"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/preprocessors/Stream6/stream_common.h" (16 Oct 2020, 12062 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "stream_common.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /****************************************************************************
    2  *
    3  * Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    4  * Copyright (C) 2005-2013 Sourcefire, Inc.
    5  *
    6  * This program is free software; you can redistribute it and/or modify
    7  * it under the terms of the GNU General Public License Version 2 as
    8  * published by the Free Software Foundation.  You may not use, modify or
    9  * distribute this program under any other version of the GNU General
   10  * Public License.
   11  *
   12  * This program is distributed in the hope that it will be useful,
   13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15  * GNU General Public License for more details.
   16  *
   17  * You should have received a copy of the GNU General Public License
   18  * along with this program; if not, write to the Free Software
   19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   20  *
   21  ****************************************************************************/
   22 
   23 #ifndef STREAM_COMMON_H_
   24 #define STREAM_COMMON_H_
   25 
   26 #include <sys/types.h>
   27 #ifndef WIN32
   28 #include <netinet/in.h>
   29 #endif
   30 
   31 #include "sfutil/bitop_funcs.h"
   32 #include "sfutil/sfActionQueue.h"
   33 #include "parser/IpAddrSet.h"
   34 
   35 #include "session_common.h"
   36 #include "stream_api.h"
   37 #include "mempool.h"
   38 #include "sf_types.h"
   39 
   40 #ifdef TARGET_BASED
   41 #include "target-based/sftarget_hostentry.h"
   42 #endif
   43 
   44 #include "sfPolicy.h"
   45 #include "sfPolicyUserData.h"
   46 
   47 //#define STREAM_DEBUG_ENABLED DEBUG
   48 
   49 
   50 /* defaults and limits */
   51 #define STREAM_MAX_MAX_WINDOW       0x3FFFc000  /* max window allowed by TCP */
   52                                                 /* 65535 << 14 (max wscale) */
   53 #define STREAM_MIN_MAX_WINDOW       0
   54 #define MAX_PORTS_TO_PRINT          20
   55 
   56 #define STREAM_DEFAULT_MAX_QUEUED_BYTES 1048576 /* 1 MB */
   57 #define STREAM_MIN_MAX_QUEUED_BYTES 1024       /* Don't let this go below 1024 */
   58 #define STREAM_MAX_MAX_QUEUED_BYTES 0x40000000 /* 1 GB, most we could reach within
   59                                             * largest window scale */
   60 #define AVG_PKT_SIZE            400
   61 #define STREAM_DEFAULT_MAX_QUEUED_SEGS (STREAM_DEFAULT_MAX_QUEUED_BYTES/AVG_PKT_SIZE)
   62 #define STREAM_MIN_MAX_QUEUED_SEGS  2          /* Don't let this go below 2 */
   63 #define STREAM_MAX_MAX_QUEUED_SEGS  0x40000000 /* 1 GB worth of one-byte segments */
   64 
   65 #define STREAM_DEFAULT_MAX_SMALL_SEG_SIZE 0    /* disabled */
   66 #define STREAM_MAX_MAX_SMALL_SEG_SIZE 2048     /* 2048 bytes in single packet, uh, not small */
   67 #define STREAM_MIN_MAX_SMALL_SEG_SIZE 0        /* 0 means disabled */
   68 
   69 #define STREAM_DEFAULT_CONSEC_SMALL_SEGS 0     /* disabled */
   70 #define STREAM_MAX_CONSEC_SMALL_SEGS 2048      /* 2048 single byte packets without acks is alot */
   71 #define STREAM_MIN_CONSEC_SMALL_SEGS 0         /* 0 means disabled */
   72 
   73 #if defined(FEAT_OPEN_APPID)
   74 #define MAX_APP_PROTOCOL_ID  4
   75 #endif /* defined(FEAT_OPEN_APPID) */
   76 
   77 /* target-based policy types */
   78 #define STREAM_POLICY_FIRST     1
   79 #define STREAM_POLICY_LINUX     2
   80 #define STREAM_POLICY_BSD       3
   81 #define STREAM_POLICY_OLD_LINUX 4
   82 #define STREAM_POLICY_LAST      5
   83 #define STREAM_POLICY_WINDOWS   6
   84 #define STREAM_POLICY_SOLARIS   7
   85 #define STREAM_POLICY_HPUX11    8
   86 #define STREAM_POLICY_IRIX      9
   87 #define STREAM_POLICY_MACOS     10
   88 #define STREAM_POLICY_HPUX10    11
   89 #define STREAM_POLICY_VISTA     12
   90 #define STREAM_POLICY_WINDOWS2K3 13
   91 #define STREAM_POLICY_IPS       14
   92 #define STREAM_POLICY_NOACK     15
   93 #define STREAM_POLICY_DEFAULT   STREAM_POLICY_BSD
   94 
   95 #define STREAM_CONFIG_STATEFUL_INSPECTION      0x00000001
   96 #define STREAM_CONFIG_ENABLE_ALERTS            0x00000002
   97 #define STREAM_CONFIG_LOG_STREAMS              0x00000004
   98 #define STREAM_CONFIG_REASS_CLIENT             0x00000008
   99 #define STREAM_CONFIG_REASS_SERVER             0x00000010
  100 #define STREAM_CONFIG_ASYNC                    0x00000020
  101 #define STREAM_CONFIG_SHOW_PACKETS             0x00000040
  102 #define STREAM_CONFIG_FLUSH_ON_ALERT           0x00000080
  103 #define STREAM_CONFIG_REQUIRE_3WHS             0x00000100
  104 #define STREAM_CONFIG_MIDSTREAM_DROP_NOALERT   0x00000200
  105 #define STREAM_CONFIG_IGNORE_ANY               0x00000400
  106 #define STREAM_CONFIG_PERFORMANCE              0x00000800
  107 #define STREAM_CONFIG_STATIC_FLUSHPOINTS       0x00001000
  108 #define STREAM_CONFIG_IPS                      0x00002000
  109 #define STREAM_CONFIG_CHECK_SESSION_HIJACKING  0x00004000
  110 #define STREAM_CONFIG_NO_ASYNC_REASSEMBLY      0x00008000
  111 
  112 /* traffic direction identification */
  113 #define FROM_SERVER     0
  114 #define FROM_RESPONDER  0
  115 #define FROM_CLIENT     1
  116 #define FROM_SENDER     1
  117 
  118 #define STREAM_STATE_NONE                  0x0000
  119 #define STREAM_STATE_SYN                   0x0001
  120 #define STREAM_STATE_SYN_ACK               0x0002
  121 #define STREAM_STATE_ACK                   0x0004
  122 #define STREAM_STATE_ESTABLISHED           0x0008
  123 #define STREAM_STATE_DROP_CLIENT           0x0010
  124 #define STREAM_STATE_DROP_SERVER           0x0020
  125 #define STREAM_STATE_MIDSTREAM             0x0040
  126 #define STREAM_STATE_TIMEDOUT              0x0080
  127 #define STREAM_STATE_UNREACH               0x0100
  128 #define STREAM_STATE_PORT_INSPECT          0x0200
  129 #define STREAM_STATE_CLOSED                0x0800
  130 
  131 /*  D A T A   S T R U C T U R E S  **********************************/
  132 typedef struct _FlushMgr
  133 {
  134     uint32_t   flush_pt;
  135     uint16_t   last_count;
  136     uint16_t   last_size;
  137     uint8_t    flush_policy;
  138     uint8_t    flush_type;
  139     uint8_t    auto_disable;
  140     bool       flush;
  141     //uint8_t    spare;
  142 
  143 } FlushMgr;
  144 
  145 typedef struct _FlushConfig
  146 {
  147     FlushMgr client;
  148     FlushMgr server;
  149     //SF_LIST *dynamic_policy;
  150 #ifdef TARGET_BASED
  151     uint8_t configured;
  152 #endif
  153 } FlushConfig;
  154 
  155 #ifndef DYNAMIC_RANDOM_FLUSH_POINTS
  156 typedef struct _FlushPointList
  157 {
  158     uint8_t    current;
  159     uint8_t    initialized;
  160 
  161     uint32_t   flush_range;
  162     uint32_t   flush_base;  /* Set as value - range/2 */
  163     /* flush_pt is split evently on either side of flush_value, within
  164      * the flush_range.  flush_pt can be from:
  165      * (flush_value - flush_range/2) to (flush_value + flush_range/2)
  166      *
  167      * For example:
  168      * flush_value = 192
  169      * flush_range = 128
  170      * flush_pt will vary from 128 to 256
  171      */
  172     uint32_t *flush_points;
  173 
  174 } FlushPointList;
  175 #endif
  176 
  177 /**list of ignored rules.
  178  */
  179 typedef struct _IgnoredRuleList
  180 {
  181     OptTreeNode *otn;
  182     struct _IgnoredRuleList *next;
  183 } IgnoredRuleList;
  184 
  185 typedef struct _StreamTcpPolicy
  186 {
  187     uint16_t   policy;
  188     uint16_t   reassembly_policy;
  189     uint16_t   flags;
  190     uint16_t   flush_factor;
  191     uint32_t   session_timeout;
  192     uint32_t   max_window;
  193     uint32_t   overlap_limit;
  194     uint32_t   hs_timeout;
  195     IpAddrSet   *bound_addrs;
  196     FlushConfig flush_config[MAX_PORTS];
  197 #ifdef TARGET_BASED
  198     FlushConfig flush_config_protocol[MAX_PROTOCOL_ORDINAL];
  199 #endif
  200 #ifndef DYNAMIC_RANDOM_FLUSH_POINTS
  201     FlushPointList flush_point_list;
  202 #endif
  203     uint32_t   max_queued_bytes;
  204     uint32_t   max_queued_segs;
  205 
  206     uint32_t   max_consec_small_segs;
  207     uint32_t   max_consec_small_seg_size;
  208     char       small_seg_ignore[MAX_PORTS/8];
  209     bool       log_asymmetric_traffic;
  210 
  211 } StreamTcpPolicy;
  212 
  213 typedef struct _StreamTcpConfig
  214 {
  215     StreamTcpPolicy *default_policy;
  216     StreamTcpPolicy **policy_list;
  217 
  218     void* paf_config;
  219 
  220     uint8_t num_policies;
  221     uint16_t session_on_syn;
  222     uint16_t port_filter[MAX_PORTS + 1];
  223 
  224 } StreamTcpConfig;
  225 
  226 typedef struct _StreamUdpPolicy
  227 {
  228     uint32_t   session_timeout;
  229     uint16_t   flags;
  230     IpAddrSet   *bound_addrs;
  231 
  232 } StreamUdpPolicy;
  233 
  234 typedef struct _StreamUdpConfig
  235 {
  236     StreamUdpPolicy *default_policy;
  237     StreamUdpPolicy **policy_list;
  238     uint8_t num_policies;
  239     uint8_t dummy;  /* For alignment */
  240     uint16_t port_filter[MAX_PORTS + 1];
  241 
  242 } StreamUdpConfig;
  243 
  244 typedef struct _StreamIcmpPolicy
  245 {
  246     uint32_t   session_timeout;
  247     //uint16_t   flags;
  248 
  249 } StreamIcmpPolicy;
  250 
  251 typedef struct _StreamIcmpConfig
  252 {
  253     StreamIcmpPolicy default_policy;
  254     uint8_t num_policies;
  255 
  256 } StreamIcmpConfig;
  257 
  258 typedef struct _StreamIpPolicy
  259 {
  260     uint32_t   session_timeout;
  261 
  262 } StreamIpPolicy;
  263 
  264 typedef struct _StreamIpConfig
  265 {
  266     StreamIpPolicy default_policy;
  267 
  268 } StreamIpConfig;
  269 
  270 typedef struct _StreamConfig
  271 {
  272     SessionConfiguration *session_config;
  273     StreamTcpConfig *tcp_config;
  274     StreamUdpConfig *udp_config;
  275     StreamIcmpConfig *icmp_config;
  276     StreamIpConfig *ip_config;
  277 
  278 #ifdef TARGET_BASED
  279     uint8_t service_filter[MAX_PROTOCOL_ORDINAL];
  280 #endif
  281 
  282     bool verified;
  283     bool swapped;
  284     bool reload_config;
  285 
  286 } StreamConfig;
  287 
  288 typedef struct _StreamStats
  289 {
  290     uint32_t   total_tcp_sessions;
  291     uint32_t   total_udp_sessions;
  292     uint32_t   total_icmp_sessions;
  293     uint32_t   total_ip_sessions;
  294     uint32_t   tcp_prunes;
  295     uint32_t   udp_prunes;
  296     uint32_t   icmp_prunes;
  297     uint32_t   ip_prunes;
  298     uint32_t   tcp_timeouts;
  299     uint32_t   tcp_streamtrackers_created;
  300     uint32_t   tcp_streamtrackers_released;
  301     uint32_t   tcp_streamsegs_created;
  302     uint32_t   tcp_streamsegs_released;
  303     uint32_t   tcp_rebuilt_packets;
  304     uint32_t   tcp_rebuilt_seqs_used;
  305     uint32_t   tcp_overlaps;
  306     uint32_t   tcp_discards;
  307     uint32_t   tcp_gaps;
  308     uint32_t   udp_timeouts;
  309     uint32_t   udp_sessions_created;
  310     uint32_t   udp_sessions_released;
  311     uint32_t   udp_discards;
  312     uint32_t   icmp_timeouts;
  313     uint32_t   icmp_sessions_created;
  314     uint32_t   icmp_sessions_released;
  315     uint32_t   ip_timeouts;
  316     uint32_t   events;
  317     uint32_t   internalEvents;
  318     uint32_t   active_tcp_sessions;
  319     uint64_t   active_tcp_memory;
  320     uint32_t   active_udp_sessions;
  321     uint32_t   active_icmp_sessions;
  322     uint32_t   active_ip_sessions;
  323     tPortFilterStats  tcp_port_filter;
  324     tPortFilterStats  udp_port_filter;
  325 } StreamStats;
  326 
  327 /**Whether incoming packets should be ignored or processed.
  328  */
  329 typedef enum {
  330     /**Ignore the packet. */
  331     PORT_MONITOR_PACKET_PROCESS = 0,
  332 
  333     /**Process the packet. */
  334     PORT_MONITOR_PACKET_DISCARD
  335 
  336 } PortMonitorPacketStates;
  337 
  338 void StreamDisableInspection(SessionControlBlock *scb, Packet *p);
  339 
  340 int StreamExpireSession(SessionControlBlock *scb);
  341 int StreamExpire(Packet *p, SessionControlBlock *scb);
  342 
  343 #ifdef ACTIVE_RESPONSE
  344 void StreamActiveResponse(Packet*, SessionControlBlock*);
  345 void SetTTL (SessionControlBlock*, Packet*, int client);
  346 #endif
  347 
  348 void MarkupPacketFlags(Packet *p, SessionControlBlock *ssn);
  349 
  350 #ifdef TARGET_BASED
  351 void setAppProtocolIdFromHostEntry(SessionControlBlock *scb,
  352                                    HostAttributeEntry *host_entry,
  353                                    int direction);
  354 #endif
  355 StreamConfig *getStreamPolicyConfig( tSfPolicyId policy_id, bool parsing );
  356 void StreamFreeConfig(StreamConfig *);
  357 void StreamFreeConfigs(tSfPolicyUserContextId);
  358 void StreamCallHandler(Packet*, unsigned id);
  359 void CallFTPFlushProcessor(Packet *);
  360 
  361 static inline void StreamResetFlowBits( SessionControlBlock *scb )
  362 {
  363     StreamFlowData *flowdata;
  364 
  365     if( ( scb == NULL ) || ( scb->flowdata == NULL ) )
  366         return;
  367 
  368     flowdata = ( StreamFlowData * ) scb->flowdata->data;
  369     boResetBITOP( &( flowdata->boFlowbits ) );
  370 }
  371 
  372 
  373 void setPortFilterList( struct _SnortConfig *sc, uint16_t *portList, IpProto protocol,
  374                         int ignoreAnyAnyRules, tSfPolicyId policyId );
  375 int StreamAnyAnyFlow( uint16_t *portList, OptTreeNode *otn, RuleTreeNode *rtn, int any_any_flow,
  376                       IgnoredRuleList **ppIgnoredRuleList, int ignoreAnyAnyRules );
  377 void s5PrintPortFilter( uint16_t portList[] );
  378 int StreamSetRuntimeConfiguration( SessionControlBlock *scb, uint8_t protocol );
  379 bool getStreamIgnoreAnyConfig (struct _SnortConfig *sc, IpProto protocol);
  380 
  381 // shared stream state
  382 extern StreamStats s5stats;
  383 extern uint32_t firstPacketTime;
  384 extern MemPool s5FlowMempool;
  385 
  386 extern uint32_t session_mem_in_use;
  387 extern SessionConfiguration *stream_session_config;
  388 extern tSfPolicyUserContextId stream_online_config;
  389 extern tSfActionQueueId decoderActionQ;
  390 
  391 void StreamDeleteSession(SessionControlBlock *scb);
  392 
  393 #endif /* STREAM_COMMON_H_ */