1 /* $Id$ */ 2 /* 3 ** Copyright (C) 2002-2009 Sourcefire, Inc. 4 ** Copyright (C) 2002 Martin Roesch <roesch@sourcefire.com> 5 ** 6 ** This program is free software; you can redistribute it and/or modify 7 ** it under the terms of the GNU General Public License Version 2 as 8 ** published by the Free Software Foundation. You may not use, modify or 9 ** distribute this program under any other version of the GNU General 10 ** Public License. 11 ** 12 ** This program is distributed in the hope that it will be useful, 13 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 14 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 ** GNU General Public License for more details. 16 ** 17 ** You should have received a copy of the GNU General Public License 18 ** along with this program; if not, write to the Free Software 19 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 20 */ 21 22 23 #ifndef __UTIL_H__ 24 #define __UTIL_H__ 25 26 #define TIMEBUF_SIZE 26 27 28 #include <sys/time.h> 29 #include <sys/types.h> 30 31 #ifdef HAVE_CONFIG_H 32 #include "config.h" 33 #endif 34 35 36 #include "sf_types.h" 37 38 /* specifies that a function does not return 39 * used for quieting Visual Studio warnings */ 40 #ifdef _MSC_VER 41 # if _MSC_VER >= 1400 42 # define NORETURN __declspec(noreturn) 43 # else 44 # define NORETURN 45 # endif 46 #else 47 # define NORETURN 48 #endif 49 50 #define SNORT_SNPRINTF_SUCCESS 0 51 #define SNORT_SNPRINTF_TRUNCATION 1 52 #define SNORT_SNPRINTF_ERROR -1 53 54 #define SNORT_STRNCPY_SUCCESS 0 55 #define SNORT_STRNCPY_TRUNCATION 1 56 #define SNORT_STRNCPY_ERROR -1 57 58 #define SNORT_STRNLEN_ERROR -1 59 60 #define SECONDS_PER_DAY 86400 /* number of seconds in a day */ 61 #define SECONDS_PER_HOUR 3600 /* number of seconds in a hour */ 62 #define SECONDS_PER_MIN 60 /* number of seconds in a minute */ 63 64 #define STD_BUF 1024 65 66 #define COPY4(x, y) \ 67 x[0] = y[0]; x[1] = y[1]; x[2] = y[2]; x[3] = y[3]; 68 69 #define COPY16(x,y) \ 70 x[0] = y[0]; x[1] = y[1]; x[2] = y[2]; x[3] = y[3]; \ 71 x[4] = y[4]; x[5] = y[5]; x[6] = y[6]; x[7] = y[7]; \ 72 x[8] = y[8]; x[9] = y[9]; x[10] = y[10]; x[11] = y[11]; \ 73 x[12] = y[12]; x[13] = y[13]; x[14] = y[14]; x[15] = y[15]; 74 75 #define ENCODING_HEX 0 76 #define ENCODING_BASE64 1 77 #define ENCODING_ASCII 2 78 #define DETAIL_FAST 0 79 #define DETAIL_FULL 1 80 81 #ifndef MAX_QUERY_LENGTH 82 #define MAX_QUERY_LENGTH ((65536 * 2) + 4096) /* Lets add some space for payload decoding and query esaping..*/ 83 #endif /* MAX_QUERY_LENGTH */ 84 85 86 87 /* Externs ********************************************************************/ 88 extern uint32_t *netmasks; 89 90 91 /* Data types *****************************************************************/ 92 93 /* Self preservation memory control struct */ 94 typedef struct _SPMemControl 95 { 96 unsigned long memcap; 97 unsigned long mem_usage; 98 void *control; 99 int (*sp_func)(struct _SPMemControl *); 100 101 unsigned long fault_count; 102 103 } SPMemControl; 104 105 typedef struct _PcapPktStats 106 { 107 uint64_t recv; 108 uint64_t drop; 109 uint32_t wrap_recv; 110 uint32_t wrap_drop; 111 112 } PcapPktStats; 113 114 115 typedef struct _IntervalStats 116 { 117 uint64_t recv, recv_total; 118 uint64_t drop, drop_total; 119 uint64_t processed, processed_total; 120 uint64_t tcp, tcp_total; 121 uint64_t udp, udp_total; 122 uint64_t icmp, icmp_total; 123 uint64_t arp, arp_total; 124 uint64_t ipx, ipx_total; 125 uint64_t eapol, eapol_total; 126 uint64_t ipv6, ipv6_total; 127 uint64_t ethloopback, ethloopback_total; 128 uint64_t other, other_total; 129 uint64_t frags, frags_total; 130 uint64_t discards, discards_total; 131 uint64_t frag_trackers, frag_trackers_total; 132 uint64_t frag_rebuilt, frag_rebuilt_total; 133 uint64_t frag_element, frag_element_total; 134 uint64_t frag_incomp, frag_incomp_total; 135 uint64_t frag_timeout, frag_timeout_total; 136 uint64_t frag_mem_faults, frag_mem_faults_total; 137 uint64_t tcp_str_packets, tcp_str_packets_total; 138 uint64_t tcp_str_trackers, tcp_str_trackers_total; 139 uint64_t tcp_str_flushes, tcp_str_flushes_total; 140 uint64_t tcp_str_segs_used, tcp_str_segs_used_total; 141 uint64_t tcp_str_segs_queued, tcp_str_segs_queued_total; 142 uint64_t tcp_str_mem_faults, tcp_str_mem_faults_total; 143 144 #ifdef GRE 145 uint64_t ip4ip4, ip4ip4_total; 146 uint64_t ip4ip6, ip4ip6_total; 147 uint64_t ip6ip4, ip6ip4_total; 148 uint64_t ip6ip6, ip6ip6_total; 149 150 uint64_t gre, gre_total; 151 uint64_t gre_ip, gre_ip_total; 152 uint64_t gre_eth, gre_eth_total; 153 uint64_t gre_arp, gre_arp_total; 154 uint64_t gre_ipv6, gre_ipv6_total; 155 uint64_t gre_ipx, gre_ipx_total; 156 uint64_t gre_loopback, gre_loopback_total; 157 uint64_t gre_vlan, gre_vlan_total; 158 uint64_t gre_ppp, gre_ppp_total; 159 #endif 160 161 #ifdef DLT_IEEE802_11 162 uint64_t wifi_mgmt, wifi_mgmt_total; 163 uint64_t wifi_control, wifi_control_total; 164 uint64_t wifi_data, wifi_data_total; 165 #endif 166 167 } IntervalStats; 168 169 170 171 int DisplayBanner(void); 172 void GetTime(char *); 173 int gmt2local(time_t); 174 void ts_print(register const struct timeval *, char *); 175 void ts_print2(u_int32_t, u_int32_t, char *); 176 char *copy_argv(char **); 177 void strtrim(char *); 178 void strip(char *); 179 double CalcPct(uint64_t, uint64_t); 180 void ReadPacketsFromFile(void); 181 void InitBinFrag(void); 182 void GoDaemon(void); 183 void SignalWaitingParent(void); 184 void CheckLogDir(void); 185 char *read_infile(char *); 186 void CleanupProtoNames(void); 187 void ErrorMessage(const char *, ...); 188 void LogMessage(const char *, ...); 189 NORETURN void FatalError(const char *, ...); 190 void CreatePidFile(char *); 191 void ClosePidFile(void); 192 void SetUidGid(int, int); 193 void SetChroot(char *, char **); 194 void DropStats(int); 195 void *SPAlloc(unsigned long, struct _SPMemControl *); 196 int SnortSnprintf(char *, size_t, const char *, ...); 197 int SnortSnprintfAppend(char *, size_t, const char *, ...); 198 char *SnortStrdup(const char *); 199 int SnortStrncpy(char *, const char *, size_t); 200 char *SnortStrndup(const char *, size_t); 201 int SnortStrnlen(const char *, int); 202 const char *SnortStrnPbrk(const char *s, int slen, const char *accept); 203 const char *SnortStrnStr(const char *s, int slen, const char *searchstr); 204 const char *SnortStrcasestr(const char *s, const char *substr); 205 void *SnortAlloc(unsigned long); 206 void *SnortAlloc2(size_t, const char *, ...); 207 char *CurrentWorkingDir(void); 208 char *GetAbsolutePath(char *dir); 209 char *StripPrefixDir(char *prefix, char *dir); 210 211 void TimeStats(void); 212 213 int ArchiveFile(const char *, const char *); 214 215 char *GetUniqueName(char *); 216 char *GetIP(char *); 217 char *GetHostname(); 218 int GetLocalTimezone(); 219 220 221 u_int32_t fasthex_STATIC(const u_char *xdata, int length,char *retbuf); 222 u_int32_t base64_STATIC(const u_char * xdata, int length,char *output); 223 u_int32_t ascii_STATIC(const u_char *xdata, int length,char *ret_val); 224 225 u_int32_t GetTimestampByComponent_STATIC(uint32_t sec, uint32_t usec, int tz,char *buf); 226 u_int32_t GetTimestampByStruct_STATIC(register const struct timeval *tvp, int tz,char *buf); 227 u_int32_t GetCurrentTimestamp_STATIC(char *buf); 228 229 230 u_int32_t string_sanitize_character(char *input,char ichar); 231 232 233 234 /*********************************************************** 235 If you use any of the functions in this section, you need 236 to call free() on the char * that is returned after you are 237 done using it. Otherwise, you will have created a memory 238 leak. 239 ***********************************************************/ 240 char *GetTimestampByComponent(u_int32_t, u_int32_t, int); 241 char *GetTimestampByStruct(register const struct timeval *, int); 242 char *GetCurrentTimestamp(); 243 char *base64(const u_char *, int); 244 char *ascii(const u_char *, int); 245 char *hex(const u_char *, int); 246 char *fasthex(const u_char *, int); 247 long int xatol(const char *, const char *); 248 unsigned long int xatou(const char *, const char *); 249 unsigned long int xatoup(const char *, const char *); // return > 0 250 251 int BY2Strtoul(char *,unsigned long *); 252 #endif /*__UTIL_H__*/ 253