"Fossies" - the Fresh Open Source Software Archive 
Member "snort-2.9.17/src/dynamic-preprocessors/appid/appIdConfig.h" (16 Oct 2020, 10306 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "appIdConfig.h" see the
Fossies "Dox" file reference documentation and the latest
Fossies "Diffs" side-by-side code changes report:
2.9.16.1_vs_2.9.17.
1 /*
2 ** Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
3 ** Copyright (C) 2005-2013 Sourcefire, Inc.
4 **
5 ** This program is free software; you can redistribute it and/or modify
6 ** it under the terms of the GNU General Public License Version 2 as
7 ** published by the Free Software Foundation. You may not use, modify or
8 ** distribute this program under any other version of the GNU General
9 ** Public License.
10 **
11 ** This program is distributed in the hope that it will be useful,
12 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
13 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 ** GNU General Public License for more details.
15 **
16 ** You should have received a copy of the GNU General Public License
17 ** along with this program; if not, write to the Free Software
18 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
19 */
20
21
22 #ifndef __APP_ID_CONFIG_H___
23 #define __APP_ID_CONFIG_H___
24
25 /**
26 * \file appIdConfig.h
27 *
28 * \brief AppId configuration data structures
29 */
30
31 /****************************** INCLUDES **************************************/
32
33 #include <sf_types.h>
34
35 #include "appId.h"
36 #include "client_app_api.h"
37 #include "service_api.h"
38 #include "serviceConfig.h"
39 #include "httpCommon.h"
40 #include "clientAppConfig.h"
41 #include "detector_sip.h"
42
43
44 /******************************* DEFINES **************************************/
45
46 #define APP_ID_MAX_DIRS 16
47 #define APP_ID_PORT_ARRAY_SIZE 65536
48 #define MAX_ZONES 1024
49
50
51 /********************************* TYPES **************************************/
52
53 struct _AppInfoTableEntry;
54 struct DynamicArray;
55 struct ServicePortPattern;
56 struct ClientPortPattern;
57
58 typedef struct _port_ex
59 {
60 int family;
61 struct in6_addr ip;
62 struct in6_addr netmask;
63 } PortExclusion;
64
65 /**
66 * \typedef tAppidGenericConfigItem
67 *
68 * \brief AppId generic configuration item
69 *
70 * Modules can use this generic data structure to store their configuration.
71 * All such generic configurations are stored in genericConfigList. Modules
72 * are responsible for populating the configuration in init() and cleaning it
73 * up in clean() function.
74 *
75 * Currently, IMAP, PO3 and MDNS use this data structure. Lua modules currently
76 * do not have any configuration. They can use this data structure in the future,
77 * if needed.
78 */
79 typedef struct appidGenericConfigItem_
80 {
81 char *name; ///< Module name
82 void *pData; ///< Module configuration data
83 } tAppidGenericConfigItem;
84
85 typedef enum
86 {
87 APPID_REQ_UNINITIALIZED = 0,
88 APPID_REQ_YES,
89 APPID_REQ_NO
90 } tAppIdReq;
91
92 /**
93 * \typedef tAppIdConfig
94 *
95 * \brief AppId dynamic configuration data structure
96 *
97 * Members of this data structure get populated during initialization and reload.
98 * They get freed after reload swap and during exit.
99 */
100 typedef struct appIdConfig_
101 {
102 unsigned max_service_info;
103 unsigned net_list_count;
104 NetworkSet *net_list_list; ///< list of network sets
105 NetworkSet *net_list; ///< list of networks we're analyzing
106 NetworkSet *net_list_by_zone[MAX_ZONES]; ///< list of networks we're analyzing
107 tAppId tcp_port_only[65536]; ///< Service IDs for port-only TCP services
108 tAppId udp_port_only[65536]; ///< Service IDs for port-only UDP services
109 tAppId ip_protocol[256]; ///< Service IDs for non-TCP / UDP protocol services
110
111 SF_LIST client_app_args; ///< List of Client App arguments
112
113 SF_LIST *tcp_port_exclusions_src[APP_ID_PORT_ARRAY_SIZE]; ///< for each potential port, an sflist of PortExclusion structs
114 SF_LIST *udp_port_exclusions_src[APP_ID_PORT_ARRAY_SIZE]; ///< for each potential port, an sflist of PortExclusion structs
115 SF_LIST *tcp_port_exclusions_dst[APP_ID_PORT_ARRAY_SIZE]; ///< for each potential port, an sflist of PortExclusion structs
116 SF_LIST *udp_port_exclusions_dst[APP_ID_PORT_ARRAY_SIZE]; ///< for each potential port, an sflist of PortExclusion structs
117
118 SFXHASH *CHP_glossary; ///< keep track of http multipatterns here
119
120 SFXHASH *AF_indicators; ///< App Forecasting list of "indicator apps"
121 SFXHASH *AF_actives; ///< App Forecasting list of hosts to watch for "forecast apps"
122
123 sfaddr_t *debugHostIp;
124
125 struct _AppInfoTableEntry *AppInfoList;
126 struct _AppInfoTableEntry *AppInfoTable[SF_APPID_MAX];
127 struct _AppInfoTableEntry *AppInfoTableByService[SF_APPID_MAX];
128 struct _AppInfoTableEntry *AppInfoTableByClient[SF_APPID_MAX];
129 struct _AppInfoTableEntry *AppInfoTableByPayload[SF_APPID_MAX];
130 struct DynamicArray *AppInfoTableDyn;
131 SFGHASH *AppNameHash;
132
133 SFXHASH *hostPortCache;
134 SFXHASH *lengthCache;
135
136 tDetectorHttpConfig detectorHttpConfig; ///< HTTP detector configuration
137 tDetectorSipConfig detectorSipConfig; ///< SIP detector configuration
138 tServiceConfig serviceConfig; ///< Common configuration for all services
139 tServiceSslConfig serviceSslConfig; ///< SSL service configuration
140 tServiceDnsConfig serviceDnsConfig; ///< DNS service configuration
141 tClientAppConfig clientAppConfig; ///< Common configuration for all client applications
142 HttpPatternLists httpPatternLists;
143
144 struct ServicePortPattern *servicePortPattern;
145 struct ClientPortPattern *clientPortPattern;
146
147 SF_LIST genericConfigList; ///< List of tAppidGenericConfigItem structures
148
149 tAppIdReq isAppIdAlwaysRequired;
150 } tAppIdConfig;
151
152 #ifdef SIDE_CHANNEL
153 typedef struct _AppIdSSConfig
154 {
155 #ifdef REG_TEST
156 char *startup_input_file;
157 char *runtime_output_file;
158 #endif
159 bool use_side_channel;
160 } AppIdSSConfig;
161 #endif
162
163 /**
164 * \struct tAppidStaticConfig
165 *
166 * \brief AppId static configuration data structure
167 *
168 * Members of this data structure get populated during initialization and freed
169 * during exit. They are not reloadable/reconfigurable.
170 * Note: appid_tp_dir can be reconfigured but gets used by 3rd party reload. AppID
171 * reload does not look at this variable.
172 */
173 struct AppidStaticConfig
174 {
175 unsigned disable_safe_search;
176 const char *appid_thirdparty_dir; /* directory where thirdparty modules are located.*/
177 char* tp_config_path;
178 char* app_stats_filename;
179 unsigned long app_stats_period;
180 unsigned long app_stats_rollover_size;
181 unsigned long app_stats_rollover_time;
182 char* app_id_detector_path;
183 unsigned long memcap;
184 int app_id_dump_ports;
185 int app_id_debug;
186 uint32_t instance_id;
187 char* conf_file;
188 unsigned dns_host_reporting;
189 unsigned referred_appId_disabled;
190 unsigned rtmp_max_packets;
191 unsigned mdns_user_reporting;
192 unsigned ftp_userid_disabled;
193 unsigned chp_userid_disabled;
194 unsigned chp_body_collection_disabled;
195 unsigned chp_fflow_disabled;
196 unsigned chp_body_collection_max;
197 unsigned max_tp_flow_depth;
198 unsigned tp_allow_probes;
199 unsigned host_port_app_cache_lookup_interval;
200 unsigned host_port_app_cache_lookup_range;
201 unsigned multipayload_max_packets;
202 unsigned http_tunnel_detect;
203 uint64_t max_bytes_before_service_fail;
204 uint16_t max_packet_before_service_fail;
205 uint16_t max_packet_service_fail_ignore_bytes;
206 bool http2_detection_enabled; // internal HTTP/2 detection
207 bool is_host_port_app_cache_runtime;
208 bool check_host_port_app_cache;
209 bool check_host_cache_unknown_ssl;
210 bool recheck_for_unknown_appid;
211 bool send_state_sharing_updates;
212 bool allow_port_wildcard_host_cache;
213 bool recheck_for_portservice_appid;
214 tAppIdConfig* newAppIdConfig; // Used only during reload
215 #ifdef SIDE_CHANNEL
216 AppIdSSConfig *appId_ss_config;
217 #endif
218 #ifdef REG_TEST
219 bool appid_reg_test_mode;
220 #endif
221 };
222 typedef struct AppidStaticConfig tAppidStaticConfig;
223
224 void appIdConfigParse(tAppidStaticConfig* appidSC, char *args);
225
226
227 /************************** GLOBAL VARIABLES **********************************/
228
229 /// AppId static configuration data
230 extern tAppidStaticConfig* appidStaticConfig;
231
232 /**
233 * \brief Pointer to AppId dynamic configuration data
234 *
235 * This variable always points to the current active configuration that needs
236 * to be used during packet processing. Lower level functions should restrain
237 * from using this variable directly since they need to be context-agnostic.
238 * A lower-level function (for example, clientCreatePattern()) could be called
239 * during initalization, reload and reconfiguration. Pointer to the right
240 * context information needs to be provided to such functions.
241 */
242 extern tAppIdConfig *pAppidActiveConfig;
243 extern tAppIdConfig *pAppidPassiveConfig;
244
245 /********************* GLOBAL FUNCTION PROTOTYPES ****************************/
246
247 /**
248 * \brief Add generic configuration item to AppID configuration list
249 *
250 * @param pConfig AppID configuration to which this item needs to be added
251 * @param name Module name - needs to be unique per-module
252 * @param pData pointer to module configuration data
253 * @return None
254 */
255 void AppIdAddGenericConfigItem(tAppIdConfig *pConfig, const char *name, void *pData);
256
257 /**
258 * \brief Find a module's configuration in AppID configuration list
259 *
260 * @param pConfig AppID configuration in which the module's configuration needs to be searched
261 * @param name Module name
262 * @return pointer to module configuration data
263 */
264 void *AppIdFindGenericConfigItem(const tAppIdConfig *pConfig, const char *name);
265
266 /**
267 * \brief Remove a module's configuration from AppID configuration list
268 *
269 * Note: This function has to be called after the config item's data (pData) is freed
270 *
271 * @param pConfig AppID configuration in which the module's configuration needs to be searched
272 * @param name Module name
273 * @return None
274 */
275 void AppIdRemoveGenericConfigItem(tAppIdConfig *pConfig, const char *name);
276
277
278 /************************** LOCAL FUNCTIONS **********************************/
279
280 inline static tAppIdConfig *appIdActiveConfigGet(void)
281 {
282 return pAppidActiveConfig;
283 }
284
285 inline static tAppIdConfig *appIdNewConfigGet(void)
286 {
287 return pAppidPassiveConfig;
288 }
289
290 #endif // APPID_CONFIG_H_