engine/hlbr.h

Go to the documentation of this file.
00001 // Debugging defines
00002 #ifdef DEBUG
00003 #undef DBG
00004 #define DBG(a)  a
00005 #else           /* !DEBUG */
00006 #undef DBG
00007 #define DBG(a)  /* do nothing! */
00008 #endif
00009 
00010 #ifndef _HLBR_H_
00011 #define _HLBR_H_
00012 
00013 #include "../config.h"
00014 #include "hlbrlib.h"
00015 #include <sys/time.h>
00016 #ifdef HAS_THREADS
00017 #include <pthread.h>
00018 #endif
00019 
00020 // More debugging defines
00021 // Must define one of these two
00022 //#define DEBUGPATH printf("In %s() on line %d\n", __FUNCTION__, __LINE__)
00023 #define DEBUGPATH ;
00024 
00025 #define DEBUGLOCKS
00026 
00027 
00028 #define MAJOR_VERSION   1
00029 #define MINOR_VERSION   1
00030 
00031 
00032 #include "num_list.h"
00033 #include "session.h"
00034 
00035 #define MAX_PACKET_SIZE         65536+14+1
00036 #define TYPICAL_PACKET_SIZE     16000
00037 #define MAX_NAME_LEN            20
00038 #define MAX_RULES               10240
00039 #define MAX_INTERFACES          8
00040 #define MAX_DECODERS            128
00041 #define MAX_TESTS               1024
00042 #ifdef _OBSD_
00043 #define IDLE_TIMEOUT            100000
00044 #else
00045 #define IDLE_TIMEOUT            200             /*usec's*/
00046 #endif
00047 #define MAX_DECODER_DEPTH       16
00048 #define MAX_MESSAGE_LEN         256
00049 #define MAX_ACTIONS             16
00050 #define MAX_ACTION_ITEMS        64
00051 #define MAX_ITEMS_PER_ACTION    16
00052 #define MAX_ROUTES              16
00053 #define MAX_MANGLERS            8
00054 #define MAX_MODULES             16
00055 #define MAX_LISTS               16
00056 #define MAX_TIMERS              16
00057 #define MAX_PACKETS             512
00058 
00059 #define DEFAULT_SENSOR_NAME     "Default Sensor"
00060 #define DEFAULT_SENSOR_ID       0
00061 
00062 #define MAX_INTERFACE_NAME_LEN  256
00063 
00064 #define LIST_TYPE_IP            1
00065 #define LIST_TYPE_NUM           2
00066 #define LIST_TYPE_PORT          3
00067 #define LIST_TYPE_IPPORT        4
00068 
00069 #define USER_RULE_START         50000
00070 
00071 
00072 /* Defines behaviour of logging files.
00073  * Default behaviour is to open and close the file every time a message is written.
00074  * Uncomment this if you want to open the file only once and keep it open
00075  */
00076 //#define KEEP_LOGFILE_OPEN
00077 
00078 
00079 /**********************************************
00080  * Some useful defines, mostly for convenience
00081  **********************************************/
00082 
00083 /* printfs
00084  * Use these instead of directly using printf/fprintf to stdout or stderr
00085  */
00086 #define PRINT(msg)                      printf(msg)
00087 #define PRINT1(msg, p1)                 printf(msg, p1)
00088 #define PRINT2(msg, p1, p2)             printf(msg, p1, p2)
00089 #define PRINT3(msg, p1, p2, p3)         printf(msg, p1, p2, p3)
00090 #define PRINTERROR(msg)                 fprintf(stderr, msg)
00091 #define PRINTERROR1(msg, p1)            fprintf(stderr, msg, p1)
00092 #define PRINTERROR2(msg, p1, p2)        fprintf(stderr, msg, p1, p2)
00093 #define PRINTERROR3(msg, p1, p2, p3)    fprintf(stderr, msg, p1, p2, p3)
00094 #define PRINTERROR4(msg, p1, p2, p3, p4)                fprintf(stderr, msg, p1, p2, p3, p4)
00095 #define PRINTERROR5(msg, p1, p2, p3, p4, p5)            fprintf(stderr, msg, p1, p2, p3, p4, p5)
00096 #define PRINTERROR6(msg, p1, p2, p3, p4, p5, p6)        fprintf(stderr, msg, p1, p2, p3, p4, p5, p6)
00097 
00098 /* This define is for printing packet details in stderr.
00099  * Depends on the PrintPacketSummary() and PrintSessionSummary() functions,
00100  * defined at session.c
00101  */
00102 #define PRINTPKTERROR(p, ip, tcp, cr)   PrintPacketSummary(stderr, p, ip, tcp, cr)
00103 #define PRINTSESERROR(pp, cr)           PrintSessionSummary(stderr, pp, cr)
00104 
00105 
00106 
00107 
00108 
00109 /**********/
00110 /* MACROS */
00111 /**********/
00112 
00113 #define ARRAYSIZE(array) (sizeof(array)/sizeof(array[0]))
00114 
00115 #define MALLOC malloc
00116 #define MALLOC_CHECK(x) { \
00117         if (x == NULL) { \
00118                 PRINTERROR2("Couldn't allocate memory! (%s():%d)\n", __FUNCTION__, __LINE__); \
00119                 return NULL; \
00120         } \
00121 }
00122 
00123 #define FREE(x) { \
00124         if (x != NULL) { \
00125                 free(x); \
00126         } else { \
00127                 PRINTERROR3("Attempting to free a NULL pointer at 0x%x (%s():%d)\n", x, __FUNCTION__, __LINE__); \
00128         } \
00129 }
00130 
00131 #define FREE_IF(x) { \
00132   if (x != NULL) { \
00133     free(x); \
00134   } \
00135 }
00136 
00137 
00138 #ifdef HLBR_LITTLE_ENDIAN
00139 #define IP_BYTES(IP)    (IP & 0x000000ff), (IP & 0x0000ff00)>>8, (IP & 0x00ff0000)>>16, IP>>24
00140 #else
00141 #define IP_BYTES(IP)    IP>>24, (IP & 0x00ff0000)>>16, (IP & 0x0000ff00)>>8, (IP & 0x000000ff)
00142 #endif
00143 
00144 
00145 
00146 
00152 typedef struct decoder_data {
00153         int                     DecoderID;
00154         void*                   Data;
00155 } DecoderData;
00156 
00160 typedef struct packet_rec {
00161         int                     PacketSlot; /* position in the packet array */
00162         unsigned int            PacketNum;  /* used to track the packet through the system */
00163         
00164         int                     InterfaceNum;
00165         int                     TargetInterface;
00166         
00167         unsigned char*          RawPacket;
00168         char                    Pad[2];  /* to make word aligment work out on Solaris */
00169         unsigned char           TypicalPacket[TYPICAL_PACKET_SIZE];
00170         char                    LargePacket;
00171         int                     PacketLen;
00172         
00173         unsigned char           RuleBits[MAX_RULES/8];
00174         struct timeval          tv;
00175         
00176         DecoderData             DecoderInfo[MAX_DECODER_DEPTH];
00177         int                     NumDecoderData;
00178         int                     BeginData;      /* first byte not decoded yet */
00179         
00181         char                    PassRawPacket; 
00182         int                     SaveCount;
00183 
00185         char                    Status;
00186         
00187         pthread_mutex_t         Mutex;
00188         int                     LockID; 
00189         
00190         struct port_pair*       Stream;
00191 } PacketRec;
00192 
00193 typedef struct interface_rec{
00194         char            Name[MAX_INTERFACE_NAME_LEN];
00195         int                     ID;
00196         int                     Type;   /*defined in packet.h*/
00197         int                     Proto;
00198         int                     MTU;
00199         int                     FD;
00200         char            IsPollable;
00201         char            Role;
00202         pthread_t       Thread;
00203         int                     ThreadID;
00204         void*           User;
00205 } InterfaceRec;
00206 
00207 typedef struct test_node{
00208         int                     RuleID;
00209         void*                   Data;
00210         struct test_node*       Next;
00211 } TestNode;
00212 
00213 
00218 typedef struct test_rec{
00219         char                    Name[MAX_NAME_LEN];
00220         char                    ShortName[MAX_NAME_LEN];
00221         int                     ID;
00222         int                     DecoderID;
00223         char                    Active; /*true if anything actually uses it*/
00224         TestNode*               TestNodes;
00225         struct test_rec*        Next;   /*next test for the decoder*/
00226         unsigned char           DependencyMask[MAX_RULES/8];
00227         
00228         int (*AddNode)(int TestID, int RuleID, char* Args);
00229         int (*FinishedSetup)();
00230         int (*TestFunc)(int PacketSlot, TestNode* Nodes);
00231         int (*TestStreamFunc)(int PacketSlot, TestNode* Nodes);
00232 } TestRec;
00233 
00234 typedef struct module_rec{
00235         char                            Name[MAX_NAME_LEN];
00236         int                                     ID;
00237         int                                     DecoderID;
00238         char                            Active; /*true if anything actually uses it*/
00239         
00240         struct module_rec* Next;        
00241         
00242         int (*ParseArg) (char* Arg);
00243         void (*ModuleFunc) (int PacketSlot);
00244 } ModuleRec;
00245 
00246 
00247 typedef struct decoder_rec{
00248         char                            Name[MAX_NAME_LEN];
00249         int                                     ID;
00250         unsigned char           DependencyMask[MAX_RULES/8];            
00251         struct test_rec*        Tests;
00252         struct module_rec*      Modules;
00253         struct decoder_rec*     Children;
00254         struct decoder_rec*     Parent; 
00255         struct decoder_rec*     NextChild;
00256         
00257         void* (*DecodeFunc) (int PacketSlot);
00258         
00259         char                            Active; /*true if anything actually uses it*/
00260 } DecoderRec;
00261 
00262 typedef struct action_item{
00263         char                            Name[MAX_NAME_LEN];
00264         int                                     ID;
00265         
00266         int     (*ActionFunc)(int RuleNum, int PacketSlot, void* Data);
00267         int             (*MessageFunc)(char* Message, void* Data);
00268         void*   (*ParseArgs)(char* Args);
00269 } ActionItem;
00270 
00271 typedef struct action_rec {
00272         char            Name[MAX_NAME_LEN];
00273         int             ID;
00274         
00275         int             ActionItems[MAX_ITEMS_PER_ACTION];
00276         void*           ActionItemData[MAX_ITEMS_PER_ACTION];
00277         int             NumItems;
00278 } ActionRec;
00279 
00280 typedef struct message_item {
00281         int                     Type;
00282         int                     Value;
00283         struct message_item*    Next;
00284 } MessageItem;
00285 
00286 typedef struct rule_rec {
00287         int             ID;
00288         MessageItem*    MessageFormat;
00289         int             GlobalID;
00290         int             Revision;
00291         int             ModifyDate;
00292         int             Action;
00293 } RuleRec;
00294 
00295 typedef struct route_rec{
00296         int             ID;
00297         char            Name[MAX_NAME_LEN];     
00298         char            Active;
00299         
00300         int (*RouteFunc)(int PacketSlot);
00301         int (*AddNode)(int RouteID, char* Args);
00302 } RouteRec;
00303 
00304 typedef struct mangle_rec{
00305         int                                     ID;
00306         char                            Name[MAX_NAME_LEN];
00307         char                            Active;
00308         
00309         int (*MangleFunc)(int PacketSlot, int SourceInterface, int DestInterface);
00310         int (*AddNode)(int MangleID, char* Args);
00311 } MangleRec;
00312 
00313 typedef struct global_list{
00314         NumList*        List;
00315         char            Name[MAX_NAME_LEN];
00316         int                     Type;
00317 } GlobalList;
00318 
00319 typedef struct func_list{
00320         int                                     (*Func) (void* Data);
00321         void*                           Data;
00322         struct func_list*       Next;
00323 } FuncList;
00324 
00325 typedef struct timer_rec{
00326         char                    InUse;
00327         char                    Name[MAX_NAME_LEN];
00328         unsigned int    Interval;
00329         int                             LastTime;
00330         void*                   User;
00331         /*return TRUE to repeat the timer*/
00332         int (*TimerFunc) (int TimerID, int Time, void* User);
00333 } TimerRec;
00334 
00335 
00336 typedef struct global_vars{
00337         char*                   SensorName;
00338         int                     SensorID;
00339 
00340         char                    Done;
00341         char                    UseThreads;     
00342         char                    ParseOnly;
00343         char*                   ConfigFilename;
00344         char*                   RulesFilename;  
00345         char*                   LogDir;
00346         int                     PacketLimit;
00347         MessageItem*            AlertHeader;
00348         unsigned int            AlertCount;
00349         
00350         PacketRec               Packets[MAX_PACKETS];
00351         int                     IdleCount;
00352         int                     PendingCount;
00353         int                     SavedCount;
00354         int                     AllocatedCount;
00355         int                     ProcessingCount;
00356         
00357         RuleRec                 Rules[MAX_RULES];
00358         int                     NumRules;
00359         
00360         InterfaceRec            Interfaces[MAX_INTERFACES];
00361         int                     NumInterfaces;
00362         
00363         DecoderRec              Decoders[MAX_DECODERS];
00364         int                     NumDecoders;
00365         int                     DecoderRoot;
00366         
00367         ModuleRec               Modules[MAX_MODULES];
00368         int                     NumModules;
00369         
00370         TestRec                 Tests[MAX_TESTS];
00371         int                     NumTests;       
00372         
00373         ActionItem              ActionItems[MAX_ACTION_ITEMS];
00374         int                     NumActionItems;
00375         
00376         ActionRec               Actions[MAX_ACTIONS];
00377         int                     NumActions;
00378         
00379         RouteRec                Routes[MAX_ACTIONS];
00380         int                     NumRoutes;
00381 
00382         MangleRec               Mangles[MAX_ACTIONS];
00383         int                     NumMangles;
00384         
00385         GlobalList              Lists[MAX_LISTS];
00386         int                     NumLists;
00387 
00388         TimerRec                Timers[MAX_TIMERS];
00389 
00390         FuncList*               ShutdownFuncs;  
00391         
00392         /*statistical counts*/
00393         int                             PacketsPerSec;
00394         int                             TCPPerSec;
00395         int                             UDPPerSec;
00396 
00397         /* logging flags */
00398         unsigned char                   logSession_StartEnd;
00399         unsigned char                   logSession_All;
00400         LogFileRec                      logSessionFile;
00401 } GlobalVars;
00402 
00403 
00404 
00405 
00406 #define GET_SESSION_1           1001
00407 #define GET_SESSION_2           1002 
00408 #define GET_SESSION_3           1003
00409 #define ADD_PACKET_1            2001
00410 #define POP_PACKET_1            3001
00411 #define GET_PACKET_1            4001
00412 #define RETURN_PACKET_1         5001
00413 #define FREE_SAVED_1            6001
00414 #define TIMEOUT_SAVED_1         7001
00415 #define TIMEOUT_SAVED_2         7002
00416 #define SAVE_PACKET_1           8001
00417 #define SAVE_PACKET_2           8002
00418 #define GET_SAVED_1                     9001
00419 #define GET_SAVED_2                     9002
00420 #define GET_SAVED_3                     9003
00421 #define UNLOCK_SAVED_1          10001
00422 #define FRAG_LOCK_1                     11001
00423 
00424 int hlbr_mutex_lock(pthread_mutex_t*    mutex, int ID, int* LockID);
00425 int hlbr_mutex_trylock(pthread_mutex_t* mutex, int ID, int* LockID);
00426 int hlbr_mutex_unlock(pthread_mutex_t* mutex);
00427 
00428 /*put this somewhere else later*/
00429 #define LIST_NONE       -1
00430 int GetListByName(char* Name);
00431 int AddShutdownHandler(int (*func)(void* data), void* data);
00432 
00433 #define TIMER_NONE      -1
00434 int CreateTimer(char* Name, unsigned int Interval, int (*TimerFunc)(int TimerID, int Time, void* user), void* User);
00435 
00436 
00437 
00438 #endif
Generated on Sat Jul 7 23:33:10 2007 for HLBR by  doxygen 1.5.2