1 /*
2 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 ** Copyright (C) 2002-2013 Sourcefire, Inc.
4 ** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
5 **
6 ** This program is free software; you can redistribute it and/or modify
7 ** it under the terms of the GNU General Public License Version 2 as
8 ** published by the Free Software Foundation. You may not use, modify or
9 ** distribute this program under any other version of the GNU General
10 ** Public License.
11 **
12 ** This program is distributed in the hope that it will be useful,
13 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
14 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 ** GNU General Public License for more details.
16 **
17 ** You should have received a copy of the GNU General Public License
18 ** along with this program; if not, write to the Free Software
19 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 */
21
22 /* $Id$ */
23 #ifndef __PLUGBASE_H__
24 #define __PLUGBASE_H__
25
26 #ifdef HAVE_CONFIG_H
27 # include "config.h"
28 #endif
29
30 #include "bitop_funcs.h"
31 #include "rules.h"
32 #include "treenodes.h"
33 #include "sf_types.h"
34 #include "snort_debug.h"
35 #include "preprocids.h"
36
37 #ifndef WIN32
38 # include <sys/ioctl.h>
39 #endif /* !WIN32 */
40
41 #ifdef ENABLE_SSL
42 # ifdef Free
43 /* Free macro in radix.h if defined, will conflict with OpenSSL definition */
44 # undef Free
45 # endif
46 #endif
47
48 #ifndef WIN32
49 # include <net/route.h>
50 #endif /* !WIN32 */
51
52 #ifdef ENABLE_SSL
53 # undef Free
54 #endif
55
56 #if defined(SOLARIS) || defined(FREEBSD) || defined(OPENBSD)
57 # include <sys/param.h>
58 #endif
59
60 #if defined(FREEBSD) || defined(OPENBSD) || defined(NETBSD) || defined(OSF1)
61 # include <sys/mbuf.h>
62 #endif
63
64 #ifndef IFNAMSIZ /* IFNAMSIZ is defined in all platforms I checked.. */
65 # include <net/if.h>
66 #endif
67
68 #include "preprocids.h"
69
70
71 /* Macros *********************************************************************/
72 #define SMALLBUFFER 32
73
74 #define DETECTION_KEYWORD 0
75 #define RESPONSE_KEYWORD 1
76
77 #define ENCODING_HEX 0
78 #define ENCODING_BASE64 1
79 #define ENCODING_ASCII 2
80
81 #define DETAIL_FAST 0
82 #define DETAIL_FULL 1
83
84
85 /**************************** Rule Option Plugin API **************************/
86 typedef enum _RuleOptType
87 {
88 OPT_TYPE_ACTION = 0,
89 OPT_TYPE_LOGGING,
90 OPT_TYPE_DETECTION,
91 OPT_TYPE_MAX
92
93 } RuleOptType;
94
95 typedef void (*RuleOptConfigFunc)(struct _SnortConfig *, char *, OptTreeNode *, int);
96 typedef void (*RuleOptOtnHandler)(struct _SnortConfig *, OptTreeNode *);
97 typedef void (*RuleOptOverrideFunc)(struct _SnortConfig *, char *, char *, char *, OptTreeNode *, int);
98 typedef void (*RuleOptOverrideInitFunc)(char *, char *, RuleOptOverrideFunc);
99 typedef int (*RuleOptEvalFunc)(void *, Packet *);
100 typedef int (*ResponseFunc)(Packet*, void*);
101 typedef void (*PluginSignalFunc)(int, void *);
102 typedef void (*PluginSignalFuncWithSnortConfig)(struct _SnortConfig *, int, void *);
103 typedef void (*PostConfigFunc)(struct _SnortConfig *, int, void *);
104 typedef void (*RuleOptParseCleanupFunc)(void);
105 typedef int (*RuleOptByteOrderFunc)(void *, int32_t);
106
107 #define func fptr.fptr
108 #define vfunc fptr.void_fptr
109
110 typedef struct _RuleOptConfigFuncNode
111 {
112 char *keyword;
113 RuleOptType type;
114 union {
115 RuleOptConfigFunc fptr;
116 void *void_fptr;
117 } fptr;
118 RuleOptOtnHandler otn_handler;
119 struct _RuleOptConfigFuncNode *next;
120
121 } RuleOptConfigFuncNode;
122
123 typedef struct _RuleOptOverrideInitFuncNode
124 {
125 char *keyword;
126 RuleOptType type;
127 union {
128 RuleOptOverrideInitFunc fptr;
129 void *void_fptr;
130 } fptr;
131 RuleOptOtnHandler otn_handler;
132 struct _RuleOptOverrideInitFuncNode *next;
133
134 } RuleOptOverrideInitFuncNode;
135
136 typedef struct _RuleOptParseCleanupNode
137 {
138 union {
139 RuleOptParseCleanupFunc fptr;
140 void *void_fptr;
141 } fptr;
142 struct _RuleOptParseCleanupNode *next;
143
144 } RuleOptParseCleanupNode;
145
146 typedef struct _RuleOptByteOrderFuncNode
147 {
148 char *keyword;
149 union {
150 RuleOptByteOrderFunc fptr;
151 void *void_fptr;
152 } fptr;
153 struct _RuleOptByteOrderFuncNode *next;
154 } RuleOptByteOrderFuncNode;
155
156 void RegisterRuleOptions(void);
157 void RegisterRuleOption(char *, RuleOptConfigFunc, RuleOptOverrideInitFunc, RuleOptType, RuleOptOtnHandler);
158 void RegisterOverrideKeyword(char *, char *, RuleOptOverrideFunc);
159 void RegisterByteOrderKeyword(char *, RuleOptByteOrderFunc);
160 void DumpRuleOptions(void);
161 OptFpList * AddOptFuncToList(RuleOptEvalFunc, OptTreeNode *);
162 void AddRspFuncToList(ResponseFunc, OptTreeNode *, void *);
163 void FreeRuleOptConfigFuncs(RuleOptConfigFuncNode *);
164 void FreeRuleOptOverrideInitFuncs(RuleOptOverrideInitFuncNode *);
165 void AddFuncToRuleOptParseCleanupList(RuleOptParseCleanupFunc);
166 void RuleOptParseCleanup(void);
167 void FreeRuleOptParseCleanupList(RuleOptParseCleanupNode *);
168
169 void RegisterByteOrderKeyword(char *, RuleOptByteOrderFunc);
170 RuleOptByteOrderFunc GetByteOrderFunc(char *);
171 void FreeRuleOptByteOrderFuncs(RuleOptByteOrderFuncNode *);
172
173 /***************************** Buffer Dump API ********************************/
174
175 #ifdef DUMP_BUFFER
176 void RegisterBufferTracer(TraceBuffer * (*)(), BUFFER_DUMP_FUNC);
177 #endif
178
179 /***************************** Non Rule Detection API *************************/
180 typedef void (*DetectionEvalFunc)(Packet *, void *);
181 typedef struct _DetectionEvalFuncNode
182 {
183 void *context;
184 uint16_t priority;
185 uint32_t detect_id;
186 //uint32_t detect_bit;
187 uint32_t proto_mask;
188 union
189 {
190 DetectionEvalFunc fptr;
191 void *void_fptr;
192 } fptr;
193 struct _DetectionEvalFuncNode *next;
194
195 } DetectionEvalFuncNode;
196
197 DetectionEvalFuncNode * AddFuncToDetectionList(struct _SnortConfig *, DetectionEvalFunc, uint16_t, uint32_t, uint32_t);
198 void FreeDetectionEvalFuncs(DetectionEvalFuncNode *);
199
200 /***************************** Preprocessor API *******************************/
201 typedef void (*PreprocConfigFunc)(struct _SnortConfig *, char *);
202 typedef void (*PreprocStatsFunc)(int);
203 typedef void (*PreprocEvalFunc)(Packet *, void *);
204 typedef int (*PreprocCheckConfigFunc)(struct _SnortConfig *);
205 typedef void (*PreprocSignalFunc)(int, void *);
206 typedef void (*PreprocPostConfigFunc)(struct _SnortConfig *, void *);
207 typedef void (*PreprocMetaEvalFunc)(int, const uint8_t *);
208
209 typedef void (*PeriodicFunc)(int, void *);
210
211 #ifdef SNORT_RELOAD
212 struct _PreprocConfigFuncNode;
213 typedef struct _PreprocessorSwapData
214 {
215 struct _PreprocConfigFuncNode *preprocNode;
216 void *data;
217 struct _PreprocessorSwapData *next;
218 } PreprocessorSwapData;
219
220 typedef void (*PreprocReloadFunc)(struct _SnortConfig *, char *, void **);
221 typedef int (*PreprocReloadVerifyFunc)(struct _SnortConfig *, void *);
222 typedef void * (*PreprocReloadSwapFunc)(struct _SnortConfig *, void *);
223 typedef void (*PreprocReloadSwapFreeFunc)(void *);
224 #endif
225
226 #define config_func cfptr.fptr
227 #define config_vfunc cfptr.void_fptr
228 typedef struct _PreprocConfigFuncNode
229 {
230 char *keyword;
231 union {
232 PreprocConfigFunc fptr;
233 void *void_fptr;
234 } cfptr;
235
236 #ifdef SNORT_RELOAD
237 /* Tells whether we call the config func or reload func */
238 int initialized;
239 PreprocReloadFunc reload_func;
240 PreprocReloadVerifyFunc reload_verify_func;
241 PreprocReloadSwapFunc reload_swap_func;
242 PreprocReloadSwapFreeFunc reload_swap_free_func;
243 #endif
244
245 struct _PreprocConfigFuncNode *next;
246
247 } PreprocConfigFuncNode;
248
249 typedef struct _PreprocStatsFuncNode
250 {
251 char *keyword;
252 union
253 {
254 PreprocStatsFunc fptr;
255 void *void_fptr;
256 } fptr;
257 struct _PreprocStatsFuncNode *next;
258
259 } PreprocStatsFuncNode;
260
261 typedef struct _PreprocEvalFuncNode
262 {
263 void *context;
264 uint16_t priority;
265 uint32_t preproc_id;
266 PreprocEnableMask preproc_bit;
267 uint32_t proto_mask;
268 union
269 {
270 PreprocEvalFunc fptr;
271 void *void_fptr;
272 } fptr;
273 struct _PreprocEvalFuncNode *next;
274
275 } PreprocEvalFuncNode;
276
277 typedef struct _PreprocMetaEvalFuncNode
278 {
279 uint16_t priority;
280 uint32_t preproc_id;
281 PreprocEnableMask preproc_bit;
282 union
283 {
284 PreprocMetaEvalFunc fptr;
285 void *void_fptr;
286 } fptr;
287 struct _PreprocMetaEvalFuncNode *next;
288 } PreprocMetaEvalFuncNode;
289
290 typedef struct _PreprocCheckConfigFuncNode
291 {
292 union
293 {
294 PreprocCheckConfigFunc fptr;
295 void *void_fptr;
296 } fptr;
297 struct _PreprocCheckConfigFuncNode *next;
298
299 } PreprocCheckConfigFuncNode;
300
301 typedef struct _PreprocSignalFuncNode
302 {
303 void *arg;
304 uint16_t priority;
305 uint32_t preproc_id;
306 union
307 {
308 PreprocSignalFunc fptr;
309 void *void_fptr;
310 } fptr;
311 struct _PreprocSignalFuncNode *next;
312
313 } PreprocSignalFuncNode;
314
315 typedef struct _PreprocPostConfigFuncNode
316 {
317 void *data;
318 union
319 {
320 PreprocPostConfigFunc fptr;
321 void *void_fptr;
322 } fptr;
323 struct _PreprocPostConfigFuncNode *next;
324
325 } PreprocPostConfigFuncNode;
326
327 typedef struct _PeriodicCheckFuncNode
328 {
329 void *arg;
330 uint16_t priority;
331 uint32_t preproc_id;
332 uint32_t period;
333 uint32_t time_left;
334 union
335 {
336 PeriodicFunc fptr;
337 void *void_fptr;
338 } fptr;
339 struct _PeriodicCheckFuncNode *next;
340
341 } PeriodicCheckFuncNode;
342
343
344 struct _SnortConfig;
345
346 void RegisterPreprocessors(void);
347 #ifndef SNORT_RELOAD
348 void RegisterPreprocessor(const char *, PreprocConfigFunc);
349 #else
350 void RegisterPreprocessor(const char *, PreprocConfigFunc, PreprocReloadFunc,
351 PreprocReloadVerifyFunc, PreprocReloadSwapFunc,
352 PreprocReloadSwapFreeFunc);
353 void *GetRelatedReloadData(struct _SnortConfig *, const char *);
354 void *GetReloadStreamConfig(struct _SnortConfig *sc);
355 #endif
356 PreprocConfigFuncNode * GetPreprocConfig(char *);
357 PreprocConfigFunc GetPreprocConfigFunc(char *);
358 void RegisterPreprocStats(const char *, PreprocStatsFunc);
359 void DumpPreprocessors(void);
360 void AddFuncToConfigCheckList(struct _SnortConfig *, PreprocCheckConfigFunc);
361 void AddFuncToPreprocPostConfigList(struct _SnortConfig *, PreprocPostConfigFunc, void *);
362 int CheckPreprocessorsConfig(struct _SnortConfig *);
363 PreprocEvalFuncNode * AddFuncToPreprocList(struct _SnortConfig *, PreprocEvalFunc, uint16_t, uint32_t, uint32_t);
364 void AddFuncToPreprocListAllNapPolicies(struct _SnortConfig *sc, PreprocEvalFunc pp_eval_func, uint16_t priority,
365 uint32_t preproc_id, uint32_t proto_mask);
366 PreprocMetaEvalFuncNode * AddFuncToPreprocMetaEvalList(struct _SnortConfig *, PreprocMetaEvalFunc, uint16_t, uint32_t);
367 void AddFuncToPreprocCleanExitList(PreprocSignalFunc, void *, uint16_t, uint32_t);
368 void AddFuncToPreprocShutdownList(PreprocSignalFunc, void *, uint16_t, uint32_t);
369 void AddFuncToPreprocResetList(PreprocSignalFunc, void *, uint16_t, uint32_t);
370 void AddFuncToPreprocResetStatsList(PreprocSignalFunc, void *, uint16_t, uint32_t);
371 int IsPreprocEnabled(struct _SnortConfig *, uint32_t);
372 void FreePreprocConfigFuncs(void);
373 void FreePreprocCheckConfigFuncs(PreprocCheckConfigFuncNode *);
374 void FreePreprocStatsFuncs(PreprocStatsFuncNode *);
375 void FreePreprocEvalFuncs(PreprocEvalFuncNode *);
376 void FreePreprocMetaEvalFuncs(PreprocMetaEvalFuncNode *);
377 void FreePreprocSigFuncs(PreprocSignalFuncNode *);
378 void FreePreprocPostConfigFuncs(PreprocPostConfigFuncNode *);
379 void PostConfigPreprocessors(struct _SnortConfig *);
380 void FilterConfigPreprocessors(struct _SnortConfig *sc);
381
382 #ifdef SNORT_RELOAD
383 int VerifyReloadedPreprocessors(struct _SnortConfig *);
384 void SwapPreprocConfigurations(struct _SnortConfig *);
385 void FreeSwappedPreprocConfigurations(struct _SnortConfig *);
386 void FreePreprocessorReloadData(struct _SnortConfig *);
387 #endif
388
389 void AddFuncToPeriodicCheckList(PeriodicFunc, void *, uint16_t, uint32_t, uint32_t);
390 void FreePeriodicFuncs(PeriodicCheckFuncNode *head);
391
DisableAppPreprocessors(Packet * p)392 static inline void DisableAppPreprocessors( Packet *p )
393 {
394 p->preprocessor_bits &= ( PP_CLASS_NETWORK | PP_CLASS_NGFW );
395 }
396
DisableAllPreprocessors(Packet * p)397 static inline void DisableAllPreprocessors( Packet *p )
398 {
399 p->preprocessor_bits = PP_DISABLE_ALL;
400 }
401
EnablePreprocessor(Packet * p,unsigned int preproc_id)402 static inline int EnablePreprocessor(Packet *p, unsigned int preproc_id)
403 {
404 p->preprocessor_bits |= (UINT64_C(1) << preproc_id);
405 return 0;
406 }
407
EnablePreprocessors(Packet * p,PreprocEnableMask enabled_pps)408 static inline void EnablePreprocessors(Packet *p, PreprocEnableMask enabled_pps)
409 {
410 p->preprocessor_bits = enabled_pps;
411 }
412
IsPreprocessorEnabled(Packet * p,PreprocEnableMask preproc_bit)413 static inline int IsPreprocessorEnabled(Packet *p, PreprocEnableMask preproc_bit)
414 {
415 return ( ( p->preprocessor_bits & preproc_bit ) != 0 );
416 }
417
418 void DisableAllPolicies(struct _SnortConfig *);
419 int ReenablePreprocBit(struct _SnortConfig *, unsigned int preproc_id);
420
421 /************************** Miscellaneous Functions **************************/
422
423 typedef struct _PluginSignalFuncNode
424 {
425 void *arg;
426 union
427 {
428 PluginSignalFunc fptr;
429 void *void_fptr;
430 } fptr;
431 struct _PluginSignalFuncNode *next;
432
433 } PluginSignalFuncNode;
434
435 typedef struct _PostConfigFuncNode
436 {
437 void *arg;
438 union
439 {
440 PostConfigFunc fptr;
441 void *void_fptr;
442 } fptr;
443 struct _PostConfigFuncNode *next;
444
445 } PostConfigFuncNode;
446
447 /* Used for both rule options and output. Preprocessors have their own */
448 #ifdef SNORT_RELOAD
449 void AddFuncToReloadList(PostConfigFunc, void *);
450 #endif
451 void AddFuncToCleanExitList(PluginSignalFunc, void *);
452 void AddFuncToShutdownList(PluginSignalFunc, void *);
453 void AddFuncToPostConfigList(struct _SnortConfig *, PostConfigFunc, void *);
454 void AddFuncToSignalList(PluginSignalFunc, void *, PluginSignalFuncNode **);
455 void PostConfigInitPlugins(struct _SnortConfig *, PostConfigFuncNode *);
456 void FreePluginSigFuncs(PluginSignalFuncNode *);
457 void FreePluginPostConfigFuncs(PostConfigFuncNode *);
458
459 typedef char** (*GetHttpXffFieldsFunc)(int* nFields);
460 char** GetHttpXffFields(int* nFields);
461 void RegisterGetHttpXffFields(GetHttpXffFieldsFunc fn);
462
463 #endif /* __PLUGBASE_H__ */
464