suricata: introduce global linktype

As Suricata is not supporting pcap-ng we have to stick with one single
datalink type for the capture if ever we want to do pcap logging.
Assuming this, this patch introduces a function to set the link
type globally. This will be used with pcap conditional logging
to get the logging of TCP segments with the correct link type.

src/Makefile.am

@@ -513,6 +513,7 @@ noinst_HEADERS = \
 	util-coredump-config.h \
 	util-cpu.h \
 	util-daemon.h \
+	util-datalink.h \
 	util-debug-filters.h \
 	util-debug.h \
 	util-decode-mime.h \
@@ -1092,6 +1093,7 @@ libsuricata_c_a_SOURCES = \
 	util-coredump-config.c \
 	util-cpu.c \
 	util-daemon.c \
+	util-datalink.c \
 	util-debug.c \
 	util-debug-filters.c \
 	util-decode-mime.c \

src/source-af-packet.c

@@ -44,6 +44,7 @@
 #include "tm-threads-common.h"
 #include "conf.h"
 #include "util-cpu.h"
+#include "util-datalink.h"
 #include "util-debug.h"
 #include "util-device.h"
 #include "util-ebpf.h"
@@ -1512,6 +1513,8 @@ int AFPGetLinkType(const char *ifname)
     ltype =  AFPGetDevLinktype(fd, ifname);
     close(fd);
 
+    DatalinkSetGlobalType(ltype);
+
     return ltype;
 }
 

src/source-erf-dag.c

@@ -31,6 +31,7 @@
 #include "tm-threads.h"
 
 #include "util-privs.h"
+#include "util-datalink.h"
 #include "util-device.h"
 #include "tmqh-packetpool.h"
 #include "source-erf-dag.h"
@@ -305,6 +306,8 @@ ReceiveErfDagThreadInit(ThreadVars *tv, void *initdata, void **data)
     ewtn->tv = tv;
     *data = (void *)ewtn;
 
+    DatalinkSetGlobalType(LINKTYPE_ETHERNET);
+
     SCLogInfo("Starting processing packets from stream: %d on DAG: %s",
         ewtn->dagstream, ewtn->dagname);
 

src/source-erf-file.c

@@ -29,6 +29,7 @@
 #include "suricata.h"
 #include "tm-threads.h"
 #include "source-erf-file.h"
+#include "util-datalink.h"
 
 #define DAG_TYPE_ETH 2
 
@@ -241,6 +242,8 @@ ReceiveErfFileThreadInit(ThreadVars *tv, const void *initdata, void **data)
 
     SCLogInfo("Processing ERF file %s", (char *)initdata);
 
+    DatalinkSetGlobalType(LINKTYPE_ETHERNET);
+
     SCReturnInt(TM_ECODE_OK);
 }
 

src/source-ipfw.c

@@ -37,6 +37,7 @@
 #include "conf.h"
 #include "util-byte.h"
 #include "util-privs.h"
+#include "util-datalink.h"
 #include "util-device.h"
 #include "runmodes.h"
 
@@ -371,6 +372,7 @@ TmEcode ReceiveIPFWThreadInit(ThreadVars *tv, const void *initdata, void **data)
     }
 
     ntv->datalink = DLT_RAW;
+    DatalinkSetGlobalType(DLT_RAW);
 
     *data = (void *)ntv;
 

src/source-napatech.c

@@ -28,6 +28,7 @@
 #include "suricata-common.h"
 #include "suricata.h"
 #include "threadvars.h"
+#include "util-datalink.h"
 #include "util-optimize.h"
 #include "tm-queuehandlers.h"
 #include "tm-threads.h"
@@ -656,6 +657,9 @@ TmEcode NapatechStreamThreadInit(ThreadVars *tv, const void *initdata, void **da
     ntv->stream_id = stream_id;
     ntv->tv = tv;
     ntv->hba = conf->hba;
+
+    DatalinkSetGlobalType(LINKTYPE_ETHERNET);
+
     SCLogDebug("Started processing packets from NAPATECH  Stream: %lu", ntv->stream_id);
 
     *data = (void *) ntv;

src/source-netmap.c

@@ -40,6 +40,7 @@
 #include "util-bpf.h"
 #include "util-privs.h"
 #include "util-validate.h"
+#include "util-datalink.h"
 
 #include "source-netmap.h"
 
@@ -573,6 +574,8 @@ static TmEcode ReceiveNetmapThreadInit(ThreadVars *tv, const void *initdata, voi
 
     SCLogDebug("thread: %s polling on fd: %d", tv->name, ntv->ifsrc->nmd->fd);
 
+    DatalinkSetGlobalType(LINKTYPE_ETHERNET);
+
     *data = (void *)ntv;
     aconf->DerefFunc(aconf);
     SCReturnInt(TM_ECODE_OK);

src/source-nflog.c

@@ -326,6 +326,8 @@ TmEcode ReceiveNFLOGThreadInit(ThreadVars *tv, const void *initdata, void **data
     ntv->datalen = T_DATA_SIZE;
 #undef T_DATA_SIZE
 
+    DatalinkSetGlobalType(DLT_RAW);
+
     *data = (void *)ntv;
 
     nflconfig->DerefFunc(nflconfig);

src/source-nfq.c

@@ -41,6 +41,7 @@
 #include "source-nfq-prototypes.h"
 #include "action-globals.h"
 
+#include "util-datalink.h"
 #include "util-debug.h"
 #include "util-error.h"
 #include "util-byte.h"
@@ -731,6 +732,8 @@ TmEcode ReceiveNFQThreadInit(ThreadVars *tv, const void *initdata, void **data)
     ntv->datalen = T_DATA_SIZE;
 #undef T_DATA_SIZE
 
+    DatalinkSetGlobalType(DLT_RAW);
+
     *data = (void *)ntv;
 
     SCMutexUnlock(&nfq_init_lock);

src/source-pcap-file-helper.c

@@ -24,6 +24,7 @@
  */
 
 #include "source-pcap-file-helper.h"
+#include "util-datalink.h"
 #include "util-checksum.h"
 #include "util-profiling.h"
 #include "source-pcap-file.h"
@@ -223,6 +224,7 @@ TmEcode InitPcapFile(PcapFileFileVars *pfv)
 
     pfv->datalink = pcap_datalink(pfv->pcap_handle);
     SCLogDebug("datalink %" PRId32 "", pfv->datalink);
+    DatalinkSetGlobalType(pfv->datalink);
 
     if (!PeekFirstPacketTimestamp(pfv))
         SCReturnInt(TM_ECODE_FAILED);

src/source-pcap.c

@@ -36,6 +36,7 @@
 #include "util-debug.h"
 #include "util-error.h"
 #include "util-privs.h"
+#include "util-datalink.h"
 #include "util-device.h"
 #include "util-optimize.h"
 #include "util-checksum.h"
@@ -540,6 +541,7 @@ static TmEcode ReceivePcapThreadInit(ThreadVars *tv, const void *initdata, void
     (void)GetIfaceOffloading(pcapconfig->iface, 1, 1);
 
     ptv->datalink = pcap_datalink(ptv->pcap_handle);
+    DatalinkSetGlobalType(ptv->datalink);
 
     pcapconfig->DerefFunc(pcapconfig);
 

src/source-pfring.c

@@ -41,6 +41,7 @@
 #include "util-debug.h"
 #include "util-checksum.h"
 #include "util-privs.h"
+#include "util-datalink.h"
 #include "util-device.h"
 #include "util-host-info.h"
 #include "runmodes.h"
@@ -644,6 +645,8 @@ TmEcode ReceivePfringThreadInit(ThreadVars *tv, const void *initdata, void **dat
         }
     }
 
+    DatalinkSetGlobalType(LINKTYPE_ETHERNET);
+
     *data = (void *)ptv;
     pfconf->DerefFunc(pfconf);
 

src/util-datalink.c

@@ -0,0 +1,44 @@
+/* Copyright (C) 2021 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+#include "suricata-common.h"
+#include "conf.h"
+#include "util-datalink.h"
+
+int g_datalink_value = LINKTYPE_NULL;
+int g_datalink_is_multiple = 0;
+
+void DatalinkSetGlobalType(int datalink)
+{
+    if (g_datalink_value != LINKTYPE_NULL) {
+        if (datalink != g_datalink_value) {
+            g_datalink_is_multiple = 1;
+        }
+    } else {
+        g_datalink_value = datalink;
+    }
+}
+
+inline int DatalinkGetGlobalType(void)
+{
+    return g_datalink_value;
+}
+
+bool DatalinkHasMultipleValues(void)
+{
+    return g_datalink_is_multiple == 1;
+}

src/util-datalink.h

@@ -0,0 +1,25 @@
+/* Copyright (C) 2021 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+#ifndef __UTIL_DATALINK_H__
+#define __UTIL_DATALINK_H__
+
+void DatalinkSetGlobalType(int datalink);
+int DatalinkGetGlobalType(void);
+bool DatalinkHasMultipleValues(void);
+
+#endif /* __UTIL_DATALINK_H__ */