/**
* \brief Init function for RecieveIPFW.
*
* This is a setup function for recieving packets
* via ipfw divert, binds a socket, and prepares to
* to read from it.
*
* \param tv pointer to ThreadVars
* \param initdata pointer to the divert port passed from the user
* \param data pointer gets populated with IPFWThreadVars
*
*/
TmEcode ReceiveIPFWThreadInit(ThreadVars *tv, void *initdata, void **data)
{
struct timeval timev;
int flag;
IPFWThreadVars *ntv = (IPFWThreadVars *) initdata;
IPFWQueueVars *nq = IPFWGetQueue(ntv->ipfw_index);
sigset_t sigs;
sigfillset(&sigs);
pthread_sigmask(SIG_UNBLOCK, &sigs, NULL);
SCEnter();
IPFWMutexInit(nq);
/* We need a divert socket to play with */
if ((nq->fd = socket(PF_INET, SOCK_RAW, IPPROTO_DIVERT)) == -1) {
SCLogError(SC_ERR_IPFW_SOCK,"Can't create divert socket: %s", strerror(errno));
SCReturnInt(TM_ECODE_FAILED);
}
/* set a timeout to the socket so we can check for a signal
* in case we don't get packets for a longer period. */
timev.tv_sec = 1;
timev.tv_usec = 0;
if (setsockopt(nq->fd, SOL_SOCKET, SO_RCVTIMEO, &timev, sizeof(timev)) == -1) {
SCLogError(SC_ERR_IPFW_SETSOCKOPT,"Can't set IPFW divert socket timeout: %s", strerror(errno));
SCReturnInt(TM_ECODE_FAILED);
}
/* set SO_BROADCAST on the divert socket, otherwise sendto()
* returns EACCES when reinjecting broadcast packets. */
flag = 1;
if (setsockopt(nq->fd, SOL_SOCKET, SO_BROADCAST, &flag, sizeof(flag)) == -1) {
SCLogError(SC_ERR_IPFW_SETSOCKOPT,"Can't set IPFW divert socket broadcast flag: %s", strerror(errno));
SCReturnInt(TM_ECODE_FAILED);
}
nq->ipfw_sinlen=sizeof(nq->ipfw_sin);
memset(&nq->ipfw_sin, 0, nq->ipfw_sinlen);
nq->ipfw_sin.sin_family = PF_INET;
nq->ipfw_sin.sin_addr.s_addr = INADDR_ANY;
nq->ipfw_sin.sin_port = htons(nq->port_num);
/* Bind that SOB */
if (bind(nq->fd, (struct sockaddr *)&nq->ipfw_sin, nq->ipfw_sinlen) == -1) {
SCLogError(SC_ERR_IPFW_BIND,"Can't bind divert socket on port %d: %s",nq->port_num,strerror(errno));
SCReturnInt(TM_ECODE_FAILED);
}
ntv->datalink = DLT_RAW;
*data = (void *)ntv;
SCReturnInt(TM_ECODE_OK);
}
/**
* \brief DeInit function closes divert socket at exit.
* \todo Unit tests are needed for this module.
* \param tv pointer to ThreadVars
* \param data pointer that gets cast into IPFWThreadVars for ptv
*/
TmEcode ReceiveIPFWThreadDeinit(ThreadVars *tv, void *data)
{
IPFWThreadVars *ptv = (IPFWThreadVars *)data;
IPFWQueueVars *nq = IPFWGetQueue(ptv->ipfw_index);
SCEnter();
/* Attempt to shut the socket down...close instead? */
if (shutdown(nq->fd, SHUT_RD) < 0) {
SCLogWarning(SC_WARN_IPFW_UNBIND,"Unable to disable ipfw socket: %s",strerror(errno));
SCReturnInt(TM_ECODE_FAILED);
}
SCReturnInt(TM_ECODE_OK);
}
/**
* \brief This function sets the Verdict and processes the packet
*
*
* \param tv pointer to ThreadVars
* \param p pointer to the Packet
*/
TmEcode IPFWSetVerdict(ThreadVars *tv, IPFWThreadVars *ptv, Packet *p)
{
uint32_t verdict;
struct pollfd IPFWpoll;
IPFWQueueVars *nq = NULL;
SCEnter();
if (p == NULL) {
SCLogWarning(SC_ERR_INVALID_ARGUMENT, "Packet is NULL");
SCReturnInt(TM_ECODE_FAILED);
}
nq = IPFWGetQueue(p->ipfw_v.ipfw_index);
if (nq == NULL) {
SCLogWarning(SC_ERR_INVALID_ARGUMENT, "No thread found");
SCReturnInt(TM_ECODE_FAILED);
}
IPFWpoll.fd = nq->fd;
IPFWpoll.events = POLLWRNORM;
if (p->action & ACTION_DROP) {
verdict = IPFW_DROP;
} else {
verdict = IPFW_ACCEPT;
}
if (verdict == IPFW_ACCEPT) {
SCLogDebug("IPFW Verdict is to Accept");
ptv->accepted++;
/* For divert sockets, accepting means writing the
* packet back to the socket for ipfw to pick up
*/
SCLogDebug("IPFWSetVerdict writing to socket %d, %p, %u", nq->fd, GET_PKT_DATA(p),GET_PKT_LEN(p));
#if 0
while ((poll(&IPFWpoll,1,IPFW_SOCKET_POLL_MSEC)) < 1) {
/* Did we receive a signal to shutdown */
if (TmThreadsCheckFlag(tv, THV_KILL) || TmThreadsCheckFlag(tv, THV_PAUSE)) {
SCLogInfo("Received ThreadShutdown: IPFW divert socket writing interrupted");
SCReturnInt(TM_ECODE_OK);
}
}
#endif
IPFWMutexLock(nq);
if (sendto(nq->fd, GET_PKT_DATA(p), GET_PKT_LEN(p), 0,(struct sockaddr *)&nq->ipfw_sin, nq->ipfw_sinlen) == -1) {
int r = errno;
switch (r) {
default:
SCLogWarning(SC_WARN_IPFW_XMIT,"Write to ipfw divert socket failed: %s",strerror(r));
IPFWMutexUnlock(nq);
SCReturnInt(TM_ECODE_FAILED);
case EHOSTDOWN:
case ENETDOWN:
break;
}
}
IPFWMutexUnlock(nq);
SCLogDebug("Sent Packet back into IPFW Len: %d",GET_PKT_LEN(p));
} /* end IPFW_ACCEPT */
if (verdict == IPFW_DROP) {
SCLogDebug("IPFW SetVerdict is to DROP");
ptv->dropped++;
/** \todo For divert sockets, dropping means not writing the packet back to the socket.
* Need to see if there is some better way to free the packet from the queue */
} /* end IPFW_DROP */
SCReturnInt(TM_ECODE_OK);
}
TmEcode ReceiveIPFWLoop(ThreadVars *tv, void *data, void *slot)
{
SCEnter();
IPFWThreadVars *ptv = (IPFWThreadVars *)data;
IPFWQueueVars *nq = NULL;
uint8_t pkt[IP_MAXPACKET];
int pktlen=0;
struct pollfd IPFWpoll;
struct timeval IPFWts;
Packet *p = NULL;
uint16_t packet_q_len = 0;
nq = IPFWGetQueue(ptv->ipfw_index);
if (nq == NULL) {
SCLogWarning(SC_ERR_INVALID_ARGUMENT, "Can't get thread variable");
SCReturnInt(TM_ECODE_FAILED);
}
SCLogInfo("Thread '%s' will run on port %d (item %d)",
tv->name, nq->port_num, ptv->ipfw_index);
while (1) {
if (suricata_ctl_flags & (SURICATA_STOP || SURICATA_KILL)) {
SCReturnInt(TM_ECODE_OK);
}
IPFWpoll.fd = nq->fd;
IPFWpoll.events = POLLRDNORM;
/* Poll the socket for status */
if ( (poll(&IPFWpoll, 1, IPFW_SOCKET_POLL_MSEC)) > 0) {
if (!(IPFWpoll.revents & (POLLRDNORM | POLLERR)))
continue;
}
if ((pktlen = recvfrom(nq->fd, pkt, sizeof(pkt), 0,
(struct sockaddr *)&nq->ipfw_sin,
&nq->ipfw_sinlen)) == -1) {
/* We received an error on socket read */
if (errno == EINTR || errno == EWOULDBLOCK) {
/* Nothing for us to process */
continue;
} else {
SCLogWarning(SC_WARN_IPFW_RECV,
"Read from IPFW divert socket failed: %s",
strerror(errno));
SCReturnInt(TM_ECODE_FAILED);
}
}
/* We have a packet to process */
memset (&IPFWts, 0, sizeof(struct timeval));
gettimeofday(&IPFWts, NULL);
/* make sure we have at least one packet in the packet pool, to prevent
* us from alloc'ing packets at line rate */
do {
packet_q_len = PacketPoolSize();
if (unlikely(packet_q_len == 0)) {
PacketPoolWait();
}
} while (packet_q_len == 0);
p = PacketGetFromQueueOrAlloc();
if (p == NULL) {
SCReturnInt(TM_ECODE_FAILED);
}
PKT_SET_SRC(p, PKT_SRC_WIRE);
SCLogDebug("Received Packet Len: %d", pktlen);
p->ts.tv_sec = IPFWts.tv_sec;
p->ts.tv_usec = IPFWts.tv_usec;
ptv->pkts++;
ptv->bytes += pktlen;
p->datalink = ptv->datalink;
p->ipfw_v.ipfw_index = ptv->ipfw_index;
PacketCopyData(p, pkt, pktlen);
SCLogDebug("Packet info: pkt_len: %" PRIu32 " (pkt %02x, pkt_data %02x)",
GET_PKT_LEN(p), *pkt, GET_PKT_DATA(p));
if (TmThreadsSlotProcessPkt(tv, ((TmSlot *) slot)->slot_next, p)
!= TM_ECODE_OK) {
TmqhOutputPacketpool(tv, p);
SCReturnInt(TM_ECODE_FAILED);
}
SCPerfSyncCountersIfSignalled(tv, 0);
}
SCReturnInt(TM_ECODE_OK);
}
