/usr/include/nids.h is in libnids-dev 1.23-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 | /*
Copyright (c) 1999 Rafal Wojtczuk <nergal@avet.com.pl>. All rights reserved.
See the file COPYING for license details.
*/
#ifndef _NIDS_NIDS_H
# define _NIDS_NIDS_H
# include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
# include <netinet/ip.h>
# include <netinet/tcp.h>
# include <pcap.h>
# ifdef __cplusplus
extern "C" {
# endif
# define NIDS_MAJOR 1
# define NIDS_MINOR 23
enum
{
NIDS_WARN_IP = 1,
NIDS_WARN_TCP,
NIDS_WARN_UDP,
NIDS_WARN_SCAN
};
enum
{
NIDS_WARN_UNDEFINED = 0,
NIDS_WARN_IP_OVERSIZED,
NIDS_WARN_IP_INVLIST,
NIDS_WARN_IP_OVERLAP,
NIDS_WARN_IP_HDR,
NIDS_WARN_IP_SRR,
NIDS_WARN_TCP_TOOMUCH,
NIDS_WARN_TCP_HDR,
NIDS_WARN_TCP_BIGQUEUE,
NIDS_WARN_TCP_BADFLAGS
};
# define NIDS_JUST_EST 1
# define NIDS_DATA 2
# define NIDS_CLOSE 3
# define NIDS_RESET 4
# define NIDS_TIMED_OUT 5
# define NIDS_EXITING 6 /* nids is exiting; last chance to get data */
# define NIDS_DO_CHKSUM 0
# define NIDS_DONT_CHKSUM 1
struct tuple4
{
u_short source;
u_short dest;
u_int saddr;
u_int daddr;
};
struct half_stream
{
char state;
char collect;
char collect_urg;
char *data;
int offset;
int count;
int count_new;
int bufsize;
int rmem_alloc;
int urg_count;
u_int acked;
u_int seq;
u_int ack_seq;
u_int first_data_seq;
u_char urgdata;
u_char count_new_urg;
u_char urg_seen;
u_int urg_ptr;
u_short window;
u_char ts_on;
u_char wscale_on;
u_int curr_ts;
u_int wscale;
struct skbuff *list;
struct skbuff *listtail;
};
struct tcp_stream
{
struct tuple4 addr;
char nids_state;
struct lurker_node *listeners;
struct half_stream client;
struct half_stream server;
struct tcp_stream *next_node;
struct tcp_stream *prev_node;
int hash_index;
struct tcp_stream *next_time;
struct tcp_stream *prev_time;
int read;
struct tcp_stream *next_free;
void *user;
};
struct nids_prm
{
int n_tcp_streams;
int n_hosts;
char *device;
char *filename;
int sk_buff_size;
int dev_addon;
void (*syslog) ();
int syslog_level;
int scan_num_hosts;
int scan_delay;
int scan_num_ports;
void (*no_mem) (char *);
int (*ip_filter) ();
char *pcap_filter;
int promisc;
int one_loop_less;
int pcap_timeout;
int multiproc;
int queue_limit;
int tcp_workarounds;
pcap_t *pcap_desc;
};
struct tcp_timeout
{
struct tcp_stream *a_tcp;
struct timeval timeout;
struct tcp_timeout *next;
struct tcp_timeout *prev;
};
int nids_init (void);
void nids_register_ip_frag (void (*));
void nids_register_ip (void (*));
void nids_register_tcp (void (*));
void nids_register_udp (void (*));
void nids_killtcp (struct tcp_stream *);
void nids_discard (struct tcp_stream *, int);
int nids_run (void);
void nids_exit(void);
int nids_getfd (void);
int nids_dispatch (int);
int nids_next (void);
void nids_pcap_handler(u_char *, struct pcap_pkthdr *, u_char *);
struct tcp_stream *nids_find_tcp_stream(struct tuple4 *);
void nids_free_tcp_stream(struct tcp_stream *);
extern struct nids_prm nids_params;
extern char *nids_warnings[];
extern char nids_errbuf[];
extern struct pcap_pkthdr *nids_last_pcap_header;
extern u_char *nids_last_pcap_data;
extern u_int nids_linkoffset;
extern struct tcp_timeout *nids_tcp_timeouts;
struct nids_chksum_ctl {
u_int netaddr;
u_int mask;
u_int action;
u_int reserved;
};
extern void nids_register_chksum_ctl(struct nids_chksum_ctl *, int);
# ifdef __cplusplus
}
# endif
#endif /* _NIDS_NIDS_H */
|