"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/src/snort.h" (16 Oct 2020, 54720 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "snort.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.9.16.1_vs_2.9.17.

    1 /*
    2 ** Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
    3 ** Copyright (C) 2005-2013 Sourcefire, Inc.
    4 ** Copyright (C) 1998-2005 Martin Roesch <roesch@sourcefire.com>
    5 **
    6 ** This program is free software; you can redistribute it and/or modify
    7 ** it under the terms of the GNU General Public License Version 2 as
    8 ** published by the Free Software Foundation.  You may not use, modify or
    9 ** distribute this program under any other version of the GNU General
   10 ** Public License.
   11 **
   12 ** This program is distributed in the hope that it will be useful,
   13 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
   14 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15 ** GNU General Public License for more details.
   16 **
   17 ** You should have received a copy of the GNU General Public License
   18 ** along with this program; if not, write to the Free Software
   19 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   20 */
   21 
   22 /* $Id$ */
   23 
   24 #ifndef __SNORT_H__
   25 #define __SNORT_H__
   26 
   27 /*  I N C L U D E S  **********************************************************/
   28 #ifdef HAVE_CONFIG_H
   29 # include "config.h"
   30 #endif
   31 
   32 #include <sys/types.h>
   33 #include <stdio.h>
   34 
   35 #include "sf_types.h"
   36 #include "spo_plugbase.h"
   37 #include "decode.h"
   38 #include "perf.h"
   39 #include "sfdaq.h"
   40 #include "sf_types.h"
   41 #include "sfutil/sflsq.h"
   42 #include "sfutil/sfActionQueue.h"
   43 #include "profiler.h"
   44 #include "rules.h"
   45 #include "treenodes.h"
   46 #include "sfutil/sf_ipvar.h"
   47 #include "sfutil/sfghash.h"
   48 #include "sfutil/sfrim.h"
   49 #include "sfutil/sfportobject.h"
   50 #include "sfutil/asn1.h"
   51 #include "sfutil/sf_sechash.h"
   52 #include "signature.h"
   53 #include "event_queue.h"
   54 #include "sfthreshold.h"
   55 #include "fpcreate.h"
   56 #include "plugbase.h"
   57 #include "fpdetect.h"
   58 #include "ppm.h"
   59 #include "sfutil/sfrf.h"
   60 #include "sfutil/sfPolicy.h"
   61 #include "pkt_tracer.h"
   62 #include "detection_filter.h"
   63 #include "generators.h"
   64 #include "preprocids.h"
   65 #include <signal.h>
   66 #include "sf_dynamic_meta.h"
   67 #if defined(INLINE_FAILOPEN) || \
   68     defined(TARGET_BASED) || defined(SNORT_RELOAD)
   69 # include <pthread.h>
   70 #endif
   71 
   72 
   73 /*  D E F I N E S  ************************************************************/
   74 /* Mark this as a modern version of snort */
   75 #define SNORT_20
   76 /*
   77  * The original Ethernet IEEE 802.3 standard defined the minimum Ethernet 
   78  * frame size as 64 bytes. The snaplen is L2 MRU for snort and hence following
   79  * standard, the MIN_SNAPLEN should be 64.
   80  */
   81 #define MIN_SNAPLEN  64
   82 #define MAX_SNAPLEN  UINT16_MAX
   83 
   84 #define MAX_IFS   1
   85 
   86 #define TIMEBUF_SIZE    26
   87 #define MAX_PIDFILE_SUFFIX 11 /* uniqueness extension to PID file, see '-R' */
   88 #define ASSURE_ALL    0  /* all TCP alerts fire regardless of stream state */
   89 #define ASSURE_EST    1  /* only established TCP sessions fire alerts */
   90 
   91 /* This macro helps to simplify the differences between Win32 and
   92    non-Win32 code when printing out the name of the interface */
   93 #ifndef WIN32
   94 # define PRINT_INTERFACE(i)  (i ? i : "NULL")
   95 #else
   96 # define PRINT_INTERFACE(i)  print_interface(i)
   97 #endif
   98 
   99 #define RF_ANY_SIP    0x01
  100 #define RF_ANY_DIP    0x02
  101 #define RF_ANY_SP     0x04
  102 #define RF_ANY_DP     0x10
  103 #define RF_ANY_FLAGS  0x20
  104 
  105 #ifndef WIN32
  106 # define DEFAULT_LOG_DIR            "/var/log/snort"
  107 # define DEFAULT_DAEMON_ALERT_FILE  "alert"
  108 #else
  109 # define DEFAULT_LOG_DIR            "log"
  110 # define DEFAULT_DAEMON_ALERT_FILE  "log/alert.ids"
  111 #endif  /* WIN32 */
  112 
  113 /* you can redefine the user ID which is allowed to
  114  * initialize interfaces using pcap and read from them
  115  */
  116 #ifndef SNIFFUSER
  117 # define SNIFFUSER 0
  118 #endif
  119 
  120 #ifdef ACCESSPERMS
  121 # define FILEACCESSBITS ACCESSPERMS
  122 #else
  123 # ifdef S_IAMB
  124 #  define FILEACCESSBITS S_IAMB
  125 # else
  126 #  define FILEACCESSBITS 0x1FF
  127 # endif
  128 #endif
  129 
  130 #define DO_IP_CHECKSUMS     0x00000001
  131 #define DO_TCP_CHECKSUMS    0x00000002
  132 #define DO_UDP_CHECKSUMS    0x00000004
  133 #define DO_ICMP_CHECKSUMS   0x00000008
  134 
  135 #define LOG_UNIFIED         0x00000001
  136 #define LOG_TCPDUMP         0x00000002
  137 #define LOG_UNIFIED2         0x0000004
  138 
  139 #ifndef SIGNAL_SNORT_RELOAD
  140 #define SIGNAL_SNORT_RELOAD         SIGHUP
  141 #endif
  142 #ifndef SIGNAL_SNORT_DUMP_STATS
  143 #define SIGNAL_SNORT_DUMP_STATS     SIGUSR1
  144 #endif
  145 #ifndef SIGNAL_SNORT_ROTATE_STATS
  146 #define SIGNAL_SNORT_ROTATE_STATS   SIGUSR2
  147 #endif
  148 
  149 // this one should not be changed by user
  150 #define SIGNAL_SNORT_CHILD_READY    SIGCHLD
  151 
  152 #ifdef TARGET_BASED
  153 #ifndef SIGNAL_SNORT_READ_ATTR_TBL
  154 # define SIGNAL_SNORT_READ_ATTR_TBL SIGURG
  155 #endif
  156 #endif
  157 
  158 #define MODE_PACKET_DUMP    1
  159 #define MODE_PACKET_LOG     2
  160 #define MODE_IDS            3
  161 #define MODE_TEST           4
  162 #define MODE_RULE_DUMP      5
  163 #define MODE_VERSION        6
  164 
  165 #define LOG_ASCII   1
  166 #define LOG_PCAP    2
  167 #define LOG_NONE    3
  168 
  169 #define ALERT_FULL     1
  170 #define ALERT_FAST     2
  171 #define ALERT_NONE     3
  172 #define ALERT_UNSOCK   4
  173 #define ALERT_STDOUT   5
  174 #define ALERT_CMG      6
  175 #define ALERT_SYSLOG   8
  176 #define ALERT_TEST     9
  177 #define ALERT_UNIFIED  10
  178 
  179 #ifdef MPLS
  180 # define MPLS_PAYLOADTYPE_IPV4         1
  181 # define MPLS_PAYLOADTYPE_ETHERNET     2
  182 # define MPLS_PAYLOADTYPE_IPV6         3
  183 # define MPLS_PAYLOADTYPE_ERROR       -1
  184 # define DEFAULT_MPLS_PAYLOADTYPE      MPLS_PAYLOADTYPE_IPV4
  185 # define DEFAULT_LABELCHAIN_LENGTH    -1
  186 #endif
  187 
  188 /* This feature allows us to change the state of a rule,
  189  * independent of it appearing in a rules file.
  190  */
  191 #define RULE_STATE_DISABLED 0
  192 #define RULE_STATE_ENABLED 1
  193 
  194 #define MAX_DYNAMIC_ENGINES         16
  195 #define MAX_DYNAMIC_DETECTION_LIBS  16
  196 #define MAX_DYNAMIC_PREPROC_LIBS    16
  197 
  198 #ifdef TARGET_BASED
  199 # define ATTRIBUTE_TABLE_RELOAD_FLAG          0x01
  200 # define ATTRIBUTE_TABLE_AVAILABLE_FLAG       0x02
  201 # define ATTRIBUTE_TABLE_RELOADING_FLAG       0x04
  202 # define ATTRIBUTE_TABLE_TAKEN_FLAG           0x08
  203 # define ATTRIBUTE_TABLE_PARSE_FAILED_FLAG    0x10
  204 # define DEFAULT_MAX_ATTRIBUTE_HOSTS   10000
  205 # define DEFAULT_MAX_ATTRIBUTE_SERVICES_PER_HOST 100
  206 # define DEFAULT_MAX_METADATA_SERVICES     8
  207 # define MAX_MAX_ATTRIBUTE_HOSTS   (512 * 1024)
  208 # define MIN_MAX_ATTRIBUTE_HOSTS    32
  209 # define MAX_MAX_ATTRIBUTE_SERVICES_PER_HOST   65535
  210 # define MIN_MAX_ATTRIBUTE_SERVICES_PER_HOST       1
  211 # define MAX_MAX_METADATA_SERVICES 256
  212 # define MIN_MAX_METADATA_SERVICES 1
  213 #if defined(FEAT_OPEN_APPID)
  214 # define MAX_MAX_METADATA_APPID 256
  215 # define MIN_MAX_METADATA_APPID 1
  216 # define DEFAULT_MAX_METADATA_APPID     8
  217 #endif /* defined(FEAT_OPEN_APPID) */
  218 #endif
  219 
  220 # define DEFAULT_MAX_IP6_EXTENSIONS     8
  221 
  222 struct _SnortConfig;
  223 typedef int (*InitDetectionLibFunc)(struct _SnortConfig *);
  224 
  225 /*  D A T A  S T R U C T U R E S  *********************************************/
  226 typedef struct _VarEntry
  227 {
  228     char *name;
  229     char *value;
  230     unsigned char flags;
  231     IpAddrSet *addrset;
  232     uint32_t id;
  233     struct _VarEntry *prev;
  234     struct _VarEntry *next;
  235 
  236 } VarEntry;
  237 
  238 /* GetoptLong Option numbers ********************/
  239 typedef enum _GetOptLongIds
  240 {
  241     PID_PATH = 1,
  242 
  243     DYNAMIC_LIBRARY_DIRECTORY,
  244     DYNAMIC_LIBRARY_FILE,
  245     DYNAMIC_PREPROC_DIRECTORY,
  246     DYNAMIC_PREPROC_FILE,
  247     DYNAMIC_ENGINE_FILE,
  248     DYNAMIC_ENGINE_DIRECTORY,
  249     DUMP_DYNAMIC_RULES,
  250     DYNAMIC_OUTPUT_DIRECTORY,
  251     DYNAMIC_OUTPUT_FILE,
  252 
  253     CREATE_PID_FILE,
  254     TREAT_DROP_AS_ALERT,
  255     TREAT_DROP_AS_IGNORE,
  256     PROCESS_ALL_EVENTS,
  257     ALERT_BEFORE_PASS,
  258     NOLOCK_PID_FILE,
  259     NO_IFACE_PID_FILE,
  260 
  261 #ifdef INLINE_FAILOPEN
  262     DISABLE_INLINE_FAILOPEN,
  263 #endif
  264 
  265     NO_LOGGING_TIMESTAMPS,
  266     PCAP_LOOP,
  267     PCAP_SINGLE,
  268     PCAP_FILE_LIST,
  269     PCAP_LIST,
  270     PCAP_DIR,
  271     PCAP_FILTER,
  272     PCAP_NO_FILTER,
  273     PCAP_RELOAD,
  274     PCAP_RESET,
  275     PCAP_SHOW,
  276 
  277 #define EXIT_CHECK  // allow for rollback for now
  278 #ifdef EXIT_CHECK
  279     ARG_EXIT_CHECK,
  280 #endif
  281 
  282 #ifdef TARGET_BASED
  283     DISABLE_ATTRIBUTE_RELOAD,
  284 #endif
  285 
  286     DETECTION_SEARCH_METHOD,
  287     CONF_ERROR_OUT,
  288 
  289 #ifdef MPLS
  290     ENABLE_MPLS_MULTICAST,
  291     ENABLE_OVERLAPPING_IP,
  292     MAX_MPLS_LABELCHAIN_LEN,
  293     MPLS_PAYLOAD_TYPE,
  294 #endif
  295 
  296     REQUIRE_RULE_SID,
  297 
  298     ARG_DAQ_TYPE,
  299     ARG_DAQ_MODE,
  300     ARG_DAQ_VAR,
  301     ARG_DAQ_DIR,
  302     ARG_DAQ_LIST,
  303     ARG_DIRTY_PIG,
  304 
  305     ENABLE_INLINE_TEST,
  306 
  307     ARG_CS_DIR,
  308     ARG_HA_PEER,
  309     ARG_HA_OUT,
  310     ARG_HA_IN,
  311     ARG_HA_PDTS_IN,
  312 
  313     SUPPRESS_CONFIG_LOG,
  314 
  315 #ifdef DUMP_BUFFER
  316     BUFFER_DUMP,
  317     BUFFER_DUMP_ALERT,
  318 #endif
  319 
  320     GET_OPT_LONG_IDS_MAX
  321 
  322 } GetOptLongIds;
  323 
  324 typedef struct _PreprocConfig
  325 {
  326     char *keyword;
  327     char *opts;
  328     char *file_name;
  329     int file_line;
  330     /* We have to configure internal and dynamic preprocessors separately,
  331      * mainly because of the stream_api which is set in stream5 and needs to
  332      * be set before calling the dynamic preprocessor initialization
  333      * functions which set _dpd and call the setup function.  streamAPI is set
  334      * in the _dpd so stream5 needs to be configured first */
  335     int configured;
  336     struct _PreprocConfig *next;
  337 
  338 } PreprocConfig;
  339 
  340 typedef struct _OutputConfig
  341 {
  342     char *keyword;
  343     char *opts;
  344     char *file_name;
  345     int file_line;
  346     ListHead *rule_list;
  347     struct _OutputConfig *next;
  348 
  349 } OutputConfig;
  350 
  351 #ifdef SIDE_CHANNEL
  352 typedef struct _SideChannelModuleConfig
  353 {
  354     char *keyword;
  355     char *opts;
  356     char *file_name;
  357     int file_line;
  358     struct _SideChannelModuleConfig *next;
  359 } SideChannelModuleConfig;
  360 
  361 typedef struct _SideChannelConfig
  362 {
  363     bool enabled;
  364     char *opts;
  365     SideChannelModuleConfig *module_configs;
  366 } SideChannelConfig;
  367 #endif
  368 
  369 typedef enum _DynamicType
  370 {
  371     DYNAMIC_TYPE__ENGINE,
  372     DYNAMIC_TYPE__DETECTION,
  373     DYNAMIC_TYPE__PREPROCESSOR,
  374     DYNAMIC_TYPE__SIDE_CHANNEL,
  375     DYNAMIC_TYPE__MAX
  376 
  377 } DynamicType;
  378 
  379 typedef enum _PathType
  380 {
  381     PATH_TYPE__FILE,
  382     PATH_TYPE__DIRECTORY
  383 
  384 } PathType;
  385 
  386 typedef struct _DynamicLibPath
  387 {
  388     PathType ptype;
  389     char *path;
  390     time_t last_mod_time;
  391 
  392 } DynamicLibPath;
  393 
  394 #define MAX_DYNAMIC_LIBS 16
  395 
  396 typedef struct _DynamicLibInfo
  397 {
  398     DynamicType type;
  399     unsigned int count;
  400     DynamicLibPath *lib_paths[MAX_DYNAMIC_LIBS];
  401 
  402 } DynamicLibInfo;
  403 
  404 
  405 typedef enum _RunMode
  406 {
  407     /* -V */
  408     RUN_MODE__VERSION = 1,
  409 
  410     /* --dump-dynamic-rules */
  411     RUN_MODE__RULE_DUMP,
  412 
  413     /* neither of the above and snort.conf presence (-c or implicit) */
  414     RUN_MODE__IDS,
  415 
  416     /* snort.conf presence and -T */
  417     RUN_MODE__TEST,
  418 
  419     /* neither -V or --dump-dynamic-rules and no snort.conf, but logging
  420      * enabled on command line - NONE type logging seems to count here */
  421     RUN_MODE__PACKET_LOG,
  422 
  423     RUN_MODE__PACKET_DUMP
  424 
  425 } RunMode;
  426 
  427 
  428 typedef enum _RunModeFlag
  429 {
  430     /* -V */
  431     RUN_MODE_FLAG__VERSION      = 0x00000001,
  432 
  433     /* --dump-dynamic-rules */
  434     RUN_MODE_FLAG__RULE_DUMP    = 0x00000002,
  435 
  436     /* neither of the above and snort.conf presence (-c or implicit) */
  437     RUN_MODE_FLAG__IDS          = 0x00000004,
  438 
  439     /* snort.conf presence and -T */
  440     RUN_MODE_FLAG__TEST         = 0x00000008,
  441 
  442     /* neither -V or --dump-dynamic-rules and no snort.conf, but logging
  443      * enabled on command line - NONE type logging seems to count here */
  444     RUN_MODE_FLAG__PACKET_LOG   = 0x00000010,
  445 
  446     RUN_MODE_FLAG__PACKET_DUMP  = 0x00000020
  447 
  448 } RunModeFlag;
  449 
  450 typedef enum _RunFlag
  451 {
  452     RUN_FLAG__READ                = 0x00000001,     /* -r --pcap-dir, etc. */
  453     RUN_FLAG__DAEMON              = 0x00000002,     /* -D */
  454     RUN_FLAG__DAEMON_RESTART      = 0x00000004,     /* --restart */
  455     RUN_FLAG__NO_PROMISCUOUS      = 0x00000008,     /* -p */
  456     RUN_FLAG__INLINE              = 0x00000010,     /* -Q */
  457     RUN_FLAG__STATIC_HASH         = 0x00000020,     /* -H */
  458     RUN_FLAG__CREATE_PID_FILE     = 0x00000040,     /* --pid-path and --create-pidfile */
  459     RUN_FLAG__NO_LOCK_PID_FILE    = 0x00000080,     /* --nolock-pidfile */
  460     RUN_FLAG__TREAT_DROP_AS_ALERT = 0x00000100,     /* --treat-drop-as-alert */
  461     RUN_FLAG__ALERT_BEFORE_PASS   = 0x00000200,     /* --alert-before-pass */
  462     RUN_FLAG__CONF_ERROR_OUT      = 0x00000400,     /* -x and --conf-error-out */
  463 #ifdef MPLS
  464     RUN_FLAG__MPLS_MULTICAST      = 0x00000800,     /* --enable_mpls_multicast */
  465     RUN_FLAG__MPLS_OVERLAPPING_IP = 0x00001000,     /* --enable_mpls_overlapping_ip */
  466 #endif
  467 
  468     /* --process-all-events
  469      * this is transferred to the snort event queue var */
  470     RUN_FLAG__PROCESS_ALL_EVENTS  = 0x00002000,
  471 
  472 #ifdef TARGET_BASED
  473     /* --disable-attribute-reload-thread */
  474     RUN_FLAG__DISABLE_ATTRIBUTE_RELOAD_THREAD
  475                                   = 0x00004000,
  476 #endif
  477     RUN_FLAG__STATEFUL            = 0x00008000,     /* set if stream5 configured */
  478     RUN_FLAG__INLINE_TEST         = 0x00010000,     /* --enable-inline-test*/
  479     // UNUSED                     = 0x00020000,
  480 
  481 #ifdef INLINE_FAILOPEN
  482     RUN_FLAG__DISABLE_FAILOPEN    = 0x00040000,     /* --disable-inline-init-failopen */
  483 #endif
  484 
  485 #ifdef MIMICK_IPV6
  486     RUN_FLAG__MIMICK_IP6          = 0x00100000,     /* -6 */
  487 #endif
  488 
  489     RUN_FLAG__PCAP_RESET          = 0x00200000,
  490     RUN_FLAG__PCAP_SHOW           = 0x00400000,
  491     RUN_FLAG__REQUIRE_RULE_SID    = 0x00800000,
  492     RUN_FLAG__NO_PCRE             = 0x01000000,
  493     RUN_FLAG__ASSURE_EST          = 0x02000000      /* config stateful */
  494 #if defined(WIN32) && defined(ENABLE_WIN32_SERVICE)
  495    ,RUN_FLAG__TERMINATE_SERVICE   = 0x04000000,
  496     RUN_FLAG__PAUSE_SERVICE       = 0x08000000
  497 #endif
  498 
  499    ,RUN_FLAG__TREAT_DROP_AS_IGNORE= 0x10000000,     /* --treat-drop-as-ignore */
  500 #if defined(SNORT_RELOAD) && !defined(WIN32)
  501     RUN_FLAG__PCAP_RELOAD         = 0x20000000,     /* --pcap-reload */
  502 #endif
  503     RUN_FLAG__NO_IFACE_PID_FILE   = 0x40000000      /* --no-interface-pidfile */
  504 
  505 } RunFlag;
  506 
  507 typedef enum _OutputFlag
  508 {
  509     OUTPUT_FLAG__LINE_BUFFER       = 0x00000001,      /* -f */
  510     OUTPUT_FLAG__VERBOSE_DUMP      = 0x00000002,      /* -X */
  511     OUTPUT_FLAG__CHAR_DATA         = 0x00000004,      /* -C */
  512     OUTPUT_FLAG__APP_DATA          = 0x00000008,      /* -d */
  513     OUTPUT_FLAG__SHOW_DATA_LINK    = 0x00000010,      /* -e */
  514 #ifndef NO_NON_ETHER_DECODER
  515     OUTPUT_FLAG__SHOW_WIFI_MGMT    = 0x00000020,      /* -w */
  516 #endif
  517     OUTPUT_FLAG__USE_UTC           = 0x00000040,      /* -U */
  518     OUTPUT_FLAG__INCLUDE_YEAR      = 0x00000080,      /* -y */
  519 
  520     /* Note using this alters the packet - can't be used inline */
  521     OUTPUT_FLAG__OBFUSCATE         = 0x00000100,      /* -B */
  522 
  523     OUTPUT_FLAG__ALERT_IFACE       = 0x00000200,      /* -I */
  524     OUTPUT_FLAG__NO_TIMESTAMP      = 0x00000400,      /* --nostamps */
  525     OUTPUT_FLAG__ALERT_PKT_CNT     = 0x00000800,      /* -A packet-count */
  526     /* XXX XXX pv.outputVidInAlerts */
  527     OUTPUT_FLAG__ALERT_VLAN        = 0x00001000       /* config include_vlan_in_alerts */
  528 
  529 } OutputFlag;
  530 
  531 typedef enum _LoggingFlag
  532 {
  533     LOGGING_FLAG__VERBOSE         = 0x00000001,      /* -v */
  534     LOGGING_FLAG__QUIET           = 0x00000002,      /* -q */
  535     LOGGING_FLAG__SYSLOG          = 0x00000004       /* -M */
  536 #ifdef WIN32
  537    ,LOGGING_FLAG__SYSLOG_REMOTE   = 0x00000008       /* -s and -E */
  538 #endif
  539 
  540 } LoggingFlag;
  541 
  542 typedef enum _InternalLogLevel
  543 {
  544     INTERNAL_LOG_LEVEL__SUPPRESS_ALL,
  545     INTERNAL_LOG_LEVEL__ERROR,
  546     INTERNAL_LOG_LEVEL__WARNING,
  547     INTERNAL_LOG_LEVEL__MESSAGE
  548 } InternalLogLevel;
  549 
  550 /* -k
  551  * config checksum_mode
  552  * config checksum_drop_mode */
  553 typedef enum _ChecksumFlag
  554 {
  555     CHECKSUM_FLAG__IP   = 0x00000001,
  556     CHECKSUM_FLAG__TCP  = 0x00000002,
  557     CHECKSUM_FLAG__UDP  = 0x00000004,
  558     CHECKSUM_FLAG__ICMP = 0x00000008,
  559     CHECKSUM_FLAG__ALL  = 0x7fffffff
  560 
  561 } ChecksumFlag;
  562 
  563 typedef enum
  564 {
  565     /* config autogenerate_preprocessor_decoder_rules */
  566     POLICY_FLAG__AUTO_OTN = 0x00000001
  567 } PolicyFlag;
  568 
  569 typedef enum _PolicyModeFlag
  570 {
  571     POLICY_MODE__PASSIVE,
  572     POLICY_MODE__INLINE,
  573     POLICY_MODE__INLINE_TEST
  574 } PolicyMode;
  575 
  576 typedef enum _DecodeEventFlag
  577 {
  578     DECODE_EVENT_FLAG__DEFAULT              = 0x00000001,
  579     DECODE_EVENT_FLAG__OVERSIZED            = 0x00000002,
  580     DECODE_EVENT_FLAG__TCP_EXP_OPT          = 0x00000004,
  581     DECODE_EVENT_FLAG__TCP_OBS_OPT          = 0x00000008,
  582     DECODE_EVENT_FLAG__TCP_TTCP_OPT         = 0x00000010,
  583     DECODE_EVENT_FLAG__TCP_OPT_ANOMALY      = 0x00000020,
  584     DECODE_EVENT_FLAG__IP_OPT_ANOMALY       = 0x00000040,
  585     DECODE_EVENT_FLAG__IPV6_BAD_FRAG        = 0x00000080,
  586     DECODE_EVENT_FLAG__IPV6_BSD_ICMP_FRAG   = 0x00000100
  587 
  588 } DecodeEventFlag;
  589 
  590 typedef enum {
  591     TUNNEL_GTP    = 0x01,
  592     TUNNEL_TEREDO = 0x02,
  593     TUNNEL_6IN4   = 0x04,
  594     TUNNEL_4IN6   = 0x08,
  595     TUNNEL_4IN4   = 0x10,
  596     TUNNEL_6IN6   = 0x20,
  597     TUNNEL_GRE    = 0x40,
  598     TUNNEL_MPLS   = 0x80
  599 } TunnelFlags;
  600 
  601 typedef struct _VarNode
  602 {
  603     char *name;
  604     char *value;
  605     char *line;
  606     struct _VarNode *next;
  607 
  608 } VarNode;
  609 
  610 #ifdef TARGET_BASED
  611 typedef struct _TargetBasedConfig
  612 {
  613     char *args;
  614     char *file_name;
  615     int file_line;
  616 
  617 } TargetBasedConfig;
  618 #endif
  619 
  620 typedef struct _SnortPolicy
  621 {
  622 #ifdef TARGET_BASED
  623     TargetBasedConfig target_based_config;
  624 #endif
  625     PreprocConfig *preproc_configs;
  626 
  627     VarEntry *var_table;
  628     uint32_t var_id;
  629     vartable_t *ip_vartable;
  630 
  631     /* The portobjects in these are attached to rtns and used during runtime */
  632     PortVarTable *portVarTable;     /* named entries, uses a hash table */
  633     PortTable *nonamePortVarTable;  /* un-named entries */
  634 
  635     PreprocEnableMask pp_enabled[MAX_PORTS];
  636     PreprocEvalFuncNode *preproc_eval_funcs;
  637     PreprocEvalFuncNode *unused_preproc_eval_funcs;
  638     PreprocMetaEvalFuncNode *preproc_meta_eval_funcs;
  639 
  640     int preproc_proto_mask;
  641     int num_preprocs;
  642     int num_meta_preprocs;
  643     int ips_policy_mode;
  644     int nap_policy_mode;
  645     uint32_t policy_flags;
  646 
  647     /* mask of preprocessors that have registered runtime process functions */
  648     PreprocEnableMask preproc_bit_mask;
  649     PreprocEnableMask preproc_meta_bit_mask;
  650 
  651     int num_detects;
  652     //int detect_bit_mask;
  653     int detect_proto_mask;
  654     DetectionEvalFuncNode *detect_eval_funcs;
  655 
  656     /** Identifier assigned by user to correlate unified2 events to actual
  657      * policy. User or DC should assign each policy a unique number. Snort
  658      * will not verify uniqueness.
  659      */
  660     unsigned short configPolicyId;
  661 
  662     char *policy_version;
  663 
  664     uint8_t min_ttl;            /* config min_ttl */
  665 #ifdef NORMALIZER
  666     uint8_t new_ttl;            /* config new_ttl */
  667 #endif
  668 
  669     //checksum_mode and checksum_drop are now policy specific
  670     int checksum_flags;         /* -k */
  671     int checksum_flags_modified;
  672     int checksum_flags_saved;
  673     int checksum_drop_flags;
  674     int checksum_drop_flags_modified;
  675 
  676     //disable_decode_alerts and disable_decode_drop
  677     int decoder_alert_flags;
  678     int decoder_drop_flags;
  679     int decoder_alert_flags_saved;
  680     int decoder_drop_flags_saved;
  681     bool ssl_policy_enabled;
  682 } SnortPolicy;
  683 
  684 typedef struct _DynamicDetectionPlugin
  685 {
  686     void *handle;
  687     DynamicPluginMeta metaData;
  688     InitDetectionLibFunc initFunc;
  689     struct _DynamicDetectionPlugin *next;
  690     struct _DynamicDetectionPlugin *prev;
  691 } DynamicDetectionPlugin;
  692 
  693 #ifdef INTEL_SOFT_CPM
  694 struct _IntelPmHandles;
  695 #endif
  696 struct _MandatoryEarlySessionCreator;
  697 #ifdef SNORT_RELOAD
  698 struct _ReloadAdjustEntry;
  699 #endif
  700 struct _fileConfig;
  701 struct _DynamicRuleNode;
  702 
  703 typedef struct _IpsPortFilter
  704 {
  705     tSfPolicyId parserPolicyId;
  706     uint16_t port_filter[MAX_PORTS + 1];
  707 } IpsPortFilter;
  708 
  709 typedef struct _SnortConfig
  710 {
  711     RunMode run_mode;
  712     int run_mode_flags;
  713     int run_flags;
  714     int output_flags;
  715     int logging_flags;
  716     int log_tcpdump;
  717     int no_log;
  718     int no_alert;
  719     int dirty_pig;
  720 
  721     //used for processing command line arguments, checksum configuration
  722     //in conf files is maintained at policy level
  723     int checksum_flags;         /* -k */
  724     int checksum_flags_modified;
  725     int checksum_drop_flags;
  726     int checksum_drop_flags_modified;
  727 
  728     uint32_t event_log_id;      /* -G */
  729     int pkt_snaplen;
  730     uint64_t pkt_cnt;           /* -n */
  731 #ifdef REG_TEST
  732     uint64_t pkt_skip;
  733 #endif
  734 
  735     char *dynamic_rules_path;   /* --dump-dynamic-rules */
  736 
  737     /* --dynamic-engine-lib
  738      * --dynamic-engine-lib-dir
  739      * --dynamic-detection-lib
  740      * --dynamic-detection-lib-dir
  741      * --dynamic-preprocessor-lib
  742      * --dynamic-preprocessor-lib-dir
  743      *
  744      * See below for struct type
  745      */
  746     DynamicLibInfo *dyn_engines;
  747     DynamicLibInfo *dyn_rules;
  748     DynamicLibInfo *dyn_preprocs;
  749 #ifdef SIDE_CHANNEL
  750     DynamicLibInfo *dyn_side_channels;
  751 #endif
  752 
  753     char pid_path[STD_BUF];  /* --pid-path or config pidpath */
  754 
  755 #ifdef EXIT_CHECK
  756     uint64_t exit_check;        /* --exit-check */
  757 #endif
  758 
  759     /* -h and -B */
  760     sfcidr_t homenet;
  761     sfcidr_t obfuscation_net;
  762 
  763     /* config disable_decode_alerts
  764      * config enable_decode_oversized_alerts
  765      * config enable_decode_oversized_drops
  766      * config enable_decode_drops
  767      * config disable_decode_drops
  768      * config disable_tcpopt_experimental_alerts
  769      * config enable_tcpopt_experimental_drops
  770      * config disable_tcpopt_experimental_drops
  771      * config disable_tcpopt_obsolete_alerts
  772      * config enable_tcpopt_obsolete_drops
  773      * config disable_tcpopt_obsolete_drops
  774      * config disable_ttcp_alerts, config disable_tcpopt_ttcp_alerts
  775      * config enable_ttcp_drops, config enable_tcpopt_ttcp_drops
  776      * config disable_ttcp_drops
  777      * config disable_tcpopt_alerts
  778      * config enable_tcpopt_drops
  779      * config disable_tcpopt_drops
  780      * config disable_ipopt_alerts
  781      * config enable_ipopt_drops
  782      * config disable_ipopt_drops
  783      * config ipv6_frag:
  784      *   bsd_icmp_frag_alert
  785      *   bad_ipv6_frag_alert
  786      *   frag_timeout  -  not in DecoderFlags
  787      *   max_frag_sessions  -  not in DecoderFlags
  788      *   drop_bad_ipv6_frag
  789      */
  790     uint32_t ipv6_frag_timeout;
  791     uint32_t ipv6_max_frag_sessions;
  792 
  793     uint16_t flowbit_size;
  794 
  795     char pid_filename[STD_BUF];  /* used with pid_path */
  796     char pidfile_suffix[MAX_PIDFILE_SUFFIX + 1];  /* -R */
  797     char *log_dir;           /* -l or config log_dir */
  798     char *orig_log_dir;      /* set in case of chroot */
  799     char *interface;         /* -i or config interface */
  800     char *bpf_file;          /* -F or config bpf_file */
  801     char *pcap_log_file;     /* -L */
  802     char *chroot_dir;        /* -t or config chroot */
  803     char *alert_file;
  804     char *perf_file;         /* -Z */
  805     char *bpf_filter;        /* last command line arguments */
  806     char* daq_type;          /* --daq or config daq */
  807     char* daq_mode;          /* --daq-mode or config daq_mode */
  808     void* daq_vars;          /* --daq-var or config daq_var */
  809     void* daq_dirs;          /* --daq-dir or config daq_dir */
  810 
  811     char* event_trace_file;
  812     uint16_t event_trace_max;
  813 
  814     int thiszone;
  815 
  816 #ifdef WIN32
  817     char syslog_server[STD_BUF];
  818     int syslog_server_port;
  819 # ifdef ENABLE_WIN32_SERVICE
  820     int terminate_service_flag;
  821     int pause_service_flag;
  822 # endif
  823 #endif
  824 
  825     uint8_t ignore_ports[UINT16_MAX + 1];    /* config ignore_ports */
  826     long int tagged_packet_limit;            /* config tagged_packet_limit */
  827     long int pcre_match_limit;               /* config pcre_match_limit */
  828     long int pcre_match_limit_recursion;     /* config pcre_match_limit_recursion */
  829     int *pcre_ovector;
  830     int pcre_ovector_size;
  831 
  832 #ifdef PERF_PROFILING
  833     ProfileConfig profile_rules;     /* config profile_rules */
  834     ProfileConfig profile_preprocs;  /* config profile_preprocs */
  835 #endif
  836 
  837     int user_id;
  838     int group_id;
  839 
  840     mode_t file_mask;
  841 
  842 #ifdef MPLS
  843     uint8_t mpls_payload_type;  /* --mpls_payload_type */
  844     long int mpls_stack_depth;  /* --max_mpls_labelchain_len */
  845 #endif
  846 
  847     int default_rule_state;     /* config default_rule_state */
  848 
  849     char* react_page;        /* config react */
  850 
  851 #ifdef ACTIVE_RESPONSE
  852     uint8_t respond_attempts;    /* config respond */
  853     char* respond_device;
  854     uint8_t *eth_dst;        /* config destination MAC address */
  855 #endif
  856 
  857 #ifdef TARGET_BASED
  858     uint32_t max_attribute_hosts;    /* config max_attribute_hosts */
  859     uint32_t max_attribute_services_per_host;    /* config max_attribute_services_per_host */
  860     uint32_t max_metadata_services;  /* config max_metadata_services */
  861 #endif
  862 #if defined(FEAT_OPEN_APPID)
  863 
  864     uint32_t max_metadata_appid;
  865 #endif /* defined(FEAT_OPEN_APPID) */
  866 
  867     OutputConfig *output_configs;
  868     OutputConfig *rule_type_output_configs;
  869     SFGHASH *config_table;   /* table of config keywords and arguments */
  870     int asn1_mem;
  871 
  872     int active_dynamic_nodes;
  873 
  874     RuleState *rule_state_list;
  875     ClassType *classifications;
  876     ReferenceSystemNode *references;
  877     SFGHASH *so_rule_otn_map;
  878     SFGHASH *otn_map;
  879     SFGHASH *preproc_rule_options;
  880 
  881     FastPatternConfig *fast_pattern_config;
  882     EventQueueConfig *event_queue_config;
  883 
  884     PreprocPostConfigFuncNode *preproc_post_config_funcs;
  885     PreprocCheckConfigFuncNode *preproc_config_check_funcs;
  886 
  887     /* XXX XXX policy specific? */
  888     ThresholdConfig *threshold_config;
  889     RateFilterConfig *rate_filter_config;
  890     DetectionFilterConfig *detection_filter_config;
  891 
  892     SF_EVENTQ *event_queue[NUM_EVENT_QUEUES];
  893 
  894     SF_LIST **ip_proto_only_lists;
  895     uint8_t ip_proto_array[NUM_IP_PROTOS];
  896 
  897     int num_rule_types;
  898     RuleListNode *rule_lists;
  899     int evalOrder[RULE_TYPE__MAX + 1];
  900 
  901     ListHead Alert;         /* Alert Block Header */
  902     ListHead Log;           /* Log Block Header */
  903     ListHead Pass;          /* Pass Block Header */
  904     ListHead Activation;    /* Activation Block Header */
  905     ListHead Dynamic;       /* Dynamic Block Header */
  906     ListHead Drop;
  907     ListHead SDrop;
  908     ListHead Reject;
  909 
  910     PostConfigFuncNode *plugin_post_config_funcs;
  911 
  912     OTNX_MATCH_DATA *omd;
  913 
  914     /* Pattern matcher queue statistics */
  915     unsigned int max_inq;
  916     uint64_t tot_inq_flush;
  917     uint64_t tot_inq_inserts;
  918     uint64_t tot_inq_uinserts;
  919 
  920     /* Protected Content secure hash type default */
  921     Secure_Hash_Type Default_Protected_Content_Hash_Type;
  922 
  923     /* master port list table */
  924     rule_port_tables_t *port_tables;
  925 
  926 #ifdef PPM_MGR
  927     ppm_cfg_t ppm_cfg;
  928 #endif
  929 
  930     /* The port-rule-maps map the src-dst ports to rules for
  931      * udp and tcp, for Ip we map the dst port as the protocol,
  932      * and for Icmp we map the dst port to the Icmp type. This
  933      * allows us to use the decode packet information to in O(1)
  934      * select a group of rules to apply to the packet.  These
  935      * rules may have uricontent, content, or they may be no content
  936      * rules, or any combination. We process the uricontent 1st,
  937      * then the content, and then the no content rules for udp/tcp
  938      * and icmp, than we process the ip rules. */
  939     PORT_RULE_MAP *prmIpRTNX;
  940     PORT_RULE_MAP *prmTcpRTNX;
  941     PORT_RULE_MAP *prmUdpRTNX;
  942     PORT_RULE_MAP *prmIcmpRTNX;
  943 
  944 #ifdef TARGET_BASED
  945     srmm_table_t *srmmTable;   /* srvc rule map master table */
  946     srmm_table_t *spgmmTable;  /* srvc port_group map master table */
  947     sopg_table_t *sopgTable;   /* service-oridnal to port_group table */
  948 #endif
  949 
  950     SFXHASH *detection_option_hash_table;
  951     SFXHASH *detection_option_tree_hash_table;
  952     SFXHASH *rtn_hash_table;
  953 
  954     tSfPolicyConfig *policy_config;
  955     SnortPolicy **targeted_policies;
  956     IpsPortFilter **udp_ips_port_filter_list;
  957     unsigned int num_policies_allocated;
  958 
  959     char *base_version;
  960 
  961     uint8_t enable_teredo; /* config enable_deep_teredo_inspection */
  962     uint8_t enable_gtp; /* config enable_gtp */
  963     char *gtp_ports;
  964     uint8_t enable_esp;
  965     uint8_t vlan_agnostic; /* config vlan_agnostic */
  966     uint8_t addressspace_agnostic; /* config addressspace_agnostic */
  967     uint8_t log_ipv6_extra; /* config log_ipv6_extra_data */
  968     uint8_t tunnel_mask;
  969 
  970     uint32_t so_rule_memcap;
  971     uint32_t paf_max;          /* config paf_max */
  972     char *cs_dir;
  973     bool ha_peer;
  974     char *ha_out;
  975     char *ha_in;
  976     char *ha_pdts_in;
  977     char *output_dir;
  978     struct _fileConfig *file_config;
  979     int disable_all_policies;
  980     PreprocEnableMask reenabled_preprocessor_bits; /* flags for preprocessors to check, if all policies are disabled */
  981 #ifdef SIDE_CHANNEL
  982     SideChannelConfig side_channel_config;
  983 #endif
  984 #ifdef SNORT_RELOAD
  985     int reloadPolicyFlag;
  986     PreprocessorSwapData *preprocSwapData;
  987     void *streamReloadConfig;
  988 #endif
  989     tSfPolicyId parserPolicyId;
  990 #ifdef INTEL_SOFT_CPM
  991     struct _IntelPmHandles *ipm_handles;
  992 #endif
  993 
  994 /* Used when a user defines a new rule type (ruletype keyword)
  995  * It points to the new rule type's ListHead and is used for accessing the
  996  * rule type's AlertList and LogList.
  997  * The output plugins used for the rule type need to be attached to the new
  998  * rule type's list head's AlertList or LogList.  It's set before calling
  999  * the output plugin's initialization routine, because in that routine,
 1000  * AddFuncToOutputList is called (plugbase.c) and there, the output function
 1001  * is attached to the new rule type's appropriate list.
 1002  * NOTE:  This variable MUST NOT be used during runtime */
 1003     ListHead *head_tmp;
 1004 
 1005     uint8_t max_ip6_extensions;
 1006 
 1007     int internal_log_level;
 1008     int suppress_config_log;
 1009     uint8_t disable_replace_opt;
 1010 
 1011     struct _MandatoryEarlySessionCreator* mandatoryESCreators;
 1012     bool normalizer_set;
 1013 
 1014 #ifdef DUMP_BUFFER
 1015     char *buffer_dump_file;
 1016 #endif
 1017 
 1018 #ifdef SNORT_RELOAD
 1019     struct _ReloadAdjustEntry* raSessionEntry;
 1020     struct _ReloadAdjustEntry* volatile raEntry;
 1021     struct _ReloadAdjustEntry* raCurrentEntry;
 1022     time_t raLastLog;
 1023 #endif
 1024     DynamicDetectionPlugin *loadedDetectionPlugins;
 1025     struct _DynamicRuleNode *dynamic_rules;
 1026 } SnortConfig;
 1027 
 1028 /* struct to collect packet statistics */
 1029 typedef struct _PacketCount
 1030 {
 1031     uint64_t total_from_daq;
 1032     uint64_t total_processed;
 1033 
 1034     uint64_t s5tcp1;
 1035     uint64_t s5tcp2;
 1036     uint64_t ipv6opts;
 1037     uint64_t eth;
 1038     uint64_t ethdisc;
 1039     uint64_t ipv6disc;
 1040     uint64_t ip6ext;
 1041     uint64_t other;
 1042     uint64_t tcp;
 1043     uint64_t udp;
 1044     uint64_t icmp;
 1045     uint64_t arp;
 1046 #ifndef NO_NON_ETHER_DECODER
 1047     uint64_t eapol;
 1048 #endif
 1049     uint64_t vlan;
 1050     uint64_t nested_vlan;
 1051     uint64_t ipv6;
 1052     uint64_t ipv6_up;
 1053     uint64_t ipv6_upfail;
 1054     uint64_t frag6;
 1055     uint64_t icmp6;
 1056     uint64_t tdisc;
 1057     uint64_t udisc;
 1058     uint64_t tcp6;
 1059     uint64_t udp6;
 1060     uint64_t teredo;
 1061     uint64_t ipdisc;
 1062     uint64_t icmpdisc;
 1063     uint64_t embdip;
 1064     uint64_t ip;
 1065     uint64_t ipx;
 1066     uint64_t ethloopback;
 1067 
 1068     uint64_t invalid_checksums;
 1069     uint64_t bad_ttl;
 1070 
 1071 #ifdef GRE
 1072     uint64_t ip4ip4;
 1073     uint64_t ip4ip6;
 1074     uint64_t ip6ip4;
 1075     uint64_t ip6ip6;
 1076 
 1077     uint64_t gre;
 1078     uint64_t gre_ip;
 1079     uint64_t gre_eth;
 1080     uint64_t gre_arp;
 1081     uint64_t gre_ipv6;
 1082     uint64_t gre_ipv6ext;
 1083     uint64_t gre_ipx;
 1084     uint64_t gre_loopback;
 1085     uint64_t gre_vlan;
 1086     uint64_t gre_ppp;
 1087 #endif
 1088 
 1089     uint64_t discards;
 1090     uint64_t alert_pkts;
 1091     uint64_t total_alert_pkts;
 1092     uint64_t log_pkts;
 1093     uint64_t pass_pkts;
 1094 
 1095     uint64_t match_limit;
 1096     uint64_t queue_limit;
 1097     uint64_t log_limit;
 1098     uint64_t event_limit;
 1099     uint64_t alert_limit;
 1100 
 1101     uint64_t frags;           /* number of frags that have come in */
 1102     uint64_t frag_trackers;   /* number of tracking structures generated */
 1103     uint64_t rebuilt_frags;   /* number of packets rebuilt */
 1104     uint64_t frag_incomp;     /* number of frags cleared due to memory issues */
 1105     uint64_t frag_timeout;    /* number of frags cleared due to timeout */
 1106     uint64_t rebuild_element; /* frags that were element of rebuilt pkt */
 1107     uint64_t frag_mem_faults; /* number of times the memory cap was hit */
 1108 
 1109     uint64_t tcp_stream_pkts; /* number of packets tcp reassembly touches */
 1110     uint64_t rebuilt_tcp;     /* number of phoney tcp packets generated */
 1111     uint64_t tcp_streams;     /* number of tcp streams created */
 1112     uint64_t rebuilt_segs;    /* number of tcp segments used in rebuilt pkts */
 1113     uint64_t queued_segs;     /* number of tcp segments stored for rebuilt pkts */
 1114     uint64_t str_mem_faults;  /* number of times the stream memory cap was hit */
 1115 
 1116 #ifdef TARGET_BASED
 1117     uint64_t attribute_table_reloads; /* number of times attribute table was reloaded. */
 1118 #endif
 1119 
 1120 #ifndef NO_NON_ETHER_DECODER
 1121 #ifdef DLT_IEEE802_11
 1122   /* wireless statistics */
 1123     uint64_t wifi_mgmt;
 1124     uint64_t wifi_data;
 1125     uint64_t wifi_control;
 1126     uint64_t assoc_req;
 1127     uint64_t assoc_resp;
 1128     uint64_t reassoc_req;
 1129     uint64_t reassoc_resp;
 1130     uint64_t probe_req;
 1131     uint64_t probe_resp;
 1132     uint64_t beacon;
 1133     uint64_t atim;
 1134     uint64_t dissassoc;
 1135     uint64_t auth;
 1136     uint64_t deauth;
 1137     uint64_t ps_poll;
 1138     uint64_t rts;
 1139     uint64_t cts;
 1140     uint64_t ack;
 1141     uint64_t cf_end;
 1142     uint64_t cf_end_cf_ack;
 1143     uint64_t data;
 1144     uint64_t data_cf_ack;
 1145     uint64_t data_cf_poll;
 1146     uint64_t data_cf_ack_cf_poll;
 1147     uint64_t cf_ack;
 1148     uint64_t cf_poll;
 1149     uint64_t cf_ack_cf_poll;
 1150 #endif
 1151 #endif  // NO_NON_ETHER_DECODER
 1152 
 1153 #ifdef MPLS
 1154     uint64_t mpls;
 1155 #endif
 1156 
 1157     uint64_t internal_blacklist;
 1158     uint64_t internal_whitelist;
 1159 
 1160     uint64_t syn_rate_limit_events;
 1161     uint64_t syn_rate_limit_drops;
 1162 
 1163 } PacketCount;
 1164 
 1165 typedef struct _PcapReadObject
 1166 {
 1167     int type;
 1168     char *arg;
 1169     char *filter;
 1170 
 1171 } PcapReadObject;
 1172 
 1173 #if defined(DAQ_CAPA_CST_TIMEOUT)
 1174 bool Daq_Capa_Timeout;
 1175 #endif
 1176 
 1177 #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
 1178 bool Daq_Capa_Vrf;
 1179 #endif
 1180 
 1181 /* ptr to the packet processor */
 1182 typedef void (*grinder_t)(Packet *, const DAQ_PktHdr_t*, const uint8_t *);
 1183 
 1184 
 1185 /*  E X T E R N S  ************************************************************/
 1186 extern const struct timespec thread_sleep;
 1187 extern volatile bool snort_initializing;
 1188 extern volatile int snort_exiting;
 1189 #ifdef SNORT_RELOAD
 1190 typedef uint32_t snort_reload_t;
 1191 extern volatile snort_reload_t reload_signal;
 1192 extern volatile int detection_lib_changed;
 1193 extern snort_reload_t reload_total;
 1194 #endif
 1195 #if defined(SNORT_RELOAD) && !defined(WIN32)
 1196 extern volatile int snort_reload_thread_created;
 1197 extern pid_t snort_reload_thread_pid;
 1198 #endif
 1199 extern SnortConfig *snort_conf;
 1200 extern SnortConfig *snort_cmd_line_conf;
 1201 extern int internal_log_level;
 1202 
 1203 #include "sfutil/sfPolicyData.h"
 1204 
 1205 /* Specifically for logging the IPv6 fragmented ICMP BSD vulnerability */
 1206 extern Packet *BsdPseudoPacket;
 1207 
 1208 extern PacketCount pc;        /* packet count information */
 1209 extern char **protocol_names;
 1210 extern grinder_t grinder;
 1211 
 1212 #ifdef SIDE_CHANNEL
 1213 extern pthread_mutex_t snort_process_lock;
 1214 #endif
 1215 extern pthread_mutex_t dynamic_rules_lock;
 1216 
 1217 extern OutputFuncNode *AlertList;
 1218 extern OutputFuncNode *LogList;
 1219 extern tSfActionQueueId decoderActionQ;
 1220 
 1221 #if defined(SNORT_RELOAD) && !defined(WIN32)
 1222 extern volatile int snort_reload;
 1223 #endif
 1224 
 1225 #ifdef SNORT_RELOAD
 1226 extern PostConfigFuncNode *plugin_reload_funcs;
 1227 #endif
 1228 extern PeriodicCheckFuncNode *periodic_check_funcs;
 1229 
 1230 #if defined(DAQ_VERSION) && DAQ_VERSION > 9
 1231 void print_pktverdict (Packet *, uint64_t );
 1232 void print_flow(Packet *, char *, uint32_t, uint64_t, uint64_t );
 1233 #endif
 1234 
 1235 /*  P R O T O T Y P E S  ******************************************************/
 1236 int SnortMain(int argc, char *argv[]);
 1237 DAQ_Verdict ProcessPacket(Packet*, const DAQ_PktHdr_t*, const uint8_t*, void*);
 1238 Packet *NewGrinderPkt(Packet *p, DAQ_PktHdr_t* phdr, uint8_t *pkt);
 1239 void DeleteGrinderPkt(Packet *);
 1240 void SetupMetadataCallback(void);
 1241 int InMainThread(void);
 1242 bool SnortIsInitializing(void);
 1243 void SigCantHupHandler(int signal);
 1244 void print_packet_count(void);
 1245 int SignalCheck(void);
 1246 void Restart(void);
 1247 void FreeVarList(VarNode *);
 1248 SnortConfig * SnortConfNew(void);
 1249 void SnortConfFree(SnortConfig *);
 1250 void CleanupPreprocessors(SnortConfig *);
 1251 void CleanupPlugins(SnortConfig *);
 1252 void CleanExit(int);
 1253 SnortConfig * MergeSnortConfs(SnortConfig *, SnortConfig *);
 1254 void SnortShutdownThreads(int);
 1255 
 1256 typedef void (*sighandler_t)(int);
 1257 int SnortAddSignal(int sig, sighandler_t handler, int);
 1258 
 1259 #ifdef TARGET_BASED
 1260 void SigNoAttributeTableHandler(int);
 1261 #endif
 1262 
 1263 /*
 1264  * If any of the following API are modified or new ones are
 1265  * introduced, we have to make sure if they are called in
 1266  * reload path. If yes, they have to use new snort config.
 1267  */
 1268 
 1269 static inline int ScTestMode(void)
 1270 {
 1271     return snort_conf->run_mode == RUN_MODE__TEST;
 1272 }
 1273 
 1274 static inline int ScRuleDumpMode(void)
 1275 {
 1276     return snort_conf->run_mode == RUN_MODE__RULE_DUMP;
 1277 }
 1278 
 1279 static inline int ScVersionMode(void)
 1280 {
 1281     return snort_conf->run_mode == RUN_MODE__VERSION;
 1282 }
 1283 
 1284 static inline int ScIdsMode(void)
 1285 {
 1286     return snort_conf->run_mode == RUN_MODE__IDS;
 1287 }
 1288 
 1289 static inline int ScPacketLogMode(void)
 1290 {
 1291     return snort_conf->run_mode == RUN_MODE__PACKET_LOG;
 1292 }
 1293 
 1294 static inline int ScPacketDumpMode(void)
 1295 {
 1296     return snort_conf->run_mode == RUN_MODE__PACKET_DUMP;
 1297 }
 1298 
 1299 static inline int ScDaemonMode(void)
 1300 {
 1301     return snort_conf->run_flags & RUN_FLAG__DAEMON;
 1302 }
 1303 
 1304 static inline int ScDaemonRestart(void)
 1305 {
 1306     return snort_conf->run_flags & RUN_FLAG__DAEMON_RESTART;
 1307 }
 1308 
 1309 static inline int ScReadMode(void)
 1310 {
 1311     return snort_conf->run_flags & RUN_FLAG__READ;
 1312 }
 1313 
 1314 static inline int ScLogSyslog(void)
 1315 {
 1316     return snort_conf->logging_flags & LOGGING_FLAG__SYSLOG;
 1317 }
 1318 
 1319 #ifdef WIN32
 1320 static inline int ScLogSyslogRemote(void)
 1321 {
 1322     return snort_conf->logging_flags & LOGGING_FLAG__SYSLOG_REMOTE;
 1323 }
 1324 #endif
 1325 
 1326 static inline int ScLogVerbose(void)
 1327 {
 1328     return snort_conf->logging_flags & LOGGING_FLAG__VERBOSE;
 1329 }
 1330 
 1331 static inline int ScLogQuiet(void)
 1332 {
 1333     return snort_conf->logging_flags & LOGGING_FLAG__QUIET;
 1334 }
 1335 
 1336 static inline int ScCheckInternalLogLevel(int level)
 1337 {
 1338     return internal_log_level >= level;
 1339 }
 1340 
 1341 static inline void ScSetInternalLogLevel(int level)
 1342 {
 1343     if (!ScLogQuiet())
 1344         internal_log_level = level;
 1345 }
 1346 
 1347 static inline void ScRestoreInternalLogLevel(void)
 1348 {
 1349     internal_log_level = snort_conf->internal_log_level;
 1350 }
 1351 
 1352 static inline int ScDecoderAlerts(void)
 1353 {
 1354     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__DEFAULT;
 1355 }
 1356 
 1357 static inline int ScDecoderDrops(void)
 1358 {
 1359     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__DEFAULT;
 1360 }
 1361 
 1362 static inline int ScDecoderOversizedAlerts(void)
 1363 {
 1364     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__OVERSIZED;
 1365 }
 1366 
 1367 static inline int ScDecoderOversizedDrops(void)
 1368 {
 1369     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__OVERSIZED;
 1370 }
 1371 
 1372 static inline int ScDecoderIpv6BadFragAlerts(void)
 1373 {
 1374     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__IPV6_BAD_FRAG;
 1375 }
 1376 
 1377 static inline int ScDecoderIpv6BadFragDrops(void)
 1378 {
 1379     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__IPV6_BAD_FRAG;
 1380 }
 1381 
 1382 static inline int ScDecoderIpv6BsdIcmpFragAlerts(void)
 1383 {
 1384     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__IPV6_BSD_ICMP_FRAG;
 1385 }
 1386 
 1387 static inline int ScDecoderIpv6BsdIcmpFragDrops(void)
 1388 {
 1389     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__IPV6_BSD_ICMP_FRAG;
 1390 }
 1391 
 1392 static inline int ScDecoderTcpOptAlerts(void)
 1393 {
 1394     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__TCP_OPT_ANOMALY;
 1395 }
 1396 
 1397 static inline int ScDecoderTcpOptDrops(void)
 1398 {
 1399     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__TCP_OPT_ANOMALY;
 1400 }
 1401 
 1402 static inline int ScDecoderTcpOptExpAlerts(void)
 1403 {
 1404     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__TCP_EXP_OPT;
 1405 }
 1406 
 1407 static inline int ScDecoderTcpOptExpDrops(void)
 1408 {
 1409     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__TCP_EXP_OPT;
 1410 }
 1411 
 1412 static inline int ScDecoderTcpOptObsAlerts(void)
 1413 {
 1414     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__TCP_OBS_OPT;
 1415 }
 1416 
 1417 static inline int ScDecoderTcpOptObsDrops(void)
 1418 {
 1419     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__TCP_OBS_OPT;
 1420 }
 1421 
 1422 static inline int ScDecoderTcpOptTTcpAlerts(void)
 1423 {
 1424     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__TCP_TTCP_OPT;
 1425 }
 1426 
 1427 static inline int ScDecoderTcpOptTTcpDrops(void)
 1428 {
 1429     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__TCP_TTCP_OPT;
 1430 }
 1431 
 1432 static inline int ScDecoderIpOptAlerts(void)
 1433 {
 1434     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_alert_flags & DECODE_EVENT_FLAG__IP_OPT_ANOMALY;
 1435 }
 1436 
 1437 static inline int ScDecoderIpOptDrops(void)
 1438 {
 1439     return snort_conf->targeted_policies[getNapRuntimePolicy()]->decoder_drop_flags & DECODE_EVENT_FLAG__IP_OPT_ANOMALY;
 1440 }
 1441 
 1442 static inline int ScIpChecksums(void)
 1443 {
 1444     return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_flags & CHECKSUM_FLAG__IP;
 1445 }
 1446 
 1447 static inline int ScIpChecksumDrops(void)
 1448 {
 1449     return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_drop_flags & CHECKSUM_FLAG__IP;
 1450 }
 1451 
 1452 static inline int ScUdpChecksums(void)
 1453 {
 1454     return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_flags & CHECKSUM_FLAG__UDP;
 1455 }
 1456 
 1457 static inline int ScUdpChecksumDrops(void)
 1458 {
 1459     return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_drop_flags & CHECKSUM_FLAG__UDP;
 1460 }
 1461 
 1462 static inline int ScTcpChecksums(void)
 1463 {
 1464     return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_flags & CHECKSUM_FLAG__TCP;
 1465 }
 1466 
 1467 static inline int ScTcpChecksumDrops(void)
 1468 {
 1469     return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_drop_flags & CHECKSUM_FLAG__TCP;
 1470 }
 1471 
 1472 static inline int ScIcmpChecksums(void)
 1473 {
 1474     return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_flags & CHECKSUM_FLAG__ICMP;
 1475 }
 1476 
 1477 static inline int ScIcmpChecksumDrops(void)
 1478 {
 1479     return snort_conf->targeted_policies[getNapRuntimePolicy()]->checksum_drop_flags & CHECKSUM_FLAG__ICMP;
 1480 }
 1481 
 1482 static inline int ScIgnoreTcpPort(uint16_t port)
 1483 {
 1484     return snort_conf->ignore_ports[port] & PROTO_BIT__TCP;
 1485 }
 1486 
 1487 static inline int ScIgnoreUdpPort(uint16_t port)
 1488 {
 1489     return snort_conf->ignore_ports[port] & PROTO_BIT__UDP;
 1490 }
 1491 
 1492 #ifdef MPLS
 1493 static inline long int ScMplsStackDepth(void)
 1494 {
 1495     return snort_conf->mpls_stack_depth;
 1496 }
 1497 
 1498 #ifdef MPLS_RFC4023_SUPPORT
 1499 static inline long int ScMplsPayloadCheck(uint8_t ih1, long int iRet)
 1500 {
 1501     // IPv4
 1502     if (((ih1 & 0xF0) >> 4) == 4)
 1503         return MPLS_PAYLOADTYPE_IPV4;
 1504     // IPv6
 1505     else if (((ih1 & 0xF0) >> 4) == 6)
 1506         return MPLS_PAYLOADTYPE_IPV6;
 1507     else
 1508         return iRet;
 1509 }
 1510 #endif
 1511 
 1512 static inline long int ScMplsPayloadType(void)
 1513 {
 1514     return snort_conf->mpls_payload_type;
 1515 }
 1516 
 1517 static inline int ScMplsOverlappingIp(void)
 1518 {
 1519     return snort_conf->run_flags & RUN_FLAG__MPLS_OVERLAPPING_IP;
 1520 }
 1521 
 1522 static inline int ScMplsMulticast(void)
 1523 {
 1524     return snort_conf->run_flags & RUN_FLAG__MPLS_MULTICAST;
 1525 }
 1526 
 1527 #endif
 1528 
 1529 static inline uint32_t ScIpv6FragTimeout(void)
 1530 {
 1531     return snort_conf->ipv6_frag_timeout;
 1532 }
 1533 
 1534 static inline uint32_t ScIpv6MaxFragSessions(void)
 1535 {
 1536     return snort_conf->ipv6_max_frag_sessions;
 1537 }
 1538 
 1539 static inline uint8_t ScMinTTL(void)
 1540 {
 1541     return snort_conf->targeted_policies[getNapRuntimePolicy()]->min_ttl;
 1542 }
 1543 
 1544 #ifdef NORMALIZER
 1545 static inline uint8_t ScNewTTL(void)
 1546 {
 1547     return snort_conf->targeted_policies[getNapRuntimePolicy()]->new_ttl;
 1548 }
 1549 #endif
 1550 
 1551 static inline uint32_t ScPafMax (void)
 1552 {
 1553     return snort_conf->paf_max;
 1554 }
 1555 
 1556 static inline bool ScPafEnabled (void)
 1557 {
 1558     return ( ScPafMax() > 0 );
 1559 }
 1560 
 1561 static inline uint32_t ScEventLogId(void)
 1562 {
 1563     return snort_conf->event_log_id;
 1564 }
 1565 
 1566 static inline int ScConfErrorOut(void)
 1567 {
 1568     return snort_conf->run_flags & RUN_FLAG__CONF_ERROR_OUT;
 1569 }
 1570 
 1571 static inline int ScAssureEstablished(void)
 1572 {
 1573     return snort_conf->run_flags & RUN_FLAG__ASSURE_EST;
 1574 }
 1575 
 1576 /* Set if stream5 is configured */
 1577 static inline int ScStateful(void)
 1578 {
 1579     return snort_conf->run_flags & RUN_FLAG__STATEFUL;
 1580 }
 1581 
 1582 static inline long int ScPcreMatchLimit(void)
 1583 {
 1584     return snort_conf->pcre_match_limit;
 1585 }
 1586 
 1587 static inline long int ScPcreMatchLimitRecursion(void)
 1588 {
 1589     return snort_conf->pcre_match_limit_recursion;
 1590 }
 1591 
 1592 #ifdef PERF_PROFILING
 1593 static inline int ScProfilePreprocs(void)
 1594 {
 1595     return snort_conf->profile_preprocs.num;
 1596 }
 1597 
 1598 static inline int ScProfileRules(void)
 1599 {
 1600     return snort_conf->profile_rules.num;
 1601 }
 1602 #endif
 1603 
 1604 static inline int ScStaticHash(void)
 1605 {
 1606     return snort_conf->run_flags & RUN_FLAG__STATIC_HASH;
 1607 }
 1608 
 1609 static inline int ScAutoGenPreprocDecoderOtns(void)
 1610 {
 1611     return (((snort_conf->targeted_policies[getNapRuntimePolicy()])->policy_flags) & POLICY_FLAG__AUTO_OTN );
 1612 }
 1613 
 1614 static inline int ScProcessAllEvents(void)
 1615 {
 1616     return snort_conf->event_queue_config->process_all_events;
 1617 }
 1618 
 1619 static inline int ScNapPassiveMode(void)
 1620 {
 1621     return (((snort_conf->targeted_policies[getNapRuntimePolicy()])->nap_policy_mode) == POLICY_MODE__PASSIVE );
 1622 }
 1623 
 1624 static inline int ScIpsPassiveMode(void)
 1625 {
 1626     return (((snort_conf->targeted_policies[getIpsRuntimePolicy()])->ips_policy_mode) == POLICY_MODE__PASSIVE );
 1627 }
 1628 
 1629 static inline int ScAdapterPassiveMode(void)
 1630 {
 1631     return !(snort_conf->run_flags & (RUN_FLAG__INLINE | RUN_FLAG__INLINE_TEST));
 1632 }
 1633 
 1634 static inline int ScNapInlineMode(void)
 1635 {
 1636     return (((snort_conf->targeted_policies[getNapRuntimePolicy()])->nap_policy_mode) == POLICY_MODE__INLINE );
 1637 }
 1638 
 1639 static inline int ScIpsInlineMode(void)
 1640 {
 1641     return (((snort_conf->targeted_policies[getIpsRuntimePolicy()])->ips_policy_mode) == POLICY_MODE__INLINE );
 1642 }
 1643 
 1644 static inline int ScAdapterInlineMode(void)
 1645 {
 1646    return snort_conf->run_flags & RUN_FLAG__INLINE;
 1647 }
 1648 
 1649 static inline int ScNapInlineTestMode(void)
 1650 {
 1651     return (((snort_conf->targeted_policies[getNapRuntimePolicy()])->nap_policy_mode) == POLICY_MODE__INLINE_TEST );
 1652 }
 1653 
 1654 static inline int ScIpsInlineTestMode(void)
 1655 {
 1656     return (((snort_conf->targeted_policies[getIpsRuntimePolicy()])->ips_policy_mode) == POLICY_MODE__INLINE_TEST );
 1657 }
 1658 
 1659 static inline int ScAdapterInlineTestMode(void)
 1660 {
 1661     return snort_conf->run_flags & RUN_FLAG__INLINE_TEST;
 1662 }
 1663 
 1664 static inline int ScOutputIncludeYear(void)
 1665 {
 1666     return snort_conf->output_flags & OUTPUT_FLAG__INCLUDE_YEAR;
 1667 }
 1668 
 1669 static inline int ScOutputUseUtc(void)
 1670 {
 1671     return snort_conf->output_flags & OUTPUT_FLAG__USE_UTC;
 1672 }
 1673 
 1674 static inline int ScOutputDataLink(void)
 1675 {
 1676     return snort_conf->output_flags & OUTPUT_FLAG__SHOW_DATA_LINK;
 1677 }
 1678 
 1679 static inline int ScVerboseByteDump(void)
 1680 {
 1681     return snort_conf->output_flags & OUTPUT_FLAG__VERBOSE_DUMP;
 1682 }
 1683 
 1684 static inline int ScAlertPacketCount(void)
 1685 {
 1686     return snort_conf->output_flags & OUTPUT_FLAG__ALERT_PKT_CNT;
 1687 }
 1688 
 1689 static inline int ScObfuscate(void)
 1690 {
 1691     return snort_conf->output_flags & OUTPUT_FLAG__OBFUSCATE;
 1692 }
 1693 
 1694 static inline int ScOutputAppData(void)
 1695 {
 1696     return snort_conf->output_flags & OUTPUT_FLAG__APP_DATA;
 1697 }
 1698 
 1699 static inline int ScOutputCharData(void)
 1700 {
 1701     return snort_conf->output_flags & OUTPUT_FLAG__CHAR_DATA;
 1702 }
 1703 
 1704 static inline int ScAlertInterface(void)
 1705 {
 1706     return snort_conf->output_flags & OUTPUT_FLAG__ALERT_IFACE;
 1707 }
 1708 
 1709 static inline int ScNoOutputTimestamp(void)
 1710 {
 1711     return snort_conf->output_flags & OUTPUT_FLAG__NO_TIMESTAMP;
 1712 }
 1713 
 1714 static inline int ScLineBufferedLogging(void)
 1715 {
 1716     return snort_conf->output_flags & OUTPUT_FLAG__LINE_BUFFER;
 1717 }
 1718 
 1719 static inline int ScDefaultRuleState(void)
 1720 {
 1721     return snort_conf->default_rule_state;
 1722 }
 1723 
 1724 static inline int ScRequireRuleSid(void)
 1725 {
 1726     return snort_conf->run_flags & RUN_FLAG__REQUIRE_RULE_SID;
 1727 }
 1728 
 1729 #ifdef INLINE_FAILOPEN
 1730 static inline int ScDisableInlineFailopen(void)
 1731 {
 1732     return snort_conf->run_flags & RUN_FLAG__DISABLE_FAILOPEN;
 1733 }
 1734 #endif
 1735 
 1736 static inline int ScNoLockPidFile(void)
 1737 {
 1738     return snort_conf->run_flags & RUN_FLAG__NO_LOCK_PID_FILE;
 1739 }
 1740 
 1741 static inline long int ScTaggedPacketLimit(void)
 1742 {
 1743     return snort_conf->tagged_packet_limit;
 1744 }
 1745 
 1746 static inline int ScCreatePidFile(void)
 1747 {
 1748     return snort_conf->run_flags & RUN_FLAG__CREATE_PID_FILE;
 1749 }
 1750 
 1751 static inline int ScNoInterfacePidFile(void)
 1752 {
 1753     return snort_conf->run_flags & RUN_FLAG__NO_IFACE_PID_FILE;
 1754 }
 1755 
 1756 static inline int ScPcapShow(void)
 1757 {
 1758     return snort_conf->run_flags & RUN_FLAG__PCAP_SHOW;
 1759 }
 1760 
 1761 static inline int ScPcapReset(void)
 1762 {
 1763     return snort_conf->run_flags & RUN_FLAG__PCAP_RESET;
 1764 }
 1765 
 1766 #ifndef NO_NON_ETHER_DECODER
 1767 static inline int ScOutputWifiMgmt(void)
 1768 {
 1769     return snort_conf->output_flags & OUTPUT_FLAG__SHOW_WIFI_MGMT;
 1770 }
 1771 #endif
 1772 
 1773 #ifdef TARGET_BASED
 1774 static inline uint32_t ScMaxAttrHosts(SnortConfig *sc)
 1775 {
 1776     return sc->max_attribute_hosts;
 1777 }
 1778 
 1779 static inline uint32_t ScMaxAttrServicesPerHost(void)
 1780 {
 1781     return snort_conf->max_attribute_services_per_host;
 1782 }
 1783 
 1784 static inline int ScDisableAttrReload(SnortConfig *sc)
 1785 {
 1786     return sc->run_flags & RUN_FLAG__DISABLE_ATTRIBUTE_RELOAD_THREAD;
 1787 }
 1788 #endif
 1789 
 1790 static inline int ScTreatDropAsAlert(void)
 1791 {
 1792     return snort_conf->run_flags & RUN_FLAG__TREAT_DROP_AS_ALERT;
 1793 }
 1794 
 1795 static inline int ScTreatDropAsIgnore(void)
 1796 {
 1797     return snort_conf->run_flags & RUN_FLAG__TREAT_DROP_AS_IGNORE;
 1798 }
 1799 
 1800 static inline int ScAlertBeforePass(void)
 1801 {
 1802     return snort_conf->run_flags & RUN_FLAG__ALERT_BEFORE_PASS;
 1803 }
 1804 
 1805 static inline int ScNoPcre(void)
 1806 {
 1807     return snort_conf->run_flags & RUN_FLAG__NO_PCRE;
 1808 }
 1809 
 1810 static inline int ScGetEvalIndex(RuleType type)
 1811 {
 1812     return snort_conf->evalOrder[type];
 1813 }
 1814 
 1815 static inline int ScNoLog(void)
 1816 {
 1817     return snort_conf->no_log;
 1818 }
 1819 
 1820 static inline int ScNoAlert(void)
 1821 {
 1822     return snort_conf->no_alert;
 1823 }
 1824 
 1825 #if defined(WIN32) && defined(ENABLE_WIN32_SERVICE)
 1826 static inline int ScTerminateService(void)
 1827 {
 1828     return snort_conf->run_flags & RUN_FLAG__TERMINATE_SERVICE;
 1829 }
 1830 
 1831 static inline int ScPauseService(void)
 1832 {
 1833     return snort_conf->run_flags & RUN_FLAG__PAUSE_SERVICE;
 1834 }
 1835 #endif
 1836 
 1837 static inline int ScUid(void)
 1838 {
 1839     return snort_conf->user_id;
 1840 }
 1841 
 1842 static inline int ScGid(void)
 1843 {
 1844     return snort_conf->group_id;
 1845 }
 1846 
 1847 static inline char * ScPcapLogFile(void)
 1848 {
 1849     return snort_conf->pcap_log_file;
 1850 }
 1851 
 1852 #ifdef SIDE_CHANNEL
 1853 static inline int ScSideChannelEnabled(void)
 1854 {
 1855     return snort_conf->side_channel_config.enabled;
 1856 }
 1857 #endif
 1858 
 1859 // use of macro avoids depending on generators.h
 1860 #define EventIsInternal(gid) (gid == GENERATOR_INTERNAL)
 1861 
 1862 static inline void EnableInternalEvent(RateFilterConfig *config, uint32_t sid)
 1863 {
 1864     if (config == NULL)
 1865         return;
 1866 
 1867     config->internal_event_mask |= (1 << sid);
 1868 }
 1869 
 1870 static inline int InternalEventIsEnabled(RateFilterConfig *config, uint32_t sid)
 1871 {
 1872     if (config == NULL)
 1873         return 0;
 1874 
 1875     return (config->internal_event_mask & (1 << sid));
 1876 }
 1877 
 1878 static inline int ScIsPreprocEnabled(uint32_t preproc_id, tSfPolicyId policy_id)
 1879 {
 1880     SnortPolicy *policy;
 1881 
 1882     if (policy_id >= snort_conf->num_policies_allocated)
 1883         return 0;
 1884 
 1885     policy = snort_conf->targeted_policies[policy_id];
 1886     if (policy == NULL)
 1887         return 0;
 1888 
 1889     if (policy->preproc_bit_mask & (UINT64_C(1) << preproc_id))
 1890         return 1;
 1891 
 1892     return 0;
 1893 }
 1894 
 1895 static inline int ScDeepTeredoInspection(void)
 1896 {
 1897     return snort_conf->enable_teredo;
 1898 }
 1899 
 1900 static inline int ScGTPDecoding(void)
 1901 {
 1902     return snort_conf->enable_gtp;
 1903 }
 1904 
 1905 static inline int ScIsGTPPort(uint16_t port)
 1906 {
 1907     return snort_conf->gtp_ports[port];
 1908 }
 1909 
 1910 static inline int ScESPDecoding(void)
 1911 {
 1912     return snort_conf->enable_esp;
 1913 }
 1914 
 1915 static inline int ScVlanAgnostic(void)
 1916 {
 1917     return snort_conf->vlan_agnostic;
 1918 }
 1919 
 1920 static inline int ScAddressSpaceAgnostic(void)
 1921 {
 1922     return snort_conf->addressspace_agnostic;
 1923 }
 1924 
 1925 static inline int ScLogIPv6Extra(void)
 1926 {
 1927     return snort_conf->log_ipv6_extra;
 1928 }
 1929 
 1930 static inline uint32_t ScSoRuleMemcap(void)
 1931 {
 1932     return snort_conf->so_rule_memcap;
 1933 }
 1934 
 1935 static inline bool ScTunnelBypassEnabled (uint8_t proto)
 1936 {
 1937     return !(snort_conf->tunnel_mask & proto);
 1938 }
 1939 
 1940 static inline uint8_t ScMaxIP6Extensions(void)
 1941 {
 1942     return snort_conf->max_ip6_extensions;
 1943 }
 1944 
 1945 static inline int ScSuppressConfigLog(void)
 1946 {
 1947     return snort_conf->suppress_config_log;
 1948 }
 1949 
 1950 static inline int ScDisableReplaceOpt(void)
 1951 {
 1952     return snort_conf->disable_replace_opt;
 1953 }
 1954 
 1955 static inline int ScIpsInlineModeNewConf (SnortConfig * sc)
 1956 {
 1957     return (((sc->targeted_policies[getParserPolicy(sc)])->ips_policy_mode) == POLICY_MODE__INLINE );
 1958 }
 1959 
 1960 static inline int ScAdapterInlineModeNewConf (SnortConfig * sc)
 1961 {
 1962     return sc->run_flags & RUN_FLAG__INLINE;
 1963 }
 1964 
 1965 static inline int ScTreatDropAsIgnoreNewConf (SnortConfig * sc)
 1966 {
 1967     return sc->run_flags & RUN_FLAG__TREAT_DROP_AS_IGNORE;
 1968 }
 1969 
 1970 static inline int ScIpsInlineTestModeNewConf (SnortConfig * sc)
 1971 {
 1972     return (((sc->targeted_policies[getParserPolicy(sc)])->ips_policy_mode) == POLICY_MODE__INLINE_TEST );
 1973 }
 1974 
 1975 static inline int ScAdapterInlineTestModeNewConf (SnortConfig * sc)
 1976 {
 1977     return sc->run_flags & RUN_FLAG__INLINE_TEST;
 1978 }
 1979 
 1980 static inline int ScTestModeNewConf (SnortConfig * sc)
 1981 {
 1982     return sc->run_mode == RUN_MODE__TEST;
 1983 }
 1984 
 1985 static inline int ScConfErrorOutNewConf (SnortConfig * sc)
 1986 {
 1987     return sc->run_flags & RUN_FLAG__CONF_ERROR_OUT;
 1988 }
 1989 
 1990 static inline int ScDefaultRuleStateNewConf (SnortConfig * sc)
 1991 {
 1992     return sc->default_rule_state;
 1993 }
 1994 
 1995 static inline int ScRequireRuleSidNewConf (SnortConfig * sc)
 1996 {
 1997     return sc->run_flags & RUN_FLAG__REQUIRE_RULE_SID;
 1998 }
 1999 
 2000 static inline int ScTreatDropAsAlertNewConf (SnortConfig * sc)
 2001 {
 2002     return sc->run_flags & RUN_FLAG__TREAT_DROP_AS_ALERT;
 2003 }
 2004 
 2005 static inline int ScSuppressConfigLogNewConf (SnortConfig* sc)
 2006 {
 2007     return sc->suppress_config_log;
 2008 }
 2009 
 2010 static inline int ScLogQuietNewConf (SnortConfig* sc)
 2011 {
 2012     return sc->logging_flags & LOGGING_FLAG__QUIET;
 2013 }
 2014 
 2015 static inline void ScSetInternalLogLevelNewConf (SnortConfig* sc, int level)
 2016 {
 2017     if (!ScLogQuietNewConf(sc))
 2018         internal_log_level = level;
 2019 }
 2020 
 2021 static inline void ScRestoreInternalLogLevelNewConf (SnortConfig* sc)
 2022 {
 2023     internal_log_level = sc->internal_log_level;
 2024 }
 2025 
 2026 static inline long int ScPcreMatchLimitNewConf (SnortConfig *sc)
 2027 {
 2028     return sc->pcre_match_limit;
 2029 }
 2030 
 2031 static inline long int ScPcreMatchLimitRecursionNewConf (SnortConfig *sc)
 2032 {
 2033     return sc->pcre_match_limit_recursion;
 2034 }
 2035 
 2036 static inline int ScNoOutputTimestampNewConf (SnortConfig *sc)
 2037 {
 2038     return sc->output_flags & OUTPUT_FLAG__NO_TIMESTAMP;
 2039 }
 2040 
 2041 static inline int ScNapPassiveModeNewConf (SnortConfig* sc)
 2042 {
 2043     return (((sc->targeted_policies[getParserPolicy(sc)])->nap_policy_mode) == POLICY_MODE__PASSIVE );
 2044 }
 2045 
 2046 static inline int ScNapInlineTestModeNewConf (SnortConfig* sc)
 2047 {
 2048    return (((sc->targeted_policies[getParserPolicy(sc)])->nap_policy_mode) == POLICY_MODE__INLINE_TEST );
 2049 }
 2050 
 2051 static inline uint32_t ScPafMaxNewConf (SnortConfig *sc)
 2052 {
 2053     return sc->paf_max;
 2054 }
 2055 
 2056 static inline bool ScPafEnabledNewConf (SnortConfig *sc)
 2057 {
 2058     return ( ScPafMaxNewConf(sc) > 0 );
 2059 }
 2060 #if defined(DAQ_CAPA_CST_TIMEOUT)
 2061 static inline uint64_t GetTimeout( Packet *p, uint64_t *timeout)
 2062 {
 2063   DAQ_QueryFlow_t query;
 2064   int rval;
 2065   query.type = DAQ_QUERYFLOW_TYPE_TIMEOUT_VAL;
 2066   query.length = sizeof(uint64_t);
 2067   query.value = timeout;
 2068   rval = DAQ_QueryFlow( p->pkth, &query);
 2069 
 2070     if(rval != DAQ_SUCCESS)
 2071        *timeout = 1;
 2072 
 2073   return 1;
 2074 }
 2075 #endif /* query flow */
 2076 #endif  /* __SNORT_H__ */
 2077