📄 spp_portscan.c
字号:
delConnection->prevNode->nextNode = NULL;
}
}
free(delConnection);
}
void RemoveDestination(DestinationInfo *delDestination)
{
/* If there is a prev and/or next node, make them point
to the proper places. Otherwise, just delete this node.
*/
if (delDestination->prevNode || delDestination->nextNode)
{
if (delDestination->prevNode)
{
delDestination->prevNode->nextNode = delDestination->nextNode;
}
else if (delDestination->nextNode)
{
delDestination->nextNode->prevNode = NULL;
}
if (delDestination->nextNode)
{
delDestination->nextNode->prevNode = delDestination->prevNode;
}
else if (delDestination->prevNode)
{
delDestination->prevNode->nextNode = NULL;
}
}
free(delDestination);
}
void RemoveSource(SourceInfo *delSource)
{
/* If there is a prev and/or next node, make them point
to the proper places. Otherwise, just delete this node.
*/
if (delSource->prevNode || delSource->nextNode)
{
if (delSource->prevNode)
{
delSource->prevNode->nextNode = delSource->nextNode;
}
else if (delSource->nextNode)
{
delSource->nextNode->prevNode = NULL;
}
if (delSource->nextNode)
{
delSource->nextNode->prevNode = delSource->prevNode;
}
else if (delSource->prevNode)
{
delSource->prevNode->nextNode = NULL;
}
}
free(delSource);
}
/* Go through each connection and remove any connections that are old. If
the removal of a node makes a parent node empty, remove that node, all
the way back to the root.
*/
void ExpireConnections(ScanList *scanList, struct spp_timeval watchPeriod, struct spp_timeval currentTime)
{
SourceInfo *currentSource = scanList->listHead, *tmpSource;
DestinationInfo *currentDestination, *tmpDestination;
ConnectionInfo *currentConnection, *tmpConnection;
/* Empty list. Get out of here. */
if (!scanList->listHead) return;
while (currentSource)
{
/* If this source host is scanning us, we don't want to lose any connections so go back to top. */
if (currentSource->scanDetected)
{
currentSource = currentSource->nextNode;
continue;
}
currentDestination = currentSource->destinationsList;
while (currentDestination)
{
currentConnection = currentDestination->connectionsList;
while (currentConnection)
{
if (currentConnection->timestamp.tv_sec + watchPeriod.tv_sec < currentTime.tv_sec)
{
/* Expire the connection */
tmpConnection = currentConnection;
currentConnection = currentConnection->nextNode;
/* If this is the first connection, we need to update connectionsList. */
if (tmpConnection->prevNode == NULL)
{
currentDestination->connectionsList = tmpConnection->nextNode;
}
if (tmpConnection->scanType == sUDP)
{
currentSource->numberOfUDPConnections--;
#ifdef DEBUG
printf(MODNAME": ExpireConnections(): %s->numberOfUDPConnections-- (%d)\n",
inet_ntoa(currentSource->saddr), currentSource->numberOfUDPConnections);
#endif
}
else
{
currentSource->numberOfTCPConnections--;
#ifdef DEBUG
printf(MODNAME": ExpireConnections(): %s->numberOfTCPConnections-- (%d)\n",
inet_ntoa(currentSource->saddr), currentSource->numberOfTCPConnections);
#endif
}
RemoveConnection(tmpConnection);
currentSource->numberOfConnections--;
currentDestination->numberOfConnections--;
}
else
{
currentConnection = currentConnection->nextNode;
}
}
tmpDestination = currentDestination;
currentDestination = currentDestination->nextNode;
if (tmpDestination->numberOfConnections == 0)
{
if (tmpDestination->prevNode == NULL)
{
currentSource->destinationsList = tmpDestination->nextNode;
}
RemoveDestination(tmpDestination);
currentSource->numberOfDestinations--;
}
}
tmpSource = currentSource;
currentSource = currentSource->nextNode;
if (tmpSource->numberOfDestinations == 0)
{
/* If this is the first source, we need to update scanList. */
if (tmpSource->prevNode == NULL)
{
/* This is fine, even if tmpSource->nextNode is NULL */
scanList->listHead = tmpSource->nextNode;
}
RemoveSource(tmpSource);
scanList->numberOfSources--;
}
}
if (scanList->numberOfSources == 0)
{
scanList->listHead = NULL;
}
}
/*
Add the connection information and return the
new number of connections for this host
*/
int NewScan(ScanList *scanList, Packet *p, ScanType scanType)
{
SourceInfo *currentSource = scanList->listHead;
DestinationInfo *currentDestination;
ConnectionInfo *currentConnection;
int matchFound = 0;
struct in_addr saddr;
struct in_addr daddr;
u_short sport;
u_short dport;
/* If list is empty, create the list and add this entry. */
if (!scanList->listHead)
{
scanList->listHead = NewSource(p, scanType);
scanList->numberOfSources = 1;
scanList->lastSource = scanList->listHead;
return(scanList->listHead->numberOfConnections);
}
ExtractHeaderInfo(p, &saddr, &daddr, &sport, &dport);
while (!matchFound)
{
if (currentSource->saddr.s_addr == saddr.s_addr)
{
currentDestination = currentSource->destinationsList;
if (currentSource->destinationsList == NULL)
{
currentSource->destinationsList = NewDestination(p, scanType);
currentSource->numberOfConnections++;
if (scanType == sUDP)
{
currentSource->numberOfUDPConnections++;
#ifdef DEBUG
printf(MODNAME": NewScan(): %s->numberOfUDPConnections++ (%d)\n",
inet_ntoa(currentSource->saddr), currentSource->numberOfUDPConnections);
#endif
}
else
{
currentSource->numberOfTCPConnections++;
#ifdef DEBUG
printf(MODNAME": NewScan(): %s->numberOfTCPConnections++ (%d)\n",
inet_ntoa(currentSource->saddr), currentSource->numberOfTCPConnections);
#endif
}
currentSource->numberOfDestinations++;
matchFound = 1;
}
currentDestination = currentSource->destinationsList;
while (!matchFound)
{
if (currentDestination->daddr.s_addr == daddr.s_addr)
{
currentConnection = currentDestination->connectionsList;
while (!matchFound)
{
/* There should be error checking for currentConnection == NULL, but that
should never happen.
*/
if (currentConnection == NULL)
FatalError(MODNAME": currentConnection is NULL!!!??\n");
if ((currentConnection->dport == dport) && (currentConnection->scanType == scanType))
{
/* If the same exact connection already exists, just update the timestamp. */
currentConnection->timestamp.tv_sec = p->pkth->ts.tv_sec;
currentConnection->timestamp.tv_usec = p->pkth->ts.tv_usec;
currentConnection->sport = sport;
matchFound = 1;
}
else
{
/* If not at end of list, keep going, otherwise create a node. */
if (!currentConnection->nextNode)
{
currentConnection = AddConnection(currentConnection, p, scanType);
currentSource->numberOfConnections++;
if (scanType == sUDP)
{
currentSource->numberOfUDPConnections++;
#ifdef DEBUG
printf(MODNAME": NewScan(): %s->numberOfUDPConnections++ (%d)\n",
inet_ntoa(currentSource->saddr), currentSource->numberOfUDPConnections);
#endif
}
else
{
currentSource->numberOfTCPConnections++;
#ifdef DEBUG
printf(MODNAME": NewScan(): %s->numberOfTCPConnections++ (%d)\n",
inet_ntoa(currentSource->saddr), currentSource->numberOfTCPConnections);
#endif
}
currentDestination->numberOfConnections++;
matchFound = 1;
}
else currentConnection = currentConnection->nextNode;
}
}
}
else
{
if (!currentDestination->nextNode)
{
currentDestination = AddDestination(currentDestination, p, scanType);
currentSource->numberOfConnections++;
if (scanType == sUDP)
{
currentSource->numberOfUDPConnections++;
#ifdef DEBUG
printf(MODNAME": NewScan(): %s->numberOfUDPConnections++ (%d)\n",
inet_ntoa(currentSource->saddr), currentSource->numberOfUDPConnections);
#endif
}
else
{
currentSource->numberOfTCPConnections++;
#ifdef DEBUG
printf(MODNAME": NewScan(): %s->numberOfTCPConnections++ (%d)\n",
inet_ntoa(currentSource->saddr), currentSource->numberOfTCPConnections);
#endif
}
currentSource->numberOfDestinations++;
currentSource->totalNumberOfDestinations++;
matchFound = 1;
}
else currentDestination = currentDestination->nextNode;
}
}
}
else
{
if (!currentSource->nextNode)
{
currentSource = AddSource(currentSource, p, scanType);
currentSource->numberOfConnections = 1;
if (scanType == sUDP)
{
currentSource->numberOfUDPConnections = 1;
#ifdef DEBUG
printf(MODNAME": NewScan(): %s->numberOfUDPConnections = 1 \n", inet_ntoa(currentSource->saddr));
#endif
}
else
{
currentSource->numberOfTCPConnections = 1;
#ifdef DEBUG
printf(MODNAME": NewScan(): %s->numberOfTCPConnections = 1\n", inet_ntoa(currentSource->saddr));
#endif
}
scanList->numberOfSources++;
matchFound = 1;
}
else currentSource = currentSource->nextNode;
}
}
scanList->lastSource = currentSource;
return(currentSource->numberOfConnections);
}
ScanList* CreateScanList(void)
{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -