SnortExtras: src/ips_options/ips_urg/ips_urg.cc

"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.1.53.0/src/ips_options/ips_urg/ips_urg.cc" (20 Dec 2022, 4580 Bytes) of package /linux/misc/snort3_extra-3.1.53.0.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "ips_urg.cc" see the Fossies "Dox" file reference documentation.

1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2014-2022 Cisco and/or its affiliates. All rights reserved. 3 // 4 // This program is free software; you can redistribute it and/or modify it 5 // under the terms of the GNU General Public License Version 2 as published 6 // by the Free Software Foundation. You may not use, modify or distribute 7 // this program under any other version of the GNU General Public License. 8 // 9 // This program is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License along 15 // with this program; if not, write to the Free Software Foundation, Inc., 16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 //-------------------------------------------------------------------------- 18 19 // ips_urg.cc author Russ Combs <rucombs@cisco.com> 20 21 #include "framework/ips_option.h" 22 #include "framework/module.h" 23 #include "framework/range.h" 24 #include "hash/hash_key_operations.h" 25 #include "profiler/profiler.h" 26 #include "protocols/packet.h" 27 #include "protocols/tcp.h" 28 29 using namespace snort; 30 31 static const char* s_name = "urg"; 32 static const char* s_help = "detection for TCP urgent pointer"; 33 34 static THREAD_LOCAL ProfileStats tcpUrgPerfStats; 35 36 //------------------------------------------------------------------------- 37 // option 38 //------------------------------------------------------------------------- 39 40 class TcpUrgOption : public IpsOption 41 { 42 public: 43 TcpUrgOption(const RangeCheck& c) : IpsOption(s_name) 44 { config = c; } 45 46 uint32_t hash() const override; 47 bool operator==(const IpsOption&) const override; 48 49 EvalStatus eval(Cursor&, Packet*) override; 50 51 private: 52 RangeCheck config; 53 }; 54 55 uint32_t TcpUrgOption::hash() const 56 { 57 uint32_t a, b, c; 58 59 a = config.op; 60 b = config.min; 61 c = config.max; 62 63 mix_str(a,b,c,get_name()); 64 finalize(a,b,c); 65 66 return c; 67 } 68 69 bool TcpUrgOption::operator==(const IpsOption& ips) const 70 { 71 if ( strcmp(s_name, ips.get_name()) ) 72 return false; 73 74 const TcpUrgOption& rhs = (const TcpUrgOption&)ips; 75 return ( config == rhs.config ); 76 } 77 78 IpsOption::EvalStatus TcpUrgOption::eval(Cursor&, Packet* p) 79 { 80 Profile profile(tcpUrgPerfStats); 81 82 if ( p->ptrs.tcph and p->ptrs.tcph->are_flags_set(TH_URG) and 83 config.eval(p->ptrs.tcph->urp()) ) 84 { 85 return MATCH; 86 } 87 88 return NO_MATCH; 89 } 90 91 //------------------------------------------------------------------------- 92 // module 93 //------------------------------------------------------------------------- 94 95 #define RANGE "0:65535" 96 97 static const Parameter s_params[] = 98 { 99 { "~range", Parameter::PT_INTERVAL, RANGE, nullptr, 100 "check if tcp urgent offset is in given range" }, 101 102 { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } 103 }; 104 105 class UrgModule : public Module 106 { 107 public: 108 UrgModule() : Module(s_name, s_help, s_params) { } 109 110 bool begin(const char*, int, SnortConfig*) override; 111 bool set(const char*, Value&, SnortConfig*) override; 112 113 ProfileStats* get_profile() const override 114 { return &tcpUrgPerfStats; } 115 116 Usage get_usage() const override 117 { return DETECT; } 118 119 public: 120 RangeCheck data; 121 }; 122 123 bool UrgModule::begin(const char*, int, SnortConfig*) 124 { 125 data.init(); 126 return true; 127 } 128 129 bool UrgModule::set(const char*, Value& v, SnortConfig*) 130 { 131 assert(v.is("~range")); 132 return data.validate(v.get_string(), RANGE); 133 } 134 135 //------------------------------------------------------------------------- 136 // api methods 137 //------------------------------------------------------------------------- 138 139 static Module* mod_ctor() 140 { 141 return new UrgModule; 142 } 143 144 static void mod_dtor(Module* m) 145 { 146 delete m; 147 } 148 149 static IpsOption* urg_ctor(Module* p, OptTreeNode*) 150 { 151 UrgModule* m = (UrgModule*)p; 152 return new TcpUrgOption(m->data); 153 } 154 155 static void urg_dtor(IpsOption* p) 156 { 157 delete p; 158 } 159 160 static const IpsApi urg_api = 161 { 162 { 163 PT_IPS_OPTION, 164 sizeof(IpsApi), 165 IPSAPI_VERSION, 166 0, 167 API_RESERVED, 168 API_OPTIONS, 169 s_name, 170 s_help, 171 mod_ctor, 172 mod_dtor 173 }, 174 OPT_TYPE_DETECTION, 175 1, PROTO_BIT__TCP, 176 nullptr, // pinit 177 nullptr, // pterm 178 nullptr, // tinit 179 nullptr, // tterm 180 urg_ctor, 181 urg_dtor, 182 nullptr 183 }; 184 185 SO_PUBLIC const BaseApi* snort_plugins[] = 186 { 187 &urg_api.base, 188 nullptr 189 }; 190