1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License Version 2 as
4  * published by the Free Software Foundation.  You may not use, modify or
5  * distribute this program under any other version of the GNU General
6  * Public License.
7  *
8  * This program is distributed in the hope that it will be useful,
9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11  * GNU General Public License for more details.
12  *
13  * You should have received a copy of the GNU General Public License
14  * along with this program; if not, write to the Free Software
15  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
16  *
17  * Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
18  * Copyright (C) 2005-2013 Sourcefire, Inc.
19  *
20  * Author: Steven Sturges
21  *
22  */
23 
24 /* $Id$ */
25 
26 #ifndef __SP_DYNAMIC_H_
27 #define __SP_DYNAMIC_H_
28 
29 #include "sf_dynamic_define.h"
30 #include "sf_dynamic_engine.h"
31 #include "snort.h"
32 #include "sf_types.h"
33 #include "sf_engine/sf_snort_plugin_api.h"
34 #include "detection-plugins/sp_pattern_match.h"
35 
36 extern char *snort_conf_dir;
37 
38 typedef struct _DynamicData
39 {
40     void *contextData;
41     OTNCheckFunction checkFunction;
42     OTNHasFunction hasOptionFunction;
43     int contentFlags;
44     GetDynamicContentsFunction getDynamicContents;
45     GetDynamicPreprocOptFpContentsFunc getPreprocFpContents;
46     PatternMatchData *pmds;
47 
48 } DynamicData;
49 
50 void SetupDynamic(void);
51 
52 int RegisterDynamicRule(
53     SnortConfig *,
54     uint32_t gid,
55     uint32_t sid,
56     void *info,
57     OTNCheckFunction,
58     OTNHasFunction,
59     int contentFlags,
60     GetDynamicContentsFunction,
61     RuleFreeFunc freeFunc,
62     GetDynamicPreprocOptFpContentsFunc
63     );
64 
65 typedef struct _DynamicRuleNode
66 {
67     Rule *rule;
68     OTNCheckFunction chkFunc;
69     OTNHasFunction hasFunc;
70     int contentFlags;
71     GetDynamicContentsFunction contentsFunc;
72     int converted;
73     RuleFreeFunc freeFunc;
74     GetDynamicPreprocOptFpContentsFunc preprocFpContentsFunc;
75     struct _DynamicRuleNode *next;
76 
77 } DynamicRuleNode;
78 
79 void DynamicRuleListFree(DynamicRuleNode *);
80 
81 #ifdef SNORT_RELOAD
82 int ReloadDynamicRules(SnortConfig *);
83 #endif
84 
85 int DynamicPreprocRuleOptInit(struct _SnortConfig *, void *);
86 void* DynamicFlowbitRegister(void *);
87 void DynamicFlowbitUnregister(void *);
88 int DynamicFlowbitCheck(void *pkt, void *);
89 int DynamicAsn1Detect(void *pkt, void *ctxt, const uint8_t *cursor);
90 int DynamicsfUnfold(const uint8_t *, uint32_t , uint8_t *, uint32_t , uint32_t *);
91 int Dynamicsfbase64decode(uint8_t *, uint32_t , uint8_t *, uint32_t , uint32_t *);
92 int DynamicGetAltDetect(uint8_t **, uint16_t *);
93 void DynamicSetAltDetect(uint8_t *, uint16_t );
94 int DynamicIsDetectFlag(SFDetectFlagType);
95 void DynamicDetectFlagDisable(SFDetectFlagType);
96 
97 int DynamicHasFlow(OptTreeNode *otn);
98 int DynamicHasFlowbit(OptTreeNode *otn);
99 int DynamicHasContent(OptTreeNode *otn);
100 int DynamicHasByteTest(OptTreeNode *otn);
101 int DynamicHasPCRE(OptTreeNode *otn);
102 
103 uint32_t DynamicRuleHash(void *d);
104 int DynamicRuleCompare(void *l, void *r);
105 
106 #endif  /* __SP_DYNAMIC_H_ */
107 
108