From: Shijin Bose (shibose) <shibose@cisco.com>
Date: Sat, 25 May 2024 07:45:46 +0000 (+0000)
Subject: Pull request #4307: SIP: flow clean-up based on lina configured timeout
X-Git-Tag: 3.2.2.0~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f9095f7f3df2938d6444ca621f49708f4426afa;p=thirdparty%2Fsnort3.git

Pull request #4307: SIP: flow clean-up based on lina configured timeout

Merge in SNORT/snort3 from ~SHIBOSE/snort3:sip_flow_clean_up to master

Squashed commit of the following:

commit 176d9a58cb20c48a968a66997df3375c73f6049a
Author: shibose <shibose@cisco.com>
Date:   Tue Mar 26 13:05:17 2024 +0000

    SIP: flow clean-up based on lina configured timeout
---

diff --git a/src/service_inspectors/sip/sip.cc b/src/service_inspectors/sip/sip.cc
index e04afbae4..5407989e8 100644
--- a/src/service_inspectors/sip/sip.cc
+++ b/src/service_inspectors/sip/sip.cc
@@ -266,6 +266,10 @@ void Sip::show(const SnortConfig*) const
     ConfigLogger::log_value("max_uri_len", config->maxUriLen);
     ConfigLogger::log_value("max_via_len", config->maxViaLen);
     ConfigLogger::log_list("methods", methods.c_str());
+    ConfigLogger::log_value("sip_timeout", config->sip_timeout);
+    ConfigLogger::log_value("sip_media_timeout", config->sip_media_timeout);
+    ConfigLogger::log_value("sip_invite_timeout", config->sip_invite_timeout);
+    ConfigLogger::log_value("sip_disconnect_timeout", config->sip_disconnect_timeout);
 }
 
 void Sip::eval(Packet* p)
diff --git a/src/service_inspectors/sip/sip_config.h b/src/service_inspectors/sip/sip_config.h
index 5e7b891ed..f9c704e49 100644
--- a/src/service_inspectors/sip/sip_config.h
+++ b/src/service_inspectors/sip/sip_config.h
@@ -102,6 +102,10 @@ struct SIP_PROTO_CONF
     uint16_t maxViaLen;      // Maximum Via field size
     uint16_t maxContactLen;  // Maximum Contact field size
     uint16_t maxContentLen;  // Maximum Content length
+    uint64_t sip_timeout;
+    uint64_t sip_media_timeout;
+    uint64_t sip_invite_timeout;
+    uint64_t sip_disconnect_timeout;
     bool ignoreChannel;   // Whether to ignore media channels found by SIP PP
 };
 
diff --git a/src/service_inspectors/sip/sip_dialog.cc b/src/service_inspectors/sip/sip_dialog.cc
index 665d4c182..85a0fdb44 100644
--- a/src/service_inspectors/sip/sip_dialog.cc
+++ b/src/service_inspectors/sip/sip_dialog.cc
@@ -84,33 +84,46 @@ static int SIP_processRequest(SIPMsg& sipMsg, SIP_DialogData* dialog, SIP_Dialog
     switch (methodFlag)
     {
     case SIP_METHOD_INVITE:
-
+    {
         ret = SIP_processInvite(sipMsg, dialog, dList);
 
+        if (ret and (config->sip_invite_timeout))
+        {
+            p->flow->set_idle_timeout(config->sip_invite_timeout);
+        }
         break;
-
+    }
     case SIP_METHOD_CANCEL:
-
+    {
         if (nullptr == dialog)
             return false;
         /*dialog can be deleted in the early state*/
         if ((SIP_DLG_EARLY == dialog->state)||(SIP_DLG_INVITING == dialog->state)
             || (SIP_DLG_CREATE == dialog->state))
             SIP_deleteDialog(dialog, dList);
-
+        if (config->sip_disconnect_timeout)
+            p->flow->set_idle_timeout(config->sip_disconnect_timeout);
         break;
+    }
 
     case SIP_METHOD_ACK:
-
+    {
         SIP_processACK(sipMsg, dialog, dList, p, config);
 
+        if (config->sip_timeout)
+            p->flow->set_idle_timeout(config->sip_timeout);
         break;
+    }
 
     case SIP_METHOD_BYE:
-
+    {
         if (SIP_DLG_ESTABLISHED == dialog->state)
             dialog->state = SIP_DLG_TERMINATING;
+
+        if (config->sip_disconnect_timeout)
+            p->flow->session_state |= STREAM_STATE_CLOSED;
         break;
+    }
 
     default:
 
@@ -239,6 +252,8 @@ static int SIP_processResponse(SIPMsg& sipMsg, SIP_DialogData* dialog, SIP_Dialo
         // media session
         if ( !SIP_checkMediaChange(sipMsg, dialog) )
         {
+            if (config->sip_media_timeout)
+                p->flow->set_idle_timeout(config->sip_media_timeout);
             SIP_updateMedias(sipMsg.mediaSession, dialog->mediaSessions);
             SIP_ignoreChannels(*currDialog, p,config);
             sipMsg.mediaUpdated = true;
diff --git a/src/service_inspectors/sip/sip_module.cc b/src/service_inspectors/sip/sip_module.cc
index 22f1c8b1d..de8d4623a 100644
--- a/src/service_inspectors/sip/sip_module.cc
+++ b/src/service_inspectors/sip/sip_module.cc
@@ -22,6 +22,7 @@
 #include "config.h"
 #endif
 
+#include "log/messages.h"
 #include "sip_module.h"
 
 #include <cassert>
@@ -93,6 +94,18 @@ static const Parameter s_params[] =
     { "methods", Parameter::PT_STRING, nullptr, default_methods,
       "list of methods to check in SIP messages" },
 
+    { "sip_timeout", Parameter::PT_INT, "0:", "0",
+      "SIP Timeout value in milliseconds" },
+
+    { "sip_media_timeout", Parameter::PT_INT, "0:", "0",
+      "SIP Media timeout milliseconds" },
+
+    { "sip_invite_timeout", Parameter::PT_INT, "0:", "0",
+      "SIP Invite timeout milliseconds" },
+
+    { "sip_disconnect_timeout", Parameter::PT_INT, "0:", "0",
+      "SIP Disconnect timeout milliseconds" },
+
     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
 };
 
@@ -230,6 +243,18 @@ bool SipModule::set(const char*, Value& v, SnortConfig*)
     else if ( v.is("methods") )
         sip_methods = v.get_string();
 
+    else if ( v.is("sip_timeout") )
+        conf->sip_timeout = v.get_uint64()/1000;
+
+    else if ( v.is("sip_invite_timeout") )
+        conf->sip_invite_timeout = v.get_uint64()/1000;
+
+    else if ( v.is("sip_media_timeout") )
+        conf->sip_media_timeout = v.get_uint64()/1000;
+
+    else if ( v.is("sip_disconnect_timeout") )
+        conf->sip_disconnect_timeout = v.get_uint64()/1000;
+
     return true;
 }