SnortExtras: src/ips_options/ips_urg/ips_urg.cc

"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.0.3-1/src/ips_options/ips_urg/ips_urg.cc" (23 Sep 2020, 4602 Bytes) of package /linux/misc/snort3_extra-3.0.3-1.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "ips_urg.cc" see the Fossies "Dox" file reference documentation.

1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved. 3 // 4 // This program is free software; you can redistribute it and/or modify it 5 // under the terms of the GNU General Public License Version 2 as published 6 // by the Free Software Foundation. You may not use, modify or distribute 7 // this program under any other version of the GNU General Public License. 8 // 9 // This program is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License along 15 // with this program; if not, write to the Free Software Foundation, Inc., 16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 //-------------------------------------------------------------------------- 18 19 // ips_urg.cc author Russ Combs <rucombs@cisco.com> 20 21 #include "framework/ips_option.h" 22 #include "framework/module.h" 23 #include "framework/range.h" 24 #include "hash/hash_key_operations.h" 25 #include "profiler/profiler.h" 26 #include "protocols/packet.h" 27 #include "protocols/tcp.h" 28 29 using namespace snort; 30 31 static const char* s_name = "urg"; 32 static const char* s_help = "detection for TCP urgent pointer"; 33 34 static THREAD_LOCAL ProfileStats tcpUrgPerfStats; 35 36 //------------------------------------------------------------------------- 37 // option 38 //------------------------------------------------------------------------- 39 40 class TcpUrgOption : public IpsOption 41 { 42 public: 43 TcpUrgOption(const RangeCheck& c) : IpsOption(s_name) 44 { config = c; } 45 46 uint32_t hash() const override; 47 bool operator==(const IpsOption&) const override; 48 49 EvalStatus eval(Cursor&, Packet*) override; 50 51 private: 52 RangeCheck config; 53 }; 54 55 uint32_t TcpUrgOption::hash() const 56 { 57 uint32_t a, b, c; 58 59 a = config.op; 60 b = config.min; 61 c = config.max; 62 63 mix_str(a,b,c,get_name()); 64 finalize(a,b,c); 65 66 return c; 67 } 68 69 bool TcpUrgOption::operator==(const IpsOption& ips) const 70 { 71 if ( strcmp(s_name, ips.get_name()) ) 72 return false; 73 74 const TcpUrgOption& rhs = (const TcpUrgOption&)ips; 75 return ( config == rhs.config ); 76 } 77 78 IpsOption::EvalStatus TcpUrgOption::eval(Cursor&, Packet* p) 79 { 80 Profile profile(tcpUrgPerfStats); 81 82 if ( p->ptrs.tcph and p->ptrs.tcph->are_flags_set(TH_URG) and 83 config.eval(p->ptrs.tcph->urp()) ) 84 { 85 return MATCH; 86 } 87 88 return NO_MATCH; 89 } 90 91 //------------------------------------------------------------------------- 92 // module 93 //------------------------------------------------------------------------- 94 95 #define RANGE "0:65535" 96 97 static const Parameter s_params[] = 98 { 99 { "~range", Parameter::PT_INTERVAL, RANGE, nullptr, 100 "check if tcp urgent offset is in given range" }, 101 102 { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } 103 }; 104 105 class UrgModule : public Module 106 { 107 public: 108 UrgModule() : Module(s_name, s_help, s_params) { } 109 110 bool begin(const char*, int, SnortConfig*) override; 111 bool set(const char*, Value&, SnortConfig*) override; 112 113 ProfileStats* get_profile() const override 114 { return &tcpUrgPerfStats; } 115 116 Usage get_usage() const override 117 { return DETECT; } 118 119 public: 120 RangeCheck data; 121 }; 122 123 bool UrgModule::begin(const char*, int, SnortConfig*) 124 { 125 data.init(); 126 return true; 127 } 128 129 bool UrgModule::set(const char*, Value& v, SnortConfig*) 130 { 131 if ( !v.is("~range") ) 132 return false; 133 134 return data.validate(v.get_string(), RANGE); 135 } 136 137 //------------------------------------------------------------------------- 138 // api methods 139 //------------------------------------------------------------------------- 140 141 static Module* mod_ctor() 142 { 143 return new UrgModule; 144 } 145 146 static void mod_dtor(Module* m) 147 { 148 delete m; 149 } 150 151 static IpsOption* urg_ctor(Module* p, OptTreeNode*) 152 { 153 UrgModule* m = (UrgModule*)p; 154 return new TcpUrgOption(m->data); 155 } 156 157 static void urg_dtor(IpsOption* p) 158 { 159 delete p; 160 } 161 162 static const IpsApi urg_api = 163 { 164 { 165 PT_IPS_OPTION, 166 sizeof(IpsApi), 167 IPSAPI_VERSION, 168 0, 169 API_RESERVED, 170 API_OPTIONS, 171 s_name, 172 s_help, 173 mod_ctor, 174 mod_dtor 175 }, 176 OPT_TYPE_DETECTION, 177 1, PROTO_BIT__TCP, 178 nullptr, // pinit 179 nullptr, // pterm 180 nullptr, // tinit 181 nullptr, // tterm 182 urg_ctor, 183 urg_dtor, 184 nullptr 185 }; 186 187 SO_PUBLIC const BaseApi* snort_plugins[] = 188 { 189 &urg_api.base, 190 nullptr 191 }; 192