"Fossies" - the Fresh Open Source Software Archive 
Member "snort3_extra-3.1.53.0/src/ips_options/ips_urg/ips_urg.cc" (20 Dec 2022, 4580 Bytes) of package /linux/misc/snort3_extra-3.1.53.0.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "ips_urg.cc" see the
Fossies "Dox" file reference documentation.
1 //--------------------------------------------------------------------------
2 // Copyright (C) 2014-2022 Cisco and/or its affiliates. All rights reserved.
3 //
4 // This program is free software; you can redistribute it and/or modify it
5 // under the terms of the GNU General Public License Version 2 as published
6 // by the Free Software Foundation. You may not use, modify or distribute
7 // this program under any other version of the GNU General Public License.
8 //
9 // This program is distributed in the hope that it will be useful, but
10 // WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 // General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License along
15 // with this program; if not, write to the Free Software Foundation, Inc.,
16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 //--------------------------------------------------------------------------
18
19 // ips_urg.cc author Russ Combs <rucombs@cisco.com>
20
21 #include "framework/ips_option.h"
22 #include "framework/module.h"
23 #include "framework/range.h"
24 #include "hash/hash_key_operations.h"
25 #include "profiler/profiler.h"
26 #include "protocols/packet.h"
27 #include "protocols/tcp.h"
28
29 using namespace snort;
30
31 static const char* s_name = "urg";
32 static const char* s_help = "detection for TCP urgent pointer";
33
34 static THREAD_LOCAL ProfileStats tcpUrgPerfStats;
35
36 //-------------------------------------------------------------------------
37 // option
38 //-------------------------------------------------------------------------
39
40 class TcpUrgOption : public IpsOption
41 {
42 public:
43 TcpUrgOption(const RangeCheck& c) : IpsOption(s_name)
44 { config = c; }
45
46 uint32_t hash() const override;
47 bool operator==(const IpsOption&) const override;
48
49 EvalStatus eval(Cursor&, Packet*) override;
50
51 private:
52 RangeCheck config;
53 };
54
55 uint32_t TcpUrgOption::hash() const
56 {
57 uint32_t a, b, c;
58
59 a = config.op;
60 b = config.min;
61 c = config.max;
62
63 mix_str(a,b,c,get_name());
64 finalize(a,b,c);
65
66 return c;
67 }
68
69 bool TcpUrgOption::operator==(const IpsOption& ips) const
70 {
71 if ( strcmp(s_name, ips.get_name()) )
72 return false;
73
74 const TcpUrgOption& rhs = (const TcpUrgOption&)ips;
75 return ( config == rhs.config );
76 }
77
78 IpsOption::EvalStatus TcpUrgOption::eval(Cursor&, Packet* p)
79 {
80 Profile profile(tcpUrgPerfStats);
81
82 if ( p->ptrs.tcph and p->ptrs.tcph->are_flags_set(TH_URG) and
83 config.eval(p->ptrs.tcph->urp()) )
84 {
85 return MATCH;
86 }
87
88 return NO_MATCH;
89 }
90
91 //-------------------------------------------------------------------------
92 // module
93 //-------------------------------------------------------------------------
94
95 #define RANGE "0:65535"
96
97 static const Parameter s_params[] =
98 {
99 { "~range", Parameter::PT_INTERVAL, RANGE, nullptr,
100 "check if tcp urgent offset is in given range" },
101
102 { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
103 };
104
105 class UrgModule : public Module
106 {
107 public:
108 UrgModule() : Module(s_name, s_help, s_params) { }
109
110 bool begin(const char*, int, SnortConfig*) override;
111 bool set(const char*, Value&, SnortConfig*) override;
112
113 ProfileStats* get_profile() const override
114 { return &tcpUrgPerfStats; }
115
116 Usage get_usage() const override
117 { return DETECT; }
118
119 public:
120 RangeCheck data;
121 };
122
123 bool UrgModule::begin(const char*, int, SnortConfig*)
124 {
125 data.init();
126 return true;
127 }
128
129 bool UrgModule::set(const char*, Value& v, SnortConfig*)
130 {
131 assert(v.is("~range"));
132 return data.validate(v.get_string(), RANGE);
133 }
134
135 //-------------------------------------------------------------------------
136 // api methods
137 //-------------------------------------------------------------------------
138
139 static Module* mod_ctor()
140 {
141 return new UrgModule;
142 }
143
144 static void mod_dtor(Module* m)
145 {
146 delete m;
147 }
148
149 static IpsOption* urg_ctor(Module* p, OptTreeNode*)
150 {
151 UrgModule* m = (UrgModule*)p;
152 return new TcpUrgOption(m->data);
153 }
154
155 static void urg_dtor(IpsOption* p)
156 {
157 delete p;
158 }
159
160 static const IpsApi urg_api =
161 {
162 {
163 PT_IPS_OPTION,
164 sizeof(IpsApi),
165 IPSAPI_VERSION,
166 0,
167 API_RESERVED,
168 API_OPTIONS,
169 s_name,
170 s_help,
171 mod_ctor,
172 mod_dtor
173 },
174 OPT_TYPE_DETECTION,
175 1, PROTO_BIT__TCP,
176 nullptr, // pinit
177 nullptr, // pterm
178 nullptr, // tinit
179 nullptr, // tterm
180 urg_ctor,
181 urg_dtor,
182 nullptr
183 };
184
185 SO_PUBLIC const BaseApi* snort_plugins[] =
186 {
187 &urg_api.base,
188 nullptr
189 };
190