"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/preprocessors/spp_session.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

spp_session.c  (snort-2.9.16.1):spp_session.c  (snort-2.9.17)
skipping to change at line 242 skipping to change at line 242
#endif #endif
#if !defined(SFLINUX) && defined(DAQ_CAPA_VRF) #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
uint16_t address_space_id_src, uint16_t address_space_id_src,
uint16_t address_space_id_dst uint16_t address_space_id_dst
#else #else
uint16_t addressSpaceId uint16_t addressSpaceId
#endif #endif
); );
static const StreamSessionKey *getKeyFromSession(const void *scbptr); static const StreamSessionKey *getKeyFromSession(const void *scbptr);
#ifdef TARGET_BASED
#ifdef ACTIVE_RESPONSE #ifdef ACTIVE_RESPONSE
static void initActiveResponse( Packet*, void* scbptr ); static void initActiveResponse( Packet*, void* scbptr );
#endif #endif
static uint8_t getHopLimit ( void* scbptr, char dir, int outer ); static uint8_t getHopLimit ( void* scbptr, char dir, int outer );
#endif
static void deleteSessionIfClosed( Packet* ); static void deleteSessionIfClosed( Packet* );
static void disablePreprocForSession( void *scbptr, uint32_t preproc_id ); static void disablePreprocForSession( void *scbptr, uint32_t preproc_id );
static void enablePreprocForPort( SnortConfig *sc, uint32_t preproc_id, uint32_t proto, uint16_t port ); static void enablePreprocForPort( SnortConfig *sc, uint32_t preproc_id, uint32_t proto, uint16_t port );
static void enablePreprocAllPorts( SnortConfig *sc, uint32_t preproc_id, uint32_ t proto ); static void enablePreprocAllPorts( SnortConfig *sc, uint32_t preproc_id, uint32_ t proto );
static void enablePreprocAllPortsAllPolicies( SnortConfig *sc, uint32_t preproc_ id, uint32_t proto ); static void enablePreprocAllPortsAllPolicies( SnortConfig *sc, uint32_t preproc_ id, uint32_t proto );
static bool isPreprocEnabledForPort( uint32_t preproc_id, uint16_t port ); static bool isPreprocEnabledForPort( uint32_t preproc_id, uint16_t port );
static void registerNapSelector( nap_selector nap_selector_func ); static void registerNapSelector( nap_selector nap_selector_func );
static void registerGetHttpXffPrecedence(GetHttpXffPrecedenceFunc fn); static void registerGetHttpXffPrecedence(GetHttpXffPrecedenceFunc fn);
static char** getHttpXffPrecedence(void* ssn, uint32_t flags, int* nFields); static char** getHttpXffPrecedence(void* ssn, uint32_t flags, int* nFields);
static void setReputationUpdateCount (void *ssn, uint8_t count); static void setReputationUpdateCount (void *ssn, uint8_t count);
skipping to change at line 311 skipping to change at line 313
/* .set_session_deletion_delayed = */ setSessionDeletionDelayed, /* .set_session_deletion_delayed = */ setSessionDeletionDelayed,
/* .is_session_deletion_delayed = */ isSessionDeletionDelayed, /* .is_session_deletion_delayed = */ isSessionDeletionDelayed,
#ifdef TARGET_BASED #ifdef TARGET_BASED
/* .register_service_handler */ registerApplicationHandler, /* .register_service_handler */ registerApplicationHandler,
/* .get_application_protocol_id = */ getAppProtocolId, /* .get_application_protocol_id = */ getAppProtocolId,
/* .set_application_protocol_id = */ setAppProtocolId, /* .set_application_protocol_id = */ setAppProtocolId,
/* .get_session_ip_address = */ getSessionIpAddress, /* .get_session_ip_address = */ getSessionIpAddress,
/* .get_session_ports = */ getSessionPorts, /* .get_session_ports = */ getSessionPorts,
#endif #endif
/* .get_preprocessor_status_bit = */ getPreprocessorStatusBit, /* .get_preprocessor_status_bit = */ getPreprocessorStatusBit,
#ifdef TARGET_BASED
#ifdef ACTIVE_RESPONSE #ifdef ACTIVE_RESPONSE
/* .init_active_response = */ initActiveResponse, /* .init_active_response = */ initActiveResponse,
#endif #endif
/* .get_session_ttl = */ getHopLimit, /* .get_session_ttl = */ getHopLimit,
#endif
/* .set_application_protocol_id_expected = */ setAppProtocolIdExpected, /* .set_application_protocol_id_expected = */ setAppProtocolIdExpected,
#ifdef ENABLE_HA #ifdef ENABLE_HA
/* .register_ha_funcs = */ RegisterSessionHAFuncs, /* .register_ha_funcs = */ RegisterSessionHAFuncs,
/* .unregister_ha_funcs = */ UnregisterSessionHAFuncs, /* .unregister_ha_funcs = */ UnregisterSessionHAFuncs,
/* .set_ha_pending_bit = */ SessionSetHAPendingBit, /* .set_ha_pending_bit = */ SessionSetHAPendingBit,
/* .process_ha = */ SessionProcessHA, /* .process_ha = */ SessionProcessHA,
#endif #endif
/* .get_max_session_limits = */ getMaxSessions, /* .get_max_session_limits = */ getMaxSessions,
/* .set_ignore_direction = */ setIgnoreDirection, /* .set_ignore_direction = */ setIgnoreDirection,
/* .get_session_ptr_from_ip_port = */ getSessionHandleFromIpPort, /* .get_session_ptr_from_ip_port = */ getSessionHandleFromIpPort,
skipping to change at line 1530 skipping to change at line 1534
(scb->expire_time - (((uint64_t)p->pkth->ts.tv_sec ) * TCP_HZ) <= STREAM_DELAY_TIMEOUT_AFTER_CONNECTION_ENDED)) (scb->expire_time - (((uint64_t)p->pkth->ts.tv_sec ) * TCP_HZ) <= STREAM_DELAY_TIMEOUT_AFTER_CONNECTION_ENDED))
{ {
scb->ha_state.session_flags |= SSNFLAG_TIMEDOUT; scb->ha_state.session_flags |= SSNFLAG_TIMEDOUT;
deleteSession(proto_session_caches[ SESSION_PROTO_TCP ], scb, "stale/timeout",true); deleteSession(proto_session_caches[ SESSION_PROTO_TCP ], scb, "stale/timeout",true);
scb = NULL; scb = NULL;
} }
#endif #endif
if ( ( scb == NULL ) && SessionTrackingEnabled( session_configur ation, SESSION_PROTO_TCP ) ) if ( ( scb == NULL ) && SessionTrackingEnabled( session_configur ation, SESSION_PROTO_TCP ) )
{ {
#if defined(HAVE_DAQ_QUERYFLOW) && defined (DAQ_QUERYFLOW_TYPE_IS_CONN_META_VALI D) #if defined(HAVE_DAQ_QUERYFLOW) && defined (DAQ_QUERYFLOW_TYPE_IS_CONN_META_VALI D)
/* For non-ip packets, ConnMetaQuery fails. For such cases, /* It is observed for non-IP packets, conn meta check fails.
we go ahead and create session */ In case of conn meta check failure,
* check if non_ip_pkt is set to allow flow creation.
*/
if (SessionConnMetaQuery(p->pkth) || p->non_ip_pkt) { if (SessionConnMetaQuery(p->pkth) || p->non_ip_pkt) {
scb = createSession( proto_session_caches[ SESSION_PROTO _TCP ], p, &key ); scb = createSession( proto_session_caches[ SESSION_PROTO _TCP ], p, &key );
} else { } else {
if (pkt_trace_enabled) if (pkt_trace_enabled)
addPktTraceData(VERDICT_REASON_NO_BLOCK, snprintf(tr ace_line, MAX_TRACE_LINE, addPktTraceData(VERDICT_REASON_NO_BLOCK, snprintf(tr ace_line, MAX_TRACE_LINE,
"Conn meta is not available. So not crea ting TCP session\n")); "Conn meta is not available. So not crea ting TCP session\n"));
DisablePacketAnalysis( p ); DisablePacketAnalysis( p );
PREPROC_PROFILE_END(sessionPerfStats); PREPROC_PROFILE_END(sessionPerfStats);
return; return;
} }
skipping to change at line 1566 skipping to change at line 1572
if( ( scb != NULL ) && !scb->session_established && ( getSession Plugins()->set_tcp_dir_ports != NULL ) ) if( ( scb != NULL ) && !scb->session_established && ( getSession Plugins()->set_tcp_dir_ports != NULL ) )
getSessionPlugins()->set_tcp_dir_ports( p, scb ); getSessionPlugins()->set_tcp_dir_ports( p, scb );
break; break;
case IPPROTO_UDP: case IPPROTO_UDP:
scb = findPacketSessionControlBlock( proto_session_caches[ SESSI ON_PROTO_UDP ], p, &key ); scb = findPacketSessionControlBlock( proto_session_caches[ SESSI ON_PROTO_UDP ], p, &key );
if( ( scb == NULL ) && SessionTrackingEnabled( s ession_configuration, SESSION_PROTO_UDP ) ) if( ( scb == NULL ) && SessionTrackingEnabled( s ession_configuration, SESSION_PROTO_UDP ) )
{ {
#if defined(HAVE_DAQ_QUERYFLOW) && defined (DAQ_QUERYFLOW_TYPE_IS_CONN_META_VALI D) #if defined(HAVE_DAQ_QUERYFLOW) && defined (DAQ_QUERYFLOW_TYPE_IS_CONN_META_VALI D)
if (SessionConnMetaQuery(p->pkth)) { /* It is observed for non-IP packets, conn meta check fails.
In case of conn meta check failure,
* check if non_ip_pkt is set to allow flow creation.
*/
if (SessionConnMetaQuery(p->pkth) || p->non_ip_pkt) {
scb = createSession( proto_session_caches[ SESSION_PROTO _UDP ], p, &key ); scb = createSession( proto_session_caches[ SESSION_PROTO _UDP ], p, &key );
} else { } else {
if (pkt_trace_enabled) if (pkt_trace_enabled)
addPktTraceData(VERDICT_REASON_NO_BLOCK, snprintf(tr ace_line, MAX_TRACE_LINE, addPktTraceData(VERDICT_REASON_NO_BLOCK, snprintf(tr ace_line, MAX_TRACE_LINE,
"Conn meta is not available. So not crea ting UDP session\n")); "Conn meta is not available. So not crea ting UDP session\n"));
DisablePacketAnalysis( p ); DisablePacketAnalysis( p );
PREPROC_PROFILE_END(sessionPerfStats); PREPROC_PROFILE_END(sessionPerfStats);
return; return;
} }
#else #else
skipping to change at line 2978 skipping to change at line 2987
SessionCache *sessionCache = NULL; SessionCache *sessionCache = NULL;
uint32_t max_sessions = 0, session_timeout_min = 0, session_timeout_max = 0; uint32_t max_sessions = 0, session_timeout_min = 0, session_timeout_max = 0;
uint32_t cleanup_sessions = 5; uint32_t cleanup_sessions = 5;
switch ( session_type ) switch ( session_type )
{ {
case SESSION_PROTO_TCP: case SESSION_PROTO_TCP:
if( session_configuration->track_tcp_sessions == STREAM_TRACK_YES ) if( session_configuration->track_tcp_sessions == STREAM_TRACK_YES )
{ {
max_sessions = session_configuration->max_tcp_sessions; max_sessions = session_configuration->max_tcp_sessions;
if (session_configuration->memcap > (max_sessions * protocol_scb
_size))
session_configuration->memcap = session_configuration->memca
p
- (max_sessions * protocol_scb_size);
session_timeout_min = session_configuration->tcp_cache_pruning_t imeout; session_timeout_min = session_configuration->tcp_cache_pruning_t imeout;
session_timeout_max = session_configuration->tcp_cache_nominal_t imeout; session_timeout_max = session_configuration->tcp_cache_nominal_t imeout;
} }
break; break;
case SESSION_PROTO_UDP: case SESSION_PROTO_UDP:
if( session_configuration->track_udp_sessions == STREAM_TRACK_YES ) if( session_configuration->track_udp_sessions == STREAM_TRACK_YES )
{ {
max_sessions = session_configuration->max_udp_sessions; max_sessions = session_configuration->max_udp_sessions;
session_timeout_min = session_configuration->udp_cache_pruning_t imeout; session_timeout_min = session_configuration->udp_cache_pruning_t imeout;
skipping to change at line 3809 skipping to change at line 3821
#endif #endif
// modify enabled preprocs mask to include only those always run and the ones // modify enabled preprocs mask to include only those always run and the ones
// registered for this application id // registered for this application id
scb->enabled_pps = appHandlerDispatchMask[ application_protocol ] scb->enabled_pps = appHandlerDispatchMask[ application_protocol ]
| |
( scb->enabled_pps & ( PP_CLASS_NETWORK | PP_CLASS_NG FW ) ); ( scb->enabled_pps & ( PP_CLASS_NETWORK | PP_CLASS_NG FW ) );
} }
} }
#ifdef TARGET_BASED
#ifdef ACTIVE_RESPONSE #ifdef ACTIVE_RESPONSE
static void initActiveResponse( Packet *p, void *pv ) static void initActiveResponse( Packet *p, void *pv )
{ {
SessionControlBlock *scb = ( SessionControlBlock * ) pv; SessionControlBlock *scb = ( SessionControlBlock * ) pv;
if ( scb == NULL ) if ( scb == NULL )
return; return;
scb->response_count = 1; scb->response_count = 1;
if ( session_configuration->max_active_responses > 1 ) if ( session_configuration->max_active_responses > 1 )
{ {
#if defined(DAQ_CAPA_CST_TIMEOUT) #if defined(DAQ_CAPA_CST_TIMEOUT)
if (!Daq_Capa_Timeout) if (!Daq_Capa_Timeout)
#endif #endif
setSessionExpirationTime( p, scb, session_configuration->min_response_se conds ); setSessionExpirationTime( p, scb, session_configuration->min_response_se conds );
} }
} }
#endif #endif
#endif
#ifdef TARGET_BASED
static uint8_t getHopLimit( void* pv, char dir, int outer ) static uint8_t getHopLimit( void* pv, char dir, int outer )
{ {
SessionControlBlock *scb = (SessionControlBlock*)pv; SessionControlBlock *scb = (SessionControlBlock*)pv;
if ( scb == NULL ) if ( scb == NULL )
return 255; return 255;
if ( SSN_DIR_FROM_CLIENT == dir ) if ( SSN_DIR_FROM_CLIENT == dir )
return outer ? scb->outer_client_ttl : scb->inner_client_ttl; return outer ? scb->outer_client_ttl : scb->inner_client_ttl;
return outer ? scb->outer_server_ttl : scb->inner_server_ttl; return outer ? scb->outer_server_ttl : scb->inner_server_ttl;
} }
#endif
static void registerApplicationHandler( uint32_t preproc_id, int16_t app_id ) static void registerApplicationHandler( uint32_t preproc_id, int16_t app_id )
{ {
if( app_id < 0 ) if( app_id < 0 )
{ {
WarningMessage( "(%s)(%d) Invalid application id: %d. Application handl er registration failed.", WarningMessage( "(%s)(%d) Invalid application id: %d. Application handl er registration failed.",
__FILE__, __LINE__, app_id ); __FILE__, __LINE__, app_id );
return; return;
} }
 End of changes. 11 change blocks. 
3 lines changed or deleted 22 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)