#include "session.h"#include "hlbrlib.h"#include "main_loop.h"#include "../decoders/decode_ip.h"#include "../decoders/decode_tcp.h"#include "../packets/packet.h"#include <stdio.h>#include <string.h>#include <stdlib.h>#include <arpa/inet.h>#include <netinet/in.h>Go to the source code of this file.
Defines | |
| #define | DEBUG |
| #define | DEBUG_DIRECTION |
| #define | DBGDIR(a) a |
| #define | PIECE_SIZE(p) (p.piece_end - p.piece_start + 1) |
| #define | PAYLOADS_SIZE(s) (s->LastSeq - s->TopSeq + 1) |
Functions | |
| int | RemountTCPStream (int, PP *, TCPData *) |
| int | TCPStream_Unqueue (PP *) |
| int | AddSessionCreateHandler (void(*Func)(PP *Port, void *Data), void *Data) |
| int | AddSessionDestroyHandler (void(*Func)(PP *Port, void *Data), void *Data) |
| void | CallCreateFuncs (PP *Port) |
| void | CallDestroyFuncs (PP *Port) |
| unsigned short | GetHash (unsigned int ip1, unsigned int ip2) |
| IPP * | FindIPPair (unsigned int IP1, unsigned int IP2) |
| int | AddToTime (PP *Port) |
| int | UpdateTime (PP *Port) |
| int | RemovePort (PP *Port) |
| PP * | FindPortPair (unsigned short Port1, unsigned short Port2, IPP *Pair, long int Now) |
| int | TimeoutSessions (long int Now) |
| int | AssignSessionTCP (int PacketSlot, void *Data) |
| int | InitSession () |
| int | UnblockPacket (int PacketSlot) |
| int | TCPRemount_unblock (int PacketSlot, int thispacket) |
Variables | |
| IPB * | Sessions [65536+1] |
| int | TCPDecoderID |
| int | IPDecoderID |
| unsigned int | SessionCount = 0 |
| SFunc * | CreateFuncs |
| SFunc * | DestroyFuncs |
| GlobalVars | Globals |
| PP * | TimeHead |
| PP * | TimeTail |
| #define DBGDIR | ( | a | ) | a |
| #define PAYLOADS_SIZE | ( | s | ) | (s->LastSeq - s->TopSeq + 1) |
Referenced by AssignSessionTCP().
| #define PIECE_SIZE | ( | p | ) | (p.piece_end - p.piece_start + 1) |
Referenced by AssignSessionTCP().
| int AddSessionCreateHandler | ( | void(*)(PP *Port, void *Data) | Func, | |
| void * | Data | |||
| ) |
Definition at line 46 of file session.c.
References CreateFuncs, session_func::Data, DEBUGPATH, session_func::Func, session_func::Next, and TRUE.
| int AddSessionDestroyHandler | ( | void(*)(PP *Port, void *Data) | Func, | |
| void * | Data | |||
| ) |
Definition at line 74 of file session.c.
References session_func::Data, DEBUGPATH, DestroyFuncs, session_func::Func, session_func::Next, and TRUE.
| int AddToTime | ( | PP * | Port | ) |
Add this session (port pair) to the "time list". The "time list" is a linked list with the current sessions, meant to track the time between the next packet in a session and the last one, to timeout TCP sessions properly.
Definition at line 283 of file session.c.
References DEBUGPATH, FALSE, NULL, PRINTERROR, TimeHead, port_pair::TimeNext, port_pair::TimePrev, TimeTail, and TRUE.
Referenced by FindPortPair().
| int AssignSessionTCP | ( | int | PacketSlot, | |
| void * | Data | |||
| ) |
Find the session for this TCP packet. This function is called for every TCP packet; it searches for its corresponding session, updates the state of both streams (cli->srv and srv->cli), and remounts the payload of the packets of this same session, to apply checks upon the remounted buffer.
Definition at line 713 of file session.c.
References tcp_header::ack, tcp_header::ack_seq, BlockPacket(), port_pair::ClientAck, port_pair::ClientSeq, port_pair::ClientState, tcp_data::Data, tcp_data::DataLen, DBG, DBGDIR, DEBUGPATH, tcp_header::dest, port_pair::Direction, port_pair::Error, FALSE, tcp_header::fin, FindIPPair(), FindPortPair(), GetDataByID(), Globals, tcp_data::Header, IP_BYTES, IPDecoderID, tcp_stream::LastSeq, MALLOC, port_pair::noreassemble, NULL, tcp_stream::NumPieces, global_vars::Packets, tcp_stream_piece::PacketSlot, tcp_stream::Payloads, PAYLOADS_SIZE, tcp_stream_piece::piece_end, PIECE_SIZE, tcp_stream_piece::piece_start, tcp_stream::Pieces, PRINT, PRINT2, PRINTERROR, PRINTERROR4, PrintPacketSummary(), PRINTPKTERROR, PRINTSESERROR, tcp_header::rst, tcp_header::seq, port_pair::ServerAck, port_pair::ServerFin, port_pair::ServerSeq, port_pair::ServerState, SESSION_IP1_SERVER, SESSION_IP2_SERVER, tcp_header::source, packet_rec::Stream, port_pair::Stream0, port_pair::Stream1, tcp_header::syn, TCP_PAYLOAD_PIECES_SIZE, TCP_STATE_DATA, TCP_STATE_FIN, TCP_STATE_LATE, TCP_STATE_NEW, TCP_STATE_RESET, TCP_STATE_SYN, TCP_STATE_SYNACK, port_pair::TCPCount, TimeoutSessions(), tcp_stream::TopSeq, TRUE, packet_rec::tv, and UnblockPacket().
Referenced by DecodeTCP().
| void CallCreateFuncs | ( | PP * | Port | ) |
Tell everyone a new session started. Call the defined callback functions, alerting that a new TCP session was created.
Definition at line 103 of file session.c.
References CreateFuncs, session_func::Data, DEBUGPATH, session_func::Func, and session_func::Next.
Referenced by FindPortPair().
| void CallDestroyFuncs | ( | PP * | Port | ) |
Definition at line 120 of file session.c.
References session_func::Data, DEBUGPATH, DestroyFuncs, session_func::Func, and session_func::Next.
Referenced by RemovePort().
| IPP* FindIPPair | ( | unsigned int | IP1, | |
| unsigned int | IP2 | |||
| ) |
Definition at line 158 of file session.c.
References DEBUGPATH, GetHash(), ip_pair::IP1, ip_pair::IP2, IP_GROW, IP_START, NULL, ip_pair::NumAllocated, ip_bin::NumAllocated, ip_bin::NumIPs, ip_pair::NumPorts, ip_bin::Pairs, ip_pair::Parent, ip_pair::RefuseFromThisIP, and Sessions.
Referenced by AssignSessionTCP().
Find the Port Pair (TCP session), if it doesn't exist, create it.
Definition at line 510 of file session.c.
References AddToTime(), CallCreateFuncs(), DBG, DEBUGPATH, port_pair::Direction, port_pair::FirstTime, Globals, ip_pair::IP1, ip_pair::IP2, IP_BYTES, port_pair::LastTime, LogMessage(), global_vars::logSession_All, global_vars::logSession_StartEnd, global_vars::logSessionFile, NULL, ip_pair::NumAllocated, ip_pair::NumPorts, port_pair::Parent, port_pair::Port1, port_pair::Port2, PORT_GROW, PORT_START, ip_pair::Ports, PRINT1, PRINTERROR, PRINTERROR1, SessionCount, port_pair::SessionID, port_pair::TCPCount, and UpdateTime().
Referenced by AssignSessionTCP().
| unsigned short GetHash | ( | unsigned int | ip1, | |
| unsigned int | ip2 | |||
| ) |
Definition at line 136 of file session.c.
References DEBUGPATH.
Referenced by FindIPPair(), and RemovePort().
| int InitSession | ( | ) |
Sets up the session handler. Global variable IPB holds info about all identified sessions.
Definition at line 1077 of file session.c.
References CreateFuncs, DEBUGPATH, DestroyFuncs, GetDecoderByName(), IPDecoderID, NULL, Sessions, TCPDecoderID, TimeHead, and TRUE.
Referenced by main().
| int RemovePort | ( | PP * | Port | ) |
Remove the TCP session (PortPair) from the bin.
Definition at line 361 of file session.c.
References CallDestroyFuncs(), DBG, DEBUGPATH, port_pair::Direction, FALSE, FREE, GetHash(), Globals, ip_pair::IP1, ip_pair::IP2, IP_BYTES, LogMessage(), global_vars::logSession_StartEnd, global_vars::logSessionFile, NULL, ip_bin::NumIPs, ip_pair::NumPorts, ip_bin::Pairs, ip_pair::Parent, port_pair::Parent, port_pair::Port1, port_pair::Port2, ip_pair::Ports, PRINT1, PRINTERROR, port_pair::SessionID, Sessions, port_pair::Stream0, port_pair::Stream1, port_pair::TCPCount, TimeHead, port_pair::TimeNext, port_pair::TimePrev, TimeTail, and TRUE.
Referenced by TimeoutSessions().
| int TCPRemount_unblock | ( | int | PacketSlot, | |
| int | thispacket | |||
| ) |
| int TCPStream_Unqueue | ( | PP * | ) |
| int TimeoutSessions | ( | long int | Now | ) |
Free up the sessions (port pairs) that are expired. Searches the "time list" and frees up sessions that timed out, i.e. sessions where the time between a packet and the next one took longer than the set timeout for a TCP session.
Definition at line 677 of file session.c.
References DEBUGPATH, port_pair::LastTime, RemovePort(), SESSION_FORCE_TIMEOUT, TimeHead, port_pair::TimeNext, and TRUE.
Referenced by AssignSessionTCP().
| int UnblockPacket | ( | int | PacketSlot | ) |
Unblock the first packet in the TCP stream buffer this packet belongs. The very first packet of the TCP stream buffer will be marked as PENDING, so that it can be routed at the next opportunity. If thispacket is TRUE, that means this very packet is being dropped (by an action), and so, if this isn't the very first packet of the buffer, then after unblocking the first one, get the tcp_piece struct of this very packet and change the pointer to the packet to NULL. So when it's time to unblock the corresponding piece we don't need to really unblock the packet because it went away already.
Definition at line 1311 of file session.c.
Referenced by AssignSessionTCP().
| int UpdateTime | ( | PP * | Port | ) |
Update this session (port pair) when a new packet arrives. Move this record to the end of the "time list". (no need to update the LastTime field since it should have been updated before calling this function) The idea is: a new packet arrived, so start counting again the timeout for this TCP session.
Definition at line 321 of file session.c.
References DEBUGPATH, NULL, TimeHead, port_pair::TimeNext, port_pair::TimePrev, TimeTail, and TRUE.
Referenced by FindPortPair().
Definition at line 23 of file session.c.
Referenced by AddSessionCreateHandler(), CallCreateFuncs(), and InitSession().
Definition at line 24 of file session.c.
Referenced by AddSessionDestroyHandler(), CallDestroyFuncs(), and InitSession().
| int IPDecoderID |
| unsigned int SessionCount = 0 |
All identified sessions.
Definition at line 19 of file session.c.
Referenced by FindIPPair(), InitSession(), and RemovePort().
| int TCPDecoderID |
Definition at line 27 of file session.c.
Referenced by AddToTime(), InitSession(), RemovePort(), TimeoutSessions(), and UpdateTime().
1.5.2