)
endif(STATIC_CODECS)
-add_subdirectory(test)
#include "codecs/codec_module.h"
#include "framework/codec.h"
-#include "log/messages.h"
+#include "log/text_log.h"
#include "protocols/cisco_meta_data.h"
-#include "protocols/layer.h"
using namespace snort;
{ DECODE_CISCO_META_HDR_TRUNC, "truncated Cisco Metadata header" },
{ DECODE_CISCO_META_HDR_OPT_LEN, "invalid Cisco Metadata option length" },
{ DECODE_CISCO_META_HDR_OPT_TYPE, "invalid Cisco Metadata option type" },
- { DECODE_CISCO_META_HDR_SGT, "invalid Cisco Metadata SGT" },
+ { DECODE_CISCO_META_HDR_SGT, "invalid Cisco Metadata security group tag" },
{ 0, nullptr }
};
+static const PegInfo ciscometadata_pegs[] =
+{
+ { CountType::SUM, "truncated_hdr", "total truncated Cisco Metadata headers" },
+ { CountType::SUM, "invalid_hdr_ver", "total invalid Cisco Metadata header versions" },
+ { CountType::SUM, "invalid_hdr_len", "total invalid Cisco Metadata header lengths" },
+ { CountType::SUM, "invalid_opt_len", "total invalid Cisco Metadata option lengths" },
+ { CountType::SUM, "invalid_opt_type", "total invalid Cisco Metadata option types" },
+ { CountType::SUM, "invalid_sgt", "total invalid Cisco Metadata security group tags" },
+ { CountType::END, nullptr, nullptr }
+};
+
+struct CiscoMetaDataStats
+{
+ PegCount truncated_hdr;
+ PegCount invalid_hdr_ver;
+ PegCount invalid_hdr_len;
+ PegCount invalid_opt_len;
+ PegCount invalid_opt_type;
+ PegCount invalid_sgt;
+};
+static THREAD_LOCAL CiscoMetaDataStats ciscometadata_stats;
+
class CiscoMetaDataModule : public CodecModule
{
public:
const RuleMap* get_rules() const override
{ return ciscometadata_rules; }
+
+ const PegInfo* get_pegs() const override
+ { return ciscometadata_pegs; }
+
+ PegCount* get_counts() const override
+ { return (PegCount*) &ciscometadata_stats; }
};
class CiscoMetaDataCodec : public Codec
void get_protocol_ids(std::vector<ProtocolId>& v) override;
bool decode(const RawData&, CodecData&, DecodeData&) override;
+ void log(TextLog* const, const uint8_t* raw_pkt, const uint16_t lyr_len) override;
};
-constexpr uint8_t CISCO_META_OPT_LEN_SHIFT = 4;
+constexpr uint8_t CISCO_META_VALID_HDR_VER = 1;
+constexpr uint8_t CISCO_META_VALID_HDR_LEN = 1;
+constexpr uint16_t CISCO_META_VALID_OPT_LEN = 0;
+constexpr uint8_t CISCO_META_OPT_LEN_SHIFT = 13;
constexpr uint16_t CISCO_META_OPT_TYPE_SGT = 1;
-constexpr uint16_t CISCO_META_OPT_TYPE_MASK = 0x1FFF; //mask opt_len_type to get option type
-// Currently we only support one CiscoMetaDataHdr which is size of 1 byte.
-constexpr uint8_t SUPPORTED_HDR_LEN = 1;
+constexpr uint16_t CISCO_META_OPT_TYPE_MASK = 0x1FFF; // mask opt_len_type to get option type
} // namespace
void CiscoMetaDataCodec::get_protocol_ids(std::vector<ProtocolId>& v)
bool CiscoMetaDataCodec::decode(const RawData& raw, CodecData& codec, DecodeData&)
{
- uint16_t len;
- uint16_t type;
-
- /* 2 octets for ethertype + 2 octets for CiscoMetaDataHdr
- * + 4 octets for CiscoMetaDataOpt
- */
- uint32_t total_len = (sizeof(uint16_t)
- + sizeof(cisco_meta_data::CiscoMetaDataHdr)
- + sizeof(cisco_meta_data::CiscoMetaDataOpt));
-
- if (raw.len < total_len)
+ if (raw.len < sizeof(cisco_meta_data::CiscoMetaDataHdr))
{
+ ciscometadata_stats.truncated_hdr++;
codec_event(codec, DECODE_CISCO_META_HDR_TRUNC);
return false;
}
const cisco_meta_data::CiscoMetaDataHdr* const cmdh =
reinterpret_cast<const cisco_meta_data::CiscoMetaDataHdr*>(raw.data);
- if (SUPPORTED_HDR_LEN != cmdh->length)
+ if (cmdh->version != CISCO_META_VALID_HDR_VER)
{
- codec_event(codec, DECODE_CISCO_META_HDR_TRUNC);
+ ciscometadata_stats.invalid_hdr_ver++;
return false;
}
- const cisco_meta_data::CiscoMetaDataOpt* cmd_option =
- reinterpret_cast<const cisco_meta_data::CiscoMetaDataOpt*>(raw.data
- + sizeof(cisco_meta_data::CiscoMetaDataHdr));
+ if (cmdh->length != CISCO_META_VALID_HDR_LEN)
+ {
+ ciscometadata_stats.invalid_hdr_len++;
+ return false;
+ }
// Top 3 bits (length) must be equal to 0
// Bottom 13 bits (type) must be 1 to indicate SGT
- len = ntohs(cmd_option->opt_len_type) >> CISCO_META_OPT_LEN_SHIFT;
- type = ntohs(cmd_option->opt_len_type) & CISCO_META_OPT_TYPE_MASK;
+ uint16_t len = ntohs(cmdh->opt_len_type) >> CISCO_META_OPT_LEN_SHIFT;
+ uint16_t type = ntohs(cmdh->opt_len_type) & CISCO_META_OPT_TYPE_MASK;
- // 0 indicates 4 octets which is sizeof(CiscoMetaDataOpt)
- if (len != 0)
+ // 0 indicates no additional options beyond SGT, which is all we support
+ if (len > CISCO_META_VALID_OPT_LEN)
{
+ ciscometadata_stats.invalid_opt_len++;
codec_event(codec, DECODE_CISCO_META_HDR_OPT_LEN);
return false;
}
if (type != CISCO_META_OPT_TYPE_SGT)
{
+ ciscometadata_stats.invalid_opt_type++;
codec_event(codec, DECODE_CISCO_META_HDR_OPT_TYPE);
return false;
}
/* Tag value 0xFFFF is invalid */
- if (cmd_option->sgt == 0xFFFF)
+ if (cmdh->sgt == 0xFFFF)
{
+ ciscometadata_stats.invalid_sgt++;
codec_event(codec, DECODE_CISCO_META_HDR_SGT);
return false;
}
-#ifdef REG_TEST
- LogMessage("Value of sgt %d\n", ntohs(cmd_option->sgt));
-#endif
-
- codec.lyr_len = total_len;
+ codec.lyr_len = sizeof(cisco_meta_data::CiscoMetaDataHdr);
- //The last 2 octets of the header will be the real ethtype
- codec.next_prot_id = static_cast<ProtocolId>
- (ntohs(*((const uint16_t*)(raw.data + codec.lyr_len - sizeof(uint16_t)))));
+ codec.next_prot_id = static_cast<ProtocolId>(ntohs(cmdh->ether_type));
codec.codec_flags |= CODEC_ETHER_NEXT;
codec.proto_bits |= PROTO_BIT__CISCO_META_DATA;
return true;
}
+void CiscoMetaDataCodec::log(TextLog* const text_log, const uint8_t* raw_pkt,
+ const uint16_t /*lyr_len*/)
+{
+ const cisco_meta_data::CiscoMetaDataHdr* const cmdh =
+ reinterpret_cast<const cisco_meta_data::CiscoMetaDataHdr*>(raw_pkt);
+
+ TextLog_Print(text_log, "Ver:%hhu SGT:%hu EtherNext:0x%X",
+ cmdh->version, cmdh->sgt_val(), ntohs(cmdh->ether_type));
+}
+
//-------------------------------------------------------------------------
// api
//-------------------------------------------------------------------------
+++ /dev/null
-add_cpputest( cisco_meta_data_test
- SOURCES
- ../../../protocols/layer.cc
-)
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2019-2020 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-
-// cisco_meta_data_test.cc author Sunirmal Mukherjee <sunimukh@cisco.com>
-// unit test main
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-
-#include "protocols/cisco_meta_data.h"
-#include "protocols/ip.h"
-#include "protocols/layer.h"
-#include "protocols/packet.h"
-
-#include <CppUTest/CommandLineTestRunner.h>
-#include <CppUTest/TestHarness.h>
-
-using namespace snort;
-
-//-------------------------------------------------------------------------
-// tests
-//-------------------------------------------------------------------------
-
-Packet::Packet(bool) { }
-Packet::~Packet() = default;
-
-namespace snort
-{
-void ip::IpApi::set(ip::IP4Hdr const* iph)
-{
- return;
-}
-
-void ip::IpApi::set(ip::IP6Hdr const* iph)
-{
- return;
-}
-
-void ip::IpApi::reset()
-{
- return;
-}
-
-const uint8_t* ip::IpApi::ip_data() const
-{
- return nullptr;
-}
-}
-
-static inline void push_layer(Packet* p,
- ProtocolId prot_id,
- const uint8_t* hdr_start,
- uint32_t len)
-{
- Layer& lyr = p->layers[p->num_layers++];
- lyr.prot_id = prot_id;
- lyr.start = hdr_start;
- lyr.length = (uint16_t)len;
-}
-
-TEST_GROUP(cisco_meta_data_test)
-{
-};
-
-TEST(cisco_meta_data_test, cisco_meta_data_class_test)
-{
- Packet pkt(false);
- Layer layers;
- uint8_t * cmd_data;
- int len;
- int sgt;
-
- pkt.num_layers = 0;
- pkt.layers = &layers;
-
- cmd_data = new uint8_t[sizeof(cisco_meta_data::CiscoMetaDataHdr) +
- sizeof(cisco_meta_data::CiscoMetaDataOpt)];
-
- cisco_meta_data::CiscoMetaDataOpt* cmd_options =
- reinterpret_cast<cisco_meta_data::CiscoMetaDataOpt*>(cmd_data +
- sizeof(cisco_meta_data::CiscoMetaDataHdr));
-
- cmd_options->sgt = 512;
-
- len = (sizeof(cisco_meta_data::CiscoMetaDataHdr) + sizeof(cisco_meta_data::CiscoMetaDataOpt));
- pkt.proto_bits |= PROTO_BIT__CISCO_META_DATA;
- push_layer(&pkt, ProtocolId::ETHERTYPE_CISCO_META, cmd_data, len);
- sgt = htons(layer::get_cisco_meta_data_layer(&pkt)->sgt_val());
- CHECK(sgt == cmd_options->sgt);
-
- delete[] cmd_data;
-}
-
-int main(int argc, char** argv)
-{
- return CommandLineTestRunner::RunAllTests(argc, argv);
-}
-
+++ /dev/null
-This is the test case to parse SGT(Security Group Tag/Trustsec) from CiscoMetaData.
-
-CiscoMetaData - A proprietary header in ethernet layer, called CiscoMetaDataHdr.
- After CiscoMetaDataHdr, packet contains CiscoMetaDataOpt which carries
- SGT data.
-
-Here created a dummy packet which has CiscoMetaDataHdr integrated and pushing it to layer stack.
-To validate the sgt data, parsing it from layer and comparing with the expected.
#include "log/text_log.h"
#include "packet_io/active.h"
#include "packet_io/sfdaq.h"
+#include "protocols/cisco_meta_data.h"
#include "protocols/eth.h"
#include "protocols/icmp4.h"
#include "protocols/tcp.h"
TextLog_Puts(csv_log, svc);
}
+static void ff_sgt(const Args& a)
+{
+ if (a.pkt->proto_bits & PROTO_BIT__CISCO_META_DATA)
+ {
+ const cisco_meta_data::CiscoMetaDataHdr* cmdh = layer::get_cisco_meta_data_layer(a.pkt);
+ TextLog_Print(csv_log, "%hu", cmdh->sgt_val());
+ }
+}
+
static void ff_sid(const Args& a)
{
TextLog_Print(csv_log, "%u", a.event.sig_info->sid);
ff_eth_type, ff_flowstart_time, ff_gid, ff_icmp_code, ff_icmp_id, ff_icmp_seq,
ff_icmp_type, ff_iface, ff_ip_id, ff_ip_len, ff_msg, ff_mpls, ff_pkt_gen, ff_pkt_len,
ff_pkt_num, ff_priority, ff_proto, ff_rev, ff_rule, ff_seconds, ff_server_bytes,
- ff_server_pkts, ff_service, ff_sid, ff_src_addr, ff_src_ap, ff_src_port, ff_target,
- ff_tcp_ack, ff_tcp_flags,ff_tcp_len, ff_tcp_seq, ff_tcp_win, ff_timestamp, ff_tos,
- ff_ttl, ff_udp_len, ff_vlan
+ ff_server_pkts, ff_service, ff_sgt, ff_sid, ff_src_addr, ff_src_ap, ff_src_port,
+ ff_target, ff_tcp_ack, ff_tcp_flags,ff_tcp_len, ff_tcp_seq, ff_tcp_win, ff_timestamp,
+ ff_tos, ff_ttl, ff_udp_len, ff_vlan
};
#define csv_range \
- "action | class | b64_data | client_bytes | client_pkts | dir | dst_addr | " \
- "dst_ap | dst_port | eth_dst | eth_len | eth_src | eth_type | flowstart_time | "\
- "gid | icmp_code | icmp_id | icmp_seq | icmp_type | iface | "\
- "ip_id | ip_len | msg | mpls | pkt_gen | pkt_len | " \
+ "action | class | b64_data | client_bytes | client_pkts | dir | " \
+ "dst_addr | dst_ap | dst_port | eth_dst | eth_len | eth_src | " \
+ "eth_type | flowstart_time | gid | icmp_code | icmp_id | icmp_seq | " \
+ "icmp_type | iface | ip_id | ip_len | msg | mpls | pkt_gen | pkt_len | " \
"pkt_num | priority | proto | rev | rule | seconds | server_bytes | " \
- "server_pkts | service | sid | src_addr | src_ap | src_port | target | " \
- "tcp_ack | tcp_flags | tcp_len | tcp_seq | tcp_win | timestamp | " \
+ "server_pkts | service | sgt| sid | src_addr | src_ap | src_port | " \
+ "target | tcp_ack | tcp_flags | tcp_len | tcp_seq | tcp_win | timestamp | " \
"tos | ttl | udp_len | vlan"
#define csv_deflt \
#include "log/text_log.h"
#include "packet_io/active.h"
#include "packet_io/sfdaq.h"
+#include "protocols/cisco_meta_data.h"
#include "protocols/eth.h"
#include "protocols/icmp4.h"
#include "protocols/tcp.h"
return true;
}
+static bool ff_sgt(const Args& a)
+{
+ if (a.pkt->proto_bits & PROTO_BIT__CISCO_META_DATA)
+ {
+ const cisco_meta_data::CiscoMetaDataHdr* cmdh = layer::get_cisco_meta_data_layer(a.pkt);
+ print_label(a, "sgt");
+ TextLog_Print(json_log, "%hu", cmdh->sgt_val());
+ return true;
+ }
+ return false;
+}
+
static bool ff_sid(const Args& a)
{
print_label(a, "sid");
static const JsonFunc json_func[] =
{
ff_action, ff_class, ff_b64_data, ff_client_bytes, ff_client_pkts, ff_dir,
- ff_dst_addr, ff_dst_ap, ff_dst_port, ff_eth_dst, ff_eth_len, ff_eth_src, ff_eth_type,
- ff_flowstart_time, ff_gid, ff_icmp_code, ff_icmp_id, ff_icmp_seq, ff_icmp_type,
- ff_iface, ff_ip_id, ff_ip_len, ff_msg, ff_mpls, ff_pkt_gen, ff_pkt_len,
+ ff_dst_addr, ff_dst_ap, ff_dst_port, ff_eth_dst, ff_eth_len, ff_eth_src,
+ ff_eth_type, ff_flowstart_time, ff_gid, ff_icmp_code, ff_icmp_id, ff_icmp_seq,
+ ff_icmp_type, ff_iface, ff_ip_id, ff_ip_len, ff_msg, ff_mpls, ff_pkt_gen, ff_pkt_len,
ff_pkt_num, ff_priority, ff_proto, ff_rev, ff_rule, ff_seconds, ff_server_bytes,
- ff_server_pkts, ff_service, ff_sid, ff_src_addr, ff_src_ap, ff_src_port, ff_target,
- ff_tcp_ack, ff_tcp_flags, ff_tcp_len, ff_tcp_seq, ff_tcp_win, ff_timestamp, ff_tos,
- ff_ttl, ff_udp_len, ff_vlan
+ ff_server_pkts, ff_service, ff_sgt, ff_sid, ff_src_addr, ff_src_ap, ff_src_port,
+ ff_target, ff_tcp_ack, ff_tcp_flags,ff_tcp_len, ff_tcp_seq, ff_tcp_win, ff_timestamp,
+ ff_tos, ff_ttl, ff_udp_len, ff_vlan
};
#define json_range \
- "action | class | b64_data | client_bytes | client_pkts | dir | dst_addr | dst_ap | " \
- "dst_port | eth_dst | eth_len | eth_src | eth_type | flowstart_time | " \
- "gid | icmp_code | icmp_id | icmp_seq | icmp_type | iface | ip_id | ip_len | " \
- "msg | mpls | pkt_gen | pkt_len | pkt_num | priority | proto | rev | rule | " \
- "seconds | server_bytes | server_pkts | service | sid | src_addr | src_ap | src_port | target | " \
- "tcp_ack | tcp_flags | tcp_len | tcp_seq | tcp_win | timestamp | " \
+ "action | class | b64_data | client_bytes | client_pkts | dir | " \
+ "dst_addr | dst_ap | dst_port | eth_dst | eth_len | eth_src | " \
+ "eth_type | flowstart_time | gid | icmp_code | icmp_id | icmp_seq | " \
+ "icmp_type | iface | ip_id | ip_len | msg | mpls | pkt_gen | pkt_len | " \
+ "pkt_num | priority | proto | rev | rule | seconds | server_bytes | " \
+ "server_pkts | service | sgt| sid | src_addr | src_ap | src_port | " \
+ "target | tcp_ack | tcp_flags | tcp_len | tcp_seq | tcp_win | timestamp | " \
"tos | ttl | udp_len | vlan"
#define json_deflt \
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// cisco_meta_data.h author Sunirmal Mukherjee <sunimukh@cisco.com>
+// cisco_meta_data.h author Michael Altizer <mialtize@cisco.com>
#ifndef PROTOCOLS_CISCO_META_DATA_H
#define PROTOCOLS_CISCO_META_DATA_H
{
struct CiscoMetaDataHdr
{
- uint8_t version; // This must be 1
- uint8_t length; //This is the header size in bytes / 8
-};
-
-struct CiscoMetaDataOpt
-{
- uint16_t opt_len_type; // 3-bit length + 13-bit type. Type must be 1
- uint16_t sgt; // Can be any value except 0xFFFF
+ uint8_t version; // MetaData header version
+ uint8_t length; // Header size in quadwords
+ uint16_t opt_len_type; // 3-bit length + 13-bit type
+ uint16_t sgt; // Security Group Tag (anything but 0xFFFF)
+ uint16_t ether_type; // Ethertype for following layer
inline uint16_t sgt_val() const
{ return ntohs(sgt); }
return reinterpret_cast<const vlan::VlanTagHdr*>(lyr->start);
}
-const cisco_meta_data::CiscoMetaDataOpt* get_cisco_meta_data_layer(const Packet* const p)
+const cisco_meta_data::CiscoMetaDataHdr* get_cisco_meta_data_layer(const Packet* const p)
{
assert( p->proto_bits & PROTO_BIT__CISCO_META_DATA );
- uint8_t num_layers = p->num_layers;
- const Layer* lyr = p->layers;
- const Layer* cmd_lyr;
- cmd_lyr = find_layer(lyr, num_layers, ProtocolId::ETHERTYPE_CISCO_META,
+ const Layer* lyr = find_layer(p->layers, p->num_layers, ProtocolId::ETHERTYPE_CISCO_META,
ProtocolId::ETHERTYPE_CISCO_META);
- return reinterpret_cast<const snort::cisco_meta_data::CiscoMetaDataOpt*>(cmd_lyr->start
- + sizeof(snort::cisco_meta_data::CiscoMetaDataHdr));
+ return reinterpret_cast<const cisco_meta_data::CiscoMetaDataHdr*>(lyr->start);
}
const eth::EtherHdr* get_eth_layer(const Packet* const p)
#define PROTOCOLS_LAYER_H
#include "main/snort_types.h"
-#include "protocols/cisco_meta_data.h"
#include "protocols/protocol_ids.h"
namespace snort
uint16_t length;
};
-// forward declaring relevant structs. Since we're only return a pointer,
+// forward declaring relevant structs. Since we're only returning a pointer,
// there is no need for the actual header files
-namespace vlan
-{
-struct VlanTagHdr;
-}
-
namespace arp
{
struct EtherARP;
}
-namespace gre
+namespace cisco_meta_data
{
-struct GREHdr;
+struct CiscoMetaDataHdr;
}
namespace eapol
struct EtherHdr;
}
+namespace gre
+{
+struct GREHdr;
+}
+
+namespace icmp
+{
+struct ICMPHdr;
+}
+
namespace ip
{
class IpApi;
struct UDPHdr;
}
-namespace wlan
+namespace vlan
{
-struct WifiHdr;
+struct VlanTagHdr;
}
-namespace icmp
+namespace wlan
{
-struct ICMPHdr;
+struct WifiHdr;
}
struct Packet;
// Set by PacketManager. Ensure you can call layer:: without a packet pointers
void set_packet_pointer(const Packet* const);
+SO_PUBLIC const uint8_t* get_root_layer(const Packet* const);
+
SO_PUBLIC const uint8_t* get_inner_layer(const Packet*, ProtocolId proto);
SO_PUBLIC const uint8_t* get_outer_layer(const Packet*, ProtocolId proto);
SO_PUBLIC const arp::EtherARP* get_arp_layer(const Packet*);
-SO_PUBLIC const vlan::VlanTagHdr* get_vlan_layer(const Packet*);
-SO_PUBLIC const gre::GREHdr* get_gre_layer(const Packet*);
+SO_PUBLIC const cisco_meta_data::CiscoMetaDataHdr* get_cisco_meta_data_layer(const Packet* const);
SO_PUBLIC const eapol::EtherEapol* get_eapol_layer(const Packet*);
SO_PUBLIC const eth::EtherHdr* get_eth_layer(const Packet*);
+SO_PUBLIC const gre::GREHdr* get_gre_layer(const Packet*);
+SO_PUBLIC const vlan::VlanTagHdr* get_vlan_layer(const Packet*);
SO_PUBLIC const wlan::WifiHdr* get_wifi_layer(const Packet*);
-SO_PUBLIC const uint8_t* get_root_layer(const Packet* const);
+
/* return a pointer to the outermost UDP layer */
SO_PUBLIC const udp::UDPHdr* get_outer_udp_lyr(const Packet* const);
// return the inner ip layer's index in the p->layers array
-SO_PUBLIC int get_inner_ip_lyr_index(const Packet* const p);
-SO_PUBLIC const Layer* get_mpls_layer(const Packet* const p);
+SO_PUBLIC int get_inner_ip_lyr_index(const Packet* const);
+SO_PUBLIC const Layer* get_mpls_layer(const Packet* const);
// Two versions of this because ip_defrag:: wants to call this on
// its rebuilt packet, not on the current packet. Extra function
// header will be removed once layer is a part of the Packet struct
SO_PUBLIC const ip::IP6Frag* get_inner_ip6_frag();
-SO_PUBLIC const ip::IP6Frag* get_inner_ip6_frag(const Packet* const p);
+SO_PUBLIC const ip::IP6Frag* get_inner_ip6_frag(const Packet* const);
// returns -1 on failure if no frag layer exists.
// else, returns zero based ip6 index
-SO_PUBLIC int get_inner_ip6_frag_index(const Packet* const p);
+SO_PUBLIC int get_inner_ip6_frag_index(const Packet* const);
// ICMP with Embedded IP layer
SO_PUBLIC bool set_outer_ip_api(const Packet* const, ip::IpApi&, int8_t& curr_layer);
SO_PUBLIC bool set_outer_ip_api(const Packet* const, ip::IpApi&,
IpProtocol& next_ip_proto, int8_t& curr_layer);
-
-/* This is the api to get CiscoMetaData layer to fetch SGT value from it */
-SO_PUBLIC const cisco_meta_data::CiscoMetaDataOpt* get_cisco_meta_data_layer(const Packet* const p);
} // namespace layer
} // namespace snort
#endif
projects / thirdparty / snort3.git / commitdiff
