/* Display the configuration for the DNS preprocessor.
*
* PARAMETERS: None.
*
* RETURNS: Nothing.
*/
static void PrintDNSConfig()
{
int index;
_dpd.logMsg("DNS config: \n");
#if 0
_dpd.logMsg(" Autodetection: %s\n",
dns_config.autodetect ?
"ENABLED":"DISABLED");
#endif
_dpd.logMsg(" DNS Client rdata txt Overflow Alert: %s\n",
dns_config.enabled_alerts & DNS_ALERT_RDATA_OVERFLOW ?
"ACTIVE" : "INACTIVE" );
_dpd.logMsg(" Obsolete DNS RR Types Alert: %s\n",
dns_config.enabled_alerts & DNS_ALERT_OBSOLETE_TYPES ?
"ACTIVE" : "INACTIVE" );
_dpd.logMsg(" Experimental DNS RR Types Alert: %s\n",
dns_config.enabled_alerts & DNS_ALERT_EXPERIMENTAL_TYPES ?
"ACTIVE" : "INACTIVE" );
/* Printing ports */
_dpd.logMsg(" Ports:");
for(index = 0; index < MAX_PORTS; index++)
{
if( dns_config.ports[ PORT_INDEX(index) ] & CONV_PORT(index) )
{
_dpd.logMsg(" %d", index);
}
}
_dpd.logMsg("\n");
}
/* Display the configuration for the SSL preprocessor.
*
* PARAMETERS: None.
*
* RETURNS: Nothing.
*/
static void PrintSSLConfig( const SSLConfig* ssl_config )
{
int index;
if (ssl_config->server_cnt > 0)
{
_dpd.logMsg("SSL Config:\n");
_dpd.logMsg(" Server(s):\n");
for(index = 0; index < ssl_config->server_cnt; index++)
{
_dpd.logMsg("IP address: %s\n", inet_ntoa(ssl_config->server[index]->server_ip));
_dpd.logMsg(" Port: %i\n", ssl_config->server[index]->port);
_dpd.logMsg(" Keyfile: %s\n\n", ssl_config->server[index]->server_keyfile);
}
}
}
static void PrintConfig(void)
{
int i;
const SMTPToken *cmd;
char buf[8192];
memset(&buf[0], 0, sizeof(buf));
_dpd.logMsg("\nSMTP Config:\n");
snprintf(buf, sizeof(buf) - 1, " Ports: ");
for (i = 0; i < 65536; i++)
{
if (_smtp_config.ports[i / 8] & (1 << (i % 8)))
{
_dpd.printfappend(buf, sizeof(buf) - 1, "%d ", i);
}
}
_dpd.logMsg("%s\n", buf);
_dpd.logMsg(" Inspection Type: %s\n",
_smtp_config.inspection_type ? "Stateful" : "Stateless");
snprintf(buf, sizeof(buf) - 1, " Normalize: ");
switch (_smtp_config.normalize)
{
case NORMALIZE_ALL:
_dpd.printfappend(buf, sizeof(buf) - 1, "all");
break;
case NORMALIZE_NONE:
_dpd.printfappend(buf, sizeof(buf) - 1, "none");
break;
case NORMALIZE_CMDS:
if (_smtp_config.print_cmds)
{
for (cmd = _smtp_cmds; cmd->name != NULL; cmd++)
{
if (_smtp_cmd_config[cmd->search_id].normalize)
{
_dpd.printfappend(buf, sizeof(buf) - 1, "%s ", cmd->name);
}
}
}
else
{
_dpd.printfappend(buf, sizeof(buf) - 1, "cmds");
}
break;
}
_dpd.logMsg("%s\n", buf);
_dpd.logMsg(" Ignore Data: %s\n",
_smtp_config.ignore_data ? "Yes" : "No");
_dpd.logMsg(" Ignore TLS Data: %s\n",
_smtp_config.ignore_tls_data ? "Yes" : "No");
_dpd.logMsg(" Ignore SMTP Alerts: %s\n",
_smtp_config.no_alerts ? "Yes" : "No");
if (!_smtp_config.no_alerts)
{
snprintf(buf, sizeof(buf) - 1, " Max Command Line Length: ");
if (_smtp_config.max_command_line_len == 0)
_dpd.printfappend(buf, sizeof(buf) - 1, "Unlimited");
else
_dpd.printfappend(buf, sizeof(buf) - 1, "%d", _smtp_config.max_command_line_len);
_dpd.logMsg("%s\n", buf);
if (_smtp_config.print_cmds)
{
int max_line_len_count = 0;
int max_line_len = 0;
snprintf(buf, sizeof(buf) - 1, " Max Specific Command Line Length: ");
for (cmd = _smtp_cmds; cmd->name != NULL; cmd++)
{
max_line_len = _smtp_cmd_config[cmd->search_id].max_line_len;
if (max_line_len != 0)
{
if (max_line_len_count % 5 == 0)
{
_dpd.logMsg("%s\n", buf);
snprintf(buf, sizeof(buf) - 1, " %s:%d ", cmd->name, max_line_len);
}
else
{
_dpd.printfappend(buf, sizeof(buf) - 1, "%s:%d ", cmd->name, max_line_len);
}
max_line_len_count++;
}
}
if (max_line_len_count == 0)
_dpd.logMsg("%sNone\n", buf);
else
_dpd.logMsg("%s\n", buf);
}
snprintf(buf, sizeof(buf) - 1, " Max Header Line Length: ");
if (_smtp_config.max_header_line_len == 0)
_dpd.logMsg("%sUnlimited\n", buf);
else
_dpd.logMsg("%s%d\n", buf, _smtp_config.max_header_line_len);
snprintf(buf, sizeof(buf) - 1, " Max Response Line Length: ");
if (_smtp_config.max_response_line_len == 0)
_dpd.logMsg("%sUnlimited\n", buf);
else
_dpd.logMsg("%s%d\n", buf, _smtp_config.max_response_line_len);
}
_dpd.logMsg(" X-Link2State Alert: %s\n",
_smtp_config.alert_xlink2state ? "Yes" : "No");
if (_smtp_config.alert_xlink2state)
{
_dpd.logMsg(" Drop on X-Link2State Alert: %s\n",
_smtp_config.drop_xlink2state ? "Yes" : "No");
}
if (_smtp_config.print_cmds && !_smtp_config.no_alerts)
{
int alert_count = 0;
snprintf(buf, sizeof(buf) - 1, " Alert on commands: ");
for (cmd = _smtp_cmds; cmd->name != NULL; cmd++)
{
if (_smtp_cmd_config[cmd->search_id].alert)
{
_dpd.printfappend(buf, sizeof(buf) - 1, "%s ", cmd->name);
alert_count++;
}
}
if (alert_count == 0)
{
_dpd.logMsg("%sNone\n", buf);
}
else
{
_dpd.logMsg("%s\n", buf);
}
}
}
/* Display the configuration for the SSH preprocessor.
*
* PARAMETERS: None.
*
* RETURNS: Nothing.
*/
static void
DisplaySSHConfig(SSHConfig *config)
{
int index;
int newline;
if (config == NULL)
return;
_dpd.logMsg("SSH config: \n");
_dpd.logMsg(" Autodetection: %s\n",
config->AutodetectEnabled ?
"ENABLED":"DISABLED");
_dpd.logMsg(" Challenge-Response Overflow Alert: %s\n",
config->EnabledAlerts & SSH_ALERT_RESPOVERFLOW ?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" SSH1 CRC32 Alert: %s\n",
config->EnabledAlerts & SSH_ALERT_CRC32 ?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" Server Version String Overflow Alert: %s\n",
config->EnabledAlerts & SSH_ALERT_SECURECRT ?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" Protocol Mismatch Alert: %s\n",
config->EnabledAlerts & SSH_ALERT_PROTOMISMATCH?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" Bad Message Direction Alert: %s\n",
config->EnabledAlerts & SSH_ALERT_WRONGDIR ?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" Bad Payload Size Alert: %s\n",
config->EnabledAlerts & SSH_ALERT_PAYSIZE ?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" Unrecognized Version Alert: %s\n",
config->EnabledAlerts & SSH_ALERT_UNRECOGNIZED ?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" Max Encrypted Packets: %d %s \n",
config->MaxEncryptedPackets,
config->MaxEncryptedPackets
== SSH_DEFAULT_MAX_ENC_PKTS ?
"(Default)" : "" );
_dpd.logMsg(" Max Server Version String Length: %d %s \n",
config->MaxServerVersionLen,
config->MaxServerVersionLen
== SSH_DEFAULT_MAX_SERVER_VERSION_LEN ?
"(Default)" : "" );
if ( config->EnabledAlerts &
(SSH_ALERT_RESPOVERFLOW | SSH_ALERT_CRC32))
{
_dpd.logMsg(" MaxClientBytes: %d %s \n",
config->MaxClientBytes,
config->MaxClientBytes
== SSH_DEFAULT_MAX_CLIENT_BYTES ?
"(Default)" : "" );
}
/* Traverse list, printing ports, 5 per line */
newline = 1;
_dpd.logMsg(" Ports:\n");
for(index = 0; index < MAX_PORTS; index++)
{
if( config->ports[ PORT_INDEX(index) ] & CONV_PORT(index) )
{
_dpd.logMsg("\t%d", index);
if ( !((newline++)% 5) )
{
_dpd.logMsg("\n");
}
}
}
_dpd.logMsg("\n");
}
/* Display the configuration for the SSH preprocessor.
*
* PARAMETERS: None.
*
* RETURNS: Nothing.
*/
static void
DisplaySSHConfig()
{
int index;
int newline;
SSHPortNode* cur_nodep = NULL;
_dpd.logMsg("SSH config: \n");
_dpd.logMsg(" Autodetection: %s\n",
ssh_config.AutodetectEnabled ?
"ENABLED":"DISABLED");
_dpd.logMsg(" GOBBLES Alert: %s\n",
ssh_config.EnabledAlerts & SSH_ALERT_GOBBLES ?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" SSH1 CRC32 Alert: %s\n",
ssh_config.EnabledAlerts & SSH_ALERT_CRC32 ?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" Server Version String Overflow Alert: %s\n",
ssh_config.EnabledAlerts & SSH_ALERT_SECURECRT ?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" Protocol Mismatch Alert: %s\n",
ssh_config.EnabledAlerts & SSH_ALERT_PROTOMISMATCH?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" Bad Message Direction Alert: %s\n",
ssh_config.EnabledAlerts & SSH_ALERT_WRONGDIR ?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" Bad Payload Size Alert: %s\n",
ssh_config.EnabledAlerts & SSH_ALERT_PAYSIZE ?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" Unrecognized Version Alert: %s\n",
ssh_config.EnabledAlerts & SSH_ALERT_UNRECOGNIZED ?
"ENABLED" : "DISABLED" );
_dpd.logMsg(" Max Encrypted Packets: %d %s \n",
ssh_config.MaxEncryptedPackets,
ssh_config.MaxEncryptedPackets
== SSH_DEFAULT_MAX_ENC_PKTS ?
"(Default)" : "" );
if ( ssh_config.EnabledAlerts &
(SSH_ALERT_GOBBLES | SSH_ALERT_CRC32))
{
_dpd.logMsg(" MaxClientBytes: %d %s \n",
ssh_config.MaxClientBytes,
ssh_config.MaxClientBytes
== SSH_DEFAULT_MAX_CLIENT_BYTES ?
"(Default)" : "" );
}
/* Traverse list, printing ports, 5 per line */
newline = 1;
_dpd.logMsg(" Ports:\n");
for(index = 0; index < MAX_PORTS; index++)
{
if( ssh_config.ports[ PORT_INDEX(index) ] & CONV_PORT(index) )
{
_dpd.logMsg("\t%d", index);
if ( !((newline++)% 5) )
{
_dpd.logMsg("\n");
}
}
}
_dpd.logMsg("\n");
}
/* Parses and processes the configuration arguments
* supplied in the SSH preprocessor rule.
*
* PARAMETERS:
*
* argp: Pointer to string containing the config arguments.
*
* RETURNS: Nothing.
*/
static void
ParseSSHArgs( u_char* argp )
{
char* cur_tokenp = NULL;
char* argcpyp = NULL;
int port;
/* Set up default port to listen on */
ssh_config.ports[ PORT_INDEX( 22 ) ] |= CONV_PORT(22);
/* Sanity check(s) */
if ( !argp )
{
DisplaySSHConfig();
return;
}
argcpyp = strdup( (char*) argp );
if ( !argcpyp )
{
_dpd.fatalMsg("Could not allocate memory to parse SSH options.\n");
return;
}
cur_tokenp = strtok( argcpyp, " ");
while ( cur_tokenp )
{
if ( !strcmp( cur_tokenp, SSH_SERVERPORTS_KEYWORD ))
{
/* If the user specified ports, remove '22' for now since
* it now needs to be set explicitely. */
ssh_config.ports[ PORT_INDEX( 22 ) ] = 0;
/* Eat the open brace. */
cur_tokenp = strtok( NULL, " ");
if (( !cur_tokenp ) || ( cur_tokenp[0] != '{' ))
{
_dpd.fatalMsg("Bad value specified for %s.\n",
SSH_SERVERPORTS_KEYWORD);
free(argcpyp);
return;
}
cur_tokenp = strtok( NULL, " ");
while (( cur_tokenp ) && ( cur_tokenp[0] != '}' ))
{
if ( !isdigit( cur_tokenp[0] ))
{
_dpd.fatalMsg("Bad port %s.\n", cur_tokenp );
free(argcpyp);
return;
}
else
{
port = atoi( cur_tokenp );
if( port < 0 || port > MAX_PORTS )
{
_dpd.fatalMsg("Port value illegitimate: %s\n", cur_tokenp);
free(argcpyp);
return;
}
ssh_config.ports[ PORT_INDEX( port ) ] |= CONV_PORT(port);
}
cur_tokenp = strtok( NULL, " ");
}
}
else if ( !strcmp( cur_tokenp, SSH_AUTODETECT_KEYWORD ))
{
ssh_config.AutodetectEnabled++;
}
else if ( !strcmp( cur_tokenp, SSH_MAX_ENC_PKTS_KEYWORD ))
{
cur_tokenp = strtok( NULL, " ");
if (( !cur_tokenp ) || !isdigit(cur_tokenp[0]) )
{
_dpd.logMsg("Bad value specified for %s."
"Reverting to default value %d. ",
SSH_MAX_ENC_PKTS_KEYWORD,
SSH_DEFAULT_MAX_ENC_PKTS );
}
else
{
ssh_config.MaxEncryptedPackets = (u_int16_t)
atoi( cur_tokenp );
}
}
else if (!strcmp( cur_tokenp, SSH_MAX_CLIENT_BYTES_KEYWORD ))
{
cur_tokenp = strtok( NULL, " ");
if (( !cur_tokenp ) || !isdigit(cur_tokenp[0]) )
{
_dpd.logMsg("Bad value specified for %s."
"Reverting to default value %d. ",
SSH_MAX_CLIENT_BYTES_KEYWORD,
SSH_DEFAULT_MAX_CLIENT_BYTES );
}
else
{
ssh_config.MaxClientBytes = (u_int16_t)
atoi( cur_tokenp );
}
}
else if ( !strcmp( cur_tokenp, SSH_DISABLE_GOBBLES_KEYWORD ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_GOBBLES;
}
else if ( !strcmp( cur_tokenp, SSH_DISABLE_CRC32_KEYWORD ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_CRC32;
}
else if (
!strcmp( cur_tokenp, SSH_DISABLE_SECURECRT_KEYWORD ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_SECURECRT;
}
else if (
!strcmp( cur_tokenp, SSH_DISABLE_PROTOMISMATCH_KEYWORD ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_PROTOMISMATCH;
}
else if (
!strcmp( cur_tokenp, SSH_DISABLE_WRONGDIR_KEYWORD ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_WRONGDIR;
}
else if ( !strcmp( cur_tokenp, SSH_DISABLE_RULES_KEYWORD ))
{
ssh_config.DisableRules++;
}
else if( !strcmp( cur_tokenp, SSH_DISABLE_PAYLOAD_SIZE ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_PAYSIZE;
}
else if( !strcmp( cur_tokenp, SSH_DISABLE_UNRECOGNIZED_VER ))
{
ssh_config.EnabledAlerts &= ~SSH_ALERT_UNRECOGNIZED;
}
else
{
_dpd.fatalMsg("Invalid argument: %s\n", cur_tokenp);
return;
}
cur_tokenp = strtok( NULL, " " );
}
DisplaySSHConfig();
free(argcpyp);
}