📄 dce2_config.h

📁 snort2.8.4版本
💻 H
📖 第 1 页 / 共 3 页
字号:
12 3 下一页
/**************************************************************************** * Copyright (C) 2008-2008 Sourcefire,Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License Version 2 as * published by the Free Software Foundation.  You may not use, modify or * distribute this program under any other version of the GNU General * Public License. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * **************************************************************************** * Provides convenience functions for parsing and querying configuration. *  * 8/17/2008 - Initial implementation ... Todd Wease <twease@sourcefire.com> * ****************************************************************************/#ifndef _DCE2_CONFIG_H_#define _DCE2_CONFIG_H_#include "dce2_debug.h"#include "dce2_utils.h"#include "dce2_list.h"#include "sf_types.h"#include "sf_ip.h"#include "sf_snort_packet.h"/******************************************************************** * Macros ********************************************************************/#define DCE2_GNAME  "dcerpc2"#define DCE2_SNAME  "dcerpc2_server"#define DCE2_CFG_TOK__DASH           '-'#define DCE2_CFG_TOK__UNDERSCORE     '_'#define DCE2_CFG_TOK__QUOTE          '"'#define DCE2_CFG_TOK__LIST_START     '['#define DCE2_CFG_TOK__LIST_END       ']'#define DCE2_CFG_TOK__OPT_SEP        ','#define DCE2_CFG_TOK__LIST_SEP       ','#define DCE2_CFG_TOK__PORT_RANGE     ':'#define DCE2_CFG_TOK__OPNUM_RANGE    '-'#define DCE2_CFG_TOK__DOT            '.'#define DCE2_CFG_TOK__IP6_TET_SEP    ':'#define DCE2_CFG_TOK__IP4_TET_SEP    '.'#define DCE2_CFG_TOK__IP_PREFIX_SEP  '/'#define DCE2_CFG_TOK__MINUS          '-'#define DCE2_CFG_TOK__PLUS           '+'#define DCE2_CFG_TOK__HEX_SEP        'x'#define DCE2_CFG_TOK__HEX_OCT_START  '0'#define DCE2_CFG_TOK__END            '\0'#define DCE2_PORTS__MAX  (UINT16_MAX + 1)#define DCE2_PORTS__MAX_INDEX  (DCE2_PORTS__MAX / 8)/******************************************************************** * Enumerations ********************************************************************/typedef enum _DCE2_Policy{    DCE2_POLICY__NONE,    DCE2_POLICY__WIN2000,    DCE2_POLICY__WINXP,    DCE2_POLICY__WINVISTA,    DCE2_POLICY__WIN2003,    DCE2_POLICY__SAMBA,    DCE2_POLICY__SAMBA_3_0_22,    DCE2_POLICY__SAMBA_3_0_20} DCE2_Policy;typedef enum _DCE2_DetectFlag{    DCE2_DETECT_FLAG__NULL = 0x0000,    DCE2_DETECT_FLAG__NONE = 0x0001,    DCE2_DETECT_FLAG__SMB = 0x0002,    DCE2_DETECT_FLAG__TCP = 0x0004,    DCE2_DETECT_FLAG__UDP = 0x0008,    DCE2_DETECT_FLAG__HTTP_PROXY = 0x0010,    DCE2_DETECT_FLAG__HTTP_SERVER = 0x0020,    DCE2_DETECT_FLAG__ALL = 0xffff} DCE2_DetectFlag;typedef enum _DCE2_EventFlag{    DCE2_EVENT_FLAG__NULL = 0x0000,    DCE2_EVENT_FLAG__NONE = 0x0001,    DCE2_EVENT_FLAG__MEMCAP = 0x0002,    DCE2_EVENT_FLAG__SMB = 0x0004,    DCE2_EVENT_FLAG__CO = 0x0008,    DCE2_EVENT_FLAG__CL = 0x0010,    DCE2_EVENT_FLAG__ALL = 0xffff} DCE2_EventFlag;/* Whether an option is on or off: CS - configuration switch */typedef enum _DCE2_CS{    DCE2_CS__DISABLED = 0,    DCE2_CS__ENABLED} DCE2_CS;typedef enum _DCE2_WordCharPosition{    DCE2_WORD_CHAR_POSITION__START,    DCE2_WORD_CHAR_POSITION__MIDDLE,    DCE2_WORD_CHAR_POSITION__END} DCE2_WordCharPosition;typedef enum _DCE2_WordListState{    DCE2_WORD_LIST_STATE__START,    DCE2_WORD_LIST_STATE__WORD_START,    DCE2_WORD_LIST_STATE__QUOTE,    DCE2_WORD_LIST_STATE__WORD,    DCE2_WORD_LIST_STATE__WORD_END,    DCE2_WORD_LIST_STATE__END} DCE2_WordListState;typedef enum _DCE2_ValueState{    DCE2_VALUE_STATE__START,    DCE2_VALUE_STATE__MODIFIER,    DCE2_VALUE_STATE__HEX_OR_OCT,    DCE2_VALUE_STATE__DECIMAL,    DCE2_VALUE_STATE__HEX_START,    DCE2_VALUE_STATE__HEX,    DCE2_VALUE_STATE__OCTAL} DCE2_ValueState;typedef enum _DCE2_PortListState{    DCE2_PORT_LIST_STATE__START,    DCE2_PORT_LIST_STATE__PORT_START,    DCE2_PORT_LIST_STATE__PORT_LO,    DCE2_PORT_LIST_STATE__PORT_RANGE,    DCE2_PORT_LIST_STATE__PORT_HI,    DCE2_PORT_LIST_STATE__PORT_END,    DCE2_PORT_LIST_STATE__END} DCE2_PortListState;typedef enum _DCE2_IpListState{    DCE2_IP_LIST_STATE__START,    DCE2_IP_LIST_STATE__IP_START,    DCE2_IP_LIST_STATE__IP_END,    DCE2_IP_LIST_STATE__END} DCE2_IpListState;typedef enum _DCE2_IpState{    DCE2_IP_STATE__START,    DCE2_IP_STATE__IP,    DCE2_IP_STATE__END} DCE2_IpState;typedef enum _DCE2_IntType{    DCE2_INT_TYPE__INT8,    DCE2_INT_TYPE__UINT8,    DCE2_INT_TYPE__INT16,    DCE2_INT_TYPE__UINT16,    DCE2_INT_TYPE__INT32,    DCE2_INT_TYPE__UINT32,    DCE2_INT_TYPE__INT64,    DCE2_INT_TYPE__UINT64} DCE2_IntType;/******************************************************************** * Structures ********************************************************************//* Global configuration struct */typedef struct _DCE2_GlobalConfig{    uint32_t memcap;    int event_mask;    DCE2_CS dce_defrag;    int max_frag_len;    uint16_t reassemble_threshold;} DCE2_GlobalConfig;typedef struct _DCE2_SmbShare{    char *unicode_str;    unsigned int unicode_str_len;    char *ascii_str;    unsigned int ascii_str_len;} DCE2_SmbShare;/* Server configuration struct */typedef struct _DCE2_ServerConfig{    DCE2_Policy policy;    uint8_t smb_ports[DCE2_PORTS__MAX_INDEX];    uint8_t tcp_ports[DCE2_PORTS__MAX_INDEX];    uint8_t udp_ports[DCE2_PORTS__MAX_INDEX];    uint8_t http_proxy_ports[DCE2_PORTS__MAX_INDEX];    uint8_t http_server_ports[DCE2_PORTS__MAX_INDEX];    uint8_t auto_smb_ports[DCE2_PORTS__MAX_INDEX];    uint8_t auto_tcp_ports[DCE2_PORTS__MAX_INDEX];    uint8_t auto_udp_ports[DCE2_PORTS__MAX_INDEX];    uint8_t auto_http_proxy_ports[DCE2_PORTS__MAX_INDEX];    uint8_t auto_http_server_ports[DCE2_PORTS__MAX_INDEX];    DCE2_CS autodetect_http_proxy_ports;    uint8_t smb_max_chain;    DCE2_List *smb_invalid_shares;    /* Used when freeing from routing table */    uint32_t ref_count;} DCE2_ServerConfig;/******************************************************************** * Extern variables ********************************************************************/extern DCE2_GlobalConfig *dce2_gconfig;   /* Global configuration */extern DCE2_ServerConfig *dce2_dconfig;   /* Default server configuration *//******************************************************************** * Inline function prototypes ********************************************************************/static INLINE uint32_t DCE2_GcMemcap(void);static INLINE int DCE2_GcMaxFrag(void);static INLINE uint16_t DCE2_GcMaxFragLen(void);static INLINE int DCE2_GcAlertOnEvent(DCE2_EventFlag);static INLINE int DCE2_GcReassembleEarly(void);static INLINE uint16_t DCE2_GcReassembleThreshold(void);static INLINE DCE2_CS DCE2_GcDceDefrag(void);static INLINE DCE2_Policy DCE2_ScPolicy(const DCE2_ServerConfig *);static INLINE int DCE2_ScIsDetectPortSet(const DCE2_ServerConfig *, const uint16_t, const DCE2_TransType);static INLINE int DCE2_ScIsAutodetectPortSet(const DCE2_ServerConfig *, const uint16_t, const DCE2_TransType);static INLINE DCE2_CS DCE2_ScAutodetectHttpProxyPorts(const DCE2_ServerConfig *);static INLINE uint8_t DCE2_ScSmbMaxChain(const DCE2_ServerConfig *);static INLINE DCE2_List * DCE2_ScSmbInvalidShares(const DCE2_ServerConfig *);static INLINE int DCE2_IsPortSet(const uint8_t *, const uint16_t);static INLINE void DCE2_SetPort(uint8_t *, const uint16_t);static INLINE void DCE2_SetPortRange(uint8_t *, uint16_t, uint16_t);static INLINE void DCE2_ClearPorts(uint8_t *);static INLINE int DCE2_IsWordChar(const char, const DCE2_WordCharPosition);static INLINE int DCE2_IsGraphChar(const char);static INLINE int DCE2_IsQuoteChar(const char);static INLINE int DCE2_IsListSepChar(const char);static INLINE int DCE2_IsOptEndChar(const char);static INLINE int DCE2_IsSpaceChar(const char);static INLINE int DCE2_IsConfigEndChar(const char);static INLINE int DCE2_IsPortChar(const char);static INLINE int DCE2_IsPortRangeChar(const char);static INLINE int DCE2_IsListStartChar(const char);static INLINE int DCE2_IsListEndChar(const char);static INLINE int DCE2_IsIpChar(const char);static INLINE DCE2_Ret DCE2_CheckAndSetMask(int, int *);/******************************************************************** * Public function prototypes ********************************************************************/void DCE2_GlobalConfigure(char *);void DCE2_ServerConfigure(char *);void DCE2_CreateDefaultServerConfig(void);const DCE2_ServerConfig * DCE2_ScGetConfig(const SFSnortPacket *);int DCE2_ScIsPortSet(const DCE2_ServerConfig *, const uint16_t, const DCE2_TransType);int DCE2_ScIsDetectPortSet(const DCE2_ServerConfig *, const uint16_t, const DCE2_TransType);int DCE2_ScIsAutodetectPortSet(const DCE2_ServerConfig *, const uint16_t, const DCE2_TransType);int DCE2_ScIsNoAutoPortSet(const DCE2_ServerConfig *, const uint16_t);DCE2_Ret DCE2_ParseValue(char **, char *, void *, DCE2_IntType);DCE2_Ret DCE2_GetValue(char *, char *, void *, int, DCE2_IntType, uint8_t);DCE2_Ret DCE2_ParseIpList(char **, char *, DCE2_Queue *);DCE2_Ret DCE2_ParseIp(char **, char *, sfip_t *);DCE2_Ret DCE2_ParsePortList(char **, char *, uint8_t *);/******************************************************************** * Function: DCE2_GcMemcap() * * Convenience function for getting the memcap configured for * the preprocessor. * * Arguments: None * * Returns: *  uint32_t *      The memcap configured for the preprocessor. * ********************************************************************/static INLINE uint32_t DCE2_GcMemcap(void){    return dce2_gconfig->memcap;}/******************************************************************** * Function: DCE2_GcMaxFrag() * * Convenience function for checking if the maximum fragment length * was configured for the preprocessor. * * Arguments: None * * Returns: *  int *      1 if it was configured. *      0 if it was not configured. * ********************************************************************/static INLINE int DCE2_GcMaxFrag(void){    if (dce2_gconfig->max_frag_len != DCE2_SENTINEL) return 1;    return 0;}/******************************************************************** * Function: DCE2_GcMaxFragLen() * * Convenience function for getting the maximum fragment length * that is configured for the preprocessor.  If not configured, * just return the maximum the return value can hold.  One should * check if configured first. * * Arguments: None * * Returns: *  uint16_t *      The maximum fragment length configured. *      UINT16_MAX if not configured. * ********************************************************************/static INLINE uint16_t DCE2_GcMaxFragLen(void){    if (DCE2_GcMaxFrag()) return (uint16_t)dce2_gconfig->max_frag_len;    return UINT16_MAX;}/******************************************************************** * Function: DCE2_GcAlertOnEvent() * * Convenience function for determining if we are configured * to alert on a certain event type. * * Arguments: *  DCE2_EventFlag *      The event type to check to see if we are configured *      to alert on. * * Returns: *  int *      Non-zero if we are configured to alert on this event type. *      Zero if we are not configured to alert on this event type. * ********************************************************************/
12 3 下一页
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -