Changeset 1221
- Timestamp:
- 04/16/07 18:10:02 (1 year ago)
- Files:
-
- honeytrap/trunk/ChangeLog (modified) (1 diff)
- honeytrap/trunk/src/attack.c (modified) (1 diff)
- honeytrap/trunk/src/ctrl.c (modified) (1 diff)
- honeytrap/trunk/src/dynsrv.c (modified) (1 diff)
- honeytrap/trunk/src/honeytrap.h (modified) (3 diffs)
- honeytrap/trunk/src/ip.h (modified) (1 diff)
- honeytrap/trunk/src/logging.h (modified) (2 diffs)
- honeytrap/trunk/src/modules/htm_SpamSum.c (modified) (2 diffs)
- honeytrap/trunk/src/modules/htm_aSaveFile.c (modified) (3 diffs)
- honeytrap/trunk/src/modules/htm_aSavePostgres.c (modified) (2 diffs)
- honeytrap/trunk/src/modules/htm_b64Decode.c (modified) (3 diffs)
- honeytrap/trunk/src/modules/htm_ftpDownload.c (modified) (2 diffs)
- honeytrap/trunk/src/modules/htm_tftpDownload.c (modified) (2 diffs)
- honeytrap/trunk/src/modules/htm_vncDownload.c (modified) (2 diffs)
- honeytrap/trunk/src/plughook.c (modified) (6 diffs)
- honeytrap/trunk/src/plughook.h (modified) (4 diffs)
- honeytrap/trunk/src/plugin.c (modified) (1 diff)
- honeytrap/trunk/src/plugin.h (modified) (2 diffs)
- honeytrap/trunk/src/proxy.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
honeytrap/trunk/ChangeLog
r1201 r1221 1 1 Version 0.7.0 2 - Plugins can be priotizized 2 3 - PostgreSQL module for commits into mwcollect database 3 4 - SHA512 hash support honeytrap/trunk/src/attack.c
r1201 r1221 101 101 /* call plugins */ 102 102 /* do calls even if no data received, i.e. to update connection statistics */ 103 plughook_process_attack(*a); 103 plughook_process_attack(funclist_attack_preproc, *a); 104 plughook_process_attack(funclist_attack_analyze, *a); 105 plughook_process_attack(funclist_attack_savedata, *a); 106 plughook_process_attack(funclist_attack_postproc, *a); 104 107 105 108 return(1); honeytrap/trunk/src/ctrl.c
r1128 r1221 66 66 unload_default_responses(); 67 67 68 /* unloading plugins */ 68 69 logmsg(LOG_DEBUG, 1, "Unloading plugins.\n"); 69 70 unload_plugins(); honeytrap/trunk/src/dynsrv.c
r1201 r1221 87 87 proxy_sock_fd = -1; 88 88 proxy_this = 0; 89 mirror_this = 0;89 mirror_this = mirror_mode; 90 90 established = 0; 91 91 port_mode = PORTCONF_IGNORE; honeytrap/trunk/src/honeytrap.h
r1128 r1221 20 20 #include <dlfcn.h> 21 21 22 /*23 #include "pcapmon.h"24 #include "ipqmon.h"25 */26 27 22 #if HAVE_CONFIG_H 28 23 # include <config.h> … … 31 26 32 27 #define EXCL_FILE_RW O_CREAT | O_NOCTTY | O_APPEND | O_WRONLY 33 #define DEBUG_FPRINTF if (log_level == LOG_DEBUG) fprintf34 28 35 29 #define PORTCONF_NONE 0 … … 38 32 #define PORTCONF_MIRROR 4 39 33 #define PORTCONF_PROXY 8 40 41 #define TCP 642 #define UDP 1743 34 44 35 char *conffile_name, **arg_v; honeytrap/trunk/src/ip.h
r1117 r1221 13 13 #ifndef __HONEYTRAP_IP_H 14 14 #define __HONEYTRAP_IP_H 1 15 16 #include <netinet/in.h> 15 17 16 18 honeytrap/trunk/src/logging.h
r1201 r1221 1 1 /* logging.h 2 * Copyright (C) 2005 Tillmann Werner <tillmann.werner@gmx.de>2 * Copyright (C) 2005-2007 Tillmann Werner <tillmann.werner@gmx.de> 3 3 * 4 4 * This file is free software; as a special exception the author gives … … 18 18 #include <sys/types.h> 19 19 20 typedef enum { 21 OFF = 0, 22 ERR = 1, 23 WARN = 2, 24 NOTICE = 3, 25 INFO = 4, 26 NOISY = 5, 27 DEBUG = 6, 28 } s_log_level; 29 30 s_log_level log_level; 31 20 32 #define LOG_OFF 0 21 33 #define LOG_ERR 1 22 34 #define LOG_WARN 2 23 #define LOG_NOTICE 3 / * default */35 #define LOG_NOTICE 3 // default 24 36 #define LOG_INFO 4 25 37 #define LOG_NOISY 5 26 38 #define LOG_DEBUG 6 27 39 40 /* 41 u_char log_level; 42 */ 43 28 44 #define LOGLINE_SIZE 256 /* truncates longer lines */ 29 45 30 u_char log_level; 46 #define DEBUG_FPRINTF if (log_level == DEBUG) fprintf 31 47 32 48 int logfile_fd; honeytrap/trunk/src/modules/htm_SpamSum.c
r1201 r1221 59 59 60 60 void plugin_unload(void) { 61 unhook( &pluginlist_process_attack, module_name, "calc_spamsum");61 unhook(PPRIO_POSTPROC, module_name, "calc_spamsum"); 62 62 return; 63 63 } … … 65 65 void plugin_register_hooks(void) { 66 66 DEBUG_FPRINTF(stdout, " Plugin %s: Registering hooks.\n", module_name); 67 add_attack_func_to_list( module_name, "calc_spamsum", (void *) calc_spamsum);67 add_attack_func_to_list(PPRIO_POSTPROC, module_name, "calc_spamsum", (void *) calc_spamsum); 68 68 69 69 return; honeytrap/trunk/src/modules/htm_aSaveFile.c
r1125 r1221 25 25 #include <stdio.h> 26 26 27 #include <ip.h> 27 28 #include <logging.h> 28 29 #include <honeytrap.h> … … 38 39 39 40 void plugin_unload(void) { 40 unhook( &pluginlist_process_attack, module_name, "save_to_file");41 unhook(PPRIO_SAVEDATA, module_name, "save_to_file"); 41 42 return; 42 43 } … … 44 45 void plugin_register_hooks(void) { 45 46 DEBUG_FPRINTF(stdout, " Plugin %s: Registering hooks.\n", module_name); 46 add_attack_func_to_list( module_name, "save_to_file", (void *) save_to_file);47 add_attack_func_to_list(PPRIO_SAVEDATA, module_name, "save_to_file", (void *) save_to_file); 47 48 48 49 return; honeytrap/trunk/src/modules/htm_aSavePostgres.c
r1201 r1221 45 45 46 46 void plugin_unload(void) { 47 unhook( &pluginlist_process_attack, module_name, "db_submit");47 unhook(PPRIO_SAVEDATA, module_name, "db_submit"); 48 48 return; 49 49 } … … 52 52 void plugin_register_hooks(void) { 53 53 DEBUG_FPRINTF(stdout, " Plugin %s: Registering hooks.\n", module_name); 54 add_attack_func_to_list( module_name, "db_submit", (void *) db_submit);54 add_attack_func_to_list(PPRIO_SAVEDATA, module_name, "db_submit", (void *) db_submit); 55 55 56 56 return; honeytrap/trunk/src/modules/htm_b64Decode.c
r1125 r1221 40 40 41 41 void plugin_unload(void) { 42 unhook( &pluginlist_process_attack, module_name, "b64_decode");42 unhook(PPRIO_PREPROC, module_name, "b64_decode"); 43 43 return; 44 44 } … … 46 46 void plugin_register_hooks(void) { 47 47 DEBUG_FPRINTF(stdout, " Plugin %s: Registering hooks.\n", module_name); 48 add_attack_func_to_list( module_name, "b64_decode", (void *) b64_decode);48 add_attack_func_to_list(PPRIO_PREPROC, module_name, "b64_decode", (void *) b64_decode); 49 49 50 50 return; … … 135 135 dec_attack.a_conn.payload.data = decoded->str; 136 136 dec_attack.a_conn.payload.size = decoded->len; 137 plughook_process_attack(dec_attack); 137 // plughook_process_attack(funclist_attack_preproc, dec_attack); 138 plughook_process_attack(funclist_attack_analyze, dec_attack); 139 plughook_process_attack(funclist_attack_savedata, dec_attack); 140 plughook_process_attack(funclist_attack_postproc, dec_attack); 138 141 139 142 honeytrap/trunk/src/modules/htm_ftpDownload.c
r1201 r1221 41 41 42 42 void plugin_unload(void) { 43 unhook( &pluginlist_process_attack, module_name, "cmd_parse_for_ftp");43 unhook(PPRIO_ANALYZE, module_name, "cmd_parse_for_ftp"); 44 44 return; 45 45 } … … 47 47 void plugin_register_hooks(void) { 48 48 DEBUG_FPRINTF(stdout, " Plugin %s: Registering hooks.\n", module_name); 49 add_attack_func_to_list( module_name, "cmd_parse_for_ftp", (void *) cmd_parse_for_ftp);49 add_attack_func_to_list(PPRIO_ANALYZE, module_name, "cmd_parse_for_ftp", (void *) cmd_parse_for_ftp); 50 50 51 51 return; honeytrap/trunk/src/modules/htm_tftpDownload.c
r1201 r1221 41 41 42 42 void plugin_unload(void) { 43 unhook( &pluginlist_process_attack, module_name, "cmd_parse_for_tftp");43 unhook(PPRIO_ANALYZE, module_name, "cmd_parse_for_tftp"); 44 44 return; 45 45 } … … 47 47 void plugin_register_hooks(void) { 48 48 DEBUG_FPRINTF(stdout, " Plugin %s: Registering hooks.\n", module_name); 49 add_attack_func_to_list( module_name, "cmd_parse_for_tftp", (void *) cmd_parse_for_tftp);49 add_attack_func_to_list(PPRIO_ANALYZE, module_name, "cmd_parse_for_tftp", (void *) cmd_parse_for_tftp); 50 50 51 51 return; honeytrap/trunk/src/modules/htm_vncDownload.c
r1125 r1221 34 34 35 35 void plugin_unload(void) { 36 unhook( &pluginlist_process_attack, module_name, "cmd_parse_for_vnc");36 unhook(PPRIO_ANALYZE, module_name, "cmd_parse_for_vnc"); 37 37 return; 38 38 } … … 40 40 void plugin_register_hooks(void) { 41 41 DEBUG_FPRINTF(stdout, " Plugin %s: Registering hooks.\n", module_name); 42 add_attack_func_to_list( module_name, "cmd_parse_for_vnc", (void *) cmd_parse_for_vnc);42 add_attack_func_to_list(PPRIO_ANALYZE, module_name, "cmd_parse_for_vnc", (void *) cmd_parse_for_vnc); 43 43 44 44 return; honeytrap/trunk/src/plughook.c
r1106 r1221 23 23 24 24 void init_plugin_hooks(void) { 25 pluginlist_unload_plugins = NULL; 26 pluginlist_process_attack = NULL; 27 return; 28 } 29 30 31 PlugFuncList *add_attack_func_to_list(const char *plugname, const char *funcname, int (*func)(Attack)) { 25 funclist_unload_plugins = NULL; 26 funclist_attack_preproc = NULL; 27 funclist_attack_analyze = NULL; 28 funclist_attack_savedata = NULL; 29 funclist_attack_postproc = NULL; 30 return; 31 } 32 33 34 PlugFuncList *add_attack_func_to_list(const func_prio priority, const char *plugname, const char *funcname, int (*func)(Attack)) { 32 35 PlugFuncList *func_tmp, *func_new; 33 36 34 DEBUG_FPRINTF(stdout, " Hooking plugin %s to 'process_attack'.\n", plugname); 37 func_tmp = NULL; 38 func_new = NULL; 39 40 DEBUG_FPRINTF(stdout, " Hooking %s::%s() to 'process_attack' (priority: %d).\n", plugname, funcname, priority); 35 41 if ((func_new = (PlugFuncList *) malloc(sizeof(PlugFuncList))) == NULL) { 36 42 logmsg(LOG_ERR, 1, " Error - Unable to allocate memory: %s\n", strerror(errno)); … … 40 46 41 47 /* attach new function to list */ 42 func_tmp = pluginlist_process_attack; 48 switch (priority) { 49 case PPRIO_PREPROC: 50 func_tmp = funclist_attack_preproc; 51 break; 52 case PPRIO_ANALYZE: 53 func_tmp = funclist_attack_analyze; 54 break; 55 case PPRIO_SAVEDATA: 56 func_tmp = funclist_attack_savedata; 57 break; 58 case PPRIO_POSTPROC: 59 func_tmp = funclist_attack_postproc; 60 break; 61 default: 62 fprintf(stderr, " Error - Unknown plugin priority.\n"); 63 return(NULL); 64 } 43 65 if (func_tmp) { 44 66 while(func_tmp->next) func_tmp = func_tmp->next; 45 67 func_tmp->next = func_new; 46 } else pluginlist_process_attack = func_new; 68 } else switch (priority) { 69 case PPRIO_PREPROC: 70 funclist_attack_preproc = func_new; 71 break; 72 case PPRIO_ANALYZE: 73 funclist_attack_analyze = func_new; 74 break; 75 case PPRIO_SAVEDATA: 76 funclist_attack_savedata = func_new; 77 break; 78 case PPRIO_POSTPROC: 79 funclist_attack_postproc = func_new; 80 break; 81 default: 82 fprintf(stderr, " Error - Unknown plugin priority.\n"); 83 return(NULL); 84 } 47 85 48 86 func_new->func = (void *)func; … … 50 88 func_new->funcnam = (char *)funcname; 51 89 52 DEBUG_FPRINTF(stdout, " %s::%s() hooked to 'process_attack' .\n", func_new->plugnam, func_new->funcnam);90 DEBUG_FPRINTF(stdout, " %s::%s() hooked to 'process_attack' (priority: %d).\n", func_new->plugnam, func_new->funcnam, priority); 53 91 return(func_new); 54 92 } 55 93 56 94 57 void plughook_process_attack( Attack attack) {95 void plughook_process_attack(PlugFuncList *func_list, Attack attack) { 58 96 PlugFuncList *func_tmp = NULL; 59 97 60 98 logmsg(LOG_DEBUG, 1, "Calling plugins for hook 'process_attack'.\n"); 61 99 62 if ( pluginlist_process_attack== NULL) {100 if (func_list == NULL) { 63 101 logmsg(LOG_DEBUG, 1, "No plugins registered for hook 'process_attack'.\n"); 64 102 return; 65 103 } 66 104 67 func_tmp = pluginlist_process_attack;105 func_tmp = func_list; 68 106 while(func_tmp) { 69 107 if (func_tmp->func) { … … 89 127 90 128 /* attach new function to list */ 91 func_tmp = pluginlist_unload_plugins;129 func_tmp = funclist_unload_plugins; 92 130 if (func_tmp) { 93 131 while(func_tmp->next) func_tmp = func_tmp->next; 94 132 func_tmp->next = func_new; 95 } else pluginlist_unload_plugins = func_new;133 } else funclist_unload_plugins = func_new; 96 134 97 135 func_new->func = (void *)func; … … 109 147 logmsg(LOG_DEBUG, 1, "Calling plugins for hook 'unload_plugins'.\n"); 110 148 111 if (pluginlist_process_attack == NULL) { 149 /* 150 if (funclist_process_attack == NULL) { 112 151 logmsg(LOG_DEBUG, 1, "No plugins registered for hook 'unload_plugins'.\n"); 113 152 return; 114 153 } 115 116 func_tmp = pluginlist_unload_plugins; 154 */ 155 156 func_tmp = funclist_unload_plugins; 117 157 while(func_tmp) { 118 158 if (func_tmp->func) { … … 130 170 131 171 132 void unhook(PlugFuncList **hook_func_list, const char *plugname, const char *funcname) { 172 void unhook(const func_prio priority, const char *plugname, const char *funcname) { 173 switch (priority) { 174 case PPRIO_PREPROC: 175 unhook_from_list(&funclist_attack_preproc, plugname, funcname); 176 break; 177 case PPRIO_ANALYZE: 178 unhook_from_list(&funclist_attack_analyze, plugname, funcname); 179 break; 180 case PPRIO_SAVEDATA: 181 unhook_from_list(&funclist_attack_savedata, plugname, funcname); 182 break; 183 case PPRIO_POSTPROC: 184 unhook_from_list(&funclist_attack_postproc, plugname, funcname); 185 break; 186 default: 187 logmsg(LOG_ERR, 1, "Error - Unable to unhook %s::%s: Unsupported priority.\n", plugname, funcname); 188 return; 189 } 190 return; 191 } 192 193 194 void unhook_from_list(PlugFuncList **hook_func_list, const char *plugname, const char *funcname) { 133 195 PlugFuncList *func_tmp, *func_del, *func_before_del; 134 196 honeytrap/trunk/src/plughook.h
r1106 r1221 1 1 /* plughook.h 2 * Copyright (C) 2006 Tillmann Werner <tillmann.werner@gmx.de>2 * Copyright (C) 2006-2007 Tillmann Werner <tillmann.werner@gmx.de> 3 3 * 4 4 * This file is free software; as a special exception the author gives … … 14 14 #define __HONEYTRAP_PLUGHOOK_H 1 15 15 16 #include "plugin.h" 16 17 #include "attack.h" 18 19 typedef enum { 20 PPRIO_PREPROC = 0, // attack preprocessing, e.g., decryption 21 PPRIO_ANALYZE = 1, // attack analysis, e.g., ftp command parsing 22 PPRIO_SAVEDATA = 2, // for data-saving plugins 23 PPRIO_POSTPROC = 3, // attack postprocessing, e.g., IDS signature generation or other time complex tasks 24 } func_prio; 17 25 18 26 typedef struct plugin_func_list { 19 27 int (*func)(void *arg[]); 28 func_prio prio; 20 29 char *plugnam; 21 30 char *funcnam; … … 24 33 25 34 26 PlugFuncList *pluginlist_unload_plugins; 27 PlugFuncList *pluginlist_process_attack; 35 PlugFuncList *funclist_unload_plugins; 36 PlugFuncList *funclist_attack_preproc; 37 PlugFuncList *funclist_attack_analyze; 38 PlugFuncList *funclist_attack_savedata; 39 PlugFuncList *funclist_attack_postproc; 28 40 29 41 30 PlugFuncList *add_attack_func_to_list(const char *plugname, const char *funcname, int (*func)(struct s_attack));31 void plughook_process_attack( struct s_attack attack);42 PlugFuncList *add_attack_func_to_list(const func_prio priority, const char *plugname, const char *funcname, int (*func)(struct s_attack)); 43 void plughook_process_attack(PlugFuncList *func_list, Attack attack); 32 44 33 45 PlugFuncList *add_unload_func_to_list(const char *plugname, const char *funcname, void (*func)(void)); … … 35 47 36 48 void init_plugin_hooks(void); 37 void unhook(PlugFuncList **hook_func_list, const char *plugname, const char *funcname); 49 void unhook(const func_prio priority, const char *plugname, const char *funcname); 50 void unhook_from_list(PlugFuncList **hook_func_list, const char *plugname, const char *funcname); 38 51 39 52 #endif honeytrap/trunk/src/plugin.c
r1123 r1221 33 33 DIR *plugindir; 34 34 35 full_path 36 plugin_list 35 full_path = NULL; 36 plugin_list = NULL; 37 37 38 38 init_plugin_hooks(); honeytrap/trunk/src/plugin.h
r1081 r1221 14 14 #define __HONEYTRAP_PLUGIN_H 1 15 15 16 17 16 typedef struct plugin_struct { 18 17 void *handle; … … 25 24 26 25 char *plugin_error_str; 26 27 27 Plugin *plugin_list; 28 28 honeytrap/trunk/src/proxy.c
r1126 r1221 23 23 #include "proxy.h" 24 24 #include "logging.h" 25 #include "ip.h" 25 26 26 27 int proxy_connect(u_char mode, struct in_addr ipaddr, uint16_t l_port, u_int16_t port, uint16_t proto, Attack *attack) {
