00001 // $Id: NetVar.cc,v 1.19 2005/09/09 22:41:42 vern Exp $ 00002 // 00003 // Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 00004 // The Regents of the University of California. All rights reserved. 00005 // 00006 // Redistribution and use in source and binary forms, with or without 00007 // modification, are permitted provided that: (1) source code distributions 00008 // retain the above copyright notice and this paragraph in its entirety, (2) 00009 // distributions including binary code include the above copyright notice and 00010 // this paragraph in its entirety in the documentation or other materials 00011 // provided with the distribution, and (3) all advertising materials mentioning 00012 // features or use of this software display the following acknowledgement: 00013 // ``This product includes software developed by the University of California, 00014 // Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 00015 // the University nor the names of its contributors may be used to endorse 00016 // or promote products derived from this software without specific prior 00017 // written permission. 00018 // THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 00019 // WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 00020 // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 00021 00022 #include "config.h" 00023 00024 #include "Var.h" 00025 #include "NetVar.h" 00026 00027 RecordType* conn_id; 00028 RecordType* endpoint; 00029 RecordType* endpoint_stats; 00030 RecordType* connection_type; 00031 RecordType* icmp_conn; 00032 RecordType* icmp_context; 00033 RecordType* SYN_packet; 00034 RecordType* signature_state; 00035 EnumType* transport_proto; 00036 00037 RecordType* net_stats; 00038 00039 int watchdog_interval; 00040 double heartbeat_interval; 00041 00042 int max_timer_expires; 00043 00044 int ignore_checksums; 00045 int partial_connection_ok; 00046 int tcp_SYN_ack_ok; 00047 int tcp_match_undelivered; 00048 00049 int encap_hdr_size; 00050 int tunnel_port; 00051 00052 double frag_timeout; 00053 00054 double tcp_SYN_timeout; 00055 double tcp_session_timer; 00056 double tcp_connection_linger; 00057 double tcp_attempt_delay; 00058 double tcp_close_delay; 00059 double tcp_reset_delay; 00060 double tcp_partial_close_delay; 00061 00062 int ssl_compare_cipherspecs; 00063 int ssl_analyze_certificates; 00064 int ssl_store_certificates; 00065 int ssl_verify_certificates; 00066 int ssl_store_key_material; 00067 int ssl_max_cipherspec_size; 00068 StringVal* ssl_store_cert_path; 00069 StringVal* x509_trusted_cert_path; 00070 TableType* cipher_suites_list; 00071 RecordType* x509_type; 00072 00073 double non_analyzed_lifetime; 00074 double tcp_inactivity_timeout; 00075 double udp_inactivity_timeout; 00076 double icmp_inactivity_timeout; 00077 00078 int tcp_storm_thresh; 00079 double tcp_storm_interarrival_thresh; 00080 00081 TableVal* tcp_reassembler_ports_orig; 00082 TableVal* tcp_reassembler_ports_resp; 00083 00084 TableVal* tcp_content_delivery_ports_orig; 00085 TableVal* tcp_content_delivery_ports_resp; 00086 00087 double dns_session_timeout; 00088 double ntp_session_timeout; 00089 double rpc_timeout; 00090 00091 ListVal* skip_authentication; 00092 ListVal* direct_login_prompts; 00093 ListVal* login_prompts; 00094 ListVal* login_non_failure_msgs; 00095 ListVal* login_failure_msgs; 00096 ListVal* login_success_msgs; 00097 ListVal* login_timeouts; 00098 00099 int mime_segment_length; 00100 int mime_segment_overlap_length; 00101 RecordType* mime_header_rec; 00102 TableType* mime_header_list; 00103 00104 int http_entity_data_delivery_size; 00105 RecordType* http_stats_rec; 00106 RecordType* http_message_stat; 00107 int truncate_http_URI; 00108 00109 int pm_request; 00110 RecordType* pm_mapping; 00111 TableType* pm_mappings; 00112 RecordType* pm_port_request; 00113 RecordType* pm_callit_request; 00114 00115 RecordType* nfs3_attrs; 00116 RecordType* nfs3_lookup_args; 00117 RecordType* nfs3_lookup_reply; 00118 RecordType* nfs3_fsstat; 00119 00120 RecordType* ntp_msg; 00121 00122 TableVal* samba_cmds; 00123 00124 RecordType* dns_msg; 00125 RecordType* dns_answer; 00126 RecordType* dns_soa; 00127 RecordType* dns_edns_additional; 00128 RecordType* dns_tsig_additional; 00129 TableVal* dns_skip_auth; 00130 TableVal* dns_skip_addl; 00131 int dns_max_queries; 00132 00133 double stp_delta; 00134 double stp_idle_min; 00135 00136 double interconn_min_interarrival; 00137 double interconn_max_interarrival; 00138 int interconn_max_keystroke_pkt_size; 00139 int interconn_default_pkt_size; 00140 double interconn_stat_period; 00141 double interconn_stat_backoff; 00142 RecordType* interconn_endp_stats; 00143 00144 double backdoor_stat_period; 00145 double backdoor_stat_backoff; 00146 00147 RecordType* backdoor_endp_stats; 00148 00149 RecordType* software; 00150 RecordType* software_version; 00151 RecordType* OS_version; 00152 EnumType* OS_version_inference; 00153 TableVal* generate_OS_version_event; 00154 00155 double table_expire_interval; 00156 double table_expire_delay; 00157 int table_expire_size; 00158 00159 RecordType* packet_type; 00160 00161 double packet_sort_window; 00162 00163 double connection_status_update_interval; 00164 00165 StringVal* state_dir; 00166 double state_write_delay; 00167 00168 int orig_addr_anonymization, resp_addr_anonymization; 00169 int other_addr_anonymization; 00170 TableVal* preserve_orig_addr; 00171 TableVal* preserve_resp_addr; 00172 TableVal* preserve_other_addr; 00173 00174 double log_rotate_interval; 00175 double log_max_size; 00176 RecordType* rotate_info; 00177 StringVal* log_encryption_key; 00178 00179 StringVal* peer_description; 00180 RecordType* peer; 00181 int forward_remote_state_changes; 00182 int forward_remote_events; 00183 00184 StringVal* ssl_ca_certificate; 00185 StringVal* ssl_private_key; 00186 StringVal* ssl_passphrase; 00187 00188 StringVal* x509_crl_file; 00189 TableType* x509_extension; 00190 TableType* SSL_sessionID; 00191 00192 Val* profiling_file; 00193 double profiling_interval; 00194 int expensive_profiling_multiple; 00195 int segment_profiling; 00196 int pkt_profile_mode; 00197 double pkt_profile_freq; 00198 Val* pkt_profile_file; 00199 00200 int packet_filter_default; 00201 00202 int sig_max_group_size; 00203 00204 int enable_syslog; 00205 00206 int use_connection_compressor; 00207 int cc_handle_resets; 00208 int cc_handle_only_syns; 00209 int cc_instantiate_on_data; 00210 00211 #include "const.bif.netvar_def" 00212 #include "event.bif.netvar_def" 00213 00214 00215 void init_general_global_var() 00216 { 00217 table_expire_interval = opt_internal_double("table_expire_interval"); 00218 table_expire_delay = opt_internal_double("table_expire_delay"); 00219 table_expire_size = opt_internal_int("table_expire_size"); 00220 00221 state_dir = internal_val("state_dir")->AsStringVal(); 00222 state_write_delay = opt_internal_double("state_write_delay"); 00223 00224 log_rotate_interval = opt_internal_double("log_rotate_interval"); 00225 log_max_size = opt_internal_double("log_max_size"); 00226 rotate_info = internal_type("rotate_info")->AsRecordType(); 00227 log_encryption_key = opt_internal_string("log_encryption_key"); 00228 00229 peer_description = 00230 internal_val("peer_description")->AsStringVal(); 00231 peer = internal_type("event_peer")->AsRecordType(); 00232 forward_remote_state_changes = 00233 opt_internal_int("forward_remote_state_changes"); 00234 forward_remote_events = opt_internal_int("forward_remote_events"); 00235 00236 ssl_ca_certificate = internal_val("ssl_ca_certificate")->AsStringVal(); 00237 ssl_private_key = internal_val("ssl_private_key")->AsStringVal(); 00238 ssl_passphrase = internal_val("ssl_passphrase")->AsStringVal(); 00239 00240 packet_filter_default = opt_internal_int("packet_filter_default"); 00241 00242 sig_max_group_size = opt_internal_int("sig_max_group_size"); 00243 enable_syslog = opt_internal_int("enable_syslog"); 00244 } 00245 00246 void init_net_var() 00247 { 00248 #include "const.bif.netvar_init" 00249 #include "event.bif.netvar_init" 00250 00251 conn_id = internal_type("conn_id")->AsRecordType(); 00252 endpoint = internal_type("endpoint")->AsRecordType(); 00253 endpoint_stats = internal_type("endpoint_stats")->AsRecordType(); 00254 connection_type = internal_type("connection")->AsRecordType(); 00255 icmp_conn = internal_type("icmp_conn")->AsRecordType(); 00256 icmp_context = internal_type("icmp_context")->AsRecordType(); 00257 signature_state = internal_type("signature_state")->AsRecordType(); 00258 SYN_packet = internal_type("SYN_packet")->AsRecordType(); 00259 transport_proto = internal_type("transport_proto")->AsEnumType(); 00260 00261 ignore_checksums = opt_internal_int("ignore_checksums"); 00262 partial_connection_ok = opt_internal_int("partial_connection_ok"); 00263 tcp_SYN_ack_ok = opt_internal_int("tcp_SYN_ack_ok"); 00264 tcp_match_undelivered = opt_internal_int("tcp_match_undelivered"); 00265 00266 encap_hdr_size = opt_internal_int("encap_hdr_size"); 00267 00268 tunnel_port = opt_internal_int("tunnel_port"); 00269 // If it's a UDP port, normalize it. 00270 tunnel_port &= ~UDP_PORT_MASK; 00271 00272 frag_timeout = opt_internal_double("frag_timeout"); 00273 00274 tcp_SYN_timeout = opt_internal_double("tcp_SYN_timeout"); 00275 tcp_session_timer = opt_internal_double("tcp_session_timer"); 00276 tcp_connection_linger = opt_internal_double("tcp_connection_linger"); 00277 tcp_attempt_delay = opt_internal_double("tcp_attempt_delay"); 00278 tcp_close_delay = opt_internal_double("tcp_close_delay"); 00279 tcp_reset_delay = opt_internal_double("tcp_reset_delay"); 00280 tcp_partial_close_delay = opt_internal_double("tcp_partial_close_delay"); 00281 00282 ssl_compare_cipherspecs = opt_internal_int("ssl_compare_cipherspecs"); 00283 ssl_analyze_certificates = opt_internal_int("ssl_analyze_certificates"); 00284 ssl_store_certificates = opt_internal_int("ssl_store_certificates"); 00285 ssl_verify_certificates = opt_internal_int("ssl_verify_certificates"); 00286 ssl_store_key_material = opt_internal_int("ssl_store_key_material"); 00287 ssl_max_cipherspec_size = opt_internal_int("ssl_max_cipherspec_size"); 00288 00289 x509_trusted_cert_path = opt_internal_string("X509_trusted_cert_path"); 00290 ssl_store_cert_path = opt_internal_string("ssl_store_cert_path"); 00291 x509_type = internal_type("X509")->AsRecordType(); 00292 cipher_suites_list = internal_type("cipher_suites_list")->AsTableType(); 00293 x509_crl_file = opt_internal_string("X509_crl_file"); 00294 x509_extension = internal_type("X509_extension")->AsTableType(); 00295 SSL_sessionID = internal_type("SSL_sessionID")->AsTableType(); 00296 00297 non_analyzed_lifetime = opt_internal_double("non_analyzed_lifetime"); 00298 tcp_inactivity_timeout = opt_internal_double("tcp_inactivity_timeout"); 00299 udp_inactivity_timeout = opt_internal_double("udp_inactivity_timeout"); 00300 icmp_inactivity_timeout = opt_internal_double("icmp_inactivity_timeout"); 00301 00302 tcp_storm_thresh = opt_internal_int("tcp_storm_thresh"); 00303 tcp_storm_interarrival_thresh = 00304 opt_internal_double("tcp_storm_interarrival_thresh"); 00305 00306 tcp_reassembler_ports_orig = 00307 internal_val("tcp_reassembler_ports_orig")->AsTableVal(); 00308 tcp_reassembler_ports_resp = 00309 internal_val("tcp_reassembler_ports_resp")->AsTableVal(); 00310 00311 tcp_content_delivery_ports_orig = 00312 internal_val("tcp_content_delivery_ports_orig")->AsTableVal(); 00313 tcp_content_delivery_ports_resp = 00314 internal_val("tcp_content_delivery_ports_resp")->AsTableVal(); 00315 00316 dns_session_timeout = opt_internal_double("dns_session_timeout"); 00317 ntp_session_timeout = opt_internal_double("ntp_session_timeout"); 00318 rpc_timeout = opt_internal_double("rpc_timeout"); 00319 00320 net_stats = internal_type("net_stats")->AsRecordType(); 00321 00322 watchdog_interval = int(opt_internal_double("watchdog_interval")); 00323 heartbeat_interval = opt_internal_double("heartbeat_interval"); 00324 00325 max_timer_expires = opt_internal_int("max_timer_expires"); 00326 00327 skip_authentication = internal_list_val("skip_authentication"); 00328 direct_login_prompts = internal_list_val("direct_login_prompts"); 00329 login_prompts = internal_list_val("login_prompts"); 00330 login_non_failure_msgs = internal_list_val("login_non_failure_msgs"); 00331 login_failure_msgs = internal_list_val("login_failure_msgs"); 00332 login_success_msgs = internal_list_val("login_success_msgs"); 00333 login_timeouts = internal_list_val("login_timeouts"); 00334 00335 mime_segment_length = opt_internal_int("mime_segment_length"); 00336 mime_segment_overlap_length = opt_internal_int("mime_segment_overlap_length"); 00337 mime_header_rec = internal_type("mime_header_rec")->AsRecordType(); 00338 mime_header_list = internal_type("mime_header_list")->AsTableType(); 00339 00340 http_entity_data_delivery_size = opt_internal_int("http_entity_data_delivery_size"); 00341 http_stats_rec = internal_type("http_stats_rec")->AsRecordType(); 00342 http_message_stat = internal_type("http_message_stat")->AsRecordType(); 00343 truncate_http_URI = opt_internal_int("truncate_http_URI"); 00344 00345 pm_request = pm_request_null || pm_request_set || 00346 pm_request_unset || pm_request_getport || 00347 pm_request_dump || pm_request_callit || 00348 pm_attempt_null || pm_attempt_set || 00349 pm_attempt_unset || pm_attempt_getport || 00350 pm_attempt_dump || pm_attempt_callit || 00351 pm_bad_port; 00352 00353 pm_mapping = internal_type("pm_mapping")->AsRecordType(); 00354 pm_mappings = internal_type("pm_mappings")->AsTableType(); 00355 pm_port_request = internal_type("pm_port_request")->AsRecordType(); 00356 pm_callit_request = internal_type("pm_callit_request")->AsRecordType(); 00357 00358 nfs3_attrs = internal_type("nfs3_attrs")->AsRecordType(); 00359 nfs3_lookup_args = internal_type("nfs3_lookup_args")->AsRecordType(); 00360 nfs3_lookup_reply = internal_type("nfs3_lookup_reply")->AsRecordType(); 00361 nfs3_fsstat = internal_type("nfs3_fsstat")->AsRecordType(); 00362 00363 ntp_msg = internal_type("ntp_msg")->AsRecordType(); 00364 00365 samba_cmds = internal_val("samba_cmds")->AsTableVal(); 00366 00367 dns_msg = internal_type("dns_msg")->AsRecordType(); 00368 dns_answer = internal_type("dns_answer")->AsRecordType(); 00369 dns_soa = internal_type("dns_soa")->AsRecordType(); 00370 dns_edns_additional = 00371 internal_type("dns_edns_additional")->AsRecordType(); 00372 dns_tsig_additional = 00373 internal_type("dns_tsig_additional")->AsRecordType(); 00374 00375 dns_skip_auth = internal_val("dns_skip_auth")->AsTableVal(); 00376 dns_skip_addl = internal_val("dns_skip_addl")->AsTableVal(); 00377 dns_max_queries = opt_internal_int("dns_max_queries"); 00378 00379 stp_delta = opt_internal_double("stp_delta"); 00380 stp_idle_min = opt_internal_double("stp_idle_min"); 00381 00382 interconn_min_interarrival = opt_internal_double("interconn_min_interarrival"); 00383 interconn_max_interarrival = opt_internal_double("interconn_max_interarrival"); 00384 interconn_max_keystroke_pkt_size = opt_internal_int("interconn_max_keystroke_pkt_size"); 00385 interconn_default_pkt_size = opt_internal_int("interconn_default_pkt_size"); 00386 interconn_stat_period = opt_internal_double("interconn_stat_period"); 00387 interconn_stat_backoff = opt_internal_double("interconn_stat_backoff"); 00388 interconn_endp_stats = internal_type("interconn_endp_stats")->AsRecordType(); 00389 00390 backdoor_stat_period = opt_internal_double("backdoor_stat_period"); 00391 backdoor_stat_backoff = opt_internal_double("backdoor_stat_backoff"); 00392 backdoor_endp_stats = internal_type("backdoor_endp_stats")->AsRecordType(); 00393 00394 software = internal_type("software")->AsRecordType(); 00395 software_version = internal_type("software_version")->AsRecordType(); 00396 OS_version = internal_type("OS_version")->AsRecordType(); 00397 OS_version_inference = internal_type("OS_version_inference")->AsEnumType(); 00398 generate_OS_version_event = 00399 opt_internal_table("generate_OS_version_event"); 00400 00401 packet_type = internal_type("packet")->AsRecordType(); 00402 00403 packet_sort_window = opt_internal_double("packet_sort_window"); 00404 00405 orig_addr_anonymization = opt_internal_int("orig_addr_anonymization"); 00406 resp_addr_anonymization = opt_internal_int("resp_addr_anonymization"); 00407 other_addr_anonymization = opt_internal_int("other_addr_anonymization"); 00408 00409 preserve_orig_addr = opt_internal_table("preserve_orig_addr"); 00410 preserve_resp_addr = opt_internal_table("preserve_resp_addr"); 00411 preserve_other_addr = opt_internal_table("preserve_other_addr"); 00412 00413 connection_status_update_interval = 00414 opt_internal_double("connection_status_update_interval"); 00415 00416 profiling_file = internal_val("profiling_file"); 00417 expensive_profiling_multiple = 00418 opt_internal_int("expensive_profiling_multiple"); 00419 profiling_interval = opt_internal_double("profiling_interval"); 00420 segment_profiling = opt_internal_int("segment_profiling"); 00421 00422 pkt_profile_mode = opt_internal_int("pkt_profile_mode"); 00423 pkt_profile_freq = opt_internal_double("pkt_profile_freq"); 00424 pkt_profile_file = opt_internal_val("pkt_profile_file"); 00425 00426 use_connection_compressor = 00427 opt_internal_int("use_connection_compressor"); 00428 cc_handle_resets = opt_internal_int("cc_handle_resets"); 00429 cc_handle_only_syns = opt_internal_int("cc_handle_only_syns"); 00430 cc_instantiate_on_data = opt_internal_int("cc_instantiate_on_data"); 00431 }
1.3.5