?? ftpp_si.c
字號:
* Purpose: This function resets all the variables that need to be * initialized for a new Session. I've tried to keep this to * a minimum, so we don't have to worry about initializing big * structures. * * Arguments: FtpSession => pointer to the session to reset * first => indicator whether this is a new conf * * Returns: int => return code indicating error or success * */static INLINE int FTPResetSession(FTP_SESSION *FtpSession, int first){ FtpSession->server.response.pipeline_req = 0; FtpSession->server.response.state = 0; FtpSession->client.request.pipeline_req = 0; FtpSession->client.state = 0; FtpSession->client_conf = NULL; FtpSession->server_conf = NULL; FtpSession->global_conf = NULL; FtpSession->encr_state = NO_STATE; IP_CLEAR(FtpSession->clientIP); FtpSession->clientPort = 0; IP_CLEAR(FtpSession->serverIP); FtpSession->serverPort = 0; FtpSession->data_chan_state = NO_STATE; FtpSession->data_chan_index = -1; FtpSession->data_xfer_index = -1; FtpSession->event_list.stack_count = 0; return FTPP_SUCCESS;}/* * Function: FTPStatefulSessionInspection(Packet *p, * FTPTELNET_GLOBAL_CONF *GlobalConf, * FTP_SESSION **FtpSession, * FTPP_SI_INPUT *SiInput, int *piInspectMode) * Purpose: Initialize the session and server configurations for this * packet/stream. In this function, we set the Session pointer * (which includes the correct server configuration). The actual * processing to find which IP is the server and which is the * client, is done in the InitServerConf() function. * * Arguments: p => pointer to the Packet/Session * GlobalConf => pointer to the global configuration * Session => double pointer to the Session structure * SiInput => pointer to the session information * piInspectMode => pointer so the inspection mode can be set * * Returns: int => return code indicating error or success * */static int FTPStatefulSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, FTP_SESSION **FtpSession, FTPP_SI_INPUT *SiInput, int *piInspectMode){ FTP_CLIENT_PROTO_CONF *ClientConf; FTP_SERVER_PROTO_CONF *ServerConf; int iRet; FTP_SESSION *NewSession; /* * First, check if there is already a session pointer. */ if (p->stream_session_ptr) { *FtpSession = _dpd.streamAPI->get_application_data(p->stream_session_ptr, PP_FTPTELNET); if (*FtpSession) { if (SiInput->pdir != FTPP_SI_NO_MODE) *piInspectMode = SiInput->pdir; else *piInspectMode = FTPGetPacketDir(p); return FTPP_SUCCESS; } } /* * If not, create a new one, and initialize it. */ iRet = FTPInitConf(p, GlobalConf, &ClientConf, &ServerConf, SiInput, piInspectMode); if (iRet) { return iRet; } if (*piInspectMode) { NewSession = (FTP_SESSION *)calloc(1, sizeof(FTP_SESSION)); if (NewSession == NULL) { DynamicPreprocessorFatalMessage("%s(%d) => Failed to allocate memory for new FTP session\n", *(_dpd.config_file), *(_dpd.config_line)); } FTPResetSession(NewSession, 1); NewSession->client_conf = ClientConf; NewSession->server_conf = ServerConf; NewSession->global_conf = GlobalConf; *FtpSession = NewSession; return FTPP_SUCCESS; } return FTPP_INVALID_PROTO;}/* * Function: FTPStatelessSessionInspection(Packet *p, * FTPTELNET_GLOBAL_CONF *GlobalConf, * FTP_SESSION **FtpSession, * FTPP_SI_INPUT *SiInput, int *piInspectMode) * * Purpose: Initialize the session and server configurations for this * packet/stream. It is important to note in stateless mode that * we assume no knowledge of the state of a connection, other than * the knowledge that we can glean from an individual packet. So * in essence, each packet is it's own session and there is no * knowledge retained from one packet to another. If you want to * track an FTP session for real, use stateful mode. * * In this function, we set the Session pointer (which includes * the correct server configuration). The actual processing to find * which IP is the server and which is the client, is done in the * InitServerConf() function. * * Arguments: p => pointer to the Packet/Session * GlobalConf => pointer to the global configuration * Session => double pointer to the Session structure * SiInput => pointer to the session information * piInspectMode => pointer so the inspection mode can be set * * Returns: int => return code indicating error or success * */static FTP_SESSION StaticSession;static int first = 1;static int FTPStatelessSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, FTP_SESSION **FtpSession, FTPP_SI_INPUT *SiInput, int *piInspectMode){ FTP_CLIENT_PROTO_CONF *ClientConf; FTP_SERVER_PROTO_CONF *ServerConf; int iRet; FTPResetSession(&StaticSession, first); if (first) first = 0; iRet = FTPInitConf(p, GlobalConf, &ClientConf, &ServerConf, SiInput, piInspectMode); if (iRet) { return iRet; } StaticSession.client_conf = ClientConf; StaticSession.server_conf = ServerConf; StaticSession.global_conf = GlobalConf; *FtpSession = &StaticSession; return FTPP_SUCCESS;} /* * Function: FTPSessionInspection(Packet *p, * FTPTELNET_GLOBAL_CONF *GlobalConf, * FTPP_SI_INPUT *SiInput, int *piInspectMode) * * Purpose: The Session Inspection module selects the appropriate client * configuration for the session, and the type of inspection to * be performed (client or server.) * * When the Session Inspection module is in stateful mode, it * checks to see if there is a FTP_SESSION pointer already * associated with the stream. If there is, then it uses that * session pointer, otherwise it calculates the server * configuration using the FTP_SI_INPUT and returns a FTP_SESSION * pointer. In stateful mode, this means that memory is allocated, * but in stateless mode, the same session pointer is used for all * packets to reduce the allocation overhead. * * The inspection mode can be either client or server. * * Arguments: p => pointer to the Packet/Session * GlobalConf => pointer to the global configuration * SiInput => pointer to the session information * piInspectMode => pointer so the inspection mode can be set * * Returns: int => return code indicating error or success * */int FTPSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, FTPP_SI_INPUT *SiInput, int *piInspectMode){ int iRet; FTP_SESSION *FtpSession; /* * We get the server configuration and the session structure differently * depending on what type of inspection we are doing. In the case of * stateful processing, we may get the session structure from the Stream * Reassembly module (which includes the server configuration) or the * structure will be allocated and added to the stream pointer for the * rest of the session. * * In stateless mode, we just use a static variable that is contained in * the function here. */ if(GlobalConf->inspection_type == FTPP_UI_CONFIG_STATEFUL) { iRet = FTPStatefulSessionInspection(p, GlobalConf, &FtpSession, SiInput, piInspectMode); if (iRet) { return iRet; } if (p->stream_session_ptr) { SiInput->pproto = FTPP_SI_PROTO_FTP; _dpd.streamAPI->set_application_data(p->stream_session_ptr, PP_FTPTELNET, FtpSession, &FTPFreeSession); } else { /* Uh, can't create the session info */ /* Free session data, to avoid memory leak */ FTPFreeSession(FtpSession); SiInput->pproto = FTPP_SI_PROTO_UNKNOWN; return FTPP_NONFATAL_ERR; } } else { /* * Assume stateless processing otherwise */ iRet = FTPStatelessSessionInspection(p, GlobalConf, &FtpSession, SiInput, piInspectMode); if (iRet) { return iRet; } if (p->stream_session_ptr) { SiInput->pproto = FTPP_SI_PROTO_FTP; /* Set the free function pointer to NULL, * since this is a static one */ _dpd.streamAPI->set_application_data(p->stream_session_ptr, PP_FTPTELNET, FtpSession, NULL); } else { /* Uh, can't create the session info */ return FTPP_NONFATAL_ERR; } } return FTPP_SUCCESS;}/* * Function: ftpp_si_determine_proto(Packet *p, * FTPTELNET_GLOBAL_CONF *GlobalConf, * FTPP_SI_INPUT *SiInput, int *piInspectMode) * * Purpose: The Protocol Determination module determines whether this is * an FTP or telnet request. If this is an FTP request, it sets * the FTP Session data and inspection mode. * * The inspection mode can be either client or server. * * Arguments: p => pointer to the Packet/Session * GlobalConf => pointer to the global configuration * SiInput => pointer to the session information * piInspectMode => pointer so the inspection mode can be set * * Returns: int => return code indicating error or success * */int ftpp_si_determine_proto(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, FTPP_SI_INPUT *SiInput, int *piInspectMode){ /* Default to no FTP or Telnet case */ SiInput->pproto = FTPP_SI_PROTO_UNKNOWN; *piInspectMode = FTPP_SI_NO_MODE; TelnetSessionInspection(p, GlobalConf, SiInput, piInspectMode); if (SiInput->pproto == FTPP_SI_PROTO_TELNET) return FTPP_SUCCESS; FTPSessionInspection(p, GlobalConf, SiInput, piInspectMode); if (SiInput->pproto == FTPP_SI_PROTO_FTP) return FTPP_SUCCESS; return FTPP_INVALID_PROTO;}?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -