/*
* Function: FTPStatelessSessionInspection(Packet *p,
* FTPTELNET_GLOBAL_CONF *GlobalConf,
* FTP_SESSION **FtpSession,
* FTPP_SI_INPUT *SiInput, int *piInspectMode)
*
* Purpose: Initialize the session and server configurations for this
* packet/stream. It is important to note in stateless mode that
* we assume no knowledge of the state of a connection, other than
* the knowledge that we can glean from an individual packet. So
* in essence, each packet is it's own session and there is no
* knowledge retained from one packet to another. If you want to
* track an FTP session for real, use stateful mode.
*
* In this function, we set the Session pointer (which includes
* the correct server configuration). The actual processing to find
* which IP is the server and which is the client, is done in the
* InitServerConf() function.
*
* Arguments: p => pointer to the Packet/Session
* GlobalConf => pointer to the global configuration
* Session => double pointer to the Session structure
* SiInput => pointer to the session information
* piInspectMode => pointer so the inspection mode can be set
*
* Returns: int => return code indicating error or success
*
*/
static int FTPStatelessSessionInspection(SFSnortPacket *p,
FTPTELNET_GLOBAL_CONF *GlobalConf,
FTP_SESSION **FtpSession,
FTPP_SI_INPUT *SiInput, int *piInspectMode)
{
FTP_CLIENT_PROTO_CONF *ClientConf;
FTP_SERVER_PROTO_CONF *ServerConf;
int iRet;
FTPResetSession(&StaticSession);
iRet = FTPInitConf(p, GlobalConf, &ClientConf, &ServerConf, SiInput, piInspectMode);
if (iRet)
return iRet;
StaticSession.ft_ssn.proto = FTPP_SI_PROTO_FTP;
StaticSession.global_conf = ftp_telnet_config;
StaticSession.client_conf = ClientConf;
StaticSession.server_conf = ServerConf;
SiInput->pproto = FTPP_SI_PROTO_FTP;
*FtpSession = &StaticSession;
return FTPP_SUCCESS;
}
static int FTPStatelessSessionInspection(SFSnortPacket *p,
FTPTELNET_GLOBAL_CONF *GlobalConf,
FTP_SESSION **FtpSession,
FTPP_SI_INPUT *SiInput, int *piInspectMode)
{
FTP_CLIENT_PROTO_CONF *ClientConf;
FTP_SERVER_PROTO_CONF *ServerConf;
int iRet;
FTPResetSession(&StaticSession, first);
if (first)
first = 0;
iRet = FTPInitConf(p, GlobalConf, &ClientConf, &ServerConf, SiInput, piInspectMode);
if (iRet)
{
return iRet;
}
StaticSession.client_conf = ClientConf;
StaticSession.server_conf = ServerConf;
StaticSession.global_conf = GlobalConf;
*FtpSession = &StaticSession;
return FTPP_SUCCESS;
}
/*
* Function: FTPStatefulSessionInspection(Packet *p,
* FTPTELNET_GLOBAL_CONF *GlobalConf,
* FTP_SESSION **FtpSession,
* FTPP_SI_INPUT *SiInput, int *piInspectMode)
*
* Purpose: Initialize the session and server configurations for this
* packet/stream. In this function, we set the Session pointer
* (which includes the correct server configuration). The actual
* processing to find which IP is the server and which is the
* client, is done in the InitServerConf() function.
*
* Arguments: p => pointer to the Packet/Session
* GlobalConf => pointer to the global configuration
* Session => double pointer to the Session structure
* SiInput => pointer to the session information
* piInspectMode => pointer so the inspection mode can be set
*
* Returns: int => return code indicating error or success
*
*/
static int FTPStatefulSessionInspection(SFSnortPacket *p,
FTPTELNET_GLOBAL_CONF *GlobalConf,
FTP_SESSION **FtpSession,
FTPP_SI_INPUT *SiInput, int *piInspectMode)
{
if (p->stream_session_ptr)
{
FTP_CLIENT_PROTO_CONF *ClientConf;
FTP_SERVER_PROTO_CONF *ServerConf;
int iRet;
iRet = FTPInitConf(p, GlobalConf, &ClientConf, &ServerConf, SiInput, piInspectMode);
if (iRet)
return iRet;
if (*piInspectMode)
{
FTP_SESSION *NewSession = (FTP_SESSION *)calloc(1, sizeof(FTP_SESSION));
tSfPolicyId policy_id = _dpd.getRuntimePolicy();
if (NewSession == NULL)
{
DynamicPreprocessorFatalMessage("Failed to allocate memory for "
"new FTP session.\n");
}
FTPResetSession(NewSession);
NewSession->ft_ssn.proto = FTPP_SI_PROTO_FTP;
NewSession->client_conf = ClientConf;
NewSession->server_conf = ServerConf;
NewSession->global_conf = ftp_telnet_config;
NewSession->policy_id = policy_id;
GlobalConf->ref_count++;
_dpd.streamAPI->set_application_data
(p->stream_session_ptr, PP_FTPTELNET, NewSession, &FTPFreeSession);
*FtpSession = NewSession;
SiInput->pproto = FTPP_SI_PROTO_FTP;
return FTPP_SUCCESS;
}
}
return FTPP_INVALID_PROTO;
}
/*
* Function: FTPStatefulSessionInspection(Packet *p,
* FTPTELNET_GLOBAL_CONF *GlobalConf,
* FTP_SESSION **FtpSession,
* FTPP_SI_INPUT *SiInput, int *piInspectMode)
*
* Purpose: Initialize the session and server configurations for this
* packet/stream. In this function, we set the Session pointer
* (which includes the correct server configuration). The actual
* processing to find which IP is the server and which is the
* client, is done in the InitServerConf() function.
*
* Arguments: p => pointer to the Packet/Session
* GlobalConf => pointer to the global configuration
* Session => double pointer to the Session structure
* SiInput => pointer to the session information
* piInspectMode => pointer so the inspection mode can be set
*
* Returns: int => return code indicating error or success
*
*/
static int FTPStatefulSessionInspection(SFSnortPacket *p,
FTPTELNET_GLOBAL_CONF *GlobalConf,
FTP_SESSION **FtpSession,
FTPP_SI_INPUT *SiInput, int *piInspectMode)
{
FTP_CLIENT_PROTO_CONF *ClientConf;
FTP_SERVER_PROTO_CONF *ServerConf;
int iRet;
FTP_SESSION *NewSession;
/*
* First, check if there is already a session pointer.
*/
if (p->stream_session_ptr)
{
*FtpSession =
_dpd.streamAPI->get_application_data(p->stream_session_ptr, PP_FTPTELNET);
if (*FtpSession)
{
if (SiInput->pdir != FTPP_SI_NO_MODE)
{
*piInspectMode = SiInput->pdir;
}
else
{
FTP_SESSION *tmp = *FtpSession;
/* check session pointer server conf port */
if (tmp->server_conf && tmp->server_conf->proto_ports.ports[SiInput->sport])
*piInspectMode = FTPP_SI_SERVER_MODE;
else if (tmp->server_conf && tmp->server_conf->proto_ports.ports[SiInput->dport])
*piInspectMode = FTPP_SI_CLIENT_MODE;
else
*piInspectMode = FTPGetPacketDir(p);
}
return FTPP_SUCCESS;
}
}
/*
* If not, create a new one, and initialize it.
*/
iRet = FTPInitConf(p, GlobalConf, &ClientConf, &ServerConf, SiInput, piInspectMode);
if (iRet)
{
return iRet;
}
if (*piInspectMode)
{
NewSession = (FTP_SESSION *)calloc(1, sizeof(FTP_SESSION));
if (NewSession == NULL)
{
DynamicPreprocessorFatalMessage("%s(%d) => Failed to allocate memory for new FTP session\n",
*(_dpd.config_file), *(_dpd.config_line));
}
FTPResetSession(NewSession, 1);
NewSession->client_conf = ClientConf;
NewSession->server_conf = ServerConf;
NewSession->global_conf = GlobalConf;
*FtpSession = NewSession;
return FTPP_SUCCESS;
}
return FTPP_INVALID_PROTO;
}
