1 /* $Id$ */
2 /****************************************************************************
3 *
4 * Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
5 * Copyright (C) 2005-2013 Sourcefire, Inc.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License Version 2 as
9 * published by the Free Software Foundation. You may not use, modify or
10 * distribute this program under any other version of the GNU General
11 * Public License.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
21 *
22 ****************************************************************************/
23
24 // @file sfdaq.h
25 // @author Russ Combs <rcombs@sourcefire.com>
26
27 #ifndef __DAQ_H__
28 #define __DAQ_H__
29
30 #include <stdio.h>
31 #include <daq.h>
32
33 #include "ipv6_port.h"
34 #define PKT_TIMEOUT 1000 // ms, worst daq resolution is 1 sec
35
36 struct _SnortConfig;
37 #include "decode.h"
38
39 void DAQ_Load(const struct _SnortConfig*);
40 void DAQ_Unload(void);
41
42 void DAQ_Init(const struct _SnortConfig*);
43 void DAQ_Term(void);
44 void DAQ_Abort(void);
45
46 int DAQ_PrintTypes(FILE*);
47 const char* DAQ_GetType(void);
48
49 int DAQ_Unprivileged(void);
50 int DAQ_UnprivilegedStart(void);
51 int DAQ_CanReplace(void);
52 int DAQ_CanInject(void);
53 int DAQ_CanWhitelist(void);
54 int DAQ_CanRetry (void);
55 int DAQ_RawInjection(void);
56 uint32_t DAQ_GetCapabilities(void);
57 #if defined(DAQ_CAPA_CST_TIMEOUT)
58 int DAQ_CanGetTimeout(void);
59 #endif
60 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
61 int DAQ_CanGetVrf(void);
62 #endif
63
64 const char* DAQ_GetInterfaceSpec(void);
65 uint32_t DAQ_GetSnapLen(void);
66 int DAQ_GetBaseProtocol(void);
67 int DAQ_SetFilter(const char*);
68
69 // total stats are accumulated when daq is deleted
70 int DAQ_New(const struct _SnortConfig*, const char* intf);
71 void DAQ_UpdateTunnelBypass(struct _SnortConfig*);
72 int DAQ_Delete(void);
73
74 int DAQ_Start(void);
75 int DAQ_WasStarted(void);
76 int DAQ_Stop(void);
77
78 // TBD some stuff may be inlined once encapsulations are straight
79 // (but only where performance justifies exposing implementation!)
80 int DAQ_Acquire(int max, DAQ_Analysis_Func_t, uint8_t* user);
81 int DAQ_Inject(const DAQ_PktHdr_t*, int rev, const uint8_t* buf, uint32_t len);
82 int DAQ_BreakLoop(int error);
83 #ifdef HAVE_DAQ_ACQUIRE_WITH_META
84 void DAQ_Set_MetaCallback(DAQ_Meta_Func_t meta_callback);
85 #endif
86 DAQ_Mode DAQ_GetInterfaceMode(const DAQ_PktHdr_t *h);
87
88 int DAQ_ModifyFlowOpaque(const DAQ_PktHdr_t *hdr, uint32_t opaque);
89 #ifdef HAVE_DAQ_EXT_MODFLOW
90 int DAQ_ModifyFlowHAState(const DAQ_PktHdr_t *hdr, const void *data, uint32_t length);
91 int DAQ_ModifyFlow(const DAQ_PktHdr_t *hdr, const DAQ_ModFlow_t* mod);
92 #endif
93 #ifdef HAVE_DAQ_QUERYFLOW
94 #ifdef REG_TEST
95 int DAQ_QueryFlow( DAQ_PktHdr_t *hdr, DAQ_QueryFlow_t* query);
96 #else
97 int DAQ_QueryFlow(const DAQ_PktHdr_t *hdr, DAQ_QueryFlow_t* query);
98 #endif
99 #endif
100
101 #if defined(DAQ_VERSION) && DAQ_VERSION > 8
102 void DAQ_DebugPkt(uint8_t moduleId, uint8_t logLevel, const DAQ_Debug_Packet_Params_t *params, const char *msg, ...);
103 #endif
104
105 #ifdef HAVE_DAQ_DP_ADD_DC
106
107 typedef struct _DAQ_DC_Params
108 {
109 unsigned flags;
110 unsigned timeout_ms;
111 } DAQ_DC_Params;
112 #define DAQ_DC_FLOAT 0x01
113 #define DAQ_DC_ALLOW_MULTIPLE 0x02
114 #define DAQ_DC_PERSIST 0x04
115 void DAQ_Add_Dynamic_Protocol_Channel(const Packet *ctrlPkt, sfaddr_t* cliIP, uint16_t cliPort,
116 sfaddr_t* srvIP, uint16_t srvPort, uint8_t protocol,
117 DAQ_DC_Params* params);
118 #endif
119
120 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
DAQ_GetSourceAddressSpaceID(const DAQ_PktHdr_t * h)121 static inline uint16_t DAQ_GetSourceAddressSpaceID(const DAQ_PktHdr_t *h)
122 {
123 return h->address_space_id_src;
124 }
125
DAQ_GetDestinationAddressSpaceID(const DAQ_PktHdr_t * h)126 static inline uint16_t DAQ_GetDestinationAddressSpaceID(const DAQ_PktHdr_t *h)
127 {
128 return h->address_space_id_dst;
129 }
130 #endif
131
132 #ifdef HAVE_DAQ_ADDRESS_SPACE_ID
DAQ_GetAddressSpaceID(const DAQ_PktHdr_t * h)133 static inline uint16_t DAQ_GetAddressSpaceID(const DAQ_PktHdr_t *h)
134 {
135 return h->address_space_id;
136 }
137 #endif
138
139 // returns total stats if no daq else current stats
140 // returns statically allocated stats - don't free
141 const DAQ_Stats_t* DAQ_GetStats(void);
142
143 #if defined (DAQ_VERSION) && DAQ_VERSION >9
144 #define SNORT_DEBUG_PKT_LOG(pkth,moduleId,logLevel,msg,args...)\
145 {\
146 DAQ_Debug_Packet_Params_t daq_pkt_params;\
147 if((pkth) && ((pkth)->flags & DAQ_PKT_FLAG_DEBUG_ON))\
148 {\
149 daq_pkt_params.pkt_hdr = (DAQ_PktHdr_t *)(pkth);\
150 DAQ_DebugPkt(moduleId, logLevel, &daq_pkt_params, msg, ##args);\
151 }\
152 }
153 #endif
154
155 #if defined(DAQ_VERSION) && DAQ_VERSION > 9
156 #define DEBUG_SNORT_ENGINE(p, logLevel, format, args...) \
157 { \
158 SNORT_DEBUG_PKT_LOG(p->pkth, DAQ_DEBUG_PKT_MODULE_SNORT_ENGINE, logLevel, format, ##args) \
159 }
160 #else
161 #define DEBUG_SNORT_ENGINE(p, logLevel, format, args...) \
162 { \
163 }
164 #endif
165
166 #if defined(DAQ_VERSION) && DAQ_VERSION > 9
167 int DAQ_Ioctl(unsigned int type, char *buf, size_t *size);
168 #endif
169 #endif // __DAQ_H__
170
171