📄 ftpp_si.c
字号:
} if (p->stream_session_ptr) { /* Set the free function pointer to NULL, * since this is a static one */ _dpd.streamAPI->set_application_data(p->stream_session_ptr, PP_TELNET, TelnetSession, NULL); } else { /* Uh, can't create the session info */ return FTPP_NONFATAL_ERR; } } SiInput->pproto = FTPP_SI_PROTO_TELNET; return FTPP_SUCCESS;}/* * Function: FTPGetPacketDir(Packet *p) * * Purpose: Attempts to determine the direction of an FTP packet by * examining the first 3 bytes. If all three are numeric, * the packet is a server response packet. * * Arguments: p => pointer to the Packet * * Returns: int => return code indicating the mode * */static int FTPGetPacketDir(SFSnortPacket *p){ if (p->payload_size >= 3) { if (isdigit(p->payload[0]) && isdigit(p->payload[1]) && isdigit(p->payload[2]) ) { return FTPP_SI_SERVER_MODE; } else { return FTPP_SI_CLIENT_MODE; } } return FTPP_SI_NO_MODE;}/* * Function: FTPInitConf(Packet *p, FTPTELNET_GLOBAL_CONF *GlobalConf, * FTP_CLIENT_PROTO_CONF **ClientConf, * FTP_SERVER_PROTO_CONF **ServerConf, * FTPP_SI_INPUT *SiInput, int *piInspectMode) * * Purpose: When a session is initialized, we must select the appropriate * server configuration and select the type of inspection based * on the source and destination ports. * * IMPORTANT NOTE: * We should check to make sure that there are some unique configurations, * otherwise we can just default to the global default and work some magic * that way. * * Arguments: p => pointer to the Packet/Session * GlobalConf => pointer to the global configuration * ClientConf => pointer to the address of the client * config so we can set it. * ServerConf => pointer to the address of the server * config so we can set it. * SiInput => pointer to the packet info * piInspectMode => pointer so we can set the inspection mode * * Returns: int => return code indicating error or success * */static int FTPInitConf(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, FTP_CLIENT_PROTO_CONF **ClientConf, FTP_SERVER_PROTO_CONF **ServerConf, FTPP_SI_INPUT *SiInput, int *piInspectMode){ FTP_CLIENT_PROTO_CONF *ClientConfSip; FTP_CLIENT_PROTO_CONF *ClientConfDip; FTP_SERVER_PROTO_CONF *ServerConfSip; FTP_SERVER_PROTO_CONF *ServerConfDip; int iServerSip; int iServerDip; int iErr = 0; int iRet = FTPP_SUCCESS; /* * We find the client configurations for both the source and dest IPs. * There should be a check on the global configuration to see if there * is at least one unique client configuration. If there isn't then we * assume the global client configuration. */ ClientConfDip = ftpp_ui_client_lookup_find(GlobalConf->client_lookup, SiInput->dip, &iErr); if(!ClientConfDip) { ClientConfDip = &GlobalConf->global_ftp_client; } ClientConfSip = ftpp_ui_client_lookup_find(GlobalConf->client_lookup, SiInput->sip, &iErr); if(!ClientConfSip) { ClientConfSip = &GlobalConf->global_ftp_client; } /* * Now, we find the server configurations for both the source and dest IPs. * There should be a check on the global configuration to see if there * is at least one unique client configuration. If there isn't then we * assume the global client configuration. */ ServerConfDip = ftpp_ui_server_lookup_find(GlobalConf->server_lookup, SiInput->dip, &iErr); if(!ServerConfDip) { ServerConfDip = &GlobalConf->global_ftp_server; } ServerConfSip = ftpp_ui_server_lookup_find(GlobalConf->server_lookup, SiInput->sip, &iErr); if(!ServerConfSip) { ServerConfSip = &GlobalConf->global_ftp_server; } /* * We check the IP and the port to see if the FTP client is talking in * the session. This should tell us whether it is client communication * or server configuration. If both IPs and ports are servers, then there * is a sort of problem. We don't know which side is the client and which * side is the server so we have to assume one. * * In stateful processing, we only do this stage on the startup of a * session, so we can still assume that the initial packet is the client * talking. */ iServerDip = PortMatch((PROTO_CONF*)ServerConfDip, SiInput->dport); iServerSip = PortMatch((PROTO_CONF*)ServerConfSip, SiInput->sport); /* * We default to the no FTP traffic case */ *piInspectMode = FTPP_SI_NO_MODE; *ClientConf = NULL; *ServerConf = NULL; /* * Depending on the type of packet direction we get from the * state machine, we evaluate client/server differently. */ switch(SiInput->pdir) { case FTPP_SI_NO_MODE: /* * We check for the case where both SIP and DIP * appear to be servers. In this case, we assume server * and process that way. */ if(iServerSip && iServerDip) { /* * We check for the case where both SIP and DIP * appear to be servers. In this case, we look at * the first few bytes of the packet to try to * determine direction -- 3 digits indicate server * response. */ /* look at the first few bytes of the packet. We might * be wrong if this is a reassembled packet and we catch * a server response mid-stream. */ *piInspectMode = FTPGetPacketDir(p); if (*piInspectMode == FTPP_SI_SERVER_MODE) { /* Packet is from server --> src is Server */ *ClientConf = ClientConfDip; *ServerConf = ServerConfSip; } else /* Assume client */ { /* Packet is from client --> dest is Server */ *piInspectMode = FTPP_SI_CLIENT_MODE; *ClientConf = ClientConfSip; *ServerConf = ServerConfDip; } SiInput->pproto = FTPP_SI_PROTO_FTP; } else if(iServerDip) { /* Packet is from client --> dest is Server */ *piInspectMode = FTPP_SI_CLIENT_MODE; *ClientConf = ClientConfSip; *ServerConf = ServerConfDip; SiInput->pproto = FTPP_SI_PROTO_FTP; } else if(iServerSip) { /* Packet is from server --> src is Server */ *piInspectMode = FTPP_SI_SERVER_MODE; *ClientConf = ClientConfDip; *ServerConf = ServerConfSip; SiInput->pproto = FTPP_SI_PROTO_FTP; } break; case FTPP_SI_CLIENT_MODE: /* Packet is from client --> dest is Server */ if(iServerDip) { *piInspectMode = FTPP_SI_CLIENT_MODE; *ClientConf = ClientConfSip; *ServerConf = ServerConfDip; SiInput->pproto = FTPP_SI_PROTO_FTP; } else { *piInspectMode = FTPP_SI_NO_MODE; iRet = FTPP_NONFATAL_ERR; } break; case FTPP_SI_SERVER_MODE: /* Packet is from server --> src is Server */ if(iServerSip) { *piInspectMode = FTPP_SI_SERVER_MODE; *ClientConf = ClientConfDip; *ServerConf = ServerConfSip; SiInput->pproto = FTPP_SI_PROTO_FTP; } else { *piInspectMode = FTPP_SI_NO_MODE; iRet = FTPP_NONFATAL_ERR; } break; default: *piInspectMode = FTPP_SI_NO_MODE; *ClientConf = NULL; *ServerConf = NULL; break; } return iRet;}#ifdef MAINTAIN_DIR_STATE/* * Function: FTPFreeDirectory(FTP_DIR_NODE *directory) * * Purpose: This function frees the memory associated with a FTP Directory * * Arugments: directory => pointer to the directory node to free * * Returns: None * */void FTPFreeDirectory(FTP_DIR_NODE *directory){ if (directory == NULL) return; if (directory->name) free(directory->name); if (directory->next) { FTPFreeDirectory(directory->next); directory->next = NULL; } free(directory);}#endif/* * Function: FTPFreeSession(void *preproc_session) * * Purpose: This function frees the data that is associated with a session. * * Arguments: preproc_session => pointer to the session to free * * Returns: None */static void FTPFreeSession(void *preproc_session){ FTP_SESSION *FtpSession = preproc_session; if (FtpSession) {#ifdef MAINTAIN_USER_STATE if (FtpSession->user) free(FtpSession->user);#endif#ifdef MAINTAIN_DIR_STATE if (FtpSession->head_directory) FTPFreeDirectory(FtpSession->head_directory); if (FtpSession->dir_adjust) free(FtpSession->dir_adjust);#endif free(FtpSession); }}/* * Function: FTPResetSession(FTP_SESSION *FtpSession, int first) * * Purpose: This function resets all the variables that need to be * initialized for a new Session. I've tried to keep this to * a minimum, so we don't have to worry about initializing big * structures. * ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -