1 /* 2 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 3 ** Copyright (C) 2006-2013 Sourcefire, Inc. 4 ** 5 ** This program is free software; you can redistribute it and/or modify 6 ** it under the terms of the GNU General Public License Version 2 as 7 ** published by the Free Software Foundation. You may not use, modify or 8 ** distribute this program under any other version of the GNU General 9 ** Public License. 10 ** 11 ** This program is distributed in the hope that it will be useful, 12 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 ** GNU General Public License for more details. 15 ** 16 ** You should have received a copy of the GNU General Public License 17 ** along with this program; if not, write to the Free Software 18 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 */ 20 21 /* 22 * Author: Steven Sturges 23 * sftarget_reader.c 24 */ 25 26 #ifndef SF_TARGET_READER_H_ 27 #define SF_TARGET_READER_H_ 28 29 #include "snort.h" 30 #ifdef REG_TEST 31 #include "reg_test.h" 32 #endif 33 34 #define SFAT_OK 0 35 #define SFAT_ERROR -1 36 37 #define SFAT_CHECKHOST \ 38 if (!current_host) return SFAT_ERROR; 39 #define SFAT_CHECKAPP \ 40 if (!current_app) return SFAT_ERROR; 41 42 void SigAttributeTableReloadHandler(int signal); 43 44 typedef enum 45 { 46 ATTRIBUTE_NAME, 47 ATTRIBUTE_ID 48 } AttributeTypes; 49 50 typedef enum 51 { 52 ATTRIBUTE_SERVICE, 53 ATTRIBUTE_CLIENT 54 } ServiceClient; 55 56 typedef struct _MapData 57 { 58 char s_mapvalue[STD_BUF]; 59 uint32_t l_mapid; 60 } MapData; 61 62 typedef MapData MapEntry; 63 64 typedef struct _AttributeData 65 { 66 AttributeTypes type; 67 union 68 { 69 char s_value[STD_BUF]; 70 uint32_t l_value; 71 } value; 72 int confidence; 73 int16_t attributeOrdinal; 74 } AttributeData; 75 76 #define APPLICATION_ENTRY_PORT 0x01 77 #define APPLICATION_ENTRY_IPPROTO 0x02 78 #define APPLICATION_ENTRY_PROTO 0x04 79 #define APPLICATION_ENTRY_APPLICATION 0x08 80 #define APPLICATION_ENTRY_VERSION 0x10 81 82 typedef struct _ApplicationEntry 83 { 84 struct _ApplicationEntry *next; 85 86 uint16_t port; 87 uint16_t ipproto; 88 uint16_t protocol; 89 90 uint8_t fields; 91 } ApplicationEntry; 92 93 typedef ApplicationEntry ApplicationList; 94 95 #define HOST_INFO_OS 1 96 #define HOST_INFO_VENDOR 2 97 #define HOST_INFO_VERSION 3 98 #define HOST_INFO_FRAG_POLICY 4 99 #define HOST_INFO_STREAM_POLICY 5 100 #define POLICY_SET 1 101 #define POLICY_NOT_SET 0 102 typedef struct _HostInfo 103 { 104 char streamPolicyName[16]; 105 char fragPolicyName[16]; 106 107 uint16_t streamPolicy; 108 uint16_t fragPolicy; 109 110 char streamPolicySet; 111 char fragPolicySet; 112 } HostInfo; 113 114 #define SFAT_SERVICE 1 115 #define SFAT_CLIENT 2 116 typedef struct _HostAttributeEntry 117 { 118 sfcidr_t ipAddr; 119 120 HostInfo hostInfo; 121 ApplicationList *services; 122 ApplicationList *clients; 123 } HostAttributeEntry; 124 125 /* Callback Functions from YACC */ 126 int SFAT_AddMapEntry(MapEntry *); 127 char *SFAT_LookupAttributeNameById(int id); 128 HostAttributeEntry * SFAT_CreateHostEntry(void); 129 int SFAT_AddHostEntryToMap(void); 130 int SFAT_SetHostIp(const char *); 131 int SFAT_SetOSAttribute(AttributeData *data, int attribute); 132 int SFAT_SetOSPolicy(char *policy_name, int attribute); 133 ApplicationEntry * SFAT_CreateApplicationEntry(void); 134 int SFAT_AddApplicationData(void); 135 int SFAT_SetApplicationAttribute(AttributeData *data, int attribute); 136 void PrintAttributeData(char *prefix, AttributeData *data); 137 138 /* Callback to set frag & stream policy IDs */ 139 typedef int (*GetPolicyIdFunc)(HostAttributeEntry *); 140 typedef struct _GetPolicyIdsCallbackList 141 { 142 GetPolicyIdFunc policyCallback; 143 struct _GetPolicyIdsCallbackList *next; 144 } GetPolicyIdsCallbackList; 145 void SFAT_SetPolicyIds(GetPolicyIdFunc policyCallback, int snortPolicyId); 146 147 /* Cleanup Functions, called by Snort shutdown */ 148 void SFAT_Cleanup(void); 149 void FreeHostEntry(HostAttributeEntry *host); 150 151 /* Parsing Functions -- to be called by Snort parser */ 152 int SFAT_ParseAttributeTable(char *args, SnortConfig *sc); 153 154 /* Function to swap out new table */ 155 void AttributeTableReloadCheck(void); 156 157 /* Status functions */ 158 uint32_t SFAT_NumberOfHosts(void); 159 160 /* API Lookup functions, to be called by Stream & Frag */ 161 HostAttributeEntry *SFAT_LookupHostEntryByIP(sfaddr_t *ipAddr); 162 HostAttributeEntry *SFAT_LookupHostEntryBySrc(Packet *p); 163 HostAttributeEntry *SFAT_LookupHostEntryByDst(Packet *p); 164 void SFAT_UpdateApplicationProtocol(sfaddr_t *ipAddr, uint16_t port, uint16_t protocol, uint16_t id); 165 166 /* Returns whether this has been configured */ 167 int IsAdaptiveConfigured( void ); 168 int IsAdaptiveConfiguredForSnortConfig(struct _SnortConfig *); 169 170 void SFAT_StartReloadThread(void); 171 172 void SFLAT_init(void); 173 void SFLAT_fini(void); 174 int SFLAT_isEnabled(tSfPolicyId id, int parsing); 175 176 #ifdef SNORT_RELOAD 177 void SFAT_ReloadCheck(struct _SnortConfig *); 178 void ReloadAttributeThreadStop(void); 179 void SFAT_CleanPrevConfig(void); 180 #endif 181 182 #endif /* SF_TARGET_READER_H_ */ 183