snort  2.9.17.1
About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.
  Fossies Dox: snort-2.9.17.1.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

service_api.h
Go to the documentation of this file.
1 /*
2 ** Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
3 ** Copyright (C) 2005-2013 Sourcefire, Inc.
4 **
5 ** This program is free software; you can redistribute it and/or modify
6 ** it under the terms of the GNU General Public License Version 2 as
7 ** published by the Free Software Foundation. You may not use, modify or
8 ** distribute this program under any other version of the GNU General
9 ** Public License.
10 **
11 ** This program is distributed in the hope that it will be useful,
12 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
13 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 ** GNU General Public License for more details.
15 **
16 ** You should have received a copy of the GNU General Public License
17 ** along with this program; if not, write to the Free Software
18 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
19 */
20 
21 
22 #ifndef __SERVICE_API_H__
23 #define __SERVICE_API_H__
24 
25 #include <stdbool.h>
26 
27 #ifdef HAVE_CONFIG_H
28 #include "config.h" /* for WORDS_BIGENDIAN */
29 #endif
31 #include "appIdApi.h"
32 #include "service_util.h"
33 #include "commonAppMatcher.h"
34 #include "flow.h"
35 
36 
37 // Forward declaration
38 struct appIdConfig_;
39 struct _Detector;
40 
41 typedef enum {
51  SERVICE_ENOMEM = -12
53 
54 typedef struct _ServiceValidationArgs
55 {
56  const uint8_t *data;
58  int dir;
62  const struct appIdConfig_ *pConfig;
67 typedef int (*RNAServiceCallbackFCN)(const uint8_t *, uint16_t, const int, tAppIdData *session,
68  const SFSnortPacket *pkt, struct _Detector *userData,
69  const struct appIdConfig_ *pConfig);
70 #define MakeRNAServiceValidationPrototype(name) static int name(ServiceValidationArgs* args)
71 
72 struct _INIT_SERVICE_API;
73 
74 typedef struct
75 {
76  struct appIdConfig_ *pAppidConfig; ///< AppId context for which this API should be used
78 
79 typedef int (*RNAServiceValidationInitFCN)(const struct _INIT_SERVICE_API * const);
80 typedef void (*RNAServiceValidationCleanFCN)(const CleanServiceAPI *const);
81 
84 
85 typedef struct _INIT_SERVICE_API
86 {
88  const uint8_t *pattern, unsigned size, int position,
89  const char *name, struct appIdConfig_ *pConfig);
93  const uint8_t *pattern, unsigned size, int position,
94  const char *name, struct appIdConfig_ *pConfig);
95  void (*RegisterAppId)(RNAServiceValidationFCN fcn, tAppId appId, uint32_t additionalInfo, struct appIdConfig_ *pConfig);
96  void (*RegisterDetectorCallback)(RNAServiceCallbackFCN fcn, tAppId appId, struct _Detector *userdata, struct appIdConfig_ *pConfig);
97  int debug;
100  struct appIdConfig_ *pAppidConfig; ///< AppId context for which this API should be used
102 
103 typedef struct _RNA_SERVICE_PERF
104 {
105  /*time to validate */
108 
109 
111 {
116  /**pointer to user data. Value of userdata pointer and validate pointer forms key for comparison.
117  */
119 
120  /**type of detector - pattern based, Sourcefire (validator) or User (Validator). */
121  unsigned detectorType;
122 
123  /**Number of resources registered */
124  unsigned ref_count;
126 
128 
129  const char *name;
130 };
132 
133 typedef void *(*ServiceFlowdataGet)(tAppIdData *, unsigned);
134 typedef int (*ServiceFlowdataAdd)(tAppIdData *, void *, unsigned, AppIdFreeFCN);
136 typedef int (*ServiceFlowdataAddDHCP)(tAppIdData *, unsigned, const uint8_t *, unsigned, const uint8_t *, const uint8_t *);
137 #define APPID_EARLY_SESSION_FLAG_FW_RULE 1
138 typedef tAppIdData *(*ServiceCreateNewFlow)( tAppIdData *flowp, SFSnortPacket *, sfaddr_t *, uint16_t,
139  sfaddr_t *, uint16_t, uint8_t, int16_t, int flags);
140 typedef void (*ServiceDhcpNewLease)(tAppIdData *flow, const uint8_t *mac, uint32_t ip, int32_t zone,
141  uint32_t subnetmask, uint32_t leaseSecs, uint32_t router);
142 typedef void (*ServiceAnalyzeFP)(tAppIdData *, unsigned, unsigned, uint32_t);
143 
144 typedef int (*AddService)(tAppIdData *flow, const SFSnortPacket *pkt, int dir,
146  tAppId service, const char *vendor, const char *version,
147  const RNAServiceSubtype *subtype, AppIdServiceIDState *id_state);
148 typedef int (*AddServiceConsumeSubtype)(tAppIdData *flow, const SFSnortPacket *pkt, int dir,
150  tAppId service, const char *vendor, const char *version,
151  RNAServiceSubtype *subtype, AppIdServiceIDState *id_state);
152 typedef int (*ServiceInProcess)(tAppIdData *flow, const SFSnortPacket *pkt, int dir,
154 typedef int (*FailService)(tAppIdData *flow, const SFSnortPacket *pkt, int dir,
155  const tRNAServiceElement *svc_element, unsigned flow_data_index, const struct appIdConfig_ *pConfig, AppIdServiceIDState *id_state);
156 typedef int (*IncompatibleData)(tAppIdData *flow, const SFSnortPacket *pkt, int dir,
157  const tRNAServiceElement *svc_element, unsigned flow_data_index, const struct appIdConfig_ *pConfig, AppIdServiceIDState *id_state);
158 typedef void (*AddHostInfo)(tAppIdData *flow, SERVICE_HOST_INFO_CODE code, const void *info);
159 typedef void (*AddPayload)(tAppIdData *, tAppId);
160 typedef void (*AddMultiPayload)(tAppIdData *, tAppId);
161 typedef void (*AddUser)(tAppIdData *, const char *, tAppId, int);
162 typedef void (*AddMisc)(tAppIdData *, tAppId);
163 typedef void (*AddDnsQueryInfo)(tAppIdData *flow,
164  uint16_t id,
165  const uint8_t *host, uint8_t host_len, uint16_t host_offset,
166  uint16_t record_type, uint16_t options_offset);
167 typedef void (*AddDnsResponseInfo)(tAppIdData *flow,
168  uint16_t id,
169  const uint8_t *host, uint8_t host_len, uint16_t host_offset,
170  uint8_t response_type, uint32_t ttl);
171 typedef void (*ResetDnsInfo)(tAppIdData *flow);
172 
173 typedef struct _SERVICE_API
174 {
196 
197 typedef struct _RNA_tAppIdData_STATE
198 {
203 
205 {
211 
213 {
214  const char * name;
217  const ServiceApi *api;
221  unsigned flow_data_index;
222 };
223 
225 
226 #if defined(WORDS_BIGENDIAN)
227 #define LETOHS(p) BYTE_SWAP_16(*((uint16_t *)(p)))
228 #define LETOHL(p) BYTE_SWAP_32(*((uint32_t *)(p)))
229 #else
230 #define LETOHS(p) (*((uint16_t *)(p)))
231 #define LETOHL(p) (*((uint32_t *)(p)))
232 #endif
233 
234 #endif /* __SERVICE_API_H__ */
235 
int32_t tAppId
Definition: appIdApi.h:30
SERVICE_HOST_INFO_CODE
Definition: appId.h:1041
static CLIENT_APP_RETCODE validate(const uint8_t *data, uint16_t size, const int dir, tAppIdData *flowp, SFSnortPacket *pkt, struct _Detector *userData, const tAppIdConfig *pConfig)
void(* AppIdFreeFCN)(void *)
Definition: flow.h:62
void(* ServiceDhcpNewLease)(tAppIdData *flow, const uint8_t *mac, uint32_t ip, int32_t zone, uint32_t subnetmask, uint32_t leaseSecs, uint32_t router)
Definition: service_api.h:140
void(* RNAServiceValidationCleanFCN)(const CleanServiceAPI *const)
Definition: service_api.h:80
void(* AddHostInfo)(tAppIdData *flow, SERVICE_HOST_INFO_CODE code, const void *info)
Definition: service_api.h:158
int(* ServiceInProcess)(tAppIdData *flow, const SFSnortPacket *pkt, int dir, const tRNAServiceElement *svc_element, AppIdServiceIDState *id_state)
Definition: service_api.h:152
int(* RNAServiceCallbackFCN)(const uint8_t *, uint16_t, const int, tAppIdData *session, const SFSnortPacket *pkt, struct _Detector *userData, const struct appIdConfig_ *pConfig)
Definition: service_api.h:67
void(* AddDnsQueryInfo)(tAppIdData *flow, uint16_t id, const uint8_t *host, uint8_t host_len, uint16_t host_offset, uint16_t record_type, uint16_t options_offset)
Definition: service_api.h:163
struct _RNA_tAppIdData_STATE RNAFlowState
void(* ResetDnsInfo)(tAppIdData *flow)
Definition: service_api.h:171
void *(* ServiceFlowdataGet)(tAppIdData *, unsigned)
Definition: service_api.h:133
int(* RNAServiceValidationFCN)(ServiceValidationArgs *)
Definition: service_api.h:66
void(* AddMisc)(tAppIdData *, tAppId)
Definition: service_api.h:162
tAppIdData *(* ServiceCreateNewFlow)(tAppIdData *flowp, SFSnortPacket *, sfaddr_t *, uint16_t, sfaddr_t *, uint16_t, uint8_t, int16_t, int flags)
Definition: service_api.h:138
int(* ServiceFlowdataAddId)(tAppIdData *, uint16_t, const tRNAServiceElement *const)
Definition: service_api.h:135
void(* AddUser)(tAppIdData *, const char *, tAppId, int)
Definition: service_api.h:161
int(* ServiceFlowdataAddDHCP)(tAppIdData *, unsigned, const uint8_t *, unsigned, const uint8_t *, const uint8_t *)
Definition: service_api.h:136
void(* AddMultiPayload)(tAppIdData *, tAppId)
Definition: service_api.h:160
struct _ServiceValidationArgs ServiceValidationArgs
int(* ServiceFlowdataAdd)(tAppIdData *, void *, unsigned, AppIdFreeFCN)
Definition: service_api.h:134
int(* AddService)(tAppIdData *flow, const SFSnortPacket *pkt, int dir, const tRNAServiceElement *svc_element, tAppId service, const char *vendor, const char *version, const RNAServiceSubtype *subtype, AppIdServiceIDState *id_state)
Definition: service_api.h:144
int(* FailService)(tAppIdData *flow, const SFSnortPacket *pkt, int dir, const tRNAServiceElement *svc_element, unsigned flow_data_index, const struct appIdConfig_ *pConfig, AppIdServiceIDState *id_state)
Definition: service_api.h:154
int(* AddServiceConsumeSubtype)(tAppIdData *flow, const SFSnortPacket *pkt, int dir, const tRNAServiceElement *svc_element, tAppId service, const char *vendor, const char *version, RNAServiceSubtype *subtype, AppIdServiceIDState *id_state)
Definition: service_api.h:148
int(* IncompatibleData)(tAppIdData *flow, const SFSnortPacket *pkt, int dir, const tRNAServiceElement *svc_element, unsigned flow_data_index, const struct appIdConfig_ *pConfig, AppIdServiceIDState *id_state)
Definition: service_api.h:156
struct _RNA_SERVICE_VALIDATION_PP RNAServiceValidationPort
void(* AddDnsResponseInfo)(tAppIdData *flow, uint16_t id, const uint8_t *host, uint8_t host_len, uint16_t host_offset, uint8_t response_type, uint32_t ttl)
Definition: service_api.h:167
void(* ServiceAnalyzeFP)(tAppIdData *, unsigned, unsigned, uint32_t)
Definition: service_api.h:142
struct _INIT_SERVICE_API InitServiceAPI
SERVICE_RETCODE
Definition: service_api.h:41
@ SERVICE_ENULL
Definition: service_api.h:49
@ SERVICE_ENOMEM
Definition: service_api.h:51
@ SERVICE_NOT_COMPATIBLE
Definition: service_api.h:45
@ SERVICE_EINVALID
Definition: service_api.h:50
@ SERVICE_NEED_REASSEMBLY
Definition: service_api.h:44
@ SERVICE_REVERSED
Definition: service_api.h:47
@ SERVICE_SUCCESS
Definition: service_api.h:42
@ SERVICE_NOMATCH
Definition: service_api.h:48
@ SERVICE_INPROCESS
Definition: service_api.h:43
@ SERVICE_INVALID_CLIENT
Definition: service_api.h:46
struct _SERVICE_API ServiceApi
int(* RNAServiceValidationInitFCN)(const struct _INIT_SERVICE_API *const)
Definition: service_api.h:79
struct _RNA_SERVICE_PERF RNAServicePerf
void(* AddPayload)(tAppIdData *, tAppId)
Definition: service_api.h:159
static RNAServiceValidationPort pp[]
Definition: service_tns.c:105
static tRNAServiceElement svc_element
Definition: service_tns.c:95
char * name
Definition: sf_sechash.c:54
const int
Definition: spp_ftptelnet.c:75
__int16 int16_t
Definition: stdint.h:27
__int32 int32_t
Definition: stdint.h:28
struct appIdConfig_ * pAppidConfig
AppId context for which this API should be used.
Definition: service_api.h:76
signed char detectorContext
Definition: service_api.h:115
RNAServiceCallbackFCN detectorCallback
Definition: service_api.h:114
unsigned detectorType
Definition: service_api.h:121
unsigned ref_count
Definition: service_api.h:124
unsigned current_ref_count
Definition: service_api.h:125
struct _Detector * userdata
Definition: service_api.h:118
RNAServiceValidationFCN validate
Definition: service_api.h:113
const char * name
Definition: service_api.h:129
struct RNAServiceElement * next
Definition: service_api.h:112
RNAServiceValidationCleanFCN clean
Definition: service_api.h:220
RNAServiceValidationInitFCN init
Definition: service_api.h:215
RNAServiceValidationPort * pp
Definition: service_api.h:216
struct RNAServiceValidationModule * next
Definition: service_api.h:218
const ServiceApi * api
Definition: service_api.h:217
void(* RemovePorts)(RNAServiceValidationFCN validate, struct appIdConfig_ *pConfig)
Definition: service_api.h:91
DynamicPreprocessorData * dpd
Definition: service_api.h:99
void(* RegisterPatternUser)(RNAServiceValidationFCN fcn, uint8_t proto, const uint8_t *pattern, unsigned size, int position, const char *name, struct appIdConfig_ *pConfig)
Definition: service_api.h:92
void(* RegisterAppId)(RNAServiceValidationFCN fcn, tAppId appId, uint32_t additionalInfo, struct appIdConfig_ *pConfig)
Definition: service_api.h:95
int(* AddPort)(struct _RNA_SERVICE_VALIDATION_PP *pp, struct RNAServiceValidationModule *svm, struct appIdConfig_ *pConfig)
Definition: service_api.h:90
void(* RegisterPattern)(RNAServiceValidationFCN fcn, uint8_t proto, const uint8_t *pattern, unsigned size, int position, const char *name, struct appIdConfig_ *pConfig)
Definition: service_api.h:87
struct appIdConfig_ * pAppidConfig
AppId context for which this API should be used.
Definition: service_api.h:100
void(* RegisterDetectorCallback)(RNAServiceCallbackFCN fcn, tAppId appId, struct _Detector *userdata, struct appIdConfig_ *pConfig)
Definition: service_api.h:96
uint32_t instance_id
Definition: service_api.h:98
uint64_t totalValidateTime
Definition: service_api.h:106
RNAServiceValidationFCN validate
Definition: service_api.h:206
const tRNAServiceElement * svc
Definition: service_api.h:200
struct _RNA_tAppIdData_STATE * next
Definition: service_api.h:199
ServiceInProcess service_inprocess
Definition: service_api.h:184
IncompatibleData incompatible_data
Definition: service_api.h:185
ServiceAnalyzeFP analyzefp
Definition: service_api.h:181
AddUser add_user
Definition: service_api.h:189
ServiceFlowdataAddId data_add_id
Definition: service_api.h:178
ServiceFlowdataGet data_get
Definition: service_api.h:175
ServiceFlowdataAddDHCP data_add_dhcp
Definition: service_api.h:179
AddService add_service
Definition: service_api.h:182
ServiceDhcpNewLease dhcpNewLease
Definition: service_api.h:180
AddMultiPayload add_multipayload
Definition: service_api.h:188
AddDnsResponseInfo add_dns_response_info
Definition: service_api.h:193
AddServiceConsumeSubtype add_service_consume_subtype
Definition: service_api.h:190
AddDnsQueryInfo add_dns_query_info
Definition: service_api.h:192
AddMisc add_misc
Definition: service_api.h:191
AddPayload add_payload
Definition: service_api.h:187
AddHostInfo add_host_info
Definition: service_api.h:186
ResetDnsInfo reset_dns_info
Definition: service_api.h:194
ServiceCreateNewFlow flow_new
Definition: service_api.h:177
ServiceFlowdataAdd data_add
Definition: service_api.h:176
FailService fail_service
Definition: service_api.h:183
signed char app_id_debug_session_flag
Definition: service_api.h:63
SFSnortPacket * pkt
Definition: service_api.h:60
const uint8_t * data
Definition: service_api.h:56
tAppIdData * flowp
Definition: service_api.h:59
struct _Detector * userdata
Definition: service_api.h:61
const struct appIdConfig_ * pConfig
Definition: service_api.h:62
Definition: sf_ip.h:91
Definition: IP.H:59
unsigned short uint16_t
Definition: u2openappid.c:53
unsigned int uint32_t
Definition: u2openappid.c:52
unsigned char uint8_t
Definition: u2openappid.c:54