📄 spp_dce2.c
字号:
{ _dpd.logMsg(" SMB other command requests: "STDu64"\n", dce2_stats.smb_other_req); _dpd.logMsg(" SMB other command responses: "STDu64"\n", dce2_stats.smb_other_resp); }#ifdef DEBUG _dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Current total: %u\n", dce2_memory.smb_total); _dpd.logMsg(" Maximum total: %u\n", dce2_memory.smb_total_max); _dpd.logMsg(" Current session data: %u\n", dce2_memory.smb_ssn); _dpd.logMsg(" Maximum session data: %u\n", dce2_memory.smb_ssn_max); _dpd.logMsg(" Current segmentation buffering: %u\n", dce2_memory.smb_seg); _dpd.logMsg(" Maximum segmentation buffering: %u\n", dce2_memory.smb_seg_max); _dpd.logMsg(" Current uid tracking: %u\n", dce2_memory.smb_uid); _dpd.logMsg(" Maximum uid tracking: %u\n", dce2_memory.smb_uid_max); _dpd.logMsg(" Current tid tracking: %u\n", dce2_memory.smb_tid); _dpd.logMsg(" Maximum tid tracking: %u\n", dce2_memory.smb_tid_max); _dpd.logMsg(" Current fid tracking: %u\n", dce2_memory.smb_fid); _dpd.logMsg(" Maximum fid tracking: %u\n", dce2_memory.smb_fid_max); _dpd.logMsg(" Current fid binding tracking: %u\n", dce2_memory.smb_ut); _dpd.logMsg(" Maximum fid binding tracking: %u\n", dce2_memory.smb_ut_max); _dpd.logMsg(" Current multiplex tracking: %u\n", dce2_memory.smb_pm); _dpd.logMsg(" Maximum multiplex tracking: %u\n", dce2_memory.smb_pm_max);#endif } if (dce2_stats.tcp_sessions > 0) { _dpd.logMsg(" TCP\n"); _dpd.logMsg(" Total sessions: "STDu64"\n", dce2_stats.tcp_sessions); _dpd.logMsg(" Packet stats\n"); _dpd.logMsg(" Packets: "STDu64"\n", dce2_stats.tcp_pkts);#ifdef DEBUG _dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Current total: %u\n", dce2_memory.tcp_total); _dpd.logMsg(" Maximum total: %u\n", dce2_memory.tcp_total_max); _dpd.logMsg(" Current session data: %u\n", dce2_memory.tcp_ssn); _dpd.logMsg(" Maximum session data: %u\n", dce2_memory.tcp_ssn_max);#endif } if (dce2_stats.udp_sessions > 0) { _dpd.logMsg(" UDP\n"); _dpd.logMsg(" Total sessions: "STDu64"\n", dce2_stats.udp_sessions); _dpd.logMsg(" Packet stats\n"); _dpd.logMsg(" Packets: "STDu64"\n", dce2_stats.udp_pkts);#ifdef DEBUG _dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Current total: %u\n", dce2_memory.udp_total); _dpd.logMsg(" Maximum total: %u\n", dce2_memory.udp_total_max); _dpd.logMsg(" Current session data: %u\n", dce2_memory.udp_ssn); _dpd.logMsg(" Maximum session data: %u\n", dce2_memory.udp_ssn_max);#endif } if ((dce2_stats.http_server_sessions > 0) || (dce2_stats.http_proxy_sessions > 0)) { _dpd.logMsg(" RPC over HTTP\n"); if (dce2_stats.http_server_sessions > 0) _dpd.logMsg(" Total server sessions: "STDu64"\n", dce2_stats.http_server_sessions); if (dce2_stats.http_proxy_sessions > 0) _dpd.logMsg(" Total proxy sessions: "STDu64"\n", dce2_stats.http_proxy_sessions); _dpd.logMsg(" Packet stats\n"); if (dce2_stats.http_server_sessions > 0) _dpd.logMsg(" Server packets: "STDu64"\n", dce2_stats.http_server_pkts); if (dce2_stats.http_proxy_sessions > 0) _dpd.logMsg(" Proxy packets: "STDu64"\n", dce2_stats.http_proxy_pkts);#ifdef DEBUG _dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Current total: %u\n", dce2_memory.http_total); _dpd.logMsg(" Maximum total: %u\n", dce2_memory.http_total_max); _dpd.logMsg(" Current session data: %u\n", dce2_memory.http_ssn); _dpd.logMsg(" Maximum session data: %u\n", dce2_memory.http_ssn_max);#endif } if ((dce2_stats.co_pkts > 0) || (dce2_stats.cl_pkts > 0)) { _dpd.logMsg("\n"); _dpd.logMsg(" DCE/RPC\n"); if (dce2_stats.co_pkts > 0) { _dpd.logMsg(" Connection oriented\n"); _dpd.logMsg(" Packet stats\n"); _dpd.logMsg(" Packets: "STDu64"\n", dce2_stats.co_pkts); if ((dce2_stats.co_bind > 0) || (dce2_stats.co_bind_ack > 0)) { _dpd.logMsg(" Bind: "STDu64"\n", dce2_stats.co_bind); _dpd.logMsg(" Bind Ack: "STDu64"\n", dce2_stats.co_bind_ack); } if ((dce2_stats.co_alter_ctx > 0) || (dce2_stats.co_alter_ctx_resp > 0)) { _dpd.logMsg(" Alter context: "STDu64"\n", dce2_stats.co_alter_ctx); _dpd.logMsg(" Alter context response: "STDu64"\n", dce2_stats.co_alter_ctx_resp); } if (dce2_stats.co_bind_nack > 0) _dpd.logMsg(" Bind Nack: "STDu64"\n", dce2_stats.co_bind_nack); if ((dce2_stats.co_request > 0) || (dce2_stats.co_response > 0)) { _dpd.logMsg(" Request: "STDu64"\n", dce2_stats.co_request); _dpd.logMsg(" Response: "STDu64"\n", dce2_stats.co_response); } if (dce2_stats.co_fault > 0) _dpd.logMsg(" Fault: "STDu64"\n", dce2_stats.co_fault); if (dce2_stats.co_reject > 0) _dpd.logMsg(" Reject: "STDu64"\n", dce2_stats.co_reject); if (dce2_stats.co_auth3 > 0) _dpd.logMsg(" Auth3: "STDu64"\n", dce2_stats.co_auth3); if (dce2_stats.co_shutdown > 0) _dpd.logMsg(" Shutdown: "STDu64"\n", dce2_stats.co_shutdown); if (dce2_stats.co_cancel > 0) _dpd.logMsg(" Cancel: "STDu64"\n", dce2_stats.co_cancel); if (dce2_stats.co_orphaned > 0) _dpd.logMsg(" Orphaned: "STDu64"\n", dce2_stats.co_orphaned); if (dce2_stats.co_ms_pdu > 0) _dpd.logMsg(" Microsoft Outlook/Exchange 2003 pdu: "STDu64"\n", dce2_stats.co_ms_pdu); if (dce2_stats.co_other_req > 0) _dpd.logMsg(" Other request type: "STDu64"\n", dce2_stats.co_other_req); if (dce2_stats.co_other_resp > 0) _dpd.logMsg(" Other response type: "STDu64"\n", dce2_stats.co_other_resp); _dpd.logMsg(" Fragments: "STDu64"\n", dce2_stats.co_fragments); _dpd.logMsg(" Max fragment size: "STDu64"\n", dce2_stats.co_max_frag_size); _dpd.logMsg(" Reassembled: "STDu64"\n", dce2_stats.co_reassembled);#ifdef DEBUG _dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Current segmentation buffering: %u\n", dce2_memory.co_seg); _dpd.logMsg(" Maximum segmentation buffering: %u\n", dce2_memory.co_seg_max); _dpd.logMsg(" Current fragment tracker: %u\n", dce2_memory.co_frag); _dpd.logMsg(" Maximum fragment tracker: %u\n", dce2_memory.co_frag_max); _dpd.logMsg(" Current context tracking: %u\n", dce2_memory.co_ctx); _dpd.logMsg(" Maximum context tracking: %u\n", dce2_memory.co_ctx_max);#endif } if (dce2_stats.cl_pkts > 0) { _dpd.logMsg(" Connectionless\n"); _dpd.logMsg(" Packet stats\n"); _dpd.logMsg(" Packets: "STDu64"\n", dce2_stats.cl_pkts); if ((dce2_stats.cl_request > 0) || (dce2_stats.cl_response > 0)) { _dpd.logMsg(" Request: "STDu64"\n", dce2_stats.cl_request); _dpd.logMsg(" Response: "STDu64"\n", dce2_stats.cl_response); } if (dce2_stats.cl_ack > 0) _dpd.logMsg(" Ack: "STDu64"\n", dce2_stats.cl_ack); if (dce2_stats.cl_cancel > 0) _dpd.logMsg(" Cancel: "STDu64"\n", dce2_stats.cl_cancel); if (dce2_stats.cl_cli_fack > 0) _dpd.logMsg(" Client Fack: "STDu64"\n", dce2_stats.cl_cli_fack); if (dce2_stats.cl_ping > 0) _dpd.logMsg(" Ping: "STDu64"\n", dce2_stats.cl_ping); if (dce2_stats.cl_reject > 0) _dpd.logMsg(" Reject: "STDu64"\n", dce2_stats.cl_reject); if (dce2_stats.cl_cancel_ack > 0) _dpd.logMsg(" Cancel Ack: "STDu64"\n", dce2_stats.cl_cancel_ack); if (dce2_stats.cl_srv_fack > 0) _dpd.logMsg(" Server Fack: "STDu64"\n", dce2_stats.cl_srv_fack); if (dce2_stats.cl_fault > 0) _dpd.logMsg(" Fault: "STDu64"\n", dce2_stats.cl_fault); if (dce2_stats.cl_nocall > 0) _dpd.logMsg(" NoCall: "STDu64"\n", dce2_stats.cl_nocall); if (dce2_stats.cl_working > 0) _dpd.logMsg(" Working: "STDu64"\n", dce2_stats.cl_working); if (dce2_stats.cl_other_req > 0) _dpd.logMsg(" Other request type: "STDu64"\n", dce2_stats.cl_other_req); if (dce2_stats.cl_other_resp > 0) _dpd.logMsg(" Other response type: "STDu64"\n", dce2_stats.cl_other_resp); _dpd.logMsg(" Fragments: "STDu64"\n", dce2_stats.cl_fragments); _dpd.logMsg(" Max fragment size: "STDu64"\n", dce2_stats.cl_max_frag_size); _dpd.logMsg(" Reassembled: "STDu64"\n", dce2_stats.cl_reassembled); if (dce2_stats.cl_max_seqnum > 0) _dpd.logMsg(" Max seq num: "STDu64"\n", dce2_stats.cl_max_seqnum);#ifdef DEBUG _dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Current activity tracker: %u\n", dce2_memory.cl_act); _dpd.logMsg(" Maximum activity tracker: %u\n", dce2_memory.cl_act_max); _dpd.logMsg(" Current fragment tracker: %u\n", dce2_memory.cl_frag); _dpd.logMsg(" Maximum fragment tracker: %u\n", dce2_memory.cl_frag_max);#endif }#ifdef DEBUG _dpd.logMsg("\n"); _dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Current total: %u\n", dce2_memory.total); _dpd.logMsg(" Maximum total: %u\n", dce2_memory.total_max); _dpd.logMsg(" Current runtime total: %u\n", dce2_memory.rtotal); _dpd.logMsg(" Maximum runtime total: %u\n", dce2_memory.rtotal_max); _dpd.logMsg(" Current config total: %u\n", dce2_memory.config); _dpd.logMsg(" Maximum config total: %u\n", dce2_memory.config_max); _dpd.logMsg(" Current rule options total: %u\n", dce2_memory.roptions); _dpd.logMsg(" Maximum rule options total: %u\n", dce2_memory.roptions_max); _dpd.logMsg(" Current routing table total: %u\n", dce2_memory.rt); _dpd.logMsg(" Maximum routing table total: %u\n", dce2_memory.rt_max); _dpd.logMsg(" Current initialization total: %u\n", dce2_memory.init); _dpd.logMsg(" Maximum initialization total: %u\n", dce2_memory.init_max);#endif } } /* Have to free it here because CleanExit is called before stats functions * (so anything flushed by stream can go through and count towards stats) */ if (exiting) DCE2_StatsFree();}/****************************************************************** * Function: DCE2_Reset() * * Purpose: Reset the preprocessor to a post configuration state. * * Arguments: * int - signal that caused the reset * void * - pointer to data * * Returns: None * ******************************************************************/ static void DCE2_Reset(int signal, void *data){ if (!DCE2_CStackIsEmpty(dce2_pkt_stack)) { DCE2_Log("%s(%d) => Packet stack is not empty when it should be.\n", __FILE__, __LINE__); DCE2_CStackEmpty(dce2_pkt_stack); }}/****************************************************************** * Function: DCE2_ResetStats() * * Purpose: Reset any statistics being kept by the preprocessor. * * Arguments: * int - signal that caused function to be called * void * - pointer to data * * Returns: None * ******************************************************************/ static void DCE2_ResetStats(int signal, void *data){ DCE2_StatsInit();}/****************************************************************** * Function: DCE2_CleanExit() * * Purpose: Do any cleanup necessary when Snort exits. * * Arguments: * int - signal that caused Snort to exit * void * - pointer to data * * Returns: None * ******************************************************************/ static void DCE2_CleanExit(int signal, void *data){ DCE2_FreeGlobals();}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -