1 /* $Id$ */ 2 /* 3 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 4 ** Copyright (C) 2010-2013 Sourcefire, Inc. 5 ** 6 ** This program is free software; you can redistribute it and/or modify 7 ** it under the terms of the GNU General Public License Version 2 as 8 ** published by the Free Software Foundation. You may not use, modify or 9 ** distribute this program under any other version of the GNU General 10 ** Public License. 11 ** 12 ** This program is distributed in the hope that it will be useful, 13 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 ** GNU General Public License for more details. 16 ** 17 ** You should have received a copy of the GNU General Public License 18 ** along with this program; if not, write to the Free Software 19 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 20 */ 21 22 #ifndef __SPP_NORMALIZE_H__ 23 #define __SPP_NORMALIZE_H__ 24 25 #ifdef NORMALIZER 26 27 // these control protocol specific normalizations 28 29 typedef enum { 30 NORM_IP4 = 0x00000001, // core ip4 norms 31 //NORM_IP4_ID = 0x00000002, // tbd: encrypt ip id 32 NORM_IP4_DF = 0x00000004, // clear df 33 NORM_IP4_RF = 0x00000008, // clear rf 34 NORM_IP4_TTL = 0x00000010, // ensure min ttl 35 NORM_ICMP4 = 0x00000020, // core icmp4 norms 36 NORM_IP6 = 0x00000040, // core ip6 norms 37 NORM_IP6_TTL = 0x00000080, // ensure min hop limit 38 NORM_ICMP6 = 0x00000100, // core icmp6 norms 39 NORM_TCP_BLOCK = 0x00000200, // enable tcp norms (used for normalizer indexing) 40 NORM_TCP_RSV = 0x00000400, // clear reserved bits 41 NORM_TCP_PAD = 0x00000800, // clear option padding bytes 42 NORM_TCP_REQ_URG = 0x00001000, // clear URP if URG = 0 43 NORM_TCP_REQ_PAY = 0x00002000, // clear URP/URG on no payload 44 NORM_TCP_REQ_URP = 0x00004000, // clear URG if URP is not set 45 NORM_TCP_ECN_PKT = 0x00008000, // clear ece and cwr 46 NORM_TCP_ECN_STR = 0x00010000, // clear if not negotiated (stream) 47 NORM_TCP_URP = 0x00020000, // trim urp to dsize 48 NORM_TCP_OPT = 0x00040000, // nop over non-essential options 49 NORM_TCP_IPS = 0x00080000, // enable stream normalization/pre-ack flushing 50 NORM_IP4_TOS = 0x00100000, // clear tos/diff-serv 51 NORM_IP4_TRIM = 0x00200000, // enforce min frame 52 NORM_TCP_TRIM_SYN = 0x00400000, // strip data from syn 53 NORM_TCP_TRIM_RST = 0x00800000, // strip data from rst 54 NORM_TCP_TRIM_WIN = 0x01000000, // trim to window 55 NORM_TCP_TRIM_MSS = 0x02000000, // trim to mss 56 NORM_ALL = 0x07FFFFFF // all normalizations on 57 } NormFlags; 58 59 // if this != 0, tcp normalizer should be enabled 60 #define NORM_TCP NORM_TCP_BLOCK | \ 61 NORM_TCP_RSV | \ 62 NORM_TCP_PAD | \ 63 NORM_TCP_REQ_URG | \ 64 NORM_TCP_REQ_PAY | \ 65 NORM_TCP_REQ_URP | \ 66 NORM_TCP_ECN_PKT | \ 67 NORM_TCP_ECN_STR | \ 68 NORM_TCP_URP | \ 69 NORM_TCP_OPT | \ 70 NORM_TCP_IPS | \ 71 NORM_TCP_TRIM_SYN | \ 72 NORM_TCP_TRIM_RST | \ 73 NORM_TCP_TRIM_WIN | \ 74 NORM_TCP_TRIM_MSS 75 76 // this can be used to index norm stat trackers 77 // ensure this aligns with structures in perf-base, normalize, and snort_stream_tcp 78 typedef enum { 79 NORM_MODE_OFF = -1, 80 NORM_MODE_ON = 0, 81 NORM_MODE_WOULDA = 1, 82 NORM_MODE_MAX = 2 83 } NormMode; 84 85 struct _SnortConfig; 86 87 typedef uint64_t PegCount; 88 89 void SetupNormalizer(void); 90 NormMode Normalize_GetMode(const struct _SnortConfig*, NormFlags); 91 #endif 92 93 #endif 94 95