Merge in SNORT/snort3 from ~OSHUMEIK/snort3:fp_sub_buffer to master
Squashed commit of the following:
commit
212506d4e8f65f62cf042585af0e89f8fcbdda4f
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jun 4 22:05:51 2024 +0300
build: bump version to 3.2.0
IPS option API has changed.
commit
0a1a7e16acc3117f46b3aba467fe552b4de9f256
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jun 4 17:38:49 2024 +0300
http_inspect: set CAT_SET_SUB_SECTION for buffer with a sub-selector configured
commit
a036904c1751e21dcd8c75553e4e5e9978b553c8
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date: Tue Jun 4 17:34:29 2024 +0300
framework: add new Cursor Action Type
Buffer-setter IPS option can be of sub-section type, picking just a part of
the targeted IPS buffer. Such buffer setter cannot make a fast-pattern-only option.
project (snort CXX C)
set (VERSION_MAJOR 3)
-set (VERSION_MINOR 2)
-set (VERSION_PATCH 2)
+set (VERSION_MINOR 3)
+set (VERSION_PATCH 0)
set (VERSION_SUBLEVEL 0)
set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
if ( cat > CAT_ADJUST )
{
- if ( cat == CAT_SET_FAST_PATTERN or cat == CAT_SET_RAW )
+ if ( cat >= CAT_SET_RAW )
curr_opt = ofl->ips_opt;
curr_cat = cat;
if ( !tmp )
continue;
+ if (curr_cat == CAT_SET_SUB_SECTION)
+ tmp->set_sub_section();
+
content = true;
FpSelector curr(curr_cat, ofl->ips_opt, tmp);
return false;
// FIXIT-L no_case consideration is mpse specific, delegate
- if ( !pmd->is_relative() and !pmd->is_negated() and
- !pmd->offset and !pmd->depth and pmd->is_no_case() )
- {
- ofp = ofp->next;
- if ( !ofp || !ofp->ips_opt || !ofp->ips_opt->is_relative() )
- return true;
- }
- return false;
+ if ( pmd->is_relative() or pmd->is_negated() or pmd->offset or pmd->depth or !pmd->is_no_case() or
+ pmd->is_sub_section())
+ return false;
+
+ ofp = ofp->next;
+
+ if ( ofp and ofp->ips_opt and ofp->ips_opt->is_relative() )
+ return false;
+
+ return true;
}
bool is_fast_pattern_only(const OptTreeNode* otn, const OptFpList* ofp, Mpse::MpseType mpse_type)
LITERAL = 0x08,
FAST_PAT = 0x10,
NO_FP = 0x20,
+ SUB_SECT = 0x40,
};
uint16_t flags = 0; // from above enum
void set_literal()
{ flags |= LITERAL; }
+ void set_sub_section()
+ { flags |= SUB_SECT; }
+
bool is_fast_pattern() const
{ return (flags & FAST_PAT) != 0; }
bool is_literal() const
{ return (flags & LITERAL) != 0; }
+ bool is_sub_section() const
+ { return (flags & SUB_SECT) != 0; }
+
bool can_be_fp() const;
bool has_alpha() const;
class Module;
// this is the current version of the api
-#define IPSAPI_VERSION ((BASE_API_VERSION << 16) | 1)
+#define IPSAPI_VERSION ((BASE_API_VERSION << 16) | 2)
enum CursorActionType
{
CAT_SET_OTHER,
CAT_SET_RAW,
CAT_SET_FAST_PATTERN,
+ CAT_SET_SUB_SECTION,
};
enum RuleDirection
HttpIpsOption(const HttpRuleOptModule* cm) :
snort::IpsOption(cm->key),
buffer_info(cm->rule_opt_index, cm->sub_id, cm->form),
- cat(cm->cat), pdu_section(cm->pdu_section) {}
+ cat(cm->sub_id and cm->cat == snort::CAT_SET_FAST_PATTERN ? snort::CAT_SET_SUB_SECTION : cm->cat),
+ pdu_section(cm->pdu_section) {}
snort::CursorActionType get_cursor_type() const override { return cat; }
EvalStatus eval(Cursor&, snort::Packet*) override = 0;
uint32_t hash() const override;
projects / thirdparty / snort3.git / commitdiff
