📄 snort_stream5_udp.c
字号:
if (!udpssn) { /* Huh? */ return; } /* Cleanup the proto specific data */ mempool_free(&udp_session_mempool, ssn->proto_specific_data); ssn->proto_specific_data = NULL; s5stats.udp_sessions_released++; RemoveUDPSession(&sfPerf.sfBase);}void Stream5CleanUdp(){ /* Clean up hash table -- delete all sessions */ PurgeLWSessionCache(udp_lws_cache); mempool_destroy(&udp_session_mempool);}static int NewUdpSession(Packet *p, Stream5LWSession *ssn, Stream5UdpPolicy *s5UdpPolicy){ UdpSession *tmp; MemBucket *tmpBucket; /****************************************************************** * create new sessions *****************************************************************/ tmpBucket = mempool_alloc(&udp_session_mempool); tmp = tmpBucket->data; DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE, "Creating new session tracker!\n");); tmp->ssn_time.tv_sec = p->pkth->ts.tv_sec; tmp->ssn_time.tv_usec = p->pkth->ts.tv_usec; ssn->session_flags |= SSNFLAG_SEEN_SENDER; tmp->sender_ip = ssn->client_ip; tmp->sender_port = ssn->client_port; tmp->responder_ip = ssn->server_ip; tmp->responder_port = ssn->server_port; DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE, "adding UdpSession to lightweight session\n");); ssn->proto_specific_data = tmpBucket; ssn->protocol = p->iph->ip_proto; ssn->direction = FROM_SENDER; tmp->lwSsn = ssn;#ifdef DEBUG_STREAM5 PrintUdpSession(tmp);#endif Stream5SetExpire(p, ssn, UDP_TIMEOUT); s5stats.udp_sessions_created++; AddUDPSession(&sfPerf.sfBase); return 1;}/* * Main entry point for UDP */int Stream5ProcessUdp(Packet *p){ Stream5UdpPolicy *s5UdpPolicy = NULL; SessionKey skey; Stream5LWSession *ssn = NULL; int policyIndex; char action; DEBUG_WRAP( DebugMessage((DEBUG_STREAM|DEBUG_STREAM_STATE), "Got UDP Packet 0x%X:%d -> 0x%X:%d\n " "dsize: %lu\n" "active sessions: %lu\n", p->iph->ip_src.s_addr, p->sp, p->iph->ip_dst.s_addr, p->dp, p->dsize, sfxhash_count(udp_lws_cache->hashTable)); ); /* Find an Udp policy for this packet */ for (policyIndex = 0; policyIndex < numUdpPolicies; policyIndex++) { s5UdpPolicy = udpPolicyList[policyIndex]; /* * Does this policy handle packets to this IP address? */ if(IpAddrSetContains(s5UdpPolicy->bound_addrs, p->iph->ip_dst)) { DEBUG_WRAP(DebugMessage(DEBUG_STREAM, "[Stream5] Found udp policy in IpAddrSet\n");); break; } else { s5UdpPolicy = NULL; } } if (!s5UdpPolicy) { DEBUG_WRAP(DebugMessage(DEBUG_STREAM, "[Stream5] Could not find Udp Policy context " "for IP %s\n", inet_ntoa(p->iph->ip_dst));); return 0; } action = udp_ports[p->sp] | udp_ports[p->dp]; if (!(action & UDP_SESSION)) { if (!(action & UDP_INSPECT) && (s5UdpPolicy->flags & STREAM5_CONFIG_IGNORE_ANY)) { /* Ignore this UDP packet entirely */ DisableDetect(p); SetPreprocBit(p, PP_SFPORTSCAN); SetPreprocBit(p, PP_PERFMONITOR); //otn_tmp = NULL; } return 0; } /* UDP Sessions required */ if ((ssn = GetLWSession(udp_lws_cache, p, &skey)) == NULL) { /* Create a new session, mark SENDER seen */ ssn = NewLWSession(udp_lws_cache, p, &skey); s5stats.total_udp_sessions++; } else { DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE, "Stream5: Retrieved existing session object.\n");); } if (!ssn) { LogMessage("Stream5: Failed to retrieve session object. Out of memory?\n"); return -1; } p->ssnptr = ssn; /* * Check if the session is expired. * Should be done before we do something with the packet... * ie, Insert a packet, or handle state change SYN, FIN, RST, etc. */ if ((ssn->session_flags & STREAM5_STATE_TIMEDOUT) || Stream5Expire(p, ssn)) { /* Session is timed out */ DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE, "Stream5 UDP session timedout!\n");); } else { ProcessUdp(ssn, p, s5UdpPolicy); DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE, "Finished Stream5 UDP cleanly!\n" "---------------------------------------------------\n");); } MarkupPacketFlags(p, ssn); return 0;}static int ProcessUdp(Stream5LWSession *lwssn, Packet *p, Stream5UdpPolicy *s5UdpPolicy){ char ignore = 0; UdpSession *udpssn = (UdpSession *)lwssn->proto_specific_data; DEBUG_WRAP( char *t = NULL; char *l = NULL; ); if (lwssn->protocol != IPPROTO_UDP) { DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE, "Lightweight session not UDP on UDP packet\n");); return ACTION_NOTHING; } if (lwssn->session_flags & (STREAM5_STATE_DROP_CLIENT|STREAM5_STATE_DROP_SERVER)) { /* Got a packet on a session that was dropped (by a rule). */ /* TODO: Send reset to other side if not already done for inline mode */ //if (!(ssn->session_flags & STREAM5_STATE_SERVER_RESET) //{ // Send Server Reset // ssn->session_flags |= STREAM5_STATE_SERVER_RESET; //} //if (!(ssn->session_flags & STREAM5_STATE_CLIENT_RESET) //{ // Send Client Reset // ssn->session_flags |= STREAM5_STATE_CLIENT_RESET; //} /* TODO: Drop this packet */ } if (udpssn == NULL) { lwssn->direction = FROM_SENDER; lwssn->client_ip = p->iph->ip_src.s_addr; lwssn->client_port = p->udph->uh_sport; lwssn->server_ip = p->iph->ip_dst.s_addr; lwssn->server_port = p->udph->uh_dport; lwssn->session_state |= STREAM5_STATE_SENDER_SEEN; NewUdpSession(p, lwssn, s5UdpPolicy); udpssn = (UdpSession *)lwssn->proto_specific_data; } /* figure out direction of this packet */ GetPacketDirection(p, lwssn); if (((p->packet_flags & PKT_FROM_SERVER) && lwssn->ignoreSessionServer) || ((p->packet_flags & PKT_FROM_CLIENT) && lwssn->ignoreSessionClient)) { Stream5DisableInspection(lwssn, p); DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE, "Stream5 Ignoring packet from %d. " "Session marked as ignore\n", p->packet_flags & PKT_FROM_CLIENT? "sender" : "responder");); return ACTION_NOTHING; } /* Check if the session is to be ignored */ ignore = CheckIgnoreChannel(p); if (ignore) { /* Check if we should ignore each directions... */ if (ignore & SSN_DIR_CLIENT) { lwssn->ignoreSessionServer = 1; } if (ignore & SSN_DIR_SERVER) { lwssn->ignoreSessionClient = 1; } DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE, "Stream5: Ignoring packet from %d. " "Marking session marked as ignore.\n", p->packet_flags & PKT_FROM_CLIENT? "sender" : "responder");); Stream5DisableInspection(lwssn, p); return ACTION_NOTHING; } /* if both seen, mark established */ if(p->packet_flags & PKT_FROM_SERVER) { DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE, "Stream5: Updating on packet from responder\n");); lwssn->session_flags |= SSNFLAG_SEEN_RESPONDER; DEBUG_WRAP( t = "Responder"; l = "Sender"); } else { DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE, "Stream5: Updating on packet from client\n");); /* if we got here we had to see the SYN already... */ lwssn->session_flags |= SSNFLAG_SEEN_SENDER; DEBUG_WRAP( t = "Sender"; l = "Responder"); } if (!(lwssn->session_flags & SSNFLAG_ESTABLISHED)) { if ((lwssn->session_flags & SSNFLAG_SEEN_SENDER) && (lwssn->session_flags & SSNFLAG_SEEN_RESPONDER)) { lwssn->session_flags |= SSNFLAG_ESTABLISHED; } } return ACTION_NOTHING;}void UdpUpdateDirection(Stream5LWSession *ssn, char dir, u_int32_t ip, u_int16_t port){ UdpSession *udpssn = (UdpSession *)ssn->proto_specific_data; u_int32_t tmpIp; u_int16_t tmpPort; if ((udpssn->sender_ip == ip) && (udpssn->sender_port == port)) { if ((dir == SSN_DIR_SENDER) && (ssn->direction == SSN_DIR_SENDER)) { /* Direction already set as SENDER */ return; } } else if ((udpssn->responder_ip == ip) && (udpssn->responder_port == port)) { if ((dir == SSN_DIR_RESPONDER) && (ssn->direction == SSN_DIR_RESPONDER)) { /* Direction already set as RESPONDER */ return; } } /* Swap them -- leave ssn->direction the same */ /* XXX: Gotta be a more efficient way to do this without the memcpy */ tmpIp = udpssn->sender_ip; tmpPort = udpssn->sender_port; udpssn->sender_ip = udpssn->responder_ip; udpssn->sender_port = udpssn->responder_port; udpssn->responder_ip = tmpIp; udpssn->responder_port = tmpPort;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -