📄 snort_stream5_udp.c
字号:
#include "debug.h"#include "detect.h"#include "plugbase.h"#include "mstring.h"#include "sfxhash.h"#include "util.h"#include "decode.h"#include "stream5_common.h"#include "stream_api.h"#include "snort_stream5_session.h"#include "stream_ignore.h"#include "plugin_enum.h"#include "rules.h"#include "snort.h"#include "dynamic-plugins/sp_dynamic.h"#include "profiler.h"#ifdef PERF_PROFILINGPreprocStats s5UdpPerfStats;#endif/* M A C R O S **************************************************//* actions */#define ACTION_NOTHING 0x00000000/* D A T A S T R U C T U R E S ***********************************/typedef struct _UdpSession{ Stream5LWSession *lwSsn; u_int32_t sender_ip; u_int16_t sender_port; u_int32_t responder_ip; u_int16_t responder_port; struct timeval ssn_time; //u_int8_t c_ttl; //u_int8_t s_ttl; u_int32_t expire_time;} UdpSession;typedef struct _Stream5UdpPolicy{ u_int32_t session_timeout; u_int16_t flags; IpAddrSet *bound_addrs;} Stream5UdpPolicy;/* Mark specific ports as "to inspect" */#define UDP_INSPECT 0x01#define UDP_SESSION 0x02static u_int16_t udp_ports[65536];/* G L O B A L S **************************************************/static Stream5SessionCache *udp_lws_cache;static Stream5UdpPolicy **udpPolicyList = NULL; /* List of Policies configured */static u_int8_t numUdpPolicies = 0;static MemPool udp_session_mempool;/* P R O T O T Y P E S ********************************************/static void Stream5ParseUdpArgs(u_char *, Stream5UdpPolicy *);static void Stream5PrintUdpConfig(Stream5UdpPolicy *);void UdpSessionCleanup(Stream5LWSession *ssn);static int ProcessUdp(Stream5LWSession *, Packet *, Stream5UdpPolicy *);void Stream5InitUdp(){ /* Now UDP */ if((udp_lws_cache == NULL) && s5_global_config.track_udp_sessions) { udp_lws_cache = InitLWSessionCache(s5_global_config.max_udp_sessions, 30, 5, 0, &UdpSessionCleanup); if(!udp_lws_cache) { LogMessage("Unable to init stream5 UDP session cache, no UDP " "stream inspection!\n"); s5_global_config.track_udp_sessions = 0; s5_global_config.max_udp_sessions = 0; return; } mempool_init(&udp_session_mempool, s5_global_config.max_udp_sessions, sizeof(UdpSession)); }}void Stream5UdpPolicyInit(u_char *args){ Stream5UdpPolicy *s5UdpPolicy; s5UdpPolicy = (Stream5UdpPolicy *) SnortAlloc(sizeof(Stream5UdpPolicy)); s5UdpPolicy->bound_addrs = (IpAddrSet *) SnortAlloc(sizeof(IpAddrSet)); Stream5ParseUdpArgs(args, s5UdpPolicy); /* Now add this context to the internal list */ if (udpPolicyList == NULL) { numUdpPolicies = 1; udpPolicyList = (Stream5UdpPolicy **)SnortAlloc(sizeof (Stream5UdpPolicy *) * numUdpPolicies); } else { Stream5UdpPolicy **tmpPolicyList = (Stream5UdpPolicy **)SnortAlloc(sizeof (Stream5UdpPolicy *) * (++numUdpPolicies)); memcpy(tmpPolicyList, udpPolicyList, sizeof(Stream5UdpPolicy *) * (numUdpPolicies-1)); free(udpPolicyList); udpPolicyList = tmpPolicyList; } udpPolicyList[numUdpPolicies-1] = s5UdpPolicy; Stream5PrintUdpConfig(s5UdpPolicy); return;}static void Stream5ParseUdpArgs(u_char *args, Stream5UdpPolicy *s5UdpPolicy){ char **toks; int num_toks; int i; char *index; char **stoks = NULL; int s_toks; char *endPtr; s5UdpPolicy->session_timeout = S5_DEFAULT_SSN_TIMEOUT; s5UdpPolicy->flags = 0; if(args != NULL && strlen(args) != 0) { toks = mSplit(args, ",", 6, &num_toks, 0); i=0; while(i < num_toks) { index = toks[i]; while(isspace((int)*index)) index++; stoks = mSplit(index, " ", 2, &s_toks, 0); if(!strcasecmp(stoks[0], "timeout")) { if(stoks[1]) { s5UdpPolicy->session_timeout = strtoul(stoks[1], &endPtr, 10); } if (!stoks[1] || (endPtr == &stoks[1][0])) { FatalError("%s(%d) => Invalid timeout in config file. Integer parameter required.\n", file_name, file_line); } } else if (!strcasecmp(stoks[0], "ignore_any_rules")) { s5UdpPolicy->flags |= STREAM5_CONFIG_IGNORE_ANY; } else { FatalError("%s(%d) => Invalid Stream5 UDP Policy option\n", file_name, file_line); } mSplitFree(&stoks, s_toks); i++; } mSplitFree(&toks, num_toks); if(s5UdpPolicy->bound_addrs == NULL) { /* allocate and initializes the * IpAddrSet at the same time * set to "any" */ s5UdpPolicy->bound_addrs = (IpAddrSet *) SnortAlloc(sizeof(IpAddrSet)); } } return;}static void Stream5PrintUdpConfig(Stream5UdpPolicy *s5UdpPolicy){ LogMessage("Stream5 UDP Policy config:\n"); LogMessage(" Timeout: %d seconds\n", s5UdpPolicy->session_timeout); LogMessage(" Flags: 0x%X\n", s5UdpPolicy->flags); IpAddrSetPrint(" Bound Addresses:", s5UdpPolicy->bound_addrs);}int Stream5VerifyUdpConfig(){ int16_t sport, dport; RuleListNode *rule; RuleTreeNode *rtn; OptTreeNode *otn; extern RuleListNode *RuleLists; char inspectSrc, inspectDst; if (!udp_lws_cache) return -1; if (numUdpPolicies < 1) return -1; /* Post-process UDP rules to establish UDP ports to inspect. */ for (rule=RuleLists; rule; rule=rule->next) { if(!rule->RuleList) continue; /* ** Get UDP rules */ if(rule->RuleList->UdpList) { for(rtn = rule->RuleList->UdpList; rtn != NULL; rtn = rtn->right) { inspectSrc = inspectDst = 0; sport = (rtn->hsp == rtn->lsp) ? rtn->hsp : -1; if (rtn->flags & ANY_SRC_PORT) { sport = -1; } if (sport > 0 && rtn->not_sp_flag > 0 ) { sport = -1; } /* Set the source port to inspect */ if (sport != -1) { inspectSrc = 1; udp_ports[sport] |= UDP_INSPECT; } dport = (rtn->hdp == rtn->ldp) ? rtn->hdp : -1; if (rtn->flags & ANY_DST_PORT) { dport = -1; } if (dport > 0 && rtn->not_dp_flag > 0 ) { dport = -1; } /* Set the dest port to inspect */ if (dport != -1) { inspectDst = 1; udp_ports[dport] |= UDP_INSPECT; } if (inspectSrc || inspectDst) { /* Look for an OTN with flow or flowbits keyword */ for (otn = rtn->down; otn; otn = otn->next) { if (otn->ds_list[PLUGIN_CLIENTSERVER] || otn->ds_list[PLUGIN_FLOWBIT]) { if (inspectSrc) { udp_ports[sport] |= UDP_SESSION; } if (inspectDst) { udp_ports[dport] |= UDP_SESSION; } }#ifdef DYNAMIC_PLUGIN else if (DynamicHasFlow(otn) || DynamicHasFlowbit(otn)) { if (inspectSrc) { udp_ports[sport] |= UDP_SESSION; } if (inspectDst) { udp_ports[dport] |= UDP_SESSION; } }#endif } } } } } return 0;}#ifdef DEBUGstatic void PrintUdpSession(UdpSession *us){ LogMessage("UdpSession:\n"); LogMessage(" ssn_time: %lu\n", us->ssn_time.tv_sec); LogMessage(" sender IP: 0x%08X\n", us->sender_ip); LogMessage(" responder IP: 0x%08X\n", us->responder_ip); LogMessage(" sender port: %d\n", us->sender_port); LogMessage(" responder port: %d\n", us->responder_port); LogMessage(" flags: 0x%X\n", us->lwSsn->session_flags);}#endifStream5LWSession *GetLWUdpSession(SessionKey *key){ return GetLWSessionFromKey(udp_lws_cache, key);}void UdpSessionCleanup(Stream5LWSession *ssn){ UdpSession *udpssn = NULL; if (ssn->proto_specific_data) udpssn = (UdpSession *)ssn->proto_specific_data->data;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -