#include <sys/types.h>#include <sys/socket.h>#include <netinet/in.h>#include <arpa/inet.h>#include <stdlib.h>#include <string.h>#include "spp_conversation.h"#include "spp_portscan2.h"#include "generators.h"#include "decode.h"#include "plugbase.h"#include "debug.h"#include "util.h"#include "parser.h"#include "mstring.h"#include "log.h"#include "detect.h"#include "event_queue.h"Go to the source code of this file.
Defines | |
| #define | CONV_TIMEOUT 120 |
| #define | CONV_DEFAULT_MAX 65335 |
| #define | OPT_TIMEOUT "timeout" |
| #define | OPT_MAX_CONV "max_conversations" |
| #define | OPT_ALLOWED_PROTOS "allowed_ip_protocols" |
| #define | OPT_ALERT_BAD_PROTO "alert_odd_protocols" |
| #define | PACKET_FORWARD(a) (*((unsigned int*)&a->iph->ip_dst) > *((unsigned int*)&a->iph->ip_src)) |
| #define | TRUE 1 |
| #define | FALSE 0 |
| #define | INLINE inline |
Functions | |
| static void | ConvInit (u_char *args) |
| static void | ParseConvArgs (u_char *args) |
| static void | ConvFunc (Packet *p, void *) |
| static int | ConvCompareFunc (ubi_trItemPtr ItemPtr, ubi_trNodePtr NodePtr) |
| static int | PruneConvCache (u_int32_t now, int tokill, StateRecord *keeper) |
| static StateRecord * | ConvGetSession (Packet *p) |
| static INLINE void | FillStateRecord (StateRecord *s, Packet *p) |
| static INLINE void | FillConvStats (StateRecord *s, Packet *p) |
| void | SetupConv (void) |
| StateRecord * | ConvAlloc (unsigned long cur_time) |
| void | ConvDelete (StateRecord *sr) |
Variables | |
| ConversationData | conv_data |
|
|
Definition at line 54 of file spp_conversation.c. Referenced by ParseConvArgs(). |
|
|
Definition at line 53 of file spp_conversation.c. Referenced by ParseConvArgs(). |
|
|
Definition at line 70 of file spp_conversation.c. Referenced by _refresh_tables(), AddPortScanner(), AddTagNode(), AddTarget(), AddTargetPort(), arp_loop(), eth_get(), IS_DELETABLE(), NewFragTracker(), and route_loop(). |
|
|
Definition at line 82 of file spp_conversation.c. |
|
|
Definition at line 59 of file spp_conversation.c. Referenced by ParseConvArgs(). |
|
|
Definition at line 58 of file spp_conversation.c. Referenced by ParseConvArgs(). |
|
|
Definition at line 57 of file spp_conversation.c. Referenced by ParseConvArgs(). |
|
|
Definition at line 56 of file spp_conversation.c. Referenced by ParseConvArgs(), and ParseScanmungeArgs(). |
|
|
Definition at line 67 of file spp_conversation.c. Referenced by ConvGetSession(), FillConvStats(), and FillStateRecord(). |
|
|
Definition at line 69 of file spp_conversation.c. Referenced by AddTarget(), AddTargetPort(), eth_get(), eth_send(), eth_set(), ip_open(), and IS_DELETABLE(). |
|
|
Definition at line 433 of file spp_conversation.c. References _StateRecord::bucket, _MemBucket::data, DEBUG_CONVERSATION, DEBUG_WRAP, _conversationData::max_convs, mempool_alloc(), NULL, and _conversationData::state_records. |
|
||||||||||||
|
Definition at line 649 of file spp_conversation.c. References _conversationData::cachePtr, DEBUG_CONVERSATION, DEBUG_PORTSCAN2, DEBUG_WRAP, _StateRecord::dip, _StateRecord::dport, _StateRecord::ip_proto, _StateRecord::sip, _StateRecord::sport, and ubi_trCount. Referenced by ConvInit(). |
|
|
Definition at line 457 of file spp_conversation.c. References _StateRecord::bucket, _conversationData::cachePtr, mempool_free(), _conversationData::state_records, and ubi_sptRemove(). Referenced by PruneConvCache(). |
|
||||||||||||
|
|
Definition at line 553 of file spp_conversation.c. References _StateRecord::bucket, bzero, _conversationData::cachePtr, _StateRecord::conv_flags, CONV_FORWARD, CONV_MULIPACKETS, CONV_REVERSED, _MemBucket::data, DEBUG_CONVERSATION, DEBUG_WRAP, _StateRecord::dip, _StateRecord::dport, FillStateRecord(), _StateRecord::ip_proto, mempool_alloc(), NULL, PACKET_FORWARD, _StateRecord::sip, _StateRecord::sport, _conversationData::state_records, ubi_sptFind(), ubi_sptInsert(), and ubi_trFALSE. Referenced by ConvFunc(). |
|
|
||||||||||||
|
Definition at line 484 of file spp_conversation.c. References _StateRecord::bytes_recv, _StateRecord::bytes_sent, _Packet::caplen, _Packet::dsize, _StateRecord::dsize_recv, _StateRecord::dsize_sent, PACKET_FORWARD, _StateRecord::pkts_recv, and _StateRecord::pkts_sent. Referenced by ConvFunc(). |
|
||||||||||||
|
Definition at line 504 of file spp_conversation.c. References DEBUG_CONVERSATION, DEBUG_WRAP, _StateRecord::dip, _Packet::dp, _StateRecord::dport, _IPHdr::ip_dst, _IPHdr::ip_proto, _StateRecord::ip_proto, _IPHdr::ip_src, _Packet::iph, PACKET_FORWARD, _StateRecord::sip, _Packet::sp, and _StateRecord::sport. Referenced by ConvGetSession(). |
|
|
Definition at line 109 of file spp_conversation.c. References _conversationData::alert_odd_protocols, _conversationData::allowed_ip_protocols, CONV_DEFAULT_MAX, CONV_TIMEOUT, FatalError(), file_line, file_name, index, _conversationData::max_convs, memset, mSplit(), mSplitFree(), NULL, OPT_ALERT_BAD_PROTO, OPT_ALLOWED_PROTOS, OPT_MAX_CONV, OPT_TIMEOUT, strncasecmp, and _conversationData::timeout. Referenced by ConvInit(). |
|
||||||||||||||||
|
Definition at line 744 of file spp_conversation.c. References _conversationData::cachePtr, ConvDelete(), DEBUG_CONVERSATION, DEBUG_STREAM, DEBUG_WRAP, _StateRecord::last_time, NULL, _conversationData::timeout, ubi_btFirst(), ubi_btLeafNode(), ubi_btNext(), and ubi_trCount. Referenced by ConvFunc(). |
|
|
Definition at line 102 of file spp_conversation.c. References ConvInit(), DEBUG_CONVERSATION, DEBUG_WRAP, and RegisterPreprocessor(). Referenced by InitPreprocessors(). |
|
|
Definition at line 87 of file spp_conversation.c. Referenced by Scan2Init(). |
1.4.2