📄 spp_stream4.c
字号:
LogMessage("WARNING %s(%d) => Bad suspend_period in config file, " "defaulting to %d seconds\n", file_name, file_line, SUSPEND_PERIOD); s4data.suspend_period = SUSPEND_PERIOD; } } else if(!strcasecmp(stoks[0], "enforce_state")) { s4data.enforce_state = 1; } else if(!strcasecmp(stoks[0], "midstream_drop_alerts")) { s4data.ms_inline_alerts = 1; } else if(!strcasecmp(stoks[0], "state_protection")) { s4data.state_protection = 1; } else if(!strcasecmp(stoks[0], "server_inspect_limit")) { if(isdigit((int)stoks[1][0])) { s4data.server_inspect_limit = atoi(stoks[1]); } else { FatalError("WARNING %s(%d) => Bad server_inspect_limit in " "config file\n", file_name, file_line); } } else { FatalError("%s(%d) => Unknown stream4: option: %s\n", file_name, file_line, stoks[0]); } mSplitFree(&stoks, s_toks); i++; } mSplitFree(&toks, num_toks); DisplayStream4Config();}void Stream4InitReassembler(u_char *args){ char buf[STD_BUF+1]; char **toks; char **stoks; int num_toks = 0; int num_args; int i; int j = 0; char *index; char *value; if(s4data.stream4_active == 0) { FatalError("Please activate stream4 before trying to " "activate stream4_reassemble\n"); } s4data.reassembly_alerts = 1; s4data.reassemble_client = 1; s4data.reassemble_server = 0; s4data.flush_on_alert = 0; s4data.assemble_ports[21] = 1; s4data.assemble_ports[23] = 1; s4data.assemble_ports[25] = 1; s4data.assemble_ports[42] = 1; s4data.assemble_ports[53] = 1; s4data.assemble_ports[80] = 1; s4data.assemble_ports[110] = 1; s4data.assemble_ports[111] = 1; s4data.assemble_ports[135] = 1; s4data.assemble_ports[136] = 1; s4data.assemble_ports[137] = 1; s4data.assemble_ports[139] = 1; s4data.assemble_ports[143] = 1; s4data.assemble_ports[445] = 1; s4data.assemble_ports[513] = 1; s4data.assemble_ports[1433] = 1; s4data.assemble_ports[1521] = 1; s4data.assemble_ports[3306] = 1; s4data.reassy_method = METHOD_FAVOR_OLD; /* setup for self preservaton... */ s4data.emergency_ports[21] = 1; s4data.emergency_ports[23] = 1; s4data.emergency_ports[25] = 1; s4data.emergency_ports[42] = 1; s4data.emergency_ports[53] = 1; s4data.emergency_ports[80] = 1; s4data.emergency_ports[110] = 1; s4data.emergency_ports[111] = 1; s4data.emergency_ports[135] = 1; s4data.emergency_ports[136] = 1; s4data.emergency_ports[137] = 1; s4data.emergency_ports[139] = 1; s4data.emergency_ports[143] = 1; s4data.emergency_ports[445] = 1; s4data.emergency_ports[513] = 1; s4data.emergency_ports[1433] = 1; s4data.emergency_ports[1521] = 1; s4data.emergency_ports[3306] = 1; if (args != NULL) { toks = mSplit(args, ",", 12, &num_toks, 0); } i=0; while(i < num_toks) { index = toks[i]; while(isspace((int)*index)) index++; if(!strncasecmp(index, "clientonly", 10)) { s4data.reassemble_client = 1; s4data.reassemble_server = 0; } else if(!strncasecmp(index, "serveronly", 10)) { s4data.reassemble_server = 1; s4data.reassemble_client = 0; } else if(!strncasecmp(index, "both", 4)) { s4data.reassemble_client = 1; s4data.reassemble_server = 1; } else if(!strncasecmp(index, "noalerts", 8)) { s4data.reassembly_alerts = 0; } else if(!strncasecmp(index, "favor_old", 9)) { s4data.reassy_method = METHOD_FAVOR_OLD; } else if(!strncasecmp(index, "favor_new", 9)) { s4data.reassy_method = METHOD_FAVOR_NEW; } else if(!strncasecmp(index, "flush_on_alert", 9)) { s4data.flush_on_alert = 1; } else if(!strncasecmp(index, "overlap_limit", 9)) { stoks = mSplit(index, " ", 2, &num_args, 0); value = stoks[1]; if((num_args == 2) && (isdigit((int)value[0]))) { s4data.overlap_limit = atoi(value); } else { FatalError("%s(%d) => Bad overlap_limit value in " "config file\n", file_name, file_line); } mSplitFree(&stoks, num_args); } else if(!strncasecmp(index, "flush_behavior", 14)) { stoks = mSplit(index, " ", 2, &num_args, 0); value = stoks[1]; if(num_args != 2) { FatalError("%s(%d) => Bad flush_behavior value in " "config file\n", file_name, file_line); } if (!strncasecmp(value, "default", 7)) { s4data.flush_behavior = FLUSH_BEHAVIOR_DEFAULT; } else if (!strncasecmp(value, "random", 6)) { s4data.flush_behavior = FLUSH_BEHAVIOR_RANDOM; } else if (!strncasecmp(value, "large_window", 12)) { s4data.flush_behavior = FLUSH_BEHAVIOR_LARGE; } else { FatalError("%s(%d) => Invalid flush_behavior value (%s) in " "config file\n", file_name, file_line, value); } mSplitFree(&stoks, num_args); } else if(!strncasecmp(index, "flush_seed", 10)) { stoks = mSplit(index, " ", 2, &num_args, 0); value = stoks[1]; if((num_args == 2) && (isdigit((int)value[0]))) { s4data.flush_seed = atoi(value) + time(NULL); } else { FatalError("%s(%d) => Unsupported flush_seed value in " "config file\n", file_name, file_line); } mSplitFree(&stoks, num_args); } else if(!strncasecmp(index, "flush_base", 10)) { stoks = mSplit(index, " ", 2, &num_args, 0); value = stoks[1]; if((num_args == 2) && (isdigit((int)value[0]))) { s4data.flush_base = atoi(value); } else { FatalError("%s(%d) => Bad flush_base value in " "config file\n", file_name, file_line); } mSplitFree(&stoks, num_args); if((s4data.flush_base < 1) || (s4data.flush_base > 32768)) { FatalError("%s(%d) => Unsupported flush_base value (%d bytes) in " "config file\n", file_name, file_line, s4data.flush_base); } } else if(!strncasecmp(index, "flush_range", 11)) { stoks = mSplit(index, " ", 2, &num_args, 0); value = stoks[1]; if((num_args == 2) && (isdigit((int)value[0]))) { s4data.flush_range = atoi(value); } else { FatalError("%s(%d) => Bad flush_range in config file\n", file_name, file_line); } mSplitFree(&stoks, num_args); if((s4data.flush_range < 512) || (s4data.flush_range > 32767)) { FatalError("%s(%d) => Unsupported flush_range value " "(%d bytes) in config file\n", file_name, file_line, s4data.flush_range); } } else if(!strncasecmp(index, "ports", 5)) { char **ports; int num_ports; char *port; int j = 0; u_int32_t portnum; for(j = 0;j<65535;j++) { s4data.assemble_ports[j] = 0; } ports = mSplit(index, " ", 40, &num_ports, 0); j = 1; while(j < num_ports) { port = ports[j]; if(isdigit((int)port[0])) { portnum = atoi(port); if(portnum > 65535) { FatalError("%s(%d) => Bad port list to " "reassembler\n", file_name, file_line); } s4data.assemble_ports[portnum] = 1; } else if(!strncasecmp(port, "all", 3)) { memset(&s4data.assemble_ports, 1, 65536); } else if(!strncasecmp(port, "default", 7)) { s4data.assemble_ports[21] = 1; s4data.assemble_ports[23] = 1; s4data.assemble_ports[25] = 1; s4data.assemble_ports[42] = 1; s4data.assemble_ports[53] = 1; s4data.assemble_ports[80] = 1; s4data.assemble_ports[110] = 1; s4data.assemble_ports[111] = 1; s4data.assemble_ports[135] = 1; s4data.assemble_ports[136] = 1; s4data.assemble_ports[137] = 1; s4data.assemble_ports[139] = 1; s4data.assemble_ports[143] = 1; s4data.assemble_ports[445] = 1; s4data.assemble_ports[513] = 1; s4data.assemble_ports[1433] = 1; s4data.assemble_ports[1521] = 1; s4data.assemble_ports[3306] = 1; } j++; } mSplitFree(&ports, num_ports); } else if(!strncasecmp(index, "emergency_ports", 15)) { char **ports; int num_ports; char *port; int j = 0; u_int32_t portnum; for(j = 0;j<65535;j++) { s4data.emergency_ports[j] = 0; } ports = mSplit(args, " ", 40, &num_ports, 0); j = 0; while(j < num_ports) { port = ports[j]; if(isdigit((int)port[0])) { portnum = atoi(port); if(portnum > 65535) { FatalError("%s(%d) => Bad port list to " "reassembler\n", file_name, file_line); } s4data.emergency_ports[portnum] = 1; } else if(!strncasecmp(port, "all", 3)) { memset(&s4data.emergency_ports, 1, 65536); } else if(!strncasecmp(port, "default", 7)) { s4data.emergency_ports[21] = 1; s4data.emergency_ports[23] = 1; s4data.emergency_ports[25] = 1; s4data.emergency_ports[42] = 1; s4data.emergency_ports[53] = 1; s4data.emergency_ports[80] = 1; s4data.emergency_ports[110] = 1; s4data.emergency_ports[111] = 1; s4data.emergency_ports[135] = 1; s4data.emergency_ports[136] = 1; s4data.emergency_ports[137] = 1; s4data.emergency_ports[139] = 1; s4data.emergency_ports[143] = 1; s4data.emergency_ports[445] = 1; s4data.emergency_ports[513] = 1; s4data.emergency_ports[1433] = 1; s4data.emergency_ports[1521] = 1; s4data.emergency_ports[3306] = 1; } j++; } mSplitFree(&ports, num_ports); } else if(!strcasecmp(index, "zero_flushed_packets")) { s4data.zero_flushed_packets = 1; } else if(!strncasecmp(index, "flush_data_diff_size", strlen("flush_data_diff_size"))) { /* using strncasecmp since it will be flush_data_diff_size <int> */ char *number_str; number_str = strrchr(index,' '); /* find the last ' ' */ if(number_str && *number_str != '\0') { number_str++; } if(number_str && *number_str != '\0' && (isdigit((int)*number_str))) { s4data.flush_data_diff_size = atoi(number_str); if(s4data.flush_data_diff_size < 0) { FatalError("%s(%d) => Bad flush_data_diff_size in " "config file\n", file_name, file_line); } }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -