Exemplos de TelnetStatelessSessionInspection em C++ (Cpp)

Exemplo n.º 1

Arquivo: ftpp_si.c Projeto: lynnkitch/openSourceTesting

/*
 * Function: TelnetSessionInspection(Packet *p,
 *                          FTPTELNET_GLOBAL_CONF *GlobalConf,
 *                          FTPP_SI_INPUT *SiInput,
 *                          int *piInspectMode)
 *
 * Purpose: The Session Inspection module selects the appropriate
 *          configuration for the session, and the type of inspection
 *          to be performed (client or server.)
 *
 *          When the Session Inspection module is in stateful mode, it
 *          checks to see if there is a TELNET_SESSION pointer already
 *          associated with the stream.  If there is, then it uses that
 *          session pointer, otherwise it calculates the server configuration
 *          using the FTP_SI_INPUT and returns a TELNET_SESSION pointer.  In
 *          stateful mode, this means that memory is allocated, but in
 *          stateless mode, the same session pointer is used for all packets
 *          to reduce the allocation overhead.
 *
 *          The inspection mode can be either client or server.
 *
 * Arguments: p             => pointer to the packet/stream
 *            GlobalConf    => pointer to the global configuration
 *            Session       => double pointer to the Session structure
 *            SiInput       => pointer to the session information
 *            piInspectMode => pointer for setting inspection mode
 *
 * Returns: int => return code indicating error or success
 *
 */
int TelnetSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf,
        TELNET_SESSION **TelnetSession, FTPP_SI_INPUT *SiInput, int *piInspectMode)
{
    int iRet;
    int iTelnetSip;
    int iTelnetDip;
#ifdef TARGET_BASED
    int16_t app_id = SFTARGET_UNKNOWN_PROTOCOL;

    /* If possible, use Stream API to determine protocol. */
    if (_dpd.streamAPI)
    {
        app_id = _dpd.streamAPI->get_application_protocol_id(p->stream_session_ptr);
    }
    if (app_id == SFTARGET_UNKNOWN_PROTOCOL)
    {
        return FTPP_INVALID_PROTO;
    }
    if (app_id == telnet_app_id)
    {
        if (SiInput->pdir == FTPP_SI_CLIENT_MODE ||
            SiInput->pdir == FTPP_SI_SERVER_MODE)
        {
            *piInspectMode = (int)SiInput->pdir;
        }
    }
    else if (app_id && app_id != telnet_app_id)
    {
        return FTPP_INVALID_PROTO;
    }
    else
    {
#endif
        iTelnetSip = PortMatch((PROTO_CONF*)GlobalConf->telnet_config,
                               SiInput->sport);
        iTelnetDip = PortMatch((PROTO_CONF*)GlobalConf->telnet_config,
                               SiInput->dport);

        if (iTelnetSip)
        {
            *piInspectMode = FTPP_SI_SERVER_MODE;
        }
        else if (iTelnetDip)
        {
            *piInspectMode = FTPP_SI_CLIENT_MODE;
        }
        else
        {
            return FTPP_INVALID_PROTO;
        }
#ifdef TARGET_BASED
    }
#endif

    /*
     * We get the server configuration and the session structure differently
     * depending on what type of inspection we are doing.  In the case of
     * stateful processing, we may get the session structure from the Stream
     * Reassembly module (which includes the server configuration) or the
     * structure will be allocated and added to the stream pointer for the
     * rest of the session.
     *
     * In stateless mode, we just use a static variable that is contained in
     * the function here.
     */
    if(GlobalConf->inspection_type == FTPP_UI_CONFIG_STATEFUL)
    {
        iRet = TelnetStatefulSessionInspection(p, GlobalConf, TelnetSession, SiInput);
        if (iRet)
            return iRet;
    }
    else
    {
        /* Assume stateless processing otherwise */
        iRet = TelnetStatelessSessionInspection(p, GlobalConf, TelnetSession, SiInput);
        if (iRet)
            return iRet;
    }

    return FTPP_SUCCESS;
}

Exemplo n.º 2

Arquivo: ftpp_si.c Projeto: sunzhuo1987/aegis--shield

/*
 * Function: TelnetSessionInspection(Packet *p,
 *                          FTPTELNET_GLOBAL_CONF *GlobalConf,
 *                          FTPP_SI_INPUT *SiInput,
 *                          int *piInspectMode)
 *
 * Purpose: The Session Inspection module selects the appropriate
 *          configuration for the session, and the type of inspection
 *          to be performed (client or server.)
 *
 *          When the Session Inspection module is in stateful mode, it
 *          checks to see if there is a TELNET_SESSION pointer already
 *          associated with the stream.  If there is, then it uses that
 *          session pointer, otherwise it calculates the server configuration
 *          using the FTP_SI_INPUT and returns a TELNET_SESSION pointer.  In
 *          stateful mode, this means that memory is allocated, but in
 *          stateless mode, the same session pointer is used for all packets
 *          to reduce the allocation overhead.
 *
 *          The inspection mode can be either client or server.
 *
 * Arguments: p             => pointer to the packet/stream
 *            GlobalConf    => pointer to the global configuration
 *            Session       => double pointer to the Session structure
 *            SiInput       => pointer to the session information
 *            piInspectMode => pointer for setting inspection mode
 *
 * Returns: int => return code indicating error or success
 *
 */
int TelnetSessionInspection(SFSnortPacket *p, FTPTELNET_GLOBAL_CONF *GlobalConf,
        FTPP_SI_INPUT *SiInput, int *piInspectMode)
{
    TELNET_SESSION *TelnetSession;
    int iRet;
    int iTelnetSip;
    int iTelnetDip;

    iTelnetSip = PortMatch((PROTO_CONF*)&GlobalConf->global_telnet,
                           SiInput->sport);
    iTelnetDip = PortMatch((PROTO_CONF*)&GlobalConf->global_telnet,
                           SiInput->dport);

    if (iTelnetSip)
    {
        *piInspectMode = FTPP_SI_SERVER_MODE;
    }
    else if (iTelnetDip)
    {
        *piInspectMode = FTPP_SI_CLIENT_MODE;
    }
    else
    {
        return FTPP_INVALID_PROTO;
    }

    SiInput->pproto = FTPP_SI_PROTO_TELNET;

    /*
     * We get the server configuration and the session structure differently 
     * depending on what type of inspection we are doing.  In the case of 
     * stateful processing, we may get the session structure from the Stream
     * Reassembly module (which includes the server configuration) or the 
     * structure will be allocated and added to the stream pointer for the
     * rest of the session.
     *
     * In stateless mode, we just use a static variable that is contained in
     * the function here.
     */
    if(GlobalConf->inspection_type == FTPP_UI_CONFIG_STATEFUL)
    {
        iRet = TelnetStatefulSessionInspection(p, GlobalConf, &TelnetSession, SiInput);
        if (iRet)
        {
            return iRet;
        }

        if (p->stream_session_ptr)
        {
            _dpd.streamAPI->set_application_data(p->stream_session_ptr,
                    PP_TELNET, TelnetSession, &TelnetFreeSession);
        }
        else
        {
            /* Uh, can't create the session info */
            /* Free session data, to avoid memory leak */
            TelnetFreeSession(TelnetSession);
            return FTPP_NONFATAL_ERR;
        }
    }
    else
    {
        /*
         * Assume stateless processing otherwise
         */
        iRet = TelnetStatelessSessionInspection(p, GlobalConf, &TelnetSession, SiInput);
        if (iRet)
        {
            return iRet;
        }

        if (p->stream_session_ptr)
        {
            /* Set the free function pointer to NULL, 
             * since this is a static one */
            _dpd.streamAPI->set_application_data(p->stream_session_ptr,
                    PP_TELNET, TelnetSession, NULL);
        }
        else
        {
            /* Uh, can't create the session info */
            return FTPP_NONFATAL_ERR;
        }
    }

    SiInput->pproto = FTPP_SI_PROTO_TELNET;

    return FTPP_SUCCESS;
}