Esempio n. 1
0
static int DAQ_ValidateInstance ()
{
    uint32_t caps = daq_get_capabilities(daq_mod, daq_hand);

    if ( !ScAdapterInlineMode() )
        return 1;

    if ( !(caps & DAQ_CAPA_BLOCK) )
        LogMessage("WARNING: inline mode configured but DAQ can't "
            "block packets.\n");

#if 0
    // this is checked in normalize.c and sp_respond.c
    // and warned/disabled only if it was configured
    if ( !(caps & DAQ_CAPA_REPLACE) )
    {
        LogMessage("WARNING: normalizations/replacements disabled "
            " because DAQ can't replace packets.\n");
    }

    // this is checked in spp_stream5.c and active.c
    // and warned/disabled only if it was configured
    if ( !(caps & DAQ_CAPA_INJECT) )
        LogMessage("WARNING: inline mode configured but DAQ can't "
            "inject packets.\n");
#endif

    return 1;
}
Esempio n. 2
0
int DAQ_CanWhitelist (void)
{
#ifdef DAQ_CAPA_WHITELIST
    return ( daq_get_capabilities(daq_mod, daq_hand) & DAQ_CAPA_WHITELIST );
#else
    return 0;
#endif
}
Esempio n. 3
0
int DAQ_CanRetry (void)
{
#ifdef HAVE_DAQ_VERDICT_RETRY
    return ( daq_get_capabilities(daq_mod, daq_hand) & DAQ_CAPA_RETRY );
#else
    return 0;
#endif
}
Esempio n. 4
0
void DAQ_UpdateTunnelBypass(SnortConfig* sc)
{
#ifdef HAVE_DAQ_REAL_ADDRESSES

    if (daq_mod && daq_hand)
    {
        uint32_t caps = daq_get_capabilities(daq_mod, daq_hand);

        if (caps & DAQ_CAPA_DECODE_GTP)
        {
            sc->tunnel_mask |= TUNNEL_GTP;
            LogMessage("DAQ tracking internal GTP sessions.\n");
        }
        if (caps & DAQ_CAPA_DECODE_TEREDO)
        {
            sc->tunnel_mask |= TUNNEL_TEREDO;
            LogMessage("DAQ tracking internal TEREDO sessions.\n");
        }
        if (caps & DAQ_CAPA_DECODE_GRE)
        {
            sc->tunnel_mask |= TUNNEL_GRE;
            LogMessage("DAQ tracking internal GRE sessions.\n");
        }
        if (caps & DAQ_CAPA_DECODE_4IN4)
        {
            sc->tunnel_mask |= TUNNEL_4IN4;
            LogMessage("DAQ tracking internal IPv4 within IPv4 sessions.\n");
        }
        if (caps & DAQ_CAPA_DECODE_6IN4)
        {
            sc->tunnel_mask |= TUNNEL_6IN4;
            LogMessage("DAQ tracking internal IPv6 within IPv4 sessions.\n");
        }
        if (caps & DAQ_CAPA_DECODE_4IN6)
        {
            sc->tunnel_mask |= TUNNEL_4IN6;
            LogMessage("DAQ tracking internal IPv4 within IPv6 sessions.\n");
        }
        if (caps & DAQ_CAPA_DECODE_6IN6)
        {
            sc->tunnel_mask |= TUNNEL_6IN6;
            LogMessage("DAQ tracking internal IPv6 within IPv6 sessions.\n");
        }
#ifdef DAQ_CAPA_DECODE_MPLS
        if (caps & DAQ_CAPA_DECODE_MPLS)
        {
            sc->tunnel_mask |= TUNNEL_MPLS;
            LogMessage("DAQ tracking internal MPLS sessions.\n");
        }
#endif
    }

#endif
}
Esempio n. 5
0
int DAQ_RawInjection (void)
{
    return ( daq_get_capabilities(daq_mod, daq_hand) & DAQ_CAPA_INJECT_RAW );
}
Esempio n. 6
0
int DAQ_CanInject (void)
{
    return ( daq_get_capabilities(daq_mod, daq_hand) & DAQ_CAPA_INJECT );
}
Esempio n. 7
0
int DAQ_CanReplace (void)
{
    return ( daq_get_capabilities(daq_mod, daq_hand) & DAQ_CAPA_REPLACE );
}
Esempio n. 8
0
int DAQ_UnprivilegedStart (void)
{
    return ( daq_get_capabilities(daq_mod, daq_hand) & DAQ_CAPA_UNPRIV_START );
}