28 | void SetupIcmpIdCheck(void); 29 | uint32_t IcmpIdCheckHash(void *d); 30 | int IcmpIdCheckCompare(void *l, void *r); 31 | 32 | #endif /* __SP_ICMP_ID_H__ */ 33 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_icmp_seq_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | /* ICMP ping Seq field detection plugin */ 24 | 25 | #ifndef __SP_ICMP_SEQ_H__ 26 | #define __SP_ICMP_SEQ_H__ 27 | 28 | void SetupIcmpSeqCheck(void); 29 | uint32_t IcmpSeqCheckHash(void *d); 30 | int IcmpSeqCheckCompare(void *l, void *r); 31 | 32 | #endif /* __SP_ICMP_SEQ_H__ */ 33 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_ip_id_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | #ifndef __SP_IP_ID_CHECK_H__ 24 | #define __SP_IP_ID_CHECK_H__ 25 | 26 | void SetupIpIdCheck(void); 27 | uint32_t IpIdCheckHash(void *d); 28 | int IpIdCheckCompare(void *l, void *r); 29 | 30 | #endif /* __SP_IP_ID_CHECK_H__ */ 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_ip_same_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** Copyright (C) 2001 Phil Wood 6 | ** 7 | ** This program is free software; you can redistribute it and/or modify 8 | ** it under the terms of the GNU General Public License Version 2 as 9 | ** published by the Free Software Foundation. You may not use, modify or 10 | ** distribute this program under any other version of the GNU General 11 | ** Public License. 12 | ** 13 | ** This program is distributed in the hope that it will be useful, 14 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | ** GNU General Public License for more details. 17 | ** 18 | ** You should have received a copy of the GNU General Public License 19 | ** along with this program; if not, write to the Free Software 20 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | */ 22 | 23 | /* $Id$ */ 24 | #ifndef __SP_IP_SAME_CHECK_H__ 25 | #define __SP_IP_SAME_CHECK_H__ 26 | 27 | void SetupIpSameCheck(void); 28 | uint32_t IpSameCheckHash(void *d); 29 | int IpSameCheckCompare(void *l, void *r); 30 | 31 | #endif /* __SP_IP_SAME_CHECK_H__ */ 32 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_ip_tos_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | #ifndef __SP_IP_TOS_CHECK_H__ 24 | #define __SP_IP_TOS_CHECK_H__ 25 | 26 | void SetupIpTosCheck(void); 27 | uint32_t IpTosCheckHash(void *d); 28 | int IpTosCheckCompare(void *l, void *r); 29 | 30 | #endif /* __SP_IP_TOS_CHECK_H__ */ 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_ipoption_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | #ifndef __SP_IPOPTION_CHECK_H__ 24 | #define __SP_IPOPTION_CHECK_H__ 25 | 26 | void SetupIpOptionCheck(void); 27 | uint32_t IpOptionCheckHash(void *d); 28 | int IpOptionCheckCompare(void *l, void *r); 29 | 30 | #endif /* __SP_IPOPTION_CHECK_H__ */ 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_pkt_data.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2003-2013 Sourcefire, Inc. 4 | ** 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | 23 | #ifndef __SP_PKT_DATA_H__ 24 | #define __SP_PKT_DATA_H__ 25 | 26 | void SetupPktData(void); 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_react.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 5 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 6 | ** Copyright (C) 1998-2002 Martin Roesch 7 | ** 8 | ** This program is free software; you can redistribute it and/or modify 9 | ** it under the terms of the GNU General Public License Version 2 as 10 | ** published by the Free Software Foundation. You may not use, modify or 11 | ** distribute this program under any other version of the GNU General 12 | ** Public License. 13 | ** 14 | ** This program is distributed in the hope that it will be useful, 15 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | ** GNU General Public License for more details. 18 | ** 19 | ** You should have received a copy of the GNU General Public License 20 | ** along with this program; if not, write to the Free Software 21 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | */ 23 | 24 | #ifndef __SP_REACT_H__ 25 | #define __SP_REACT_H__ 26 | 27 | #ifdef ENABLE_REACT 28 | void SetupReact(void); 29 | void ReactFree(void *d); 30 | uint32_t ReactHash(void *d); 31 | int ReactCompare(void *l, void *r); 32 | #endif /* ENABLE_REACT */ 33 | 34 | #endif /* __SP_REACT_H__ */ 35 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_respond.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | /* 3 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 4 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 5 | ** Copyright (C) 1998-2002 Martin Roesch 6 | ** Copyright (C) 1999,2000,2001 Christian Lademann 7 | ** 8 | ** This program is free software; you can redistribute it and/or modify 9 | ** it under the terms of the GNU General Public License Version 2 as 10 | ** published by the Free Software Foundation. You may not use, modify or 11 | ** distribute this program under any other version of the GNU General 12 | ** Public License. 13 | ** 14 | ** This program is distributed in the hope that it will be useful, 15 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | ** GNU General Public License for more details. 18 | ** 19 | ** You should have received a copy of the GNU General Public License 20 | ** along with this program; if not, write to the Free Software 21 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | */ 23 | 24 | #ifndef __SP_RESPOND_H__ 25 | #define __SP_RESPOND_H__ 26 | 27 | #ifdef ENABLE_RESPOND 28 | void SetupRespond(void); 29 | uint32_t RespondHash(void* d); 30 | int RespondCompare(void *l, void *r); 31 | #endif 32 | 33 | #endif 34 | 35 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_rpc_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | #ifndef __SP_RPC_CHECK_H__ 24 | #define __SP_RPC_CHECK_H__ 25 | 26 | void SetupRpcCheck(void); 27 | uint32_t RpcCheckHash(void *d); 28 | int RpcCheckCompare(void *l, void *r); 29 | 30 | #endif /* __SP_RPC_CHECK_H__ */ 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_session.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 5 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 6 | ** Copyright (C) 1998-2002 Martin Roesch 7 | ** 8 | ** This program is free software; you can redistribute it and/or modify 9 | ** it under the terms of the GNU General Public License Version 2 as 10 | ** published by the Free Software Foundation. You may not use, modify or 11 | ** distribute this program under any other version of the GNU General 12 | ** Public License. 13 | ** 14 | ** This program is distributed in the hope that it will be useful, 15 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | ** GNU General Public License for more details. 18 | ** 19 | ** You should have received a copy of the GNU General Public License 20 | ** along with this program; if not, write to the Free Software 21 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | */ 23 | 24 | /* Snort Session Plugin Header File */ 25 | 26 | #ifndef __SP_SESSION_H__ 27 | #define __SP_SESSION_H__ 28 | 29 | void SetupSession(void); 30 | uint32_t SessionHash(void *d); 31 | int SessionCompare(void *l, void *r); 32 | 33 | #endif /* __SP_SESSION_H__ */ 34 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_tcp_ack_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | #ifndef __SP_TCP_ACK_CHECK_H__ 24 | #define __SP_TCP_ACK_CHECK_H__ 25 | 26 | void SetupTcpAckCheck(void); 27 | uint32_t TcpAckCheckHash(void *d); 28 | int TcpAckCheckCompare(void *l, void *r); 29 | 30 | #endif /* __SP_TCP_ACK_CHECK_H__ */ 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_tcp_flag_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | #ifndef __SP_TCP_FLAG_CHECK_H__ 24 | #define __SP_TCP_FLAG_CHECK_H__ 25 | 26 | void SetupTCPFlagCheck(void); 27 | uint32_t TcpFlagCheckHash(void *d); 28 | int TcpFlagCheckCompare(void *l, void *r); 29 | 30 | #endif /* __SP_TCP_FLAG_CHECK_H__ */ 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_tcp_seq_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | #ifndef __SP_TCP_SEQ_CHECK_H__ 24 | #define __SP_TCP_SEQ_CHECK_H__ 25 | 26 | void SetupTcpSeqCheck(void); 27 | uint32_t TcpSeqCheckHash(void *d); 28 | int TcpSeqCheckCompare(void *l, void *r); 29 | 30 | #endif /* __SP_TCP_SEQ_CHECK_H__ */ 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_tcp_win_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | #ifndef __SP_TCP_WIN_CHECK_H__ 24 | #define __SP_TCP_WIN_CHECK_H__ 25 | 26 | void SetupTcpWinCheck(void); 27 | uint32_t TcpWinCheckHash(void *d); 28 | int TcpWinCheckCompare(void *l, void *r); 29 | 30 | #endif /* __SP_IP_TOS_CHECK_H__ */ 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/detection-plugins/sp_ttl_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | #ifndef __SP_TTL_CHECK_H__ 24 | #define __SP_TTL_CHECK_H__ 25 | 26 | void SetupTtlCheck(void); 27 | uint32_t TtlCheckHash(void *d); 28 | int TtlCheckCompare(void *l, void *r); 29 | 30 | #endif /* __SP_TTL_CHECK_H__ */ 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-examples/dynamic-preprocessor/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include 5 | 6 | noinst_dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | noinst_dynamicpreprocessor_LTLIBRARIES = lib_sfdynamic_preprocessor_example.la 9 | 10 | lib_sfdynamic_preprocessor_example_la_LDFLAGS = -export-dynamic 11 | 12 | BUILT_SOURCES = \ 13 | sf_dynamic_preproc_lib.c \ 14 | sfPolicyUserData.c 15 | 16 | nodist_lib_sfdynamic_preprocessor_example_la_SOURCES = \ 17 | sf_dynamic_preproc_lib.c \ 18 | sfPolicyUserData.c \ 19 | spp_example.c \ 20 | sf_preproc_info.h 21 | 22 | EXTRA_DIST = \ 23 | spp_example.c \ 24 | sf_preproc_info.h 25 | 26 | sf_dynamic_preproc_lib.c: ../include/sf_dynamic_preproc_lib.c 27 | cp $? $@ 28 | 29 | sfPolicyUserData.c: ../include/sfPolicyUserData.c 30 | cp $? $@ 31 | 32 | clean-local: 33 | rm -f sf_dynamic_preproc_lib.c sfPolicyUserData.c 34 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-examples/dynamic-rule/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include 5 | 6 | noinst_libdir = ${exec_prefix}/lib/snort_dynamicrules 7 | 8 | noinst_lib_LTLIBRARIES = lib_sfdynamic_example_rule.la 9 | 10 | lib_sfdynamic_example_rule_la_LDFLAGS = -export-dynamic @XCCFLAGS@ 11 | 12 | BUILT_SOURCES = \ 13 | sfsnort_dynamic_detection_lib.c \ 14 | sfsnort_dynamic_detection_lib.h 15 | 16 | nodist_lib_sfdynamic_example_rule_la_SOURCES = \ 17 | sfsnort_dynamic_detection_lib.c \ 18 | sfsnort_dynamic_detection_lib.h \ 19 | rules.c \ 20 | sid109.c \ 21 | sid637.c \ 22 | detection_lib_meta.h 23 | 24 | EXTRA_DIST = \ 25 | rules.c \ 26 | sid109.c \ 27 | sid637.c \ 28 | detection_lib_meta.h 29 | 30 | sfsnort_dynamic_detection_lib.c: ../include/sfsnort_dynamic_detection_lib.c 31 | cp $? $@ 32 | 33 | sfsnort_dynamic_detection_lib.h: ../include/sfsnort_dynamic_detection_lib.h 34 | cp $? $@ 35 | 36 | clean-local: 37 | rm -f $(BUILT_SOURCES) 38 | 39 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-output/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id$ 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | SUBDIRS = . plugins libs 5 | 6 | EXTRA_DIST = \ 7 | dynamic_output.dsp 8 | 9 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-output/libs/snort_output.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | bindir=@bindir@ 4 | libdir=@libdir@ 5 | package=@PACKAGE@ 6 | includedir=@includedir@ 7 | datarootdir=@datarootdir@ 8 | datadir=@datadir@ 9 | mandir=@infodir@ 10 | infodir=@infodir@ 11 | 12 | Name: Snort 13 | Description: Snort dynamic output modules 14 | URL: www.snort.org 15 | Version: @VERSION@ 16 | Libs: -L${libdir}/${package}/dynamic_output -lsf_dynamic_output 17 | Cflags: -I${includedir}/${package}/dynamic_output @CONFIGFLAGS@ @CCONFIGFLAGS@ @ICONFIGFLAGS@ 18 | 19 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-output/plugins/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | #ACLOCAL_AMFLAGS = -I m4 4 | 5 | #INCLUDES = -I ../include -I ../api 6 | 7 | noinst_LIBRARIES = liboutput.a 8 | #liboutput_a_LIBADD = ../libs/liboutput_lib.a 9 | liboutput_a_CFLAGS = -fPIC 10 | liboutput_a_SOURCES = \ 11 | output_base.c \ 12 | output_plugin.c \ 13 | output.h \ 14 | output_api.h \ 15 | output_common.h \ 16 | output_lib.h 17 | 18 | INCLUDES = @INCLUDES@ -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-plugins/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | noinst_LIBRARIES = libdynamic.a 5 | 6 | #SUBDIRS = sf_engine 7 | 8 | libdynamic_a_SOURCES = \ 9 | sf_dynamic_common.h \ 10 | sf_dynamic_detection.h \ 11 | sf_dynamic_engine.h \ 12 | sf_dynamic_define.h \ 13 | sf_dynamic_meta.h \ 14 | sf_dynamic_plugins.c \ 15 | sf_dynamic_preprocessor.h \ 16 | sf_dynamic_side_channel.h \ 17 | sp_dynamic.c \ 18 | sp_dynamic.h \ 19 | sp_preprocopt.c \ 20 | sp_preprocopt.h \ 21 | sf_convert_dynamic.c \ 22 | sf_convert_dynamic.h 23 | 24 | INCLUDES = @INCLUDES@ 25 | 26 | SUBDIRS = sf_engine sf_preproc_example 27 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-plugins/sf_convert_dynamic.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | /**************************************************************************** 3 | * 4 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 5 | * Copyright (C) 2003-2013 Sourcefire, Inc. 6 | * 7 | * This program is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License Version 2 as 9 | * published by the Free Software Foundation. You may not use, modify or 10 | * distribute this program under any other version of the GNU General 11 | * Public License. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with this program; if not, write to the Free Software 20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | * 22 | ****************************************************************************/ 23 | 24 | #ifndef __SF_CONVERT_DYNAMIC_H__ 25 | #define __SF_CONVERT_DYNAMIC_H__ 26 | 27 | struct _SnortConfig; 28 | int ConvertDynamicRule(struct _SnortConfig *, Rule *rule, OptTreeNode *otn); 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-plugins/sf_engine/examples/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | EXTRA_DIST = \ 5 | sfsnort_dynamic_detection_lib.c \ 6 | sfsnort_dynamic_detection_lib.h 7 | 8 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-plugins/sf_preproc_example/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | EXTRA_DIST = \ 5 | sf_dynamic_preproc_lib.c \ 6 | sf_dynamic_preproc_lib.h 7 | 8 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | include $(srcdir)/Makefile_defs 5 | 6 | dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | dynamicpreprocessor_LTLIBRARIES = libsf_appid_preproc.la 9 | 10 | 11 | libsf_appid_preproc_la_LDFLAGS = -export-dynamic -module @XCCFLAGS@ 12 | if SO_WITH_STATIC_LIB 13 | libsf_appid_preproc_la_LIBADD = ../libsf_dynamic_preproc.la ../libsf_dynamic_utils.la $(LUA_LIBS) 14 | else 15 | nodist_libsf_appid_preproc_la_SOURCES = \ 16 | ../include/sf_dynamic_preproc_lib.c \ 17 | ../include/sf_ip.c \ 18 | ../include/sfPolicyUserData.c \ 19 | ../include/sfxhash.c \ 20 | ../include/sfghash.c \ 21 | ../include/sflsq.c \ 22 | ../include/sfhashfcn.c \ 23 | ../include/sfmemcap.c \ 24 | ../include/sfprimetable.c 25 | 26 | libsf_appid_preproc_la_LIBADD = $(LUA_LIBS) 27 | endif 28 | 29 | libsf_appid_preproc_la_CFLAGS = -DDYNAMIC_PREPROC_CONTEXT -DSTATIC=static $(LUA_CFLAGS) 30 | 31 | libsf_appid_preproc_la_SOURCES = $(APPID_SOURCES) 32 | 33 | all-local: $(LTLIBRARIES) 34 | $(MAKE) DESTDIR=`pwd`/../build install-dynamicpreprocessorLTLIBRARIES 35 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/appId.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #include 22 | #include 23 | #include "appId.h" 24 | 25 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/appIdStats.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef _FW_STATS2_H_ 23 | #define _FW_STATS2_H_ 24 | #include 25 | #include 26 | #include 27 | 28 | 29 | void appIdStatsUpdate(tAppIdData* session); 30 | void appIdStatsInit(char* appFileName, time_t statsPeriod, size_t rolloverSize, time_t rolloverPeriod); 31 | void appIdStatsReinit(void); 32 | void appIdStatsIdleFlush(void); 33 | void appIdStatsFini(void); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/client_plugins/client_app_aim.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __CLIENT_APP_AIM_H__ 23 | #define __CLIENT_APP_AIM_H__ 24 | 25 | #include "client_app_api.h" 26 | 27 | extern tRNAClientAppModule aim_client_mod; 28 | 29 | #endif /* __CLIENT_APP_AIM_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/client_plugins/client_app_msn.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __CLIENT_APP_MSN_H__ 23 | #define __CLIENT_APP_MSN_H__ 24 | 25 | #include "client_app_api.h" 26 | 27 | extern tRNAClientAppModule msn_client_mod; 28 | 29 | #endif /* __CLIENT_APP_MSN_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/client_plugins/client_app_smtp.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __CLIENT_APP_SMTP_H__ 23 | #define __CLIENT_APP_SMTP_H__ 24 | 25 | #include "client_app_api.h" 26 | 27 | extern tRNAClientAppModule smtp_client_mod; 28 | 29 | #endif /* __CLIENT_APP_SMTP_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/client_plugins/client_app_ym.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __CLIENT_APP_YM_H__ 23 | #define __CLIENT_APP_YM_H__ 24 | 25 | #include "client_app_api.h" 26 | 27 | extern tRNAClientAppModule ym_client_mod; 28 | 29 | #endif /* __CLIENT_APP_YM_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/detector_plugins/detector_base.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __DETECTOR_BASE_H__ 23 | #define __DETECTOR_BASE_H__ 24 | 25 | int LoadDetectorModules(const char **dir_list); 26 | 27 | #endif /*__DETECTOR_BASE_H__ */ 28 | 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/dcerpc.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __DCERPC_H__ 23 | #define __DCERPC_H__ 24 | 25 | #include 26 | 27 | int dcerpc_validate(const uint8_t *data, int size); 28 | 29 | #endif /* __DCERPC_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_MDNS.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_MDNS_H__ 23 | #define __SERVICE_MDNS_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule mdns_service_mod; 28 | 29 | #endif /* __SERVICE_MDNS_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_battle_field.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_BATTLEFIELD_H__ 23 | #define __SERVICE_BATTLEFIELD_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule battlefield_service_mod; 28 | 29 | #endif /* __SERVICE_BATTLEFIELD_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_bgp.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_BGP_H__ 23 | #define __SERVICE_BGP_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule bgp_service_mod; 28 | 29 | #endif /* __SERVICE_BGP_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_bootp.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_BOOTP_H__ 23 | #define __SERVICE_BOOTP_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule bootp_service_mod; 28 | 29 | #endif /* __SERVICE_BOOTP_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_dcerpc.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_DCERPC_H__ 23 | #define __SERVICE_DCERPC_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule dcerpc_service_mod; 28 | 29 | #endif /* __SERVICE_DCERPC_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_direct_connect.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_DIRECTCONNECT_H__ 23 | #define __SERVICE_DIRECTCONNECT_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule directconnect_service_mod; 28 | 29 | #endif /* __SERVICE_DIRECTCONNECT_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_flap.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_FLAP_H__ 23 | #define __SERVICE_FLAP_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule flap_service_mod; 28 | 29 | #endif /* __SERVICE_FLAP_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_ftp.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_FTP_H__ 23 | #define __SERVICE_FTP_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule ftp_service_mod; 28 | 29 | #endif /* __SERVICE_FTP_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_irc.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_IRC_H__ 23 | #define __SERVICE_IRC_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule irc_service_mod; 28 | 29 | #endif /* __SERVICE_IRC_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_lpr.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_LPR_H__ 23 | #define __SERVICE_LPR_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule lpr_service_mod; 28 | 29 | #endif /* __SERVICE_LPR_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_mysql.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_MYSQL_H__ 23 | #define __SERVICE_MYSQL_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule mysql_service_mod; 28 | 29 | #endif /* __SERVICE_MYSQL_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_netbios.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_NETBIOS_H__ 23 | #define __SERVICE_NETBIOS_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule netbios_service_mod; 28 | 29 | #endif /* __SERVICE_NETBIOS_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_nntp.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_NNTP_H__ 23 | #define __SERVICE_NNTP_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule nntp_service_mod; 28 | 29 | #endif /* __SERVICE_NNTP_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_ntp.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_NTP_H__ 23 | #define __SERVICE_NTP_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule ntp_service_mod; 28 | 29 | #endif /* __SERVICE_NTP_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_radius.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_RADIUS_H__ 23 | #define __SERVICE_RADIUS_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule radius_service_mod; 28 | 29 | #endif /* __SERVICE_RADIUS_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_rexec.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_REXEC_H__ 23 | #define __SERVICE_REXEC_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule rexec_service_mod; 28 | 29 | #endif /* __SERVICE_REXEC_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_rfb.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_RFB_H__ 23 | #define __SERVICE_RFB_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule rfb_service_mod; 28 | 29 | #endif /* __SERVICE_RFB_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_rlogin.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_RLOGIN_H__ 23 | #define __SERVICE_RLOGIN_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule rlogin_service_mod; 28 | 29 | #endif /* __SERVICE_RLOGIN_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_rpc.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_RPC_H__ 23 | #define __SERVICE_RPC_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule rpc_service_mod; 28 | 29 | #endif /* __SERVICE_RPC_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_rshell.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_RSHELL_H__ 23 | #define __SERVICE_RSHELL_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule rshell_service_mod; 28 | 29 | #endif /* __SERVICE_RSHELL_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_rsync.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_RSYNC_H__ 23 | #define __SERVICE_RSYNC_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule rsync_service_mod; 28 | 29 | #endif /* __SERVICE_RSYNC_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_rtmp.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef __SERVICE_RTMP_H__ 22 | #define __SERVICE_RTMP_H__ 23 | 24 | #include "service_api.h" 25 | 26 | extern tRNAServiceValidationModule rtmp_service_mod; 27 | 28 | #endif /* __SERVICE_RTMP_H__ */ 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_smtp.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_SMTP_H__ 23 | #define __SERVICE_SMTP_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule smtp_service_mod; 28 | 29 | #endif /* __SERVICE_SMTP_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_snmp.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_SNMP_H__ 23 | #define __SERVICE_SNMP_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule snmp_service_mod; 28 | 29 | #endif /* __SERVICE_SNMP_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_ssh.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_SSH_H__ 23 | #define __SERVICE_SSH_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule ssh_service_mod; 28 | 29 | #endif /* __SERVICE_SSH_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_telnet.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_TELNET_H__ 23 | #define __SERVICE_TELNET_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule telnet_service_mod; 28 | 29 | #endif /* __SERVICE_TELNET_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/service_plugins/service_tftp.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __SERVICE_TFTP_H__ 23 | #define __SERVICE_TFTP_H__ 24 | 25 | #include "service_api.h" 26 | 27 | extern tRNAServiceValidationModule tftp_service_mod; 28 | 29 | #endif /* __SERVICE_TFTP_H__ */ 30 | 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/spp_appid.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef _SPP_APPID_H 23 | #define _SPP_APPID_H 24 | 25 | void SetupAppId(void); 26 | 27 | #endif 28 | 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/thirdparty_appid_utils.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef _THIRDPARTY_APPID_UTILS_H_ 22 | #define _THIRDPARTY_APPID_UTILS_H_ 23 | 24 | #include "thirdparty_appid_api.h" 25 | #include "appIdConfig.h" 26 | 27 | extern ThirdPartyAppIDModule* thirdparty_appid_module; //NULL means no 3rd party AppID module 28 | 29 | void ThirdPartyAppIDInit(struct AppidStaticConfig *appidStaticConfig); 30 | void ThirdPartyAppIDFini(void); 31 | 32 | #endif 33 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/util/OutputFile.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #ifndef __OUTPUT_FILE__ 23 | #define __OUTPUT_FILE__ 24 | 25 | #include 26 | #include 27 | 28 | FILE *openOutputFile(const char * const filename, time_t tstamp); 29 | FILE *rolloverOutputFile(const char * const filename, FILE * const oldfp, time_t tstamp); 30 | 31 | #endif /* __OUTPUT_FILE__ */ 32 | 33 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/appid/util/common_util.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | 22 | #include 23 | time_t packetTimeOffset; 24 | time_t packetTime; 25 | int packetTimeOffsetSet; 26 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/dnp3/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include -I${srcdir}/../libs 5 | 6 | dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | dynamicpreprocessor_LTLIBRARIES = libsf_dnp3_preproc.la 9 | 10 | libsf_dnp3_preproc_la_LDFLAGS = -export-dynamic -module @XCCFLAGS@ 11 | if SO_WITH_STATIC_LIB 12 | libsf_dnp3_preproc_la_LIBADD = ../libsf_dynamic_preproc.la 13 | else 14 | nodist_libsf_dnp3_preproc_la_SOURCES = \ 15 | ../include/sf_dynamic_preproc_lib.c \ 16 | ../include/sfPolicyUserData.c \ 17 | ../include/mempool.c \ 18 | ../include/sf_sdlist.c 19 | endif 20 | 21 | libsf_dnp3_preproc_la_SOURCES = \ 22 | spp_dnp3.c \ 23 | spp_dnp3.h \ 24 | dnp3_paf.c \ 25 | dnp3_paf.h \ 26 | dnp3_reassembly.c \ 27 | dnp3_reassembly.h \ 28 | dnp3_roptions.c \ 29 | dnp3_roptions.h \ 30 | dnp3_map.c \ 31 | dnp3_map.h 32 | 33 | EXTRA_DIST = \ 34 | sf_dnp3.dsp 35 | 36 | all-local: $(LTLIBRARIES) 37 | $(MAKE) DESTDIR=`pwd`/../build install-dynamicpreprocessorLTLIBRARIES 38 | 39 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/dns/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include -I${srcdir}/../libs 5 | 6 | dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | dynamicpreprocessor_LTLIBRARIES = libsf_dns_preproc.la 9 | 10 | libsf_dns_preproc_la_LDFLAGS = -export-dynamic -module @XCCFLAGS@ 11 | if SO_WITH_STATIC_LIB 12 | libsf_dns_preproc_la_LIBADD = ../libsf_dynamic_preproc.la 13 | else 14 | nodist_libsf_dns_preproc_la_SOURCES = \ 15 | ../include/sf_dynamic_preproc_lib.c \ 16 | ../include/sfPolicyUserData.c 17 | endif 18 | 19 | libsf_dns_preproc_la_SOURCES = \ 20 | spp_dns.c \ 21 | spp_dns.h 22 | 23 | EXTRA_DIST = \ 24 | sf_dns.dsp 25 | 26 | all-local: $(LTLIBRARIES) 27 | $(MAKE) DESTDIR=`pwd`/../build install-dynamicpreprocessorLTLIBRARIES 28 | 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/file/file_event_log.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2013-2013 Sourcefire, Inc. 4 | ** 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | ** 21 | ** Author(s): Hui Cao 22 | ** 23 | ** NOTES 24 | ** 9.25.2012 - Initial Source Code. Hcao 25 | */ 26 | 27 | #ifndef _FILE_EVENT_LOG_H_ 28 | #define _FILE_EVENT_LOG_H_ 29 | 30 | #include "file_api.h" 31 | 32 | #endif 33 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/ftptelnet/hi_util_xmalloc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * util.h 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License Version 2 as 6 | * published by the Free Software Foundation. You may not use, modify or 7 | * distribute this program under any other version of the GNU General 8 | * Public License. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | * 19 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 20 | * Copyright (C) 2005-2013 Sourcefire, Inc. 21 | * 22 | */ 23 | #ifndef __HI_UTIL_XMALLOC_H__ 24 | #define __HI_UTIL_XMALLOC_H__ 25 | 26 | #ifdef WIN32 27 | 28 | #define snprintf _snprintf 29 | 30 | #else 31 | 32 | #include 33 | 34 | #endif 35 | 36 | 37 | void *xmalloc(size_t byteSize); 38 | char *xstrdup(const char *str); 39 | void xshowmem(void); 40 | void xfree( void * ); 41 | 42 | #endif 43 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/gtp/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include -I${srcdir}/../libs -I$(srcdir)/includes 5 | 6 | dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | dynamicpreprocessor_LTLIBRARIES = libsf_gtp_preproc.la 9 | 10 | libsf_gtp_preproc_la_LDFLAGS = -export-dynamic -module @XCCFLAGS@ 11 | if SO_WITH_STATIC_LIB 12 | libsf_gtp_preproc_la_LIBADD = ../libsf_dynamic_preproc.la 13 | else 14 | nodist_libsf_gtp_preproc_la_SOURCES = \ 15 | ../include/sf_dynamic_preproc_lib.c \ 16 | ../include/sfPolicyUserData.c 17 | endif 18 | 19 | libsf_gtp_preproc_la_SOURCES = \ 20 | spp_gtp.c \ 21 | spp_gtp.h \ 22 | gtp_config.c \ 23 | gtp_config.h \ 24 | gtp_parser.c \ 25 | gtp_parser.h \ 26 | gtp_roptions.c \ 27 | gtp_roptions.h \ 28 | gtp_debug.h 29 | 30 | EXTRA_DIST = \ 31 | sf_gtp.dsp 32 | 33 | 34 | all-local: $(LTLIBRARIES) 35 | $(MAKE) DESTDIR=`pwd`/../build install-dynamicpreprocessorLTLIBRARIES 36 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/imap/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include -I${srcdir}/../ssl_common -I${srcdir}/../libs 5 | 6 | dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | dynamicpreprocessor_LTLIBRARIES = libsf_imap_preproc.la 9 | 10 | libsf_imap_preproc_la_LDFLAGS = -export-dynamic -module @XCCFLAGS@ 11 | if SO_WITH_STATIC_LIB 12 | libsf_imap_preproc_la_LIBADD = ../libsf_dynamic_preproc.la 13 | else 14 | nodist_libsf_imap_preproc_la_SOURCES = \ 15 | ../include/sf_dynamic_preproc_lib.c \ 16 | ../include/mempool.c \ 17 | ../include/sf_sdlist.c \ 18 | ../include/sf_base64decode.c \ 19 | ../include/util_unfold.c \ 20 | ../include/sf_email_attach_decode.c \ 21 | ../include/sfPolicyUserData.c \ 22 | ../ssl_common/ssl.c \ 23 | ../ssl_common/ssl_config.c \ 24 | ../ssl_common/ssl_inspect.c \ 25 | ../libs/sfparser.c 26 | endif 27 | 28 | libsf_imap_preproc_la_SOURCES = \ 29 | imap_config.c \ 30 | imap_config.h \ 31 | imap_log.c \ 32 | imap_log.h \ 33 | imap_util.c \ 34 | imap_util.h \ 35 | imap_paf.c \ 36 | imap_paf.h \ 37 | snort_imap.c \ 38 | snort_imap.h \ 39 | spp_imap.c \ 40 | spp_imap.h 41 | 42 | EXTRA_DIST = \ 43 | sf_imap.dsp 44 | 45 | all-local: $(LTLIBRARIES) 46 | $(MAKE) DESTDIR=`pwd`/../build install-dynamicpreprocessorLTLIBRARIES 47 | 48 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/imap/spp_imap.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * spp_imap.h 4 | * 5 | * This program is free software; you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License Version 2 as 7 | * published by the Free Software Foundation. You may not use, modify or 8 | * distribute this program under any other version of the GNU General 9 | * Public License. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | * 20 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 21 | * Copyright (C) 2011-2013 Sourcefire, Inc. 22 | * 23 | * Author: Bhagyashree Bantwal 24 | * 25 | * Description: 26 | * 27 | * This file defines the publicly available functions for the IMAP 28 | * functionality for Snort. 29 | * 30 | */ 31 | 32 | #ifndef __SPP_IMAP_H__ 33 | #define __SPP_IMAP_H__ 34 | 35 | void SetupIMAP(void); 36 | 37 | #endif 38 | 39 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/libs/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | EXTRA_DIST = \ 4 | sfdynamic_preproc_libs.dsp \ 5 | sfparser.c \ 6 | sfcommon.h \ 7 | sf_preproc_info.h \ 8 | snort_preproc.pc.in 9 | 10 | if SO_WITH_STATIC_LIB 11 | 12 | pkgconfigdir = $(libdir)/pkgconfig 13 | pkgconfig_DATA = snort_preproc.pc 14 | 15 | endif 16 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/libs/snort_preproc.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | bindir=@bindir@ 4 | libdir=@libdir@ 5 | package=@PACKAGE@ 6 | includedir=@includedir@ 7 | datarootdir=@datarootdir@ 8 | datadir=@datadir@ 9 | mandir=@infodir@ 10 | infodir=@infodir@ 11 | 12 | Name: Snort 13 | Description: Snort dynamic preprocessors 14 | URL: www.snort.org 15 | Version: @VERSION@ 16 | Libs: -L${libdir}/${package}/dynamic_preproc -lsf_dynamic_preproc 17 | Cflags: -I${includedir}/${package}/dynamic_preproc @CONFIGFLAGS@ @CCONFIGFLAGS@ @ICONFIGFLAGS@ 18 | 19 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/modbus/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include -I${srcdir}/../libs 5 | 6 | dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | dynamicpreprocessor_LTLIBRARIES = libsf_modbus_preproc.la 9 | 10 | libsf_modbus_preproc_la_LDFLAGS = -export-dynamic -module @XCCFLAGS@ 11 | if SO_WITH_STATIC_LIB 12 | libsf_modbus_preproc_la_LIBADD = ../libsf_dynamic_preproc.la 13 | else 14 | nodist_libsf_modbus_preproc_la_SOURCES = \ 15 | ../include/sf_dynamic_preproc_lib.c \ 16 | ../include/sfPolicyUserData.c 17 | endif 18 | 19 | libsf_modbus_preproc_la_SOURCES = \ 20 | spp_modbus.c \ 21 | spp_modbus.h \ 22 | modbus_decode.c \ 23 | modbus_decode.h \ 24 | modbus_roptions.c \ 25 | modbus_roptions.h \ 26 | modbus_paf.c \ 27 | modbus_paf.h 28 | 29 | EXTRA_DIST = \ 30 | sf_modbus.dsp 31 | 32 | all-local: $(LTLIBRARIES) 33 | $(MAKE) DESTDIR=`pwd`/../build install-dynamicpreprocessorLTLIBRARIES 34 | 35 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/pop/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include -I${srcdir}/../ssl_common -I${srcdir}/../libs 5 | 6 | dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | dynamicpreprocessor_LTLIBRARIES = libsf_pop_preproc.la 9 | 10 | libsf_pop_preproc_la_LDFLAGS = -export-dynamic -module @XCCFLAGS@ 11 | if SO_WITH_STATIC_LIB 12 | libsf_pop_preproc_la_LIBADD = ../libsf_dynamic_preproc.la 13 | else 14 | nodist_libsf_pop_preproc_la_SOURCES = \ 15 | ../include/sf_dynamic_preproc_lib.c \ 16 | ../include/mempool.c \ 17 | ../include/sf_sdlist.c \ 18 | ../include/util_unfold.c \ 19 | ../include/sf_base64decode.c \ 20 | ../include/sf_email_attach_decode.c \ 21 | ../include/sfPolicyUserData.c \ 22 | ../ssl_common/ssl.c \ 23 | ../ssl_common/ssl_config.c \ 24 | ../ssl_common/ssl_inspect.c \ 25 | ../libs/sfparser.c 26 | endif 27 | 28 | libsf_pop_preproc_la_SOURCES = \ 29 | pop_config.c \ 30 | pop_config.h \ 31 | pop_log.c \ 32 | pop_log.h \ 33 | pop_paf.c \ 34 | pop_paf.h \ 35 | pop_util.c \ 36 | pop_util.h \ 37 | snort_pop.c \ 38 | snort_pop.h \ 39 | spp_pop.c \ 40 | spp_pop.h 41 | 42 | EXTRA_DIST = \ 43 | sf_pop.dsp 44 | 45 | all-local: $(LTLIBRARIES) 46 | $(MAKE) DESTDIR=`pwd`/../build install-dynamicpreprocessorLTLIBRARIES 47 | 48 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/pop/spp_pop.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * spp_pop.h 4 | * 5 | * This program is free software; you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License Version 2 as 7 | * published by the Free Software Foundation. You may not use, modify or 8 | * distribute this program under any other version of the GNU General 9 | * Public License. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | * 20 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 21 | * Copyright (C) 2011-2013 Sourcefire, Inc. 22 | * 23 | * Author: Bhagyashree Bantwal 24 | * 25 | * Description: 26 | * 27 | * This file defines the publicly available functions for the POP 28 | * functionality for Snort. 29 | * 30 | */ 31 | 32 | #ifndef __SPP_POP_H__ 33 | #define __SPP_POP_H__ 34 | 35 | void SetupPOP(void); 36 | 37 | #endif 38 | 39 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/reputation/shmem/sflinux_helpers.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | /**************************************************************************** 3 | * 4 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 5 | * Copyright (C) 2011-2013 Sourcefire, Inc. 6 | * 7 | * This program is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License Version 2 as 9 | * published by the Free Software Foundation. You may not use, modify or 10 | * distribute this program under any other version of the GNU General 11 | * Public License. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with this program; if not, write to the Free Software 20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | * 22 | ****************************************************************************/ 23 | 24 | // @file sflinux_helpers.h 25 | // @author Pramod Chandrashekar 26 | 27 | #ifndef _SFLINUX_HELPERS_H_ 28 | #define _SFLINUX_HELPERS_H_ 29 | 30 | int CheckNumaNodes(void); 31 | 32 | #endif 33 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/sdf/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include -I${srcdir}/../libs 5 | 6 | dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | dynamicpreprocessor_LTLIBRARIES = libsf_sdf_preproc.la 9 | 10 | libsf_sdf_preproc_la_LDFLAGS = -export-dynamic -module @XCCFLAGS@ 11 | if SO_WITH_STATIC_LIB 12 | libsf_sdf_preproc_la_LIBADD = ../libsf_dynamic_preproc.la 13 | else 14 | nodist_libsf_sdf_preproc_la_SOURCES = \ 15 | ../include/sf_dynamic_preproc_lib.c \ 16 | ../include/sfPolicyUserData.c 17 | endif 18 | 19 | libsf_sdf_preproc_la_SOURCES = \ 20 | spp_sdf.c \ 21 | spp_sdf.h \ 22 | sdf_pattern_match.c \ 23 | sdf_pattern_match.h \ 24 | sdf_credit_card.c \ 25 | sdf_credit_card.h \ 26 | sdf_us_ssn.c \ 27 | sdf_us_ssn.h \ 28 | sdf_detection_option.c \ 29 | sdf_detection_option.h 30 | 31 | EXTRA_DIST = \ 32 | sf_sdf.dsp 33 | 34 | all-local: $(LTLIBRARIES) 35 | $(MAKE) DESTDIR=`pwd`/../build install-dynamicpreprocessorLTLIBRARIES 36 | 37 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/sdf/sdf_credit_card.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2009-2013 Sourcefire, Inc. 4 | ** 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | #ifndef SDF_CREDIT_CARD__H 23 | #define SDF_CREDIT_CARD__H 24 | 25 | #include 26 | #include "spp_sdf.h" 27 | 28 | #define ISSUER_SIZE 4 29 | #define CC_COPY_BUF_LEN 20 /* 16 digits + 3 spaces/dashes + null */ 30 | #define MIN_CC_BUF_LEN 15 /* 13 digits + 2 surrounding non-digits */ 31 | 32 | int SDFLuhnAlgorithm(char *buf, uint32_t buflen, struct _SDFConfig *config); 33 | 34 | #endif /* SDF_CREDIT_CARD__H */ 35 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/sdf/sdf_us_ssn.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2009-2013 Sourcefire, Inc. 4 | ** 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | #ifndef SDF_US_SSN__H 23 | #define SDF_US_SSN__H 24 | 25 | struct _SDFConfig; /* Forward declaration of SDFConfig */ 26 | 27 | int SDFSocialCheck(char *buf, uint32_t buflen, struct _SDFConfig *config); 28 | int ParseSSNGroups(char *filename, struct _SDFConfig *config); 29 | int SSNSetDefaultGroups(struct _SDFConfig *config); 30 | 31 | #endif /* SDF_US_SSN__H */ 32 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/sip/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include -I${srcdir}/../libs -I$(srcdir)/includes 5 | 6 | dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | dynamicpreprocessor_LTLIBRARIES = libsf_sip_preproc.la 9 | 10 | libsf_sip_preproc_la_LDFLAGS = -export-dynamic -module @XCCFLAGS@ 11 | if SO_WITH_STATIC_LIB 12 | libsf_sip_preproc_la_LIBADD = ../libsf_dynamic_preproc.la 13 | else 14 | nodist_libsf_sip_preproc_la_SOURCES = \ 15 | ../include/sf_dynamic_preproc_lib.c \ 16 | ../include/sf_ip.c \ 17 | ../include/sfPolicyUserData.c 18 | endif 19 | 20 | libsf_sip_preproc_la_SOURCES = \ 21 | spp_sip.c \ 22 | spp_sip.h \ 23 | sip_config.c \ 24 | sip_config.h \ 25 | sip_parser.c \ 26 | sip_parser.h \ 27 | sip_dialog.c \ 28 | sip_dialog.h \ 29 | sip_roptions.c \ 30 | sip_roptions.h \ 31 | sip_utils.c \ 32 | sip_utils.h \ 33 | sip_debug.h \ 34 | sip_paf.c \ 35 | sip_paf.h 36 | 37 | EXTRA_DIST = \ 38 | sf_sip.dsp 39 | 40 | all-local: $(LTLIBRARIES) 41 | $(MAKE) DESTDIR=`pwd`/../build install-dynamicpreprocessorLTLIBRARIES 42 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/smtp/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include -I${srcdir}/../ssl_common -I${srcdir}/../libs 5 | 6 | dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | dynamicpreprocessor_LTLIBRARIES = libsf_smtp_preproc.la 9 | 10 | libsf_smtp_preproc_la_LDFLAGS = -export-dynamic -module @XCCFLAGS@ 11 | if SO_WITH_STATIC_LIB 12 | libsf_smtp_preproc_la_LIBADD = ../libsf_dynamic_preproc.la 13 | else 14 | nodist_libsf_smtp_preproc_la_SOURCES = \ 15 | ../include/sf_dynamic_preproc_lib.c \ 16 | ../include/mempool.c \ 17 | ../include/sf_sdlist.c \ 18 | ../include/sf_base64decode.c \ 19 | ../include/util_unfold.c \ 20 | ../include/sf_email_attach_decode.c \ 21 | ../include/sfPolicyUserData.c \ 22 | ../ssl_common/ssl.c \ 23 | ../ssl_common/ssl_ha.c \ 24 | ../ssl_common/ssl_config.c \ 25 | ../ssl_common/ssl_inspect.c \ 26 | ../libs/sfparser.c 27 | 28 | endif 29 | 30 | libsf_smtp_preproc_la_SOURCES = \ 31 | smtp_config.c \ 32 | smtp_config.h \ 33 | smtp_log.c \ 34 | smtp_log.h \ 35 | smtp_normalize.c \ 36 | smtp_normalize.h \ 37 | smtp_util.c \ 38 | smtp_util.h \ 39 | smtp_xlink2state.c \ 40 | smtp_xlink2state.h \ 41 | smtp_paf.c \ 42 | smtp_paf.h \ 43 | snort_smtp.c \ 44 | snort_smtp.h \ 45 | spp_smtp.c \ 46 | spp_smtp.h 47 | 48 | EXTRA_DIST = \ 49 | sf_smtp.dsp 50 | 51 | all-local: $(LTLIBRARIES) 52 | $(MAKE) DESTDIR=`pwd`/../build install-dynamicpreprocessorLTLIBRARIES 53 | 54 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/smtp/smtp_normalize.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * smtp_normalize.h 4 | * 5 | * This program is free software; you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License Version 2 as 7 | * published by the Free Software Foundation. You may not use, modify or 8 | * distribute this program under any other version of the GNU General 9 | * Public License. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | * 20 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 21 | * Copyright (C) 2005-2013 Sourcefire, Inc. 22 | * 23 | * Author: Andy Mullican 24 | * 25 | */ 26 | 27 | #ifndef __SMTP_NORMALIZE_H__ 28 | #define __SMTP_NORMALIZE_H__ 29 | 30 | #include "sf_snort_packet.h" 31 | 32 | int SMTP_NormalizeCmd(SFSnortPacket *, const uint8_t *, const uint8_t *, const uint8_t *); 33 | 34 | #endif 35 | 36 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/smtp/spp_smtp.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * spp_smtp.h 4 | * 5 | * This program is free software; you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License Version 2 as 7 | * published by the Free Software Foundation. You may not use, modify or 8 | * distribute this program under any other version of the GNU General 9 | * Public License. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | * 20 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 21 | * Copyright (C) 2005-2013 Sourcefire, Inc. 22 | * 23 | * Author: Andy Mullican 24 | * 25 | * Description: 26 | * 27 | * This file defines the publicly available functions for the SMTP 28 | * functionality for Snort. 29 | * 30 | */ 31 | 32 | #ifndef __SPP_SMTP_H__ 33 | #define __SPP_SMTP_H__ 34 | 35 | void SetupSMTP(void); 36 | 37 | #endif 38 | 39 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/ssh/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include -I${srcdir}/../libs 5 | 6 | dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | dynamicpreprocessor_LTLIBRARIES = libsf_ssh_preproc.la 9 | 10 | libsf_ssh_preproc_la_LDFLAGS = -export-dynamic -module @XCCFLAGS@ 11 | if SO_WITH_STATIC_LIB 12 | libsf_ssh_preproc_la_LIBADD = ../libsf_dynamic_preproc.la 13 | else 14 | nodist_libsf_ssh_preproc_la_SOURCES = \ 15 | ../include/sf_dynamic_preproc_lib.c \ 16 | ../include/sfPolicyUserData.c 17 | endif 18 | 19 | libsf_ssh_preproc_la_SOURCES = \ 20 | spp_ssh.c \ 21 | spp_ssh.h 22 | 23 | EXTRA_DIST = \ 24 | sf_ssh.dsp 25 | 26 | all-local: $(LTLIBRARIES) 27 | $(MAKE) DESTDIR=`pwd`/../build install-dynamicpreprocessorLTLIBRARIES 28 | 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/ssl/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | INCLUDES = -I../include -I${srcdir}/../ssl_common -I${srcdir}/../libs -I${srcdir}/../libs/ssl_common 5 | 6 | dynamicpreprocessordir = ${libdir}/snort_dynamicpreprocessor 7 | 8 | dynamicpreprocessor_LTLIBRARIES = libsf_ssl_preproc.la 9 | 10 | libsf_ssl_preproc_la_LDFLAGS = -export-dynamic -module @XCCFLAGS@ 11 | if SO_WITH_STATIC_LIB 12 | libsf_ssl_preproc_la_LIBADD = ../libsf_dynamic_preproc.la 13 | else 14 | nodist_libsf_ssl_preproc_la_SOURCES = \ 15 | ../include/sf_dynamic_preproc_lib.c \ 16 | ../include/sfPolicyUserData.c \ 17 | ../ssl_common/ssl.c \ 18 | ../ssl_common/ssl_config.c \ 19 | ../ssl_common/ssl_inspect.c \ 20 | ../libs/sfparser.c 21 | 22 | endif 23 | 24 | libsf_ssl_preproc_la_SOURCES = \ 25 | ssl_setup.c \ 26 | ssl_setup.h 27 | 28 | EXTRA_DIST = \ 29 | sf_ssl.dsp 30 | 31 | all-local: $(LTLIBRARIES) 32 | $(MAKE) DESTDIR=`pwd`/../build install-dynamicpreprocessorLTLIBRARIES 33 | 34 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/ssl/ssl_setup.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | * Copyright (C) 2007-2013 Sourcefire, Inc. 4 | * 5 | * This program is free software; you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License Version 2 as 7 | * published by the Free Software Foundation. You may not use, modify or 8 | * distribute this program under any other version of the GNU General 9 | * Public License. 10 | * 11 | * This program is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef SSL_SETUP_H 22 | #define SSL_SETUP_H 23 | 24 | #include "ssl_include.h" 25 | #include "ssl_config.h" 26 | 27 | extern void SetupSSLPP(void); 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/dynamic-preprocessors/treenodes.sed: -------------------------------------------------------------------------------- 1 | s/Packet /SFSnortPacket / 2 | s/rules\.h/signature.h/ 3 | /signature.h/ a\ 4 | #include "sf_snort_packet.h" \ 5 | #include "event.h" 6 | s/RspFpList/void/ 7 | s/OutputFuncNode/void/ 8 | s/TagData/void/ 9 | s/RuleType/int/ 10 | s/IpAddrSet/void/ 11 | s/PortObject/void/ 12 | s/ActivateListNode/void/ 13 | s/struct _ListHead/void/ 14 | /sfutil\/sfghash\.h/d 15 | /sf_types\.h/d 16 | s/SFGHASH/void/g 17 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/file-process/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libfileAPI.a 4 | 5 | libfileAPI_a_SOURCES = \ 6 | file_service.c \ 7 | file_service.h \ 8 | file_service_config.c \ 9 | file_service_config.h \ 10 | file_api.h \ 11 | file_mime_process.c \ 12 | file_mime_process.h \ 13 | file_resume_block.c \ 14 | file_resume_block.h \ 15 | file_mime_config.c \ 16 | file_mime_config.h \ 17 | file_capture.c \ 18 | file_capture.h \ 19 | file_stats.c \ 20 | file_stats.h \ 21 | file_segment_process.c \ 22 | file_segment_process.h \ 23 | circular_buffer.c \ 24 | circular_buffer.h \ 25 | file_mempool.c \ 26 | file_mempool.h \ 27 | ../sfutil/sf_email_attach_decode.c \ 28 | ../sfutil/sf_email_attach_decode.h \ 29 | file_mail_common.h 30 | 31 | INCLUDES = @INCLUDES@ 32 | 33 | SUBDIRS = libs 34 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/file-process/libs/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libfile.a 4 | 5 | libfile_a_SOURCES = \ 6 | file_lib.c \ 7 | file_lib.h \ 8 | file_config.c \ 9 | file_config.h \ 10 | file_identifier.c \ 11 | file_identifier.h 12 | 13 | INCLUDES = @INCLUDES@ 14 | 15 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/hashstring.h: -------------------------------------------------------------------------------- 1 | 2 | /* $Id$ */ 3 | /* 4 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 5 | ** Copyright (C) 2013 Sourcefire, Inc. 6 | ** 7 | ** This program is free software; you can redistribute it and/or modify 8 | ** it under the terms of the GNU General Public License Version 2 as 9 | ** published by the Free Software Foundation. You may not use, modify or 10 | ** distribute this program under any other version of the GNU General 11 | ** Public License. 12 | ** 13 | ** This program is distributed in the hope that it will be useful, 14 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | ** GNU General Public License for more details. 17 | ** 18 | ** You should have received a copy of the GNU General Public License 19 | ** along with this program; if not, write to the Free Software 20 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | */ 22 | 23 | #ifndef __HASHSTRING_H__ 24 | #define __HASHSTRING_H__ 25 | 26 | #include "sf_sechash.h" 27 | 28 | /* D E F I N E S *******************************************************/ 29 | 30 | /* P R O T O T Y P E S *************************************************/ 31 | int hashSearchFixed(const char *, int, const Secure_Hash_Type type, const char *); 32 | 33 | #endif /* __HASHSTRING_H__ */ 34 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/idle_processing.h: -------------------------------------------------------------------------------- 1 | /**************************************************************************** 2 | * 3 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 4 | * Copyright (C) 2011-2013 Sourcefire, Inc. 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License Version 2 as 8 | * published by the Free Software Foundation. You may not use, modify or 9 | * distribute this program under any other version of the GNU General 10 | * Public License. 11 | * 12 | * This program is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | * 21 | ****************************************************************************/ 22 | 23 | #ifndef _IDLE_PROCESSING_H 24 | #define _IDLE_PROCESSING_H 25 | 26 | typedef void (*IdleProcessingHandler)(void); 27 | 28 | #endif /* _IDLE_PROCESSING_H */ 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/output-plugins/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | noinst_LIBRARIES = libspo.a 5 | 6 | libspo_a_SOURCES = spo_alert_fast.c spo_alert_fast.h \ 7 | spo_alert_full.c spo_alert_full.h \ 8 | spo_alert_syslog.c spo_alert_syslog.h \ 9 | spo_alert_unixsock.c spo_alert_unixsock.h \ 10 | spo_csv.c spo_csv.h \ 11 | spo_log_null.c spo_log_null.h \ 12 | spo_log_tcpdump.c spo_log_tcpdump.h \ 13 | spo_unified2.c spo_unified2.h \ 14 | spo_log_ascii.c spo_log_ascii.h \ 15 | spo_alert_sf_socket.h spo_alert_sf_socket.c \ 16 | spo_alert_test.c spo_alert_test.h 17 | 18 | INCLUDES = @INCLUDES@ 19 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/output-plugins/spo_alert_sf_socket.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2003-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef __SPO_ALERT_SF_SOCKET_H__ 22 | #define __SPO_ALERT_SF_SOCKET_H__ 23 | 24 | void AlertSFSocket_Setup(void); 25 | 26 | #endif /* __SPO_ALERT_SF_SOCKET_H__ */ 27 | 28 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/output-plugins/spo_alert_test.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2007-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | /* $Id$ */ 22 | 23 | /* This file gets included in plugbase.h when it is integrated into the rest 24 | * of the program. Sometime in The Future, I'll whip up a bad ass Perl script 25 | * to handle automatically loading all the required info into the plugbase.* 26 | * files. 27 | */ 28 | 29 | #ifndef __SPO_ALERT_TEST_H__ 30 | #define __SPO_ALERT_TEST_H__ 31 | 32 | void AlertTestSetup(void); 33 | 34 | #endif /* __SPO_ALERT_FAST_H__ */ 35 | 36 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/output-plugins/spo_log_ascii.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** 5 | ** Author(s): Andrew R. Baker 6 | ** 7 | ** 8 | ** This program is free software; you can redistribute it and/or modify 9 | ** it under the terms of the GNU General Public License Version 2 as 10 | ** published by the Free Software Foundation. You may not use, modify or 11 | ** distribute this program under any other version of the GNU General 12 | ** Public License. 13 | ** 14 | ** This program is distributed in the hope that it will be useful, 15 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | ** GNU General Public License for more details. 18 | ** 19 | ** You should have received a copy of the GNU General Public License 20 | ** along with this program; if not, write to the Free Software 21 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 22 | */ 23 | 24 | /* $Id$ */ 25 | 26 | 27 | #ifndef __SPO_LOG_ASCII_H__ 28 | #define __SPO_LOG_ASCII_H__ 29 | 30 | void LogAsciiSetup(void); 31 | 32 | #endif /* __SPO_LOG_ASCII_H__ */ 33 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/output-plugins/spo_log_null.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | 24 | 25 | #ifndef __SPO_LOG_NULL_H__ 26 | #define __SPO_LOG_NULL_H__ 27 | 28 | void LogNullSetup(void); 29 | 30 | #endif /* __SPO_LOG_NULL_H__ */ 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/parser/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libparser.a 4 | 5 | libparser_a_SOURCES = IpAddrSet.c IpAddrSet.h 6 | 7 | INCLUDES = @INCLUDES@ 8 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/HttpInspect/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | noinst_LIBRARIES = libhttp_inspect.a 5 | 6 | libhttp_inspect_a_SOURCES = 7 | 8 | SUBDIRS = include utils user_interface session_inspection mode_inspection \ 9 | anomaly_detection event_output server client normalization files 10 | 11 | libhttp_inspect_a_LIBADD = \ 12 | user_interface/hi_ui_config.o \ 13 | user_interface/hi_ui_server_lookup.o \ 14 | user_interface/hi_ui_iis_unicode_map.o \ 15 | session_inspection/hi_si.o \ 16 | mode_inspection/hi_mi.o \ 17 | anomaly_detection/hi_ad.o \ 18 | utils/hi_util_kmap.o \ 19 | utils/hi_util_xmalloc.o \ 20 | utils/hi_util_hbm.o \ 21 | utils/hi_cmd_lookup.o \ 22 | utils/hi_paf.o \ 23 | files/file_decomp.o \ 24 | files/file_decomp_SWF.o \ 25 | files/file_decomp_PDF.o \ 26 | event_output/hi_eo_log.o \ 27 | client/hi_client.o \ 28 | client/hi_client_norm.o \ 29 | server/hi_server.o \ 30 | server/hi_server_norm.o \ 31 | normalization/hi_norm.o 32 | 33 | INCLUDES = @INCLUDES@ 34 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/HttpInspect/anomaly_detection/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libhi_ad.a 4 | 5 | libhi_ad_a_SOURCES = \ 6 | hi_ad.c 7 | 8 | INCLUDES = @INCLUDES@ 9 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/HttpInspect/client/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libhi_client.a 4 | 5 | libhi_client_a_SOURCES = \ 6 | hi_client.c \ 7 | hi_client_norm.c 8 | 9 | INCLUDES = @INCLUDES@ 10 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/HttpInspect/event_output/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libhi_eo.a 4 | 5 | libhi_eo_a_SOURCES = \ 6 | hi_eo_log.c 7 | 8 | INCLUDES = @INCLUDES@ 9 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/HttpInspect/files/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libhi_files.a 4 | 5 | libhi_files_a_SOURCES = \ 6 | file_decomp.c \ 7 | file_decomp_SWF.c \ 8 | file_decomp_PDF.c 9 | 10 | INCLUDES = @INCLUDES@ 11 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/HttpInspect/include/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | EXTRA_DIST = \ 4 | hi_ad.h \ 5 | hi_client.h \ 6 | hi_client_norm.h \ 7 | hi_client_stateful.h \ 8 | hi_eo_events.h \ 9 | hi_eo.h \ 10 | hi_eo_log.h \ 11 | hi_paf.h \ 12 | hi_include.h \ 13 | hi_mi.h \ 14 | hi_norm.h \ 15 | hi_reqmethod_check.h \ 16 | hi_return_codes.h \ 17 | hi_server.h \ 18 | hi_server_norm.h \ 19 | hi_si.h \ 20 | hi_stateful_inspect.h \ 21 | hi_ui_config.h \ 22 | hi_cmd_lookup.h \ 23 | hi_ui_iis_unicode_map.h \ 24 | hi_ui_server_lookup.h \ 25 | hi_uri.h \ 26 | hi_util.h \ 27 | hi_util_hbm.h \ 28 | hi_util_kmap.h \ 29 | hi_util_xmalloc.h \ 30 | file_decomp.h \ 31 | file_decomp_PDF.h \ 32 | file_decomp_SWF.h 33 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/HttpInspect/mode_inspection/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libhi_mi.a 4 | 5 | libhi_mi_a_SOURCES = \ 6 | hi_mi.c 7 | 8 | INCLUDES = @INCLUDES@ 9 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/HttpInspect/normalization/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libhi_norm.a 4 | 5 | libhi_norm_a_SOURCES = \ 6 | hi_norm.c 7 | 8 | INCLUDES = @INCLUDES@ 9 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/HttpInspect/server/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libhi_server.a 4 | 5 | libhi_server_a_SOURCES = \ 6 | hi_server.c \ 7 | hi_server_norm.c 8 | 9 | INCLUDES = @INCLUDES@ 10 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/HttpInspect/session_inspection/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libhi_si.a 4 | 5 | libhi_si_a_SOURCES = \ 6 | hi_si.c 7 | 8 | INCLUDES = @INCLUDES@ 9 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/HttpInspect/user_interface/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libhi_ui.a 4 | 5 | libhi_ui_a_SOURCES = \ 6 | hi_ui_config.c \ 7 | hi_ui_server_lookup.c \ 8 | hi_ui_iis_unicode_map.c 9 | 10 | INCLUDES = @INCLUDES@ 11 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/HttpInspect/utils/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libhi_utils.a 4 | 5 | libhi_utils_a_SOURCES = \ 6 | hi_util_kmap.c \ 7 | hi_util_xmalloc.c \ 8 | hi_util_hbm.c \ 9 | hi_cmd_lookup.c \ 10 | hi_paf.c 11 | 12 | INCLUDES = @INCLUDES@ 13 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | noinst_LIBRARIES = libspp.a 5 | 6 | SUBDIRS = HttpInspect Stream6 Session 7 | 8 | if BUILD_PROCPIDSTATS 9 | PROCPIDSTATS_SOURCE = sfprocpidstats.c sfprocpidstats.h 10 | endif 11 | 12 | libspp_a_SOURCES = spp_arpspoof.c spp_arpspoof.h spp_bo.c spp_bo.h \ 13 | spp_rpc_decode.c spp_rpc_decode.h \ 14 | spp_perfmonitor.c spp_perfmonitor.h \ 15 | perf.c perf.h \ 16 | perf-base.c perf-base.h \ 17 | perf-flow.c perf-flow.h \ 18 | perf-event.c perf-event.h \ 19 | perf_indicators.c perf_indicators.h \ 20 | $(PROCPIDSTATS_SOURCE) \ 21 | spp_httpinspect.c spp_httpinspect.h \ 22 | snort_httpinspect.c snort_httpinspect.h \ 23 | portscan.c portscan.h \ 24 | spp_sfportscan.c spp_sfportscan.h \ 25 | spp_frag3.c spp_frag3.h \ 26 | str_search.c str_search.h \ 27 | spp_stream6.c spp_stream6.h \ 28 | spp_session.c spp_session.h \ 29 | session_api.c session_api.h \ 30 | stream_api.c stream_api.h \ 31 | spp_normalize.c spp_normalize.h \ 32 | normalize.c normalize.h \ 33 | sip_common.h 34 | 35 | 36 | INCLUDES = @INCLUDES@ 37 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/Session/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | noinst_LIBRARIES = libsession.a 5 | 6 | libsession_a_SOURCES = \ 7 | snort_session.c \ 8 | snort_session.h \ 9 | session_common.c \ 10 | session_common.h \ 11 | session_expect.c \ 12 | session_expect.h 13 | 14 | libsession_a_LIBADD = \ 15 | session_common.o \ 16 | session_expect.o 17 | 18 | if BUILD_HA 19 | libsession_a_SOURCES += \ 20 | stream5_ha.c \ 21 | stream5_ha.h 22 | libsession_a_LIBADD += \ 23 | stream5_ha.o 24 | endif 25 | 26 | INCLUDES = @INCLUDES@ 27 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/Stream6/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | noinst_LIBRARIES = libstream6.a 5 | 6 | libstream6_a_SOURCES = \ 7 | snort_stream_tcp.c \ 8 | snort_stream_tcp.h \ 9 | snort_stream_udp.c \ 10 | snort_stream_udp.h \ 11 | snort_stream_icmp.c \ 12 | snort_stream_icmp.h \ 13 | snort_stream_ip.c \ 14 | snort_stream_ip.h \ 15 | stream_paf.c \ 16 | stream_paf.h \ 17 | stream_common.c \ 18 | stream_common.h 19 | 20 | libstream6_a_LIBADD = \ 21 | snort_stream_tcp.o \ 22 | snort_stream_udp.o \ 23 | snort_stream_icmp.o \ 24 | snort_stream_ip.o \ 25 | stream_paf.o \ 26 | stream_common.o 27 | 28 | INCLUDES = @INCLUDES@ 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/spp_arpspoof.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | /* 3 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 4 | ** Copyright (C) 2003-2013 Sourcefire, Inc. 5 | ** Copyright (C) 2001-2003 Jeff Nathan 6 | ** 7 | ** This program is free software; you can redistribute it and/or modify 8 | ** it under the terms of the GNU General Public License Version 2 as 9 | ** published by the Free Software Foundation. You may not use, modify or 10 | ** distribute this program under any other version of the GNU General 11 | ** Public License. 12 | ** 13 | ** This program is distributed in the hope that it will be useful, 14 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | ** GNU General Public License for more details. 17 | ** 18 | ** You should have received a copy of the GNU General Public License 19 | ** along with this program; if not, write to the Free Software 20 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | */ 22 | 23 | /* Snort ARPspoof Preprocessor Plugin 24 | * by Jeff Nathan 25 | * Version 0.1.3 26 | */ 27 | 28 | 29 | #ifndef __SPP_ARPSPOOF_H__ 30 | #define __SPP_ARPSPOOF_H__ 31 | 32 | void SetupARPspoof(void); 33 | 34 | #endif /* __SPP_ARPSPOOF_H__ */ 35 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/spp_bo.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | /* Snort Back Orifice Preprocessor Plugin */ 24 | 25 | 26 | #ifndef __SPP_BO_H__ 27 | #define __SPP_BO_H__ 28 | 29 | void SetupBo(void); 30 | 31 | #endif /* __SPP_BO_H__ */ 32 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/spp_httpinspect.h: -------------------------------------------------------------------------------- 1 | /**************************************************************************** 2 | * 3 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 4 | * Copyright (C) 2003-2013 Sourcefire, Inc. 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License Version 2 as 8 | * published by the Free Software Foundation. You may not use, modify or 9 | * distribute this program under any other version of the GNU General 10 | * Public License. 11 | * 12 | * This program is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | * 21 | ****************************************************************************/ 22 | 23 | /** 24 | ** @file spp_httpinspect.h 25 | ** 26 | ** @author Daniel Roelker 27 | */ 28 | #ifndef __SPP_HTTPINSPECT_H__ 29 | #define __SPP_HTTPINSPECT_H__ 30 | 31 | void SetupHttpInspect(void); 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/spp_perfmonitor.h: -------------------------------------------------------------------------------- 1 | /* $Id$ 2 | ** 3 | ** spp_perfmonitor.h 4 | ** 5 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 6 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 7 | ** Marc Norton 8 | ** Dan Roelker 9 | ** 10 | ** NOTES 11 | ** 6.4.02 - Initial Source Code. Norton/Roelker 12 | ** 13 | ** This program is free software; you can redistribute it and/or modify 14 | ** it under the terms of the GNU General Public License Version 2 as 15 | ** published by the Free Software Foundation. You may not use, modify or 16 | ** distribute this program under any other version of the GNU General 17 | ** Public License. 18 | ** 19 | ** This program is distributed in the hope that it will be useful, 20 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 | ** GNU General Public License for more details. 23 | ** 24 | ** You should have received a copy of the GNU General Public License 25 | ** along with this program; if not, write to the Free Software 26 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 27 | ** 28 | */ 29 | 30 | #ifndef _SPP_PERFMONITOR_H_ 31 | #define _SPP_PERFMONITOR_H_ 32 | 33 | void SetupPerfMonitor(void); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/spp_rpc_decode.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 4 | ** Copyright (C) 1998-2002 Martin Roesch 5 | ** 6 | ** This program is free software; you can redistribute it and/or modify 7 | ** it under the terms of the GNU General Public License Version 2 as 8 | ** published by the Free Software Foundation. You may not use, modify or 9 | ** distribute this program under any other version of the GNU General 10 | ** Public License. 11 | ** 12 | ** This program is distributed in the hope that it will be useful, 13 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | ** GNU General Public License for more details. 16 | ** 17 | ** You should have received a copy of the GNU General Public License 18 | ** along with this program; if not, write to the Free Software 19 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | /* $Id$ */ 23 | 24 | #ifndef __SPP_RPC_DECODE_H__ 25 | #define __SPP_RPC_DECODE_H__ 26 | 27 | void SetupRpcDecode(void); 28 | 29 | #endif /* __SPP_RPC_DECODE_H__ */ 30 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/preprocessors/spp_session.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | 3 | /* 4 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 5 | * Copyright (C) 2004-2013 Sourcefire, Inc. 6 | ** 7 | ** Author: davis mcpherson 8 | ** 9 | ** This program is free software; you can redistribute it and/or modify 10 | ** it under the terms of the GNU General Public License Version 2 as 11 | ** published by the Free Software Foundation. You may not use, modify or 12 | ** distribute this program under any other version of the GNU General 13 | ** Public License. 14 | ** 15 | ** This program is distributed in the hope that it will be useful, 16 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | ** GNU General Public License for more details. 19 | ** 20 | ** You should have received a copy of the GNU General Public License 21 | ** along with this program; if not, write to the Free Software 22 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 23 | */ 24 | 25 | #ifndef __SPP_SESSION_H__ 26 | #define __SPP_SESSION_H__ 27 | 28 | #include "decode.h" 29 | #include "session_common.h" 30 | 31 | /* list of function prototypes for this preprocessor */ 32 | void SetupSessionManager(void); 33 | 34 | #endif /* __SPP_SESSION_H__ */ 35 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/sfutil/getopt.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | /* 3 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 4 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 5 | ** Copyright (C) 2002 Martin Roesch 6 | ** 7 | ** This program is free software; you can redistribute it and/or modify 8 | ** it under the terms of the GNU General Public License Version 2 as 9 | ** published by the Free Software Foundation. You may not use, modify or 10 | ** distribute this program under any other version of the GNU General 11 | ** Public License. 12 | ** 13 | ** This program is distributed in the hope that it will be useful, 14 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | ** GNU General Public License for more details. 17 | ** 18 | ** You should have received a copy of the GNU General Public License 19 | ** along with this program; if not, write to the Free Software 20 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | */ 22 | 23 | #ifndef _SNORT_GETOPT_H_ 24 | #define _SNORT_GETOPT_H_ 25 | 26 | #ifdef SNORT_GETOPT 27 | #define _next_char(string) (char)(*(string+1)) 28 | 29 | extern char * optarg; 30 | extern int optind; 31 | 32 | int getopt(int, char**, char*); 33 | 34 | #else 35 | #include 36 | #endif 37 | 38 | #endif /* _SNORT_GETOPT_H_ */ 39 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/sfutil/md5.h: -------------------------------------------------------------------------------- 1 | #include "config.h" 2 | 3 | #ifndef HAVE_OPENSSL_MD5 4 | 5 | #ifndef MD5_H 6 | #define MD5_H 7 | 8 | #ifndef HEADER_MD5_H 9 | /* Try to avoid clashes with OpenSSL */ 10 | #define HEADER_MD5_H 11 | #endif 12 | 13 | #include 14 | 15 | struct MD5Context { 16 | uint32_t buf[4]; 17 | uint32_t bits[2]; 18 | unsigned char in[64]; 19 | }; 20 | #endif /* !MD5_H */ 21 | 22 | #ifndef _HMAC_MD5_H 23 | struct HMACMD5Context { 24 | struct MD5Context ctx; 25 | unsigned char k_ipad[65]; 26 | unsigned char k_opad[65]; 27 | }; 28 | #endif /* _HMAC_MD5_H */ 29 | 30 | void MD5Init(struct MD5Context *context); 31 | void MD5Update(struct MD5Context *context, unsigned char const *buf, 32 | unsigned len); 33 | void MD5Final(unsigned char digest[16], struct MD5Context *context); 34 | 35 | /* The following definitions come from lib/hmacmd5.c */ 36 | 37 | /* void hmac_md5_init_rfc2104(unsigned char *key, int key_len, 38 | struct HMACMD5Context *ctx);*/ 39 | void hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, 40 | struct HMACMD5Context *ctx); 41 | void hmac_md5_update(const unsigned char *text, int text_len, 42 | struct HMACMD5Context *ctx); 43 | void hmac_md5_final(unsigned char *digest, struct HMACMD5Context *ctx); 44 | void hmac_md5(unsigned char key[16], unsigned char *data, int data_len, 45 | unsigned char *digest); 46 | 47 | #endif /* !HAVE_OPENSSL_MD5 */ 48 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/sfutil/sf_base64decode.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 1998-2013 Sourcefire, Inc. 4 | ** 5 | ** Writen by Patrick Mullen 6 | ** 7 | ** This program is free software; you can redistribute it and/or modify 8 | ** it under the terms of the GNU General Public License Version 2 as 9 | ** published by the Free Software Foundation. You may not use, modify or 10 | ** distribute this program under any other version of the GNU General 11 | ** Public License. 12 | ** 13 | ** This program is distributed in the hope that it will be useful, 14 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | ** GNU General Public License for more details. 17 | ** 18 | ** You should have received a copy of the GNU General Public License 19 | ** along with this program; if not, write to the Free Software 20 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | */ 22 | 23 | #ifndef _SF_BASE64DECODE_H_ 24 | #define _SF_BASE64DECODE_H_ 25 | 26 | #include "sf_types.h" 27 | #include "util_unfold.h" 28 | 29 | int sf_base64decode(uint8_t*, uint32_t, uint8_t*, uint32_t, uint32_t*); 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/sfutil/sfprimetable.h: -------------------------------------------------------------------------------- 1 | /**************************************************************************** 2 | * 3 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 4 | * Copyright (C) 2006-2013 Sourcefire, Inc. 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License Version 2 as 8 | * published by the Free Software Foundation. You may not use, modify or 9 | * distribute this program under any other version of the GNU General 10 | * Public License. 11 | * 12 | * This program is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | * 21 | ****************************************************************************/ 22 | 23 | #ifndef SF_PRIME_TABLE 24 | #define SF_PRIME_TABLE 25 | 26 | int sf_nearest_prime( int n ); 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/sfutil/sfrim.h: -------------------------------------------------------------------------------- 1 | /* 2 | * sfrim.h 3 | * 4 | * Rule Index Map 5 | * 6 | * author: marc norton 7 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 8 | * Copyright (C) 2005-2013 Sourcefire, Inc. 9 | */ 10 | #ifndef SFRIM_H 11 | #define SFRIM_H 12 | 13 | typedef struct { 14 | unsigned gid; 15 | unsigned sid; 16 | }rule_number_t; 17 | 18 | typedef struct { 19 | int max_rules; 20 | int num_rules; 21 | rule_number_t * map; 22 | }rule_index_map_t; 23 | 24 | unsigned RuleIndexMapSid( rule_index_map_t * map, int index ); 25 | unsigned RuleIndexMapGid( rule_index_map_t * map, int index ); 26 | rule_index_map_t * RuleIndexMapCreate( int max_rules ); 27 | void RuleIndexMapFree( rule_index_map_t ** p ); 28 | int RuleIndexMapAdd( rule_index_map_t * p, unsigned gid, unsigned sid ); 29 | extern void rule_index_map_print_index( int index, char *buf, int ); 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/sfutil/util_unfold.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 1998-2013 Sourcefire, Inc. 4 | ** 5 | ** Writen by Bhagyashree Bantwal 6 | ** 7 | ** This program is free software; you can redistribute it and/or modify 8 | ** it under the terms of the GNU General Public License Version 2 as 9 | ** published by the Free Software Foundation. You may not use, modify or 10 | ** distribute this program under any other version of the GNU General 11 | ** Public License. 12 | ** 13 | ** This program is distributed in the hope that it will be useful, 14 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | ** GNU General Public License for more details. 17 | ** 18 | ** You should have received a copy of the GNU General Public License 19 | ** along with this program; if not, write to the Free Software 20 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | */ 22 | 23 | #ifndef _UTIL_UNFOLD_H_ 24 | #define _UTIL_UNFOLD_H_ 25 | 26 | #include "sf_types.h" 27 | 28 | int sf_unfold_header(const uint8_t*, uint32_t, uint8_t*, uint32_t, uint32_t*, int, int * ); 29 | int sf_strip_CRLF(const uint8_t*, uint32_t, uint8_t*, uint32_t, uint32_t*); 30 | int sf_strip_LWS(const uint8_t*, uint32_t, uint8_t*, uint32_t, uint32_t*); 31 | 32 | #endif 33 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/side-channel/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libsidechannel.a 4 | 5 | SUBDIRS = dynamic-plugins plugins 6 | 7 | libsidechannel_a_SOURCES = dmq.c dmq.h rbmq.c rbmq.h sidechannel.c sidechannel.h sidechannel_define.h 8 | 9 | INCLUDES = @INCLUDES@ 10 | 11 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/side-channel/dynamic-plugins/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id$ 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | if SO_WITH_STATIC_LIB 5 | 6 | sidechannellibdir=$(pkglibdir)/dynamic_side_channel 7 | sidechannellibincludedir=$(pkgincludedir)/dynamic_side_channel 8 | 9 | sidechannellib_LTLIBRARIES = libsf_dynamic_side_channel.la 10 | libsf_dynamic_side_channel_la_CFLAGS = -fPIC -DPIC 11 | libsf_dynamic_side_channel_la_LDFLAGS = -static 12 | 13 | libsf_dynamic_side_channel_la_SOURCES = \ 14 | sf_dynamic_side_channel_lib.c 15 | 16 | nodist_sidechannellibinclude_HEADERS = \ 17 | ../sidechannel_define.h \ 18 | ../../dynamic-plugins/sf_dynamic_common.h \ 19 | ../../dynamic-plugins/sf_dynamic_define.h \ 20 | ../../dynamic-plugins/sf_dynamic_meta.h \ 21 | ../../dynamic-plugins/sf_dynamic_side_channel.h 22 | 23 | sidechannellibinclude_HEADERS = \ 24 | sf_dynamic_side_channel_lib.h \ 25 | sf_side_channel_info.h 26 | 27 | pkgconfigdir = $(libdir)/pkgconfig 28 | pkgconfig_DATA = snort_side_channel.pc 29 | 30 | endif 31 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/side-channel/dynamic-plugins/sf_side_channel_info.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This program is free software; you can redistribute it and/or modify 3 | * it under the terms of the GNU General Public License Version 2 as 4 | * published by the Free Software Foundation. You may not use, modify or 5 | * distribute this program under any other version of the GNU General 6 | * Public License. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | * 13 | * You should have received a copy of the GNU General Public License 14 | * along with this program; if not, write to the Free Software 15 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 16 | * 17 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 18 | * Copyright (C) 2012-2013 Sourcefire, Inc. 19 | * 20 | * Author: Michael Altizer 21 | * 22 | */ 23 | 24 | #ifndef SF_PREPROC_INFO_H_ 25 | #define SF_PREPROC_INFO_H_ 26 | 27 | extern const int MAJOR_VERSION; 28 | extern const int MINOR_VERSION; 29 | extern const int BUILD_VERSION; 30 | extern const char *SIDE_CHANNEL_NAME; 31 | 32 | extern void DYNAMIC_SIDE_CHANNEL_SETUP(void); 33 | 34 | #endif /* SF_PREPROC_INFO_H_ */ 35 | 36 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/side-channel/dynamic-plugins/snort_side_channel.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | bindir=@bindir@ 4 | libdir=@libdir@ 5 | package=@PACKAGE@ 6 | includedir=@includedir@ 7 | datarootdir=@datarootdir@ 8 | datadir=@datadir@ 9 | mandir=@infodir@ 10 | infodir=@infodir@ 11 | 12 | Name: Snort 13 | Description: Snort dynamic side channel modules 14 | URL: www.snort.org 15 | Version: @VERSION@ 16 | Libs: -L${libdir}/${package}/dynamic_side_channel -lsf_dynamic_side_channel 17 | Cflags: -I${includedir}/${package}/dynamic_side_channel @CONFIGFLAGS@ @CCONFIGFLAGS@ @ICONFIGFLAGS@ 18 | 19 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/side-channel/plugins/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | noinst_LIBRARIES = libsscm.a 5 | 6 | libsscm_a_SOURCES = \ 7 | sscm_logger.c sscm_logger.h 8 | 9 | INCLUDES = @INCLUDES@ 10 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/side-channel/plugins/sscm_logger.h: -------------------------------------------------------------------------------- 1 | /* 2 | * This program is free software; you can redistribute it and/or modify 3 | * it under the terms of the GNU General Public License Version 2 as 4 | * published by the Free Software Foundation. You may not use, modify or 5 | * distribute this program under any other version of the GNU General 6 | * Public License. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | * 13 | * You should have received a copy of the GNU General Public License 14 | * along with this program; if not, write to the Free Software 15 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 16 | * 17 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 18 | * Copyright (C) 2012-2013 Sourcefire, Inc. 19 | * 20 | * Author: Michael Altizer 21 | * 22 | */ 23 | 24 | #ifndef __SSCM_LOGGER_H__ 25 | #define __SSCM_LOGGER_H__ 26 | 27 | int SetupLoggerSCM(void); 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/strlcatu.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | /* 3 | ** Copyright (C) 1998-2002 Martin Roesch 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef __STRLCAT_H__ 22 | #define __STRLCAT_H__ 23 | 24 | #ifndef HAVE_STRLCAT 25 | size_t strlcat(char *, const char *, size_t); 26 | #endif 27 | 28 | #endif /* __STRLCAT_H__ */ 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/strlcpyu.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | /* 3 | ** Copyright (C) 1998-2002 Martin Roesch 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef __STRLCPY_H__ 22 | #define __STRLCPY_H__ 23 | 24 | #ifndef HAVE_STRLCPY 25 | size_t strlcpy(char *, const char *, size_t); 26 | #endif 27 | 28 | #endif /* __STRLCPY_H__ */ 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/target-based/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | noinst_LIBRARIES = libtarget_based.a 4 | 5 | INCLUDES = @INCLUDES@ 6 | 7 | if HAVE_TARGET_BASED 8 | #BUILT_SOURCES = \ 9 | #sf_attribute_table_parser.c \ 10 | #sf_attribute_table.h \ 11 | #sf_attribute_table.c 12 | 13 | nodist_libtarget_based_a_SOURCES = \ 14 | sf_attribute_table_parser.c \ 15 | sf_attribute_table.h \ 16 | sf_attribute_table.c 17 | 18 | libtarget_based_a_SOURCES = \ 19 | sftarget_reader.c \ 20 | sftarget_reader.h \ 21 | sftarget_hostentry.c \ 22 | sftarget_hostentry.h \ 23 | sftarget_protocol_reference.c \ 24 | sftarget_protocol_reference.h \ 25 | sf_attribute_table_parser.l \ 26 | sf_attribute_table.y 27 | 28 | else 29 | libtarget_based_a_SOURCES = sftarget_reader.c 30 | endif 31 | 32 | .y.c: 33 | $(YACC) -d -psfat_ -o$@ $? 34 | 35 | #### Ugly to get the header file built. 36 | #### any other suggestions? 37 | sf_attribute_table.h: sf_attribute_table.y 38 | $(YACC) -d -psfat_ $? 39 | mv y.tab.h $@ 40 | 41 | .l.c: 42 | $(LEX) -i -o$@ $? 43 | 44 | sf_attribute_table_parser.c: sf_attribute_table_parser.l sf_attribute_table.h 45 | $(LEX) -i -Psfat -o$@ $< 46 | 47 | clean-local: 48 | rm -f \ 49 | sf_attribute_table_parser.c \ 50 | sf_attribute_table.h \ 51 | sf_attribute_table.c 52 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Code/MSG00001.bin: -------------------------------------------------------------------------------- 1 |  ` %1 2 | $The %1 service was installed. 3 | $The %1 service was removed. 4 | ,The %1 service could not be removed. 5 | 4The control handler could not be installed. 6 | ,The initialization process failed. 7 | The service was started. 8 | 4The service received an unsupported request. 9 | Debug: %1 10 | The service was stopped. 11 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Code/name.aps: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Code/name.aps -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Code/name.mc: -------------------------------------------------------------------------------- 1 | MessageIdTypedef=WORD 2 | MessageId=0x1 3 | SymbolicName=EVMSG_SIMPLE 4 | Language=English 5 | %1 6 | . 7 | MessageId=0x2 8 | SymbolicName=EVMSG_INSTALLED 9 | Language=English 10 | The %1 service was installed. 11 | . 12 | MessageId=0x3 13 | SymbolicName=EVMSG_REMOVED 14 | Language=English 15 | The %1 service was removed. 16 | . 17 | MessageId=0x4 18 | SymbolicName=EVMSG_NOTREMOVED 19 | Language=English 20 | The %1 service could not be removed. 21 | . 22 | MessageId=0x5 23 | SymbolicName=EVMSG_CTRLHANDLERNOTINSTALLED 24 | Language=English 25 | The control handler could not be installed. 26 | . 27 | MessageId=0x6 28 | SymbolicName=EVMSG_FAILEDINIT 29 | Language=English 30 | The initialization process failed. 31 | . 32 | MessageId=0x7 33 | SymbolicName=EVMSG_STARTED 34 | Language=English 35 | The service was started. 36 | . 37 | MessageId=0x8 38 | SymbolicName=EVMSG_BADREQUEST 39 | Language=English 40 | The service received an unsupported request. 41 | . 42 | MessageId=0x9 43 | SymbolicName=EVMSG_DEBUG 44 | Language=English 45 | Debug: %1 46 | . 47 | MessageId=0x10 48 | SymbolicName=EVMSG_STOPPED 49 | Language=English 50 | The service was stopped. 51 | . 52 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Code/name.rc: -------------------------------------------------------------------------------- 1 | LANGUAGE 0x9,0x1 2 | 1 11 MSG00001.bin 3 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Code/strtok_r.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Code/strtok_r.c -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Includes/WinPCAP/Gnuc.h: -------------------------------------------------------------------------------- 1 | /* @(#) $Header$ (LBL) */ 2 | 3 | /* Define __P() macro, if necessary */ 4 | 5 | #ifndef __P 6 | #if __STDC__ 7 | #define __P(protos) protos 8 | #else 9 | #define __P(protos) () 10 | #endif 11 | #endif 12 | 13 | /* inline foo */ 14 | #ifndef __cplusplus 15 | #ifdef __GNUC__ 16 | #define inline __inline 17 | #else 18 | #define inline 19 | #endif 20 | #endif 21 | 22 | /* 23 | * Handle new and old "dead" routine prototypes 24 | * 25 | * For example: 26 | * 27 | * __dead void foo(void) __attribute__((volatile)); 28 | * 29 | */ 30 | #ifdef __GNUC__ 31 | #ifndef __dead 32 | #define __dead volatile 33 | #endif 34 | #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) 35 | #ifndef __attribute__ 36 | #define __attribute__(args) 37 | #endif 38 | #endif 39 | #else 40 | #ifndef __dead 41 | #define __dead 42 | #endif 43 | #ifndef __attribute__ 44 | #define __attribute__(args) 45 | #endif 46 | #endif 47 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Includes/WinPCAP/Ntddpack.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef __NTDDPACKET 3 | #define __NTDDPACKET 1 4 | #include "devioctl.h" 5 | /*#include */ 6 | struct _PACKET_OID_DATA { 7 | ULONG Oid; 8 | ULONG Length; 9 | UCHAR Data[1]; 10 | }; 11 | 12 | typedef struct _PACKET_OID_DATA PACKET_OID_DATA, *PPACKET_OID_DATA; 13 | 14 | /*#include */ 15 | #define FILE_DEVICE_PROTOCOL 0x8000 16 | #define IOCTL_PROTOCOL_QUERY_OID CTL_CODE(FILE_DEVICE_PROTOCOL, 0 , METHOD_BUFFERED, FILE_ANY_ACCESS) 17 | #define IOCTL_PROTOCOL_SET_OID CTL_CODE(FILE_DEVICE_PROTOCOL, 1 , METHOD_BUFFERED, FILE_ANY_ACCESS) 18 | #define IOCTL_PROTOCOL_STATISTICS CTL_CODE(FILE_DEVICE_PROTOCOL, 2 , METHOD_BUFFERED, FILE_ANY_ACCESS) 19 | #define IOCTL_PROTOCOL_RESET CTL_CODE(FILE_DEVICE_PROTOCOL, 3 , METHOD_BUFFERED, FILE_ANY_ACCESS) 20 | #define IOCTL_PROTOCOL_READ CTL_CODE(FILE_DEVICE_PROTOCOL, 4 , METHOD_BUFFERED, FILE_ANY_ACCESS) 21 | #define IOCTL_PROTOCOL_WRITE CTL_CODE(FILE_DEVICE_PROTOCOL, 5 , METHOD_BUFFERED, FILE_ANY_ACCESS) 22 | #define IOCTL_PROTOCOL_MACNAME CTL_CODE(FILE_DEVICE_PROTOCOL, 6 , METHOD_BUFFERED, FILE_ANY_ACCESS) 23 | #define IOCTL_OPEN CTL_CODE(FILE_DEVICE_PROTOCOL, 7 , METHOD_BUFFERED, FILE_ANY_ACCESS) 24 | #define IOCTL_CLOSE CTL_CODE(FILE_DEVICE_PROTOCOL, 8 , METHOD_BUFFERED, FILE_ANY_ACCESS) 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Includes/getopt.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | /* 3 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 4 | ** Copyright (C) 2002-2013 Sourcefire, Inc. 5 | ** Copyright (C) 2002 Martin Roesch 6 | ** 7 | ** This program is free software; you can redistribute it and/or modify 8 | ** it under the terms of the GNU General Public License Version 2 as 9 | ** published by the Free Software Foundation. You may not use, modify or 10 | ** distribute this program under any other version of the GNU General 11 | ** Public License. 12 | ** 13 | ** This program is distributed in the hope that it will be useful, 14 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | ** GNU General Public License for more details. 17 | ** 18 | ** You should have received a copy of the GNU General Public License 19 | ** along with this program; if not, write to the Free Software 20 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 21 | */ 22 | 23 | #ifndef _SNORT_GETOPT_H_ 24 | #define _SNORT_GETOPT_H_ 25 | 26 | #ifdef SNORT_GETOPT 27 | #define _next_char(string) (char)(*(string+1)) 28 | 29 | extern char * optarg; 30 | extern int optind; 31 | 32 | int getopt(int, char**, char*); 33 | 34 | #else 35 | #include 36 | #endif 37 | 38 | #endif /* _SNORT_GETOPT_H_ */ 39 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Includes/gnuc.h: -------------------------------------------------------------------------------- 1 | /* @(#) $Header$ (LBL) */ 2 | 3 | /* Define __P() macro, if necessary */ 4 | 5 | #ifndef __P 6 | #if __STDC__ 7 | #define __P(protos) protos 8 | #else 9 | #define __P(protos) () 10 | #endif 11 | #endif 12 | 13 | /* inline foo */ 14 | #ifndef inline 15 | #ifndef __cplusplus 16 | #ifdef __GNUC__ 17 | #define inline __inline 18 | #else 19 | #define inline 20 | #endif 21 | #endif 22 | #endif 23 | 24 | /* 25 | * Handle new and old "dead" routine prototypes 26 | * 27 | * For example: 28 | * 29 | * __dead void foo(void) __attribute__((volatile)); 30 | * 31 | */ 32 | #ifdef __GNUC__ 33 | #ifndef __dead 34 | #define __dead volatile 35 | #endif 36 | #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) 37 | #ifndef __attribute__ 38 | #define __attribute__(args) 39 | #endif 40 | #endif 41 | #else 42 | #ifndef __dead 43 | #define __dead 44 | #endif 45 | #ifndef __attribute__ 46 | #define __attribute__(args) 47 | #endif 48 | #endif 49 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Includes/inttypes.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | ** Copyright (C) 2007-2013 Sourcefire, Inc. 4 | ** 5 | ** This program is free software; you can redistribute it and/or modify 6 | ** it under the terms of the GNU General Public License Version 2 as 7 | ** published by the Free Software Foundation. You may not use, modify or 8 | ** distribute this program under any other version of the GNU General 9 | ** Public License. 10 | ** 11 | ** This program is distributed in the hope that it will be useful, 12 | ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | ** GNU General Public License for more details. 15 | ** 16 | ** You should have received a copy of the GNU General Public License 17 | ** along with this program; if not, write to the Free Software 18 | ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | */ 20 | 21 | #ifndef __INTTYPES_H__ 22 | #define __INTTYPES_H__ 23 | 24 | #ifndef PRIu64 25 | #define _SF_PREFIX "I64" 26 | #define PRIu64 _SF_PREFIX "u" 27 | #define PRIi64 _SF_PREFIX "i" 28 | #endif 29 | 30 | #endif /* __INTTYPES_H__ */ 31 | 32 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Includes/libdnet/dnet.h: -------------------------------------------------------------------------------- 1 | /* 2 | * dnet.h 3 | * 4 | * Copyright (c) 2001 Dug Song 5 | * 6 | * $Id$ 7 | */ 8 | 9 | #ifndef DNET_H 10 | #define DNET_H 11 | 12 | #include 13 | 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | 28 | #include 29 | #include 30 | 31 | #endif /* DNET_H */ 32 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Includes/libdnet/dnet/rand.h: -------------------------------------------------------------------------------- 1 | /* 2 | * rand.h 3 | * 4 | * Pseudo-random number generation, based on OpenBSD arc4random(). 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * Copyright (c) 1996 David Mazieres 8 | * 9 | * $Id$ 10 | */ 11 | 12 | #ifndef DNET_RAND_H 13 | #define DNET_RAND_H 14 | 15 | typedef struct rand_handle rand_t; 16 | 17 | __BEGIN_DECLS 18 | rand_t *rand_open(void); 19 | 20 | int rand_get(rand_t *r, void *buf, size_t len); 21 | int rand_set(rand_t *r, const void *seed, size_t len); 22 | int rand_add(rand_t *r, const void *buf, size_t len); 23 | 24 | uint8_t rand_uint8(rand_t *r); 25 | uint16_t rand_uint16(rand_t *r); 26 | uint32_t rand_uint32(rand_t *r); 27 | 28 | int rand_shuffle(rand_t *r, void *base, size_t nmemb, size_t size); 29 | 30 | rand_t *rand_close(rand_t *r); 31 | __END_DECLS 32 | 33 | #endif /* DNET_RAND_H */ 34 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Includes/libdnet/dnet/route.h: -------------------------------------------------------------------------------- 1 | /* 2 | * route.c 3 | * 4 | * Kernel route table operations. 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id$ 9 | */ 10 | 11 | #ifndef DNET_ROUTE_H 12 | #define DNET_ROUTE_H 13 | 14 | /* 15 | * Routing table entry 16 | */ 17 | struct route_entry { 18 | struct addr route_dst; /* destination address */ 19 | struct addr route_gw; /* gateway address */ 20 | }; 21 | 22 | typedef struct route_handle route_t; 23 | 24 | typedef int (*route_handler)(const struct route_entry *entry, void *arg); 25 | 26 | __BEGIN_DECLS 27 | route_t *route_open(void); 28 | int route_add(route_t *r, const struct route_entry *entry); 29 | int route_delete(route_t *r, const struct route_entry *entry); 30 | int route_get(route_t *r, struct route_entry *entry); 31 | int route_loop(route_t *r, route_handler callback, void *arg); 32 | route_t *route_close(route_t *r); 33 | __END_DECLS 34 | 35 | #endif /* DNET_ROUTE_H */ 36 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Includes/libdnet/dnet/tun.h: -------------------------------------------------------------------------------- 1 | /* 2 | * tun.h 3 | * 4 | * Network tunnel device. 5 | * 6 | * Copyright (c) 2001 Dug Song 7 | * 8 | * $Id$ 9 | */ 10 | 11 | #ifndef DNET_TUN_H 12 | #define DNET_TUN_H 13 | 14 | typedef struct tun tun_t; 15 | 16 | __BEGIN_DECLS 17 | tun_t *tun_open(struct addr *src, struct addr *dst, int mtu); 18 | int tun_fileno(tun_t *tun); 19 | const char *tun_name(tun_t *tun); 20 | ssize_t tun_send(tun_t *tun, const void *buf, size_t size); 21 | ssize_t tun_recv(tun_t *tun, void *buf, size_t size); 22 | tun_t *tun_close(tun_t *tun); 23 | __END_DECLS 24 | 25 | #endif /* DNET_TUN_H */ 26 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Includes/libdnet/dnet/udp.h: -------------------------------------------------------------------------------- 1 | /* 2 | * udp.h 3 | * 4 | * User Datagram Protocol (RFC 768). 5 | * 6 | * Copyright (c) 2000 Dug Song 7 | * 8 | * $Id$ 9 | */ 10 | 11 | #ifndef DNET_UDP_H 12 | #define DNET_UDP_H 13 | 14 | #define UDP_HDR_LEN 8 15 | 16 | struct udp_hdr { 17 | uint16_t uh_sport; /* source port */ 18 | uint16_t uh_dport; /* destination port */ 19 | uint16_t uh_ulen; /* udp length (including header) */ 20 | uint16_t uh_sum; /* udp checksum */ 21 | }; 22 | 23 | #define UDP_PORT_MAX 65535 24 | 25 | #define udp_pack_hdr(hdr, sport, dport, ulen) do { \ 26 | struct udp_hdr *udp_pack_p = (struct udp_hdr *)(hdr); \ 27 | udp_pack_p->uh_sport = htons(sport); \ 28 | udp_pack_p->uh_dport = htons(dport); \ 29 | udp_pack_p->uh_ulen = htons(ulen); \ 30 | } while (0) 31 | 32 | #endif /* DNET_UDP_H */ 33 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Includes/unistd.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Libraries/.cvswrappers: -------------------------------------------------------------------------------- 1 | *.lib -k 'b' 2 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Libraries/Packet.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Libraries/Packet.lib -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Libraries/libdnet/dnet.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Libraries/libdnet/dnet.lib -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Libraries/pcre.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Libraries/pcre.lib -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Libraries/wpcap.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Libraries/wpcap.lib -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Libraries/zlib.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Libraries/zlib.lib -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Libraries/zlib1.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Libraries/zlib1.lib -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Prj/LibnetNT.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Prj/LibnetNT.dll -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Prj/Packet.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Prj/Packet.dll -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Prj/WanPacket.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Prj/WanPacket.dll -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Prj/build_releases.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | REM $Id$ 4 | 5 | REM -- -------------------------------------------------------------- 6 | REM -- If you are having problems running "NMAKE", you probably 7 | REM -- haven't configured the proper paths. Uncomment the following 8 | REM -- line to help configure this properly. You will need to update 9 | REM -- the line to reflect whichever drive/path you specified when 10 | REM -- installing Visual C++ 6.0. 11 | REM -- -------------------------------------------------------------- 12 | REM call "C:\Program Files\Microsoft Visual Studio\VC98\Bin\vcvars32.bat" 13 | 14 | 15 | DEL snort___Win32_MySQL_Release\snort.exe 16 | DEL snort___Win32_SQLServer_Release\snort.exe 17 | DEL snort___Win32_Oracle_Release\snort.exe 18 | 19 | 20 | NMAKE /f "snort.mak" CFG="snort - Win32 MySQL Release" 21 | 22 | NMAKE /f "snort.mak" CFG="snort - Win32 SQLServer Release" 23 | 24 | NMAKE /f "snort.mak" CFG="snort - Win32 Oracle Release" 25 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Prj/npptools.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Prj/npptools.dll -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Prj/ntwdblib.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Prj/ntwdblib.dll -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Prj/pcre.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Prj/pcre.dll -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Prj/snort.dep: -------------------------------------------------------------------------------- 1 | # Microsoft Developer Studio Generated Dependency File, included by snort.mak 2 | 3 | # This file has intentionally been truncated because it includes machine-specific 4 | # drive/path information, which break the compile on machines which install 5 | # Visual C++ in another location. 6 | 7 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Prj/snort_installer_options.ini: -------------------------------------------------------------------------------- 1 | ; $Id$ 2 | ; 3 | ; NSIS Installation script for Snort 2.2 Win32 4 | ; Written by Chris Reid 5 | ; 6 | ; This script will create a Win32 installer for Snort 2.2 (Win32 only). 7 | ; For more information about NSIS, see their homepage: 8 | ; http://www.nullsoft.com/free/nsis/ 9 | ; 10 | ; This INI script is intended to be used in conjunction with 11 | ; snort_installer.nsi. 12 | 13 | [Settings] 14 | NumFields=1 15 | 16 | [Field 1] 17 | Type=checkbox 18 | Text=Enable IPv6 support. 19 | Left=0 20 | Right=-1 21 | Top=120 22 | Bottom=140 23 | State=0 24 | -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Prj/wpcap.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Prj/wpcap.dll -------------------------------------------------------------------------------- /snort-2.9.8.3/src/win32/WIN32-Prj/zlib1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-2.9.8.3/src/win32/WIN32-Prj/zlib1.dll -------------------------------------------------------------------------------- /snort-2.9.8.3/templates/Makefile.am: -------------------------------------------------------------------------------- 1 | ## $Id$ 2 | AUTOMAKE_OPTIONS=foreign no-dependencies 3 | 4 | EXTRA_DIST = sp_template.c spp_template.c sp_template.h spp_template.h 5 | 6 | 7 | -------------------------------------------------------------------------------- /snort-2.9.8.3/templates/sp_template.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | /* Snort Detection Plugin Header File Template */ 3 | 4 | /* 5 | * This file gets included in plugbase.h when it is integrated into the rest 6 | * of the program. 7 | * 8 | * Export any functions or data structs you feel necessary. 9 | */ 10 | 11 | #ifndef __SP_TEMPLATE_H__ 12 | #define __SP_TEMPLATE_H__ 13 | 14 | void SetupTemplate(); 15 | 16 | #endif /* __SP_TEMPLATE_H__ */ 17 | -------------------------------------------------------------------------------- /snort-2.9.8.3/templates/spp_template.h: -------------------------------------------------------------------------------- 1 | /* $Id$ */ 2 | /* Snort Preprocessor Plugin Header File Template */ 3 | 4 | /* This file gets included in plugbase.h when it is integrated into the rest 5 | * of the program. 6 | */ 7 | #ifndef __SPP_TEMPLATE_H__ 8 | #define __SPP_TEMPLATE_H__ 9 | 10 | /* 11 | * list of function prototypes to export for this preprocessor 12 | */ 13 | void SetupTemplate(); 14 | 15 | #endif /* __SPP_TEMPLATE_H__ */ 16 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign no-dependencies 2 | 3 | if BUILD_CONTROL_SOCKET 4 | CONTROL_DIR = control 5 | endif 6 | 7 | if FEAT_FILE_INSPECT 8 | FILE_INSPECT_SERVER=file_server 9 | endif 10 | 11 | SUBDIRS = u2boat u2spewfoo $(CONTROL_DIR) $(FILE_INSPECT_SERVER) 12 | if FEAT_OPEN_APPID 13 | SUBDIRS += u2openappid u2streamer 14 | dist_bin_SCRIPTS = appid_detector_builder.sh 15 | endif 16 | 17 | INCLUDES = @INCLUDES@ 18 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/control/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign 2 | bin_PROGRAMS = snort_control snort_dump_packets_control 3 | 4 | docdir = ${datadir}/doc/${PACKAGE} 5 | 6 | snort_control_SOURCES = sfcontrol.c 7 | snort_control_CFLAGS = @CFLAGS@ $(AM_CFLAGS) 8 | 9 | snort_dump_packets_control_SOURCES = snort_dump_packets.c 10 | snort_dump_packets_control_CFLAGS = @CFLAGS@ $(AM_CFLAGS) 11 | 12 | INCLUDES = @INCLUDES@ @extra_incl@ 13 | 14 | dist_doc_DATA = README.snort_control README.snort_dump_packets_control 15 | 16 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/control/README.snort_control: -------------------------------------------------------------------------------- 1 | snort_control - Tool to connect to the snort control channel and issue a command 2 | -------------------------------------------- 3 | 4 | About 5 | ----- 6 | 7 | The current version of Snort can be configured to provide a Unix socket 8 | that can be used to issue commands to the running process. 9 | 10 | Installation 11 | ------------ 12 | 13 | snort_control is made and installed along with snort in the same bin directory 14 | when configured with the --enable-control-socket option. The control socket 15 | functionality is supported on Linux only. 16 | 17 | Usage 18 | ----- 19 | 20 | $ snort_control 21 | 22 | "log path" specifies the directory passed to snort with the -l option 23 | 24 | "command" is an unsigned 32-bit command value 25 | 26 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/file_server/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign 2 | bin_PROGRAMS = file_server 3 | 4 | docdir = ${datadir}/doc/${PACKAGE} 5 | 6 | file_server_SOURCES = file_server.c 7 | file_server_CFLAGS = @CFLAGS@ $(AM_CFLAGS) 8 | 9 | INCLUDES = @INCLUDES@ @extra_incl@ 10 | 11 | dist_doc_DATA = README.file_server 12 | 13 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/file_server/README.file_server: -------------------------------------------------------------------------------- 1 | file-server - Tool to received captured files from snort 2 | -------------------------------------------- 3 | 4 | file server is used along with file inspect preprocessor, to receive and store 5 | files captured by file inspect preprocessor. This simple program should run on 6 | the directory that you want to store files. In other words, file will be saved 7 | on current directory. File name will be be SHA for that file (from file inspect 8 | preprocessor) 9 | 10 | Use -v option if you want to see what files are received/stored. 11 | Use -d option if you want to run it in daemon mode 12 | Use -h option for help 13 | 14 | Use Ctrl - c to stop file server 15 | 16 | Usage 17 | ----- 18 | 19 | $ file_server <-vdh> 20 | 21 | Example: 22 | 23 | file_server 8000 -v 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/u2boat/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign 2 | bin_PROGRAMS = u2boat 3 | 4 | docdir = ${datadir}/doc/${PACKAGE} 5 | 6 | u2boat_SOURCES = u2boat.c u2boat.h 7 | u2boat_CFLAGS = @CFLAGS@ $(AM_CFLAGS) 8 | u2boat_LDADD = -lpcap 9 | 10 | INCLUDES = @INCLUDES@ @extra_incl@ 11 | 12 | dist_doc_DATA = README.u2boat 13 | 14 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/u2boat/README.u2boat: -------------------------------------------------------------------------------- 1 | u2boat - Unified2 Binary Output & Alert Tool 2 | -------------------------------------------- 3 | 4 | About 5 | ----- 6 | 7 | The current version of SnortSP lacks support for some output formats that 8 | were present in Snort 2.8.X. u2boat aims to fill these gaps by converting 9 | Unified2 logs to other formats. 10 | 11 | Installation 12 | ------------ 13 | 14 | u2boat is made and installed along with snortsp in the same bin directory. 15 | 16 | Usage 17 | ----- 18 | 19 | $ u2boat [-t type] 20 | 21 | "type" specifies the type of output u2boat should create. Valid options are: 22 | 23 | - pcap: Tcpdump format (default) 24 | 25 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/u2boat/u2boat.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. 3 | * Copyright (C) 2002-2013 Sourcefire, Inc. 4 | * Copyright (C) 1998-2002 Martin Roesch 5 | * 6 | * This program is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License Version 2 as 8 | * published by the Free Software Foundation. You may not use, modify or 9 | * distribute this program under any other version of the GNU General 10 | * Public License. 11 | * 12 | * This program is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with this program; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 | */ 21 | 22 | #ifndef U2BOAT_H 23 | #define U2BOAT_H 24 | 25 | #include "Unified2_common.h" 26 | 27 | typedef struct _record { 28 | uint32_t type; 29 | uint32_t length; 30 | uint8_t *data; 31 | } u2record; 32 | 33 | typedef struct _u2iterator { 34 | FILE *file; 35 | char *filename; 36 | u2record current; 37 | } u2iterator; 38 | 39 | #endif 40 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/u2openappid/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign 2 | bin_PROGRAMS = u2openappid 3 | 4 | u2openappid_SOURCES = u2openappid.c 5 | u2openappid_CFLAGS = @CFLAGS@ $(AM_CFLAGS) 6 | 7 | EXTRA_DIST = 8 | 9 | INCLUDES = @INCLUDES@ @extra_incl@ 10 | 11 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/u2spewfoo/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign 2 | bin_PROGRAMS = u2spewfoo 3 | 4 | u2spewfoo_SOURCES = u2spewfoo.c 5 | u2spewfoo_CFLAGS = @CFLAGS@ $(AM_CFLAGS) 6 | 7 | EXTRA_DIST = \ 8 | u2spewfoo.dsp 9 | 10 | INCLUDES = @INCLUDES@ @extra_incl@ 11 | 12 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/u2streamer/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS=foreign 2 | bin_PROGRAMS = u2streamer 3 | 4 | u2streamer_SOURCES = u2streamer.c SpoolFileIterator.c SpoolFileIterator.h Unified2.c Unified2.h Unified2File.c Unified2File.h TimestampedFile.c TimestampedFile.h UnifiedLog.c UnifiedLog.h sf_error.c sf_error.h 5 | u2streamer_CFLAGS = @CFLAGS@ $(AM_CFLAGS) 6 | 7 | EXTRA_DIST = 8 | 9 | INCLUDES = @INCLUDES@ @extra_incl@ 10 | 11 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/u2streamer/Unified2.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright(C) 2003 Sourcefire, Inc. All Rights Reserved 3 | */ 4 | 5 | /* System includes */ 6 | #include 7 | #include 8 | #include 9 | #ifdef LINUX 10 | #include 11 | #endif 12 | 13 | /* Sourcefire includes */ 14 | #include 15 | 16 | /* Local includes */ 17 | #include "Unified2.h" 18 | 19 | int Unified2Record_Destroy(Unified2Record *u2_record) 20 | { 21 | if(!u2_record) 22 | return SF_EINVAL; 23 | 24 | free(u2_record->data); 25 | 26 | free(u2_record); 27 | 28 | return SF_SUCCESS; 29 | } 30 | 31 | 32 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/u2streamer/Unified2File.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef __UNIFIED2_FILE_H__ 3 | #define __UNIFIED2_FILE_H__ 4 | 5 | /*! \defgroup Unified2File 6 | */ 7 | 8 | /** \addtogroup Unified2File */ 9 | /*@{*/ 10 | typedef struct _Unified2File 11 | { 12 | int fd; 13 | 14 | int read_status; 15 | int read_errno; 16 | int read_offset; 17 | 18 | Serial_Unified2_Header s_u2_hdr; 19 | Serial_Unified2HeaderExtension s_u2_hdr_ext; 20 | uint32_t checksum; 21 | Unified2Record *u2_record; 22 | 23 | } Unified2File; 24 | 25 | 26 | int Unified2File_Open(char *filepath, Unified2File **u2_file); 27 | 28 | /* 29 | * @retval SF_SUCCESS record read 30 | * @retval SF_ENOMEM out of memory 31 | * @retval SF_EINVAL invalid argument 32 | * @retval SF_EREAD read error 33 | * @retval SF_EREAD_TRUNCATED end of file while reading record 34 | * @retval SF_EREAD_PARTIAL partial read while reading record 35 | * @retval SF_END_OF_FILE end of file on record boundary 36 | * @retval -1 should never be reached 37 | */ 38 | int Unified2File_Read(Unified2File *u2_file, Unified2Record **u2_record); 39 | 40 | int Unified2File_Close(Unified2File *u2_file); 41 | 42 | 43 | /*@}*/ 44 | #endif /* __UNIFIED2_FILE_H__ */ 45 | 46 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/u2streamer/UnifiedLog.c: -------------------------------------------------------------------------------- 1 | 2 | /* System includes */ 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | /* Local includes */ 12 | #include "UnifiedLog.h" 13 | 14 | 15 | /* Snort Unified Log Record API ***********************************************/ 16 | int UnifiedLog_Destroy(UnifiedLog *unified_log) 17 | { 18 | if(unified_log) 19 | { 20 | if(unified_log->packet) 21 | free(unified_log->packet); 22 | free(unified_log); 23 | } 24 | return 0; 25 | } 26 | -------------------------------------------------------------------------------- /snort-2.9.8.3/tools/u2streamer/UnifiedLog.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef __UNIFIED_LOG_H__ 3 | #define __UNIFIED_LOG_H__ 4 | 5 | #include 6 | #ifdef LINUX 7 | #include 8 | #endif 9 | #include "sf_types.h" 10 | 11 | struct u2_timeval 12 | { 13 | uint32_t tv_sec; 14 | uint32_t tv_usec; 15 | }; 16 | 17 | /* Miscelaneous data structures */ 18 | typedef struct SnortEvent 19 | { 20 | uint32_t sig_generator; 21 | uint32_t sig_id; 22 | uint32_t sig_rev; 23 | uint32_t classification; 24 | uint32_t priority; 25 | uint32_t event_id; 26 | uint32_t event_reference; 27 | struct u2_timeval ref_time; 28 | } SnortEvent; 29 | 30 | #define SNORT_EVENT_LENGTH 36 31 | 32 | typedef struct _SnortPktHeader 33 | { 34 | struct u2_timeval ts; 35 | uint32_t caplen; 36 | uint32_t pktlen; 37 | } SnortPktHeader; 38 | 39 | #define SNORT_PKT_HEADER_LENGTH 16 40 | 41 | /* Snort Unified Log Record API ***********************************************/ 42 | typedef struct _UnifiedLog 43 | { 44 | SnortEvent event; 45 | uint32_t flags; 46 | SnortPktHeader pkth; 47 | uint8_t *packet; 48 | } UnifiedLog; 49 | 50 | /** 51 | * Free a Unified Log record 52 | */ 53 | int UnifiedLog_Destroy(UnifiedLog *unified_log); 54 | 55 | #endif /*__UNIFIED_LOG_H__ */ 56 | -------------------------------------------------------------------------------- /snort-initialization.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sdnfv/onvm-snort/e98b33dd310a023bdceb6d380c579f98a616692f/snort-initialization.png --------------------------------------------------------------------------------