?? sp_react.c
字號:
if(buf_size > TCP_DATA_BUF) { FatalError("%s(%d): invalid html response buffer size: %d\n", file_name, file_line, buf_size); } else { /* msg included */ if((idx->html_resp_size == 1) && (buf_size + strlen(otn->sigInfo.message) < TCP_DATA_BUF)) { buf_size += strlen(otn->sigInfo.message); } /* create html response buffer */ idx->html_resp_buf = (u_char *)SnortAlloc(sizeof(char) * buf_size); if (idx->html_resp_size == 1) { ret = SnortSnprintf((char *)idx->html_resp_buf, buf_size, "%s%s%s%s%s", tmp_buf1, VERSION, tmp_buf2, otn->sigInfo.message, tmp_buf3); } else { ret = SnortSnprintf((char *)idx->html_resp_buf, buf_size, "%s%s%s%s", tmp_buf1, VERSION, tmp_buf2, tmp_buf3); } if (ret != SNORT_SNPRINTF_SUCCESS) { FatalError("%s(%d): SnortSnprintf failed\n", file_name, file_line); } } } else if(idx->reaction_flag == REACT_WARN) { /* count the respond buf size (max TCP_DATA_BUF) */ buf_size += strlen(tmp_buf4) + strlen(tmp_buf5) + strlen(tmp_buf6) + strlen(VERSION); if(buf_size > TCP_DATA_BUF) { FatalError("%s(%d): invalid html response buffer size: %d\n", file_name, file_line, buf_size); } else { /* msg included */ if((idx->html_resp_size == 1) && (buf_size + strlen(otn->sigInfo.message) < TCP_DATA_BUF)) { buf_size += strlen(otn->sigInfo.message); } /* create html response buffer */ idx->html_resp_buf = (u_char *)SnortAlloc(sizeof(char) * buf_size); if (idx->html_resp_size == 1) { ret = SnortSnprintf((char *)idx->html_resp_buf, buf_size, "%s%s%s%s%s", tmp_buf4, VERSION, tmp_buf5, otn->sigInfo.message, tmp_buf6); } else { ret = SnortSnprintf((char *)idx->html_resp_buf, buf_size, "%s%s%s%s", tmp_buf4, VERSION, tmp_buf5, tmp_buf6); } if (ret != SNORT_SNPRINTF_SUCCESS) { FatalError("%s(%d): SnortSnprintf failed\n", file_name, file_line); } } } /* set the html response buffer size */ idx->html_resp_size = buf_size; } return;}/**************************************************************************** * * Function: React(Packet *p, OptTreeNode *otn_tmp) * * Purpose: React to hostile connection attempts according to reaction_flag * * Arguments: p => pointer to the current packet * otn => pointer to the current rule option list node * * Returns: Always calls the next function (this one doesn't test the data, * it just closes the connection...) * ***************************************************************************/int React(Packet *p, RspFpList *fp_list){ ReactData *idx; int i; DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"In React()\n");); if(!p->tcph) { DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"No TCP header ... leaving");); return 1; } idx = (ReactData *)fp_list->params; if(idx == NULL) { DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Nothing to do ... leaving");); return 1; } /* check the reaction flag */ if(idx->reaction_flag == REACT_BLOCK) { /* send HTML page buffer to a rude browser user and close the connection */ /* incoming */ if((ntohs(p->tcph->th_sport)) == 80 || (ntohs(p->tcph->th_sport)) == idx->proxy_port_nr) { for(i = 0; i < 5; i++) { SendTCP(p->iph->ip_src.s_addr, p->iph->ip_dst.s_addr, p->tcph->th_sport, p->tcph->th_dport, p->tcph->th_seq, htonl(ntohl(p->tcph->th_ack) + i), TH_FIN, idx->html_resp_buf, idx->html_resp_size); } for(i = 0; i < 5; i++) { SendTCP(p->iph->ip_dst.s_addr, p->iph->ip_src.s_addr, p->tcph->th_dport, p->tcph->th_sport, p->tcph->th_ack, htonl(ntohl(p->tcph->th_seq) + i), TH_RST, idx->html_resp_buf, 0); } } /* outgoing */ else if(ntohs(p->tcph->th_dport) == 80 || (ntohs(p->tcph->th_dport)) == idx->proxy_port_nr) { for(i = 0; i < 5; i++) { SendTCP(p->iph->ip_dst.s_addr, p->iph->ip_src.s_addr, p->tcph->th_dport, p->tcph->th_sport, p->tcph->th_ack, htonl(ntohl(p->tcph->th_seq) + i), TH_FIN, idx->html_resp_buf, idx->html_resp_size); SendTCP(p->iph->ip_src.s_addr, p->iph->ip_dst.s_addr, p->tcph->th_sport, p->tcph->th_dport, p->tcph->th_seq, htonl(ntohl(p->tcph->th_ack) + i), TH_RST, idx->html_resp_buf, 0); } } else /* reset the connection */ { for(i = 0; i < 5; i++) { SendTCP(p->iph->ip_dst.s_addr, p->iph->ip_src.s_addr, p->tcph->th_dport, p->tcph->th_sport, p->tcph->th_ack, htonl(ntohl(p->tcph->th_seq) + i), TH_RST, idx->html_resp_buf, 0); SendTCP(p->iph->ip_src.s_addr, p->iph->ip_dst.s_addr, p->tcph->th_sport, p->tcph->th_dport, p->tcph->th_seq, htonl(ntohl(p->tcph->th_ack) + i), TH_RST, idx->html_resp_buf, 0); } } } else if(idx->reaction_flag == REACT_WARN) { /* send HTML warning page buffer to a rude browser user */ /* incoming */ if((ntohs(p->tcph->th_sport)) == 80 || (ntohs(p->tcph->th_sport)) == idx->proxy_port_nr) { for(i = 0; i < 5; i++) { SendTCP(p->iph->ip_src.s_addr, p->iph->ip_dst.s_addr, p->tcph->th_sport, p->tcph->th_dport, p->tcph->th_seq, p->tcph->th_ack + i, TH_URG, idx->html_resp_buf, idx->html_resp_size); } } /* outgoing */ else if(ntohs(p->tcph->th_dport) == 80 || (ntohs(p->tcph->th_dport)) == idx->proxy_port_nr) { for(i = 0; i < 5; i++) { SendTCP(p->iph->ip_dst.s_addr, p->iph->ip_src.s_addr, p->tcph->th_dport, p->tcph->th_sport, p->tcph->th_ack, p->tcph->th_seq + i, TH_URG, idx->html_resp_buf, idx->html_resp_size); } } } return 1;} int SendTCP(u_long saddr, u_long daddr, u_short sport, u_short dport, int seq, int ack, u_char bits, const u_char *data_buf, int data_size){ u_char *buf; int sz = data_size + IP_H + TCP_H; DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"In SendTCP()\n");); if((buf = malloc(sz)) == NULL) { perror("SendTCPRST: malloc"); return -1; } memset(buf, 0, sz); libnet_build_ip( TCP_H /* Length of packet data */ , 0xF4 /* IP tos */ , (u_short) libnet_get_prand(PRu16) /* IP ID */ , 0 /* Fragmentation flags and offset */ , 64 /* TTL */ , IPPROTO_TCP /* Protocol */ , saddr /* Source IP Address */ , daddr /* Destination IP Address */ , NULL /* Pointer to packet data (or NULL) */ , 0 /* Packet payload size */ , buf /* Pointer to packet header memory */ ); libnet_build_tcp( ntohs(sport) /* Source port */ , ntohs(dport) /* Destination port */ , ntohl(seq) /* Sequence Number */ , ntohl(ack) /* Acknowledgement Number */ , bits /* Control bits */ , 1024 /* Advertised Window Size */ , 0 /* Urgent Pointer */ , data_buf /* Pointer to packet data (or NULL) */ , data_size /* Packet payload size */ , buf + IP_H /* Pointer to packet header memory */ ); libnet_do_checksum(buf, IPPROTO_TCP, sz - IP_H); if(libnet_write_ip(nd, buf, sz) < sz) { libnet_error(LIBNET_ERR_CRITICAL, "SendTCP: libnet_write_ip\n"); return -1; } libnet_destroy_packet(&buf); return 0;}#if defined(ENABLE_REACT) && !defined(ENABLE_RESPONSE)void ReactRestart(int signal, void *data){ if (nd != -1) { libnet_close_raw_sock(nd); nd = -1; } return;}#endif /* ENABLE_REACT && !ENABLE_RESPONSE */#endif /* ENABLE_RESPONSE || ENABLE_REACT */?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -