"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.1.53.0/src/ips_options/ips_mss/ips_mss.cc" (20 Dec 2022, 4910 Bytes) of package /linux/misc/snort3_extra-3.1.53.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "ips_mss.cc" see the Fossies "Dox" file reference documentation.

    1 //--------------------------------------------------------------------------
    2 // Copyright (C) 2017-2022 Cisco and/or its affiliates. All rights reserved.
    3 //
    4 // This program is free software; you can redistribute it and/or modify it
    5 // under the terms of the GNU General Public License Version 2 as published
    6 // by the Free Software Foundation.  You may not use, modify or distribute
    7 // this program under any other version of the GNU General Public License.
    8 //
    9 // This program is distributed in the hope that it will be useful, but
   10 // WITHOUT ANY WARRANTY; without even the implied warranty of
   11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   12 // General Public License for more details.
   13 //
   14 // You should have received a copy of the GNU General Public License along
   15 // with this program; if not, write to the Free Software Foundation, Inc.,
   16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   17 //--------------------------------------------------------------------------
   18 
   19 // ips_mss.cc author Russ Combs <rucombs@cisco.com>
   20 
   21 #include "framework/ips_option.h"
   22 #include "framework/module.h"
   23 #include "framework/range.h"
   24 #include "hash/hash_key_operations.h"
   25 #include "profiler/profiler.h"
   26 #include "protocols/packet.h"
   27 #include "protocols/tcp.h"
   28 #include "protocols/tcp_options.h"
   29 
   30 using namespace snort;
   31 
   32 static const char* s_name = "mss";
   33 static const char* s_help = "detection for TCP maximum segment size";
   34 
   35 static THREAD_LOCAL ProfileStats tcpMssPerfStats;
   36 
   37 //-------------------------------------------------------------------------
   38 // option
   39 //-------------------------------------------------------------------------
   40 
   41 class TcpMssOption : public IpsOption
   42 {
   43 public:
   44     TcpMssOption(const RangeCheck& c) : IpsOption(s_name)
   45     { config = c; }
   46 
   47     uint32_t hash() const override;
   48     bool operator==(const IpsOption&) const override;
   49 
   50     EvalStatus eval(Cursor&, Packet*) override;
   51 
   52 private:
   53     RangeCheck config;
   54 };
   55 
   56 uint32_t TcpMssOption::hash() const
   57 {
   58     uint32_t a, b, c;
   59 
   60     a = config.op;
   61     b = config.min;
   62     c = config.max;
   63 
   64     mix_str(a,b,c,get_name());
   65     finalize(a,b,c);
   66 
   67     return c;
   68 }
   69 
   70 bool TcpMssOption::operator==(const IpsOption& ips) const
   71 {
   72     if ( strcmp(s_name, ips.get_name()) )
   73         return false;
   74 
   75     const TcpMssOption& rhs = (const TcpMssOption&)ips;
   76     return ( config == rhs.config );
   77 }
   78 
   79 static bool get_mss(Packet* p, uint16_t& mss)
   80 {
   81     if ( !p->ptrs.tcph )
   82         return false;
   83 
   84     tcp::TcpOptIterator iter(p->ptrs.tcph, p);
   85 
   86     for (const auto& opt : iter)
   87     {
   88         if (opt.code == tcp::TcpOptCode::MAXSEG)
   89         {
   90             mss = opt.data[0] << 8 | opt.data[1];
   91             return true;
   92         }
   93     }
   94     return false;
   95 }
   96 
   97 IpsOption::EvalStatus TcpMssOption::eval(Cursor&, Packet* p)
   98 {
   99     Profile profile(tcpMssPerfStats);
  100     uint16_t mss;
  101 
  102     if ( get_mss(p, mss) and config.eval(mss) )
  103         return MATCH;
  104 
  105     return NO_MATCH;
  106 }
  107 
  108 //-------------------------------------------------------------------------
  109 // module
  110 //-------------------------------------------------------------------------
  111 
  112 #define RANGE "0:65535"
  113 
  114 static const Parameter s_params[] =
  115 {
  116     { "~range", Parameter::PT_INTERVAL, RANGE, nullptr,
  117       "check if TCP MSS is in given range" },
  118 
  119     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
  120 };
  121 
  122 class MssModule : public Module
  123 {
  124 public:
  125     MssModule() : Module(s_name, s_help, s_params) { }
  126 
  127     bool begin(const char*, int, SnortConfig*) override;
  128     bool set(const char*, Value&, SnortConfig*) override;
  129 
  130     ProfileStats* get_profile() const override
  131     { return &tcpMssPerfStats; }
  132 
  133     Usage get_usage() const override
  134     { return DETECT; }
  135 
  136 public:
  137     RangeCheck data;
  138 };
  139 
  140 bool MssModule::begin(const char*, int, SnortConfig*)
  141 {
  142     data.init();
  143     return true;
  144 }
  145 
  146 bool MssModule::set(const char*, Value& v, SnortConfig*)
  147 {
  148     assert(v.is("~range"));
  149     return data.validate(v.get_string(), RANGE);
  150 }
  151 
  152 //-------------------------------------------------------------------------
  153 // api methods
  154 //-------------------------------------------------------------------------
  155 
  156 static Module* mod_ctor()
  157 {
  158     return new MssModule;
  159 }
  160 
  161 static void mod_dtor(Module* m)
  162 {
  163     delete m;
  164 }
  165 
  166 static IpsOption* mss_ctor(Module* p, OptTreeNode*)
  167 {
  168     MssModule* m = (MssModule*)p;
  169     return new TcpMssOption(m->data);
  170 }
  171 
  172 static void mss_dtor(IpsOption* p)
  173 {
  174     delete p;
  175 }
  176 
  177 static const IpsApi mss_api =
  178 {
  179     {
  180         PT_IPS_OPTION,
  181         sizeof(IpsApi),
  182         IPSAPI_VERSION,
  183         0,
  184         API_RESERVED,
  185         API_OPTIONS,
  186         s_name,
  187         s_help,
  188         mod_ctor,
  189         mod_dtor
  190     },
  191     OPT_TYPE_DETECTION,
  192     1, PROTO_BIT__TCP,
  193     nullptr, // pinit
  194     nullptr, // pterm
  195     nullptr, // tinit
  196     nullptr, // tterm
  197     mss_ctor,
  198     mss_dtor,
  199     nullptr
  200 };
  201 
  202 SO_PUBLIC const BaseApi* snort_plugins[] =
  203 {
  204     &mss_api.base,
  205     nullptr
  206 };
  207