1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License Version 2 as
4  * published by the Free Software Foundation.  You may not use, modify or
5  * distribute this program under any other version of the GNU General
6  * Public License.
7  *
8  * This program is distributed in the hope that it will be useful,
9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11  * GNU General Public License for more details.
12  *
13  * You should have received a copy of the GNU General Public License
14  * along with this program; if not, write to the Free Software
15  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
16  *
17  * Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved.
18  *
19  * Authors: Jeffrey Gu <jgu@cisco.com>, Pradeep Damodharan <prdamodh@cisco.com>
20  *
21  * Protocol-Aware Flushing (PAF) code for the S7commplus preprocessor.
22  *
23  */
24 
25 #ifndef S7COMM_PAF__H
26 #define S7COMM_PAF__H
27 
28 #include "spp_s7comm.h"
29 #include "stream_api.h"
30 
31 typedef enum _s7commplus_paf_state
32 {
33 	S7COMMPLUS_PAF_STATE__TPKT_VER = 0,
34 	S7COMMPLUS_PAF_STATE__TPKT_RESERVED,
35 	S7COMMPLUS_PAF_STATE__TPKT_LEN_1,
36 	S7COMMPLUS_PAF_STATE__TPKT_LEN_2,
37 	S7COMMPLUS_PAF_STATE__COPT_LEN,
38 	S7COMMPLUS_PAF_STATE__COPT_PDU_TYPE,
39 	S7COMMPLUS_PAF_STATE__SET_FLUSH
40 } s7commplus_paf_state_t;
41 
42 typedef struct _s7commplus_paf_data
43 {
44 	s7commplus_paf_state_t state;
45 	uint16_t tpkt_length;
46 } s7commplus_paf_data_t;
47 
48 void S7commplusAddPortsToPaf(struct _SnortConfig *sc, s7commplus_config_t *config, tSfPolicyId policy_id);
49 int S7commplusPafRegisterPort(struct _SnortConfig *sc, uint16_t port, tSfPolicyId policy_id);
50 int S7commplusAddServiceToPaf(struct _SnortConfig *sc, uint16_t service, tSfPolicyId policy_id);
51 PAF_Status S7commplusPaf(void *ssn, void **user, const uint8_t *data,
52 		uint32_t len, uint32_t flags, uint32_t *fp, uint32_t *fp_eoh);
S7commplusIsPafActive(const SFSnortPacket * p)53 static inline bool S7commplusIsPafActive(const SFSnortPacket *p)
54 {
55 	bool to_server = (p->flags & FLAG_FROM_CLIENT)? true:false;
56 	if ((p->stream_session_ptr)
57 			&& _dpd.streamAPI->is_paf_active(p->stream_session_ptr, to_server))
58 		return true;
59 
60 	return false;
61 }
62 #endif /* S7COMMPLUS_PAF__H */
63