"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/file-process/libs/file_lib.h" (16 Oct 2020, 6303 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "file_lib.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /*
    2  **
    3  **
    4  **  Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    5  **  Copyright (C) 2012-2013 Sourcefire, Inc.
    6  **
    7  **  This program is free software; you can redistribute it and/or modify
    8  **  it under the terms of the GNU General Public License Version 2 as
    9  **  published by the Free Software Foundation.  You may not use, modify or
   10  **  distribute this program under any other version of the GNU General
   11  **  Public License.
   12  **
   13  **  This program is distributed in the hope that it will be useful,
   14  **  but WITHOUT ANY WARRANTY; without even the implied warranty of
   15  **  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16  **  GNU General Public License for more details.
   17  **
   18  **  You should have received a copy of the GNU General Public License
   19  **  along with this program; if not, write to the Free Software
   20  **  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   21  **
   22  **  Author(s):  Hui Cao <hcao@sourcefire.com>
   23  **
   24  **  NOTES
   25  **  5.25.12 - Initial Source Code. Hcao
   26  */
   27 
   28 #ifndef __FILE_LIB_H__
   29 #define __FILE_LIB_H__
   30 
   31 #ifdef HAVE_CONFIG_H
   32 #include <config.h>
   33 #endif
   34 
   35 #include <stdint.h>
   36 #include "sf_types.h" /* for bool */
   37 
   38 #include "file_api.h"
   39 #include "sfdaq.h"
   40 
   41 #define SNORT_FILE_TYPE_UNKNOWN          1024  /**/
   42 #define SNORT_FILE_TYPE_CONTINUE         0 /**/
   43 
   44 typedef struct _MagicData
   45 {
   46     uint8_t *content;       /* magic content to match*/
   47     int content_len;        /* length of magic content */
   48     uint32_t offset;             /* pattern search start offset */
   49 
   50     /* Used in ds_list - do not try to iterate after parsing a rule
   51      * since the detection option tree will eliminate duplicates and
   52      * the list may have missing pmds */
   53     struct _MagicData *next; /* ptr to next match struct */
   54 
   55 } MagicData;
   56 
   57 typedef struct _RuleInfo
   58 {
   59     char       *message;
   60     char       *type;
   61     char       *category;
   62     char       *version;
   63     MagicData  *magics;
   64     void       *groups;
   65     uint32_t   id;
   66     uint32_t   rev;
   67 } RuleInfo;
   68 
   69 typedef struct _FileContext
   70 {
   71     bool file_type_enabled;
   72     bool file_signature_enabled;
   73     bool       file_name_saved;
   74     bool       upload;
   75     uint32_t   file_name_size;
   76     uint8_t    *file_name;
   77     uint64_t   file_size;
   78     uint64_t   processed_bytes;
   79     uint8_t    *sha256;
   80     void *     file_type_context;
   81     void *     file_signature_context;
   82     void *     file_config;
   83     time_t     expires;
   84     uint16_t   app_id;
   85     bool file_capture_enabled;
   86     bool partial_file;
   87     uint32_t   file_type_id;
   88     FileCaptureInfo *file_capture;
   89     uint8_t *current_data;  /*current file data*/
   90     uint32_t current_data_len;
   91     File_Verdict verdict;
   92     bool suspend_block_verdict;
   93     /* for some SMB upload cases, file size is not known during SMB negotiation. We are setting 
   94      * SIG_FLUSH during end of stream, but END of file is not set in case of SMB unknown 
   95      * file size upload. This causing file capture to fail. This flag is used to set End of file, 
   96      * only for SMB upload cases.
   97      */
   98     bool smb_unknown_file_size;
   99     void* attached_file_entry;
  100     FileState file_state;
  101     uint32_t file_id;
  102     uint32_t file_config_version;
  103 } FileContext;
  104 
  105 /*Main File Processing functions */
  106 void file_type_id( FileContext* context, uint8_t* file_data, int data_size, FilePosition position);
  107 void file_signature_sha256( FileContext* context, uint8_t* file_data, int data_size, FilePosition position);
  108 
  109 /*File context management*/
  110 FileContext *file_context_create(void);
  111 void file_context_reset(FileContext *context);
  112 void file_context_free(void *context);
  113 /*File properties*/
  114 void file_name_set (FileContext *context, uint8_t *file_name, uint32_t name_size, bool save_in_context);
  115 int file_name_get (FileContext *context, uint8_t **file_name, uint32_t *name_size);
  116 void file_size_set (FileContext *context, uint64_t file_size);
  117 uint64_t file_size_get (FileContext *context);
  118 void file_direction_set (FileContext *context, bool upload);
  119 bool file_direction_get (FileContext *context);
  120 void file_sig_sha256_set (FileContext *context, uint8_t *signature);
  121 uint8_t* file_sig_sha256_get (FileContext *context);
  122 
  123 char* file_type_name(void *conf, uint32_t);
  124 
  125 bool file_IDs_from_type(const void *conf, const char *type,
  126      uint32_t **ids, uint32_t *count);
  127 
  128 bool file_IDs_from_type_version(const void *conf, const char *type,
  129     const char *version, uint32_t **ids, uint32_t *count);
  130 
  131 bool file_IDs_from_group(const void *conf, const char *group,
  132      uint32_t **ids, uint32_t *count);
  133 
  134 extern int64_t file_type_depth;
  135 extern int64_t file_signature_depth;
  136 
  137 #if defined(DEBUG_MSGS) || defined (REG_TEST)
  138 void file_sha256_print(unsigned char *hash);
  139 #endif
  140 
  141 #if defined (DAQ_VERSION) && DAQ_VERSION > 9
  142 const DAQ_PktHdr_t* daq_pktHdr;
  143 #define SAVE_DAQ_PKT_HDR(p) daq_pktHdr = ((Packet*)(p))->pkth
  144 #define FILE_PKT_DEBUG(logLevel, msg, args...)\
  145     SNORT_DEBUG_PKT_LOG(daq_pktHdr,DAQ_DEBUG_PKT_MODULE_SNORTFILEPP,logLevel, msg, ##args)
  146 
  147 #define FILE_EMERGENCY(msg,args...) FILE_PKT_DEBUG(DAQ_DEBUG_PKT_LEVEL_EMERGENCY,msg,##args) 
  148 #define FILE_ALERT(msg,args...) FILE_PKT_DEBUG(DAQ_DEBUG_PKT_LEVEL_ALERT,msg,##args)
  149 #define FILE_CRITICAL(msg,args...) FILE_PKT_DEBUG(DAQ_DEBUG_PKT_LEVEL_CRITICAL,msg,##args)
  150 #define FILE_ERROR(msg,args...) FILE_PKT_DEBUG(DAQ_DEBUG_PKT_LEVEL_ERROR,msg,##args)
  151 #define FILE_WARNING(msg,args...) FILE_PKT_DEBUG(DAQ_DEBUG_PKT_LEVEL_WARNING,msg,##args)
  152 #define FILE_NOTICE(msg,args...) FILE_PKT_DEBUG(DAQ_DEBUG_PKT_LEVEL_NOTICE,msg,##args)
  153 #define FILE_INFO(msg,args...) FILE_PKT_DEBUG(DAQ_DEBUG_PKT_LEVEL_INFO,msg,##args)
  154 #define FILE_DEBUG(msg,args...) FILE_PKT_DEBUG(DAQ_DEBUG_PKT_LEVEL_DEBUG,msg,##args)
  155 
  156 #else
  157 
  158 #define FILE_LOG_MSGS(msg, args...) DEBUG_WRAP(DebugMessage(DEBUG_FILE, msg"\n", ##args);)
  159 #define FILE_EMERGENCY(msg,args...) FILE_LOG_MSGS(msg,##args)
  160 #define FILE_ALERT(msg,args...) FILE_LOG_MSGS(msg,##args)
  161 #define FILE_CRITICAL(msg,args...) FILE_LOG_MSGS(msg,##args)
  162 #define FILE_ERROR(msg,args...) FILE_LOG_MSGS(msg,##args)
  163 #define FILE_WARNING(msg,args...) FILE_LOG_MSGS(msg,##args)
  164 #define FILE_NOTICE(msg,args...) FILE_LOG_MSGS(msg,##args)
  165 #define FILE_INFO(msg,args...) FILE_LOG_MSGS(msg,##args)
  166 #define FILE_DEBUG(msg,args...) FILE_LOG_MSGS(msg,##args)
  167 #define SAVE_DAQ_PKT_HDR(p)
  168 #endif
  169 
  170 #endif
  171