📄 spp_stream4.c
字号:
{ FatalError("%s(%d) => Bad max_sessions in config file, %d\n", file_name, file_line); } got_max_sessions = 1; } else if(!strcasecmp(index, "zero_flushed_packets")) { s4data.zero_flushed_packets = 1; got_zero_flushed = 1; } else if(!strcasecmp(stoks[0], "disable_session_blocking")) { s4data.allow_session_blocking = 0; got_allow_session_blocking = 1; }#ifdef STREAM4_UDP else if(!strcasecmp(stoks[0], "enable_udp_sessions")) { s4data.enable_udp_sessions = 1; got_udp_enable = 1; } else if(!strcasecmp(stoks[0], "max_udp_sessions")) { if((s_toks == 2) && stoks[1] && isdigit((int)stoks[1][0])) { s4data.max_udp_sessions = atoi(stoks[1]); if(s4data.max_udp_sessions < 8192) { LogMessage("WARNING %s(%d) => Ludicrous (<8k) max_udp_sessions " "size, setting to default (%d sessions)\n", file_name, file_line, STREAM4_MAX_SESSIONS); s4data.max_udp_sessions = STREAM4_MAX_SESSIONS; got_max_udp = 1; } } else { FatalError("%s(%d) => Bad max_udp_sessions in config file, %d\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "udp_ignore_any")) { s4data.udp_ignore_any = 1; got_udp_ignore_any = 1; }#endif else { FatalError("%s(%d) => Bad stream4_external option " "specified: \"%s\"\n", file_name, file_line, toks[i]); } mSplitFree(&stoks, s_toks); i++; } LogMessage("stream4_external config (overrides values from " "stream4 & stream4_reassemble configs):\n"); if (got_favor) LogMessage(" Reassembler Packet Preferance : %s\n", s4data.reassy_method == METHOD_FAVOR_NEW ? "Favor New" : "Favor Old"); if (got_alert) LogMessage(" Flush stream on alert: %s\n", s4data.flush_on_alert ? "ACTIVE": "INACTIVE"); if (got_overlap_limit) LogMessage(" Packet Sequence Overlap Limit: %d\n", s4data.overlap_limit); if (got_inspect_limit) LogMessage(" Server Data Scan Threshold: %d\n", s4data.server_inspect_limit); if (got_max_sessions) LogMessage(" Session count max: %d sessions\n", (unsigned long)s4data.max_sessions); if (got_zero_flushed) LogMessage(" Zero out flushed packets: %s\n", s4data.zero_flushed_packets ? "ACTIVE": "INACTIVE"); if (got_enforce_state) LogMessage(" Enforce TCP State: %s\n", s4data.enforce_state ? "ACTIVE" : "INACTIVE", s4data.enforce_state & ENFORCE_STATE_DROP ? "and DROPPING" : " "); if (got_allow_session_blocking) LogMessage(" Allow Blocking of TCP Sessions in Inline: %s\n", s4data.allow_session_blocking ? "ACTIVE" : "INACTIVE");#ifdef STREAM4_UDP if (got_udp_enable) { LogMessage(" UDP Tracking Enabled: %s\n", s4data.enable_udp_sessions ? "YES" : "NO"); if (got_max_udp) LogMessage(" UDP Session count max: %d sessions\n", (unsigned long)s4data.max_udp_sessions); if (got_udp_ignore_any) LogMessage(" UDP Ignore Traffic on port without port-specific rules: %s\n", s4data.udp_ignore_any ? "YES" : "NO"); }#endif mSplitFree(&toks, num_toks);}void Stream4InitReassembler(char *args){ char buf[STD_BUF+1]; char **toks = NULL; char **stoks = NULL; int num_toks = 0; int num_args; int i; int j = 0; char *index; char *value; if(s4data.stream4_active == 0) { FatalError("Please activate stream4 before trying to " "activate stream4_reassemble\n"); } s4data.reassembly_alerts = 1; s4data.reassemble_client = 1; s4data.reassemble_server = 0; s4data.flush_on_alert = 0; s4data.assemble_ports[21] = 1; s4data.assemble_ports[23] = 1; s4data.assemble_ports[25] = 1; s4data.assemble_ports[42] = 1; s4data.assemble_ports[53] = 1; s4data.assemble_ports[80] = 1; s4data.assemble_ports[110] = 1; s4data.assemble_ports[111] = 1; s4data.assemble_ports[135] = 1; s4data.assemble_ports[136] = 1; s4data.assemble_ports[137] = 1; s4data.assemble_ports[139] = 1; s4data.assemble_ports[143] = 1; s4data.assemble_ports[445] = 1; s4data.assemble_ports[513] = 1; s4data.assemble_ports[1433] = 1; s4data.assemble_ports[1521] = 1; s4data.assemble_ports[3306] = 1; s4data.reassy_method = METHOD_FAVOR_OLD; /* setup for self preservaton... */ s4data.emergency_ports[21] = 1; s4data.emergency_ports[23] = 1; s4data.emergency_ports[25] = 1; s4data.emergency_ports[42] = 1; s4data.emergency_ports[53] = 1; s4data.emergency_ports[80] = 1; s4data.emergency_ports[110] = 1; s4data.emergency_ports[111] = 1; s4data.emergency_ports[135] = 1; s4data.emergency_ports[136] = 1; s4data.emergency_ports[137] = 1; s4data.emergency_ports[139] = 1; s4data.emergency_ports[143] = 1; s4data.emergency_ports[445] = 1; s4data.emergency_ports[513] = 1; s4data.emergency_ports[1433] = 1; s4data.emergency_ports[1521] = 1; s4data.emergency_ports[3306] = 1; if (args != NULL) { toks = mSplit((char *)args, ",", 12, &num_toks, 0); } i=0; while(i < num_toks) { index = toks[i]; while(isspace((int)*index)) index++; if(!strncasecmp(index, "clientonly", 10)) { s4data.reassemble_client = 1; s4data.reassemble_server = 0; } else if(!strncasecmp(index, "serveronly", 10)) { s4data.reassemble_server = 1; s4data.reassemble_client = 0; } else if(!strncasecmp(index, "both", 4)) { s4data.reassemble_client = 1; s4data.reassemble_server = 1; } else if(!strncasecmp(index, "noalerts", 8)) { s4data.reassembly_alerts = 0; } else if(!strncasecmp(index, "favor_old", 9)) { s4data.reassy_method = METHOD_FAVOR_OLD; } else if(!strncasecmp(index, "favor_new", 9)) { s4data.reassy_method = METHOD_FAVOR_NEW; } else if(!strncasecmp(index, "flush_on_alert", 9)) { s4data.flush_on_alert = 1; } else if(!strncasecmp(index, "overlap_limit", 9)) { stoks = mSplit(index, " ", 2, &num_args, 0); value = stoks[1]; if((num_args == 2) && (isdigit((int)value[0]))) { s4data.overlap_limit = atoi(value); } else { FatalError("%s(%d) => Bad overlap_limit value in " "config file\n", file_name, file_line); } mSplitFree(&stoks, num_args); } else if(!strncasecmp(index, "flush_behavior", 14)) { stoks = mSplit(index, " ", 2, &num_args, 0); value = stoks[1]; if(num_args != 2) { FatalError("%s(%d) => Bad flush_behavior value in " "config file\n", file_name, file_line); } if (!strncasecmp(value, "default", 7)) { s4data.flush_behavior = FLUSH_BEHAVIOR_DEFAULT; } else if (!strncasecmp(value, "random", 6)) { s4data.flush_behavior = FLUSH_BEHAVIOR_RANDOM; } else if (!strncasecmp(value, "large_window", 12)) { s4data.flush_behavior = FLUSH_BEHAVIOR_LARGE; } else { FatalError("%s(%d) => Invalid flush_behavior value (%s) in " "config file\n", file_name, file_line, value); } mSplitFree(&stoks, num_args); } else if(!strncasecmp(index, "flush_seed", 10)) { stoks = mSplit(index, " ", 2, &num_args, 0); value = stoks[1]; if((num_args == 2) && (isdigit((int)value[0]))) { s4data.flush_seed = atoi(value) + time(NULL); } else { FatalError("%s(%d) => Unsupported flush_seed value in " "config file\n", file_name, file_line); } mSplitFree(&stoks, num_args); } else if(!strncasecmp(index, "flush_base", 10)) { stoks = mSplit(index, " ", 2, &num_args, 0); value = stoks[1]; if((num_args == 2) && (isdigit((int)value[0]))) { s4data.flush_base = atoi(value); } else { FatalError("%s(%d) => Bad flush_base value in " "config file\n", file_name, file_line); } mSplitFree(&stoks, num_args); if((s4data.flush_base < 1) || (s4data.flush_base > 32768)) { FatalError("%s(%d) => Unsupported flush_base value (%d bytes) in " "config file\n", file_name, file_line, s4data.flush_base); } } else if(!strncasecmp(index, "flush_range", 11)) { stoks = mSplit(index, " ", 2, &num_args, 0); value = stoks[1]; if((num_args == 2) && (isdigit((int)value[0]))) { s4data.flush_range = atoi(value); } else { FatalError("%s(%d) => Bad flush_range in config file\n", file_name, file_line); } mSplitFree(&stoks, num_args); if((s4data.flush_range < 512) || (s4data.flush_range > 32767)) { FatalError("%s(%d) => Unsupported flush_range value " "(%d bytes) in config file\n", file_name, file_line, s4data.flush_range); } } else if(!strncasecmp(index, "ports", 5)) { char **ports; int num_ports; char *port; u_int32_t portnum; j = 0; for(j = 0;j<65535;j++) { s4data.assemble_ports[j] = 0; } ports = mSplit(index, " ", 40, &num_ports, 0); j = 1; while(j < num_ports) { port = ports[j]; if(isdigit((int)port[0])) { portnum = atoi(port); if(portnum > 65535) { FatalError("%s(%d) => Bad port list to " "reassembler\n", file_name, file_line); } s4data.assemble_ports[portnum] = 1; } else if(!strncasecmp(port, "all", 3)) { memset(&s4data.assemble_ports, 1, 65536); } else if(!strncasecmp(port, "default", 7)) { s4data.assemble_ports[21] = 1; s4data.assemble_ports[23] = 1; s4data.assemble_ports[25] = 1; s4data.assemble_ports[42] = 1; s4data.assemble_ports[53] = 1; s4data.assemble_ports[80] = 1; s4data.assemble_ports[110] = 1; s4data.assemble_ports[111] = 1; s4data.assemble_ports[135] = 1; s4data.assemble_ports[136] = 1; s4data.assemble_ports[137] = 1; s4data.assemble_ports[139] = 1; s4data.assemble_ports[143] = 1; s4data.assemble_ports[445] = 1; s4data.assemble_ports[513] = 1; s4data.assemble_ports[1433] = 1; s4data.assemble_ports[1521] = 1; s4data.assemble_ports[3306] = 1; } j++; } mSplitFree(&ports, num_ports); } ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -