IpsContextData* a = new ContextData(id);
mgr.set_context_data(1, a);
- IpsContext* p = mgr.interrupt();
+ mgr.interrupt();
CHECK(mgr.idle_count() == max-2);
CHECK(mgr.busy_count() == 2);
mgr.interrupt();
CHECK(mgr.idle_count() == max-3);
- unsigned u = mgr.suspend();
+ mgr.suspend();
CHECK(mgr.busy_count() == 2);
CHECK(mgr.hold_count() == 1);
sfeventq_free(equeue);
- delete buf;
+ delete[] buf;
delete pkth;
delete packet;
}
// integration into Snort.
#include <vector>
+#include "main/snort_types.h"
// required to get a decent decl of pkth
#include "protocols/packet.h"
-class IpsContextData
+class SO_PUBLIC IpsContextData
{
public:
virtual ~IpsContextData() { };
IpsContextData() { }
};
-class IpsContext
+class SO_PUBLIC IpsContext
{
public:
IpsContext(unsigned size);
Packet* Snort::set_detect_packet()
{
- // this approach is a hack until verified
- // looks like we need to stay in the current context until
- // rebuild is successful; any events while rebuilding will
- // be logged against the current packet.
+ // we need to stay in the current context until rebuild is successful
+ // any events while rebuilding will be logged against the current packet
+ // FIXIT-H bypass the interrupt / complete
const IpsContext* c = s_switcher->interrupt();
Packet* p = c->packet;
s_switcher->complete();
#include "main/snort_types.h"
+#include "main/snort_types.h"
+
class Flow;
struct Packet;
struct SnortConfig;
typedef void (* MainHook_f)(Packet*);
-class DetectionContext
+// FIXIT-H this needs to move to detection
+class SO_PUBLIC DetectionContext
{
public:
DetectionContext();
Packet* get_packet();
};
-class Snort
+class SO_PUBLIC Snort
{
public:
static SnortConfig* get_reload_config(const char* fname);
static void thread_rotate();
static void capture_packet();
+
+ // FIXIT-H these need to move to detection
static Packet* set_detect_packet();
static Packet* get_detect_packet();
static void clear_detect_packet();
if (*rtype == DCE2_RPKT_TYPE__NULL)
return nullptr;
- if (frag_data != nullptr)
+ if ( frag_data )
{
rpkt = DCE2_GetRpkt(sd->wire_pkt, *rtype, frag_data, frag_len);
- if (rpkt == nullptr)
- {
- DebugMessage(DEBUG_DCE_COMMON, "Failed to create reassembly buffer.\n");
- return nullptr;
- }
- if (seg_data != nullptr)
+
+ if ( rpkt and seg_data )
{
/* If this fails, we'll still have the frag data */
DCE2_AddDataToRpkt(rpkt, seg_data, seg_len);
}
}
- else if (seg_data != nullptr)
+ else if ( seg_data )
{
rpkt = DCE2_GetRpkt(sd->wire_pkt, *rtype, seg_data, seg_len);
- if (rpkt == nullptr)
- {
- DebugMessage(DEBUG_DCE_COMMON, "Failed to create reassembly packet.\n");
- return nullptr;
- }
}
return rpkt;
switch (sd->trans)
{
case DCE2_TRANS_TYPE__SMB:
- rpkt = DCE2_GetRpkt(sd->wire_pkt, DCE2_RPKT_TYPE__SMB_CO_SEG,
- data_ptr, data_len);
- if (rpkt == nullptr)
- {
- DebugMessage(DEBUG_DCE_COMMON, "Failed to create reassembly packet.\n");
+ rpkt = DCE2_GetRpkt(sd->wire_pkt, DCE2_RPKT_TYPE__SMB_CO_SEG, data_ptr, data_len);
+
+ if ( !rpkt )
return nullptr;
- }
+
DCE2_SmbSetRdata((DCE2_SmbSsnData*)sd, (uint8_t*)rpkt->data,
(uint16_t)(rpkt->dsize - smb_hdr_len));
break;
case DCE2_TRANS_TYPE__TCP:
// FIXIT-M add HTTP cases when it is ported
- rpkt = DCE2_GetRpkt(sd->wire_pkt, DCE2_RPKT_TYPE__TCP_CO_SEG,
- data_ptr, data_len);
- if (rpkt == nullptr)
- {
- DebugMessage(DEBUG_DCE_COMMON, "Failed to create reassembly packet.\n");
- return nullptr;
- }
-
+ rpkt = DCE2_GetRpkt(sd->wire_pkt, DCE2_RPKT_TYPE__TCP_CO_SEG, data_ptr, data_len);
break;
default:
#include "dce_udp.h"
THREAD_LOCAL int dce2_detected = 0;
+static THREAD_LOCAL bool using_rpkt = false;
static const char* dce2_get_policy_name(DCE2_Policy policy)
{
void DCE2_Detect(DCE2_SsnData* sd)
{
- DetectionContext dc;
- Packet* top_pkt = dc.get_packet();
-
- if ( !top_pkt->endianness )
+ if ( using_rpkt )
+ {
+ using_rpkt = false;
+ DetectionContext dc;
+ DCE2_Detect(sd);
return;
+ }
+ Packet* top_pkt = Snort::get_detect_packet();
DCE2_PrintRoptions(&sd->ropts);
DebugMessage(DEBUG_DCE_COMMON, "Payload:\n");
static void dce2_fill_rpkt_info(Packet* rpkt, Packet* p)
{
- DceEndianness* endianness = (DceEndianness*)rpkt->endianness;
- rpkt->reset();
- rpkt->endianness = (Endianness*)endianness;
- ((DceEndianness*)rpkt->endianness)->reset();
+ rpkt->endianness = new DceEndianness();
rpkt->pkth = p->pkth;
rpkt->ptrs = p->ptrs;
rpkt->flow = p->flow;
const uint8_t* data, uint32_t data_len)
{
Packet* rpkt = Snort::set_detect_packet();
- rpkt->endianness = new DceEndianness();
+ dce2_fill_rpkt_info(rpkt, p);
uint16_t data_overhead = 0;
switch (rpkt_type)
{
case DCE2_RPKT_TYPE__SMB_SEG:
- dce2_fill_rpkt_info(rpkt, p);
rpkt->pseudo_type = PSEUDO_PKT_SMB_SEG;
break;
case DCE2_RPKT_TYPE__SMB_TRANS:
- dce2_fill_rpkt_info(rpkt, p);
rpkt->pseudo_type = PSEUDO_PKT_SMB_TRANS;
if (DCE2_SsnFromClient(p))
{
break;
case DCE2_RPKT_TYPE__SMB_CO_SEG:
- dce2_fill_rpkt_info(rpkt, p);
rpkt->pseudo_type = PSEUDO_PKT_DCE_SEG;
if (DCE2_SsnFromClient(p))
{
break;
case DCE2_RPKT_TYPE__SMB_CO_FRAG:
- dce2_fill_rpkt_info(rpkt, p);
rpkt->pseudo_type = PSEUDO_PKT_DCE_FRAG;
if (DCE2_SsnFromClient(p))
{
break;
case DCE2_RPKT_TYPE__UDP_CL_FRAG:
- dce2_fill_rpkt_info(rpkt, p);
rpkt->pseudo_type = PSEUDO_PKT_DCE_FRAG;
data_overhead = DCE2_MOCK_HDR_LEN__CL;
memset((void*)rpkt->data, 0, data_overhead);
case DCE2_RPKT_TYPE__TCP_CO_SEG:
case DCE2_RPKT_TYPE__TCP_CO_FRAG:
- dce2_fill_rpkt_info(rpkt, p);
-
if (rpkt_type == DCE2_RPKT_TYPE__TCP_CO_FRAG)
{
rpkt->pseudo_type = PSEUDO_PKT_DCE_FRAG;
default:
DebugFormat(DEBUG_DCE_COMMON, "Invalid reassembly packet type: %d\n",rpkt_type);
+ assert(false);
return nullptr;
}
data_len -= (data_overhead + data_len) - Packet::max_dsize;
if (data_len > Packet::max_dsize - data_overhead)
+ {
+ DebugMessage(DEBUG_DCE_COMMON, "Failed to create reassembly packet.\n");
+ delete rpkt->endianness;
+ rpkt->endianness = nullptr;
return nullptr;
+ }
memcpy_s((void*)(rpkt->data + data_overhead),
Packet::max_dsize - data_overhead, data, data_len);
rpkt->dsize = data_len + data_overhead;
+ using_rpkt = true;
return rpkt;
}
Packet* rpkt = DCE2_GetRpkt(ssd->sd.wire_pkt, rtype, *data, *data_len);
- if (rpkt == nullptr)
- {
- DebugFormat(DEBUG_DCE_SMB,
- "%s(%d) Failed to create reassembly packet.",
- __FILE__, __LINE__);
-
+ if ( !rpkt )
return nullptr;
- }
*data = rpkt->data;
*data_len = rpkt->dsize;
stub_len += fnode->frag_len;
}
- Packet* rpkt = DCE2_GetRpkt(sd->wire_pkt, DCE2_RPKT_TYPE__UDP_CL_FRAG, dce2_cl_rbuf, stub_len);
- if (rpkt == nullptr)
- {
- DebugFormat(DEBUG_DCE_UDP,
- "%s(%d) Failed to create reassembly packet.",
- __FILE__, __LINE__);
+ Packet* rpkt = DCE2_GetRpkt(
+ sd->wire_pkt, DCE2_RPKT_TYPE__UDP_CL_FRAG, dce2_cl_rbuf, stub_len);
+
+ if ( !rpkt )
return;
- }
DCE2_ClSetRdata(at, cl_hdr, (uint8_t*)rpkt->data,
(uint16_t)(rpkt->dsize - DCE2_MOCK_HDR_LEN__CL));
#include "stream.h"
+#include <assert.h>
+
#include "flow/flow_control.h"
#include "flow/flow_key.h"
#include "flow/ha.h"
// rebuilt packet is available)
Snort::set_detect_packet();
DetectionContext dc;
+ // this is a hack to work around the above issue
+ DAQ_PktHdr_t* ph = (DAQ_PktHdr_t*)dc.get_packet()->pkth;
+ memset(ph, 0, sizeof(*ph));
flow_con->purge_flows(PktType::IP);
flow_con->purge_flows(PktType::ICMP);
projects / thirdparty / snort3.git / commitdiff
