/**initialize given port list from the given ruleset, for a given policy
* @param portList pointer to array of MAX_PORTS+1 uint8_t. This array content
* is changed by walking through the rulesets.
* @param protocol - protocol type
*/
void setPortFilterList(
uint8_t *portList,
int protocol,
int ignoreAnyAnyRules,
tSfPolicyId policyId
)
{
char *port_array = NULL;
int num_ports = 0;
int i;
RuleTreeNode *rtn;
OptTreeNode *otn;
int inspectSrc, inspectDst;
char any_any_flow = 0;
IgnoredRuleList *pIgnoredRuleList = NULL; ///list of ignored rules
char *protocolName;
SFGHASH_NODE *hashNode;
int flowBitIsSet = 0;
SnortConfig *sc = snort_conf_for_parsing;
if (sc == NULL)
{
FatalError("%s(%d) Snort conf for parsing is NULL.\n",
__FILE__, __LINE__);
}
if ((protocol == IPPROTO_TCP) && (ignoreAnyAnyRules == 0))
{
int j;
for (j=0; j<MAX_PORTS; j++)
{
portList[j] |= PORT_MONITOR_SESSION | PORT_MONITOR_INSPECT;
}
return;
}
protocolName = getProtocolName(protocol);
/* Post-process TCP rules to establish TCP ports to inspect. */
for (hashNode = sfghash_findfirst(sc->otn_map);
hashNode;
hashNode = sfghash_findnext(sc->otn_map))
{
otn = (OptTreeNode *)hashNode->data;
flowBitIsSet = Stream5OtnHasFlowOrFlowbit(otn);
rtn = getRtnFromOtn(otn, policyId);
if (!rtn)
{
continue;
}
if (rtn->proto == protocol)
{
//do operation
inspectSrc = inspectDst = 0;
if (PortObjectHasAny(rtn->src_portobject))
{
inspectSrc = -1;
}
else
{
port_array = PortObjectCharPortArray(port_array, rtn->src_portobject, &num_ports);
if (port_array && num_ports != 0)
{
inspectSrc = 1;
for (i=0; i<SFPO_MAX_PORTS; i++)
{
if (port_array[i])
{
portList[i] |= PORT_MONITOR_INSPECT;
/* port specific rule */
/* Look for an OTN with flow or flowbits keyword */
if (flowBitIsSet)
{
portList[i] |= PORT_MONITOR_SESSION;
}
}
}
}
if ( port_array )
{
free(port_array);
port_array = NULL;
}
}
if (PortObjectHasAny(rtn->dst_portobject))
{
inspectDst = -1;
}
else
{
port_array = PortObjectCharPortArray(port_array, rtn->dst_portobject, &num_ports);
if (port_array && num_ports != 0)
{
inspectDst = 1;
for (i=0; i<SFPO_MAX_PORTS; i++)
{
if (port_array[i])
{
portList[i] |= PORT_MONITOR_INSPECT;
/* port specific rule */
if (flowBitIsSet)
{
portList[i] |= PORT_MONITOR_SESSION;
}
}
}
}
if ( port_array )
{
free(port_array);
port_array = NULL;
}
}
if ((inspectSrc == -1) && (inspectDst == -1))
{
/* any -> any rule */
if (any_any_flow == 0)
{
any_any_flow = Stream5AnyAnyFlow(portList, otn, rtn, any_any_flow,
&pIgnoredRuleList, ignoreAnyAnyRules);
}
}
}
}
/* If portscan is tracking TCP/UDP, need to create
* sessions for all ports */
if (((protocol == IPPROTO_UDP) && (ps_get_protocols(policyId) & PS_PROTO_UDP))
|| ((protocol == IPPROTO_TCP) && (ps_get_protocols(policyId) & PS_PROTO_TCP)))
{
int j;
for (j=0; j<MAX_PORTS; j++)
{
portList[j] |= PORT_MONITOR_SESSION;
}
}
if (any_any_flow == 1)
{
LogMessage("Warning: 'ignore_any_rules' option for Stream5 %s "
"disabled because of %s rule with flow or flowbits option\n",
protocolName, protocolName);
}
else if (pIgnoredRuleList)
{
LogMessage("Warning: Rules (GID:SID) effectively ignored because of "
"'ignore_any_rules' option for Stream5 %s:\n", protocolName);
}
// free list; print iff any_any_flow
printIgnoredRules(pIgnoredRuleList, any_any_flow);
}
std::list<std::string> Device::getParametersForProtocol() const {
return Protocol::getParametersForProtocol(getProtocolName());
}
//
// This method will take the broken out parts of the URL and build up the
// full text. We don't do this unless someone asks us to, since its often
// never required.
//
void XMLURL::buildFullText()
{
// Calculate the worst case size of the buffer required
unsigned int bufSize = gMaxProtoLen + 1
+ XMLString::stringLen(fFragment) + 1
+ XMLString::stringLen(fHost) + 2
+ XMLString::stringLen(fPassword) + 1
+ XMLString::stringLen(fPath)
+ XMLString::stringLen(fQuery) + 1
+ XMLString::stringLen(fUser) + 1
+ 32;
// Clean up the existing buffer and allocate another
fMemoryManager->deallocate(fURLText);//delete [] fURLText;
fURLText = (XMLCh*) fMemoryManager->allocate((bufSize) * sizeof(XMLCh));//new XMLCh[bufSize];
*fURLText = 0;
XMLCh* outPtr = fURLText;
if (fProtocol != Unknown)
{
XMLString::catString(fURLText, getProtocolName());
outPtr += XMLString::stringLen(fURLText);
*outPtr++ = chColon;
*outPtr++ = chForwardSlash;
*outPtr++ = chForwardSlash;
}
if (fUser)
{
XMLString::copyString(outPtr, fUser);
outPtr += XMLString::stringLen(fUser);
if (fPassword)
{
*outPtr++ = chColon;
XMLString::copyString(outPtr, fPassword);
outPtr += XMLString::stringLen(fPassword);
}
*outPtr++ = chAt;
}
if (fHost)
{
XMLString::copyString(outPtr, fHost);
outPtr += XMLString::stringLen(fHost);
//
// If the port is zero, then we don't put it in. Else we need
// to because it was explicitly provided.
//
if (fPortNum)
{
*outPtr++ = chColon;
XMLCh tmpBuf[17];
XMLString::binToText(fPortNum, tmpBuf, 16, 10, fMemoryManager);
XMLString::copyString(outPtr, tmpBuf);
outPtr += XMLString::stringLen(tmpBuf);
}
}
if (fPath)
{
XMLString::copyString(outPtr, fPath);
outPtr += XMLString::stringLen(fPath);
}
if (fQuery)
{
*outPtr++ = chQuestion;
XMLString::copyString(outPtr, fQuery);
outPtr += XMLString::stringLen(fQuery);
}
if (fFragment)
{
*outPtr++ = chPound;
XMLString::copyString(outPtr, fFragment);
outPtr += XMLString::stringLen(fFragment);
}
// Cap it off in case the last op was not a string copy
*outPtr = 0;
}