src/sig.h

   1 /*
   2 ** This file is a part of PRADS.
   3 **
   4 ** Copyright (C) 2009, Redpill Linpro
   5 ** Copyright (C) 2009, Edward Fjellskål <edward.fjellskaal@redpill-linpro.com>
   6 ** Copyright (C) 2009, Kacper Wysocki   <kacper.wysocki@redpill-linpro.com>
   7 **
   8 ** This program is free software; you can redistribute it and/or modify
   9 ** it under the terms of the GNU General Public License as published by
  10 ** the Free Software Foundation; either version 2 of the License, or
  11 ** (at your option) any later version.
  12 **
  13 ** This program is distributed in the hope that it will be useful,
  14 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16 ** GNU General Public License for more details.
  17 **
  18 ** You should have received a copy of the GNU General Public License
  19 ** along with this program; if not, write to the Free Software
  20 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  21 **
  22 */
  23
  24 /* signature interface */
  25 #define SIG_HASHSIZE 241
  26
  27 // the print_ and display_ functions need to be refactored
  28 // and folded into gen_fp - to return a string for printing / storing
  29 void print_sig(fp_entry * e);
  30 void print_sigs(fp_entry * e);
  31 void display_signature(uint8_t ttl, uint16_t tot, uint8_t df,
  32                                      uint8_t * op, uint8_t ocnt,
  33                                      uint16_t mss, uint16_t wss,
  34                                      uint8_t wsc, uint32_t tstamp,
  35                                      uint32_t quirks);
  36 int load_sigs(const char *file, fp_entry **sigp[], int hashsize);
  37 void dump_sigs(fp_entry *mysig[], int max);
  38 void unload_sigs(fp_entry **sigp, int size);
  39 // a starting point - the p0f find_match()
  40 fp_entry *find_match(fp_entry *sig[],uint32_t hashsize,
  41                       fp_entry *fingerprint, packetinfo *pi,
  42                       uint32_t tstamp,
  43                       uint8_t plen,
  44                       uint8_t *pay);
  45 fp_entry *find_matche(fp_entry *sig[], uint32_t hashsize,
  46                        uint16_t tot,uint8_t df,uint8_t ttl,uint16_t wss,uint32_t src,
  47                        uint32_t dst,uint16_t sp,uint16_t dp,uint8_t ocnt,uint8_t* op,uint16_t mss,
  48                        uint8_t wsc,uint32_t tstamp,uint8_t tos,uint32_t quirks,uint8_t ecn,
  49                        uint8_t* pkt,uint8_t plen,uint8_t* pay);
  50
  51 bstring gen_fp_tcp(fp_entry *e, uint32_t tstamp, uint8_t tf);
  52 uint8_t* lookup_link(uint16_t mss,uint8_t txt);