1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2015-2021 Cisco and/or its affiliates. All rights reserved. 3 // 4 // This program is free software; you can redistribute it and/or modify it 5 // under the terms of the GNU General Public License Version 2 as published 6 // by the Free Software Foundation. You may not use, modify or distribute 7 // this program under any other version of the GNU General Public License. 8 // 9 // This program is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License along 15 // with this program; if not, write to the Free Software Foundation, Inc., 16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 //-------------------------------------------------------------------------- 18 19 // tcp_reassemblers.h author davis mcpherson <davmcphe@cisco.com> 20 // Created on: Oct 9, 2015 21 22 #ifndef TCP_REASSEMBLERS_H 23 #define TCP_REASSEMBLERS_H 24 25 #include "tcp_reassembler.h" 26 27 class TcpReassemblerFactory 28 { 29 public: 30 static void initialize(); 31 static void term(); 32 static TcpReassembler* get_instance(StreamPolicy); 33 34 private: 35 TcpReassemblerFactory() = delete; 36 37 static TcpReassembler* reassemblers[StreamPolicy::OS_END_OF_LIST]; 38 }; 39 40 class TcpReassemblerPolicy 41 { 42 public: 43 TcpReassemblerPolicy() = default; 44 ~TcpReassemblerPolicy() = default; 45 46 void init(TcpSession* ssn, TcpStreamTracker* trk, StreamPolicy pol, bool server); 47 void reset(); 48 queue_packet_for_reassembly(TcpSegmentDescriptor & tsd)49 void queue_packet_for_reassembly(TcpSegmentDescriptor& tsd) 50 { reassembler->queue_packet_for_reassembly(trs, tsd); } 51 add_alert(uint32_t gid,uint32_t sid)52 bool add_alert(uint32_t gid, uint32_t sid) 53 { return reassembler->add_alert(trs, gid, sid); } 54 check_alerted(uint32_t gid,uint32_t sid)55 bool check_alerted(uint32_t gid, uint32_t sid) 56 { return reassembler->check_alerted(trs, gid, sid); } 57 update_alert(uint32_t gid,uint32_t sid,uint32_t event_id,uint32_t event_second)58 int update_alert(uint32_t gid, uint32_t sid, uint32_t event_id, uint32_t event_second) 59 { return reassembler->update_alert(trs, gid, sid, event_id, event_second); } 60 purge_alerts()61 void purge_alerts() 62 { reassembler->purge_alerts(trs); } 63 purge_segment_list()64 void purge_segment_list() 65 { reassembler->purge_segment_list(trs); } 66 purge_flushed_ackd()67 void purge_flushed_ackd() 68 { return reassembler->purge_flushed_ackd(trs); } 69 70 int flush_stream(snort::Packet* p, uint32_t dir, bool final_flush = false) 71 { return reassembler->flush_stream(trs, p, dir, final_flush); } 72 73 void flush_queued_segments(snort::Flow* flow, bool clear, const snort::Packet* p = nullptr) 74 { reassembler->flush_queued_segments(trs, flow, clear, p); } 75 is_segment_pending_flush()76 bool is_segment_pending_flush() 77 { return reassembler->is_segment_pending_flush(trs); } 78 flush_on_data_policy(snort::Packet * p)79 int flush_on_data_policy(snort::Packet* p) 80 { return reassembler->flush_on_data_policy(trs, p); } 81 flush_on_ack_policy(snort::Packet * p)82 int flush_on_ack_policy(snort::Packet* p) 83 { return reassembler->flush_on_ack_policy(trs, p); } 84 set_seglist_base_seq(uint32_t seglist_base_seq)85 void set_seglist_base_seq(uint32_t seglist_base_seq) 86 { trs.sos.seglist_base_seq = seglist_base_seq; } 87 get_seglist_base_seq()88 uint32_t get_seglist_base_seq() const 89 { return trs.sos.seglist_base_seq; } 90 set_xtradata_mask(uint32_t xtradata_mask)91 void set_xtradata_mask(uint32_t xtradata_mask) 92 { trs.xtradata_mask = xtradata_mask; } 93 get_xtradata_mask()94 uint32_t get_xtradata_mask() const 95 { return trs.xtradata_mask; } 96 get_seg_count()97 uint32_t get_seg_count() const 98 { return trs.sos.seg_count; } 99 get_seg_bytes_total()100 uint32_t get_seg_bytes_total() const 101 { return trs.sos.seg_bytes_total; } 102 get_overlap_count()103 uint32_t get_overlap_count() const 104 { return trs.sos.overlap_count; } 105 set_overlap_count(uint32_t overlap_count)106 void set_overlap_count(uint32_t overlap_count) 107 { trs.sos.overlap_count = overlap_count; } 108 get_flush_count()109 uint32_t get_flush_count() const 110 { return trs.flush_count; } 111 get_seg_bytes_logical()112 uint32_t get_seg_bytes_logical() const 113 { return trs.sos.seg_bytes_logical; } 114 get_reassembly_policy()115 StreamPolicy get_reassembly_policy() const 116 { return trs.sos.reassembly_policy; } 117 set_norm_mode_test()118 void set_norm_mode_test() 119 { trs.sos.tcp_ips_data = NORM_MODE_TEST; } 120 perform_partial_flush(snort::Flow * flow)121 uint32_t perform_partial_flush(snort::Flow* flow) 122 { return reassembler->perform_partial_flush(trs, flow); } 123 reset_paf()124 void reset_paf() 125 { paf_reset(&trs.paf_state); } 126 clear_paf()127 void clear_paf() 128 { paf_clear(&trs.paf_state); } 129 setup_paf()130 void setup_paf() 131 { 132 paf_setup(&trs.paf_state); 133 if ( trs.sos.seglist.cur_rseg ) 134 trs.sos.seglist.cur_sseg = trs.sos.seglist.cur_rseg; 135 else 136 trs.sos.seglist.cur_sseg = trs.sos.seglist.head; 137 } 138 139 private: 140 TcpReassembler* reassembler = nullptr; 141 TcpReassemblerState trs; 142 friend inline void TraceSegments(const TcpReassemblerPolicy&, const snort::Packet* p); 143 }; 144 #endif 145 146