util-device_8c_source.html

/* Copyright (C) 2011-2016 Open Information Security Foundation

 *

 * You can copy, redistribute or modify this Program under the terms of

 * the GNU General Public License version 2 as published by the Free

 * Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * version 2 along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

 * 02110-1301, USA.

 */


#include "suricata-common.h"

#include "conf.h"

#include "util-device.h"

#include "util-ioctl.h"

#include "util-misc.h"


#include "device-storage.h"


#define MAX_DEVNAME 10


static int g_bypass_storage_id = -1;


/**

 * \file

 *

 * \author Eric Leblond <eric@regit.org>

 *

 *  \brief Utility functions to handle device list

 */


/** private device list */

static TAILQ_HEAD(, LiveDevice_) live_devices =

    TAILQ_HEAD_INITIALIZER(live_devices);


/** List of the name of devices

 *

 * As we don't know the size of the Storage on devices

 * before the parsing we need to wait and use this list

 * to create later the LiveDevice via LiveDeviceFinalize()

 */

static TAILQ_HEAD(, LiveDeviceName_) pre_live_devices =

    TAILQ_HEAD_INITIALIZER(pre_live_devices);


typedef struct BypassInfo_ {

    SC_ATOMIC_DECLARE(uint64_t, ipv4_hash_count);

    SC_ATOMIC_DECLARE(uint64_t, ipv4_fail);

    SC_ATOMIC_DECLARE(uint64_t, ipv4_success);

    SC_ATOMIC_DECLARE(uint64_t, ipv6_hash_count);

    SC_ATOMIC_DECLARE(uint64_t, ipv6_fail);

    SC_ATOMIC_DECLARE(uint64_t, ipv6_success);

} BypassInfo;


/** if set to 0 when we don't have real devices */

static int live_devices_stats = 1;


static int LiveSafeDeviceName(const char *devname,

                              char *newdevname, size_t destlen);


static int g_live_devices_disable_offloading = 1;


void LiveSetOffloadDisable(void)

{

    g_live_devices_disable_offloading = 1;

}


void LiveSetOffloadWarn(void)

{

    g_live_devices_disable_offloading = 0;

}


int LiveGetOffload(void)

{

    return g_live_devices_disable_offloading;

}


/**

 *  \brief Add a device for monitoring

 *

 * To be used during option parsing. When a device has

 * to be created during runmode init, use LiveRegisterDevice()

 *

 *  \param dev string with the device name

 *

 *  \retval 0 on success.

 *  \retval -1 on failure.

 */

int LiveRegisterDeviceName(const char *dev)

{

    LiveDeviceName *pd = NULL;


    pd = SCCalloc(1, sizeof(LiveDeviceName));

    if (unlikely(pd == NULL)) {

        return -1;

    }


    pd->dev = SCStrdup(dev);

    if (unlikely(pd->dev == NULL)) {

        SCFree(pd);

        return -1;

    }


    TAILQ_INSERT_TAIL(&pre_live_devices, pd, next);


    SCLogDebug("Device \"%s\" registered.", dev);

    return 0;

}


/**

 *  \brief Add a pcap device for monitoring and create structure

 *

 *  \param dev string with the device name

 *

 *  \retval 0 on success.

 *  \retval -1 on failure.

 */

int LiveRegisterDevice(const char *dev)

{

    LiveDevice *pd = NULL;


    pd = SCCalloc(1, sizeof(LiveDevice) + LiveDevStorageSize());

    if (unlikely(pd == NULL)) {

        return -1;

    }


    pd->dev = SCStrdup(dev);

    if (unlikely(pd->dev == NULL)) {

        SCFree(pd);

        return -1;

    }

    /* create a short version to be used in thread names */

    LiveSafeDeviceName(pd->dev, pd->dev_short, sizeof(pd->dev_short));


    SC_ATOMIC_INIT(pd->pkts);

    SC_ATOMIC_INIT(pd->drop);

    SC_ATOMIC_INIT(pd->invalid_checksums);

    pd->ignore_checksum = 0;

    pd->id = LiveGetDeviceCount();

    TAILQ_INSERT_TAIL(&live_devices, pd, next);


    SCLogDebug("Device \"%s\" registered and created.", dev);

    return 0;

}


/**

 *  \brief Get the number of registered devices

 *

 *  \retval cnt the number of registered devices

 */

int LiveGetDeviceCount(void)

{

    int i = 0;

    LiveDevice *pd;


    TAILQ_FOREACH(pd, &live_devices, next) {

        i++;

    }


    return i;

}


/**

 *  \brief Get a pointer to the device name at idx

 *

 *  \param number idx of the device in our list

 *

 *  \retval ptr pointer to the string containing the device

 *  \retval NULL on error

 */

const char *LiveGetDeviceName(int number)

{

    int i = 0;

    LiveDevice *pd;


    TAILQ_FOREACH(pd, &live_devices, next) {

        if (i == number) {

            return pd->dev;

        }


        i++;

    }


    return NULL;

}


/**

 *  \brief Get the number of pre registered devices

 *

 *  \retval cnt the number of pre registered devices

 */

int LiveGetDeviceNameCount(void)

{

    int i = 0;

    LiveDeviceName *pd;


    TAILQ_FOREACH(pd, &pre_live_devices, next) {

        i++;

    }


    return i;

}


/**

 *  \brief Get a pointer to the pre device name at idx

 *

 *  \param number idx of the pre device in our list

 *

 *  \retval ptr pointer to the string containing the device

 *  \retval NULL on error

 */

const char *LiveGetDeviceNameName(int number)

{

    int i = 0;

    LiveDeviceName *pd;


    TAILQ_FOREACH(pd, &pre_live_devices, next) {

        if (i == number) {

            return pd->dev;

        }


        i++;

    }


    return NULL;

}


/** \internal

 *  \brief Shorten a device name that is to long

 *

 *  \param device name from config and destination for modified

 *

 *  \retval None, is added to destination char *newdevname

 */

static int LiveSafeDeviceName(const char *devname, char *newdevname, size_t destlen)

{

    const size_t devnamelen = strlen(devname);


    /* If we have to shorten the interface name */

    if (devnamelen > MAX_DEVNAME) {


        /* IF the dest length is over 10 chars long it will not do any

         * good for the shortening. The shortening is done due to the

         * max length of pthread names (15 chars) and we use 3 chars

         * for the threadname indicator eg. "W#-" and one-two chars for

         * the thread number. And if the destination buffer is under

         * 6 chars there is no point in shortening it since we must at

         * least enter two periods (.) into the string.

         */

        if ((destlen-1) > 10 || (destlen-1) < 6) {

            return 1;

        }


        ShortenString(devname, newdevname, destlen, '.');


        SCLogInfo("Shortening device name to: %s", newdevname);

    } else {

        strlcpy(newdevname, devname, destlen);

    }

    return 0;

}


/**

 *  \brief Get a pointer to the device at idx

 *

 *  \param number idx of the device in our list

 *

 *  \retval ptr pointer to the string containing the device

 *  \retval NULL on error

 */

LiveDevice *LiveGetDevice(const char *name)

{

    int i = 0;

    LiveDevice *pd;


    if (name == NULL) {

        SCLogWarning(SC_ERR_INVALID_VALUE, "Name of device should not be null");

        return NULL;

    }


    TAILQ_FOREACH(pd, &live_devices, next) {

        if (!strcmp(name, pd->dev)) {

            return pd;

        }


        i++;

    }


    return NULL;

}


const char *LiveGetShortName(const char *dev)

{

    LiveDevice *live_dev = LiveGetDevice(dev);

    if (live_dev == NULL)

        return NULL;

    return live_dev->dev_short;

}


int LiveBuildDeviceList(const char *runmode)

{

    return LiveBuildDeviceListCustom(runmode, "interface");

}


int LiveBuildDeviceListCustom(const char *runmode, const char *itemname)

{

    ConfNode *base = ConfGetNode(runmode);

    ConfNode *child;

    int i = 0;


    if (base == NULL)

        return 0;


    TAILQ_FOREACH(child, &base->head, next) {

        ConfNode *subchild;

        TAILQ_FOREACH(subchild, &child->head, next) {

            if ((!strcmp(subchild->name, itemname))) {

                if (!strcmp(subchild->val, "default"))

                    break;

                SCLogConfig("Adding %s %s from config file",

                          itemname, subchild->val);

                LiveRegisterDeviceName(subchild->val);

                i++;

            }

        }

    }


    return i;

}


/** Call this function to disable stat on live devices

 *

 * This can be useful in the case, this is not a real interface.

 */

void LiveDeviceHasNoStats()

{

    live_devices_stats = 0;

}


int LiveDeviceListClean()

{

    SCEnter();

    LiveDevice *pd, *tpd;


    TAILQ_FOREACH_SAFE(pd, &live_devices, next, tpd) {

        if (live_devices_stats) {

            SCLogNotice("Stats for '%s':  pkts: %" PRIu64", drop: %" PRIu64 " (%.2f%%), invalid chksum: %" PRIu64,

                    pd->dev,

                    SC_ATOMIC_GET(pd->pkts),

                    SC_ATOMIC_GET(pd->drop),

                    100 * (SC_ATOMIC_GET(pd->drop) * 1.0) / SC_ATOMIC_GET(pd->pkts),

                    SC_ATOMIC_GET(pd->invalid_checksums));

        }


        RestoreIfaceOffloading(pd);


        if (pd->dev)

            SCFree(pd->dev);

        SC_ATOMIC_DESTROY(pd->pkts);

        SC_ATOMIC_DESTROY(pd->drop);

        SC_ATOMIC_DESTROY(pd->invalid_checksums);

        LiveDevFreeStorage(pd);

        SCFree(pd);

    }


    SCReturnInt(TM_ECODE_OK);

}


#ifdef BUILD_UNIX_SOCKET

TmEcode LiveDeviceIfaceStat(json_t *cmd, json_t *answer, void *data)

{

    SCEnter();

    LiveDevice *pd;

    const char * name = NULL;

    json_t *jarg = json_object_get(cmd, "iface");

    if(!json_is_string(jarg)) {

        json_object_set_new(answer, "message", json_string("Iface is not a string"));

        SCReturnInt(TM_ECODE_FAILED);

    }

    name = json_string_value(jarg);

    if (name == NULL) {

        json_object_set_new(answer, "message", json_string("Iface name is NULL"));

        SCReturnInt(TM_ECODE_FAILED);

    }


    TAILQ_FOREACH(pd, &live_devices, next) {

        if (!strcmp(name, pd->dev)) {

            json_t *jdata = json_object();

            if (jdata == NULL) {

                json_object_set_new(answer, "message",

                        json_string("internal error at json object creation"));

                SCReturnInt(TM_ECODE_FAILED);

            }

            json_object_set_new(jdata, "pkts",

                                json_integer(SC_ATOMIC_GET(pd->pkts)));

            json_object_set_new(jdata, "invalid-checksums",

                                json_integer(SC_ATOMIC_GET(pd->invalid_checksums)));

            json_object_set_new(jdata, "drop",

                                json_integer(SC_ATOMIC_GET(pd->drop)));

            json_object_set_new(jdata, "bypassed",

                                json_integer(SC_ATOMIC_GET(pd->bypassed)));

            json_object_set_new(answer, "message", jdata);

            SCReturnInt(TM_ECODE_OK);

        }

    }

    json_object_set_new(answer, "message", json_string("Iface does not exist"));

    SCReturnInt(TM_ECODE_FAILED);

}


TmEcode LiveDeviceIfaceList(json_t *cmd, json_t *answer, void *data)

{

    SCEnter();

    json_t *jdata;

    json_t *jarray;

    LiveDevice *pd;

    int i = 0;


    jdata = json_object();

    if (jdata == NULL) {

        json_object_set_new(answer, "message",

                            json_string("internal error at json object creation"));

        return TM_ECODE_FAILED;

    }

    jarray = json_array();

    if (jarray == NULL) {

        json_object_set_new(answer, "message",

                            json_string("internal error at json object creation"));

        return TM_ECODE_FAILED;

    }

    TAILQ_FOREACH(pd, &live_devices, next) {

        json_array_append_new(jarray, json_string(pd->dev));

        i++;

    }


    json_object_set_new(jdata, "count", json_integer(i));

    json_object_set_new(jdata, "ifaces", jarray);

    json_object_set_new(answer, "message", jdata);

    SCReturnInt(TM_ECODE_OK);

}


#endif /* BUILD_UNIX_SOCKET */


LiveDevice *LiveDeviceForEach(LiveDevice **ldev, LiveDevice **ndev)

{

    if (*ldev == NULL) {

        *ldev = TAILQ_FIRST(&live_devices);

        *ndev = TAILQ_NEXT(*ldev, next);

        return *ldev;

    } else {

        *ldev = *ndev;

        if (*ldev) {

            *ndev = TAILQ_NEXT(*ldev, next);

        }

        return *ldev;

    }

    return NULL;

}


/**

 * Create registered devices

 *

 * This function creates all needed LiveDevice from

 * the LiveDeviceName list created via LiveRegisterDevice()

 */

void LiveDeviceFinalize(void)

{

    LiveDeviceName *ld, *pld;

    SCLogDebug("Finalize live device");

    /* Iter on devices and register them */

    TAILQ_FOREACH_SAFE(ld, &pre_live_devices, next, pld) {

        if (ld->dev) {

            LiveRegisterDevice(ld->dev);

            SCFree(ld->dev);

        }

        SCFree(ld);

    }

}


static void LiveDevExtensionFree(void *x)

{

    if (x)

        SCFree(x);

}


/**

 * Register bypass stats storage

 */

void LiveDevRegisterExtension(void)

{

    g_bypass_storage_id = LiveDevStorageRegister("bypass_stats", sizeof(void *),

                                                 NULL, LiveDevExtensionFree);

}


/**

 * Prepare a LiveDevice so we can set bypass stats

 */

int LiveDevUseBypass(LiveDevice *dev)

{

    BypassInfo *bpinfo = SCCalloc(1, sizeof(*bpinfo));

    if (bpinfo == NULL) {

        SCLogError(SC_ERR_MEM_ALLOC, "Can't allocate bypass info structure");

        return -1;

    }


    SC_ATOMIC_INIT(bpinfo->ipv4_hash_count);

    SC_ATOMIC_INIT(bpinfo->ipv4_hash_count);


    LiveDevSetStorageById(dev, g_bypass_storage_id, bpinfo);

    return 0;

}


/**

 * Set number of currently bypassed flows for a protocol family

 *

 * \param dev pointer to LiveDevice to set stats for

 * \param cnt number of currently bypassed flows

 * \param family AF_INET to set IPv4 count or AF_INET6 to set IPv6 count

 */

void LiveDevSetBypassStats(LiveDevice *dev, uint64_t cnt, int family)

{

    BypassInfo *bpfdata = LiveDevGetStorageById(dev, g_bypass_storage_id);

    if (bpfdata) {

        if (family == AF_INET) {

            SC_ATOMIC_SET(bpfdata->ipv4_hash_count, cnt);

        } else if (family == AF_INET6) {

            SC_ATOMIC_SET(bpfdata->ipv6_hash_count, cnt);

        }

    }

}


/**

 * Increase number of currently bypassed flows for a protocol family

 *

 * \param dev pointer to LiveDevice to set stats for

 * \param cnt number of flows to add

 * \param family AF_INET to set IPv4 count or AF_INET6 to set IPv6 count

 */

void LiveDevAddBypassStats(LiveDevice *dev, uint64_t cnt, int family)

{

    BypassInfo *bpfdata = LiveDevGetStorageById(dev, g_bypass_storage_id);

    if (bpfdata) {

        if (family == AF_INET) {

            SC_ATOMIC_ADD(bpfdata->ipv4_hash_count, cnt);

        } else if (family == AF_INET6) {

            SC_ATOMIC_ADD(bpfdata->ipv6_hash_count, cnt);

        }

    }

}


/**

 * Decrease number of currently bypassed flows for a protocol family

 *

 * \param dev pointer to LiveDevice to set stats for

 * \param cnt number of flows to remove

 * \param family AF_INET to set IPv4 count or AF_INET6 to set IPv6 count

 */

void LiveDevSubBypassStats(LiveDevice *dev, uint64_t cnt, int family)

{

    BypassInfo *bpfdata = LiveDevGetStorageById(dev, g_bypass_storage_id);

    if (bpfdata) {

        if (family == AF_INET) {

            SC_ATOMIC_SUB(bpfdata->ipv4_hash_count, cnt);

        } else if (family == AF_INET6) {

            SC_ATOMIC_SUB(bpfdata->ipv6_hash_count, cnt);

        }

    }

}


/**

 * Increase number of failed captured flows for a protocol family

 *

 * \param dev pointer to LiveDevice to set stats for

 * \param cnt number of flows to add

 * \param family AF_INET to set IPv4 count or AF_INET6 to set IPv6 count

 */

void LiveDevAddBypassFail(LiveDevice *dev, uint64_t cnt, int family)

{

    BypassInfo *bpfdata = LiveDevGetStorageById(dev, g_bypass_storage_id);

    if (bpfdata) {

        if (family == AF_INET) {

            SC_ATOMIC_ADD(bpfdata->ipv4_fail, cnt);

        } else if (family == AF_INET6) {

            SC_ATOMIC_ADD(bpfdata->ipv6_fail, cnt);

        }

    }

}


/**

 * Increase number of currently succesfully bypassed flows for a protocol family

 *

 * \param dev pointer to LiveDevice to set stats for

 * \param cnt number of flows to add

 * \param family AF_INET to set IPv4 count or AF_INET6 to set IPv6 count

 */

void LiveDevAddBypassSuccess(LiveDevice *dev, uint64_t cnt, int family)

{

    BypassInfo *bpfdata = LiveDevGetStorageById(dev, g_bypass_storage_id);

    if (bpfdata) {

        if (family == AF_INET) {

            SC_ATOMIC_ADD(bpfdata->ipv4_success, cnt);

        } else if (family == AF_INET6) {

            SC_ATOMIC_ADD(bpfdata->ipv6_success, cnt);

        }

    }

}


#ifdef BUILD_UNIX_SOCKET

TmEcode LiveDeviceGetBypassedStats(json_t *cmd, json_t *answer, void *data)

{

    LiveDevice *ldev = NULL, *ndev;


    json_t *ifaces = NULL;

    while(LiveDeviceForEach(&ldev, &ndev)) {

        BypassInfo *bpinfo = LiveDevGetStorageById(ldev, g_bypass_storage_id);

        if (bpinfo) {

            uint64_t ipv4_hash_count = SC_ATOMIC_GET(bpinfo->ipv4_hash_count);

            uint64_t ipv6_hash_count = SC_ATOMIC_GET(bpinfo->ipv6_hash_count);

            uint64_t ipv4_success = SC_ATOMIC_GET(bpinfo->ipv4_success);

            uint64_t ipv4_fail = SC_ATOMIC_GET(bpinfo->ipv4_fail);

            uint64_t ipv6_success = SC_ATOMIC_GET(bpinfo->ipv6_success);

            uint64_t ipv6_fail = SC_ATOMIC_GET(bpinfo->ipv6_fail);

            json_t *iface = json_object();

            if (ifaces == NULL) {

                ifaces = json_object();

                if (ifaces == NULL) {

                    json_object_set_new(answer, "message",

                            json_string("internal error at json object creation"));

                    return TM_ECODE_FAILED;

                }

            }

            json_object_set_new(iface, "ipv4_maps_count", json_integer(ipv4_hash_count));

            json_object_set_new(iface, "ipv4_success", json_integer(ipv4_success));

            json_object_set_new(iface, "ipv4_fail", json_integer(ipv4_fail));

            json_object_set_new(iface, "ipv6_maps_count", json_integer(ipv6_hash_count));

            json_object_set_new(iface, "ipv6_success", json_integer(ipv6_success));

            json_object_set_new(iface, "ipv6_fail", json_integer(ipv6_fail));

            json_object_set_new(ifaces, ldev->dev, iface);

        }

    }

    if (ifaces) {

        json_object_set_new(answer, "message", ifaces);

        SCReturnInt(TM_ECODE_OK);

    }


    json_object_set_new(answer, "message",

                        json_string("No interface using bypass"));

    SCReturnInt(TM_ECODE_FAILED);

}

#endif