1 /* $Id$ */
2
3 /*
4 * Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
5 * Copyright (C) 2004-2013 Sourcefire, Inc.
6 * ** AUTHOR: d mcpherson
7 * **
8 * ** This program is free software; you can redistribute it and/or modify
9 * ** it under the terms of the GNU General Public License Version 2 as
10 * ** published by the Free Software Foundation. You may not use, modify or
11 * ** distribute this program under any other version of the GNU General
12 * ** Public License.
13 * **
14 * ** This program is distributed in the hope that it will be useful,
15 * ** but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * ** GNU General Public License for more details.
18 * **
19 * ** You should have received a copy of the GNU General Public License
20 * ** along with this program; if not, write to the Free Software
21 * ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
22 * */
23
24 /* session_api.h
25 *
26 * Purpose: Definition of the SessionAPI. To be used as a common interface
27 * for other preprocessors and detection plugins that require a
28 * session context for execution.
29 *
30 * Arguments:
31 *
32 * Effect:
33 *
34 * Comments:
35 *
36 * Any comments?
37 *
38 */
39
40 #ifndef _SESSION_API_H_
41 #define _SESSION_API_H_
42
43 #include <sys/types.h>
44
45 #include "ipv6_port.h"
46 #include "preprocids.h" /* IDs are used when setting preproc specific data */
47 #include "bitop.h"
48 #include "decode.h"
49 #include "sfPolicy.h"
50
51 /* default limits */
52 #define STREAM_DEFAULT_PRUNE_QUANTA 30 /* seconds to timeout a session */
53 #define STREAM_DEFAULT_MEMCAP 8388608 /* 8MB */
54 #define STREAM_DEFAULT_PRUNE_LOG_MAX 1048576 /* 1MB */
55 #define STREAM_RIDICULOUS_HI_MEMCAP ( 1024 * 1024 * 1024 ) /* 1GB */
56 #define STREAM_RIDICULOUS_LOW_MEMCAP 32768 /* 32k*/
57 #define STREAM_RIDICULOUS_MAX_SESSIONS ( 1024 * 1024 ) /* 1 million sessions */
58 #define STREAM_DEFAULT_MAX_TCP_SESSIONS 262144 /* 256k TCP sessions by default */
59 #define STREAM_DEFAULT_MAX_UDP_SESSIONS 131072 /* 128k UDP sessions by default */
60 #define STREAM_DEFAULT_MAX_ICMP_SESSIONS 65536 /* 64k ICMP sessions by default */
61 #define STREAM_DEFAULT_MAX_IP_SESSIONS 16384 /* 16k IP sessions by default */
62 #define STREAM_DEFAULT_TCP_CACHE_PRUNING_TIMEOUT 30 /* 30 seconds */
63 #define STREAM_DEFAULT_TCP_CACHE_NOMINAL_TIMEOUT ( 60 * 60 ) /* 60 minutes */
64 #define STREAM_DEFAULT_UDP_CACHE_PRUNING_TIMEOUT 30 /* 30 seconds */
65 #define STREAM_DEFAULT_UDP_CACHE_NOMINAL_TIMEOUT ( 3 * 60 ) /* 3 minutes */
66 #define STREAM_MAX_CACHE_TIMEOUT ( 12 * 60 * 60 ) /* 12 hours */
67 #define STREAM_MIN_PRUNE_LOG_MAX 1024 /* 1k packet data stored */
68 #define STREAM_MAX_PRUNE_LOG_MAX STREAM_RIDICULOUS_HI_MEMCAP /* 1GB packet data stored */
69 #define STREAM_DELAY_SESSION_DELETION true /* set if session deletion to be delayed */
70 #define STREAM_DELAY_TIMEOUT_AFTER_CONNECTION_ENDED (3 * 60) /* 3 minutes */
71 #define STREAM_DELAY_SCB_DELETION 1 /* 1 second */
72
73 #define STREAM_EXPECTED_CHANNEL_TIMEOUT 300
74
75 #ifdef ACTIVE_RESPONSE
76 #define STREAM_DEFAULT_MAX_ACTIVE_RESPONSES 0 /* default to no responses */
77 #define STREAM_DEFAULT_MIN_RESPONSE_SECONDS 1 /* wait at least 1 second between resps */
78
79 #define STREAM_MAX_ACTIVE_RESPONSES_MAX 25 /* banging your head against the wall */
80 #define STREAM_MIN_RESPONSE_SECONDS_MAX 300 /* we want to stop the flow soonest */
81 #endif
82
83 #define EXPECT_FLAG_ALWAYS 0x01
84
85 #define SSN_MISSING_NONE 0x00
86 #define SSN_MISSING_BEFORE 0x01
87 #define SSN_MISSING_AFTER 0x02
88 #define SSN_MISSING_BOTH (SSN_MISSING_BEFORE | SSN_MISSING_AFTER)
89
90 #define SSN_DIR_NONE 0x0
91 #define SSN_DIR_FROM_CLIENT 0x1
92 #define SSN_DIR_FROM_SENDER 0x1
93 #define SSN_DIR_TO_SERVER 0x1
94 #define SSN_DIR_FROM_SERVER 0x2
95 #define SSN_DIR_FROM_RESPONDER 0x2
96 #define SSN_DIR_TO_CLIENT 0x2
97 #define SSN_DIR_BOTH 0x3
98
99 #define SSNFLAG_SEEN_CLIENT 0x00000001
100 #define SSNFLAG_SEEN_SENDER 0x00000001
101 #define SSNFLAG_SEEN_SERVER 0x00000002
102 #define SSNFLAG_SEEN_RESPONDER 0x00000002
103 #define SSNFLAG_SEEN_BOTH (SSNFLAG_SEEN_SERVER | SSNFLAG_SEEN_CLIENT) /* used to check asymetric traffic */
104 #define SSNFLAG_ESTABLISHED 0x00000004
105 #define SSNFLAG_NMAP 0x00000008
106 #define SSNFLAG_ECN_CLIENT_QUERY 0x00000010
107 #define SSNFLAG_ECN_SERVER_REPLY 0x00000020
108 #define SSNFLAG_HTTP_1_1 0x00000040 /* has stream seen HTTP 1.1? */
109 #define SSNFLAG_SEEN_PMATCH 0x00000080 /* seen pattern match? */
110 #define SSNFLAG_MIDSTREAM 0x00000100 /* picked up midstream */
111 #define SSNFLAG_CLIENT_FIN 0x00000200 /* server sent fin */
112 #define SSNFLAG_SERVER_FIN 0x00000400 /* client sent fin */
113 #define SSNFLAG_CLIENT_PKT 0x00000800 /* packet is from the client */
114 #define SSNFLAG_SERVER_PKT 0x00001000 /* packet is from the server */
115 #define SSNFLAG_COUNTED_INITIALIZE 0x00002000
116 #define SSNFLAG_COUNTED_ESTABLISH 0x00004000
117 #define SSNFLAG_COUNTED_CLOSING 0x00008000
118 #define SSNFLAG_TIMEDOUT 0x00010000
119 #define SSNFLAG_PRUNED 0x00020000
120 #define SSNFLAG_RESET 0x00040000
121 #define SSNFLAG_DROP_CLIENT 0x00080000
122 #define SSNFLAG_DROP_SERVER 0x00100000
123 #define SSNFLAG_LOGGED_QUEUE_FULL 0x00200000
124 #define SSNFLAG_STREAM_ORDER_BAD 0x00400000
125 #define SSNFLAG_FORCE_BLOCK 0x00800000
126 #define SSNFLAG_CLIENT_SWAP 0x01000000
127 #define SSNFLAG_CLIENT_SWAPPED 0x02000000
128 #define SSNFLAG_DETECTION_DISABLED 0x04000000
129 #define SSNFLAG_HTTP_2 0x08000000
130 #define SSNFLAG_HTTP_2_UPG 0x10000000
131 #define SSNFLAG_FREE_APP_DATA 0x20000000
132 #define SSNFLAG_ALL 0xFFFFFFFF /* all that and a bag of chips */
133 #define SSNFLAG_NONE 0x00000000 /* nothing, an MT bag of chips */
134
135
136 // HA Session flags helper macros
137 #define HA_IGNORED_SESSION_FLAGS ( SSNFLAG_COUNTED_INITIALIZE | SSNFLAG_COUNTED_ESTABLISH | \
138 SSNFLAG_COUNTED_CLOSING | SSNFLAG_LOGGED_QUEUE_FULL)
139
140 #define HA_TCP_MAJOR_SESSION_FLAGS ( SSNFLAG_ESTABLISHED )
141
142 #define UNKNOWN_PORT 0
143
144 #define TCP_HZ 100
145
146 #define SESSION_API_VERSION1 1
147
148 /* NOTE: The XFF_BUILTING_NAMES value must match the code in snort_httpinspect.c that
149 adds the builtin names to the list. */
150 #define HTTP_XFF_FIELD_X_FORWARDED_FOR "X-Forwarded-For"
151 #define HTTP_XFF_FIELD_TRUE_CLIENT_IP "True-Client-IP"
152 #define HTTP_XFF_BUILTIN_NAMES (2)
153 #define HTTP_MAX_XFF_FIELDS 8
154
155 typedef struct _StreamSessionKey
156 {
157 /* XXX If this data structure changes size, HashKeyCmp must be updated! */
158 uint32_t ip_l[4]; /* Low IP */
159 uint32_t ip_h[4]; /* High IP */
160 uint16_t port_l; /* Low Port - 0 if ICMP */
161 uint16_t port_h; /* High Port - 0 if ICMP */
162 uint16_t vlan_tag;
163 uint8_t protocol;
164 char pad;
165 uint32_t mplsLabel; /* MPLS label */
166 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
167 uint16_t addressSpaceId_l; /* Low ASID */
168 uint16_t addressSpaceId_h; /* Higher ASID */
169 #else
170 uint16_t addressSpaceId;
171 uint16_t addressSpaceIdPad1;
172 #endif
173 #if !defined(SFLINUX) && defined(DAQ_CAPA_CARRIER_ID)
174 uint32_t carrierId;
175 #endif
176 /* XXX If this data structure changes size, HashKeyCmp must be updated! */
177 } StreamSessionKey;
178
179 typedef StreamSessionKey SessionKey;
180
181 typedef void ( *StreamAppDataFree )( void * );
182 typedef struct _StreamAppData
183 {
184 uint32_t protocol;
185 void *dataPointer;
186 struct _StreamAppData *next;
187 struct _StreamAppData *prev;
188 StreamAppDataFree freeFunc;
189 } StreamAppData;
190
191 typedef struct _StreamFlowData
192 {
193 BITOP boFlowbits;
194 unsigned char flowb[1];
195 } StreamFlowData;
196
197 typedef struct _StreamSessionLimits
198 {
199 uint32_t tcp_session_limit;
200 uint32_t udp_session_limit;
201 uint32_t icmp_session_limit;
202 uint32_t ip_session_limit;
203 } StreamSessionLimits;
204
205 typedef struct _StreamHAState
206 {
207 uint32_t session_flags;
208
209 #ifdef TARGET_BASED
210 int16_t ipprotocol;
211 int16_t application_protocol;
212 #endif
213
214 char direction;
215 char ignore_direction; /* flag to ignore traffic on this session */
216 } StreamHAState;
217
218 typedef enum {
219 SE_REXMIT,
220 SE_EOF,
221 SE_MAX
222 } Stream_Event;
223
224 //typedef void (*LogExtraData)(void *ssnptr, void *config, LogFunction *funcs, uint32_t max_count,
225 // uint32_t xtradata_mask, uint32_t id, uint32_t sec);
226
227 #ifdef ENABLE_HA
228 typedef uint32_t ( *StreamHAProducerFunc )( void *ssnptr, uint8_t *buf );
229 typedef int ( *StreamHAConsumerFunc )( void *ssnptr, const uint8_t *data, uint8_t length );
230 #endif
231
232 extern uint32_t HA_CRITICAL_SESSION_FLAGS;
233
234 // Protocol types for creating session cache
235 #define SESSION_PROTO_TCP 0x00
236 #define SESSION_PROTO_UDP 0x01
237 #define SESSION_PROTO_ICMP 0x02
238 #define SESSION_PROTO_IP 0x03
239 #define SESSION_PROTO_MAX 0x04
240
241 // Snort Policy Types
242 #define SNORT_NAP_POLICY 0x00
243 #define SNORT_IPS_POLICY 0x01
244
245 struct _SnortConfig;
246 struct _ExpectNode;
247
248 typedef void( *SessionCleanup )( void *ssn );
249 typedef void ( *nap_selector )( Packet *p, bool client_packet );
250 typedef void (*MandatoryEarlySessionCreatorFn)(void *ssn, struct _ExpectNode*);
251 typedef char** (*GetHttpXffPrecedenceFunc)(void* ssn, uint32_t flags, int* nFields);
252
253 struct _SessionCache;
254 typedef struct _session_api
255 {
256 int version;
257
258 /* Create a protocol specific cache for session control blocks
259 *
260 * Parameters:
261 * Session procotol type
262 * Protocol Session Control Block Size
263 * Cleanup callback function
264 */
265 struct _SessionCache* (*init_session_cache)(uint32_t, uint32_t, SessionCleanup);
266
267 /* Lookup and return pointer to Session Control Block
268 *
269 * Parameters
270 * Session Cache
271 * Packet
272 * Session Key
273 */
274 void *(*get_session)(struct _SessionCache*, Packet *, SessionKey *);
275
276 /* Populate a session key from the Packet
277 *
278 * Parameters
279 * Packet
280 * Stream session key pointer
281 */
282 void (*populate_session_key)(Packet *, StreamSessionKey *);
283
284
285 /* Lookup session by IP and Port from packet and return pointer to Session Control Block
286 *
287 * Parameters
288 * Source IP
289 * Source Port
290 * Destination IP
291 * Destination Port
292 * Protocol
293 * VLAN
294 * MPLS ID
295 * Address Space ID
296 * Session Key
297 */
298 int (*get_session_key_by_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char, uint16_t,
299 uint32_t,
300 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
301 uint16_t, uint16_t,
302 #else
303 uint16_t,
304 #endif
305 #if !defined(SFLINUX) && defined(DAQ_CAPA_CARRIER_ID)
306 uint32_t,
307 #endif
308 SessionKey *);
309
310 /* Lookup by session key and return Session Control Block
311 *
312 * Parameters
313 * Session Cache (protocol specific)
314 * Session Key
315 *
316 */
317 void *(*get_session_by_key)(struct _SessionCache*, const SessionKey *);
318
319 /* Lookup by session key and return Session Control Block - relys on the SessionKey to determine which cache
320 *
321 * Parameters
322 * Session Key
323 *
324 */
325 void *(*get_session_handle)(const SessionKey *);
326
327 /* Create a new session
328 *
329 * Parameters
330 * Session Cache (protocol specific)
331 * Packet
332 * Session Key
333 *
334 */
335 void *(*create_session)(struct _SessionCache*, Packet *, const SessionKey *);
336
337 /* Is session verified by protocol
338 *
339 * Parameters
340 * Session Control Block
341 */
342 bool (*is_session_verified)( void * );
343
344 /* remove session from oneway list
345 *
346 * Parameters
347 * protocol
348 * Session Control Block
349 */
350 void (*remove_session_from_oneway_list)( uint32_t, void * );
351
352 /* Delete a session
353 *
354 * Parameters
355 * Session cache (protocol specific)
356 * Session Control Block
357 * Reason
358 * Delete sycnhronous
359 */
360 int (*delete_session)(struct _SessionCache*, void *, char *, bool);
361
362 /* Delete a session but without providing the session cache.
363 *
364 * Parameters
365 * Session Control Block
366 * Reason
367 */
368 int (*delete_session_by_key)(void *, char *);
369
370 /* Print session cache
371 *
372 * Parameters
373 * Session cache (protocol specific)
374 *
375 */
376 void (*print_session_cache)(struct _SessionCache*);
377
378 /* Delete session cache
379 *
380 * Parameters
381 * protocol
382 *
383 */
384 int (*delete_session_cache)( uint32_t protocol );
385
386 /* Purge session cache
387 *
388 * Parameters
389 * Session cache (protocol specific)
390 *
391 */
392 int (*purge_session_cache)(struct _SessionCache*);
393
394 /* Prune session cache
395 *
396 * Parameters
397 * Session cache (protocol specific)
398 * Time
399 * Session Control Block
400 * Mem Check
401 *
402 */
403 int (*prune_session_cache)(struct _SessionCache*, uint32_t, void *, int);
404
405 /* Clean memory pool for protocol sessions by protocol
406 *
407 * Parameters
408 * protocol
409 *
410 */
411 void (*clean_protocol_session_pool)( uint32_t );
412
413 /* Free protocol session memory by protocol
414 *
415 * Parameters
416 * protocol
417 * Session Pointer
418 */
419 void (*free_protocol_session_pool)( uint32_t, void * );
420
421 /* Allocate session from protocol session pool
422 *
423 * Parameters
424 * protocol
425 */
426 void *(*alloc_protocol_session)( uint32_t );
427
428 /* Get session count
429 *
430 * Parameters
431 * Session cache (protocol specific)
432 *
433 */
434 int (*get_session_count)(struct _SessionCache*);
435
436 /* Get prune count by protocol
437 *
438 * Parameters
439 * protocol
440 */
441 uint32_t (*get_session_prune_count)( uint32_t protocol );
442
443 /* Reset prune count by protocol
444 *
445 * Parameters
446 * protocol
447 */
448 void (*reset_session_prune_count)( uint32_t protocol );
449
450 /* Check session timeout
451 *
452 * Parameters
453 * Flow count
454 * Current time
455 */
456 void (*check_session_timeout)( uint32_t, time_t );
457
458 /* Return status of protocol tracking for specified protocol
459 *
460 * Parameters
461 * proto
462 *
463 */
464 int (*protocol_tracking_enabled)( IpProto proto );
465
466 /* Set packet direction flag
467 *
468 * Parameters
469 * Packet
470 * Session Control Block
471 *
472 */
473 void (*set_packet_direction_flag)(Packet *, void *);
474
475 /* Free session application data
476 *
477 * Parameters
478 * Session Control Block
479 *
480 */
481 void (*free_application_data)(void *);
482
483 /* Get direction of packet
484 *
485 * Parameters:
486 * Packet
487 */
488 uint32_t (*get_packet_direction)(Packet *);
489
490 /* Disable inspection for a sesion.
491 *
492 * Parameters
493 * Session Ptr
494 * Packet
495 */
496 void (*disable_inspection)(void *, Packet *);
497
498 /* Stop inspection for session, up to count bytes (-1 to ignore
499 * for life or until resume).
500 *
501 * If response flag is set, automatically resume inspection up to
502 * count bytes when a data packet in the other direction is seen.
503 *
504 * Also marks the packet to be ignored
505 *
506 * Parameters
507 * Session Ptr
508 * Packet
509 * Direction
510 * Bytes
511 * Response Flag
512 */
513 void (*stop_inspection)(void *, Packet *, char, int32_t, int);
514
515 /* Turn off inspection for potential session.
516 * Adds session identifiers to a hash table.
517 * TCP only.
518 *
519 * Parameters
520 * IP addr #1
521 * Port #1
522 * IP addr #2
523 * Port #2
524 * Protocol
525 * Preprocessor ID
526 * Direction
527 * Flags (permanent)
528 *
529 * Returns
530 * 0 on success
531 * -1 on failure
532 */
533 int (*ignore_session)(const Packet *, sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, uint8_t,
534 uint32_t, char, char, struct _ExpectNode**);
535
536 /* Get direction that data is being ignored.
537 *
538 * Parameters
539 * Session Ptr
540 */
541 int (*get_ignore_direction)(void *);
542
543 /* Resume inspection for session.
544 *
545 * Parameters
546 * Session Ptr
547 * Direction
548 */
549 void (*resume_inspection)(void *, char);
550
551 /* Drop traffic arriving on session.
552 *
553 * Parameters
554 * Session Ptr
555 * Direction
556 */
557 void (*drop_traffic)(Packet *, void *, char);
558
559 /* Set a reference to application data for a session
560 *
561 * Parameters
562 * Session Ptr
563 * Application Protocol
564 * Application Data reference (pointer)
565 * Application Data free function
566 *
567 * Returns
568 * 0 on success
569 * -1 on failure
570 */
571 int (*set_application_data)(void *, uint32_t, void *, StreamAppDataFree);
572
573 /* Set a reference to application data for a session
574 *
575 * Parameters
576 * Session Ptr
577 * Application Protocol
578 *
579 * Returns
580 * Application Data reference (pointer)
581 */
582 void *(*get_application_data)(void *, uint32_t);
583
584 /*
585 * Set Expiration Timeout
586 *
587 * Parameters
588 * Packet
589 * Session Ptr
590 * timeout
591 */
592 void (*set_expire_timer)( Packet *, void *, uint32_t );
593
594 /* Get Expriration Timeou
595 *
596 * Parameters
597 * Packet
598 * Session Ptr
599 *
600 */
601 int (*get_expire_timer)( Packet *, void *);
602
603 /* Sets the flags for a session
604 * This ORs the supplied flags with the previous values
605 *
606 * Parameters
607 * Session Ptr
608 * Flags
609 *
610 * Returns
611 * New Flags
612 */
613 uint32_t (*set_session_flags)(void *, uint32_t);
614
615 /* Gets the flags for a session
616 *
617 * Parameters
618 * Session Ptr
619 */
620 uint32_t (*get_session_flags)(void *);
621
622 /* Get the runtime policy index for policy type
623 * specified
624 *
625 * Parameters
626 * Session Ptr
627 * Policy Type: NAP or IPS
628 */
629 tSfPolicyId (*get_runtime_policy)(void *, int);
630
631 /* Set the runtime policy index for policy type
632 * specified
633 *
634 * Parameters
635 * Session Ptr
636 * Policy Type: NAP or IPS
637 * Index for this policy
638 */
639 void (*set_runtime_policy)(void *, int, tSfPolicyId);
640
641
642 /* Get Flowbits data
643 *
644 * Parameters
645 * Packet
646 *
647 * Returns
648 * Ptr to Flowbits Data
649 */
650
651 StreamFlowData *(*get_flow_data)(Packet *p);
652
653 /* Set if Session Deletion to be delayed
654 *
655 * Parameters
656 * Session Ptr
657 * bool to set/unset delay_session_deletion_flag
658 *
659 */
660 void (*set_session_deletion_delayed)(void *, bool);
661
662 /* Returns if SessionDeletion to be delayed or not
663 *
664 * Parameters
665 * Session Ptr
666 *
667 * Returns
668 * bool value denoting if sessionDeletion Delayed or not
669 *
670 */
671 bool (*is_session_deletion_delayed)(void *);
672
673 #ifdef TARGET_BASED
674 /* Register preproc handler for the specifed application id
675 *
676 * Parameters
677 * Preprocessor Id
678 * Application ID
679 */
680 void (*register_service_handler)(uint32_t, int16_t);
681
682
683 /* Get the protocol identifier from a stream
684 *
685 * Parameters
686 * Session Ptr
687 *
688 * Returns
689 * integer protocol identifier
690 */
691 int16_t (*get_application_protocol_id)(void *);
692
693 /* Set the protocol identifier for a stream
694 *
695 * Parameters
696 * Session Ptr
697 * ID
698 *
699 * Returns
700 * integer protocol identifier
701 */
702 int16_t (*set_application_protocol_id)(void *, int16_t);
703
704 /* Get server IP address. This could be used either during packet processing or when
705 * a session is being closed. Caller should make a deep copy if return value is needed
706 * for later use.
707 *
708 * Arguments
709 * void * - session pointer
710 * uint32_t - direction. Valid values are SSN_DIR_SERVER or SSN_DIR_CLIENT
711 *
712 * Returns
713 * IP address. Contents at the buffer should not be changed. The
714 */
715 sfaddr_t* (*get_session_ip_address)(void *, uint32_t);
716
717 /* Get server/client ports.
718 *
719 * Arguments
720 * void * - session pointer
721 * uint16_t *client_port - client port pointer
722 * uint16_t *server_port - server port pointer
723 *
724 * Returns
725 * Ports.
726 */
727 void (*get_session_ports)(void *, uint16_t *client_port, uint16_t *server_port);
728 #endif
729
730 /** Get an independent bit to allow an entity to enable and
731 * disable port session tracking and syn session creation
732 * without affecting the status of set by other entities.
733 * Returns a bitmask (with the bit range 3-15) or 0, if no bits
734 * are available.
735 */
736 uint16_t (*get_preprocessor_status_bit)(void);
737
738 #ifdef ACTIVE_RESPONSE
739 // initialize response count and expiration time
740 void (*init_active_response)(Packet *, void *);
741 #endif
742
743 // Get the TTL value used at session setup
744 // outer=0 to get inner ip ttl for ip in ip; else outer=1
745 uint8_t (*get_session_ttl)(void *ssnptr, char direction, int outer);
746
747 /* Turn off inspection for potential session.
748 * Adds session identifiers to a hash table.
749 * TCP only.
750 *
751 * Parameters
752 * Control Channel Packet
753 * IP addr #1
754 * Port #1
755 * IP addr #2
756 * Port #2
757 * Protocol
758 * ID,
759 * Preprocessor ID calling this function,
760 * Preprocessor specific data,
761 * Preprocessor data free function. If NULL, then static buffer is assumed.
762 *
763 * Returns
764 * 0 on success
765 * -1 on failure
766 */
767 int (*set_application_protocol_id_expected)(const Packet *, sfaddr_t*, uint16_t, sfaddr_t*, uint16_t,
768 uint8_t, int16_t, uint32_t, void*, void (*)(void*), struct _ExpectNode**);
769
770 #ifdef ENABLE_HA
771 /* Register a high availability producer and consumer function pair for a
772 * particular preprocessor ID and subcode combination.
773 *
774 * Parameters
775 * Processor ID
776 * Subcode
777 * Maximum Message Size
778 * Message Producer Function
779 * Message Consumer Function
780 *
781 * Returns
782 * >= 0 on success
783 * The returned value is the bit number in the HA pending bitmask and
784 * should be stored for future calls to set_ha_pending_bit().
785 * < 0 on failure
786 */
787 int (*register_ha_funcs)(uint32_t preproc_id, uint8_t subcode, uint8_t size,
788 StreamHAProducerFunc produce, StreamHAConsumerFunc consume);
789
790 /* Unregister a high availability producer and consumer function pair for a
791 * particular preprocessor ID and subcode combination.
792 *
793 * Parameters
794 * Processor ID
795 * Subcode
796 */
797 void (*unregister_ha_funcs)(uint32_t preproc_id, uint8_t subcode);
798
799 /* Indicate a pending high availability update for a given session.
800 *
801 * Parameters
802 * Session Ptr
803 * HA Pending Update Bit
804 */
805 void (*set_ha_pending_bit)(void *, int bit);
806
807 /* Attempt to process any pending HA events for the given session
808 *
809 * Parameters
810 * Session Ptr
811 * DAQ Packet Header for the packet being processed (Could be NULL)
812 */
813 void (*process_ha)(void *, const DAQ_PktHdr_t *);
814 #endif
815
816 //Retrieve the maximum session limits for the given policy
817 void (*get_max_session_limits)(tSfPolicyId, StreamSessionLimits*);
818
819 /* Set direction that data is being ignored.
820 *
821 * Parameters
822 * Session Ptr
823 */
824 int (*set_ignore_direction)(void *, int);
825
826 /** Retrieve stream session pointer based on the lookup tuples for
827 * cases where Snort does not have an active packet that is
828 * relevant.
829 *
830 * Parameters
831 * IP addr #1
832 * Port #1 (0 for non TCP/UDP)
833 * IP addr #2
834 * Port #2 (0 for non TCP/UDP)
835 * Protocol
836 * VLAN ID
837 * MPLS ID
838 * Address Space ID
839 *
840 * Returns
841 * Stream session pointer
842 */
843 void *(*get_session_ptr_from_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t, char,
844 uint16_t, uint32_t,
845 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
846 uint16_t, uint16_t
847 #else
848 uint16_t
849 #endif
850 #if !defined(SFLINUX) && defined(DAQ_CAPA_CARRIER_ID)
851 , uint32_t
852 #endif
853 );
854
855 /** Retrieve the session key given a stream session pointer.
856 *
857 * Parameters
858 * Session Ptr
859 *
860 * Returns
861 * Stream session key
862 */
863 const StreamSessionKey *(*get_key_from_session_ptr)(const void *);
864
865 /* Delete the session if it is in the closed session state.
866 *
867 * Parameters
868 * Packet
869 */
870 void (*check_session_closed)(Packet *);
871
872 /* Create a session key from the Packet
873 *
874 * Parameters
875 * Packet
876 */
877 StreamSessionKey *(*get_session_key)(Packet *);
878
879 /* Get the application data from the session key
880 *
881 * Parameters
882 * SessionKey *
883 * Application Protocol
884 */
885 void *(*get_application_data_from_key)(const StreamSessionKey *, uint32_t);
886
887 /** Retrieve application session data based on the lookup tuples for
888 * cases where Snort does not have an active packet that is
889 * relevant.
890 *
891 * Parameters
892 * IP addr #1
893 * Port #1 (0 for non TCP/UDP)
894 * IP addr #2
895 * Port #2 (0 for non TCP/UDP)
896 * Protocol
897 * VLAN ID
898 * MPLS ID
899 * Address Space ID
900 * Preprocessor ID
901 *
902 * Returns
903 * Application Data reference (pointer)
904 */
905 void *(*get_application_data_from_ip_port)(sfaddr_t*, uint16_t, sfaddr_t*, uint16_t,
906 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
907 uint16_t, uint16_t,
908 #else
909 uint16_t,
910 #endif
911 #if !defined(SFLINUX) && defined(DAQ_CAPA_CARRIER_ID)
912 uint32_t,
913 #endif
914 char, uint16_t, uint32_t, uint32_t);
915
916 void (*disable_preproc_for_session)( void *, uint32_t );
917 void (*enable_preproc_for_port)( struct _SnortConfig *, uint32_t, uint32_t, uint16_t );
918 void (*enable_preproc_all_ports)( struct _SnortConfig *, uint32_t, uint32_t );
919 void (*enable_preproc_all_ports_all_policies)( struct _SnortConfig *, uint32_t, uint32_t );
920 bool (*is_preproc_enabled_for_port)( uint32_t, uint16_t );
921 void (*register_nap_selector)( nap_selector );
922 void (*register_mandatory_early_session_creator)(struct _SnortConfig *,
923 MandatoryEarlySessionCreatorFn callback);
924 void* (*get_application_data_from_expected_node)(struct _ExpectNode*, uint32_t);
925 int (*add_application_data_to_expected_node)(struct _ExpectNode*, uint32_t, void*, void (*)(void*));
926 void (*register_get_http_xff_precedence)(GetHttpXffPrecedenceFunc );
927 char** (*get_http_xff_precedence)(void* ssn, uint32_t flags, int* nFields);
928 struct _ExpectNode* (*get_next_expected_node)(struct _ExpectNode*);
929 void (*set_reputation_update_counter) (void *,uint8_t);
930 } SessionAPI;
931
932 /* To be set by Session */
933 extern SessionAPI *session_api;
934
935 /**Port Inspection States. Port can be either ignored,
936 * or inspected or session tracked. The values are bitmasks.
937 */
938 typedef enum {
939 /**Dont monitor the port. */
940 PORT_MONITOR_NONE = 0x00,
941
942 /**Inspect the port. */
943 PORT_MONITOR_INSPECT = 0x01,
944
945 /**perform session tracking on the port. */
946 PORT_MONITOR_SESSION = 0x02
947
948 } PortMonitorStates;
949
950 #define PORT_MONITOR_SESSION_BITS 0xFFFE
951
952 #define PP_SESSION_PRIORITY PRIORITY_CORE + PP_CORE_ORDER_SESSION
953
954 // Utility functions
955 //
956 /*********************************************************************
957 * Function: isPortEnabled
958 *
959 * Checks to see if a port is enabled in the port array mask
960 * passed in.
961 *
962 * Arguments:
963 * uint8_t *
964 * Pointer to a port array mask.
965 * const uint16_t
966 * The port to check for in the mask.
967 *
968 * Returns:
969 * bool
970 * true if the port is set.
971 * false if the port is not set.
972 *
973 *********************************************************************/
isPortEnabled(const uint8_t * port_array,const uint16_t port)974 static inline bool isPortEnabled( const uint8_t *port_array, const uint16_t port )
975 {
976 return port_array[ ( port / 8 ) ] & ( 1 << ( port % 8 ) );
977 }
978
979 /*********************************************************************
980 * Function: enablePort()
981 *
982 * Enable a port in the port array mask passed in.
983 *
984 * Arguments:
985 * uint8_t *
986 * Pointer to a port array mask.
987 * const uint16_t
988 * The port to set in the port array mask.
989 *
990 * Returns: None
991 *
992 *********************************************************************/
enablePort(uint8_t * port_array,const uint16_t port)993 static inline void enablePort( uint8_t *port_array, const uint16_t port )
994 {
995 port_array[ ( port / 8 ) ] |= ( 1 << ( port % 8 ) );
996 }
997
998 /*********************************************************************
999 * Function: disablePort()
1000 *
1001 * Disable a port in the port array mask passed in.
1002 *
1003 * Arguments:
1004 * uint8_t *
1005 * Pointer to a port array mask.
1006 * const uint16_t
1007 * The port to set in the port array mask.
1008 *
1009 * Returns: None
1010 *
1011 *********************************************************************/
disablePort(uint8_t * port_array,const uint16_t port)1012 static inline void disablePort( uint8_t *port_array, const uint16_t port )
1013 {
1014 port_array[ ( port / 8 ) ] &= ~( 1 << ( port % 8 ) );
1015 }
1016
1017 #endif /* SESSION_API_H_ */
1018
1019