blacklight
/
Snort_AIPreproc
mirror of https://github.com/BlackLight/Snort_AIPreproc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Snort_AIPreproc/include/sfPolicy.h

165 lines
3.9 KiB
C
Raw Blame History

/****************************************************************************
* Copyright (C) 2008-2010 Sourcefire, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License Version 2 as
* published by the Free Software Foundation. You may not use, modify or
* distribute this program under any other version of the GNU General
* Public License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
****************************************************************************/
#ifndef _SF_POLICY_H_
#define _SF_POLICY_H_
#include "sf_ip.h"
#include "ipv6_port.h"
#include "sfrt.h"
#include "debug.h"
/**Number of additional policies allocated with each re-alloc operation. */
#define POLICY_ALLOCATION_CHUNK 10
#define SF_VLAN_BINDING_MAX 4096
#define SF_NETWORK_BINDING_MAX 4096
#define SF_VLAN_UNBOUND 0xffffffff
//vlan id or address range is reduced to policy id. and subsequent processing is done using policy id only.
typedef struct
{
/**number of vlans which are member of this group. When membership falls to 0, then this group should be deleted.
*/
unsigned int refCount;
char *filename;
unsigned int isConfigProcessed:1;
} tSfPolicy;
typedef enum {
SF_BINDING_TYPE_VLAN,
SF_BINDING_TYPE_NETWORK,
SF_BINDING_TYPE_UNKNOWN
} tSF_BINDING_TYPE;
typedef unsigned int tSfPolicyId;
typedef struct
{
/**group id assigned to each file name. The groupId is an abstract concept
* to tie multiple vlans into one group. */
tSfPolicy **ppPolicies;
tSfPolicyId defaultPolicyId;
/**policy id of configuration file or packet being processed. */
tSfPolicyId numAllocatedPolicies;
unsigned int numActivePolicies;
/**vlan to policyId bindings. */
tSfPolicyId vlanBindings[SF_VLAN_BINDING_MAX];
/**Network to policyId bindings. */
table_t *netBindTable;
} tSfPolicyConfig;
extern tSfPolicyId runtimePolicyId;
extern tSfPolicyId parserPolicyId;
tSfPolicyConfig * sfPolicyInit(
void
);
void sfPolicyFini(
tSfPolicyConfig *
);
int sfPolicyAdd(
tSfPolicyConfig *,
char *
);
void sfPolicyDelete(
tSfPolicyConfig *,
tSfPolicyId
);
char * sfPolicyGet(
tSfPolicyConfig *,
tSfPolicyId
);
int sfVlanAddBinding(
tSfPolicyConfig *,
int,
char *
);
tSfPolicyId sfVlanGetBinding(
tSfPolicyConfig *,
int
);
void sfVlanDeleteBinding(
tSfPolicyConfig *,
int
);
unsigned int sfGetApplicablePolicyId(
tSfPolicyConfig *,
int,
snort_ip_p,
snort_ip_p
);
int sfNetworkAddBinding(
tSfPolicyConfig *,
sfip_t *,
char *
);
unsigned int sfNetworkGetBinding(
tSfPolicyConfig *,
snort_ip_p
);
void sfNetworkDeleteBinding(
tSfPolicyConfig *,
snort_ip_p
);
static INLINE tSfPolicyId sfGetDefaultPolicy(
tSfPolicyConfig *config
)
{
if (config == NULL)
return 0;
return config->defaultPolicyId;
}
static INLINE void sfSetDefaultPolicy(
tSfPolicyConfig *config,
tSfPolicyId policyId
)
{
if ((config == NULL) || (policyId >= config->numAllocatedPolicies))
return;
config->defaultPolicyId = policyId;
}
static INLINE tSfPolicyId sfPolicyNumAllocated(
tSfPolicyConfig *config
)
{
if (config == NULL)
return 0;
return config->numAllocatedPolicies;
}
//dynamic array functions
int sfDynArrayCheckBounds (
void ** dynArray,
unsigned int index,
unsigned int *maxElements
);
#endif
Reference in New Issue View Git Blame Copy Permalink