src/detect.h Source File

00001 /* $Id$ */
00002 /*
00003 ** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
00004 **
00005 ** This program is free software; you can redistribute it and/or modify
00006 ** it under the terms of the GNU General Public License as published by
00007 ** the Free Software Foundation; either version 2 of the License, or
00008 ** (at your option) any later version.
00009 **
00010 ** This program is distributed in the hope that it will be useful,
00011 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
00012 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00013 ** GNU General Public License for more details.
00014 **
00015 ** You should have received a copy of the GNU General Public License
00016 ** along with this program; if not, write to the Free Software
00017 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
00018 */
00019 
00020 /*  I N C L U D E S  ************************************************/
00021 #ifndef __DETECT_H__
00022 #define __DETECT_H__
00023 
00024 #ifdef HAVE_CONFIG_H
00025 #include "config.h"
00026 #endif
00027 
00028 //#include "snort.h"
00029 #include "decode.h"
00030 #include "rules.h"
00031 #include "parser.h"
00032 #include "log.h"
00033 #include "event.h"
00034 /*  P R O T O T Y P E S  ******************************************************/
00035 extern int do_detect;
00036 
00037 /* rule match action functions */
00038 int PassAction();
00039 int ActivateAction(Packet *, OptTreeNode *, Event *);
00040 int AlertAction(Packet *, OptTreeNode *, Event *);
00041 int DropAction(Packet *, OptTreeNode *, Event *);
00042 #ifdef GIDS
00043 int SDropAction(Packet *, OptTreeNode *, Event *);
00044 int RejectAction(Packet *, OptTreeNode *, Event *);
00045 int RejectBothAction(Packet *, OptTreeNode *, Event *);
00046 int RejectSrcAction(Packet *, OptTreeNode *, Event *);
00047 int RejectDstAction(Packet *, OptTreeNode *, Event *);
00048 #ifdef IPFW
00049 int ReinjectAction(Packet *, OptTreeNode *, Event *);
00050 #endif /* IPFW */
00051 #endif /* GIDS */
00052 int DynamicAction(Packet *, OptTreeNode *, Event *);
00053 int LogAction(Packet *, OptTreeNode *, Event *);
00054 
00055 /* detection/manipulation funcs */
00056 int Preprocess(Packet *);
00057 int  Detect(Packet *);
00058 void CallOutputPlugins(Packet *);
00059 int EvalPacket(ListHead *, int, Packet * );
00060 int EvalHeader(RuleTreeNode *, Packet *, int);
00061 int EvalOpts(OptTreeNode *, Packet *);
00062 void TriggerResponses(Packet *, OptTreeNode *);
00063 int CheckAddrPort(IpAddrSet *, u_short, u_short, Packet *, u_int32_t, int);
00064 
00065 static inline void DisableDetect(Packet *p)
00066 {
00067     p->preprocessors = 0;
00068     do_detect = 0;
00069 }
00070 
00071 /* detection modules */
00072 int CheckBidirectional(Packet *, struct _RuleTreeNode *, RuleFpList *);
00073 int CheckSrcIP(Packet *, struct _RuleTreeNode *, RuleFpList *);
00074 int CheckDstIP(Packet *, struct _RuleTreeNode *, RuleFpList *);
00075 int CheckSrcIPNotEq(Packet *, struct _RuleTreeNode *, RuleFpList *);
00076 int CheckDstIPNotEq(Packet *, struct _RuleTreeNode *, RuleFpList *);
00077 int CheckSrcPortEqual(Packet *, struct _RuleTreeNode *, RuleFpList *);
00078 int CheckDstPortEqual(Packet *, struct _RuleTreeNode *, RuleFpList *);
00079 int CheckSrcPortNotEq(Packet *, struct _RuleTreeNode *, RuleFpList *);
00080 int CheckDstPortNotEq(Packet *, struct _RuleTreeNode *, RuleFpList *);
00081 
00082 int RuleListEnd(Packet *, struct _RuleTreeNode *, RuleFpList *);
00083 int OptListEnd(Packet *, struct _OptTreeNode *, OptFpList *);
00084 void CallLogPlugins(Packet *, char *, void *, Event *);
00085 void CallAlertPlugins(Packet *, char *, void *, Event *);
00086 void CallLogFuncs(Packet *, char *, ListHead *, Event *);
00087 void CallAlertFuncs(Packet *, char *, ListHead *, Event *);
00088 
00089 void ObfuscatePacket(Packet *p);
00090 
00091 #endif /* __DETECT_H__ */