1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved. 3 // Copyright (C) 2013-2013 Sourcefire, Inc. 4 // 5 // This program is free software; you can redistribute it and/or modify it 6 // under the terms of the GNU General Public License Version 2 as published 7 // by the Free Software Foundation. You may not use, modify or distribute 8 // this program under any other version of the GNU General Public License. 9 // 10 // This program is distributed in the hope that it will be useful, but 11 // WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 // General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License along 16 // with this program; if not, write to the Free Software Foundation, Inc., 17 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 //-------------------------------------------------------------------------- 19 20 #ifndef SNORT_CONFIG_H 21 #define SNORT_CONFIG_H 22 23 // SnortConfig encapsulates all data loaded from the config files. 24 // FIXIT-L privatize most of this stuff. 25 26 #include <sys/types.h> 27 28 #include <list> 29 #include <unordered_map> 30 #include <vector> 31 32 #include "actions/actions.h" 33 #include "events/event_queue.h" 34 #include "framework/bits.h" 35 #include "helpers/scratch_allocator.h" 36 #include "main/policy.h" 37 #include "main/thread.h" 38 #include "sfip/sf_cidr.h" 39 40 #define DEFAULT_LOG_DIR "." 41 42 enum RunFlag 43 { 44 RUN_FLAG__READ = 0x00000001, 45 RUN_FLAG__DAEMON = 0x00000002, 46 RUN_FLAG__DUMP_MSG_MAP = 0x00000004, 47 RUN_FLAG__DUMP_RULE_META = 0x00000008, 48 49 RUN_FLAG__INLINE = 0x00000010, 50 RUN_FLAG__STATIC_HASH = 0x00000020, 51 RUN_FLAG__CREATE_PID_FILE = 0x00000040, 52 RUN_FLAG__NO_LOCK_PID_FILE = 0x00000080, 53 54 RUN_FLAG__ALERT_BEFORE_PASS = 0x00000100, 55 RUN_FLAG__CONF_ERROR_OUT = 0x00000200, 56 RUN_FLAG__PROCESS_ALL_EVENTS = 0x00000400, 57 RUN_FLAG__INLINE_TEST = 0x00000800, 58 59 RUN_FLAG__PCAP_SHOW = 0x00001000, 60 RUN_FLAG__SHOW_FILE_CODES = 0x00002000, 61 RUN_FLAG__PAUSE = 0x00004000, 62 RUN_FLAG__NO_PCRE = 0x00008000, 63 64 /* If stream is configured, the STATEFUL flag is set. This is 65 * somewhat misnamed and is used to assure a session is established */ 66 RUN_FLAG__ASSURE_EST = 0x00010000, 67 RUN_FLAG__DUMP_RULE_DEPS = 0x00020000, 68 RUN_FLAG__TEST = 0x00040000, 69 RUN_FLAG__MEM_CHECK = 0x00080000, 70 71 RUN_FLAG__TRACK_ON_SYN = 0x00100000, 72 RUN_FLAG__IP_FRAGS_ONLY = 0x00200000, 73 RUN_FLAG__DUMP_RULE_STATE = 0x00400000, 74 75 RUN_FLAG__TEST_FEATURES = 0x00800000, 76 77 #ifdef SHELL 78 RUN_FLAG__SHELL = 0x01000000, 79 #endif 80 #ifdef PIGLET 81 RUN_FLAG__PIGLET = 0x02000000, 82 #endif 83 }; 84 85 enum OutputFlag 86 { 87 OUTPUT_FLAG__LINE_BUFFER = 0x00000001, 88 OUTPUT_FLAG__VERBOSE_DUMP = 0x00000002, 89 OUTPUT_FLAG__CHAR_DATA = 0x00000004, 90 OUTPUT_FLAG__APP_DATA = 0x00000008, 91 92 OUTPUT_FLAG__SHOW_DATA_LINK = 0x00000010, 93 OUTPUT_FLAG__USE_UTC = 0x00000020, 94 OUTPUT_FLAG__INCLUDE_YEAR = 0x00000040, 95 /* Note using this alters the packet - can't be used inline */ 96 OUTPUT_FLAG__OBFUSCATE = 0x00000080, 97 98 OUTPUT_FLAG__ALERT_IFACE = 0x00000100, 99 OUTPUT_FLAG__NO_TIMESTAMP = 0x00000200, 100 OUTPUT_FLAG__ALERTS = 0x00000400, 101 OUTPUT_FLAG__WIDE_HEX = 0x00000800, 102 103 OUTPUT_FLAG__ALERT_REFS = 0x00001000, 104 }; 105 106 enum LoggingFlag 107 { 108 LOGGING_FLAG__VERBOSE = 0x00000001, 109 LOGGING_FLAG__QUIET = 0x00000002, 110 LOGGING_FLAG__SYSLOG = 0x00000004, 111 LOGGING_FLAG__SHOW_PLUGINS = 0x00000008, 112 }; 113 114 enum TunnelFlags 115 { 116 TUNNEL_GTP = 0x01, 117 TUNNEL_TEREDO = 0x02, 118 TUNNEL_6IN4 = 0x04, 119 TUNNEL_4IN6 = 0x08, 120 TUNNEL_4IN4 = 0x10, 121 TUNNEL_6IN6 = 0x20, 122 TUNNEL_GRE = 0x40, 123 TUNNEL_MPLS = 0x80, 124 TUNNEL_VXLAN = 0x100, 125 TUNNEL_GENEVE = 0x200 126 }; 127 128 enum DumpConfigType 129 { 130 DUMP_CONFIG_NONE = 0, 131 DUMP_CONFIG_JSON_ALL, 132 DUMP_CONFIG_JSON_TOP, 133 DUMP_CONFIG_TEXT 134 }; 135 136 class ConfigOutput; 137 class FastPatternConfig; 138 class RuleStateMap; 139 class TraceConfig; 140 141 struct srmm_table_t; 142 struct sopg_table_t; 143 struct ClassType; 144 struct DetectionFilterConfig; 145 struct EventQueueConfig; 146 struct FrameworkConfig; 147 struct HighAvailabilityConfig; 148 struct IpsActionsConfig; 149 struct LatencyConfig; 150 struct MemoryConfig; 151 struct PayloadInjectorConfig; 152 struct PHInstance; 153 struct Plugins; 154 struct PORT_RULE_MAP; 155 struct RateFilterConfig; 156 struct ReferenceSystem; 157 struct RuleListNode; 158 struct RulePortTables; 159 struct SFDAQConfig; 160 struct SoRules; 161 struct ThresholdConfig; 162 163 namespace snort 164 { 165 class GHash; 166 class PolicySelector; 167 class ProtocolReference; 168 class ThreadConfig; 169 class XHash; 170 struct ProfilerConfig; 171 172 class ReloadResourceTuner 173 { 174 public: 175 static const unsigned RELOAD_MAX_WORK_PER_PACKET = 3; 176 // be aggressive when idle as analyzer gets chance once in every second only due to daq timeout 177 static const unsigned RELOAD_MAX_WORK_WHEN_IDLE = 32767; 178 179 virtual ~ReloadResourceTuner() = default; 180 181 // returns true if resource tuning required, false otherwise 182 virtual bool tinit() = 0; 183 184 // each of these returns true if resource tuning is complete, false otherwise 185 virtual bool tune_packet_context() = 0; 186 virtual bool tune_idle_context() = 0; 187 188 protected: 189 ReloadResourceTuner() = default; 190 191 unsigned max_work = RELOAD_MAX_WORK_PER_PACKET; 192 unsigned max_work_idle = RELOAD_MAX_WORK_WHEN_IDLE; 193 }; 194 195 struct SnortConfig 196 { 197 private: 198 void init(const SnortConfig* const, ProtocolReference*, const char* exclude_name); 199 200 public: 201 SnortConfig(const SnortConfig* const other_conf = nullptr, const char* exclude_name = nullptr); 202 SnortConfig(ProtocolReference* protocol_reference); 203 ~SnortConfig(); 204 205 SnortConfig(const SnortConfig&) = delete; 206 207 void setup(); 208 void post_setup(); 209 bool verify() const; 210 211 void merge(const SnortConfig*); 212 void clone(const SnortConfig* const); 213 214 private: 215 static uint32_t logging_flags; 216 217 public: 218 static uint32_t warning_flags; 219 220 //------------------------------------------------------ 221 // alert module stuff 222 std::string rule_order; 223 224 SfCidr homenet; 225 226 //------------------------------------------------------ 227 // output module stuff 228 #ifdef REG_TEST 229 // FIXIT-M builtin modules should set SnortConfig defaults instead 230 uint32_t output_flags = OUTPUT_FLAG__WIDE_HEX; 231 #else 232 uint32_t output_flags = 0; 233 #endif 234 uint32_t tagged_packet_limit = 256; 235 uint16_t event_trace_max = 0; 236 237 std::string log_dir; 238 239 //------------------------------------------------------ 240 // daq stuff 241 SFDAQConfig* daq_config; 242 243 //------------------------------------------------------ 244 // detection module stuff 245 // FIXIT-L pcre_match_limit* are interdependent 246 // somehow a packet thread needs a much lower setting 247 long int pcre_match_limit = 1500; 248 long int pcre_match_limit_recursion = 1500; 249 250 int pcre_ovector_size = 0; 251 bool pcre_override = true; 252 253 int asn1_mem = 0; 254 uint32_t run_flags = 0; 255 256 unsigned offload_limit = 99999; // disabled 257 unsigned offload_threads = 0; // disabled 258 259 bool hyperscan_literals = false; 260 bool pcre_to_regex = false; 261 262 bool global_rule_state = false; 263 bool global_default_rule_state = true; 264 bool allow_missing_so_rules = false; 265 266 //------------------------------------------------------ 267 // process stuff 268 269 // user_id and group_id should be initialized to -1 by default, because 270 // chown() use this later, -1 means no change to user_id/group_id 271 int user_id = -1; 272 int group_id = -1; 273 274 bool dirty_pig = false; 275 276 std::string chroot_dir; /* -t or config chroot */ 277 std::string include_path; 278 std::string plugin_path; 279 std::string rule_db_dir; 280 std::vector<std::string> script_paths; 281 282 mode_t file_mask = 0; 283 284 //------------------------------------------------------ 285 // decode module stuff 286 uint8_t num_layers = 0; 287 uint8_t max_ip6_extensions = 0; 288 uint8_t max_ip_layers = 0; 289 290 bool enable_esp = false; 291 bool address_anomaly_check_enabled = false; 292 293 //------------------------------------------------------ 294 // active stuff 295 uint8_t respond_attempts = 0; 296 uint8_t max_responses = 0; 297 uint8_t min_interval = 0; 298 uint8_t* eth_dst = nullptr; 299 300 std::string respond_device; 301 std::string output; 302 303 //------------------------------------------------------ 304 // attribute tables stuff 305 std::string attribute_hosts_file; 306 uint32_t max_attribute_hosts = 0; 307 uint32_t max_attribute_services_per_host = 0; 308 uint32_t max_metadata_services = 0; 309 310 //------------------------------------------------------ 311 // packet module stuff 312 bool asid_agnostic = false; 313 bool mpls_agnostic = true; 314 bool vlan_agnostic = false; 315 316 uint64_t pkt_cnt = 0; /* -n */ 317 uint64_t pkt_skip = 0; 318 uint64_t pkt_pause_cnt = 0; 319 320 std::string bpf_file; /* -F or config bpf_file */ 321 322 //------------------------------------------------------ 323 // various modules 324 FastPatternConfig* fast_pattern_config = nullptr; 325 EventQueueConfig* event_queue_config = nullptr; 326 PayloadInjectorConfig* payload_injector_config = nullptr; 327 328 /* policy specific? */ 329 ThresholdConfig* threshold_config = nullptr; 330 RateFilterConfig* rate_filter_config = nullptr; 331 DetectionFilterConfig* detection_filter_config = nullptr; 332 333 //------------------------------------------------------ 334 // FIXIT-L command line only stuff, add to conf / module 335 336 uint16_t event_log_id = 0; 337 SfCidr obfuscation_net; 338 std::string bpf_filter; 339 std::string metadata_filter; 340 341 //------------------------------------------------------ 342 // FIXIT-L non-module stuff - separate config from derived state? 343 std::string run_prefix; 344 uint16_t id_offset = 0; 345 bool id_subdir = false; 346 bool id_zero = false; 347 348 bool stdin_rules = false; 349 350 std::string pid_filename; 351 std::string orig_log_dir; /* set in case of chroot */ 352 353 int thiszone = 0; 354 355 std::unordered_map<std::string, ClassType*> classifications; 356 std::unordered_map<std::string, ReferenceSystem*> references; 357 358 RuleStateMap* rule_states = nullptr; 359 GHash* otn_map = nullptr; 360 361 ProtocolReference* proto_ref = nullptr; 362 363 unsigned num_rule_types = 0; 364 RuleListNode* rule_lists = nullptr; 365 int* evalOrder = nullptr; 366 367 IpsActionsConfig* ips_actions_config = nullptr; 368 FrameworkConfig* framework_config = nullptr; 369 370 /* master port list table */ 371 RulePortTables* port_tables = nullptr; 372 373 /* The port-rule-maps map the src-dst ports to rules for 374 * udp and tcp, for Ip we map the dst port as the protocol, 375 * and for Icmp we map the dst port to the Icmp type. This 376 * allows us to use the decode packet information to in O(1) 377 * select a group of rules to apply to the packet. These 378 * rules may or may not have content. We process the content 379 * 1st and then the no content rules for udp/tcp and icmp, and 380 * then we process the ip rules. */ 381 PORT_RULE_MAP* prmIpRTNX = nullptr; 382 PORT_RULE_MAP* prmIcmpRTNX = nullptr; 383 PORT_RULE_MAP* prmTcpRTNX = nullptr; 384 PORT_RULE_MAP* prmUdpRTNX = nullptr; 385 386 srmm_table_t* srmmTable = nullptr; /* srvc rule map master table */ 387 srmm_table_t* spgmmTable = nullptr; /* srvc port_group map master table */ 388 sopg_table_t* sopgTable = nullptr; /* service-ordinal to port_group table */ 389 390 XHash* detection_option_hash_table = nullptr; 391 XHash* detection_option_tree_hash_table = nullptr; 392 XHash* rtn_hash_table = nullptr; 393 394 PolicyMap* policy_map = nullptr; 395 std::string tweaks; 396 397 PolicySelector* global_selector = nullptr; 398 PHInstance* flow_tracking = nullptr; 399 PHInstance* removed_flow_tracking = nullptr; 400 401 uint16_t tunnel_mask = 0; 402 403 int16_t max_aux_ip = 16; 404 405 // FIXIT-L this is temporary for legacy paf_max required only for HI; 406 // it is not appropriate for multiple stream_tcp with different 407 // paf_max; the HI splitter should pull from there 408 unsigned max_pdu = 16384; 409 410 //------------------------------------------------------ 411 ProfilerConfig* profiler = nullptr; 412 LatencyConfig* latency = nullptr; 413 414 unsigned remote_control_port = 0; 415 std::string remote_control_socket; 416 417 MemoryConfig* memory = nullptr; 418 //------------------------------------------------------ 419 420 std::vector<ScratchAllocator*> scratchers; 421 std::vector<void *>* state = nullptr; 422 unsigned num_slots = 0; 423 424 ThreadConfig* thread_config; 425 HighAvailabilityConfig* ha_config = nullptr; 426 TraceConfig* trace_config = nullptr; 427 428 // TraceConfig instance which used by TraceSwap control channel command 429 TraceConfig* overlay_trace_config = nullptr; 430 431 //------------------------------------------------------ 432 //Reload inspector related 433 434 bool cloned = false; 435 Plugins* plugins = nullptr; 436 SoRules* so_rules = nullptr; 437 unsigned reload_id = 0; 438 439 DumpConfigType dump_config_type = DUMP_CONFIG_NONE; 440 private: 441 std::list<ReloadResourceTuner*> reload_tuners; 442 443 public: 444 //------------------------------------------------------ 445 // decoding related get_num_layersSnortConfig446 uint8_t get_num_layers() const 447 { return num_layers; } 448 449 // curr_layer is the zero based ip6 options hit_ip6_maxoptsSnortConfig450 bool hit_ip6_maxopts(uint8_t curr_opt) const 451 { return max_ip6_extensions && (curr_opt >= max_ip6_extensions); } 452 453 // curr_ip is the zero based ip layer hit_ip_maxlayersSnortConfig454 bool hit_ip_maxlayers(uint8_t curr_ip) const 455 { return max_ip_layers && (curr_ip >= max_ip_layers); } 456 457 //------------------------------------------------------ 458 // Non-static mutator methods 459 460 void add_plugin_path(const char*); 461 void add_script_path(const char*); 462 void enable_syslog(); 463 void set_alert_before_pass(bool); 464 void set_alert_mode(const char*); 465 void set_chroot_dir(const char*); 466 void set_create_pid_file(bool); 467 void set_daemon(bool); 468 void set_decode_data_link(bool); 469 void set_dirty_pig(bool); 470 void set_dst_mac(const char*); 471 void set_dump_chars_only(bool); 472 void set_dump_payload(bool); 473 void set_dump_payload_verbose(bool); 474 void set_gid(const char*); 475 void set_log_dir(const char*); 476 void set_log_mode(const char*); 477 void set_no_logging_timestamps(bool); 478 void set_obfuscate(bool); 479 void set_obfuscation_mask(const char*); 480 void set_include_path(const char*); 481 void set_process_all_events(bool); 482 void set_rule_db_dir(const char*); 483 void set_show_year(bool); 484 void set_tunnel_verdicts(const char*); 485 void set_tweaks(const char*); 486 void set_uid(const char*); 487 void set_umask(uint32_t); 488 void set_utc(bool); 489 void set_overlay_trace_config(TraceConfig*); 490 SO_PUBLIC bool set_latency_enable(); 491 492 //------------------------------------------------------ 493 // accessor methods 494 esp_decodingSnortConfig495 bool esp_decoding() const 496 { return enable_esp; } 497 is_address_anomaly_check_enabledSnortConfig498 bool is_address_anomaly_check_enabled() const 499 { return address_anomaly_check_enabled; } 500 aux_ip_is_enabledSnortConfig501 bool aux_ip_is_enabled() const 502 { return max_aux_ip >= 0; } 503 504 // mode related dump_config_modeSnortConfig505 bool dump_config_mode() const 506 { return dump_config_type > DUMP_CONFIG_NONE; } 507 dump_msg_mapSnortConfig508 bool dump_msg_map() const 509 { return run_flags & RUN_FLAG__DUMP_MSG_MAP; } 510 dump_rule_metaSnortConfig511 bool dump_rule_meta() const 512 { return run_flags & RUN_FLAG__DUMP_RULE_META; } 513 dump_rule_stateSnortConfig514 bool dump_rule_state() const 515 { return run_flags & RUN_FLAG__DUMP_RULE_STATE; } 516 dump_rule_depsSnortConfig517 bool dump_rule_deps() const 518 { return run_flags & RUN_FLAG__DUMP_RULE_DEPS; } 519 dump_rule_infoSnortConfig520 bool dump_rule_info() const 521 { return dump_msg_map() or dump_rule_meta() or dump_rule_deps() or dump_rule_state(); } 522 test_modeSnortConfig523 bool test_mode() const 524 { return run_flags & RUN_FLAG__TEST; } 525 mem_checkSnortConfig526 bool mem_check() const 527 { return run_flags & RUN_FLAG__MEM_CHECK; } 528 daemon_modeSnortConfig529 bool daemon_mode() const 530 { return run_flags & RUN_FLAG__DAEMON; } 531 read_modeSnortConfig532 bool read_mode() const 533 { return run_flags & RUN_FLAG__READ; } 534 inline_modeSnortConfig535 bool inline_mode() const 536 { return get_ips_policy()->policy_mode == POLICY_MODE__INLINE; } 537 inline_test_modeSnortConfig538 bool inline_test_mode() const 539 { return get_ips_policy()->policy_mode == POLICY_MODE__INLINE_TEST; } 540 passive_modeSnortConfig541 bool passive_mode() const 542 { return get_ips_policy()->policy_mode == POLICY_MODE__PASSIVE; } 543 show_file_codesSnortConfig544 bool show_file_codes() const 545 { return run_flags & RUN_FLAG__SHOW_FILE_CODES; } 546 adaptor_inline_modeSnortConfig547 bool adaptor_inline_mode() const 548 { return run_flags & RUN_FLAG__INLINE; } 549 adaptor_inline_test_modeSnortConfig550 bool adaptor_inline_test_mode() const 551 { return run_flags & RUN_FLAG__INLINE_TEST; } 552 553 // event stuff get_event_log_idSnortConfig554 uint16_t get_event_log_id() const 555 { return event_log_id; } 556 process_all_eventsSnortConfig557 bool process_all_events() const 558 { return event_queue_config->process_all_events; } 559 get_eval_indexSnortConfig560 int get_eval_index(Actions::Type type) const 561 { return evalOrder[type]; } 562 563 // output stuff output_include_yearSnortConfig564 bool output_include_year() const 565 { return output_flags & OUTPUT_FLAG__INCLUDE_YEAR; } 566 output_use_utcSnortConfig567 bool output_use_utc() const 568 { return output_flags & OUTPUT_FLAG__USE_UTC; } 569 output_datalinkSnortConfig570 bool output_datalink() const 571 { return output_flags & OUTPUT_FLAG__SHOW_DATA_LINK; } 572 verbose_byte_dumpSnortConfig573 bool verbose_byte_dump() const 574 { return output_flags & OUTPUT_FLAG__VERBOSE_DUMP; } 575 obfuscateSnortConfig576 bool obfuscate() const 577 { return output_flags & OUTPUT_FLAG__OBFUSCATE; } 578 output_app_dataSnortConfig579 bool output_app_data() const 580 { return output_flags & OUTPUT_FLAG__APP_DATA; } 581 output_char_dataSnortConfig582 bool output_char_data() const 583 { return output_flags & OUTPUT_FLAG__CHAR_DATA; } 584 alert_interfaceSnortConfig585 bool alert_interface() const 586 { return output_flags & OUTPUT_FLAG__ALERT_IFACE; } 587 output_no_timestampSnortConfig588 bool output_no_timestamp() const 589 { return output_flags & OUTPUT_FLAG__NO_TIMESTAMP; } 590 line_buffered_loggingSnortConfig591 bool line_buffered_logging() const 592 { return output_flags & OUTPUT_FLAG__LINE_BUFFER; } 593 output_wide_hexSnortConfig594 bool output_wide_hex() const 595 { return output_flags & OUTPUT_FLAG__WIDE_HEX; } 596 alert_refsSnortConfig597 bool alert_refs() const 598 { return output_flags & OUTPUT_FLAG__ALERT_REFS; } 599 600 // run flags no_lock_pid_fileSnortConfig601 bool no_lock_pid_file() const 602 { return run_flags & RUN_FLAG__NO_LOCK_PID_FILE; } 603 create_pid_fileSnortConfig604 bool create_pid_file() const 605 { return run_flags & RUN_FLAG__CREATE_PID_FILE; } 606 pcap_showSnortConfig607 bool pcap_show() const 608 { return run_flags & RUN_FLAG__PCAP_SHOW; } 609 alert_before_passSnortConfig610 bool alert_before_pass() const 611 { return run_flags & RUN_FLAG__ALERT_BEFORE_PASS; } 612 no_pcreSnortConfig613 bool no_pcre() const 614 { return run_flags & RUN_FLAG__NO_PCRE; } 615 conf_error_outSnortConfig616 bool conf_error_out() const 617 { return run_flags & RUN_FLAG__CONF_ERROR_OUT; } 618 assure_establishedSnortConfig619 bool assure_established() const 620 { return run_flags & RUN_FLAG__ASSURE_EST; } 621 test_featuresSnortConfig622 bool test_features() const 623 { return run_flags & RUN_FLAG__TEST_FEATURES; } 624 625 // other stuff min_ttlSnortConfig626 uint8_t min_ttl() const 627 { return get_network_policy()->min_ttl; } 628 new_ttlSnortConfig629 uint8_t new_ttl() const 630 { return get_network_policy()->new_ttl; } 631 get_pcre_match_limitSnortConfig632 long int get_pcre_match_limit() const 633 { return pcre_match_limit; } 634 get_pcre_match_limit_recursionSnortConfig635 long int get_pcre_match_limit_recursion() const 636 { return pcre_match_limit_recursion; } 637 get_profilerSnortConfig638 const ProfilerConfig* get_profiler() const 639 { return profiler; } 640 get_tagged_packet_limitSnortConfig641 long int get_tagged_packet_limit() const 642 { return tagged_packet_limit; } 643 get_max_attribute_hostsSnortConfig644 uint32_t get_max_attribute_hosts() const 645 { return max_attribute_hosts; } 646 get_max_services_per_hostSnortConfig647 uint32_t get_max_services_per_host() const 648 { return max_attribute_services_per_host; } 649 get_uidSnortConfig650 int get_uid() const 651 { return user_id; } 652 get_gidSnortConfig653 int get_gid() const 654 { return group_id; } 655 get_mpls_agnosticSnortConfig656 bool get_mpls_agnostic() const 657 { return mpls_agnostic; } 658 get_vlan_agnosticSnortConfig659 bool get_vlan_agnostic() const 660 { return vlan_agnostic; } 661 address_space_agnosticSnortConfig662 bool address_space_agnostic() const 663 { return asid_agnostic; } 664 change_privilegesSnortConfig665 bool change_privileges() const 666 { return user_id != -1 || group_id != -1 || !chroot_dir.empty(); } 667 track_on_synSnortConfig668 bool track_on_syn() const 669 { return (run_flags & RUN_FLAG__TRACK_ON_SYN) != 0; } 670 ip_frags_onlySnortConfig671 bool ip_frags_only() const 672 { return (run_flags & RUN_FLAG__IP_FRAGS_ONLY) != 0; } 673 clear_run_flagsSnortConfig674 void clear_run_flags(RunFlag flag) 675 { run_flags &= ~flag; } 676 set_run_flagsSnortConfig677 void set_run_flags(RunFlag flag) 678 { run_flags |= flag; } 679 get_reload_resource_tunersSnortConfig680 const std::list<ReloadResourceTuner*>& get_reload_resource_tuners() const 681 { return reload_tuners; } 682 683 void clear_reload_resource_tuner_list(); 684 685 void update_reload_id(); 686 687 bool get_default_rule_state() const; 688 689 ConfigOutput* create_config_output() const; 690 691 SO_PUBLIC bool tunnel_bypass_enabled(uint16_t proto) const; 692 693 // FIXIT-L snort_conf needed for static hash before initialized static_hashSnortConfig694 static bool static_hash() 695 { return get_conf() && get_conf()->run_flags & RUN_FLAG__STATIC_HASH; } 696 697 // This requests an entry in the scratch space vector and calls setup / 698 // cleanup as appropriate 699 SO_PUBLIC static int request_scratch(ScratchAllocator*); 700 SO_PUBLIC static void release_scratch(int); 701 702 // runtime access to const config - especially for packet threads 703 // prefer access via packet->context->conf 704 SO_PUBLIC static const SnortConfig* get_conf(); 705 706 // runtime access to mutable config - main thread only, and only special cases 707 SO_PUBLIC static SnortConfig* get_main_conf(); 708 709 static void set_conf(const SnortConfig*); 710 711 SO_PUBLIC void register_reload_resource_tuner(ReloadResourceTuner*); 712 713 static void cleanup_fatal_error(); 714 715 // logging stuff enable_log_syslogSnortConfig716 static void enable_log_syslog() 717 { logging_flags |= LOGGING_FLAG__SYSLOG; } 718 log_syslogSnortConfig719 static bool log_syslog() 720 { return logging_flags & LOGGING_FLAG__SYSLOG; } 721 set_log_quietSnortConfig722 static void set_log_quiet(bool enabled) 723 { 724 if (enabled) 725 logging_flags |= LOGGING_FLAG__QUIET; 726 else 727 logging_flags &= ~LOGGING_FLAG__QUIET; 728 } 729 log_quietSnortConfig730 static bool log_quiet() 731 { return logging_flags & LOGGING_FLAG__QUIET; } 732 enable_log_verboseSnortConfig733 static void enable_log_verbose() 734 { logging_flags |= LOGGING_FLAG__VERBOSE; } 735 log_verboseSnortConfig736 static bool log_verbose() 737 { return logging_flags & LOGGING_FLAG__VERBOSE; } 738 enable_log_show_pluginsSnortConfig739 static void enable_log_show_plugins() 740 { logging_flags |= LOGGING_FLAG__SHOW_PLUGINS; } 741 log_show_pluginsSnortConfig742 static bool log_show_plugins() 743 { return logging_flags & LOGGING_FLAG__SHOW_PLUGINS; } 744 }; 745 } 746 747 #endif 748