PegCount smb2_tree_connect;
PegCount smb2_tree_disconnect;
PegCount smb2_close;
+ PegCount concurrent_sessions;
+ PegCount max_concurrent_sessions;
};
extern THREAD_LOCAL dce2SmbStats dce2_smb_stats;
{ "smbv2_tree_connect", "total number of SMBv2 tree connect packets seen" },
{ "smbv2_tree_disconnect", "total number of SMBv2 tree disconnect packets seen" },
{ "smbv2_close", "total number of SMBv2 close packets seen" },
+ { "concurrent_sessions", "total concurrent sessions" },
+ { "max_concurrent_sessions", "maximum concurrent sessions" },
{ nullptr, nullptr }
};
Dce2TcpFlowData::Dce2TcpFlowData() : FlowData(inspector_id)
{
+ dce2_tcp_stats.concurrent_sessions++;
+ if(dce2_tcp_stats.max_concurrent_sessions < dce2_tcp_stats.concurrent_sessions)
+ dce2_tcp_stats.max_concurrent_sessions = dce2_tcp_stats.concurrent_sessions;
}
Dce2TcpFlowData::~Dce2TcpFlowData()
{
DCE2_CoCleanTracker(&dce2_tcp_session.co_tracker);
+ if (dce2_tcp_stats.concurrent_sessions > 0)
+ dce2_tcp_stats.concurrent_sessions--;
}
THREAD_LOCAL dce2TcpStats dce2_tcp_stats;
/*DCE TCP specific*/
PegCount tcp_sessions;
PegCount tcp_pkts;
+ PegCount concurrent_sessions;
+ PegCount max_concurrent_sessions;
};
extern THREAD_LOCAL dce2TcpStats dce2_tcp_stats;
{ "server_frags_reassembled", "total connection-oriented server fragments reassembled" },
{ "tcp_sessions", "total tcp sessions" },
{ "tcp_packets", "total tcp packets" },
+ { "concurrent_sessions", "total concurrent sessions" },
+ { "max_concurrent_sessions", "maximum concurrent sessions" },
{ nullptr, nullptr }
};
//-------------------------------------------------------------------------
Dce2UdpFlowData::Dce2UdpFlowData() : FlowData(inspector_id)
{
+ dce2_udp_stats.concurrent_sessions++;
+ if(dce2_udp_stats.max_concurrent_sessions < dce2_udp_stats.concurrent_sessions)
+ dce2_udp_stats.max_concurrent_sessions = dce2_udp_stats.concurrent_sessions;
}
Dce2UdpFlowData::~Dce2UdpFlowData()
{
DCE2_ClCleanTracker(&dce2_udp_session.cl_tracker);
+ if (dce2_udp_stats.concurrent_sessions > 0)
+ dce2_udp_stats.concurrent_sessions--;
}
unsigned Dce2UdpFlowData::inspector_id = 0;
PegCount cl_max_frag_size;
PegCount cl_frag_reassembled;
PegCount cl_max_seqnum;
+ PegCount concurrent_sessions;
+ PegCount max_concurrent_sessions;
};
extern THREAD_LOCAL dce2UdpStats dce2_udp_stats;
{ "max_fragment_size", "connection-less maximum fragment size" },
{ "frags_reassembled", "total connection-less fragments reassembled" },
{ "max_seqnum", "max connection-less seqnum" },
+ { "concurrent_sessions", "total concurrent sessions" },
+ { "max_concurrent_sessions", "maximum concurrent sessions" },
{ nullptr, nullptr }
};
Dce2SmbFlowData::Dce2SmbFlowData() : FlowData(inspector_id)
{
+ dce2_smb_stats.concurrent_sessions++;
+ if(dce2_smb_stats.max_concurrent_sessions < dce2_smb_stats.concurrent_sessions)
+ dce2_smb_stats.max_concurrent_sessions = dce2_smb_stats.concurrent_sessions;
}
Dce2SmbFlowData::~Dce2SmbFlowData()
{
DCE2_SmbDataFree(&dce2_smb_session);
+ if (dce2_smb_stats.concurrent_sessions > 0)
+ dce2_smb_stats.concurrent_sessions--;
}
unsigned Dce2SmbFlowData::inspector_id = 0;
Dnp3FlowData::Dnp3FlowData() : FlowData(inspector_id)
{
+ dnp3_stats.concurrent_sessions++;
+ if(dnp3_stats.max_concurrent_sessions < dnp3_stats.concurrent_sessions)
+ dnp3_stats.max_concurrent_sessions = dnp3_stats.concurrent_sessions;
+}
+
+Dnp3FlowData::~Dnp3FlowData()
+{
+ if (dnp3_stats.concurrent_sessions > 0)
+ dnp3_stats.concurrent_sessions--;
}
unsigned Dnp3FlowData::inspector_id = 0;
PegCount tcp_pdus;
PegCount dnp3_link_layer_frames;
PegCount dnp3_application_pdus;
+ PegCount concurrent_sessions;
+ PegCount max_concurrent_sessions;
};
/* DNP3 header structures */
{
public:
Dnp3FlowData();
+ ~Dnp3FlowData();
static void init()
{
{ "tcp_pdus", "total tcp pdus" },
{ "dnp3_link_layer_frames", "total dnp3 link layer frames" },
{ "dnp3_application_pdus", "total dnp3 application pdus" },
+ { "concurrent_sessions", "total concurrent dnp3 sessions" },
+ { "max_concurrent_sessions", "maximum concurrent dnp3 sessions" },
{ nullptr, nullptr }
};
#define server_help "FTP inspector server module"
THREAD_LOCAL ProfileStats ftpPerfStats;
-THREAD_LOCAL SimpleStats ftstats;
+THREAD_LOCAL FtpStats ftstats;
//-------------------------------------------------------------------------
// implementation stuff
{ 0, nullptr }
};
+static const PegInfo ftp_pegs[] =
+{
+ { "total_packets", "total packets" },
+ { "concurrent_sessions", "total concurrent ftp sessions" },
+ { "max_concurrent_sessions", "maximum concurrent ftp sessions" },
+
+ { nullptr, nullptr }
+};
+
//-------------------------------------------------------------------------
FtpServerModule::FtpServerModule() :
}
const PegInfo* FtpServerModule::get_pegs() const
-{ return simple_pegs; }
+{ return ftp_pegs; }
PegCount* FtpServerModule::get_counts() const
{ return (PegCount*)&ftstats; }
#define FTP_BOUNCE 8
#define FTP_EVASIVE_TELNET_CMD 9
+struct FtpStats;
struct SnortConfig;
-extern THREAD_LOCAL SimpleStats ftstats;
+extern THREAD_LOCAL FtpStats ftstats;
extern THREAD_LOCAL ProfileStats ftpPerfStats;
//-------------------------------------------------------------------------
unsigned FtpFlowData::inspector_id = 0;
unsigned TelnetFlowData::inspector_id = 0;
+TelnetFlowData::TelnetFlowData() : FlowData(inspector_id)
+{
+ memset(&session, 0, sizeof(session));
+ tnstats.concurrent_sessions++;
+ if(tnstats.max_concurrent_sessions < tnstats.concurrent_sessions)
+ tnstats.max_concurrent_sessions = tnstats.concurrent_sessions;
+}
+
+TelnetFlowData::~TelnetFlowData()
+{
+ if (tnstats.concurrent_sessions > 0)
+ tnstats.concurrent_sessions--;
+}
+
/*
* Function: TelnetResetsession(TELNET_SESSION *session)
*
TelnetResetsession(Newsession);
Newsession->ft_ssn.proto = FTPP_SI_PROTO_TELNET;
Newsession->telnet_conf = GlobalConf;
-
SiInput->pproto = FTPP_SI_PROTO_TELNET;
-
p->flow->set_flow_data(fd);
*Telnetsession = Newsession;
return FTPP_SUCCESS;
}
+FtpFlowData::FtpFlowData() : FlowData(inspector_id)
+{
+ memset(&session, 0, sizeof(session));
+ ftstats.concurrent_sessions++;
+ if(ftstats.max_concurrent_sessions < ftstats.concurrent_sessions)
+ ftstats.max_concurrent_sessions = ftstats.concurrent_sessions;
+}
+
+FtpFlowData::~FtpFlowData()
+{
+ FTPFreesession(&session);
+ if (ftstats.concurrent_sessions > 0)
+ ftstats.concurrent_sessions--;
+}
+
/*
* Purpose: Initialize the session and server configurations for this
* packet/stream. In this function, we set the session pointer
Newsession->ft_ssn.proto = FTPP_SI_PROTO_FTP;
Newsession->client_conf = ClientConf;
Newsession->server_conf = ServerConf;
-
p->flow->set_flow_data(fd);
*Ftpsession = Newsession;
#include "file_api/file_api.h"
#include "flow/flow.h"
#include "flow/flow_key.h"
+#include "framework/counts.h"
#include "ftp_client.h"
#include "ftp_server.h"
class TelnetFlowData : public FlowData
{
public:
- TelnetFlowData() : FlowData(inspector_id)
- { memset(&session, 0, sizeof(session)); }
-
- ~TelnetFlowData() { }
+ TelnetFlowData();
+ ~TelnetFlowData();
static void init()
{ inspector_id = FlowData::create_flow_data_id(); }
class FtpFlowData : public FlowData
{
public:
- FtpFlowData() : FlowData(inspector_id)
- { memset(&session, 0, sizeof(session)); }
-
- ~FtpFlowData()
- { FTPFreesession(&session); }
+ FtpFlowData();
+ ~FtpFlowData();
static void init()
{ inspector_id = FlowData::create_flow_data_id(); }
int SetSiInput(FTPP_SI_INPUT*, Packet*);
+struct FtpStats
+{
+ PegCount total_packets;
+ PegCount concurrent_sessions;
+ PegCount max_concurrent_sessions;
+};
+
+struct TelnetStats
+{
+ PegCount total_packets;
+ PegCount concurrent_sessions;
+ PegCount max_concurrent_sessions;
+};
+
+extern THREAD_LOCAL FtpStats ftstats;
+extern THREAD_LOCAL TelnetStats tnstats;
+
#endif
#include "telnet_module.h"
THREAD_LOCAL ProfileStats telnetPerfStats;
-THREAD_LOCAL SimpleStats tnstats;
+THREAD_LOCAL TelnetStats tnstats;
//-------------------------------------------------------------------------
// implementation
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
+static const PegInfo telnet_pegs[] =
+{
+ { "total_packets", "total packets" },
+ { "concurrent_sessions", "total concurrent telnet sessions" },
+ { "max_concurrent_sessions", "maximum concurrent telnet sessions" },
+
+ { nullptr, nullptr }
+};
+
static const RuleMap telnet_rules[] =
{
{ TELNET_AYT_OVERFLOW, TELNET_AYT_OVERFLOW_STR },
}
const PegInfo* TelnetModule::get_pegs() const
-{ return simple_pegs; }
+{ return telnet_pegs; }
PegCount* TelnetModule::get_counts() const
{ return (PegCount*)&tnstats; }
#define TEL_HELP "telnet inspection and normalization"
struct SnortConfig;
+struct TelnetStats;
-extern THREAD_LOCAL SimpleStats tnstats;
+extern THREAD_LOCAL TelnetStats tnstats;
extern THREAD_LOCAL ProfileStats telnetPerfStats;
class TelnetModule : public Module
enum PEG_COUNT { PEG_FLOW = 0, PEG_SCAN, PEG_REASSEMBLE, PEG_INSPECT, PEG_REQUEST, PEG_RESPONSE,
PEG_GET, PEG_HEAD, PEG_POST, PEG_PUT, PEG_DELETE, PEG_CONNECT, PEG_OPTIONS, PEG_TRACE,
PEG_OTHER_METHOD, PEG_REQUEST_BODY, PEG_CHUNKED, PEG_URI_NORM, PEG_URI_PATH, PEG_URI_CODING,
- PEG_COUNT_MAX };
+ PEG_CONCURRENT_SESSIONS, PEG_MAX_CONCURRENT_SESSIONS, PEG_COUNT_MAX };
// Result of scanning by splitter
enum ScanResult { SCAN_NOTFOUND, SCAN_FOUND, SCAN_FOUND_PIECE, SCAN_DISCARD, SCAN_DISCARD_PIECE,
#include "decompress/file_decomp.h"
+#include "http_module.h"
#include "http_test_manager.h"
#include "http_transaction.h"
}
}
#endif
+ HttpModule::increment_peg_counts(PEG_CONCURRENT_SESSIONS);
+ if (HttpModule::get_peg_counts(PEG_MAX_CONCURRENT_SESSIONS) <
+ HttpModule::get_peg_counts(PEG_CONCURRENT_SESSIONS))
+ HttpModule::increment_peg_counts(PEG_MAX_CONCURRENT_SESSIONS);
}
HttpFlowData::~HttpFlowData()
fflush(nullptr);
}
#endif
+ if (HttpModule::get_peg_counts(PEG_CONCURRENT_SESSIONS) > 0)
+ HttpModule::decrement_peg_counts(PEG_CONCURRENT_SESSIONS);
+
for (int k=0; k <= 1; k++)
{
delete infractions[k];
PegCount* get_counts() const override { return peg_counts; }
static void increment_peg_counts(HttpEnums::PEG_COUNT counter)
{ peg_counts[counter]++; return; }
+ static void decrement_peg_counts(HttpEnums::PEG_COUNT counter)
+ { peg_counts[counter]--; return; }
+ static PegCount get_peg_counts(HttpEnums::PEG_COUNT counter)
+ { return peg_counts[counter]; }
#ifdef REG_TEST
static const PegInfo* get_peg_names() { return peg_names; }
{ "uri_normalizations", "URIs needing to be normalization" },
{ "uri_path", "URIs with path problems" },
{ "uri_coding", "URIs with character coding problems" },
+ { "concurrent_sessions", "total concurrent http sessions" },
+ { "max_concurrent_sessions", "maximum concurrent http sessions" },
{ nullptr, nullptr }
};
RPC_STATUS__DEFRAG
} RpcStatus;
+struct RpcStats
+{
+ PegCount total_packets;
+ PegCount concurrent_sessions;
+ PegCount max_concurrent_sessions;
+};
+
static const uint32_t flush_size = 28;
#define mod_name "rpc_decode"
#define mod_help "RPC inspector"
THREAD_LOCAL ProfileStats rpcdecodePerfStats;
-THREAD_LOCAL SimpleStats rdstats;
+THREAD_LOCAL RpcStats rdstats;
static int ConvertRPC(RpcDecodeConfig*, RpcSsnData*, Packet*);
RpcFlowData::RpcFlowData() : FlowData(inspector_id)
{
memset(&session, 0, sizeof(session));
+ rdstats.concurrent_sessions++;
+ if(rdstats.max_concurrent_sessions < rdstats.concurrent_sessions)
+ rdstats.max_concurrent_sessions = rdstats.concurrent_sessions;
}
RpcFlowData::~RpcFlowData()
{
RpcSsnClean(&session);
+ if (rdstats.concurrent_sessions > 0)
+ rdstats.concurrent_sessions--;
}
static RpcSsnData* RpcSsnDataNew(Packet* p)
#define s_name "rpc_decode"
#define s_help "RPC inspector"
+static const PegInfo rpc_pegs[] =
+{
+ { "total_packets", "total packets" },
+ { "concurrent_sessions", "total concurrent rpc sessions" },
+ { "max_concurrent_sessions", "maximum concurrent rpc sessions" },
+
+ { nullptr, nullptr }
+};
+
RpcDecodeModule::RpcDecodeModule() : Module(s_name, s_help, s_params)
{ }
{ return rpc_rules; }
const PegInfo* RpcDecodeModule::get_pegs() const
-{ return simple_pegs; }
+{ return rpc_pegs; }
PegCount* RpcDecodeModule::get_counts() const
{ return (PegCount*)&rdstats; }
#define RPC_INCOMPLETE_SEGMENT 4
#define RPC_ZERO_LENGTH_FRAGMENT 5
-extern THREAD_LOCAL SimpleStats rdstats;
+struct RpcStats;
+
+extern THREAD_LOCAL RpcStats rdstats;
extern THREAD_LOCAL ProfileStats rpcdecodePerfStats;
class RpcDecodeModule : public Module
projects / thirdparty / snort3.git / commitdiff
