1 /* 2 Copyright (c) 1999 Rafal Wojtczuk <nergal@7bulls.com>. All rights reserved. 3 See the file COPYING for license details. 4 */ 5 6 #ifndef _NIDS_NIDS_H 7 # define _NIDS_NIDS_H 8 9 # include <sys/types.h> 10 #include <netinet/in_systm.h> 11 #include <netinet/in.h> 12 # include <netinet/ip.h> 13 # include <netinet/tcp.h> 14 # include <pcap.h> 15 16 # ifdef __cplusplus 17 extern "C" { 18 # endif 19 20 # define NIDS_MAJOR 1 21 # define NIDS_MINOR 24 22 23 enum 24 { 25 NIDS_WARN_IP = 1, 26 NIDS_WARN_TCP, 27 NIDS_WARN_UDP, 28 NIDS_WARN_SCAN 29 }; 30 31 enum 32 { 33 NIDS_WARN_UNDEFINED = 0, 34 NIDS_WARN_IP_OVERSIZED, 35 NIDS_WARN_IP_INVLIST, 36 NIDS_WARN_IP_OVERLAP, 37 NIDS_WARN_IP_HDR, 38 NIDS_WARN_IP_SRR, 39 NIDS_WARN_TCP_TOOMUCH, 40 NIDS_WARN_TCP_HDR, 41 NIDS_WARN_TCP_BIGQUEUE, 42 NIDS_WARN_TCP_BADFLAGS 43 }; 44 45 # define NIDS_JUST_EST 1 46 # define NIDS_DATA 2 47 # define NIDS_CLOSE 3 48 # define NIDS_RESET 4 49 # define NIDS_TIMED_OUT 5 50 # define NIDS_EXITING 6 /* nids is exiting; last chance to get data */ 51 52 # define NIDS_DO_CHKSUM 0 53 # define NIDS_DONT_CHKSUM 1 54 55 struct tuple4 56 { 57 u_short source; 58 u_short dest; 59 u_int saddr; 60 u_int daddr; 61 }; 62 63 struct half_stream 64 { 65 char state; 66 char collect; 67 char collect_urg; 68 69 char *data; 70 int offset; 71 int count; 72 int count_new; 73 int bufsize; 74 int rmem_alloc; 75 76 int urg_count; 77 u_int acked; 78 u_int seq; 79 u_int ack_seq; 80 u_int first_data_seq; 81 u_char urgdata; 82 u_char count_new_urg; 83 u_char urg_seen; 84 u_int urg_ptr; 85 u_short window; 86 u_char ts_on; 87 u_char wscale_on; 88 u_int curr_ts; 89 u_int wscale; 90 struct skbuff *list; 91 struct skbuff *listtail; 92 }; 93 94 struct tcp_stream 95 { 96 struct tuple4 addr; 97 char nids_state; 98 struct lurker_node *listeners; 99 struct half_stream client; 100 struct half_stream server; 101 struct tcp_stream *next_node; 102 struct tcp_stream *prev_node; 103 int hash_index; 104 struct tcp_stream *next_time; 105 struct tcp_stream *prev_time; 106 int read; 107 struct tcp_stream *next_free; 108 void *user; 109 }; 110 111 struct nids_prm 112 { 113 int n_tcp_streams; 114 int n_hosts; 115 char *device; 116 char *filename; 117 int sk_buff_size; 118 int dev_addon; 119 void (*syslog) (); 120 int syslog_level; 121 int scan_num_hosts; 122 int scan_delay; 123 int scan_num_ports; 124 void (*no_mem) (char *); 125 int (*ip_filter) (); 126 char *pcap_filter; 127 int promisc; 128 int one_loop_less; 129 int pcap_timeout; 130 int multiproc; 131 int queue_limit; 132 int tcp_workarounds; 133 pcap_t *pcap_desc; 134 }; 135 136 struct tcp_timeout 137 { 138 struct tcp_stream *a_tcp; 139 struct timeval timeout; 140 struct tcp_timeout *next; 141 struct tcp_timeout *prev; 142 }; 143 144 int nids_init (void); 145 void nids_register_ip_frag (void (*)); 146 void nids_unregister_ip_frag (void (*)); 147 void nids_register_ip (void (*)); 148 void nids_unregister_ip (void (*)); 149 void nids_register_tcp (void (*)); 150 void nids_unregister_tcp (void (*x)); 151 void nids_register_udp (void (*)); 152 void nids_unregister_udp (void (*)); 153 void nids_killtcp (struct tcp_stream *); 154 void nids_discard (struct tcp_stream *, int); 155 int nids_run (void); 156 void nids_exit(void); 157 int nids_getfd (void); 158 int nids_dispatch (int); 159 int nids_next (void); 160 void nids_pcap_handler(u_char *, struct pcap_pkthdr *, u_char *); 161 struct tcp_stream *nids_find_tcp_stream(struct tuple4 *); 162 void nids_free_tcp_stream(struct tcp_stream *); 163 164 extern struct nids_prm nids_params; 165 extern char *nids_warnings[]; 166 extern char nids_errbuf[]; 167 extern struct pcap_pkthdr *nids_last_pcap_header; 168 extern u_char *nids_last_pcap_data; 169 extern u_int nids_linkoffset; 170 extern struct tcp_timeout *nids_tcp_timeouts; 171 172 struct nids_chksum_ctl { 173 u_int netaddr; 174 u_int mask; 175 u_int action; 176 u_int reserved; 177 }; 178 extern void nids_register_chksum_ctl(struct nids_chksum_ctl *, int); 179 180 # ifdef __cplusplus 181 } 182 # endif 183 184 #endif /* _NIDS_NIDS_H */ 185