📄 snort_stream5_tcp.c
字号:
if ((s5TcpPolicy->hs_timeout > S5_MAX_SSN_TIMEOUT) || (s5TcpPolicy->hs_timeout < S5_MIN_ALT_HS_TIMEOUT)) { FatalError("%s(%d) => Invalid handshake timeout in " "config file. Must be between %d and %d\n", file_name, file_line, S5_MIN_ALT_HS_TIMEOUT, S5_MAX_SSN_TIMEOUT); } } if (s_toks > 2) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "bind_to")) { if(strstr(stoks[1], "[")) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. IP lists are not allowed.\n", file_name, file_line); } s5TcpPolicy->bound_addrs = IpAddrSetParse(stoks[1]); if (s_toks > 2) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "max_window")) { if(stoks[1]) { long_val = strtol(stoks[1], &endPtr, 10); if (errno == ERANGE) { errno = 0; FatalError("%s(%d) => Invalid Max Window size. Integer parameter required.\n", file_name, file_line); } s5TcpPolicy->max_window = (u_int32_t)long_val; } if (!stoks[1] || (endPtr == &stoks[1][0])) { FatalError("%s(%d) => Invalid Max Window size. Integer parameter required.\n", file_name, file_line); } if (s_toks > 2) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } if ((long_val > S5_MAX_MAX_WINDOW) || (long_val < S5_MIN_MAX_WINDOW)) { FatalError("%s(%d) => Invalid Max Window size." " Must be between %d and %d\n", file_name, file_line, S5_MIN_MAX_WINDOW, S5_MAX_MAX_WINDOW); } } else if(!strcasecmp(stoks[0], "use_static_footprint_sizes")) { s5TcpPolicy->flags |= STREAM5_CONFIG_STATIC_FLUSHPOINTS; use_static = 1; InitFlushPointList(&s5TcpPolicy->flush_point_list, 192, 128, use_static); if (s_toks > 1) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "dont_store_large_packets")) { s5TcpPolicy->flags |= STREAM5_CONFIG_PERFORMANCE; if (s_toks > 1) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "check_session_hijacking")) { s5TcpPolicy->flags |= STREAM5_CONFIG_CHECK_SESSION_HIJACKING; if (s_toks > 1) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } } else if(!strcasecmp(stoks[0], "ignore_any_rules")) { s5TcpPolicy->flags |= STREAM5_CONFIG_IGNORE_ANY; if (s_toks > 1) { FatalError("%s(%d) => Invalid Stream5 TCP Policy option. Missing comma?\n", file_name, file_line); } } else if (!strcasecmp(stoks[0], "ports")) { if (s_toks > 1) { if(!strcasecmp(stoks[1], "client")) { reassembly_direction = SSN_DIR_CLIENT; } else if(!strcasecmp(stoks[1], "server")) { reassembly_direction = SSN_DIR_SERVER; } else { reassembly_direction = SSN_DIR_BOTH; } } if (s_toks > 2) { char **ptoks; int num_ptoks; int j; unsigned short port = 0; long long_port = 0; /* Initialize it if not already... */ InitFlushPointList(&s5TcpPolicy->flush_point_list, 192, 128, use_static); if (!strcasecmp(stoks[2], "all")) { for (j=0; j<MAX_PORTS; j++) { if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[j].client; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[j].server; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } } } else if (!strcasecmp(stoks[2], "none")) { for (j=0; j<MAX_PORTS; j++) { if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[j].client; flush_mgr->flush_policy = STREAM_FLPOLICY_IGNORE; } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[j].server; flush_mgr->flush_policy = STREAM_FLPOLICY_IGNORE; } } } else { ptoks = mSplit(stoks[2], " ", MAX_PORTS, &num_ptoks, 0); for (j=0;j<num_ptoks;j++) { if (ptoks[j]) { long_port = strtol(ptoks[j], &endPtr, 10); } if (!ptoks[j] || (endPtr == &ptoks[j][0])) { FatalError("%s(%d) => Invalid Port list. Integer parameter required.\n", file_name, file_line); } if ((long_port < 0) || (long_port > MAX_PORTS-1)) { FatalError("%s(%d) => Invalid port %d, must be between 0 and %d, inclusive\n", file_name, file_line, long_port, MAX_PORTS-1); } port = (unsigned short)long_port; if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[port].client; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[port].server; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } } mSplitFree(&ptoks, num_ptoks); } set_flush_policy = 1; } }#ifdef TARGET_BASED else if (!strcasecmp(stoks[0], "protocol")) { if (s_toks > 1) { if(!strcasecmp(stoks[1], "client")) { reassembly_direction = SSN_DIR_CLIENT; } else if(!strcasecmp(stoks[1], "server")) { reassembly_direction = SSN_DIR_SERVER; } else { reassembly_direction = SSN_DIR_BOTH; } } if (s_toks > 2) { char **ptoks; int num_ptoks; int j; /* Initialize it if not already... */ InitFlushPointList(&s5TcpPolicy->flush_point_list, 192, 128, use_static); if (!strcasecmp(stoks[2], "all")) { for (j=1; j<MAX_PROTOCOL_ORDINAL; j++) { if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config_protocol[j].client; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config_protocol[j].server; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } s5TcpPolicy->flush_config_protocol[j].configured = 1; } } else if (!strcasecmp(stoks[2], "none")) { for (j=1; j<MAX_PROTOCOL_ORDINAL; j++) { if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config_protocol[j].client; flush_mgr->flush_policy = STREAM_FLPOLICY_IGNORE; } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config_protocol[j].server; flush_mgr->flush_policy = STREAM_FLPOLICY_IGNORE; } s5TcpPolicy->flush_config_protocol[j].configured = 1; } } else { ptoks = mSplit(stoks[2], " ", MAX_PROTOCOL_ORDINAL, &num_ptoks, 0); for (j=0;j<num_ptoks;j++) { int16_t proto_ordinal; if (!ptoks[j]) { FatalError("%s(%d) => Invalid Protocol Name. Protocol name must be specified.\n", file_name, file_line); } /* First look it up */ proto_ordinal = FindProtocolReference(ptoks[j]); if (proto_ordinal == SFTARGET_UNKNOWN_PROTOCOL) { /* Not known -- add it */ proto_ordinal = AddProtocolReference(ptoks[j]); if (proto_ordinal == SFTARGET_UNKNOWN_PROTOCOL) { FatalError("%s(%d) => Failed to find protocol reference for '%s'\n", file_name, file_line, ptoks[j]); } } if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config_protocol[proto_ordinal].client; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config_protocol[proto_ordinal].server; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } s5TcpPolicy->flush_config_protocol[proto_ordinal].configured = 1; } mSplitFree(&ptoks, num_ptoks); } set_target_flush_policy = 1; } }#endif else { FatalError("%s(%d) => Invalid Stream5 TCP policy option\n", file_name, file_line); } mSplitFree(&stoks, s_toks); i++; } mSplitFree(&toks, num_toks); } if(s5TcpPolicy->bound_addrs == NULL) { /* allocate and initializes the * IpAddrSet at the same time * set to "any" */ if (s5_global_config.flags & STREAM5_CONFIG_DEFAULT_TCP_POLICY_SET) { FatalError("%s(%d) => Default Stream5 TCP Policy already set. " "This policy must be bound to a specific host or " "network.\n", file_name, file_line); } s5TcpPolicy->bound_addrs = (IpAddrSet *) SnortAlloc(sizeof(IpAddrSet)); s5TcpGlobalConf.tcpGlobalPolicy = s5TcpPolicy; s5_global_config.flags |= STREAM5_CONFIG_DEFAULT_TCP_POLICY_SET; } else { if (s5TcpPolicy->flags & STREAM5_CONFIG_IGNORE_ANY) { FatalError("%s(%d) => \"ignore_any_rules\" option can be used only" " with Default Stream5 TCP Policy\n", file_name, file_line); } } if (!set_flush_policy) { /* Initialize it if not already... */ InitFlushPointList(&s5TcpPolicy->flush_point_list, 192, 128, use_static); for (i=0;i<sizeof(default_ports)/sizeof(int); i++) { if (reassembly_direction & SSN_DIR_CLIENT) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[default_ports[i]].client; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } if (reassembly_direction & SSN_DIR_SERVER) { FlushMgr *flush_mgr = &s5TcpPolicy->flush_config[default_ports[i]].server; FlushPointList *flush_point_list = &s5TcpPolicy->flush_point_list; InitFlushMgr(flush_mgr, flush_point_list, STREAM_FLPOLICY_FOOTPRINT); } } }#ifdef TARGET_BASED if (!set_target_flush_policy)⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -