📄 spp_stream4.c
字号:
else if(!strcasecmp(stoks[0], "detect_state_problems")) { s4data.state_alerts = 1; } else if(!strcasecmp(stoks[0], "disable_evasion_alerts")) { s4data.evasion_alerts = 0; } else if(!strcasecmp(stoks[0], "timeout")) { if(isdigit((int)stoks[1][0])) { s4data.timeout = atoi(stoks[1]); } else { LogMessage("WARNING %s(%d) => Bad timeout in config file, " "defaulting to %d seconds\n", file_name, file_line, PRUNE_QUANTA); s4data.timeout = PRUNE_QUANTA; } } else if(!strcasecmp(stoks[0], "memcap")) { if(isdigit((int)stoks[1][0])) { s4data.memcap = atoi(stoks[1]); if(s4data.memcap < 16384) { LogMessage("WARNING %s(%d) => Ludicrous (<16k) memcap " "size, setting to default (%d bytes)\n", file_name, file_line, STREAM4_MEMORY_CAP); s4data.memcap = STREAM4_MEMORY_CAP; } } else { FatalError("%s(%d) => Bad memcap in config file, %d\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "max_sessions")) { if(isdigit((int)stoks[1][0])) { s4data.max_sessions = atoi(stoks[1]); if(s4data.max_sessions < 8192) { LogMessage("WARNING %s(%d) => Ludicrous (<8k) max_sessions " "size, setting to default (%d sessions)\n", file_name, file_line, STREAM4_MAX_SESSIONS); s4data.max_sessions = STREAM4_MAX_SESSIONS; } } else { FatalError("%s(%d) => Bad max_sessions in config file, %d\n", file_name, file_line); } }#ifdef STREAM4_UDP else if(!strcasecmp(stoks[0], "enable_udp_sessions")) { s4data.enable_udp_sessions = 1; } else if(!strcasecmp(stoks[0], "max_udp_sessions")) { if(isdigit((int)stoks[1][0])) { s4data.max_udp_sessions = atoi(stoks[1]); if(s4data.max_udp_sessions < 8192) { LogMessage("WARNING %s(%d) => Ludicrous (<8k) max_udp_sessions " "size, setting to default (%d sessions)\n", file_name, file_line, STREAM4_MAX_SESSIONS); s4data.max_udp_sessions = STREAM4_MAX_SESSIONS; } } else { FatalError("%s(%d) => Bad max_udp_sessions in config file, %d\n", file_name, file_line); } }#if 0 else if(!strcasecmp(stoks[0], "udp_ports")) { /* Unset the default ports */ bzero(&s4data.udp_ports, sizeof(s4data.udp_ports)); for (i=1;i<s_toks;i++) { char *endPtr; unsigned int value = strtoul(stoks[i], &endPtr, 10); u_int16_t port; if ((endPtr == stoks[i]) || (value == 0) || (value > 65535)) { LogMessage("WARNING %s(%d) => Invalid UDP port specified, " "ignoring\n", file_name, file_line, stoks[i]); continue; } port = (u_int16_t)value; s4data.udp_ports[port] |= UDP_SESSION | UDP_INSPECT; } }#endif else if(!strcasecmp(stoks[0], "udp_ignore_any")) { s4data.udp_ignore_any = 1; }#endif else if(!strcasecmp(stoks[0], "cache_clean_sessions")) { if(isdigit((int)stoks[1][0])) { s4data.cache_clean_sessions = atoi(stoks[1]); if (s4data.cache_clean_sessions < 1) { LogMessage("WARNING %s(%d) => Zero Session Cache Cleanup, " "reverting to default of %d\n", file_name, file_line, STREAM4_CLEANUP); s4data.cache_clean_sessions = STREAM4_CLEANUP; } } else { FatalError("%s(%d) => Bad cache cleanup value in " "config file\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "ttl_limit")) { if(s_toks > 1) { if(stoks[1] == NULL || stoks[1][0] == '\0') { FatalError("%s(%d) => ttl_limit requires an integer argument\n", file_name,file_line); } if(isdigit((int)stoks[1][0])) { s4data.ttl_limit = atoi(stoks[1]); } else { LogMessage("WARNING %s(%d) => Bad TTL Limit" "size, setting to default (%d\n", file_name, file_line, STREAM4_TTL_LIMIT); s4data.ttl_limit = STREAM4_TTL_LIMIT; } } else { FatalError("%s(%d) => ttl_limit requires an integer argument\n", file_name,file_line); } } else if(!strcasecmp(stoks[0], "self_preservation_threshold")) { if(isdigit((int)stoks[1][0])) { s4data.sp_threshold = atoi(stoks[1]); } else { LogMessage("WARNING %s(%d) => Bad sp_threshold in config file, " "defaulting to %d new sessions/second\n", file_name, file_line, SELF_PRES_THRESHOLD); s4data.sp_threshold = SELF_PRES_THRESHOLD; } } else if(!strcasecmp(stoks[0], "self_preservation_period")) { if(isdigit((int)stoks[1][0])) { s4data.sp_period = atoi(stoks[1]); } else { LogMessage("WARNING %s(%d) => Bad sp_period in config file, " "defaulting to %d seconds\n", file_name, file_line, SELF_PRES_PERIOD); s4data.sp_period = SELF_PRES_PERIOD; } } else if(!strcasecmp(stoks[0], "suspend_threshold")) { if(isdigit((int)stoks[1][0])) { s4data.suspend_threshold = atoi(stoks[1]); } else { LogMessage("WARNING %s(%d) => Bad suspend_threshold in config " "file, defaulting to %d new sessions/second\n", file_name, file_line, SUSPEND_THRESHOLD); s4data.suspend_threshold = SUSPEND_THRESHOLD; } } else if(!strcasecmp(stoks[0], "suspend_period")) { if(isdigit((int)stoks[1][0])) { s4data.suspend_period = atoi(stoks[1]); } else { LogMessage("WARNING %s(%d) => Bad suspend_period in config file, " "defaulting to %d seconds\n", file_name, file_line, SUSPEND_PERIOD); s4data.suspend_period = SUSPEND_PERIOD; } } else if(!strcasecmp(stoks[0], "enforce_state")) { s4data.enforce_state |= ENFORCE_STATE; if (s_toks > 1 && stoks[1]) { if (!strcasecmp(stoks[1], "drop")) { s4data.enforce_state |= ENFORCE_STATE_DROP; } } } else if(!strcasecmp(stoks[0], "midstream_drop_alerts")) { s4data.ms_inline_alerts = 1; } else if(!strcasecmp(stoks[0], "state_protection")) { s4data.state_protection = 1; } else if(!strcasecmp(stoks[0], "server_inspect_limit")) { if(isdigit((int)stoks[1][0])) { s4data.server_inspect_limit = atoi(stoks[1]); } else { FatalError("WARNING %s(%d) => Bad server_inspect_limit in " "config file\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "disable_session_blocking")) { s4data.allow_session_blocking = 0; } else { FatalError("%s(%d) => Unknown stream4: option: %s\n", file_name, file_line, stoks[0]); } mSplitFree(&stoks, s_toks); i++; } mSplitFree(&toks, num_toks); DisplayStream4Config();}void Stream4InitExternalOptions(char *args){ char **toks; int num_toks; int i=0; char *index; int got_favor = 0; int got_alert = 0; int got_overlap_limit = 0; int got_inspect_limit = 0; int got_max_sessions = 0; int got_zero_flushed = 0; int got_enforce_state = 0; int got_allow_session_blocking = 0;#ifdef STREAM4_UDP int got_max_udp = 0; int got_udp_enable = 0; int got_udp_ignore_any = 0;#endif char **stoks = NULL; int s_toks; toks = mSplit((char *)args, ",", 12, &num_toks, 0); if ((s4data.reassemble_client == 0) && (s4data.reassemble_server == 0)) { FatalError("Please enable stream reassembly before specifying " "external options for Stream4\n"); } while(i < num_toks) { index = toks[i]; while(isspace((int)*index)) index++; stoks = mSplit(index, " ", 2, &s_toks, 0); if(!strcasecmp(stoks[0], "favor_old")) { s4data.reassy_method = METHOD_FAVOR_OLD; got_favor = 1; } else if(!strcasecmp(stoks[0], "favor_new")) { s4data.reassy_method = METHOD_FAVOR_NEW; got_favor = 1; } else if(!strcasecmp(stoks[0], "flush_on_alert")) { s4data.flush_on_alert = 1; got_alert = 1; } else if(!strcasecmp(stoks[0], "enforce_state")) { s4data.enforce_state |= ENFORCE_STATE; if (s_toks > 1 && stoks[1]) { if (!strcasecmp(stoks[1], "drop")) { s4data.enforce_state |= ENFORCE_STATE_DROP; } } got_enforce_state = 1; } else if(!strcasecmp(stoks[0], "overlap_limit")) { if ((s_toks == 2) && stoks[1] && isdigit((int)stoks[1][0])) { s4data.overlap_limit = atoi(stoks[1]); } else { FatalError("WARNING %s(%d) => Bad cache cleanup value in " "config file\n", file_name, file_line); } got_overlap_limit = 1; } else if(!strcasecmp(stoks[0], "server_inspect_limit")) { if ((s_toks == 2) && stoks[1] && isdigit((int)stoks[1][0])) { s4data.server_inspect_limit = atoi(stoks[1]); } else { FatalError("WARNING %s(%d) => Bad server_inspect_limit in " "config file\n", file_name, file_line); } got_inspect_limit = 1; } else if(!strcasecmp(stoks[0], "max_sessions")) { if((s_toks == 2) && stoks[1] && isdigit((int)stoks[1][0])) { s4data.max_sessions = atoi(stoks[1]); if(s4data.max_sessions < 8192) { LogMessage("WARNING %s(%d) => Ludicrous (<8k) max_sessions " "size, setting to default (%d sessions)\n", file_name, file_line, STREAM4_MAX_SESSIONS); s4data.max_sessions = STREAM4_MAX_SESSIONS; } } else⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -