1 /*
2 ** $Id$
3 **
4 ** fpfuncs.h
5 **
6 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
7 ** Copyright (C) 2002-2013 Sourcefire, Inc.
8 ** Dan Roelker <droelker@sourcefire.com>
9 ** Marc Norton <mnorton@sourcefire.com>
10 **
11 ** NOTES
12 ** 5.15.02 - Initial Source Code. Norton/Roelker
13 **
14 ** This program is free software; you can redistribute it and/or modify
15 ** it under the terms of the GNU General Public License Version 2 as
16 ** published by the Free Software Foundation.  You may not use, modify or
17 ** distribute this program under any other version of the GNU General
18 ** Public License.
19 **
20 ** This program is distributed in the hope that it will be useful,
21 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
22 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
23 ** GNU General Public License for more details.
24 **
25 ** You should have received a copy of the GNU General Public License
26 ** along with this program; if not, write to the Free Software
27 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
28 **
29 */
30 
31 #ifndef __FPDETECT_H__
32 #define __FPDETECT_H__
33 
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
37 
38 #include "fpcreate.h"
39 #include "snort_debug.h"
40 #include "decode.h"
41 #include "sflsq.h"
42 #include "event_queue.h"
43 #include "sfPolicy.h"
44 
45 #define REBUILD_FLAGS (PKT_REBUILT_FRAG | PKT_REBUILT_STREAM)
46 
47 /*
48 **  This is the only function that is needed to do an
49 **  inspection on a packet.
50 */
51 int fpEvalPacket(Packet *p);
52 
53 int fpLogEvent(RuleTreeNode *rtn, OptTreeNode *otn, Packet *p);
54 int fpEvalRTN(RuleTreeNode *rtn, Packet *p, int check_ports);
55 
56 /*
57 **  This define is for the number of unique events
58 **  to match before choosing which event to log.
59 **  (Since we can only log one.) This define is the limit.
60 */
61 #define MAX_EVENT_MATCH 100
62 
63 /*
64 **  MATCH_INFO
65 **  The events that are matched get held in this structure,
66 **  and iMatchIndex gets set to the event that holds the
67 **  highest priority.
68 */
69 typedef struct {
70 
71  OptTreeNode *MatchArray[MAX_EVENT_MATCH];
72  int  iMatchCount;
73  int  iMatchIndex;
74  int  iMatchMaxLen;
75 
76 }MATCH_INFO;
77 
78 /*
79 **  OTNX_MATCH_DATA
80 **  This structure holds information that is
81 **  referenced during setwise pattern matches.
82 **  It also contains information regarding the
83 **  number of matches that have occurred and
84 **  the event to log based on the event comparison
85 **  function.
86 */
87 typedef struct
88 {
89     PORT_GROUP * pg;
90     Packet * p;
91     int check_ports;
92 
93     MATCH_INFO *matchInfo;
94     int iMatchInfoArraySize;
95 } OTNX_MATCH_DATA;
96 
97 OTNX_MATCH_DATA * OtnXMatchDataNew(int);
98 void OtnxMatchDataFree(OTNX_MATCH_DATA *);
99 
100 int fpAddMatch( OTNX_MATCH_DATA *omd_local, int pLen, OptTreeNode *otn);
101 void fpEvalIpProtoOnlyRules(SF_LIST **, Packet *);
102 
103 OptTreeNode *GetOtnForPolicy(
104     uint32_t,
105     uint32_t,
106     uint32_t,
107     uint32_t,
108     uint32_t,
109     const char *,
110     tSfPolicyId
111     );
112 
113 OptTreeNode *GetApplicableOtn(
114     uint32_t,
115     uint32_t,
116     uint32_t,
117     uint32_t,
118     uint32_t,
119     const char *
120     );
121 
122 #define TO_SERVER 1
123 #define TO_CLIENT 0
124 
125 #endif
126