1 /*
2  * Copyright (c) 2016-2021, OARC, Inc.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the
15  *    distribution.
16  *
17  * 3. Neither the name of the copyright holder nor the names of its
18  *    contributors may be used to endorse or promote products derived
19  *    from this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25  * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
27  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
29  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
31  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32  * POSSIBILITY OF SUCH DAMAGE.
33  */
34 
35 #ifndef __dnscap_dnscap_common_h
36 #define __dnscap_dnscap_common_h
37 
38 #include <netinet/in.h>
39 #include <sys/types.h>
40 
41 #ifdef TIME_WITH_SYS_TIME
42 #include <sys/time.h>
43 #include <time.h>
44 #else
45 #ifdef HAVE_SYS_TIME_H
46 #include <sys/time.h>
47 #else
48 #include <time.h>
49 #endif
50 #endif
51 
52 /*
53  * setup MY_BPFTIMEVAL as the timeval structure that bpf packets
54  * will be assoicated with packets from libpcap
55  */
56 #ifndef MY_BPFTIMEVAL
57 #define MY_BPFTIMEVAL timeval
58 #endif
59 typedef struct MY_BPFTIMEVAL my_bpftimeval;
60 
61 /*
62  * Structure to contain IP addresses
63  */
64 typedef struct {
65     int af;
66     union {
67         struct in_addr  a4;
68         struct in6_addr a6;
69     } u;
70 } iaddr;
71 
72 /*
73  * Prototype for the plugin "type" function
74  *
75  * output - Will run plugin's "output" function last when outputting (default
76  *          and same behavior before the existens of a plugin type)
77  * filter - Will run plugin's "filter" function before outputting and won't
78  *          output if the return of that function is non-zero.
79  */
80 enum plugin_type {
81     plugin_output,
82     plugin_filter,
83 };
84 typedef enum plugin_type type_t(void);
85 
86 /*
87  * plugins can call the logerr() function in the main dnscap
88  * process.
89  */
90 typedef int logerr_t(const char* fmt, ...);
91 
92 /*
93  * Prototype for the plugin "output" function
94  */
95 typedef void output_t(const char* descr,
96     iaddr                         from,
97     iaddr                         to,
98     uint8_t                       proto,
99     unsigned                      flags,
100     unsigned                      sport,
101     unsigned                      dport,
102     my_bpftimeval                 ts,
103     const u_char*                 pkt_copy,
104     const unsigned                olen,
105     const u_char*                 payload,
106     const unsigned                payloadlen);
107 
108 /*
109  * Prototype for the plugin "filter" function
110  */
111 typedef int filter_t(const char* descr,
112     iaddr*                       from,
113     iaddr*                       to,
114     uint8_t                      proto,
115     unsigned                     flags,
116     unsigned                     sport,
117     unsigned                     dport,
118     my_bpftimeval                ts,
119     const u_char*                pkt_copy,
120     const unsigned               olen,
121     const u_char*                payload,
122     const unsigned               payloadlen);
123 
124 /*
125  * Extensions
126  */
127 
128 #define DNSCAP_EXT_IS_RESPONDER 1
129 typedef int (*is_responder_t)(iaddr ia);
130 
131 #define DNSCAP_EXT_IA_STR 2
132 typedef const char* (*ia_str_t)(iaddr ia);
133 
134 #define DNSCAP_EXT_TCPSTATE_GETCURR 3
135 typedef void* (*tcpstate_getcurr_t)(void);
136 
137 #define DNSCAP_EXT_TCPSTATE_RESET 4
138 typedef void (*tcpstate_reset_t)(void* tcpstate, const char* msg);
139 
140 #define DNSCAP_EXT_SET_IADDR 5
141 typedef void (*set_iaddr_t)(iaddr* from, iaddr* to);
142 
143 /*
144  * Flags
145  */
146 
147 #define DNSCAP_OUTPUT_ISFRAG (1 << 0)
148 #define DNSCAP_OUTPUT_ISDNS (1 << 1)
149 #define DNSCAP_OUTPUT_ISLAYER (1 << 2)
150 
151 /*
152  * Direction
153  */
154 
155 #define DIR_INITIATE 0x0001
156 #define DIR_RESPONSE 0x0002
157 
158 #endif /* __dnscap_dnscap_common_h */
159