[Snort-devel] Patches against 1.8.1

snort-devel at ...616... snort-devel at ...616...
Mon Aug 20 01:28:30 EDT 2001


Current patches I needed to apply to snort 1.8.1 to get it to build
under Solaris 2.6 with the Sun C compiler.
  1. Rather than using __inline, use autoconf AC_C_INLINE which
     defines "inline" to the correct value for the compiler being
     used. Change all instances of __inline to inline.
  2. "//" is not a valid C comment. Use /* */ instead.
  3. bzero is old. And, you use both bzero and memset. Make changes
     of bzero->memset in some places. Should really be done
     everywhere (ditto for bcopy->memcpy).
  4. add FPRINTF_32BITS and SNPRINTF_32BITS macros to replace
     EXTRACT_32BITS which expands to invalid C code when used
     by fprintf() and snprintf().
  5. minor changes to configure.in. Why do you define BSD_COMP on
     Solaris? Better inet_ntoa() and socket() tests. ./configure
     --help formatting fixes.

-- 
albert chin (china at ...329...)

-- snip snip
--- debug.h.orig	Sat Aug 18 22:04:37 2001
+++ debug.h	Sat Aug 18 22:04:57 2001
@@ -59,11 +59,11 @@
 
 #ifdef WIN32
          /* Visual C++ uses the keyword "__inline" rather than "__inline__" */
-         #define __inline__ __inline
+         #define inline __inline
 #endif
 
 
-static __inline__ void DebugMessage(int dbg,char *fmt, ...) {}
+static inline void DebugMessage(int dbg,char *fmt, ...) {}
 
 #endif /* DEBUG */
 
--- snort.h.orig	Sat Aug 18 22:07:38 2001
+++ snort.h	Sat Aug 18 22:07:48 2001
@@ -194,7 +194,6 @@
 #include "decode.h"
 #include "log.h"
 #include "rules.h"
-//#include "plugbase.h"
 #include "mstring.h"
 #include "parser.h"
 #include "checksum.h"
--- spp_anomsensor.h.orig	Sat Aug 18 22:08:01 2001
+++ spp_anomsensor.h	Sat Aug 18 22:08:28 2001
@@ -145,7 +145,6 @@
 #define MIN_NODE_SIZE 0.18
 /* the frequency of scaling */
 #define SCALE_FREQ ((size_t)14400)
-//#define SCALE_FREQ ALMOST_NEVER
 /* the amount by which to scale */
 #define SCALE_FACTOR 0.96409
 
--- log.c.orig	Sat Aug 18 22:10:06 2001
+++ log.c	Sat Aug 18 23:15:23 2001
@@ -55,9 +55,9 @@
 #endif
 
     /* zero out our buffers */
-    bzero((char *) log_path, STD_BUF + 1);
-    bzero((char *) log_file, STD_BUF + 1);
-    bzero((char *) proto, 5);
+    memset (log_path, 0, STD_BUF + 1);
+    memset (log_file, 0, STD_BUF + 1);
+    memset (proto, 0, 5);
 
     if (mode == GENERIC_LOG || mode == DUMP || mode == BOGUS ||
             mode == NON_IP || mode == ARP)
@@ -504,7 +504,7 @@
 
     DebugMessage(DEBUG_LOG, "PrintIPPkt type = %d\n", type);
 
-    bzero((char *) timestamp, TIMEBUF_SIZE);
+    memset (timestamp, 0, TIMEBUF_SIZE);
     ts_print((struct timeval *) & p->pkth->ts, timestamp);
 
     /* dump the timestamp */
@@ -600,7 +600,7 @@
     {
         ErrorMessage("WARNING: %s file doesn't exist or isn't writable!\n", srv);
     }
-    bzero((char *) &alertaddr, sizeof(alertaddr));
+    memset (&alertaddr, 0, sizeof(alertaddr));
     bcopy((const void *) srv, (void *) alertaddr.sun_path, strlen(srv));    /* we trust what we
                                          * define */
     alertaddr.sun_family = AF_UNIX;
@@ -771,7 +771,7 @@
     printf("Logging Alert data!\n");
 #endif
 
-    bzero((char *) timestamp, TIMEBUF_SIZE);
+    memset (timestamp, 0, TIMEBUF_SIZE);
     ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
 
     /* dump the timestamp */
@@ -846,7 +846,7 @@
 {
     char timestamp[TIMEBUF_SIZE];
 
-    bzero((char *) timestamp, TIMEBUF_SIZE);
+    memset (timestamp, 0, TIMEBUF_SIZE);
     ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
 
     /* dump the timestamp */
@@ -945,7 +945,7 @@
     char event_string[SYSLOG_BUF];
     PriorityData *ds_ptr = NULL;  
 
-    bzero(event_string, SYSLOG_BUF);
+    memset (event_string, 0, SYSLOG_BUF);
 
     if(p && p->iph)
     {
@@ -1076,7 +1076,7 @@
         }
     }
 
-    bzero((char *) timestamp, TIMEBUF_SIZE);
+    memset (timestamp, 0, TIMEBUF_SIZE);
 
     ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
 
@@ -1098,7 +1098,7 @@
     if((workstations = fopen(workfile, "r")) != NULL)
     {
         /* clear the read buffers */
-        bzero((char *) workfile, STD_BUF + 1);
+        memset (workfile, 0, STD_BUF + 1);
 
         if(p && p->iph)
         {
@@ -1135,8 +1135,8 @@
                     " [**] %s [**]\n", msg);
         }
 
-        bzero((char *) tempwork, STD_BUF + 1);
-        bzero((char *) command_line, 2048);
+        memset (tempwork, 0, STD_BUF + 1);
+        memset (command_line, 0, 2048);
 
         /* read in the name of each workstation to send the message to */
         while((fgets(tempwork, STD_BUF, workstations)) != NULL)
@@ -1168,8 +1168,8 @@
                              tempwork);
                 DebugMessage(DEBUG_LOG, "Command Line: %s\n", command_line);
 
-                bzero((char *) tempwork, STD_BUF + 1);
-                bzero((char *) command_line, 2048);
+                memset (tempwork, 0, STD_BUF + 1);
+                memset (command_line, 0, 2048);
             }
         }
 
@@ -1464,8 +1464,8 @@
     struct in_addr ip_addr;
     char timestamp[TIMEBUF_SIZE];
 
-    bzero((struct in_addr *) &ip_addr, sizeof(struct in_addr));
-    bzero((char *) timestamp, TIMEBUF_SIZE);
+    memset (&ip_addr, 0, sizeof(struct in_addr));
+    memset (timestamp, 0, TIMEBUF_SIZE);
     ts_print((struct timeval *) & p->pkth->ts, timestamp);
 
     /* dump the timestamp */
@@ -1764,7 +1764,7 @@
     *flagBuffer++ = (char) ((p->tcph->th_flags & TH_SYN)  ? 'S' : '*');
     *flagBuffer++ = (char) ((p->tcph->th_flags & TH_FIN)  ? 'F' : '*');
 
-};
+}
 
 
 /****************************************************************************
@@ -1898,7 +1898,7 @@
                 Packet orig_p;
                 int orig_iph_size;
 
-                bzero((char *) &orig_p, sizeof(Packet));
+                memset (&orig_p, 0, sizeof(Packet));
                 orig_p.iph = p->orig_iph;
                 orig_p.tcph = p->orig_tcph;
                 orig_p.udph = p->orig_udph;
@@ -2122,7 +2122,7 @@
         switch(p->tcp_options[i].code)
         {
             case TCPOPT_MAXSEG:
-                bzero((char *) tmp, 5);
+                memset (tmp, 0, 5);
                 fwrite("MSS: ", 5, 1, fp);
                 strncpy((char*)tmp, (char*) (p->tcp_options[i].data), 2);
                 fprintf(fp, "%u ", EXTRACT_16BITS(tmp));
@@ -2141,10 +2141,10 @@
                 break;
 
             case TCPOPT_SACK:
-                bzero((char *) tmp, 5);
+                memset (tmp, 0, 5);
                 memcpy(tmp, p->tcp_options[i].data, 2);
                 fprintf(fp, "Sack: %u@", EXTRACT_16BITS(tmp));
-                bzero((char *) tmp, 5);
+                memset (tmp, 0, 5);
                 memcpy(tmp, (p->tcp_options[i].data) + 2, 2);
                 fprintf(fp, "%u ", EXTRACT_16BITS(tmp));
                 break;
@@ -2154,42 +2154,42 @@
                 break;
 
             case TCPOPT_ECHO:
-                bzero((char *) tmp, 5);
+                memset (tmp, 0, 5);
                 memcpy(tmp, p->tcp_options[i].data, 4);
-                fprintf(fp, "Echo: %u ", EXTRACT_32BITS(tmp));
+                FPRINTF_32BITS(fp, "Echo: %u ", tmp);
                 break;
 
             case TCPOPT_ECHOREPLY:
-                bzero((char *) tmp, 5);
+                memset (tmp, 0, 5);
                 memcpy(tmp, p->tcp_options[i].data, 4);
-                fprintf(fp, "Echo Rep: %u ", EXTRACT_32BITS(tmp));
+                FPRINTF_32BITS(fp, "Echo Rep: %u ", tmp);
                 break;
 
             case TCPOPT_TIMESTAMP:
-                bzero((char *) tmp, 5);
+                memset (tmp, 0, 5);
                 memcpy(tmp, p->tcp_options[i].data, 4);
-                fprintf(fp, "TS: %u ", EXTRACT_32BITS(tmp));
-                bzero((char *) tmp, 5);
+                FPRINTF_32BITS(fp, "TS: %u ", tmp);
+                memset (tmp, 0, 5);
                 memcpy(tmp, (p->tcp_options[i].data) + 4, 4);
-                fprintf(fp, "%u ", EXTRACT_32BITS(tmp));
+                FPRINTF_32BITS(fp, "%u ", tmp);
                 break;
 
             case TCPOPT_CC:
-                bzero((char *) tmp, 5);
+                memset (tmp, 0, 5);
                 memcpy(tmp, p->tcp_options[i].data, 4);
-                fprintf(fp, "CC %u ", EXTRACT_32BITS(tmp));
+                FPRINTF_32BITS(fp, "CC %u ", tmp);
                 break;
 
             case TCPOPT_CCNEW:
-                bzero((char *) tmp, 5);
+                memset (tmp, 0, 5);
                 memcpy(tmp, p->tcp_options[i].data, 4);
-                fprintf(fp, "CCNEW: %u ", EXTRACT_32BITS(tmp));
+                FPRINTF_32BITS(fp, "CCNEW: %u ", tmp);
                 break;
 
             case TCPOPT_CCECHO:
-                bzero((char *) tmp, 5);
+                memset (tmp, 0, 5);
                 memcpy(tmp, p->tcp_options[i].data, 4);
-                fprintf(fp, "CCECHO: %u ", EXTRACT_32BITS(tmp));
+                FPRINTF_32BITS(fp, "CCECHO: %u ", tmp);
                 break;
 
             default:
@@ -2453,7 +2453,7 @@
     char timebuf[TIMEBUF_SIZE];
     char logdir[STD_BUF];
 
-    bzero((char *) timebuf, TIMEBUF_SIZE);
+    memset (timebuf, 0, TIMEBUF_SIZE);
     curr_time = time(NULL);
     loc_time = localtime(&curr_time);
 
@@ -2474,13 +2474,13 @@
     }
     else
     {
-        bzero((char *) timebuf, TIMEBUF_SIZE);
+        memset (timebuf, 0, TIMEBUF_SIZE);
         curr_time = time(NULL);
         loc_time = localtime(&curr_time);
 
         strftime(timebuf, TIMEBUF_SIZE, "%m%d@%H%M", loc_time);
 
-        bzero((char *) logdir, sizeof(logdir));
+        memset (logdir, 0, sizeof(logdir));
 
         if(strlen(pv.log_dir) + strlen(timebuf) + 
                 strlen( chrootdir == NULL ? "" : chrootdir) + 12 < sizeof(logdir))
--- rules.c.orig	Sat Aug 18 23:16:52 2001
+++ rules.c	Sat Aug 18 23:17:02 2001
@@ -1853,7 +1853,7 @@
                         break;
 
                     default:
-                        //FatalError("ERROR: Unknown Ghetto Option\n");
+                        /*FatalError("ERROR: Unknown Ghetto Option\n");*/
                         /* we need at least one statement after "default" or else Visual C++ issues a warning */
                         break;
                 }
--- spp_stream4.c.orig	Sat Aug 18 23:17:27 2001
+++ spp_stream4.c	Sat Aug 18 23:17:37 2001
@@ -2131,7 +2131,7 @@
 
     if(alert && s4data.ps_alerts)
     {
-        //PortscanDeclare(p); 
+        /*PortscanDeclare(p);*/
         CallAlertPlugins(p, alert_msg, NULL, &event);
         CallLogPlugins(p, alert_msg, NULL, &event);
     }
@@ -2548,7 +2548,7 @@
         spd = (StreamPacketData *) SafeAlloc(sizeof(StreamPacketData));
 
         spd->seq_num = pkt_seq;
-        //spd->stream_offset = pkt_seq - s->base_seq;
+        /*spd->stream_offset = pkt_seq - s->base_seq;*/
         spd->payload_size = p->dsize;
         spd->cksum = p->tcph->th_sum;
 
@@ -2647,7 +2647,7 @@
 
         gotevent = Preprocess(stream_pkt);
 
-        //(void)ubi_trTraverse(s->dataPtr, SegmentCleanTraverse, s);
+        /*(void)ubi_trTraverse(s->dataPtr, SegmentCleanTraverse, s);*/
         SegmentCleanTraverse(s);
         /*bzero(stream_pkt->data, stream_size);*/
 
--- decode.h.orig	Sat Aug 18 23:13:05 2001
+++ decode.h	Sat Aug 18 23:24:19 2001
@@ -368,11 +368,23 @@
 
 /* force word-aligned ntohl parameter */
     #define EXTRACT_32BITS(p)  ({ u_int32_t __tmp; memmove(&__tmp, (p), sizeof(u_int32_t)); (u_int32_t) ntohl(__tmp);})
+    #define FPRINTF_32BITS(s,p) { \
+u_int32_t __tmp; \
+memmove(&__tmp, (p), sizeof(u_int32_t)); \
+fprintf(fp, s, (u_int32_t) ntohl(__tmp)); }
+    #define SNPRINTF_32BITS(buf,size,fmt,p) { \
+u_int32_t __tmp; \
+memmove(&__tmp, (p), sizeof(u_int32_t)); \
+snprintf(buf, size, fmt, (u_int32_t) ntohl(__tmp)); }
 
 #else
 
 /* allows unaligned ntohl parameter - dies w/SIGBUS on SPARCs */
     #define EXTRACT_32BITS(p) ((u_int32_t) ntohl (*(u_int32_t *)(p)))
+    #define FPRINTF_32BITS(s,p) { \
+fprintf(fp, s, (u_int32_t) ntohl (*(u_int32_t *)(p))); }
+    #define SNPRINTF_32BITS(s,p) { \
+snprintf(buf, size, fmt, (u_int32_t) ntohl (*(u_int32_t *)(p))); }
 
 #endif                /* WORDS_MUSTALIGN */
 
--- plugbase.c.orig	Sat Aug 18 23:24:43 2001
+++ plugbase.c	Sat Aug 18 23:25:40 2001
@@ -764,41 +764,41 @@
         case TCPOPT_ECHO:
             bzero((char *)tmp, 5);
             memcpy(tmp, o->data, 4);
-            snprintf(rval, SMALLBUFFER, "%u", EXTRACT_32BITS(tmp));
+            SNPRINTF_32BITS(rval, SMALLBUFFER, "%u", tmp);
             break;
 
         case TCPOPT_ECHOREPLY:
             bzero((char *)tmp, 5);
             memcpy(tmp, o->data, 4);
-            snprintf(rval, SMALLBUFFER, "%u", EXTRACT_32BITS(tmp));
+            SNPRINTF_32BITS(rval, SMALLBUFFER, "%u", tmp);
             break;
 
         case TCPOPT_TIMESTAMP:
             bzero((char *)tmp, 5);
             memcpy(tmp, o->data, 4);
-            snprintf(rval, SMALLBUFFER, "%u ", EXTRACT_32BITS(tmp));
+            SNPRINTF_32BITS(rval, SMALLBUFFER, "%u ", tmp);
             rvalptr += strlen(rval);
             bzero((char *)tmp, 5);
             memcpy(tmp, (o->data)+4, 4);
-            snprintf(rvalptr, SMALLBUFFER, "%u", EXTRACT_32BITS(tmp));
+            SNPRINTF_32BITS(rvalptr, SMALLBUFFER, "%u", tmp);
             break;
 
         case TCPOPT_CC:
             bzero((char *)tmp, 5);
             memcpy(tmp, o->data, 4);
-            snprintf(rval, SMALLBUFFER, "%u", EXTRACT_32BITS(tmp));
+            SNPRINTF_32BITS(rval, SMALLBUFFER, "%u", tmp);
             break;
 
         case TCPOPT_CCNEW:
             bzero((char *)tmp, 5);
             memcpy(tmp, o->data, 4);
-            snprintf(rval, SMALLBUFFER, "%u", EXTRACT_32BITS(tmp));
+            SNPRINTF_32BITS(rval, SMALLBUFFER, "%u", tmp);
             break;
 
         case TCPOPT_CCECHO:
             bzero((char *)tmp, 5);
             memcpy(tmp, o->data, 4);
-            snprintf(rval, SMALLBUFFER, "%u", EXTRACT_32BITS(tmp));
+            SNPRINTF_32BITS(rval, SMALLBUFFER, "%u", tmp);
             break;
 
         default:
--- spp_anomsensor.c.orig	Sat Aug 18 23:17:55 2001
+++ spp_anomsensor.c	Sat Aug 18 23:34:50 2001
@@ -49,38 +49,38 @@
 /* the threshold at which anomolous events are reported */
 double report_anom_thres;
 
-char *outfile; // the name of the output log file
-char *statefile; // the name of the file to checkpoint to and recover from
-int checkpoint_freq; // the frequency (in recorded packet counts) with which
-                     // to checkpoint
-int prob_mode; // the probability calculation mode
-
-int as_debug= 0; // the bigger the number, the more debuging statements
-                 // that are active
-int parts=0,part=11; // if parts is 1, the part indicates which part section
-                     // in record_packet should be run, overriding the
-                     // probabity mode; don't try to calculate anomaly scores
-                     // in this case
-
-int adapting=0; // is there an adaptation module active on this run?
-int need_anom= 0; // does some module need the anomaly score calculated
-double last_anom_score; // the anomaly score for this packet
-int skip_packet;  // is this packet being skipped (not added to the tree)
-time_t last_pkt_time=(time_t)0; // the time of the last packet added
-
-int tot_packets=0; // the total number of packets added to the tree
-                   // on this run
-int recent_packets= 0; // the number of packets added since the count was
-                       // last reset
-int alert_count= 0; // the count of alert sent about packets
-int recent_alert_count= 0; // the count of alerts sent since the count was
-                           // last reset
-
-int pp_active= 0; // this is a count of how many modules have added
-                  // themselves to the preprocessor list and will be calling
-                  // record_maybe_skip()
-int pp_run_on_pkt= 0; // this is how many have called record_maybe_skip() so
-                      // far on this packet
+char *outfile; /* the name of the output log file */
+char *statefile; /* the name of the file to checkpoint to and recover from */
+int checkpoint_freq; /* the frequency (in recorded packet counts) with which
+                        to checkpoint */
+int prob_mode; /* the probability calculation mode */
+
+int as_debug= 0; /* the bigger the number, the more debuging statements
+                    that are active */
+int parts=0,part=11; /* if parts is 1, the part indicates which part section
+                        in record_packet should be run, overriding the
+                        probabity mode; don't try to calculate anomaly scores
+                        in this case */
+
+int adapting=0; /* is there an adaptation module active on this run? */
+int need_anom= 0; /* does some module need the anomaly score calculated */
+double last_anom_score; /* the anomaly score for this packet */
+int skip_packet;  /* is this packet being skipped (not added to the tree) */
+time_t last_pkt_time=(time_t)0; /* the time of the last packet added */
+
+int tot_packets=0; /* the total number of packets added to the tree
+                      on this run */
+int recent_packets= 0; /* the number of packets added since the count was
+                          last reset */
+int alert_count= 0; /* the count of alert sent about packets */
+int recent_alert_count= 0; /* the count of alerts sent since the count was
+                              last reset */
+
+int pp_active= 0; /* this is a count of how many modules have added
+                     themselves to the preprocessor list and will be calling
+                     record_maybe_skip() */
+int pp_run_on_pkt= 0; /* this is how many have called record_maybe_skip() so
+                         far on this packet */
 
 
 /* globals used in the tree and memory management */
@@ -176,11 +176,11 @@
 	}
 
 #ifndef OLD_SNORT
-    // requires snort 1.6.1-beta3 or later
+    /* requires snort 1.6.1-beta3 or later */
 	AddFuncToCleanExitList(SpadeCatchSig,NULL);
 	AddFuncToRestartList(SpadeCatchSig,NULL);
 #else
-	// use this if above won't compile
+	/* use this if above won't compile */
     signal(SIGUSR1, CleanUpSpade);
     signal(SIGQUIT, CleanUpSpade);
     signal(SIGHUP, CleanUpSpade);
@@ -267,7 +267,7 @@
 	where <network> is a network in CIDR notation (address/numbits)
 	                   or an IP address */
 														
-ll_net *homelist= NULL;  // the only networks we should be looking at packets going to
+ll_net *homelist= NULL;  /* the only networks we should be looking at packets going to */
 
 /* Spade homenet init function:
      set up the homenet list */
@@ -294,8 +294,8 @@
     }
 }
 
-// create a linked list of network specifications (address and netmask) from
-//  a array of strings representing an CIDR network spec or an IP address
+/* create a linked list of network specifications (address and netmask) from
+   a array of strings representing an CIDR network spec or an IP address */
 ll_net *create_netlist(char *nets[],int count) {
 	ll_net *prev=NULL,*head=NULL,*cur=NULL;
 	int i;
@@ -313,8 +313,8 @@
 			head= cur;
 		}
 		
-		// this code based strongly on GenHomenet in snort.c
-		/* break out the CIDR notation from the IP address */
+		/* this code based strongly on GenHomenet in snort.c
+		   break out the CIDR notation from the IP address */
 	    toks = mSplit(nets[i],"/",2,&num_toks,0);
 
         /* convert the CIDR notation into a real live netmask */
@@ -432,17 +432,17 @@
 */
 
 /* variables used in the threshold learning module */
-int tl_obs_size=0;  // the number of anomalous packets desired
-time_t tl_obs_secs; // how long to observe for
-ll_double *top_anom_list; // the start of the list of anomaly scores we
-                          // maintain; the scores are the highest we've
-                          // observed; this list can be up to tl_obs_size+1
-                          // long and is orderd by increasing score; the
-                          // list is initialized to 0 -> 0 in case we never
-                          // see enough packets
-int top_anom_list_size; // the number of scores on the list (0-based)
-time_t obs_start_time=(time_t)0; // the start time of the observation, set
-                                 // after the first packet we see
+int tl_obs_size=0;  /* the number of anomalous packets desired */
+time_t tl_obs_secs; /* how long to observe for */
+ll_double *top_anom_list; /* the start of the list of anomaly scores we
+                             maintain; the scores are the highest we've
+                             observed; this list can be up to tl_obs_size+1
+                             long and is orderd by increasing score; the
+                             list is initialized to 0 -> 0 in case we never
+                             see enough packets */
+int top_anom_list_size; /* the number of scores on the list (0-based) */
+time_t obs_start_time=(time_t)0; /* the start time of the observation, set
+                                    after the first packet we see */
 
 
 /* Spade threshold learning module init function:
@@ -565,20 +565,20 @@
 */
 
 /* global-scope variables used in the adapt module */
-// the number of alerts that is ideal for the given length of time
+/* the number of alerts that is ideal for the given length of time */
 int adapt_target=0;
-// the length of time in which to ideally produce the given number of alerts;
-//   also the interval at which to adjust the report threshold
+/* the length of time in which to ideally produce the given number of alerts;
+   also the interval at which to adjust the report threshold */
 time_t adapt_period;
-// the weight to give to the new observation ideal cutoff in determining the
-//   new weight
+/* the weight to give to the new observation ideal cutoff in determining the
+   new weight */
 float new_obs_weight;
-// adapt by count or by time only
+/* adapt by count or by time only */
 int adapt_by_count;
-// the head of the list of anomaly scores.  This list is like the one in the
-//   threshold learning module above
+/* the head of the list of anomaly scores.  This list is like the one in the
+   threshold learning module above */
 ll_double *top_adapt_list;
-// the current size of this list (0-based)
+/* the current size of this list (0-based) */
 int top_adapt_list_size;
 
 
@@ -652,14 +652,14 @@
 	/* see if time to adjust the rate and if so, do so, and reset */
 	size_t packet_time= p->pkth->ts.tv_sec;
 	ll_double *new,*prev,*l;
-	// when the time interval is time-based, this is when the current interval
-	//   started; otherwise this is the last time the packets per interval
-	//   was updated average
+	/* when the time interval is time-based, this is when the current interval
+	   started; otherwise this is the last time the packets per interval
+	   was updated average */
 	static time_t last_adapt_time=(time_t)0;
-	// the time period #, starting with 1 for the first interval
+	/* the time period #, starting with 1 for the first interval */
 	static int time_period_num= 1;
-	// the average number of packets per time interval as most recently
-	//   calculated
+	/* the average number of packets per time interval as most recently
+	   calculated */
 	static float average_pkt_rate;
 	
 	if (packet_time > (size_t) (last_adapt_time + adapt_period)) {
@@ -783,21 +783,21 @@
 */
 
 /* global-scope variables used in the adapt2 module */
-// the first and second arguments from the config line
+/* the first and second arguments from the config line */
 double adapt2_targetspec,obsper;
-// the 3rd, 4th, and 5th args
+/* the 3rd, 4th, and 5th args */
 int NS,NM,NL;
-// the current target based on adapt2_targetspec
+/* the current target based on adapt2_targetspec */
 int adapt2_target;
-// latest middle and long term components
+/* latest middle and long term components */
 double mid_anom_comp,long_anom_comp;
-// representation of an array of observation lists, the heads and tails
+/* representation of an array of observation lists, the heads and tails */
 dll_double **obslists_head,**obslists_tail;
-// an array of the (0-based) size of these lists
+/* an array of the (0-based) size of these lists */
 int *obslists_size;
-// the number of complete observation periods
+/* the number of complete observation periods */
 int obsper_count;
-// arrays of short and medium term components used for calculating other components
+/* arrays of short and medium term components used for calculating other components */
 double *recScomps,*recMcomps;
 
 /* Spade adapt2 module init function:
@@ -885,15 +885,15 @@
 	size_t packet_time= p->pkth->ts.tv_sec;
 	dll_double *new,*prev,*l;
 	int i;
-	// the start time of the current observation period
+	/* the start time of the current observation period */
 	static time_t obsper_start=(time_t)0;
-	// the number of packets thus far in this observation
+	/* the number of packets thus far in this observation */
 	static int obscount=0;
-	// the last calculated average packet count per component;
-	// used to figure out when to adjust the threshold;
-	// set high initially to be sure to get a correct value before doing this
+	/* the last calculated average packet count per component;
+	   used to figure out when to adjust the threshold;
+	   set high initially to be sure to get a correct value before doing this */
 	static double packpc= 100000000.0;
-	// obsper_count % NS, which obslist to add to
+	/* obsper_count % NS, which obslist to add to */
 	static int obslist_new_slot= 0;
 	
 	if (packet_time > (obsper_start + obsper)) {
@@ -988,7 +988,7 @@
 }
 
 double calc_new_thresh() {
-	static int per2_count=0,per3_count=0; // the count of period 2 and 3 instances
+	static int per2_count=0,per3_count=0; /* the count of period 2 and 3 instances */
 
 	double rec_anom_comp= thresh_from_obslists();
 	if (as_debug) printf("* New recent anom observation (#%d) is %.5f\n",obsper_count,rec_anom_comp);
@@ -1101,19 +1101,19 @@
 */
 
 /* global-scope variables used in the Adapt3 module */
-// the first and second arguments from the config line
+/* the first and second arguments from the config line */
 double adapt3_targetspec,adapt3_obsper;
-// the 3rd arg
+/* the 3rd arg */
 int NO;
-// the current target based on adapt3_targetspec
+/* the current target based on adapt3_targetspec */
 int adapt3_target;
-// an array of past observations
+/* an array of past observations */
 double *adapt3hist;
-// a linked list of current anomaly scores
+/* a linked list of current anomaly scores */
 ll_double *adapt3anoms;
-// (0-based) size of this lists
+/* (0-based) size of this lists */
 int adapt3anoms_size;
-// number of completed observation period
+/* number of completed observation period */
 int completed_obs_per;
 
 /* Spade Adapt3 module init function:
@@ -1187,11 +1187,13 @@
 	size_t packet_time= p->pkth->ts.tv_sec;
 	ll_double *prev,*newstart,*next,*new;
 	int i;
-	// the start time of the current observation period
+	/* the start time of the current observation period */
 	static time_t adapt3_obsper_start=(time_t)0;
-	// the number of packets thus far in this observation
+	/* the number of packets thus far in this observation */
 	static int obscount=0;
-	// the last calculated average packet count per interval; used to figure out when to adjust the threshold; set high initially to be sure to get a correct value before doing this
+	/* the last calculated average packet count per interval; used
+           to figure out when to adjust the threshold; set high initially
+           to be sure to get a correct value before doing this */
 	static double ppi= 100000000.0;
 	
 	/* see if time to adjust the rate and if so, do so, and reset */
@@ -1260,7 +1262,7 @@
 
 void do_adapt3() {
 	ll_double *l;
-	static double obssum= 0; // the sum of all current elements in the array
+	static double obssum= 0; /* the sum of all current elements in the array */
 	double obs_thresh= (adapt3anoms->val + adapt3anoms->next->val)/2;
 	int slot;
 	
@@ -1312,15 +1314,15 @@
 */
 
 /* global-scope variables used in the survey module */
-// the survey log file handle
+/* the survey log file handle */
 FILE *survey_log= NULL;
-// the list of anomaly scores for the survey
+/* the list of anomaly scores for the survey */
 ll_double *survey_list;
-// the length of the list (1-based)
+/* the length of the list (1-based) */
 int survey_list_len;
-// the number of seconds in the survey interval
+/* the number of seconds in the survey interval */
 float survey_interval;
-// the suvery period number (starts with 1)
+/* the suvery period number (starts with 1) */
 int survey_period;
 
 /* Spade survey module init function:
@@ -1373,9 +1375,9 @@
 	size_t packet_time= p->pkth->ts.tv_sec;
 	double anom;
 	ll_double *new,*prev,*next;
-	// the start time for this survey interval
+	/* the start time for this survey interval */
 	static time_t survey_interval_start_time=(time_t)0;
-	// the number of packets seen in this survey period so far
+	/* the number of packets seen in this survey period so far */
 	static int survey_rec_count= 0;
 
 	while (packet_time > (survey_interval_start_time + survey_interval)) {
@@ -1423,7 +1425,7 @@
 	double fromnext;
 	double posnum;
 	
-	//printf("loc= %f\n",loc);
+	/*printf("loc= %f\n",loc);*/
 	if (survey_list_len == 0) return 0.0;
 	posnum= loc*(double)survey_list_len + (1-loc);/* = (survey_list_len-1)*loc+1 */
 
@@ -1443,7 +1445,7 @@
 	valtype val[NUM_FEATURES];
 	ll_net *home;
 	size_t packet_time= p->pkth->ts.tv_sec;
-	static time_t last_scale=(time_t)0; // the last time the tree was scaled
+	static time_t last_scale=(time_t)0; /* the last time the tree was scaled */
 	
 	if (pp_run_on_pkt == pp_active || !pp_run_on_pkt) { /* first time this packet hit */
 		while (packet_time - last_scale > SCALE_FREQ) {
@@ -1482,7 +1484,7 @@
 
 		if (need_anom) {
 			last_anom_score= calc_anom(val);
-			//printf("last_anom_score=%f\n",last_anom_score);
+			/*printf("last_anom_score=%f\n",last_anom_score);*/
 		}
 	} else {
 		pp_run_on_pkt++;
@@ -1497,7 +1499,13 @@
 	double prob;
 	if (!parts) {
 		features fl[]= {DIP,DPORT,SIP,SPORT};
-		features vl[]= {val[DIP],val[DPORT],val[SIP],val[SPORT]};
+		features vl[]= {0,0,0,0};
+
+		vl[0] = val[DIP];
+		vl[1] = val[DPORT];
+		vl[2] = val[SIP];
+		vl[3] = val[SPORT];
+
 		if (prob_mode == 0) {
 			prob= prob_simple(DPORT,val[DPORT]) *  /* P(dport) */
 				prob_cond2(SIP,val[SIP],DPORT,val[DPORT],SPORT,val[SPORT]) *  /* P(sip|dport,sport) */
@@ -1524,8 +1532,8 @@
 	val[DIP]= p->iph->ip_dst.s_addr;
 	val[SPORT]= p->sp;
 	val[DPORT]= p->dp;
-	//val[TTL]= p->iph->ip_ttl;
-	//val[WIN] = p->tcph->th_win;
+	/*val[TTL]= p->iph->ip_ttl;*/
+	/*val[WIN] = p->tcph->th_win;*/
 	
 	if (as_debug > 2) {
 		strncpy(sip, inet_ntoa(p->iph->ip_src), 16);
@@ -1784,11 +1792,11 @@
 	}
 }
 
-__inline int anom_min(int a,int b) {
+inline int anom_min(int a,int b) {
 	return a < b ? a : b;
 }
 
-__inline int anom_max(int a,int b) {
+inline int anom_max(int a,int b) {
 	return a > b ? a : b;
 }
 
--- spp_unidecode.c.orig	Sat Aug 18 23:35:24 2001
+++ spp_unidecode.c	Sat Aug 18 23:35:31 2001
@@ -229,7 +229,7 @@
 			p->dsize = TranslateUnicode(url, p->dsize, index, p->dsize, p);
 
             /* set the payload size to reflect the new size */ 
-            //p->dsize = psize;
+            /*p->dsize = psize;*/
 
 #ifdef DEBUG
             printf("New size: %d\n", p->dsize);
--- spp_frag2.c.orig	Sat Aug 18 23:36:27 2001
+++ spp_frag2.c	Sat Aug 18 23:36:34 2001
@@ -679,7 +679,7 @@
     }
 
     /* clear the rebuild buffer */
-    //bzero(defrag_pkt->pkth, sizeof(SnortPktHeader)+ETHERNET_HEADER_LEN+65536);
+    /*bzero(defrag_pkt->pkth, sizeof(SnortPktHeader)+ETHERNET_HEADER_LEN+65536);*/
     
     /* copy the packet header from the last packet of the frag */
     memcpy(defrag_pkt->pkth, p->pkth, sizeof(SnortPktHeader));
--- configure.in.orig	Sat Aug 18 21:38:56 2001
+++ configure.in	Sat Aug 18 23:55:25 2001
@@ -5,10 +5,10 @@
 AM_PROG_CC_STDC
 
 AC_PROG_CC
- if test -n "$GCC"; then
-      CFLAGS="$CFLAGS -Wall "
- fi
-
+if test "x$GCC" = xyes; then
+	CFLAGS="$CFLAGS -Wall"
+fi
+AC_C_INLINE
 
 AC_ARG_ENABLE(debug,
 [  --enable-debug       enable debugging options (bugreports and developers only)],
@@ -40,27 +40,18 @@
     ;;
   *-sgi-irix5*)
     AC_DEFINE(IRIX)
-    no_libsocket=yes
-    no_libnsl=yes
-    if test -z "$GCC"; then
+    if test "x$GCC" != xyes; then
       sgi_cc=yes
     fi
-    LDFLAGS=${LDFLAGS} -L/usr/local/lib
-    extra_incl=-I/usr/local/include
     ;;
   *-sgi-irix6*)
     AC_DEFINE(IRIX)
-    no_libsocket=yes
-    no_libnsl=yes
-    if test -z "$GCC"; then
+    if test "x$GCC" != xyes; then
       sgi_cc=yes
     fi
-    LDFLAGS=${LDFLAGS} -L/usr/local/lib
-    extra_incl=-I/usr/local/include
     ;;
   *-solaris*)
     AC_DEFINE(SOLARIS)
-    CPPFLAGS="${CPPFLAGS} -DBSD_COMP"
     ;;
   *-sunos*)
     AC_DEFINE(SUNOS)
@@ -78,7 +69,6 @@
     AC_DEFINE(HPUX)
     AC_DEFINE(WORDS_BIGENDIAN)
     AC_SUBST(extra_incl)
-    extra_incl=-I/usr/local/include
     ;;
 
   *-freebsd*)
@@ -90,13 +80,13 @@
     ;;
   *-aix*)
     AC_DEFINE(AIX)
-     broken_types=yes
+    broken_types=yes
     ;;
   *-osf4*)
     AC_DEFINE(OSF1)
     tru64_types=yes
     ;;
-  *-osf5.1*)
+  *-osf5*)
     AC_DEFINE(OSF1)
     ;;
   *-tru64*)
@@ -123,13 +113,8 @@
 AC_CHECK_HEADERS(paths.h)
 
 dnl make sure we've got all our libraries
-if test -z "$no_libnsl"; then
-AC_CHECK_LIB(nsl, inet_ntoa)
-fi
-
-if test -z "$no_libsocket"; then
-AC_CHECK_LIB(socket, socket)
-fi
+AC_CHECK_FUNC(inet_ntoa, , AC_CHECK_LIB(nsl, inet_ntoa))
+AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
 
 # SunOS4 has several things `broken'
 if test  "$sunos4" != "no"; then
@@ -209,11 +194,11 @@
 
 
 AC_ARG_WITH(libpcap_includes,
-	[ --with-libpcap-includes=DIR  libcap include directory],
+	[  --with-libpcap-includes=DIR  libcap include directory],
 	[with_libpcap_includes="$withval"],[with_libpcap_includes=no])
 
 AC_ARG_WITH(libpcap_libraries,
-	[ --with-libpcap-libraries=DIR  libcap library directory],
+	[  --with-libpcap-libraries=DIR  libcap library directory],
 	[with_libpcap_libraries="$withval"],[with_libpcap_libraries=no])
 
 if test "$with_libpcap_includes" != "no"; then
@@ -224,7 +209,7 @@
    LDFLAGS="${LDFLAGS}  -L${with_libpcap_libraries}"
 fi
 
-AC_CHECK_LIB(m, floor,,)
+AC_CHECK_FUNC(floor, , AC_CHECK_LIB(m, floor))
 
 LPCAP=""
 AC_CHECK_LIB(pcap, pcap_datalink,, LPCAP="no")
@@ -495,7 +480,7 @@
 fi
 
 AC_ARG_WITH(snmp,    
-   [ --with-snmp             support for snmp] ,
+   [  --with-snmp             support for snmp] ,
    [ with_snmp="$withval" ] ,
    [ with_snmp=no ] )
 
@@ -670,7 +655,7 @@
         INCVAL="/usr/local/include"
         LIBVAL="/usr/lib"
         AC_ARG_WITH(libxml2_includes,
-                [ --with-libxml2-includes=DIR  libxml2 include directory],
+                [  --with-libxml2-includes=DIR  libxml2 include directory],
                 [INCVAL="$withval"])
 
         _cppflags="${CPPFLAGS}"
@@ -681,7 +666,7 @@
         if test "$MYINC" = "yes"; then
            CPPFLAGS="-I${INCVAL} ${CPPFLAGS}"
            AC_ARG_WITH(libxml2_libraries,
-                [ --with-libxml2-libraries=DIR  libxml2 library directory],
+                [  --with-libxml2-libraries=DIR  libxml2 library directory],
                 [LIBVAL="$withval"])
 
            LDFLAGS="-L${LIBVAL} ${LDFLAGS}"
@@ -703,7 +688,7 @@
         AC_MSG_CHECKING(for ntp source directory (includes and libraries))
 
         AC_ARG_WITH(libntp_libraries,
-           [--with-libntp-libraries=DIR libntp library directory],
+           [  --with-libntp-libraries=DIR libntp library directory],
            [with_libntp_libraries="$withval"],[with_libntp_libraries=no])
 
         if test "$with_libntp_libraries" != "no"; then
@@ -720,7 +705,7 @@
         INCVAL="/usr/local/include"
         LIBVAL="/usr/local/lib"
         AC_ARG_WITH(libidmef_includes,
-           [ --with-libidmef-includes=DIR  libidmef include directory],
+           [  --with-libidmef-includes=DIR  libidmef include directory],
            [INCVAL="$withval"])
 
         _cppflags="${CPPFLAGS}"
@@ -731,7 +716,7 @@
         if test "$MYINC" = "yes"; then
            CPPFLAGS="-I${INCVAL}/libidmef ${CPPFLAGS}"
            AC_ARG_WITH(libidmef_libraries,
-               [ --with-libidmef-libraries=DIR  libidmef library directory],
+               [  --with-libidmef-libraries=DIR  libidmef library directory],
                [LIBVAL="$withval"])
 
            LDFLAGS="-L${LIBVAL} ${LDFLAGS}"
@@ -814,4 +799,3 @@
 
 AC_PROG_INSTALL
 AC_OUTPUT(Makefile)
-





More information about the Snort-devel mailing list