int ipset_add ( IPSET * ipset, sfip_t *ip, void * vport, int notflag)
{
if( !ipset ) return -1;
{
PORTSET * portset = (PORTSET *) vport;
IP_PORT *p = (IP_PORT*)calloc( 1,sizeof(IP_PORT) );
if(!p) return -1;
sfip_set_ip(&p->ip, ip);
p->portset = *portset;
p->notflag = (char)notflag;
if( notflag )sflist_add_head( &ipset->ip_list, p ); // test NOT items 1st
else sflist_add_tail( &ipset->ip_list, p );
}
return 0;
}
int DeleteLWSession(Stream5SessionCache *sessionCache,
Stream5LWSession *ssn, char *delete_reason)
{
/* Need to save the current configurations being used since this function
* may cause a packet reassembly on this deleted session when flushing
* (via sessionCache->cleanup_fcn) and a preprocessor may call an API
* function changing the configurations to this one to be deleted */
Stream5GlobalConfig *save_global_eval_config = s5_global_eval_config;
Stream5TcpConfig *save_tcp_eval_config = s5_tcp_eval_config;
Stream5UdpConfig *save_udp_eval_config = s5_udp_eval_config;
Stream5IcmpConfig *save_icmp_eval_config = s5_icmp_eval_config;
int ret;
uint32_t prune_log_max;
/* Save the current mem in use before pruning */
uint32_t old_mem_in_use = mem_in_use;
/* And save some info on that session */
#ifdef SUP_IP6
sfip_t client_ip;
sfip_t server_ip;
#else
struct in_addr client_ip;
struct in_addr server_ip;
#endif
uint16_t client_port = ntohs(ssn->client_port);
uint16_t server_port = ntohs(ssn->server_port);
uint16_t lw_session_state = ssn->session_state;
uint32_t lw_session_flags = ssn->session_flags;
#ifdef TARGET_BASED
int16_t app_proto_id = ssn->application_protocol;
#endif
#ifdef SUP_IP6
sfip_set_ip(&client_ip, &ssn->client_ip);
sfip_set_ip(&server_ip, &ssn->server_ip);
#else
client_ip.s_addr = ssn->client_ip;
server_ip.s_addr = ssn->server_ip;
#endif
/*
* Call callback to cleanup the protocol (TCP/UDP/ICMP)
* specific session details
*/
if (sessionCache->cleanup_fcn)
sessionCache->cleanup_fcn(ssn);
FreeLWApplicationData(ssn);
/* Need to save this off since the global config might be from an
* older session - because of a reload - and that config might
* get freed after removing the session */
prune_log_max = s5_global_eval_config->prune_log_max;
ret = RemoveLWSession(sessionCache, ssn);
/* If we're pruning and we clobbered some large amount, log a
* message about that session. */
if (prune_log_max
&& ((old_mem_in_use - mem_in_use ) > prune_log_max))
{
char *client_ip_str, *server_ip_str;
#ifdef SUP_IP6
client_ip_str = SnortStrdup(inet_ntoa(&client_ip));
server_ip_str = SnortStrdup(inet_ntoa(&server_ip));
#else
client_ip_str = SnortStrdup(inet_ntoa(client_ip));
server_ip_str = SnortStrdup(inet_ntoa(server_ip));
#endif
LogMessage("S5: Pruned session from cache that was "
"using %d bytes (%s). %s %d --> %s %d "
#ifdef TARGET_BASED
"(%d) "
#endif
": LWstate 0x%x LWFlags 0x%x\n",
old_mem_in_use - mem_in_use,
delete_reason,
client_ip_str, client_port,
server_ip_str, server_port,
#ifdef TARGET_BASED
app_proto_id,
#endif
lw_session_state, lw_session_flags);
free(client_ip_str);
free(server_ip_str);
}
s5_global_eval_config = save_global_eval_config;
s5_tcp_eval_config = save_tcp_eval_config;
s5_udp_eval_config = save_udp_eval_config;
s5_icmp_eval_config = save_icmp_eval_config;
return ret;
}
