/* $Id$ *//* * ** Copyright (C) 2005 Sourcefire, Inc. * ** AUTHOR: Steven Sturges * ** * ** This program is free software; you can redistribute it and/or modify * ** it under the terms of the GNU General Public License Version 2 as * ** published by the Free Software Foundation.  You may not use, modify or * ** distribute this program under any other version of the GNU General * ** Public License. * ** * ** This program is distributed in the hope that it will be useful, * ** but WITHOUT ANY WARRANTY; without even the implied warranty of * ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the * ** GNU General Public License for more details. * ** * ** You should have received a copy of the GNU General Public License * ** along with this program; if not, write to the Free Software * ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * *//* stream_api.h * * Purpose: Definition of the StreamAPI.  To be used as a common interface *          for TCP (and later UDP & ICMP) Stream access for other  *          preprocessors and detection plugins. * * Arguments: * * Effect: * * Comments: * * Any comments? * */#ifndef STREAM_API_H_#define STREAM_API_H_#include <sys/types.h>#include "ipv6_port.h"#include "preprocids.h" /* IDs are used when setting preproc specific data */#include "bitop.h"#include "decode.h"#define IGNORE_FLAG_ALWAYS 0x01#define SSN_DIR_NONE 0x0#define SSN_DIR_CLIENT 0x1#define SSN_DIR_SENDER 0x1#define SSN_DIR_SERVER 0x2#define SSN_DIR_RESPONDER 0x2#define SSN_DIR_BOTH 0x03#define SSNFLAG_SEEN_CLIENT         0x00000001#define SSNFLAG_SEEN_SENDER         0x00000001#define SSNFLAG_SEEN_SERVER         0x00000002#define SSNFLAG_SEEN_RESPONDER      0x00000002#define SSNFLAG_ESTABLISHED         0x00000004#define SSNFLAG_NMAP                0x00000008#define SSNFLAG_ECN_CLIENT_QUERY    0x00000010#define SSNFLAG_ECN_SERVER_REPLY    0x00000020#define SSNFLAG_HTTP_1_1            0x00000040 /* has stream seen HTTP 1.1? */#define SSNFLAG_SEEN_PMATCH         0x00000080 /* seen pattern match? */#define SSNFLAG_MIDSTREAM           0x00000100 /* picked up midstream */#define SSNFLAG_CLIENT_FIN          0x00000200 /* server sent fin */#define SSNFLAG_SERVER_FIN          0x00000400 /* client sent fin */#define SSNFLAG_CLIENT_PKT          0x00000800 /* packet is from the client */#define SSNFLAG_SERVER_PKT          0x00001000 /* packet is from the server */#define SSNFLAG_COUNTED_INITIALIZE  0x00002000#define SSNFLAG_COUNTED_ESTABLISH   0x00004000#define SSNFLAG_COUNTED_CLOSING     0x00008000#define SSNFLAG_TIMEDOUT            0x00010000#define SSNFLAG_PRUNED              0x00020000#define SSNFLAG_RESET               0x00040000#define SSNFLAG_DROP_CLIENT         0x00080000#define SSNFLAG_DROP_SERVER         0x00100000#define SSNFLAG_ALL                 0xFFFFFFFF /* all that and a bag of chips */#define SSNFLAG_NONE                0x00000000 /* nothing, an MT bag of chips */#define STREAM_FLPOLICY_NONE            0x00#define STREAM_FLPOLICY_FOOTPRINT       0x01 /* size-based footprint flush */#define STREAM_FLPOLICY_LOGICAL         0x02 /* queued bytes-based flush */#define STREAM_FLPOLICY_RESPONSE        0x03 /* flush when we see response */#define STREAM_FLPOLICY_SLIDING_WINDOW  0x04 /* flush on sliding window */#if 0#define STREAM_FLPOLICY_CONSUMED        0x05 /* purge consumed bytes */#endif#define STREAM_FLPOLICY_IGNORE          0x06 /* ignore this traffic */#define STREAM_FLPOLICY_MAX STREAM_FLPOLICY_IGNORE#define STREAM_FLPOLICY_SET_ABSOLUTE    0x01#define STREAM_FLPOLICY_SET_APPEND      0x02#define UNKNOWN_PORT 0#define STREAM_API_VERSION4 4#define STREAM_API_VERSION5 5typedef void (*StreamAppDataFree)(void *);typedef int (*PacketIterator)(struct pcap_pkthdr *,                              u_int8_t *,                              void *); /* user-defined data pointer */typedef struct _StreamFlowData{    BITOP boFlowbits;    unsigned char flowb[1];} StreamFlowData;typedef struct _stream_api{    int version;    /*     * Drop on Inline Alerts for Midstream pickups     *     * Parameters     *     * Returns     *     0 if not alerting     *     !0 if alerting     */    int (*alert_inline_midstream_drops)();    /* Set direction of session     *     * Parameters:     *     Session Ptr     *     New Direction     *     IP     *     Port     */    void (*update_direction)(void *, char, ip_p, u_int16_t );    /* Get direction of packet     *     * Parameters:     *     Packet     */    u_int32_t (*get_packet_direction)(Packet *);    /* Stop inspection for session, up to count bytes (-1 to ignore     * for life or until resume).     *     * If response flag is set, automatically resume inspection up to     * count bytes when a data packet in the other direction is seen.     *     * Also marks the packet to be ignored     *     * Parameters     *     Session Ptr     *     Packet     *     Direction     *     Bytes     *     Response Flag     */    void (*stop_inspection)(void *, Packet *, char, int32_t, int);    /* Turn off inspection for potential session.     * Adds session identifiers to a hash table.     * TCP only.     *     * Parameters     *     IP addr #1     *     Port #1     *     IP addr #2     *     Port #2     *     Protocol     *     Direction     *     Flags (permanent)     *     * Returns     *     0 on success     *     -1 on failure     */    int (*ignore_session)(ip_p, u_int16_t, ip_p, u_int16_t,                          char, char, char);    /* Resume inspection for session.     *     * Parameters     *     Session Ptr     *     Direction     */    void (*resume_inspection)(void *, char);    /* Drop traffic arriving on session.     *     * Parameters     *     Session Ptr     *     Direction     */    void (*drop_traffic)(void *, char);    /* Drop retransmitted packet arriving on session.     *     * Parameters     *     Packet     */    void (*drop_packet)(Packet *);    /* Set a reference to application data for a session     *     * Parameters     *     Session Ptr     *     Application Protocol     *     Application Data reference (pointer)     *     Application Data free function     */    void (*set_application_data)(void *, u_int32_t, void *, StreamAppDataFree);    /* Set a reference to application data for a session     *     * Parameters     *     Session Ptr     *     Application Protocol     *     * Returns     *     Application Data reference (pointer)     */    void *(*get_application_data)(void *, u_int32_t);    /* Sets the flags for a session     * This ORs the supplied flags with the previous values     *      * Parameters     *     Session Ptr     *     Flags     *     * Returns     *     New Flags     */    u_int32_t (*set_session_flags)(void *, u_int32_t);    /* Gets the flags for a session     *     * Parameters     *     Session Ptr     */    u_int32_t (*get_session_flags)(void *);    /* Flushes the stream on an alert     * Side that is flushed is the same as the packet.     *     * Parameters     *     Packet     */    int (*alert_flush_stream)(Packet *);    /* Flushes the stream on arrival of another packet     * Side that is flushed is the opposite of the packet.     *     * Parameters     *     Packet     */    int (*response_flush_stream)(Packet *);    /* Calls user-provided callback function for each packet of     * a reassembled stream.  If the callback function returns non-zero,     * iteration ends.     *     * Parameters     *     Packet     *     Packet Iterator Function (called for each packet in the stream)     *     user data (may be NULL)     *     * Returns     *     number of packets     */    int (*traverse_reassembled)(Packet *, PacketIterator, void *userdata);    /* Add session alert     *     * Parameters     *     Session Ptr     *     gen ID     *     sig ID     *     * Returns     *     0 success     *     -1 failure (max alerts reached)     *     */    int (*add_session_alert)(void *, Packet *p, u_int32_t, u_int32_t);    /* Check session alert     *     * Parameters     *     Session Ptr     *     Packet     *     gen ID     *     sig ID     *     * Returns     *     0 if not previously alerted     *     !0 if previously alerted     */    int (*check_session_alerted)(void *, Packet *p, u_int32_t, u_int32_t);    /* Get Flowbits data     *     * Parameters     *     Packet     *     * Returns     *     Ptr to Flowbits Data     */    StreamFlowData *(*get_flow_data)(Packet *p);    /* Set reassembly flush policy/direction for given session     *     * Parameters     *     Session Ptr     *     Flush Policy     *     Direction(s)     *     Flags     *     * Returns     *     direction(s) of reassembly for session     */    char (*set_reassembly)(void *, u_int8_t, char, char);    /* Get reassembly direction for given session     *     * Parameters     *     Session Ptr     *     * Returns     *     direction(s) of reassembly for session     */    char (*get_reassembly_direction)(void *);    /* Get reassembly flush_policy for given session     *     * Parameters     *     Session Ptr     *     Direction     *     * Returns     *     flush policy for specified direction     */    char (*get_reassembly_flush_policy)(void *, char);    /* Get true/false as to whether stream data is in     * sequence or packets are missing     *     * Parameters     *     Direction     *     Session Ptr     *     * Returns     *     true/false     */    char (*is_stream_sequenced)(void *, char);#ifdef TARGET_BASED    /* Get the protocol identifier from a stream     *     * Parameters     *     Session Ptr     *      * Returns     *     integer protocol identifier     */    int16_t (*get_application_protocol_id)(void *);    /* Set the protocol identifier for a stream     *     * Parameters     *     Session Ptr     *     ID     *      * Returns     *     integer protocol identifier     */    int16_t (*set_application_protocol_id)(void *, int16_t);#endif} StreamAPI;/* To be set by Stream5 (or Stream4) */extern StreamAPI *stream_api;#endif /* STREAM_API_H_ */