"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/dynamic-preprocessors/sip/spp_sip.h" (16 Oct 2020, 8276 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "spp_sip.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /* $Id */
    2 
    3 /*
    4 ** Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    5 ** Copyright (C) 2011-2013 Sourcefire, Inc.
    6 **
    7 **
    8 ** This program is free software; you can redistribute it and/or modify
    9 ** it under the terms of the GNU General Public License Version 2 as
   10 ** published by the Free Software Foundation.  You may not use, modify or
   11 ** distribute this program under any other version of the GNU General
   12 ** Public License.
   13 **
   14 ** This program is distributed in the hope that it will be useful,
   15 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
   16 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   17 ** GNU General Public License for more details.
   18 **
   19 ** You should have received a copy of the GNU General Public License
   20 ** along with this program; if not, write to the Free Software
   21 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   22 */
   23 
   24 /*
   25  * spp_sip.h: Definitions, structs, function prototype(s) for
   26  *      the SIP preprocessor.
   27  * Author: Hui Cao
   28  */
   29 
   30 #ifndef SPP_SIP_H
   31 #define SPP_SIP_H
   32 #include <stddef.h>
   33 #include "sfPolicy.h"
   34 #include "sfPolicyUserData.h"
   35 #include "snort_bounds.h"
   36 #include "sip_roptions.h"
   37 #include "sf_ip.h"
   38 
   39 /* Convert port value into an index for the sip_config->ports array */
   40 #define PORT_INDEX(port) port/8
   41 
   42 /* Convert port value into a value for bitwise operations */
   43 #define CONV_PORT(port) 1<<(port%8)
   44 
   45 /*
   46  * Boolean values.
   47  */
   48 #define SIP_TRUE    (1)
   49 #define SIP_FALSE   (0)
   50 
   51 #define SIP_STATUS_CODE_LEN (3)
   52 #define SIP_CONTENT_LEN (5)
   53 /*
   54  * Error codes.
   55  */
   56 #define SIP_SUCCESS (1)
   57 #define SIP_FAILURE (0)
   58 
   59 #define SIP_SESSION_SAVED   (1)
   60 #define SIP_SESSION_INIT    (0)
   61 
   62 typedef struct _SIP_DialogID
   63 {
   64     uint32_t callIdHash;
   65     uint32_t fromTagHash;
   66     uint32_t toTagHash;
   67 } SIP_DialogID;
   68 
   69 
   70 typedef struct _SIP_DialogData
   71 {
   72     SIP_DialogID dlgID;
   73     SIP_DialogState state;
   74     SIPMethodsFlag creator;
   75     uint16_t status_code;
   76     SIP_MediaList mediaSessions;
   77     struct _SIP_DialogData *nextD;
   78     struct _SIP_DialogData *prevD;
   79 } SIP_DialogData;
   80 
   81 typedef struct _SIP_DialogList
   82 {
   83     SIP_DialogData* head;
   84     uint32_t num_dialogs;
   85 }SIP_DialogList;
   86 
   87 /*
   88  * Per-session data block containing current state
   89  * of the SIP preprocessor for the session.
   90  *
   91  * state_flags:     Bit vector describing the current state of the
   92  *              session.
   93  */
   94 typedef struct _sipData
   95 {
   96     uint32_t state_flags;
   97     tSfPolicyId policy_id;
   98     SIP_DialogList dialogs;
   99     SIP_Roptions ropts;
  100     tSfPolicyUserContextId config;
  101 } SIPData;
  102 
  103 typedef struct _SIPMsg
  104 {
  105     uint16_t headerLen;
  106     uint16_t methodLen;
  107     SIPMethodsFlag methodFlag;
  108     uint16_t status_code;
  109 
  110     uint16_t uriLen;
  111     uint16_t callIdLen;
  112     uint16_t cseqNameLen;
  113     uint16_t fromLen;
  114     uint16_t fromTagLen;
  115     uint16_t toLen;
  116     uint16_t toTagLen;
  117     uint16_t viaLen;
  118     uint16_t contactLen;
  119     uint16_t bodyLen;
  120     uint16_t contentTypeLen;
  121     uint32_t content_len;
  122     SIP_DialogID dlgID;
  123     SIP_MediaSession *mediaSession;
  124     char *authorization;
  125     const uint8_t *header;
  126     const uint8_t *body_data;  /* Set to NULL if not applicable */
  127     uint64_t cseqnum;
  128 
  129     uint16_t userNameLen;
  130     uint16_t userAgentLen;
  131     uint16_t serverLen;
  132     bool     mediaUpdated;
  133 
  134     /* nothing after this point is zeroed ...*/
  135     /*Input parameters*/
  136     unsigned char isTcp;
  137 
  138     char *method;
  139     char *uri;
  140     char *call_id;
  141     char *cseqName;
  142     char *from;
  143     char *from_tag;
  144     char *to;
  145     char *to_tag;
  146     char *via;
  147     char *contact;
  148 
  149     char *content_type;
  150     char *content_encode;
  151 
  152     const char *userAgent;
  153     const char *userName;
  154     const char *server;
  155 
  156 
  157 } SIPMsg;
  158 
  159 #define SIPMSG_ZERO_LEN offsetof(SIPMsg, isTcp)
  160 
  161 /*
  162  * Generator id. Define here the same as the official registry
  163  * in generators.h
  164  */
  165 #define GENERATOR_SPP_SIP   140
  166 
  167 /* Ultimately calls SnortEventqAdd */
  168 /* Arguments are: gid, sid, rev, classification, priority, message, rule_info */
  169 #define ALERT(x,y) { _dpd.alertAdd(GENERATOR_SPP_SIP, x, 1, 0, 3, y, 0 ); sip_stats.events++; }
  170 
  171 /*
  172  * SIP preprocessor alert types.
  173  */
  174 #define SIP_EVENT_MAX_SESSIONS        1
  175 #define SIP_EVENT_EMPTY_REQUEST_URI   2
  176 #define SIP_EVENT_BAD_URI             3
  177 #define SIP_EVENT_EMPTY_CALL_ID       4
  178 #define SIP_EVENT_BAD_CALL_ID         5
  179 #define SIP_EVENT_BAD_CSEQ_NUM        6
  180 #define SIP_EVENT_BAD_CSEQ_NAME       7
  181 #define SIP_EVENT_EMPTY_FROM          8
  182 #define SIP_EVENT_BAD_FROM            9
  183 #define SIP_EVENT_EMPTY_TO            10
  184 #define SIP_EVENT_BAD_TO              11
  185 #define SIP_EVENT_EMPTY_VIA           12
  186 #define SIP_EVENT_BAD_VIA             13
  187 #define SIP_EVENT_EMPTY_CONTACT       14
  188 #define SIP_EVENT_BAD_CONTACT         15
  189 #define SIP_EVENT_BAD_CONTENT_LEN     16
  190 #define SIP_EVENT_MULTI_MSGS          17
  191 #define SIP_EVENT_MISMATCH_CONTENT_LEN          18
  192 #define SIP_EVENT_INVALID_CSEQ_NAME             19
  193 #define SIP_EVENT_AUTH_INVITE_REPLAY_ATTACK     20
  194 #define SIP_EVENT_AUTH_INVITE_DIFF_SESSION      21
  195 #define SIP_EVENT_BAD_STATUS_CODE               22
  196 #define SIP_EVENT_EMPTY_CONTENT_TYPE            23
  197 #define SIP_EVENT_INVALID_VERSION               24
  198 #define SIP_EVENT_MISMATCH_METHOD               25
  199 #define SIP_EVENT_UNKOWN_METHOD                 26
  200 #define SIP_EVENT_MAX_DIALOGS_IN_A_SESSION      27
  201 
  202 /*
  203  * SIP preprocessor alert strings.
  204  */
  205 #define SIP_EVENT_MAX_SESSIONS_STR       "(spp_sip) Maximum sessions reached"
  206 #define SIP_EVENT_EMPTY_REQUEST_URI_STR  "(spp_sip) Empty request URI"
  207 #define SIP_EVENT_BAD_URI_STR            "(spp_sip) URI is too long"
  208 #define SIP_EVENT_EMPTY_CALL_ID_STR      "(spp_sip) Empty call-Id"
  209 #define SIP_EVENT_BAD_CALL_ID_STR        "(spp_sip) Call-Id is too long"
  210 #define SIP_EVENT_BAD_CSEQ_NUM_STR       "(spp_sip) CSeq number is too large or negative"
  211 #define SIP_EVENT_BAD_CSEQ_NAME_STR      "(spp_sip) Request name in CSeq is too long"
  212 #define SIP_EVENT_EMPTY_FROM_STR         "(spp_sip) Empty From header"
  213 #define SIP_EVENT_BAD_FROM_STR           "(spp_sip) From header is too long"
  214 #define SIP_EVENT_EMPTY_TO_STR           "(spp_sip) Empty To header"
  215 #define SIP_EVENT_BAD_TO_STR             "(spp_sip) To header is too long"
  216 #define SIP_EVENT_EMPTY_VIA_STR          "(spp_sip) Empty Via header"
  217 #define SIP_EVENT_BAD_VIA_STR            "(spp_sip) Via header is too long"
  218 #define SIP_EVENT_EMPTY_CONTACT_STR      "(spp_sip) Empty Contact"
  219 #define SIP_EVENT_BAD_CONTACT_STR        "(spp_sip) Contact is too long"
  220 #define SIP_EVENT_BAD_CONTENT_LEN_STR    "(spp_sip) Content length is too large or negative"
  221 #define SIP_EVENT_MULTI_MSGS_STR         "(spp_sip) Multiple SIP messages in a packet"
  222 #define SIP_EVENT_MISMATCH_CONTENT_LEN_STR        "(spp_sip) Content length mismatch"
  223 #define SIP_EVENT_INVALID_CSEQ_NAME_STR           "(spp_sip) Request name is invalid"
  224 #define SIP_EVENT_AUTH_INVITE_REPLAY_ATTACK_STR   "(spp_sip) Invite replay attack"
  225 #define SIP_EVENT_AUTH_INVITE_DIFF_SESSION_STR    "(spp_sip) Illegal session information modification"
  226 #define SIP_EVENT_BAD_STATUS_CODE_STR     "(spp_sip) Response status code is not a 3 digit number"
  227 #define SIP_EVENT_EMPTY_CONTENT_TYPE_STR  "(spp_sip) Empty Content-type header"
  228 #define SIP_EVENT_INVALID_VERSION_STR     "(spp_sip) SIP version is invalid"
  229 #define SIP_EVENT_MISMATCH_METHOD_STR     "(spp_sip) Mismatch in METHOD of request and the CSEQ header"
  230 #define SIP_EVENT_UNKOWN_METHOD_STR       "(spp_sip) Method is unknown"
  231 #define SIP_EVENT_MAX_DIALOGS_IN_A_SESSION_STR "(spp_sip) Maximum dialogs within a session reached"
  232 
  233 #define MAX_STAT_CODE      999
  234 #define MIN_STAT_CODE      100
  235 #define TOTAL_RESPONSES 0
  236 #define RESPONSE1XX     1
  237 #define RESPONSE2XX     2
  238 #define RESPONSE3XX     3
  239 #define RESPONSE4XX     4
  240 #define RESPONSE5XX     5
  241 #define RESPONSE6XX     6
  242 #define NUM_OF_RESPONSE_TYPES  10
  243 #define TOTAL_REQUESTS 0
  244 #define NUM_OF_REQUEST_TYPES  SIP_METHOD_USER_DEFINE_MAX
  245 
  246 typedef struct _SIP_Stats
  247 {
  248     uint64_t sessions;
  249     uint64_t events;
  250 
  251     uint64_t dialogs;
  252     uint64_t requests[NUM_OF_REQUEST_TYPES];
  253     uint64_t responses[NUM_OF_RESPONSE_TYPES];
  254     uint64_t ignoreChannels;
  255     uint64_t ignoreSessions;
  256 
  257 } SIP_Stats;
  258 
  259 extern SIP_Stats sip_stats;
  260 extern SIPConfig *sip_eval_config;
  261 extern tSfPolicyUserContextId sip_config;
  262 
  263 
  264 /* Prototypes for public interface */
  265 void SetupSIP(void);
  266 
  267 SIPConfig *getParsingSIPConfig(struct _SnortConfig *);
  268 
  269 #endif /* SPP_SIP_H */