// we never increase, only trim, but daq doesn't support resizing wire packet
PacketManager::encode_update(p);
- if ( p->inject() == DAQ_SUCCESS )
+ int ret = p->inject();
+ if ( ret == DAQ_SUCCESS )
verdict = DAQ_VERDICT_BLOCK;
+ else
+ PacketTracer::log("Packet inject failed: %d\n", ret);
// FIXIT-M X Should we be blocking the wire packet even if the injection fails?
}
else if ( p->packet_flags & PKT_MODIFIED )
int SFDAQInstance::inject(DAQ_Msg_h, int, const uint8_t*, uint32_t) { return -1; }
DAQ_RecvStatus SFDAQInstance::receive_messages(unsigned) { return DAQ_RSTAT_ERROR; }
int SFDAQInstance::ioctl(DAQ_IoctlCmd, void*, size_t) { return -4; }
+bool SFDAQInstance::can_invoke_inject_drop() const { return false; }
void SFDAQ::set_local_instance(SFDAQInstance*) { }
const char* SFDAQ::verdict_to_string(DAQ_Verdict) { return nullptr; }
bool SFDAQ::forwarding_packet(const DAQ_PktHdr_t*) { return false; }
return (daq_instance_get_capabilities(instance) & DAQ_CAPA_WHITELIST) != 0;
}
+bool SFDAQInstance::can_invoke_inject_drop() const
+{
+ return (daq_instance_get_capabilities(instance) & DAQ_CAPA_INJECT_DROP) != 0;
+}
+
bool SFDAQInstance::start()
{
int rval = daq_instance_start(instance);
bool can_inject_raw() const;
bool can_replace() const;
bool can_start_unprivileged() const;
+ bool can_invoke_inject_drop() const;
SO_PUBLIC bool can_whitelist() const;
int inject(DAQ_Msg_h, int rev, const uint8_t* buf, uint32_t len);
#include "config.h"
#endif
+#include <daq_common.h>
+
#include "packet.h"
#include "detection/ips_context.h"
#include "log/obfuscator.h"
#include "main/snort_config.h"
#include "packet_io/active.h"
+#include "packet_io/packet_tracer.h"
#include "packet_io/sfdaq_instance.h"
#include "packet_manager.h"
int Packet::inject()
{
set_pkt_injected();
+ if ( daq_instance->can_invoke_inject_drop() )
+ {
+ int ret = daq_instance->ioctl((DAQ_IoctlCmd)DIOCTL_SET_INJECT_DROP, (void*)daq_msg, sizeof(*daq_msg));
+ if ( ret != DAQ_SUCCESS )
+ PacketTracer::log("DIOCTL_SET_INJECT_DROP failed: %d\n", ret);
+ }
return daq_instance->inject(daq_msg, 0, pkt, pktlen);
}
uint8_t Stream::get_flow_ttl(Flow*, char, bool) { return 0; }
bool SFDAQ::forwarding_packet(const DAQ_PktHdr_t*) { return false; }
int SFDAQInstance::inject(_daq_msg const*, int, unsigned char const*, unsigned int) { return -1; }
+int snort::SFDAQInstance::ioctl(DAQ_IoctlCmd cmd, void *arg, size_t arglen) { return DAQ_ERROR_NOTSUP; }
+bool SFDAQInstance::can_invoke_inject_drop() const { return false; }
void sum_stats(PegCount*, PegCount*, unsigned, bool) {}
IpsContext::IpsContext(unsigned):
packet(nullptr), encode_packet(nullptr), pkth (nullptr), buf(nullptr),
#include "flow/expect_flow.h"
#include "framework/api_options.h"
#include "packet_io/sfdaq_instance.h"
+#include "packet_io/packet_tracer.h"
#include "protocols/packet.h"
#include "protocols/packet_manager.h"
const geneve::GeneveLyr* layer::get_geneve_layer(const Packet*, bool) { return nullptr; }
void ip::IpApi::reset() {}
int SFDAQInstance::inject(_daq_msg const*, int, unsigned char const*, unsigned int) { return -1; }
+int snort::SFDAQInstance::ioctl(DAQ_IoctlCmd cmd, void *arg, size_t arglen) { return DAQ_SUCCESS; }
+bool SFDAQInstance::can_invoke_inject_drop() const { return false; }
+void PacketTracer::log(const char*, ...) { }
uint8_t PacketManager::max_layers = DEFAULT_LAYERMAX;
projects / thirdparty / snort3.git / commitdiff
