Main Page | Modules | Class List | Directories | File List | Class Members | File Members | Related Pages
src

plugbase.h

Go to the documentation of this file.
00001 /*
00002 ** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com>
00003 **
00004 ** This program is free software; you can redistribute it and/or modify
00005 ** it under the terms of the GNU General Public License as published by
00006 ** the Free Software Foundation; either version 2 of the License, or
00007 ** (at your option) any later version.
00008 **
00009 ** This program is distributed in the hope that it will be useful,
00010 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
00011 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00012 ** GNU General Public License for more details.
00013 **
00014 ** You should have received a copy of the GNU General Public License
00015 ** along with this program; if not, write to the Free Software
00016 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
00017 */
00018 
00019 /* $Id$ */
00020 #ifndef __PLUGBASE_H__
00021 #define __PLUGBASE_H__
00022 
00023 #ifdef HAVE_CONFIG_H
00024 #include "config.h"
00025 #endif
00026 
00027 #include "rules.h"
00028 
00029 #ifndef WIN32
00030     #include <sys/ioctl.h>
00031 #endif  /* !WIN32 */
00032 
00033 
00034 #ifdef ENABLE_SSL
00035     #ifdef Free
00036 /* Free macro in radix.h if defined, will conflict with OpenSSL definition */
00037         #undef Free
00038     #endif
00039 #endif
00040 
00041 #ifndef WIN32
00042     #include <net/route.h>
00043 #endif /* !WIN32 */
00044 #ifdef ENABLE_SSL
00045     #undef Free
00046 #endif
00047 
00048 #if defined(SOLARIS) || defined(FREEBSD) || defined(OPENBSD)
00049     #include <sys/param.h>
00050 #endif
00051 
00052 #if defined(FREEBSD) || defined(OPENBSD) || defined(NETBSD) || defined(OSF1)
00053     #include <sys/mbuf.h>
00054 #endif
00055 
00056 #ifndef IFNAMSIZ /* IFNAMSIZ is defined in all platforms I checked.. */
00057     #include <net/if.h>
00058 #endif
00059 
00060 
00061 #define SMALLBUFFER 32
00062 
00063 #define NT_OUTPUT_ALERT   0x1  /* output node type alert */
00064 #define NT_OUTPUT_LOG     0x2  /* output node type log */
00065 #define NT_OUTPUT_SPECIAL 0x4  /* special output node type */
00066 
00067 #define DETECTION_KEYWORD 0
00068 #define RESPONSE_KEYWORD 1
00069 
00070 /*
00071 **  Preprocessor Communication Defines
00072 **  ----------------------------------
00073 **  These defines allow preprocessors to be turned
00074 **  on and off for each packet.  Preprocessors can be
00075 **  turned off and on before preprocessing occurs and
00076 **  during preprocessing.
00077 **
00078 **  Currently, the order in which the preprocessors are
00079 **  placed in the snort.conf determine the order of 
00080 **  evaluation.  So if one module wants to turn off
00081 **  another module, it must come first in the order.
00082 */
00083 #define PP_ALL                    0xffffffff
00084 #define PP_LOADBALANCING          0x00000001    /* 1, bit 1 */
00085 #define PP_PORTSCAN               0x00000002    /* 2, bit 2 */
00086 #define PP_HTTPINSPECT            0x00000004    /* 4, bit 3 */
00087 #define PP_PORTSCAN_IGNORE_HOSTS  0x00000008    /* 8, bit 4 */
00088 #define PP_RPCDECODE              0x00000010    /* 16, bit 5 */
00089 #define PP_BO                     0x00000020    /* 32, bit 6 */
00090 #define PP_TELNEG                 0x00000040    /* 64, bit 7 */
00091 #define PP_STREAM4                0x00000080    /* 128, bit 8 */
00092 #define PP_FRAG2                  0x00000100    /* 256, bit 9 */
00093 #define PP_ARPSPOOF               0x00000200    /* 512, bit 10 */
00094 #define PP_ASN1DECODE             0x00000400    /* 1024, bit 11 */
00095 #define PP_FNORD                  0x00000800    /* 2048, bit 12 */
00096 #define PP_CONVERSATION           0x00001000    /* 4096, bit 13 */
00097 #define PP_PORTSCAN2              0x00002000    /* 8192, bit 14 */
00098 #define PP_HTTPFLOW               0x00004000    /* 16384, bit 15 */
00099 #define PP_PERFMONITOR            0x00008000    /* 32768, bit 16 */
00100 #define PP_STREAM4_REASSEMBLE     0x00010000    /* 65536, bit 17 */
00101 #define PP_FRAG3                  0x00020000    /* 131072, bit 18 */
00102 #define PP_SFPORTSCAN             0x00100000    /* 1048576, bit 21 */
00103 
00104 /**************************** Detection Plugin API ****************************/
00105 
00106 typedef struct _KeywordXlate
00107 {
00108     char *keyword;
00109     void (*func)(char *, OptTreeNode *, int);
00110 } KeywordXlate;
00111 
00112 
00113 typedef struct _KeywordXlateList
00114 {
00115     KeywordXlate entry;
00116     struct _KeywordXlateList *next;
00117 } KeywordXlateList;
00118 
00119 void InitPlugIns();
00120 void RegisterPlugin(char *, void (*func)(char *, OptTreeNode *, int));
00121 void DumpPlugIns();
00122 OptFpList *AddOptFuncToList(int (*func)(Packet *, struct _OptTreeNode*, 
00123             struct _OptFpList*), OptTreeNode *);
00124 void AddRspFuncToList(int (*func) (Packet *, struct _RspFpList *), 
00125                       OptTreeNode *, void *);
00126 
00127 
00128 
00129 /************************** End Detection Plugin API **************************/
00130 
00131 /***************************** Preprocessor API *******************************/
00132 typedef struct _PreprocessKeywordNode
00133 {
00134     char *keyword;
00135     void (*func)(char *);
00136 
00137 } PreprocessKeywordNode;
00138 
00139 typedef struct _PreprocessKeywordList
00140 {
00141     PreprocessKeywordNode entry;
00142     struct _PreprocessKeywordList *next;
00143 
00144 } PreprocessKeywordList;
00145 
00146 typedef struct _PreprocessFuncNode
00147 {
00148     void *context;
00149     void (*func)(Packet *, void *);
00150     struct _PreprocessFuncNode *next;
00151 
00152 } PreprocessFuncNode;
00153 
00154 void InitPreprocessors();
00155 void RegisterPreprocessor(char *, void (*func)(u_char *));
00156 void DumpPreprocessors();
00157 PreprocessFuncNode *AddFuncToPreprocList(void (*func)(Packet *, void *));
00158 
00159 /*************************** End Preprocessor API *****************************/
00160 
00161 typedef struct _PluginSignalFuncNode
00162 {
00163     void (*func)(int, void*);
00164     void *arg;
00165     struct _PluginSignalFuncNode *next;
00166 
00167 } PluginSignalFuncNode;
00168 
00169 int PacketIsIP(Packet *);
00170 int PacketIsTCP(Packet *);
00171 int PacketIsUDP(Packet *);
00172 int PacketIsICMP(Packet *);
00173 int DestinationIpIsHomenet(Packet *);
00174 int SourceIpIsHomenet(Packet *);
00175 int IsTcpSessionTraffic(Packet *);
00176 int CheckNet(struct in_addr *, struct in_addr *);
00177 void AddFuncToRestartList(void (*func)(int, void*), void*);
00178 void AddFuncToCleanExitList(void (*func)(int, void*), void*);
00179 void AddFuncToShutdownList(void (*func)(int, void*), void*);
00180 PluginSignalFuncNode *AddFuncToSignalList(void (*func)(int, void*), void*, PluginSignalFuncNode *);
00181 
00182 
00183 
00184 
00185 #define ENCODING_HEX 0
00186 #define ENCODING_BASE64 1
00187 #define ENCODING_ASCII 2
00188 #define DETAIL_FAST  0 
00189 #define DETAIL_FULL  1
00190 
00191 char *GetUniqueName(char *);
00192 char *GetIP(char *);
00193 char *GetHostname();
00194 int GetLocalTimezone();
00195 
00196 /***********************************************************
00197  If you use any of the functions in this section, you need 
00198  to call free() on the char * that is returned after you are 
00199  done using it. Otherwise, you will have created a memory 
00200  leak.
00201 ***********************************************************/
00202 char *GetTimestamp(register const struct timeval *, int);
00203 char *GetCurrentTimestamp();
00204 char *base64(u_char *, int);
00205 char *ascii(u_char *, int);
00206 char *hex(u_char *, int);
00207 char *fasthex(u_char *, int);
00208 /**********************************************************/
00209 
00210 #endif /* __PLUGBASE_H__ */
Generated on Sun May 14 14:51:15 2006 by  doxygen 1.4.2