/* * Function: FTPSessionInspection(Packet *p, * FTPTELNET_GLOBAL_CONF *GlobalConf, * FTPP_SI_INPUT *SiInput, int *piInspectMode) * * Purpose: The Session Inspection module selects the appropriate client * configuration for the session, and the type of inspection to * be performed (client or server.) * * When the Session Inspection module is in stateful mode, it * checks to see if there is a FTP_SESSION pointer already * associated with the stream. If there is, then it uses that * session pointer, otherwise it calculates the server * configuration using the FTP_SI_INPUT and returns a FTP_SESSION * pointer. In stateful mode, this means that memory is allocated, * but in stateless mode, the same session pointer is used for all * packets to reduce the allocation overhead. * * The inspection mode can be either client or server. * * Arguments: p => pointer to the Packet/Session * GlobalConf => pointer to the global configuration * SiInput => pointer to the session information * piInspectMode => pointer so the inspection mode can be set * * Returns: int => return code indicating error or success * */ int FTPSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, FTP_SESSION **FtpSession, FTPP_SI_INPUT *SiInput, int *piInspectMode) { int iRet; /* * We get the server configuration and the session structure differently * depending on what type of inspection we are doing. In the case of * stateful processing, we may get the session structure from the Stream * Reassembly module (which includes the server configuration) or the * structure will be allocated and added to the stream pointer for the * rest of the session. * * In stateless mode, we just use a static variable that is contained in * the function here. */ if(GlobalConf->inspection_type == FTPP_UI_CONFIG_STATEFUL) { iRet = FTPStatefulSessionInspection(p, GlobalConf, FtpSession, SiInput, piInspectMode); if (iRet) return iRet; } else { /* Assume stateless processing otherwise */ iRet = FTPStatelessSessionInspection(p, GlobalConf, FtpSession, SiInput, piInspectMode); if (iRet) return iRet; } return FTPP_SUCCESS; }
/* * Function: FTPSessionInspection(Packet *p, * FTPTELNET_GLOBAL_CONF *GlobalConf, * FTPP_SI_INPUT *SiInput, int *piInspectMode) * * Purpose: The Session Inspection module selects the appropriate client * configuration for the session, and the type of inspection to * be performed (client or server.) * * When the Session Inspection module is in stateful mode, it * checks to see if there is a FTP_SESSION pointer already * associated with the stream. If there is, then it uses that * session pointer, otherwise it calculates the server * configuration using the FTP_SI_INPUT and returns a FTP_SESSION * pointer. In stateful mode, this means that memory is allocated, * but in stateless mode, the same session pointer is used for all * packets to reduce the allocation overhead. * * The inspection mode can be either client or server. * * Arguments: p => pointer to the Packet/Session * GlobalConf => pointer to the global configuration * SiInput => pointer to the session information * piInspectMode => pointer so the inspection mode can be set * * Returns: int => return code indicating error or success * */ int FTPSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, FTPP_SI_INPUT *SiInput, int *piInspectMode) { int iRet; FTP_SESSION *FtpSession; /* * We get the server configuration and the session structure differently * depending on what type of inspection we are doing. In the case of * stateful processing, we may get the session structure from the Stream * Reassembly module (which includes the server configuration) or the * structure will be allocated and added to the stream pointer for the * rest of the session. * * In stateless mode, we just use a static variable that is contained in * the function here. */ if(GlobalConf->inspection_type == FTPP_UI_CONFIG_STATEFUL) { iRet = FTPStatefulSessionInspection(p, GlobalConf, &FtpSession, SiInput, piInspectMode); if (iRet) { return iRet; } if (p->stream_session_ptr) { SiInput->pproto = FTPP_SI_PROTO_FTP; _dpd.streamAPI->set_application_data(p->stream_session_ptr, PP_FTPTELNET, FtpSession, &FTPFreeSession); } else { /* Uh, can't create the session info */ /* Free session data, to avoid memory leak */ FTPFreeSession(FtpSession); SiInput->pproto = FTPP_SI_PROTO_UNKNOWN; return FTPP_NONFATAL_ERR; } } else { /* * Assume stateless processing otherwise */ iRet = FTPStatelessSessionInspection(p, GlobalConf, &FtpSession, SiInput, piInspectMode); if (iRet) { return iRet; } if (p->stream_session_ptr) { SiInput->pproto = FTPP_SI_PROTO_FTP; /* Set the free function pointer to NULL, * since this is a static one */ _dpd.streamAPI->set_application_data(p->stream_session_ptr, PP_FTPTELNET, FtpSession, NULL); } else { /* Uh, can't create the session info */ return FTPP_NONFATAL_ERR; } } return FTPP_SUCCESS; }