3 /* Copyright (C) 2009 Trend Micro Inc.
6 * This program is a free software; you can redistribute it
7 * and/or modify it under the terms of the GNU General Public
8 * License (version 2) as published by the FSF - Free Software
11 * License details at the LICENSE file included with OSSEC or
12 * online at: http://www.ossec.net/en/licensing.html
20 #include "headers/debug_op.h"
23 #include "error_messages/error_messages.h"
26 /* We have two internal lists. One with the program_name
27 * and one without. This is going to improve greatly the
28 * performance of our decoder matching.
30 OSDecoderNode *osdecodernode_forpname;
31 OSDecoderNode *osdecodernode_nopname;
34 /* Create the Event List */
35 void OS_CreateOSDecoderList()
37 osdecodernode_forpname = NULL;
38 osdecodernode_nopname = NULL;
44 /* Get first osdecoder */
45 OSDecoderNode *OS_GetFirstOSDecoder(char *p_name)
47 /* If program name is set, we return the forpname list.
51 return(osdecodernode_forpname);
54 return(osdecodernode_nopname);
58 /* Add a osdecoder to the list */
59 OSDecoderNode *_OS_AddOSDecoder(OSDecoderNode *s_node, OSDecoderInfo *pi)
61 OSDecoderNode *tmp_node = s_node;
66 OSDecoderNode *new_node;
68 new_node = (OSDecoderNode *)calloc(1,sizeof(OSDecoderNode));
71 merror(MEM_ERROR,ARGV0);
75 /* Going to the last node */
78 /* Checking for common names */
79 if((strcmp(tmp_node->osdecoder->name,pi->name) == 0) &&
82 if((tmp_node->osdecoder->prematch ||
83 tmp_node->osdecoder->regex) && pi->regex_offset)
88 /* Multi-regexes patterns cannot have prematch */
91 merror(PDUP_INV, ARGV0,pi->name);
95 /* Multi-regex patterns cannot have fts set */
98 merror(PDUPFTS_INV, ARGV0,pi->name);
102 if(tmp_node->osdecoder->regex && pi->regex)
104 tmp_node->osdecoder->get_next = 1;
108 merror(DUP_INV, ARGV0,pi->name);
113 }while(tmp_node->next && (tmp_node = tmp_node->next));
116 /* Must have a prematch set */
117 if(!rm_f && (pi->regex_offset & AFTER_PREVREGEX))
119 merror(INV_OFFSET, ARGV0, pi->name);
123 tmp_node->next = new_node;
125 new_node->next = NULL;
126 new_node->osdecoder = pi;
127 new_node->child = NULL;
132 /* Must not have a previous regex set */
133 if(pi->regex_offset & AFTER_PREVREGEX)
135 merror(INV_OFFSET, ARGV0, pi->name);
139 tmp_node = (OSDecoderNode *)calloc(1, sizeof(OSDecoderNode));
143 ErrorExit(MEM_ERROR,ARGV0);
146 tmp_node->child = NULL;
147 tmp_node->next = NULL;
148 tmp_node->osdecoder = pi;
157 int OS_AddOSDecoder(OSDecoderInfo *pi)
160 OSDecoderNode *osdecodernode;
163 /* We can actually have two lists. One with program
164 * name and the other without.
168 osdecodernode = osdecodernode_forpname;
172 osdecodernode = osdecodernode_nopname;
176 /* Search for parent on both lists */
179 OSDecoderNode *tmp_node = osdecodernode_forpname;
181 /* List with p_name */
184 if(strcmp(tmp_node->osdecoder->name, pi->parent) == 0)
186 tmp_node->child = _OS_AddOSDecoder(tmp_node->child, pi);
189 merror(DEC_PLUGIN_ERR, ARGV0);
194 tmp_node = tmp_node->next;
198 /* List without p name */
199 tmp_node = osdecodernode_nopname;
202 if(strcmp(tmp_node->osdecoder->name, pi->parent) == 0)
204 tmp_node->child = _OS_AddOSDecoder(tmp_node->child, pi);
207 merror(DEC_PLUGIN_ERR, ARGV0);
212 tmp_node = tmp_node->next;
216 /* OSDecoder was added correctly */
222 merror(PPLUGIN_INV, ARGV0, pi->parent);
227 osdecodernode = _OS_AddOSDecoder(osdecodernode, pi);
230 merror(DEC_PLUGIN_ERR, ARGV0);
234 /* Updating global decoders pointers */
237 osdecodernode_forpname = osdecodernode;
241 osdecodernode_nopname = osdecodernode;