📄 snort_stream5_tcp.c
字号:
RegisterPreprocessorProfile("s5TcpData", &s5TcpDataPerfStats, 3, &s5TcpStatePerfStats); RegisterPreprocessorProfile("s5TcpPktInsert", &s5TcpInsertPerfStats, 4, &s5TcpDataPerfStats); RegisterPreprocessorProfile("s5TcpFlush", &s5TcpFlushPerfStats, 3, &s5TcpStatePerfStats); RegisterPreprocessorProfile("s5TcpBuildPacket", &s5TcpBuildPacketPerfStats, 4, &s5TcpFlushPerfStats); RegisterPreprocessorProfile("s5TcpProcessRebuilt", &s5TcpProcessRebuiltPerfStats, 4, &s5TcpFlushPerfStats);#endif#ifdef DYNAMIC_PLUGIN /* Register the 'stream_size' rule option */ RegisterPreprocessorRuleOption("stream_size", &s5TcpStreamSizeInit, &s5TcpStreamSizeEval, &s5TcpStreamSizeCleanup, NULL, NULL);#endif /* DYNAMIC_PLUGIN */ return;}void Stream5TcpPolicyInit(char *args){ Stream5TcpPolicy *s5TcpPolicy; s5TcpPolicy = (Stream5TcpPolicy *) SnortAlloc(sizeof(Stream5TcpPolicy)); //s5TcpPolicy->bound_addrs = (IpAddrSet *) SnortAlloc(sizeof(IpAddrSet)); /* Initialize flush policy to Ignore */ memcpy(&s5TcpPolicy->flush_config, ignore_flush_policy, sizeof(FlushConfig) * MAX_PORTS);#ifdef TARGET_BASED memcpy(&s5TcpPolicy->flush_config_protocol, ignore_flush_policy_protocol, sizeof(FlushConfig) * MAX_PROTOCOL_ORDINAL);#endif Stream5ParseTcpArgs(args, s5TcpPolicy); /* Now add this context to the internal list */ if (tcpPolicyList == NULL) { numTcpPolicies = 1; tcpPolicyList = (Stream5TcpPolicy **)SnortAlloc(sizeof (Stream5TcpPolicy *) * numTcpPolicies); } else { Stream5TcpPolicy **tmpPolicyList = (Stream5TcpPolicy **)SnortAlloc(sizeof (Stream5TcpPolicy *) * (++numTcpPolicies)); memcpy(tmpPolicyList, tcpPolicyList, sizeof(Stream5TcpPolicy *) * (numTcpPolicies-1)); free(tcpPolicyList); tcpPolicyList = tmpPolicyList; } tcpPolicyList[numTcpPolicies-1] = s5TcpPolicy; Stream5PrintTcpConfig(s5TcpPolicy); return;}static INLINE u_int16_t StreamPolicyIdFromName(char *name){ if (!name) { return STREAM_POLICY_DEFAULT; } if(!strcasecmp(name, "bsd")) { return STREAM_POLICY_BSD; } else if(!strcasecmp(name, "old-linux")) { return STREAM_POLICY_OLD_LINUX; } else if(!strcasecmp(name, "linux")) { return STREAM_POLICY_LINUX; } else if(!strcasecmp(name, "first")) { return STREAM_POLICY_FIRST; } else if(!strcasecmp(name, "last")) { return STREAM_POLICY_LAST; } else if(!strcasecmp(name, "windows")) { return STREAM_POLICY_WINDOWS; } else if(!strcasecmp(name, "solaris")) { return STREAM_POLICY_SOLARIS; } else if(!strcasecmp(name, "win2003") || !strcasecmp(name, "win2k3")) { return STREAM_POLICY_WINDOWS2K3; } else if(!strcasecmp(name, "vista")) { return STREAM_POLICY_VISTA; } else if(!strcasecmp(name, "hpux") || !strcasecmp(name, "hpux11")) { return STREAM_POLICY_HPUX11; } else if(!strcasecmp(name, "hpux10")) { return STREAM_POLICY_HPUX10; } else if(!strcasecmp(name, "irix")) { return STREAM_POLICY_IRIX; } else if(!strcasecmp(name, "macos") || !strcasecmp(name, "grannysmith")) { return STREAM_POLICY_MACOS; } return STREAM_POLICY_DEFAULT; /* BSD is the default */}static INLINE u_int16_t GetTcpReassemblyPolicy(int os_policy){ switch (os_policy) { case STREAM_POLICY_FIRST: return REASSEMBLY_POLICY_FIRST; break; case STREAM_POLICY_LINUX: return REASSEMBLY_POLICY_LINUX; break; case STREAM_POLICY_BSD: return REASSEMBLY_POLICY_BSD; break; case STREAM_POLICY_OLD_LINUX: return REASSEMBLY_POLICY_OLD_LINUX; break; case STREAM_POLICY_LAST: return REASSEMBLY_POLICY_LAST; break; case STREAM_POLICY_WINDOWS: return REASSEMBLY_POLICY_WINDOWS; break; case STREAM_POLICY_SOLARIS: return REASSEMBLY_POLICY_SOLARIS; break; case STREAM_POLICY_WINDOWS2K3: return REASSEMBLY_POLICY_WINDOWS2K3; break; case STREAM_POLICY_VISTA: return REASSEMBLY_POLICY_VISTA; break; case STREAM_POLICY_HPUX11: return REASSEMBLY_POLICY_HPUX11; break; case STREAM_POLICY_HPUX10: return REASSEMBLY_POLICY_HPUX10; break; case STREAM_POLICY_IRIX: return REASSEMBLY_POLICY_IRIX; break; case STREAM_POLICY_MACOS: return REASSEMBLY_POLICY_MACOS; break; default: return REASSEMBLY_POLICY_DEFAULT; break; }}static void Stream5ParseTcpArgs(char *args, Stream5TcpPolicy *s5TcpPolicy){ char **toks; int num_toks; int i; char *index; char **stoks = NULL; int s_toks; char *endPtr = NULL; char use_static = 0; char set_flush_policy = 0;#ifdef TARGET_BASED char set_target_flush_policy = 0;#endif int reassembly_direction = SSN_DIR_CLIENT; int32_t long_val = 0; s5TcpPolicy->policy = STREAM_POLICY_DEFAULT; s5TcpPolicy->reassembly_policy = REASSEMBLY_POLICY_DEFAULT; s5TcpPolicy->session_timeout = S5_DEFAULT_SSN_TIMEOUT; //s5TcpPolicy->ttl_delta_limit = S5_DEFAULT_TTL_LIMIT; s5TcpPolicy->min_ttl = S5_DEFAULT_MIN_TTL; s5TcpPolicy->max_window = 0; s5TcpPolicy->flags = 0; //s5TcpPolicy->flags |= STREAM5_CONFIG_STATEFUL_INSPECTION; //s5TcpPolicy->flags |= STREAM5_CONFIG_ENABLE_ALERTS; //s5TcpPolicy->flags |= STREAM5_CONFIG_REASS_CLIENT; if(args != NULL && strlen(args) != 0) { toks = mSplit(args, ",", 13, &num_toks, 0); i=0; while(i < num_toks) { index = toks[i]; while(isspace((int)*index)) index++; stoks = mSplit(index, " ", 3, &s_toks, 0); if (s_toks == 0) { FatalError("%s(%d) => Missing parameter in Stream5 TCP config.\n", file_name, file_line); } if(!strcasecmp(stoks[0], "timeout")) { if(stoks[1]) { s5TcpPolicy->session_timeout = strtoul(stoks[1], &endPtr, 10); } if (!stoks[1] || (endPtr == &stoks[1][0])) { FatalError("%s(%d) => Invalid timeout in config file. " "Integer parameter required.\n", file_name, file_line); } if ((s5TcpPolicy->session_timeout > S5_MAX_SSN_TIMEOUT) || (s5TcpPolicy->session_timeout < S5_MIN_SSN_TIMEOUT)) { FatalError("%s(%d) => Invalid timeout in config file. " "Must be between %d and %d\n", file_name, file_line, S5_MIN_SSN_TIMEOUT, S5_MAX_SSN_TIMEOUT); } if (s_toks > 2) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } }#if 0 else if(!strcasecmp(stoks[0], "ttl_limit")) { if(stoks[1]) { s5TcpPolicy->ttl_delta_limit = strtoul(stoks[1], &endPtr, 10); } if (!stoks[1] || (endPtr == &stoks[1][0])) { FatalError("%s(%d) => Invalid TTL Limit in config file. Integer parameter required\n", file_name, file_line); } }#endif else if(!strcasecmp(stoks[0], "min_ttl")) { if(stoks[1]) { long_val = strtol(stoks[1], &endPtr, 10); if (errno == ERANGE) { errno = 0; long_val = -1; } s5TcpPolicy->min_ttl = (u_int8_t)long_val; } if (!stoks[1] || (endPtr == &stoks[1][0])) { FatalError("%s(%d) => Invalid min TTL in config file. Integer parameter required\n", file_name, file_line); } if ((long_val > S5_MAX_MIN_TTL) || (long_val < S5_MIN_MIN_TTL)) { FatalError("%s(%d) => Invalid min TTL in config file. " "Must be between %d and %d\n", file_name, file_line, S5_MIN_MIN_TTL, S5_MAX_MIN_TTL); } if (s_toks > 2) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "overlap_limit")) { if(stoks[1]) { long_val = strtol(stoks[1], &endPtr, 10); if (errno == ERANGE) { errno = 0; long_val = -1; } s5TcpPolicy->overlap_limit = (u_int8_t)long_val; } if (!stoks[1] || (endPtr == &stoks[1][0])) { FatalError("%s(%d) => Invalid overlap limit in config file." "Integer parameter required\n", file_name, file_line); } if ((long_val > S5_MAX_OVERLAP_LIMIT) || (long_val < S5_MIN_OVERLAP_LIMIT)) { FatalError("%s(%d) => Invalid overlap limit in config file." " Must be between %d and %d\n", file_name, file_line, S5_MIN_OVERLAP_LIMIT, S5_MAX_OVERLAP_LIMIT); } if (s_toks > 2) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "detect_anomalies")) { s5TcpPolicy->flags |= STREAM5_CONFIG_ENABLE_ALERTS; if (s_toks > 1) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "policy")) { s5TcpPolicy->policy = StreamPolicyIdFromName(stoks[1]); if ((s5TcpPolicy->policy == STREAM_POLICY_DEFAULT) && (strcasecmp(stoks[1], "bsd"))) { /* Default is BSD. If we don't have "bsd", its * the default and invalid. */ FatalError("%s(%d) => Bad policy name \"%s\"\n", file_name, file_line, stoks[1]); } s5TcpPolicy->reassembly_policy = GetTcpReassemblyPolicy(s5TcpPolicy->policy); if (s_toks > 2) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "require_3whs")) { s5TcpPolicy->flags |= STREAM5_CONFIG_REQUIRE_3WHS; if (s_toks > 1) { s5TcpPolicy->hs_timeout = strtoul(stoks[1], &endPtr, 10); } if ((s_toks > 1) && (endPtr == &stoks[1][0])) { FatalError("%s(%d) => Invalid 3Way Handshake allowable. Integer parameter required.\n", file_name, file_line); } if (s_toks > 1) {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -