#define DEBUG_STREAM_STATE 0x0000000400000000LL
#define DEBUG_STREAM_PAF 0x0000000800000000LL
#define DEBUG_ASN1 0x0000002000000000LL
-#define DEBUG_DNS 0x0000004000000000LL
-#define DEBUG_FTPTELNET 0x0000008000000000LL
-#define DEBUG_GTP 0x0000010000000000LL
#define DEBUG_SIP 0x0000100000000000LL
-#define DEBUG_SMTP 0x0000400000000000LL
#define DEBUG_REPUTATION 0x0000800000000000LL
#define DEBUG_CODEC 0x0001000000000000LL
pkt_data++;
}
- DebugFormat(DEBUG_INSPECTOR, "Data length = %u\n", len);
- DebugFormat(DEBUG_INSPECTOR, "ID = %u\n", id);
-
/* Do more len checking */
if ( len >= BO_BUF_ATTACK_SIZE )
return BO_FROM_UNKNOWN;
}
- if ( type & 0x80 )
- {
- DebugMessage(DEBUG_INSPECTOR, "Partial packet\n");
- }
- if ( type & 0x40 )
- {
- DebugMessage(DEBUG_INSPECTOR, "Continued packet\n");
- }
-
/* Extract type of BO packet */
type = type & 0x3F;
- DebugFormat(DEBUG_INSPECTOR, "Type = 0x%x\n", type);
-
/* Only examine data if this is a ping request or response */
if ( type == BO_TYPE_PING )
{
char plaintext = *pkt_data ^ BoRand();
if ( *magic_data != plaintext )
- {
- DebugFormat(DEBUG_INSPECTOR,
- "Failed check one on 0x%X : 0x%X\n",
- *magic_data, plaintext);
-
return;
- }
++magic_data;
++pkt_data;
}
// if we fall thru there's a detect
- DebugMessage(DEBUG_INSPECTOR,
- "Detected Back Orifice Data!\n");
- DebugFormat(DEBUG_INSPECTOR, "hash value: %d\n", key);
-
int bo_direction = BoGetDirection(p, pkt_data);
-
if ( bo_direction == BO_FROM_CLIENT )
- {
DetectionEngine::queue_event(GID_BO, BO_CLIENT_TRAFFIC_DETECT);
- DebugMessage(DEBUG_INSPECTOR, "Client packet\n");
- }
-
else if ( bo_direction == BO_FROM_SERVER )
- {
DetectionEngine::queue_event(GID_BO, BO_SERVER_TRAFFIC_DETECT);
- DebugMessage(DEBUG_INSPECTOR, "Server packet\n");
- }
-
else
DetectionEngine::queue_event(GID_BO, BO_TRAFFIC_DETECT);
}
dnsSessionData->curr_rec = 0;
}
- /* Print out the header (but only once -- when we're ready to parse the Questions */
- if ((dnsSessionData->curr_rec_state == DNS_RESP_STATE_Q_NAME) &&
- (dnsSessionData->curr_rec == 0))
- {
- DebugFormat(DEBUG_DNS,
- "DNS Header: length %d, id 0x%x, flags 0x%x, "
- "questions %d, answers %d, authorities %d, additionals %d\n",
- dnsSessionData->length, dnsSessionData->hdr.id,
- dnsSessionData->hdr.flags, dnsSessionData->hdr.questions,
- dnsSessionData->hdr.answers,
- dnsSessionData->hdr.authorities,
- dnsSessionData->hdr.additionals);
- }
-
if (!(dnsSessionData->hdr.flags & DNS_HDR_FLAG_RESPONSE))
{
/* Not a response */
if (dnsSessionData->curr_rec_state == DNS_RESP_STATE_Q_COMPLETE)
{
- DebugFormat(DEBUG_DNS,
- "DNS Question %d: type %d, class %d\n",
- i, dnsSessionData->curr_q.type,
- dnsSessionData->curr_q.dns_class);
-
dnsSessionData->curr_rec_state = DNS_RESP_STATE_Q_NAME;
dnsSessionData->curr_rec++;
}
switch (dnsSessionData->curr_rec_state)
{
case DNS_RESP_STATE_RR_RDATA_START:
- DebugFormat(DEBUG_DNS,
- "DNS ANSWER RR %d: type %hu, class %hu, "
- "ttl %u rdlength %hu\n", i,
- dnsSessionData->curr_rr.type,
- dnsSessionData->curr_rr.dns_class,
- dnsSessionData->curr_rr.ttl,
- dnsSessionData->curr_rr.length);
-
dnsSessionData->bytes_seen_curr_rec = 0;
dnsSessionData->curr_rec_state = DNS_RESP_STATE_RR_RDATA_MID;
/* Fall through */
switch (dnsSessionData->curr_rec_state)
{
case DNS_RESP_STATE_RR_RDATA_START:
- DebugFormat(DEBUG_DNS,
- "DNS AUTH RR %d: type %hu, class %hu, "
- "ttl %u rdlength %hu\n", i,
- dnsSessionData->curr_rr.type,
- dnsSessionData->curr_rr.dns_class,
- dnsSessionData->curr_rr.ttl,
- dnsSessionData->curr_rr.length);
-
dnsSessionData->bytes_seen_curr_rec = 0;
dnsSessionData->curr_rec_state = DNS_RESP_STATE_RR_RDATA_MID;
/* Fall through */
switch (dnsSessionData->curr_rec_state)
{
case DNS_RESP_STATE_RR_RDATA_START:
- DebugFormat(DEBUG_DNS,
- "DNS ADDITIONAL RR %d: type %hu, class %hu, "
- "ttl %u rdlength %hu\n", i,
- dnsSessionData->curr_rr.type,
- dnsSessionData->curr_rr.dns_class,
- dnsSessionData->curr_rr.ttl,
- dnsSessionData->curr_rr.length);
-
dnsSessionData->bytes_seen_curr_rec = 0;
dnsSessionData->curr_rec_state = DNS_RESP_STATE_RR_RDATA_MID;
/* Fall through */
if (iInspectMode == FTPP_SI_SERVER_MODE)
{
- DebugFormat(DEBUG_FTPTELNET,
- "Server packet: %.*s\n", p->dsize, p->data);
-
// FIXIT-L breaks target-based non-standard ports
//if ( !ScPafEnabled() )
Stream::flush_client(p);
}
- else
- {
- if ( !InspectClientPacket(p) )
- {
- DebugMessage(DEBUG_FTPTELNET,
- "Client packet will be reassembled\n");
- return FTPP_SUCCESS;
- }
- else
- {
- DebugFormat(DEBUG_FTPTELNET,
- "Client packet: rebuilt %s: %.*s\n",
- (p->packet_flags & PKT_REBUILT_STREAM) ? "yes" : "no",
- p->dsize, p->data);
- }
- }
+ else if ( !InspectClientPacket(p) )
+ return FTPP_SUCCESS;
int ret = initialize_ftp(FTPsession, p, iInspectMode);
if ( ret )
if (!PROTO_IS_FTP(ftp_ssn))
{
- DebugMessage(DEBUG_FTPTELNET,
- "FTP-DATA Invalid FTP_SESSION retrieved during lookup\n");
-
if (data_ssn->data_chan)
p->flow->set_ignore_direction(SSN_DIR_BOTH);
-
return -2;
}
/* Could check that response msg includes "TLS" */
session->encr_state = AUTH_TLS_ENCRYPTED;
DetectionEngine::queue_event(GID_FTP, FTP_ENCRYPTED);
- DebugMessage(DEBUG_FTPTELNET, "FTP stream is now TLS encrypted\n");
}
break;
case AUTH_SSL_CMD_ISSUED:
/* Could check that response msg includes "SSL" */
session->encr_state = AUTH_SSL_ENCRYPTED;
DetectionEngine::queue_event(GID_FTP, FTP_ENCRYPTED);
- DebugMessage(DEBUG_FTPTELNET, "FTP stream is now SSL encrypted\n");
}
break;
case AUTH_UNKNOWN_CMD_ISSUED:
{
session->encr_state = AUTH_UNKNOWN_ENCRYPTED;
DetectionEngine::queue_event(GID_FTP, FTP_ENCRYPTED);
- DebugMessage(DEBUG_FTPTELNET, "FTP stream is now encrypted\n");
}
break;
}
/* Mark this session & packet as one to ignore */
Stream::stop_inspection(p->flow, p, SSN_DIR_BOTH, -1, 0);
}
- DebugMessage(DEBUG_FTPTELNET,
- "FTP client stream is now encrypted\n");
}
break;
}
/* Mark this session & packet as one to ignore */
Stream::stop_inspection(p->flow, p, SSN_DIR_BOTH, -1, 0);
}
- DebugMessage(DEBUG_FTPTELNET,
- "FTP server stream is now encrypted\n");
}
break;
}
}
else
{
- DebugMessage(DEBUG_FTPTELNET,
- "invalid FTP response code.");
ftpssn->server.response.state = FTP_RESPONSE_INV;
}
}
req->param_begin = nullptr;
req->param_end = nullptr;
}
- else if (!space && ftpssn->server.response.state == 0)
- {
- DebugMessage(DEBUG_FTPTELNET,
- "Missing LF from end of FTP command\n");
- }
- else
+ else if (space || ftpssn->server.response.state != 0)
{
/* Now grab the command parameters/response message
* read_ptr < end already checked */
* the pipeline.
*/
if (*read_ptr == LF)
- {
read_ptr++;
- }
- else
- {
- DebugMessage(DEBUG_FTPTELNET,
- "Missing LF from end of FTP command with params\n");
- }
}
}
}
/* Nothing left --> no parameters/message. Not even an LF */
req->param_begin = nullptr;
req->param_end = nullptr;
- DebugMessage(DEBUG_FTPTELNET,
- "Missing LF from end of FTP command sans params\n");
}
/* Set the pointer for the next request/response
switch (state)
{
case FTP_CMD_INV:
- DebugFormat(DEBUG_FTPTELNET,
- "Illegal FTP command found: %.*s\n",
- req->cmd_size, req->cmd_begin);
iRet = FTPP_ALERT;
break;
case FTP_RESPONSE: /* Response */
- DebugFormat(DEBUG_FTPTELNET,
- "FTP response: code: %.*s : M len %u : M %.*s\n",
- req->cmd_size, req->cmd_begin, req->param_size,
- req->param_size, req->param_begin);
if ((ftpssn->client_conf->max_resp_len > 0) &&
(req->param_size > ftpssn->client_conf->max_resp_len))
{
}
break;
case FTP_RESPONSE_CONT: /* Response continued */
- DebugFormat(DEBUG_FTPTELNET,
- "FTP response: continuation of code: %d : M len %u : M %.*s\n",
- ftpssn->server.response.state, req->param_size,
- req->param_size, req->param_begin);
if ((ftpssn->client_conf->max_resp_len > 0) &&
(req->param_size > ftpssn->client_conf->max_resp_len))
{
}
break;
case FTP_RESPONSE_ENDCONT: /* Continued response end */
- DebugFormat(DEBUG_FTPTELNET,
- "FTP response: final continue of code: %.*s : M len %u : "
- "M %.*s\n", req->cmd_size, req->cmd_begin,
- req->param_size, req->param_size, req->param_begin);
if ((ftpssn->client_conf->max_resp_len > 0) &&
(req->param_size > ftpssn->client_conf->max_resp_len))
{
}
break;
default:
- DebugFormat(DEBUG_FTPTELNET, "FTP command: CMD: %.*s : "
- "P len %u : P %.*s\n", req->cmd_size, req->cmd_begin,
- req->param_size, req->param_size, req->param_begin);
if (CmdConf)
{
unsigned max = CmdConf->max_param_len;
{
/* Alert on param length overrun */
DetectionEngine::queue_event(GID_FTP, FTP_PARAMETER_LENGTH_OVERFLOW);
- DebugFormat(DEBUG_FTPTELNET, "FTP command: %.*s"
- "parameter length overrun %u > %u \n",
- req->cmd_size, req->cmd_begin, req->param_size, max);
iRet = FTPP_ALERT;
}
if (!normalization_required)
{
- DebugMessage(DEBUG_FTPTELNET, "Nothing to process!\n");
if (tnssn && iMode == FTPP_SI_CLIENT_MODE)
tnssn->consec_ayt = 0;
return FTPP_SUCCESS;
}
else
{
- DebugFormat(DEBUG_FTPTELNET,
- "overwriting %2X(%c) with %2X(%c)\n",
- (unsigned char)(*write_ptr&0xFF), *write_ptr,
- (unsigned char)(*read_ptr & 0xFF), *read_ptr);
-
/* overwrite the negotiation bytes with the follow-on bytes */
switch (*((const unsigned char*)(read_ptr)))
{
#include "gtp.h"
-#include "main/snort_debug.h"
#include "protocols/packet.h"
#include "gtp_inspect.h"
pRopts->gtp_header = gtpMsg.gtp_header;
pRopts->msg_id = gtpMsg.msg_id;
- DEBUG_WRAP(DebugFormat(DEBUG_GTP, "GTP message version: %d\n", gtpMsg.version));
- DEBUG_WRAP(DebugFormat(DEBUG_GTP, "GTP message type: %d\n", gtpMsg.msg_type));
-
return status;
}
pRopts = GTPGetNewSession(packetp);
if ( !pRopts )
- {
- /* Could not get/create the session data for this packet. */
- DEBUG_WRAP(DebugMessage(DEBUG_GTP, "Create session error - not inspecting.\n"));
return;
- }
}
GTP_Process(config, packetp, pRopts);
using namespace snort;
+Trace TRACE_NAME(gtp_inspect);
THREAD_LOCAL ProfileStats gtp_inspect_prof;
#define GTP_EVENT_BAD_MSG_LEN_STR "message length is invalid"
};
GtpInspectModule::GtpInspectModule() :
- Module(GTP_NAME, GTP_HELP, gtp_params, true)
+ Module(GTP_NAME, GTP_HELP, gtp_params, true, &TRACE_NAME(gtp_inspect))
{ }
-bool GtpInspectModule::set(const char*, Value& v, SnortConfig*)
+bool GtpInspectModule::set(const char* fqn, Value& v, SnortConfig* c)
{
if ( v.is("version") )
stuff.version = v.get_long();
stuff.name = v.get_string();
else
- return false;
+ return Module::set(fqn, v, c);
return true;
}
#define GTP_MODULE_H
#include "framework/module.h"
+#include "main/snort_debug.h"
#define GID_GTP 143
#define GTP_HELP "gtp control channel inspection"
extern THREAD_LOCAL snort::ProfileStats gtp_inspect_prof;
+extern Trace TRACE_NAME(gtp_inspect);
struct GtpStuff
{
char buf[STD_BUF];
convertToHex( (char*)buf, sizeof(buf),
msg->gtp_header + info_elements[i].shift, info_elements[i].length);
- DEBUG_WRAP(DebugFormat(DEBUG_GTP, "Info type: %.3d, content: %s\n", i, buf); );
+ trace_logf(gtp_inspect, "Info type: %.3d, content: %s\n", i, buf);
}
}
}
uint8_t previous_type = (uint8_t)*start;
int32_t unprocessed_len = len;
- DEBUG_WRAP(DebugFormat(DEBUG_GTP, "Information elements: length: %d\n", len); );
-
while ( unprocessed_len > 0)
{
uint8_t type = *start;
if ( nullptr == ie )
{
- DEBUG_WRAP(DebugMessage(DEBUG_GTP, "Unsupported Information elements!\n"); );
gtp_stats.unknownIEs++;
return false;
}
msg->info_elements[type].msg_id = msg->msg_id;
}
- DEBUG_WRAP(DebugFormat(DEBUG_GTP, "GTP information element: %s(%d), length: %d\n",
- ie->name.c_str(), type, length));
start += length;
unprocessed_len -= length;
previous_type = type;
}
- DEBUG_WRAP(printInfoElements(msg->info_elements, msg); );
+#ifdef DEBUG_MSGS
+ printInfoElements(msg->info_elements, msg);
+#endif
return true;
}
{
const GTP_C_Hdr* hdr;
- DEBUG_WRAP(DebugMessage(DEBUG_GTP, "This is a GTP v0 packet.\n"); );
-
hdr = (const GTP_C_Hdr*)buff;
-
msg->header_len = GTP_HEADER_LEN_V0;
/*Check the length field. */
if (gtp_len != ((unsigned int)ntohs(hdr->length) + GTP_LENGTH_OFFSET_V0))
{
- DEBUG_WRAP(DebugFormat(DEBUG_GTP, "Calculated length %d != %d in header.\n",
- gtp_len - GTP_LENGTH_OFFSET_V0, ntohs(hdr->length)); );
alert(GTP_EVENT_BAD_MSG_LEN);
return false;
}
{
const GTP_C_Hdr* hdr;
- DEBUG_WRAP(DebugMessage(DEBUG_GTP, "This ia a GTP v1 packet.\n"); );
-
hdr = (const GTP_C_Hdr*)buff;
/*Check the length based on optional fields and extension header*/
/*Check the length field. */
if (gtp_len != ((unsigned int)ntohs(hdr->length) + GTP_LENGTH_OFFSET_V1))
{
- DEBUG_WRAP(DebugFormat(DEBUG_GTP, "Calculated length %d != %d in header.\n",
- gtp_len - GTP_LENGTH_OFFSET_V1, ntohs(hdr->length)); );
alert(GTP_EVENT_BAD_MSG_LEN);
return false;
}
{
const GTP_C_Hdr* hdr;
- DEBUG_WRAP(DebugMessage(DEBUG_GTP, "This ia a GTP v2 packet.\n"); );
-
hdr = (const GTP_C_Hdr*)buff;
if (hdr->flag & 0x8)
/*Check the length field. */
if (gtp_len != ((unsigned int)ntohs(hdr->length) + GTP_LENGTH_OFFSET_V2))
{
- DEBUG_WRAP(DebugFormat(DEBUG_GTP, "Calculated length %d != %d in header.\n",
- gtp_len - GTP_LENGTH_OFFSET_V2, ntohs(hdr->length)); );
alert(GTP_EVENT_BAD_MSG_LEN);
return false;
}
********************************************************************/
int gtp_parse(const GTPConfig& config, GTPMsg* msg, const uint8_t* buff, uint16_t gtp_len)
{
- DEBUG_WRAP(DebugMessage(DEBUG_GTP, "Start parsing...\n"));
-
/*Check the length*/
- DEBUG_WRAP(DebugFormat(DEBUG_GTP, "Basic header length: %d\n", GTP_MIN_HEADER_LEN));
if (gtp_len < GTP_MIN_HEADER_LEN)
return false;
msg->gtp_header = buff;
if (msg->version > MAX_GTP_VERSION_CODE)
- {
- DEBUG_WRAP(DebugFormat(DEBUG_GTP, "Unsupported GTP version: %d!\n",msg->version); );
return false;
- }
+
/*Check whether this is GTP or GTP', Exit if GTP'*/
if (!(hdr->flag & 0x10))
- {
- DEBUG_WRAP(DebugMessage(DEBUG_GTP, "Unsupported GTP'!\n"); );
return false;
- }
const GTP_MsgType* msgType = &config.msgv[msg->version][msg->msg_type];
if ( nullptr == msgType )
{
- DEBUG_WRAP(DebugFormat(DEBUG_GTP, "Unsupported GTP message type: %d!\n",msg->msg_type); );
gtp_stats.unknownTypes++;
return false;
}
- else
- {
- DEBUG_WRAP(DebugFormat(DEBUG_GTP, "GTP version: %d, message type: %s(%d)\n",
- msg->version, msgType->name.c_str(), msg->msg_type));
- }
// FIXIT-L need to implement stats retrieval from module
//gtp_stats.messages[msg->version][msg->msg_type]++;
break;
default:
- DEBUG_WRAP(DebugMessage(DEBUG_GTP, "Unknown protocol version.\n"); );
return false;
}
pRopts->body_data = sipMsg.body_data;
pRopts->status_code = sipMsg.status_code;
- DebugFormat(DEBUG_SIP, "SIP message header length: %d\n",
- sipMsg.headerLen);
- DebugFormat(DEBUG_SIP, "Parsed method: %.*s, Flag: 0x%x\n",
- sipMsg.methodLen, sipMsg.method, sipMsg.methodFlag);
- DebugFormat(DEBUG_SIP, "Parsed status code: %d\n",
- sipMsg.status_code);
- DebugFormat(DEBUG_SIP, "Parsed header address: %p.\n",
- sipMsg.header);
- DebugFormat(DEBUG_SIP, "Parsed body address: %p.\n",
- sipMsg.body_data);
-
sip_freeMsg(&sipMsg);
return status;
}
/* If the user specified methods, remove default methods for now since
* it now needs to be set explicitly. */
*methodsConfig = SIP_METHOD_NULL;
- DebugFormat(DEBUG_SIP, "Method token: %s\n",cur_tokenp);
// Check whether this is a standard method
i_method = SIP_findMethod(cur_tokenp, StandardMethods);
#include "detection/detection_engine.h"
#include "events/event_queue.h"
#include "framework/data_bus.h"
-#include "main/snort_debug.h"
#include "protocols/packet.h"
#include "protocols/vlan.h"
#include "pub_sub/sip_events.h"
static SIP_DialogData* SIP_addDialog(SIPMsg*, SIP_DialogData*, SIP_DialogList*);
static int SIP_deleteDialog(SIP_DialogData*, SIP_DialogList*);
-#ifdef DEBUG_MSGS
-static void SIP_displayMedias(SIP_MediaList* dList);
-#endif
-
/********************************************************************
* Function: SIP_processRequest()
*
if (nullptr == dialog)
return false;
- DebugFormat(DEBUG_SIP, "Processing invite, dialog state %d \n", dialog->state);
-
/*Check for the invite replay attack: authenticated invite without challenge*/
// check whether this invite has authorization information
if ((SIP_DLG_AUTHENCATING != dialog->state) && (nullptr != sipMsg->authorization))
{
- DebugFormat(DEBUG_SIP, "Dialog state code: %hu\n",
- dialog->status_code);
-
DetectionEngine::queue_event(GID_SIP, SIP_EVENT_AUTH_INVITE_REPLAY_ATTACK);
return false;
}
if (nullptr == dialog)
return false;
- DebugFormat(DEBUG_SIP, "Processing response, dialog state %d \n", dialog->state);
-
if (sipMsg->status_code > 0)
dialog->status_code = sipMsg->status_code;
if (nullptr == medias)
{
// Can't find the media session by ID, SDP has been changed.
- DebugFormat(DEBUG_SIP, "Can't find the media data, ID: %u\n",
- sipMsg->mediaSession->sessionID);
-
return false;
}
// The media content has been changed
if (0 != SIP_compareMedias(medias->medias, sipMsg->mediaSession->medias))
- {
- // Can't find the media session by ID, SDP has been changed.
- DebugMessage(DEBUG_SIP, "The media data is different!\n");
return false;
- }
+
return true;
}
if (0 == config->ignoreChannel)
return false;
- DebugFormat(DEBUG_SIP, "Ignoring the media data in Dialog: %u\n",
- dialog->dlgID.callIdHash);
// check the first media session
if (nullptr == dialog->mediaSessions)
return false;
if (nullptr == dialog->mediaSessions->nextS)
return false;
- DebugFormat(DEBUG_SIP, "Ignoring the media sessions ID: %u and %u\n",
- dialog->mediaSessions->sessionID, dialog->mediaSessions->nextS->sessionID);
mdataA = dialog->mediaSessions->medias;
mdataB = dialog->mediaSessions->nextS->medias;
sip_stats.ignoreSessions++;
while ((nullptr != mdataA)&&(nullptr != mdataB))
{
//void *ssn;
- DebugFormat(DEBUG_SIP, "Ignoring channels Source IP: %s Port: %hu\n",
- mdataA->maddress.ntoa(), mdataA->mport);
- DebugFormat(DEBUG_SIP, "Ignoring channels Destine IP: %s Port: %hu\n",
- mdataB->maddress.ntoa(), mdataB->mport);
/* Call into Streams to mark data channel as something to ignore. */
Flow* ssn = Stream::get_flow(
SIP_MediaData* mdataA,* mdataB;
mdataA = mlistA;
mdataB = mlistB;
- DebugMessage(DEBUG_SIP, "Compare the media data \n");
while ((nullptr != mdataA) && (nullptr != mdataB))
{
if (mdataA->maddress.compare(mdataB->maddress) != SFIP_EQUAL)
if (nullptr == mSession)
return;
- DebugFormat(DEBUG_SIP, "Updating session id: %u\n",
- mSession->sessionID);
+
mSession->savedFlag = SIP_SESSION_SAVED;
// Find out the media session based on session id
currSession = *dList;
while (nullptr != currSession)
{
- DebugFormat(DEBUG_SIP, "Session id: %u\n",
- currSession->sessionID);
if (currSession->sessionID == mSession->sessionID)
- {
- DebugFormat(DEBUG_SIP, "Found Session id: %u\n",
- currSession->sessionID);
break;
- }
+
preSession = currSession;
currSession = currSession->nextS;
}
{
mSession->nextS = *dList;
*dList = mSession;
- DEBUG_WRAP(DebugFormat(DEBUG_SIP, "Add Session id: %u\n", mSession->sessionID));
}
else
{
// if this session needs to be updated
- DebugFormat(DEBUG_SIP, "Insert Session id: %u\n", mSession->sessionID);
mSession->nextS = currSession->nextS;
// if this is the header, update the new header
if (nullptr == preSession)
currSession->nextS = nullptr;
sip_freeMediaSession(currSession);
}
-
- // Display the final media session
-#ifdef DEBUG_MSGS
- SIP_displayMedias(dList);
-#endif
}
-#ifdef DEBUG_MSGS
-void SIP_displayMedias(SIP_MediaList* dList)
-{
- SIP_MediaSession* currSession;
- DebugMessage(DEBUG_SIP, "Updated Session information------------\n");
- currSession = *dList;
- while (nullptr != currSession)
- {
- SIP_MediaData* mdata;
- DebugFormat(DEBUG_SIP, "Session id: %u\n", currSession->sessionID);
- mdata = currSession->medias;
- while (nullptr != mdata)
- {
- DebugFormat(DEBUG_SIP, "Media IP: %s, port: %hu, number of ports %hhu\n",
- mdata->maddress.ntoa(), mdata->mport, mdata->numPort);
- mdata = mdata->nextM;
- }
- currSession = currSession->nextS;
- }
- DebugMessage(DEBUG_SIP, "End of Session information------------\n");
-}
-
-#endif
/********************************************************************
* Function: SIP_addDialog
*
{
SIP_DialogData* dialog;
- DebugFormat(DEBUG_SIP, "Add Dialog id: %u, From: %u, To: %u, status code: %hu\n",
- sipMsg->dlgID.callIdHash,sipMsg->dlgID.fromTagHash,sipMsg->dlgID.toTagHash,
- sipMsg->status_code);
-
sip_stats.dialogs++;
dialog = (SIP_DialogData*)snort_calloc(sizeof(SIP_DialogData));
if ((nullptr == currDialog)||(nullptr == dList))
return false;
- DebugFormat(DEBUG_SIP, "Delete Dialog id: %u, From: %u, To: %u \n",
- currDialog->dlgID.callIdHash,currDialog->dlgID.fromTagHash,currDialog->dlgID.toTagHash);
// If this is the header
if (nullptr == currDialog->prevD)
{
if ((nullptr == sipMsg)||(0 == sipMsg->dlgID.callIdHash))
return false;
- DebugFormat(DEBUG_SIP, "Updating Dialog id: %u, From: %u, To: %u\n",
- sipMsg->dlgID.callIdHash,sipMsg->dlgID.fromTagHash,sipMsg->dlgID.toTagHash);
-
dialog = dList->head;
/*Find out the dialog in the dialog list*/
while (nullptr != dialog)
{
- DebugFormat(DEBUG_SIP, "Dialog id: %u, From: %u, To: %u\n",
- dialog->dlgID.callIdHash,dialog->dlgID.fromTagHash,dialog->dlgID.toTagHash);
if (sipMsg->dlgID.callIdHash == dialog->dlgID.callIdHash)
- {
- DebugFormat(DEBUG_SIP, "Found Dialog id: %u, From: %u, To: %u\n",
- dialog->dlgID.callIdHash,dialog->dlgID.fromTagHash,dialog->dlgID.toTagHash);
break;
- }
+
oldDialog = dialog;
dialog = dialog->nextD;
}
while (nullptr != curNode)
{
- DebugFormat(DEBUG_SIP,
- "*Clean Dialog creator: 0x%x, id: %u, From: %u, To: %u, State: %d\n",
- curNode->creator, curNode->dlgID.callIdHash,curNode->dlgID.fromTagHash,
- curNode->dlgID.toTagHash,curNode->state);
nextNode = curNode->nextD;
sip_freeMediaList(curNode->mediaSessions);
snort_free(curNode);
#include "detection/detection_engine.h"
#include "events/event_queue.h"
-#include "main/snort_debug.h"
#include "utils/util.h"
#include "utils/util_cstring.h"
char* colonIndex;
const char* newStart, * newEnd;
char newLength;
- DebugFormat(DEBUG_SIP, "process line: %.*s\n", length, start);
// If this is folding
if ((' ' == start[0]) || ('\t' == start[0]))
if (numOfLineBreaks < 1)
{
/*No CRLF */
- DebugMessage(DEBUG_SIP, "No CRLF, check failed\n");
return false;
}
/*Exclude CRLF from start line*/
length = next - start - numOfLineBreaks;
- DebugFormat(DEBUG_SIP, "Start line: %.*s \n", length, start);
- DebugMessage(DEBUG_SIP, "End of Start line \n");
-
/*Should at least have SIP/2.0 */
if (length < SIP_MIN_MSG_LEN)
{
- DebugMessage(DEBUG_SIP, "Message too short, check failed\n");
return false;
}
}
else
msg->status_code = (uint16_t)statusCode;
- DebugFormat(DEBUG_SIP, "Status code: %d \n", msg->status_code);
}
else /* This might be a request*/
{
return false;
msg->method = buff;
msg->methodLen = space - buff;
- DebugFormat(DEBUG_SIP, "method: %.*s\n", msg->methodLen, msg->method);
method = SIP_FindMethod (config->methods, msg->method, msg->methodLen);
if (method)
{
msg->methodFlag = method->methodFlag;
- DebugFormat(DEBUG_SIP, "Found the method: %s, Flag: 0x%x\n",
- method->methodName, method->methodFlag);
}
// parse the uri
if (space == nullptr)
return false;
msg->uriLen = space - msg->uri;
- DebugFormat(DEBUG_SIP, "uri: %.*s, length: %hu\n", msg->uriLen, msg->uri,
- msg->uriLen);
+
if (0 == msg->uriLen)
DetectionEngine::queue_event(GID_SIP, SIP_EVENT_EMPTY_REQUEST_URI);
else if (config->maxUriLen && (msg->uriLen > config->maxUriLen))
/*Processing this line*/
int length = next - start - numOfLineBreaks;
- DebugFormat(DEBUG_SIP, "Header line: %.*s\n", length, start);
/*Process headers*/
sip_process_headField(msg, start, start + length, &lastFieldIndex, config);
********************************************************************/
static bool sip_body_parse(SIPMsg* msg, const char* buff, const char* end, const char** bodyEnd)
{
-#ifdef DEBUG_MSGS
- {
- int length = end - buff;
- DebugFormat(DEBUG_SIP, "Body length: %d\n", length);
- DebugFormat(DEBUG_SIP, "Body line: %.*s\n", length, buff);
- }
-#endif
-
// Initialize it
*bodyEnd = end;
if (buff == end)
return true;
- msg->body_data = (const uint8_t*) buff;
+ msg->body_data = (const uint8_t*)buff;
msg->bodyLen = end - buff;
// Create a media session
/*Processing this line*/
int length = next - start - numOfLineBreaks;
- DebugFormat(DEBUG_SIP, "Body line: %.*s\n", length, start);
/*Process body fields*/
sip_process_bodyField(msg, start, start + length);
ret = false;
}
- DebugFormat(DEBUG_SIP, "Method flag: %d\n", msg->methodFlag);
-
// Contact is required for invite message
if ((0 == msg->contactLen)&&(msg->methodFlag == SIP_METHOD_INVITE)&&(0 == msg->status_code))
{
static int sip_parse_via(SIPMsg* msg, const char* start, const char* end, SIP_PROTO_CONF*)
{
int length = end -start;
- DebugFormat(DEBUG_SIP, "Via value: %.*s\n", length, start);
msg->viaLen = msg->viaLen + length;
- DebugFormat(DEBUG_SIP, "Via length: %d\n", msg->viaLen);
return SIP_PARSE_SUCCESS;
}
static int sip_parse_from(SIPMsg* msg, const char* start, const char* end, SIP_PROTO_CONF*)
{
- DEBUG_WRAP(int length = end -start; )
char* buff;
char* userEnd;
char* userStart;
- DebugFormat(DEBUG_SIP, "From value: %.*s\n", length, start);
msg->from = start;
msg->fromLen = end - start;
- DebugFormat(DEBUG_SIP, "From length: %d , content: %.*s\n",
- msg->fromLen, msg->fromLen, msg->from);
-
/*Get the from tag*/
msg->fromTagLen = 0;
msg->userNameLen = 0;
}
- DebugFormat(DEBUG_SIP, "From tag length: %d , hash: %u, content: %.*s\n",
- msg->fromTagLen, msg->dlgID.fromTagHash, msg->fromTagLen, msg->from_tag);
-
return SIP_PARSE_SUCCESS;
}
static int sip_parse_to(SIPMsg* msg, const char* start, const char* end, SIP_PROTO_CONF*)
{
- DEBUG_WRAP(int length = end -start; )
char* buff;
- DebugFormat(DEBUG_SIP, "To value: %.*s\n", length, start);
msg->to = start;
msg->toLen = end - start;
- DebugFormat(DEBUG_SIP, "To length: %d , content: %.*s\n",
- msg->toLen, msg->toLen, msg->to);
-
/*Processing tag information*/
msg->toTagLen = 0;
buff = (char*)memchr(buff + 1, ';', msg->toLen);
}
- DebugFormat(DEBUG_SIP, "To tag length: %d , Hash: %u, content: %.*s\n",
- msg->toTagLen, msg->dlgID.toTagHash, msg->toTagLen, msg->to_tag);
return SIP_PARSE_SUCCESS;
}
-static inline bool is_valid_ip(const char *start, int length)
+static inline bool is_valid_ip(const char* start, int length)
{
SfIp ip;
char ipStr[INET6_ADDRSTRLEN];
/*Get the IP address*/
- if(length > INET6_ADDRSTRLEN - 1)
+ if (length > INET6_ADDRSTRLEN - 1)
{
length = INET6_ADDRSTRLEN - 1;
}
memcpy(ipStr, start, length);
ipStr[length] = '\0';
- DebugFormat(DEBUG_SIP, "IP data: %s\n", ipStr);
-
- if( ip.set(ipStr) != SFIP_SUCCESS)
- {
- DebugMessage(DEBUG_SIP, "Not valid IP! \n");
+ if ( ip.set(ipStr) != SFIP_SUCCESS)
return false;
- }
return true;
}
static int sip_parse_call_id(SIPMsg* msg, const char* start, const char* end, SIP_PROTO_CONF*)
{
int length = end -start;
- DebugFormat(DEBUG_SIP, "Call-Id value: %.*s\n", length, start);
msg->call_id = start;
/*ignore ip address in call id by adjusting length*/
char* at = (char*)memchr(start, '@', length);
- if(at && (at < end) && is_valid_ip(at+1, (end-at-1)))
+ if (at && (at < end) && is_valid_ip(at+1, (end-at-1)))
{
length = at - start;
}
msg->callIdLen = end - start;
msg->dlgID.callIdHash = strToHash(msg->call_id, length);
- DebugFormat(DEBUG_SIP, "Call-Id length: %d, Hash: %u\n",
- msg->callIdLen, msg->dlgID.callIdHash);
return SIP_PARSE_SUCCESS;
}
********************************************************************/
static int sip_parse_user_agent(SIPMsg* msg, const char* start, const char* end, SIP_PROTO_CONF*)
{
- DEBUG_WRAP(int length = end -start; )
- DebugFormat(DEBUG_SIP, "User-Agent value: %.*s\n", length, start);
-
msg->userAgent = start;
msg->userAgentLen = end - start;
********************************************************************/
static int sip_parse_server(SIPMsg* msg, const char* start, const char* end, SIP_PROTO_CONF*)
{
- DEBUG_WRAP(int length = end -start; )
- DebugFormat(DEBUG_SIP, "Server value: %.*s\n", length, start);
-
msg->server = start;
msg->serverLen = end - start;
static int sip_parse_cseq(SIPMsg* msg, const char* start, const char* end, SIP_PROTO_CONF* config)
{
char* next = nullptr;
- DEBUG_WRAP(int length = end -start; )
SIPMethodNode* method = nullptr;
- DebugFormat(DEBUG_SIP, "CSeq value: %.*s\n", length, start);
msg->cseqnum = SnortStrtoul(start, &next, 10);
if ((nullptr != next )&&(next < end))
{
msg->cseqNameLen = end - msg->cseqName;
method = SIP_FindMethod (config->methods, msg->cseqName, msg->cseqNameLen);
}
- DebugFormat(DEBUG_SIP, "CSeq number: %" PRIu64 ", CSeqName: %.*s\n",
- msg->cseqnum, msg->cseqNameLen, msg->cseqName);
if (nullptr == method)
{
{
DetectionEngine::queue_event(GID_SIP, SIP_EVENT_MISMATCH_METHOD);
}
- DebugFormat(DEBUG_SIP, "Found the method: %s, Flag: 0x%x\n",
- method->methodName, method->methodFlag);
}
return SIP_PARSE_SUCCESS;
static int sip_parse_contact(SIPMsg* msg, const char* start, const char* end, SIP_PROTO_CONF*)
{
int length = end -start;
- DebugFormat(DEBUG_SIP, "Contact value: %.*s\n", length, start);
msg->contact = start;
msg->contactLen = msg->contactLen + length;
- DebugFormat(DEBUG_SIP, "Contact length: %d\n", msg->contactLen);
return SIP_PARSE_SUCCESS;
}
********************************************************************/
static int sip_parse_authorization(
- SIPMsg* msg, const char* start, const char* end, SIP_PROTO_CONF*)
+ SIPMsg* msg, const char* start, const char*, SIP_PROTO_CONF*)
{
-#ifdef DEBUG_MSGS
- DEBUG_WRAP(int length = end -start; )
- DebugFormat(DEBUG_SIP, "Authorization value: %.*s\n", length, start);
-#else
- UNUSED(end);
-#endif
msg->authorization = start;
return SIP_PARSE_SUCCESS;
}
static int sip_parse_content_type(SIPMsg* msg, const char* start, const char* end, SIP_PROTO_CONF*)
{
- DEBUG_WRAP(int length = end -start; )
- DebugFormat(DEBUG_SIP, "Content type value: %.*s\n", length, start);
msg->contentTypeLen = end - start;
msg->content_type = start;
return SIP_PARSE_SUCCESS;
DetectionEngine::queue_event(GID_SIP, SIP_EVENT_BAD_CONTENT_LEN);
return SIP_PARSE_ERROR;
}
- DebugFormat(DEBUG_SIP, "Content length: %u\n", msg->content_len);
return SIP_PARSE_SUCCESS;
}
********************************************************************/
static int sip_parse_content_encode(
- SIPMsg* msg, const char* start, const char* end, SIP_PROTO_CONF*)
+ SIPMsg* msg, const char* start, const char*, SIP_PROTO_CONF*)
{
-#ifdef DEBUG_MSGS
- DEBUG_WRAP(int length = end -start; )
- DebugFormat(DEBUG_SIP, "Content encode value: %.*s\n", length, start);
-#else
- UNUSED(end);
-#endif
msg->content_encode = start;
return SIP_PARSE_SUCCESS;
}
if (nullptr == msg->mediaSession)
return SIP_PARSE_ERROR;
length = end - start;
- DebugFormat(DEBUG_SIP, "Origination information: %.*s\n", length, start);
// Get username and session ID information (before second space)
spaceIndex = (char*)memchr(start, ' ', length); // first space
if ((nullptr == spaceIndex)||(spaceIndex == end))
if (nullptr == spaceIndex2)
return SIP_PARSE_ERROR;
- DebugFormat(DEBUG_SIP, "Session information: %.*s\n", static_cast<int>(spaceIndex - start), start);
-
//sessionId uses all elements from o: line except sessionId version
msg->mediaSession->sessionID = strToHash(start, spaceIndex - start);
msg->mediaSession->sessionID += strToHash(spaceIndex2+1, end - (spaceIndex2+1));
- DebugFormat(DEBUG_SIP, "Session ID: %u\n", msg->mediaSession->sessionID);
return SIP_PARSE_SUCCESS;
}
if (nullptr == msg->mediaSession)
return SIP_PARSE_ERROR;
length = end - start;
- DebugFormat(DEBUG_SIP, "Connection data: %.*s\n", length, start);
/*Get the IP address*/
spaceIndex = (char*)memchr(start, ' ', length); // first space
}
strncpy(ipStr, spaceIndex, length);
ipStr[length] = '\0';
- DebugFormat(DEBUG_SIP, "IP data: %s\n", ipStr);
// If no default session connect information, add it
if (nullptr == msg->mediaSession->medias)
}
if ( ip->set(ipStr) != SFIP_SUCCESS)
{
- DebugMessage(DEBUG_SIP, "Parsed error! \n");
return SIP_PARSE_ERROR;
}
- DebugFormat(DEBUG_SIP, "Parsed Connection data: %s\n", ip->ntoa());
return SIP_PARSE_SUCCESS;
}
if (nullptr == msg->mediaSession)
return SIP_PARSE_ERROR;
length = end - start;
- DebugFormat(DEBUG_SIP, "Media information: %.*s\n", length, start);
spaceIndex = (char*)memchr(start, ' ', length); // first space
mdata->nextM = msg->mediaSession->medias;
mdata->maddress = msg->mediaSession->maddress_default;
msg->mediaSession->medias = mdata;
- DebugFormat(DEBUG_SIP, "Media IP: %s, Media port %hu, number of media: %d\n",
- mdata->maddress.ntoa(), mdata->mport, mdata->numPort);
+
return SIP_PARSE_SUCCESS;
}
{
const char* nextIndex;
const char* start;
- bool status;
/*Initialize key values*/
msg->methodFlag = SIP_METHOD_NULL;
/*Parse the start line*/
start = buff;
nextIndex = nullptr;
- DebugMessage(DEBUG_SIP, "Start parsing...\n");
msg->header = (const uint8_t*)buff;
- status = sip_startline_parse(msg, start, end, &nextIndex, config);
-
- if ( !status )
- {
- DebugMessage(DEBUG_SIP, "Start line parsing failed...\n");
- return status;
- }
+ if (!sip_startline_parse(msg, start, end, &nextIndex, config))
+ return false;
/*Parse the headers*/
start = nextIndex;
- status = sip_headers_parse(msg, start, end, &nextIndex, config);
+ sip_headers_parse(msg, start, end, &nextIndex, config);
msg->headerLen = nextIndex - buff;
- if ( !status )
- {
- DebugMessage(DEBUG_SIP, "Header parsing failed...\n");
- }
-
- status = sip_check_headers(msg, config);
-
- if ( !status )
- {
- DebugMessage(DEBUG_SIP, "Headers validation failed...\n");
- }
+ sip_check_headers(msg, config);
/*Parse the body*/
start = nextIndex;
if ((!msg->isTcp)&&(msg->content_len > bodyLen))
DetectionEngine::queue_event(GID_SIP, SIP_EVENT_MISMATCH_CONTENT_LEN);
- status = sip_body_parse(msg, start, start + msg->content_len, &nextIndex);
-
- if ( !status )
- {
- DebugMessage(DEBUG_SIP, "Headers validation failed...\n");
- }
+ bool status = sip_body_parse(msg, start, start + msg->content_len, &nextIndex);
// Find out whether multiple SIP messages in this packet
/*Disable this check for TCP. Revisit this again when PAF enabled for SIP*/
while (nullptr != curNode)
{
- DebugFormat(DEBUG_SIP, "Clear media ip: %s, port: %d, number of port: %d\n",
- curNode->maddress.ntoa(), curNode->mport, curNode->numPort);
nextNode = curNode->nextM;
snort_free(curNode);
curNode = nextNode;
while (nullptr != curNode)
{
- DebugFormat(DEBUG_SIP, "Clean Media session default IP: %s, session ID: %u\n",
- curNode->maddress_default.ntoa(), curNode->sessionID);
nextNode = curNode->nextS;
sip_freeMediaSession(curNode);
curNode = nextNode;
#include "detection/detection_util.h"
#include "log/messages.h"
#include "log/unified2.h"
-#include "main/snort_debug.h"
#include "profiler/profiler.h"
#include "protocols/packet.h"
#include "protocols/ssl.h"
if(Stream::is_midstream(p->flow))
{
- DebugMessage(DEBUG_SMTP, "Got midstream packet - "
- "setting state to unknown\n");
smtp_ssn->state = STATE_UNKNOWN;
}
if (ssn->session_flags & SMTP_FLAG_NEXT_STATE_UNKNOWN)
{
- DebugMessage(DEBUG_SMTP, "Found gap in previous reassembly buffer - "
- "set state to unknown\n");
ssn->state = STATE_UNKNOWN;
ssn->session_flags &= ~SMTP_FLAG_NEXT_STATE_UNKNOWN;
}
if (missing_in_rebuilt == SSN_MISSING_BEFORE)
{
- DebugMessage(DEBUG_SMTP, "Found missing packets before "
- "in reassembly buffer - set state to unknown\n");
ssn->state = STATE_UNKNOWN;
}
}
* state. Check to see if we're encrypted */
if (smtp_ssn->state == STATE_UNKNOWN)
{
- DebugMessage(DEBUG_SMTP, "Command not found, but state is "
- "unknown - checking for SSL\n");
-
/* check for encrypted */
if ((smtp_ssn->session_flags & SMTP_FLAG_CHECK_SSL) &&
(IsSSL(ptr, end - ptr, p->packet_flags)))
{
- DebugMessage(DEBUG_SMTP, "Packet is SSL encrypted\n");
-
smtp_ssn->state = STATE_TLS_DATA;
-
- /* Ignore data */
- if (config->ignore_tls_data)
- {
- DebugMessage(DEBUG_SMTP, "Ignoring encrypted data\n");
- }
-
return end;
}
else
{
- DebugMessage(DEBUG_SMTP, "Not SSL - try data state\n");
/* don't check for ssl again in this packet */
if (smtp_ssn->session_flags & SMTP_FLAG_CHECK_SSL)
smtp_ssn->session_flags &= ~SMTP_FLAG_CHECK_SSL;
}
else
{
- DebugMessage(DEBUG_SMTP, "No known command found\n");
-
if (smtp_ssn->state != STATE_AUTH)
{
DetectionEngine::queue_event(GID_SMTP,SMTP_UNKNOWN_CMD);
if ((smtp_ssn->state_flags & SMTP_FLAG_GOT_RCPT_CMD) ||
smtp_ssn->state == STATE_UNKNOWN)
{
- DebugMessage(DEBUG_SMTP, "Set to data state.\n");
-
smtp_ssn->state = STATE_DATA;
smtp_ssn->state_flags &= ~(SMTP_FLAG_GOT_MAIL_CMD | SMTP_FLAG_GOT_RCPT_CMD);
}
- else
- {
- DebugMessage(DEBUG_SMTP, "Didn't get MAIL -> RCPT command sequence - "
- "stay in command state.\n");
- }
break;
switch (smtp_ssn->state)
{
case STATE_COMMAND:
- DebugMessage(DEBUG_SMTP, "COMMAND STATE ~~~~~~~~~~~~~~~~~~~~~~~~~~\n");
ptr = SMTP_HandleCommand(config, p, smtp_ssn, ptr, end);
break;
case STATE_DATA:
case STATE_BDATA:
- DebugMessage(DEBUG_SMTP, "DATA STATE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n");
position = get_file_position(p);
ptr = smtp_ssn->mime_ssn->process_mime_data(p->flow, ptr, len, true, position);
//ptr = SMTP_HandleData(p, ptr, end, &(smtp_ssn->mime_ssn));
ptr = SMTP_HandleCommand(config, p, smtp_ssn, ptr, end);
break;
case STATE_UNKNOWN:
- DebugMessage(DEBUG_SMTP, "UNKNOWN STATE ~~~~~~~~~~~~~~~~~~~~~~~~~~\n");
/* If state is unknown try command state to see if we can
* regain our bearings */
ptr = SMTP_HandleCommand(config, p, smtp_ssn, ptr, end);
break;
default:
- DebugMessage(DEBUG_SMTP, "Bad SMTP state\n");
return;
}
}
}
break;
}
-
-#ifdef DEBUG_MSGS
- const uint8_t* dash = ptr + smtp_search_info.index + smtp_search_info.length;
-
- /* only add response if not a dash after response code */
- if ((dash == eolm) || ((dash < eolm) && (*dash != '-')))
- {
- DebugFormat(DEBUG_SMTP, "Server sent %s response\n",
- smtp_resps[smtp_search_info.id].name);
- }
-#endif
}
else
{
- DebugMessage(DEBUG_SMTP,
- "Server response not found - see if it's SSL data\n");
-
if ((smtp_ssn->session_flags & SMTP_FLAG_CHECK_SSL) &&
(IsSSL(ptr, end - ptr, p->packet_flags)))
{
- DebugMessage(DEBUG_SMTP, "Server response is an SSL packet\n");
-
smtp_ssn->state = STATE_TLS_DATA;
-
- /* Ignore data */
- if (config->ignore_tls_data)
- {
- DebugMessage(DEBUG_SMTP, "Ignoring Server TLS encrypted data\n");
- }
-
return;
}
else if (smtp_ssn->session_flags & SMTP_FLAG_CHECK_SSL)
{
int next_state = 0;
- DebugMessage(DEBUG_SMTP, "SMTP server packet\n");
-
/* Process as a server packet */
SMTP_ProcessServerPacket(config, p, smtp_ssn, &next_state);
}
else
{
-#ifdef DEBUG_MSGS
- if (pkt_dir == SMTP_PKT_FROM_CLIENT)
- {
- DebugMessage(DEBUG_SMTP, "SMTP client packet\n");
- }
- else
- {
- DebugMessage(DEBUG_SMTP, "SMTP packet NOT from client or server! "
- "Processing as a client packet\n");
- }
-#endif
-
/* This packet should be a tls client hello */
if (smtp_ssn->state == STATE_TLS_CLIENT_PEND)
{
if (IsTlsClientHello(p->data, p->data + p->dsize))
{
- DebugMessage(DEBUG_SMTP,
- "TLS DATA STATE ~~~~~~~~~~~~~~~~~~~~~~~~~\n");
-
smtp_ssn->state = STATE_TLS_SERVER_PEND;
}
else if (p->packet_flags & PKT_STREAM_ORDER_OK)
if ( !InspectPacket(p))
{
/* Packet will be rebuilt, so wait for it */
- DebugMessage(DEBUG_SMTP, "Client packet will be reassembled\n");
return;
}
else if (!(p->packet_flags & PKT_REBUILT_STREAM))
* that were not rebuilt, state is going to be messed up
* so set state to unknown. It's likely this was the
* beginning of the conversation so reset state */
- DebugMessage(DEBUG_SMTP, "Got non-rebuilt packets before "
- "this rebuilt packet\n");
-
smtp_ssn->state = STATE_UNKNOWN;
smtp_ssn->session_flags &= ~SMTP_FLAG_GOT_NON_REBUILT;
}
#include "detection/detection_engine.h"
#include "events/event_queue.h"
-#include "main/snort_debug.h"
#include "protocols/packet.h"
#include "stream/stream.h"
if (pch != nullptr)
{
- DebugMessage(DEBUG_SMTP, "Find end of line!\n");
*fp = (uint32_t)(pch - (const char*)data) + 1;
return StreamSplitter::FLUSH;
}
/* Continue finding the data length ...*/
if (get_length(val, &pfdata->length) != SMTP_PAF_LENGTH_CONTINUE)
{
- DebugFormat(DEBUG_SMTP, "Find data length: %u\n",
- pfdata->length);
pfdata->cmd_info.cmd_state = SMTP_PAF_CMD_DATA_END_STATE;
}
break;
{
if (flush_based_length(pfdata)|| check_data_end(&(pfdata->data_end_state), data))
{
- DebugMessage(DEBUG_SMTP, "End of data\n");
/*Clean up states*/
pfdata->smtp_state = SMTP_PAF_CMD_STATE;
pfdata->end_of_data = true;
uint32_t boundary_start = 0;
bool alert_generated = false;
- DebugFormat(DEBUG_SMTP, "From client: %s \n", data);
for (i = 0; i < len; i++)
{
uint8_t ch = data[i];
case SMTP_PAF_CMD_STATE:
if (process_command(pfdata, ch))
{
- DebugFormat(DEBUG_SMTP, "Flush command: %s \n", data);
*fp = i + 1;
return StreamSplitter::FLUSH;
}
}
else if (process_data(pfdata, ch))
{
- DebugMessage(DEBUG_SMTP, "Flush data!\n");
*fp = i + 1;
return StreamSplitter::FLUSH;
}
if (flags & PKT_FROM_SERVER)
{
- DebugMessage(DEBUG_SMTP, "PAF: From server.\n");
return smtp_paf_server(pfdata, data, len, fp);
}
else
{
- DebugMessage(DEBUG_SMTP, "PAF: From client.\n");
return smtp_paf_client(pfdata, data, len, fp, max_auth_command_line_len);
}
}
projects / thirdparty / snort3.git / commitdiff
