1 /* 2 ** $Id$ 3 ** 4 ** fpfuncs.h 5 ** 6 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 7 ** Copyright (C) 2002-2013 Sourcefire, Inc. 8 ** Dan Roelker <droelker@sourcefire.com> 9 ** Marc Norton <mnorton@sourcefire.com> 10 ** 11 ** NOTES 12 ** 5.15.02 - Initial Source Code. Norton/Roelker 13 ** 14 ** This program is free software; you can redistribute it and/or modify 15 ** it under the terms of the GNU General Public License Version 2 as 16 ** published by the Free Software Foundation. You may not use, modify or 17 ** distribute this program under any other version of the GNU General 18 ** Public License. 19 ** 20 ** This program is distributed in the hope that it will be useful, 21 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 22 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 ** GNU General Public License for more details. 24 ** 25 ** You should have received a copy of the GNU General Public License 26 ** along with this program; if not, write to the Free Software 27 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 28 ** 29 */ 30 31 #ifndef __FPDETECT_H__ 32 #define __FPDETECT_H__ 33 34 #ifdef HAVE_CONFIG_H 35 #include "config.h" 36 #endif 37 38 #include "fpcreate.h" 39 #include "snort_debug.h" 40 #include "decode.h" 41 #include "sflsq.h" 42 #include "event_queue.h" 43 #include "sfPolicy.h" 44 45 #define REBUILD_FLAGS (PKT_REBUILT_FRAG | PKT_REBUILT_STREAM) 46 47 /* 48 ** This is the only function that is needed to do an 49 ** inspection on a packet. 50 */ 51 int fpEvalPacket(Packet *p); 52 53 int fpLogEvent(RuleTreeNode *rtn, OptTreeNode *otn, Packet *p); 54 int fpEvalRTN(RuleTreeNode *rtn, Packet *p, int check_ports); 55 56 /* 57 ** This define is for the number of unique events 58 ** to match before choosing which event to log. 59 ** (Since we can only log one.) This define is the limit. 60 */ 61 #define MAX_EVENT_MATCH 100 62 63 /* 64 ** MATCH_INFO 65 ** The events that are matched get held in this structure, 66 ** and iMatchIndex gets set to the event that holds the 67 ** highest priority. 68 */ 69 typedef struct { 70 71 OptTreeNode *MatchArray[MAX_EVENT_MATCH]; 72 int iMatchCount; 73 int iMatchIndex; 74 int iMatchMaxLen; 75 76 }MATCH_INFO; 77 78 /* 79 ** OTNX_MATCH_DATA 80 ** This structure holds information that is 81 ** referenced during setwise pattern matches. 82 ** It also contains information regarding the 83 ** number of matches that have occurred and 84 ** the event to log based on the event comparison 85 ** function. 86 */ 87 typedef struct 88 { 89 PORT_GROUP * pg; 90 Packet * p; 91 int check_ports; 92 93 MATCH_INFO *matchInfo; 94 int iMatchInfoArraySize; 95 } OTNX_MATCH_DATA; 96 97 OTNX_MATCH_DATA * OtnXMatchDataNew(int); 98 void OtnxMatchDataFree(OTNX_MATCH_DATA *); 99 100 int fpAddMatch( OTNX_MATCH_DATA *omd_local, int pLen, OptTreeNode *otn); 101 void fpEvalIpProtoOnlyRules(SF_LIST **, Packet *); 102 103 OptTreeNode *GetOtnForPolicy( 104 uint32_t, 105 uint32_t, 106 uint32_t, 107 uint32_t, 108 uint32_t, 109 const char *, 110 tSfPolicyId 111 ); 112 113 OptTreeNode *GetApplicableOtn( 114 uint32_t, 115 uint32_t, 116 uint32_t, 117 uint32_t, 118 uint32_t, 119 const char * 120 ); 121 122 #define TO_SERVER 1 123 #define TO_CLIENT 0 124 125 #endif 126