1 /* 2 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 3 ** Copyright (C) 2005-2013 Sourcefire, Inc. 4 ** 5 ** This program is free software; you can redistribute it and/or modify 6 ** it under the terms of the GNU General Public License Version 2 as 7 ** published by the Free Software Foundation. You may not use, modify or 8 ** distribute this program under any other version of the GNU General 9 ** Public License. 10 ** 11 ** This program is distributed in the hope that it will be useful, 12 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 13 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 ** GNU General Public License for more details. 15 ** 16 ** You should have received a copy of the GNU General Public License 17 ** along with this program; if not, write to the Free Software 18 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 */ 20 21 22 #ifndef __SERVICE_API_H__ 23 #define __SERVICE_API_H__ 24 25 #include <stdbool.h> 26 27 #ifdef HAVE_CONFIG_H 28 #include "config.h" /* for WORDS_BIGENDIAN */ 29 #endif 30 #include "sf_dynamic_preprocessor.h" 31 #include "appIdApi.h" 32 #include "service_util.h" 33 #include "commonAppMatcher.h" 34 #include "flow.h" 35 36 37 // Forward declaration 38 struct appIdConfig_; 39 struct _Detector; 40 41 typedef enum { 42 SERVICE_SUCCESS = 0, 43 SERVICE_INPROCESS = 10, 44 SERVICE_NEED_REASSEMBLY = 11, 45 SERVICE_NOT_COMPATIBLE = 12, 46 SERVICE_INVALID_CLIENT = 13, 47 SERVICE_REVERSED = 14, 48 SERVICE_NOMATCH = 100, 49 SERVICE_ENULL = -10, 50 SERVICE_EINVALID = -11, 51 SERVICE_ENOMEM = -12 52 } SERVICE_RETCODE; 53 54 typedef struct _ServiceValidationArgs 55 { 56 const uint8_t *data; 57 uint16_t size; 58 int dir; 59 tAppIdData *flowp; 60 SFSnortPacket *pkt; 61 struct _Detector *userdata; 62 const struct appIdConfig_ *pConfig; 63 bool app_id_debug_session_flag; 64 char *app_id_debug_session; 65 } ServiceValidationArgs; 66 typedef int (*RNAServiceValidationFCN)(ServiceValidationArgs*); 67 typedef int (*RNAServiceCallbackFCN)(const uint8_t *, uint16_t, const int, tAppIdData *session, 68 const SFSnortPacket *pkt, struct _Detector *userData, 69 const struct appIdConfig_ *pConfig); 70 #define MakeRNAServiceValidationPrototype(name) static int name(ServiceValidationArgs* args) 71 72 struct _INIT_SERVICE_API; 73 74 typedef struct 75 { 76 struct appIdConfig_ *pAppidConfig; ///< AppId context for which this API should be used 77 } CleanServiceAPI; 78 79 typedef int (*RNAServiceValidationInitFCN)(const struct _INIT_SERVICE_API * const); 80 typedef void (*RNAServiceValidationCleanFCN)(const CleanServiceAPI *const); 81 82 struct _RNA_SERVICE_VALIDATION_PP; 83 struct RNAServiceValidationModule; 84 85 typedef struct _INIT_SERVICE_API 86 { 87 void (*RegisterPattern)(RNAServiceValidationFCN fcn, uint8_t proto, 88 const uint8_t *pattern, unsigned size, int position, 89 const char *name, struct appIdConfig_ *pConfig); 90 int (*AddPort)(struct _RNA_SERVICE_VALIDATION_PP *pp, struct RNAServiceValidationModule *svm, struct appIdConfig_ *pConfig); 91 void (*RemovePorts)(RNAServiceValidationFCN validate, struct appIdConfig_ *pConfig); 92 void (*RegisterPatternUser)(RNAServiceValidationFCN fcn, uint8_t proto, 93 const uint8_t *pattern, unsigned size, int position, 94 const char *name, struct appIdConfig_ *pConfig); 95 void (*RegisterAppId)(RNAServiceValidationFCN fcn, tAppId appId, uint32_t additionalInfo, struct appIdConfig_ *pConfig); 96 void (*RegisterDetectorCallback)(RNAServiceCallbackFCN fcn, tAppId appId, struct _Detector *userdata, struct appIdConfig_ *pConfig); 97 int debug; 98 uint32_t instance_id; 99 DynamicPreprocessorData *dpd; 100 struct appIdConfig_ *pAppidConfig; ///< AppId context for which this API should be used 101 } InitServiceAPI; 102 103 typedef struct _RNA_SERVICE_PERF 104 { 105 /*time to validate */ 106 uint64_t totalValidateTime; 107 } RNAServicePerf; 108 109 110 struct RNAServiceElement 111 { 112 struct RNAServiceElement *next; 113 RNAServiceValidationFCN validate; 114 RNAServiceCallbackFCN detectorCallback; 115 bool detectorContext; 116 /**pointer to user data. Value of userdata pointer and validate pointer forms key for comparison. 117 */ 118 struct _Detector *userdata; 119 120 /**type of detector - pattern based, Sourcefire (validator) or User (Validator). */ 121 unsigned detectorType; 122 123 /**Number of resources registered */ 124 unsigned ref_count; 125 unsigned current_ref_count; 126 127 int provides_user; 128 129 const char *name; 130 }; 131 typedef struct RNAServiceElement tRNAServiceElement; 132 133 typedef void *(*ServiceFlowdataGet)(tAppIdData *, unsigned); 134 typedef int (*ServiceFlowdataAdd)(tAppIdData *, void *, unsigned, AppIdFreeFCN); 135 typedef int (*ServiceFlowdataAddId)(tAppIdData *, uint16_t, const tRNAServiceElement * const); 136 typedef int (*ServiceFlowdataAddDHCP)(tAppIdData *, unsigned, const uint8_t *, unsigned, const uint8_t *, const uint8_t *); 137 #define APPID_EARLY_SESSION_FLAG_FW_RULE 1 138 typedef tAppIdData *(*ServiceCreateNewFlow)( tAppIdData *flowp, SFSnortPacket *, sfaddr_t *, uint16_t, 139 sfaddr_t *, uint16_t, uint8_t, int16_t, int flags); 140 typedef void (*ServiceDhcpNewLease)(tAppIdData *flow, const uint8_t *mac, uint32_t ip, int32_t zone, 141 uint32_t subnetmask, uint32_t leaseSecs, uint32_t router); 142 typedef void (*ServiceAnalyzeFP)(tAppIdData *, unsigned, unsigned, uint32_t); 143 144 typedef int (*AddService)(tAppIdData *flow, const SFSnortPacket *pkt, int dir, 145 const tRNAServiceElement *svc_element, 146 tAppId service, const char *vendor, const char *version, 147 const RNAServiceSubtype *subtype, AppIdServiceIDState *id_state); 148 typedef int (*AddServiceConsumeSubtype)(tAppIdData *flow, const SFSnortPacket *pkt, int dir, 149 const tRNAServiceElement *svc_element, 150 tAppId service, const char *vendor, const char *version, 151 RNAServiceSubtype *subtype, AppIdServiceIDState *id_state); 152 typedef int (*ServiceInProcess)(tAppIdData *flow, const SFSnortPacket *pkt, int dir, 153 const tRNAServiceElement *svc_element, AppIdServiceIDState *id_state); 154 typedef int (*FailService)(tAppIdData *flow, const SFSnortPacket *pkt, int dir, 155 const tRNAServiceElement *svc_element, unsigned flow_data_index, const struct appIdConfig_ *pConfig, AppIdServiceIDState *id_state); 156 typedef int (*IncompatibleData)(tAppIdData *flow, const SFSnortPacket *pkt, int dir, 157 const tRNAServiceElement *svc_element, unsigned flow_data_index, const struct appIdConfig_ *pConfig, AppIdServiceIDState *id_state); 158 typedef void (*AddHostInfo)(tAppIdData *flow, SERVICE_HOST_INFO_CODE code, const void *info); 159 typedef void (*AddPayload)(tAppIdData *, tAppId); 160 typedef void (*AddMultiPayload)(tAppIdData *, tAppId); 161 typedef void (*AddUser)(tAppIdData *, const char *, tAppId, int); 162 typedef void (*AddMisc)(tAppIdData *, tAppId); 163 typedef void (*AddDnsQueryInfo)(tAppIdData *flow, 164 uint16_t id, 165 const uint8_t *host, uint8_t host_len, uint16_t host_offset, 166 uint16_t record_type, uint16_t options_offset); 167 typedef void (*AddDnsResponseInfo)(tAppIdData *flow, 168 uint16_t id, 169 const uint8_t *host, uint8_t host_len, uint16_t host_offset, 170 uint8_t response_type, uint32_t ttl); 171 typedef void (*ResetDnsInfo)(tAppIdData *flow); 172 173 typedef struct _SERVICE_API 174 { 175 ServiceFlowdataGet data_get; 176 ServiceFlowdataAdd data_add; 177 ServiceCreateNewFlow flow_new; 178 ServiceFlowdataAddId data_add_id; 179 ServiceFlowdataAddDHCP data_add_dhcp; 180 ServiceDhcpNewLease dhcpNewLease; 181 ServiceAnalyzeFP analyzefp; 182 AddService add_service; 183 FailService fail_service; 184 ServiceInProcess service_inprocess; 185 IncompatibleData incompatible_data; 186 AddHostInfo add_host_info; 187 AddPayload add_payload; 188 AddMultiPayload add_multipayload; 189 AddUser add_user; 190 AddServiceConsumeSubtype add_service_consume_subtype; 191 AddMisc add_misc; 192 AddDnsQueryInfo add_dns_query_info; 193 AddDnsResponseInfo add_dns_response_info; 194 ResetDnsInfo reset_dns_info; 195 } ServiceApi; 196 197 typedef struct _RNA_tAppIdData_STATE 198 { 199 struct _RNA_tAppIdData_STATE *next; 200 const tRNAServiceElement *svc; 201 uint16_t port; 202 } RNAFlowState; 203 204 typedef struct _RNA_SERVICE_VALIDATION_PP 205 { 206 RNAServiceValidationFCN validate; 207 uint16_t port; 208 uint8_t proto; 209 uint8_t reversed_validation; 210 } RNAServiceValidationPort; 211 212 struct RNAServiceValidationModule 213 { 214 const char * name; 215 RNAServiceValidationInitFCN init; 216 RNAServiceValidationPort *pp; 217 const ServiceApi *api; 218 struct RNAServiceValidationModule *next; 219 int provides_user; 220 RNAServiceValidationCleanFCN clean; 221 unsigned flow_data_index; 222 }; 223 224 typedef struct RNAServiceValidationModule tRNAServiceValidationModule; 225 226 #if defined(WORDS_BIGENDIAN) 227 #define LETOHS(p) BYTE_SWAP_16(*((uint16_t *)(p))) 228 #define LETOHL(p) BYTE_SWAP_32(*((uint32_t *)(p))) 229 #else 230 #define LETOHS(p) (*((uint16_t *)(p))) 231 #define LETOHL(p) (*((uint32_t *)(p))) 232 #endif 233 234 #endif /* __SERVICE_API_H__ */ 235 236