"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/preprocessors/Stream6/snort_stream_udp.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

snort_stream_udp.c  (snort-2.9.16.1):snort_stream_udp.c  (snort-2.9.17)
skipping to change at line 94 skipping to change at line 94
} UdpSession; } UdpSession;
/* G L O B A L S **************************************************/ /* G L O B A L S **************************************************/
static SessionCache* udp_lws_cache = NULL; static SessionCache* udp_lws_cache = NULL;
/* P R O T O T Y P E S ********************************************/ /* P R O T O T Y P E S ********************************************/
static void StreamParseUdpArgs(StreamUdpConfig *, char *, StreamUdpPolicy *); static void StreamParseUdpArgs(StreamUdpConfig *, char *, StreamUdpPolicy *);
static void StreamPrintUdpConfig(StreamUdpPolicy *); static void StreamPrintUdpConfig(StreamUdpPolicy *);
static int ProcessUdp(SessionControlBlock *, Packet *, StreamUdpPolicy *, SFXHAS H_NODE *); static int ProcessUdp(SessionControlBlock *, Packet *, StreamUdpPolicy *, SFXHAS H_NODE *);
static int ProcessUdpCreate (Packet *);
#ifdef ENABLE_HA #ifdef ENABLE_HA
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
// udp ha stuff // udp ha stuff
// TBD there may be some refactoring possible once tcp, icmp, and udp // TBD there may be some refactoring possible once tcp, icmp, and udp
// are complete // are complete
static SessionControlBlock *StreamUDPCreateSession(const SessionKey *key) static SessionControlBlock *StreamUDPCreateSession(const SessionKey *key)
{ {
setNapRuntimePolicy(getDefaultPolicy()); setNapRuntimePolicy(getDefaultPolicy());
return session_api->create_session(udp_lws_cache, NULL, key ); SessionControlBlock *scb = session_api->create_session(udp_lws_cache, NULL,
key );
if (scb)
s5stats.active_udp_sessions++;
return scb;
} }
static int StreamUDPDeleteSession(const SessionKey *key) static int StreamUDPDeleteSession(const SessionKey *key)
{ {
SessionControlBlock *scb = session_api->get_session_by_key(udp_lws_cache, k ey); SessionControlBlock *scb = session_api->get_session_by_key(udp_lws_cache, k ey);
if (scb) if (scb)
{ {
if( StreamSetRuntimeConfiguration( scb, scb->protocol ) == 0 ) if( StreamSetRuntimeConfiguration( scb, scb->protocol ) == 0 )
{
session_api->delete_session( udp_lws_cache, scb, "ha sync", false ); session_api->delete_session( udp_lws_cache, scb, "ha sync", false );
s5stats.active_udp_sessions--;
}
else else
WarningMessage(" WARNING: Attempt to delete a UDP Session when no va lid runtime configuration.\n" ); WarningMessage(" WARNING: Attempt to delete a UDP Session when no va lid runtime configuration.\n" );
} }
return 0; return 0;
} }
static HA_Api ha_udp_api = { static HA_Api ha_udp_api = {
/*.get_lws = */ GetLWUdpSession, /*.get_lws = */ GetLWUdpSession,
skipping to change at line 406 skipping to change at line 414
scb->proto_specific_data = NULL; scb->proto_specific_data = NULL;
scb->session_state = STREAM_STATE_NONE; scb->session_state = STREAM_STATE_NONE;
scb->ha_state.session_flags = SSNFLAG_NONE; scb->ha_state.session_flags = SSNFLAG_NONE;
scb->expire_time = 0; scb->expire_time = 0;
scb->ha_state.ignore_direction = 0; scb->ha_state.ignore_direction = 0;
StreamResetFlowBits(scb); StreamResetFlowBits(scb);
session_api->free_application_data(scb); session_api->free_application_data(scb);
s5stats.udp_sessions_released++; s5stats.udp_sessions_released++;
s5stats.active_udp_sessions--;
RemoveUDPSession(&sfBase); RemoveUDPSession(&sfBase);
} }
uint32_t StreamGetUdpPrunes(void) uint32_t StreamGetUdpPrunes(void)
{ {
if( udp_lws_cache) if( udp_lws_cache)
return session_api->get_session_prune_count( SESSION_PROTO_UDP ); return session_api->get_session_prune_count( SESSION_PROTO_UDP );
else else
return s5stats.udp_prunes; return s5stats.udp_prunes;
skipping to change at line 474 skipping to change at line 483
scb->protocol = GET_IPH_PROTO(p); scb->protocol = GET_IPH_PROTO(p);
scb->ha_state.direction = FROM_SENDER; scb->ha_state.direction = FROM_SENDER;
tmp->lwSsn = scb; tmp->lwSsn = scb;
#ifdef STREAM_DEBUG_ENABLED #ifdef STREAM_DEBUG_ENABLED
PrintUdpSession(tmp); PrintUdpSession(tmp);
#endif #endif
session_api->set_expire_timer(p, scb, s5UdpPolicy->session_timeout); session_api->set_expire_timer(p, scb, s5UdpPolicy->session_timeout);
s5stats.udp_sessions_created++; s5stats.udp_sessions_created++;
s5stats.active_udp_sessions++;
AddUDPSession(&sfBase); AddUDPSession(&sfBase);
if (perfmon_config && (perfmon_config->perf_flags & SFPERF_FLOWIP)) if (perfmon_config && (perfmon_config->perf_flags & SFPERF_FLOWIP))
UpdateFlowIPState(&sfFlow, IP_ARG(scb->client_ip), IP_ARG(scb->server_ip ), SFS_STATE_UDP_CREATED); UpdateFlowIPState(&sfFlow, IP_ARG(scb->client_ip), IP_ARG(scb->server_ip ), SFS_STATE_UDP_CREATED);
return 0; return 0;
} }
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
/* /*
skipping to change at line 553 skipping to change at line 563
{ {
int rc; int rc;
#if defined(DAQ_CAPA_CST_TIMEOUT) #if defined(DAQ_CAPA_CST_TIMEOUT)
uint64_t timeout; uint64_t timeout;
if (Daq_Capa_Timeout) if (Daq_Capa_Timeout)
{ {
GetTimeout(p,&timeout); GetTimeout(p,&timeout);
s5UdpPolicy->session_timeout = timeout; s5UdpPolicy->session_timeout = timeout;
} }
#endif #endif
scb->proto_policy = s5UdpPolicy;
rc = isPacketFilterDiscard( p, s5UdpPolicy->flags & STREAM_CONFIG_IGNORE _ANY ); rc = isPacketFilterDiscard( p, s5UdpPolicy->flags & STREAM_CONFIG_IGNORE _ANY );
if( ( rc == PORT_MONITOR_PACKET_DISCARD ) && !StreamExpectIsExpected( p, &hash_node ) ) if( ( rc == PORT_MONITOR_PACKET_DISCARD ) && !StreamExpectIsExpected( p, &hash_node ) )
{ {
//ignore the packet //ignore the packet
scb->session_state &= ~STREAM_STATE_PORT_INSPECT;
UpdateFilteredPacketStats(&sfBase, IPPROTO_UDP); UpdateFilteredPacketStats(&sfBase, IPPROTO_UDP);
session_api->set_expire_timer(p, scb, s5UdpPolicy->session_timeout); session_api->set_expire_timer(p, scb, s5UdpPolicy->session_timeout);
PREPROC_PROFILE_END(s5UdpPerfStats); PREPROC_PROFILE_END(s5UdpPerfStats);
return 0; return 0;
} }
scb->session_state |= STREAM_STATE_PORT_INSPECT;
scb->session_established = true; scb->session_established = true;
scb->proto_policy = s5UdpPolicy;
s5stats.total_udp_sessions++; s5stats.total_udp_sessions++;
s5stats.active_udp_sessions++;
} }
p->ssnptr = scb; p->ssnptr = scb;
/* /*
* Check if the session is expired. * Check if the session is expired.
* Should be done before we do something with the packet... * Should be done before we do something with the packet...
* ie, Insert a packet, or handle state change SYN, FIN, RST, etc. * ie, Insert a packet, or handle state change SYN, FIN, RST, etc.
*/ */
if( ( scb->session_state & STREAM_STATE_TIMEDOUT ) if( ( scb->session_state & STREAM_STATE_TIMEDOUT )
skipping to change at line 730 skipping to change at line 744
if ((scb->ha_state.session_flags & SSNFLAG_SEEN_SENDER) && if ((scb->ha_state.session_flags & SSNFLAG_SEEN_SENDER) &&
(scb->ha_state.session_flags & SSNFLAG_SEEN_RESPONDER)) (scb->ha_state.session_flags & SSNFLAG_SEEN_RESPONDER))
{ {
scb->ha_state.session_flags |= SSNFLAG_ESTABLISHED; scb->ha_state.session_flags |= SSNFLAG_ESTABLISHED;
} }
} }
return ACTION_NOTHING; return ACTION_NOTHING;
} }
int ProcessUdpCreate (Packet *p)
{
SFXHASH_NODE *hash_node = NULL;
SessionControlBlock *scb;
StreamUdpPolicy *s5UdpPolicy;
PROFILE_VARS;
scb = p->ssnptr;
if (!scb) {
DEBUG_WRAP(DebugMessage(DEBUG_STREAM, "[Stream] Could not find Udp sessio
n Control block "));
return 0;
}
s5UdpPolicy = scb->proto_policy;
if (s5UdpPolicy == NULL) {
DEBUG_WRAP(DebugMessage(DEBUG_STREAM,
"[Stream] Could not find Udp Policy context "
"for IP %s\n", inet_ntoa(GET_DST_ADDR(p))););
return 0;
}
PREPROC_PROFILE_START(s5UdpPerfStats);
scb->session_established = true;
s5stats.total_udp_sessions++;
/*
* Check if the session is expired.
*/
if (( scb->session_state & STREAM_STATE_TIMEDOUT )
|| StreamExpire( p, scb )) {
scb->ha_state.session_flags |= SSNFLAG_TIMEDOUT;
/* Session is timed out */
DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE,
"Stream UDP session timedout!\n"););
#ifdef ENABLE_HA
/* Notify the HA peer of the session cleanup/reset by way of a deletion
notification. */
PREPROC_PROFILE_TMPEND(s5UdpPerfStats);
SessionHANotifyDeletion(scb);
PREPROC_PROFILE_TMPSTART(s5UdpPerfStats);
scb->ha_flags = (HA_FLAG_NEW | HA_FLAG_MODIFIED | HA_FLAG_MAJOR_CHANGE);
#endif
/* Clean it up */
UdpSessionCleanup(scb);
ProcessUdp(scb, p, s5UdpPolicy, hash_node);
} else {
ProcessUdp(scb, p, s5UdpPolicy, hash_node);
DEBUG_WRAP(DebugMessage(DEBUG_STREAM_STATE,
"Finished Stream UDP cleanly!\n"
"---------------------------------------------------\n"););
}
MarkupPacketFlags(p, scb);
session_api->set_expire_timer(p, scb, s5UdpPolicy->session_timeout);
PREPROC_PROFILE_END(s5UdpPerfStats);
return 0;
}
void InspectPortFilterUdp (Packet *p)
{
int rc;
SessionControlBlock *scb;
StreamUdpPolicy *s5UdpPolicy;
scb = p->ssnptr;
if (!scb) {
DEBUG_WRAP(DebugMessage(DEBUG_STREAM,"[Stream] Sesssion control does not
exist"));
return;
}
s5UdpPolicy = scb->proto_policy;
if (s5UdpPolicy == NULL) {
DEBUG_WRAP(DebugMessage(DEBUG_STREAM,
"[Stream] Could not find Udp Policy context "
"for IP %s\n", inet_ntoa(GET_DST_ADDR(p))););
return;
}
// If NAP had set port to be filtered, now check IPS portlist.
if (!(scb->session_state & STREAM_STATE_PORT_INSPECT)) {
rc = isPacketFilterDiscardUdp(p, s5UdpPolicy->flags & STREAM_CONFIG_IGNO
RE_ANY);
if (rc == PORT_MONITOR_PACKET_PROCESS) {
// Port is not present in NAP, but present in IPS portlist, flow wil
l be tracked.
scb->session_state |= STREAM_STATE_PORT_INSPECT;
// Complete UDP session/flow creation as it needs to tracked.
ProcessUdpCreate(p);
}
/*
* If return value from isPacketFilterDiscardUdp() was PORT_MONITOR_PACK
ET_DISCARD,
* packet is marked either inspected/filtered, based NAP/IPS portlist fl
ag evaluation.
*/
}
return;
}
void UdpUpdateDirection(SessionControlBlock *ssn, char dir, sfaddr_t* ip, uint16 _t port) void UdpUpdateDirection(SessionControlBlock *ssn, char dir, sfaddr_t* ip, uint16 _t port)
{ {
UdpSession *udpssn = (UdpSession *)ssn->proto_specific_data->data; UdpSession *udpssn = (UdpSession *)ssn->proto_specific_data->data;
sfaddr_t tmpIp; sfaddr_t tmpIp;
uint16_t tmpPort; uint16_t tmpPort;
if (IP_EQUALITY(&udpssn->udp_sender_ip, ip) && (udpssn->udp_sender_port == p ort)) if (IP_EQUALITY(&udpssn->udp_sender_ip, ip) && (udpssn->udp_sender_port == p ort))
{ {
if ((dir == SSN_DIR_FROM_SENDER) && (ssn->ha_state.direction == SSN_DIR_ FROM_SENDER)) if ((dir == SSN_DIR_FROM_SENDER) && (ssn->ha_state.direction == SSN_DIR_ FROM_SENDER))
{ {
skipping to change at line 791 skipping to change at line 904
{ {
StreamConfig *config; StreamConfig *config;
config = getStreamPolicyConfig( policyId, parsing ); config = getStreamPolicyConfig( policyId, parsing );
if ( ( config != NULL ) && ( config->udp_config != NULL ) ) if ( ( config != NULL ) && ( config->udp_config != NULL ) )
return ( int ) config->udp_config->port_filter[ port ]; return ( int ) config->udp_config->port_filter[ port ];
else else
return PORT_MONITOR_NONE; return PORT_MONITOR_NONE;
} }
int s5UdpGetIPSPortFilterStatus(struct _SnortConfig *sc, unsigned short sport, u
nsigned short dport, tSfPolicyId policyId)
{
if ( sc->udp_ips_port_filter_list && sc->udp_ips_port_filter_list[policyId]
)
return ( ((int) sc->udp_ips_port_filter_list[policyId]->port_filter[ spo
rt ]) |
((int) sc->udp_ips_port_filter_list[policyId]->port_filter[ dport ]
) ) ;
else
return PORT_MONITOR_NONE;
}
void StreamUdpConfigFree(StreamUdpConfig *config) void StreamUdpConfigFree(StreamUdpConfig *config)
{ {
int i; int i;
if (config == NULL) if (config == NULL)
return; return;
/* Cleanup TCP Policies and the list */ /* Cleanup TCP Policies and the list */
for (i = 0; i < config->num_policies; i++) for (i = 0; i < config->num_policies; i++)
{ {
skipping to change at line 832 skipping to change at line 954
unsigned SessionUDPReloadAdjust(unsigned maxWork) unsigned SessionUDPReloadAdjust(unsigned maxWork)
{ {
return SessionProtocolReloadAdjust(udp_lws_cache, session_configuration->max _udp_sessions, return SessionProtocolReloadAdjust(udp_lws_cache, session_configuration->max _udp_sessions,
maxWork, 0 maxWork, 0
#ifdef REG_TEST #ifdef REG_TEST
, "UDP" , "UDP"
#endif #endif
); );
} }
#endif #endif
size_t get_udp_used_mempool()
{
if (udp_lws_cache && udp_lws_cache->protocol_session_pool)
return udp_lws_cache->protocol_session_pool->used_memory;
return 0;
}
 End of changes. 14 change blocks. 
2 lines changed or deleted 136 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)