1 /*
2 ** Copyright (C) 2008-2013 Ian Firns (SecurixLive) <dev@securixlive.com>
3 **
4 ** Copyright (C) 2005-2009 Sourcefire, Inc.
5 ** Copyright (C) 1998-2005 Martin Roesch <roesch@sourcefire.com>
6 **
7 ** This program is free software; you can redistribute it and/or modify
8 ** it under the terms of the GNU General Public License Version 2 as
9 ** published by the Free Software Foundation. You may not use, modify or
10 ** distribute this program under any other version of the GNU General
11 ** Public License.
12 **
13 ** This program is distributed in the hope that it will be useful,
14 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
15 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 ** GNU General Public License for more details.
17 **
18 ** You should have received a copy of the GNU General Public License
19 ** along with this program; if not, write to the Free Software
20 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 */
22
23 /*
24 ** Description:
25 ** A dedicated snort unified2 log file parser
26 **
27 ** Author(s):
28 ** firnsy <firnsy@securixlive.com>
29 ** SecurixLive.com Team <dev@securixlive.com>
30 **
31 ** Comments:
32 ** Foundation is built upon the Snort 2.8.3 codebase (www.snort.org/dl) with
33 ** ideas stolen liberally from:
34 ** 1. the orginal barnyard (A. Baker, M. Roesch)
35 **
36 */
37
38 #ifndef __BARNYARD2_H__
39 #define __BARNYARD2_H__
40
41 #ifdef HAVE_CONFIG_H
42 # include "config.h"
43 #endif
44
45 #include <sys/types.h>
46 #include <pcap.h>
47 #include <stdio.h>
48
49 #include "sfutil/sf_ipvar.h"
50 #include "map.h"
51 #include "sf_types.h"
52 #include "spooler.h"
53
54 /* TODO: check this should live in the plugin */
55 #if defined(HAVE_LIBPRELUDE)
56 # include <pthread.h>
57 #endif
58
59 /* I N C L U D E S **********************************************************/
60
61 /* D E F I N E S ************************************************************/
62 #define PROGRAM_NAME "Barnyard"
63 #define VER_MAJOR "2"
64 #define VER_MINOR "1"
65 #define VER_REVISION "13"
66 #define VER_BUILD "327"
67
68 #define STD_BUF 1024
69
70 #define MAX_PIDFILE_SUFFIX 11 /* uniqueness extension to PID file, see '-R' */
71
72 #ifndef WIN32
73 # define DEFAULT_LOG_DIR "/var/log/barnyard2"
74 # define DEFAULT_DAEMON_ALERT_FILE "barnyard2.alert"
75 #else
76 # define DEFAULT_LOG_DIR "log"
77 # define DEFAULT_DAEMON_ALERT_FILE "log/alert.ids"
78 #endif /* WIN32 */
79
80 #ifdef ACCESSPERMS
81 # define FILEACCESSBITS ACCESSPERMS
82 #else
83 # ifdef S_IAMB
84 # define FILEACCESSBITS S_IAMB
85 # else
86 # define FILEACCESSBITS 0x1FF
87 # endif
88 #endif
89
90 #define TIMEBUF_SIZE 26
91
92
93 #ifndef ULONG_MAX
94 # if __WORDSIZE == 64
95 # define ULONG_MAX 18446744073709551615UL
96 # else
97 # define ULONG_MAX 4294967295UL
98 # endif
99 #endif
100
101 #define DO_IP_CHECKSUMS 0x00000001
102 #define DO_TCP_CHECKSUMS 0x00000002
103 #define DO_UDP_CHECKSUMS 0x00000004
104 #define DO_ICMP_CHECKSUMS 0x00000008
105
106 #define LOG_UNIFIED 0x00000001
107 #define LOG_TCPDUMP 0x00000002
108 #define LOG_UNIFIED2 0x00000004
109
110 #define SIGNAL_SNORT_ROTATE_STATS 28
111 #define SIGNAL_SNORT_CHILD_READY 29
112
113 #define BARNYARD2_SUCCESS 0
114 #define BARNYARD2_EINVAL 1
115 #define BARNYARD2_ENOMEM 2
116 #define BARNYARD2_ENOENT 3
117 #define BARNYARD2_EOPEN 4
118 #define BARNYARD2_ETRUNC 5
119 #define BARNYARD2_ECORRUPT 6
120 #define BARNYARD2_READ_EOF 32
121 #define BARNYARD2_READ_PARTIAL 33
122 #define BARNYARD2_FILE_ERROR 34
123
124 #ifdef MPLS
125 # define MPLS_PAYLOADTYPE_IPV4 1
126 # define MPLS_PAYLOADTYPE_ETHERNET 2
127 # define MPLS_PAYLOADTYPE_IPV6 3
128 # define MPLS_PAYLOADTYPE_ERROR -1
129 # define DEFAULT_MPLS_PAYLOADTYPE MPLS_PAYLOADTYPE_IPV4
130 # define DEFAULT_LABELCHAIN_LENGTH -1
131 #endif
132
133
134 /* SIDMAP V2 */
135 #define SIDMAPV2STRING "v2\n"
136 #define SIDMAPV1 0x01
137 #define SIDMAPV2 0x02
138 /* SIDMAP V2 */
139
140
141 /* This macro helps to simplify the differences between Win32 and
142 non-Win32 code when printing out the name of the interface */
143 #ifndef WIN32
144 # define PRINT_INTERFACE(i) (i ? i : "NULL")
145 //#else
146 //# define PRINT_INTERFACE(i) print_interface(i)
147 #endif
148
149 /* D A T A S T R U C T U R E S *********************************************/
150 typedef struct _VarEntry
151 {
152 char *name;
153 char *value;
154 unsigned char flags;
155 struct _VarEntry *prev;
156 struct _VarEntry *next;
157
158 } VarEntry;
159
160 /* GetoptLong Option numbers ********************/
161 typedef enum _GetOptLongIds
162 {
163 PID_PATH = 1,
164
165 ARG_RESTART,
166 CREATE_PID_FILE,
167 PROCESS_ALL_EVENTS,
168 NOLOCK_PID_FILE,
169
170 NO_LOGGING_TIMESTAMPS,
171
172 #define EXIT_CHECK // allow for rollback for now
173 #ifdef EXIT_CHECK
174 ARG_EXIT_CHECK,
175 #endif
176
177 DETECTION_SEARCH_METHOD,
178 CONF_ERROR_OUT,
179 DISABLE_ALERT_ON_EACH_PACKET_IN_STREAM,
180 ALERT_ON_EACH_PACKET_IN_STREAM,
181 EVENT_CACHE_SIZE,
182
183 #ifdef MPLS
184 MAX_MPLS_LABELCHAIN_LEN,
185 MPLS_PAYLOAD_TYPE,
186 #endif
187
188 GET_OPT_LONG_IDS_MAX
189 } GetOptLongIds;
190
191 typedef struct _InputConfig
192 {
193 char *keyword;
194 char *opts;
195 char *file_name;
196 int file_line;
197 struct _InputConfig *next;
198
199 } InputConfig;
200
201 typedef struct _OutputConfig
202 {
203 char *keyword;
204 char *opts;
205 char *file_name;
206 int file_line;
207 struct _OutputConfig *next;
208
209 } OutputConfig;
210
211 typedef enum _PathType
212 {
213 PATH_TYPE__FILE,
214 PATH_TYPE__DIRECTORY
215
216 } PathType;
217
218 typedef enum _RunMode
219 {
220 /* -V */
221 RUN_MODE__VERSION = 1,
222
223 /* neither of the above and barnyard2.conf presence (-c or implicit) */
224 RUN_MODE__CONTINUOUS,
225
226 RUN_MODE__BATCH,
227
228 /* barnyard2.conf presence and -T */
229 RUN_MODE__TEST,
230 } RunMode;
231
232
233 typedef enum _RunModeFlag
234 {
235 /* -V */
236 RUN_MODE_FLAG__VERSION = 0x00000001,
237
238 /* neither of the above and snort.conf presence (-c or implicit) */
239 RUN_MODE_FLAG__CONTINUOUS = 0x00000004,
240
241 RUN_MODE_FLAG__BATCH = 0x00000008,
242
243 /* barnyard2.conf presence and -T */
244 RUN_MODE_FLAG__TEST = 0x00000010,
245
246 } RunModeFlag;
247
248 typedef enum _RunFlag
249 {
250 RUN_FLAG__READ = 0x00000001, /* -r --pcap-dir, etc. */
251 RUN_FLAG__DAEMON = 0x00000002, /* -D */
252 RUN_FLAG__DAEMON_RESTART = 0x00000004, /* --restart */
253 RUN_FLAG__CREATE_PID_FILE = 0x00000040, /* --pid-path and --create-pidfile */
254 RUN_FLAG__NO_LOCK_PID_FILE = 0x00000080, /* --nolock-pidfile */
255 RUN_FLAG__CONF_ERROR_OUT = 0x00000400, /* -x and --conf-error-out */
256
257 #if defined(WIN32) && defined(ENABLE_WIN32_SERVICE)
258 ,RUN_FLAG__TERMINATE_SERVICE = 0x04000000,
259 RUN_FLAG__PAUSE_SERVICE = 0x08000000
260 #endif
261
262 } RunFlag;
263
264 typedef enum _OutputFlag
265 {
266 OUTPUT_FLAG__LINE_BUFFER = 0x00000001, /* -f */
267 OUTPUT_FLAG__VERBOSE_DUMP = 0x00000002, /* -X */
268 OUTPUT_FLAG__CHAR_DATA = 0x00000004, /* -C */
269 OUTPUT_FLAG__APP_DATA = 0x00000008, /* -d */
270 OUTPUT_FLAG__SHOW_DATA_LINK = 0x00000010, /* -e */
271 #ifndef NO_NON_ETHER_DECODER
272 OUTPUT_FLAG__SHOW_WIFI_MGMT = 0x00000020, /* -w */
273 #endif
274 OUTPUT_FLAG__USE_UTC = 0x00000040, /* -U */
275 OUTPUT_FLAG__INCLUDE_YEAR = 0x00000080, /* -y */
276
277 /* Note using this alters the packet - can't be used inline */
278 OUTPUT_FLAG__OBFUSCATE = 0x00000100, /* -B */
279
280 OUTPUT_FLAG__ALERT_IFACE = 0x00000200, /* -I */
281 OUTPUT_FLAG__NO_TIMESTAMP = 0x00000400, /* --nostamps */
282 OUTPUT_FLAG__ALERT_PKT_CNT = 0x00000800, /* -A packet-count */
283 /* XXX XXX pv.outputVidInAlerts */
284 OUTPUT_FLAG__ALERT_VLAN = 0x00001000 /* config include_vlan_in_alerts */
285
286 } OutputFlag;
287
288 typedef enum _LoggingFlag
289 {
290 LOGGING_FLAG__VERBOSE = 0x00000001, /* -v */
291 LOGGING_FLAG__QUIET = 0x00000002, /* -q */
292 LOGGING_FLAG__SYSLOG = 0x00000004 /* -M */
293 #ifdef WIN32
294 ,LOGGING_FLAG__SYSLOG_REMOTE = 0x00000008 /* -s and -E */
295 #endif
296
297 } LoggingFlag;
298
299 typedef struct _VarNode
300 {
301 char *name;
302 char *value;
303 char *line;
304 struct _VarNode *next;
305
306 } VarNode;
307
308
309 /* struct to contain the program variables and command line args */
310 typedef struct _Barnyard2Config
311 {
312 /* Does not need cleanup */
313 RunMode run_mode;
314 int checksums_mode;
315 char ignore_ports[0x10000];
316 int run_mode_flags;
317 int run_flags;
318 int output_flags;
319 int logging_flags;
320 int thiszone;
321 int quiet_flag;
322 int verbose_flag;
323 int verbose_bytedump_flag;
324 int show2hdr_flag;
325 int char_data_flag;
326 int data_flag;
327 int obfuscation_flag;
328 int alert_on_each_packet_in_stream_flag;
329
330 int logtosyslog_flag;
331 int test_mode_flag;
332
333 int use_utc;
334 int include_year;
335
336 int line_buffer_flag;
337 char nostamp;
338 int user_id;
339 int group_id;
340 mode_t file_mask;
341
342 /* -h and -B */
343 #ifdef SUP_IP6
344 sfip_t homenet;
345 sfip_t obfuscation_net;
346 #else
347 u_long homenet;
348 u_long netmask;
349 uint32_t obfuscation_net;
350 uint32_t obfuscation_mask;
351 #endif
352
353 #ifdef MPLS
354 uint8_t mpls_payload_type; /* --mpls_payload_type */
355 long int mpls_stack_depth; /* --max_mpls_labelchain_len */
356 #endif
357
358 /* batch mode options */
359 int batch_mode_flag;
360 int batch_total_files;
361
362
363 /* continual mode options */
364 int process_new_records_only_flag;
365 Waldo waldo;
366
367 int daemon_flag;
368 int daemon_restart_flag;
369
370 /* runtime parameters */
371 char pid_filename[STD_BUF];
372 char pid_path[STD_BUF]; /* --pid-path or config pidpath */
373 char pidfile_suffix[MAX_PIDFILE_SUFFIX+1]; /* room for a null */
374 char create_pid_file;
375 char nolock_pid_file;
376 int done_processing;
377 int restart_flag;
378 int print_version;
379 int usr_signal;
380 int cant_hup_signal;
381 unsigned int event_cache_size;
382 uint8_t verbose; /* -v */
383 uint8_t localtime;
384
385 /* Need to be handled by Barnyard2ConfFree() */
386
387 VarEntry *var_table;
388 #ifdef SUP_IP6
389 vartable_t *ip_vartable;
390 #endif
391 SigSuppress_list *ssHead;
392
393 ClassType *classifications;
394 ReferenceSystemNode *references;
395 SigNode *sigHead; /* Signature list Head */
396
397 /* plugin active flags*/
398 InputConfig *input_configs;
399 OutputConfig *output_configs;
400 PluginSignalFuncNode *plugin_post_config_funcs;
401
402 char *config_file; /* -c */
403 char *config_dir;
404 char *hostname; /* -h or config hostname */
405 char *interface; /* -i or config interface */
406
407 char *class_file; /* -C or config class_map */
408 char *sid_msg_file; /* -S or config sid_map */
409 short sidmap_version; /* Set by ReadSidFile () */
410 char *gen_msg_file; /* -G or config gen_map */
411
412 char *reference_file; /* -R or config reference_map */
413 char *log_dir; /* -l or config log_dir */
414 char *orig_log_dir; /* set in case of chroot */
415 char *chroot_dir; /* -t or config chroot */
416
417 char *bpf_filter; /* config bpf_filter */
418 char **batch_filelist;
419 char *archive_dir;
420
421 Spooler *spooler; /* Used to know if we need to call spoolerClose */
422
423 } Barnyard2Config;
424
425 /* struct to collect packet statistics */
426 typedef struct _PacketCount
427 {
428 uint64_t total_records;
429 uint64_t total_events;
430 uint64_t total_packets;
431 uint64_t total_processed;
432 uint64_t total_unknown;
433 uint64_t total_suppressed;
434
435 uint64_t s5tcp1;
436 uint64_t s5tcp2;
437 uint64_t ipv6opts;
438 uint64_t eth;
439 uint64_t ethdisc;
440 uint64_t ipv6disc;
441 uint64_t ip6ext;
442 uint64_t other;
443 uint64_t tcp;
444 uint64_t udp;
445 uint64_t icmp;
446 uint64_t arp;
447 #ifndef NO_NON_ETHER_DECODER
448 uint64_t eapol;
449 #endif
450 uint64_t vlan;
451 uint64_t nested_vlan;
452 uint64_t ipv6;
453 uint64_t ipv6_up;
454 uint64_t ipv6_upfail;
455 uint64_t frag6;
456 uint64_t icmp6;
457 uint64_t tdisc;
458 uint64_t udisc;
459 uint64_t tcp6;
460 uint64_t udp6;
461 uint64_t ipdisc;
462 uint64_t icmpdisc;
463 uint64_t embdip;
464 uint64_t ip;
465 uint64_t ipx;
466 uint64_t ethloopback;
467
468 uint64_t invalid_checksums;
469
470 #ifdef GRE
471 uint64_t ip4ip4;
472 uint64_t ip4ip6;
473 uint64_t ip6ip4;
474 uint64_t ip6ip6;
475
476 uint64_t gre;
477 uint64_t gre_ip;
478 uint64_t gre_eth;
479 uint64_t gre_arp;
480 uint64_t gre_ipv6;
481 uint64_t gre_ipv6ext;
482 uint64_t gre_ipx;
483 uint64_t gre_loopback;
484 uint64_t gre_vlan;
485 uint64_t gre_ppp;
486 #endif
487
488 uint64_t discards;
489 uint64_t alert_pkts;
490 uint64_t log_pkts;
491 uint64_t pass_pkts;
492
493 uint64_t frags; /* number of frags that have come in */
494 uint64_t frag_trackers; /* number of tracking structures generated */
495 uint64_t rebuilt_frags; /* number of packets rebuilt */
496 uint64_t frag_incomp; /* number of frags cleared due to memory issues */
497 uint64_t frag_timeout; /* number of frags cleared due to timeout */
498 uint64_t rebuild_element; /* frags that were element of rebuilt pkt */
499 uint64_t frag_mem_faults; /* number of times the memory cap was hit */
500
501 uint64_t tcp_stream_pkts; /* number of packets tcp reassembly touches */
502 uint64_t rebuilt_tcp; /* number of phoney tcp packets generated */
503 uint64_t tcp_streams; /* number of tcp streams created */
504 uint64_t rebuilt_segs; /* number of tcp segments used in rebuilt pkts */
505 uint64_t queued_segs; /* number of tcp segments stored for rebuilt pkts */
506 uint64_t str_mem_faults; /* number of times the stream memory cap was hit */
507
508 #ifndef NO_NON_ETHER_DECODER
509 #ifdef DLT_IEEE802_11
510 /* wireless statistics */
511 uint64_t wifi_mgmt;
512 uint64_t wifi_data;
513 uint64_t wifi_control;
514 uint64_t assoc_req;
515 uint64_t assoc_resp;
516 uint64_t reassoc_req;
517 uint64_t reassoc_resp;
518 uint64_t probe_req;
519 uint64_t probe_resp;
520 uint64_t beacon;
521 uint64_t atim;
522 uint64_t dissassoc;
523 uint64_t auth;
524 uint64_t deauth;
525 uint64_t ps_poll;
526 uint64_t rts;
527 uint64_t cts;
528 uint64_t ack;
529 uint64_t cf_end;
530 uint64_t cf_end_cf_ack;
531 uint64_t data;
532 uint64_t data_cf_ack;
533 uint64_t data_cf_poll;
534 uint64_t data_cf_ack_cf_poll;
535 uint64_t cf_ack;
536 uint64_t cf_poll;
537 uint64_t cf_ack_cf_poll;
538 #endif
539 #endif // NO_NON_ETHER_DECODER
540
541 #ifdef MPLS
542 uint64_t mpls;
543 #endif
544 } PacketCount;
545
546 typedef struct _SnortPacketHeader
547 {
548 struct timeval ts;
549 uint32_t caplen;
550 uint32_t pktlen;
551 } SnortPacketHeader;
552
553 /* E X T E R N S ************************************************************/
554 extern Barnyard2Config *barnyard2_conf;
555 extern int datalink; /* the datalink value */
556 extern PacketCount pc; /* packet count information */
557 extern char **protocol_names;
558
559
560 extern char *progname; /* name of the program (from argv[0]) */
561 extern char **progargs;
562 extern char *username;
563 extern char *groupname;
564 extern struct passwd *pw;
565 extern struct group *gr;
566
567 extern u_int snaplen;
568 extern int exit_signal;
569
570 extern Barnyard2Config *barnyard2_conf_for_parsing;
571
572 /* P R O T O T Y P E S ******************************************************/
573 Barnyard2Config * Barnyard2ConfNew(void);
574
575 int Barnyard2Main(int argc, char *argv[]);
576 int Barnyard2Sleep(unsigned int);
577 int SignalCheck(void);
578
579 void CleanExit(int);
580 void SigCantHupHandler(int signal);
581 void FreeVarList(VarNode *);
582 void Barnyard2ConfFree(Barnyard2Config *);
583 void CleanupPreprocessors(Barnyard2Config *);
584 void CleanupPlugins(Barnyard2Config *);
585
586
BcTestMode(void)587 static INLINE int BcTestMode(void)
588 {
589 return barnyard2_conf->run_mode == RUN_MODE__TEST;
590 }
591
BcContinuousMode(void)592 static INLINE int BcContinuousMode(void)
593 {
594 return barnyard2_conf->run_mode == RUN_MODE__CONTINUOUS;
595 }
596
BcBatchMode(void)597 static INLINE int BcBatchMode(void)
598 {
599 return barnyard2_conf->run_mode == RUN_MODE__BATCH;
600 }
601
BcVersionMode(void)602 static INLINE int BcVersionMode(void)
603 {
604 return barnyard2_conf->run_mode == RUN_MODE__VERSION;
605 }
606
BcDaemonMode(void)607 static INLINE int BcDaemonMode(void)
608 {
609 return barnyard2_conf->run_flags & RUN_FLAG__DAEMON;
610 }
611
BcDaemonRestart(void)612 static INLINE int BcDaemonRestart(void)
613 {
614 return barnyard2_conf->run_flags & RUN_FLAG__DAEMON_RESTART;
615 }
616
BcLogSyslog(void)617 static INLINE int BcLogSyslog(void)
618 {
619 return barnyard2_conf->logging_flags & LOGGING_FLAG__SYSLOG;
620 }
621
BcAlertOnEachPacketInStream(void)622 static INLINE int BcAlertOnEachPacketInStream(void)
623 {
624 return barnyard2_conf->alert_on_each_packet_in_stream_flag;
625 }
626
BcAlertInterface(void)627 static INLINE int BcAlertInterface(void)
628 {
629 return barnyard2_conf->output_flags & OUTPUT_FLAG__ALERT_IFACE;
630 }
631
632 #ifdef WIN32
BcLogSyslogRemote(void)633 static INLINE int BcLogSyslogRemote(void)
634 {
635 return barnyard2_conf->logging_flags & LOGGING_FLAG__SYSLOG_REMOTE;
636 }
637 #endif
638
BcLogVerbose(void)639 static INLINE int BcLogVerbose(void)
640 {
641 return barnyard2_conf->logging_flags & LOGGING_FLAG__VERBOSE;
642 }
643
BcLogQuiet(void)644 static INLINE int BcLogQuiet(void)
645 {
646 return barnyard2_conf->logging_flags & LOGGING_FLAG__QUIET;
647 }
648
BcConfErrorOut(void)649 static INLINE int BcConfErrorOut(void)
650 {
651 return barnyard2_conf->run_flags & RUN_FLAG__CONF_ERROR_OUT;
652 }
653
BcOutputIncludeYear(void)654 static INLINE int BcOutputIncludeYear(void)
655 {
656 return barnyard2_conf->output_flags & OUTPUT_FLAG__INCLUDE_YEAR;
657 }
658
BcOutputUseUtc(void)659 static INLINE int BcOutputUseUtc(void)
660 {
661 return barnyard2_conf->output_flags & OUTPUT_FLAG__USE_UTC;
662 }
663
BcOutputDataLink(void)664 static INLINE int BcOutputDataLink(void)
665 {
666 return barnyard2_conf->output_flags & OUTPUT_FLAG__SHOW_DATA_LINK;
667 }
668
BcProcessNewRecordsOnly(void)669 static INLINE int BcProcessNewRecordsOnly(void)
670 {
671 return barnyard2_conf->process_new_records_only_flag;
672 }
673
BcVerboseByteDump(void)674 static INLINE int BcVerboseByteDump(void)
675 {
676 return barnyard2_conf->output_flags & OUTPUT_FLAG__VERBOSE_DUMP;
677 }
678
BcObfuscate(void)679 static INLINE int BcObfuscate(void)
680 {
681 return barnyard2_conf->output_flags & OUTPUT_FLAG__OBFUSCATE;
682 }
683
BcOutputAppData(void)684 static INLINE int BcOutputAppData(void)
685 {
686 return barnyard2_conf->output_flags & OUTPUT_FLAG__APP_DATA;
687 }
688
BcOutputCharData(void)689 static INLINE int BcOutputCharData(void)
690 {
691 return barnyard2_conf->output_flags & OUTPUT_FLAG__CHAR_DATA;
692 }
693
BcNoOutputTimestamp(void)694 static INLINE int BcNoOutputTimestamp(void)
695 {
696 return barnyard2_conf->output_flags & OUTPUT_FLAG__NO_TIMESTAMP;
697 }
698
BcLineBufferedLogging(void)699 static INLINE int BcLineBufferedLogging(void)
700 {
701 return barnyard2_conf->output_flags & OUTPUT_FLAG__LINE_BUFFER;
702 }
703
BcNoLockPidFile(void)704 static INLINE int BcNoLockPidFile(void)
705 {
706 return barnyard2_conf->run_flags & RUN_FLAG__NO_LOCK_PID_FILE;
707 }
708
BcCreatePidFile(void)709 static INLINE int BcCreatePidFile(void)
710 {
711 return barnyard2_conf->run_flags & RUN_FLAG__CREATE_PID_FILE;
712 }
713
714 #if defined(WIN32) && defined(ENABLE_WIN32_SERVICE)
BcTerminateService(void)715 static INLINE int BcTerminateService(void)
716 {
717 return barnyard2_conf->run_flags & RUN_FLAG__TERMINATE_SERVICE;
718 }
719
BcPauseService(void)720 static INLINE int BcPauseService(void)
721 {
722 return barnyard2_conf->run_flags & RUN_FLAG__PAUSE_SERVICE;
723 }
724 #endif
725
BcUid(void)726 static INLINE int BcUid(void)
727 {
728 return barnyard2_conf->user_id;
729 }
730
BcGid(void)731 static INLINE int BcGid(void)
732 {
733 return barnyard2_conf->group_id;
734 }
735
BcArchiveDir(void)736 static INLINE const char * BcArchiveDir(void)
737 {
738 return barnyard2_conf->archive_dir;
739 }
740
741 #ifdef MPLS
BcMplsStackDepth(void)742 static INLINE long int BcMplsStackDepth(void)
743 {
744 return barnyard2_conf->mpls_stack_depth;
745 }
746
BcMplsPayloadType(void)747 static INLINE long int BcMplsPayloadType(void)
748 {
749 return barnyard2_conf->mpls_payload_type;
750 }
751
752 #endif
753
BcSidMapVersion(void)754 static INLINE short BcSidMapVersion(void)
755 {
756 return barnyard2_conf->sidmap_version;
757 }
758
BcGetSigNodeHead(void)759 static INLINE SigNode ** BcGetSigNodeHead(void)
760 {
761 return &barnyard2_conf->sigHead;
762 }
763
BcGetConfig(void)764 static INLINE Barnyard2Config * BcGetConfig(void)
765 {
766 return barnyard2_conf;
767 }
768
BcGetSourceFile(u_int8_t source_file)769 static INLINE char * BcGetSourceFile(u_int8_t source_file)
770 {
771 switch(source_file)
772 {
773
774 case SOURCE_SID_MSG:
775 return barnyard2_conf->sid_msg_file;
776 break;
777
778
779 case SOURCE_GEN_MSG:
780 return barnyard2_conf->gen_msg_file;
781 break;
782
783 default:
784 return "UKNOWN FILE\n";
785 break;
786 }
787 }
788
BCGetSigSuppressHead(void)789 static INLINE SigSuppress_list ** BCGetSigSuppressHead(void)
790 {
791 return &barnyard2_conf->ssHead;
792 }
793
SigSuppressCount(void)794 static INLINE void SigSuppressCount(void)
795 {
796 pc.total_suppressed++;
797 return;
798 }
799
800
801 #endif /* __BARNYARD2_H__ */
802