1 /*
2 ** Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 ** Copyright (C) 2005-2013 Sourcefire, Inc.
4 ** Copyright (C) 1998-2005 Martin Roesch <roesch@sourcefire.com>
5 **
6 ** This program is free software; you can redistribute it and/or modify
7 ** it under the terms of the GNU General Public License Version 2 as
8 ** published by the Free Software Foundation. You may not use, modify or
9 ** distribute this program under any other version of the GNU General
10 ** Public License.
11 **
12 ** This program is distributed in the hope that it will be useful,
13 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
14 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 ** GNU General Public License for more details.
16 **
17 ** You should have received a copy of the GNU General Public License
18 ** along with this program; if not, write to the Free Software
19 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 */
21
22 /* $Id$ */
23
24 #ifndef __SNORT_H__
25 #define __SNORT_H__
26
27 /* I N C L U D E S **********************************************************/
28 #ifdef HAVE_CONFIG_H
29 # include "config.h"
30 #endif
31
32 #include <sys/types.h>
33 #include <stdio.h>
34
35 #include "sf_types.h"
36 #include "spo_plugbase.h"
37 #include "decode.h"
38 #include "perf.h"
39 #include "sfdaq.h"
40 #include "sf_types.h"
41 #include "sfutil/sflsq.h"
42 #include "sfutil/sfActionQueue.h"
43 #include "profiler.h"
44 #include "rules.h"
45 #include "treenodes.h"
46 #include "sfutil/sf_ipvar.h"
47 #include "sfutil/sfghash.h"
48 #include "sfutil/sfrim.h"
49 #include "sfutil/sfportobject.h"
50 #include "sfutil/asn1.h"
51 #include "sfutil/sf_sechash.h"
52 #include "signature.h"
53 #include "event_queue.h"
54 #include "sfthreshold.h"
55 #include "fpcreate.h"
56 #include "plugbase.h"
57 #include "fpdetect.h"
58 #include "ppm.h"
59 #include "sfutil/sfrf.h"
60 #include "sfutil/sfPolicy.h"
61 #include "pkt_tracer.h"
62 #include "detection_filter.h"
63 #include "generators.h"
64 #include "preprocids.h"
65 #include <signal.h>
66 #include "sf_dynamic_meta.h"
67 #if defined(INLINE_FAILOPEN) || \
68 defined(TARGET_BASED) || defined(SNORT_RELOAD)
69 # include <pthread.h>
70 #endif
71
72
73 /* D E F I N E S ************************************************************/
74 /* Mark this as a modern version of snort */
75 #define SNORT_20
76 /*
77 * The original Ethernet IEEE 802.3 standard defined the minimum Ethernet
78 * frame size as 64 bytes. The snaplen is L2 MRU for snort and hence following
79 * standard, the MIN_SNAPLEN should be 64.
80 */
81 #define MIN_SNAPLEN 64
82 #define MAX_SNAPLEN UINT16_MAX
83
84 #define MAX_IFS 1
85
86 #define TIMEBUF_SIZE 26
87 #define MAX_PIDFILE_SUFFIX 11 /* uniqueness extension to PID file, see '-R' */
88 #define ASSURE_ALL 0 /* all TCP alerts fire regardless of stream state */
89 #define ASSURE_EST 1 /* only established TCP sessions fire alerts */
90
91 /* This macro helps to simplify the differences between Win32 and
92 non-Win32 code when printing out the name of the interface */
93 #ifndef WIN32
94 # define PRINT_INTERFACE(i) (i ? i : "NULL")
95 #else
96 # define PRINT_INTERFACE(i) print_interface(i)
97 #endif
98
99 #define RF_ANY_SIP 0x01
100 #define RF_ANY_DIP 0x02
101 #define RF_ANY_SP 0x04
102 #define RF_ANY_DP 0x10
103 #define RF_ANY_FLAGS 0x20
104
105 #ifndef WIN32
106 # define DEFAULT_LOG_DIR "/var/log/snort"
107 # define DEFAULT_DAEMON_ALERT_FILE "alert"
108 #else
109 # define DEFAULT_LOG_DIR "log"
110 # define DEFAULT_DAEMON_ALERT_FILE "log/alert.ids"
111 #endif /* WIN32 */
112
113 /* you can redefine the user ID which is allowed to
114 * initialize interfaces using pcap and read from them
115 */
116 #ifndef SNIFFUSER
117 # define SNIFFUSER 0
118 #endif
119
120 #ifdef ACCESSPERMS
121 # define FILEACCESSBITS ACCESSPERMS
122 #else
123 # ifdef S_IAMB
124 # define FILEACCESSBITS S_IAMB
125 # else
126 # define FILEACCESSBITS 0x1FF
127 # endif
128 #endif
129
130 #define DO_IP_CHECKSUMS 0x00000001
131 #define DO_TCP_CHECKSUMS 0x00000002
132 #define DO_UDP_CHECKSUMS 0x00000004
133 #define DO_ICMP_CHECKSUMS 0x00000008
134
135 #define LOG_UNIFIED 0x00000001
136 #define LOG_TCPDUMP 0x00000002
137 #define LOG_UNIFIED2 0x0000004
138
139 #ifndef SIGNAL_SNORT_RELOAD
140 #define SIGNAL_SNORT_RELOAD SIGHUP
141 #endif
142 #ifndef SIGNAL_SNORT_DUMP_STATS
143 #define SIGNAL_SNORT_DUMP_STATS SIGUSR1
144 #endif
145 #ifndef SIGNAL_SNORT_ROTATE_STATS
146 #define SIGNAL_SNORT_ROTATE_STATS SIGUSR2
147 #endif
148
149 // this one should not be changed by user
150 #define SIGNAL_SNORT_CHILD_READY SIGCHLD
151
152 #ifdef TARGET_BASED
153 #ifndef SIGNAL_SNORT_READ_ATTR_TBL
154 # define SIGNAL_SNORT_READ_ATTR_TBL SIGURG
155 #endif
156 #endif
157
158 #define MODE_PACKET_DUMP 1
159 #define MODE_PACKET_LOG 2
160 #define MODE_IDS 3
161 #define MODE_TEST 4
162 #define MODE_RULE_DUMP 5
163 #define MODE_VERSION 6
164
165 #define LOG_ASCII 1
166 #define LOG_PCAP 2
167 #define LOG_NONE 3
168
169 #define ALERT_FULL 1
170 #define ALERT_FAST 2
171 #define ALERT_NONE 3
172 #define ALERT_UNSOCK 4
173 #define ALERT_STDOUT 5
174 #define ALERT_CMG 6
175 #define ALERT_SYSLOG 8
176 #define ALERT_TEST 9
177 #define ALERT_UNIFIED 10
178
179 #ifdef MPLS
180 # define MPLS_PAYLOADTYPE_IPV4 1
181 # define MPLS_PAYLOADTYPE_ETHERNET 2
182 # define MPLS_PAYLOADTYPE_IPV6 3
183 # define MPLS_PAYLOADTYPE_ERROR -1
184 # define DEFAULT_MPLS_PAYLOADTYPE MPLS_PAYLOADTYPE_IPV4
185 # define DEFAULT_LABELCHAIN_LENGTH -1
186 #endif
187
188 /* This feature allows us to change the state of a rule,
189 * independent of it appearing in a rules file.
190 */
191 #define RULE_STATE_DISABLED 0
192 #define RULE_STATE_ENABLED 1
193
194 #define MAX_DYNAMIC_ENGINES 16
195 #define MAX_DYNAMIC_DETECTION_LIBS 16
196 #define MAX_DYNAMIC_PREPROC_LIBS 16
197
198 #ifdef TARGET_BASED
199 # define ATTRIBUTE_TABLE_RELOAD_FLAG 0x01
200 # define ATTRIBUTE_TABLE_AVAILABLE_FLAG 0x02
201 # define ATTRIBUTE_TABLE_RELOADING_FLAG 0x04
202 # define ATTRIBUTE_TABLE_TAKEN_FLAG 0x08
203 # define ATTRIBUTE_TABLE_PARSE_FAILED_FLAG 0x10
204 # define DEFAULT_MAX_ATTRIBUTE_HOSTS 10000
205 # define DEFAULT_MAX_ATTRIBUTE_SERVICES_PER_HOST 100
206 # define DEFAULT_MAX_METADATA_SERVICES 8
207 # define MAX_MAX_ATTRIBUTE_HOSTS (512 * 1024)
208 # define MIN_MAX_ATTRIBUTE_HOSTS 32
209 # define MAX_MAX_ATTRIBUTE_SERVICES_PER_HOST 65535
210 # define MIN_MAX_ATTRIBUTE_SERVICES_PER_HOST 1
211 # define MAX_MAX_METADATA_SERVICES 256
212 # define MIN_MAX_METADATA_SERVICES 1
213 #if defined(FEAT_OPEN_APPID)
214 # define MAX_MAX_METADATA_APPID 256
215 # define MIN_MAX_METADATA_APPID 1
216 # define DEFAULT_MAX_METADATA_APPID 8
217 #endif /* defined(FEAT_OPEN_APPID) */
218 #endif
219
220 # define DEFAULT_MAX_IP6_EXTENSIONS 8
221
222 struct _SnortConfig;
223 typedef int (*InitDetectionLibFunc)(struct _SnortConfig *);
224
225 /* D A T A S T R U C T U R E S *********************************************/
226 typedef struct _VarEntry
227 {
228 char *name;
229 char *value;
230 unsigned char flags;
231 IpAddrSet *addrset;
232 uint32_t id;
233 struct _VarEntry *prev;
234 struct _VarEntry *next;
235
236 } VarEntry;
237
238 /* GetoptLong Option numbers ********************/
239 typedef enum _GetOptLongIds
240 {
241 PID_PATH = 1,
242
243 DYNAMIC_LIBRARY_DIRECTORY,
244 DYNAMIC_LIBRARY_FILE,
245 DYNAMIC_PREPROC_DIRECTORY,
246 DYNAMIC_PREPROC_FILE,
247 DYNAMIC_ENGINE_FILE,
248 DYNAMIC_ENGINE_DIRECTORY,
249 DUMP_DYNAMIC_RULES,
250 DYNAMIC_OUTPUT_DIRECTORY,
251 DYNAMIC_OUTPUT_FILE,
252
253 CREATE_PID_FILE,
254 TREAT_DROP_AS_ALERT,
255 TREAT_DROP_AS_IGNORE,
256 PROCESS_ALL_EVENTS,
257 ALERT_BEFORE_PASS,
258 NOLOCK_PID_FILE,
259 NO_IFACE_PID_FILE,
260
261 #ifdef INLINE_FAILOPEN
262 DISABLE_INLINE_FAILOPEN,
263 #endif
264
265 NO_LOGGING_TIMESTAMPS,
266 PCAP_LOOP,
267 PCAP_SINGLE,
268 PCAP_FILE_LIST,
269 PCAP_LIST,
270 PCAP_DIR,
271 PCAP_FILTER,
272 PCAP_NO_FILTER,
273 PCAP_RELOAD,
274 PCAP_RESET,
275 PCAP_SHOW,
276
277 #define EXIT_CHECK // allow for rollback for now
278 #ifdef EXIT_CHECK
279 ARG_EXIT_CHECK,
280 #endif
281
282 #ifdef TARGET_BASED
283 DISABLE_ATTRIBUTE_RELOAD,
284 #endif
285
286 DETECTION_SEARCH_METHOD,
287 CONF_ERROR_OUT,
288
289 #ifdef MPLS
290 ENABLE_MPLS_MULTICAST,
291 ENABLE_OVERLAPPING_IP,
292 MAX_MPLS_LABELCHAIN_LEN,
293 MPLS_PAYLOAD_TYPE,
294 #endif
295
296 REQUIRE_RULE_SID,
297
298 ARG_DAQ_TYPE,
299 ARG_DAQ_MODE,
300 ARG_DAQ_VAR,
301 ARG_DAQ_DIR,
302 ARG_DAQ_LIST,
303 ARG_DIRTY_PIG,
304
305 ENABLE_INLINE_TEST,
306
307 ARG_CS_DIR,
308 ARG_HA_PEER,
309 ARG_HA_OUT,
310 ARG_HA_IN,
311 ARG_HA_PDTS_IN,
312
313 SUPPRESS_CONFIG_LOG,
314
315 #ifdef DUMP_BUFFER
316 BUFFER_DUMP,
317 BUFFER_DUMP_ALERT,
318 #endif
319
320 GET_OPT_LONG_IDS_MAX
321
322 } GetOptLongIds;
323
324 typedef struct _PreprocConfig
325 {
326 char *keyword;
327 char *opts;
328 char *file_name;
329 int file_line;
330 /* We have to configure internal and dynamic preprocessors separately,
331 * mainly because of the stream_api which is set in stream5 and needs to
332 * be set before calling the dynamic preprocessor initialization
333 * functions which set _dpd and call the setup function. streamAPI is set
334 * in the _dpd so stream5 needs to be configured first */
335 int configured;
336 struct _PreprocConfig *next;
337
338 } PreprocConfig;
339
340 typedef struct _OutputConfig
341 {
342 char *keyword;
343 char *opts;
344 char *file_name;
345 int file_line;
346 ListHead *rule_list;
347 struct _OutputConfig *next;
348
349 } OutputConfig;
350
351 #ifdef SIDE_CHANNEL
352 typedef struct _SideChannelModuleConfig
353 {
354 char *keyword;
355 char *opts;
356 char *file_name;
357 int file_line;
358 struct _SideChannelModuleConfig *next;
359 } SideChannelModuleConfig;
360
361 typedef struct _SideChannelConfig
362 {
363 bool enabled;
364 char *opts;
365 SideChannelModuleConfig *module_configs;
366 } SideChannelConfig;
367 #endif
368
369 typedef enum _DynamicType
370 {
371 DYNAMIC_TYPE__ENGINE,
372 DYNAMIC_TYPE__DETECTION,
373 DYNAMIC_TYPE__PREPROCESSOR,
374 DYNAMIC_TYPE__SIDE_CHANNEL,
375 DYNAMIC_TYPE__MAX
376
377 } DynamicType;
378
379 typedef enum _PathType
380 {
381 PATH_TYPE__FILE,
382 PATH_TYPE__DIRECTORY
383
384 } PathType;
385
386 typedef struct _DynamicLibPath
387 {
388 PathType ptype;
389 char *path;
390 time_t last_mod_time;
391
392 } DynamicLibPath;
393
394 #define MAX_DYNAMIC_LIBS 16
395
396 typedef struct _DynamicLibInfo
397 {
398 DynamicType type;
399 unsigned int count;
400 DynamicLibPath *lib_paths[MAX_DYNAMIC_LIBS];
401
402 } DynamicLibInfo;
403
404
405 typedef enum _RunMode
406 {
407 /* -V */
408 RUN_MODE__VERSION = 1,
409
410 /* --dump-dynamic-rules */
411 RUN_MODE__RULE_DUMP,
412
413 /* neither of the above and snort.conf presence (-c or implicit) */
414 RUN_MODE__IDS,
415
416 /* snort.conf presence and -T */
417 RUN_MODE__TEST,
418
419 /* neither -V or --dump-dynamic-rules and no snort.conf, but logging
420 * enabled on command line - NONE type logging seems to count here */
421 RUN_MODE__PACKET_LOG,
422
423 RUN_MODE__PACKET_DUMP
424
425 } RunMode;
426
427
428 typedef enum _RunModeFlag
429 {
430 /* -V */
431 RUN_MODE_FLAG__VERSION = 0x00000001,
432
433 /* --dump-dynamic-rules */
434 RUN_MODE_FLAG__RULE_DUMP = 0x00000002,
435
436 /* neither of the above and snort.conf presence (-c or implicit) */
437 RUN_MODE_FLAG__IDS = 0x00000004,
438
439 /* snort.conf presence and -T */
440 RUN_MODE_FLAG__TEST = 0x00000008,
441
442 /* neither -V or --dump-dynamic-rules and no snort.conf, but logging
443 * enabled on command line - NONE type logging seems to count here */
444 RUN_MODE_FLAG__PACKET_LOG = 0x00000010,
445
446 RUN_MODE_FLAG__PACKET_DUMP = 0x00000020
447
448 } RunModeFlag;
449
450 typedef enum _RunFlag
451 {
452 RUN_FLAG__READ = 0x00000001, /* -r --pcap-dir, etc. */
453 RUN_FLAG__DAEMON = 0x00000002, /* -D */
454 RUN_FLAG__DAEMON_RESTART = 0x00000004, /* --restart */
455 RUN_FLAG__NO_PROMISCUOUS = 0x00000008, /* -p */
456 RUN_FLAG__INLINE = 0x00000010, /* -Q */
457 RUN_FLAG__STATIC_HASH = 0x00000020, /* -H */
458 RUN_FLAG__CREATE_PID_FILE = 0x00000040, /* --pid-path and --create-pidfile */
459 RUN_FLAG__NO_LOCK_PID_FILE = 0x00000080, /* --nolock-pidfile */
460 RUN_FLAG__TREAT_DROP_AS_ALERT = 0x00000100, /* --treat-drop-as-alert */
461 RUN_FLAG__ALERT_BEFORE_PASS = 0x00000200, /* --alert-before-pass */
462 RUN_FLAG__CONF_ERROR_OUT = 0x00000400, /* -x and --conf-error-out */
463 #ifdef MPLS
464 RUN_FLAG__MPLS_MULTICAST = 0x00000800, /* --enable_mpls_multicast */
465 RUN_FLAG__MPLS_OVERLAPPING_IP = 0x00001000, /* --enable_mpls_overlapping_ip */
466 #endif
467
468 /* --process-all-events
469 * this is transferred to the snort event queue var */
470 RUN_FLAG__PROCESS_ALL_EVENTS = 0x00002000,
471
472 #ifdef TARGET_BASED
473 /* --disable-attribute-reload-thread */
474 RUN_FLAG__DISABLE_ATTRIBUTE_RELOAD_THREAD
475 = 0x00004000,
476 #endif
477 RUN_FLAG__STATEFUL = 0x00008000, /* set if stream5 configured */
478 RUN_FLAG__INLINE_TEST = 0x00010000, /* --enable-inline-test*/
479 // UNUSED = 0x00020000,
480
481 #ifdef INLINE_FAILOPEN
482 RUN_FLAG__DISABLE_FAILOPEN = 0x00040000, /* --disable-inline-init-failopen */
483 #endif
484
485 #ifdef MIMICK_IPV6
486 RUN_FLAG__MIMICK_IP6 = 0x00100000, /* -6 */
487 #endif
488
489 RUN_FLAG__PCAP_RESET = 0x00200000,
490 RUN_FLAG__PCAP_SHOW = 0x00400000,
491 RUN_FLAG__REQUIRE_RULE_SID = 0x00800000,
492 RUN_FLAG__NO_PCRE = 0x01000000,
493 RUN_FLAG__ASSURE_EST = 0x02000000 /* config stateful */
494 #if defined(WIN32) && defined(ENABLE_WIN32_SERVICE)
495 ,RUN_FLAG__TERMINATE_SERVICE = 0x04000000,
496 RUN_FLAG__PAUSE_SERVICE = 0x08000000
497 #endif
498
499 ,RUN_FLAG__TREAT_DROP_AS_IGNORE= 0x10000000, /* --treat-drop-as-ignore */
500 #if defined(SNORT_RELOAD) && !defined(WIN32)
501 RUN_FLAG__PCAP_RELOAD = 0x20000000, /* --pcap-reload */
502 #endif
503 RUN_FLAG__NO_IFACE_PID_FILE = 0x40000000 /* --no-interface-pidfile */
504
505 } RunFlag;
506
507 typedef enum _OutputFlag
508 {
509 OUTPUT_FLAG__LINE_BUFFER = 0x00000001, /* -f */
510 OUTPUT_FLAG__VERBOSE_DUMP = 0x00000002, /* -X */
511 OUTPUT_FLAG__CHAR_DATA = 0x00000004, /* -C */
512 OUTPUT_FLAG__APP_DATA = 0x00000008, /* -d */
513 OUTPUT_FLAG__SHOW_DATA_LINK = 0x00000010, /* -e */
514 #ifndef NO_NON_ETHER_DECODER
515 OUTPUT_FLAG__SHOW_WIFI_MGMT = 0x00000020, /* -w */
516 #endif
517 OUTPUT_FLAG__USE_UTC = 0x00000040, /* -U */
518 OUTPUT_FLAG__INCLUDE_YEAR = 0x00000080, /* -y */
519
520 /* Note using this alters the packet - can't be used inline */
521 OUTPUT_FLAG__OBFUSCATE = 0x00000100, /* -B */
522
523 OUTPUT_FLAG__ALERT_IFACE = 0x00000200, /* -I */
524 OUTPUT_FLAG__NO_TIMESTAMP = 0x00000400, /* --nostamps */
525 OUTPUT_FLAG__ALERT_PKT_CNT = 0x00000800, /* -A packet-count */
526 /* XXX XXX pv.outputVidInAlerts */
527 OUTPUT_FLAG__ALERT_VLAN = 0x00001000 /* config include_vlan_in_alerts */
528
529 } OutputFlag;
530
531 typedef enum _LoggingFlag
532 {
533 LOGGING_FLAG__VERBOSE = 0x00000001, /* -v */
534 LOGGING_FLAG__QUIET = 0x00000002, /* -q */
535 LOGGING_FLAG__SYSLOG = 0x00000004 /* -M */
536 #ifdef WIN32
537 ,LOGGING_FLAG__SYSLOG_REMOTE = 0x00000008 /* -s and -E */
538 #endif
539
540 } LoggingFlag;
541
542 typedef enum _InternalLogLevel
543 {
544 INTERNAL_LOG_LEVEL__SUPPRESS_ALL,
545 INTERNAL_LOG_LEVEL__ERROR,
546 INTERNAL_LOG_LEVEL__WARNING,
547 INTERNAL_LOG_LEVEL__MESSAGE
548 } InternalLogLevel;
549
550 /* -k
551 * config checksum_mode
552 * config checksum_drop_mode */
553 typedef enum _ChecksumFlag
554 {
555 CHECKSUM_FLAG__IP = 0x00000001,
556 CHECKSUM_FLAG__TCP = 0x00000002,
557 CHECKSUM_FLAG__UDP = 0x00000004,
558 CHECKSUM_FLAG__ICMP = 0x00000008,
559 CHECKSUM_FLAG__ALL = 0x7fffffff
560
561 } ChecksumFlag;
562
563 typedef enum
564 {
565 /* config autogenerate_preprocessor_decoder_rules */
566 POLICY_FLAG__AUTO_OTN = 0x00000001
567 } PolicyFlag;
568
569 typedef enum _PolicyModeFlag
570 {
571 POLICY_MODE__PASSIVE,
572 POLICY_MODE__INLINE,
573 POLICY_MODE__INLINE_TEST
574 } PolicyMode;
575
576 typedef enum _DecodeEventFlag
577 {
578 DECODE_EVENT_FLAG__DEFAULT = 0x00000001,
579 DECODE_EVENT_FLAG__OVERSIZED = 0x00000002,
580 DECODE_EVENT_FLAG__TCP_EXP_OPT = 0x00000004,
581 DECODE_EVENT_FLAG__TCP_OBS_OPT = 0x00000008,
582 DECODE_EVENT_FLAG__TCP_TTCP_OPT = 0x00000010,
583 DECODE_EVENT_FLAG__TCP_OPT_ANOMALY = 0x00000020,
584 DECODE_EVENT_FLAG__IP_OPT_ANOMALY = 0x00000040,
585 DECODE_EVENT_FLAG__IPV6_BAD_FRAG = 0x00000080,
586 DECODE_EVENT_FLAG__IPV6_BSD_ICMP_FRAG = 0x00000100
587
588 } DecodeEventFlag;
589
590 typedef enum {
591 TUNNEL_GTP = 0x01,
592 TUNNEL_TEREDO = 0x02,
593 TUNNEL_6IN4 = 0x04,
594 TUNNEL_4IN6 = 0x08,
595 TUNNEL_4IN4 = 0x10,
596 TUNNEL_6IN6 = 0x20,
597 TUNNEL_GRE = 0x40,
598 TUNNEL_MPLS = 0x80
599 } TunnelFlags;
600
601 typedef struct _VarNode
602 {
603 char *name;
604 char *value;
605 char *line;
606 struct _VarNode *next;
607
608 } VarNode;
609
610 #ifdef TARGET_BASED
611 typedef struct _TargetBasedConfig
612 {
613 char *args;
614 char *file_name;
615 int file_line;
616
617 } TargetBasedConfig;
618 #endif
619
620 typedef struct _SnortPolicy
621 {
622 #ifdef TARGET_BASED
623 TargetBasedConfig target_based_config;
624 #endif
625 PreprocConfig *preproc_configs;
626
627 VarEntry *var_table;
628 uint32_t var_id;
629 vartable_t *ip_vartable;
630
631 /* The portobjects in these are attached to rtns and used during runtime */
632 PortVarTable *portVarTable; /* named entries, uses a hash table */
633 PortTable *nonamePortVarTable; /* un-named entries */
634
635 PreprocEnableMask pp_enabled[MAX_PORTS];
636 PreprocEvalFuncNode *preproc_eval_funcs;
637 PreprocEvalFuncNode *unused_preproc_eval_funcs;
638 PreprocMetaEvalFuncNode *preproc_meta_eval_funcs;
639
640 int preproc_proto_mask;
641 int num_preprocs;
642 int num_meta_preprocs;
643 int ips_policy_mode;
644 int nap_policy_mode;
645 uint32_t policy_flags;
646
647 /* mask of preprocessors that have registered runtime process functions */
648 PreprocEnableMask preproc_bit_mask;
649 PreprocEnableMask preproc_meta_bit_mask;
650
651 int num_detects;
652 //int detect_bit_mask;
653 int detect_proto_mask;
654 DetectionEvalFuncNode *detect_eval_funcs;
655
656 /** Identifier assigned by user to correlate unified2 events to actual
657 * policy. User or DC should assign each policy a unique number. Snort
658 * will not verify uniqueness.
659 */
660 unsigned short configPolicyId;
661
662 char *policy_version;
663
664 uint8_t min_ttl; /* config min_ttl */
665 #ifdef NORMALIZER
666 uint8_t new_ttl; /* config new_ttl */
667 #endif
668
669 //checksum_mode and checksum_drop are now policy specific
670 int checksum_flags; /* -k */
671 int checksum_flags_modified;
672 int checksum_flags_saved;
673 int checksum_drop_flags;
674 int checksum_drop_flags_modified;
675
676 //disable_decode_alerts and disable_decode_drop
677 int decoder_alert_flags;
678 int decoder_drop_flags;
679 int decoder_alert_flags_saved;
680 int decoder_drop_flags_saved;
681 bool ssl_policy_enabled;
682 } SnortPolicy;
683
684 typedef struct _DynamicDetectionPlugin
685 {
686 void *handle;
687 DynamicPluginMeta metaData;
688 InitDetectionLibFunc initFunc;
689 struct _DynamicDetectionPlugin *next;
690 struct _DynamicDetectionPlugin *prev;
691 } DynamicDetectionPlugin;
692
693 #ifdef INTEL_SOFT_CPM
694 struct _IntelPmHandles;
695 #endif
696 struct _MandatoryEarlySessionCreator;
697 #ifdef SNORT_RELOAD
698 struct _ReloadAdjustEntry;
699 #endif
700 struct _fileConfig;
701 struct _DynamicRuleNode;
702
703 typedef struct _IpsPortFilter
704 {
705 tSfPolicyId parserPolicyId;
706 uint16_t port_filter[MAX_PORTS + 1];
707 } IpsPortFilter;
708
709 typedef struct _SnortConfig
710 {
711 RunMode run_mode;
712 int run_mode_flags;
713 int run_flags;
714 int output_flags;
715 int logging_flags;
716 int log_tcpdump;
717 int no_log;
718 int no_alert;
719 int dirty_pig;
720
721 //used for processing command line arguments, checksum configuration
722 //in conf files is maintained at policy level
723 int checksum_flags; /* -k */
724 int checksum_flags_modified;
725 int checksum_drop_flags;
726 int checksum_drop_flags_modified;
727
728 uint32_t event_log_id; /* -G */
729 int pkt_snaplen;
730 uint64_t pkt_cnt; /* -n */
731 #ifdef REG_TEST
732 uint64_t pkt_skip;
733 #endif
734
735 char *dynamic_rules_path; /* --dump-dynamic-rules */
736
737 /* --dynamic-engine-lib
738 * --dynamic-engine-lib-dir
739 * --dynamic-detection-lib
740 * --dynamic-detection-lib-dir
741 * --dynamic-preprocessor-lib
742 * --dynamic-preprocessor-lib-dir
743 *
744 * See below for struct type
745 */
746 DynamicLibInfo *dyn_engines;
747 DynamicLibInfo *dyn_rules;
748 DynamicLibInfo *dyn_preprocs;
749 #ifdef SIDE_CHANNEL
750 DynamicLibInfo *dyn_side_channels;
751 #endif
752
753 char pid_path[STD_BUF]; /* --pid-path or config pidpath */
754
755 #ifdef EXIT_CHECK
756 uint64_t exit_check; /* --exit-check */
757 #endif
758
759 /* -h and -B */
760 sfcidr_t homenet;
761 sfcidr_t obfuscation_net;
762
763 /* config disable_decode_alerts
764 * config enable_decode_oversized_alerts
765 * config enable_decode_oversized_drops
766 * config enable_decode_drops
767 * config disable_decode_drops
768 * config disable_tcpopt_experimental_alerts
769 * config enable_tcpopt_experimental_drops
770 * config disable_tcpopt_experimental_drops
771 * config disable_tcpopt_obsolete_alerts
772 * config enable_tcpopt_obsolete_drops
773 * config disable_tcpopt_obsolete_drops
774 * config disable_ttcp_alerts, config disable_tcpopt_ttcp_alerts
775 * config enable_ttcp_drops, config enable_tcpopt_ttcp_drops
776 * config disable_ttcp_drops
777 * config disable_tcpopt_alerts
778 * config enable_tcpopt_drops
779 * config disable_tcpopt_drops
780 * config disable_ipopt_alerts
781 * config enable_ipopt_drops
782 * config disable_ipopt_drops
783 * config ipv6_frag:
784 * bsd_icmp_frag_alert
785 * bad_ipv6_frag_alert
786 * frag_timeout - not in DecoderFlags
787 * max_frag_sessions - not in DecoderFlags
788 * drop_bad_ipv6_frag
789 */
790 uint32_t ipv6_frag_timeout;
791 uint32_t ipv6_max_frag_sessions;
792
793 uint16_t flowbit_size;
794
795 char pid_filename[STD_BUF]; /* used with pid_path */
796 char pidfile_suffix[MAX_PIDFILE_SUFFIX + 1]; /* -R */
797 char *log_dir; /* -l or config log_dir */
798 char *orig_log_dir; /* set in case of chroot */
799 char *interface; /* -i or config interface */
800 char *bpf_file; /* -F or config bpf_file */
801 char *pcap_log_file; /* -L */
802 char *chroot_dir; /* -t or config chroot */
803 char *alert_file;
804 char *perf_file; /* -Z */
805 char *bpf_filter; /* last command line arguments */
806 char* daq_type; /* --daq or config daq */
807 char* daq_mode; /* --daq-mode or config daq_mode */
808 void* daq_vars; /* --daq-var or config daq_var */
809 void* daq_dirs; /* --daq-dir or config daq_dir */
810
811 char* event_trace_file;
812 uint16_t event_trace_max;
813
814 int thiszone;
815
816 #ifdef WIN32
817 char syslog_server[STD_BUF];
818 int syslog_server_port;
819 # ifdef ENABLE_WIN32_SERVICE
820 int terminate_service_flag;
821 int pause_service_flag;
822 # endif
823 #endif
824
825 uint8_t ignore_ports[UINT16_MAX + 1]; /* config ignore_ports */
826 long int tagged_packet_limit; /* config tagged_packet_limit */
827 long int pcre_match_limit; /* config pcre_match_limit */
828 long int pcre_match_limit_recursion; /* config pcre_match_limit_recursion */
829 int *pcre_ovector;
830 int pcre_ovector_size;
831
832 #ifdef PERF_PROFILING
833 ProfileConfig profile_rules; /* config profile_rules */
834 ProfileConfig profile_preprocs; /* config profile_preprocs */
835 #endif
836
837 int user_id;
838 int group_id;
839
840 mode_t file_mask;
841
842 #ifdef MPLS
843 uint8_t mpls_payload_type; /* --mpls_payload_type */
844 long int mpls_stack_depth; /* --max_mpls_labelchain_len */
845 #endif
846
847 int default_rule_state; /* config default_rule_state */
848
849 char* react_page; /* config react */
850
851 #ifdef ACTIVE_RESPONSE
852 uint8_t respond_attempts; /* config respond */
853 char* respond_device;
854 uint8_t *eth_dst; /* config destination MAC address */
855 #endif
856
857 #ifdef TARGET_BASED
858 uint32_t max_attribute_hosts; /* config max_attribute_hosts */
859 uint32_t max_attribute_services_per_host; /* config max_attribute_services_per_host */
860 uint32_t max_metadata_services; /* config max_metadata_services */
861 #endif
862 #if defined(FEAT_OPEN_APPID)
863
864 uint32_t max_metadata_appid;
865 #endif /* defined(FEAT_OPEN_APPID) */
866
867 OutputConfig *output_configs;
868 OutputConfig *rule_type_output_configs;
869 SFGHASH *config_table; /* table of config keywords and arguments */
870 int asn1_mem;
871
872 int active_dynamic_nodes;
873
874 RuleState *rule_state_list;
875 ClassType *classifications;
876 ReferenceSystemNode *references;
877 SFGHASH *so_rule_otn_map;
878 SFGHASH *otn_map;
879 SFGHASH *preproc_rule_options;
880
881 FastPatternConfig *fast_pattern_config;
882 EventQueueConfig *event_queue_config;
883
884 PreprocPostConfigFuncNode *preproc_post_config_funcs;
885 PreprocCheckConfigFuncNode *preproc_config_check_funcs;
886
887 /* XXX XXX policy specific? */
888 ThresholdConfig *threshold_config;
889 RateFilterConfig *rate_filter_config;
890 DetectionFilterConfig *detection_filter_config;
891
892 SF_EVENTQ *event_queue[NUM_EVENT_QUEUES];
893
894 SF_LIST **ip_proto_only_lists;
895 uint8_t ip_proto_array[NUM_IP_PROTOS];
896
897 int num_rule_types;
898 RuleListNode *rule_lists;
899 int evalOrder[RULE_TYPE__MAX + 1];
900
901 ListHead Alert; /* Alert Block Header */
902 ListHead Log; /* Log Block Header */
903 ListHead Pass; /* Pass Block Header */
904 ListHead Activation; /* Activation Block Header */
905 ListHead Dynamic; /* Dynamic Block Header */
906 ListHead Drop;
907 ListHead SDrop;
908 ListHead Reject;
909
910 PostConfigFuncNode *plugin_post_config_funcs;
911
912 OTNX_MATCH_DATA *omd;
913
914 /* Pattern matcher queue statistics */
915 unsigned int max_inq;
916 uint64_t tot_inq_flush;
917 uint64_t tot_inq_inserts;
918 uint64_t tot_inq_uinserts;
919
920 /* Protected Content secure hash type default */
921 Secure_Hash_Type Default_Protected_Content_Hash_Type;
922
923 /* master port list table */
924 rule_port_tables_t *port_tables;
925
926 #ifdef PPM_MGR
927 ppm_cfg_t ppm_cfg;
928 #endif
929
930 /* The port-rule-maps map the src-dst ports to rules for
931 * udp and tcp, for Ip we map the dst port as the protocol,
932 * and for Icmp we map the dst port to the Icmp type. This
933 * allows us to use the decode packet information to in O(1)
934 * select a group of rules to apply to the packet. These
935 * rules may have uricontent, content, or they may be no content
936 * rules, or any combination. We process the uricontent 1st,
937 * then the content, and then the no content rules for udp/tcp
938 * and icmp, than we process the ip rules. */
939 PORT_RULE_MAP *prmIpRTNX;
940 PORT_RULE_MAP *prmTcpRTNX;
941 PORT_RULE_MAP *prmUdpRTNX;
942 PORT_RULE_MAP *prmIcmpRTNX;
943
944 #ifdef TARGET_BASED
945 srmm_table_t *srmmTable; /* srvc rule map master table */
946 srmm_table_t *spgmmTable; /* srvc port_group map master table */
947 sopg_table_t *sopgTable; /* service-oridnal to port_group table */
948 #endif
949
950 SFXHASH *detection_option_hash_table;
951 SFXHASH *detection_option_tree_hash_table;
952 SFXHASH *rtn_hash_table;
953
954 tSfPolicyConfig *policy_config;
955 SnortPolicy **targeted_policies;
956 IpsPortFilter **udp_ips_port_filter_list;
957 unsigned int num_policies_allocated;
958
959 char *base_version;
960
961 uint8_t enable_teredo; /* config enable_deep_teredo_inspection */
962 uint8_t enable_gtp; /* config enable_gtp */
963 char *gtp_ports;
964 uint8_t enable_esp;
965 uint8_t vlan_agnostic; /* config vlan_agnostic */
966 uint8_t addressspace_agnostic; /* config addressspace_agnostic */
967 uint8_t log_ipv6_extra; /* config log_ipv6_extra_data */
968 uint8_t tunnel_mask;
969
970 uint32_t so_rule_memcap;
971 uint32_t paf_max; /* config paf_max */
972 char *cs_dir;
973 bool ha_peer;
974 char *ha_out;
975 char *ha_in;
976 char *ha_pdts_in;
977 char *output_dir;
978 struct _fileConfig *file_config;
979 int disable_all_policies;
980 PreprocEnableMask reenabled_preprocessor_bits; /* flags for preprocessors to check, if all policies are disabled */
981 #ifdef SIDE_CHANNEL
982 SideChannelConfig side_channel_config;
983 #endif
984 #ifdef SNORT_RELOAD
985 int reloadPolicyFlag;
986 PreprocessorSwapData *preprocSwapData;
987 void *streamReloadConfig;
988 #endif
989 tSfPolicyId parserPolicyId;
990 #ifdef INTEL_SOFT_CPM
991 struct _IntelPmHandles *ipm_handles;
992 #endif
993
994 /* Used when a user defines a new rule type (ruletype keyword)
995 * It points to the new rule type's ListHead and is used for accessing the
996 * rule type's AlertList and LogList.
997 * The output plugins used for the rule type need to be attached to the new
998 * rule type's list head's AlertList or LogList. It's set before calling
999 * the output plugin's initialization routine, because in that routine,
1000 * AddFuncToOutputList is called (plugbase.c) and there, the output function
1001 * is attached to the new rule type's appropriate list.
1002 * NOTE: This variable MUST NOT be used during runtime */
1003 ListHead *head_tmp;
1004
1005 uint8_t max_ip6_extensions;
1006
1007 int internal_log_level;
1008 int suppress_config_log;
1009 uint8_t disable_replace_opt;
1010
1011 struct _MandatoryEarlySessionCreator* mandatoryESCreators;
1012 bool normalizer_set;
1013
1014 #ifdef DUMP_BUFFER
1015 char *buffer_dump_file;
1016 #endif
1017
1018 #ifdef SNORT_RELOAD
1019 struct _ReloadAdjustEntry* raSessionEntry;
1020 struct _ReloadAdjustEntry* volatile raEntry;
1021 struct _ReloadAdjustEntry* raCurrentEntry;
1022 time_t raLastLog;
1023 #endif
1024 DynamicDetectionPlugin *loadedDetectionPlugins;
1025 struct _DynamicRuleNode *dynamic_rules;
1026 char *memdump_file;
1027 } SnortConfig;
1028
1029 /* struct to collect packet statistics */
1030 typedef struct _PacketCount
1031 {
1032 uint64_t total_from_daq;
1033 uint64_t total_processed;
1034
1035 uint64_t s5tcp1;
1036 uint64_t s5tcp2;
1037 uint64_t ipv6opts;
1038 uint64_t eth;
1039 uint64_t ethdisc;
1040 uint64_t ipv6disc;
1041 uint64_t ip6ext;
1042 uint64_t other;
1043 uint64_t tcp;
1044 uint64_t udp;
1045 uint64_t icmp;
1046 uint64_t arp;
1047 #ifndef NO_NON_ETHER_DECODER
1048 uint64_t eapol;
1049 #endif
1050 uint64_t vlan;
1051 uint64_t nested_vlan;
1052 uint64_t ipv6;
1053 uint64_t ipv6_up;
1054 uint64_t ipv6_upfail;
1055 uint64_t frag6;
1056 uint64_t icmp6;
1057 uint64_t tdisc;
1058 uint64_t udisc;
1059 uint64_t tcp6;
1060 uint64_t udp6;
1061 uint64_t teredo;
1062 uint64_t ipdisc;
1063 uint64_t icmpdisc;
1064 uint64_t embdip;
1065 uint64_t ip;
1066 uint64_t ipx;
1067 uint64_t ethloopback;
1068
1069 uint64_t invalid_checksums;
1070 uint64_t bad_ttl;
1071
1072 #ifdef GRE
1073 uint64_t ip4ip4;
1074 uint64_t ip4ip6;
1075 uint64_t ip6ip4;
1076 uint64_t ip6ip6;
1077
1078 uint64_t gre;
1079 uint64_t gre_ip;
1080 uint64_t gre_eth;
1081 uint64_t gre_arp;
1082 uint64_t gre_ipv6;
1083 uint64_t gre_ipv6ext;
1084 uint64_t gre_ipx;
1085 uint64_t gre_loopback;
1086 uint64_t gre_vlan;
1087 uint64_t gre_ppp;
1088 #endif
1089
1090 uint64_t discards;
1091 uint64_t alert_pkts;
1092 uint64_t total_alert_pkts;
1093 uint64_t log_pkts;
1094 uint64_t pass_pkts;
1095
1096 uint64_t match_limit;
1097 uint64_t queue_limit;
1098 uint64_t log_limit;
1099 uint64_t event_limit;
1100 uint64_t alert_limit;
1101
1102 uint64_t frags; /* number of frags that have come in */
1103 uint64_t frag_trackers; /* number of tracking structures generated */
1104 uint64_t rebuilt_frags; /* number of packets rebuilt */
1105 uint64_t frag_incomp; /* number of frags cleared due to memory issues */
1106 uint64_t frag_timeout; /* number of frags cleared due to timeout */
1107 uint64_t rebuild_element; /* frags that were element of rebuilt pkt */
1108 uint64_t frag_mem_faults; /* number of times the memory cap was hit */
1109
1110 uint64_t tcp_stream_pkts; /* number of packets tcp reassembly touches */
1111 uint64_t rebuilt_tcp; /* number of phoney tcp packets generated */
1112 uint64_t tcp_streams; /* number of tcp streams created */
1113 uint64_t rebuilt_segs; /* number of tcp segments used in rebuilt pkts */
1114 uint64_t queued_segs; /* number of tcp segments stored for rebuilt pkts */
1115 uint64_t str_mem_faults; /* number of times the stream memory cap was hit */
1116
1117 #ifdef TARGET_BASED
1118 uint64_t attribute_table_reloads; /* number of times attribute table was reloaded. */
1119 #endif
1120
1121 #ifndef NO_NON_ETHER_DECODER
1122 #ifdef DLT_IEEE802_11
1123 /* wireless statistics */
1124 uint64_t wifi_mgmt;
1125 uint64_t wifi_data;
1126 uint64_t wifi_control;
1127 uint64_t assoc_req;
1128 uint64_t assoc_resp;
1129 uint64_t reassoc_req;
1130 uint64_t reassoc_resp;
1131 uint64_t probe_req;
1132 uint64_t probe_resp;
1133 uint64_t beacon;
1134 uint64_t atim;
1135 uint64_t dissassoc;
1136 uint64_t auth;
1137 uint64_t deauth;
1138 uint64_t ps_poll;
1139 uint64_t rts;
1140 uint64_t cts;
1141 uint64_t ack;
1142 uint64_t cf_end;
1143 uint64_t cf_end_cf_ack;
1144 uint64_t data;
1145 uint64_t data_cf_ack;
1146 uint64_t data_cf_poll;
1147 uint64_t data_cf_ack_cf_poll;
1148 uint64_t cf_ack;
1149 uint64_t cf_poll;
1150 uint64_t cf_ack_cf_poll;
1151 #endif
1152 #endif // NO_NON_ETHER_DECODER
1153
1154 #ifdef MPLS
1155 uint64_t mpls;
1156 #endif
1157
1158 uint64_t internal_blacklist;
1159 uint64_t internal_whitelist;
1160
1161 uint64_t syn_rate_limit_events;
1162 uint64_t syn_rate_limit_drops;
1163
1164 } PacketCount;
1165
1166 typedef struct _PcapReadObject
1167 {
1168 int type;
1169 char *arg;
1170 char *filter;
1171
1172 } PcapReadObject;
1173
1174 #if defined(DAQ_CAPA_CST_TIMEOUT)
1175 bool Daq_Capa_Timeout;
1176 #endif
1177
1178 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
1179 bool Daq_Capa_Vrf;
1180 #endif
1181
1182 /* ptr to the packet processor */
1183 typedef void (*grinder_t)(Packet *, const DAQ_PktHdr_t*, const uint8_t *);
1184
1185
1186 /* E X T E R N S ************************************************************/
1187 extern const struct timespec thread_sleep;
1188 extern volatile bool snort_initializing;
1189 extern volatile int snort_exiting;
1190 #ifdef SNORT_RELOAD
1191 typedef uint32_t snort_reload_t;
1192 extern volatile snort_reload_t reload_signal;
1193 extern volatile int detection_lib_changed;
1194 extern snort_reload_t reload_total;
1195 #endif
1196 #if defined(SNORT_RELOAD) && !defined(WIN32)
1197 extern volatile int snort_reload_thread_created;
1198 extern pid_t snort_reload_thread_pid;
1199 #endif
1200 extern SnortConfig *snort_conf;
1201 extern SnortConfig *snort_cmd_line_conf;
1202 extern int internal_log_level;
1203
1204 #include "sfutil/sfPolicyData.h"
1205
1206 /* Specifically for logging the IPv6 fragmented ICMP BSD vulnerability */
1207 extern Packet *BsdPseudoPacket;
1208
1209 extern PacketCount pc; /* packet count information */
1210 extern char **protocol_names;
1211 extern grinder_t grinder;
1212
1213 #ifdef SIDE_CHANNEL
1214 extern pthread_mutex_t snort_process_lock;
1215 #endif
1216 extern pthread_mutex_t dynamic_rules_lock;
1217
1218 extern OutputFuncNode *AlertList;
1219 extern OutputFuncNode *LogList;
1220 extern tSfActionQueueId decoderActionQ;
1221
1222 #if defined(SNORT_RELOAD) && !defined(WIN32)
1223 extern volatile int snort_reload;
1224 #endif
1225
1226 #ifdef SNORT_RELOAD
1227 extern PostConfigFuncNode *plugin_reload_funcs;
1228 #endif
1229 extern PeriodicCheckFuncNode *periodic_check_funcs;
1230
1231 #if defined(DAQ_VERSION) && DAQ_VERSION > 9
1232 void print_pktverdict (Packet *, uint64_t );
1233 void print_flow(Packet *, char *, uint32_t, uint64_t, uint64_t );
1234 #endif
1235
1236 /* P R O T O T Y P E S ******************************************************/
1237 int SnortMain(int argc, char *argv[]);
1238 DAQ_Verdict ProcessPacket(Packet*, const DAQ_PktHdr_t*, const uint8_t*, void*);
1239 Packet *NewGrinderPkt(Packet *p, DAQ_PktHdr_t* phdr, uint8_t *pkt);
1240 void DeleteGrinderPkt(Packet *);
1241 void SetupMetadataCallback(void);
1242 int InMainThread(void);
1243 bool SnortIsInitializing(void);
1244 void SigCantHupHandler(int signal);
1245 void print_packet_count(void);
1246 int SignalCheck(void);
1247 void Restart(void);
1248 void FreeVarList(VarNode *);
1249 SnortConfig * SnortConfNew(void);
1250 void SnortConfFree(SnortConfig *);
1251 void CleanupPreprocessors(SnortConfig *);
1252 void CleanupPlugins(SnortConfig *);
1253 void CleanExit(int);
1254 SnortConfig * MergeSnortConfs(SnortConfig *, SnortConfig *);
1255 void SnortShutdownThreads(int);
1256
1257 typedef void (*sighandler_t)(int);
1258 int SnortAddSignal(int sig, sighandler_t handler, int);
1259
1260 #ifdef TARGET_BASED
1261 void SigNoAttributeTableHandler(int);
1262 #endif
1263
1264 /*
1265 * If any of the following API are modified or new ones are
1266 * introduced, we have to make sure if they are called in
1267 * reload path. If yes, they have to use new snort config.
1268 */
1269
ScTestMode(void)1270 static inline int ScTestMode(void)
1271 {
1272 return snort_conf->run_mode == RUN_MODE__TEST;
1273 }
1274
ScRuleDumpMode(void)1275 static inline int ScRuleDumpMode(void)
1276 {
1277 return snort_conf->run_mode == RUN_MODE__RULE_DUMP;
1278 }
1279
ScVersionMode(void)1280 static inline int ScVersionMode(void)
1281 {
1282 return snort_conf->run_mode == RUN_MODE__VERSION;
1283 }
1284
ScIdsMode(void)1285 static inline int ScIdsMode(void)
1286 {
1287 return snort_conf->run_mode == RUN_MODE__IDS;
1288 }
1289
ScPacketLogMode(void)1290 static inline int ScPacketLogMode(void)
1291 {
1292 return snort_conf->run_mode == RUN_MODE__PACKET_LOG;
1293 }
1294
ScPacketDumpMode(void)1295 static inline int ScPacketDumpMode(void)
1296 {
1297 return snort_conf->run_mode == RUN_MODE__PACKET_DUMP;
1298 }
1299
ScDaemonMode(void)1300 static inline int ScDaemonMode(void)
1301 {
1302 return snort_conf->run_flags & RUN_FLAG__DAEMON;
1303 }
1304
ScDaemonRestart(void)1305 static inline int ScDaemonRestart(void)
1306 {
1307 return snort_conf->run_flags & RUN_FLAG__DAEMON_RESTART;
1308 }
1309
ScReadMode(void)1310 static inline int ScReadMode(void)
1311 {
1312 return snort_conf->run_flags & RUN_FLAG__READ;
1313 }
1314
ScLogSyslog(void)1315 static inline int ScLogSyslog(void)
1316 {
1317 return snort_conf->logging_flags & LOGGING_FLAG__SYSLOG;
1318 }
1319
1320 #ifdef WIN32
ScLogSyslogRemote(void)1321 static inline int ScLogSyslogRemote(void)
1322 {
1323 return snort_conf->logging_flags & LOGGING_FLAG__SYSLOG_REMOTE;
1324 }
1325 #endif
1326
ScLogVerbose(void)1327 static inline int ScLogVerbose(void)
1328 {
1329 return snort_conf->logging_flags & LOGGING_FLAG__VERBOSE;
1330 }
1331
ScLogQuiet(void)1332 static inline int ScLogQuiet(void)
1333 {
1334 return snort_conf->logging_flags & LOGGING_FLAG__QUIET;
1335 }
1336
ScCheckInternalLogLevel(int level)1337 static inline int ScCheckInternalLogLevel(int level)
1338 {
1339 return internal_log_level >= level;
1340 }
1341
ScSetInternalLogLevel(int level)1342 static inline void ScSetInternalLogLevel(int level)
1343 {
1344 if (!ScLogQuiet())
1345 internal_log_level = level;
1346 }
1347
ScRestoreInternalLogLevel(void)1348 static inline void ScRestoreInternalLogLevel(void)
1349 {
1350 internal_log_level = snort_conf->internal_log_level;
1351 }
1352
ScDecoderAlerts(void)1353 static inline int ScDecoderAlerts(void)
1354 {
1355 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__DEFAULT;
1356 }
1357
ScDecoderDrops(void)1358 static inline int ScDecoderDrops(void)
1359 {
1360 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__DEFAULT;
1361 }
1362
ScDecoderOversizedAlerts(void)1363 static inline int ScDecoderOversizedAlerts(void)
1364 {
1365 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__OVERSIZED;
1366 }
1367
ScDecoderOversizedDrops(void)1368 static inline int ScDecoderOversizedDrops(void)
1369 {
1370 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__OVERSIZED;
1371 }
1372
ScDecoderIpv6BadFragAlerts(void)1373 static inline int ScDecoderIpv6BadFragAlerts(void)
1374 {
1375 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__IPV6_BAD_FRAG;
1376 }
1377
ScDecoderIpv6BadFragDrops(void)1378 static inline int ScDecoderIpv6BadFragDrops(void)
1379 {
1380 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__IPV6_BAD_FRAG;
1381 }
1382
ScDecoderIpv6BsdIcmpFragAlerts(void)1383 static inline int ScDecoderIpv6BsdIcmpFragAlerts(void)
1384 {
1385 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__IPV6_BSD_ICMP_FRAG;
1386 }
1387
ScDecoderIpv6BsdIcmpFragDrops(void)1388 static inline int ScDecoderIpv6BsdIcmpFragDrops(void)
1389 {
1390 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__IPV6_BSD_ICMP_FRAG;
1391 }
1392
ScDecoderTcpOptAlerts(void)1393 static inline int ScDecoderTcpOptAlerts(void)
1394 {
1395 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__TCP_OPT_ANOMALY;
1396 }
1397
ScDecoderTcpOptDrops(void)1398 static inline int ScDecoderTcpOptDrops(void)
1399 {
1400 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__TCP_OPT_ANOMALY;
1401 }
1402
ScDecoderTcpOptExpAlerts(void)1403 static inline int ScDecoderTcpOptExpAlerts(void)
1404 {
1405 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__TCP_EXP_OPT;
1406 }
1407
ScDecoderTcpOptExpDrops(void)1408 static inline int ScDecoderTcpOptExpDrops(void)
1409 {
1410 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__TCP_EXP_OPT;
1411 }
1412
ScDecoderTcpOptObsAlerts(void)1413 static inline int ScDecoderTcpOptObsAlerts(void)
1414 {
1415 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__TCP_OBS_OPT;
1416 }
1417
ScDecoderTcpOptObsDrops(void)1418 static inline int ScDecoderTcpOptObsDrops(void)
1419 {
1420 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__TCP_OBS_OPT;
1421 }
1422
ScDecoderTcpOptTTcpAlerts(void)1423 static inline int ScDecoderTcpOptTTcpAlerts(void)
1424 {
1425 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__TCP_TTCP_OPT;
1426 }
1427
ScDecoderTcpOptTTcpDrops(void)1428 static inline int ScDecoderTcpOptTTcpDrops(void)
1429 {
1430 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__TCP_TTCP_OPT;
1431 }
1432
ScDecoderIpOptAlerts(void)1433 static inline int ScDecoderIpOptAlerts(void)
1434 {
1435 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__IP_OPT_ANOMALY;
1436 }
1437
ScDecoderIpOptDrops(void)1438 static inline int ScDecoderIpOptDrops(void)
1439 {
1440 return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__IP_OPT_ANOMALY;
1441 }
1442
ScIpChecksums(void)1443 static inline int ScIpChecksums(void)
1444 {
1445 return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_flags & CHECKSUM_FLAG__IP;
1446 }
1447
ScIpChecksumDrops(void)1448 static inline int ScIpChecksumDrops(void)
1449 {
1450 return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_drop_flags & CHECKSUM_FLAG__IP;
1451 }
1452
ScUdpChecksums(void)1453 static inline int ScUdpChecksums(void)
1454 {
1455 return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_flags & CHECKSUM_FLAG__UDP;
1456 }
1457
ScUdpChecksumDrops(void)1458 static inline int ScUdpChecksumDrops(void)
1459 {
1460 return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_drop_flags & CHECKSUM_FLAG__UDP;
1461 }
1462
ScTcpChecksums(void)1463 static inline int ScTcpChecksums(void)
1464 {
1465 return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_flags & CHECKSUM_FLAG__TCP;
1466 }
1467
ScTcpChecksumDrops(void)1468 static inline int ScTcpChecksumDrops(void)
1469 {
1470 return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_drop_flags & CHECKSUM_FLAG__TCP;
1471 }
1472
ScIcmpChecksums(void)1473 static inline int ScIcmpChecksums(void)
1474 {
1475 return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_flags & CHECKSUM_FLAG__ICMP;
1476 }
1477
ScIcmpChecksumDrops(void)1478 static inline int ScIcmpChecksumDrops(void)
1479 {
1480 return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_drop_flags & CHECKSUM_FLAG__ICMP;
1481 }
1482
ScIgnoreTcpPort(uint16_t port)1483 static inline int ScIgnoreTcpPort(uint16_t port)
1484 {
1485 return snort_conf->ignore_ports[port] & PROTO_BIT__TCP;
1486 }
1487
ScIgnoreUdpPort(uint16_t port)1488 static inline int ScIgnoreUdpPort(uint16_t port)
1489 {
1490 return snort_conf->ignore_ports[port] & PROTO_BIT__UDP;
1491 }
1492
1493 #ifdef MPLS
ScMplsStackDepth(void)1494 static inline long int ScMplsStackDepth(void)
1495 {
1496 return snort_conf->mpls_stack_depth;
1497 }
1498
1499 #ifdef MPLS_RFC4023_SUPPORT
ScMplsPayloadCheck(uint8_t ih1,long int iRet)1500 static inline long int ScMplsPayloadCheck(uint8_t ih1, long int iRet)
1501 {
1502 // IPv4
1503 if (((ih1 & 0xF0) >> 4) == 4)
1504 return MPLS_PAYLOADTYPE_IPV4;
1505 // IPv6
1506 else if (((ih1 & 0xF0) >> 4) == 6)
1507 return MPLS_PAYLOADTYPE_IPV6;
1508 else
1509 return iRet;
1510 }
1511 #endif
1512
ScMplsPayloadType(void)1513 static inline long int ScMplsPayloadType(void)
1514 {
1515 return snort_conf->mpls_payload_type;
1516 }
1517
ScMplsOverlappingIp(void)1518 static inline int ScMplsOverlappingIp(void)
1519 {
1520 return snort_conf->run_flags & RUN_FLAG__MPLS_OVERLAPPING_IP;
1521 }
1522
ScMplsMulticast(void)1523 static inline int ScMplsMulticast(void)
1524 {
1525 return snort_conf->run_flags & RUN_FLAG__MPLS_MULTICAST;
1526 }
1527
1528 #endif
1529
ScIpv6FragTimeout(void)1530 static inline uint32_t ScIpv6FragTimeout(void)
1531 {
1532 return snort_conf->ipv6_frag_timeout;
1533 }
1534
ScIpv6MaxFragSessions(void)1535 static inline uint32_t ScIpv6MaxFragSessions(void)
1536 {
1537 return snort_conf->ipv6_max_frag_sessions;
1538 }
1539
ScMinTTL(void)1540 static inline uint8_t ScMinTTL(void)
1541 {
1542 return snort_conf->targeted_policies[getNapRuntimePolicy()]->min_ttl;
1543 }
1544
1545 #ifdef NORMALIZER
ScNewTTL(void)1546 static inline uint8_t ScNewTTL(void)
1547 {
1548 return snort_conf->targeted_policies[getNapRuntimePolicy()]->new_ttl;
1549 }
1550 #endif
1551
ScPafMax(void)1552 static inline uint32_t ScPafMax (void)
1553 {
1554 return snort_conf->paf_max;
1555 }
1556
ScPafEnabled(void)1557 static inline bool ScPafEnabled (void)
1558 {
1559 return ( ScPafMax() > 0 );
1560 }
1561
ScEventLogId(void)1562 static inline uint32_t ScEventLogId(void)
1563 {
1564 return snort_conf->event_log_id;
1565 }
1566
ScConfErrorOut(void)1567 static inline int ScConfErrorOut(void)
1568 {
1569 return snort_conf->run_flags & RUN_FLAG__CONF_ERROR_OUT;
1570 }
1571
ScAssureEstablished(void)1572 static inline int ScAssureEstablished(void)
1573 {
1574 return snort_conf->run_flags & RUN_FLAG__ASSURE_EST;
1575 }
1576
1577 /* Set if stream5 is configured */
ScStateful(void)1578 static inline int ScStateful(void)
1579 {
1580 return snort_conf->run_flags & RUN_FLAG__STATEFUL;
1581 }
1582
ScPcreMatchLimit(void)1583 static inline long int ScPcreMatchLimit(void)
1584 {
1585 return snort_conf->pcre_match_limit;
1586 }
1587
ScPcreMatchLimitRecursion(void)1588 static inline long int ScPcreMatchLimitRecursion(void)
1589 {
1590 return snort_conf->pcre_match_limit_recursion;
1591 }
1592
1593 #ifdef PERF_PROFILING
ScProfilePreprocs(void)1594 static inline int ScProfilePreprocs(void)
1595 {
1596 return snort_conf->profile_preprocs.num;
1597 }
1598
ScProfileRules(void)1599 static inline int ScProfileRules(void)
1600 {
1601 return snort_conf->profile_rules.num;
1602 }
1603 #endif
1604
ScStaticHash(void)1605 static inline int ScStaticHash(void)
1606 {
1607 return snort_conf->run_flags & RUN_FLAG__STATIC_HASH;
1608 }
1609
ScAutoGenPreprocDecoderOtns(void)1610 static inline int ScAutoGenPreprocDecoderOtns(void)
1611 {
1612 return (((snort_conf->targeted_policies[getNapRuntimePolicy()])->policy_flags) & POLICY_FLAG__AUTO_OTN );
1613 }
1614
ScProcessAllEvents(void)1615 static inline int ScProcessAllEvents(void)
1616 {
1617 return snort_conf->event_queue_config->process_all_events;
1618 }
1619
ScNapPassiveMode(void)1620 static inline int ScNapPassiveMode(void)
1621 {
1622 return (((snort_conf->targeted_policies[getNapRuntimePolicy()])->nap_policy_mode) == POLICY_MODE__PASSIVE );
1623 }
1624
ScIpsPassiveMode(void)1625 static inline int ScIpsPassiveMode(void)
1626 {
1627 return (((snort_conf->targeted_policies[getIpsRuntimePolicy()])->ips_policy_mode) == POLICY_MODE__PASSIVE );
1628 }
1629
ScAdapterPassiveMode(void)1630 static inline int ScAdapterPassiveMode(void)
1631 {
1632 return !(snort_conf->run_flags & (RUN_FLAG__INLINE | RUN_FLAG__INLINE_TEST));
1633 }
1634
ScNapInlineMode(void)1635 static inline int ScNapInlineMode(void)
1636 {
1637 return (((snort_conf->targeted_policies[getNapRuntimePolicy()])->nap_policy_mode) == POLICY_MODE__INLINE );
1638 }
1639
ScIpsInlineMode(void)1640 static inline int ScIpsInlineMode(void)
1641 {
1642 return (((snort_conf->targeted_policies[getIpsRuntimePolicy()])->ips_policy_mode) == POLICY_MODE__INLINE );
1643 }
1644
ScAdapterInlineMode(void)1645 static inline int ScAdapterInlineMode(void)
1646 {
1647 return snort_conf->run_flags & RUN_FLAG__INLINE;
1648 }
1649
ScNapInlineTestMode(void)1650 static inline int ScNapInlineTestMode(void)
1651 {
1652 return (((snort_conf->targeted_policies[getNapRuntimePolicy()])->nap_policy_mode) == POLICY_MODE__INLINE_TEST );
1653 }
1654
ScIpsInlineTestMode(void)1655 static inline int ScIpsInlineTestMode(void)
1656 {
1657 return (((snort_conf->targeted_policies[getIpsRuntimePolicy()])->ips_policy_mode) == POLICY_MODE__INLINE_TEST );
1658 }
1659
ScAdapterInlineTestMode(void)1660 static inline int ScAdapterInlineTestMode(void)
1661 {
1662 return snort_conf->run_flags & RUN_FLAG__INLINE_TEST;
1663 }
1664
ScOutputIncludeYear(void)1665 static inline int ScOutputIncludeYear(void)
1666 {
1667 return snort_conf->output_flags & OUTPUT_FLAG__INCLUDE_YEAR;
1668 }
1669
ScOutputUseUtc(void)1670 static inline int ScOutputUseUtc(void)
1671 {
1672 return snort_conf->output_flags & OUTPUT_FLAG__USE_UTC;
1673 }
1674
ScOutputDataLink(void)1675 static inline int ScOutputDataLink(void)
1676 {
1677 return snort_conf->output_flags & OUTPUT_FLAG__SHOW_DATA_LINK;
1678 }
1679
ScVerboseByteDump(void)1680 static inline int ScVerboseByteDump(void)
1681 {
1682 return snort_conf->output_flags & OUTPUT_FLAG__VERBOSE_DUMP;
1683 }
1684
ScAlertPacketCount(void)1685 static inline int ScAlertPacketCount(void)
1686 {
1687 return snort_conf->output_flags & OUTPUT_FLAG__ALERT_PKT_CNT;
1688 }
1689
ScObfuscate(void)1690 static inline int ScObfuscate(void)
1691 {
1692 return snort_conf->output_flags & OUTPUT_FLAG__OBFUSCATE;
1693 }
1694
ScOutputAppData(void)1695 static inline int ScOutputAppData(void)
1696 {
1697 return snort_conf->output_flags & OUTPUT_FLAG__APP_DATA;
1698 }
1699
ScOutputCharData(void)1700 static inline int ScOutputCharData(void)
1701 {
1702 return snort_conf->output_flags & OUTPUT_FLAG__CHAR_DATA;
1703 }
1704
ScAlertInterface(void)1705 static inline int ScAlertInterface(void)
1706 {
1707 return snort_conf->output_flags & OUTPUT_FLAG__ALERT_IFACE;
1708 }
1709
ScNoOutputTimestamp(void)1710 static inline int ScNoOutputTimestamp(void)
1711 {
1712 return snort_conf->output_flags & OUTPUT_FLAG__NO_TIMESTAMP;
1713 }
1714
ScLineBufferedLogging(void)1715 static inline int ScLineBufferedLogging(void)
1716 {
1717 return snort_conf->output_flags & OUTPUT_FLAG__LINE_BUFFER;
1718 }
1719
ScDefaultRuleState(void)1720 static inline int ScDefaultRuleState(void)
1721 {
1722 return snort_conf->default_rule_state;
1723 }
1724
ScRequireRuleSid(void)1725 static inline int ScRequireRuleSid(void)
1726 {
1727 return snort_conf->run_flags & RUN_FLAG__REQUIRE_RULE_SID;
1728 }
1729
1730 #ifdef INLINE_FAILOPEN
ScDisableInlineFailopen(void)1731 static inline int ScDisableInlineFailopen(void)
1732 {
1733 return snort_conf->run_flags & RUN_FLAG__DISABLE_FAILOPEN;
1734 }
1735 #endif
1736
ScNoLockPidFile(void)1737 static inline int ScNoLockPidFile(void)
1738 {
1739 return snort_conf->run_flags & RUN_FLAG__NO_LOCK_PID_FILE;
1740 }
1741
ScTaggedPacketLimit(void)1742 static inline long int ScTaggedPacketLimit(void)
1743 {
1744 return snort_conf->tagged_packet_limit;
1745 }
1746
ScCreatePidFile(void)1747 static inline int ScCreatePidFile(void)
1748 {
1749 return snort_conf->run_flags & RUN_FLAG__CREATE_PID_FILE;
1750 }
1751
ScNoInterfacePidFile(void)1752 static inline int ScNoInterfacePidFile(void)
1753 {
1754 return snort_conf->run_flags & RUN_FLAG__NO_IFACE_PID_FILE;
1755 }
1756
ScPcapShow(void)1757 static inline int ScPcapShow(void)
1758 {
1759 return snort_conf->run_flags & RUN_FLAG__PCAP_SHOW;
1760 }
1761
ScPcapReset(void)1762 static inline int ScPcapReset(void)
1763 {
1764 return snort_conf->run_flags & RUN_FLAG__PCAP_RESET;
1765 }
1766
1767 #ifndef NO_NON_ETHER_DECODER
ScOutputWifiMgmt(void)1768 static inline int ScOutputWifiMgmt(void)
1769 {
1770 return snort_conf->output_flags & OUTPUT_FLAG__SHOW_WIFI_MGMT;
1771 }
1772 #endif
1773
1774 #ifdef TARGET_BASED
ScMaxAttrHosts(SnortConfig * sc)1775 static inline uint32_t ScMaxAttrHosts(SnortConfig *sc)
1776 {
1777 return sc->max_attribute_hosts;
1778 }
1779
ScMaxAttrServicesPerHost(void)1780 static inline uint32_t ScMaxAttrServicesPerHost(void)
1781 {
1782 return snort_conf->max_attribute_services_per_host;
1783 }
1784
ScDisableAttrReload(SnortConfig * sc)1785 static inline int ScDisableAttrReload(SnortConfig *sc)
1786 {
1787 return sc->run_flags & RUN_FLAG__DISABLE_ATTRIBUTE_RELOAD_THREAD;
1788 }
1789 #endif
1790
ScTreatDropAsAlert(void)1791 static inline int ScTreatDropAsAlert(void)
1792 {
1793 return snort_conf->run_flags & RUN_FLAG__TREAT_DROP_AS_ALERT;
1794 }
1795
ScTreatDropAsIgnore(void)1796 static inline int ScTreatDropAsIgnore(void)
1797 {
1798 return snort_conf->run_flags & RUN_FLAG__TREAT_DROP_AS_IGNORE;
1799 }
1800
ScAlertBeforePass(void)1801 static inline int ScAlertBeforePass(void)
1802 {
1803 return snort_conf->run_flags & RUN_FLAG__ALERT_BEFORE_PASS;
1804 }
1805
ScNoPcre(void)1806 static inline int ScNoPcre(void)
1807 {
1808 return snort_conf->run_flags & RUN_FLAG__NO_PCRE;
1809 }
1810
ScGetEvalIndex(RuleType type)1811 static inline int ScGetEvalIndex(RuleType type)
1812 {
1813 return snort_conf->evalOrder[type];
1814 }
1815
ScNoLog(void)1816 static inline int ScNoLog(void)
1817 {
1818 return snort_conf->no_log;
1819 }
1820
ScNoAlert(void)1821 static inline int ScNoAlert(void)
1822 {
1823 return snort_conf->no_alert;
1824 }
1825
1826 #if defined(WIN32) && defined(ENABLE_WIN32_SERVICE)
ScTerminateService(void)1827 static inline int ScTerminateService(void)
1828 {
1829 return snort_conf->run_flags & RUN_FLAG__TERMINATE_SERVICE;
1830 }
1831
ScPauseService(void)1832 static inline int ScPauseService(void)
1833 {
1834 return snort_conf->run_flags & RUN_FLAG__PAUSE_SERVICE;
1835 }
1836 #endif
1837
ScUid(void)1838 static inline int ScUid(void)
1839 {
1840 return snort_conf->user_id;
1841 }
1842
ScGid(void)1843 static inline int ScGid(void)
1844 {
1845 return snort_conf->group_id;
1846 }
1847
ScPcapLogFile(void)1848 static inline char * ScPcapLogFile(void)
1849 {
1850 return snort_conf->pcap_log_file;
1851 }
1852
1853 #ifdef SIDE_CHANNEL
ScSideChannelEnabled(void)1854 static inline int ScSideChannelEnabled(void)
1855 {
1856 return snort_conf->side_channel_config.enabled;
1857 }
1858 #endif
1859
1860 // use of macro avoids depending on generators.h
1861 #define EventIsInternal(gid) (gid == GENERATOR_INTERNAL)
1862
EnableInternalEvent(RateFilterConfig * config,uint32_t sid)1863 static inline void EnableInternalEvent(RateFilterConfig *config, uint32_t sid)
1864 {
1865 if (config == NULL)
1866 return;
1867
1868 config->internal_event_mask |= (1 << sid);
1869 }
1870
InternalEventIsEnabled(RateFilterConfig * config,uint32_t sid)1871 static inline int InternalEventIsEnabled(RateFilterConfig *config, uint32_t sid)
1872 {
1873 if (config == NULL)
1874 return 0;
1875
1876 return (config->internal_event_mask & (1 << sid));
1877 }
1878
ScIsPreprocEnabled(uint32_t preproc_id,tSfPolicyId policy_id)1879 static inline int ScIsPreprocEnabled(uint32_t preproc_id, tSfPolicyId policy_id)
1880 {
1881 SnortPolicy *policy;
1882
1883 if (policy_id >= snort_conf->num_policies_allocated)
1884 return 0;
1885
1886 policy = snort_conf->targeted_policies[policy_id];
1887 if (policy == NULL)
1888 return 0;
1889
1890 if (policy->preproc_bit_mask & (UINT64_C(1) << preproc_id))
1891 return 1;
1892
1893 return 0;
1894 }
1895
ScDeepTeredoInspection(void)1896 static inline int ScDeepTeredoInspection(void)
1897 {
1898 return snort_conf->enable_teredo;
1899 }
1900
ScGTPDecoding(void)1901 static inline int ScGTPDecoding(void)
1902 {
1903 return snort_conf->enable_gtp;
1904 }
1905
ScIsGTPPort(uint16_t port)1906 static inline int ScIsGTPPort(uint16_t port)
1907 {
1908 return snort_conf->gtp_ports[port];
1909 }
1910
ScESPDecoding(void)1911 static inline int ScESPDecoding(void)
1912 {
1913 return snort_conf->enable_esp;
1914 }
1915
ScVlanAgnostic(void)1916 static inline int ScVlanAgnostic(void)
1917 {
1918 return snort_conf->vlan_agnostic;
1919 }
1920
ScAddressSpaceAgnostic(void)1921 static inline int ScAddressSpaceAgnostic(void)
1922 {
1923 return snort_conf->addressspace_agnostic;
1924 }
1925
ScLogIPv6Extra(void)1926 static inline int ScLogIPv6Extra(void)
1927 {
1928 return snort_conf->log_ipv6_extra;
1929 }
1930
ScSoRuleMemcap(void)1931 static inline uint32_t ScSoRuleMemcap(void)
1932 {
1933 return snort_conf->so_rule_memcap;
1934 }
1935
ScTunnelBypassEnabled(uint8_t proto)1936 static inline bool ScTunnelBypassEnabled (uint8_t proto)
1937 {
1938 return !(snort_conf->tunnel_mask & proto);
1939 }
1940
ScMaxIP6Extensions(void)1941 static inline uint8_t ScMaxIP6Extensions(void)
1942 {
1943 return snort_conf->max_ip6_extensions;
1944 }
1945
ScSuppressConfigLog(void)1946 static inline int ScSuppressConfigLog(void)
1947 {
1948 return snort_conf->suppress_config_log;
1949 }
1950
ScDisableReplaceOpt(void)1951 static inline int ScDisableReplaceOpt(void)
1952 {
1953 return snort_conf->disable_replace_opt;
1954 }
1955
ScIpsInlineModeNewConf(SnortConfig * sc)1956 static inline int ScIpsInlineModeNewConf (SnortConfig * sc)
1957 {
1958 return (((sc->targeted_policies[getParserPolicy(sc)])->ips_policy_mode) == POLICY_MODE__INLINE );
1959 }
1960
ScAdapterInlineModeNewConf(SnortConfig * sc)1961 static inline int ScAdapterInlineModeNewConf (SnortConfig * sc)
1962 {
1963 return sc->run_flags & RUN_FLAG__INLINE;
1964 }
1965
ScTreatDropAsIgnoreNewConf(SnortConfig * sc)1966 static inline int ScTreatDropAsIgnoreNewConf (SnortConfig * sc)
1967 {
1968 return sc->run_flags & RUN_FLAG__TREAT_DROP_AS_IGNORE;
1969 }
1970
ScIpsInlineTestModeNewConf(SnortConfig * sc)1971 static inline int ScIpsInlineTestModeNewConf (SnortConfig * sc)
1972 {
1973 return (((sc->targeted_policies[getParserPolicy(sc)])->ips_policy_mode) == POLICY_MODE__INLINE_TEST );
1974 }
1975
ScAdapterInlineTestModeNewConf(SnortConfig * sc)1976 static inline int ScAdapterInlineTestModeNewConf (SnortConfig * sc)
1977 {
1978 return sc->run_flags & RUN_FLAG__INLINE_TEST;
1979 }
1980
ScTestModeNewConf(SnortConfig * sc)1981 static inline int ScTestModeNewConf (SnortConfig * sc)
1982 {
1983 return sc->run_mode == RUN_MODE__TEST;
1984 }
1985
ScConfErrorOutNewConf(SnortConfig * sc)1986 static inline int ScConfErrorOutNewConf (SnortConfig * sc)
1987 {
1988 return sc->run_flags & RUN_FLAG__CONF_ERROR_OUT;
1989 }
1990
ScDefaultRuleStateNewConf(SnortConfig * sc)1991 static inline int ScDefaultRuleStateNewConf (SnortConfig * sc)
1992 {
1993 return sc->default_rule_state;
1994 }
1995
ScRequireRuleSidNewConf(SnortConfig * sc)1996 static inline int ScRequireRuleSidNewConf (SnortConfig * sc)
1997 {
1998 return sc->run_flags & RUN_FLAG__REQUIRE_RULE_SID;
1999 }
2000
ScTreatDropAsAlertNewConf(SnortConfig * sc)2001 static inline int ScTreatDropAsAlertNewConf (SnortConfig * sc)
2002 {
2003 return sc->run_flags & RUN_FLAG__TREAT_DROP_AS_ALERT;
2004 }
2005
ScSuppressConfigLogNewConf(SnortConfig * sc)2006 static inline int ScSuppressConfigLogNewConf (SnortConfig* sc)
2007 {
2008 return sc->suppress_config_log;
2009 }
2010
ScLogQuietNewConf(SnortConfig * sc)2011 static inline int ScLogQuietNewConf (SnortConfig* sc)
2012 {
2013 return sc->logging_flags & LOGGING_FLAG__QUIET;
2014 }
2015
ScSetInternalLogLevelNewConf(SnortConfig * sc,int level)2016 static inline void ScSetInternalLogLevelNewConf (SnortConfig* sc, int level)
2017 {
2018 if (!ScLogQuietNewConf(sc))
2019 internal_log_level = level;
2020 }
2021
ScRestoreInternalLogLevelNewConf(SnortConfig * sc)2022 static inline void ScRestoreInternalLogLevelNewConf (SnortConfig* sc)
2023 {
2024 internal_log_level = sc->internal_log_level;
2025 }
2026
ScPcreMatchLimitNewConf(SnortConfig * sc)2027 static inline long int ScPcreMatchLimitNewConf (SnortConfig *sc)
2028 {
2029 return sc->pcre_match_limit;
2030 }
2031
ScPcreMatchLimitRecursionNewConf(SnortConfig * sc)2032 static inline long int ScPcreMatchLimitRecursionNewConf (SnortConfig *sc)
2033 {
2034 return sc->pcre_match_limit_recursion;
2035 }
2036
ScNoOutputTimestampNewConf(SnortConfig * sc)2037 static inline int ScNoOutputTimestampNewConf (SnortConfig *sc)
2038 {
2039 return sc->output_flags & OUTPUT_FLAG__NO_TIMESTAMP;
2040 }
2041
ScNapPassiveModeNewConf(SnortConfig * sc)2042 static inline int ScNapPassiveModeNewConf (SnortConfig* sc)
2043 {
2044 return (((sc->targeted_policies[getParserPolicy(sc)])->nap_policy_mode) == POLICY_MODE__PASSIVE );
2045 }
2046
ScNapInlineTestModeNewConf(SnortConfig * sc)2047 static inline int ScNapInlineTestModeNewConf (SnortConfig* sc)
2048 {
2049 return (((sc->targeted_policies[getParserPolicy(sc)])->nap_policy_mode) == POLICY_MODE__INLINE_TEST );
2050 }
2051
ScPafMaxNewConf(SnortConfig * sc)2052 static inline uint32_t ScPafMaxNewConf (SnortConfig *sc)
2053 {
2054 return sc->paf_max;
2055 }
2056
ScPafEnabledNewConf(SnortConfig * sc)2057 static inline bool ScPafEnabledNewConf (SnortConfig *sc)
2058 {
2059 return ( ScPafMaxNewConf(sc) > 0 );
2060 }
2061 #if defined(DAQ_CAPA_CST_TIMEOUT)
GetTimeout(Packet * p,uint64_t * timeout)2062 static inline uint64_t GetTimeout( Packet *p, uint64_t *timeout)
2063 {
2064 DAQ_QueryFlow_t query;
2065 int rval;
2066 query.type = DAQ_QUERYFLOW_TYPE_TIMEOUT_VAL;
2067 query.length = sizeof(uint64_t);
2068 query.value = timeout;
2069 rval = DAQ_QueryFlow( p->pkth, &query);
2070
2071 if(rval != DAQ_SUCCESS)
2072 *timeout = 1;
2073
2074 return 1;
2075 }
2076 #endif /* query flow */
2077 #endif /* __SNORT_H__ */
2078
2079