1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 3 // Copyright (C) 2002-2013 Sourcefire, Inc. 4 // 5 // This program is free software; you can redistribute it and/or modify it 6 // under the terms of the GNU General Public License Version 2 as published 7 // by the Free Software Foundation. You may not use, modify or distribute 8 // this program under any other version of the GNU General Public License. 9 // 10 // This program is distributed in the hope that it will be useful, but 11 // WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 // General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License along 16 // with this program; if not, write to the Free Software Foundation, Inc., 17 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 //-------------------------------------------------------------------------- 19 20 // port_group.h derived from pcrm.h by 21 // 22 // Marc Norton <mnorton@sourcefire.com> 23 // Dan Roelker <droelker@sourcefire.com> 24 25 #ifndef PORT_GROUP_H 26 #define PORT_GROUP_H 27 28 namespace snort 29 { 30 class MpseGroup; 31 } 32 33 // RuleGroup contains a set of fast patterns in the form of an MPSE and a 34 // set of non-fast-pattern (nfp) rules. when a RuleGroup is selected, the 35 // MPSE will run fp rules if there is a match on the associated fast 36 // patterns. it will always run nfp rules since there is no way to filter 37 // them out. 38 39 enum PmType 40 { 41 PM_TYPE_PKT = 0, 42 PM_TYPE_ALT, 43 PM_TYPE_KEY, 44 PM_TYPE_HEADER, 45 PM_TYPE_BODY, 46 PM_TYPE_FILE, 47 PM_TYPE_RAW_KEY, 48 PM_TYPE_RAW_HEADER, 49 PM_TYPE_METHOD, 50 PM_TYPE_STAT_CODE, 51 PM_TYPE_STAT_MSG, 52 PM_TYPE_COOKIE, 53 PM_TYPE_JS_DATA, 54 PM_TYPE_VBA, 55 PM_TYPE_MAX 56 }; 57 58 const char* const pm_type_strings[PM_TYPE_MAX] = 59 { 60 "packet", "alt", "key", "header", "body", "file", "raw_key", "raw_header", 61 "method", "stat_code", "stat_msg", "cookie", "js_data", "vba" 62 }; 63 64 struct RULE_NODE 65 { 66 RULE_NODE* rnNext; 67 void* rnRuleData; 68 int iRuleNodeID; 69 }; 70 71 struct RuleGroup 72 { 73 RuleGroup() = default; 74 ~RuleGroup(); 75 76 // non-fast-pattern list 77 RULE_NODE* nfp_head = nullptr; 78 RULE_NODE* nfp_tail = nullptr; 79 80 // pattern matchers 81 snort::MpseGroup* mpsegrp[PM_TYPE_MAX] = { }; 82 83 // detection option tree 84 void* nfp_tree = nullptr; 85 86 unsigned rule_count = 0; 87 unsigned nfp_rule_count = 0; 88 89 void add_rule(); 90 bool add_nfp_rule(void*); 91 void delete_nfp_rules(); 92 }; 93 94 #endif 95 96