Permalink
Browse files

reorganize sources and headers, remove stupid #include ".c"

  • Loading branch information...
mschuett committed Apr 18, 2012
1 parent d3c7526 commit b378a5707f38814bb8f7f31ecb757934cc70ec14
Showing with 306 additions and 234 deletions.
  1. +5 −3 Makefile
  2. +2 −2 src/sf_preproc_info.h
  3. +118 −6 src/spp_ipv6.c
  4. +7 −141 src/spp_ipv6.h
  5. +22 −0 src/spp_ipv6_common.h
  6. +0 −22 src/spp_ipv6_constants.h
  7. +26 −26 src/spp_ipv6_data_structs.c
  8. +119 −26 src/spp_ipv6_data_structs.h
  9. +7 −8 src/spp_ipv6_ruleopt.c
View
@@ -24,6 +24,8 @@ CPPFLAGS = \
$(CONFIGFLAGS)
OBJS = \
$(TARGETDIR)/spp_ipv6.o \
+ $(TARGETDIR)/spp_ipv6_ruleopt.o \
+ $(TARGETDIR)/spp_ipv6_data_structs.o \
$(TARGETDIR)/sf_ip.o \
$(TARGETDIR)/sfPolicyUserData.o \
$(TARGETDIR)/sf_dynamic_preproc_lib.o
@@ -45,8 +47,10 @@ install: $(TARGETDIR)/lib_ipv6_preproc.so
#### Clean target deletes all generated files ####
clean:
rm -f \
- $(TARGETDIR)/lib_ipv6_preproc.so \
$(TARGETDIR)/spp_ipv6.o \
+ $(TARGETDIR)/spp_ipv6_ruleopt.o \
+ $(TARGETDIR)/spp_ipv6_data_structs.o \
+ $(TARGETDIR)/lib_ipv6_preproc.so \
$(TARGETDIR)/sf_ip.o \
$(TARGETDIR)/sf_dynamic_preproc_lib.o \
$(TARGETDIR)/sfPolicyUserData.o
@@ -56,5 +60,3 @@ clean:
# Create the target directory (if needed)
$(TARGETDIR):
mkdir -p $(TARGETDIR)
-
-
View
@@ -26,8 +26,8 @@
#define SF_PREPROC_INFO_H_
#define MAJOR_VERSION 1
-#define MINOR_VERSION 4
-#define BUILD_VERSION 16
+#define MINOR_VERSION 5
+#define BUILD_VERSION 0
#define PREPROC_NAME "IPv6 Preprocessor"
#define DYNAMIC_PREPROC_SETUP IPv6_Preproc_Setup
View
@@ -24,12 +24,7 @@
*/
#include "sf_ip.h"
-
#include "spp_ipv6.h"
-#include "spp_ipv6_constants.h"
-#include "spp_ipv6_data_structs.h"
-#include "spp_ipv6_data_structs.c"
-#include "spp_ipv6_ruleopt.c"
/* snort boilerplate code to support contexts and profiling */
tSfPolicyUserContextId ipv6_config = NULL;
@@ -43,7 +38,27 @@ extern DynamicPreprocessorData _dpd;
PreprocStats ipv6PerfStats;
#endif
-#include "spp_ipv6_parse.c"
+/* This array defines which ICMPv6 types may contain neighbor discovery options
+ * and contain their header lengths, i.e. the right offsets to find their options.
+ *
+ * (Most lengths are sizeof(struct nd_router_solicit) -- this is the basic ICMPv6
+ * type with 32 bits for type/code/checksum, 32 bits reserved or for identifiers,
+ * and possibly ND options starting in the 3nd 32-bit block.)
+ */
+uint_fast8_t ND_hdrlen[255] = {
+ [ICMP6_SOLICITATION] = sizeof(struct nd_router_solicit),
+ [ICMP6_ADVERTISEMENT] = sizeof(struct nd_router_advert),
+ [ICMP6_N_SOLICITATION] = sizeof(struct nd_neighbor_solicit),
+ [ICMP6_N_ADVERTISEMENT] = sizeof(struct nd_neighbor_advert),
+ [ICMP6_REDIRECT] = sizeof(struct nd_redirect),
+ [ICMP6_INV_SOLICITATION] = sizeof(struct nd_router_solicit),
+ [ICMP6_INV_ADVERTISEMENT] = sizeof(struct nd_router_solicit),
+ [ICMP6_MOBILEPREFIX_ADV] = sizeof(struct nd_router_solicit),
+ [ICMP6_CRT_SOLICITATION] = sizeof(struct nd_router_solicit),
+ [ICMP6_CRT_ADVERTISEMENT] = sizeof(struct certpath_adv {struct icmp6_hdr hdr;
+ u_int16_t compact; u_int16_t reserved;}),
+ [ICMP6_MOBILE_FH] = sizeof(struct nd_router_solicit),
+};
/**
* Register init functions when library is loaded.
@@ -674,3 +689,100 @@ static void IPv6_Process_ICMPv6_NS(const SFSnortPacket *p, struct IPv6_State *co
sfip_to_str(&ip_entry->ip)););
ALERT(SID_ICMP6_ND_NEW_DAD);
}
+
+/**
+ * Parse the configuration options in snort.conf
+ *
+ * Currently supported options: router_mac, host_mac, net_prefix
+ */
+void set_default_config(struct IPv6_Config *config)
+{
+ config->track_ndp = true;
+ // for testing: 1h, later: 2-12h
+ config->keep_state_duration = 60*60;
+ config->expire_run_interval = 20*60;
+ // not sure if these are realistic, should be high enough
+ config->max_routers = 32;
+ config->max_hosts = 8192;
+ config->max_unconfirmed = 32768;
+
+ return;
+}
+
+#define BIN_OPTION(X, Y) if (!strcasecmp(X, arg)) { \
+ (Y) = false; \
+ _dpd.logMsg(" " X "\n"); \
+ arg = strtok(NULL, " \t\n\r"); \
+ }
+
+void read_num(char **arg, const char *param, u_int32_t *configptr)
+{
+ uint_fast32_t minutes;
+ *arg = strtok(NULL, " \t\n\r");
+ minutes = (uint_fast32_t) strtoul(*arg, NULL, 10);
+ if (errno) {
+ _dpd.fatalMsg(" Invalid parameter to %s\n", param);
+ }
+ *configptr = 60 * minutes;
+ _dpd.logMsg(" %s = %u minutes = %u secs\n",
+ param, minutes, *configptr);
+ *arg = strtok(NULL, " \t\n\r");
+}
+
+static void IPv6_Parse(char *args, struct IPv6_Config *config)
+{
+ char *arg;
+ char ismac;
+ sfip_t *prefix;
+ SFIP_RET rc;
+
+ set_default_config(config);
+ _dpd.logMsg("IPv6 preprocessor config:\n");
+ if (!args) {
+ _dpd.logMsg("\tno additional parameters\n");
+ return;
+ }
+
+ arg = strtok(args, " \t\n\r");
+ while (arg) {
+ if(!strcasecmp("router_mac", arg)) { // and now a list of 0-n router MACs
+ config->report_new_routers = true;
+ while ((arg = strtok(NULL, ", \t\n\r")) && (ismac = IS_MAC(arg))) {
+ mac_add(config->router_whitelist, arg);
+ _dpd.logMsg(" default router MAC %s\n", arg);
+ }
+ } else if(!strcasecmp("host_mac", arg)) { // and now a list of 0-n host MACs
+ config->report_new_hosts = true;
+ while ((arg = strtok(NULL, ", \t\n\r")) && (ismac = IS_MAC(arg))) {
+ mac_add(config->host_whitelist, arg);
+ _dpd.logMsg(" default host MAC %s\n", arg);
+ }
+ } else if(!strcasecmp("net_prefix", arg)) { // and now a list of 0-n prefixes
+ config->report_prefix_change = true;
+ while ((arg = strtok(NULL, ", \t\n\r")) && strchr(arg, '/')) { // TODO remove /-check
+ prefix = sfip_alloc(arg, &rc);
+ if (rc == SFIP_SUCCESS) {
+ add_ip(config->prefix_whitelist, prefix);
+ _dpd.logMsg(" default net prefix %s/%d\n",
+ sfip_to_str(prefix), sfip_bits(prefix));
+ } else {
+ _dpd.fatalMsg(" Invalid prefix %s\n", arg);
+ }
+ }
+ } else if(!strcasecmp("max_routers", arg)) {
+ read_num(&arg, "max_routers", &(config->max_routers));
+ } else if(!strcasecmp("max_hosts", arg)) {
+ read_num(&arg, "max_hosts", &(config->max_hosts));
+ } else if(!strcasecmp("max_unconfirmed", arg)) {
+ read_num(&arg, "max_unconfirmed", &(config->max_unconfirmed));
+ } else if(!strcasecmp("keep_state", arg)) {
+ read_num(&arg, "keep_state", &(config->keep_state_duration));
+ } else if(!strcasecmp("expire_run", arg)) {
+ read_num(&arg, "expire_run", &(config->expire_run_interval));
+ } else BIN_OPTION("disable_tracking", config->track_ndp)
+ else {
+ _dpd.fatalMsg("IPv6: Invalid option %s\n", arg);
+ }
+ }
+}
+
View
@@ -23,144 +23,10 @@
#ifndef _SPP_IPV6_H
#define _SPP_IPV6_H
-/**********************************************************************
- ** Includes **
- **********************************************************************/
-#include "../include/sf_types.h"
-#include <time.h>
-#include <sys/time.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include <sys/queue.h>
-
-#ifdef __linux__
-#ifndef __unused
-#define __unused __attribute__((__unused__))
-#endif /* __unused */
-#include "tree.h"
-#else /* BSD */
-#include <sys/tree.h>
-#endif /* __linux__ */
-
-#include "preprocids.h"
-#include "sf_snort_packet.h"
-#include "sf_dynamic_preproc_lib.h"
-#include "sf_dynamic_preprocessor.h"
-#include "snort_debug.h"
-#include "sfPolicy.h"
-#include "sfPolicyUserData.h"
-/* for ICMPv6 format */
-#include <netinet/icmp6.h>
-#include <netinet/ip6.h>
-#include <netinet/in.h>
-
-/* verify string contains a MAC address */
-#define IS_MAC(string) ((string) != NULL \
- && isxdigit((string)[ 0]) && isxdigit((string)[ 1]) && (string)[ 2] == ':' \
- && isxdigit((string)[ 3]) && isxdigit((string)[ 4]) && (string)[ 5] == ':' \
- && isxdigit((string)[ 6]) && isxdigit((string)[ 7]) && (string)[ 8] == ':' \
- && isxdigit((string)[ 9]) && isxdigit((string)[10]) && (string)[11] == ':' \
- && isxdigit((string)[12]) && isxdigit((string)[13]) && (string)[14] == ':' \
- && isxdigit((string)[15]) && isxdigit((string)[16]) && (string)[17] == '\0')
-
-
-/**********************************************************************
- ** Structures/Data Types **
- **********************************************************************/
-
-/*
- * Some simple statistics.
- * TODO: only for data exploration; to be removed later on
- */
-struct IPv6_Statistics {
- uint32_t pkt_seen;
- uint32_t pkt_invalid;
- uint32_t pkt_icmpv6;
- uint32_t pkt_other;
-
- uint32_t pkt_fragments;
-
- uint32_t pkt_ip6h;
-
- uint32_t pkt_icmp_rsol;
- uint32_t pkt_icmp_radv;
- uint32_t pkt_icmp_nsol;
- uint32_t pkt_icmp_nadv;
-
- uint32_t pkt_icmp_mlquery;
- uint32_t pkt_icmp_mlreport;
- uint32_t pkt_icmp_unreach;
- uint32_t pkt_icmp_other;
-};
-
-/*
- * configuration and plugin state.
- */
-struct IPv6_Config {
- u_int32_t keep_state_duration; // in sec
- u_int32_t expire_run_interval; // in sec
- u_int32_t max_routers;
- u_int32_t max_hosts;
- u_int32_t max_unconfirmed;
- bool track_ndp;
- bool report_prefix_change;
- bool report_new_routers;
- bool report_new_hosts;
- struct MAC_Entry_head *router_whitelist;
- struct MAC_Entry_head *host_whitelist;
- struct IP_List_head *prefix_whitelist;
-} __attribute__((packed));
-
-struct IPv6_State {
- struct IPv6_Hosts_head *routers; // known routers
- struct IPv6_Hosts_head *hosts; // established hosts
- struct IPv6_Hosts_head *unconfirmed; // ongoing duplicate detections/solicitations
- struct IPv6_Statistics *stat;
- struct IPv6_Config *config;
- time_t next_expire;
-} __attribute__((packed));
-
-/*
- * for Rule Options
- */
-enum IPv6_RuleOpt_Type {
- IPV6_RULETYPE_IPV,
- IPV6_RULETYPE_IP6EXTHDR,
- IPV6_RULETYPE_IP6EXTCOUNT,
- IPV6_RULETYPE_FLOWLABEL,
- IPV6_RULETYPE_TRAFFICCLASS,
- IPV6_RULETYPE_OPTION,
- IPV6_RULETYPE_OPTION_EXT,
- IPV6_RULETYPE_OPTVAL,
- IPV6_RULETYPE_ND,
- IPV6_RULETYPE_ND_OPTION,
- IPV6_RULETYPE_RH,
- IPV6_RULETYPE_EXT_ORDERED
-};
-
-enum cmp_op {
- check_eq=0, check_neq,
- check_lt, check_gt,
- check_and, check_xor, check_nand
-};
+#include "spp_ipv6_common.h"
+#include "spp_ipv6_constants.h"
+#include "spp_ipv6_data_structs.h"
-struct IPv6_RuleOpt_Data {
-#ifdef DEBUG
- char *debugname;
- char *debugparam;
-#endif /* DEBUG */
- enum IPv6_RuleOpt_Type type:4;
- enum cmp_op op:4;
- union {
- u_int32_t number;
- struct { // for ip6_optval
- u_int8_t ext_type;
- u_int8_t opt_type;
- u_int16_t opt_value;
- } exthdr;
- } opt;
-} __attribute__((packed));
/**********************************************************************
** Function Prototypes **
@@ -180,9 +46,9 @@ static void IPv6_PrintStats(int);
static void IPv6_ResetStats(int, void *);
static void IPv6_Parse(char *, struct IPv6_Config *);
-static int IPv6_Rule_Init(char *, char *, void **);
-static int IPv6_Rule_Eval(void *, const u_int8_t **, void *);
-static u_int32_t IPv6_Rule_Hash(void *);
-static int IPv6_Rule_KeyCompare(void *, void *);
+int IPv6_Rule_Init(char *, char *, void **);
+int IPv6_Rule_Eval(void *, const u_int8_t **, void *);
+u_int32_t IPv6_Rule_Hash(void *);
+int IPv6_Rule_KeyCompare(void *, void *);
#endif /* _SPP_IPV6_H */
View
@@ -20,8 +20,13 @@
*
*/
+<<<<<<< HEAD
+#ifndef _SPP_IPV6_COMMON_H
+#define _SPP_IPV6_COMMON_H
+=======
#ifndef _SPP_IPV6_H
#define _SPP_IPV6_H
+>>>>>>> d3c75260618737d57f8edd18687983944a621490
/**********************************************************************
** Includes **
@@ -33,6 +38,10 @@
#include <ctype.h>
#include <string.h>
#include <sys/queue.h>
+<<<<<<< HEAD
+#include <errno.h>
+=======
+>>>>>>> d3c75260618737d57f8edd18687983944a621490
#ifdef __linux__
#ifndef __unused
@@ -55,6 +64,12 @@
#include <netinet/ip6.h>
#include <netinet/in.h>
+<<<<<<< HEAD
+#include "spp_ipv6_constants.h"
+#include "spp_ipv6_data_structs.h"
+
+=======
+>>>>>>> d3c75260618737d57f8edd18687983944a621490
/* verify string contains a MAC address */
#define IS_MAC(string) ((string) != NULL \
&& isxdigit((string)[ 0]) && isxdigit((string)[ 1]) && (string)[ 2] == ':' \
@@ -66,6 +81,12 @@
/**********************************************************************
+<<<<<<< HEAD
+ ** Function Prototypes **
+ **********************************************************************/
+
+#endif /* _SPP_IPV6_COMMON_H */
+=======
** Structures/Data Types **
**********************************************************************/
@@ -186,3 +207,4 @@ static u_int32_t IPv6_Rule_Hash(void *);
static int IPv6_Rule_KeyCompare(void *, void *);
#endif /* _SPP_IPV6_H */
+>>>>>>> d3c75260618737d57f8edd18687983944a621490
Oops, something went wrong.

0 comments on commit b378a57

Please sign in to comment.