[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-cvs
Subject: [snort-cvs] CVS: snort rules.c,1.40,1.41 tag.c,1.1,1.2
From: Martin Roesch <roesch () users ! sourceforge ! net>
Date: 2001-02-15 5:54:50
[Download RAW message or body]
Update of /cvsroot/snort/snort
In directory usw-pr-cvs1:/tmp/cvs-serv21760
Modified Files:
rules.c tag.c
Log Message:
* tweaks to the tags code, #ifdef'd out some comments
Index: rules.c
===================================================================
RCS file: /cvsroot/snort/snort/rules.c,v
retrieving revision 1.40
retrieving revision 1.41
diff -C2 -r1.40 -r1.41
*** rules.c 2001/02/15 04:41:13 1.40
--- rules.c 2001/02/15 05:54:48 1.41
***************
*** 3254,3258 ****
--- 3254,3261 ----
if(CheckTagList(p))
{
+ #ifdef DEBUG
printf("Matching tag node found, calling log functions\n");
+ #endif
+
/* if we find a match, we want to send the packet to the
* logging mechanism
***************
*** 3281,3285 ****
--- 3284,3290 ----
if(CheckTagList(p))
{
+ #ifdef DEBUG
printf("Matching tag node found, calling log functions\n");
+ #endif
/* if we find a match, we want to send the packet to the
* logging mechanism
Index: tag.c
===================================================================
RCS file: /cvsroot/snort/snort/tag.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** tag.c 2001/02/15 04:41:13 1.1
--- tag.c 2001/02/15 05:54:48 1.2
***************
*** 116,119 ****
--- 116,120 ----
TagNode *idx;
char prune = 0;
+ int addr_match = 0;
if(TagHead == NULL)
***************
*** 151,154 ****
--- 152,156 ----
{
case TAG_SESSION:
+ addr_match = 0;
/* check for straight match */
***************
*** 156,237 ****
{
if(idx->sip == p->iph->ip_src.s_addr &&
! idx->dip == p->iph->ip_dst.s_addr &&
! idx->sp == p->sp &&
! idx->dp == p->dp)
{
! /* if we're still collecting packets */
! if(idx->count > 0)
! {
! /* if we're counting packets instead of
! * seconds...
! */
! if(idx->metric == TAG_METRIC_PACKETS)
! {
! /* decrement the packet count */
! idx->count--;
!
! /* when the count gets down to 0
! * remove the tag node
! */
! if(idx->count == 0)
! {
! PruneNode(idx);
! }
! }
! else
{
! /* check if we've timed out */
! if(p->pkth->ts.tv_sec > idx->count)
! {
! PruneNode(idx);
! }
}
! #ifdef DEBUG
! printf("Found tag node\n");
! #endif
! /* return 1 on match */
! return 1;
! }
!
! /* if the count somehow goes below 1, dump
! * the node
! */
! idx = PruneNode(idx);
! }
! /* check for inverse port/IP match */
! if(idx->sip == p->iph->ip_dst.s_addr &&
! idx->dip == p->iph->ip_src.s_addr &&
! idx->sp == p->dp &&
! idx->dp == p->sp)
{
! /* make sure the counter still has some hits left */
! if(idx->count > 0)
{
! if(idx->metric == TAG_METRIC_PACKETS)
{
! idx->count--;
!
! if(idx->count == 0)
! {
! PruneNode(idx);
! }
}
! else
{
! if(p->pkth->ts.tv_sec > idx->count)
! {
! PruneNode(idx);
! }
}
!
#ifdef DEBUG
! printf("Found tag node\n");
#endif
! return 1;
! }
!
! idx = PruneNode(idx);
}
}
--- 158,217 ----
{
if(idx->sip == p->iph->ip_src.s_addr &&
! idx->dip == p->iph->ip_dst.s_addr &&
! idx->sp == p->sp &&
! idx->dp == p->dp)
{
! addr_match = 1;
! }
! else if(idx->sip == p->iph->ip_dst.s_addr &&
! idx->dip == p->iph->ip_src.s_addr &&
! idx->sp == p->dp &&
! idx->dp == p->sp)
{
! addr_match = 1;
}
! }
! if(addr_match)
! {
! /* if we're still collecting packets */
! if(idx->count > 0)
{
! /* if we're counting packets instead of
! * seconds...
! */
! if(idx->metric == TAG_METRIC_PACKETS)
{
! /* decrement the packet count */
! idx->count--;
! idx->last_access = p->pkth->ts.tv_sec;
!
! /* when the count gets down to 0
! * remove the tag node
! */
! if(idx->count == 0)
{
! PruneNode(idx);
}
! }
! else
! {
! /* check if we've timed out */
! if(p->pkth->ts.tv_sec > idx->count)
{
! PruneNode(idx);
}
! }
#ifdef DEBUG
! printf("Found tag node\n");
#endif
! /* return 1 on match */
! return 1;
}
+
+ /* if the count somehow goes below 1, dump
+ * the node
+ */
+ idx = PruneNode(idx);
}
_______________________________________________
Snort-cvsinfo mailing list
Snort-cvsinfo@lists.sourceforge.net
http://lists.sourceforge.net/lists/listinfo/snort-cvsinfo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic