dce2_session.h

snort2.8.4版本

 * Returns:
 *  int - missing packets before, after, before and after or none
 *        SSN_MISSING_BEFORE, SSN_MISSING_AFTER,
 *        SSN_MISSING_BOTH or SSN_MISSING_NONE
 *
 ********************************************************************/
static INLINE int DCE2_SsnClientMissedInReassembled(const SFSnortPacket *p)
{
    return _dpd.streamAPI->missing_in_reassembled(p->stream_session_ptr, SSN_DIR_CLIENT);
}

/********************************************************************
 * Function: DCE2_SsnServerMissedInReassembled()
 *
 * Purpose: Returns if and how we missed packets from the server
 *          on the session, as determined by stream reassembly.
 *
 * Arguments:
 *  SFSnortPacket * - pointer to packet
 *
 * Returns:
 *  int - missing packets before, after, before and after or none
 *        SSN_MISSING_BEFORE, SSN_MISSING_AFTER,
 *        SSN_MISSING_BOTH or SSN_MISSING_NONE
 *
 ********************************************************************/
static INLINE int DCE2_SsnServerMissedInReassembled(const SFSnortPacket *p)
{
    return _dpd.streamAPI->missing_in_reassembled(p->stream_session_ptr, SSN_DIR_SERVER);
}

/********************************************************************
 * Function: DCE2_SsnSetMissedPkts()
 *
 * Purpose: Sets flag that we have missed packets on this session
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns: None
 *
 ********************************************************************/
static INLINE void DCE2_SsnSetMissedPkts(DCE2_SsnData *sd)
{
    sd->flags |= DCE2_SSN_FLAG__MISSED_PKTS;
}

/********************************************************************
 * Function: DCE2_SsnMissedPkts()
 *
 * Purpose: Returns whether or not we've missed packets
 *          on this session.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns:
 *  int - non-zero if packets were missed
 *        zero if no packets were missed
 *
 ********************************************************************/
static INLINE int DCE2_SsnMissedPkts(DCE2_SsnData *sd)
{
    return sd->flags & DCE2_SSN_FLAG__MISSED_PKTS;
}

/********************************************************************
 * Function: DCE2_SsnClearMissedPkts()
 *
 * Purpose: Clears the flag that indicates that we've missed
 *          packets on the session.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns: None
 *
 ********************************************************************/
static INLINE void DCE2_SsnClearMissedPkts(DCE2_SsnData *sd)
{
    sd->flags &= ~DCE2_SSN_FLAG__MISSED_PKTS;
}

/********************************************************************
 * Function: DCE2_SsnSetSeenClient()
 *
 * Purpose: Sets a flag that indicates that we have seen the
 *          client side of the conversation.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns: None
 *
 ********************************************************************/
static INLINE void DCE2_SsnSetSeenClient(DCE2_SsnData *sd)
{
    sd->flags |= DCE2_SSN_FLAG__SEEN_CLIENT;
}

/********************************************************************
 * Function: DCE2_SsnSeenClient()
 *
 * Purpose: Returns whether or not we've seen the client side
 *          of the conversation on this session.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns:
 *  int - non-zero if we've seen the client
 *        zero if we haven't seen the client
 *
 ********************************************************************/
static INLINE int DCE2_SsnSeenClient(DCE2_SsnData *sd)
{
    return sd->flags & DCE2_SSN_FLAG__SEEN_CLIENT;
}

/********************************************************************
 * Function: DCE2_SsnSetSeenServer()
 *
 * Purpose: Sets a flag that indicates that we have seen the
 *          server side of the conversation.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns: None
 *
 ********************************************************************/
static INLINE void DCE2_SsnSetSeenServer(DCE2_SsnData *sd)
{
    sd->flags |= DCE2_SSN_FLAG__SEEN_SERVER;
}

/********************************************************************
 * Function: DCE2_SsnSeenServer()
 *
 * Purpose: Returns whether or not we've seen the server side
 *          of the conversation on this session.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns:
 *  int - non-zero if we've seen the server
 *        zero if we haven't seen the server
 *
 ********************************************************************/
static INLINE int DCE2_SsnSeenServer(DCE2_SsnData *sd)
{
    return sd->flags & DCE2_SSN_FLAG__SEEN_SERVER;
}

/********************************************************************
 * Function: DCE2_SsnSetAutodetected()
 *
 * Purpose: Sets flag that indicates that this session
 *          was autodetected.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns: None
 *
 ********************************************************************/
static INLINE void DCE2_SsnSetAutodetected(DCE2_SsnData *sd)
{
    sd->flags |= DCE2_SSN_FLAG__AUTODETECTED;
}

/********************************************************************
 * Function: DCE2_SsnAutodetected()
 *
 * Purpose: Returns whether or not this session was autodetected.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns:
 *  int - non-zero if session was autodetected
 *        zero if session was not autodetected
 *
 ********************************************************************/
static INLINE int DCE2_SsnAutodetected(DCE2_SsnData *sd)
{
    return sd->flags & DCE2_SSN_FLAG__AUTODETECTED;
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE void DCE2_SsnSetNoInspect(DCE2_SsnData *sd)
{
    sd->flags |= DCE2_SSN_FLAG__NO_INSPECT;
}

/********************************************************************
 * Function:
 *
 * Purpose:
 *
 * Arguments:
 *
 * Returns:
 *
 ********************************************************************/
static INLINE int DCE2_SsnNoInspect(DCE2_SsnData *sd)
{
    return sd->flags & DCE2_SSN_FLAG__NO_INSPECT;
}

/********************************************************************
 * Function: DCE2_SsnSetHdrAnomaly()
 *
 * Purpose: Sets flag that we encountered a header anomaly
 *          in a packet.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns: None
 *
 ********************************************************************/
static INLINE void DCE2_SsnSetHdrAnomaly(DCE2_SsnData *sd)
{
    sd->flags |= DCE2_SSN_FLAG__HDR_ANOMALY;
}

/********************************************************************
 * Function: DCE2_SsnHdrAnomaly
 *
 * Purpose: Returns whether or not we've encountered a header
 *          anomaly on a session.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns:
 *  int - non-zero if a header anomaly was encountered.
 *        zero if no header anomaly was encountered.
 *
 ********************************************************************/
static INLINE int DCE2_SsnHdrAnomaly(DCE2_SsnData *sd)
{
    return sd->flags & DCE2_SSN_FLAG__HDR_ANOMALY;
}

/********************************************************************
 * Function: DCE2_SsnClearHdrAnomaly()
 *
 * Purpose: Clears the flag that indicates that we've encountered
 *          a header anomaly in a packet on the session.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns: None
 *
 ********************************************************************/
static INLINE void DCE2_SsnClearHdrAnomaly(DCE2_SsnData *sd)
{
    sd->flags &= ~DCE2_SSN_FLAG__HDR_ANOMALY;
}

/********************************************************************
 * Function: DCE2_SsnGetOverlap()
 *
 * Purpose: Returns the number of overlapped bytes, i.e. bytes
 *          that the preprocessor has already inspected.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns:
 *  uint16_t - the number of overlapped bytes
 *
 ********************************************************************/
static INLINE uint16_t DCE2_SsnGetOverlap(DCE2_SsnData *sd)
{
    if ((sd->cli_overlap_bytes != 0) && DCE2_SsnFromClient(sd->wire_pkt))
    {
        return sd->cli_overlap_bytes;
    }
    else if ((sd->srv_overlap_bytes != 0) && DCE2_SsnFromServer(sd->wire_pkt))
    {
        return sd->srv_overlap_bytes;
    }

    return 0;
}

/********************************************************************
 * Function: DCE2_SsnGetMissedBytes()
 *
 * Purpose: Returns the number of missed bytes.
 *
 * Arguments:
 *  DCE2_SsnData * - pointer to session data
 *
 * Returns:
 *  uint16_t - the number of overlapped bytes
 *
 ********************************************************************/
static INLINE uint32_t DCE2_SsnGetMissedBytes(DCE2_SsnData *sd)
{
    if ((sd->cli_missed_bytes != 0) && DCE2_SsnFromClient(sd->wire_pkt))
    {
        return sd->cli_missed_bytes;
    }
    else if ((sd->srv_missed_bytes != 0) && DCE2_SsnFromServer(sd->wire_pkt))
    {
        return sd->srv_missed_bytes;
    }

    return 0;
}

#endif  /* _DCE2_SESSION_H_ */