1 /****************************************************************************
2  *
3  * Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
4  * Copyright (C) 2004-2013 Sourcefire, Inc.
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License Version 2 as
8  * published by the Free Software Foundation.  You may not use, modify or
9  * distribute this program under any other version of the GNU General
10  * Public License.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
20  *
21  ****************************************************************************/
22 
23 #ifndef SESSION_COMMON_H_
24 #define SESSION_COMMON_H_
25 
26 #include <sys/types.h>
27 #ifndef WIN32
28 #include <netinet/in.h>
29 #endif
30 
31 #include "sfutil/bitop_funcs.h"
32 #include "sfutil/sfActionQueue.h"
33 #include "parser/IpAddrSet.h"
34 
35 #include "session_api.h"
36 #include "mempool.h"
37 #include "sf_types.h"
38 #include "plugbase.h"
39 
40 #ifdef TARGET_BASED
41 #include "target-based/sftarget_hostentry.h"
42 #endif
43 
44 #include "sfPolicy.h"
45 #include "sfPolicyUserData.h"
46 
47 /* defaults and limits */
48 #define STREAM_DEFAULT_SSN_TIMEOUT  30        /* seconds to timeout a session */
49 #define STREAM_MAX_SSN_TIMEOUT      3600 * 24 /* max timeout (approx 1 day) */
50 #define STREAM_MIN_SSN_TIMEOUT      1         /* min timeout (1 second) */
51 #define STREAM_MIN_ALT_HS_TIMEOUT   0         /* min timeout (0 seconds) */
52 /* Lower timeout value in seconds to clean up the session
53  * for receiving valid RST for a ongoing/hanged tcp session.
54  */
55 #define STREAM_SSN_RST_TIMEOUT      180
56 #define STREAM_TRACK_YES            1
57 #define STREAM_TRACK_NO             0
58 
59 #define STREAM_MIN_MAX_WINDOW       0
60 #define MAX_PORTS_TO_PRINT      20
61 
62 /* traffic direction identification */
63 #define FROM_SERVER     0
64 #define FROM_RESPONDER  0
65 #define FROM_CLIENT     1
66 #define FROM_SENDER     1
67 
68 #if defined(FEAT_OPEN_APPID)
69 #define MAX_APP_PROTOCOL_ID  4
70 #endif /* defined(FEAT_OPEN_APPID) */
71 
72 /*  Control Socket types */
73 #define CS_TYPE_DEBUG_STREAM_HA     ((PP_STREAM << 7) + 0)     // 0x680 / 1664
74 
75 /*  D A T A   S T R U C T U R E S  **********************************/
76 
77 typedef void (*NoRefCallback)( void *data );
78 
79 #ifdef ENABLE_HA
80 typedef struct _SessionHAConfig
81 {
82     struct timeval min_session_lifetime;
83     struct timeval min_sync_interval;
84     char *startup_input_file;
85     char *runtime_output_file;
86     char *shutdown_output_file;
87 #ifdef REG_TEST
88     char *runtime_input_file;
89 # endif
90 # ifdef SIDE_CHANNEL
91     uint8_t use_side_channel;
92 # endif
93     uint8_t use_daq;
94 } SessionHAConfig;
95 #endif
96 
97 typedef struct _SessionConfiguration
98 {
99     char       disabled;
100     char       track_tcp_sessions;
101     char       track_udp_sessions;
102     char       track_icmp_sessions;
103     char       track_ip_sessions;
104 #ifdef ENABLE_HA
105     char       enable_ha;
106 #endif
107     uint32_t   max_sessions;
108     uint32_t   max_tcp_sessions;
109     uint32_t   max_udp_sessions;
110     uint32_t   max_icmp_sessions;
111     uint32_t   max_ip_sessions;
112     uint16_t   tcp_cache_pruning_timeout;
113     uint16_t   tcp_cache_nominal_timeout;
114     uint16_t   udp_cache_pruning_timeout;
115     uint16_t   udp_cache_nominal_timeout;
116     uint32_t   memcap;
117     uint32_t   prune_log_max;
118     uint32_t   flags;
119 
120 #ifdef ACTIVE_RESPONSE
121     uint32_t   min_response_seconds;
122     uint8_t    max_active_responses;
123 #endif
124 
125 #ifdef ENABLE_HA
126     SessionHAConfig *ha_config;
127 #endif
128     uint32_t  numSnortPolicies;
129     uint32_t  *policy_ref_count;
130 #ifdef SNORT_RELOAD
131     NoRefCallback no_ref_cb;
132     void         *no_ref_cb_data;
133 #endif
134 } SessionConfiguration;
135 
136 #ifdef MPLS
137 typedef struct _MPLS_Hdr
138 {
139     uint16_t length;
140     uint8_t* start;
141 }MPLS_Hdr;
142 #endif
143 
144 // this struct is organized by member size for compactness
145 typedef struct _SessionControlBlock
146 {
147     SessionKey *key;
148 
149     MemBucket  *proto_specific_data;
150     StreamAppData *appDataList;
151 
152     MemBucket *flowdata; /* add flowbits */
153 
154     long       last_data_seen;
155     uint64_t   expire_time;
156 
157     tSfPolicyId napPolicyId;
158     tSfPolicyId ipsPolicyId;
159     SessionConfiguration *session_config;
160     void *stream_config;
161     void *proto_policy;
162 
163     PreprocEvalFuncNode *initial_pp;
164     PreprocEnableMask enabled_pps;
165 
166     uint16_t    session_state;
167     uint8_t     handler[SE_MAX];
168 
169     sfaddr_t    client_ip; // FIXTHIS family and bits should be changed to uint16_t
170     sfaddr_t    server_ip; // or uint8_t to reduce sizeof from 24 to 20
171 
172     uint16_t    client_port;
173     uint16_t    server_port;
174     bool        port_guess;
175     bool        stream_config_stale;
176 
177     uint8_t     protocol;
178 
179 #ifdef ACTIVE_RESPONSE
180     uint8_t     response_count;
181 #endif
182 
183     uint8_t  inner_client_ttl;
184     uint8_t  inner_server_ttl;
185     uint8_t  outer_client_ttl;
186     uint8_t  outer_server_ttl;
187 
188     StreamHAState ha_state;
189     StreamHAState cached_ha_state;
190 
191 #ifdef ENABLE_HA
192     struct timeval  ha_next_update;
193     uint8_t         ha_pending_mask;
194     uint8_t         ha_flags;
195 #endif
196 
197     bool    ips_os_selected;
198     bool    session_established;
199     bool    new_session;
200     bool    in_oneway_list;
201     bool    is_session_deletion_delayed;
202     uint8_t iprep_update_counter;
203 
204     // pointers for linking into list of oneway sessions
205     struct _SessionControlBlock *ows_prev;
206     struct _SessionControlBlock *ows_next;
207 
208 #if defined(FEAT_OPEN_APPID)
209     int16_t     app_protocol_id[MAX_APP_PROTOCOL_ID];
210 #endif /* defined(FEAT_OPEN_APPID) */
211 
212 #ifdef MPLS
213    MPLS_Hdr *clientMplsHeader;
214    MPLS_Hdr *serverMplsHeader;
215 #endif
216 } SessionControlBlock;
217 
218 
219 /**Common statistics for tcp and udp packets, maintained by port filtering.
220  */
221 typedef struct {
222     /* packets filtered without further processing by any preprocessor or
223      * detection engine.
224      */
225     uint32_t  filtered;
226 
227     /* packets inspected and but processed futher by stream5 preprocessor.
228      */
229     uint32_t  inspected;
230 
231     /* packets session tracked by stream5 preprocessor.
232      */
233     uint32_t  session_tracked;
234 } tPortFilterStats;
235 
236 typedef struct _SessionStatistics
237 {
238     uint32_t   total_tcp_sessions;
239     uint32_t   total_udp_sessions;
240     uint32_t   total_icmp_sessions;
241     uint32_t   total_ip_sessions;
242     uint32_t   tcp_prunes;
243     uint32_t   udp_prunes;
244     uint32_t   icmp_prunes;
245     uint32_t   ip_prunes;
246     uint32_t   events;
247     uint32_t   internalEvents;
248     tPortFilterStats  tcp_port_filter;
249     tPortFilterStats  udp_port_filter;
250 } SessionStatistics;
251 
252 SessionConfiguration *getSessionConfiguration( bool reload_config );
253 int SessionTrackingEnabled( SessionConfiguration *config, uint32_t protocol );
254 uint32_t GetSessionPruneLogMax( void );
255 uint32_t GetSessionMemCap( void );
256 void SessionFreeConfig( SessionConfiguration * );
257 int isPacketFilterDiscard( Packet *p, int ignore_any_rules );
258 int isPacketFilterDiscardUdp( Packet *p, int ignore_any_rules );
259 
260 typedef void ( *set_dir_ports_cb )( Packet *p, SessionControlBlock *scb );
261 typedef int ( *flush_stream_cb )( Packet *p, SessionControlBlock *scb );
262 
263 void registerDirectionPortCallback( uint8_t proto, set_dir_ports_cb cb_func );
264 void registerFlushStreamCallback( bool client_to_server, flush_stream_cb cb_func );
265 
266 #ifdef SNORT_RELOAD
267 void register_no_ref_policy_callback(SessionConfiguration *session_conf, NoRefCallback cb, void *data);
268 #endif
269 
270 struct session_plugins
271 {
272     set_dir_ports_cb set_tcp_dir_ports;
273     set_dir_ports_cb set_udp_dir_ports;
274     flush_stream_cb  flush_client_stream;
275     flush_stream_cb  flush_server_stream;
276     nap_selector select_session_nap;
277 };
278 
279 struct session_plugins *getSessionPlugins( void );
280 void freeSessionPlugins( void );
281 
282 // shared session state
283 extern SessionStatistics session_stats;
284 extern uint32_t firstPacketTime;
285 extern SessionConfiguration *session_configuration;
286 
287 extern uint32_t session_mem_in_use;
288 extern tSfActionQueueId decoderActionQ;
289 
290 
CalcJiffies(Packet * p)291 static inline uint64_t CalcJiffies(Packet *p)
292 {
293     uint64_t ret = 0;
294     uint64_t sec = ( uint64_t ) p->pkth->ts.tv_sec * TCP_HZ;
295     uint64_t usec = ( p->pkth->ts.tv_usec / ( 1000000UL / TCP_HZ ) );
296 
297     ret = sec + usec;
298 
299     return ret;
300 }
301 
302 
303 #endif /* SESSION_COMMON_H_ */
304