[Snort-devel] spo_database.c patch

Simon Attwell attwell at ...277...
Fri Feb 16 13:06:22 EST 2001


Following is a diff which modifies the spo_database plugin to do delayed inserts for a
mysql database, there are also stubs for other databases should the syntax vary.

This has been compiled and tested with current CVS versions of snort and acid and 
MySQL version 3.23.33.

	- Simon

--
Simon Attwell
Systems Engineer
Berbee
5520 Research Park Drive
Madison, WI 53711
attwell at ...276...

Berbee... putting the E in business.


Index: spo_database.c
===================================================================
RCS file: /cvsroot/snort/snort/spo_database.c,v
retrieving revision 1.14
diff -c -r1.14 spo_database.c
*** spo_database.c	2001/01/18 20:46:59	1.14
--- spo_database.c	2001/02/16 18:00:44
***************
*** 447,453 ****
--- 447,464 ----
          tmp = GetCurrentTimestamp();
      }
      snprintf(query->val, MAX_QUERY_LENGTH, 
+ #ifdef ENABLE_MYSQL
+              "INSERT DELAYED INTO event (sid,cid,signature,timestamp) VALUES "
+ #endif
+ #ifdef ENABLE_POSTGRESQL
               "INSERT INTO event (sid,cid,signature,timestamp) VALUES "
+ #endif
+ #ifdef ENABLE_UNIXODBC
+              "INSERT INTO event (sid,cid,signature,timestamp) VALUES "
+ #endif
+ #ifdef ENABLE_ORACLE
+              "INSERT INTO event (sid,cid,signature,timestamp) VALUES "
+ #endif
               "('%u', '%u', '%s', '%s')",
               data->sid, data->cid, msg, tmp);
      free(tmp); 
***************
*** 485,491 ****
--- 496,513 ----
                      if(p->ext)
                      {
                          snprintf(query->val, MAX_QUERY_LENGTH, 
+ #ifdef ENABLE_MYSQL
+                                  "INSERT DELAYED INTO icmphdr (sid, cid, icmp_type, icmp_code, "
+ #endif
+ #ifdef ENABLE_POSTGRESQL
+                                  "INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, "
+ #endif
+ #ifdef ENABLE_UNIXODBC
+                                  "INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, "
+ #endif
+ #ifdef ENABLE_ORACLE
                                   "INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, "
+ #endif
                                   "icmp_csum, icmp_id, icmp_seq) "
                                   "VALUES ('%u','%u','%u','%u','%u','%u','%u')",
                                   data->sid, data->cid, p->icmph->type, p->icmph->code,
***************
*** 494,500 ****
--- 516,533 ----
                      else
                      {
                          snprintf(query->val, MAX_QUERY_LENGTH, 
+ #ifdef ENABLE_MYSQL
+                                  "INSERT DELAYED INTO icmphdr (sid, cid, icmp_type, icmp_code, "
+ #endif
+ #ifdef ENABLE_POSTGRESQL
                                   "INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, "
+ #endif
+ #ifdef ENABLE_UNIXODBC
+                                  "INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, "
+ #endif
+ #ifdef ENABLE_ORACLE
+                                  "INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code, "
+ #endif
                                   "icmp_csum) "
                                   "VALUES ('%u','%u','%u','%u','%u')",
                                   data->sid, data->cid, p->icmph->type, p->icmph->code,
***************
*** 504,510 ****
--- 537,554 ----
                  else
                  {
                      snprintf(query->val, MAX_QUERY_LENGTH, 
+ #ifdef ENABLE_MYSQL
+                              "INSERT DELAYED INTO icmphdr (sid, cid, icmp_type, icmp_code) "
+ #endif
+ #ifdef ENABLE_POSTGRESQL
+                              "INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code) "
+ #endif
+ #ifdef ENABLE_UNIXODBC
                               "INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code) "
+ #endif
+ #ifdef ENABLE_ORACLE
+                              "INSERT INTO icmphdr (sid, cid, icmp_type, icmp_code) "
+ #endif
                               "VALUES ('%u','%u','%u','%u')",
                               data->sid, data->cid, p->icmph->type, p->icmph->code);
                  }
***************
*** 515,522 ****
                  if(data->detail)
                  {
                      snprintf(query->val, MAX_QUERY_LENGTH, 
                               "INSERT INTO tcphdr "
! 
                               "(sid, cid, tcp_sport, tcp_dport, tcp_seq,"
                               " tcp_ack, tcp_off, tcp_res, tcp_flags, tcp_win,"
                               " tcp_csum, tcp_urp) "
--- 559,576 ----
                  if(data->detail)
                  {
                      snprintf(query->val, MAX_QUERY_LENGTH, 
+ #ifdef ENABLE_MYSQL
+                              "INSERT DELAYED INTO tcphdr "
+ #endif
+ #ifdef ENABLE_POSTGRESQL
                               "INSERT INTO tcphdr "
! #endif
! #ifdef ENABLE_UNIXODBC
!                              "INSERT INTO tcphdr "
! #endif
! #ifdef ENABLE_ORACLE
!                              "INSERT INTO tcphdr "
! #endif
                               "(sid, cid, tcp_sport, tcp_dport, tcp_seq,"
                               " tcp_ack, tcp_off, tcp_res, tcp_flags, tcp_win,"
                               " tcp_csum, tcp_urp) "
***************
*** 534,540 ****
--- 588,605 ----
                  else
                  {
                      snprintf(query->val, MAX_QUERY_LENGTH, 
+ #ifdef ENABLE_MYSQL
+                              "INSERT DELAYED INTO tcphdr "
+ #endif
+ #ifdef ENABLE_POSTGRESQL
                               "INSERT INTO tcphdr "
+ #endif
+ #ifdef ENABLE_UNIXODBC
+                              "INSERT INTO tcphdr "
+ #endif
+ #ifdef ENABLE_ORACLE
+                              "INSERT INTO tcphdr "
+ #endif
                               "(sid,cid,tcp_sport,tcp_dport,tcp_flags) "
                               "VALUES ('%u','%u','%u','%u','%u')",
                               data->sid, data->cid, ntohs(p->tcph->th_sport), 
***************
*** 557,563 ****
--- 622,639 ----
                              tmp = base64(p->tcp_options[i].data, p->tcp_options[i].len); 
                          }
                          snprintf(query->val, MAX_QUERY_LENGTH, 
+ #ifdef ENABLE_MYSQL
+                                  "INSERT DELAYED INTO opt "
+ #endif
+ #ifdef ENABLE_POSTGRESQL
+                                  "INSERT INTO opt "
+ #endif
+ #ifdef ENABLE_UNIXODBC
                                   "INSERT INTO opt "
+ #endif
+ #ifdef ENABLE_ORACLE
+                                  "INSERT INTO opt "
+ #endif
                                   "(sid,cid,optid,opt_proto,opt_code,opt_len,opt_data) "
                                   "VALUES ('%u','%u','%u','%u','%u','%u','%s')",
                                   data->sid, data->cid, i, 6, p->tcp_options[i].code,
***************
*** 572,578 ****
--- 648,665 ----
                  if(data->detail)
                  {
                      snprintf(query->val, MAX_QUERY_LENGTH,
+ #ifdef ENABLE_MYSQL
+                              "INSERT DELAYED INTO udphdr "
+ #endif
+ #ifdef ENABLE_POSTGRESQL
+                              "INSERT INTO udphdr "
+ #endif
+ #ifdef ENABLE_UNIXODBC
                               "INSERT INTO udphdr "
+ #endif
+ #ifdef ENABLE_ORACLE
+                              "INSERT INTO udphdr "
+ #endif
                               "(sid, cid, udp_sport, udp_dport, udp_len, udp_csum) "
                               "VALUES ('%u', '%u', '%u', '%u', '%u', '%u')",
                               data->sid, data->cid, ntohs(p->udph->uh_sport), 
***************
*** 582,588 ****
--- 669,686 ----
                  else
                  {
                      snprintf(query->val, MAX_QUERY_LENGTH,
+ #ifdef ENABLE_MYSQL
+                              "INSERT DELAYED INTO udphdr "
+ #endif
+ #ifdef ENABLE_POSTGRESQL
+                              "INSERT INTO udphdr "
+ #endif
+ #ifdef ENABLE_UNIXODBC
                               "INSERT INTO udphdr "
+ #endif
+ #ifdef ENABLE_ORACLE
+                              "INSERT INTO udphdr "
+ #endif
                               "(sid, cid, udp_sport, udp_dport) "
                               "VALUES ('%u', '%u', '%u', '%u')",
                               data->sid, data->cid, ntohs(p->udph->uh_sport), 
***************
*** 597,604 ****
          if(data->detail)
          {
              snprintf(query->val, MAX_QUERY_LENGTH, 
! 
                       "INSERT INTO iphdr "
                       "(sid, cid, ip_src, ip_src0, ip_src1, ip_src2, ip_src3,"
                       "ip_dst, ip_dst0, ip_dst1, ip_dst2, ip_dst3, ip_ver,"
                       "ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off,"
--- 695,712 ----
          if(data->detail)
          {
              snprintf(query->val, MAX_QUERY_LENGTH, 
! #ifdef ENABLE_MYSQL
!                      "INSERT DELAYED INTO iphdr "
! #endif
! #ifdef ENABLE_POSTGRESQL
!                      "INSERT INTO iphdr "
! #endif
! #ifdef ENABLE_UNIXODBC
                       "INSERT INTO iphdr "
+ #endif
+ #ifdef ENABLE_ORACLE
+                      "INSERT INTO iphdr "
+ #endif
                       "(sid, cid, ip_src, ip_src0, ip_src1, ip_src2, ip_src3,"
                       "ip_dst, ip_dst0, ip_dst1, ip_dst2, ip_dst3, ip_ver,"
                       "ip_hlen, ip_tos, ip_len, ip_id, ip_flags, ip_off,"
***************
*** 620,626 ****
--- 728,745 ----
          {
              snprintf(query->val, MAX_QUERY_LENGTH, 
  
+ #ifdef ENABLE_MYSQL
+                      "INSERT DELAYED INTO iphdr "
+ #endif
+ #ifdef ENABLE_POSTGRESQL
+                      "INSERT INTO iphdr "
+ #endif
+ #ifdef ENABLE_UNIXODBC
                       "INSERT INTO iphdr "
+ #endif
+ #ifdef ENABLE_ORACLE
+                      "INSERT INTO iphdr "
+ #endif
                       "(sid, cid, ip_src, ip_dst, ip_proto) "
  
                       "VALUES ('%u','%u','%lu','%lu','%u')",
***************
*** 646,652 ****
--- 765,782 ----
                          tmp = base64(p->ip_options[i].data, p->ip_options[i].len); 
                      }
                      snprintf(query->val, MAX_QUERY_LENGTH, 
+ #ifdef ENABLE_MYSQL
+                              "INSERT DELAYED INTO opt "
+ #endif
+ #ifdef ENABLE_POSTGRESQL
+                              "INSERT INTO opt "
+ #endif
+ #ifdef ENABLE_UNIXODBC
                               "INSERT INTO opt "
+ #endif
+ #ifdef ENABLE_ORACLE
+                              "INSERT INTO opt "
+ #endif
                               "(sid,cid,optid,opt_proto,opt_code,opt_len,opt_data) "
                               "VALUES ('%u','%u','%u','%u','%u','%u','%s')",
                               data->sid, data->cid, i, 0, p->ip_options[i].code,
***************
*** 681,687 ****
--- 811,828 ----
                  tmp = snort_escape_string(tmp_not_escaped, data);
  
                  snprintf(query->val, MAX_QUERY_LENGTH - 3, 
+ #ifdef ENABLE_MYSQL
+                          "INSERT DELAYED INTO data "
+ #endif
+ #ifdef ENABLE_POSTGRESQL
+                          "INSERT INTO data "
+ #endif
+ #ifdef ENABLE_UNIXODBC
+                          "INSERT INTO data "
+ #endif
+ #ifdef ENABLE_ORACLE
                           "INSERT INTO data "
+ #endif
                           "(sid,cid,data_payload) "
                           "VALUES ('%u','%u','%s",
                           data->sid, data->cid, tmp);





More information about the Snort-devel mailing list