"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/detection-plugins/detection_leaf_node.c" (16 Oct 2020, 4321 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "detection_leaf_node.c" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /*
    2 ** Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    3 ** Copyright (C) 2002-2013 Sourcefire, Inc.
    4 ** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
    5 **
    6 ** This program is free software; you can redistribute it and/or modify
    7 ** it under the terms of the GNU General Public License Version 2 as
    8 ** published by the Free Software Foundation.  You may not use, modify or
    9 ** distribute this program under any other version of the GNU General
   10 ** Public License.
   11 **
   12 ** This program is distributed in the hope that it will be useful,
   13 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
   14 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15 ** GNU General Public License for more details.
   16 **
   17 ** You should have received a copy of the GNU General Public License
   18 ** along with this program; if not, write to the Free Software
   19 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   20 */
   21 
   22 /*
   23 CHANGE HISTORY
   24 ==============
   25 
   26 2014-10-30  Victor Roemer   <viroemer@cisco.com>
   27  . REMOVED leaf node evaluation from `detection_options.c'.
   28 */
   29 
   30 #ifdef HAVE_CONFIG_H
   31 #include "config.h"
   32 #endif
   33 
   34 #include "sftarget_reader.h"
   35 
   36 typedef enum _LEAF_STATUS {
   37     Leaf_SkipPorts,
   38     Leaf_CheckPorts,
   39     Leaf_Abort
   40 } LEAF_STATUS;
   41 
   42 #ifdef HACK_DETECTION_LEAF_NODE_C
   43 #include <stdio.h>
   44 #include <stdint.h>
   45 #include <string.h>
   46 #include <stdbool.h>
   47 
   48 // signature.h
   49 typedef enum _ServiceOverride {
   50     ServiceOverride_ElsePorts = 0,
   51     ServiceOverride_AndPorts,
   52     ServiceOverride_OrPorts,
   53     ServiceOverride_Nil
   54 } ServiceOverride;
   55 
   56 typedef struct _ServiceInfo {
   57     uint16_t service_ordinal;
   58 } ServiceInfo;
   59 
   60 typedef struct _SigInfo {
   61     ServiceInfo services[8];
   62     unsigned int num_services;
   63 ServiceOverride service_override;
   64 } SigInfo;
   65 
   66 // treenodes.h
   67 typedef struct {
   68     SigInfo sigInfo;
   69 } OptTreeNode;
   70 
   71 // decode.h
   72 typedef struct {
   73     uint16_t application_protocol_ordinal;
   74 } Packet;
   75 
   76 // detection-plugins/detection_options.h
   77 typedef struct {
   78     OptTreeNode option_data[1];
   79 } detection_option_tree_node_t;
   80 
   81 typedef struct {
   82     Packet p[1];
   83 } detection_option_eval_data_t;
   84 
   85 // prototypes
   86 static inline LEAF_STATUS leaf_node_check_otn_service (OptTreeNode*, Packet*);
   87 static inline LEAF_STATUS detection_leaf_node_eval (detection_option_tree_node_t*, detection_option_eval_data_t*);
   88 #endif // DETECTION_LEAF_NODE_C
   89 
   90 // (detection_option_eval_data_t*) helper(s)
   91 #define PacketService(p)     (p)->application_protocol_ordinal
   92 
   93 // (OptTreeNode*) helper(s)
   94 #define OtnServiceCount(otn) (otn)->sigInfo.num_services
   95 #define OtnAndPorts(otn)     ((otn)->sigInfo.service_override == ServiceOverride_AndPorts)
   96 #define OtnOrPorts(otn)      ((otn)->sigInfo.service_override == ServiceOverride_OrPorts)
   97 #define OtnElsePorts(otn)    ((otn)->sigInfo.service_override == ServiceOverride_ElsePorts)
   98 
   99 //#define PortOnlyRule(otn)    (OtnServiceCount (otn) == 0)
  100 #define PacketUnknown(pkt)   (PacketService (pkt) == 0)
  101 
  102 
  103 static inline LEAF_STATUS
  104 leaf_node_check_otn_service (OptTreeNode * otn, Packet * packet)
  105 {
  106     bool service_match = false;
  107     unsigned int i;
  108 
  109     if (PacketUnknown (packet))
  110     {
  111 #ifdef TARGET_BASED
  112         if (OtnAndPorts (otn))
  113             return (Leaf_Abort);
  114 #endif
  115         return (Leaf_CheckPorts);
  116     }
  117 
  118 #ifdef TARGET_BASED
  119     for (i = 0; i < OtnServiceCount (otn); i++)
  120     {
  121         const uint16_t ordinal = otn->sigInfo.services[ i ].service_ordinal;
  122         if (PacketService (packet) == ordinal)
  123         {
  124             service_match = true;
  125         }
  126     }
  127 #endif
  128 
  129     if (service_match)
  130     {
  131         // identified service matches the rule
  132 #ifdef TARGET_BASED
  133         if (OtnAndPorts (otn))
  134             return (Leaf_CheckPorts);
  135 #endif
  136         return (Leaf_SkipPorts);
  137     }
  138     else
  139     {
  140 #ifdef TARGET_BASED
  141         if (!OtnOrPorts (otn))
  142             return (Leaf_Abort);
  143 #endif
  144     }
  145 
  146     return (Leaf_CheckPorts);
  147 }
  148 
  149 static inline LEAF_STATUS
  150 detection_leaf_node_eval (detection_option_tree_node_t * node,
  151                           detection_option_eval_data_t * eval_data)
  152 {
  153     OptTreeNode *otn = (OptTreeNode*) node->option_data;
  154     Packet * packet = (Packet*) eval_data->p;
  155 
  156 
  157 #ifdef TARGET_BASED
  158     if (!IsAdaptiveConfigured())
  159         return (Leaf_CheckPorts);
  160 #endif
  161 
  162     return leaf_node_check_otn_service (otn, packet);
  163 }