/*
* Function: FTPSessionInspection(Packet *p,
* FTPTELNET_GLOBAL_CONF *GlobalConf,
* FTPP_SI_INPUT *SiInput, int *piInspectMode)
*
* Purpose: The Session Inspection module selects the appropriate client
* configuration for the session, and the type of inspection to
* be performed (client or server.)
*
* When the Session Inspection module is in stateful mode, it
* checks to see if there is a FTP_SESSION pointer already
* associated with the stream. If there is, then it uses that
* session pointer, otherwise it calculates the server
* configuration using the FTP_SI_INPUT and returns a FTP_SESSION
* pointer. In stateful mode, this means that memory is allocated,
* but in stateless mode, the same session pointer is used for all
* packets to reduce the allocation overhead.
*
* The inspection mode can be either client or server.
*
* Arguments: p => pointer to the Packet/Session
* GlobalConf => pointer to the global configuration
* SiInput => pointer to the session information
* piInspectMode => pointer so the inspection mode can be set
*
* Returns: int => return code indicating error or success
*
*/
int FTPSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf,
FTP_SESSION **FtpSession, FTPP_SI_INPUT *SiInput, int *piInspectMode)
{
int iRet;
/*
* We get the server configuration and the session structure differently
* depending on what type of inspection we are doing. In the case of
* stateful processing, we may get the session structure from the Stream
* Reassembly module (which includes the server configuration) or the
* structure will be allocated and added to the stream pointer for the
* rest of the session.
*
* In stateless mode, we just use a static variable that is contained in
* the function here.
*/
if(GlobalConf->inspection_type == FTPP_UI_CONFIG_STATEFUL)
{
iRet = FTPStatefulSessionInspection(p, GlobalConf, FtpSession, SiInput, piInspectMode);
if (iRet)
return iRet;
}
else
{
/* Assume stateless processing otherwise */
iRet = FTPStatelessSessionInspection(p, GlobalConf, FtpSession, SiInput, piInspectMode);
if (iRet)
return iRet;
}
return FTPP_SUCCESS;
}
/*
* Function: FTPSessionInspection(Packet *p,
* FTPTELNET_GLOBAL_CONF *GlobalConf,
* FTPP_SI_INPUT *SiInput, int *piInspectMode)
*
* Purpose: The Session Inspection module selects the appropriate client
* configuration for the session, and the type of inspection to
* be performed (client or server.)
*
* When the Session Inspection module is in stateful mode, it
* checks to see if there is a FTP_SESSION pointer already
* associated with the stream. If there is, then it uses that
* session pointer, otherwise it calculates the server
* configuration using the FTP_SI_INPUT and returns a FTP_SESSION
* pointer. In stateful mode, this means that memory is allocated,
* but in stateless mode, the same session pointer is used for all
* packets to reduce the allocation overhead.
*
* The inspection mode can be either client or server.
*
* Arguments: p => pointer to the Packet/Session
* GlobalConf => pointer to the global configuration
* SiInput => pointer to the session information
* piInspectMode => pointer so the inspection mode can be set
*
* Returns: int => return code indicating error or success
*
*/
int FTPSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf,
FTPP_SI_INPUT *SiInput, int *piInspectMode)
{
int iRet;
FTP_SESSION *FtpSession;
/*
* We get the server configuration and the session structure differently
* depending on what type of inspection we are doing. In the case of
* stateful processing, we may get the session structure from the Stream
* Reassembly module (which includes the server configuration) or the
* structure will be allocated and added to the stream pointer for the
* rest of the session.
*
* In stateless mode, we just use a static variable that is contained in
* the function here.
*/
if(GlobalConf->inspection_type == FTPP_UI_CONFIG_STATEFUL)
{
iRet = FTPStatefulSessionInspection(p, GlobalConf, &FtpSession, SiInput, piInspectMode);
if (iRet)
{
return iRet;
}
if (p->stream_session_ptr)
{
SiInput->pproto = FTPP_SI_PROTO_FTP;
_dpd.streamAPI->set_application_data(p->stream_session_ptr,
PP_FTPTELNET, FtpSession, &FTPFreeSession);
}
else
{
/* Uh, can't create the session info */
/* Free session data, to avoid memory leak */
FTPFreeSession(FtpSession);
SiInput->pproto = FTPP_SI_PROTO_UNKNOWN;
return FTPP_NONFATAL_ERR;
}
}
else
{
/*
* Assume stateless processing otherwise
*/
iRet = FTPStatelessSessionInspection(p, GlobalConf, &FtpSession, SiInput, piInspectMode);
if (iRet)
{
return iRet;
}
if (p->stream_session_ptr)
{
SiInput->pproto = FTPP_SI_PROTO_FTP;
/* Set the free function pointer to NULL,
* since this is a static one */
_dpd.streamAPI->set_application_data(p->stream_session_ptr,
PP_FTPTELNET, FtpSession, NULL);
}
else
{
/* Uh, can't create the session info */
return FTPP_NONFATAL_ERR;
}
}
return FTPP_SUCCESS;
}
