1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 3 // 4 // This program is free software; you can redistribute it and/or modify it 5 // under the terms of the GNU General Public License Version 2 as published 6 // by the Free Software Foundation. You may not use, modify or distribute 7 // this program under any other version of the GNU General Public License. 8 // 9 // This program is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License along 15 // with this program; if not, write to the Free Software Foundation, Inc., 16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 //-------------------------------------------------------------------------- 18 // codec_module.h author Russ Combs <rucombs@cisco.com> 19 // codec_module.h author Josh Rosenbaum <jrosenba@cisco.com> 20 21 #ifndef CODECS_CODEC_MODULE_H 22 #define CODECS_CODEC_MODULE_H 23 24 #include <cstdint> 25 26 #include "framework/module.h" 27 #include "main/snort_types.h" 28 29 namespace snort 30 { 31 class Trace; 32 } 33 34 extern THREAD_LOCAL const snort::Trace* decode_trace; 35 36 namespace snort 37 { 38 constexpr int GID_DECODE = 116; 39 40 //----------------------------------------------------- 41 // remember to add rules to preproc_rules/decoder.rules 42 // add the new decoder rules to the following enum. 43 44 enum CodecSid : uint32_t 45 { 46 DECODE_NOT_IPV4_DGRAM = 1, 47 DECODE_IPV4_INVALID_HEADER_LEN = 2, 48 DECODE_IPV4_DGRAM_LT_IPHDR = 3, 49 DECODE_IPV4OPT_BADLEN = 4, 50 DECODE_IPV4OPT_TRUNCATED = 5, 51 DECODE_IPV4_DGRAM_GT_CAPLEN = 6, 52 53 DECODE_TCP_DGRAM_LT_TCPHDR = 45, 54 DECODE_TCP_INVALID_OFFSET = 46, 55 DECODE_TCP_LARGE_OFFSET = 47, 56 57 DECODE_TCPOPT_BADLEN = 54, 58 DECODE_TCPOPT_TRUNCATED = 55, 59 DECODE_TCPOPT_TTCP = 56, 60 DECODE_TCPOPT_OBSOLETE = 57, 61 DECODE_TCPOPT_EXPERIMENTAL = 58, 62 DECODE_TCPOPT_WSCALE_INVALID = 59, 63 64 DECODE_UDP_DGRAM_LT_UDPHDR = 95, 65 DECODE_UDP_DGRAM_INVALID_LENGTH = 96, 66 DECODE_UDP_DGRAM_SHORT_PACKET = 97, 67 DECODE_UDP_DGRAM_LONG_PACKET = 98, 68 69 DECODE_ICMP_DGRAM_LT_ICMPHDR = 105, 70 DECODE_ICMP_DGRAM_LT_TIMESTAMPHDR = 106, 71 DECODE_ICMP_DGRAM_LT_ADDRHDR = 107, 72 73 DECODE_ARP_TRUNCATED = 109, 74 DECODE_EAPOL_TRUNCATED = 110, 75 DECODE_EAPKEY_TRUNCATED = 111, 76 DECODE_EAP_TRUNCATED = 112, 77 78 DECODE_BAD_PPPOE = 120, 79 DECODE_BAD_VLAN = 130, 80 DECODE_BAD_LLC_HEADER = 131, 81 DECODE_BAD_LLC_OTHER = 132, 82 DECODE_BAD_80211_ETHLLC = 133, 83 DECODE_BAD_80211_OTHER = 134, 84 85 DECODE_BAD_TRH = 140, 86 DECODE_BAD_TR_ETHLLC = 141, 87 DECODE_BAD_TR_MR_LEN = 142, 88 DECODE_BAD_TRHMR = 143, 89 90 DECODE_BAD_TRAFFIC_LOOPBACK = 150, 91 DECODE_BAD_TRAFFIC_SAME_SRCDST = 151, 92 93 DECODE_GRE_DGRAM_LT_GREHDR = 160, 94 DECODE_GRE_MULTIPLE_ENCAPSULATION = 161, 95 DECODE_GRE_INVALID_VERSION = 162, 96 DECODE_GRE_INVALID_HEADER = 163, 97 DECODE_GRE_V1_INVALID_HEADER = 164, 98 DECODE_GRE_TRANS_DGRAM_LT_TRANSHDR = 165, 99 100 DECODE_BAD_MPLS = 170, 101 DECODE_BAD_MPLS_LABEL0 = 171, 102 DECODE_BAD_MPLS_LABEL1 = 172, 103 DECODE_BAD_MPLS_LABEL2 = 173, 104 DECODE_BAD_MPLS_LABEL3 = 174, 105 DECODE_MPLS_RESERVED_LABEL = 175, 106 DECODE_MPLS_LABEL_STACK = 176, 107 108 DECODE_GENEVE_DGRAM_LT_GENEVE_HDR = 180, 109 DECODE_GENEVE_INVALID_VERSION, 110 DECODE_GENEVE_INVALID_HEADER, 111 DECODE_GENEVE_INVALID_FLAGS, 112 DECODE_GENEVE_INVALID_OPTIONS, 113 114 DECODE_ICMP_ORIG_IP_TRUNCATED = 250, 115 DECODE_ICMP_ORIG_IP_VER_MISMATCH = 251, 116 DECODE_ICMP_ORIG_DGRAM_LT_ORIG_IP = 252, 117 DECODE_ICMP_ORIG_PAYLOAD_LT_64 = 253, 118 DECODE_ICMP_ORIG_PAYLOAD_GT_576 = 254, 119 DECODE_ICMP_ORIG_IP_WITH_FRAGOFFSET = 255, 120 121 DECODE_IPV6_MIN_TTL = 270, 122 DECODE_IPV6_IS_NOT = 271, 123 DECODE_IPV6_TRUNCATED_EXT = 272, 124 DECODE_IPV6_TRUNCATED = 273, 125 DECODE_IPV6_DGRAM_LT_IPHDR = 274, 126 DECODE_IPV6_DGRAM_GT_CAPLEN = 275, 127 DECODE_IPV6_DST_ZERO = 276, 128 DECODE_IPV6_SRC_MULTICAST = 277, 129 DECODE_IPV6_DST_RESERVED_MULTICAST = 278, 130 DECODE_IPV6_BAD_OPT_TYPE = 279, 131 DECODE_IPV6_BAD_MULTICAST_SCOPE = 280, 132 DECODE_IPV6_BAD_NEXT_HEADER = 281, 133 DECODE_IPV6_ROUTE_AND_HOPBYHOP = 282, 134 DECODE_IPV6_TWO_ROUTE_HEADERS = 283, 135 136 DECODE_ICMPV6_TOO_BIG_BAD_MTU = 285, 137 DECODE_ICMPV6_UNREACHABLE_NON_RFC_2463_CODE = 286, 138 DECODE_ICMPV6_SOLICITATION_BAD_CODE = 287, 139 DECODE_ICMPV6_ADVERT_BAD_CODE = 288, 140 DECODE_ICMPV6_SOLICITATION_BAD_RESERVED = 289, 141 DECODE_ICMPV6_ADVERT_BAD_REACHABLE = 290, 142 143 DECODE_IPV6_TUNNELED_IPV4_TRUNCATED = 291, 144 DECODE_IPV6_DSTOPTS_WITH_ROUTING = 292, 145 DECODE_IP_MULTIPLE_ENCAPSULATION = 293, 146 147 DECODE_ESP_HEADER_TRUNC = 294, 148 DECODE_IPV6_BAD_OPT_LEN = 295, 149 DECODE_IPV6_UNORDERED_EXTENSIONS = 296, 150 151 DECODE_GTP_MULTIPLE_ENCAPSULATION = 297, 152 DECODE_GTP_BAD_LEN = 298, 153 154 DECODE_TCP_XMAS = 400, 155 DECODE_TCP_NMAP_XMAS, 156 DECODE_DOS_NAPTHA, 157 DECODE_SYN_TO_MULTICAST, 158 DECODE_ZERO_TTL, 159 DECODE_BAD_FRAGBITS, 160 DECODE_UDP_IPV6_ZERO_CHECKSUM, 161 DECODE_IP4_LEN_OFFSET, 162 DECODE_IP4_SRC_THIS_NET, 163 DECODE_IP4_DST_THIS_NET, 164 DECODE_IP4_SRC_MULTICAST, 165 DECODE_IP4_SRC_RESERVED, 166 DECODE_IP4_DST_RESERVED, 167 DECODE_IP4_SRC_BROADCAST, 168 DECODE_IP4_DST_BROADCAST, 169 DECODE_ICMP4_DST_MULTICAST, 170 DECODE_ICMP4_DST_BROADCAST, 171 DECODE_ICMP4_TYPE_OTHER = 418, 172 DECODE_TCP_BAD_URP, 173 DECODE_TCP_SYN_FIN, 174 DECODE_TCP_SYN_RST, 175 DECODE_TCP_MUST_ACK, 176 DECODE_TCP_NO_SYN_ACK_RST, 177 DECODE_ETH_HDR_TRUNC, 178 DECODE_IP4_HDR_TRUNC, 179 DECODE_ICMP4_HDR_TRUNC, 180 DECODE_ICMP6_HDR_TRUNC, 181 DECODE_IP4_MIN_TTL, 182 DECODE_IP6_ZERO_HOP_LIMIT, 183 DECODE_IP4_DF_OFFSET, // = 430 184 DECODE_ICMP6_TYPE_OTHER, 185 DECODE_ICMP6_DST_MULTICAST, 186 DECODE_TCP_SHAFT_SYNFLOOD, 187 DECODE_ICMP_PING_NMAP, 188 DECODE_ICMP_ICMPENUM, 189 DECODE_ICMP_REDIRECT_HOST, 190 DECODE_ICMP_REDIRECT_NET, 191 DECODE_ICMP_TRACEROUTE_IPOPTS, 192 DECODE_ICMP_SOURCE_QUENCH, 193 DECODE_ICMP_BROADSCAN_SMURF_SCANNER, // = 440 194 DECODE_ICMP_DST_UNREACH_ADMIN_PROHIBITED, 195 DECODE_ICMP_DST_UNREACH_DST_HOST_PROHIBITED, 196 DECODE_ICMP_DST_UNREACH_DST_NET_PROHIBITED, 197 DECODE_IP_OPTION_SET, 198 DECODE_UDP_LARGE_PACKET, 199 DECODE_TCP_PORT_ZERO, 200 DECODE_UDP_PORT_ZERO, 201 DECODE_IP_RESERVED_FRAG_BIT, 202 DECODE_IP_UNASSIGNED_PROTO, 203 DECODE_IP_BAD_PROTO, // = 450 204 DECODE_ICMP_PATH_MTU_DOS, 205 DECODE_ICMP_DOS_ATTEMPT, 206 DECODE_IPV6_ISATAP_SPOOF, 207 DECODE_PGM_NAK_OVERFLOW, 208 DECODE_IGMP_OPTIONS_DOS, 209 DECODE_IP6_EXCESS_EXT_HDR, 210 DECODE_ICMPV6_UNREACHABLE_NON_RFC_4443_CODE, 211 DECODE_IPV6_BAD_FRAG_PKT, 212 DECODE_ZERO_LENGTH_FRAG, 213 DECODE_ICMPV6_NODE_INFO_BAD_CODE, // = 460 214 DECODE_IPV6_ROUTE_ZERO, 215 DECODE_ERSPAN_HDR_VERSION_MISMATCH, 216 DECODE_ERSPAN2_DGRAM_LT_HDR, 217 DECODE_ERSPAN3_DGRAM_LT_HDR, 218 DECODE_AUTH_HDR_TRUNC, 219 DECODE_AUTH_HDR_BAD_LEN, 220 DECODE_FPATH_HDR_TRUNC, 221 DECODE_CISCO_META_HDR_TRUNC, 222 DECODE_CISCO_META_HDR_OPT_LEN, 223 DECODE_CISCO_META_HDR_OPT_TYPE, // = 470 224 DECODE_CISCO_META_HDR_SGT, 225 DECODE_TOO_MANY_LAYERS, 226 DECODE_BAD_ETHER_TYPE, 227 DECODE_ICMP6_NOT_IP6, 228 DECODE_MIPV6_BAD_PAYLOAD_PROTO, 229 DECODE_INDEX_MAX 230 }; 231 232 //------------------------------------------------------------------------- 233 // module 234 //------------------------------------------------------------------------- 235 236 class BaseCodecModule : public Module 237 { 238 public: BaseCodecModule(const char * s,const char * h)239 BaseCodecModule(const char* s, const char* h) : Module(s, h) 240 { } 241 242 BaseCodecModule(const char* s, const char* h, const Parameter* p, bool is_list = false) Module(s,h,p,is_list)243 : Module(s, h, p, is_list) { } 244 get_gid()245 unsigned get_gid() const override 246 { return GID_DECODE; } 247 get_usage()248 Usage get_usage() const override 249 { return CONTEXT; } 250 }; 251 252 class SO_PUBLIC CodecModule : public BaseCodecModule 253 { 254 public: 255 CodecModule(); 256 257 const RuleMap* get_rules() const override; 258 259 void set_trace(const Trace*) const override; 260 const TraceOption* get_trace_options() const override; 261 }; 262 } 263 264 #endif 265 266