00001 //--------------------------------------------------------------------------
00002 // Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved.
00003 // Copyright (C) 2005-2013 Sourcefire, Inc.
00004 //
00005 // This program is free software; you can redistribute it and/or modify it
00006 // under the terms of the GNU General Public License Version 2 as published
00007 // by the Free Software Foundation. You may not use, modify or distribute
00008 // this program under any other version of the GNU General Public License.
00009 //
00010 // This program is distributed in the hope that it will be useful, but
00011 // WITHOUT ANY WARRANTY; without even the implied warranty of
00012 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
00013 // General Public License for more details.
00014 //
00015 // You should have received a copy of the GNU General Public License along
00016 // with this program; if not, write to the Free Software Foundation, Inc.,
00017 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
00018 //--------------------------------------------------------------------------
00019
00020 // sfdaq.h author Michael Altizer <mialtize@cisco.com>
00021
00022 #ifndef SFDAQ_H
00023 #define SFDAQ_H
00024
00025 #include <daq_common.h>
00026
00027 #include <string>
00028
00029 #include "main/snort_types.h"
00030 #include "protocols/protocol_ids.h"
00031
00032 struct Packet;
00033 struct SnortConfig;
00034 struct SfIp;
00035
00036 class SFDAQInstance
00037 {
00038 public:
00039 SFDAQInstance(const char* intf);
00040 ~SFDAQInstance();
00041
00042 bool configure(const SnortConfig*);
00043 void set_metacallback(DAQ_Meta_Func_t);
00044
00045 bool start();
00046 bool was_started();
00047 bool stop();
00048 void reload();
00049 void abort();
00050
00051 int get_base_protocol();
00052 const char* get_interface_spec();
00053 const DAQ_Stats_t* get_stats();
00054
00055 bool can_inject();
00056 bool can_inject_raw();
00057 bool can_replace();
00058 bool can_retry();
00059 bool can_start_unprivileged();
00060 bool can_whitelist();
00061
00062 int acquire(int max, DAQ_Analysis_Func_t);
00063 int inject(const DAQ_PktHdr_t*, int rev, const uint8_t* buf, uint32_t len);
00064 bool break_loop(int error);
00065
00066 SO_PUBLIC int query_flow(const DAQ_PktHdr_t*, DAQ_QueryFlow_t*);
00067 int modify_flow_opaque(const DAQ_PktHdr_t*, uint32_t opaque);
00068 int modify_flow_pkt_trace(const DAQ_PktHdr_t*, DAQ_Verdict,
00069 uint8_t* buff, uint32_t buff_len);
00070 int add_expected(const Packet* ctrlPkt, const SfIp* cliIP, uint16_t cliPort,
00071 const SfIp* srvIP, uint16_t srvPort, IpProtocol, unsigned timeout_ms,
00072 unsigned /* flags */);
00073
00074 private:
00075 bool set_filter(const char*);
00076 std::string interface_spec;
00077 DAQ_Meta_Func_t daq_meta_callback;
00078 void* daq_hand;
00079 int daq_dlt;
00080 int s_error;
00081 DAQ_Stats_t daq_stats;
00082 };
00083
00084 class SFDAQ
00085 {
00086 public:
00087 static void load(const SnortConfig*);
00088 static void unload();
00089
00090 static void print_types(std::ostream&);
00091 static const char* verdict_to_string(DAQ_Verdict verdict);
00092 static void init(const SnortConfig*);
00093 static void term();
00094
00095 static const char* get_type();
00096 static const char* get_input_spec(const SnortConfig*, unsigned instance_id);
00097 static const char* default_type();
00098 static const DAQ_Stats_t* get_stats();
00099
00100 static bool unprivileged();
00101 static bool can_inject();
00102 static bool can_inject_raw();
00103 static bool can_replace();
00104 static bool can_retry();
00105
00106 // FIXIT-M X Temporary thread-local instance helpers to be removed when no longer needed
00107 static void set_local_instance(SFDAQInstance*);
00108
00109 SO_PUBLIC static SFDAQInstance* get_local_instance();
00110 SO_PUBLIC static const char* get_interface_spec();
00111 SO_PUBLIC static int get_base_protocol();
00112 SO_PUBLIC static uint32_t get_snap_len();
00113
00114 static int inject(const DAQ_PktHdr_t*, int rev, const uint8_t* buf, uint32_t len);
00115 static bool forwarding_packet(const DAQ_PktHdr_t*);
00116 static bool break_loop(int error);
00117 };
00118
00119 #endif
00120
END OF CODE