Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src / preprocessors

spp_frag2.c File Reference

#include <sys/types.h>
#include <stdlib.h>
#include <ctype.h>
#include <rpc/types.h>
#include "bounds.h"
#include "generators.h"
#include "log.h"
#include "detect.h"
#include "decode.h"
#include "event.h"
#include "util.h"
#include "debug.h"
#include "plugbase.h"
#include "parser.h"
#include "mstring.h"
#include "checksum.h"
#include "perf.h"
#include "event_queue.h"
#include "ubi_BinTree.h"
#include "ubi_SplayTree.h"
#include "snort.h"

Go to the source code of this file.

Defines

#define FRAG_GOT_FIRST   0x00000001
#define FRAG_GOT_LAST   0x00000002
#define FRAG_REBUILT   0x00000004
#define FRAG_OUTOFORDER   0x00000008
#define FRAG_PRUNE_QUANTA   60
#define FRAG_MEMCAP   4194304
#define FRAG2_TTL_LIMIT   5
#define FRAG2_MIN_TTL   0
#define SPARC_TWIDDLE   0
#define DATASIZE   (ETHERNET_HEADER_LEN+65536)
#define SELF_PRES_THRESHOLD   500
#define SELF_PRES_PERIOD   90
#define SUSPEND_THRESHOLD   1000
#define SUSPEND_PERIOD   30
#define OPS_NORMAL   0
#define OPS_SELF_PRESERVATION   1
#define OPS_SUSPEND   2

Typedefs

typedef _Frag2Data Frag2Data
typedef _Frag2Frag Frag2Frag
typedef _FragTracker FragTracker
typedef _CompletionData CompletionData
typedef _F2Emergency F2Emergency
typedef _F2SPControl F2SPControl

Functions

void Frag2Init (u_char *args)
void ParseFrag2Args (u_char *)
void Frag2Defrag (Packet *, void *)
FragTrackerGetFragTracker (Packet *)
FragTrackerNewFragTracker (Packet *)
int InsertFrag (Packet *, FragTracker *)
int FragIsComplete (FragTracker *, CompletionData *)
void RebuildFrag (FragTracker *, Packet *)
void Frag2DeleteFrag (FragTracker *)
int Frag2SelfPreserve (struct _SPMemControl *)
int PruneFragCache (FragTracker *, u_int32_t, u_int32_t)
void ZapFrag (FragTracker *)
void Frag2InitPkt ()
void Frag2CleanExit (int, void *)
void Frag2Restart (int, void *)
void * Frag2Alloc (FragTracker *cft, int tv_sec, u_int32_t size)
static int Frag2CompareFunc (ubi_trItemPtr ItemPtr, ubi_trNodePtr NodePtr)
static int Frag2FragCompare (ubi_trItemPtr ItemPtr, ubi_trNodePtr NodePtr)
static void CompletionTraverse (ubi_trNodePtr NodePtr, void *complete)
static void RebuildTraverse (ubi_trNodePtr NodePtr, void *buffer)
static void KillFrag (ubi_trNodePtr NodePtr)
void SetupFrag2 ()

Variables

static ubi_trRoot f_cache
static ubi_trRootPtr FragRootPtr = &f_cache
char * file_name
int file_line
static int frag_mem_usage
static u_int16_t next_offset
static u_int32_t frag2_alloc_faults
static Frag2Data f2data
static Packetdefrag_pkt
F2Emergency f2_emergency

Define Documentation

#define DATASIZE   (ETHERNET_HEADER_LEN+65536)
 

Definition at line 103 of file spp_frag2.c.

Referenced by Frag2InitPkt(), Frag3InitPkt(), Frag3Rebuild(), RebuildFrag(), and RebuildTraverse().

#define FRAG2_MIN_TTL   0
 

Definition at line 95 of file spp_frag2.c.

Referenced by Frag2Init(), and ParseFrag2Args().

#define FRAG2_TTL_LIMIT   5
 

Definition at line 94 of file spp_frag2.c.

Referenced by Frag2Init(), and ParseFrag2Args().

#define FRAG_GOT_FIRST   0x00000001
 

Definition at line 85 of file spp_frag2.c.

Referenced by Frag3CheckFirstLast(), Frag3IsComplete(), FragIsComplete(), and InsertFrag().

#define FRAG_GOT_LAST   0x00000002
 

Definition at line 86 of file spp_frag2.c.

Referenced by Frag3CheckFirstLast(), Frag3Insert(), Frag3IsComplete(), FragIsComplete(), and InsertFrag().

#define FRAG_MEMCAP   4194304
 

Definition at line 92 of file spp_frag2.c.

Referenced by Frag3GlobalInit(), Frag3ParseGlobalArgs(), and ParseFrag2Args().

#define FRAG_OUTOFORDER   0x00000008
 

Definition at line 88 of file spp_frag2.c.

Referenced by FragIsComplete(), and InsertFrag().

#define FRAG_PRUNE_QUANTA   60
 

Definition at line 91 of file spp_frag2.c.

Referenced by Frag3Init(), Frag3ParseArgs(), and ParseFrag2Args().

#define FRAG_REBUILT   0x00000004
 

Definition at line 87 of file spp_frag2.c.

Referenced by Frag3Rebuild(), FragIsComplete(), PruneFragCache(), and RebuildFrag().

#define OPS_NORMAL   0
 

Definition at line 112 of file spp_frag2.c.

Referenced by CheckPorts(), Frag2Defrag(), Frag2Init(), NotForStream4(), ReassembleStream4(), and Stream4Init().

#define OPS_SELF_PRESERVATION   1
 

Definition at line 113 of file spp_frag2.c.

Referenced by CheckPorts(), Frag2Defrag(), and ReassembleStream4().

#define OPS_SUSPEND   2
 

Definition at line 114 of file spp_frag2.c.

Referenced by Frag2Defrag(), NotForStream4(), and ReassembleStream4().

#define SELF_PRES_PERIOD   90
 

Definition at line 107 of file spp_frag2.c.

Referenced by Frag2Init(), ParseFrag2Args(), ParseStream4Args(), and Stream4Init().

#define SELF_PRES_THRESHOLD   500
 

Definition at line 106 of file spp_frag2.c.

Referenced by Frag2Init(), ParseFrag2Args(), ParseStream4Args(), and Stream4Init().

#define SPARC_TWIDDLE   0
 

Definition at line 100 of file spp_frag2.c.

Referenced by Frag2InitPkt(), Frag3InitPkt(), InitFakePkt(), InitStream4Pkt(), and StoreStreamPkt().

#define SUSPEND_PERIOD   30
 

Definition at line 110 of file spp_frag2.c.

Referenced by Frag2Init(), ParseFrag2Args(), ParseStream4Args(), and Stream4Init().

#define SUSPEND_THRESHOLD   1000
 

Definition at line 109 of file spp_frag2.c.

Referenced by Frag2Init(), ParseFrag2Args(), ParseStream4Args(), and Stream4Init().

Typedef Documentation

typedef struct _CompletionData CompletionData
 

typedef struct _F2Emergency F2Emergency
 

typedef struct _F2SPControl F2SPControl
 

typedef struct _Frag2Data Frag2Data
 

typedef struct _Frag2Frag Frag2Frag
 

typedef struct _FragTracker FragTracker
 

Function Documentation

static void CompletionTraverse ubi_trNodePtr  NodePtr,
void *  complete
[static]
 

Definition at line 322 of file spp_frag2.c.

References _CompletionData::complete, DEBUG_FRAG, DEBUG_WRAP, next_offset, _Frag2Frag::offset, _Frag2Frag::size, and _CompletionData::teardrop.

Referenced by FragIsComplete().

void* Frag2Alloc FragTracker cft,
int  tv_sec,
u_int32_t  size
 

Definition at line 246 of file spp_frag2.c.

References FatalError(), frag2_alloc_faults, _PacketCount::frag_mem_faults, frag_mem_usage, _SFBASE::iFragFaults, _Frag2Data::memcap, NULL, pc, PruneFragCache(), _SFPERF::sfBase, and sfPerf.

void Frag2CleanExit int  ,
void * 
 

Definition at line 1406 of file spp_frag2.c.

Referenced by Frag2Init().

static int Frag2CompareFunc ubi_trItemPtr  ItemPtr,
ubi_trNodePtr  NodePtr
[static]
 

Definition at line 280 of file spp_frag2.c.

References DEBUG_FRAG, DEBUG_WRAP, _FragTracker::dip, _FragTracker::id, _FragTracker::protocol, and _FragTracker::sip.

Referenced by Frag2Init().

void Frag2Defrag Packet ,
void * 
 

Definition at line 689 of file spp_frag2.c.

References _FragTracker::alerted, pcap_pkthdr::caplen, _CompletionData::complete, CSE_IP, _Packet::csum_flags, DEBUG_FRAG, DEBUG_WRAP, DisableDetect(), _F2Emergency::end_time, _Frag2Data::frag2_alerts, frag2_alloc_faults, FRAG2_EMERGENCY, FRAG2_EMERGENCY_STR, FRAG2_IPOPTIONS, FRAG2_IPOPTIONS_STR, FRAG2_OUTOFORDER, FRAG2_OUTOFORDER_STR, FRAG2_SUSPEND, FRAG2_SUSPEND_STR, FRAG2_TEARDROP, FRAG2_TEARDROP_STR, FRAG2_TTL_EVASION, FRAG2_TTL_EVASION_STR, _Packet::frag_flag, _Packet::frag_offset, _Frag2Data::frag_sp_data, _Frag2Data::frag_timeout, FragIsComplete(), FragRootPtr, GENERATOR_SPP_FRAG2, GetFragTracker(), InsertFrag(), _Packet::ip_options_len, _IPHdr::ip_ttl, _Packet::iph, _Frag2Data::last_prune_time, LogMessage(), _SPMemControl::mem_usage, _Packet::mf, _Frag2Data::min_ttl, _F2Emergency::new_frag_count, NewFragTracker(), NULL, OPS_NORMAL, OPS_SELF_PRESERVATION, OPS_SUSPEND, _CompletionData::outoforder, _Packet::packet_flags, PKT_FRAG_ALERTED, PKT_REBUILT_FRAG, _Packet::pkth, PP_FRAG2, _Packet::preprocessors, PruneFragCache(), pv, RebuildFrag(), _SFPERF::sfBase, sfPerf, SnortEventqAdd(), _Frag2Data::sp_period, _Frag2Data::sp_threshold, _Frag2Data::state_protection, _F2Emergency::status, _Frag2Data::suspend_period, _Frag2Data::suspend_threshold, _CompletionData::teardrop, pcap_pkthdr::ts, _FragTracker::ttl, _Frag2Data::ttl_limit, ubi_trCount, UpdateIPFragStats(), and _progvars::verbose_flag.

Referenced by Frag2Init().

void Frag2DeleteFrag FragTracker  ) 
 

Definition at line 1289 of file spp_frag2.c.

References _Frag2Data::frag_sp_data, _FragTracker::fraglistPtr, _SFBASE::iFragDeletes, KillFrag(), _SPMemControl::mem_usage, NULL, _SFPERF::sfBase, sfPerf, and ubi_trKillTree.

Referenced by NewFragTracker(), and ZapFrag().

static int Frag2FragCompare ubi_trItemPtr  ItemPtr,
ubi_trNodePtr  NodePtr
[static]
 

Definition at line 306 of file spp_frag2.c.

References _Frag2Frag::offset.

Referenced by NewFragTracker().

void Frag2Init u_char *  args  ) 
 

Definition at line 406 of file spp_frag2.c.

References AddFuncToCleanExitList(), AddFuncToPreprocList(), AddFuncToRestartList(), DEBUG_FRAG, DEBUG_WRAP, _F2Emergency::end_time, FatalError(), _Frag2Data::frag2_alerts, FRAG2_MIN_TTL, FRAG2_TTL_LIMIT, Frag2CleanExit(), Frag2CompareFunc(), Frag2Defrag(), Frag2InitPkt(), Frag2Restart(), FragRootPtr, _Frag2Data::last_prune_time, _Frag2Data::min_ttl, _F2Emergency::new_frag_count, NULL, OPS_NORMAL, ParseFrag2Args(), SELF_PRES_PERIOD, SELF_PRES_THRESHOLD, _Frag2Data::sp_period, _Frag2Data::sp_threshold, _Frag2Data::state_protection, _F2Emergency::status, SUSPEND_PERIOD, _Frag2Data::suspend_period, SUSPEND_THRESHOLD, _Frag2Data::suspend_threshold, _Frag2Data::ttl_limit, and ubi_trInitTree.

Referenced by SetupFrag2().

void Frag2InitPkt  ) 
 

Definition at line 1412 of file spp_frag2.c.

References DATASIZE, FatalError(), NULL, _Packet::pkt, _Packet::pkth, and SPARC_TWIDDLE.

Referenced by Frag2Init().

void Frag2Restart int  ,
void * 
 

Definition at line 1399 of file spp_frag2.c.

Referenced by Frag2Init().

int Frag2SelfPreserve struct _SPMemControl  ) 
 

Definition at line 229 of file spp_frag2.c.

References _SPMemControl::control, _F2SPControl::cur_time, frag2_alloc_faults, _PacketCount::frag_mem_faults, _F2SPControl::ft, _SFBASE::iFragFaults, pc, PruneFragCache(), _SFPERF::sfBase, and sfPerf.

Referenced by ParseFrag2Args().

int FragIsComplete FragTracker ,
CompletionData
 

Definition at line 1151 of file spp_frag2.c.

References _CompletionData::complete, CompletionTraverse(), DEBUG_FRAG, DEBUG_WRAP, _FragTracker::frag_flags, FRAG_GOT_FIRST, FRAG_GOT_LAST, FRAG_OUTOFORDER, FRAG_REBUILT, _FragTracker::fraglistPtr, _SFBASE::iFragCompletes, next_offset, _CompletionData::outoforder, _SFPERF::sfBase, sfPerf, and ubi_trTraverse.

Referenced by Frag2Defrag().

FragTracker * GetFragTracker Packet  ) 
 

Definition at line 933 of file spp_frag2.c.

References DEBUG_FRAG, DEBUG_WRAP, _FragTracker::dip, _Frag2Data::frag_sp_data, FragRootPtr, _FragTracker::id, _IPHdr::ip_dst, _IPHdr::ip_id, _IPHdr::ip_proto, _IPHdr::ip_src, _Packet::iph, _SPMemControl::mem_usage, NULL, _FragTracker::protocol, _FragTracker::sip, ubi_sptFind(), and ubi_trCount.

Referenced by Frag2Defrag().

int InsertFrag Packet ,
FragTracker
 

Definition at line 1017 of file spp_frag2.c.

References _FragTracker::alerted, _FragTracker::calculated_size, _SPMemControl::control, _F2SPControl::cur_time, _Packet::data, _Frag2Frag::data, DEBUG_FRAG, DEBUG_WRAP, DisableDetect(), _Packet::dsize, _Frag2Data::frag2_alerts, FRAG2_DUPFIRST, FRAG2_DUPFIRST_STR, FRAG2_OVERLAP, FRAG2_OVERLAP_STR, FRAG2_OVERSIZE_FRAG, FRAG2_OVERSIZE_FRAG_STR, _FragTracker::frag_bytes, _FragTracker::frag_flags, FRAG_GOT_FIRST, FRAG_GOT_LAST, _Packet::frag_offset, FRAG_OUTOFORDER, _FragTracker::frag_pkts, _Frag2Data::frag_sp_data, _FragTracker::fraglistPtr, _F2SPControl::ft, GENERATOR_SPP_FRAG2, _SFBASE::iFragInserts, _FragTracker::last_frag_time, LogMessage(), _SPMemControl::mem_usage, memcpy, _Packet::mf, NULL, _Frag2Frag::offset, _Packet::packet_flags, PKT_FRAG_ALERTED, _Packet::pkth, _SFPERF::sfBase, sfPerf, _Frag2Frag::size, SnortEventqAdd(), SPAlloc(), pcap_pkthdr::ts, ubi_sptFind(), ubi_sptInsert(), and ubi_trFALSE.

Referenced by Frag2Defrag(), and NewFragTracker().

static void KillFrag ubi_trNodePtr  NodePtr  )  [static]
 

Definition at line 382 of file spp_frag2.c.

References _Frag2Frag::data, _Frag2Data::frag_sp_data, _SPMemControl::mem_usage, and _Frag2Frag::size.

Referenced by Frag2DeleteFrag().

FragTracker * NewFragTracker Packet  ) 
 

Definition at line 960 of file spp_frag2.c.

References _SPMemControl::control, _F2SPControl::cur_time, _FragTracker::dip, FALSE, Frag2DeleteFrag(), Frag2FragCompare(), _Frag2Data::frag_sp_data, _PacketCount::frag_trackers, _FragTracker::fraglist, _FragTracker::fraglistPtr, FragRootPtr, _F2SPControl::ft, _FragTracker::id, InsertFrag(), _IPHdr::ip_dst, _IPHdr::ip_id, _IPHdr::ip_proto, _IPHdr::ip_src, _IPHdr::ip_ttl, _Packet::iph, LogMessage(), _SPMemControl::mem_usage, NULL, pc, _Packet::pkth, _FragTracker::protocol, _FragTracker::sip, SPAlloc(), pcap_pkthdr::ts, _FragTracker::ttl, ubi_sptInsert(), and ubi_trInitTree.

Referenced by Frag2Defrag().

void ParseFrag2Args u_char *   ) 
 

Definition at line 450 of file spp_frag2.c.

References FatalError(), _SPMemControl::fault_count, file_line, file_name, _Frag2Data::frag2_alerts, FRAG2_MIN_TTL, FRAG2_TTL_LIMIT, Frag2SelfPreserve(), FRAG_MEMCAP, FRAG_PRUNE_QUANTA, _Frag2Data::frag_sp_data, _Frag2Data::frag_timeout, index, LogMessage(), _SPMemControl::mem_usage, _SPMemControl::memcap, _Frag2Data::memcap, _Frag2Data::min_ttl, mSplit(), mSplitFree(), NULL, pv, _progvars::quiet_flag, SELF_PRES_PERIOD, SELF_PRES_THRESHOLD, _SPMemControl::sp_func, _Frag2Data::sp_period, _Frag2Data::sp_threshold, _Frag2Data::state_protection, strcasecmp, strncasecmp, SUSPEND_PERIOD, _Frag2Data::suspend_period, SUSPEND_THRESHOLD, _Frag2Data::suspend_threshold, and _Frag2Data::ttl_limit.

Referenced by Frag2Init().

int PruneFragCache FragTracker ,
u_int32_t  ,
u_int32_t 
 

Definition at line 1306 of file spp_frag2.c.

References DEBUG_FRAG, DEBUG_WRAP, _FragTracker::frag_flags, _PacketCount::frag_incomp, FRAG_REBUILT, _PacketCount::frag_timeout, _Frag2Data::frag_timeout, FragRootPtr, _SFBASE::iFragTimeouts, _FragTracker::last_frag_time, NULL, pc, _SFPERF::sfBase, sfPerf, ubi_btFirst(), ubi_btLeafNode(), ubi_btNext(), ubi_trCount, and ZapFrag().

Referenced by Frag2Alloc(), Frag2Defrag(), and Frag2SelfPreserve().

void RebuildFrag FragTracker ,
Packet
 

Definition at line 1185 of file spp_frag2.c.

References _FragTracker::calculated_size, pcap_pkthdr::caplen, ClearDumpBuf(), DATASIZE, DEBUG_FRAG, DEBUG_WRAP, _Packet::dp, ETHERNET_HEADER_LEN, _FragTracker::frag_bytes, _Packet::frag_flag, _FragTracker::frag_flags, FRAG_REBUILT, _FragTracker::fraglistPtr, _SFBASE::iFragFlushes, in_chksum_ip(), _IPHdr::ip_csum, _IPHdr::ip_dst, _IPHdr::ip_len, _IPHdr::ip_off, _IPHdr::ip_src, _Packet::iph, pcap_pkthdr::len, LogMessage(), NULL, _Packet::packet_flags, pc, _Packet::pkt, PKT_REBUILT_FRAG, _Packet::pkth, ProcessPacket(), RebuildTraverse(), _PacketCount::rebuilt_frags, SafeMemcpy(), _SFPERF::sfBase, sfPerf, _Packet::sp, _Frag2Data::stop_traverse, pcap_pkthdr::ts, ubi_trTraverse, UpdateIPReassStats(), and ZapFrag().

Referenced by Frag2Defrag().

static void RebuildTraverse ubi_trNodePtr  NodePtr,
void *  buffer
[static]
 

Definition at line 353 of file spp_frag2.c.

References _Frag2Frag::data, DATASIZE, DEBUG_FRAG, DEBUG_WRAP, _Frag2Frag::offset, pc, _Packet::pkt, _PacketCount::rebuild_element, SafeMemcpy(), _Frag2Frag::size, and _Frag2Data::stop_traverse.

Referenced by RebuildFrag().

void SetupFrag2  ) 
 

Definition at line 399 of file spp_frag2.c.

References DEBUG_FRAG, DEBUG_WRAP, Frag2Init(), and RegisterPreprocessor().

Referenced by InitPreprocessors().

void ZapFrag FragTracker ft  ) 
 

Remove a fragment tracker from the Fragment Tree

Parameters:
ft fragment tracker to whack

Definition at line 1383 of file spp_frag2.c.

References Frag2DeleteFrag(), FragRootPtr, NULL, and ubi_sptRemove().

Referenced by PruneFragCache(), and RebuildFrag().

Variable Documentation

Packet* defrag_pkt [static]
 

Definition at line 209 of file spp_frag2.c.

F2Emergency f2_emergency
 

Definition at line 211 of file spp_frag2.c.

Frag2Data f2data [static]
 

Definition at line 208 of file spp_frag2.c.

ubi_trRoot f_cache [static]
 

Definition at line 197 of file spp_frag2.c.

int file_line
 

Definition at line 88 of file parser.c.

char* file_name
 

Definition at line 87 of file parser.c.

u_int32_t frag2_alloc_faults [static]
 

Definition at line 206 of file spp_frag2.c.

Referenced by Frag2Alloc(), Frag2Defrag(), and Frag2SelfPreserve().

int frag_mem_usage [static]
 

Definition at line 203 of file spp_frag2.c.

Referenced by Frag2Alloc().

ubi_trRootPtr FragRootPtr = &f_cache [static]
 

Definition at line 198 of file spp_frag2.c.

Referenced by Frag2Defrag(), Frag2Init(), GetFragTracker(), NewFragTracker(), PruneFragCache(), and ZapFrag().

u_int16_t next_offset [static]
 

Definition at line 205 of file spp_frag2.c.

Referenced by CompletionTraverse(), and FragIsComplete().

Generated on Sun May 14 14:51:25 2006 by  doxygen 1.4.2