From: Shijin Bose (shibose) Date: Wed, 13 Nov 2024 16:57:41 +0000 (+0000) Subject: Pull request #4445: sip: Parse all the sip method defined X-Git-Tag: 3.5.2.0~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=12b92a600acfcd416da9fe485c68021049e09fec;p=thirdparty%2Fsnort3.git Pull request #4445: sip: Parse all the sip method defined Merge in SNORT/snort3 from ~SHIBOSE/snort3:sip_parse to master Squashed commit of the following: commit 9ad19022df7840a0b44c28b300d65217f7fe603a Author: shibose Date: Thu Sep 12 05:40:57 2024 +0000 sip: parse all the SIP methods defined --- diff --git a/src/service_inspectors/sip/sip_common.h b/src/service_inspectors/sip/sip_common.h index 861b947ea..758d835b1 100644 --- a/src/service_inspectors/sip/sip_common.h +++ b/src/service_inspectors/sip/sip_common.h @@ -43,7 +43,9 @@ enum SIPMethodsFlag SIP_METHOD_MESSAGE = 12, // 0x0800, SIP_METHOD_NOTIFY = 13, // 0x1000, SIP_METHOD_PRACK = 14, // 0x2000, - SIP_METHOD_USER_DEFINE = 15, // 0x4000, + SIP_METHOD_PUBLISH = 15, // 0x4000, + SIP_METHOD_REPLACE = 16, + SIP_METHOD_USER_DEFINE = 17, SIP_METHOD_USER_DEFINE_MAX = 32// 0x80000000, }; diff --git a/src/service_inspectors/sip/sip_config.cc b/src/service_inspectors/sip/sip_config.cc index 33b6ef407..2d4c31a87 100644 --- a/src/service_inspectors/sip/sip_config.cc +++ b/src/service_inspectors/sip/sip_config.cc @@ -40,7 +40,6 @@ static SIPMethodNode* SIP_AddMethodToList( /* * method names defined by standard, 14 methods defined up to Mar. 2011 - * The first 6 methods are standard defined by RFC3261 */ SIPMethod StandardMethods[] = @@ -59,11 +58,18 @@ SIPMethod StandardMethods[] = { "message", SIP_METHOD_MESSAGE }, { "notify", SIP_METHOD_NOTIFY }, { "prack", SIP_METHOD_PRACK }, + { "publish", SIP_METHOD_PUBLISH }, + { "replace", SIP_METHOD_REPLACE }, { nullptr, SIP_METHOD_NULL } }; static SIPMethodsFlag currentUseDefineMethod = SIP_METHOD_USER_DEFINE; +void reset_currentUseDefineMethod() +{ + currentUseDefineMethod = SIP_METHOD_USER_DEFINE; +} + static int SIP_findMethod(const char* token, SIPMethod* methods) { int i = 0; @@ -77,22 +83,6 @@ static int SIP_findMethod(const char* token, SIPMethod* methods) return METHOD_NOT_FOUND; } -/* - * The first 6 methods are standard defined by RFC3261 - * We use those first 6 methods as default - * - */ -void SIP_SetDefaultMethods(SIP_PROTO_CONF* config) -{ - int i; - config->methodsConfig = SIP_METHOD_DEFAULT; - for (i = 0; i < 6; i++) - { - SIP_AddMethodToList(StandardMethods[i].name, - StandardMethods[i].methodFlag, &config->methods); - } -} - /******************************************************************** * Function: SIP_ParseMethods() * diff --git a/src/service_inspectors/sip/sip_config.h b/src/service_inspectors/sip/sip_config.h index fce232f1d..63c8c753c 100644 --- a/src/service_inspectors/sip/sip_config.h +++ b/src/service_inspectors/sip/sip_config.h @@ -27,7 +27,7 @@ #include "framework/counts.h" #include "sip_common.h" -#define SIP_METHOD_DEFAULT 0x003f +#define SIP_METHOD_DEFAULT 0x3fff #define SIP_METHOD_ALL 0xffffffff #define SIP_STATUS_CODE_LEN (3) @@ -114,8 +114,7 @@ struct SIP_PROTO_CONF void SIP_ParseMethods( const char* cur_tokenp, uint32_t* methodsConfig, SIPMethodlist* pmethods); -// Sets the Default method lists -void SIP_SetDefaultMethods(SIP_PROTO_CONF* config); +void reset_currentUseDefineMethod(); // API to add a user defined method to SIP config SIPMethodNode* SIP_AddUserDefinedMethod( diff --git a/src/service_inspectors/sip/sip_module.cc b/src/service_inspectors/sip/sip_module.cc index 6374570ce..ee286e934 100644 --- a/src/service_inspectors/sip/sip_module.cc +++ b/src/service_inspectors/sip/sip_module.cc @@ -23,6 +23,7 @@ #endif #include "log/messages.h" +#include "sip_config.h" #include "sip_module.h" #include @@ -57,7 +58,7 @@ using namespace std; #define SIP_EVENT_UNKOWN_METHOD_STR "method is unknown" #define SIP_EVENT_MAX_DIALOGS_IN_A_SESSION_STR "maximum dialogs within a session reached" -#define default_methods "invite cancel ack bye register options" +#define default_methods "invite cancel ack bye register options refer subscribe update join info message notify prack publish replace" static const Parameter s_params[] = { @@ -169,6 +170,8 @@ static const PegInfo sip_pegs[] = { CountType::SUM, "message", "message" }, { CountType::SUM, "notify", "notify" }, { CountType::SUM, "prack", "prack" }, + { CountType::SUM, "publish", "publish" }, + { CountType::SUM, "replace", "replace" }, { CountType::SUM, "total_responses", "total responses" }, { CountType::SUM, "code_1xx", "1xx" }, { CountType::SUM, "code_2xx", "2xx" }, @@ -211,6 +214,8 @@ ProfileStats* SipModule::get_profile() const bool SipModule::set(const char*, Value& v, SnortConfig*) { + reset_currentUseDefineMethod(); + if ( v.is("ignore_call_channel") ) conf->ignoreChannel = v.get_bool(); @@ -273,7 +278,6 @@ bool SipModule::begin(const char*, int, SnortConfig*) conf->methodsConfig = SIP_METHOD_NULL; conf->methods = nullptr; - sip_methods = default_methods; return true; } @@ -288,12 +292,6 @@ bool SipModule::end(const char*, int, SnortConfig*) while ( v.get_next_token(tok) ) SIP_ParseMethods(tok.c_str(), &conf->methodsConfig, &conf->methods); } - /*If no methods defined, use the default*/ - if (SIP_METHOD_NULL == conf->methodsConfig) - { - SIP_SetDefaultMethods(conf); - } - return true; }