1 //--------------------------------------------------------------------------
2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 // Copyright (C) 2005-2013 Sourcefire, Inc.
4 //
5 // This program is free software; you can redistribute it and/or modify it
6 // under the terms of the GNU General Public License Version 2 as published
7 // by the Free Software Foundation.  You may not use, modify or distribute
8 // this program under any other version of the GNU General Public License.
9 //
10 // This program is distributed in the hope that it will be useful, but
11 // WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13 // General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License along
16 // with this program; if not, write to the Free Software Foundation, Inc.,
17 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
18 //--------------------------------------------------------------------------
19 
20 #ifndef FLOW_KEY_H
21 #define FLOW_KEY_H
22 
23 // FlowKey is used to store Flows in the caches.  the data members are
24 // sequenced to avoid void space.
25 
26 #include <cstdint>
27 
28 #include <daq_common.h>
29 
30 #include "framework/decode_data.h"
31 #include "hash/hash_key_operations.h"
32 #include "utils/cpp_macros.h"
33 
34 class HashKeyOperations;
35 
36 namespace snort
37 {
38 struct SfIp;
39 struct SnortConfig;
40 
41 class FlowHashKeyOps : public HashKeyOperations
42 {
43 public:
FlowHashKeyOps(int rows)44     FlowHashKeyOps(int rows)
45         : HashKeyOperations(rows)
46     { }
47 
48     unsigned do_hash(const unsigned char* k, int len) override;
49     bool key_compare(const void* k1, const void* k2, size_t) override;
50 };
51 
52 
53 PADDING_GUARD_BEGIN
54 struct SO_PUBLIC FlowKey
55 {
56     uint32_t   ip_l[4]; /* Low IP */
57     uint32_t   ip_h[4]; /* High IP */
58     uint32_t   mplsLabel;
59     uint16_t   port_l;  /* Low Port - 0 if ICMP */
60     uint16_t   port_h;  /* High Port - 0 if ICMP */
61     int16_t    group_l;
62     int16_t    group_h;
63     uint16_t   addressSpaceId;
64     uint16_t   vlan_tag;
65     uint8_t    ip_protocol;
66     PktType    pkt_type;
67     uint8_t    version;
68     struct {
69         uint8_t group_used:1; // Is group being used to build key.
70         uint8_t ubits:7;
71     } flags;
72 
73     /* The init() functions return true if the key IP/port fields were actively
74         normalized, reversing the source and destination addresses internally.
75         The IP-only init() will always return false as we will not reorder its
76         addresses at this time. */
77     bool init(
78         const SnortConfig*, PktType, IpProtocol,
79         const snort::SfIp *srcIP, uint16_t srcPort,
80         const snort::SfIp *dstIP, uint16_t dstPort,
81         uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId,
82         int16_t group_h = DAQ_PKTHDR_UNKNOWN, int16_t group_l = DAQ_PKTHDR_UNKNOWN);
83 
84     bool init(
85         const SnortConfig*, PktType, IpProtocol,
86         const snort::SfIp *srcIP, const snort::SfIp *dstIP,
87         uint32_t id, uint16_t vlanId,
88         uint32_t mplsId, uint16_t addrSpaceId,
89         int16_t group_h = DAQ_PKTHDR_UNKNOWN, int16_t group_l = DAQ_PKTHDR_UNKNOWN);
90 
91     bool init(
92         const SnortConfig*, PktType, IpProtocol,
93         const snort::SfIp *srcIP, uint16_t srcPort,
94         const snort::SfIp *dstIP, uint16_t dstPort,
95         uint16_t vlanId, uint32_t mplsId, const DAQ_PktHdr_t&);
96 
97     bool init(
98         const SnortConfig*, PktType, IpProtocol,
99         const snort::SfIp *srcIP, const snort::SfIp *dstIP,
100         uint32_t id, uint16_t vlanId, uint32_t mplsId, const DAQ_PktHdr_t&);
101 
102     void init_mpls(const SnortConfig*, uint32_t);
103     void init_vlan(const SnortConfig*, uint16_t);
104     void init_address_space(const SnortConfig*, uint16_t);
105     void init_groups(int16_t, int16_t, bool);
106 
107     // If this data structure changes size, compare must be updated!
108     static bool is_equal(const void* k1, const void* k2, size_t);
109 
110 private:
111     bool init4(IpProtocol, const snort::SfIp *srcIP, uint16_t srcPort,
112         const snort::SfIp *dstIP, uint16_t dstPort, bool order = true);
113 
114     bool init6(IpProtocol, const snort::SfIp *srcIP, uint16_t srcPort,
115         const snort::SfIp *dstIP, uint16_t dstPort, bool order = true);
116 };
117 PADDING_GUARD_END
118 
119 }
120 
121 #endif
122 
123