1 /*
2 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 ** Copyright (C) 2006-2013 Sourcefire, Inc.
4 **
5 ** This program is free software; you can redistribute it and/or modify
6 ** it under the terms of the GNU General Public License Version 2 as
7 ** published by the Free Software Foundation.  You may not use, modify or
8 ** distribute this program under any other version of the GNU General
9 ** Public License.
10 **
11 ** This program is distributed in the hope that it will be useful,
12 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
13 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 ** GNU General Public License for more details.
15 **
16 ** You should have received a copy of the GNU General Public License
17 ** along with this program; if not, write to the Free Software
18 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19 */
20 
21 /*
22  * Author: Steven Sturges
23  * sftarget_reader.c
24  */
25 
26 #ifndef SF_TARGET_READER_H_
27 #define SF_TARGET_READER_H_
28 
29 #include "snort.h"
30 #ifdef REG_TEST
31 #include "reg_test.h"
32 #endif
33 
34 #define SFAT_OK 0
35 #define SFAT_ERROR -1
36 
37 #define SFAT_CHECKHOST \
38     if (!current_host) return SFAT_ERROR;
39 #define SFAT_CHECKAPP \
40     if (!current_app) return SFAT_ERROR;
41 
42 void SigAttributeTableReloadHandler(int signal);
43 
44 typedef enum
45 {
46     ATTRIBUTE_NAME,
47     ATTRIBUTE_ID
48 } AttributeTypes;
49 
50 typedef enum
51 {
52     ATTRIBUTE_SERVICE,
53     ATTRIBUTE_CLIENT
54 } ServiceClient;
55 
56 typedef struct _MapData
57 {
58     char s_mapvalue[STD_BUF];
59     uint32_t l_mapid;
60 } MapData;
61 
62 typedef MapData MapEntry;
63 
64 typedef struct _AttributeData
65 {
66     AttributeTypes type;
67     union
68     {
69         char s_value[STD_BUF];
70         uint32_t l_value;
71     } value;
72     int confidence;
73     int16_t attributeOrdinal;
74 } AttributeData;
75 
76 #define APPLICATION_ENTRY_PORT 0x01
77 #define APPLICATION_ENTRY_IPPROTO 0x02
78 #define APPLICATION_ENTRY_PROTO 0x04
79 #define APPLICATION_ENTRY_APPLICATION 0x08
80 #define APPLICATION_ENTRY_VERSION 0x10
81 
82 typedef struct _ApplicationEntry
83 {
84     struct _ApplicationEntry *next;
85 
86     uint16_t port;
87     uint16_t ipproto;
88     uint16_t protocol;
89 
90     uint8_t fields;
91 } ApplicationEntry;
92 
93 typedef ApplicationEntry ApplicationList;
94 
95 #define HOST_INFO_OS 1
96 #define HOST_INFO_VENDOR 2
97 #define HOST_INFO_VERSION 3
98 #define HOST_INFO_FRAG_POLICY 4
99 #define HOST_INFO_STREAM_POLICY 5
100 #define POLICY_SET 1
101 #define POLICY_NOT_SET 0
102 typedef struct _HostInfo
103 {
104     char streamPolicyName[16];
105     char fragPolicyName[16];
106 
107     uint16_t streamPolicy;
108     uint16_t fragPolicy;
109 
110     char streamPolicySet;
111     char fragPolicySet;
112 } HostInfo;
113 
114 #define SFAT_SERVICE 1
115 #define SFAT_CLIENT 2
116 typedef struct _HostAttributeEntry
117 {
118     sfcidr_t ipAddr;
119 
120     HostInfo hostInfo;
121     ApplicationList *services;
122     ApplicationList *clients;
123 } HostAttributeEntry;
124 
125 /* Callback Functions from YACC */
126 int SFAT_AddMapEntry(MapEntry *);
127 char *SFAT_LookupAttributeNameById(int id);
128 HostAttributeEntry * SFAT_CreateHostEntry(void);
129 int SFAT_AddHostEntryToMap(void);
130 int SFAT_SetHostIp(const char *);
131 int SFAT_SetOSAttribute(AttributeData *data, int attribute);
132 int SFAT_SetOSPolicy(char *policy_name, int attribute);
133 ApplicationEntry * SFAT_CreateApplicationEntry(void);
134 int SFAT_AddApplicationData(void);
135 int SFAT_SetApplicationAttribute(AttributeData *data, int attribute);
136 void PrintAttributeData(char *prefix, AttributeData *data);
137 
138 /* Callback to set frag & stream policy IDs */
139 typedef int (*GetPolicyIdFunc)(HostAttributeEntry *);
140 typedef struct _GetPolicyIdsCallbackList
141 {
142     GetPolicyIdFunc policyCallback;
143     struct _GetPolicyIdsCallbackList *next;
144 } GetPolicyIdsCallbackList;
145 void SFAT_SetPolicyIds(GetPolicyIdFunc policyCallback, int snortPolicyId);
146 
147 /* Cleanup Functions, called by Snort shutdown */
148 void SFAT_Cleanup(void);
149 void FreeHostEntry(HostAttributeEntry *host);
150 
151 /* Parsing Functions -- to be called by Snort parser */
152 int SFAT_ParseAttributeTable(char *args, SnortConfig *sc);
153 
154 /* Function to swap out new table */
155 void AttributeTableReloadCheck(void);
156 
157 /* Status functions */
158 uint32_t SFAT_NumberOfHosts(void);
159 
160 /* API Lookup functions, to be called by Stream & Frag */
161 HostAttributeEntry *SFAT_LookupHostEntryByIP(sfaddr_t *ipAddr);
162 HostAttributeEntry *SFAT_LookupHostEntryBySrc(Packet *p);
163 HostAttributeEntry *SFAT_LookupHostEntryByDst(Packet *p);
164 void SFAT_UpdateApplicationProtocol(sfaddr_t *ipAddr, uint16_t port, uint16_t protocol, uint16_t id);
165 
166 /* Returns whether this has been configured */
167 int IsAdaptiveConfigured( void );
168 int IsAdaptiveConfiguredForSnortConfig(struct _SnortConfig *);
169 
170 void SFAT_StartReloadThread(void);
171 
172 void SFLAT_init(void);
173 void SFLAT_fini(void);
174 int  SFLAT_isEnabled(tSfPolicyId id, int parsing);
175 
176 #ifdef SNORT_RELOAD
177 void SFAT_ReloadCheck(struct _SnortConfig *);
178 void ReloadAttributeThreadStop(void);
179 void SFAT_CleanPrevConfig(void);
180 #endif
181 
182 #endif /* SF_TARGET_READER_H_ */
183