src/fpcreate.h Source File

00001 /*
00002 **  $Id$
00003 **
00004 **  fpclass.h
00005 **
00006 ** Copyright (C) 2002 Sourcefire,Inc
00007 ** Dan Roelker <droelker@sourcefire.com>
00008 ** Marc Norton <mnorton@sourcefire.com>
00009 **
00010 ** NOTES
00011 ** 5.7.02 - Initial Sourcecode.  Norton/Roelker
00012 **
00013 ** This program is free software; you can redistribute it and/or modify
00014 ** it under the terms of the GNU General Public License as published by
00015 ** the Free Software Foundation; either version 2 of the License, or
00016 ** (at your option) any later version.
00017 **
00018 ** This program is distributed in the hope that it will be useful,
00019 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
00020 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00021 ** GNU General Public License for more details.
00022 **
00023 ** You should have received a copy of the GNU General Public License
00024 ** along with this program; if not, write to the Free Software
00025 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
00026 **
00027 **  
00028 **
00029 */
00030 #ifndef __FPCREATE_H__
00031 #define __FPCREATE_H__
00032 
00033 #ifdef HAVE_CONFIG_H
00034 #include "config.h"
00035 #endif
00036 
00037 #include "rules.h"
00038 #include "parser.h"
00039 #include "pcrm.h"
00040 
00041 #ifndef INLINE
00042 #define INLINE inline
00043 #endif
00044 
00045 /*
00046 **  This structure holds the RTN and OTN
00047 **  for a specific rule.  This way we can
00048 **  verify each rule and stay within the
00049 **  current snort rule architecture.
00050 */
00051 typedef struct _otnx_{
00052 
00053    OptTreeNode   * otn;
00054    RuleTreeNode  * rtn; 
00055    unsigned int    content_length;
00056 
00057 } OTNX;
00058 
00059 typedef struct _pmx_ {
00060 
00061    void * RuleNode;
00062    void * PatternMatchData;
00063 
00064 } PMX;
00065 
00066 /*
00067 **  This structure holds configuration options for the 
00068 **  detection engine.
00069 */
00070 typedef struct _FPDETECT {
00071     
00072     int inspect_stream_insert;
00073     int search_method;
00074     int debug;
00075     int max_queue_events;
00076 
00077 } FPDETECT;
00078 
00079 /*
00080 **  This function initializes the detection engine configuration
00081 **  options before setting them.
00082 */
00083 int fpInitDetectionEngine();
00084 
00085 /*
00086 **  This is the main routine to create a FastPacket inspection
00087 **  engine.  It reads in the snort list of RTNs and OTNs and
00088 **  assigns them to PORT_MAPS.
00089 */
00090 int fpCreateFastPacketDetection();
00091 
00092 /*
00093 **  Functions that allow the detection routins to 
00094 **  find the right classification for a given packet.
00095 */
00096 int prmFindRuleGroupTcp(int dport, int sport, PORT_GROUP ** src, PORT_GROUP **dst , PORT_GROUP ** gen);
00097 int prmFindRuleGroupUdp(int dport, int sport, PORT_GROUP ** src, PORT_GROUP **dst , PORT_GROUP ** gen);
00098 int prmFindRuleGroupIp(int ip_proto, PORT_GROUP **ip_group, PORT_GROUP ** gen);
00099 int prmFindRuleGroupIcmp(int type, PORT_GROUP **type_group, PORT_GROUP ** gen);
00100 
00101 int fpSetDetectSearchMethod( char * method );
00102 int fpSetDebugMode();
00103 int fpSetStreamInsert();
00104 int fpSetMaxQueueEvents(int iNum);
00105 
00106 /*
00107 **  Shows the event stats for the created FastPacketDetection
00108 */
00109 int fpShowEventStats();
00110 
00111 #endif