📄 snort_stream5_tcp.c
字号:
{ s5TcpPolicy->flags |= STREAM5_CONFIG_PERFORMANCE; if (s_toks > 1) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "check_session_hijacking")) { s5TcpPolicy->flags |= STREAM5_CONFIG_CHECK_SESSION_HIJACKING; if (s_toks > 1) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } } else if (!strcasecmp(stoks[0], "ports")) { if (s_toks > 1) { if(!strcasecmp(stoks[1], "client")) { reassembly_direction = SSN_DIR_CLIENT; } else if(!strcasecmp(stoks[1], "server")) { reassembly_direction = SSN_DIR_SERVER; } else { reassembly_direction = SSN_DIR_BOTH; } } if (s_toks > 2) { char **ptoks; int num_ptoks; int j; unsigned short port = 0; long long_port = 0; /* Initialize it if not already... */ InitFlushPointList(&s5TcpPolicy->flush_point_list, 192, 128, use_static); if (!strcasecmp(stoks[2], "all")) { for (j=0; j<MAX_PORTS; j++) { if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[j].client; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[j].server; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } } } else if (!strcasecmp(stoks[2], "none")) { for (j=0; j<MAX_PORTS; j++) { if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[j].client; flush_mgr->flush_policy = STREAM_FLPOLICY_IGNORE; } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[j].server; flush_mgr->flush_policy = STREAM_FLPOLICY_IGNORE; } } } else { ptoks = mSplit(stoks[2], " ", MAX_PORTS, &num_ptoks, 0); for (j=0;j<num_ptoks;j++) { if (ptoks[j]) { long_port = strtol(ptoks[j], &endPtr, 10); } if (!ptoks[j] || (endPtr == &ptoks[j][0])) { FatalError("%s(%d) => Invalid Port list. Integer parameter required.\n", file_name, file_line); } if ((long_port < 0) || (long_port > MAX_PORTS-1)) { FatalError("%s(%d) => Invalid port %d, must be between 0 and %d, inclusive\n", file_name, file_line, long_port, MAX_PORTS-1); } port = (unsigned short)long_port; if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[port].client; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[port].server; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } } mSplitFree(&ptoks, num_ptoks); } set_flush_policy = 1; } }#ifdef TARGET_BASED else if (!strcasecmp(stoks[0], "protocol")) { if (s_toks > 1) { if(!strcasecmp(stoks[1], "client")) { reassembly_direction = SSN_DIR_CLIENT; } else if(!strcasecmp(stoks[1], "server")) { reassembly_direction = SSN_DIR_SERVER; } else { reassembly_direction = SSN_DIR_BOTH; } } if (s_toks > 2) { char **ptoks; int num_ptoks; int j; /* Initialize it if not already... */ InitFlushPointList(&s5TcpPolicy->flush_point_list, 192, 128, use_static); if (!strcasecmp(stoks[2], "all")) { for (j=0; j<MAX_PROTOCOL_ORDINAL; j++) { if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config_protocol[j].client; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config_protocol[j].server; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } s5TcpPolicy->flush_config_protocol[j].configured = 1; } } else if (!strcasecmp(stoks[2], "none")) { for (j=0; j<MAX_PROTOCOL_ORDINAL; j++) { if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config_protocol[j].client; flush_mgr->flush_policy = STREAM_FLPOLICY_IGNORE; } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config_protocol[j].server; flush_mgr->flush_policy = STREAM_FLPOLICY_IGNORE; } s5TcpPolicy->flush_config_protocol[j].configured = 1; } } else { ptoks = mSplit(stoks[2], " ", MAX_PROTOCOL_ORDINAL, &num_ptoks, 0); for (j=0;j<num_ptoks;j++) { int16_t proto_ordinal; if (!ptoks[j]) { FatalError("%s(%d) => Invalid Protocol Name. Protocol name must be specified.\n", file_name, file_line); } /* First look it up */ proto_ordinal = FindProtocolReference(ptoks[j]); if (proto_ordinal == SFTARGET_UNKNOWN_PROTOCOL) { /* Not known -- add it */ proto_ordinal = AddProtocolReference(ptoks[j]); if (proto_ordinal == SFTARGET_UNKNOWN_PROTOCOL) { FatalError("%s(%d) => Failed to find protocol reference for '%s'\n", file_name, file_line, ptoks[j]); } } if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config_protocol[proto_ordinal].client; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config_protocol[proto_ordinal].server; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } s5TcpPolicy->flush_config_protocol[proto_ordinal].configured = 1; } mSplitFree(&ptoks, num_ptoks); } } }#endif else { FatalError("%s(%d) => Invalid Stream5 TCP policy option\n", file_name, file_line); } mSplitFree(&stoks, s_toks); i++; } mSplitFree(&toks, num_toks); } if(s5TcpPolicy->bound_addrs == NULL) { /* allocate and initializes the * IpAddrSet at the same time * set to "any" */ if (s5_global_config.flags & STREAM5_CONFIG_DEFAULT_TCP_POLICY_SET) { FatalError("%s(%d) => Default Stream5 TCP Policy alread set. " "This policy must be bound to a specific host or " "network.\n", file_name, file_line); } s5TcpPolicy->bound_addrs = (IpAddrSet *) SnortAlloc(sizeof(IpAddrSet)); s5_global_config.flags |= STREAM5_CONFIG_DEFAULT_TCP_POLICY_SET; } if (!set_flush_policy) { /* Initialize it if not already... */ InitFlushPointList(&s5TcpPolicy->flush_point_list, 192, 128, use_static); for (i=0;i<sizeof(default_ports)/sizeof(int); i++) { if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[default_ports[i]].client; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[default_ports[i]].server; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } } } return;}static void Stream5PrintTcpConfig(Stream5TcpPolicy *s5TcpPolicy){ int i=0, j=0; LogMessage("Stream5 TCP Policy config:\n"); LogMessage(" Reassembly Policy: %s\n", reassembly_policy_names[s5TcpPolicy->reassembly_policy]); LogMessage(" Timeout: %d seconds\n", s5TcpPolicy->session_timeout); LogMessage(" Min ttl: %d\n", s5TcpPolicy->min_ttl); //LogMessage(" Stream ttl_limit: %d\n", s5TcpPolicy->ttl_delta_limit); if (s5TcpPolicy->max_window != 0) LogMessage(" Max TCP Window: %u\n", s5TcpPolicy->max_window); if (s5TcpPolicy->overlap_limit) LogMessage(" Limit on TCP Overlaps: %d\n", s5TcpPolicy->overlap_limit); if (s5TcpPolicy->flags) { LogMessage(" Options:\n"); if (s5TcpPolicy->flags & STREAM5_CONFIG_REQUIRE_3WHS) { LogMessage(" Require 3-Way Handshake: YES\n"); if (s5TcpPolicy->hs_timeout != 0) { LogMessage(" 3-Way Handshake Timeout: %d\n", s5TcpPolicy->hs_timeout); } } if (s5TcpPolicy->flags & STREAM5_CONFIG_ENABLE_ALERTS) { LogMessage(" Detect Anomalies: YES\n"); } if (s5TcpPolicy->flags & STREAM5_CONFIG_STATIC_FLUSHPOINTS) { LogMessage(" Static Flushpoint Sizes: YES\n"); } if (s5TcpPolicy->flags & STREAM5_CONFIG_PERFORMANCE) { LogMessage(" Don't Queue Large Packets for Reassembly: YES\n"); } if (s5TcpPolicy->flags & STREAM5_CONFIG_CHECK_SESSION_HIJACKING) { LogMessage(" Check for TCP Session Hijacking: YES\n"); } } LogMessage(" Reassembly Ports:\n"); for (i=0; i<MAX_PORTS && j<20; i++) { int direction = 0; int client_flushpolicy = s5TcpPolicy->flush_config[i].client.flush_policy; int server_flushpolicy = s5TcpPolicy->flush_config[i].server.flush_policy; char client_policy_str[STD_BUF]; char server_policy_str[STD_BUF]; client_policy_str[0] = server_policy_str[0] = '\0'; if (client_flushpolicy != STREAM_FLPOLICY_IGNORE) { direction |= SSN_DIR_CLIENT; if (client_flushpolicy <= STREAM_FLPOLICY_MAX) SnortSnprintf(client_policy_str, STD_BUF, "client (%s)", flush_policy_names[client_flushpolicy]); } if (server_flushpolicy != STREAM_FLPOLICY_IGNORE) { direction |= SSN_DIR_SERVER; if (server_flushpolicy <= STREAM_FLPOLICY_MAX) SnortSnprintf(server_policy_str, STD_BUF, "server (%s)", flush_policy_names[server_flushpolicy]); } if (direction) { LogMessage(" %d %s %s\n", i, client_policy_str, server_policy_str);#ifndef DEBUG /* Don't increment, so we print the full list in * debug mode. */ j++;#endif } }#ifdef SUP_IP6// XXX-IPv6 var printing#else IpAddrSetPrint(" Bound Addresses:", s5TcpPolicy->bound_addrs);#endif}#ifdef TARGET_BASEDint StreamPolicyIdFromHostAttributeEntry(HostAttributeEntry *host_entry){⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -