/* * Function: TelnetSessionInspection(Packet *p, * FTPTELNET_GLOBAL_CONF *GlobalConf, * FTPP_SI_INPUT *SiInput, * int *piInspectMode) * * Purpose: The Session Inspection module selects the appropriate * configuration for the session, and the type of inspection * to be performed (client or server.) * * When the Session Inspection module is in stateful mode, it * checks to see if there is a TELNET_SESSION pointer already * associated with the stream. If there is, then it uses that * session pointer, otherwise it calculates the server configuration * using the FTP_SI_INPUT and returns a TELNET_SESSION pointer. In * stateful mode, this means that memory is allocated, but in * stateless mode, the same session pointer is used for all packets * to reduce the allocation overhead. * * The inspection mode can be either client or server. * * Arguments: p => pointer to the packet/stream * GlobalConf => pointer to the global configuration * Session => double pointer to the Session structure * SiInput => pointer to the session information * piInspectMode => pointer for setting inspection mode * * Returns: int => return code indicating error or success * */ int TelnetSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, TELNET_SESSION **TelnetSession, FTPP_SI_INPUT *SiInput, int *piInspectMode) { int iRet; int iTelnetSip; int iTelnetDip; #ifdef TARGET_BASED int16_t app_id = SFTARGET_UNKNOWN_PROTOCOL; /* If possible, use Stream API to determine protocol. */ if (_dpd.streamAPI) { app_id = _dpd.streamAPI->get_application_protocol_id(p->stream_session_ptr); } if (app_id == SFTARGET_UNKNOWN_PROTOCOL) { return FTPP_INVALID_PROTO; } if (app_id == telnet_app_id) { if (SiInput->pdir == FTPP_SI_CLIENT_MODE || SiInput->pdir == FTPP_SI_SERVER_MODE) { *piInspectMode = (int)SiInput->pdir; } } else if (app_id && app_id != telnet_app_id) { return FTPP_INVALID_PROTO; } else { #endif iTelnetSip = PortMatch((PROTO_CONF*)GlobalConf->telnet_config, SiInput->sport); iTelnetDip = PortMatch((PROTO_CONF*)GlobalConf->telnet_config, SiInput->dport); if (iTelnetSip) { *piInspectMode = FTPP_SI_SERVER_MODE; } else if (iTelnetDip) { *piInspectMode = FTPP_SI_CLIENT_MODE; } else { return FTPP_INVALID_PROTO; } #ifdef TARGET_BASED } #endif /* * We get the server configuration and the session structure differently * depending on what type of inspection we are doing. In the case of * stateful processing, we may get the session structure from the Stream * Reassembly module (which includes the server configuration) or the * structure will be allocated and added to the stream pointer for the * rest of the session. * * In stateless mode, we just use a static variable that is contained in * the function here. */ if(GlobalConf->inspection_type == FTPP_UI_CONFIG_STATEFUL) { iRet = TelnetStatefulSessionInspection(p, GlobalConf, TelnetSession, SiInput); if (iRet) return iRet; } else { /* Assume stateless processing otherwise */ iRet = TelnetStatelessSessionInspection(p, GlobalConf, TelnetSession, SiInput); if (iRet) return iRet; } return FTPP_SUCCESS; }
/* * Function: TelnetSessionInspection(Packet *p, * FTPTELNET_GLOBAL_CONF *GlobalConf, * FTPP_SI_INPUT *SiInput, * int *piInspectMode) * * Purpose: The Session Inspection module selects the appropriate * configuration for the session, and the type of inspection * to be performed (client or server.) * * When the Session Inspection module is in stateful mode, it * checks to see if there is a TELNET_SESSION pointer already * associated with the stream. If there is, then it uses that * session pointer, otherwise it calculates the server configuration * using the FTP_SI_INPUT and returns a TELNET_SESSION pointer. In * stateful mode, this means that memory is allocated, but in * stateless mode, the same session pointer is used for all packets * to reduce the allocation overhead. * * The inspection mode can be either client or server. * * Arguments: p => pointer to the packet/stream * GlobalConf => pointer to the global configuration * Session => double pointer to the Session structure * SiInput => pointer to the session information * piInspectMode => pointer for setting inspection mode * * Returns: int => return code indicating error or success * */ int TelnetSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf, FTPP_SI_INPUT *SiInput, int *piInspectMode) { TELNET_SESSION *TelnetSession; int iRet; int iTelnetSip; int iTelnetDip; iTelnetSip = PortMatch((PROTO_CONF*)&GlobalConf->global_telnet, SiInput->sport); iTelnetDip = PortMatch((PROTO_CONF*)&GlobalConf->global_telnet, SiInput->dport); if (iTelnetSip) { *piInspectMode = FTPP_SI_SERVER_MODE; } else if (iTelnetDip) { *piInspectMode = FTPP_SI_CLIENT_MODE; } else { return FTPP_INVALID_PROTO; } SiInput->pproto = FTPP_SI_PROTO_TELNET; /* * We get the server configuration and the session structure differently * depending on what type of inspection we are doing. In the case of * stateful processing, we may get the session structure from the Stream * Reassembly module (which includes the server configuration) or the * structure will be allocated and added to the stream pointer for the * rest of the session. * * In stateless mode, we just use a static variable that is contained in * the function here. */ if(GlobalConf->inspection_type == FTPP_UI_CONFIG_STATEFUL) { iRet = TelnetStatefulSessionInspection(p, GlobalConf, &TelnetSession, SiInput); if (iRet) { return iRet; } if (p->stream_session_ptr) { _dpd.streamAPI->set_application_data(p->stream_session_ptr, PP_TELNET, TelnetSession, &TelnetFreeSession); } else { /* Uh, can't create the session info */ /* Free session data, to avoid memory leak */ TelnetFreeSession(TelnetSession); return FTPP_NONFATAL_ERR; } } else { /* * Assume stateless processing otherwise */ iRet = TelnetStatelessSessionInspection(p, GlobalConf, &TelnetSession, SiInput); if (iRet) { return iRet; } if (p->stream_session_ptr) { /* Set the free function pointer to NULL, * since this is a static one */ _dpd.streamAPI->set_application_data(p->stream_session_ptr, PP_TELNET, TelnetSession, NULL); } else { /* Uh, can't create the session info */ return FTPP_NONFATAL_ERR; } } SiInput->pproto = FTPP_SI_PROTO_TELNET; return FTPP_SUCCESS; }