day or even just a minute. That way we can find them easily and won't
lose track of them.
-* Presently using FIXIT-X where X = A | W | P | H | M | L | D, indicating
- analysis, warning, perf, high, med, low priority, or deprecated. Place A and
- W comments on the exact warning line so we can match up comments and build
- output. Supporting comments can be added above.
+* Presently using FIXIT-X where X is one of the characters below. Place A
+ and W comments on the exact warning line so we can match up comments and
+ build output. Supporting comments can be added above.
+
+ * A = known static analysis issue
+ * D = deprecated - code to be removed after users update
+ * E = enhancement - next steps for incomplete features (not a bug)
+ * H = high priority - urgent deficiency
+ * L = low priority - cleanup or similar technical debt (not a bug)
+ * M = medium priority - suspected non-urgent deficiency
+ * P = performance issue (not a bug)
+ * W = warning - known compiler warning
* Put the copyright(s) and license in a comment block at the top of each
source file (.h and .cc). Don't bother with trivial scripts and make
/* if this packet isn't a fragment
* or if it is, its a UDP packet and offset is 0 */
if (!(snort.decode_flags & DECODE_FRAG) /*||
- ((frag_off == 0) && // FIXIT-H this forces flow to udp instead of ip
+ ((frag_off == 0) && // FIXIT-M this forces flow to udp instead of ip
(iph->proto() == IpProtocol::UDP))*/)
{
if (to_utype(iph->proto()) >= to_utype(ProtocolId::MIN_UNASSIGNED_IP_PROTO))
// in such case we do not modify the packet length.
if ( (flags & UPD_MODIFIED) && !(flags & UPD_RESIZED) )
{
- // FIXIT-H this worked in Snort. In Snort++, will this be accurate?
updated_len = ntohs(h->ip6_payload_len) + ip::IP6_HEADER_LEN;
}
else
return false;
}
- // FIXIT-H what if the packet's data is non-zero? For example, some
- // regression pcaps have the following: eth:ipv4:nonext:data
+ // FIXIT-M what if the packet's data is non-zero? For example, some
+ // regression pcaps have the following: eth:ipv4:nonext:data.
+ // We should raise an alert, optionally normalize / trim, and if we
+ // don't trim, support detection on the data.
// The size of this packet's data should be zero. So, set this layer's
// length and the packet's remaining length to the same number.
// this case because I don't want this going to the TCP, UDP, or
// ICMP codec. Therefore, doing a minor decode here.
- // FIXIT-H will fail to decode Ipv6 options
+ // FIXIT-M will fail to decode Ipv6 options
switch (ip6h->next())
{
case IpProtocol::TCP: /* decode the interesting part of the header */
codec.proto_bits |= PROTO_BIT__UDP_EMBED_ICMP;
break;
- // FIXIT-H do we need to handle ICMPV6 here?
+ // FIXIT-M do we need to handle ICMPV6 here?
case IpProtocol::ICMPV4:
codec.proto_bits |= PROTO_BIT__ICMP_EMBED_ICMP;
break;
class IpsContextData;
}
-// FIXIT-H add the hold to catch offloads that don't return
+// FIXIT-E add the hold to catch offloads that don't return
class ContextSwitcher
{
public:
void DetectionEngine::reset()
{
IpsContext* c = Analyzer::get_switcher()->get_context();
- c->alt_data.len = 0; // FIXIT-H need context::reset()
+ c->alt_data.len = 0; // FIXIT-L need context::reset()
}
IpsContext* DetectionEngine::get_context()
else
{
enable_content(p);
- p->alt_dsize = 0; // FIXIT-H should be redundant
+ p->alt_dsize = 0; // FIXIT-M should be redundant
InspectorManager::execute(p);
inspected = true;
// Depending on where we are searching we call the appropriate mpse
if ( MpseGroup* so = pg->mpsegrp[pmt] )
{
- // FIXIT-H DELETE ME done - get the context packet number
debug_logf(detection_trace, TRACE_FP_SEARCH, "%" PRIu64 " fp %s.%s[%d]\n",
p->context->packet_number, gadget->get_name(), pm_type_strings[pmt], buf.len);
{
int8_t curr_ip_layer = 0;
- tmp_payload = p->data; // FIXIT-H restore even with offload
+ tmp_payload = p->data; // FIXIT-M restore even with offload
tmp_dsize = p->dsize;
if (layer::set_outer_ip_api(p, p->ptrs.ip_api, curr_ip_layer))
cat = c;
pmd = p;
- // FIXIT-H unconditional trim is bad mkay? see fpGetFinalPattern
+ // FIXIT-M unconditional trim is bad mkay? see fpGetFinalPattern
size = flp_trim(pmd->pattern_buf, pmd->pattern_size, nullptr);
}
assert(p->context->searches.items.size() > 0);
RegexRequest* req = idle.front();
- idle.pop_front(); // FIXIT-H use splice to move instead
+ idle.pop_front();
busy.emplace_back(req);
// Because a list is a doubly linked list we can store the iterator
assert(p->context->searches.items.size() > 0);
RegexRequest* req = idle.front();
- idle.pop_front(); // FIXIT-H use splice to move instead
+ idle.pop_front();
busy.emplace_back(req);
p->context->regex_req_it = std::prev(busy.end());
// Loads host configuration data.
-// FIXIT-H temporarily create new HostTracker module to test new
+// FIXIT-M temporarily create new HostTracker module to test new
// HostTracker object. May eventually replace old Hosts module with this
// one.
pos += offset;
}
- // FIXIT-H should fail if offset is out of bounds
- // same for content and possibly others too
if ( pos < 0 )
pos = 0;
Unified2Event u2_event;
memset(&u2_event, 0, sizeof(u2_event));
- u2_event.snort_id = 0; // FIXIT-H define / use
+ u2_event.snort_id = 0; // FIXIT-H alert_event define / use
u2_event.event_id = htonl(event->event_id);
u2_event.event_second = htonl(event->ref_time.tv_sec);
void Analyzer::init_unprivileged()
{
// using dummy values until further integration
- // FIXIT-H max_contexts must be <= DAQ msg pool to avoid permanent stall
+ // FIXIT-M max_contexts must be <= DAQ msg pool to avoid permanent stall (offload only)
// condition (polling for packets that won't come to resume ready suspends)
#ifdef REG_TEST
const unsigned max_contexts = 20;
//------------------------------------------------------
// output module stuff
#ifdef REG_TEST
- // FIXIT-H builtin modules should set SnortConfig defaults instead
+ // FIXIT-M builtin modules should set SnortConfig defaults instead
uint32_t output_flags = OUTPUT_FLAG__WIDE_HEX;
#else
uint32_t output_flags = 0;
return false;
}
- // FIXIT-H allow service too
+ // FIXIT-M allow service too
//if ( opt->api->protos && !(proto & opt->api->protos) )
//{
// ParseError("%s not allowed with given rule protocol", opt->api->base.name);
}
const FlowKey* key = flow->key;
- // FIXIT-H FlowKey does not yet support different address families for src and dst IPs
+ // FIXIT-E FlowKey does not yet support different address families for src and dst IPs
// (e.g., IPv4 src and IPv6 dst, or vice-versa). Once it is supported, we need to pass
// two key->version here to create the proper debug_session string.
activate(key->ip_l, key->ip_h, key->port_l, key->port_h, (IpProtocol)(key->ip_protocol),
port = (dir == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp;
}
- // FIXIT-H - Creating AppId session even when flow is ignored (not monitored, e.g.,
+ // FIXIT-E - Creating AppId session even when flow is ignored (not monitored, e.g.,
// when AppId discovery is disabled) will consume a lot of unneeded memory and perform
// unneeded tasks in constructor. Snort2 uses static APPID_SESSION_STRUCT_FLAG ignore_fsf.
// Snort3 may use something like that or a dummy class/object having only common.flow_type
return 0;
}
-// FIXIT-H - Implement this function when (reconfigurable) XFF is supported.
+// FIXIT-E - Implement this function when (reconfigurable) XFF is supported.
void AppIdHttpSession::update_http_xff_address(struct XffFieldValue* xff_fields,
uint32_t numXffFields, AppidChangeBits& change_bits)
{
void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, const SfIp* cliIp,
uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol protocol, int16_t app_id)
{
- // FIXIT-RC: Passing app_id instead of SnortProtocolId to
- // create_future_session is incorrect. We need to look up
- // snort_protocol_id.
+ // FIXIT-E: Passing app_id instead of SnortProtocolId to
+ // create_future_session is incorrect. We need to look up
+ // snort_protocol_id.
AppIdSession* fp = AppIdSession::create_future_session(
pkt, cliIp, cliPort, srvIp, srvPort, protocol, app_id,
fp->payload.set_id(asd.payload.get_id());
fp->service.set_id(APP_ID_RTP, asd.ctxt.get_odp_ctxt());
- // FIXIT-H : snort 2.9.x updated the flag to APPID_SESSION_EXPECTED_EVALUATE.
+ // FIXIT-M : snort 2.9.x updated the flag to APPID_SESSION_EXPECTED_EVALUATE.
// Check if it is needed here as well.
//initialize_expected_session(asd, fp, APPID_SESSION_EXPECTED_EVALUATE);
fp2->payload.set_id(asd.payload.get_id());
fp2->service.set_id(APP_ID_RTCP, asd.ctxt.get_odp_ctxt());
- // FIXIT-H : same comment as above
+ // FIXIT-M : same comment as above
//initialize_expected_session(asd, fp2, APPID_SESSION_EXPECTED_EVALUATE);
initialize_expected_session(
lua_pushvalue(L, -1);
- // FIXIT-M: RELOAD - go back to using lua reference
+ // FIXIT-E: RELOAD - go back to using lua reference
// instead of using a string for lookups
// lsd.detector_user_data_ref = luaL_ref(L, LUA_REGISTRYINDEX);
- // FIXIT-H: The control and thread states have the same initialization
+ // FIXIT-E: The control and thread states have the same initialization
// sequence, the stack index shouldn't change between the states, maybe
// use a common index for a detector between all the states
std::string name = detector_name + "_";
lua_pushvalue(L, -1);
- // FIXIT-M: RELOAD - go back to using lua reference
+ // FIXIT-E: RELOAD - go back to using lua reference
// instead of using a string for lookups
// lsd.detector_user_data_ref = luaL_ref(L, LUA_REGISTRYINDEX);
- // FIXIT-H: The control and thread states have the same initialization
+ // FIXIT-E: The control and thread states have the same initialization
// sequence, the stack index shouldn't change between the states, maybe
// use a common index for a detector between all the states
std::string name = detector_name + "_";
const SfIp* dip = p->ptrs.ip_api.get_dst();
const SfIp* sip = p->ptrs.ip_api.get_src();
- /* FIXIT-H: Passing appId to create_future_session() is incorrect. We
+ /* FIXIT-E: Passing appId to create_future_session() is incorrect. We
need to pass the snort_protocol_id associated with appId. */
AppIdSession* asd = AppIdSession::create_future_session(p, sip, 0, dip, p->ptrs.dp,
IpProtocol::TCP, appId, 0);
ip.pton(AF_INET, "192.168.1.222");
val = appid_api.consume_ha_state(*flow, (uint8_t*)&appHA, 0, IpProtocol::TCP, &ip, 1066);
CHECK_TRUE(val == sizeof(appHA));
- //FIXIT-H refactor below code to test AppId consume functionality
+ // FIXIT-E refactor below code to test AppId consume functionality
/*
AppIdSession* session = (AppIdSession*)flow->get_flow_data(AppIdSession::inspector_id);
CHECK_TRUE(session);
mock_flow_data= nullptr;
val = appid_api.consume_ha_state(*flow, (uint8_t*)&appHA, 0, IpProtocol::TCP, &ip, 1066);
CHECK_TRUE(val == sizeof(appHA));
- //FIXIT-H refactor below code to test AppId consume functionality
+ // FIXIT-E refactor below code to test AppId consume functionality
/*
session = (AppIdSession*)flow->get_flow_data(AppIdSession::inspector_id);
CHECK_TRUE(session);
** picked up midstream, then we don't care about the MIDSTREAM flag.
** Otherwise, only consider streams not picked up midstream.
*/
- // FIXIT-H using SSNFLAG_COUNTED_INITIALIZE is a hack to get parity with 2.X
+ // FIXIT-E using SSNFLAG_COUNTED_INITIALIZE is a hack to get parity with 2.X
// this should be completely redone and port_scan should require stream_tcp
if ( p->flow and (p->flow->ssn_state.session_flags & SSNFLAG_COUNTED_INITIALIZE) )
{
RuleKey key = { otn->sigInfo.gid, otn->sigInfo.sid };
RuleState state =
{
- snort::get_ips_policy()->policy_id, // FIXIT-H need parsing policy for reload
+ // FIXIT-H parse_rule_state needs parsing policy for reload
+ snort::get_ips_policy()->policy_id,
rtn.action,
otn->enable
};
const char* order = sc->rule_order.c_str();
if ( !*order )
- order = "pass drop alert log"; // FIXIT-H apply builtin module defaults
+ order = "pass drop alert log"; // FIXIT-M apply builtin module defaults
std::stringstream ss(order);
std::string tok;
using namespace snort;
-// FIXIT-H needs to be updated for addition of get_fp_buf()
+// FIXIT-M needs to be updated for addition of get_fp_buf()
template<typename T>
static inline bool get_buf(
Inspector& i, T v, Packet& p, std::string& rb)
#include "lua/lua_arg.h"
-// FIXIT-H a lot of users keep references to this data. Need to prevent
+// FIXIT-M a lot of users keep references to this data. Need to prevent
// Lua's garbage collection from destroying RawBuffer while other C++ types
// are using the data (unbeknownst to Lua). Add a container data type
// which hold ref counts to RawBuffer and only frees when the ref count is
return 0;
}
+// FIXIT-H is this really supposed to be a shallow compare?
bool operator==(const IpApi& lhs, const IpApi& rhs)
{
if ( lhs.type != rhs.type )
return false;
- // FIXIT-H is this really supposed to be a shallow compare?
return ( lhs.iph == rhs.iph );
}
Http2Frame* Http2Frame::new_frame(const uint8_t* header, const int32_t header_len,
const uint8_t* data, const int32_t data_len, Http2FlowData* session_data, SourceId source_id)
{
- // FIXIT-H call the appropriate frame subclass constructor based on the type
+ // FIXIT-E call the appropriate frame subclass constructor based on the type
switch(session_data->frame_type[source_id])
{
case FT_HEADERS:
if (!session_data)
return;
- // FIXIT-H Workaround for unexpected eval() calls
+ // FIXIT-E Workaround for unexpected eval() calls
// Avoid eval if scan/reassemble aborts
if (session_data->frame_type[source_id] == FT__ABORT)
return;
}
#endif
- // FIXIT-H not supported yet
+ // FIXIT-E not supported yet
return false;
}
}
#endif
- // FIXIT-H not supported yet
+ // FIXIT-E not supported yet
return false;
}
HttpFlowData* session_data = http_get_flow_data(p->flow);
- // FIXIT-H Workaround for unexpected eval() calls. Convert to asserts when possible.
+ // FIXIT-E Workaround for unexpected eval() calls. Convert to asserts when possible.
if ((session_data->section_type[source_id] == SEC__NOT_COMPUTE) ||
(session_data->type_expected[source_id] == SEC_ABORT) ||
(session_data->octets_reassembled[source_id] != p->dsize))
session_data->body_octets[source_id] = body_octets;
if (session_data->http2_end_stream[source_id])
{
- // FIXIT-H check content length header against bytes received
+ // FIXIT-E check content length header against bytes received
session_data->trailer_prep(source_id);
session_data->http2_end_stream[source_id] = false;
}
else
{
- //FIXIT-H check have not exceeded content length
+ // FIXIT-E check have not exceeded content length
update_depth();
}
}
if (session_data->for_http2)
{
- // FIXIT-H check for transfer-encoding and content-length headers
+ // FIXIT-E check for transfer-encoding and content-length headers
session_data->type_expected[source_id] = SEC_BODY_H2;
prepare_body();
return;
uint32_t& partial_raw_bytes = session_data->partial_raw_bytes[source_id];
assert(partial_raw_bytes + total <= MAX_OCTETS);
- // FIXIT-H this is a precaution/workaround for stream issues. When they are fixed replace this
+ // FIXIT-E this is a precaution/workaround for stream issues. When they are fixed replace this
// block with an assert.
if ((session_data->section_offset[source_id] == 0) &&
(session_data->octets_expected[source_id] != partial_raw_bytes + total))
{
if (session_data->octets_expected[source_id] == 0)
{
- // FIXIT-H This is a known problem. No data was scanned and yet somehow stream can
+ // FIXIT-E This is a known problem. No data was scanned and yet somehow stream can
// give us data when we ask for an empty message section. Dropping the unexpected data
// enables us to send the HTTP headers through detection as originally planned.
total = 0;
// FIXIT-L the following call seems inappropriate for headers and trailers. Those cases
// should be an unconditional EVENT_LOSS_OF_SYNC.
session_data->events[source_id]->generate_misformatted_http(data, length);
- // FIXIT-H need to process this data not just discard it.
+ // FIXIT-E need to process this data not just discard it.
session_data->type_expected[source_id] = SEC_ABORT;
delete cutter;
cutter = nullptr;
bool FileSession::setup(Packet*)
{
- // FIXIT-H file context is null here
- //const char* s = DAQ_GetInterfaceSpec();
- //file_api->set_file_name(p->flow, (uint8_t*)s, strlen(s));
return true;
}
{ "max_pdu", Parameter::PT_INT, "1460:32768", "16384",
"maximum reassembled PDU size" },
- // FIXIT-H: This should become an API call so that
- // an inspector can enable no-ack processing on specific flows
{ "no_ack", Parameter::PT_BOOL, nullptr, "false",
"received data is implicitly acked immediately" },
bool TcpNormalizer::validate_rst_seq_geq(
TcpNormalizerState& tns, TcpSegmentDescriptor& tsd)
{
- // FIXIT-H check for rcv_nxt == 0 is hack for uninitialized rcv_nxt, fix this
+ // FIXIT-M check for rcv_nxt == 0 is hack for uninitialized rcv_nxt
if ( ( tns.tracker->rcv_nxt == 0 ) || SEQ_GEQ(tsd.get_seg_seq(), tns.tracker->rcv_nxt) )
return true;
bool TcpNormalizer::validate_rst_end_seq_geq(
TcpNormalizerState& tns, TcpSegmentDescriptor& tsd)
{
- // FIXIT-H check for r_win_base == 0 is hack for uninitialized r_win_base, fix this
+ // FIXIT-M check for r_win_base == 0 is hack for uninitialized r_win_base
if ( tns.tracker->r_win_base == 0 )
return true;
{
uint32_t expected_seq = tns.tracker->rcv_nxt + tns.tracker->get_fin_seq_adjust();
- // FIXIT-H check for rcv_nxt == 0 is hack for uninitialized rcv_nxt, fix this
+ // FIXIT-M check for rcv_nxt == 0 is hack for uninitialized rcv_nxt
if ( ( tns.tracker->rcv_nxt == 0 ) || SEQ_EQ(tsd.get_seg_seq(), expected_seq) )
return true;
{
if ( !p )
{
- // FIXIT-H we need to have user_policy_id in this case
- // FIXIT-H this leads to format_tcp() copying from pdu to pdu
+ // FIXIT-M we need to have user_policy_id in this case
+ // FIXIT-M this leads to format_tcp() copying from pdu to pdu
// (neither of these issues is created by passing null through to here)
p = DetectionEngine::set_next_packet();
}
// FIXIT-H a drop rule will yoink the seglist out from under us
// because apply_delayed_action is only deferred to end of context
+ // this is causing stability issues
if ( flushed and trs.sos.seg_count and
!trs.sos.session->flow->two_way_traffic() and !p->ptrs.tcph->is_syn() )
{
listener = &server;
}
- // FIXIT-H on data / on ack must be based on flush policy
if (p->dsize > 0)
listener->reassembler.flush_on_data_policy(p);
return true;
}
- // FIXIT-H any discards must be counted and in many cases alerted as well
+ // FIXIT-M any discards must be counted and in many cases alerted as well
// (count all but alert at most once per flow)
// three cases in this function; look for others
if ( ( config->flags & STREAM_CONFIG_NO_ASYNC_REASSEMBLY ) && !flow->two_way_traffic() )
&& ( listener->reassembler.get_seg_bytes_total() > config->max_queued_bytes ) )
{
tcpStats.exceeded_max_bytes++;
- // FIXIT-H add one alert per flow per above
+ // FIXIT-M add one alert per flow per above
return true;
}
&& ( listener->reassembler.get_seg_count() + 1 > config->max_queued_segs ) )
{
tcpStats.exceeded_max_segs++;
- // FIXIT-H add one alert per flow per above
+ // FIXIT-M add one alert per flow per above
return true;
}
server.reassembler.init(this, &server, server_os_policy, true);
}
-// FIXIT-H this is no longer called (but should be)
+// FIXIT-M this is no longer called (but should be)
#if 0
void TcpSession::swap_trackers()
{
st->normalizer.trim_win_payload(
tsd, (st->r_win_base + st->get_snd_wnd() - st->rcv_nxt));
- // FIXIT-H: MSS is not being set on client so packets sent
- // to client are not trimmed.
+ // FIXIT-H: MSS is not set on client so packets sent to client are not trimmed
+ // use case?
if (st->get_mss())
st->normalizer.trim_mss_payload(tsd, st->get_mss());
return ACTION_NOTHING;
}
- // FIXIT-H need to do something here to handle check for need to swap trackers??
+ // FIXIT-M need to do something here to handle check for need to swap trackers??
if ( !config )
config = get_tcp_cfg(flow->ssn_server);
return true;
}
-#ifdef FOO // FIXIT-H UNIT_TEST need work
+#if 0 // FIXIT-M unit tests need work
#include "tcp_normalizers.h"
#include "tcp_reassemblers.h"
&& ( tsd.has_wscale() || ( tsd.get_seg_len() > 0 ) ) )
{
Flow* flow = tsd.get_flow();
-
- // FIXIT-H do we need to verify the ACK field is >= the seq of the SYN-ACK?
- // 3-way Handshake complete, create TCP session
flow->session_state |= ( STREAM_STATE_ACK | STREAM_STATE_SYN_ACK |
STREAM_STATE_ESTABLISHED );
+
trk.init_on_3whs_ack_sent(tsd);
trk.session->init_new_tcp_session(tsd);
trk.session->update_perf_base_state(TcpStreamTracker::TCP_ESTABLISHED);
{
if ( trk.session->config->midstream_allowed(tsd.get_pkt() ) )
{
- // FIXIT-H handle FIN on midstream
+ // FIXIT-M handle FIN on midstream
}
else if ( trk.session->config->require_3whs() )
{
{
if ( trk.session->config->midstream_allowed(tsd.get_pkt() ) )
{
- // FIXIT-H handle FIN on midstream
+ // FIXIT-M handle FIN on midstream
}
else if ( trk.session->config->require_3whs() )
{
{
if ( trk.session->config->midstream_allowed(tsd.get_pkt() ) )
{
- // FIXIT-H handle RST on midstream
+ // FIXIT-M handle RST on midstream
}
return true;
}
return true;
}
-#ifdef FOO // FIXIT-H UNIT_TEST need work
+#if 0 // FIXIT-M unit tests need work
#include "tcp_normalizers.h"
#include "tcp_reassemblers.h"
Flow* flow = tsd.get_flow();
// FIXIT-H verify ack being sent is valid...
+ // norm/drop + discard
trk.finish_server_init(tsd);
trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->config->require_3whs());
flow->session_state |= STREAM_STATE_SYN_ACK;
Flow* flow = tsd.get_flow();
// FIXIT-H verify ack being sent is valid...
+ // norm/drop + discard
trk.update_tracker_ack_sent(tsd);
flow->set_session_flags(SSNFLAG_ESTABLISHED);
flow->session_state |= ( STREAM_STATE_ACK | STREAM_STATE_ESTABLISHED );
Flow* flow = tsd.get_flow();
// FIXIT-H verify ack being sent is valid...
+ // norm/drop + discard
trk.update_tracker_ack_sent(tsd);
flow->set_session_flags(SSNFLAG_ESTABLISHED);
flow->session_state |= ( STREAM_STATE_ACK | STREAM_STATE_ESTABLISHED );
return false;
}
-// FIXIT-H add alert and check alerted go away when we finish
-// packet / PDU split because PDU rules won't run on raw packets
bool TcpStreamSession::add_alert(Packet* p, uint32_t gid, uint32_t sid)
{
TcpStreamTracker& st = p->ptrs.ip_api.get_src()->equals(flow->client_ip) ? server : client;
tcp_event = TCP_ACK_SENT_EVENT;
}
else if ( tsd.get_seg_len() > 0 ) // FIXIT-H no flags set, how do we handle this?
+ // discard; drop if normalizing
tcp_event = TCP_DATA_SEG_SENT_EVENT;
else
tcp_event = TCP_ACK_SENT_EVENT;
tcp_event = TCP_ACK_RECV_EVENT;
}
else if ( tsd.get_seg_len() > 0 ) // FIXIT-H no flags set, how do we handle this?
+ // discard; drop if normalizing
tcp_event = TCP_DATA_SEG_RECV_EVENT;
else
tcp_event = TCP_ACK_RECV_EVENT;
void TcpStreamTracker::init_on_syn_recv(TcpSegmentDescriptor& tsd)
{
irs = tsd.get_seg_seq();
- // FIXIT-H can we really set the vars below now?
+
rcv_nxt = tsd.get_seg_seq() + 1;
r_win_base = tsd.get_seg_seq() + 1;
reassembler.set_seglist_base_seq(tsd.get_seg_seq() + 1);
else
flow->set_session_flags(SSNFLAG_SEEN_SERVER);
- // FIXIT-H should we init these?
iss = tsd.get_seg_seq();
irs = tsd.get_seg_ack();
snd_una = tsd.get_seg_seq();
snd_nxt = tsd.get_end_seq();
snd_wnd = tsd.get_seg_wnd();
- // FIXIT-H move this to fin handler for syn_recv state ..
+ // FIXIT-M move this to fin handler for syn_recv state ..
//if ( tcph->is_fin() )
// server->set_snd_nxt(server->get_snd_nxt() - 1);
//snd_una = tsd.get_seg_seq();
// FIXIT-H add check to validate ack...
+ // norm/drop + discard
if ( SEQ_GT(tsd.get_end_seq(), snd_nxt) )
snd_nxt = tsd.get_end_seq();
static const uint8_t cooked_ack[] =
"\x00\x21\x91\x01\xb2\x48\xaa\x00\x04\x00\x0a\x04\x08\x00\x45\x00\x00\x28\x00\x01\x00\x00\x40\x06\x88\x96\xc0\xa8\x00\x59\x48\xa7\xe8\x90\x23\x34\x00\x50\x00\x00\x23\x5b\x00\x00\x23\x42\x50\x10\x20\x00\x33\x7a\x00\x00";
-// FIXIT-H this is not a FIN PACKET yet...
+// FIXIT-M this is not a FIN PACKET yet...
// IP 192.168.0.89.9012 > p3nlh044.shr.prod.phx3.secureserver.net.http: Flags [.], ack 1, win 8192,
// length 0
static const uint8_t cooked_fin[] =
"\x00\x21\x91\x01\xb2\x48\xaa\x00\x04\x00\x0a\x04\x08\x00\x45\x00\x00\x28\x00\x01\x00\x00\x40\x06\x88\x96\xc0\xa8\x00\x59\x48\xa7\xe8\x90\x23\x34\x00\x50\x00\x00\x23\x5b\x00\x00\x23\x42\x50\x10\x20\x00\x33\x7a\x00\x00";
-// FIXIT-H this is not a RST PACKET yet...
+// FIXIT-M this is not a RST PACKET yet...
// IP 192.168.0.89.9012 > p3nlh044.shr.prod.phx3.secureserver.net.http: Flags [.], ack 1, win 8192,
// length 0
static const uint8_t cooked_rst[] =
}
}
- /* FIXIT-H client? doesn't make much sense in terms of specific port */
-
return 0;
}
************* sidechannel ****************
*************************************************/
-// FIXIT-H: This is temporary and needs to be translated to an appropriate `side_channel = {}`
+// FIXIT-L: This is temporary and needs to be translated to an appropriate `side_channel = {}`
static const std::string sidechannel = "sidechannel";
static const ConvertMap sidechannel_api =
projects / thirdparty / snort3.git / commitdiff
