"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/preprocessors/Session/session_common.h" (16 Oct 2020, 8488 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "session_common.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /****************************************************************************
    2  *
    3  * Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    4  * Copyright (C) 2004-2013 Sourcefire, Inc.
    5  *
    6  * This program is free software; you can redistribute it and/or modify
    7  * it under the terms of the GNU General Public License Version 2 as
    8  * published by the Free Software Foundation.  You may not use, modify or
    9  * distribute this program under any other version of the GNU General
   10  * Public License.
   11  *
   12  * This program is distributed in the hope that it will be useful,
   13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15  * GNU General Public License for more details.
   16  *
   17  * You should have received a copy of the GNU General Public License
   18  * along with this program; if not, write to the Free Software
   19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   20  *
   21  ****************************************************************************/
   22 
   23 #ifndef SESSION_COMMON_H_
   24 #define SESSION_COMMON_H_
   25 
   26 #include <sys/types.h>
   27 #ifndef WIN32
   28 #include <netinet/in.h>
   29 #endif
   30 
   31 #include "sfutil/bitop_funcs.h"
   32 #include "sfutil/sfActionQueue.h"
   33 #include "parser/IpAddrSet.h"
   34 
   35 #include "session_api.h"
   36 #include "mempool.h"
   37 #include "sf_types.h"
   38 #include "plugbase.h"
   39 
   40 #ifdef TARGET_BASED
   41 #include "target-based/sftarget_hostentry.h"
   42 #endif
   43 
   44 #include "sfPolicy.h"
   45 #include "sfPolicyUserData.h"
   46 
   47 /* defaults and limits */
   48 #define STREAM_DEFAULT_SSN_TIMEOUT  30        /* seconds to timeout a session */
   49 #define STREAM_MAX_SSN_TIMEOUT      3600 * 24 /* max timeout (approx 1 day) */
   50 #define STREAM_MIN_SSN_TIMEOUT      1         /* min timeout (1 second) */
   51 #define STREAM_MIN_ALT_HS_TIMEOUT   0         /* min timeout (0 seconds) */
   52 /* Lower timeout value in seconds to clean up the session
   53  * for receiving valid RST for a ongoing/hanged tcp session.
   54  */
   55 #define STREAM_SSN_RST_TIMEOUT      180
   56 #define STREAM_TRACK_YES            1
   57 #define STREAM_TRACK_NO             0
   58 
   59 #define STREAM_MIN_MAX_WINDOW       0
   60 #define MAX_PORTS_TO_PRINT      20
   61 
   62 /* traffic direction identification */
   63 #define FROM_SERVER     0
   64 #define FROM_RESPONDER  0
   65 #define FROM_CLIENT     1
   66 #define FROM_SENDER     1
   67 
   68 #if defined(FEAT_OPEN_APPID)
   69 #define MAX_APP_PROTOCOL_ID  4
   70 #endif /* defined(FEAT_OPEN_APPID) */
   71 
   72 /*  Control Socket types */
   73 #define CS_TYPE_DEBUG_STREAM_HA     ((PP_STREAM << 7) + 0)     // 0x680 / 1664
   74 
   75 /*  D A T A   S T R U C T U R E S  **********************************/
   76 
   77 typedef void (*NoRefCallback)( void *data );
   78 
   79 #ifdef ENABLE_HA
   80 typedef struct _SessionHAConfig
   81 {
   82     struct timeval min_session_lifetime;
   83     struct timeval min_sync_interval;
   84     char *startup_input_file;
   85     char *runtime_output_file;
   86     char *shutdown_output_file;
   87 #ifdef REG_TEST
   88     char *runtime_input_file;
   89 # endif
   90 # ifdef SIDE_CHANNEL
   91     uint8_t use_side_channel;
   92 # endif
   93     uint8_t use_daq;
   94 } SessionHAConfig;
   95 #endif
   96 
   97 typedef struct _SessionConfiguration
   98 {
   99     char       disabled;
  100     char       track_tcp_sessions;
  101     char       track_udp_sessions;
  102     char       track_icmp_sessions;
  103     char       track_ip_sessions;
  104 #ifdef ENABLE_HA
  105     char       enable_ha;
  106 #endif
  107     uint32_t   max_sessions;
  108     uint32_t   max_tcp_sessions;
  109     uint32_t   max_udp_sessions;
  110     uint32_t   max_icmp_sessions;
  111     uint32_t   max_ip_sessions;
  112     uint16_t   tcp_cache_pruning_timeout;
  113     uint16_t   tcp_cache_nominal_timeout;
  114     uint16_t   udp_cache_pruning_timeout;
  115     uint16_t   udp_cache_nominal_timeout;
  116     uint32_t   memcap;
  117     uint32_t   prune_log_max;
  118     uint32_t   flags;
  119 
  120 #ifdef ACTIVE_RESPONSE
  121     uint32_t   min_response_seconds;
  122     uint8_t    max_active_responses;
  123 #endif
  124 
  125 #ifdef ENABLE_HA
  126     SessionHAConfig *ha_config;
  127 #endif
  128     uint32_t  numSnortPolicies;
  129     uint32_t  *policy_ref_count;
  130 #ifdef SNORT_RELOAD
  131     NoRefCallback no_ref_cb;
  132     void         *no_ref_cb_data;
  133 #endif
  134 } SessionConfiguration;
  135 
  136 #ifdef MPLS
  137 typedef struct _MPLS_Hdr
  138 {
  139     uint16_t length;
  140     uint8_t* start;
  141 }MPLS_Hdr;
  142 #endif
  143 
  144 // this struct is organized by member size for compactness
  145 typedef struct _SessionControlBlock
  146 {
  147     SessionKey *key;
  148 
  149     MemBucket  *proto_specific_data;
  150     StreamAppData *appDataList;
  151 
  152     MemBucket *flowdata; /* add flowbits */
  153 
  154     long       last_data_seen;
  155     uint64_t   expire_time;
  156 
  157     tSfPolicyId napPolicyId;
  158     tSfPolicyId ipsPolicyId;
  159     SessionConfiguration *session_config;
  160     void *stream_config;
  161     void *proto_policy;
  162 
  163     PreprocEvalFuncNode *initial_pp;
  164     PreprocEnableMask enabled_pps;
  165 
  166     uint16_t    session_state;
  167     uint8_t     handler[SE_MAX];
  168 
  169     sfaddr_t    client_ip; // FIXTHIS family and bits should be changed to uint16_t
  170     sfaddr_t    server_ip; // or uint8_t to reduce sizeof from 24 to 20
  171 
  172     uint16_t    client_port;
  173     uint16_t    server_port;
  174     bool        port_guess;
  175     bool        stream_config_stale;
  176 
  177     uint8_t     protocol;
  178 
  179 #ifdef ACTIVE_RESPONSE
  180     uint8_t     response_count;
  181 #endif
  182 
  183     uint8_t  inner_client_ttl;
  184     uint8_t  inner_server_ttl;
  185     uint8_t  outer_client_ttl;
  186     uint8_t  outer_server_ttl;
  187 
  188     StreamHAState ha_state;
  189     StreamHAState cached_ha_state;
  190 
  191 #ifdef ENABLE_HA
  192     struct timeval  ha_next_update;
  193     uint8_t         ha_pending_mask;
  194     uint8_t         ha_flags;
  195 #endif
  196 
  197     bool    ips_os_selected;
  198     bool    session_established;
  199     bool    new_session;
  200     bool    in_oneway_list;
  201     bool    is_session_deletion_delayed;
  202     uint8_t iprep_update_counter;
  203 
  204     // pointers for linking into list of oneway sessions
  205     struct _SessionControlBlock *ows_prev;
  206     struct _SessionControlBlock *ows_next;
  207 
  208 #if defined(FEAT_OPEN_APPID)
  209     int16_t     app_protocol_id[MAX_APP_PROTOCOL_ID];
  210 #endif /* defined(FEAT_OPEN_APPID) */
  211 
  212 #ifdef MPLS
  213    MPLS_Hdr *clientMplsHeader;
  214    MPLS_Hdr *serverMplsHeader;
  215 #endif
  216 } SessionControlBlock;
  217 
  218 
  219 /**Common statistics for tcp and udp packets, maintained by port filtering.
  220  */
  221 typedef struct {
  222     /* packets filtered without further processing by any preprocessor or
  223      * detection engine.
  224      */
  225     uint32_t  filtered;
  226 
  227     /* packets inspected and but processed futher by stream5 preprocessor.
  228      */
  229     uint32_t  inspected;
  230 
  231     /* packets session tracked by stream5 preprocessor.
  232      */
  233     uint32_t  session_tracked;
  234 } tPortFilterStats;
  235 
  236 typedef struct _SessionStatistics
  237 {
  238     uint32_t   total_tcp_sessions;
  239     uint32_t   total_udp_sessions;
  240     uint32_t   total_icmp_sessions;
  241     uint32_t   total_ip_sessions;
  242     uint32_t   tcp_prunes;
  243     uint32_t   udp_prunes;
  244     uint32_t   icmp_prunes;
  245     uint32_t   ip_prunes;
  246     uint32_t   events;
  247     uint32_t   internalEvents;
  248     tPortFilterStats  tcp_port_filter;
  249     tPortFilterStats  udp_port_filter;
  250 } SessionStatistics;
  251 
  252 SessionConfiguration *getSessionConfiguration( bool reload_config );
  253 int SessionTrackingEnabled( SessionConfiguration *config, uint32_t protocol );
  254 uint32_t GetSessionPruneLogMax( void );
  255 uint32_t GetSessionMemCap( void );
  256 void SessionFreeConfig( SessionConfiguration * );
  257 int isPacketFilterDiscard( Packet *p, int ignore_any_rules );
  258 int isPacketFilterDiscardUdp( Packet *p, int ignore_any_rules );
  259 
  260 typedef void ( *set_dir_ports_cb )( Packet *p, SessionControlBlock *scb );
  261 typedef int ( *flush_stream_cb )( Packet *p, SessionControlBlock *scb );
  262 
  263 void registerDirectionPortCallback( uint8_t proto, set_dir_ports_cb cb_func );
  264 void registerFlushStreamCallback( bool client_to_server, flush_stream_cb cb_func );
  265 
  266 #ifdef SNORT_RELOAD
  267 void register_no_ref_policy_callback(SessionConfiguration *session_conf, NoRefCallback cb, void *data);
  268 #endif
  269 
  270 struct session_plugins
  271 {
  272     set_dir_ports_cb set_tcp_dir_ports;
  273     set_dir_ports_cb set_udp_dir_ports;
  274     flush_stream_cb  flush_client_stream;
  275     flush_stream_cb  flush_server_stream;
  276     nap_selector select_session_nap;
  277 };
  278 
  279 struct session_plugins *getSessionPlugins( void );
  280 void freeSessionPlugins( void );
  281 
  282 // shared session state
  283 extern SessionStatistics session_stats;
  284 extern uint32_t firstPacketTime;
  285 extern SessionConfiguration *session_configuration;
  286 
  287 extern uint32_t session_mem_in_use;
  288 extern tSfActionQueueId decoderActionQ;
  289 
  290 
  291 static inline uint64_t CalcJiffies(Packet *p)
  292 {
  293     uint64_t ret = 0;
  294     uint64_t sec = ( uint64_t ) p->pkth->ts.tv_sec * TCP_HZ;
  295     uint64_t usec = ( p->pkth->ts.tv_usec / ( 1000000UL / TCP_HZ ) );
  296 
  297     ret = sec + usec;
  298 
  299     return ret;
  300 }
  301 
  302 
  303 #endif /* SESSION_COMMON_H_ */