From a290942a95fa4988aef003bd3fedd4fe49f4ed3f Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 16 Aug 2013 15:50:55 -0500 Subject: [PATCH 01/10] Add support for file:path, text:string, and hex:01020304 for udp probes --- src/probe_modules/module_udp.c | 86 ++++++++++++++++++++++++++++++++-- 1 file changed, 81 insertions(+), 5 deletions(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index d7e2278..cd943c6 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -26,11 +26,86 @@ #include "probe_modules.h" #include "packet.h" -const char *udp_send_msg = "GET / HTTP/1.1\r\n\r\n"; // Must be null-terminated +char *udp_send_msg = NULL; // Must be null-terminated +int udp_send_msg_len = 0; + +const char *udp_send_msg_default = "GET / HTTP/1.1\r\n\r\n"; + static int num_ports = 1; probe_module_t module_udp; + +int udp_global_initialize(struct state_conf * zconf) { + char *args, *c; + int i; + unsigned int n; + + FILE *inp; + + udp_send_msg = strdup(udp_send_msg_default); + udp_send_msg_len = strlen(udp_send_msg); + + if (! (zconf->probe_args && strlen(zconf->probe_args) > 0)) + return(0); + + args = strdup(zconf->probe_args); + c = strchr(args, ':'); + if (! c) { + fprintf(stderr, "error: unknown UDP probe specification (expected type:value, like file:/path or text:STRING or hex:01020304)\n"); + free(args); + exit(1); + } + + *c++ = 0; + + if (strcmp(args, "text") == 0) { + udp_send_msg = strdup(c); + udp_send_msg_len = strlen(udp_send_msg); + + } else if (strcmp(args, "file") == 0) { + inp = fopen(c, "rb"); + if (!inp) { + fprintf(stderr, "error: could not open the specified file\n"); + free(args); + exit(1); + } + udp_send_msg = malloc(1472); + if (! udp_send_msg) { + free(args); + exit(1); + } + udp_send_msg_len = fread(udp_send_msg, 1, 1472, inp); + fclose(inp); + + } else if (strcmp(args, "hex") == 0) { + udp_send_msg_len = strlen(c) / 2; + udp_send_msg = malloc(udp_send_msg_len); + if (! udp_send_msg) { + free(args); + exit(1); + } + + for (i=0; i < udp_send_msg_len; i++) { + sscanf(c + (i*2), "%2x", &n); + udp_send_msg[i] = (n & 0xff); + } + } else { + fprintf(stderr, "error: unknown UDP probe specification (expected file:/path, text:STRING, or hex:01020304)\n"); + free(args); + exit(1); + } + + free(args); + return(0); +} + +int udp_global_cleanup(void) { + if (udp_send_msg) free(udp_send_msg); + return(0); +} + + int udp_init_perthread(void* buf, macaddr_t *src, macaddr_t *gw, __attribute__((unused)) port_h_t dst_port) { @@ -38,20 +113,20 @@ int udp_init_perthread(void* buf, macaddr_t *src, struct ethhdr *eth_header = (struct ethhdr *)buf; make_eth_header(eth_header, src, gw); struct iphdr *ip_header = (struct iphdr*)(ð_header[1]); - uint16_t len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + strlen(udp_send_msg)); + uint16_t len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + udp_send_msg_len); make_ip_header(ip_header, IPPROTO_UDP, len); struct udphdr *udp_header = (struct udphdr*)(&ip_header[1]); - len = sizeof(struct udphdr) + strlen(udp_send_msg); + len = sizeof(struct udphdr) + udp_send_msg_len; make_udp_header(udp_header, zconf.target_port, len); char* payload = (char*)(&udp_header[1]); module_udp.packet_length = sizeof(struct ethhdr) + sizeof(struct iphdr) - + sizeof(struct udphdr) + strlen(udp_send_msg); + + sizeof(struct udphdr) + udp_send_msg_len; assert(module_udp.packet_length <= MAX_PACKET_SIZE); - strcpy(payload, udp_send_msg); + memcpy(payload, udp_send_msg, udp_send_msg_len); num_ports = zconf.source_port_last - zconf.source_port_first + 1; @@ -217,6 +292,7 @@ probe_module_t module_udp = { .pcap_snaplen = 96, .port_args = 1, .thread_initialize = &udp_init_perthread, + .global_initialize = &udp_global_initialize, .make_packet = &udp_make_packet, .print_packet = &udp_print_packet, .validate_packet = &udp_validate_packet, From 228c66e9c3eaaa34f3c1a6bb729ad4bb6e5cbed8 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 16 Aug 2013 15:53:33 -0500 Subject: [PATCH 02/10] Add some default udp probe files --- examples/udp-probes/citrix_1604.pkt | Bin 0 -> 30 bytes examples/udp-probes/db2disco_523.pkt | Bin 0 -> 20 bytes examples/udp-probes/digi1_2362.pkt | Bin 0 -> 14 bytes examples/udp-probes/digi2_2362.pkt | Bin 0 -> 14 bytes examples/udp-probes/digi3_2362.pkt | Bin 0 -> 14 bytes examples/udp-probes/dns_53.pkt | Bin 0 -> 30 bytes examples/udp-probes/ipmi_623.pkt | Bin 0 -> 23 bytes examples/udp-probes/mdns_5353.pkt | Bin 0 -> 46 bytes examples/udp-probes/mssql_1434.pkt | 1 + examples/udp-probes/natpmp_5351.pkt | Bin 0 -> 4 bytes examples/udp-probes/netbios_137.pkt | Bin 0 -> 50 bytes examples/udp-probes/ntp_123.pkt | Bin 0 -> 48 bytes examples/udp-probes/pca_nq_5632.pkt | 1 + examples/udp-probes/pca_st_5632.pkt | 1 + examples/udp-probes/portmap_111.pkt | Bin 0 -> 40 bytes examples/udp-probes/sentinel_5093.pkt | Bin 0 -> 6 bytes examples/udp-probes/snmp1_161.pkt | Bin 0 -> 43 bytes examples/udp-probes/snmp2_161.pkt | Bin 0 -> 40 bytes examples/udp-probes/upnp_1900.pkt | 7 +++++++ examples/udp-probes/wdbrpc_17185.pkt | Bin 0 -> 64 bytes examples/udp-probes/wsd_3702.pkt | 3 +++ 21 files changed, 13 insertions(+) create mode 100755 examples/udp-probes/citrix_1604.pkt create mode 100755 examples/udp-probes/db2disco_523.pkt create mode 100755 examples/udp-probes/digi1_2362.pkt create mode 100755 examples/udp-probes/digi2_2362.pkt create mode 100755 examples/udp-probes/digi3_2362.pkt create mode 100755 examples/udp-probes/dns_53.pkt create mode 100755 examples/udp-probes/ipmi_623.pkt create mode 100755 examples/udp-probes/mdns_5353.pkt create mode 100755 examples/udp-probes/mssql_1434.pkt create mode 100755 examples/udp-probes/natpmp_5351.pkt create mode 100755 examples/udp-probes/netbios_137.pkt create mode 100755 examples/udp-probes/ntp_123.pkt create mode 100755 examples/udp-probes/pca_nq_5632.pkt create mode 100755 examples/udp-probes/pca_st_5632.pkt create mode 100755 examples/udp-probes/portmap_111.pkt create mode 100755 examples/udp-probes/sentinel_5093.pkt create mode 100755 examples/udp-probes/snmp1_161.pkt create mode 100755 examples/udp-probes/snmp2_161.pkt create mode 100755 examples/udp-probes/upnp_1900.pkt create mode 100755 examples/udp-probes/wdbrpc_17185.pkt create mode 100755 examples/udp-probes/wsd_3702.pkt diff --git a/examples/udp-probes/citrix_1604.pkt b/examples/udp-probes/citrix_1604.pkt new file mode 100755 index 0000000000000000000000000000000000000000..acc5a73c89b17011cb32f79d5189a4ea8d87d60e GIT binary patch literal 30 Scmb1RU^HO*yW%keRsaA++ydGF literal 0 HcmV?d00001 diff --git a/examples/udp-probes/db2disco_523.pkt b/examples/udp-probes/db2disco_523.pkt new file mode 100755 index 0000000000000000000000000000000000000000..388374500e3c296faa4f114235de895e16256900 GIT binary patch literal 20 bcmZ>9GIDnfaddGBVh9fOF)%eSFkk=xG}#21 literal 0 HcmV?d00001 diff --git a/examples/udp-probes/digi1_2362.pkt b/examples/udp-probes/digi1_2362.pkt new file mode 100755 index 0000000000000000000000000000000000000000..74f57b88f68d8dd24a9972ffdb95e10e3e0d53d4 GIT binary patch literal 14 RcmZ?qboXRnWMKOb1^^=v2Oj_c literal 0 HcmV?d00001 diff --git a/examples/udp-probes/digi2_2362.pkt b/examples/udp-probes/digi2_2362.pkt new file mode 100755 index 0000000000000000000000000000000000000000..d962606efade4a7fe8103769fcb15c68a1a69a62 GIT binary patch literal 14 RcmZ<>^A2HPWMKOb1^^^t2Ri@& literal 0 HcmV?d00001 diff --git a/examples/udp-probes/digi3_2362.pkt b/examples/udp-probes/digi3_2362.pkt new file mode 100755 index 0000000000000000000000000000000000000000..ffba12522e33d978a04cb02e9f251f8326f381c0 GIT binary patch literal 14 RcmZ>9cL`u%WMKOb1^^=;2O$6e literal 0 HcmV?d00001 diff --git a/examples/udp-probes/dns_53.pkt b/examples/udp-probes/dns_53.pkt new file mode 100755 index 0000000000000000000000000000000000000000..616e17e8c6d512a676c5c60d14091fe3ab95e32f GIT binary patch literal 30 hcmXqc&&a?4L?FN(<{A|2>F>wlffO!q)L+@VaAVMC0B6Jn%>V!Z literal 0 HcmV?d00001 diff --git a/examples/udp-probes/pca_nq_5632.pkt b/examples/udp-probes/pca_nq_5632.pkt new file mode 100755 index 0000000..8d51173 --- /dev/null +++ b/examples/udp-probes/pca_nq_5632.pkt @@ -0,0 +1 @@ +NQ \ No newline at end of file diff --git a/examples/udp-probes/pca_st_5632.pkt b/examples/udp-probes/pca_st_5632.pkt new file mode 100755 index 0000000..86aa1fa --- /dev/null +++ b/examples/udp-probes/pca_st_5632.pkt @@ -0,0 +1 @@ +ST \ No newline at end of file diff --git a/examples/udp-probes/portmap_111.pkt b/examples/udp-probes/portmap_111.pkt new file mode 100755 index 0000000000000000000000000000000000000000..9143734872757d755349c0d832798124020f9226 GIT binary patch literal 40 bcmYc-;xcD|044^;wgo^Y6A-gNgb*YENW20_ literal 0 HcmV?d00001 diff --git a/examples/udp-probes/sentinel_5093.pkt b/examples/udp-probes/sentinel_5093.pkt new file mode 100755 index 0000000000000000000000000000000000000000..158b3a9dd9dcfc088b7fa278d91ac48eb8605ea3 GIT binary patch literal 6 KcmbR90LWy7VyG~L`u{&v2*|R5$}zzt0r6V})Bpeg literal 0 HcmV?d00001 diff --git a/examples/udp-probes/wsd_3702.pkt b/examples/udp-probes/wsd_3702.pkt new file mode 100755 index 0000000..87704a5 --- /dev/null +++ b/examples/udp-probes/wsd_3702.pkt @@ -0,0 +1,3 @@ + + +urn:schemas-xmlsoap-org:ws:2005:04:discoveryhttp://schemas.xmlsoap.org/ws/2005/04/discovery/Probeurn:uuid:ce04dad0-5d2c-4026-9146-1aabfc1e4111wsdp:Device From 4fef9f0be8c176d49e934bec1dfd18c52cd91c91 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 16 Aug 2013 16:10:37 -0500 Subject: [PATCH 03/10] Bump the snaplen size to full frames --- src/probe_modules/module_udp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index cd943c6..717c038 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -287,9 +287,9 @@ static response_type_t responses[] = { probe_module_t module_udp = { .name = "udp", - .packet_length = 96, + .packet_length = 1, .pcap_filter = "udp || icmp", - .pcap_snaplen = 96, + .pcap_snaplen = 1500, .port_args = 1, .thread_initialize = &udp_init_perthread, .global_initialize = &udp_global_initialize, From b8246abf06b4fd1c989c8eb1ee11eadd569e855d Mon Sep 17 00:00:00 2001 From: Eric Wustrow Date: Fri, 16 Aug 2013 17:43:02 -0400 Subject: [PATCH 04/10] Add simple length checks on UDP payload; use logger --- src/probe_modules/module_udp.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index cd943c6..213e2d5 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -25,6 +25,9 @@ #include "probe_modules.h" #include "packet.h" +#include "logger.h" + +#define MAX_UDP_PAYLOAD_LEN 1472 char *udp_send_msg = NULL; // Must be null-terminated int udp_send_msg_len = 0; @@ -52,8 +55,9 @@ int udp_global_initialize(struct state_conf * zconf) { args = strdup(zconf->probe_args); c = strchr(args, ':'); if (! c) { - fprintf(stderr, "error: unknown UDP probe specification (expected type:value, like file:/path or text:STRING or hex:01020304)\n"); free(args); + free(udp_send_msg); + log_fatal("udp", "unknown UDP probe specification (expected type:value, like file:/path or text:STRING or hex:01020304)"); exit(1); } @@ -66,16 +70,19 @@ int udp_global_initialize(struct state_conf * zconf) { } else if (strcmp(args, "file") == 0) { inp = fopen(c, "rb"); if (!inp) { - fprintf(stderr, "error: could not open the specified file\n"); free(args); + free(udp_send_msg); + log_fatal("udp", "could not open UDP data file '%s'\n", c); exit(1); } - udp_send_msg = malloc(1472); + udp_send_msg = malloc(MAX_UDP_PAYLOAD_LEN); if (! udp_send_msg) { free(args); + free(udp_send_msg); + log_fatal("udp", "failed to malloc payload buffer"); exit(1); } - udp_send_msg_len = fread(udp_send_msg, 1, 1472, inp); + udp_send_msg_len = fread(udp_send_msg, 1, MAX_UDP_PAYLOAD_LEN, inp); fclose(inp); } else if (strcmp(args, "hex") == 0) { @@ -83,19 +90,27 @@ int udp_global_initialize(struct state_conf * zconf) { udp_send_msg = malloc(udp_send_msg_len); if (! udp_send_msg) { free(args); + free(udp_send_msg); + log_fatal("udp", "failed to malloc payload buffer"); exit(1); } for (i=0; i < udp_send_msg_len; i++) { - sscanf(c + (i*2), "%2x", &n); + if (sscanf(c + (i*2), "%2x", &n) != 1) { + free(args); + free(udp_send_msg); + log_fatal("udp", "non-hex character: '%c'", c[i*2]); + exit(1); + } udp_send_msg[i] = (n & 0xff); } } else { - fprintf(stderr, "error: unknown UDP probe specification (expected file:/path, text:STRING, or hex:01020304)\n"); + log_fatal("udp", "unknown UDP probe specification (expected file:/path, text:STRING, or hex:01020304)"); free(args); - exit(1); + exit(1); } + assert(udp_send_msg_len < MAX_UDP_PAYLOAD_LEN); free(args); return(0); } From 75de805f41eb8be7e319f0880705eb201b699e19 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 16 Aug 2013 22:15:43 -0500 Subject: [PATCH 05/10] Add README --- examples/udp-probes/README | 44 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 examples/udp-probes/README diff --git a/examples/udp-probes/README b/examples/udp-probes/README new file mode 100644 index 0000000..21318a5 --- /dev/null +++ b/examples/udp-probes/README @@ -0,0 +1,44 @@ + +UDP Data Probes +====== + +This directory contains a set of data files that can be used with the UDP probe module. + + +USING: +----- + +$ zmap -M udp -p 137 --probe-args=file:examples/udp-probes/netbios_137.pkt + + +PROBES: +----- + +citrix_1604.pkt This probe triggers a response from Citrix application discovery services on UDP port 1604 +db2disco_523.pkt This probe triggers a response from IBM DB2 discovery services on UDP port 523 +digi1_2362.pkt This probe triggers a response from Digi ADDP discovery services on UDP port 2362 (default magic) +digi2_2362.pkt This probe triggers a response from Digi ADDP discovery services on UDP port 2362 (devkit magic) +digi3_2362.pkt This probe triggers a response from Digi ADDP discovery services on UDP port 2362 (oem magic) +dns_53.pkt This probe queries for the DNS vendor and version using the BIND version TXT record over UDP port 53 +ipmi_623.pkt This probe triggers a Get Channel Authentication reply from IPMI endpoints on UDP port 623 +mdns_5353.pkt This probe triggers a response from mDNS/Avahi/Bonjour discovery services on UDP port 5353 +mssql_1434.pkt This probe triggers a response from Microsoft SQL Server discovery services on UDP port 1434 +natpmp_5351.pkt This probe triggers a response from NATPMP-enabled devices on UDP port 5351 +netbios_137.pkt This probe triggers a status reply from NetBIOS services on UDP port 137 +ntp_123.pkt This probe triggers a response from NTP servies on UDP port 123 +pca_nq_5632.pkt This probe triggers a response from PC Anywhere services on UDP port 5632 (network query) +pca_st_5632.pkt This probe triggers a response from PC Anywhere services on UDP port 5632 (status) +portmap_111.pkt This probe triggers a response from SunRPC portmapper services on UDP port 111 +sentinel_5093.pkt This probe triggers a response from the Sentinel license manager service on UDP port 5093 +snmp1_161.pkt This probe queries for the system description field of SNMP v1 services using community string public over UDP port 161 +snmp2_161.pkt This probe queries for the system description field of aNMP v2 services using community string public over UDP port 161 +upnp_1900.pkt This probe triggers a response from UPnP SSDP services on UDP port 1900 +wdbrpc_17185.pkt This probe triggers a response from VxWorks WDBRPC services on UDP port 17185 +wsd_3702.pkt This probe triggers a response from WSD/DPWS services on UDP port 3702 + +NOTES: +----- + +Most of these probes return useful data in the response. Parsing this data requires capturing the raw output +and decoding this using a protocol-specific dissector. In most cases, Wireshark is capable of decoding these +replies. \ No newline at end of file From cfdbe3bbc2b433d33abf53b534c1249af4f5ddba Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 16 Aug 2013 22:16:29 -0500 Subject: [PATCH 06/10] Make the error messages consistent --- src/probe_modules/module_udp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index 717c038..aaa6151 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -52,7 +52,7 @@ int udp_global_initialize(struct state_conf * zconf) { args = strdup(zconf->probe_args); c = strchr(args, ':'); if (! c) { - fprintf(stderr, "error: unknown UDP probe specification (expected type:value, like file:/path or text:STRING or hex:01020304)\n"); + fprintf(stderr, "error: unknown UDP probe specification (expected file:/path, text:STRING, or hex:01020304)\n"); free(args); exit(1); } From 0b7ab2cac8d0d9f00d0ef41a161ed00b7882952d Mon Sep 17 00:00:00 2001 From: Eric Wustrow Date: Sat, 17 Aug 2013 01:38:04 -0400 Subject: [PATCH 07/10] use the close callback for cleanup --- src/probe_modules/module_udp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index f6c7eb5..cbba0e9 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -115,7 +115,9 @@ int udp_global_initialize(struct state_conf * zconf) { return(0); } -int udp_global_cleanup(void) { +int udp_global_cleanup(__attribute__((unused)) struct state_conf *zconf, + __attribute__((unused)) struct state_send *zsend, + __attribute__((unused)) struct state_recv *zrecv) { if (udp_send_msg) free(udp_send_msg); return(0); } @@ -312,7 +314,7 @@ probe_module_t module_udp = { .print_packet = &udp_print_packet, .validate_packet = &udp_validate_packet, .classify_packet = &udp_classify_packet, - .close = NULL, + .close = udp_global_cleanup, .responses = responses }; From 8aac1ccc52ae0fd53addce6f2acbda2c6c2e638a Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sat, 17 Aug 2013 10:20:17 -0500 Subject: [PATCH 08/10] Make oom check consistent, check and correct overlong payload size --- src/probe_modules/module_udp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index aaa6151..1f3be62 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -50,6 +50,8 @@ int udp_global_initialize(struct state_conf * zconf) { return(0); args = strdup(zconf->probe_args); + if (! args) exit(1) + c = strchr(args, ':'); if (! c) { fprintf(stderr, "error: unknown UDP probe specification (expected file:/path, text:STRING, or hex:01020304)\n"); @@ -96,6 +98,11 @@ int udp_global_initialize(struct state_conf * zconf) { exit(1); } + if (udp_send_msg_len > 1472) { + fprintf(stderr, "warning: reducing UDP payload to 1472 bytes (from %d) to fit on the wire\n", udp_send_msg_len); + udp_send_msg_len = 1472; + } + free(args); return(0); } From ed47f926f5454aede508dccc89b25e524c2a5b07 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sat, 17 Aug 2013 14:06:34 -0500 Subject: [PATCH 09/10] Free memory on close --- src/probe_modules/module_udp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index 1f3be62..024cd70 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -304,7 +304,7 @@ probe_module_t module_udp = { .print_packet = &udp_print_packet, .validate_packet = &udp_validate_packet, .classify_packet = &udp_classify_packet, - .close = NULL, + .close = udp_global_cleanup, .responses = responses }; From 15036cfe8312f7abc5a8353455805550817236c8 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sat, 17 Aug 2013 14:11:58 -0500 Subject: [PATCH 10/10] Proper cleanup and typo fixes --- src/probe_modules/module_udp.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/probe_modules/module_udp.c b/src/probe_modules/module_udp.c index 024cd70..ce83c93 100644 --- a/src/probe_modules/module_udp.c +++ b/src/probe_modules/module_udp.c @@ -50,7 +50,7 @@ int udp_global_initialize(struct state_conf * zconf) { return(0); args = strdup(zconf->probe_args); - if (! args) exit(1) + if (! args) exit(1); c = strchr(args, ':'); if (! c) { @@ -107,8 +107,13 @@ int udp_global_initialize(struct state_conf * zconf) { return(0); } -int udp_global_cleanup(void) { +int udp_cleanup(struct state_conf *zconf, struct state_send *send_state, struct state_recv *recv_state) { + assert(zconf); + assert(send_state); + assert(recv_state); + if (udp_send_msg) free(udp_send_msg); + udp_send_msg = NULL; return(0); } @@ -304,7 +309,7 @@ probe_module_t module_udp = { .print_packet = &udp_print_packet, .validate_packet = &udp_validate_packet, .classify_packet = &udp_classify_packet, - .close = udp_global_cleanup, + .close = &udp_cleanup, .responses = responses };