Exemple #1
0
/*
 * Function: ftp_bounce_lookup_find(BOUNCE_LOOKUP *BounceLookup,
 *                                  snort_ip_p ip, int *iError)
 *
 * Purpose: Find a bounce configuration given a IP.
 *          We look up a bounce configuration given an IP and
 *          return a pointer to that bounce configuration if found.
 *
 * Arguments: BounceLookup => a pointer to the lookup structure
 *            IP           => the ftp bounce address
 *            iError       => a pointer to an error code
 *
 * Returns: int => return code indicating error or success
 *
 * Returns: FTP_BOUNCE_TO* => Pointer to bounce configuration structure
 *                            matching IP if found, NULL otherwise.
 *
 */
FTP_BOUNCE_TO  *ftp_bounce_lookup_find(
        BOUNCE_LOOKUP *BounceLookup, snort_ip_p Ip, int *iError ) 
{
    FTP_BOUNCE_TO *BounceTo = NULL;

    if(!iError)
    {
        return NULL;
    }

    if(!BounceLookup)
    {
        *iError = FTPP_INVALID_ARG;
        return NULL;
    }

    *iError = FTPP_SUCCESS;

    BounceTo = (FTP_BOUNCE_TO *)KMapFind(BounceLookup, (void*)IP_PTR(Ip), IP_SIZE(Ip));
    if (!BounceTo)
    {
        *iError = FTPP_NOT_FOUND;
    }

    return BounceTo;
}
Exemple #2
0
static tSFRFTrackingNode* _getSFRFTrackingNode(
    snort_ip_p ip,
    unsigned tid,
    time_t curTime
) {
    tSFRFTrackingNode* dynNode = NULL;
    tSFRFTrackingNodeKey key;
    SFXHASH_NODE * hnode = NULL;

    /* Setup key */
    key.ip = *(IP_PTR(ip));
    key.tid = tid;
    key.policyId = getRuntimePolicy();

    /*
     * Check for any Permanent sid objects for this gid or add this one ...
     */
    hnode = sfxhash_get_node(rf_hash, (void*)&key);
    if ( hnode && hnode->data )
    {
        dynNode = (tSFRFTrackingNode*)hnode->data;

        if ( dynNode->filterState == FS_NEW )
        {
            // first time initialization
            dynNode->tstart = curTime;
#ifdef SFRF_OVER_RATE
            dynNode->tlast = curTime;
#endif
            dynNode->filterState = FS_OFF;
        }
    }
    return dynNode;
}
Exemple #3
0
/*
 * Function: ftp_bounce_lookup_add(BOUNCE_LOOKUP *BounceLookup,
 *                                 char *ip, int len, 
 *                                 FTP_BOUNCE_TO *BounceTo)
 * 
 * Purpose: Add a bounce configuration to the list.  IP is stored
 *          in dot notation order.  When the lookup happens, we
 *          compare up to len bytes of the address.
 *
 * Arguments: BounceLookup => a pointer to the lookup structure
 *            IP           => the ftp bounce address 
 *            BounceTo     => a pointer to the bounce configuration structure
 *
 * Returns: int => return code indicating error or success
 *
 */
int ftp_bounce_lookup_add(BOUNCE_LOOKUP *BounceLookup, 
		snort_ip_p Ip, FTP_BOUNCE_TO *BounceTo)
{
    int iRet;

    if(!BounceLookup || !BounceTo)
    {
        return FTPP_INVALID_ARG;
    }

    iRet = KMapAdd(BounceLookup, (void*)IP_PTR(Ip), IP_SIZE(Ip), (void*)BounceTo);

    if (iRet)
    {
        /*
         * This means the key has already been added.
        */
        if(iRet == 1)
        {
            return FTPP_NONFATAL_ERR;
        }
        else
        {
            return FTPP_MEM_ALLOC_FAIL;
        }
    }

    return FTPP_SUCCESS;
}