set (RNA_INCLUDES
+ rna_fingerprint.h
+ rna_fingerprint_tcp.h
+ rna_fp_reader.h
rna_logger.h
)
${RNA_INCLUDES}
rna_event_handler.cc
rna_event_handler.h
+ rna_fingerprint.h
+ rna_fingerprint_tcp.cc
+ rna_fingerprint_tcp.h
+ rna_fp_reader.cc
+ rna_fp_reader.h
rna_inspector.cc
rna_inspector.h
rna_logger.cc
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// rna_fingerprint.h author Silviu Minut <sminut@cisco.com>
+
+#ifndef RNA_FINGERPRINT_H
+#define RNA_FINGERPRINT_H
+
+#include <uuid/uuid.h>
+
+namespace snort
+{
+
+class FpFingerprint
+{
+public:
+ uint32_t fpid;
+ uint32_t fp_type;
+ uuid_t fpuuid;
+ uint8_t ttl;
+};
+
+}
+
+
+#endif
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// rna_fingerprint_tcp.cc author Silviu Minut <sminut@cisco.com>
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "rna_fingerprint_tcp.h"
+
+using namespace snort;
+using namespace std;
+
+static TcpFpProcessor tcp_fp_processor;
+
+namespace snort
+{
+
+TcpFpProcessor* get_tcp_fp_processor()
+{
+ return &tcp_fp_processor;
+}
+
+void TcpFpProcessor::push(const vector<FpTcpFingerprint>& fplist, TCP_FP_MODE mode)
+{
+ vector<const FpTcpFingerprint*>* fptable = (mode == TCP_FP_MODE::SERVER ?
+ table_tcp_server : table_tcp_client);
+
+ for (const auto& tfp : fplist)
+ {
+ for (const auto& fpe : tfp.tcp_window)
+ {
+ switch (fpe.type)
+ {
+ case FpElementType::RANGE:
+ for (int i = fpe.d.range.min; i <= fpe.d.range.max; i++)
+ fptable[i].emplace_back(&tfp);
+ break;
+ default:
+ break;
+ }
+ }
+ }
+}
+
+}
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// rna_fingerprint_tcp.h author Silviu Minut <sminut@cisco.com>
+
+#ifndef RNA_FINGERPRINT_TCP_H
+#define RNA_FINGERPRINT_TCP_H
+
+#include <list>
+#include <vector>
+
+#include "main/snort_types.h"
+#include "protocols/packet.h"
+
+#include "rna_fingerprint.h"
+
+namespace snort
+{
+
+enum FpElementType
+{
+ RANGE=1,
+ INCREMENT,
+ SYN_MATCH,
+ RANDOM,
+ DONT_CARE,
+ SYNTS
+};
+
+class FpElement
+{
+public:
+ FpElementType type;
+ union
+ {
+ int value;
+ struct
+ {
+ int min;
+ int max;
+ } range;
+ } d;
+};
+
+class FpTcpFingerprint : public FpFingerprint
+{
+public:
+
+ std::vector<FpElement> tcp_window;
+ std::vector<FpElement> mss;
+ std::vector<FpElement> id;
+ std::vector<FpElement> topts;
+ std::vector<FpElement> ws;
+ char df;
+};
+
+class TcpFpProcessor
+{
+public:
+
+ enum TCP_FP_MODE { SERVER, CLIENT };
+
+ typedef std::list<snort::FpTcpFingerprint>::iterator Iter_t;
+
+ SO_PUBLIC void push(const std::vector<snort::FpTcpFingerprint>&, TCP_FP_MODE);
+
+
+private:
+
+ // table_tcp_xxx[i] contains all fingerprints whose tcp window range
+ // contains i
+ std::vector<const snort::FpTcpFingerprint*> table_tcp_server[snort::MAX_PORTS];
+ std::vector<const snort::FpTcpFingerprint*> table_tcp_client[snort::MAX_PORTS];
+};
+
+SO_PUBLIC TcpFpProcessor* get_tcp_fp_processor();
+}
+
+#endif
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// rna_fp_reader.cc author Silviu Minut <sminut@cisco.com>
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "rna_fp_reader.h"
+
+using namespace snort;
+
+static RnaFingerprintReader* fp_reader = nullptr;
+
+namespace snort
+{
+
+const RnaFingerprintReader* get_rna_fp_reader()
+{
+ return fp_reader;
+}
+
+void set_rna_fp_reader(RnaFingerprintReader* fpr)
+{
+ fp_reader = fpr;
+}
+
+}
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2020-2020 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// rna_fp_reader.h author Silviu Minut <sminut@cisco.com>
+
+#ifndef RNA_FP_READER_H
+#define RNA_FP_READER_H
+
+#include <vector>
+
+#include "main/snort_types.h"
+
+#include "rna_fingerprint_tcp.h"
+
+namespace snort
+{
+
+class RnaFingerprintReader
+{
+public:
+ RnaFingerprintReader() { }
+ virtual ~RnaFingerprintReader() { }
+ virtual bool init(const char*) { return true; }
+
+ const std::vector<FpTcpFingerprint>& get_tcp_server_fps() const { return tcp_server_fps; }
+ const std::vector<FpTcpFingerprint>& get_tcp_client_fps() const { return tcp_client_fps; }
+
+protected:
+ std::vector<FpTcpFingerprint> tcp_server_fps;
+ std::vector<FpTcpFingerprint> tcp_client_fps;
+};
+
+SO_PUBLIC const RnaFingerprintReader* get_rna_fp_reader();
+SO_PUBLIC void set_rna_fp_reader(RnaFingerprintReader*);
+
+}
+
+#endif
projects / thirdparty / snort3.git / commitdiff
