sp_react.c

Linux snort-2.4.4源代码

        FatalError("%s(%d): missing react basic modifier\n", file_name, file_line);
    else
    {
        /* prepare the html response data */
        buf_size = 0;
        if(idx->reaction_flag == REACT_BLOCK)
        {
            /* count the respond buf size (max TCP_DATA_BUF) */
            buf_size = strlen(tmp_buf1) + strlen(tmp_buf2) + strlen(tmp_buf3)
                       + strlen(VERSION);

            if(buf_size > TCP_DATA_BUF)
            {
                FatalError("%s(%d): invalid html response buffer size: %d\n", file_name, file_line, buf_size);
            }
            else
            {
                /* msg included */
                if((idx->html_resp_size == 1) && (buf_size + 
                            strlen(otn->sigInfo.message) < TCP_DATA_BUF))
                {
                    buf_size += strlen(otn->sigInfo.message);
                }

                /* create html response buffer */
                if((idx->html_resp_buf=(char *)malloc(sizeof(char)*buf_size))==NULL)
                {
                    FatalError("ParseReact() html_resp_buf malloc filed!\n");
                }
                bzero((char *)idx->html_resp_buf, buf_size);
                tok = strcat(idx->html_resp_buf, tmp_buf1);
                tok = strcat(idx->html_resp_buf, VERSION);
                tok = strcat(idx->html_resp_buf, tmp_buf2);      
                if(idx->html_resp_size == 1)
                {
                    tok = strcat(idx->html_resp_buf, otn->sigInfo.message);     
                }
                tok = strcat(idx->html_resp_buf, tmp_buf3);      
            }
        }
        else if(idx->reaction_flag == REACT_WARN)
        {
            /* count the respond buf size (max TCP_DATA_BUF) */
            buf_size = strlen(tmp_buf4) + strlen(tmp_buf5) + strlen(tmp_buf6)
                       + strlen(VERSION);

            if(buf_size > TCP_DATA_BUF)
            {
                FatalError("%s(%d): invalid html response buffer size: %d\n",
                           file_name, file_line, buf_size);
            }
            else
            {
                /* msg included */
                if((idx->html_resp_size == 1) && (buf_size + 
                            strlen(otn->sigInfo.message) < TCP_DATA_BUF))
                {
                    buf_size += strlen(otn->sigInfo.message);
                }

                /* create html response buffer */
                if((idx->html_resp_buf=(char *)malloc(sizeof(char)*buf_size))==NULL)
                {
                    FatalError("ParseReact() html_resp_buf malloc filed!\n");
                }
                bzero((char *)idx->html_resp_buf, buf_size);
                tok = strcat(idx->html_resp_buf, tmp_buf4);
                tok = strcat(idx->html_resp_buf, VERSION);
                tok = strcat(idx->html_resp_buf, tmp_buf5);      
                if(idx->html_resp_size == 1)
                {
                    tok = strcat(idx->html_resp_buf, otn->sigInfo.message);     
                }
                tok = strcat(idx->html_resp_buf, tmp_buf6);      
            }
        }

        /* set the html response buffer size */
        idx->html_resp_size = buf_size;
    }

    return;
}



/****************************************************************************
 *
 * Function: React(Packet *p, OptTreeNode *otn_tmp)
 *
 * Purpose: React to hostile connection attempts according to reaction_flag
 *
 * Arguments: p => pointer to the current packet
 *	      otn => pointer to the current rule option list node
 *
 * Returns: Always calls the next function (this one doesn't test the data,
 *          it just closes the connection...)
 *
 ***************************************************************************/
int React(Packet *p,  RspFpList *fp_list)
{
    ReactData *idx;
    int i;

    DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"In React()\n"););

    idx = (ReactData *)fp_list->params;

    if(idx == NULL)
    {
        DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Nothing to do ... leaving"););
        return 1;
    }

    /* check the reaction flag */
    if(idx->reaction_flag == REACT_BLOCK)
    {
        /* send HTML page buffer to a rude browser user and close the connection */
        /* incoming */
        if((ntohs(p->tcph->th_sport)) == 80 || (ntohs(p->tcph->th_sport)) == idx->proxy_port_nr)
        {
            for(i = 0; i < 5; i++)
            {
                SendTCP(p->iph->ip_src.s_addr, p->iph->ip_dst.s_addr,
                        p->tcph->th_sport, p->tcph->th_dport,
                        p->tcph->th_seq, htonl(ntohl(p->tcph->th_ack) + i),
                        TH_FIN, idx->html_resp_buf, idx->html_resp_size);
            }
            for(i = 0; i < 5; i++)
            {
                SendTCP(p->iph->ip_dst.s_addr, p->iph->ip_src.s_addr,
                        p->tcph->th_dport, p->tcph->th_sport,
                        p->tcph->th_ack, htonl(ntohl(p->tcph->th_seq) + i),
                        TH_RST, idx->html_resp_buf, 0);
            }
        }
        /* outgoing */
        else if(ntohs(p->tcph->th_dport) == 80 || (ntohs(p->tcph->th_dport)) == idx->proxy_port_nr)
        {
            for(i = 0; i < 5; i++)
            {
                SendTCP(p->iph->ip_dst.s_addr, p->iph->ip_src.s_addr,
                        p->tcph->th_dport, p->tcph->th_sport,
                        p->tcph->th_ack, htonl(ntohl(p->tcph->th_seq) + i),
                        TH_FIN, idx->html_resp_buf, idx->html_resp_size);
                SendTCP(p->iph->ip_src.s_addr, p->iph->ip_dst.s_addr,
                        p->tcph->th_sport, p->tcph->th_dport,
                        p->tcph->th_seq, htonl(ntohl(p->tcph->th_ack) + i),
                        TH_RST, idx->html_resp_buf, 0);
            }
        }
        else
        /* reset the connection */
        {
            for(i = 0; i < 5; i++)
            {
                SendTCP(p->iph->ip_dst.s_addr, p->iph->ip_src.s_addr,
                        p->tcph->th_dport, p->tcph->th_sport,
                        p->tcph->th_ack, htonl(ntohl(p->tcph->th_seq) + i),
                        TH_RST, idx->html_resp_buf, 0);
                SendTCP(p->iph->ip_src.s_addr, p->iph->ip_dst.s_addr,
                        p->tcph->th_sport, p->tcph->th_dport,
                        p->tcph->th_seq, htonl(ntohl(p->tcph->th_ack) + i),
                        TH_RST, idx->html_resp_buf, 0);
            }
        }
    }
    else if(idx->reaction_flag == REACT_WARN)
    { 
        /* send HTML warning page buffer to a rude browser user */
        /* incoming */
        if((ntohs(p->tcph->th_sport)) == 80 || (ntohs(p->tcph->th_sport)) == idx->proxy_port_nr)
        {
            for(i = 0; i < 5; i++)
            {
                SendTCP(p->iph->ip_src.s_addr, p->iph->ip_dst.s_addr,
                        p->tcph->th_sport, p->tcph->th_dport,
                        p->tcph->th_seq, p->tcph->th_ack + i,
                        TH_URG, idx->html_resp_buf, idx->html_resp_size);
            }
        }
        /* outgoing */
        else if(ntohs(p->tcph->th_dport) == 80 || (ntohs(p->tcph->th_dport)) == idx->proxy_port_nr)
        {
            for(i = 0; i < 5; i++)
            {
                SendTCP(p->iph->ip_dst.s_addr, p->iph->ip_src.s_addr,
                        p->tcph->th_dport, p->tcph->th_sport,
                        p->tcph->th_ack, p->tcph->th_seq + i,
                        TH_URG, idx->html_resp_buf, idx->html_resp_size);
            }
        }
    }
    return 1;
}    




int SendTCP(u_long saddr, u_long daddr, u_short sport, u_short dport, int seq,
            int ack, u_char bits, const u_char *data_buf, int data_size)
{
    u_char *buf;
    int sz = data_size + IP_H + TCP_H;

    DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"In SendTCP()\n"););

    if((buf = malloc(sz)) == NULL)
    {
        perror("SendTCPRST: malloc");
        return -1;
    }

    memset(buf, 0, sz);

    libnet_build_ip( TCP_H                             /* Length of packet data */
                   , 0xF4                              /* IP tos */
                   , (u_short) libnet_get_prand(PRu16) /* IP ID */
                   , 0                                 /* Fragmentation flags and offset */
                   , 64                                /* TTL */
                   , IPPROTO_TCP                       /* Protocol */
                   , saddr                             /* Source IP Address */
                   , daddr                             /* Destination IP Address */
                   , NULL                              /* Pointer to packet data (or NULL) */
                   , 0                                 /* Packet payload size */
                   , buf                               /* Pointer to packet header memory */
                   );

    
    libnet_build_tcp( ntohs(sport)  /* Source port */
                    , ntohs(dport)  /* Destination port */
                    , ntohl(seq)    /* Sequence Number */
                    , ntohl(ack)    /* Acknowledgement Number */
                    , bits          /* Control bits */
                    , 1024          /* Advertised Window Size */
                    , 0             /* Urgent Pointer */
                    , data_buf      /* Pointer to packet data (or NULL) */
                    , data_size     /* Packet payload size */
                    , buf + IP_H    /* Pointer to packet header memory */
                    );
    
    libnet_do_checksum(buf, IPPROTO_TCP, sz - IP_H);
    
    if(libnet_write_ip(nd, buf, sz) < sz)
    {
        libnet_error(LIBNET_ERR_CRITICAL, "SendTCP: libnet_write_ip\n");
        return -1;
    }

    libnet_destroy_packet(&buf);

    return 0;

}

#endif