"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/preprocessors/spp_stream6.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

spp_stream6.c  (snort-2.9.16.1):spp_stream6.c  (snort-2.9.17)
skipping to change at line 57 skipping to change at line 57
#include "snort.h" #include "snort.h"
#include "snort_bounds.h" #include "snort_bounds.h"
#include "util.h" #include "util.h"
#include "snort_debug.h" #include "snort_debug.h"
#include "plugbase.h" #include "plugbase.h"
#include "session_api.h" #include "session_api.h"
#include "spp_stream6.h" #include "spp_stream6.h"
#include "stream_api.h" #include "stream_api.h"
#include "stream_paf.h" #include "stream_paf.h"
#include "stream_common.h" #include "stream_common.h"
#include "session_common.h"
#include "snort_stream_tcp.h" #include "snort_stream_tcp.h"
#include "snort_stream_udp.h" #include "snort_stream_udp.h"
#include "snort_stream_icmp.h" #include "snort_stream_icmp.h"
#include "snort_stream_ip.h" #include "snort_stream_ip.h"
#include "checksum.h" #include "checksum.h"
#include "mstring.h" #include "mstring.h"
#include "parser/IpAddrSet.h" #include "parser/IpAddrSet.h"
#include "decode.h" #include "decode.h"
#include "detect.h" #include "detect.h"
#include "generators.h" #include "generators.h"
skipping to change at line 676 skipping to change at line 677
{ {
memset(&s5stats, 0, sizeof(s5stats)); memset(&s5stats, 0, sizeof(s5stats));
StreamResetTcpPrunes(); StreamResetTcpPrunes();
StreamResetUdpPrunes(); StreamResetUdpPrunes();
StreamResetIcmpPrunes(); StreamResetIcmpPrunes();
StreamResetIpPrunes(); StreamResetIpPrunes();
} }
static void StreamCleanExit(int signal, void *foo) static void StreamCleanExit(int signal, void *foo)
{ {
#ifdef ENABLE_QUICK_EXIT
LogMessage("Snort quick exit enabled\n");
return;
#else
/* Protocol specific cleanup actions */ /* Protocol specific cleanup actions */
StreamCleanTcp(); StreamCleanTcp();
StreamCleanUdp(); StreamCleanUdp();
StreamCleanIcmp(); StreamCleanIcmp();
StreamCleanIp(); StreamCleanIp();
StreamFreeConfigs(stream_online_config); StreamFreeConfigs(stream_online_config);
stream_online_config = NULL; stream_online_config = NULL;
#endif
} }
static void DisplayStreamStatistics (uint16_t type, void *old_context, struct _T HREAD_ELEMENT *te, ControlDataSendFunc f) static void DisplayStreamStatistics (uint16_t type, void *old_context, struct _T HREAD_ELEMENT *te, ControlDataSendFunc f)
{ {
char buffer[CS_STATS_BUF_SIZE + 1]; char buffer[CS_STATS_BUF_SIZE + 1];
int len = 0; int len = 0;
int total_sessions = s5stats.total_tcp_sessions + s5stats.total_udp_sessions + int total_sessions = s5stats.total_tcp_sessions + s5stats.total_udp_sessions +
s5stats.total_icmp_sessions + s5stats.total_ip_sessions; s5stats.total_icmp_sessions + s5stats.total_ip_sessions;
if (total_sessions) { if (total_sessions) {
skipping to change at line 775 skipping to change at line 781
} }
} }
static void StreamPrintStats(int exiting) static void StreamPrintStats(int exiting)
{ {
LogMessage("Stream statistics:\n"); LogMessage("Stream statistics:\n");
LogMessage(" Total sessions: %u\n", s5stats.total_tcp_sessions + LogMessage(" Total sessions: %u\n", s5stats.total_tcp_sessions +
s5stats.total_udp_sessions + s5stats.total_udp_sessions +
s5stats.total_icmp_sessions + s5stats.total_icmp_sessions +
s5stats.total_ip_sessions); s5stats.total_ip_sessions);
LogMessage(" TCP sessions: %u\n", s5stats.total_tcp_sessions); LogMessage(" TCP sessions: %u\n", s5stats.total_tcp_sessions);
LogMessage(" Active TCP sessions: %u\n", s5stats.active_tcp_sessions);
LogMessage(" Non mempool TCP sess mem: %u\n", session_mem_in_use);
LogMessage(" TCP mempool used: %"PRIu64"\n", get_tcp_used_mempool()
);
LogMessage(" UDP sessions: %u\n", s5stats.total_udp_sessions); LogMessage(" UDP sessions: %u\n", s5stats.total_udp_sessions);
LogMessage(" Active UDP sessions: %u\n", s5stats.active_udp_sessions);
LogMessage(" UDP mempool used: %"PRIu64"\n", get_udp_used_mempool()
);
LogMessage(" ICMP sessions: %u\n", s5stats.total_icmp_sessions); LogMessage(" ICMP sessions: %u\n", s5stats.total_icmp_sessions);
LogMessage(" Active ICMP sessions: %u\n", s5stats.active_icmp_sessions)
;
LogMessage(" ICMP mempool used: %"PRIu64"\n", get_icmp_used_mempool(
));
LogMessage(" IP sessions: %u\n", s5stats.total_ip_sessions); LogMessage(" IP sessions: %u\n", s5stats.total_ip_sessions);
LogMessage(" Active IP sessions: %u\n", s5stats.active_ip_sessions);
LogMessage(" IP mempool used: %"PRIu64"\n", get_ip_used_mempool())
;
LogMessage(" TCP Prunes: %u\n", StreamGetTcpPrunes()); LogMessage(" TCP Prunes: %u\n", StreamGetTcpPrunes());
LogMessage(" UDP Prunes: %u\n", StreamGetUdpPrunes()); LogMessage(" UDP Prunes: %u\n", StreamGetUdpPrunes());
LogMessage(" ICMP Prunes: %u\n", StreamGetIcmpPrunes()); LogMessage(" ICMP Prunes: %u\n", StreamGetIcmpPrunes());
LogMessage(" IP Prunes: %u\n", StreamGetIpPrunes()); LogMessage(" IP Prunes: %u\n", StreamGetIpPrunes());
LogMessage("TCP StreamTrackers Created: %u\n", s5stats.tcp_streamtrackers_cr eated); LogMessage("TCP StreamTrackers Created: %u\n", s5stats.tcp_streamtrackers_cr eated);
LogMessage("TCP StreamTrackers Deleted: %u\n", s5stats.tcp_streamtrackers_re leased); LogMessage("TCP StreamTrackers Deleted: %u\n", s5stats.tcp_streamtrackers_re leased);
LogMessage(" TCP Timeouts: %u\n", s5stats.tcp_timeouts); LogMessage(" TCP Timeouts: %u\n", s5stats.tcp_timeouts);
LogMessage(" TCP Overlaps: %u\n", s5stats.tcp_overlaps); LogMessage(" TCP Overlaps: %u\n", s5stats.tcp_overlaps);
LogMessage(" TCP Segments Queued: %u\n", s5stats.tcp_streamsegs_create d); LogMessage(" TCP Segments Queued: %u\n", s5stats.tcp_streamsegs_create d);
skipping to change at line 1513 skipping to change at line 1529
pPortFilterStats->inspected++; pPortFilterStats->inspected++;
} }
return PORT_MONITOR_PACKET_DISCARD; return PORT_MONITOR_PACKET_DISCARD;
} }
pPortFilterStats->session_tracked++; pPortFilterStats->session_tracked++;
return PORT_MONITOR_PACKET_PROCESS; return PORT_MONITOR_PACKET_PROCESS;
} }
int isPacketFilterDiscardUdp ( Packet *p, int ignore_any_rules )
{
uint8_t action_ips = 0, action_nap = 0;
tPortFilterStats *pPortFilterStats = NULL;
SessionControlBlock *scb;
tSfPolicyId policy_id_ips = getIpsRuntimePolicy();
tSfPolicyId policy_id_nap = getNapRuntimePolicy();
SnortPolicy *policy;
PreprocEnableMask enabled_pps;
bool nap_inspect = false;
scb = p->ssnptr;
if ( !scb ) {
DEBUG_WRAP(DebugMessage(DEBUG_STREAM, "Session control block of packet i
s NULL.\n"););
return PORT_MONITOR_PACKET_DISCARD;
}
if ( session_api->protocol_tracking_enabled( SESSION_PROTO_UDP ) &&
( snort_conf->udp_ips_port_filter_list ) ) {
action_ips = s5UdpGetIPSPortFilterStatus (snort_conf, p->sp, p->dp, poli
cy_id_ips);
}
pPortFilterStats = &s5stats.udp_port_filter;
// Check if NAP has marked it as inspect/filter.
action_nap = s5UdpGetPortFilterStatus (NULL, p->sp, policy_id_nap, 0) |
s5UdpGetPortFilterStatus (NULL, p->dp, policy_id_nap, 0);
if ( !( action_nap & PORT_MONITOR_SESSION_BITS ) && ( action_nap & PORT_MONI
TOR_INSPECT ) && ignore_any_rules ) {
nap_inspect = true ;
}
if ( !( action_ips & PORT_MONITOR_SESSION_BITS ) ) {
if ( !( action_ips & PORT_MONITOR_INSPECT ) && ignore_any_rules ) {
// Port not present in IPS port list too, disable detection.
DisableDetect( p );
} else {
/*
* If nap_inspect is true it implies NAP marked it for inspect, now
IPS too marking for inspect,
* so no change in counter.
* If nap_inspect is false ie: NAP marked for filter, now IPS marks
it to inspect undo the NAP counter.
*/
if ( !nap_inspect ) {
sfBase.total_udp_filtered_packets--;
pPortFilterStats->filtered--;
pPortFilterStats->inspected++;
}
}
return PORT_MONITOR_PACKET_DISCARD;
}
// Undo NAPs increment and enable detection
if ( nap_inspect )
pPortFilterStats->inspected--;
else
pPortFilterStats->filtered--;
pPortFilterStats->session_tracked++;
policy = snort_conf->targeted_policies[ getNapRuntimePolicy() ];
enabled_pps = policy->pp_enabled[ p->dp ] | policy->pp_enabled[ p->sp ];
EnableContentPreprocDetection (p,enabled_pps);
return PORT_MONITOR_PACKET_PROCESS;
}
static uint8_t StreamRegisterPAFPort( struct _SnortConfig *sc, tSfPolicyId id, u int16_t server_port, static uint8_t StreamRegisterPAFPort( struct _SnortConfig *sc, tSfPolicyId id, u int16_t server_port,
bool to_server, PAF_Callback cb, bool autoEnable) bool to_server, PAF_Callback cb, bool autoEnable)
{ {
return s5_paf_register_port( sc, id, server_port, to_server, cb, autoEnable ); return s5_paf_register_port( sc, id, server_port, to_server, cb, autoEnable );
} }
static uint8_t StreamRegisterPAFService( struct _SnortConfig *sc, tSfPolicyId id , uint16_t service, static uint8_t StreamRegisterPAFService( struct _SnortConfig *sc, tSfPolicyId id , uint16_t service,
bool to_server, PAF_Callback cb, bool autoEnable) bool to_server, PAF_Callback cb, bool autoEnable)
{ {
return s5_paf_register_service( sc, id, service, to_server, cb, autoEnable ) ; return s5_paf_register_service( sc, id, service, to_server, cb, autoEnable ) ;
skipping to change at line 1932 skipping to change at line 2011
config = initStreamPolicyConfig( sc, true ); config = initStreamPolicyConfig( sc, true );
if( !config->session_config->track_tcp_sessions ) if( !config->session_config->track_tcp_sessions )
return; return;
if( config->tcp_config == NULL ) if( config->tcp_config == NULL )
{ {
config->tcp_config = ( StreamTcpConfig * ) SnortAlloc( sizeof( StreamTcp Config ) ); config->tcp_config = ( StreamTcpConfig * ) SnortAlloc( sizeof( StreamTcp Config ) );
StreamTcpInitFlushPoints(); StreamTcpInitFlushPoints();
StreamTcpRegisterRuleOptions( sc ); StreamTcpRegisterRuleOptions( sc );
AddFuncToPreprocPostConfigList( sc, StreamPostConfigTcp, config->tcp_con fig );
} }
/* Call the protocol specific initializer */ /* Call the protocol specific initializer */
StreamTcpPolicyInit( sc, config->tcp_config, args ); StreamTcpPolicyInit( sc, config->tcp_config, args );
*new_config = getStreamConfigContext( true ); *new_config = getStreamConfigContext( true );
} }
static void StreamUdpReload(struct _SnortConfig *sc, char *args, void **new_conf ig) static void StreamUdpReload(struct _SnortConfig *sc, char *args, void **new_conf ig)
{ {
 End of changes. 10 change blocks. 
0 lines changed or deleted 90 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)