spp_frag3.c

著名的入侵检测系统snort的最新版本的源码

    /*
     * parse the configuration for this engine
     */
    Frag3ParseArgs(args, context);

    /*
     * register the preprocessor func node
     */
    if (!frag3_registered)
    {
        pfn = AddFuncToPreprocList(Frag3Defrag, PRIORITY_NETWORK, PP_FRAG3);
        if (pfn)
        {
            frag3_registered = 1;
            pfn->context = NULL;

            frag_rebuild_buf = (u_int8_t *)SnortAlloc(DATASIZE + SPARC_TWIDDLE);
#ifdef GRE
            gre_frag_rebuild_buf = (u_int8_t *)SnortAlloc(DATASIZE + SPARC_TWIDDLE);
#endif

        }
#ifdef PERF_PROFILING
        RegisterPreprocessorProfile("frag3", &frag3PerfStats, 0, &totalPerfStats);
        RegisterPreprocessorProfile("frag3insert", &frag3InsertPerfStats, 1, &frag3PerfStats);
        RegisterPreprocessorProfile("frag3rebuild", &frag3RebuildPerfStats, 1, &frag3PerfStats);
#endif
    }

    if(!stats_registered)
    {
        AddFuncToPreprocCleanExitList(Frag3CleanExit, NULL, PRIORITY_FIRST, PP_FRAG3);
        AddFuncToPreprocRestartList(Frag3Restart, NULL, PRIORITY_FIRST, PP_FRAG3);
        RegisterPreprocStats("frag3", Frag3PrintStats);
        stats_registered = 1;
    }

    /* Now add this context to the internal list */
    if (frag3ContextList == NULL)
    {
        numFrag3Contexts = 1;
        frag3ContextList = (Frag3Context **)SnortAlloc(sizeof (Frag3Context *)
            * numFrag3Contexts);
    }
    else
    {
        Frag3Context **tmpContextList =
            (Frag3Context **)SnortAlloc(sizeof (Frag3Context *)
            * (++numFrag3Contexts));
        memcpy(tmpContextList, frag3ContextList,
            sizeof(Frag3Context *) * (numFrag3Contexts-1));
        free(frag3ContextList);
        
        frag3ContextList = tmpContextList;
    }
    frag3ContextList[numFrag3Contexts-1] = context;

    /*
     * print this engine config
     */
    Frag3PrintEngineConfig(context);

    return;
}

static int FragPolicyIdFromName(char *name)
{
    if (!name)
    {
        return FRAG_POLICY_DEFAULT;
    }

    if(!strcasecmp(name, "bsd"))
    {
        return FRAG_POLICY_BSD;
    }
    else if(!strcasecmp(name, "bsd-right"))
    {
        return FRAG_POLICY_BSD_RIGHT;
    }
    else if(!strcasecmp(name, "linux"))
    {
        return FRAG_POLICY_LINUX;
    }
    else if(!strcasecmp(name, "first"))
    {
        return FRAG_POLICY_FIRST;
    }
    else if(!strcasecmp(name, "windows"))
    {
        return FRAG_POLICY_WINDOWS;
    }
    else if(!strcasecmp(name, "solaris"))
    {
        return FRAG_POLICY_SOLARIS;
    }
    else if(!strcasecmp(name, "last"))
    {
        return FRAG_POLICY_LAST;
    }
    return FRAG_POLICY_DEFAULT;
}

#ifdef TARGET_BASED
int FragPolicyIdFromHostAttributeEntry(HostAttributeEntry *host_entry)
{
    if (!host_entry || !host_entry->hostInfo.fragPolicyName)
        return 0;

    host_entry->hostInfo.fragPolicy = FragPolicyIdFromName(host_entry->hostInfo.fragPolicyName);
    host_entry->hostInfo.fragPolicySet = 1;

    DEBUG_WRAP(
        DebugMessage(DEBUG_FRAG,
            "Frag3 INIT: %s(%d) for Entry %s:%s:%s (%s)\n",
            frag_policy_names[host_entry->hostInfo.fragPolicy],
            host_entry->hostInfo.fragPolicy,
            host_entry->hostInfo.operatingSystem.value.s_value,
            host_entry->hostInfo.vendor.value.s_value,
            host_entry->hostInfo.version.value.s_value,
            host_entry->hostInfo.fragPolicyName););
    
    return 0;
}
#endif

/**
 * Verify frag3 setup is complete
 *
 * @param args list of configuration arguments
 *
 * @return none
 */
void Frag3VerifyConfig()
{
    if (global_init_complete && (numFrag3Contexts == 0))
        FatalError("Frag3VerifyConfig() policy engine required "
                   "but not configured.\n");

#ifdef TARGET_BASED
    SFAT_SetPolicyIds(FragPolicyIdFromHostAttributeEntry);
#endif
}

/**
 * Handle the preallocation of frags
 *
 * @param int unused
 *        void *arg unused inputs
 *        (these aren't used, just need to match function prototype)
 *
 * @return none
 */
void Frag3PostConfigInit(int unused, void*arg)
{
    Frag3Frag *tmp; /* for initializing the prealloc queue */
    unsigned int i;          /* counter */

    /* 
     * user has decided to prealloc the node structs for performance 
     */
    if(global_config.use_prealloc)
    {
        if (global_config.static_frags == 0)
        {
            global_config.static_frags = (u_int32_t)global_config.memcap /
                (sizeof(Frag3Frag) + sizeof(u_int8_t) * snaplen) + 1;
            ten_percent = global_config.static_frags >> 5;
        }

        for(i=0; i< global_config.static_frags; i++)
        {
            tmp = (Frag3Frag *) SnortAlloc(sizeof(Frag3Frag));
            tmp->fptr = (u_int8_t *) SnortAlloc(sizeof(u_int8_t) * snaplen);
            Frag3PreallocPush(tmp);
        }

        prealloc_nodes_in_use = 0;
    }
}

/**
 * Config parser for global config.  
 *
 * @param args List of configuration parameters
 *
 * @return none
 */
static void Frag3ParseGlobalArgs(char *args)
{
    char **toks;
    int num_toks;
    int i;
    char *index;
    char **stoks = NULL;
    int s_toks;

    if(args != NULL && strlen(args) != 0)
    {
        toks = mSplit(args, ",", 12, &num_toks, 0);

        i=0;

        while(i < num_toks)
        {
            index = toks[i];

            while(isspace((int)*index)) index++;

            stoks = mSplit(index, " ", 4, &s_toks, 0);

            if(!strcasecmp(stoks[0], "max_frags"))
            {
                if (s_toks != 2)
                {
                    FatalError("%s(%d) => Missing argument to max_frags in "
                            "config file.\n",
                            file_name, file_line);

                }
                if(stoks[1] && isdigit((int)stoks[1][0]))
                {
                    global_config.max_frags = atoi(stoks[1]);
                }
                else
                {
                    LogMessage("WARNING %s(%d) => Bad max_frags in config "
                            "file, defaulting to %d frags\n", 
                            file_name, file_line, 
                            DEFAULT_MAX_FRAGS);

                    global_config.max_frags = DEFAULT_MAX_FRAGS;
                }

            }
            else if(!strcasecmp(stoks[0], "memcap"))
            {
                if (s_toks != 2)
                {
                    FatalError("%s(%d) => Missing argument to memcap in "
                            "config file.\n",
                            file_name, file_line);

                }
                if(stoks[1] && isdigit((int)stoks[1][0]))
                {
                    global_config.memcap = atoi(stoks[1]);

                    if(global_config.memcap < 16384)
                    {
                        LogMessage("WARNING %s(%d) => Ludicrous (<16k) memcap "
                                "size, setting to default (%d bytes)\n", 
                                file_name, file_line, FRAG_MEMCAP);

                        global_config.memcap = FRAG_MEMCAP;
                    }
                }
                else
                {
                    LogMessage("WARNING %s(%d) => Bad memcap in config file, "
                            "defaulting to %u bytes\n", file_name, file_line, 
                            FRAG_MEMCAP);

                    global_config.memcap = FRAG_MEMCAP;
                }

                /* ok ok, it's really 9.375%, sue me */
                ten_percent = ((global_config.memcap >> 5) + 
                               (global_config.memcap >> 6));
            }
            else if (!strcasecmp(stoks[0], "prealloc_memcap"))
            {
                /* Use memcap to calculate prealloc_frag value */
                int memcap;
                if(stoks[1] && isdigit((int)stoks[1][0]))
                {
                    memcap = atoi(stoks[1]);

                    if(memcap < 16384)
                    {
                        LogMessage("WARNING %s(%d) => Ludicrous (<16k) memcap "
                                "size, setting to default (%d bytes)\n", 
                                file_name, file_line, FRAG_MEMCAP);

                        memcap = FRAG_MEMCAP;
                    }
                }
                else
                {
                    LogMessage("WARNING %s(%d) => Bad memcap in config file, "
                            "defaulting to %u bytes\n", file_name, file_line, 
                            FRAG_MEMCAP);

                    memcap = FRAG_MEMCAP;
                }

                global_config.use_prealloc = 1;
                global_config.memcap = memcap;
            }
            else if(!strcasecmp(stoks[0], "prealloc_frags"))
            {
                if (s_toks != 2)
                {
                    FatalError("%s(%d) => Missing argument to prealloc_frags "
                            "in config file.\n",
                            file_name, file_line);
                }
                if(stoks[1] && isdigit((int)stoks[1][0]))
                {
                    global_config.static_frags = atoi(stoks[1]);
                    global_config.use_prealloc = 1;

                    //ten_percent = ((global_config.static_frags >> 5) + 
                    //        (global_config.static_frags >> 6));
                    ten_percent = global_config.static_frags >> 5;
                }
                else
                {
                    LogMessage("WARNING %s(%d) => Bad prealloc_frags in config "
                            "file, defaulting to dynamic frag management\n",
                            file_name, file_line);

                    global_config.static_frags = 0;
                }
            }
            else
            {
                FatalError("%s(%d) => Invalid Frag3 global option (%s)\n",
                        file_name, file_line, index);
            }

            mSplitFree(&stoks, s_toks);

            i++;
        }
        mSplitFree(&toks, num_toks);
    }

    return;
}

/**
 * Config parser for engine context config.  
 *
 * @param args List of configuration parameters
 *
 * @return none
 */
static void Frag3ParseArgs(char *args, Frag3Context *context)
{
    char **toks;
    int num_toks;
    int i;
    char *index;

    if(args == NULL || strlen(args) == 0)
    {
        return;
    }
    else
    {
        int increment;
        toks = mSplit(args, " ", 13, &num_toks, 0);

        i=0;

        while(i < num_toks)
        {
            increment = 1;
            index = toks[i];

            if(!strcasecmp(index, "timeout"))
            {
                if(i+1 < num_toks && isdigit((int)toks[i+1][0]))
                {
                    context->frag_timeout = atoi(toks[i+1]);
                    increment = 2;
                }
                else
                {
                    LogMessage("WARNING %s(%d) => Bad timeout in config file, "
                            "defaulting to %d seconds\n", file_name, 
                            file_line, FRAG_PRUNE_QUANTA);

                    context->frag_timeout = FRAG_PRUNE_QUANTA;
                }
            }
            else if(!strcasecmp(index, "ttl_limit"))
            {
                if(i+1 >= num_toks || toks[i+1][0] == '\0')
                {
                    FatalError("%s(%d) => ttl_limit requires an integer "
                            "argument\n", file_name,file_line);
                }

                if(isdigit((int)toks[i+1][0]))
                {
                    context->ttl_limit = atoi(toks[i+1]);
                    increment = 2;
                }
                else
                {
                    LogMessage("WARNING %s(%d) => Bad TTL Limit"
                            "size, setting to default (%d\n", file_name, 
                            file_line, FRAG3_TTL_LIMIT);

                    context->ttl_limit = FRAG3_TTL_LIMIT;
                }
            }
            else if(!strcasecmp(index, "min_ttl"))
            {
                if(i+1 >= num_toks || toks[i+1][0] == '\0')
                {
                    FatalError("%s(%d) => min_ttl requires an integer "
                            "argument\n", file_name,file_line);
                }