00001 //--------------------------------------------------------------------------
00002 // Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved.
00003 // Copyright (C) 2005-2013 Sourcefire, Inc.
00004 //
00005 // This program is free software; you can redistribute it and/or modify it
00006 // under the terms of the GNU General Public License Version 2 as published
00007 // by the Free Software Foundation. You may not use, modify or distribute
00008 // this program under any other version of the GNU General Public License.
00009 //
00010 // This program is distributed in the hope that it will be useful, but
00011 // WITHOUT ANY WARRANTY; without even the implied warranty of
00012 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
00013 // General Public License for more details.
00014 //
00015 // You should have received a copy of the GNU General Public License along
00016 // with this program; if not, write to the Free Software Foundation, Inc.,
00017 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
00018 //--------------------------------------------------------------------------
00019
00020 #ifdef HAVE_CONFIG_H
00021 #include "config.h"
00022 #endif
00023
00024 #include "stream_ip.h"
00025
00026 #include "log/messages.h"
00027
00028 #include "ip_defrag.h"
00029 #include "ip_ha.h"
00030 #include "ip_module.h"
00031 #include "ip_session.h"
00032
00033 /* max frags in a single frag tracker */
00034 #define DEFAULT_MAX_FRAGS 8192
00035
00036 /* default frag timeout, 90-120 might be better values, can we do
00037 * engine-based quanta? */
00038 #define FRAG_PRUNE_QUANTA 60
00039
00040 /* min acceptable ttl */
00041 #define FRAG_MIN_TTL 1
00042
00043 //-------------------------------------------------------------------------
00044 // helpers
00045 //-------------------------------------------------------------------------
00046
00047 StreamIpConfig::StreamIpConfig()
00048 {
00049 session_timeout = 60;
00050
00051 frag_engine.frag_policy = FRAG_POLICY_DEFAULT;
00052 frag_engine.max_frags = DEFAULT_MAX_FRAGS;
00053 frag_engine.frag_timeout = FRAG_PRUNE_QUANTA;
00054 frag_engine.min_ttl = FRAG_MIN_TTL;
00055
00056 frag_engine.max_overlaps = 0;
00057 frag_engine.min_fragment_length = 0;
00058 }
00059
00060 static void ip_show(StreamIpConfig* pc)
00061 {
00062 LogMessage("Stream IP config:\n");
00063 LogMessage(" Timeout: %d seconds\n", pc->session_timeout);
00064 }
00065
00066 //-------------------------------------------------------------------------
00067 // inspector stuff
00068 //-------------------------------------------------------------------------
00069
00070 class StreamIp : public Inspector
00071 {
00072 public:
00073 StreamIp(StreamIpConfig*);
00074 ~StreamIp() override;
00075
00076 bool configure(SnortConfig*) override;
00077 void show(SnortConfig*) override;
00078
00079 NORETURN_ASSERT void eval(Packet*) override;
00080
00081 public:
00082 StreamIpConfig* config;
00083 Defrag* defrag;
00084 };
00085
00086 StreamIp::StreamIp (StreamIpConfig* c)
00087 {
00088 config = c;
00089 defrag = new Defrag(c->frag_engine);
00090 }
00091
00092 StreamIp::~StreamIp()
00093 {
00094 delete defrag;
00095 delete config;
00096 }
00097
00098 bool StreamIp::configure(SnortConfig* sc)
00099 {
00100 defrag->configure(sc);
00101 return true;
00102 }
00103
00104 void StreamIp::show(SnortConfig* sc)
00105 {
00106 ip_show(config);
00107 defrag->show(sc);
00108 }
00109
00110 NORETURN_ASSERT void StreamIp::eval(Packet*)
00111 {
00112 // session::process() instead
00113 assert(false);
00114 }
00115
00116 StreamIpConfig* get_ip_cfg(Inspector* ins)
00117 {
00118 assert(ins);
00119 return ((StreamIp*)ins)->config;
00120 }
00121
00122 Defrag* get_defrag(Inspector* ins)
00123 {
00124 assert(ins);
00125 return ((StreamIp*)ins)->defrag;
00126 }
00127
00128 //-------------------------------------------------------------------------
00129 // api stuff
00130 //-------------------------------------------------------------------------
00131
00132 static Module* mod_ctor()
00133 { return new StreamIpModule; }
00134
00135 static void mod_dtor(Module* m)
00136 { delete m; }
00137
00138 static void ip_tinit()
00139 {
00140 IpHAManager::tinit();
00141 }
00142
00143 static void ip_tterm()
00144 {
00145 IpHAManager::tterm();
00146 }
00147
00148 static Inspector* ip_ctor(Module* m)
00149 {
00150 StreamIpModule* mod = (StreamIpModule*)m;
00151 return new StreamIp(mod->get_data());
00152 }
00153
00154 static void ip_dtor(Inspector* p)
00155 {
00156 delete p;
00157 }
00158
00159 static Session* ip_ssn(Flow* lws)
00160 {
00161 return new IpSession(lws);
00162 }
00163
00164 static const InspectApi ip_api =
00165 {
00166 {
00167 PT_INSPECTOR,
00168 sizeof(InspectApi),
00169 INSAPI_VERSION,
00170 0,
00171 API_RESERVED,
00172 API_OPTIONS,
00173 MOD_NAME,
00174 MOD_HELP,
00175 mod_ctor,
00176 mod_dtor
00177 },
00178 IT_STREAM,
00179 (unsigned)PktType::IP,
00180 nullptr, // buffers
00181 nullptr, // service
00182 nullptr, // pinit
00183 nullptr, // pterm
00184 ip_tinit, // tinit
00185 ip_tterm, // tterm
00186 ip_ctor,
00187 ip_dtor,
00188 ip_ssn,
00189 nullptr // reset
00190 };
00191
00192 const BaseApi* nin_stream_ip = &ip_api.base;
00193
END OF CODE