1 //--------------------------------------------------------------------------
2 // Copyright (C) 2015-2021 Cisco and/or its affiliates. All rights reserved.
3 //
4 // This program is free software; you can redistribute it and/or modify it
5 // under the terms of the GNU General Public License Version 2 as published
6 // by the Free Software Foundation.  You may not use, modify or distribute
7 // this program under any other version of the GNU General Public License.
8 //
9 // This program is distributed in the hope that it will be useful, but
10 // WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12 // General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License along
15 // with this program; if not, write to the Free Software Foundation, Inc.,
16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
17 //--------------------------------------------------------------------------
18 
19 // tcp_normalizer.h author davis mcpherson <davmcphe@cisco.com>
20 // Created on: Jul 31, 2015
21 
22 #ifndef TCP_NORMALIZER_H
23 #define TCP_NORMALIZER_H
24 
25 #include "tcp_defs.h"
26 
27 #include "main/thread.h"
28 #include "normalize/normalize.h"
29 #include "protocols/tcp_options.h"
30 
31 enum TcpPegCounts
32 {
33     PC_TCP_TRIM_SYN,
34     PC_TCP_TRIM_RST,
35     PC_TCP_TRIM_WIN,
36     PC_TCP_TRIM_MSS,
37     PC_TCP_ECN_SSN,
38     PC_TCP_TS_NOP,
39     PC_TCP_IPS_DATA,
40     PC_TCP_BLOCK,
41     PC_TCP_MAX
42 };
43 
44 extern THREAD_LOCAL PegCount tcp_norm_stats[PC_TCP_MAX][NORM_MODE_MAX];
45 
46 class TcpStreamSession;
47 class TcpStreamTracker;
48 class TcpSegmentDescriptor;
49 
50 struct TcpNormalizerState
51 {
52     TcpStreamSession* session = nullptr;
53     TcpStreamTracker* tracker = nullptr;
54     TcpStreamTracker* peer_tracker = nullptr;
55 
56     StreamPolicy os_policy = StreamPolicy::OS_DEFAULT;
57 
58     int32_t paws_ts_fudge = 0;
59     int tcp_ts_flags = 0;
60 
61     int8_t trim_syn = 0;
62     int8_t trim_rst = 0;
63     int8_t trim_win = 0;
64     int8_t trim_mss = 0;
65     int8_t strip_ecn = 0;
66     int8_t tcp_block = 0;
67     int8_t opt_block = 0;
68 
69     bool tcp_ips_enabled = false;
70     bool paws_drop_zero_ts = false;
71 };
72 
73 class TcpNormalizer
74 {
75 public:
76     using State = TcpNormalizerState;
77 
78     virtual ~TcpNormalizer() = default;
79 
init(State &)80     virtual void init(State&) { }
81     virtual bool packet_dropper(State&, TcpSegmentDescriptor&, NormFlags);
82     virtual bool trim_syn_payload(State&, TcpSegmentDescriptor&, uint32_t max = 0);
83     virtual void trim_rst_payload(State&, TcpSegmentDescriptor&, uint32_t max = 0);
84     virtual void trim_win_payload(State&, TcpSegmentDescriptor&, uint32_t max = 0,
85         bool force = false);
86     virtual void trim_mss_payload(State&, TcpSegmentDescriptor&, uint32_t max = 0);
87     virtual void ecn_tracker(State&, const snort::tcp::TCPHdr*, bool req3way);
88     virtual void ecn_stripper(State&, TcpSegmentDescriptor&);
89     virtual uint32_t get_stream_window(State&, TcpSegmentDescriptor&);
90     virtual uint32_t get_tcp_timestamp(State&, TcpSegmentDescriptor&, bool strip);
91     virtual int handle_paws(State&, TcpSegmentDescriptor&);
92     virtual bool validate_rst(State&, TcpSegmentDescriptor&);
93     virtual int handle_repeated_syn(State&, TcpSegmentDescriptor&) = 0;
94     virtual uint16_t set_urg_offset(State&, const snort::tcp::TCPHdr* tcph, uint16_t dsize);
95 
96     static const PegInfo* get_normalization_pegs();
97     static NormPegs get_normalization_counts(unsigned&);
98     static void reset_stats();
99 
100 protected:
101     TcpNormalizer() = default;
102 
103     virtual bool trim_payload(State&, TcpSegmentDescriptor&, uint32_t, NormMode, TcpPegCounts,
104         bool force = false);
105     virtual bool strip_tcp_timestamp(
106         State&, TcpSegmentDescriptor&, const snort::tcp::TcpOption*, NormMode);
107     virtual bool validate_rst_seq_geq(State&, TcpSegmentDescriptor&);
108     virtual bool validate_rst_end_seq_geq(State&, TcpSegmentDescriptor&);
109     virtual bool validate_rst_seq_eq(State&, TcpSegmentDescriptor&);
110 
111     virtual int validate_paws_timestamp(State&, TcpSegmentDescriptor&);
112     virtual bool is_paws_ts_checked_required(State&, TcpSegmentDescriptor&);
113     virtual int validate_paws(State&, TcpSegmentDescriptor&);
114     virtual int handle_paws_no_timestamps(State&, TcpSegmentDescriptor&);
115 };
116 
117 #endif
118 
119