[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-cvs
Subject: [snort-cvs] CVS: snort spp_tcp_stream.c,1.8,1.9
From: "Christopher E. Cramer" <cec () users ! sourceforge ! net>
Date: 2000-12-05 21:11:04
[Download RAW message or body]
Update of /cvsroot/snort/snort
In directory slayer.i.sourceforge.net:/tmp/cvs-serv31187
Modified Files:
spp_tcp_stream.c
Log Message:
* Added some more checks on the dynamically allocate buffers
* Added packet counting statistics
Index: spp_tcp_stream.c
===================================================================
RCS file: /cvsroot/snort/snort/spp_tcp_stream.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -r1.8 -r1.9
*** spp_tcp_stream.c 2000/11/27 20:40:37 1.8
--- spp_tcp_stream.c 2000/12/05 21:11:01 1.9
***************
*** 264,267 ****
--- 264,269 ----
if (i == StreamData.num_entries) return; /* not a monitored port */
+ pc.tcp_stream_pkts ++; /* a packet we use */
+
if (StreamData.ports[i] == p->sp) {server_packet = 1;} else {server_packet = 0;}
***************
*** 286,289 ****
--- 288,292 ----
sptr->next = StreamData.heads[bin];
StreamData.heads[bin] = sptr;
+ pc.tcp_streams ++; /* new tcp stream */
sptr->client_status = SYN_SENT;
sptr->server_status = SYN_RCVD;
***************
*** 314,317 ****
--- 317,321 ----
return; /* either way, we are done here */
}
+ sptr->timestamp = tm;
if (p->tcph->th_flags == R_SYN ) /* j'accuse - we have a stream, but */
***************
*** 329,333 ****
}
! sptr->timestamp = tm;
#if DEBUG
printf("statuses: %i/%i\n",sptr->server_status, sptr->client_status);
--- 333,376 ----
}
! if (p->tcph->th_flags == (R_SYN | R_ACK) ) { /* SYN/ACK */
! if (!server_packet) return; /* Client should not SYN/ACK */
! if (lack != sptr->c_first_seq) return; /* False SYN/ACK - bad seq*/
! if ((sptr->client_status == SYN_SENT) && (sptr->server_status = SYN_RCVD))
! {
! sptr->s_first_seq = lseq+1;
! sptr->s_last_acked = lseq+1; /* cheat mode on */
! sptr->s_buf_start = lseq+1;
! sptr->client_status = ESTABLISHED; /* client happy, should send ACK */
! if(p->tcph->th_win != 0)
! {
! sptr->s_buf_siz = ntohs(p->tcph->th_win) + StreamData.maxbytes;
! sptr->s_buf = (u_char *) malloc(sptr->s_buf_siz);
! sptr->s_buf_allocd = 1;
! }
! }
! return;
! }
!
! /* If buffers haven't been allocated, try to do so here */
! if (!server_packet && !sptr->c_buf_allocd)
! {
! if(p->tcph->th_win != 0)
! {
! sptr->c_buf_siz = ntohs(p->tcph->th_win) + StreamData.maxbytes;
! sptr->c_buf = (u_char *) malloc(sptr->c_buf_siz);
! sptr->c_buf_allocd = 1;
! }
! }
!
! if (server_packet && !sptr->s_buf_allocd)
! {
! if(p->tcph->th_win != 0)
! {
! sptr->s_buf_siz = ntohs(p->tcph->th_win) + StreamData.maxbytes;
! sptr->s_buf = (u_char *) malloc(sptr->s_buf_siz);
! sptr->s_buf_allocd = 1;
! }
! }
!
#if DEBUG
printf("statuses: %i/%i\n",sptr->server_status, sptr->client_status);
***************
*** 342,346 ****
/* shouldn't happen in a sane world */
! bytes_in_buf = bytes_in_buf > 0x010000 ? 0x010000 : bytes_in_buf;
made_packet = 0;
--- 385,393 ----
/* shouldn't happen in a sane world */
! if (bytes_in_buf > sptr->s_buf_siz)
! {
! ErrorMessage("[!] WARNING: TCP stream reassembler, Server Bytes in Buffer > \
Buffer Size (%i > %i)", bytes_in_buf, sptr->s_buf_siz);
! bytes_in_buf = sptr->s_buf_siz;
! }
made_packet = 0;
***************
*** 357,361 ****
TcpStreamPacketize(p, sptr->s_buf, i, server_packet);
made_packet = i;
-
break;
}
--- 404,407 ----
***************
*** 385,389 ****
/* shouldn't happen in a sane world */
! bytes_in_buf = bytes_in_buf > 0x010000 ? 0x010000 : bytes_in_buf;
made_packet = 0;
--- 431,439 ----
/* shouldn't happen in a sane world */
! if (bytes_in_buf > sptr->c_buf_siz)
! {
! ErrorMessage("[!] WARNING: TCP stream reassembler, Client Bytes in Buffer > \
Buffer Size (%i > %i)", bytes_in_buf, sptr->c_buf_siz);
! bytes_in_buf = sptr->c_buf_siz;
! }
made_packet = 0;
***************
*** 409,414 ****
}
-
-
/* if something's been acknowledged, update last_acked
only if side being acked is in data transmission state
--- 459,462 ----
***************
*** 417,446 ****
*/
if (p->tcph->th_flags & R_ACK) {
! if (server_packet /*&& (sptr->client_status == 4 || sptr->client_status==5)*/)
sptr->c_last_acked = lack;
! if (!server_packet /*&& (sptr->server_status == 4 || sptr->server_status==5)*/)
sptr->s_last_acked = lack;
}
-
- if (p->tcph->th_flags == (R_SYN | R_ACK) ) { /* SYN/ACK */
- if (!server_packet) return; /* Client should not SYN/ACK */
- if (lack != sptr->c_first_seq) return; /* False SYN/ACK - bad seq*/
- if ((sptr->client_status == SYN_SENT) && (sptr->server_status = SYN_RCVD))
- {
- sptr->s_first_seq = lseq+1;
- sptr->s_last_acked = lseq+1; /* cheat mode on */
- sptr->s_buf_start = lseq+1;
- sptr->client_status = ESTABLISHED; /* client happy, should send ACK */
- if(p->tcph->th_win != 0)
- {
- sptr->s_buf_siz = ntohs(p->tcph->th_win) + StreamData.maxbytes;
- sptr->s_buf = (u_char *) malloc(sptr->s_buf_siz);
- sptr->s_buf_allocd = 1;
- }
- }
- return;
- }
-
if ((sptr->client_status == ESTABLISHED) && (sptr->server_status == SYN_RCVD))
{
--- 465,474 ----
*/
if (p->tcph->th_flags & R_ACK) {
! if (server_packet )
sptr->c_last_acked = lack;
! if (!server_packet )
sptr->s_last_acked = lack;
}
if ((sptr->client_status == ESTABLISHED) && (sptr->server_status == SYN_RCVD))
{
***************
*** 705,708 ****
--- 733,738 ----
printf("Trying to make a new packet! psize: %lu\n", psize);
#endif
+
+ pc.rebuilt_tcp ++; /* new phoney packet */
#ifdef DEBUG
_______________________________________________
Snort-cvsinfo mailing list
Snort-cvsinfo@lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-cvsinfo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic