-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest.c
More file actions
47 lines (43 loc) · 1.28 KB
/
test.c
File metadata and controls
47 lines (43 loc) · 1.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#define SRC_CCN_MATCH 3
#define SRC_CCN_MATCH_STR "example_preprocessor: source port matched"
#define DST_CCN_MATCH 4
#define DST_CCN_MATCH_STR "example_preprocessor: destination port matched"
#define SRCH_STRING "4444 4444 4444 4444"
void ExampleProcess(void *pkt, void *context)
{
SFSnortPacket *p = (SFSnortPacket *)pkt;
int i,result;
if(!p->ip4_header || p->ip4_header->proto != IPROTO_TCP || !p->tcp_header)
{
/* Not for me */
return;
}
if(p->src_port == portToCheck)
{
char *ptr = (char *) p->payload;
for(i=0;i<(p->payload_size - 19);i++)
{
result = strncmp(&ptr[i], SRCH_STRING, 19);
if(result == 0) {
_dpd.logMsg("CCN found in outgoing traffic");
/* Source port matched, log alert */
_dpd.alertAdd(GENERATOR_EXAMPLE, SRC_CCN_MATCH, 1, 0, 3, SRC_CCN_MATCH_STR, 0);
return;
}
}
}
if(p->dst_port = portToCheck)
{
char *ptr = (char *) p->payload;
for(i = 0;i < (p->payload_size - 19);i++)
{
result = strncmp(&ptr[i], SRCH_STRING, 19);
if(result == 0) {
_dpd.logMsg("CCN foudn in incoming traffic");
/* Destination port matched, log alert */
_dpd.alertAdd(GENERATOR_EXAMPLE, DST_CCN_MATCH, 1, 0 ,3, DST_CCN_MATCH_STR, 0);
return;
}
}
}
}