|
version 1.46.2.4, 2008/03/04 20:13:20
|
version 1.46.2.5, 2008/03/12 20:16:35
|
|
|
|
| LogMessage(" Fragment timeout: %d seconds\n", | LogMessage(" Fragment timeout: %d seconds\n", |
| context->frag_timeout); | context->frag_timeout); |
| LogMessage(" Fragment min_ttl: %d\n", context->min_ttl); | LogMessage(" Fragment min_ttl: %d\n", context->min_ttl); |
| LogMessage(" Fragment ttl_limit: %d\n", context->ttl_limit); |
LogMessage(" Fragment ttl_limit (not used): %d\n", context->ttl_limit); |
| LogMessage(" Fragment Problems: %X\n", context->frag3_alerts); | LogMessage(" Fragment Problems: %X\n", context->frag3_alerts); |
| //LogMessage(" Bound Addresses:\n"); | //LogMessage(" Bound Addresses:\n"); |
| #ifdef SUP_IP6 | #ifdef SUP_IP6 |
|
|
|
| } | } |
| | |
| /** | /** |
| |
* Generate an event due to TTL below the configured minimum |
| |
* |
| |
* @param context Current run context |
| |
* |
| |
* @return none |
| |
*/ |
| |
static INLINE void EventAnomMinTTL(Frag3Context *context) |
| |
{ |
| |
if(!(context->frag3_alerts & FRAG3_DETECT_ANOMALIES)) |
| |
return; |
| |
|
| |
SnortEventqAdd(GENERATOR_SPP_FRAG3, /* GID */ |
| |
FRAG3_MIN_TTL_EVASION, /* SID */ |
| |
1, /* rev */ |
| |
0, /* classification enum */ |
| |
3, /* priority (low) */ |
| |
FRAG3_MIN_TTL_EVASION_STR, /* event message */ |
| |
NULL); /* rule info ptr */ |
| |
|
| |
f3stats.alerts++; |
| |
} |
| |
|
| |
/** |
| * Main setup function to regiser frag3 with the rest of Snort. | * Main setup function to regiser frag3 with the rest of Snort. |
| * | * |
| * @param none | * @param none |
|
|
|
| | |
| context->ttl_limit = FRAG3_TTL_LIMIT; | context->ttl_limit = FRAG3_TTL_LIMIT; |
| } | } |
| |
LogMessage("%s(%d) ==> The ttl_limit option will be ignored, and Use of the ttl_limit option will be deprecated in a future release\n"); |
| } | } |
| else if(!strcasecmp(index, "min_ttl")) | else if(!strcasecmp(index, "min_ttl")) |
| { | { |
|
|
|
| GET_IPH_TTL(p), p->frag_offset, | GET_IPH_TTL(p), p->frag_offset, |
| p->dsize);); | p->dsize);); |
| | |
| |
EventAnomMinTTL(f3context); |
| f3stats.discards++; | f3stats.discards++; |
| return; | return; |
| } | } |
|
|
|
| int done = 0; /* flag for right-side overlap handling loop */ | int done = 0; /* flag for right-side overlap handling loop */ |
| int addthis = 1; /* flag for right-side overlap handling loop */ | int addthis = 1; /* flag for right-side overlap handling loop */ |
| int i = 0; /* counter */ | int i = 0; /* counter */ |
| |
#if 0 |
| int delta = 0; | int delta = 0; |
| |
#endif |
| int firstLastOk; | int firstLastOk; |
| int ret = FRAG_INSERT_OK; | int ret = FRAG_INSERT_OK; |
| unsigned char lastfrag = 0; /* Set to 1 when this is the 'last' frag */ | unsigned char lastfrag = 0; /* Set to 1 when this is the 'last' frag */ |
|
|
|
| //return FRAG_INSERT_TIMEOUT; | //return FRAG_INSERT_TIMEOUT; |
| } | } |
| | |
| |
#if 0 |
| delta = abs(ft->ttl - GET_IPH_TTL(p)); | delta = abs(ft->ttl - GET_IPH_TTL(p)); |
| if (delta > f3context->ttl_limit) | if (delta > f3context->ttl_limit) |
| { | { |
|
|
|
| PREPROC_PROFILE_END(frag3InsertPerfStats); | PREPROC_PROFILE_END(frag3InsertPerfStats); |
| return FRAG_INSERT_TTL; | return FRAG_INSERT_TTL; |
| } | } |
| |
#endif |
| | |
| /* | /* |
| * Check to see if this fragment is the first or last one and | * Check to see if this fragment is the first or last one and |
Return to
spp_frag3.c
CVS log
Up to [cvs] / snort / src / preprocessors