1 /****************************************************************************
2  * Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3  * Copyright (C) 2008-2013 Sourcefire, Inc.
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License Version 2 as
7  * published by the Free Software Foundation.  You may not use, modify or
8  * distribute this program under any other version of the GNU General
9  * Public License.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
19  *
20  ****************************************************************************/
21 
22 #ifndef _SF_POLICY_H_
23 #define _SF_POLICY_H_
24 
25 #include "sf_ip.h"
26 #include "ipv6_port.h"
27 #include "sfrt.h"
28 #include "snort_debug.h"
29 
30 /**Number of additional policies allocated with each re-alloc operation. */
31 #define POLICY_ALLOCATION_CHUNK 10
32 #define SF_VLAN_BINDING_MAX 4096
33 #define SF_POLICY_ID_BINDING_MAX 4096
34 #define SF_NETWORK_BINDING_MAX 4096
35 #define SF_POLICY_UNBOUND 0xffffffff
36 #define SF_DEFAULT_POLICY_ID 0
37 
38 /*vlan id or address range is reduced to policy id. and subsequent processing is done using policy id only. */
39 
40 typedef struct
41 {
42     /**number of vlans which are member of this group. When membership falls to 0, then this group should be deleted.
43      */
44     unsigned int refCount;
45     char *filename;
46     unsigned int isConfigProcessed:1;
47 
48 } tSfPolicy;
49 
50 typedef enum {
51     SF_BINDING_TYPE_VLAN,
52     SF_BINDING_TYPE_NETWORK,
53     SF_BINDING_TYPE_POLICY_ID,
54     SF_BINDING_TYPE_UNKNOWN
55 } tSF_BINDING_TYPE;
56 
57 typedef unsigned int tSfPolicyId;
58 
59 typedef struct
60 {
61     /**group id assigned to each file name. The groupId is an abstract concept
62      * to tie multiple vlans into one group. */
63     tSfPolicy **ppPolicies;
64     tSfPolicyId defaultPolicyId;
65     /**policy id of configuration file or packet being processed. */
66     tSfPolicyId numAllocatedPolicies;
67     unsigned int numActivePolicies;
68     /**vlan to policyId bindings. */
69     tSfPolicyId vlanBindings[SF_VLAN_BINDING_MAX];
70     /**policyId to policyId bindings. */
71     tSfPolicyId policyIdBindings[SF_POLICY_ID_BINDING_MAX];
72     /**Network to policyId bindings. */
73     table_t *netBindTable;
74 
75 } tSfPolicyConfig;
76 
77 tSfPolicyConfig * sfPolicyInit(
78     void
79     );
80 void sfPolicyFini(
81     tSfPolicyConfig *
82     );
83 int sfPolicyAdd(
84     tSfPolicyConfig *,
85     char *
86     );
87 void sfPolicyDelete(
88     tSfPolicyConfig *,
89     tSfPolicyId
90     );
91 char * sfPolicyGet(
92     tSfPolicyConfig *,
93     tSfPolicyId
94     );
95 int sfVlanAddBinding(
96     tSfPolicyConfig *,
97     int,
98     char *
99     );
100 tSfPolicyId sfVlanGetBinding(
101     tSfPolicyConfig *,
102     int
103     );
104 void sfVlanDeleteBinding(
105     tSfPolicyConfig *,
106     int
107     );
108 int sfPolicyIdAddBinding(
109     tSfPolicyConfig *,
110     int,
111     char *
112     );
113 tSfPolicyId sfPolicyIdGetBinding(
114     tSfPolicyConfig *,
115     int
116     );
117 void sfPolicyIdDeleteBinding(
118     tSfPolicyConfig *,
119     int
120     );
121 unsigned int sfGetApplicablePolicyId(
122     tSfPolicyConfig *,
123     int,
124     sfaddr_t*,
125     sfaddr_t*
126     );
127 int sfNetworkAddBinding(
128     tSfPolicyConfig *,
129     sfcidr_t *,
130     char *
131     );
132 unsigned int sfNetworkGetBinding(
133     tSfPolicyConfig *,
134     sfaddr_t*
135     );
136 void sfNetworkDeleteBinding(
137     tSfPolicyConfig *,
138     sfaddr_t*
139     );
140 
sfGetDefaultPolicy(tSfPolicyConfig * config)141 static inline tSfPolicyId sfGetDefaultPolicy(
142     tSfPolicyConfig *config
143     )
144 {
145     if (config == NULL)
146         return 0;
147 
148     return config->defaultPolicyId;
149 }
150 
sfSetDefaultPolicy(tSfPolicyConfig * config,tSfPolicyId policyId)151 static inline void sfSetDefaultPolicy(
152     tSfPolicyConfig *config,
153     tSfPolicyId policyId
154     )
155 {
156     if ((config == NULL) || (policyId >= config->numAllocatedPolicies))
157         return;
158 
159     config->defaultPolicyId = policyId;
160 }
161 
sfPolicyNumAllocated(tSfPolicyConfig * config)162 static inline tSfPolicyId sfPolicyNumAllocated(
163     tSfPolicyConfig *config
164     )
165 {
166     if (config == NULL)
167         return 0;
168 
169     return config->numAllocatedPolicies;
170 }
171 
172 /*dynamic array functions */
173 int sfDynArrayCheckBounds (
174         void ** dynArray,
175         unsigned int index,
176         unsigned int *maxElements
177         );
178 
179 typedef tSfPolicyId (*GetPolicyFunc)(void);
180 struct _SnortConfig;
181 typedef tSfPolicyId (*GetParserPolicyFunc)(struct _SnortConfig *);
182 
183 #endif
184