1 //--------------------------------------------------------------------------
2 // Copyright (C) 2019-2021 Cisco and/or its affiliates. All rights reserved.
3 //
4 // This program is free software; you can redistribute it and/or modify it
5 // under the terms of the GNU General Public License Version 2 as published
6 // by the Free Software Foundation.  You may not use, modify or distribute
7 // this program under any other version of the GNU General Public License.
8 //
9 // This program is distributed in the hope that it will be useful, but
10 // WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12 // General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License along
15 // with this program; if not, write to the Free Software Foundation, Inc.,
16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
17 //--------------------------------------------------------------------------
18 
19 // rna_module.h author Masud Hasan <mashasan@cisco.com>
20 
21 #ifndef RNA_MODULE_H
22 #define RNA_MODULE_H
23 
24 #include "framework/module.h"
25 #include "main/snort_config.h"
26 #include "main/snort_debug.h"
27 #include "profiler/profiler.h"
28 
29 #include "rna_config.h"
30 #include "rna_fingerprint.h"
31 #include "rna_mac_cache.h"
32 #include "rna_name.h"
33 
34 struct RnaStats
35 {
36     PegCount appid_change;
37     PegCount cpe_os;
38     PegCount icmp_bidirectional;
39     PegCount icmp_new;
40     PegCount ip_bidirectional;
41     PegCount ip_new;
42     PegCount udp_bidirectional;
43     PegCount udp_new;
44     PegCount tcp_syn;
45     PegCount tcp_syn_ack;
46     PegCount tcp_midstream;
47     PegCount other_packets;
48     PegCount change_host_update;
49     PegCount dhcp_data;
50     PegCount dhcp_info;
51     PegCount smb;
52 };
53 
54 extern THREAD_LOCAL RnaStats rna_stats;
55 extern THREAD_LOCAL snort::ProfileStats rna_perf_stats;
56 extern THREAD_LOCAL const snort::Trace* rna_trace;
57 
58 
59 // A tuner for initializing fingerprint processors during reload
60 class FpProcReloadTuner : public snort::ReloadResourceTuner
61 {
62 public:
FpProcReloadTuner(RnaModuleConfig & mod_conf)63     explicit FpProcReloadTuner(RnaModuleConfig& mod_conf)
64         : mod_conf(mod_conf) { }
65     ~FpProcReloadTuner() override = default;
66 
67     bool tinit() override;
68 
tune_packet_context()69     bool tune_packet_context() override
70     { return true; }
71 
tune_idle_context()72     bool tune_idle_context() override
73     { return true; }
74 
75 private:
76     RnaModuleConfig& mod_conf;
77 };
78 
79 class RnaModule : public snort::Module
80 {
81 public:
82     RnaModule();
83     ~RnaModule() override;
84 
85     bool begin(const char*, int, snort::SnortConfig*) override;
86     bool set(const char*, snort::Value&, snort::SnortConfig*) override;
87     bool end(const char*, int, snort::SnortConfig*) override;
88     bool log_mac_cache(const char* outfile);
89 
90     const snort::Command* get_commands() const override;
91     RnaModuleConfig* get_config();
92     PegCount* get_counts() const override;
93     const PegInfo* get_pegs() const override;
94     snort::ProfileStats* get_profile() const override;
95 
get_usage()96     Usage get_usage() const override
97     { return CONTEXT; }
98 
99     void set_trace(const snort::Trace*) const override;
100     const snort::TraceOption* get_trace_options() const override;
101 
102 private:
103     RnaModuleConfig* mod_conf = nullptr;
104     const char* dump_file = nullptr;
105 
106     RawFingerprint fingerprint;
107 
108     bool is_valid_fqn(const char* fqn) const;
109 };
110 
111 #endif
112