/* * Function: TelnetStatelessSessionInspection(Packet *p, * FTPTELNET_GLOBAL_CONF *GlobalConf, * TELNET_SESSION **TelnetSession, * FTPP_SI_INPUT *SiInput) * * Purpose: Initialize the session and server configurations for this * packet/stream. It is important to note in stateless mode that * we assume no knowledge of the state of a connection, other * than the knowledge that we can glean from an individual packet. * So in essence, each packet is it's own session and there * is no knowledge retained from one packet to another. If you * want to track a telnet session for real, use stateful mode. * * In this function, we set the Session pointer (which includes * the correct server configuration). The actual processing to * find which IP is the server and which is the client, is done in * the InitServerConf() function. * * Arguments: p => pointer to the packet/stream * GlobalConf => pointer to the global configuration * Session => double pointer to the Session structure * SiInput => pointer to the session information * * Returns: int => return code indicating error or success * */ static int TelnetStatelessSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, TELNET_SESSION **Session, FTPP_SI_INPUT *SiInput) { static TELNET_SESSION StaticSession; TelnetResetSession(&StaticSession); StaticSession.telnet_conf = &GlobalConf->global_telnet; StaticSession.global_conf = GlobalConf; *Session = &StaticSession; return FTPP_SUCCESS; }
/* * Function: TelnetStatelessSessionInspection(Packet *p, * FTPTELNET_GLOBAL_CONF *GlobalConf, * TELNET_SESSION **TelnetSession, * FTPP_SI_INPUT *SiInput) * * Purpose: Initialize the session and server configurations for this * packet/stream. It is important to note in stateless mode that * we assume no knowledge of the state of a connection, other * than the knowledge that we can glean from an individual packet. * So in essence, each packet is it's own session and there * is no knowledge retained from one packet to another. If you * want to track a telnet session for real, use stateful mode. * * In this function, we set the Session pointer (which includes * the correct server configuration). The actual processing to * find which IP is the server and which is the client, is done in * the InitServerConf() function. * * Arguments: p => pointer to the packet/stream * GlobalConf => pointer to the global configuration * Session => double pointer to the Session structure * SiInput => pointer to the session information * * Returns: int => return code indicating error or success * */ static int TelnetStatelessSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, TELNET_SESSION **Session, FTPP_SI_INPUT *SiInput) { static TELNET_SESSION TelnetStaticSession; TelnetResetSession(&TelnetStaticSession); SiInput->pproto = FTPP_SI_PROTO_TELNET; TelnetStaticSession.telnet_conf = GlobalConf->telnet_config; TelnetStaticSession.global_conf = ftp_telnet_config; *Session = &TelnetStaticSession; return FTPP_SUCCESS; }
/* * Function: TelnetStatefulSessionInspection(Packet *p, * FTPTELNET_GLOBAL_CONF *GlobalConf, * TELNET_SESSION **TelnetSession, * FTPP_SI_INPUT *SiInput) * * Purpose: Initialize the session and server configurations for * this packet/stream. In this function, we set the Session * pointer (which includes the correct server configuration). * The actual processing to find which IP is the server and * which is the client, is done in the InitServerConf() function. * * Arguments: p => pointer to the packet/stream * GlobalConf => pointer to the global configuration * Session => double pointer to the Session structure * SiInput => pointer to the session information * * Returns: int => return code indicating error or success * */ static int TelnetStatefulSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, TELNET_SESSION **TelnetSession, FTPP_SI_INPUT *SiInput) { TELNET_SESSION *NewSession; /* * First, check if there is already a session pointer. */ if (p->stream_session_ptr) { *TelnetSession = _dpd.streamAPI->get_application_data(p->stream_session_ptr, PP_TELNET); if (*TelnetSession) return FTPP_SUCCESS; } /* * If not, create a new one, and initialize it. */ NewSession = (TELNET_SESSION *)calloc(1, sizeof(TELNET_SESSION)); if (NewSession == NULL) { DynamicPreprocessorFatalMessage("%s(%d) => Failed to allocate memory for new Telnet session\n", *(_dpd.config_file), *(_dpd.config_line)); } TelnetResetSession(NewSession); NewSession->telnet_conf = &GlobalConf->global_telnet; NewSession->global_conf = GlobalConf; *TelnetSession = NewSession; return FTPP_SUCCESS; }
/* * Function: TelnetStatefulSessionInspection(Packet *p, * FTPTELNET_GLOBAL_CONF *GlobalConf, * TELNET_SESSION **TelnetSession, * FTPP_SI_INPUT *SiInput) * * Purpose: Initialize the session and server configurations for * this packet/stream. In this function, we set the Session * pointer (which includes the correct server configuration). * The actual processing to find which IP is the server and * which is the client, is done in the InitServerConf() function. * * Arguments: p => pointer to the packet/stream * GlobalConf => pointer to the global configuration * Session => double pointer to the Session structure * SiInput => pointer to the session information * * Returns: int => return code indicating error or success * */ static int TelnetStatefulSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, TELNET_SESSION **TelnetSession, FTPP_SI_INPUT *SiInput) { if (p->stream_session_ptr) { TELNET_SESSION *NewSession = (TELNET_SESSION *)calloc(1, sizeof(TELNET_SESSION)); tSfPolicyId policy_id = _dpd.getRuntimePolicy(); if (NewSession == NULL) { DynamicPreprocessorFatalMessage("Failed to allocate memory for " "new Telnet session.\n"); } TelnetResetSession(NewSession); NewSession->ft_ssn.proto = FTPP_SI_PROTO_TELNET; NewSession->telnet_conf = GlobalConf->telnet_config; NewSession->global_conf = ftp_telnet_config; NewSession->policy_id = policy_id; GlobalConf->ref_count++; SiInput->pproto = FTPP_SI_PROTO_TELNET; _dpd.streamAPI->set_application_data(p->stream_session_ptr, PP_FTPTELNET, NewSession, &TelnetFreeSession); *TelnetSession = NewSession; return FTPP_SUCCESS; } return FTPP_NONFATAL_ERR; }