00001 //--------------------------------------------------------------------------
00002 // Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved.
00003 // Copyright (C) 2002-2013 Sourcefire, Inc.
00004 //
00005 // This program is free software; you can redistribute it and/or modify it
00006 // under the terms of the GNU General Public License Version 2 as published
00007 // by the Free Software Foundation. You may not use, modify or distribute
00008 // this program under any other version of the GNU General Public License.
00009 //
00010 // This program is distributed in the hope that it will be useful, but
00011 // WITHOUT ANY WARRANTY; without even the implied warranty of
00012 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
00013 // General Public License for more details.
00014 //
00015 // You should have received a copy of the GNU General Public License along
00016 // with this program; if not, write to the Free Software Foundation, Inc.,
00017 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
00018 //--------------------------------------------------------------------------
00019 // cd_arp.cc author Josh Rosenbaum <jrosenba@cisco.com>
00020
00021 #ifdef HAVE_CONFIG_H
00022 #include "config.h"
00023 #endif
00024
00025 #include "codecs/codec_module.h"
00026 #include "framework/codec.h"
00027 #include "protocols/arp.h"
00028
00029 #define CD_ARP_NAME "arp"
00030 #define CD_ARP_HELP "support for address resolution protocol"
00031
00032 namespace
00033 {
00034 static const RuleMap arp_rules[] =
00035 {
00036 { DECODE_ARP_TRUNCATED, "truncated ARP" },
00037 { 0, nullptr }
00038 };
00039
00040 class ArpModule : public CodecModule
00041 {
00042 public:
00043 ArpModule() : CodecModule(CD_ARP_NAME, CD_ARP_HELP) { }
00044
00045 const RuleMap* get_rules() const override
00046 { return arp_rules; }
00047 };
00048
00049 class ArpCodec : public Codec
00050 {
00051 public:
00052 ArpCodec() : Codec(CD_ARP_NAME) { }
00053
00054 void get_protocol_ids(std::vector<ProtocolId>& v) override;
00055 bool decode(const RawData&, CodecData&, DecodeData&) override;
00056 void format(bool reverse, uint8_t* raw_pkt, DecodeData& snort) override;
00057 };
00058 } // anonymous namespace
00059
00060 void ArpCodec::get_protocol_ids(std::vector<ProtocolId>& v)
00061 {
00062 v.push_back(ProtocolId::ETHERTYPE_ARP);
00063 v.push_back(ProtocolId::ETHERTYPE_REVARP);
00064 }
00065
00066 bool ArpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
00067 {
00068 if (raw.len < arp::ETHERARP_HDR_LEN)
00069 {
00070 codec_event(codec, DECODE_ARP_TRUNCATED);
00071 return false;
00072 }
00073
00074 codec.proto_bits |= PROTO_BIT__ARP;
00075 codec.lyr_len = arp::ETHERARP_HDR_LEN;
00076 snort.set_pkt_type(PktType::ARP);
00077
00078 return true;
00079 }
00080
00081 void ArpCodec::format(bool /*reverse*/, uint8_t* /*raw_pkt*/, DecodeData& snort)
00082 {
00083 snort.set_pkt_type(PktType::ARP);
00084 }
00085
00086 //-------------------------------------------------------------------------
00087 // api
00088 //-------------------------------------------------------------------------
00089
00090 static Module* mod_ctor()
00091 { return new ArpModule; }
00092
00093 static void mod_dtor(Module* m)
00094 { delete m; }
00095
00096 static Codec* ctor(Module*)
00097 { return new ArpCodec(); }
00098
00099 static void dtor(Codec* cd)
00100 { delete cd; }
00101
00102 static const CodecApi arp_api =
00103 {
00104 {
00105 PT_CODEC,
00106 sizeof(CodecApi),
00107 CDAPI_VERSION,
00108 0,
00109 API_RESERVED,
00110 API_OPTIONS,
00111 CD_ARP_NAME,
00112 CD_ARP_HELP,
00113 mod_ctor,
00114 mod_dtor,
00115 },
00116 nullptr, // pinit
00117 nullptr, // pterm
00118 nullptr, // tinit
00119 nullptr, // tterm
00120 ctor, // ctor
00121 dtor, // dtor
00122 };
00123
00124 #ifdef BUILDING_SO
00125 SO_PUBLIC const BaseApi* snort_plugins[] =
00126 #else
00127 const BaseApi* cd_arp[] =
00128 #endif
00129 {
00130 &arp_api.base,
00131 nullptr
00132 };
00133
END OF CODE