Merge pull request #644 in SNORT/snort3 from sip_callid to master

author Shawn Turner (shaturne) <shaturne@cisco.com>

Mon, 3 Oct 2016 17:13:18 +0000 (13:13 -0400)

committer Shawn Turner (shaturne) <shaturne@cisco.com>

Mon, 3 Oct 2016 17:13:18 +0000 (13:13 -0400)
author Shawn Turner (shaturne) <shaturne@cisco.com>
Mon, 3 Oct 2016 17:13:18 +0000 (13:13 -0400)
committer Shawn Turner (shaturne) <shaturne@cisco.com>
Mon, 3 Oct 2016 17:13:18 +0000 (13:13 -0400)
diff --git a/src/network_inspectors/binder/binder.cc b/src/network_inspectors/binder/binder.cc

index 31ab2899b4c9b60dde83700f8e602cad1d41b7e4..db0d2472f2c97ae783c0c8a59c1897883e124d4d 100644 (file)
--- a/src/network_inspectors/binder/binder.cc
+++ b/src/network_inspectors/binder/binder.cc
@@ -100,11 +100,25 @@ bool Binding::check_addr(const Flow* flow) const
      if ( !when.nets )
          return true;
  
-    if ( sfvar_ip_in(when.nets, &flow->client_ip) )
-        return true;
+    switch ( when.role )
+    {
+        case BindWhen::BR_SERVER:
+            if ( sfvar_ip_in(when.nets, &flow->server_ip) )
+                return true;
+            break;
+        case BindWhen::BR_CLIENT:
+            if ( sfvar_ip_in(when.nets, &flow->client_ip) )
+                return true;
+            break;
+        case BindWhen::BR_EITHER:
+            if ( sfvar_ip_in(when.nets, &flow->client_ip) or
+                    sfvar_ip_in(when.nets, &flow->server_ip) )
+                return true;
+            break;
+        default:
+            break;
+    }
  
-    if ( sfvar_ip_in(when.nets, &flow->server_ip) )
-        return true;
  
      return false;
  }
@@ -140,7 +154,18 @@ bool Binding::check_vlan(const Flow* flow) const
  
  bool Binding::check_port(const Flow* flow) const
  {
-    return when.ports.test(flow->server_port);
+    switch ( when.role )
+    {
+        case BindWhen::BR_SERVER:
+            return when.ports.test(flow->server_port);
+        case BindWhen::BR_CLIENT:
+            return when.ports.test(flow->client_port);
+        case BindWhen::BR_EITHER:
+            return (when.ports.test(flow->client_port) or when.ports.test(flow->server_port) );
+        default:
+            break;
+    }
+    return false;
  }
  
  bool Binding::check_service(const Flow* flow) const
diff --git a/src/network_inspectors/binder/binding.h b/src/network_inspectors/binder/binding.h

index 69fef16424cb7eb89b821891231ec7ea62dc0347..c068d2c66b09831fb9a7dd121eb11ff7dc640246 100644 (file)
--- a/src/network_inspectors/binder/binding.h
+++ b/src/network_inspectors/binder/binding.h
@@ -30,7 +30,7 @@ class Flow;
  struct BindWhen
  {
      enum Role
-    { BR_EITHER, BR_CLIENT, BR_SERVER, BR_MAX };
+    { BR_CLIENT, BR_SERVER, BR_EITHER, BR_MAX };
  
      unsigned id;
      unsigned protos;
diff --git a/src/service_inspectors/sip/sip_parser.cc b/src/service_inspectors/sip/sip_parser.cc

index e1abe93c6461a22d3af492953ecaa0d4ffabe43e..1657bdc15dd32aef471ff3c2791ed295f7bca516 100644 (file)
--- a/src/service_inspectors/sip/sip_parser.cc
+++ b/src/service_inspectors/sip/sip_parser.cc
@@ -793,6 +793,30 @@ static int sip_parse_to(SIPMsg* msg, const char* start, const char* end, SIP_PRO
      return SIP_PARSE_SUCCESS;
  }
  
+static inline bool is_valid_ip(const char *start, int length)
+{
+    sfip_t ip;
+    char ipStr[INET6_ADDRSTRLEN];
+
+    /*Get the IP address*/
+    if(length > INET6_ADDRSTRLEN - 1)
+    {
+        length = INET6_ADDRSTRLEN - 1;
+    }
+    memcpy(ipStr, start, length);
+    ipStr[length] = '\0';
+
+    DebugFormat(DEBUG_SIP, "IP data: %s\n", ipStr);
+
+    if( (sfip_pton(ipStr, &ip)) != SFIP_SUCCESS)
+    {
+        DebugMessage(DEBUG_SIP, "Not valid IP! \n");
+        return false;
+    }
+
+    return true;
+}
+
  /********************************************************************
   * Function: sip_parse_call_id()
   *
@@ -810,11 +834,18 @@ static int sip_parse_to(SIPMsg* msg, const char* start, const char* end, SIP_PRO
  
  static int sip_parse_call_id(SIPMsg* msg, const char* start, const char* end, SIP_PROTO_CONF*)
  {
-    DEBUG_WRAP(int length = end -start; )
+    int length = end -start;
      DebugFormat(DEBUG_SIP, "Call-Id value: %.*s\n", length, start);
      msg->call_id = (char*)start;
+    /*ignore ip address in call id by adjusting length*/
+    char* at = (char*)memchr(start, '@', length);
+    if(at && (at < end) && is_valid_ip(at+1, (end-at-1)))
+    {
+        length = at - start;
+    }
+
      msg->callIdLen = end - start;
-    msg->dlgID.callIdHash =  strToHash(msg->call_id, msg->callIdLen);
+    msg->dlgID.callIdHash =  strToHash(msg->call_id, length);
      DebugFormat(DEBUG_SIP, "Call-Id length: %d, Hash: %u\n",
          msg->callIdLen, msg->dlgID.callIdHash);
  
diff --git a/src/sfip/sf_ipvar.cc b/src/sfip/sf_ipvar.cc

index 70798a3b08fe961e2f12eed1c5c3c46450c5b4e0..8830e744ca44b0a756331be6fe7292477e6079b7 100644 (file)
--- a/src/sfip/sf_ipvar.cc
+++ b/src/sfip/sf_ipvar.cc
@@ -961,6 +961,7 @@ static inline int _sfvar_ip_in6(sfip_var_t* var, const sfip_t* ip)
      return 0;
  }
  
+// FIXIT-L sfvar_ip_in, _sfvar_ip_in4 and _sfvar_ip_in6 should all return boool
  /* Returns SFIP_SUCCESS if ip is contained in 'var', SFIP_FAILURE otherwise
     If either argument is NULL, SFIP_ARG_ERR is returned. */
  int sfvar_ip_in(sfip_var_t* var, const sfip_t* ip)
author	Shawn Turner (shaturne) <shaturne@cisco.com>
	Mon, 3 Oct 2016 17:13:18 +0000 (13:13 -0400)
committer	Shawn Turner (shaturne) <shaturne@cisco.com>
	Mon, 3 Oct 2016 17:13:18 +0000 (13:13 -0400)
src/network_inspectors/binder/binder.cc		patch \| blob \| blame \| history
src/network_inspectors/binder/binding.h		patch \| blob \| blame \| history
src/service_inspectors/sip/sip_parser.cc		patch \| blob \| blame \| history
src/sfip/sf_ipvar.cc		patch \| blob \| blame \| history