"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/dynamic-preprocessors/dcerpc2/spp_dce2.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

spp_dce2.c  (snort-2.9.16.1):spp_dce2.c  (snort-2.9.17)
skipping to change at line 582 skipping to change at line 582
* Returns: None * Returns: None
* *
******************************************************************/ ******************************************************************/
static void DCE2_PrintStats(int exiting) static void DCE2_PrintStats(int exiting)
{ {
int smb_com; int smb_com;
int sub_com; int sub_com;
_dpd.logMsg("dcerpc2 Preprocessor Statistics\n"); _dpd.logMsg("dcerpc2 Preprocessor Statistics\n");
_dpd.logMsg(" Total sessions: "STDu64"\n", dce2_stats.sessions); _dpd.logMsg(" Total sessions: "STDu64"\n", dce2_stats.sessions);
_dpd.logMsg(" Active sessions: "STDu64"\n", dce2_stats.sessions_active);
if (dce2_stats.sessions > 0) if (dce2_stats.sessions > 0)
{ {
if (dce2_stats.sessions_autodetected > 0) if (dce2_stats.sessions_autodetected > 0)
_dpd.logMsg(" Total sessions autodetected: "STDu64"\n", dce2_stats. sessions_autodetected); _dpd.logMsg(" Total sessions autodetected: "STDu64"\n", dce2_stats. sessions_autodetected);
if (dce2_stats.sessions_aborted > 0) if (dce2_stats.sessions_aborted > 0)
_dpd.logMsg(" Total sessions aborted: "STDu64"\n", dce2_stats.sessi ons_aborted); _dpd.logMsg(" Total sessions aborted: "STDu64"\n", dce2_stats.sessi ons_aborted);
if (dce2_stats.bad_autodetects > 0) if (dce2_stats.bad_autodetects > 0)
_dpd.logMsg(" Bad autodetects: "STDu64"\n", dce2_stats.bad_autodete cts); _dpd.logMsg(" Bad autodetects: "STDu64"\n", dce2_stats.bad_autodete cts);
if (dce2_stats.events > 0) if (dce2_stats.events > 0)
_dpd.logMsg(" Preprocessor events: "STDu64"\n", dce2_stats.events); _dpd.logMsg(" Preprocessor events: "STDu64"\n", dce2_stats.events);
skipping to change at line 727 skipping to change at line 728
{ {
_dpd.logMsg(" => %s (0x%02X) : "STDu64"/" STDu64"\n", _dpd.logMsg(" => %s (0x%02X) : "STDu64"/" STDu64"\n",
smb_com_strings[chained_com], chained_com, smb_com_strings[chained_com], chained_com,
dce2_stats.smb_chained_stats[SMB_TYPE__REQUE ST][andx][chained_com], dce2_stats.smb_chained_stats[SMB_TYPE__REQUE ST][andx][chained_com],
dce2_stats.smb_chained_stats[SMB_TYPE__RESPO NSE][andx][chained_com]); dce2_stats.smb_chained_stats[SMB_TYPE__RESPO NSE][andx][chained_com]);
} }
} }
} }
} }
#ifdef DEBUG_MSGS
_dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Memory stats (bytes)\n");
_dpd.logMsg(" Current total: %u\n", dce2_memory.smb_total); _dpd.logMsg(" Current total: %u\n", dce2_memory.smb_total);
_dpd.logMsg(" Maximum total: %u\n", dce2_memory.smb_total_max ); _dpd.logMsg(" Maximum total: %u\n", dce2_memory.smb_total_max );
_dpd.logMsg(" Current session data: %u\n", dce2_memory.smb_ss n); _dpd.logMsg(" Current session data: %u\n", dce2_memory.smb_ss n);
_dpd.logMsg(" Maximum session data: %u\n", dce2_memory.smb_ss n_max); _dpd.logMsg(" Maximum session data: %u\n", dce2_memory.smb_ss n_max);
_dpd.logMsg(" Current segmentation buffering: %u\n", dce2_mem ory.smb_seg); _dpd.logMsg(" Current segmentation buffering: %u\n", dce2_mem ory.smb_seg);
_dpd.logMsg(" Maximum segmentation buffering: %u\n", dce2_mem ory.smb_seg_max); _dpd.logMsg(" Maximum segmentation buffering: %u\n", dce2_mem ory.smb_seg_max);
_dpd.logMsg(" Current uid tracking: %u\n", dce2_memory.smb_ui d); _dpd.logMsg(" Current uid tracking: %u\n", dce2_memory.smb_ui d);
_dpd.logMsg(" Maximum uid tracking: %u\n", dce2_memory.smb_ui d_max); _dpd.logMsg(" Maximum uid tracking: %u\n", dce2_memory.smb_ui d_max);
_dpd.logMsg(" Current tid tracking: %u\n", dce2_memory.smb_ti d); _dpd.logMsg(" Current tid tracking: %u\n", dce2_memory.smb_ti d);
_dpd.logMsg(" Maximum tid tracking: %u\n", dce2_memory.smb_ti d_max); _dpd.logMsg(" Maximum tid tracking: %u\n", dce2_memory.smb_ti d_max);
_dpd.logMsg(" Current fid tracking: %u\n", dce2_memory.smb_fi d); _dpd.logMsg(" Current fid tracking: %u\n", dce2_memory.smb_fi d);
_dpd.logMsg(" Maximum fid tracking: %u\n", dce2_memory.smb_fi d_max); _dpd.logMsg(" Maximum fid tracking: %u\n", dce2_memory.smb_fi d_max);
_dpd.logMsg(" Current file tracking: %u\n", dce2_memory.smb_f ile); _dpd.logMsg(" Current file tracking: %u\n", dce2_memory.smb_f ile);
_dpd.logMsg(" Maximum file tracking: %u\n", dce2_memory.smb_f ile_max); _dpd.logMsg(" Maximum file tracking: %u\n", dce2_memory.smb_f ile_max);
_dpd.logMsg(" Current request tracking: %u\n", dce2_memory.sm b_req); _dpd.logMsg(" Current request tracking: %u\n", dce2_memory.sm b_req);
_dpd.logMsg(" Maximum request tracking: %u\n", dce2_memory.sm b_req_max); _dpd.logMsg(" Maximum request tracking: %u\n", dce2_memory.sm b_req_max);
#endif
/* SMB2 stats */ /* SMB2 stats */
if (!exiting) if (!exiting)
{ {
DCE2_Smb2UpdateStats(); DCE2_Smb2UpdateStats();
} }
_dpd.logMsg(" SMB2\n"); _dpd.logMsg(" SMB2\n");
_dpd.logMsg(" Smb2 prunes: "STDu64"\n", dce2_stats.smb2_prunes) ; _dpd.logMsg(" Smb2 prunes: "STDu64"\n", dce2_stats.smb2_prunes) ;
_dpd.logMsg(" Memory used for smb2 processing: "STDu64"\n", dce 2_stats.smb2_memory_in_use); _dpd.logMsg(" Memory used for smb2 processing: "STDu64"\n", dce 2_stats.smb2_memory_in_use);
_dpd.logMsg(" Maximum memory used for smb2 processing: "STDu64" \n", dce2_stats.smb2_memory_in_use_max); _dpd.logMsg(" Maximum memory used for smb2 processing: "STDu64" \n", dce2_stats.smb2_memory_in_use_max);
_dpd.logMsg(" SMB2 command requests/responses processed\n"); _dpd.logMsg(" SMB2 command requests/responses processed\n");
skipping to change at line 771 skipping to change at line 770
_dpd.logMsg(" smb2 tree disconnect: "STDu64"\n", dce2_stats.s mb2_tree_disconnect); _dpd.logMsg(" smb2 tree disconnect: "STDu64"\n", dce2_stats.s mb2_tree_disconnect);
_dpd.logMsg(" smb2 close : "STDu64"\n", dce2_stats.s mb2_close); _dpd.logMsg(" smb2 close : "STDu64"\n", dce2_stats.s mb2_close);
} }
if (dce2_stats.tcp_sessions > 0) if (dce2_stats.tcp_sessions > 0)
{ {
_dpd.logMsg(" TCP\n"); _dpd.logMsg(" TCP\n");
_dpd.logMsg(" Total sessions: "STDu64"\n", dce2_stats.tcp_sessi ons); _dpd.logMsg(" Total sessions: "STDu64"\n", dce2_stats.tcp_sessi ons);
_dpd.logMsg(" Packet stats\n"); _dpd.logMsg(" Packet stats\n");
_dpd.logMsg(" Packets: "STDu64"\n", dce2_stats.tcp_pkts); _dpd.logMsg(" Packets: "STDu64"\n", dce2_stats.tcp_pkts);
#ifdef DEBUG_MSGS
_dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Memory stats (bytes)\n");
_dpd.logMsg(" Current total: %u\n", dce2_memory.tcp_total); _dpd.logMsg(" Current total: %u\n", dce2_memory.tcp_total);
_dpd.logMsg(" Maximum total: %u\n", dce2_memory.tcp_total_max ); _dpd.logMsg(" Maximum total: %u\n", dce2_memory.tcp_total_max );
_dpd.logMsg(" Current session data: %u\n", dce2_memory.tcp_ss n); _dpd.logMsg(" Current session data: %u\n", dce2_memory.tcp_ss n);
_dpd.logMsg(" Maximum session data: %u\n", dce2_memory.tcp_ss n_max); _dpd.logMsg(" Maximum session data: %u\n", dce2_memory.tcp_ss n_max);
#endif
} }
if (dce2_stats.udp_sessions > 0) if (dce2_stats.udp_sessions > 0)
{ {
_dpd.logMsg(" UDP\n"); _dpd.logMsg(" UDP\n");
_dpd.logMsg(" Total sessions: "STDu64"\n", dce2_stats.udp_sessi ons); _dpd.logMsg(" Total sessions: "STDu64"\n", dce2_stats.udp_sessi ons);
_dpd.logMsg(" Packet stats\n"); _dpd.logMsg(" Packet stats\n");
_dpd.logMsg(" Packets: "STDu64"\n", dce2_stats.udp_pkts); _dpd.logMsg(" Packets: "STDu64"\n", dce2_stats.udp_pkts);
#ifdef DEBUG_MSGS
_dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Memory stats (bytes)\n");
_dpd.logMsg(" Current total: %u\n", dce2_memory.udp_total); _dpd.logMsg(" Current total: %u\n", dce2_memory.udp_total);
_dpd.logMsg(" Maximum total: %u\n", dce2_memory.udp_total_max ); _dpd.logMsg(" Maximum total: %u\n", dce2_memory.udp_total_max );
_dpd.logMsg(" Current session data: %u\n", dce2_memory.udp_ss n); _dpd.logMsg(" Current session data: %u\n", dce2_memory.udp_ss n);
_dpd.logMsg(" Maximum session data: %u\n", dce2_memory.udp_ss n_max); _dpd.logMsg(" Maximum session data: %u\n", dce2_memory.udp_ss n_max);
#endif
} }
if ((dce2_stats.http_server_sessions > 0) || (dce2_stats.http_proxy_sess ions > 0)) if ((dce2_stats.http_server_sessions > 0) || (dce2_stats.http_proxy_sess ions > 0))
{ {
_dpd.logMsg(" RPC over HTTP\n"); _dpd.logMsg(" RPC over HTTP\n");
if (dce2_stats.http_server_sessions > 0) if (dce2_stats.http_server_sessions > 0)
_dpd.logMsg(" Total server sessions: "STDu64"\n", dce2_stat s.http_server_sessions); _dpd.logMsg(" Total server sessions: "STDu64"\n", dce2_stat s.http_server_sessions);
if (dce2_stats.http_proxy_sessions > 0) if (dce2_stats.http_proxy_sessions > 0)
_dpd.logMsg(" Total proxy sessions: "STDu64"\n", dce2_stats .http_proxy_sessions); _dpd.logMsg(" Total proxy sessions: "STDu64"\n", dce2_stats .http_proxy_sessions);
_dpd.logMsg(" Packet stats\n"); _dpd.logMsg(" Packet stats\n");
if (dce2_stats.http_server_sessions > 0) if (dce2_stats.http_server_sessions > 0)
_dpd.logMsg(" Server packets: "STDu64"\n", dce2_stats.htt p_server_pkts); _dpd.logMsg(" Server packets: "STDu64"\n", dce2_stats.htt p_server_pkts);
if (dce2_stats.http_proxy_sessions > 0) if (dce2_stats.http_proxy_sessions > 0)
_dpd.logMsg(" Proxy packets: "STDu64"\n", dce2_stats.http _proxy_pkts); _dpd.logMsg(" Proxy packets: "STDu64"\n", dce2_stats.http _proxy_pkts);
#ifdef DEBUG_MSGS
_dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Memory stats (bytes)\n");
_dpd.logMsg(" Current total: %u\n", dce2_memory.http_total); _dpd.logMsg(" Current total: %u\n", dce2_memory.http_total);
_dpd.logMsg(" Maximum total: %u\n", dce2_memory.http_total_ma x); _dpd.logMsg(" Maximum total: %u\n", dce2_memory.http_total_ma x);
_dpd.logMsg(" Current session data: %u\n", dce2_memory.http_s sn); _dpd.logMsg(" Current session data: %u\n", dce2_memory.http_s sn);
_dpd.logMsg(" Maximum session data: %u\n", dce2_memory.http_s sn_max); _dpd.logMsg(" Maximum session data: %u\n", dce2_memory.http_s sn_max);
#endif
} }
if ((dce2_stats.co_pdus > 0) || (dce2_stats.cl_pkts > 0)) if ((dce2_stats.co_pdus > 0) || (dce2_stats.cl_pkts > 0))
{ {
_dpd.logMsg("\n"); _dpd.logMsg("\n");
_dpd.logMsg(" DCE/RPC\n"); _dpd.logMsg(" DCE/RPC\n");
if (dce2_stats.co_pdus > 0) if (dce2_stats.co_pdus > 0)
{ {
_dpd.logMsg(" Connection oriented\n"); _dpd.logMsg(" Connection oriented\n");
_dpd.logMsg(" Packet stats\n"); _dpd.logMsg(" Packet stats\n");
skipping to change at line 878 skipping to change at line 871
if (dce2_stats.co_resp_fragments > 0) if (dce2_stats.co_resp_fragments > 0)
{ {
_dpd.logMsg(" Min fragment size: "STDu64"\n", dce2_ stats.co_srv_min_frag_size); _dpd.logMsg(" Min fragment size: "STDu64"\n", dce2_ stats.co_srv_min_frag_size);
_dpd.logMsg(" Max fragment size: "STDu64"\n", dce2_ stats.co_srv_max_frag_size); _dpd.logMsg(" Max fragment size: "STDu64"\n", dce2_ stats.co_srv_max_frag_size);
_dpd.logMsg(" Frag reassembled: "STDu64"\n", dce2_s tats.co_srv_frag_reassembled); _dpd.logMsg(" Frag reassembled: "STDu64"\n", dce2_s tats.co_srv_frag_reassembled);
} }
_dpd.logMsg(" Client PDU segmented reassembled: "STDu64"\ n", _dpd.logMsg(" Client PDU segmented reassembled: "STDu64"\ n",
dce2_stats.co_cli_seg_reassembled); dce2_stats.co_cli_seg_reassembled);
_dpd.logMsg(" Server PDU segmented reassembled: "STDu64"\ n", _dpd.logMsg(" Server PDU segmented reassembled: "STDu64"\ n",
dce2_stats.co_srv_seg_reassembled); dce2_stats.co_srv_seg_reassembled);
#ifdef DEBUG_MSGS
_dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Memory stats (bytes)\n");
_dpd.logMsg(" Current segmentation buffering: %u\n", dce2 _memory.co_seg); _dpd.logMsg(" Current segmentation buffering: %u\n", dce2 _memory.co_seg);
_dpd.logMsg(" Maximum segmentation buffering: %u\n", dce2 _memory.co_seg_max); _dpd.logMsg(" Maximum segmentation buffering: %u\n", dce2 _memory.co_seg_max);
_dpd.logMsg(" Current fragment tracker: %u\n", dce2_memor y.co_frag); _dpd.logMsg(" Current fragment tracker: %u\n", dce2_memor y.co_frag);
_dpd.logMsg(" Maximum fragment tracker: %u\n", dce2_memor y.co_frag_max); _dpd.logMsg(" Maximum fragment tracker: %u\n", dce2_memor y.co_frag_max);
_dpd.logMsg(" Current context tracking: %u\n", dce2_memor y.co_ctx); _dpd.logMsg(" Current context tracking: %u\n", dce2_memor y.co_ctx);
_dpd.logMsg(" Maximum context tracking: %u\n", dce2_memor y.co_ctx_max); _dpd.logMsg(" Maximum context tracking: %u\n", dce2_memor y.co_ctx_max);
#endif
} }
if (dce2_stats.cl_pkts > 0) if (dce2_stats.cl_pkts > 0)
{ {
_dpd.logMsg(" Connectionless\n"); _dpd.logMsg(" Connectionless\n");
_dpd.logMsg(" Packet stats\n"); _dpd.logMsg(" Packet stats\n");
_dpd.logMsg(" Packets: "STDu64"\n", dce2_stats.cl_pkts); _dpd.logMsg(" Packets: "STDu64"\n", dce2_stats.cl_pkts);
if ((dce2_stats.cl_request > 0) || (dce2_stats.cl_response > 0)) if ((dce2_stats.cl_request > 0) || (dce2_stats.cl_response > 0))
{ {
_dpd.logMsg(" Request: "STDu64"\n", dce2_stats.cl_req uest); _dpd.logMsg(" Request: "STDu64"\n", dce2_stats.cl_req uest);
skipping to change at line 928 skipping to change at line 919
_dpd.logMsg(" Working: "STDu64"\n", dce2_stats.cl_wor king); _dpd.logMsg(" Working: "STDu64"\n", dce2_stats.cl_wor king);
if (dce2_stats.cl_other_req > 0) if (dce2_stats.cl_other_req > 0)
_dpd.logMsg(" Other request type: "STDu64"\n", dce2_s tats.cl_other_req); _dpd.logMsg(" Other request type: "STDu64"\n", dce2_s tats.cl_other_req);
if (dce2_stats.cl_other_resp > 0) if (dce2_stats.cl_other_resp > 0)
_dpd.logMsg(" Other response type: "STDu64"\n", dce2_ stats.cl_other_resp); _dpd.logMsg(" Other response type: "STDu64"\n", dce2_ stats.cl_other_resp);
_dpd.logMsg(" Fragments: "STDu64"\n", dce2_stats.cl_fragm ents); _dpd.logMsg(" Fragments: "STDu64"\n", dce2_stats.cl_fragm ents);
_dpd.logMsg(" Max fragment size: "STDu64"\n", dce2_stats. cl_max_frag_size); _dpd.logMsg(" Max fragment size: "STDu64"\n", dce2_stats. cl_max_frag_size);
_dpd.logMsg(" Reassembled: "STDu64"\n", dce2_stats.cl_fra g_reassembled); _dpd.logMsg(" Reassembled: "STDu64"\n", dce2_stats.cl_fra g_reassembled);
if (dce2_stats.cl_max_seqnum > 0) if (dce2_stats.cl_max_seqnum > 0)
_dpd.logMsg(" Max seq num: "STDu64"\n", dce2_stats.cl _max_seqnum); _dpd.logMsg(" Max seq num: "STDu64"\n", dce2_stats.cl _max_seqnum);
#ifdef DEBUG_MSGS
_dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Memory stats (bytes)\n");
_dpd.logMsg(" Current activity tracker: %u\n", dce2_memor y.cl_act); _dpd.logMsg(" Current activity tracker: %u\n", dce2_memor y.cl_act);
_dpd.logMsg(" Maximum activity tracker: %u\n", dce2_memor y.cl_act_max); _dpd.logMsg(" Maximum activity tracker: %u\n", dce2_memor y.cl_act_max);
_dpd.logMsg(" Current fragment tracker: %u\n", dce2_memor y.cl_frag); _dpd.logMsg(" Current fragment tracker: %u\n", dce2_memor y.cl_frag);
_dpd.logMsg(" Maximum fragment tracker: %u\n", dce2_memor y.cl_frag_max); _dpd.logMsg(" Maximum fragment tracker: %u\n", dce2_memor y.cl_frag_max);
#endif
} }
} }
} }
/* Have to free it here because CleanExit is called before stats functions /* Have to free it here because CleanExit is called before stats functions
* (so anything flushed by stream can go through and count towards stats) */ * (so anything flushed by stream can go through and count towards stats) */
if (exiting) if (exiting)
DCE2_StatsFree(); DCE2_StatsFree();
#ifdef DEBUG_MSGS
_dpd.logMsg("\n"); _dpd.logMsg("\n");
_dpd.logMsg(" Memory stats (bytes)\n"); _dpd.logMsg(" Memory stats (bytes)\n");
_dpd.logMsg(" Current total: %u\n", dce2_memory.total); _dpd.logMsg(" Current total: %u\n", dce2_memory.total);
_dpd.logMsg(" Maximum total: %u\n", dce2_memory.total_max); _dpd.logMsg(" Maximum total: %u\n", dce2_memory.total_max);
_dpd.logMsg(" Current runtime total: %u\n", dce2_memory.rtotal); _dpd.logMsg(" Current runtime total: %u\n", dce2_memory.rtotal);
_dpd.logMsg(" Maximum runtime total: %u\n", dce2_memory.rtotal_max); _dpd.logMsg(" Maximum runtime total: %u\n", dce2_memory.rtotal_max);
_dpd.logMsg(" Current config total: %u\n", dce2_memory.config); _dpd.logMsg(" Current config total: %u\n", dce2_memory.config);
_dpd.logMsg(" Maximum config total: %u\n", dce2_memory.config_max); _dpd.logMsg(" Maximum config total: %u\n", dce2_memory.config_max);
_dpd.logMsg(" Current rule options total: %u\n", dce2_memory.roptions); _dpd.logMsg(" Current rule options total: %u\n", dce2_memory.roptions);
_dpd.logMsg(" Maximum rule options total: %u\n", dce2_memory.roptions_max ); _dpd.logMsg(" Maximum rule options total: %u\n", dce2_memory.roptions_max );
_dpd.logMsg(" Current routing table total: %u\n", dce2_memory.rt); _dpd.logMsg(" Current routing table total: %u\n", dce2_memory.rt);
_dpd.logMsg(" Maximum routing table total: %u\n", dce2_memory.rt_max); _dpd.logMsg(" Maximum routing table total: %u\n", dce2_memory.rt_max);
_dpd.logMsg(" Current initialization total: %u\n", dce2_memory.init); _dpd.logMsg(" Current initialization total: %u\n", dce2_memory.init);
_dpd.logMsg(" Maximum initialization total: %u\n", dce2_memory.init_max); _dpd.logMsg(" Maximum initialization total: %u\n", dce2_memory.init_max);
#endif
} }
/****************************************************************** /******************************************************************
* Function: DCE2_Reset() * Function: DCE2_Reset()
* *
* Purpose: Reset the preprocessor to a post configuration state. * Purpose: Reset the preprocessor to a post configuration state.
* *
* Arguments: * Arguments:
* int - signal that caused the reset * int - signal that caused the reset
* void * - pointer to data * void * - pointer to data
 End of changes. 15 change blocks. 
14 lines changed or deleted 1 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)