[Snort-devel] Barnyard patches

Steve Halligan agent33 at ...269...
Wed Nov 21 09:23:07 EST 2001


Here is a patch for barnyard that makes the following changes:
1)  adds a -l commandline flag that sets timestamps to 
    localtime instead of UTC
2)  adds an output function ErrorMessage to send errors to 
    stderr or log facility but keep processing.
3)  changed the way the query to insert payload data into 
    the db is created.  Made it like the one in snort's
    spo_database.c. Large payloads would cause the sql string
    to get its end hacked off, loosing the ending ') and 
    breaking the sql syntax.  This uses strcat to tack ') on
    the end of the sql string.
4)  Made a failed sql insert call ErrorMessage instead of 
    FatalError.  This is the way snort works, and there is
    no real reason for barnyard to die on a failed insert.
5)  Changed the behavior of SIGINT from reload to cleanexit.

Index: src/barnyard.c
===================================================================
RCS file: /cvsroot/barnyard/barnyard/src/barnyard.c,v
retrieving revision 1.14
diff -c -r1.14 barnyard.c
*** src/barnyard.c	2001/10/26 04:07:55	1.14
--- src/barnyard.c	2001/11/21 17:08:59
***************
*** 132,138 ****
      char *config_dir;
  
      /* NOTE: -w and -l should not be used together at once */
!     while((ch = getopt(argc, argv, "a:c:d:f:g:hop:r:s:t:w:D:L:RV?")) !=
-1)
      {
          switch(ch)
          {
--- 132,138 ----
      char *config_dir;
  
      /* NOTE: -w and -l should not be used together at once */
!     while((ch = getopt(argc, argv, "a:c:d:f:g:hlop:r:s:t:w:DL:RV?")) !=
-1)
      {
          switch(ch)
          {
***************
*** 190,196 ****
                  pv.daemon_flag = 1;
                  break;
  
!             case 'L': /* specify output log dir and file */
                  pv.log_flag = 1;
                  pv.log_dir = strdup(optarg);
                  break;
--- 190,200 ----
                  pv.daemon_flag = 1;
                  break;
  
!             case 'l': /* set timestamps to localtime */
! 	        pv.localtime = 1;
! 	        break;
! 
! 	    case 'L': /* specify output log dir and file */
                  pv.log_flag = 1;
                  pv.log_dir = strdup(optarg);
                  break;
***************
*** 364,369 ****
--- 368,374 ----
      fputs("-f <file>        Set the base spool filename to <file>\n",
stderr);
      fputs("-g <file>        Read the generator names from <file>\n",
stderr);
      fputs("-h               Show usage\n", stderr);
+     fputs("-l               Set timestamps to localtime\n", stderr);
      fputs("-L <directory>   Set the output logging directory to
<directory>\n",
             stderr);
      fputs("-o               One shot mode, process the file and exit\n", 
***************
*** 391,397 ****
  {
      printf("HandleSigInt\n"); fflush(stdout);
      pv.stop = 1;
!     pv.restart = 1;
  }
  
  void HandleSigQuit(int signal)
--- 396,402 ----
  {
      printf("HandleSigInt\n"); fflush(stdout);
      pv.stop = 1;
!     pv.exit = 1;
  }
  
  void HandleSigQuit(int signal)
Index: src/barnyard.h
===================================================================
RCS file: /cvsroot/barnyard/barnyard/src/barnyard.h,v
retrieving revision 1.11
diff -c -r1.11 barnyard.h
*** src/barnyard.h	2001/10/20 17:53:02	1.11
--- src/barnyard.h	2001/11/21 17:08:59
***************
*** 55,60 ****
--- 55,61 ----
      u_int8_t file_arg_start;
      u_int8_t one_shot;
      u_int8_t dry_run;
+     u_int8_t localtime;
      /* Runtime flags, could collapse these and use mask operations */
      u_int8_t exit;
      u_int8_t stop;
Index: src/util.c
===================================================================
RCS file: /cvsroot/barnyard/barnyard/src/util.c,v
retrieving revision 1.6
diff -c -r1.6 util.c
*** src/util.c	2001/10/28 17:43:33	1.6
--- src/util.c	2001/11/21 17:09:01
***************
*** 77,83 ****
      return;
  }
  
! 
  /*
   * Function: FatalError(const char *, ...)
   *
--- 77,111 ----
      return;
  }
  
! /*
!  * Function ErrorMessage(const char *, ...)
!  *
!  * Purpose: When a non-fatal error occurs, this function prints the error
!  *          message to stderr or log facility
!  * 
!  * Arguments: format => the formatted error string to print out
!  *            ... => format command/fillers
!  *
!  * Returns: void function
!  */
! void ErrorMessage(const char *format,...)
! {
!   char buf[STD_BUF+1];
!   va_list ap;
!   
!   va_start(ap, format);
!   
!   if(pv.daemon_flag)
!   {
!     vsnprintf(buf, STD_BUF, format, ap);
!     syslog(LOG_CONS | LOG_DAEMON | LOG_ERR, "ERROR: %s", buf);
!   }
!   else
!   {
!     vfprintf(stderr, format, ap);
!   }
! }
!       
  /*
   * Function: FatalError(const char *, ...)
   *
***************
*** 532,540 ****
  size_t RenderTimestamp(time_t timet, char *timebuf, size_t len)
  {
      struct tm *lt;
! 
!     lt = gmtime(&timet);
! 
      return strftime(timebuf, len, "%Y-%m-%d %H:%M:%S", lt);
  }
  
--- 560,573 ----
  size_t RenderTimestamp(time_t timet, char *timebuf, size_t len)
  {
      struct tm *lt;
!     if(pv.localtime)
!     {
!       lt = localtime(&timet);
!     }
!     else
!     {
!       lt = gmtime(&timet);
!     }
      return strftime(timebuf, len, "%Y-%m-%d %H:%M:%S", lt);
  }
  
Index: src/util.h
===================================================================
RCS file: /cvsroot/barnyard/barnyard/src/util.h,v
retrieving revision 1.5
diff -c -r1.5 util.h
*** src/util.h	2001/10/28 17:43:33	1.5
--- src/util.h	2001/11/21 17:09:01
***************
*** 35,40 ****
--- 35,41 ----
  
  extern char *protocol_names[];
  void LogMessage(const char *, ...);
+ void ErrorMessage(const char *, ...);
  void FatalError(const char *, ...);
  void FreeToks(char **, int);
  FileListNode *GetFileList(char *, char *);
Index: src/output-plugins/op_acid_db.c
===================================================================
RCS file: /cvsroot/barnyard/barnyard/src/output-plugins/op_acid_db.c,v
retrieving revision 1.13
diff -c -r1.13 op_acid_db.c
*** src/output-plugins/op_acid_db.c	2001/11/07 06:10:12	1.13
--- src/output-plugins/op_acid_db.c	2001/11/21 17:09:02
***************
*** 521,530 ****
      if(p->dsize)
      {
          hex_payload = fasthex(p->data, p->dsize);
!         snprintf(sql_buffer, MAX_QUERY_SIZE,
                  "INSERT INTO data(sid, cid, data_payload) "
!                 "VALUES('%u', '%u', '%s')", op_data->sensor_id, 
                  op_data->event_id, hex_payload);
          Insert(op_data, sql_buffer, NULL);  /* XXX: Error Checking */
      }
      return 0;
--- 521,531 ----
      if(p->dsize)
      {
          hex_payload = fasthex(p->data, p->dsize);
!         snprintf(sql_buffer, MAX_QUERY_SIZE-3,
                  "INSERT INTO data(sid, cid, data_payload) "
!                 "VALUES('%u', '%u', '%s", op_data->sensor_id, 
                  op_data->event_id, hex_payload);
+ 	strcat(sql_buffer, "')");
          Insert(op_data, sql_buffer, NULL);  /* XXX: Error Checking */
      }
      return 0;
***************
*** 931,937 ****
      
      if(mysql_query(mysql, sql) != 0)
      {
!         FatalError("Error (%s) executing query: %s\n", mysql_error(mysql),
sql);
          return -1;
      }
  
--- 932,938 ----
      
      if(mysql_query(mysql, sql) != 0)
      {
!         ErrorMessage("Error (%s) executing query: %s\n",
mysql_error(mysql), sql);
          return -1;
      }
  




More information about the Snort-devel mailing list