static inline void add_file_to_block(Packet *p, File_Verdict verdict,
uint32_t file_type_id, uint8_t *signature)
{
uint8_t *buf = NULL;
uint32_t len = 0;
uint32_t type = 0;
uint32_t file_sig;
Packet *pkt = (Packet *)p;
FileConfig *file_config = (FileConfig *)(snort_conf->file_config);
Active_ForceDropPacket();
DisableAllDetect( p );
pkt->packet_flags |= PKT_FILE_EVENT_SET;
/*Use URI as the identifier for file*/
if (GetHttpUriData(p->ssnptr, &buf, &len, &type))
{
file_sig = str_to_hash(buf, len);
file_resume_block_add_file(p, file_sig,
(uint32_t)file_config->file_block_timeout,
verdict, file_type_id, signature);
}
}
static void UpdateFlows(char * src_ip, char * dst_ip, uint16_t src_port, uint16_t dst_port, uint16_t proto, uint32_t seq_number, long sec, long usec, char * payload, uint16_t payload_size, uint16_t hash_value, Packet *p)
{
//printf("UpdateFlows\n");
FlowRecord * ite_record = hash_table[hash_value].hash_flow_header;
//the first node in the index
if(ite_record == NULL)
{
FlowRecord * new_record = (FlowRecord *)malloc(sizeof(FlowRecord));
new_record->pkt_entropy[0] = AboveEntropy(payload, payload_size);
if(payload_size > 16)
{
new_record->have_payload = 1;
}
else
{
new_record->have_payload = 0;
}
new_record->packet_count = 1;
new_record->labeled = -1;
strcpy(new_record->src_ip, src_ip);
strcpy(new_record->dst_ip, dst_ip);
new_record->proto = proto;
new_record->first_sec = sec;
new_record->first_usec = usec;
new_record->src_port = src_port;
new_record->dst_port = dst_port;
new_record->last_sec = sec;
new_record->last_usec = usec;
new_record->prev = NULL;
new_record->next = NULL;
hash_table[hash_value].hash_flow_header = new_record;
return;
}
while(1)
{
//find the right record
if( ( (proto == ite_record->proto) && (strcmp(ite_record->src_ip, src_ip) == 0)&&(strcmp(ite_record->dst_ip, dst_ip) == 0)&&(ite_record->src_port == src_port)&&(ite_record->dst_port == dst_port) ) ||
( (strcmp(ite_record->src_ip, dst_ip) == 0)&&(strcmp(ite_record->dst_ip, src_ip) == 0)&&(ite_record->src_port == dst_port)&&(ite_record->dst_port == src_port) && (proto == ite_record->proto) ) )
{
if(ite_record->labeled == -1)
{
if(ite_record->packet_count < PKTSPERFLOW)
{
ite_record->pkt_entropy[ite_record->packet_count] = AboveEntropy(payload, payload_size);
}
if(ite_record->packet_count == PktsLimit)
{
//printf("Decide\n");
DecideHighEntropyFlow(ite_record);
}
if(payload_size > 0)
{
ite_record->have_payload = 1;
}
}
else if(ite_record->labeled == 1)
{
//printf("Drop packet\n");
DisableAllDetect(p);
Active_DropSession(p);
}
ite_record->packet_count++;
ite_record->last_sec = sec;
ite_record->last_usec = usec;
return;
}
if(ite_record->next != NULL)
{
ite_record = ite_record->next;
}
else
{
break;
}
}
FlowRecord * new_record = (FlowRecord *)malloc(sizeof(FlowRecord));
new_record->pkt_entropy[0] = AboveEntropy(payload, payload_size);
new_record->packet_count = 1;
if(payload_size > 0)
{
new_record->have_payload = 1;
}
else
{
new_record->have_payload = 0;
}
new_record->labeled = -1;
strcpy(new_record->src_ip, src_ip);
strcpy(new_record->dst_ip, dst_ip);
new_record->src_port = src_port;
new_record->dst_port = dst_port;
new_record->proto = proto;
new_record->first_sec = sec;
new_record->first_usec = usec;
new_record->last_sec = sec;
new_record->last_usec = usec;
new_record->prev = ite_record;
new_record->next = NULL;
ite_record->next = new_record;
}
