"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/dynamic-preprocessors/appid/appIdConfig.h" (16 Oct 2020, 10306 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "appIdConfig.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /*
    2 ** Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    3 ** Copyright (C) 2005-2013 Sourcefire, Inc.
    4 **
    5 ** This program is free software; you can redistribute it and/or modify
    6 ** it under the terms of the GNU General Public License Version 2 as
    7 ** published by the Free Software Foundation.  You may not use, modify or
    8 ** distribute this program under any other version of the GNU General
    9 ** Public License.
   10 **
   11 ** This program is distributed in the hope that it will be useful,
   12 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
   13 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   14 ** GNU General Public License for more details.
   15 **
   16 ** You should have received a copy of the GNU General Public License
   17 ** along with this program; if not, write to the Free Software
   18 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   19 */
   20 
   21 
   22 #ifndef __APP_ID_CONFIG_H___
   23 #define __APP_ID_CONFIG_H___
   24 
   25 /**
   26  * \file appIdConfig.h
   27  *
   28  * \brief AppId configuration data structures
   29  */
   30 
   31 /****************************** INCLUDES **************************************/
   32 
   33 #include <sf_types.h>
   34 
   35 #include "appId.h"
   36 #include "client_app_api.h"
   37 #include "service_api.h"
   38 #include "serviceConfig.h"
   39 #include "httpCommon.h"
   40 #include "clientAppConfig.h"
   41 #include "detector_sip.h"
   42 
   43 
   44 /******************************* DEFINES **************************************/
   45 
   46 #define APP_ID_MAX_DIRS         16
   47 #define APP_ID_PORT_ARRAY_SIZE  65536
   48 #define MAX_ZONES               1024
   49 
   50 
   51 /********************************* TYPES **************************************/
   52 
   53 struct _AppInfoTableEntry;
   54 struct DynamicArray;
   55 struct ServicePortPattern;
   56 struct ClientPortPattern;
   57 
   58 typedef struct _port_ex
   59 {
   60     int family;
   61     struct in6_addr ip;
   62     struct in6_addr netmask;
   63 } PortExclusion;
   64 
   65 /**
   66  * \typedef tAppidGenericConfigItem
   67  *
   68  * \brief AppId generic configuration item
   69  *
   70  * Modules can use this generic data structure to store their configuration.
   71  * All such generic configurations are stored in genericConfigList. Modules
   72  * are responsible for populating the configuration in init() and cleaning it
   73  * up in clean() function.
   74  *
   75  * Currently, IMAP, PO3 and MDNS use this data structure. Lua modules currently
   76  * do not have any configuration. They can use this data structure in the future,
   77  * if needed.
   78  */
   79 typedef struct appidGenericConfigItem_
   80 {
   81     char    *name;  ///< Module name
   82     void    *pData; ///< Module configuration data
   83 } tAppidGenericConfigItem;
   84 
   85 typedef enum
   86 {
   87     APPID_REQ_UNINITIALIZED = 0,
   88     APPID_REQ_YES,
   89     APPID_REQ_NO
   90 } tAppIdReq;
   91 
   92 /**
   93  * \typedef tAppIdConfig
   94  *
   95  * \brief AppId dynamic configuration data structure
   96  *
   97  * Members of this data structure get populated during initialization and reload.
   98  * They get freed after reload swap and during exit.
   99  */
  100 typedef struct appIdConfig_
  101 {
  102     unsigned    max_service_info;
  103     unsigned    net_list_count;
  104     NetworkSet  *net_list_list;         ///< list of network sets
  105     NetworkSet  *net_list;              ///< list of networks we're analyzing
  106     NetworkSet  *net_list_by_zone[MAX_ZONES];    ///< list of networks we're analyzing
  107     tAppId      tcp_port_only[65536];       ///< Service IDs for port-only TCP services
  108     tAppId      udp_port_only[65536];       ///< Service IDs for port-only UDP services
  109     tAppId      ip_protocol[256];           ///< Service IDs for non-TCP / UDP protocol services
  110 
  111     SF_LIST     client_app_args;            ///< List of Client App arguments
  112 
  113     SF_LIST     *tcp_port_exclusions_src[APP_ID_PORT_ARRAY_SIZE];   ///< for each potential port, an sflist of PortExclusion structs
  114     SF_LIST     *udp_port_exclusions_src[APP_ID_PORT_ARRAY_SIZE];   ///< for each potential port, an sflist of PortExclusion structs
  115     SF_LIST     *tcp_port_exclusions_dst[APP_ID_PORT_ARRAY_SIZE];   ///< for each potential port, an sflist of PortExclusion structs
  116     SF_LIST     *udp_port_exclusions_dst[APP_ID_PORT_ARRAY_SIZE];   ///< for each potential port, an sflist of PortExclusion structs
  117 
  118     SFXHASH     *CHP_glossary;              ///< keep track of http multipatterns here
  119 
  120     SFXHASH     *AF_indicators;             ///< App Forecasting list of "indicator apps"
  121     SFXHASH     *AF_actives;                ///< App Forecasting list of hosts to watch for "forecast apps"
  122 
  123     sfaddr_t    *debugHostIp;
  124 
  125     struct _AppInfoTableEntry   *AppInfoList;
  126     struct _AppInfoTableEntry   *AppInfoTable[SF_APPID_MAX];
  127     struct _AppInfoTableEntry   *AppInfoTableByService[SF_APPID_MAX];
  128     struct _AppInfoTableEntry   *AppInfoTableByClient[SF_APPID_MAX];
  129     struct _AppInfoTableEntry   *AppInfoTableByPayload[SF_APPID_MAX];
  130     struct DynamicArray         *AppInfoTableDyn;
  131     SFGHASH                     *AppNameHash;
  132 
  133     SFXHASH                 *hostPortCache;
  134     SFXHASH                 *lengthCache;
  135 
  136     tDetectorHttpConfig     detectorHttpConfig;     ///< HTTP detector configuration
  137     tDetectorSipConfig      detectorSipConfig;      ///< SIP detector configuration
  138     tServiceConfig          serviceConfig;          ///< Common configuration for all services
  139     tServiceSslConfig       serviceSslConfig;       ///< SSL service configuration
  140     tServiceDnsConfig       serviceDnsConfig;       ///< DNS service configuration
  141     tClientAppConfig        clientAppConfig;        ///< Common configuration for all client applications
  142     HttpPatternLists        httpPatternLists;
  143 
  144     struct ServicePortPattern *servicePortPattern;
  145     struct ClientPortPattern  *clientPortPattern;
  146 
  147     SF_LIST                 genericConfigList;      ///< List of tAppidGenericConfigItem structures
  148 
  149     tAppIdReq isAppIdAlwaysRequired;
  150 } tAppIdConfig;
  151 
  152 #ifdef SIDE_CHANNEL
  153 typedef struct _AppIdSSConfig
  154 {
  155 #ifdef REG_TEST
  156     char *startup_input_file;
  157     char *runtime_output_file;
  158 #endif
  159     bool use_side_channel;
  160 } AppIdSSConfig;
  161 #endif
  162 
  163 /**
  164  * \struct tAppidStaticConfig
  165  *
  166  * \brief AppId static configuration data structure
  167  *
  168  * Members of this data structure get populated during initialization and freed
  169  * during exit. They are not reloadable/reconfigurable.
  170  * Note: appid_tp_dir can be reconfigured but gets used by 3rd party reload. AppID
  171  * reload does not look at this variable.
  172  */
  173 struct AppidStaticConfig
  174 {
  175     unsigned    disable_safe_search;
  176     const char *appid_thirdparty_dir;         /* directory where thirdparty modules are located.*/
  177     char* tp_config_path;
  178     char* app_stats_filename;
  179     unsigned long app_stats_period;
  180     unsigned long app_stats_rollover_size;
  181     unsigned long app_stats_rollover_time;
  182     char* app_id_detector_path;
  183     unsigned long memcap;
  184     int app_id_dump_ports;
  185     int app_id_debug;
  186     uint32_t instance_id;
  187     char* conf_file;
  188     unsigned dns_host_reporting;
  189     unsigned referred_appId_disabled;
  190     unsigned rtmp_max_packets;
  191     unsigned mdns_user_reporting;
  192     unsigned ftp_userid_disabled;
  193     unsigned chp_userid_disabled;
  194     unsigned chp_body_collection_disabled;
  195     unsigned chp_fflow_disabled;
  196     unsigned chp_body_collection_max;
  197     unsigned max_tp_flow_depth;
  198     unsigned tp_allow_probes;
  199     unsigned host_port_app_cache_lookup_interval;
  200     unsigned host_port_app_cache_lookup_range;
  201     unsigned multipayload_max_packets;
  202     unsigned http_tunnel_detect;
  203     uint64_t max_bytes_before_service_fail;
  204     uint16_t max_packet_before_service_fail;
  205     uint16_t max_packet_service_fail_ignore_bytes;
  206     bool http2_detection_enabled;    // internal HTTP/2 detection
  207     bool is_host_port_app_cache_runtime;
  208     bool check_host_port_app_cache;
  209     bool check_host_cache_unknown_ssl;
  210     bool recheck_for_unknown_appid;
  211     bool send_state_sharing_updates;
  212     bool allow_port_wildcard_host_cache;
  213     bool recheck_for_portservice_appid;
  214     tAppIdConfig* newAppIdConfig;    // Used only during reload
  215 #ifdef SIDE_CHANNEL
  216     AppIdSSConfig *appId_ss_config;
  217 #endif
  218 #ifdef REG_TEST
  219     bool appid_reg_test_mode;
  220 #endif
  221 };
  222 typedef struct AppidStaticConfig tAppidStaticConfig;
  223 
  224 void appIdConfigParse(tAppidStaticConfig* appidSC, char *args);
  225 
  226 
  227 /************************** GLOBAL VARIABLES **********************************/
  228 
  229 /// AppId static configuration data
  230 extern tAppidStaticConfig* appidStaticConfig;
  231 
  232 /**
  233  * \brief Pointer to AppId dynamic configuration data
  234  *
  235  * This variable always points to the current active configuration that needs
  236  * to be used during packet processing. Lower level functions should restrain
  237  * from using this variable directly since they need to be context-agnostic.
  238  * A lower-level function (for example, clientCreatePattern()) could be called
  239  * during initalization, reload and reconfiguration. Pointer to the right
  240  * context information needs to be provided to such functions.
  241  */
  242 extern tAppIdConfig         *pAppidActiveConfig;
  243 extern tAppIdConfig         *pAppidPassiveConfig;
  244 
  245 /********************* GLOBAL FUNCTION PROTOTYPES ****************************/
  246 
  247 /**
  248  * \brief Add generic configuration item to AppID configuration list
  249  *
  250  * @param pConfig AppID configuration to which this item needs to be added
  251  * @param name Module name - needs to be unique per-module
  252  * @param pData pointer to module configuration data
  253  * @return None
  254  */
  255 void AppIdAddGenericConfigItem(tAppIdConfig *pConfig, const char *name, void *pData);
  256 
  257 /**
  258  * \brief Find a module's configuration in AppID configuration list
  259  *
  260  * @param pConfig AppID configuration in which the module's configuration needs to be searched
  261  * @param name Module name
  262  * @return pointer to module configuration data
  263  */
  264 void *AppIdFindGenericConfigItem(const tAppIdConfig *pConfig, const char *name);
  265 
  266 /**
  267  * \brief Remove a module's configuration from AppID configuration list
  268  *
  269  * Note: This function has to be called after the config item's data (pData) is freed
  270  *
  271  * @param pConfig AppID configuration in which the module's configuration needs to be searched
  272  * @param name Module name
  273  * @return None
  274  */
  275 void AppIdRemoveGenericConfigItem(tAppIdConfig *pConfig, const char *name);
  276 
  277 
  278 /************************** LOCAL FUNCTIONS **********************************/
  279 
  280 inline static tAppIdConfig *appIdActiveConfigGet(void)
  281 {
  282     return pAppidActiveConfig;
  283 }
  284 
  285 inline static tAppIdConfig *appIdNewConfigGet(void)
  286 {
  287     return pAppidPassiveConfig;
  288 }
  289 
  290 #endif // APPID_CONFIG_H_