snort  2.9.17.1
About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.
  Fossies Dox: snort-2.9.17.1.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

sf_dynamic_preprocessor.h
Go to the documentation of this file.
1 /*
2  * This program is free software; you can redistribute it and/or modify
3  * it under the terms of the GNU General Public License Version 2 as
4  * published by the Free Software Foundation. You may not use, modify or
5  * distribute this program under any other version of the GNU General
6  * Public License.
7  *
8  * This program is distributed in the hope that it will be useful,
9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11  * GNU General Public License for more details.
12  *
13  * You should have received a copy of the GNU General Public License
14  * along with this program; if not, write to the Free Software
15  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16  *
17  * Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
18  * Copyright (C) 2005-2013 Sourcefire, Inc.
19  *
20  * Author: Steven Sturges
21  *
22  * Dynamic Library Loading for Snort
23  *
24  */
25 #ifndef _SF_DYNAMIC_PREPROCESSOR_H_
26 #define _SF_DYNAMIC_PREPROCESSOR_H_
27 
28 #include <ctype.h>
29 #ifdef SF_WCHAR
30 #include <wchar.h>
31 #endif
32 #include "sf_dynamic_meta.h"
33 #include "ipv6_port.h"
34 #include "obfuscation.h"
35 
36 /* specifies that a function does not return
37  * used for quieting Visual Studio warnings
38  */
39 #ifdef WIN32
40 #if _MSC_VER >= 1400
41 #define NORETURN __declspec(noreturn)
42 #else
43 #define NORETURN
44 #endif
45 #else
46 #define NORETURN
47 #endif
48 
49 #ifdef PERF_PROFILING
50 #ifndef PROFILE_PREPROCS_NOREDEF /* Don't redefine this from the main area */
51 #ifdef PROFILING_PREPROCS
52 #undef PROFILING_PREPROCS
53 #endif
54 #define PROFILING_PREPROCS _dpd.profilingPreprocsFunc()
55 #endif
56 #endif
57 
58 #define PREPROCESSOR_DATA_VERSION 28
59 
60 #include "sf_dynamic_common.h"
61 #include "sf_dynamic_engine.h"
62 #include "session_api.h"
63 #include "stream_api.h"
64 #include "str_search.h"
65 #include "obfuscation.h"
66 /*#include "sfportobject.h" */
67 #include "sfcontrol.h"
68 #ifdef SIDE_CHANNEL
69 #include "sidechannel_define.h"
70 #endif
71 #include "idle_processing.h"
72 #include "file_api.h"
73 #include "reload_api.h"
74 
75 struct _PreprocStats;
76 
77 #define MINIMUM_DYNAMIC_PREPROC_ID 10000
78 typedef void (*PreprocessorInitFunc)(struct _SnortConfig *, char *);
79 typedef void * (*AddPreprocFunc)(struct _SnortConfig *, void (*pp_func)(void *, void *), uint16_t, uint32_t, uint32_t);
80 typedef void * (*AddMetaEvalFunc)(struct _SnortConfig *, void (*meta_eval_func)(int, const uint8_t *),
81  uint16_t priority, uint32_t preproc_id);
82 typedef void (*AddPreprocExit)(void (*pp_exit_func) (int, void *), void *arg, uint16_t, uint32_t);
83 typedef void (*AddPreprocUnused)(void (*pp_unused_func) (int, void *), void *arg, uint16_t, uint32_t);
84 typedef void (*AddPreprocConfCheck)(struct _SnortConfig *, int (*pp_conf_chk_func) (struct _SnortConfig *));
85 typedef void (*AddToPostConfList)(struct _SnortConfig *sc, void (*post_config_func)(struct _SnortConfig *, int , void *), void *arg);
87  uint32_t, uint32_t, const char *, void *);
88 typedef uint32_t (*GenSnortEvent)(Packet *p, uint32_t gid, uint32_t sid, uint32_t rev,
89  uint32_t classification, uint32_t priority, const char *msg);
90 #ifdef SNORT_RELOAD
91 typedef void (*PreprocessorReloadFunc)(struct _SnortConfig *, char *, void **);
92 typedef int (*PreprocessorReloadVerifyFunc)(struct _SnortConfig *, void *);
93 typedef void * (*PreprocessorReloadSwapFunc)(struct _SnortConfig *, void *);
94 typedef void (*PreprocessorReloadSwapFreeFunc)(void *);
95 #endif
96 
97 #ifndef SNORT_RELOAD
98 typedef void (*PreprocRegisterFunc)(const char *, PreprocessorInitFunc);
99 #else
100 typedef void (*PreprocRegisterFunc)(const char *, PreprocessorInitFunc,
101  PreprocessorReloadFunc,
102  PreprocessorReloadVerifyFunc,
103  PreprocessorReloadSwapFunc,
104  PreprocessorReloadSwapFreeFunc);
105 typedef void *(*GetRelatedReloadDataFunc)(struct _SnortConfig *, const char *);
106 #endif
107 typedef int (*ThresholdCheckFunc)(unsigned int, unsigned int, sfaddr_t*, sfaddr_t*, long);
108 typedef void (*InlineDropFunc)(void *);
110 typedef bool (*InlineRetryFunc)(void *);
111 typedef void (*ActiveEnableFunc)(int);
112 typedef void (*DisableDetectFunc)(void *);
113 typedef void (*EnableDetectFunc)(void );
114 typedef int (*EnablePreprocessorFunc)(void *, uint32_t);
115 typedef int (*DetectFunc)(void *);
116 typedef void *(*GetRuleInfoByNameFunc)(char *);
117 typedef void *(*GetRuleInfoByIdFunc)(int);
118 typedef int (*printfappendfunc)(char *, int, const char *, ...);
119 typedef char ** (*TokenSplitFunc)(const char *, const char *, const int, int *, const char);
120 typedef void (*TokenFreeFunc)(char ***, int);
121 typedef void (*PreprocStatsNodeFreeFunc)(struct _PreprocStats *stats);
122 typedef void (*AddPreprocProfileFunc)(const char *, void *, int, void *, PreprocStatsNodeFreeFunc freefn);
123 typedef int (*ProfilingFunc)(void);
124 typedef int (*PreprocessFunc)(void *);
125 #ifdef DUMP_BUFFER
126 typedef void (*BufferDumpRegisterFunc)(TraceBuffer * (*)(), unsigned int);
127 #endif
128 typedef void (*PreprocStatsRegisterFunc)(const char *, void (*pp_stats_func)(int));
129 typedef void (*AddPreprocReset)(void (*pp_rst_func) (int, void *), void *arg, uint16_t, uint32_t);
130 typedef void (*AddPreprocResetStats)(void (*pp_rst_stats_func) (int, void *), void *arg, uint16_t, uint32_t);
131 typedef void (*AddPreprocReassemblyPktFunc)(void * (*pp_reass_pkt_func)(void), uint32_t);
133 typedef void (*DisablePreprocessorsFunc)(void *);
134 typedef char** (*DynamicGetHttpXffFieldsFunc)(int* nFields);
135 #ifdef TARGET_BASED
136 typedef int16_t (*FindProtocolReferenceFunc)(const char *);
137 typedef int16_t (*AddProtocolReferenceFunc)(const char *);
138 #if defined(FEAT_OPEN_APPID)
139 typedef const char * (*FindProtocolNameFunc)(int16_t);
140 #endif /* defined(FEAT_OPEN_APPID) */
141 typedef int (*IsAdaptiveConfiguredFunc)(void);
142 typedef int (*IsAdaptiveConfiguredForSnortConfigFunc)(struct _SnortConfig *);
143 #endif
144 typedef void (*IP6BuildFunc)(void *, const void *, int);
145 #define SET_CALLBACK_IP 0
146 #define SET_CALLBACK_ICMP_ORIG 1
147 typedef void (*IP6SetCallbacksFunc)(void *, int, char);
148 typedef void (*AddKeywordOverrideFunc)(struct _SnortConfig *, char *, char *, PreprocOptionInit,
153 
155 
156 typedef char * (*PortArrayFunc)(char *, PortObject *, int *);
157 
158 typedef int (*AlertQueueLog)(void *);
159 typedef void (*AlertQueueControl)(void); /* reset, push, and pop */
160 typedef void (*SetPolicyFunc)(struct _SnortConfig *, tSfPolicyId);
162 typedef void (*ChangePolicyFunc)(tSfPolicyId, void *p);
163 typedef void (*SetFileDataPtrFunc)(uint8_t *,uint16_t );
164 typedef void (*DetectResetFunc)(uint8_t *,uint16_t );
165 typedef void (*SetAltDecodeFunc)(uint16_t );
167 typedef long (*DynamicStrtol)(const char *, char **, int);
168 typedef unsigned long(*DynamicStrtoul)(const char *, char **, int);
169 typedef const char* (*DynamicStrnStr)(const char *, int, const char *);
170 typedef const char* (*DynamicStrcasestr)(const char *, int, const char *);
171 typedef int (*DynamicStrncpy)(char *, const char *, size_t );
172 typedef const char* (*DynamicStrnPbrk)(const char *, int , const char *);
173 
174 typedef int (*EvalRTNFunc)(void *rtn, void *p, int check_ports);
175 
176 typedef void* (*EncodeNew)(void);
177 typedef void (*EncodeDelete)(void*);
178 typedef void (*EncodeUpdate)(void*);
179 typedef int (*EncodeFormat)(uint32_t, const void*, void*, int);
180 
181 typedef void* (*NewGrinderPktPtr)(void *, void *, uint8_t *);
182 typedef void (*DeleteGrinderPktPtr)(void*);
183 typedef bool (*PafEnabledFunc)(void);
184 typedef time_t (*SCPacketTimeFunc)(void);
185 typedef void (*SCGetPktTimeOfDay)(struct timeval *tv);
186 
187 #ifdef SIDE_CHANNEL
188 typedef bool (*SCEnabledFunc)(void);
189 typedef int (*SCRegisterRXHandlerFunc)(uint16_t type, SCMProcessMsgFunc processMsgFunc, void *data);
190 typedef int (*SCPreallocMessageTXFunc)(uint32_t length, SCMsgHdr **hdr, uint8_t **msg_ptr, void **msg_handle);
191 typedef int (*SCEnqueueMessageTXFunc)(SCMsgHdr *hdr, const uint8_t *msg, uint32_t length, void *msg_handle, SCMQMsgFreeFunc msgFreeFunc);
192 #endif
193 
194 
195 
196 typedef char* (*GetLogDirectory)(void);
197 
200 
202 #ifdef ACTIVE_RESPONSE
203 #define SND_BLK_RESP_FLAG_DO_CLIENT 1
204 #define SND_BLK_RESP_FLAG_DO_SERVER 2
205 typedef void (*DynamicSendBlockResponse)(void *packet, const uint8_t* buffer, uint32_t buffer_len, unsigned flags);
206 typedef void (*ActiveInjectDataFunc)(void *, uint32_t, const uint8_t *, uint32_t);
207 typedef void (*ActiveSendForwardResetFunc)(void *);
208 typedef void (*ActiveResponseFunc )(void *, const uint8_t *, uint32_t , uint32_t);
209 // NOTE: DynamicActive_ResponseFunc must match func ptr def Active_ResponseFunc in active.h
210 typedef void (*DynamicActive_ResponseFunc)(Packet *packet, void* data);
211 typedef int (*ActiveQueueResponseFunc )(DynamicActive_ResponseFunc cb, void *);
212 #endif
213 typedef int (*DynamicSetFlowId)(const void* p, uint32_t id);
214 #ifdef HAVE_DAQ_EXT_MODFLOW
215 typedef int (*DynamicModifyFlow)(const DAQ_PktHdr_t *hdr, const DAQ_ModFlow_t* mod);
216 #endif
217 #ifdef HAVE_DAQ_QUERYFLOW
218 typedef int (*DynamicQueryFlow)(const DAQ_PktHdr_t *hdr, DAQ_QueryFlow_t* query);
219 #endif
220 
221 #if defined(DAQ_VERSION) && DAQ_VERSION > 8
222 typedef void (*DynamicDebugPkt)(uint8_t moduleId, uint8_t logLevel, const DAQ_Debug_Packet_Params_t *params, const char *msg, ...);
223 #endif
224 
225 #if defined(DAQ_VERSION) && DAQ_VERSION > 9
226 typedef int (*DynamicIoctl)(unsigned int type, char *buffer, size_t *len);
227 #endif
228 
229 typedef int (*DynamicIsStrEmpty)(const char * );
230 typedef void (*AddPeriodicCheck)(void (*pp_check_func) (int, void *), void *arg, uint16_t, uint32_t, uint32_t);
231 typedef void (*AddPostConfigFuncs)(struct _SnortConfig *, void (*pp_post_config_func) (struct _SnortConfig *, void *), void *arg);
232 typedef int (*AddOutPutModule)(const char *filename);
233 typedef int (*CanWhitelist)(void);
234 
235 #if defined(DAQ_CAPA_CST_TIMEOUT)
236 typedef bool (*CanGetTimeout)(void);
237 typedef void (*GetDaqCapaTimeOutFunc)(bool);
238 typedef void (*RegisterGetDaqCapaTimeoutFunc)(GetDaqCapaTimeOutFunc);
239 GetDaqCapaTimeOutFunc getDaqCapaTimeoutFnPtr;
240 #endif
241 
242 typedef uint32_t (*GetCapability)(void);
243 typedef void (*DisableAllPoliciesFunc)(struct _SnortConfig *);
244 typedef int (*ReenablePreprocBitFunc)(struct _SnortConfig *, unsigned int preproc_id);
245 typedef int (*DynamicCheckValueInRangeFunc)(const char *, char *,
246  unsigned long lo, unsigned long hi, unsigned long *value);
247 typedef bool (*DynamicReadyForProcessFunc) (void* pkt);
248 typedef int (*SslAppIdLookupFunc)(void * ssnptr, const char * serverName, const char * commonName, int32_t *serviceAppId, int32_t *clientAppId, int32_t *payloadAppId);
250 
251 typedef int32_t (*GetAppIdFunc)(void *ssnptr);
253 
254 typedef struct urlQueryContext* (*UrlQueryCreateFunc)(const char *url);
255 typedef void (*UrlQueryDestroyFunc)(struct urlQueryContext *context);
256 typedef int (*UrlQueryMatchFunc)(void *ssnptr, struct urlQueryContext *context, uint16_t inUrlCat, uint16_t inUrlMinRep, uint16_t inUrlMaxRep);
258 
259 typedef int (*UserGroupIdGetFunc)(void *ssnptr, uint32_t *userId, uint32_t *realmId, unsigned *groupIdArray, unsigned groupIdArrayLen);
261 
262 typedef int (*GeoIpAddressLookupFunc)(const sfaddr_t *snortIp, uint16_t *geo);
264 
265 typedef void (*UpdateSSLSSnLogDataFunc)(void *ssnptr, uint8_t logging_on, uint8_t action_is_block, const char *ssl_cert_fingerprint,
266  uint32_t ssl_cert_fingerprint_len, uint32_t ssl_cert_status, uint8_t *ssl_policy_id,
267  uint32_t ssl_policy_id_len, uint32_t ssl_rule_id, uint16_t ssl_cipher_suite, uint8_t ssl_version,
268  uint16_t ssl_actual_action, uint16_t ssl_expected_action, uint32_t ssl_url_category,
269  uint16_t ssl_flow_status, uint32_t ssl_flow_error, uint32_t ssl_flow_messages,
270  uint64_t ssl_flow_flags, char *ssl_server_name, uint8_t *ssl_session_id, uint8_t session_id_len,
271  uint8_t *ssl_ticket_id, uint8_t ticket_id_len);
273 
274 typedef void (*EndSSLSSnLogDataFunc)(void *ssnptr, uint32_t ssl_flow_messages, uint64_t ssl_flow_flags) ;
276 
277 typedef int (*GetSSLActualActionFunc)(void *ssnptr, uint16_t *action);
279 
280 typedef void (*GetIntfDataFunc)(void *ssnptr,int32_t *ingressIntfIndex, int32_t *egressIntfIndex,
281  int32_t *ingressZoneIndex, int32_t *egressZoneIndex) ;
283 
284 typedef void (*SetTlsHostAppIdFunc)(void *ssnptr, const char *serverName, const char *commonName,
285  const char *orgName, const char *subjectAltName, bool isSniMismatch,
286  int32_t *serviceAppId, int32_t *clientAppId, int32_t *payloadAppId);
288 
289 //
290 // SSL Callbacks
291 //
294 typedef void (*SetSSLCallbackFunc)(void *);
295 typedef void* (*GetSSLCallbackFunc)(void);
296 
297 typedef int (*_LoadLibraryFunc)(struct _SnortConfig *sc, const char * const path, int indent);
298 typedef void (*LoadAllLibsFunc)(struct _SnortConfig *sc, const char * const path, _LoadLibraryFunc loadFunc);
299 typedef void * _PluginHandle;
300 typedef _PluginHandle (*OpenDynamicLibraryFunc)(const char * const library_name, int useGlobal);
301 typedef void (*_dlsym_func)(void);
302 typedef _dlsym_func (*GetSymbolFunc)(_PluginHandle handle, char * symbol, DynamicPluginMeta * meta, int fatal);
303 typedef void (*CloseDynamicLibraryFunc)(_PluginHandle handle);
304 
305 #if defined(FEAT_OPEN_APPID)
306 typedef bool (*IsAppIdRequiredFunc)(void);
307 typedef void (*RegisterIsAppIdRequiredFunc)(IsAppIdRequiredFunc);
308 typedef void (*UnregisterIsAppIdRequiredFunc)(IsAppIdRequiredFunc);
309 struct AppIdApi;
310 #endif /* defined(FEAT_OPEN_APPID) */
311 
312 typedef bool (*ReadModeFunc)(void);
313 
314 typedef int (*GetPerfIndicatorsFunc)(void *Request);
315 
317 
318 typedef double (*GetSnortPacketDropPortionFunc)(void);
319 
320 typedef bool (*IsTestModeFunc)(void);
321 
322 typedef struct _SnortConfig* (*GetCurrentSnortConfigFunc)(void);
323 
324 typedef void (*AddPktTraceDataFunc)(int module, int traceLen);
325 
326 typedef const char* (*GetPktTraceActionMsgFunc)();
327 
328 #ifdef SNORT_RELOAD
329 typedef int (*ReloadAdjustRegisterFunc)(struct _SnortConfig* sc, const char* raName,
330  tSfPolicyId raPolicyId, ReloadAdjustFunc raFunc,
331  void *raUserData, ReloadAdjustUserFreeFunc raUserFreeFunc);
332 #endif
333 
334 typedef int (*DynamicSetPreserveFlow)(const void* p);
335 
336 // IPrep Last update count
337 typedef void (*IprepUpdateCountFunc)(uint8_t);
338 
339 typedef int (*RegisterMemoryStatsFunc)(uint preproc, char* preproc_name,
340  int (*MemoryStatsDisplayFunc)(char *buffer));
341 
342 typedef void* (*SnortAllocFunc)(int num, unsigned long size, uint32_t preproc, bool data);
343 
344 typedef void (*SnortFreeFunc)(void * ptr, uint32_t size, uint32_t preproc, bool data);
349 /* FTP data transfer mode */
350 typedef bool (*ftpGetModefunc)(void *ssnptr);
352 typedef void (*LogMsgThrottled)(void*, const char *, ...);
353 
354 #define ENC_DYN_FWD 0x80000000
355 #define ENC_DYN_NET 0x10000000
356 
357 /* Info Data passed to dynamic preprocessor plugin must include:
358  * version
359  * Pointer to AltDecodeBuffer
360  * Pointer to HTTP URI Buffers
361  * Pointer to functions to log Messages, Errors, Fatal Errors
362  * Pointer to function to add preprocessor to list of configure Preprocs
363  * Pointer to function to regsiter preprocessor configuration keyword
364  * Pointer to function to create preprocessor alert
365  */
367 {
368  int version;
369  int size;
370 
374 
380 
382 #ifdef SNORT_RELOAD
383  GetRelatedReloadDataFunc getRelatedReloadData;
384 #endif
394 
398 #ifdef ACTIVE_RESPONSE
399  ActiveEnableFunc activeSetEnabled;
400 #endif
401 
408 
412 
413  char **config_file;
418 
421 #ifdef SF_WCHAR
422  DebugWideMsgFunc debugWideMsg;
423 #endif
424 
426 #ifdef DUMP_BUFFER
427  BufferDumpRegisterFunc registerBufferTracer;
428 #endif
429  char **debugMsgFile;
431 
436 
439 
444 
445 #ifdef TARGET_BASED
446  FindProtocolReferenceFunc findProtocolReference;
447  AddProtocolReferenceFunc addProtocolReference;
448  IsAdaptiveConfiguredFunc isAdaptiveConfigured;
449  IsAdaptiveConfiguredForSnortConfigFunc isAdaptiveConfiguredForSnortConfig;
450 #endif
451 
455 
457 
477 
479 
484 
487 
492 #ifdef SIDE_CHANNEL
493  SCEnabledFunc isSCEnabled;
494  SCRegisterRXHandlerFunc scRegisterRXHandler;
495  SCPreallocMessageTXFunc scAllocMessageTX;
496  SCEnqueueMessageTXFunc scEnqueueMessageTX;
497 #endif
498 
500 
503 
516 #ifdef ACTIVE_RESPONSE
517  DynamicSendBlockResponse dynamicSendBlockResponse;
518 #endif
520 #ifdef HAVE_DAQ_EXT_MODFLOW
521  DynamicModifyFlow dynamicModifyFlow;
522 #endif
523 #ifdef HAVE_DAQ_QUERYFLOW
524  DynamicQueryFlow dynamicQueryFlow;
525 #endif
526 
527 #if defined(DAQ_VERSION) && DAQ_VERSION > 8
528  DynamicDebugPkt dynamicDebugPkt;
529 #endif
530 
531 #if defined(DAQ_VERSION) && DAQ_VERSION > 9
532  DynamicIoctl dynamicIoctl;
533 #endif
534 
545 
548 
549 #ifdef ACTIVE_RESPONSE
550  ActiveInjectDataFunc activeInjectData;
551  ActiveResponseFunc activeSendResponse;
552  ActiveSendForwardResetFunc activeSendForwardReset;
553  ActiveQueueResponseFunc activeQueueResponse;
554 #endif
559 
562 
567 
570 
573 
576 
579 
582 
588 
589  /* Preproc's fetch Snort performance indicators. Used by IAB. */
593 
598 
600 
601 #if defined(FEAT_OPEN_APPID)
602  struct AppIdApi *appIdApi;
603  RegisterIsAppIdRequiredFunc registerIsAppIdRequired;
604  UnregisterIsAppIdRequiredFunc unregisterIsAppIdRequired;
605  IsAppIdRequiredFunc isAppIdRequired;
606 #endif /* defined(FEAT_OPEN_APPID) */
611  char *trace;
615 
616 #ifdef SNORT_RELOAD
617  ReloadAdjustRegisterFunc reloadAdjustRegister;
618 #endif
619 
620 #ifdef DAQ_MODFLOW_TYPE_PRESERVE_FLOW
621  DynamicSetPreserveFlow setPreserveFlow;
622 #endif
627 #if defined(DAQ_CAPA_CST_TIMEOUT)
628  CanGetTimeout canGetTimeout;
629  RegisterGetDaqCapaTimeoutFunc registerGetDaqCapaTimeout;
630 #endif
632 
639 
643 
644 /* Function prototypes for Dynamic Preprocessor Plugins */
646 int LoadDynamicPreprocessor(struct _SnortConfig *sc, const char * const library_name, int indent);
647 void LoadAllDynamicPreprocessors(struct _SnortConfig *sc, const char * const path);
649 
650 int InitDynamicPreprocessors(void);
652 
653 /* This was necessary because of static code analysis not recognizing that
654  * fatalMsg did not return - use instead of fatalMsg
655  */
656 NORETURN void DynamicPreprocessorFatalMessage(const char *format, ...);
657 
659 #endif /* _SF_DYNAMIC_PREPROCESSOR_H_ */
struct AppIdApi appIdApi
void(* IdleProcessingHandler)(void)
int(* MemoryStatsDisplayFunc)(char *buffer)
Definition: memory_stats.h:42
int policy
Definition: pthread.h:1031
const void * value
Definition: pthread.h:918
int const pthread_attr_t void *(*) void arg)
Definition: pthread.h:874
tSfPolicyId(* GetPolicyFunc)(void)
Definition: sfPolicy.h:179
unsigned int tSfPolicyId
Definition: sfPolicy.h:57
tSfPolicyId(* GetParserPolicyFunc)(struct _SnortConfig *)
Definition: sfPolicy.h:181
SFDetectFlagType
int(* IsDetectFlagFunc)(SFDetectFlagType)
void(* SetHttpBufferFunc)(HTTP_BUFFER, const uint8_t *, unsigned)
uint32_t(* GetSnortInstance)(void)
void(* DebugMsgFunc)(uint64_t, const char *,...)
void(* DetectFlagDisableFunc)(SFDetectFlagType)
void(* SetAltDetectFunc)(uint8_t *, uint16_t)
int(* GetAltDetectFunc)(uint8_t **, uint16_t *)
void(* LogMsgFunc)(const char *,...)
const uint8_t *(* GetHttpBufferFunc)(HTTP_BUFFER, unsigned *)
int(* PreprocOptionEval)(void *p, const uint8_t **cursor, void *dataPtr)
void(* PreprocOptionCleanup)(void *dataPtr)
int(* RegisterPreprocRuleOpt)(struct _SnortConfig *, char *, PreprocOptionInit, PreprocOptionEval, PreprocOptionCleanup, PreprocOptionHash, PreprocOptionKeyCompare, PreprocOptionOtnHandler, PreprocOptionFastPatternFunc)
int(* PreprocOptionOtnHandler)(struct _SnortConfig *, void *)
int(* PreprocOptionInit)(struct _SnortConfig *, char *, char *, void **dataPtr)
uint32_t(* PreprocOptionHash)(void *)
int(* PreprocOptionKeyCompare)(void *, void *)
int(* PreprocOptionByteOrderFunc)(void *, int32_t)
int(* PreprocOptionFastPatternFunc)(void *rule_opt_data, int protocol, int direction, FPContentInfo **info)
void(* AddPreprocExit)(void(*pp_exit_func)(int, void *), void *arg, uint16_t, uint32_t)
void(* EncodeDelete)(void *)
int(* _LoadLibraryFunc)(struct _SnortConfig *sc, const char *const path, int indent)
int(* ControlSocketRegisterHandlerFunc)(uint16_t, OOBPreControlFunc, IBControlFunc, OOBPostControlFunc)
struct _DynamicPreprocessorData DynamicPreprocessorData
tSfPolicyId(* GetPolicyFromIdFunc)(uint16_t)
signed char(* ReputationProcessExternalIpFunc)(void *p, sfaddr_t *ip)
void(* DeleteGrinderPktPtr)(void *)
void *(* GetRuleInfoByIdFunc)(int)
int(* SetPreprocReassemblyPktBitFunc)(void *, uint32_t)
void(* LoadAllLibsFunc)(struct _SnortConfig *sc, const char *const path, _LoadLibraryFunc loadFunc)
void *(* AddPreprocFunc)(struct _SnortConfig *, void(*pp_func)(void *, void *), uint16_t, uint32_t, uint32_t)
signed char(* DynamicReadyForProcessFunc)(void *pkt)
void(* RegisterGetSSLActualActionFunc)(GetSSLActualActionFunc)
int(* ReenablePreprocBitFunc)(struct _SnortConfig *, unsigned int preproc_id)
uint32_t(* GetSnortPacketLatencyFunc)(void)
_dlsym_func(* GetSymbolFunc)(_PluginHandle handle, char *symbol, DynamicPluginMeta *meta, int fatal)
double(* GetSnortPacketDropPortionFunc)(void)
void(* IprepUpdateCountFunc)(uint8_t)
signed char(* ReadModeFunc)(void)
void(* SetSSLCallbackFunc)(void *)
signed char(* ftpGetModefunc)(void *ssnptr)
void(* SCGetPktTimeOfDay)(struct timeval *tv)
void(* DisablePreprocessorsFunc)(void *)
void(* RegisterGetAppIdFunc)(GetAppIdFunc)
void(* EnableDetectFunc)(void)
int(* RegisterMemoryStatsFunc)(uint preproc, char *preproc_name, int(*MemoryStatsDisplayFunc)(char *buffer))
void LoadAllDynamicPreprocessors(struct _SnortConfig *sc, const char *const path)
void(* AddPreprocResetStats)(void(*pp_rst_stats_func)(int, void *), void *arg, uint16_t, uint32_t)
void(* EndSSLSSnLogDataFunc)(void *ssnptr, uint32_t ssl_flow_messages, uint64_t ssl_flow_flags)
void *(* GetRuleInfoByNameFunc)(char *)
struct urlQueryContext *(* UrlQueryCreateFunc)(const char *url)
int(* AlertQueueLog)(void *)
char *(* GetLogDirectory)(void)
void(* PreprocStatsNodeFreeFunc)(struct _PreprocStats *stats)
const char *(* GetPktTraceActionMsgFunc)()
int(* RegisterIdleHandler)(IdleProcessingHandler)
int(* AddOutPutModule)(const char *filename)
void(* AddPostConfigFuncs)(struct _SnortConfig *, void(*pp_post_config_func)(struct _SnortConfig *, void *), void *arg)
void(* RegisterSetTlsHostAppIdFunc)(SetTlsHostAppIdFunc)
const char *(* DynamicStrcasestr)(const char *, int, const char *)
uint32_t(* GenSnortEvent)(Packet *p, uint32_t gid, uint32_t sid, uint32_t rev, uint32_t classification, uint32_t priority, const char *msg)
int(* ReputationGetEntryCountFunc)(void)
void(* RegisterUserGroupIdGetFunc)(UserGroupIdGetFunc)
void(* SetFileDataPtrFunc)(uint8_t *, uint16_t)
int LoadDynamicPreprocessor(struct _SnortConfig *sc, const char *const library_name, int indent)
void *(* GetSSLCallbackFunc)(void)
void(* UpdateSSLSSnLogDataFunc)(void *ssnptr, uint8_t logging_on, uint8_t action_is_block, const char *ssl_cert_fingerprint, uint32_t ssl_cert_fingerprint_len, uint32_t ssl_cert_status, uint8_t *ssl_policy_id, uint32_t ssl_policy_id_len, uint32_t ssl_rule_id, uint16_t ssl_cipher_suite, uint8_t ssl_version, uint16_t ssl_actual_action, uint16_t ssl_expected_action, uint32_t ssl_url_category, uint16_t ssl_flow_status, uint32_t ssl_flow_error, uint32_t ssl_flow_messages, uint64_t ssl_flow_flags, char *ssl_server_name, uint8_t *ssl_session_id, uint8_t session_id_len, uint8_t *ssl_ticket_id, uint8_t ticket_id_len)
void *(* AddMetaEvalFunc)(struct _SnortConfig *, void(*meta_eval_func)(int, const uint8_t *), uint16_t priority, uint32_t preproc_id)
void *(* NewGrinderPktPtr)(void *, void *, uint8_t *)
signed char(* ActivePacketWasDroppedFunc)(void)
void(* AddPreprocUnused)(void(*pp_unused_func)(int, void *), void *arg, uint16_t, uint32_t)
void(* DynamicSetSSLPolicyEnabledFunc)(struct _SnortConfig *sc, tSfPolicyId policy, signed char value)
int(* UrlQueryMatchFunc)(void *ssnptr, struct urlQueryContext *context, uint16_t inUrlCat, uint16_t inUrlMinRep, uint16_t inUrlMaxRep)
void(* AddPktTraceDataFunc)(int module, int traceLen)
int(* CanWhitelist)(void)
int(* DynamicSetFlowId)(const void *p, uint32_t id)
void(* AddKeywordOverrideFunc)(struct _SnortConfig *, char *, char *, PreprocOptionInit, PreprocOptionEval, PreprocOptionCleanup, PreprocOptionHash, PreprocOptionKeyCompare, PreprocOptionOtnHandler, PreprocOptionFastPatternFunc)
char **(* TokenSplitFunc)(const char *, const char *, const int, int *, const char)
void(* SnortFreeFunc)(void *ptr, uint32_t size, uint32_t preproc, signed char data)
void(* AddPreprocConfCheck)(struct _SnortConfig *, int(*pp_conf_chk_func)(struct _SnortConfig *))
void DynamicPreprocessorFatalMessage(const char *format,...)
_PluginHandle(* OpenDynamicLibraryFunc)(const char *const library_name, int useGlobal)
char **(* DynamicGetHttpXffFieldsFunc)(int *nFields)
void(* DisableDetectFunc)(void *)
int(* IsPreprocEnabledFunc)(struct _SnortConfig *, uint32_t)
int InitDynamicPreprocessors(void)
char *(* PortArrayFunc)(char *, PortObject *, int *)
void(* DisableAllPoliciesFunc)(struct _SnortConfig *)
const char *(* DynamicStrnStr)(const char *, int, const char *)
void *(* SnortAllocFunc)(int num, unsigned long size, uint32_t preproc, signed char data)
int(* SslAppIdLookupFunc)(void *ssnptr, const char *serverName, const char *commonName, int32_t *serviceAppId, int32_t *clientAppId, int32_t *payloadAppId)
uint32_t(* GetCapability)(void)
int(* AlertQueueAdd)(uint32_t, uint32_t, uint32_t, uint32_t, uint32_t, const char *, void *)
int(* EncodeFormat)(uint32_t, const void *, void *, int)
int(* InitPreprocessorLibFunc)(DynamicPreprocessorData *)
void(* ChangePolicyFunc)(tSfPolicyId, void *p)
struct _SnortConfig *(* GetCurrentSnortConfigFunc)(void)
void(* SetAltDecodeFunc)(uint16_t)
void(* GetIntfDataFunc)(void *ssnptr, int32_t *ingressIntfIndex, int32_t *egressIntfIndex, int32_t *ingressZoneIndex, int32_t *egressZoneIndex)
int(* GeoIpAddressLookupFunc)(const sfaddr_t *snortIp, uint16_t *geo)
void(* RegisterSslAppIdLookupFunc)(SslAppIdLookupFunc)
signed char(* DynamicIsSSLPolicyEnabledFunc)(struct _SnortConfig *sc)
int(* printfappendfunc)(char *, int, const char *,...)
void(* UrlQueryDestroyFunc)(struct urlQueryContext *context)
void(* AddPeriodicCheck)(void(*pp_check_func)(int, void *), void *arg, uint16_t, uint32_t, uint32_t)
#define NORETURN
void(* InlineDropFunc)(void *)
int(* PreprocessFunc)(void *)
void(* RegisterGeoIpAddressLookupFunc)(GeoIpAddressLookupFunc)
void *(* EncodeNew)(void)
int(* UserGroupIdGetFunc)(void *ssnptr, uint32_t *userId, uint32_t *realmId, unsigned *groupIdArray, unsigned groupIdArrayLen)
int32_t(* GetAppIdFunc)(void *ssnptr)
time_t(* SCPacketTimeFunc)(void)
void(* TokenFreeFunc)(char ***, int)
void(* PreprocessorInitFunc)(struct _SnortConfig *, char *)
void(* RegisterEndSSLSSnLogDataFunc)(EndSSLSSnLogDataFunc)
void(* AddPreprocReassemblyPktFunc)(void *(*pp_reass_pkt_func)(void), uint32_t)
void(* RegisterReputationProcessExternalFunc)(ReputationProcessExternalIpFunc)
int(* DetectFunc)(void *)
DynamicPreprocessorData _dpd
int(* GetSSLActualActionFunc)(void *ssnptr, uint16_t *action)
void(* PreprocRegisterFunc)(const char *, PreprocessorInitFunc)
void(* ActiveEnableFunc)(int)
void(* EncodeUpdate)(void *)
void(* LogMsgThrottled)(void *, const char *,...)
void(* CloseDynamicLibraryFunc)(_PluginHandle handle)
void(* AlertQueueControl)(void)
int(* GetPerfIndicatorsFunc)(void *Request)
int(* DynamicStrncpy)(char *, const char *, size_t)
int(* DynamicCheckValueInRangeFunc)(const char *, char *, unsigned long lo, unsigned long hi, unsigned long *value)
void(* RegisterReputationGetEntryCountFunc)(ReputationGetEntryCountFunc)
void RemoveDuplicatePreprocessorPlugins(void)
void(* AddToPostConfList)(struct _SnortConfig *sc, void(*post_config_func)(struct _SnortConfig *, int, void *), void *arg)
void(* DetectFlagEnableFunc)(SFDetectFlagType)
int(* EnablePreprocessorFunc)(void *, uint32_t)
void CloseDynamicPreprocessorLibs(void)
int(* ProfilingFunc)(void)
void(* AddKeywordByteOrderFunc)(char *, PreprocOptionByteOrderFunc)
void(* IP6SetCallbacksFunc)(void *, int, char)
void(* RegisterUpdateSSLSSnLogDataFunc)(UpdateSSLSSnLogDataFunc)
void(* SetPolicyFunc)(struct _SnortConfig *, tSfPolicyId)
void(* DetectResetFunc)(uint8_t *, uint16_t)
unsigned long(* DynamicStrtoul)(const char *, char **, int)
void(* AddPreprocProfileFunc)(const char *, void *, int, void *, PreprocStatsNodeFreeFunc freefn)
void(* PreprocStatsRegisterFunc)(const char *, void(*pp_stats_func)(int))
void(* _dlsym_func)(void)
void(* RegisterUrlQueryFunc)(UrlQueryCreateFunc, UrlQueryDestroyFunc, UrlQueryMatchFunc)
signed char(* PafEnabledFunc)(void)
void * _PluginHandle
void(* RegisterGetIntfDataFunc)(GetIntfDataFunc)
const char *(* DynamicStrnPbrk)(const char *, int, const char *)
signed char(* IsTestModeFunc)(void)
void(* IP6BuildFunc)(void *, const void *, int)
void(* AddPreprocReset)(void(*pp_rst_func)(int, void *), void *arg, uint16_t, uint32_t)
long(* DynamicStrtol)(const char *, char **, int)
int(* EvalRTNFunc)(void *rtn, void *p, int check_ports)
int(* DynamicIsStrEmpty)(const char *)
int(* ThresholdCheckFunc)(unsigned int, unsigned int, sfaddr_t *, sfaddr_t *, long)
void(* SetTlsHostAppIdFunc)(void *ssnptr, const char *serverName, const char *commonName, const char *orgName, const char *subjectAltName, signed char isSniMismatch, int32_t *serviceAppId, int32_t *clientAppId, int32_t *payloadAppId)
int(* DynamicSetPreserveFlow)(const void *p)
void(* RegisterFtpQueryModefunc)(ftpGetModefunc)
signed char(* InlineRetryFunc)(void *)
static char buffer[1024]
Definition: sf_ipvar.c:1119
Secure_Hash_Type type
Definition: sf_sechash.c:53
unsigned int length
Definition: sf_sechash.c:55
#define bool
Definition: sf_types.h:209
int(* OOBPreControlFunc)(uint16_t type, const uint8_t *data, uint32_t length, void **new_context, char *statusBuf, int statusBuf_len)
Definition: sfcontrol.h:77
void(* OOBPostControlFunc)(uint16_t type, void *old_context, struct _THREAD_ELEMENT *te, ControlDataSendFunc f)
Definition: sfcontrol.h:79
int(* IBControlFunc)(uint16_t type, void *new_context, void **old_context)
Definition: sfcontrol.h:78
void(* SCMQMsgFreeFunc)(void *)
int(* SCMProcessMsgFunc)(SCMsgHdr *hdr, const uint8_t *msg, uint32_t length)
const int
Definition: spp_ftptelnet.c:75
__int16 int16_t
Definition: stdint.h:27
__int32 int32_t
Definition: stdint.h:28
OpenDynamicLibraryFunc openDynamicLibrary
InlineDropFunc inlineForceDropSessionAndReset
RegisterGetAppIdFunc registerGetAppId
AddPreprocProfileFunc addPreprocProfileFunc
ReputationGetEntryCountFunc reputation_get_entry_count
GetSnortPacketDropPortionFunc getPacketDropPortion
EnablePreprocessorFunc enablePreprocessor
GeoIpAddressLookupFunc geoIpAddressLookup
GetPktTraceActionMsgFunc getPktTraceActionMsg
RegisterGetIntfDataFunc registerGetIntfData
DynamicSetSSLPolicyEnabledFunc setSSLPolicyEnabled
GetRuleInfoByNameFunc getRuleInfoByName
GetCurrentSnortConfigFunc getCurrentSnortConfig
RegisterMemoryStatsFunc registerMemoryStatsFunc
GetSnortPacketLatencyFunc getPacketLatency
GetPerfIndicatorsFunc getPerfIndicators
ReenablePreprocBitFunc reenablePreprocBit
GetPolicyFromIdFunc getPolicyFromId
UpdateSSLSSnLogDataFunc updateSSLSSnLogData
AddPostConfigFuncs addPostConfigFunc
DynamicCheckValueInRangeFunc checkValueInRange
ControlSocketRegisterHandlerFunc controlSocketRegisterHandler
GetRuleInfoByIdFunc getRuleInfoById
DynamicIsSSLPolicyEnabledFunc isSSLPolicyEnabled
RegisterUserGroupIdGetFunc registerUserGroupIdGet
DynamicGetHttpXffFieldsFunc getHttpXffFields
CloseDynamicLibraryFunc closeDynamicLibrary
PreprocRegisterFunc registerPreproc
GetSSLActualActionFunc getSSLActualAction
AddKeywordByteOrderFunc preprocOptByteOrderKeyword
DetectFlagDisableFunc DetectFlag_Disable
PreprocStatsRegisterFunc registerPreprocStats
AddToPostConfList addFuncToPostConfigList
AddPreprocConfCheck addPreprocConfCheck
DeleteGrinderPktPtr deleteGrinderPkt
RegisterSetTlsHostAppIdFunc registerSetTlsHostAppId
RegisterUrlQueryFunc registerUrlQuery
RegisterEndSSLSSnLogDataFunc registerEndSSLSSnLogData
IP6SetCallbacksFunc ip6SetCallbacks
GetParserPolicyFunc getParserPolicy
RegisterGetSSLActualActionFunc registerGetSSLActualAction
ReputationProcessExternalIpFunc reputation_process_external_ip
RegisterGeoIpAddressLookupFunc registerGeoIpAddressLookup
UrlQueryDestroyFunc urlQueryDestroy
DisableAllPoliciesFunc disableAllPolicies
RegisterIdleHandler registerIdleHandler
IprepUpdateCountFunc setIPRepUpdateCount
EndSSLSSnLogDataFunc endSSLSSnLogData
AddKeywordOverrideFunc preprocOptOverrideKeyword
RegisterUpdateSSLSSnLogDataFunc registerUpdateSSLSSnLogData
RegisterReputationGetEntryCountFunc registerReputationGetEntryCount
RegisterReputationProcessExternalFunc registerReputationProcessExternal
RegisterFtpQueryModefunc registerFtpmodeQuery
DisablePreprocessorsFunc disablePreprocessors
SetTlsHostAppIdFunc setTlsHostAppId
DisableDetectFunc disablePacketAnalysis
ActivePacketWasDroppedFunc active_PacketWasDropped
DynamicReadyForProcessFunc readyForProcess
RegisterPreprocRuleOpt preprocOptRegister
RegisterSslAppIdLookupFunc registerSslAppIdLookup
IsPreprocEnabledFunc isPreprocEnabled
AddPreprocResetStats addPreprocResetStats
Definition: sf_ip.h:91
Definition: IP.H:59
unsigned short uint16_t
Definition: u2openappid.c:53
unsigned int uint32_t
Definition: u2openappid.c:52
unsigned char uint8_t
Definition: u2openappid.c:54