/*
* Given a server configuration and a port number, we decide if the port is
* in the POP server port list.
*
* @param port the port number to compare with the configuration
*
* @return integer
* @retval 0 means that the port is not a server port
* @retval !0 means that the port is a server port
*/
int POP_IsServer(uint16_t port)
{
if( isPortEnabled( pop_eval_config->ports, port ) )
return 1;
return 0;
}
static void registerPortsForReassembly( modbus_config_t *policy, int direction )
{
uint32_t port;
for ( port = 0; port < MAX_PORTS; port++ )
{
if( isPortEnabled( policy->ports, port ) )
_dpd.streamAPI->register_reassembly_port( NULL, port, direction );
}
}
static void registerPortsForDispatch( struct _SnortConfig *sc, modbus_config_t *policy )
{
uint32_t port;
for ( port = 0; port < MAX_PORTS; port++ )
{
if( isPortEnabled( policy->ports, port ) )
_dpd.sessionAPI->enable_preproc_for_port( sc, PP_MODBUS, PROTO_BIT__TCP, port );
}
}
static void registerPortsForDispatch( struct _SnortConfig *sc, GTPConfig *policy )
{
int port;
for ( port = 0; port < MAXPORTS; port++ )
{
if( isPortEnabled( policy->ports, port ) )
_dpd.sessionAPI->enable_preproc_for_port( sc, PP_GTP, PROTO_BIT__UDP, port );
}
}
static void registerPortsForDispatch( struct _SnortConfig *sc, SIPConfig *policy )
{
if ( _dpd.isPreprocEnabled( sc, PP_APP_ID ) )
{
_dpd.sessionAPI->enable_preproc_all_ports( sc,
PP_SIP,
PROTO_BIT__UDP | PROTO_BIT__TCP );
}
else
{
int port;
for ( port = 0; port < MAXPORTS; port++ )
{
if( isPortEnabled( policy->ports, port ) )
_dpd.sessionAPI->enable_preproc_for_port( sc,
PP_SIP,
PROTO_BIT__UDP | PROTO_BIT__TCP,
port );
}
}
}
void IMAP_PrintConfig(IMAPConfig *config)
{
int i;
int j = 0;
char buf[8192];
if (config == NULL)
return;
memset(&buf[0], 0, sizeof(buf));
_dpd.logMsg("IMAP Config:\n");
if(config->disabled)
_dpd.logMsg(" IMAP: INACTIVE\n");
snprintf(buf, sizeof(buf) - 1, " Ports: ");
for(i = 0; i < 65536; i++)
{
if( isPortEnabled( config->ports, i ) )
{
j++;
_dpd.printfappend(buf, sizeof(buf) - 1, "%d ", i);
if(!(j%10))
_dpd.printfappend(buf, sizeof(buf) - 1, "\n ");
}
}
_dpd.logMsg("%s\n", buf);
_dpd.logMsg(" IMAP Memcap: %u\n",
config->memcap);
_dpd.logMsg(" MIME Max Mem: %d\n",
config->decode_conf.max_mime_mem);
if(config->decode_conf.b64_depth > -1)
{
_dpd.logMsg(" Base64 Decoding: %s\n", "Enabled");
switch(config->decode_conf.b64_depth)
{
case 0:
_dpd.logMsg(" Base64 Decoding Depth: %s\n", "Unlimited");
break;
default:
_dpd.logMsg(" Base64 Decoding Depth: %d\n", config->decode_conf.b64_depth);
break;
}
}
else
_dpd.logMsg(" Base64 Decoding: %s\n", "Disabled");
if(config->decode_conf.qp_depth > -1)
{
_dpd.logMsg(" Quoted-Printable Decoding: %s\n","Enabled");
switch(config->decode_conf.qp_depth)
{
case 0:
_dpd.logMsg(" Quoted-Printable Decoding Depth: %s\n", "Unlimited");
break;
default:
_dpd.logMsg(" Quoted-Printable Decoding Depth: %d\n", config->decode_conf.qp_depth);
break;
}
}
else
_dpd.logMsg(" Quoted-Printable Decoding: %s\n", "Disabled");
if(config->decode_conf.uu_depth > -1)
{
_dpd.logMsg(" Unix-to-Unix Decoding: %s\n","Enabled");
switch(config->decode_conf.uu_depth)
{
case 0:
_dpd.logMsg(" Unix-to-Unix Decoding Depth: %s\n", "Unlimited");
break;
default:
_dpd.logMsg(" Unix-to-Unix Decoding Depth: %d\n", config->decode_conf.uu_depth);
break;
}
}
else
_dpd.logMsg(" Unix-to-Unix Decoding: %s\n", "Disabled");
if(config->decode_conf.bitenc_depth > -1)
{
_dpd.logMsg(" Non-Encoded MIME attachment Extraction: %s\n","Enabled");
switch(config->decode_conf.bitenc_depth)
{
case 0:
_dpd.logMsg(" Non-Encoded MIME attachment Extraction Depth: %s\n", "Unlimited");
break;
default:
_dpd.logMsg(" Non-Encoded MIME attachment Extraction Depth: %d\n", config->decode_conf.bitenc_depth);
break;
}
}
else
_dpd.logMsg(" Non-Encoded MIME attachment Extraction: %s\n", "Disabled");
}
void SMTP_PrintConfig(SMTPConfig *config)
{
int i;
const SMTPToken *cmd;
char buf[8192];
if (config == NULL)
return;
memset(&buf[0], 0, sizeof(buf));
_dpd.logMsg("SMTP Config:\n");
if(config->disabled)
{
_dpd.logMsg(" SMTP: INACTIVE\n");
}
snprintf(buf, sizeof(buf) - 1, " Ports: ");
for(i = 0; i < 65536; i++)
{
if( isPortEnabled( config->ports, i ) )
{
_dpd.printfappend(buf, sizeof(buf) - 1, "%d ", i);
}
}
_dpd.logMsg("%s\n", buf);
_dpd.logMsg(" Inspection Type: %s\n",
config->inspection_type ? "Stateful" : "Stateless");
snprintf(buf, sizeof(buf) - 1, " Normalize: ");
switch (config->normalize)
{
case NORMALIZE_ALL:
_dpd.printfappend(buf, sizeof(buf) - 1, "all");
break;
case NORMALIZE_NONE:
_dpd.printfappend(buf, sizeof(buf) - 1, "none");
break;
case NORMALIZE_CMDS:
if (config->print_cmds)
{
for (cmd = config->cmds; cmd->name != NULL; cmd++)
{
if (config->cmd_config[cmd->search_id].normalize)
{
_dpd.printfappend(buf, sizeof(buf) - 1, "%s ", cmd->name);
}
}
}
else
{
_dpd.printfappend(buf, sizeof(buf) - 1, "cmds");
}
break;
}
_dpd.logMsg("%s\n", buf);
_dpd.logMsg(" Ignore Data: %s\n",
config->decode_conf.ignore_data ? "Yes" : "No");
_dpd.logMsg(" Ignore TLS Data: %s\n",
config->ignore_tls_data ? "Yes" : "No");
_dpd.logMsg(" Ignore SMTP Alerts: %s\n",
config->no_alerts ? "Yes" : "No");
if (!config->no_alerts)
{
snprintf(buf, sizeof(buf) - 1, " Max Command Line Length: ");
if (config->max_command_line_len == 0)
_dpd.printfappend(buf, sizeof(buf) - 1, "Unlimited");
else
_dpd.printfappend(buf, sizeof(buf) - 1, "%d", config->max_command_line_len);
_dpd.logMsg("%s\n", buf);
if (config->print_cmds)
{
int max_line_len_count = 0;
int max_line_len = 0;
snprintf(buf, sizeof(buf) - 1, " Max Specific Command Line Length: ");
for (cmd = config->cmds; cmd->name != NULL; cmd++)
{
max_line_len = config->cmd_config[cmd->search_id].max_line_len;
if (max_line_len != 0)
{
if (max_line_len_count % 5 == 0)
{
_dpd.logMsg("%s\n", buf);
snprintf(buf, sizeof(buf) - 1, " %s:%d ", cmd->name, max_line_len);
}
else
{
_dpd.printfappend(buf, sizeof(buf) - 1, "%s:%d ", cmd->name, max_line_len);
}
max_line_len_count++;
}
}
if (max_line_len_count == 0)
_dpd.logMsg("%sNone\n", buf);
else
_dpd.logMsg("%s\n", buf);
}
snprintf(buf, sizeof(buf) - 1, " Max Header Line Length: ");
if (config->max_header_line_len == 0)
_dpd.logMsg("%sUnlimited\n", buf);
else
_dpd.logMsg("%s%d\n", buf, config->max_header_line_len);
snprintf(buf, sizeof(buf) - 1, " Max Response Line Length: ");
if (config->max_response_line_len == 0)
_dpd.logMsg("%sUnlimited\n", buf);
else
_dpd.logMsg("%s%d\n", buf, config->max_response_line_len);
}
_dpd.logMsg(" X-Link2State Alert: %s\n",
config->alert_xlink2state ? "Yes" : "No");
if (config->alert_xlink2state)
{
_dpd.logMsg(" Drop on X-Link2State Alert: %s\n",
config->drop_xlink2state ? "Yes" : "No");
}
if (config->print_cmds && !config->no_alerts)
{
int alert_count = 0;
snprintf(buf, sizeof(buf) - 1, " Alert on commands: ");
for (cmd = config->cmds; cmd->name != NULL; cmd++)
{
if (config->cmd_config[cmd->search_id].alert)
{
_dpd.printfappend(buf, sizeof(buf) - 1, "%s ", cmd->name);
alert_count++;
}
}
if (alert_count == 0)
{
_dpd.logMsg("%sNone\n", buf);
}
else
{
_dpd.logMsg("%s\n", buf);
}
}
_dpd.logMsg(" Alert on unknown commands: %s\n",
config->alert_unknown_cmds ? "Yes" : "No");
_dpd.logMsg(" SMTP Memcap: %u\n",
config->memcap);
_dpd.logMsg(" MIME Max Mem: %d\n",
config->decode_conf.max_mime_mem);
if(config->decode_conf.b64_depth > -1)
{
_dpd.logMsg(" Base64 Decoding: %s\n", "Enabled");
switch(config->decode_conf.b64_depth)
{
case 0:
_dpd.logMsg(" Base64 Decoding Depth: %s\n", "Unlimited");
break;
default:
_dpd.logMsg(" Base64 Decoding Depth: %d\n", config->decode_conf.b64_depth);
break;
}
}
else
_dpd.logMsg(" Base64 Decoding: %s\n", "Disabled");
if(config->decode_conf.qp_depth > -1)
{
_dpd.logMsg(" Quoted-Printable Decoding: %s\n","Enabled");
switch(config->decode_conf.qp_depth)
{
case 0:
_dpd.logMsg(" Quoted-Printable Decoding Depth: %s\n", "Unlimited");
break;
default:
_dpd.logMsg(" Quoted-Printable Decoding Depth: %d\n", config->decode_conf.qp_depth);
break;
}
}
else
_dpd.logMsg(" Quoted-Printable Decoding: %s\n", "Disabled");
if(config->decode_conf.uu_depth > -1)
{
_dpd.logMsg(" Unix-to-Unix Decoding: %s\n","Enabled");
switch(config->decode_conf.uu_depth)
{
case 0:
_dpd.logMsg(" Unix-to-Unix Decoding Depth: %s\n", "Unlimited");
break;
default:
_dpd.logMsg(" Unix-to-Unix Decoding Depth: %d\n", config->decode_conf.uu_depth);
break;
}
}
else
_dpd.logMsg(" Unix-to-Unix Decoding: %s\n", "Disabled");
if(config->decode_conf.bitenc_depth > -1)
{
_dpd.logMsg(" Non-Encoded MIME attachment Extraction: %s\n","Enabled");
switch(config->decode_conf.bitenc_depth)
{
case 0:
_dpd.logMsg(" Non-Encoded MIME attachment Extraction Depth: %s\n", "Unlimited");
break;
default:
_dpd.logMsg(" Non-Encoded MIME attachment Extraction Depth: %d\n", config->decode_conf.bitenc_depth);
break;
}
}
else
_dpd.logMsg(" Non-Encoded MIME attachment Extraction/text: %s\n", "Disabled");
_dpd.logMsg(" Log Attachment filename: %s\n",
config->log_config.log_filename ? "Enabled" : "Not Enabled");
_dpd.logMsg(" Log MAIL FROM Address: %s\n",
config->log_config.log_mailfrom ? "Enabled" : "Not Enabled");
_dpd.logMsg(" Log RCPT TO Addresses: %s\n",
config->log_config.log_rcptto ? "Enabled" : "Not Enabled");
_dpd.logMsg(" Log Email Headers: %s\n",
config->log_config.log_email_hdrs ? "Enabled" : "Not Enabled");
if(config->log_config.log_email_hdrs)
{
_dpd.logMsg(" Email Hdrs Log Depth: %u\n",
config->log_config.email_hdrs_log_depth);
}
}
