/*
** Copyright (C) 2005-2007 by Carnegie Mellon University.
**
** @OPENSOURCE_HEADER_START@
** 
** Use of the SILK system and related source code is subject to the terms 
** of the following licenses:
** 
** GNU Public License (GPL) Rights pursuant to Version 2, June 1991
** Government Purpose License Rights (GPLR) pursuant to DFARS 252.225-7013
** 
** NO WARRANTY
** 
** ANY INFORMATION, MATERIALS, SERVICES, INTELLECTUAL PROPERTY OR OTHER 
** PROPERTY OR RIGHTS GRANTED OR PROVIDED BY CARNEGIE MELLON UNIVERSITY 
** PURSUANT TO THIS LICENSE (HEREINAFTER THE "DELIVERABLES") ARE ON AN 
** "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY 
** KIND, EITHER EXPRESS OR IMPLIED AS TO ANY MATTER INCLUDING, BUT NOT 
** LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, 
** MERCHANTABILITY, INFORMATIONAL CONTENT, NONINFRINGEMENT, OR ERROR-FREE 
** OPERATION. CARNEGIE MELLON UNIVERSITY SHALL NOT BE LIABLE FOR INDIRECT, 
** SPECIAL OR CONSEQUENTIAL DAMAGES, SUCH AS LOSS OF PROFITS OR INABILITY 
** TO USE SAID INTELLECTUAL PROPERTY, UNDER THIS LICENSE, REGARDLESS OF 
** WHETHER SUCH PARTY WAS AWARE OF THE POSSIBILITY OF SUCH DAMAGES. 
** LICENSEE AGREES THAT IT WILL NOT MAKE ANY WARRANTY ON BEHALF OF 
** CARNEGIE MELLON UNIVERSITY, EXPRESS OR IMPLIED, TO ANY PERSON 
** CONCERNING THE APPLICATION OF OR THE RESULTS TO BE OBTAINED WITH THE 
** DELIVERABLES UNDER THIS LICENSE.
** 
** Licensee hereby agrees to defend, indemnify, and hold harmless Carnegie 
** Mellon University, its trustees, officers, employees, and agents from 
** all claims or demands made against them (and any related losses, 
** expenses, or attorney's fees) arising out of, or relating to Licensee's 
** and/or its sub licensees' negligent use or willful misuse of or 
** negligent conduct or willful misconduct regarding the Software, 
** facilities, or other rights or assistance granted by Carnegie Mellon 
** University under this License, including, but not limited to, any 
** claims of product liability, personal injury, death, damage to 
** property, or violation of any laws or regulations.
** 
** Carnegie Mellon University Software Engineering Institute authored 
** documents are sponsored by the U.S. Department of Defense under 
** Contract F19628-00-C-0003. Carnegie Mellon University retains 
** copyrights in all material produced under this contract. The U.S. 
** Government retains a non-exclusive, royalty-free license to publish or 
** reproduce these documents, or allow others to do so, for U.S. 
** Government purposes only pursuant to the copyright license under the 
** contract clause at 252.227.7013.
** 
** @OPENSOURCE_HEADER_END@
*/
#ifndef _PROBECONF_PRIV_H
#define _PROBECONF_PRIV_H

#include "silk.h"

RCSIDENTVAR(rcsID_PROBECONF_PRIV_H, "$SiLK: probeconf_priv.h 6819 2007-04-06 14:28:10Z mthomas $");

/*
**  probeconf_priv.h
**
**  Private header to be used by the probeconf*.c files.
**
*/

#include "utils.h"
#include "sksite.h"
#include "skvector.h"
#include "probeconf.h"
#include "silk_site.h"
#include "probeconfscan.h"
#include "sklog.h"
#include "libflowsource.h"


/* Web classification utilities; 'p' is a port in native byte order;
 * 'r' is an RWGENERIC record in native byte order. */
#define IS_WEB_PORT(p)  ((p) == 80 || (p) == 443 || (p) == 8080)
#define IS_WEB(r) \
    ((r)->proto == 6 && (IS_WEB_PORT((r)->sPort) || IS_WEB_PORT((r)->dPort)))


/* The probe structure. */
struct _probe_def {

    sk_bitmap_t        *if_map[NUM_IFMAPS];

    skOctetMap_t      **if_ipblock[NUM_IFMAPS];

    /* The host:port combination on which this probe should listen for
     * data, as an IP address in network-byte order and a
     * port-number. */
    in_addr_t           listen_as_addr;
    uint32_t            listen_on_port;

    /* The host that this probe should accept connections from, as a
     * C-string and an IP in network-byte order */
    char               *accept_from_name;
    in_addr_t           accept_from_addr;

    /* The unix domain socket on which this probe should listen for
     * data, as a UNIX pathname */
    char               *unix_domain_path;

    /* A file name from which to read flow data */
    char               *file_source;

    /* A directory path name to poll in order to find files from which
     * to read flow data */
    char               *poll_directory;

    /* the name of the probe */
    char                probe_name[SK_MAX_STRLEN_SENSOR+1];

    /* the name of the sensor for the probe */
    char                sensor_name[SK_MAX_STRLEN_SENSOR+1];

    /* the unique name of the probe: sensor_name/probe_name */
    char                probe_uniq_name[2*SK_MAX_STRLEN_SENSOR+2];


    /* A list (and a count of the elements in the list) that contains
     * the IP addresses of the ISP's this probe talks to. */
    uint32_t           *isp_ip_list;
    int32_t             isp_ip_count;

    /* Whether the ipblock for the interface is a negative block */
    int8_t              if_ip_negated[NUM_IFMAPS];

    /* The sensor ID.  Either from the sensorInfo[] structure in
     * silk_site_*.h, or a value we have created. */
    sensorID_t          sensor_id;

    /* Probe priority */
    probe_priority_t    priority;

    /* Probe type */
    probe_enum_t        probe_type;

    /* Probe protocol */
    probe_proto_t       protocol;

    /* Probe logging flags */
    uint8_t             log_flags;

    /* Non-zero if probe has ipblocks defined; zero otherwise */
    int8_t              has_ipblocks;

    /* The interface that has been set as the catch-all for the
     * remaining IP blocks, or REMAINDER_NOT_SET. */
    uint8_t             if_remaining_ips;
};


/* Which "side" of the record we look at when testing its flow
 * interfaces: whether it is COMING FROM an internet cloud---then we
 * look at its source IP or input SNMP interface---or GOING TO a
 * cloud---look at the destination IP or output SNMP interface. */
typedef enum {
    REC_DIR_FROM=8, REC_DIR_TO=16
} rec_direction_t;


int skProbeVerifyNetflow(probe_def_t *probe);
int skProbeVerifyIPFIX(probe_def_t *probe);
int skProbeVerifySilk(probe_def_t *probe);
int skProbeVerifyClass(probe_def_t *probe);
uint32_t skProbeCountNetflowInterfaces(
    const probe_def_t  *probe,
    int                 include_null);

int skProbeTestFlowInterfaces(
    const probe_def_t  *probe,
    const rwRec        *rwrec,
    ifmap_group_id_t    if_group_id,
    rec_direction_t     rec_dir);
/*
 *    Test 'rwrec' against the 'if_group_id' interfaces---either the
 *    SNMP values or the IP-block values---on the 'probe'.  The value
 *    'rec_dir' tells the function whether to check if the rwrec was
 *    coming from the specified space or going to that space.
 *
 *    The function returns 1 if there is a match, -1 if there was not
 *    a match, and 0 if neither an IP block list nor an SNMP interface
 *    list was defined for the 'if_group_id' interface.
 *
 *    If 'rec_dir' is REC_DIR_FROM, the function checks rwrec->sIP
 *    against the list of IP blocks for the 'if_group_id' interface.
 *    If no IP blocks are defined, the function checks the
 *    rwrec->input against the list of SNMP interfaces for that
 *    interface.  When 'rec_dir' is REC_DIR_TO, rwrec->dIP and
 *    rwrec->output are checked.
 */


int  probeConfSiteSetup(void);
void probeConfSiteTeardown(void);
/*
 *    Site-specific initialization and cleanup functions.  The
 *    probeconf-<$SILK_SITE>.c file must define these.
 */


#endif /* _PROBECONF_PRIV_H */

/*
** Local variables:
** mode:c
** indent-tabs-mode:nil
** c-basic-offset:4
** End:
*/