"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/detect.h" (16 Oct 2020, 4164 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "detect.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /* $Id$ */
    2 /*
    3 ** Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    4 ** Copyright (C) 2002-2013 Sourcefire, Inc.
    5 ** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
    6 **
    7 ** This program is free software; you can redistribute it and/or modify
    8 ** it under the terms of the GNU General Public License Version 2 as
    9 ** published by the Free Software Foundation.  You may not use, modify or
   10 ** distribute this program under any other version of the GNU General
   11 ** Public License.
   12 **
   13 ** This program is distributed in the hope that it will be useful,
   14 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
   15 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16 ** GNU General Public License for more details.
   17 **
   18 ** You should have received a copy of the GNU General Public License
   19 ** along with this program; if not, write to the Free Software
   20 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   21 */
   22 
   23 /*  I N C L U D E S  ************************************************/
   24 #ifndef __DETECT_H__
   25 #define __DETECT_H__
   26 
   27 #ifdef HAVE_CONFIG_H
   28 #include "config.h"
   29 #endif
   30 
   31 #include "snort_debug.h"
   32 #include "decode.h"
   33 #include "rules.h"
   34 #include "treenodes.h"
   35 #include "parser.h"
   36 #include "plugbase.h"
   37 #include "log.h"
   38 #include "event.h"
   39 #include "sfutil/sfportobject.h"
   40 
   41 /*  P R O T O T Y P E S  ******************************************************/
   42 extern int do_detect;
   43 extern int do_detect_content;
   44 extern uint16_t event_id;
   45 
   46 /* rule match action functions */
   47 int PassAction(void);
   48 int ActivateAction(Packet *, OptTreeNode *, RuleTreeNode *, Event *);
   49 int AlertAction(Packet *, OptTreeNode *, RuleTreeNode *, Event *);
   50 int DropAction(Packet *, OptTreeNode *, RuleTreeNode *, Event *);
   51 int SDropAction(Packet *, OptTreeNode *, Event *);
   52 int DynamicAction(Packet *, OptTreeNode *, RuleTreeNode *, Event *);
   53 int LogAction(Packet *, OptTreeNode *, RuleTreeNode *, Event *);
   54 
   55 /* detection/manipulation funcs */
   56 int Preprocess(Packet *);
   57 int  Detect(Packet *);
   58 void CallOutputPlugins(Packet *);
   59 int EvalPacket(ListHead *, int, Packet * );
   60 int EvalHeader(RuleTreeNode *, Packet *, int);
   61 int EvalOpts(OptTreeNode *, Packet *);
   62 void TriggerResponses(Packet *, OptTreeNode *);
   63 
   64 int CheckAddrPort(sfip_var_t *, PortObject* , Packet *, uint32_t, int);
   65 
   66 /* detection modules */
   67 int CheckBidirectional(Packet *, struct _RuleTreeNode *, RuleFpList *, int);
   68 int CheckSrcIP(Packet *, struct _RuleTreeNode *, RuleFpList *, int);
   69 int CheckDstIP(Packet *, struct _RuleTreeNode *, RuleFpList *, int);
   70 int CheckSrcIPNotEq(Packet *, struct _RuleTreeNode *, RuleFpList *, int);
   71 int CheckDstIPNotEq(Packet *, struct _RuleTreeNode *, RuleFpList *, int);
   72 int CheckSrcPortEqual(Packet *, struct _RuleTreeNode *, RuleFpList *, int);
   73 int CheckDstPortEqual(Packet *, struct _RuleTreeNode *, RuleFpList *, int);
   74 int CheckSrcPortNotEq(Packet *, struct _RuleTreeNode *, RuleFpList *, int);
   75 int CheckDstPortNotEq(Packet *, struct _RuleTreeNode *, RuleFpList *, int);
   76 
   77 int RuleListEnd(Packet *, struct _RuleTreeNode *, RuleFpList *, int);
   78 int OptListEnd(void *option_data, Packet *p);
   79 
   80 void CallLogPlugins(Packet *, const char *, Event *);
   81 void CallAlertPlugins(Packet *, const char *, Event *);
   82 void CallLogFuncs(Packet *, const char *, ListHead *, Event *);
   83 void CallAlertFuncs(Packet *, const char *, ListHead *, Event *);
   84 
   85 static inline void DisableDetect( Packet *p )
   86 {
   87     DisableAppPreprocessors( p );
   88     do_detect_content = 0;
   89 }
   90 
   91 static inline void DisableAllDetect( Packet *p )
   92 {
   93     DisableAppPreprocessors( p );
   94     do_detect = do_detect_content = 0;
   95 }
   96 
   97 static inline void EnableContentDetect( void )
   98 {
   99     do_detect_content = 1;
  100 }
  101 
  102 static inline void DisablePacketAnalysis( Packet *p )
  103 {
  104     DisableAllPreprocessors ( p );
  105     do_detect = do_detect_content = 0;
  106 }
  107 
  108 static inline void EnableContentPreprocDetection( Packet *p, PreprocEnableMask enabled_pps )
  109 {
  110     EnableContentDetect();
  111     EnablePreprocessors( p, enabled_pps );
  112 }
  113 
  114 /* counter for number of times we evaluate rules.  Used to
  115  * cache result of check for rule option tree nodes. */
  116 extern uint64_t rule_eval_pkt_count;
  117 
  118 
  119 #endif /* __DETECT_H__ */