1 /*
2  *  Copyright (c) 2020, Peter Haag
3  *  All rights reserved.
4  *
5  *  Redistribution and use in source and binary forms, with or without
6  *  modification, are permitted provided that the following conditions are met:
7  *
8  *   * Redistributions of source code must retain the above copyright notice,
9  *     this list of conditions and the following disclaimer.
10  *   * Redistributions in binary form must reproduce the above copyright notice,
11  *     this list of conditions and the following disclaimer in the documentation
12  *     and/or other materials provided with the distribution.
13  *   * Neither the name of the author nor the names of its contributors may be
14  *     used to endorse or promote products derived from this software without
15  *     specific prior written permission.
16  *
17  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
18  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
21  *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24  *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25  *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26  *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27  *  POSSIBILITY OF SUCH DAMAGE.
28  *
29  */
30 
31 #ifndef _FILTER_H
32 #define _FILTER_H 1
33 
34 #include "config.h"
35 
36 #include <sys/types.h>
37 #ifdef HAVE_STDINT_H
38 #include <stdint.h>
39 #endif
40 
41 #include "rbtree.h"
42 
43 #define NSEL_EVENT_IGNORE 0LL
44 #define NSEL_EVENT_CREATE 1LL
45 #define NSEL_EVENT_DELETE 2LL
46 #define NSEL_EVENT_DENIED 3LL
47 #define NSEL_EVENT_ALERT  4LL
48 #define NSEL_EVENT_UPDATE 5LL
49 
50 #define NEL_EVENT_INVALID 0LL
51 #define NEL_EVENT_ADD	  1LL
52 #define NEL_EVENT_DELETE  2LL
53 
54 /*
55  * Definitions
56  */
57 enum { CMP_EQ = 0, CMP_GT, CMP_LT, CMP_IDENT, CMP_FLAGS, CMP_IPLIST, CMP_ULLIST };
58 
59 /*
60  * filter functions:
61  * For some filter functions, netflow records need to be processed first in order to filter them
62  * This involves all data not directly available in the netflow record, such as packets per second etc.
63  * Filter speed is a bit slower due to extra netflow processsing
64  * The sequence of the enum values must correspond with the entries in the flow_procs array
65  */
66 
67 enum { 	FUNC_NONE = 0,	/* no function - just plain filtering - just to be complete here */
68 		FUNC_PPS,		/* function code for pps ( packet per second ) filter function */
69 		FUNC_BPS,		/* function code for bps ( bits per second ) filter function */
70 		FUNC_BPP,		/* function code for bpp ( bytes per packet ) filter function */
71 		FUNC_DURATION,	/* function code for duration ( in miliseconds ) filter function */
72 		FUNC_MPLS_EOS,	/* function code for matching End of MPLS Stack label */
73 		FUNC_MPLS_ANY,	/* function code for matching any MPLS label */
74 		FUNC_PBLOCK		/* function code for matching ports against pblock start */
75 };
76 
77 typedef struct FilterParam {
78 	uint16_t	comp;
79 	uint16_t	direction;
80 	uint32_t	data;
81 	uint32_t	inout;
82 	uint32_t	acl;
83 	uint32_t	self;
84 } FilterParam_t;
85 
86 /* Definition of the IP list node */
87 struct IPListNode {
88 	RB_ENTRY(IPListNode) entry;
89 	uint64_t	ip[2];
90 	uint64_t	mask[2];
91 };
92 
93 /* Definition of the port/AS list node */
94 struct ULongListNode {
95 	RB_ENTRY(ULongListNode) entry;
96 	uint64_t	value;
97 };
98 
99 /* IP tree type */
100 typedef RB_HEAD(IPtree, IPListNode) IPlist_t;
101 
102 /* Port/AS tree type */
103 typedef RB_HEAD(ULongtree, ULongListNode) ULongtree_t;
104 
105 // Insert the RB prototypes here
106 RB_PROTOTYPE(IPtree, IPListNode, entry, IPNodeCMP);
107 
108 RB_PROTOTYPE(ULongtree, ULongListNode, entry, ULNodeCMP);
109 
110 /* parser/scanner prototypes */
111 int yyparse(void);
112 
113 int yylex(void);
114 
115 void lex_cleanup(void);
116 
117 void lex_init(char *buf);
118 
119 int ScreenIdentString(char *string);
120 
121 /*
122  * Returns next free slot in blocklist
123  */
124 uint32_t NewBlock(uint32_t offset, uint64_t mask, uint64_t value, uint16_t comp, uint32_t function, void *data);
125 
126 /*
127  * Connects the to blocks b1 and b2 ( AND ) and returns index of superblock
128  */
129 uint32_t Connect_AND(uint32_t b1, uint32_t b2);
130 
131 /*
132  * Connects the to blocks b1 and b2 ( OR ) and returns index of superblock
133  */
134 uint32_t Connect_OR(uint32_t b1, uint32_t b2);
135 
136 /*
137  * Inverts OnTrue and OnFalse
138  */
139 uint32_t Invert(uint32_t a );
140 
141 /*
142  * Add label to filter index
143  */
144 void AddLabel(uint32_t index, char *label);
145 
146 /*
147  * Add Ident to Identlist
148  */
149 uint32_t AddIdent(char *Ident);
150 
151 #endif //_FILTER_H
152