*/
/* daq_file.c author Russ Combs <rucombs@cisco.com> */
-#include "daq_user.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "daq_user.h"
+
#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
*/
/* daq_hext.c author Russ Combs <rucombs@cisco.com> */
-#include "daq_user.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "daq_user.h"
+
#include <ctype.h>
#include <errno.h>
#include <stdlib.h>
implementation declarations should go in a separate header from the
interface. And so on.
-* A .cc should include its own .h before any others (including
- system headers). This ensures that the header stands on its own and can
- be used by clients without include prerequisites and the developer will
- be the first to find a dependency problem.
-
-* Include required headers, all required headers, and nothing but required
- headers. Don't just clone a bunch of headers because it is convenient.
-
-* Try to keep includes in alpha order. This makes it easier to maintain,
- avoid duplicates, etc.
-
-* Any file depending on #ifdefs should include config.h as shown below. A
- .h should include it before any other includes, and a .cc should include
- it immediately after the include of its own .h.
+* All .cc files should include config.h with the standard block shown below
+ immediately following the initial comment blocks and before anything else.
+ This presents a consistent view of all included header files as well as
+ access to any other configure-time definitions. No .h files should include
+ config.h unless they are guaranteed to be local header files (never
+ installed).
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+* A .cc should include its own .h before any others aside from the
+ aforementioned config.h (including system headers). This ensures that the
+ header stands on its own and can be used by clients without include
+ prerequisites and the developer will be the first to find a dependency issue.
+
+* Split headers included from the local directory into a final block of
+ headers. For a .cc file, the final order of sets of header includes should
+ look like this:
+
+ 1. config.h
+ 2. its own .h file
+ 3. system headers (.h/.hpp/.hxx)
+ 4. C++ standard library headers (no file extension)
+ 5. Snort headers external to the local directory (path-prefixed)
+ 6. Snort headers in the local directory
+
+* Include required headers, all required headers, and nothing but required
+ headers. Don't just clone a bunch of headers because it is convenient.
+
+* Keep includes in alphabetical order. This makes it easier to maintain, avoid
+ duplicates, etc.
+
* Do not put using statements in headers unless they are tightly scoped.
=== Warnings
#include "config.h"
#endif
-#include "framework/codec.h"
#include "codecs/codec_module.h"
-#include "protocols/protocol_ids.h"
+#include "framework/codec.h"
#include "protocols/eapol.h"
#define CD_EAPOL_NAME "eapol"
#include "config.h"
#endif
-extern "C" {
#include <sfbpf_dlt.h>
-}
#include "framework/codec.h"
#include "protocols/linux_sll.h"
#include "config.h"
#endif
-extern "C" {
#include <sfbpf_dlt.h>
-}
#include "framework/codec.h"
-#include "protocols/protocol_ids.h"
#define CD_NULL_NAME "null"
#define CD_NULL_HELP_STR "support for null encapsulation"
#include "config.h"
#endif
-extern "C" {
+#include <net/if.h>
#include <sfbpf_dlt.h>
-}
#include "framework/codec.h"
#endif
#include "framework/codec.h"
-#include "framework/decode_data.h"
#include "codecs/codec_module.h"
namespace
#include "config.h"
#endif
-#include <stdint.h>
-
-extern "C" {
#include <sfbpf_dlt.h>
-}
#include "framework/codec.h"
#include "config.h"
#endif
-extern "C" {
#include <sfbpf_dlt.h>
-}
#include "framework/codec.h"
-#include "protocols/protocol_ids.h"
#define CD_RAW4_NAME "raw4"
#define CD_RAW4_HELP_STR "support for unencapsulated IPv4"
#include "config.h"
#endif
-extern "C" {
#include <sfbpf_dlt.h>
-}
#include "framework/codec.h"
-#include "protocols/protocol_ids.h"
#define CD_RAW6_NAME "raw6"
#define CD_RAW6_HELP_STR "support for unencapsulated IPv6"
//--------------------------------------------------------------------------
// cd_sip.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include <stdint.h>
-
-extern "C" {
#include <sfbpf_dlt.h>
-}
#include "framework/codec.h"
-#include "protocols/protocol_ids.h"
#define CD_SLIP_NAME "slip"
#define CD_SLIP_HELP_STR "support for slip protocol"
#include "config.h"
#endif
-extern "C" {
#include <sfbpf_dlt.h>
-}
-#include "protocols/token_ring.h"
-#include "framework/codec.h"
#include "codecs/codec_module.h"
+#include "framework/codec.h"
+#include "protocols/token_ring.h"
namespace
{
#include "config.h"
#endif
-extern "C" {
#include <sfbpf_dlt.h>
-}
-#include "protocols/wlan.h"
-#include "framework/codec.h"
#include "codecs/codec_module.h"
-#include "protocols/protocol_ids.h"
+#include "framework/codec.h"
#include "log/text_log.h"
+#include "protocols/wlan.h"
#define CD_WLAN_NAME "wlan"
#define CD_WLAN_HELP_STR "support for wireless local area network protocol"
#include "config.h"
#endif
-#include <string.h>
-#include <time.h>
-
-#include <iostream>
-#include <string>
-
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
+#include "flow/flow.h"
#include "framework/data_bus.h"
#include "framework/inspector.h"
#include "framework/module.h"
#include "log/messages.h"
#include "log/text_log.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "utils/stats.h"
-#include "flow/flow.h"
-#include "sfip/sf_ip.h"
static const char* s_name = "data_log";
static const char* f_name = "data.log";
#include "config.h"
#endif
-#include <assert.h>
-#include <sys/types.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
#include "events/event_queue.h"
#include "framework/inspector.h"
#include "framework/module.h"
#include "log/messages.h"
-#include "protocols/packet.h"
#include "profiler/profiler.h"
-#include "utils/stats.h"
+#include "protocols/packet.h"
#define DPX_GID 256
#define DPX_SID 1
** NOTES:
** - 3.2.03: Initial development. DJR
*/
-#include <stdlib.h>
-#include <sys/types.h>
-#include "hi_ui_config.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "hi_ad.h"
+
+#include "hi_events.h"
#include "hi_return_codes.h"
#include "hi_si.h"
+#include "hi_ui_config.h"
/*
** NAME
#ifndef HI_AD_H
#define HI_AD_H
-#include <sys/types.h>
+#include <cstdint>
-#include "hi_include.h"
-
-int hi_server_anomaly_detection(void* S, const u_char* data, int dsize);
+int hi_server_anomaly_detection(void* S, const uint8_t* data, int dsize);
#endif
** - 2.4.05: Added tab_uri_delimiter config option. AJM.
*/
-#include "hi_client.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <errno.h>
-
-#include "hi_ui_config.h"
-#include "hi_si.h"
-#include "hi_mi.h"
-#include "hi_util.h"
-#include "hi_return_codes.h"
-#include "hi_cmd_lookup.h"
+#include "hi_client.h"
-#include "utils/util.h"
-#include "utils/util_unfold.h"
-#include "detection/detection_util.h"
+#include "protocols/packet.h"
#include "utils/safec.h"
+#include "utils/util_unfold.h"
+
+#include "hi_cmd_lookup.h"
+#include "hi_events.h"
+#include "hi_include.h"
+#include "hi_return_codes.h"
+#include "hi_si.h"
#define HEADER_NAME__COOKIE "Cookie"
#define HEADER_LENGTH__COOKIE 6
#ifndef HI_CLIENT_H
#define HI_CLIENT_H
-#include <sys/types.h>
+#include "flow/flow.h"
#include "hi_main.h"
-#include "hi_include.h"
-#include "hi_events.h"
#define URI_END 99
#define POST_END 100
typedef struct s_COOKIE_PTR
{
- const u_char* cookie;
- const u_char* cookie_end;
+ const uint8_t* cookie;
+ const uint8_t* cookie_end;
struct s_COOKIE_PTR* next;
} COOKIE_PTR;
typedef struct s_CONTLEN_PTR
{
- const u_char* cont_len_start;
- const u_char* cont_len_end;
+ const uint8_t* cont_len_start;
+ const uint8_t* cont_len_end;
uint32_t len;
} CONTLEN_PTR;
typedef struct s_CONT_ENCODING_PTR
{
- const u_char* cont_encoding_start;
- const u_char* cont_encoding_end;
+ const uint8_t* cont_encoding_start;
+ const uint8_t* cont_encoding_end;
uint16_t compress_fmt;
} CONT_ENCODING_PTR;
typedef struct s_URI_PTR
{
- const u_char* uri; /* the beginning of the URI */
- const u_char* uri_end; /* the end of the URI */
- const u_char* norm; /* ptr to first normalization occurence */
- const u_char* ident; /* ptr to beginning of the HTTP identifier */
- const u_char* first_sp_start; /* beginning of first space delimiter */
- const u_char* first_sp_end; /* end of first space delimiter */
- const u_char* second_sp_start; /* beginning of second space delimiter */
- const u_char* second_sp_end; /* end of second space delimiter */
- const u_char* param; /* '?' (beginning of parameter field) */
- const u_char* delimiter; /* HTTP URI delimiter (\r\n\) */
- const u_char* last_dir; /* ptr to last dir, so we catch long dirs */
- const u_char* proxy; /* ptr to the absolute URI */
+ const uint8_t* uri; /* the beginning of the URI */
+ const uint8_t* uri_end; /* the end of the URI */
+ const uint8_t* norm; /* ptr to first normalization occurence */
+ const uint8_t* ident; /* ptr to beginning of the HTTP identifier */
+ const uint8_t* first_sp_start; /* beginning of first space delimiter */
+ const uint8_t* first_sp_end; /* end of first space delimiter */
+ const uint8_t* second_sp_start; /* beginning of second space delimiter */
+ const uint8_t* second_sp_end; /* end of second space delimiter */
+ const uint8_t* param; /* '?' (beginning of parameter field) */
+ const uint8_t* delimiter; /* HTTP URI delimiter (\r\n\) */
+ const uint8_t* last_dir; /* ptr to last dir, so we catch long dirs */
+ const uint8_t* proxy; /* ptr to the absolute URI */
} URI_PTR;
typedef struct s_HEADER_PTR
typedef struct s_HI_CLIENT_REQ
{
- const u_char* uri;
- const u_char* uri_norm;
- const u_char* post_raw;
- const u_char* post_norm;
- const u_char* header_raw;
- const u_char* header_norm;
+ const uint8_t* uri;
+ const uint8_t* uri_norm;
+ const uint8_t* post_raw;
+ const uint8_t* post_norm;
+ const uint8_t* header_raw;
+ const uint8_t* header_norm;
COOKIE_PTR cookie;
- const u_char* cookie_norm;
- const u_char* method_raw;
-
- u_int uri_size;
- u_int uri_norm_size;
- u_int post_raw_size;
- u_int post_norm_size;
- u_int header_raw_size;
- u_int header_norm_size;
- u_int cookie_norm_size;
- u_int method_size;
-
- const u_char* pipeline_req;
- u_char method;
+ const uint8_t* cookie_norm;
+ const uint8_t* method_raw;
+
+ unsigned int uri_size;
+ unsigned int uri_norm_size;
+ unsigned int post_raw_size;
+ unsigned int post_norm_size;
+ unsigned int header_raw_size;
+ unsigned int header_norm_size;
+ unsigned int cookie_norm_size;
+ unsigned int method_size;
+
+ const uint8_t* pipeline_req;
+ uint8_t method;
uint16_t uri_encode_type;
uint16_t header_encode_type;
uint16_t cookie_encode_type;
uint16_t post_encode_type;
- const u_char* content_type;
+ const uint8_t* content_type;
} HI_CLIENT_REQ;
typedef struct s_HI_CLIENT
char** hi_client_get_field_names();
-extern const u_char* proxy_start;
-extern const u_char* proxy_end;
+extern const uint8_t* proxy_start;
+extern const uint8_t* proxy_end;
struct HI_SESSION;
-int CheckLongDir(HI_SESSION* session, URI_PTR* uri_ptr, const u_char* ptr);
+int CheckLongDir(HI_SESSION* session, URI_PTR* uri_ptr, const uint8_t* ptr);
/** This makes passing function arguments much more readable and easier
** to follow.
*/
typedef int (* LOOKUP_FCN)(
- HI_SESSION*, const u_char* start, const u_char* end, const u_char**, URI_PTR*);
+ HI_SESSION*, const uint8_t* start, const uint8_t* end, const uint8_t**, URI_PTR*);
-int NextNonWhiteSpace(HI_SESSION*, const u_char*, const u_char*, const u_char**, URI_PTR*);
+int NextNonWhiteSpace(HI_SESSION*, const uint8_t*, const uint8_t*, const uint8_t**, URI_PTR*);
/*
** The lookup table contains functions for different HTTP delimiters
// this file was split from hi_client.cc; look there for the real
// culprits ;)
-#include "hi_client.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "hi_events.h"
#include "hi_return_codes.h"
#include "hi_si.h"
#include "hi_util.h"
** - Initial development. DJR
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "hi_client_norm.h"
-#include <stdlib.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <ctype.h>
+#include "main/snort_debug.h"
+#include "utils/safec.h"
#include "hi_norm.h"
-#include "hi_util.h"
#include "hi_return_codes.h"
-#include "utils/safec.h"
int hi_split_header_cookie(
HI_SESSION*, u_char* header, int* i_header_len,
#ifndef HI_CLIENT_NORM_H
#define HI_CLIENT_NORM_H
-#include "hi_include.h"
#include "hi_si.h"
int hi_client_norm(HI_SESSION* session);
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "hi_cmd_lookup.h"
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "utils/kmap.h"
+#include "hi_cmd_lookup.h"
/*
* Function: http_cmd_lookup_init(CMD_LOOKUP **CmdLookup)
//--------------------------------------------------------------------------
// hi_events.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "hi_events.h"
#include <assert.h>
#include <strings.h>
#include "events/event_queue.h"
+#include "main/thread.h"
static THREAD_LOCAL uint64_t gid_client = 0;
static THREAD_LOCAL uint64_t gid_server = 0;
#ifndef HI_EVENTS_H
#define HI_EVENTS_H
-#include "hi_include.h"
-
// changed gids from 119-120 to avoid overlap with nhi
#define GID_HTTP_CLIENT 319
#define GID_HTTP_SERVER 320
#define HI_INCLUDE_H
#include "framework/counts.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "main/thread.h"
#define HI_UNKNOWN_METHOD 1
** - 2.11.03: Initial Development. DJR
** - 2.4.05: Added tab_uri_delimiter config option. AJM.
*/
-#include "hi_main.h"
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <limits.h>
+#include "hi_main.h"
#include "detection/detect.h"
-#include "detection/detection_util.h"
-#include "events/event.h"
-#include "file_api/file_api.h"
#include "file_api/file_flows.h"
-#include "framework/data_bus.h"
#include "log/messages.h"
#include "log/unified2.h"
-#include "main/snort_debug.h"
-#include "mime/decode_base.h"
#include "profiler/profiler.h"
#include "protocols/packet.h"
#include "protocols/tcp.h"
#include "search_engines/search_tool.h"
#include "stream/stream.h"
-#include "utils/util.h"
-#include "utils/util_utf.h"
#include "utils/sfsnprintfappend.h"
-#include "hi_return_codes.h"
-#include "hi_ui_config.h"
-#include "hi_ui_iis_unicode_map.h"
-#include "hi_si.h"
+#include "hi_ad.h"
+#include "hi_include.h"
#include "hi_mi.h"
#include "hi_norm.h"
-#include "hi_cmd_lookup.h"
+#include "hi_return_codes.h"
+#include "hi_si.h"
const HiSearchToken hi_patterns[] =
{
#ifndef HI_MAIN_H
#define HI_MAIN_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#include <zlib.h>
+#include "decompress/file_decomp.h"
#include "detection/detection_util.h"
-#include "protocols/packet.h"
+#include "flow/flow.h"
+#include "utils/util.h"
#include "utils/util_jsnorm.h"
#include "utils/util_utf.h"
+
#include "hi_ui_config.h"
#define MAX_METHOD_LEN 256
** - 3.2.03: Initial development. DJR
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "hi_mi.h"
-#include "hi_si.h"
-#include "hi_client.h"
-#include "hi_server.h"
+#include "protocols/packet.h"
+
#include "hi_return_codes.h"
/*
#ifndef HI_MI_H
#define HI_MI_H
-#include <sys/types.h>
-
#include "hi_si.h"
-#include "hi_main.h"
int hi_mi_mode_inspection(HI_SESSION* session, int iInspectMode, Packet* p, HttpSessionData*);
// hi_module.cc author Russ Combs <rucombs@cisco.com>
-#include "hi_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
+#include "hi_module.h"
#include "decompress/file_decomp.h"
#include "utils/util.h"
-#include "hi_ui_config.h"
-#include "hi_events.h"
#include "hi_cmd_lookup.h"
+#include "hi_include.h"
#include "hi_ui_iis_unicode_map.h"
//-------------------------------------------------------------------------
#ifndef HI_MODULE_H
#define HI_MODULE_H
-#include <string>
-
#include "framework/module.h"
-#include "hi_ui_config.h"
+
#include "hi_events.h"
+#include "hi_ui_config.h"
#define GLOBAL_KEYWORD "http_global"
#define SERVER_KEYWORD "http_server"
** - Initial development. DJR
*/
-#include "hi_norm.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include <sys/types.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "detection/detection_util.h"
+#include "hi_norm.h"
#include "hi_client_norm.h"
-#include "hi_server_norm.h"
#include "hi_events.h"
-#include "hi_ui_iis_unicode_map.h"
+#include "hi_include.h"
#include "hi_return_codes.h"
-#include "hi_si.h"
-#include "hi_util.h"
+#include "hi_server_norm.h"
+#include "hi_ui_iis_unicode_map.h"
#define MAX_DIRS 2048
#ifndef HI_NORM_H
#define HI_NORM_H
-#include <sys/types.h>
-
-#include "hi_include.h"
-#include "hi_ui_config.h"
#include "hi_si.h"
#define MAX_URI 8192
#ifndef HI_RETURN_CODES_H
#define HI_RETURN_CODES_H
-#include "hi_include.h"
-
#define HI_BOOL_FALSE 0
#define HI_SUCCESS 0
** NOTES:
** - Initial development. DJR
*/
-#include <stdio.h>
-#include <zlib.h>
-#include "hi_stream_splitter.h"
-#include "main/thread.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "hi_server.h"
+
+#include "protocols/packet.h"
#include "utils/safec.h"
-#include "utils/util_utf.h"
+#include "utils/util_unfold.h"
+
+#include "hi_events.h"
+#include "hi_include.h"
+#include "hi_return_codes.h"
+#include "hi_si.h"
+#include "hi_stream_splitter.h"
static THREAD_LOCAL bool headers = false;
static THREAD_LOCAL bool simple_response = false;
static THREAD_LOCAL uint8_t decompression_buffer[65535];
static THREAD_LOCAL uint8_t dechunk_buffer[65535];
-#include "hi_server.h"
-#include "hi_ui_config.h"
-#include "hi_return_codes.h"
-#include "hi_si.h"
-
-#include "detection/detection_util.h"
-#include "utils/util_unfold.h"
-#include "protocols/tcp.h"
-
#define STAT_END 100
#define HTTPRESP_HEADER_NAME__COOKIE "Set-Cookie"
#define HTTPRESP_HEADER_LENGTH__COOKIE 10
// This file declares the server structure and functions to access server
// inspection.
-#include "hi_include.h"
-#include "hi_util.h"
-#include "hi_main.h"
#include "hi_client.h"
+#include "hi_util.h"
typedef struct s_HI_SERVER_RESP
{
** - Initial development. DJR
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "hi_server_norm.h"
-#include <stdlib.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <ctype.h>
+#include "search_engines/search_tool.h"
+#include "utils/safec.h"
+#include "hi_events.h"
#include "hi_norm.h"
-#include "hi_util.h"
#include "hi_return_codes.h"
-#include "detection/detection_util.h"
-#include "search_engines/search_tool.h"
-#include "utils/safec.h"
-#include "utils/util_utf.h"
-
int hi_server_norm(HI_SESSION* session, HttpSessionData* hsd)
{
static THREAD_LOCAL u_char HeaderBuf[MAX_URI];
#ifndef HI_SERVER_NORM_H
#define HI_SERVER_NORM_H
-#include "hi_include.h"
#include "hi_si.h"
int hi_server_norm(HI_SESSION* session, HttpSessionData* hsd);
**
** - 2.25.03: Initial Development. DJR
*/
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "hi_si.h"
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
+#include "protocols/packet.h"
#include "hi_return_codes.h"
-#include "hi_ui_config.h"
-#include "hi_ad.h"
-#include "hi_main.h"
/*
** NAME
#ifndef HI_SI_H
#define HI_SI_H
-#include "hi_include.h"
-#include "hi_ui_config.h"
#include "hi_client.h"
#include "hi_server.h"
-#include "hi_ad.h"
-#include "sfip/sf_ip.h"
struct Packet;
// * Range, Content-Range, and multipart
//--------------------------------------------------------------------
-#include "hi_stream_splitter.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
+#include "hi_stream_splitter.h"
-#include "hi_events.h"
-#include "main/snort_debug.h"
#include "events/event_queue.h"
+#include "main/snort_debug.h"
#include "protocols/packet.h"
#include "stream/stream.h"
#include "utils/util.h"
+#include "hi_events.h"
+
#ifdef DEBUG_MSGS
#define HI_TRACE // define for state trace
#endif
#ifndef HI_STREAM_SPLITTER_H
#define HI_STREAM_SPLITTER_H
-#include "main/snort_types.h"
#include "stream/stream_splitter.h"
bool hi_paf_init(uint32_t cap);
** - 2.10.03: Initial Developments. DJR
** - 2.4.05: Added tab_uri_delimiter config option. AJM.
*/
-#include "hi_ui_config.h"
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "hi_ui_config.h"
#include "utils/util.h"
-#include "hi_return_codes.h"
+
#include "hi_cmd_lookup.h"
+#include "hi_return_codes.h"
HTTPINSPECT_GLOBAL_CONF::HTTPINSPECT_GLOBAL_CONF()
{
#ifndef HI_UI_CONFIG_H
#define HI_UI_CONFIG_H
-#include "hi_include.h"
-#include "sfrt/sfrt.h"
-#include "sfip/sf_ip.h"
-#include "mime/file_mime_process.h"
-#include "file_api/file_api.h"
-#include "decompress/file_decomp.h"
#include "framework/bits.h"
-#include "utils/util.h"
+#include "mime/file_mime_process.h"
#include "utils/kmap.h"
#define HI_UI_CONFIG_MAX_HDR_DEFAULT 0
** - Initial development. DJR
*/
-#include "hi_ui_iis_unicode_map.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
+#include "hi_ui_iis_unicode_map.h"
#include <sstream>
-#include <string>
#include "utils/util.h"
-#include "hi_ui_config.h"
+
#include "hi_return_codes.h"
#define MAX_BUFFER 50000
#ifndef HI_UI_IIS_UNICODE_MAP_H
#define HI_UI_IIS_UNICODE_MAP_H
-#include "hi_include.h"
-#include "hi_ui_config.h"
+#include <cstdint>
/*
** This is the define for the iis_unicode_map array when there is no
#ifndef HI_UTIL_H
#define HI_UTIL_H
-#include <strings.h>
-#include "hi_include.h"
-
/*
** This function checks for in bounds condition on buffers.
**
#include "config.h"
#endif
-#include <assert.h>
-#include <string.h>
-#include <sys/types.h>
-
// FIXIT-L all snort includes should use <form> instead of "form"
#include "log/messages.h"
-#include "protocols/packet.h"
-#include "main/snort_debug.h"
-#include "decompress/file_decomp.h"
-#include "profiler/profiler.h"
-#include "file_api/file_api.h"
#include "file_api/file_service.h"
-#include "mime/decode_base.h"
-#include "utils/util.h"
-#include "framework/inspector.h"
#include "managers/inspector_manager.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
-#include "hi_client.h"
-#include "hi_ui_config.h"
-#include "hi_module.h"
-#include "hi_norm.h"
+#include "hi_events.h"
+#include "hi_include.h"
#include "hi_main.h"
-#include "hi_cmd_lookup.h"
+#include "hi_module.h"
#include "hi_stream_splitter.h"
+#include "hi_ui_config.h"
int hex_lookup[256];
int valid_lookup[256];
#include <array>
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "flow/flow.h"
+#include "framework/cursor.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/cursor.h"
-#include "framework/inspector.h"
#include "framework/module.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
enum PsIdx
{
#include "config.h"
#endif
-#include <string>
-
-#include "detection/detection_defines.h"
#include "framework/cursor.h"
+#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
#include "hash/sfhashfcn.h"
#include "config.h"
#endif
-#include <sys/types.h>
-#include <stdlib.h>
-#include <ctype.h>
-
-#include "main/snort_types.h"
-#include "main/thread.h"
#include "detection/detection_defines.h"
-#include "detection/treenodes.h"
+#include "framework/decode_data.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
#include "framework/range.h"
#include "hash/sfhashfcn.h"
-#include "protocols/packet.h"
-#include "protocols/tcp.h"
#include "profiler/profiler.h"
-#include "utils/stats.h"
static const char* s_name = "pkt_num";
static const char* s_help = "alert on raw packet number";
#include "config.h"
#endif
-#include <sys/types.h>
-#include <stdlib.h>
-#include <ctype.h>
-
-#include "main/snort_types.h"
-#include "main/thread.h"
#include "detection/detection_defines.h"
-#include "detection/treenodes.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
#include "framework/range.h"
#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
#include "protocols/packet.h"
#include "protocols/tcp.h"
-#include "profiler/profiler.h"
static const char* s_name = "urg";
static const char* s_help = "detection for TCP urgent pointer";
#include "config.h"
#endif
-#include <ctype.h>
-#include <string.h>
-
-#include <algorithm>
#include <iostream>
-#include "main/snort_types.h"
+#include "detection/signature.h"
+#include "events/event.h"
#include "framework/logger.h"
#include "framework/module.h"
-#include "protocols/packet.h"
-#include "detection/signature.h"
using namespace std;
#include "config.h"
#endif
-#include <sys/types.h>
-#include <string.h>
#include <sys/un.h>
-#include <unistd.h>
-#include <errno.h>
-#include <string>
-
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "framework/logger.h"
-#include "framework/module.h"
#include "detection/signature.h"
#include "events/event.h"
+#include "framework/logger.h"
+#include "framework/module.h"
+#include "log/messages.h"
#include "protocols/packet.h"
#include "utils/util.h"
#include "config.h"
#endif
-#include <sys/types.h>
-
#include "framework/logger.h"
#include "framework/module.h"
#include "config.h"
#endif
-#include "sfksearch.h"
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
#include "log/messages.h"
#include "framework/mpse.h"
-#include "profiler/profiler.h"
+
+#include "sfksearch.h"
//-------------------------------------------------------------------------
// "lowmem"
#include "config.h"
#endif
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <ctype.h>
-
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
+#include "sfksearch.h"
+
+#include <cassert>
+
#include "main/thread.h"
#include "utils/util.h"
-#include "sfksearch.h"
-
static void KTrieFree(KTRIENODE* n);
static unsigned int mtot = 0;
//--------------------------------------------------------------------------
// trie_api.cc author Russ Combs <rucombs@cisco.com>
-#include "framework/mpse.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "framework/base_api.h"
+#include "main/snort_types.h"
extern const BaseApi* se_lowmem;
#include "config.h"
#endif
-#include <assert.h>
-#include <string.h>
+#include "sid_18758.h"
-#include "main/snort_types.h"
-#include "framework/so_rule.h"
#include "detection/detection_defines.h"
-#include "sid_18758.h"
+#include "framework/so_rule.h"
static int eval(void*, Cursor&, Packet*)
{
+#ifndef SID_18758_H
+#define SID_18758_H
+
+#include <cstdint>
+
const uint8_t rule_18758[] =
{
0x61, 0x6C, 0x65, 0x72, 0x74, 0x20, 0x74, 0x63, 0x70, 0x20, 0x24, 0x48, 0x4F, 0x4D, 0x45, 0x5F,
0x20, 0x20, 0x20, 0x73, 0x6F, 0x3A, 0x65, 0x76, 0x61, 0x6C, 0x3B, 0x0A, 0x29, 0x0A, 0x00,
};
const unsigned rule_18758_len = 0;
+
+#endif
#include "config.h"
#endif
-#include <sys/types.h>
#include <sys/stat.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "packet_io/active.h"
-#include "parser/parser.h"
#include "framework/ips_action.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "log/messages.h"
+#include "packet_io/active.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
#include "utils/util.h"
#define s_name "react"
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "packet_io/active.h"
-#include "utils/util.h"
#include "framework/ips_action.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "packet_io/active.h"
+#include "profiler/profiler.h"
#define REJ_RST_SRC 0x01
#define REJ_RST_DST 0x02
//--------------------------------------------------------------------------
// act_replace.cc author Russ Combs <rucombs@cisco.com>
-#include "act_replace.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string>
+#include "act_replace.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "framework/ips_action.h"
#include "framework/module.h"
-#include "protocols/packet.h"
#include "packet_io/active.h"
+#include "protocols/packet.h"
#define s_name "rewrite"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "actions.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "actions.h"
+
#include "detection/detect.h"
#include "detection/tag.h"
#include "packet_io/active.h"
// Define action types and provide hooks to apply a given action to a packet
-#include <stdint.h>
+#include <cstdint>
#define ACTION_LOG "log"
#define ACTION_PASS "pass"
//--------------------------------------------------------------------------
// ips_actions.cc author Russ Combs <rucombs@cisco.com>
-#include "ips_actions.h"
-#include "managers/plugin_manager.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "ips_actions.h"
+
+#include "managers/plugin_manager.h"
+
#ifdef STATIC_IPS_ACTIONS
extern const BaseApi* act_react[];
extern const BaseApi* act_reject[];
//--------------------------------------------------------------------------
// unit_test.h author Russ Combs <rucombs@cisco.com>
-#include "unit_test.h"
-
-#include <stdlib.h>
-#include <string.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <vector>
-#include <string>
+#include "unit_test.h"
#define CATCH_CONFIG_RUNNER
#include "catch.hpp"
// Unresolved external symbol declarations and references.
SNORT_CATCH_FORCED_INCLUSION_EXTERN(bitop_test);
+SNORT_CATCH_FORCED_INCLUSION_EXTERN(lua_stack_test);
SNORT_CATCH_FORCED_INCLUSION_EXTERN(sfdaq_module_test);
SNORT_CATCH_FORCED_INCLUSION_EXTERN(sfip_test);
SNORT_CATCH_FORCED_INCLUSION_EXTERN(sfrf_test);
bool catch_extern_tests[] =
{
SNORT_CATCH_FORCED_INCLUSION_SYMBOL(bitop_test),
+ SNORT_CATCH_FORCED_INCLUSION_SYMBOL(lua_stack_test),
SNORT_CATCH_FORCED_INCLUSION_SYMBOL(sfdaq_module_test),
SNORT_CATCH_FORCED_INCLUSION_SYMBOL(sfip_test),
SNORT_CATCH_FORCED_INCLUSION_SYMBOL(sfrf_test),
//--------------------------------------------------------------------------
// codec_api.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include "codec_api.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "codec_api.h"
+
#include "framework/codec.h"
#include "managers/plugin_manager.h"
//--------------------------------------------------------------------------
// codec_module.cc author Josh Rosenbaum <jrosenba@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "codecs/codec_module.h"
#define codec_module_help \
#include "config.h"
#endif
-#include "framework/codec.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/ipv6.h"
-#include "protocols/packet.h"
#include "codecs/codec_module.h"
+#include "framework/codec.h"
#include "main/snort_config.h"
#define CD_AUTH_NAME "auth"
#include "config.h"
#endif
-#include "framework/codec.h"
-#include "log/messages.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/packet.h"
#include "codecs/codec_module.h"
+#include "framework/codec.h"
#include "main/snort_config.h"
#define CD_DSTOPTS_NAME "ipv6_dst_opts"
#include "config.h"
#endif
+#include "codecs/codec_module.h"
#include "framework/codec.h"
#include "main/snort_config.h"
-#include "protocols/protocol_ids.h"
-#include "codecs/codec_module.h"
#define CD_ESP_NAME "esp"
#define CD_ESP_HELP "support for encapsulating security payload"
#include "framework/codec.h"
#include "log/text_log.h"
#include "main/snort_config.h"
-#include "protocols/ipv6.h"
-#include "protocols/packet.h"
-#include "protocols/packet_manager.h"
-#include "protocols/protocol_ids.h"
#define CD_IPV6_FRAG_NAME "ipv6_frag"
#define CD_IPV6_FRAG_HELP "support for IPv6 fragment decoding"
#include "config.h"
#endif
+#include "codecs/codec_module.h"
#include "framework/codec.h"
-#include "protocols/packet.h"
-#include "protocols/protocol_ids.h"
#include "protocols/gre.h"
#include "log/text_log.h"
-#include "protocols/packet_manager.h"
-#include "codecs/codec_module.h"
#define CD_GRE_NAME "gre"
#define CD_GRE_HELP "support for generic routing encapsulation"
#include "codecs/codec_module.h"
#include "framework/codec.h"
-#include "protocols/ipv6.h"
#include "main/snort_config.h"
-#include "protocols/protocol_ids.h"
#define CD_HOPOPTS_NAME "ipv6_hop_opts"
#define CD_HOPOPTS_HELP "support for IPv6 hop options"
#endif
#include "codecs/codec_module.h"
-#include "codecs/ip/checksum.h"
#include "framework/codec.h"
#include "log/text_log.h"
#include "main/snort_config.h"
#include "protocols/icmp4.h"
+#include "checksum.h"
+
#define CD_ICMP4_NAME "icmp4"
#define CD_ICMP4_HELP "support for Internet control message protocol v4"
#include "config.h"
#endif
-#include "main/snort_config.h"
+#include "codecs/codec_module.h"
#include "framework/codec.h"
+#include "log/text_log.h"
+#include "main/snort_config.h"
#include "protocols/icmp6.h"
#include "protocols/icmp4.h"
-#include "codecs/codec_module.h"
-#include "codecs/codec_module.h"
-#include "codecs/ip/checksum.h"
-#include "packet_io/active.h"
-#include "log/text_log.h"
-#include "main/snort_debug.h"
#include "utils/util.h"
+#include "checksum.h"
+
#define CD_ICMP6_NAME "icmp6"
#define CD_ICMP6_HELP "support for Internet control message protocol v6"
#include "framework/codec.h"
#include "codecs/codec_module.h"
-#include "protocols/packet.h"
-#include "protocols/ipv4_options.h"
#define CD_IGMP_NAME "igmp"
#define CD_IGMP_HELP "support for Internet group management protocol"
#include "config.h"
#endif
-#include <arpa/inet.h>
-#include <array>
-
-#include "utils/dnet_header.h"
+#include "codecs/codec_module.h"
+#include "log/log_text.h"
+#include "log/messages.h"
#include "main/snort_config.h"
-
-#include "protocols/tcp.h"
-#include "protocols/ipv4.h"
-#include "protocols/packet_manager.h"
-
-#include "utils/stats.h"
#include "packet_io/active.h"
-#include "codecs/ip/checksum.h"
-#include "main/thread.h"
-#include "codecs/codec_module.h"
+#include "parser/parse_ip.h"
#include "protocols/ip.h"
+#include "protocols/ipv4.h"
#include "protocols/ipv4_options.h"
-#include "log/messages.h"
-#include "log/text_log.h"
-#include "log/log_text.h"
+#include "protocols/tcp.h"
#include "sfip/sf_ipvar.h"
-#include "parser/parse_ip.h"
+#include "utils/dnet_header.h"
+
+#include "checksum.h"
#define CD_IPV4_NAME "ipv4"
#define CD_IPV4_HELP "support for Internet protocol v4"
#include "config.h"
#endif
-#include <arpa/inet.h>
-#include <limits>
-
-#include "protocols/ipv6.h"
#include "codecs/codec_module.h"
#include "framework/codec.h"
+#include "log/text_log.h"
#include "main/snort_config.h"
#include "packet_io/active.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/packet_manager.h"
-#include "log/text_log.h"
-#include "sfip/sf_ip.h"
#define CD_IPV6_NAME "ipv6"
#define CD_IPV6_HELP "support for Internet protocol v6"
#include "config.h"
#endif
+#include "codecs/codec_module.h"
#include "framework/codec.h"
#include "main/snort_config.h"
-#include "codecs/codec_module.h"
// yes, macros are necessary. The API and class constructor require different strings.
#define CD_MOBILE_NAME "ipv6_mobility"
#include "config.h"
#endif
-#include "framework/codec.h"
#include "codecs/codec_module.h"
-#include "protocols/protocol_ids.h"
+#include "framework/codec.h"
#include "main/snort_config.h"
namespace
#include "config.h"
#endif
-#include "framework/codec.h"
#include "codecs/codec_module.h"
-#include "codecs/ip/checksum.h"
-#include "protocols/packet.h"
+#include "framework/codec.h"
+
+#include "checksum.h"
namespace
{
#include "config.h"
#endif
-#include "framework/codec.h"
#include "codecs/codec_module.h"
-#include "protocols/protocol_ids.h"
+#include "framework/codec.h"
#include "main/snort_config.h"
-#include "protocols/ipv6.h"
#define CD_IPV6_ROUTING_NAME "ipv6_routing"
#define CD_IPV6_ROUTING_HELP "support for IPv6 routing extension"
#include "config.h"
#endif
-#include "framework/codec.h"
#include "codecs/codec_module.h"
+#include "framework/codec.h"
namespace
{
#include "config.h"
#endif
-#include "framework/codec.h"
#include "codecs/codec_module.h"
+#include "framework/codec.h"
#define CD_SWIPE_NAME "swipe"
#define CD_SWIPE_HELP "support for Swipe"
#include "config.h"
#endif
-#include "framework/codec.h"
#include "codecs/codec_module.h"
-#include "codecs/ip/checksum.h"
+#include "framework/codec.h"
+#include "log/log.h"
+#include "log/log_text.h"
+#include "main/snort_config.h"
+#include "parser/parse_ip.h"
#include "protocols/tcp.h"
#include "protocols/tcp_options.h"
-#include "protocols/ipv6.h"
-#include "protocols/packet.h"
-#include "packet_io/active.h"
-#include "packet_io/sfdaq.h"
-#include "parser/parse_ip.h"
#include "sfip/sf_ipvar.h"
-#include "log/text_log.h"
-#include "log/log_text.h"
-#include "log/log.h"
-#include "protocols/packet_manager.h"
#include "utils/util.h"
+#include "checksum.h"
+
#define CD_TCP_NAME "tcp"
#define CD_TCP_HELP "support for transmission control protocol"
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string.h>
-#include "utils/dnet_header.h"
#include "codecs/codec_module.h"
-#include "protocols/udp.h"
-#include "protocols/teredo.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/icmp4.h"
-#include "protocols/ipv4.h"
-#include "protocols/protocol_ids.h"
-#include "codecs/ip/checksum.h"
-#include "log/text_log.h"
#include "framework/codec.h"
-#include "packet_io/active.h"
-#include "parser/config_file.h"
+#include "log/text_log.h"
#include "main/snort_config.h"
-#include "main/snort_debug.h"
+#include "protocols/teredo.h"
+#include "protocols/udp.h"
#include "utils/util.h"
+#include "checksum.h"
+
#define CD_UDP_NAME "udp"
#define CD_UDP_HELP "support for user datagram protocol"
#ifndef CODECS_CHECKSUM_H
#define CODECS_CHECKSUM_H
-#include <stdint.h>
-#include <stdlib.h>
#include <cstddef>
#include <protocols/protocol_ids.h>
//--------------------------------------------------------------------------
// cd_arp.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include "framework/codec.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "codecs/codec_module.h"
-#include "protocols/protocol_ids.h"
+#include "framework/codec.h"
#include "protocols/arp.h"
-#include "protocols/packet.h"
-#include "log/text_log.h"
#define CD_ARP_NAME "arp"
#define CD_ARP_HELP "support for address resolution protocol"
//--------------------------------------------------------------------------
// cd_ciscometadata.cc author Bhagya Tholpady <bbantwal@cisco.com>
-#include "framework/codec.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "codecs/codec_module.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/packet.h"
+#include "framework/codec.h"
#define CD_CISCOMETADATA_NAME "ciscometadata"
#define CD_CISCOMETADATA_HELP "support for cisco metadata"
//--------------------------------------------------------------------------
// cd_erspan2.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include "framework/codec.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "codecs/codec_module.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/packet.h"
+#include "framework/codec.h"
#define CD_ERSPAN2_NAME "erspan2"
#define CD_ERSPAN2_HELP "support for encapsulated remote switched port analyzer - type 2"
//--------------------------------------------------------------------------
// cd_erspan3.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include <arpa/inet.h>
-#include "framework/codec.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "codecs/codec_module.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/packet.h"
+#include "framework/codec.h"
#define CD_ERSPAN3_NAME "erspan3"
#define CD_ERSPAN3_HELP "support for encapsulated remote switched port analyzer - type 3"
//--------------------------------------------------------------------------
// cd_fabricpath.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include "framework/codec.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "codecs/codec_module.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/packet.h"
+#include "framework/codec.h"
#define CD_FABRICPATH_NAME "fabricpath"
#define CD_FABRICPATH_HELP "support for fabricpath"
//--------------------------------------------------------------------------
// cd_mpls.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include "framework/codec.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "codecs/codec_module.h"
-#include "protocols/mpls.h"
-#include "packet_io/active.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/mpls.h"
+#include "flow/flow.h"
+#include "framework/codec.h"
#include "main/snort_config.h"
-#include "log/text_log.h"
#include "utils/safec.h"
#define CD_MPLS_NAME "mpls"
#endif
#include "framework/codec.h"
-#include "protocols/protocol_ids.h"
-#include "main/snort_config.h"
#include "main/snort_debug.h"
#define CD_PPPENCAP_NAME "ppp_encap"
//--------------------------------------------------------------------------
// cd_pppoe.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include "framework/codec.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "codecs/codec_module.h"
-#include "protocols/packet.h"
-#include "protocols/layer.h"
-#include "main/snort_debug.h"
+#include "framework/codec.h"
namespace
{
#include "config.h"
#endif
-#include "framework/codec.h"
#include "codecs/codec_module.h"
-
+#include "framework/codec.h"
#include "protocols/eth.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/packet.h"
namespace
{
#include "config.h"
#endif
-#include "protocols/packet.h"
-#include "framework/codec.h"
#include "codecs/codec_module.h"
-#include "protocols/vlan.h"
-#include "protocols/eth.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/packet_manager.h"
+#include "framework/codec.h"
#include "log/text_log.h"
+#include "protocols/vlan.h"
#define CD_VLAN_NAME "vlan"
#define CD_VLAN_HELP "support for local area network"
//--------------------------------------------------------------------------
// cd_default.cc author Josh Rosenbaum <jrosenba@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "framework/codec.h"
-#include "protocols/protocol_ids.h"
#define CD_DEFAULT_NAME "unknown"
#define CD_DEFAULT_HELP "support for unkown protocols"
#include "config.h"
#endif
-#include "main/snort_debug.h"
+#include "codecs/codec_module.h"
#include "framework/codec.h"
-#include "protocols/packet.h"
+#include "main/snort_config.h"
#include "packet_io/active.h"
-#include "protocols/protocol_ids.h"
-#include "codecs/codec_module.h"
#define CD_GTP_NAME "gtp"
#define CD_GTP_HELP "support for general-packet-radio-service tunnelling protocol"
#include "config.h"
#endif
+#include "codecs/codec_module.h"
#include "framework/codec.h"
-#include "protocols/ipv4.h"
-#include "protocols/packet.h"
-#include "protocols/tcp.h"
#include "log/text_log.h"
#include "main/snort_config.h"
-#include "log/messages.h"
-#include "protocols/packet_manager.h"
#include "protocols/icmp4.h"
+#include "protocols/packet_manager.h"
+#include "protocols/tcp.h"
#include "protocols/udp.h"
-#include "codecs/codec_module.h"
namespace
{
#include "config.h"
#endif
-#include "framework/codec.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/ipv6.h"
-#include "protocols/packet.h"
#include "codecs/codec_module.h"
+#include "framework/codec.h"
// yes, macros are necessary. The API and class constructor require different strings.
//
#include "config.h"
#endif
-#include "framework/codec.h"
-#include "codecs/codec_module.h"
-#include "protocols/packet.h"
-#include "framework/module.h"
#include "codecs/codec_module.h"
+#include "framework/codec.h"
#include "log/text_log.h"
-#include "protocols/packet_manager.h"
#define LLC_NAME "llc"
#define LLC_HELP "support for logical link control"
#endif
#include "framework/codec.h"
+#include "main/snort_config.h"
#include "packet_io/active.h"
-#include "main/snort_types.h"
-#include "protocols/packet.h"
#include "protocols/teredo.h"
-#include "protocols/protocol_ids.h"
#define CD_TEREDO_NAME "teredo"
#define CD_TEREDO_HELP "support for teredo"
#include "config.h"
#endif
-#include "framework/codec.h"
+#include <daq_common.h>
+
#include "daqs/daq_user.h"
-#include "protocols/packet.h"
-#include "sfip/sf_ip.h"
+#include "framework/codec.h"
#define CD_NAME "user"
#define CD_HELP_STR "support for user sessions"
#include "config.h"
#endif
-extern "C" {
#include <sfbpf_dlt.h>
-}
#include "codecs/codec_module.h"
#include "framework/codec.h"
-#include "protocols/packet.h"
+#include "log/text_log.h"
#include "protocols/eth.h"
#include "protocols/packet_manager.h"
-#include "log/text_log.h"
#define CD_ETH_NAME "eth"
#define CD_ETH_HELP_STR "support for ethernet protocol"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "connectors.h"
#include "framework/connector.h"
// file_connector.cc author Ed Borgoyn <eborgoyn@cisco.com>
-#include "file_connector.h"
-
-#include <assert.h>
-#include <glob.h>
-#include <stdio.h>
-#include <sys/types.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <fstream>
-#include <string>
-#include <vector>
+#include "file_connector.h"
-#include "file_connector_module.h"
-#include "main/snort_types.h"
#include "main/snort_debug.h"
-#include "main/thread.h"
-#include "profiler/profiler.h"
-#include "parser/parser.h"
+#include "profiler/profiler_defs.h"
#include "side_channel/side_channel.h"
-#include "framework/connector.h"
+
+#include "file_connector_module.h"
/* Globals ****************************************************************/
#include <fstream>
-#include "file_connector_config.h"
#include "framework/connector.h"
-#include "main/thread.h"
-#include "profiler/profiler.h"
+
+#include "file_connector_config.h"
#define FILE_FORMAT_VERSION (1)
// file_connector_module.cc author Ed Borgoyn <eborgoyn@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "file_connector_module.h"
#include "main/snort_debug.h"
#ifndef FILE_CONNECTOR_MODULE_H
#define FILE_CONNECTOR_MODULE_H
-#include "file_connector_config.h"
#include "framework/module.h"
-#include "main/thread.h"
+
+#include "file_connector_config.h"
#define FILE_CONNECTOR_NAME "file_connector"
#define FILE_CONNECTOR_HELP "implement the file based connector"
// file_connector_module_test.cc author Ed Borgoyn <eborgoyn@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "connectors/file_connector/file_connector_module.h"
#include "profiler/profiler.h"
// file_connector_test.cc author Ed Borgoyn <eborgoyn@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "connectors/file_connector/file_connector.h"
#include "connectors/file_connector/file_connector_module.h"
// tcp_connector.cc author Ed Borgoyn <eborgoyn@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_connector.h"
-#include <assert.h>
-#include <glob.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
#include <netdb.h>
#include <poll.h>
+#include <sys/socket.h>
+#include <unistd.h>
-#include <fstream>
-#include <string>
-#include <thread>
-#include <vector>
-
-#include "helpers/ring.h"
-#include "tcp_connector_module.h"
#include "log/messages.h"
-#include "main/snort_types.h"
#include "main/snort_debug.h"
#include "main/thread.h"
-#include "profiler/profiler.h"
-#include "parser/parser.h"
-#include "side_channel/side_channel.h"
-#include "framework/connector.h"
+#include "profiler/profiler_defs.h"
+
+#include "tcp_connector_module.h"
/* Globals ****************************************************************/
#ifndef TCP_CONNECTOR_H
#define TCP_CONNECTOR_H
-#include <fstream>
#include <thread>
-#include "tcp_connector_config.h"
#include "framework/connector.h"
#include "helpers/ring.h"
-#include "main/thread.h"
-#include "profiler/profiler.h"
+
+#include "tcp_connector_config.h"
#define TCP_FORMAT_VERSION (1)
// tcp_connector_module.cc author Ed Borgoyn <eborgoyn@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_connector_module.h"
#include "main/snort_debug.h"
#ifndef TCP_CONNECTOR_MODULE_H
#define TCP_CONNECTOR_MODULE_H
-#include "tcp_connector_config.h"
#include "framework/module.h"
-#include "main/thread.h"
+
+#include "tcp_connector_config.h"
#define TCP_CONNECTOR_NAME "tcp_connector"
#define TCP_CONNECTOR_HELP "implement the tcp stream connector"
// tcp_connector_module_test.cc author Ed Borgoyn <eborgoyn@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "connectors/tcp_connector/tcp_connector_module.h"
#include "profiler/profiler.h"
// tcp_connector_test.cc author Ed Borgoyn <eborgoyn@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "connectors/tcp_connector/tcp_connector.h"
#include "connectors/tcp_connector/tcp_connector_module.h"
-#include <sys/socket.h>
-#include <sys/poll.h>
#include <netdb.h>
+#include <sys/poll.h>
+#include <sys/socket.h>
+#include <unistd.h>
#include "main/snort_debug.h"
// Allow functions to be registered to be called when packet
// processing is idle.
-#include "idle_processing.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "idle_processing.h"
+
#include <vector>
#ifdef UNIT_TEST
// file_decomp.cc author Ed Borgoyn <eborgoyn@sourcefire.com>
-#include "file_decomp.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#ifdef HAVE_LZMA
-#include <lzma.h>
-#endif
+#include "file_decomp.h"
-#include <zlib.h>
+#include <cassert>
-#include "main/snort_types.h"
-#include "utils/util.h"
#include "detection/detection_util.h"
+#include "utils/util.h"
#include "file_decomp_pdf.h"
#include "file_decomp_swf.h"
// File_Decomp global typedefs (used in child objects)
-#include <stdint.h>
-#include <string.h>
+#include <cstring>
#include "main/snort_types.h"
// file_decomp_pdf.cc author Ed Borgoyn <eborgoyn@sourcefire.com>
-#include "file_decomp_pdf.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include <zlib.h>
+#include "file_decomp_pdf.h"
#include "main/thread.h"
#include "utils/util.h"
#ifndef FILE_DECOMP_PDF_H
#define FILE_DECOMP_PDF_H
-#include <stdint.h>
#include <zlib.h>
#include "file_decomp.h"
// file_decomp_swf.cc author Ed Borgoyn <eborgoyn@sourcefire.com>
-#include "file_decomp_swf.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <zlib.h>
-#include <string.h>
-
-#ifdef HAVE_LZMA
-#include <lzma.h>
-#endif
+#include "file_decomp_swf.h"
#include "utils/util.h"
#ifndef FILE_DECOMP_SWF_H
#define FILE_DECOMP_SWF_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <stdint.h>
-#include <zlib.h>
-
#ifdef HAVE_LZMA
#include <lzma.h>
#endif
+#include <zlib.h>
#include "file_decomp.h"
detection_defines.h
detection_options.h
detection_util.h
- pattern_match_data.h
rule_option_types.h
rules.h
signature.h
fp_detect.h
fp_utils.cc
fp_utils.h
+ pattern_match_data.h
pcrm.cc
pcrm.h
service_map.cc
x_include_HEADERS = \
detect.h \
detection_defines.h \
-detection_options.h \
detection_util.h \
-pattern_match_data.h \
rule_option_types.h \
rules.h \
signature.h \
libdetection_a_SOURCES = \
detect.cc \
detection_options.cc \
+detection_options.h \
detection_util.cc \
fp_config.cc \
fp_config.h \
fp_detect.h \
fp_utils.cc \
fp_utils.h \
+pattern_match_data.h \
pcrm.cc \
pcrm.h \
service_map.cc \
**
*/
-#include "detect.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#define FASTPKT
-
-#include <string.h>
-#include <stdlib.h>
-
-#include "detection_defines.h"
-#include "fp_detect.h"
-#include "tag.h"
+#include "detect.h"
+#include "events/event.h"
#include "latency/packet_latency.h"
+#include "main/snort_config.h"
+#include "main/snort_debug.h"
#include "managers/event_manager.h"
#include "managers/inspector_manager.h"
#include "packet_io/active.h"
#include "stream/stream.h"
#include "utils/stats.h"
+#include "detection_defines.h"
+#include "fp_detect.h"
+#include "tag.h"
+#include "treenodes.h"
+
#define CHECK_SRC_IP 0x01
#define CHECK_DST_IP 0x02
#define INVERSE 0x04
#ifndef DETECT_H
#define DETECT_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "protocols/packet.h"
#include "detection/rules.h"
-#include "detection/treenodes.h"
-#include "log/log.h"
-#include "events/event.h"
+#include "main/snort_types.h"
+#include "main/thread.h"
+struct Event;
struct ProfileStats;
+struct RuleFpList;
+struct RuleTreeNode;
extern THREAD_LOCAL bool do_detect;
extern THREAD_LOCAL bool do_detect_content;
** detection options only once per pattern match.
*/
-#include "detection_options.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "detection_defines.h"
-#include "detection_util.h"
-#include "treenodes.h"
-#include "fp_create.h"
-#include "fp_detect.h"
-#include "pattern_match_data.h"
-#include "rules.h"
+#include "detection_options.h"
-#include "profiler/profiler.h"
-#include "utils/util.h"
-#include "hash/sfxhash.h"
+#include "filters/detection_filter.h"
+#include "framework/cursor.h"
#include "hash/sfhashfcn.h"
-#include "parser/parser.h"
+#include "hash/sfxhash.h"
#include "ips_options/ips_byte_extract.h"
#include "ips_options/ips_flowbits.h"
-#include "ips_options/ips_pcre.h"
-#include "filters/detection_filter.h"
#include "latency/packet_latency.h"
+#include "latency/rule_latency_state.h"
#include "log/messages.h"
+#include "main/snort_config.h"
#include "main/thread_config.h"
-#include "framework/ips_option.h"
-#include "framework/cursor.h"
#include "managers/ips_manager.h"
+#include "parser/parser.h"
+#include "profiler/rule_profiler_defs.h"
#include "protocols/packet_manager.h"
+#include "utils/util.h"
+
+#include "detection_defines.h"
+#include "fp_detect.h"
+#include "pattern_match_data.h"
#define HASH_RULE_OPTIONS 16384
#define HASH_RULE_TREE 8192
// Eval, profiling, and latency data are attached in an array sized per max
// packet threads.
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#include <sys/time.h>
+
#include "detection/rule_option_types.h"
-#include "main/snort_types.h"
-#include "latency/rule_latency_state.h"
#include "time/clock_defs.h"
struct Packet;
+struct RuleLatencyState;
struct SFXHASH;
typedef int (* eval_func_t)(void* option_data, class Cursor&, Packet*);
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "detection_util.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <time.h>
-#include <string>
+#include "detection_util.h"
-#include "main/snort_config.h"
+#include "events/event.h"
#include "log/text_log.h"
-#include "actions/actions.h"
+#include "protocols/packet.h"
#include "utils/stats.h"
+#include "treenodes.h"
+
THREAD_LOCAL DataPointer g_file_data;
#define LOG_CHARS 16
// it provides file and alt data pointers, event trace foo, and
// some http stuff.
-#include <assert.h>
-
-#include "main/snort_types.h"
#include "main/snort_config.h"
-#include "main/snort_debug.h"
-#include "detection/detect.h"
-#include "protocols/packet.h"
#define DECODE_BLEN 65535
** Marc Norton <mnorton@sourcefire.com>
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "fp_config.h"
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
+#include <cassert>
+#include <cstring>
-#include "fp_config.h"
-#include "framework/mpse.h"
-#include "managers/mpse_manager.h"
#include "log/messages.h"
+#include "managers/mpse_manager.h"
FastPatternConfig::FastPatternConfig()
{
**
*/
-#include "fp_create.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
+#include "fp_create.h"
-#include "main/snort_config.h"
+#include "framework/mpse.h"
#include "hash/sfghash.h"
-#include "ips_options/ips_flow.h"
-#include "utils/util.h"
-#include "utils/stats.h"
-#include "utils/sflsq.h"
-#include "parser/parser.h"
+#include "log/messages.h"
+#include "main/snort_config.h"
+#include "managers/mpse_manager.h"
#include "parser/parse_rule.h"
+#include "parser/parser.h"
#include "ports/port_table.h"
-#include "ports/port_utils.h"
#include "ports/rule_port_tables.h"
-#include "framework/mpse.h"
-#include "framework/ips_option.h"
-#include "log/messages.h"
-#include "managers/mpse_manager.h"
-#include "target_based/snort_protocols.h"
+#include "utils/stats.h"
+#include "utils/util.h"
+#include "detection_options.h"
#include "fp_config.h"
-#include "service_map.h"
-#include "rules.h"
-#include "treenodes.h"
-#include "fp_detect.h"
#include "fp_utils.h"
-#include "detection_options.h"
-#include "detection_defines.h"
-#include "sfrim.h"
#include "pattern_match_data.h"
+#include "pcrm.h"
+#include "service_map.h"
+#include "treenodes.h"
static unsigned mpse_count = 0;
static const char* s_group = "";
// this is where rule groups are compiled and MPSE are instantiated
-#include "detection/pcrm.h"
#include "ports/port_group.h"
-#include "target_based/snort_protocols.h"
struct SnortConfig;
**
*/
-#include "fp_detect.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <strings.h>
-
-#include "detect.h"
-#include "fp_config.h"
-#include "fp_create.h"
-#include "service_map.h"
-#include "detection_util.h"
-#include "detection_options.h"
-#include "pattern_match_data.h"
-#include "pcrm.h"
-#include "tag.h"
-#include "rules.h"
-#include "treenodes.h"
+#include "fp_detect.h"
+#include "events/event.h"
+#include "filters/rate_filter.h"
+#include "filters/sfthreshold.h"
+#include "framework/cursor.h"
+#include "framework/mpse.h"
#include "latency/packet_latency.h"
#include "latency/rule_latency.h"
#include "log/messages.h"
#include "main/snort_config.h"
#include "main/snort_debug.h"
-#include "framework/cursor.h"
-#include "framework/inspector.h"
-#include "framework/ips_action.h"
-#include "framework/mpse.h"
-#include "filters/sfthreshold.h"
-#include "filters/rate_filter.h"
-#include "events/event_wrapper.h"
-#include "packet_io/active.h"
-#include "parser/parser.h"
-#include "utils/sflsq.h"
-#include "utils/util.h"
-#include "profiler/profiler.h"
-#include "actions/actions.h"
-#include "sfip/sf_ip.h"
#include "managers/action_manager.h"
+#include "parser/parser.h"
+#include "profiler/profiler_defs.h"
+#include "protocols/icmp4.h"
#include "protocols/packet_manager.h"
-#include "protocols/tcp.h"
#include "protocols/udp.h"
-#include "protocols/icmp4.h"
#include "search_engines/pat_stats.h"
#include "stream/stream.h"
#include "utils/stats.h"
+#include "utils/util.h"
+
+#include "detect.h"
+#include "detection_options.h"
+#include "detection_util.h"
+#include "fp_config.h"
+#include "fp_create.h"
+#include "pattern_match_data.h"
+#include "pcrm.h"
+#include "service_map.h"
THREAD_LOCAL ProfileStats rulePerfStats;
THREAD_LOCAL ProfileStats ruleRTNEvalPerfStats;
// rule groups are selected based on traffic and any fast pattern
// matches trigger rule tree evaluation.
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "utils/sflsq.h"
+#include "main/thread.h"
#define REBUILD_FLAGS (PKT_REBUILT_FRAG | PKT_REBUILT_STREAM)
+struct Packet;
+struct PortGroup;
struct ProfileStats;
struct OptTreeNode;
-struct PortGroup;
extern THREAD_LOCAL ProfileStats rulePerfStats;
extern THREAD_LOCAL ProfileStats ruleRTNEvalPerfStats;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "fp_utils.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string.h>
+#include "fp_utils.h"
-#ifdef UNIT_TEST
-#include "catch/catch.hpp"
-#endif
+#include <cassert>
+#include <cstring>
#include "ips_options/ips_flow.h"
#include "log/messages.h"
+#include "main/thread_config.h"
#include "ports/port_group.h"
#include "target_based/snort_protocols.h"
+#include "utils/util.h"
+
+#ifdef UNIT_TEST
+#include "catch/catch.hpp"
+#endif
#include "pattern_match_data.h"
#include "treenodes.h"
#ifndef PATTERN_MATCH_DATA_H
#define PATTERN_MATCH_DATA_H
-#include <assert.h>
-#include <ctype.h>
#include <sys/time.h>
#include <vector>
-#include "detection/treenodes.h"
#include "framework/ips_option.h" // FIXIT-L not a good dependency
-#include "main/snort_types.h"
-#include "main/thread_config.h"
-#include "utils/util.h"
struct PmdLastCheck
{
** --------------------------------------------------------------------------
*/
-#include "pcrm.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
+#include "pcrm.h"
-#include "fp_config.h"
-#include "fp_create.h"
-#include "log/messages.h"
#include "main/snort_config.h"
#include "utils/util.h"
+#include "fp_config.h"
+
PORT_RULE_MAP* prmNewMap()
{
PORT_RULE_MAP* p = (PORT_RULE_MAP*)snort_calloc(sizeof(PORT_RULE_MAP));
// runle groups by source and dest ports as well as any
// (generic refers to any)
-#include "protocols/packet.h"
#include "ports/port_group.h"
+#include "protocols/packet.h"
#define ANYPORT (-1)
// misc rule and rule list support
// FIXIT-L refactor this header
-#include "main/snort_types.h"
#include "actions/actions.h"
#define EXCEPT_SRC_IP 0x0001
**
*/
-#include "service_map.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
+#include "service_map.h"
+
+#include <cassert>
#include "hash/sfghash.h"
#include "ips_options/ips_flow.h"
#include <vector>
-#include "detection/pcrm.h"
#include "target_based/snort_protocols.h"
+struct PortGroup;
struct SFGHASH;
struct SnortConfig;
// sfrim.c author Marc Norton
// modified to use a vector w/o a hard max
-#include "sfrim.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
+#include "sfrim.h"
+#include <cassert>
#include <vector>
#ifdef UNIT_TEST
//--------------------------------------------------------------------------
// Author(s): Andrew R. Baker <andrewb@sourcefire.com>
-#include "signature.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string.h>
-#include <ctype.h>
+#include "signature.h"
-#include "utils/util.h"
-#include "detection/rules.h"
-#include "detection/treenodes.h"
-#include "hash/sfghash.h"
#include "log/messages.h"
-#include "parser/parser.h"
#include "main/snort_config.h"
+#include "parser/parser.h"
+#include "utils/util.h"
+
+#include "treenodes.h"
/********************* Reference Implementation *******************************/
// basic non-detection signature info: gid, sid, rev, class, priority, etc.
-#include <sys/types.h>
-#include <stdio.h>
-
-#include "main/snort_types.h"
+#include <cstdint>
+#include <cstdio>
struct SnortConfig;
struct OptTreeNode;
//--------------------------------------------------------------------------
// Chris Green <cmg@sourcefire.com>
-#include "tag.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <sys/types.h>
-#include <stdlib.h>
-#include <rpc/types.h>
-#include <string.h>
-#include <ctype.h>
+#include "tag.h"
-#include "rules.h"
-#include "treenodes.h"
+#include "events/event.h"
+#include "hash/sfxhash.h"
#include "log/messages.h"
-#include "main/snort_debug.h"
#include "main/snort_config.h"
-#include "protocols/packet.h"
-#include "utils/util.h"
-#include "log/log.h"
+#include "main/snort_debug.h"
#include "parser/parser.h"
-#include "events/event.h"
-#include "hash/sfxhash.h"
+#include "protocols/packet.h"
#include "sfip/sf_ip.h"
+#include "utils/cpp_macros.h"
+#include "utils/util.h"
+
+#include "treenodes.h"
/* D E F I N E S **************************************************/
#define MAX_TAG_NODES 256
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "treenodes.h"
#include "framework/ips_option.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "utils/util.h"
-#include "detect.h"
-
OptFpList* AddOptFuncToList(RuleOptEvalFunc ro_eval_func, OptTreeNode* otn)
{
OptFpList* ofp = (OptFpList*)snort_calloc(sizeof(OptFpList));
// rule header (RTN) and body (OTN) nodes
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "main/snort_types.h"
+#include "actions/actions.h"
#include "detection/signature.h"
#include "detection/rule_option_types.h"
-#include "actions/actions.h"
+#include "main/snort_types.h"
#include "time/clock_defs.h"
class IpsOption;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "event.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <sys/types.h>
-#include <stdlib.h>
-#include <string.h>
+#include "event.h"
-#include "main/snort_config.h"
#include "detection/signature.h"
+#include "main/snort_config.h"
THREAD_LOCAL uint16_t event_id; // FIXIT-M also incremented in fpLogEvent()
THREAD_LOCAL SigInfo sig_info; // FIXIT-M move to stack
#ifndef EVENT_H
#define EVENT_H
-#include <sys/types.h>
-
-#include "main/snort_types.h"
#include "main/thread.h"
struct SigInfo;
** SnortEventqAdd() - only adds events that have an otn
**
*/
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "event_queue.h"
-#include "sfeventq.h"
-#include "event_wrapper.h"
#include "detection/fp_detect.h"
-#include "utils/util.h"
-#include "utils/stats.h"
#include "filters/sfthreshold.h"
#include "log/messages.h"
#include "parser/parser.h"
+#include "utils/stats.h"
+#include "utils/util.h"
+
+#include "sfeventq.h"
typedef struct s_SNORT_EVENTQ_USER
{
#ifndef EVENT_QUEUE_H
#define EVENT_QUEUE_H
-#include "main/snort_types.h"
#include "actions/actions.h"
+#include "main/snort_types.h"
#define SNORT_EVENTQ_PRIORITY 1
#define SNORT_EVENTQ_CONTENT_LEN 2
* an event, but the rule controls the alert/drop functionality.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "event_wrapper.h"
-#include "detection/rules.h"
-#include "detection/treenodes.h"
-#include "detection/signature.h"
#include "detection/fp_detect.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "parser/parser.h"
-#include "events/event.h"
-#include "detection/detect.h"
-#include "utils/util.h"
/*
* This function has been updated to find an otn and route the call to fpLogEvent
#ifndef EVENT_WRAPPER_H
#define EVENT_WRAPPER_H
-#include <stdint.h>
-#include "main/snort_types.h"
+#include <cstdint>
uint32_t GenerateSnortEvent(struct Packet* p, uint32_t gen_id, uint32_t sig_id);
** number of events to log.
*/
-#include "sfeventq.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
+#include "sfeventq.h"
+
#include "utils/util.h"
/*
** 5.25.13 - Initial Source Code. Hui Cao
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "circular_buffer.h"
#include "utils/util.h"
//--------------------------------------------------------------------------
// file_cache.cc author Hui Cao <huica@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "file_cache.h"
+#include "hash/sfxhash.h"
#include "log/messages.h"
#include "main/snort_config.h"
#include "main/snort_debug.h"
#include <mutex>
-#include "hash/sfxhash.h"
#include "sfip/sf_ip.h"
#include "utils/cpp_macros.h"
#include "file_config.h"
+struct SFXHASH;
+
class FileCache
{
public:
** 5.05.2013 - Initial Source Code. Hui Cao
*/
-#include "file_capture.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "file_capture.h"
+
#include <sys/stat.h>
-#include <unistd.h>
-#include <string.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "hash/hashes.h"
+#include <cassert>
+
#include "log/messages.h"
-#include "main/snort_config.h"
-#include "utils/util.h"
#include "utils/stats.h"
+#include "utils/util.h"
-#include "file_config.h"
#include "file_mempool.h"
#include "file_stats.h"
static FileCaptureState error_capture(FileCaptureState);
- static int64_t get_block_size() { return capture_block_size; };
+ static int64_t get_block_size() { return capture_block_size; }
private:
** 5.25.2012 - Initial Source Code. Hui Cao
*/
-#include "file_config.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "file_config.h"
+
#include "main/snort_config.h"
#include "managers/inspector_manager.h"
#include "parser/parse_utils.h"
** 9.25.2012 - Initial Source Code. Hui Cao
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "file_enforcer.h"
#include "log/messages.h"
** 8.15.15 - Initial Source Code. Hui Cao
*/
-#include "file_flows.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "file_flows.h"
+
#include "managers/inspector_manager.h"
#include "protocols/packet.h"
** 5.25.2012 - Initial Source Code. Hcao
*/
-#include "file_identifier.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
+#include "file_identifier.h"
#include <algorithm>
+#include <cassert>
#include "log/messages.h"
#include "utils/util.h"
** 5.25.12 - Initial Source Code. Hcao
*/
-#include "file_lib.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "file_lib.h"
+
+#include <openssl/sha.h>
+
#include <iostream>
#include <iomanip>
**
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "file_mempool.h"
#include "log/messages.h"
** 5.05.2012 - Initial Source Code. Hui Cao
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "file_module.h"
#include "main/snort_config.h"
//
// author Hui Cao <huica@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "file_policy.h"
#include "hash/hashes.h"
//--------------------------------------------------------------------------
// file_segment.cc author Hui Cao <huica@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "file_segment.h"
#include "file_lib.h"
** 5.25.12 - Initial Source Code. Hui Cao
*/
-#include "file_service.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "file_service.h"
+
#include "main/snort_config.h"
#include "mime/file_mime_process.h"
** 5.25.13 - Initial Source Code. Hui Cao
*/
-#include "file_stats.h"
-
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
+#include "file_stats.h"
+
#include "log/messages.h"
#include "utils/stats.h"
#include "utils/util.h"
-set (FILTER_INCLUDES
- sfrf.h
-)
-
if ( ENABLE_UNIT_TESTS )
set(TEST_FILES
sfrf_test.cc
sfthreshold.cc
sfthreshold.h
sfrf.cc
+ sfrf.h
sfthd.cc
sfthd.h
- ${FILTER_INCLUDES}
${TEST_FILES}
)
-install(FILES ${FILTER_INCLUDES}
- DESTINATION "${INCLUDE_INSTALL_PATH}/filters"
-)
-
noinst_LIBRARIES = libfilter.a
-x_includedir = $(pkgincludedir)/filters
-
-x_include_HEADERS = \
-sfrf.h
-
libfilter_a_SOURCES = \
detection_filter.cc \
detection_filter.h \
rate_filter.h \
sfthreshold.cc \
sfthreshold.h \
+sfrf.h \
sfrf.cc \
sfthd.cc \
sfthd.h
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "detection_filter.h"
#include "hash/sfxhash.h"
//--------------------------------------------------------------------------
// rate_filter.cc author Dilbagh Chahal <dchahal@sourcefire.com>
-
-#include "rate_filter.h"
-
// rate filter interface for Snort
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "rate_filter.h"
+
#include "detection/rules.h"
#include "detection/treenodes.h"
#include "main/snort_config.h"
// sfrf.cc author Dilbagh Chahal <dchahal@sourcefire.com>
// rate filter implementation for Snort
-#include "sfrf.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "sfrf.h"
+
#include "detection/rules.h"
#include "hash/sfghash.h"
#include "hash/sfxhash.h"
* Boris Lytochkin found it.
*/
-#include "sfthd.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "sfthd.h"
+
+#include <cassert>
+
#include "hash/sfghash.h"
#include "hash/sfxhash.h"
#include "sfip/sf_ipvar.h"
#ifndef SFTHD_H
#define SFTHD_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#include "main/policy.h"
#include "sfip/sf_ip.h"
#include "utils/cpp_macros.h"
//--------------------------------------------------------------------------
// sfthd_test.cc author Russ Combs <rcombs@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "catch/catch.hpp"
#include "catch/unit_test.h"
#include "hash/sfxhash.h"
2003-11-3:
man: cleaned up and added more startup printout.
*/
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "sfthreshold.h"
#include "hash/sfxhash.h"
set (FLOW_INCLUDES
flow.h
- flow_config.h
flow_key.h
ha.h
ha_module.h
flow.cc
flow_cache.cc
flow_cache.h
+ flow_config.h
flow_control.cc
flow_control.h
flow_key.cc
x_include_HEADERS = \
flow.h \
-flow_config.h \
-flow_key.h \
-ha.h \
-ha_module.h
+flow_key.h
libflow_a_SOURCES = \
expect_cache.cc expect_cache.h \
flow.cc \
flow_key.cc \
flow_cache.cc flow_cache.h \
+flow_config.h \
flow_control.cc flow_control.h \
ha.cc ha.h \
ha_module.cc ha_module.h \
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "expect_cache.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
+#include "expect_cache.h"
#include "hash/zhash.h"
#include "packet_io/sfdaq.h"
// a la FlowCache)
//-------------------------------------------------------------------------
-#include "flow/flow.h"
+#include "flow/flow_key.h"
+class Flow;
+class FlowData;
struct Packet;
struct ExpectFlow;
struct ExpectNode;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "flow.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "flow.h"
+
#include "flow/ha.h"
#include "flow/session.h"
#include "ips_options/ips_flowbits.h"
// state. Inspector state is stored in FlowData, and Flow manages a list
// of FlowData items.
-#include <assert.h>
-
-#include "flow/flow_key.h"
+#include "framework/decode_data.h"
#include "framework/inspector.h"
-#include "framework/codec.h"
+#include "protocols/layer.h"
#include "sfip/sf_ip.h"
#define SSNFLAG_SEEN_CLIENT 0x00000001
APP_PROTOID_MAX
};
+struct FlowKey;
struct Packet;
typedef void (* StreamAppDataFree)(void*);
//--------------------------------------------------------------------------
// flow_cache.cc author Russ Combs <rucombs@cisco.com>
-#include "flow/flow_cache.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "flow/flow_cache.h"
+
#include "flow/ha.h"
#include "hash/zhash.h"
#include "helpers/flag_context.h"
#include "time/packet_time.h"
#include "utils/stats.h"
+#include "flow_key.h"
+
#define SESSION_CACHE_FLAG_PURGING 0x01
//-------------------------------------------------------------------------
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "flow_control.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <cassert>
+#include "flow_control.h"
#include "detection/detect.h"
+#include "main/snort_config.h"
+#include "main/snort_debug.h"
#include "managers/inspector_manager.h"
#include "memory/memory_cap.h"
#include "packet_io/active.h"
#include "protocols/icmp4.h"
-#include "protocols/icmp6.h"
#include "protocols/tcp.h"
#include "protocols/udp.h"
#include "protocols/vlan.h"
-#include "sfip/sf_ip.h"
#include "stream/stream.h"
#include "utils/util.h"
#include "expect_cache.h"
#include "flow_cache.h"
-#include "flow_config.h"
#include "session.h"
FlowControl::FlowControl()
//--------------------------------------------------------------------------
// flow_key.cc author Steven Sturges <ssturges@sourcefire.com>
-#include "flow/flow_key.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "flow/flow_key.h"
+
#include "hash/sfhashfcn.h"
#include "main/snort_config.h"
#include "protocols/icmp4.h"
// FlowKey is used to store Flows in the caches. the data members are
// sequenced to avoid void space.
-#include <stdint.h>
+#include <cstdint>
#include "framework/decode_data.h"
#include "utils/cpp_macros.h"
//--------------------------------------------------------------------------
// ha.cc author Ed Borgoyn <eborgoyn@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ha.h"
-#include <assert.h>
-#include <functional>
#include <array>
-#include "flow.h"
-#include "flow_key.h"
-#include "ha_module.h"
+#include "framework/counts.h"
#include "log/messages.h"
#include "main/snort_debug.h"
-#include "packet_io/sfdaq.h"
-#include "profiler/profiler.h"
-#include "side_channel/side_channel.h"
+#include "profiler/profiler_defs.h"
#include "stream/stream.h"
#include "time/packet_time.h"
+#include "flow.h"
+#include "flow_key.h"
+
static const uint8_t HA_MESSAGE_VERSION = 3;
// define message size and content constants.
#ifndef HA_H
#define HA_H
-#include "flow/flow_key.h"
-#include "main/snort_types.h"
-#include "packet_io/sfdaq.h"
+#include <daq_common.h>
+
#include "side_channel/side_channel.h"
//-------------------------------------------------------------------------
class Flow;
+struct FlowKey;
// The FlowHAHandle is the dynamically allocated index used uniquely identify
// the client. Used both in the API and HA messages.
// ha_module.cc author Ed Borgoyn <eborgoyn@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ha_module.h"
#include <cmath>
-#include "ha.h"
#include "log/messages.h"
-#include "main/snort_debug.h"
-#include "main/thread.h"
+
+#include "ha.h"
static const PegInfo ha_pegs[] =
{
#ifndef HA_MODULE_H
#define HA_MODULE_H
-#include "main/thread.h"
+#include <sys/time.h>
+
#include "framework/module.h"
+#include "main/thread.h"
#define HA_NAME "high_availability"
#define HA_HELP "implement flow tracking high availability"
// ha_module_test.cc author Ed Borgoyn <eborgoyn@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "flow/ha.h"
#include "flow/ha_module.h"
// ha_test.cc author Ed Borgoyn <eborgoyn@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "flow/ha.h"
#include "flow/flow.h"
+#include "flow/flow_key.h"
#include "main/snort_debug.h"
#include "stream/stream.h"
// usage fields, it provides module instantiation and release functions, as
// well as additional data to help detect mismatched builds etc.
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "main/snort_types.h"
+#include <cstdint>
// this is the current version of the base api
// must be prefixed to subtype version
//--------------------------------------------------------------------------
// codec.h author Josh Rosenbaum <jrosenba@cisco.com>
-#include "framework/codec.h"
-#include "events/event_queue.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "codec.h"
+
#include "codecs/codec_module.h"
-#include "protocols/ipv6.h"
+#include "events/event_queue.h"
EncState::EncState(const ip::IpApi& api, EncodeFlags f, IpProtocol pr,
uint8_t t, uint16_t data_size) :
// Codec is a type of plugin that provides protocol-specific encoding and
// decoding.
-#include <vector>
#include <cstdint>
-#include <cstddef>
-#include <type_traits> // static_assert
+#include <vector>
-#include "main/snort_types.h"
#include "framework/base_api.h"
-
-// unfortunately necessary due to use of Ipapi in struct
-#include "protocols/protocol_ids.h"
-#include "protocols/ip.h"
-#include "protocols/layer.h"
#include "framework/decode_data.h"
struct TextLog;
// Connector provides out-of-band communications among packet processing
// threads, high-availability partners, and other threads.
-#include <vector>
#include <string>
+#include <vector>
-#include "main/snort_types.h"
#include "framework/base_api.h"
+#include "main/snort_types.h"
// this is the current version of the api
#define CONNECTOR_API_VERSION ((BASE_API_VERSION << 16) | 0)
//--------------------------------------------------------------------------
// cursor.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "cursor.h"
+
#include "detection/detection_util.h"
-#include "framework/inspector.h"
-#include "flow/flow.h"
#include "protocols/packet.h"
Cursor::Cursor(Packet* p)
// Cursor provides a formal way of using buffers when doing detection with
// IpsOptions.
-#include <ctype.h>
-#include <stdint.h>
-#include <string.h>
+#include <cstdint>
+#include <cstring>
struct Packet;
//--------------------------------------------------------------------------
// data_bus.cc author Russ Combs <rucombs@cisco.com>
-#include "framework/data_bus.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "data_bus.h"
+
#include "main/policy.h"
#include "protocols/packet.h"
#include <string>
#include <vector>
+#include "main/snort_types.h"
+
// FIXIT-P evaluate perf; focus is on correctness
typedef std::vector<class DataHandler*> DataList;
typedef std::map<std::string, DataList> DataMap;
-#include "main/snort_types.h"
-
class Flow;
struct Packet;
// Captures decode information from Codecs.
-#include <cstdint>
-#include <type_traits>
-
-#include "protocols/mpls.h"
#include "protocols/ip.h"
+#include "protocols/mpls.h"
namespace tcp
{
//--------------------------------------------------------------------------
// inspector.cc author Russ Combs <rucombs@cisco.com>
-#include "inspector.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
-#include <string.h>
+#include "inspector.h"
#include "main/thread_config.h"
#include "protocols/packet.h"
// decoding a packet and detection. There are several types that operate
// in different ways. These correspond to Snort 2X preprocessors.
-#include "main/snort_types.h"
-#include "main/thread.h"
#include "framework/base_api.h"
+#include "main/thread.h"
struct Packet;
struct SnortConfig;
// These can be used to execute external controls like updating an external
// firewall.
-#include "main/snort_types.h"
-#include "framework/base_api.h"
#include "actions/actions.h"
+#include "framework/base_api.h"
+#include "main/snort_types.h"
struct Packet;
//--------------------------------------------------------------------------
// ips_option.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ips_option.h"
-#include <sys/types.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <errno.h>
+#include <cstring>
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "hash/sfhashfcn.h"
static const char* s_buffer = nullptr;
// All IPS rule keywords are realized as IpsOptions instantiated when rules
// are parsed.
-#include "main/snort_types.h"
-#include "framework/base_api.h"
#include "detection/rule_option_types.h"
+#include "framework/base_api.h"
+#include "main/snort_types.h"
struct Packet;
// they reach the Logger. Packets may be logged along with events or as a
// result of tagging.
-#include "main/snort_types.h"
-#include "events/event.h"
#include "framework/base_api.h"
+#include "main/snort_types.h"
+struct Event;
struct Packet;
// this is the current version of the api
#include <string>
-#include "framework/base_api.h"
+struct BaseApi;
class LuaApi
{
//--------------------------------------------------------------------------
// module.cc author Russ Combs <rucombs@cisco.com>
-#include "module.h"
-#include "parameter.h"
-#include "utils/stats.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include "module.h"
static const Parameter defaults[] =
{
#include <string>
#include <vector>
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "framework/value.h"
-#include "framework/parameter.h"
#include "framework/counts.h"
+#include "framework/parameter.h"
+#include "framework/value.h"
#include "main/snort_debug.h"
+#include "main/snort_types.h"
#include "utils/stats.h"
using LuaCFunction = int(*)(struct lua_State*);
//--------------------------------------------------------------------------
// mpse.cc author Russ Combs <rucombs@cisco.com>
-#include "mpse.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "profiler/profiler.h"
+#include "mpse.h"
+
+#include "profiler/profiler_defs.h"
using namespace std;
#include <string>
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
+#include "framework/base_api.h"
#include "main/snort_types.h"
#include "main/thread.h"
-#include "framework/base_api.h"
#include "search_engines/search_common.h"
// this is the current version of the api
//--------------------------------------------------------------------------
// parameter.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "parameter.h"
-#include <assert.h>
-#include <string.h>
-#include <stdlib.h>
+#include <cassert>
-#include <string>
#include <iomanip>
#include <sstream>
#include <vector>
-#include "value.h"
#include "utils/dnet_header.h"
+#include "value.h"
+
using namespace std;
static bool valid_bool(Value& v, const char*)
//--------------------------------------------------------------------------
// range.cc author Russ Combs <rucombs@cisco.com>
-#include "framework/range.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
+#include "framework/range.h"
+#include <cerrno>
+#include <cstdlib>
+#include <cstring>
#include <string>
#ifdef UNIT_TEST
// like a text rule except that it can call function hooks. It can also
// define its own rule options and any other plugins it may need.
-#include "main/snort_types.h"
#include "framework/base_api.h"
-#include "framework/ips_option.h"
+#include "main/snort_types.h"
struct Packet;
//--------------------------------------------------------------------------
// value.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "value.h"
-#include <assert.h>
-#include <iostream>
-#include <sstream>
-#include <string>
+#include <cassert>
-#include "sfip/sf_ip.h"
+#include "sfip/sf_cidr.h"
#ifdef UNIT_TEST
#include "catch/catch.hpp"
// Value is used to represent Lua bool, number, and string.
-#include <string.h>
-
#include <algorithm>
-#include <string>
+#include <cstring>
-#include "main/snort_types.h"
#include "framework/bits.h"
#include "framework/parameter.h"
-#include "sfip/sf_cidr.h"
+#include "main/snort_types.h"
+struct SfCidr;
struct SfIp;
class SO_PUBLIC Value
set (HASH_INCLUDES
hashes.h
- lru_cache_shared.h
sfghash.h
sfxhash.h
sfhashfcn.h
x_include_HEADERS = \
hashes.h \
-lru_cache_shared.h \
sfghash.h \
sfxhash.h \
sfhashfcn.h
libhash_a_SOURCES = \
hashes.cc \
lru_cache_shared.cc \
+lru_cache_shared.h \
sfghash.cc \
sfhashfcn.cc \
sfprimetable.cc sfprimetable.h \
//--------------------------------------------------------------------------
// hashes.h author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "hashes.h"
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+
void sha256(const unsigned char* data, size_t size, unsigned char* digest)
{
SHA256_CTX c;
#ifndef HASHES_H
#define HASHES_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-#include <stdlib.h>
-
#include "main/snort_types.h"
#define MD5_HASH_SIZE 16
// lru_cache_shared.cc author Steve Chew <stechew@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "hash/lru_cache_shared.h"
const PegInfo lru_cache_shared_peg_names[] =
* Author: Marc Norton
*
*/
-#include "sfghash.h"
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <assert.h>
+#include "sfghash.h"
+
+#include <cassert>
#include "utils/util.h"
+
#include "sfhashfcn.h"
#include "sfprimetable.h"
// generic hash table - stores and maps key + data pairs
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
#include "main/snort_types.h"
struct SFHASHFCN;
8/31/2006 - man - changed to use sfprimetable.c
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "sfhashfcn.h"
-#include "main/snort_types.h"
#include "main/snort_config.h"
#include "utils/util.h"
#ifndef SFHASHFCN_H
#define SFHASHFCN_H
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include <time.h>
-
#include "main/snort_types.h"
#define rot(x,k) (((x)<<(k)) | ((x)>>(32-(k))))
* in sfghash, and sfxhash.
*
*/
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "sfprimetable.h"
/* 0-8K, increments=8 */
#include "config.h"
#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
+#include "sfxhash.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "utils/util.h"
-#include "sfxhash.h"
-#include "sfprimetable.h"
#include "sfhashfcn.h"
/*
// generic hash table - stores and maps key + data pairs
// (supports memcap and automatic memory recovery when out of memory)
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
#include "utils/sfmemcap.h"
#include "main/snort_types.h"
// lru_cache_shared_test.cc author Steve Chew <stechew@cisco.com>
// unit tests for LruCacheShared class
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "hash/lru_cache_shared.h"
#include <CppUTest/CommandLineTestRunner.h>
// zhash is based on sfxhash - see sfxhash.cc for details
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "zhash.h"
-#include <assert.h>
-#include <stdlib.h>
+#include <cstring>
#include "sfhashfcn.h"
-#include "utils/util.h"
//-------------------------------------------------------------------------
// private stuff
//--------------------------------------------------------------------------
// chunk.cc author Russ Combs <rucombs@cisco.com>
-#include "chunk.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <lua.hpp>
+#include "chunk.h"
-#include "managers/ips_manager.h"
-#include "hash/sfhashfcn.h"
#include "log/messages.h"
-#include "framework/cursor.h"
-#include "profiler/profiler.h"
#include "lua/lua.h"
#ifdef UNIT_TEST
//--------------------------------------------------------------------------
// directory.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "directory.h"
-#include <dirent.h>
#include <fnmatch.h>
#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
#include <sys/stat.h>
-#include <iostream>
-#include <string>
-using namespace std;
+#include <cerrno>
+#include <cstring>
Directory::Directory(const char* s, const char* f)
{
//--------------------------------------------------------------------------
// markup.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "markup.h"
-#include <string.h>
+
+#include <cstring>
using namespace std;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "process.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <fcntl.h>
-#include <stdio.h>
-#include <sys/wait.h>
-#include <unistd.h>
+#include "process.h"
-#ifdef HAVE_MALLINFO
-#include <malloc.h>
-#endif
+#include <fcntl.h>
-#ifdef HAVE_MALLOC_TRIM
+#if defined(HAVE_MALLINFO) || defined(HAVE_MALLOC_TRIM)
#include <malloc.h>
#endif
+#include <csignal>
#include <iostream>
#include "log/messages.h"
#include "main.h"
-#include "main/thread.h"
#include "main/snort.h"
#include "main/snort_config.h"
-#include "utils/util.h"
#include "utils/stats.h"
-#include "helpers/markup.h"
-#include "helpers/ring.h"
-#include "parser/parser.h"
+#include "utils/util.h"
+
+#include "markup.h"
+#include "ring.h"
using namespace std;
// process oriented services like signal handling, heap info, etc.
-#include <signal.h>
-#include <stdint.h>
-
enum PigSignal
{
PIG_SIG_NONE,
// host_cache.cc author Steve Chew <stechew@cisco.com>
-#include "host_tracker/host_cache.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "main/snort_config.h"
-#include "target_based/snort_protocols.h"
-#include <memory>
+#include "host_cache.h"
#define LRU_CACHE_INITIAL_SIZE 65535
// The host cache is used to cache information about hosts so that it can
// be shared among threads.
-#include <functional>
-#include "host_tracker/host_tracker.h"
-#include "hash/lru_cache_shared.h"
-#include "main/snort_types.h"
+#include <memory>
+#include "hash/lru_cache_shared.h"
+#include "host_tracker/host_tracker.h"
struct HostIpKey
{
// host_cache_module.cc author Steve Chew <stechew@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "host_cache_module.h"
#include "host_cache.h"
// Loads host cache configuration data.
#include "framework/module.h"
-#include <assert.h>
#define host_cache_help \
"configure hosts"
// host_tracker.cc author Steve Chew <stechew@cisco.com>
-#include "host_tracker/host_tracker.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "host_tracker.h"
THREAD_LOCAL struct HostTrackerStats host_tracker_stats;
// configuration or dynamic discovery). It provides a thread-safe API to
// set/get the host data.
-#include <mutex>
-#include <memory>
+#include <algorithm>
#include <cstring>
#include <list>
-#include <algorithm>
+#include <mutex>
-#include "sfip/sf_ip.h"
#include "framework/counts.h"
#include "main/thread.h"
+#include "sfip/sf_ip.h"
// FIXIT-M For now this emulates the Snort++ attribute table.
// Need to add in sfrnaincludes/host_tracker.h data eventually.
// host_tracker_module.cc author Steve Chew <stechew@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "host_tracker_module.h"
#include "main/snort_config.h"
#include "stream/stream.h"
#include "target_based/snort_protocols.h"
+
#include "host_cache.h"
const PegInfo host_tracker_pegs[] =
// HostTracker object. May eventually replace old Hosts module with this
// one.
+#include <cassert>
+
#include "framework/module.h"
#include "host_tracker/host_tracker.h"
-#include <assert.h>
#define host_tracker_help \
"configure hosts"
// host_cache_module_test.cc author Steve Chew <stechew@cisco.com>
// unit tests for the host module APIs
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "host_tracker/host_cache_module.h"
#include "host_tracker/host_cache.h"
// host_cache_test.cc author Steve Chew <stechew@cisco.com>
// unit tests for the host cache APIs
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "host_tracker/host_cache.h"
#include <CppUTest/CommandLineTestRunner.h>
// host_tracker_module_test.cc author Steve Chew <stechew@cisco.com>
// unit tests for the host module APIs
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "target_based/snort_protocols.h"
#include "host_tracker/host_tracker_module.h"
#include "host_tracker/host_cache.h"
// host_tracker_test.cc author Steve Chew <stechew@cisco.com>
// unit tests for HostTracker class
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "host_tracker/host_tracker.h"
#include <CppUTest/CommandLineTestRunner.h>
** the file doc/README.asn1.
*/
-#include "asn1_detect.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <sys/types.h>
-#include <stdlib.h>
-#include <ctype.h>
+#include "asn1_detect.h"
-#include "asn1_util.h"
-#include "main/snort_types.h"
#include "main/snort_debug.h"
#include "utils/snort_bounds.h"
+#include "asn1_util.h"
+
/*
** NAME
** BitStringOverflow::
#ifndef ASN1_DETECT_H
#define ASN1_DETECT_H
-#include <stdint.h>
+#include <cstdint>
#define ABS_OFFSET 1
#define REL_OFFSET 2
#include "config.h"
#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <sys/types.h>
+#include "asn1_util.h"
-#include "utils/util.h"
-#include "ips_options/asn1_util.h"
#include "main/snort_config.h"
-#include "main/thread.h"
+#include "utils/util.h"
/*
** Macros
// author Chris Green <cmg@sourcefire.com>
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
#include "extract.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
+
#include "utils/snort_bounds.h"
+#include "utils/util.h"
#define TEXTLEN (PARSELEN + 1)
//--------------------------------------------------------------------------
// ips_ack.cc author Russ Combs <rucombs@cisco.com>
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/treenodes.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "framework/range.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler_defs.h"
+#include "protocols/packet.h"
#include "protocols/tcp.h"
#define s_name "ack"
** the file doc/README.asn1.
*/
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-#include "asn1_detect.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "ips_options/asn1_util.h"
-#include "hash/sfhashfcn.h"
-#include "detection/treenodes.h"
-#include "detection/detection_util.h"
#include "detection/detection_defines.h"
-#include "profiler/profiler.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
+
+#include "asn1_detect.h"
+#include "asn1_util.h"
#define BITSTRING_OPT "bitstring_overflow"
#define DOUBLE_OPT "double_overflow"
/* ips_base64.cc */
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "profiler/profiler.h"
-#include "utils/util.h"
-#include "mime/decode_b64.h"
-#include "utils/util_unfold.h"
#include "detection/detection_defines.h"
#include "detection/detection_util.h"
+#include "detection/treenodes.h"
+#include "hash/sfhashfcn.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
-#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "mime/decode_b64.h"
+#include "profiler/profiler.h"
+#include "utils/util_unfold.h"
static THREAD_LOCAL uint8_t base64_decode_buf[DECODE_BLEN];
static THREAD_LOCAL uint32_t base64_decode_size;
#include "config.h"
#endif
-#include <ctype.h>
-#include <stdlib.h>
-
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "hash/sfhashfcn.h"
-#include "profiler/profiler.h"
#include "detection/detection_defines.h"
-#include "framework/range.h"
-#include "framework/ips_option.h"
-#include "framework/inspector.h"
#include "framework/cursor.h"
+#include "framework/ips_option.h"
#include "framework/module.h"
+#include "framework/range.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
#define s_name "bufferlen"
//--------------------------------------------------------------------------
// Author: Ryan Jordan <ryan.jordan@sourcefire.com>
-#include "ips_byte_extract.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "extract.h"
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "parser/parser.h"
+#include "ips_byte_extract.h"
+
#include "detection/detection_defines.h"
-#include "detection/detection_util.h"
-#include "hash/sfhashfcn.h"
-#include "profiler/profiler.h"
-#include "framework/ips_option.h"
+#include "detection/treenodes.h"
#include "framework/cursor.h"
-#include "framework/parameter.h"
+#include "framework/endianness.h"
+#include "framework/ips_option.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "protocols/packet.h"
+#include "profiler/profiler.h"
#include "utils/util.h"
+#include "extract.h"
+
static THREAD_LOCAL ProfileStats byteExtractPerfStats;
#define s_name "byte_extract"
#ifndef IPS_BYTE_EXTRACT_H
#define IPS_BYTE_EXTRACT_H
-#include <stdint.h>
-
#include "main/snort_types.h"
#define NUM_BYTE_EXTRACT_VARS 2
*
*/
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-
-#include <string>
-#include "extract.h"
-#include "ips_byte_extract.h"
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "hash/sfhashfcn.h"
-#include "profiler/profiler.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
-#include "detection/detection_util.h"
#include "framework/cursor.h"
+#include "framework/endianness.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
+
+#include "extract.h"
+#include "ips_byte_extract.h"
using namespace std;
* 0 if it is not.
*/
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-
-#include <string>
-#include "extract.h"
-#include "ips_byte_extract.h"
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
-#include "detection/detection_util.h"
#include "framework/cursor.h"
+#include "framework/endianness.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
+
+#include "extract.h"
+#include "ips_byte_extract.h"
using namespace std;
//--------------------------------------------------------------------------
// ips_classtype.cc author Russ Combs <rucombs@cisco.com>
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "detection/treenodes.h"
-#include "utils/util.h"
-#include "detection/detection_defines.h"
+#include "framework/decode_data.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
-#include "protocols/packet.h"
#define s_name "classtype"
#include "config.h"
#endif
-#include <errno.h>
-#ifdef DEBUG_MSGS
-# include <assert.h>
-#endif
-
-#include "ips_byte_extract.h"
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "utils/boyer_moore.h"
-#include "utils/util.h"
-#include "parser/parser.h"
-#include "parser/parse_utils.h"
-#include "hash/sfhashfcn.h"
-#include "profiler/profiler.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
-#include "detection/detection_util.h"
#include "detection/pattern_match_data.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "parser/parse_utils.h"
+#include "profiler/profiler.h"
+#include "utils/boyer_moore.h"
+#include "utils/util.h"
+
+#include "ips_byte_extract.h"
#define MAX_PATTERN_SIZE 2048
**
*/
-#include <stdio.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <errno.h>
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
static THREAD_LOCAL ProfileStats cvsPerfStats;
//--------------------------------------------------------------------------
// ips_dsize.cc author Russ Combs <rucombs@cisco.com>
-#include <ctype.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <string.h>
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "hash/sfhashfcn.h"
-#include "profiler/profiler.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "framework/range.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
#define s_name "dsize"
#include "config.h"
#endif
-#include <sys/types.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "profiler/profiler.h"
#include "detection/detection_defines.h"
#include "detection/detection_util.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
#include "framework/module.h"
+#include "profiler/profiler.h"
#define s_name "file_data"
//--------------------------------------------------------------------------
// ips_file_type.cc author Victor Roemer <vroemer@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <bitset>
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "file_api/file_identifier.h"
#include "file_api/file_flows.h"
+#include "file_api/file_identifier.h"
#include "profiler/profiler.h"
#include "protocols/packet.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "protocols/tcp.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
+#include "protocols/tcp.h"
#define M_NORMAL 0
#define M_ALL 1
//--------------------------------------------------------------------------
// ips_flow.cc derived from sp_clientserver.c by Martin Roesch
-#include "ips_flow.h"
-
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/treenodes.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "hash/sfhashfcn.h"
-#include "profiler/profiler.h"
+#include "ips_flow.h"
+
#include "detection/detection_defines.h"
+#include "detection/treenodes.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
#include "target_based/snort_protocols.h"
#define s_name "flow"
** - Check the value of the bitmask
*/
-#include "ips_flowbits.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <sys/types.h>
+#include "ips_flowbits.h"
-#include <string>
#include <forward_list>
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/treenodes.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "utils/stats.h"
-#include "utils/sflsq.h"
-#include "utils/bitop.h"
-#include "hash/sfghash.h"
-#include "parser/mstring.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfghash.h"
+#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "parser/mstring.h"
+#include "protocols/packet.h"
+#include "profiler/profiler.h"
+#include "utils/bitop.h"
+#include "utils/sflsq.h"
+#include "utils/util.h"
using namespace std;
*
*/
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
-
+#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
static THREAD_LOCAL ProfileStats fragBitsPerfStats;
//--------------------------------------------------------------------------
// ips_fragoffset.cc author Russ Combs <rucombs@cisco.com>
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "framework/range.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
#define s_name "fragoffset"
//--------------------------------------------------------------------------
// ips_gid.cc author Russ Combs <rucombs@cisco.com>
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
+#include "detection/treenodes.h"
+#include "framework/decode_data.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
-#include "protocols/packet.h"
#define s_name "gid"
#include "config.h"
#endif
-#include <errno.h>
#include <array>
-#include <string>
+#include <cassert>
-#include "ips_byte_extract.h"
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "parser/parser.h"
-#include "parser/parse_utils.h"
-#include "hash/sfhashfcn.h"
-#include "hash/hashes.h"
+#include "detection/detection_defines.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
-#include "profiler/profiler.h"
-#include "detection/detection_defines.h"
-#include "detection/detection_util.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/hashes.h"
+#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "parser/parse_utils.h"
+#include "profiler/profiler.h"
+
+#include "ips_byte_extract.h"
enum HashPsIdx
{
*
*/
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "framework/range.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
#include "protocols/icmp4.h"
#include "protocols/icmp6.h"
+#include "protocols/packet.h"
#define s_name "icmp_id"
*
*/
-#include <stdlib.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "framework/range.h"
-#include "protocols/packet.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
#include "protocols/icmp4.h"
#include "protocols/icmp6.h"
+#include "protocols/packet.h"
#define s_name "icmp_seq"
//--------------------------------------------------------------------------
// ips_icode.cc author Russ Combs <rucombs@cisco.com>
-#include <stdlib.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string.h>
-#include <ctype.h>
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "hash/sfhashfcn.h"
-#include "profiler/profiler.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "framework/range.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
#include "protocols/icmp4.h"
+#include "protocols/packet.h"
#define s_name "icode"
//--------------------------------------------------------------------------
// ips_id.cc author Russ Combs <rucombs@cisco.com>
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "framework/range.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
#define s_name "id"
#include "config.h"
#endif
-#include <sys/types.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
#include <netdb.h>
-#include "log/messages.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
+#include "utils/util.h"
#define s_name "ip_proto"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "protocols/ipv4.h"
-#include "protocols/ipv4_options.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
+#include "protocols/ipv4_options.h"
+#include "protocols/packet.h"
#define s_name "ipopts"
* content:"USER"; isdataat:30,relative; content:!"|0a|"; within:30;)
*/
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-#include "ips_byte_extract.h"
-#include "log/messages.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "parser/mstring.h"
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "utils/snort_bounds.h"
-#include "utils/util.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
-#include "detection/treenodes.h"
+#include <cstdlib>
+
#include "detection/detection_defines.h"
-#include "detection/detection_util.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "parser/mstring.h"
+#include "profiler/profiler.h"
+#include "utils/snort_bounds.h"
+
+#include "ips_byte_extract.h"
#define s_name "isdataat"
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "hash/sfhashfcn.h"
-#include "profiler/profiler.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "framework/range.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
#include "protocols/icmp4.h"
+#include "protocols/packet.h"
#define s_name "itype"
//--------------------------------------------------------------------------
// ips_luajit.cc author Russ Combs <rucombs@cisco.com>
-#include <assert.h>
-#include <lua.hpp>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "main/snort_types.h"
-#include "main/thread.h"
-#include "main/thread_config.h"
+#include "detection/detection_defines.h"
+#include "framework/cursor.h"
+#include "framework/decode_data.h"
+#include "framework/module.h"
+#include "hash/sfhashfcn.h"
#include "helpers/chunk.h"
#include "lua/lua.h"
+#include "log/messages.h"
+#include "main/thread_config.h"
#include "managers/ips_manager.h"
#include "managers/lua_plugin_defs.h"
#include "managers/plugin_manager.h"
#include "managers/script_manager.h"
-#include "hash/sfhashfcn.h"
-#include "parser/parser.h"
-#include "framework/cursor.h"
-#include "framework/decode_data.h"
-#include "framework/module.h"
-#include "framework/parameter.h"
-#include "log/messages.h"
#include "profiler/profiler.h"
-#include "detection/detection_defines.h"
#include "utils/util.h"
static THREAD_LOCAL ProfileStats luaIpsPerfStats;
//--------------------------------------------------------------------------
// ips_msg.cc author Russ Combs <rucombs@cisco.com>
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string>
-
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
+#include "detection/treenodes.h"
+#include "framework/decode_data.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "utils/util.h"
-#include "protocols/packet.h"
#define s_name "msg"
//--------------------------------------------------------------------------
// ips_options.cc author Russ Combs <rucombs@cisco.com>
-#include "ips_options.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "framework/ips_option.h"
+#include "ips_options.h"
+
#include "managers/plugin_manager.h"
extern const BaseApi* ips_byte_extract;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "ips_pcre.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <sys/types.h>
+#include "ips_pcre.h"
+
#include <pcre.h>
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "main/snort_config.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "hash/sfhashfcn.h"
-#include "profiler/profiler.h"
-#include "detection/treenodes.h"
+#include <cassert>
+
#include "detection/detection_defines.h"
-#include "detection/detection_util.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "main/snort_config.h"
+#include "profiler/profiler.h"
+#include "utils/util.h"
#ifndef PCRE_STUDY_JIT_COMPILE
#define PCRE_STUDY_JIT_COMPILE 0
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
+#include "detection/detection_defines.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "detection/detection_defines.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
#define s_name "pkt_data"
//--------------------------------------------------------------------------
// ips_priority.cc author Russ Combs <rucombs@cisco.com>
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
+#include "detection/treenodes.h"
+#include "framework/decode_data.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
-#include "protocols/packet.h"
#define s_name "priority"
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
#include "detection/detection_defines.h"
-#include "detection/detection_util.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
#include "framework/module.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
#define s_name "raw_data"
// ips_regex.cc author Russ Combs <rucombs@cisco.com>
// FIXIT-M add ! and anchor support like pcre and update retry
-#include "ips_regex.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
-#include <string.h>
-#include <string>
+#include "ips_regex.h"
#include <hs_compile.h>
#include <hs_runtime.h>
+#include <cassert>
+
+#include "detection/detection_defines.h"
+#include "detection/pattern_match_data.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "detection/detection_defines.h"
-#include "detection/pattern_match_data.h"
#include "hash/sfhashfcn.h"
#include "log/messages.h"
#include "main/snort_config.h"
-#include "main/thread.h"
-#include "parser/parser.h"
#include "profiler/profiler.h"
#define s_name "regex"
//--------------------------------------------------------------------------
// ips_rem.cc author Russ Combs <rucombs@cisco.com>
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "detection/detection_defines.h"
+#include "framework/decode_data.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
-#include "protocols/packet.h"
#define s_name "rem"
#include "config.h"
#endif
-#include <assert.h>
-#include <string>
-
-#include "log/messages.h"
-#include "main/snort_config.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "main/thread_config.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "parser/parse_utils.h"
-#include "packet_io/sfdaq.h"
+#include "actions/act_replace.h"
+#include "detection/detection_defines.h"
+#include "detection/treenodes.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
-#include "detection/detection_defines.h"
-#include "actions/act_replace.h"
#include "hash/sfhashfcn.h"
+#include "log/messages.h"
+#include "main/snort_config.h"
+#include "main/thread_config.h"
+#include "packet_io/sfdaq.h"
+#include "parser/parse_utils.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
using namespace std;
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
+#include "detection/treenodes.h"
+#include "framework/decode_data.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
-#include "protocols/packet.h"
#define s_name "rev"
#include "config.h"
#endif
-#include <sys/types.h>
-#include <stdlib.h>
-#include <ctype.h>
-
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
-#include "hash/sfhashfcn.h"
-#include "profiler/profiler.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
#define s_name "rpc"
// ips_sd_pattern.cc author Victor Roemer <viroemer@cisco.com>
-#include "ips_sd_pattern.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string.h>
-#include <assert.h>
-#include <string>
+#include "ips_sd_pattern.h"
#include <hs_compile.h>
#include <hs_runtime.h>
+#include "detection/detection_defines.h"
+#include "detection/pattern_match_data.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "detection/detection_defines.h"
-#include "detection/pattern_match_data.h"
#include "hash/sfhashfcn.h"
#include "log/messages.h"
#include "log/obfuscator.h"
#include "main/snort_config.h"
-#include "main/thread.h"
-#include "parser/parser.h"
#include "profiler/profiler.h"
#include "protocols/packet.h"
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "framework/range.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
#include "protocols/packet.h"
#include "protocols/tcp.h"
#include "config.h"
#endif
-#include <sys/types.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
#include <sys/stat.h>
-#include <string>
-
+#include "detection/detection_defines.h"
+#include "framework/ips_option.h"
+#include "framework/module.h"
+#include "hash/sfhashfcn.h"
#include "log/messages.h"
#include "main/snort_config.h"
+#include "profiler/profiler.h"
#include "protocols/packet.h"
-#include "main/snort_debug.h"
#include "utils/util.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
-#include "detection/detection_defines.h"
-#include "detection/treenodes.h"
-#include "framework/ips_option.h"
-#include "framework/parameter.h"
-#include "framework/module.h"
-#include "sfip/sf_ip.h"
#define s_name "session"
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
+#include "detection/treenodes.h"
+#include "framework/decode_data.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
-#include "protocols/packet.h"
#define s_name "sid"
//--------------------------------------------------------------------------
// ips_so.cc author Russ Combs <rucombs@cisco.com>
-#include "framework/so_rule.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string>
-
-#include "framework/parameter.h"
+#include "detection/treenodes.h"
+#include "framework/ips_option.h"
#include "framework/module.h"
-#include "main/thread.h"
-#include "managers/so_manager.h"
+#include "framework/so_rule.h"
#include "hash/sfhashfcn.h"
#include "log/messages.h"
-#include "detection/treenodes.h"
+#include "managers/so_manager.h"
#include "profiler/profiler.h"
using namespace std;
//--------------------------------------------------------------------------
// ips_soid.cc author Russ Combs <rucombs@cisco.com>
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string>
-
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/treenodes.h"
#include "detection/detection_defines.h"
+#include "detection/treenodes.h"
+#include "framework/decode_data.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
-#include "protocols/packet.h"
#include "utils/util.h"
#define s_name "soid"
// ips_tag.cc author Russ Combs <rucombs@cisco.com>
// FIXIT-L add TagOption::eval() instead of special case
-#include <sys/types.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/treenodes.h"
#include "detection/tag.h"
+#include "detection/treenodes.h"
+#include "framework/decode_data.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
-#include "protocols/packet.h"
#include "utils/util.h"
#define s_name "tag"
#include "config.h"
#endif
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "framework/range.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
#define s_name "tos"
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "hash/sfhashfcn.h"
-#include "profiler/profiler.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "framework/range.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
#define s_name "ttl"
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "hash/sfhashfcn.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
-#include "framework/parameter.h"
#include "framework/module.h"
#include "framework/range.h"
+#include "hash/sfhashfcn.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
#include "protocols/tcp.h"
#define s_name "window"
// sd_credit_card.cc author Ryan Jordan
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "sd_credit_card.h"
-#include <ctype.h>
-#include <stdio.h>
+#include <cctype>
#define ISSUER_SIZE 4
#define CC_COPY_BUF_LEN 20 /* 16 digits + 3 spaces/dashes + null */
/* Check the Issuer Identification Number of a CC#. */
static inline int CheckIssuers(const uint8_t *cardnum, uint32_t buflen)
{
- if (cardnum == NULL || buflen < ISSUER_SIZE)
+ if (cardnum == nullptr || buflen < ISSUER_SIZE)
return 0;
/* Visa */
char cc_digits[CC_COPY_BUF_LEN]; /* Normalized CC# string */
uint32_t j;
- if (buf == NULL || buflen < MIN_CC_BUF_LEN)
+ if (buf == nullptr || buflen < MIN_CC_BUF_LEN)
return 0;
/* Generally, the buffer has two non-digits, one on either side. Sometimes,
#ifndef SD_CREDIT_CARD_H
#define SD_CREDIT_CARD_H
-#include <stdint.h>
+#include <cstdint>
int SdLuhnAlgorithm(const uint8_t *buf, unsigned long long buflen);
// ips_regex_test.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ips_options/ips_regex.h"
#include "framework/base_api.h"
-set ( LATENCY_INCLUDES
- packet_latency.h
- rule_latency.h
- latency_rules.h
- )
set ( LATENCY_SOURCES
+ latency_config.h
+ latency_rules.h
+ latency_stats.h
latency_timer.h
latency_util.h
+ latency_module.h
+ latency_module.cc
+ packet_latency.h
packet_latency.cc
+ packet_latency_config.h
+ rule_latency_config.h
+ rule_latency_state.h
+ rule_latency.h
rule_latency.cc
- latency_module.cc
)
add_library ( latency STATIC ${LATENCY_SOURCES} )
-install ( FILES ${LATENCY_INCLUDES}
- DESTINATION "${INCLUDE_INSTALL_PATH}/latency"
-)
noinst_LIBRARIES = liblatency.a
-x_includedir = $(pkgincludedir)/latency
-
-x_include_HEADERS = \
-latency_rules.h
-
liblatency_a_SOURCES = \
latency_config.h \
latency_rules.h \
latency_util.h \
latency_module.h \
latency_module.cc \
-packet_latency_config.h \
packet_latency.h \
packet_latency.cc \
+packet_latency_config.h \
rule_latency_config.h \
rule_latency_state.h \
rule_latency.h \
// latency_module.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "latency_module.h"
#include <chrono>
#include "main/snort_config.h"
+
#include "latency_config.h"
-#include "latency_stats.h"
#include "latency_rules.h"
+#include "latency_stats.h"
// -----------------------------------------------------------------------------
// latency attributes
// packet_latency.cc author Joel Cornett <jocornet@cisco.com>
-#include "packet_latency.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <cassert>
-#include <sstream>
-#include <vector>
+#include "packet_latency.h"
#include "log/messages.h"
#include "main/snort_config.h"
-#include "main/thread.h"
#include "protocols/packet.h"
-#include "sfip/sf_ip.h"
-#include "time/clock_defs.h"
#include "utils/stats.h"
#include "latency_config.h"
+#include "latency_rules.h"
+#include "latency_stats.h"
#include "latency_timer.h"
#include "latency_util.h"
-#include "latency_stats.h"
-#include "latency_rules.h"
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
#ifdef UNIT_TEST
#include "catch/catch.hpp"
#ifndef PACKET_LATENCY_H
#define PACKET_LATENCY_H
-#include <cstdint>
-
struct Packet;
class PacketLatency
// rule_latency.cc author Joel Cornett <jocornet@cisco.com>
-#include "rule_latency.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <cassert>
-#include <memory>
-#include <sstream>
+#include "rule_latency.h"
#include "detection/detection_options.h"
#include "detection/treenodes.h"
-#include "events/event_queue.h"
-#include "log/messages.h"
#include "main/snort_config.h"
+#include "log/messages.h"
#include "protocols/packet.h"
-#include "sfip/sf_ip.h"
#include "utils/stats.h"
#include "latency_config.h"
#include "latency_stats.h"
#include "latency_timer.h"
#include "latency_util.h"
+#include "rule_latency_state.h"
#ifdef UNIT_TEST
#include "catch/catch.hpp"
#ifndef RULE_LATENCY_CONFIG_H
#define RULE_LATENCY_CONFIG_H
-#include <cstdint>
#include "time/clock_defs.h"
struct RuleLatencyConfig
set (LOG_INCLUDES
- log.h
messages.h
- obfuscator.h
text_log.h
unified2.h
)
add_library ( log STATIC
${LOG_INCLUDES}
log.cc
+ log.h
log_text.cc
log_text.h
messages.cc
obfuscator.cc
+ obfuscator.h
text_log.cc
)
x_includedir = $(pkgincludedir)/log
x_include_HEADERS = \
-log.h \
messages.h \
-obfuscator.h \
text_log.h \
unified2.h
liblog_a_SOURCES = \
log.cc \
+log.h \
log_text.cc \
log_text.h \
messages.cc \
obfuscator.cc \
+obfuscator.h \
text_log.cc
if ENABLE_UNIT_TESTS
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "log.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <sys/types.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <signal.h>
+#include "log.h"
-#include <string>
#include <mutex>
#include "main/snort_debug.h"
-#include "main/snort_config.h"
+#include "protocols/packet.h"
#include "protocols/tcp.h"
#include "utils/util.h"
#ifndef LOG_H
#define LOG_H
-#include "protocols/packet.h"
+#include <cstdio>
+
#include "main/snort_types.h"
+struct Packet;
namespace tcp { struct TCPHdr; }
SO_PUBLIC void CreateTCPFlagString(const tcp::TCPHdr* const, char*);
// @file log_text.c
// @author Russ Combs <rcombs@sourcefire.com>
-#include "log_text.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-extern "C" {
+#include "log_text.h"
+
#include <sfbpf_dlt.h>
-}
#include "detection/detection_util.h"
-#include "log/messages.h"
+#include "detection/signature.h"
+#include "events/event.h"
#include "main/snort_config.h"
#include "packet_io/sfdaq.h"
#include "protocols/eth.h"
#include "utils/util_net.h"
#include "log.h"
+#include "messages.h"
#include "obfuscator.h"
-#include "text_log.h"
/*--------------------------------------------------------------------
* utility functions
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "log/messages.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <sys/types.h>
-#include <dirent.h>
-#include <fnmatch.h>
+#include "messages.h"
-#include <stdarg.h>
#include <syslog.h>
-#include <errno.h>
-#include <sys/stat.h>
-#include <time.h>
-#include <signal.h>
-#include <unistd.h>
-#include <pcap.h>
-#include <string.h>
-#include <grp.h>
-#include <pwd.h>
-#include <netdb.h>
-#include <limits.h>
-#include <fcntl.h>
+
+#include <cassert>
+#include <cstdarg>
#include "main/snort_config.h"
-#include "main/snort_debug.h"
-#include "packet_io/sfdaq.h"
#include "parser/parser.h"
#include "time/packet_time.h"
-#include "time/timersub.h"
-#include "sfip/sf_ip.h"
#include "utils/util.h"
#ifdef UNIT_TEST
#ifndef MESSAGES_H
#define MESSAGES_H
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
+#include <cstdio>
+#include <ctime>
#include "main/snort_types.h"
-#include <cstdio>
-
#define LOG_DIV "--------------------------------------------------"
#ifndef __GNUC__
// obfuscate.h author Victor Roemer <viroemer@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "obfuscator.h"
bool Obfuscator::first(ObfuscatorBlock &b)
#ifndef OBFUSCATOR_H
#define OBFUSCATOR_H
-#include <stddef.h>
-#include <stdint.h>
+#include <cstddef>
+#include <cstdint>
#include <set>
struct ObfuscatorBlock
// obfuscator_test.cc author Victor Roemer <viroemer@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "../obfuscator.h"
#include <CppUTest/CommandLineTestRunner.h>
* @brief implements buffered text stream for logging
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "text_log.h"
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
#include <sys/stat.h>
-#include "log.h"
-#include "main/snort_types.h"
+#include <cstdarg>
+
#include "utils/util.h"
+#include "log.h"
+
/* some reasonable minimums */
#define MIN_BUF (1* K_BYTES)
#define MIN_FILE (MIN_BUF)
* name plus a timestamp.
*/
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
+#include <cstring>
#include "main/snort_types.h"
#ifndef UNIFIED2_H
#define UNIFIED2_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <sys/types.h>
-#if defined(__linux__)
-#include <stdint.h>
-#endif
#include <netinet/in.h>
#include "protocols/protocol_ids.h"
#include "config.h"
#endif
-#include <assert.h>
-#include <sys/types.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <string>
-#include <vector>
-
-#include "main/snort_debug.h"
+#include "detection/signature.h"
+#include "events/event.h"
#include "framework/logger.h"
#include "framework/module.h"
-#include "detection/signature.h"
-#include "utils/util.h"
-#include "utils/stats.h"
#include "log/log.h"
-#include "log/text_log.h"
#include "log/log_text.h"
-#include "protocols/packet.h"
-#include "protocols/tcp.h"
-#include "protocols/udp.h"
-#include "protocols/icmp4.h"
-#include "protocols/icmp6.h"
-#include "protocols/eth.h"
+#include "log/text_log.h"
#include "packet_io/active.h"
#include "packet_io/sfdaq.h"
+#include "protocols/eth.h"
+#include "protocols/icmp4.h"
+#include "protocols/tcp.h"
+#include "protocols/udp.h"
+#include "utils/stats.h"
using namespace std;
#include "config.h"
#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-
-#include <string>
-
-#include "main/snort_debug.h"
-#include "main/snort_config.h"
+#include "detection/signature.h"
+#include "events/event.h"
#include "framework/logger.h"
#include "framework/module.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "log/text_log.h"
#include "log/log_text.h"
+#include "log/text_log.h"
+#include "main/snort_config.h"
#include "packet_io/active.h"
-#include "packet_io/sfdaq.h"
#include "packet_io/intf.h"
-#include "events/event.h"
+#include "packet_io/sfdaq.h"
using namespace std;
#include "config.h"
#endif
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <string>
-
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "main/snort_config.h"
+#include "detection/signature.h"
+#include "events/event.h"
#include "framework/logger.h"
#include "framework/module.h"
-#include "events/event.h"
-#include "protocols/packet.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "log/text_log.h"
#include "log/log_text.h"
-#include "packet_io/sfdaq.h"
+#include "log/text_log.h"
+#include "main/snort_config.h"
#include "packet_io/intf.h"
+#include "packet_io/sfdaq.h"
+#include "protocols/packet.h"
using namespace std;
//--------------------------------------------------------------------------
// alert_luajit.cc author Russ Combs <rucombs@cisco.com>
-#include <assert.h>
-#include <vector> // FIXIT-W Returning null reference (somewhere below)
-#include <lua.hpp>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "main/snort_types.h"
-#include "main/thread_config.h"
+#include "detection/signature.h"
#include "events/event.h"
+#include "framework/logger.h"
+#include "framework/module.h"
#include "helpers/chunk.h"
#include "log/messages.h"
#include "lua/lua.h"
-#include "managers/event_manager.h"
+#include "main/thread_config.h"
#include "managers/lua_plugin_defs.h"
-#include "managers/module_manager.h"
#include "managers/plugin_manager.h"
#include "managers/script_manager.h"
-#include "hash/sfhashfcn.h"
-#include "parser/parser.h"
+#include "profiler/profiler_defs.h"
#include "protocols/packet.h"
-#include "framework/logger.h"
-#include "framework/module.h"
-#include "framework/parameter.h"
-#include "profiler/profiler.h"
-#include "utils/stats.h"
static THREAD_LOCAL ProfileStats luaLogPerfStats;
/* We use some Linux only socket capabilities */
-#include <errno.h>
-#include <stdlib.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef __linux__
+
#include <sys/socket.h>
#include <sys/un.h>
-#include <string>
-#include <vector>
-
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "main/snort_debug.h"
+#include "detection/treenodes.h"
+#include "events/event.h"
#include "framework/logger.h"
#include "framework/module.h"
#include "log/messages.h"
+#include "main/snort_config.h"
#include "managers/event_manager.h"
-#include "detection/rules.h"
-#include "detection/treenodes.h"
-#include "events/event.h"
-#include "hash/sfghash.h"
#include "parser/parser.h"
#include "protocols/packet.h"
#include "target_based/snort_protocols.h"
#include "config.h"
#endif
-#include <sys/types.h>
#include <syslog.h>
-#include <stdlib.h>
-#include <string>
-
-#include "log/messages.h"
-#include "main/snort_debug.h"
-#include "main/snort_config.h"
+#include "detection/signature.h"
+#include "events/event.h"
#include "framework/logger.h"
#include "framework/module.h"
+#include "log/messages.h"
+#include "main/snort_config.h"
+#include "packet_io/intf.h"
+#include "packet_io/sfdaq.h"
#include "protocols/packet.h"
-#include "detection/detect.h"
-#include "detection/rules.h"
-#include "detection/treenodes.h"
-#include "events/event.h"
-#include "parser/parser.h"
#include "utils/util.h"
#include "utils/util_net.h"
-#include "packet_io/sfdaq.h"
-#include "packet_io/intf.h"
using namespace std;
#include "config.h"
#endif
-#include <ctype.h>
-#include <string.h>
-
-#include <algorithm>
-#include <iostream>
-
-#include "main/snort_types.h"
-#include "main/snort_config.h"
+#include "detection/signature.h"
+#include "events/event.h"
#include "framework/logger.h"
#include "framework/module.h"
-#include "protocols/packet.h"
-#include "protocols/packet_manager.h"
-#include "detection/signature.h"
-#include "log/text_log.h"
#include "log/log_text.h"
-#include "utils/stats.h"
+#include "log/text_log.h"
+#include "main/snort_config.h"
+#include "protocols/packet_manager.h"
static THREAD_LOCAL TextLog* test_file = nullptr;
#include "config.h"
#endif
-#include <ctype.h>
-#include <string.h>
-
-#include <algorithm>
-#include <iostream>
-#include <string>
-
-#include "main/snort_types.h"
#include "framework/logger.h"
#include "framework/module.h"
-#include "protocols/packet.h"
#include "log/text_log.h"
-#include "sfip/sf_ip.h"
+#include "protocols/packet.h"
using namespace std;
#include "config.h"
#endif
-#include <sys/types.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <time.h>
#include <pcap.h>
-extern "C" {
-#include <sfbpf_dlt.h>
-}
-
-#include <string>
-
-#include "log/messages.h"
-#include "main/snort_debug.h"
-#include "main/snort_config.h"
#include "framework/logger.h"
#include "framework/module.h"
+#include "log/messages.h"
+#include "main/snort_config.h"
#include "protocols/packet.h"
-#include "events/event.h"
-#include "parser/parser.h"
#include "packet_io/sfdaq.h"
#include "utils/util.h"
-#include "utils/stats.h"
using namespace std;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "loggers.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "framework/logger.h"
+#include "loggers.h"
+
#include "managers/plugin_manager.h"
// to ensure PacketManager::log_protocols() is built into Snort++
*
*/
-#include "log/unified2.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <sys/types.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <time.h>
-#include <netinet/in.h>
-
-#include <string>
-
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "main/snort_config.h"
-#include "framework/logger.h"
-#include "framework/module.h"
-#include "protocols/packet.h"
-#include "detection/rules.h"
-#include "detection/treenodes.h"
+#include "detection/signature.h"
#include "detection/detection_util.h"
-#include "detection/detect.h"
-#include "parser/parser.h"
#include "events/event.h"
+#include "framework/logger.h"
+#include "framework/module.h"
#include "log/messages.h"
#include "log/obfuscator.h"
+#include "log/unified2.h"
+#include "main/snort_config.h"
#include "packet_io/active.h"
#include "packet_io/sfdaq.h"
-#include "protocols/layer.h"
-#include "protocols/vlan.h"
#include "protocols/icmp4.h"
+#include "protocols/packet.h"
+#include "protocols/vlan.h"
#include "stream/stream.h"
#include "utils/safec.h"
#include "utils/util.h"
//--------------------------------------------------------------------------
// lua.cc author Joel Cornett <jocornet@cisco.com>
-#include "lua.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
+#include "lua.h"
+
+#include <cassert>
+#include <utility>
namespace Lua
{
}
}
-#ifdef UNIT_TEST
-// FIXIT-L Catch issue; see sfip/sf_ip.cc
-#include "lua_stack_test.cc"
-#endif
-
// methods and templates for the C++ / LuaJIT interface
-#include <string>
#include <lua.hpp>
#include "main/snort_types.h"
#ifndef LUA_ARG_H
#define LUA_ARG_H
-#include <lua.hpp>
-
#include "lua_stack.h"
namespace Lua
#define LUA_IFACE_H
#include <cassert>
-#include <lua.hpp>
#include "lua.h"
#include "lua_ref.h"
//--------------------------------------------------------------------------
// lua_ref.cc author Joel Cornett <jocornet@cisco.com>
-#include "lua_ref.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <lua.hpp>
+#include "lua_ref.h"
#include "lua.h"
#ifndef LUA_STACK_H
#define LUA_STACK_H
-#include <string>
-#include <type_traits>
#include <lua.hpp>
+#include <string>
+
namespace Lua
{
template<typename T>
//--------------------------------------------------------------------------
// lua_stack_test.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <cstring>
#include <string>
-#include <lua.hpp>
#include "catch/catch.hpp"
+#include "catch/unit_test.h"
#include "lua_test_common.h"
#include "lua/lua_stack.h"
+SNORT_CATCH_FORCED_INCLUSION_DEFINITION(lua_stack_test);
+
static lua_State* L = nullptr;
static void test_signed()
#define LUA_TABLE_H
#include <vector>
-#include <lua.hpp>
#include "lua_stack.h"
#ifndef LUA_TEST_COMMON_H
#define LUA_TEST_COMMON_H
-#include <utility>
-#include <string.h>
+//#include <utility>
#include <lua.hpp>
inline void l_end_lua_state(lua_State*& L_ptr)
//--------------------------------------------------------------------------
// lua_util.cc author Joel Cornett <jocornet@cisco.com>
-#include "lua_util.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <stdio.h>
+#include "lua_util.h"
#define LUA_MSG_BUFSIZE 128
#ifndef LUA_UTIL_H
#define LUA_UTIL_H
-#include <limits>
#include <string>
#include <lua.hpp>
//--------------------------------------------------------------------------
// main.cc author Russ Combs <rucombs@cisco.com>
-#include "main.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <sys/types.h>
-#include <sys/select.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-#include <time.h>
-
-#ifdef SHELL
-#include <sys/socket.h>
-#include <netinet/in.h>
-#endif
+#include "main.h"
-#include <mutex>
-#include <string>
#include <thread>
+#include "control/idle_processing.h"
+#include "framework/module.h"
+#include "helpers/process.h"
#include "helpers/ring.h"
+#include "helpers/swapper.h"
#include "log/messages.h"
+#include "lua/lua.h"
#include "main/analyzer.h"
#include "main/shell.h"
#include "main/snort.h"
#include "main/snort_debug.h"
#include "main/snort_module.h"
#include "main/thread_config.h"
-#include "framework/module.h"
+#include "managers/inspector_manager.h"
#include "managers/module_manager.h"
#include "managers/plugin_manager.h"
-#include "managers/inspector_manager.h"
#include "memory/memory_cap.h"
-#include "utils/util.h"
-#include "parser/parser.h"
-#include "packet_io/trough.h"
-#include "packet_io/intf.h"
#include "packet_io/sfdaq.h"
-#include "control/idle_processing.h"
+#include "packet_io/trough.h"
#include "target_based/sftarget_reader.h"
-#include "flow/flow_control.h"
-#include "lua/lua.h"
-#include "helpers/process.h"
-#include "helpers/swapper.h"
#include "time/periodic.h"
+#include "utils/util.h"
#include "utils/safec.h"
#ifdef UNIT_TEST
#ifndef MAIN_H
#define MAIN_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
struct lua_State;
const char* get_prompt();
//--------------------------------------------------------------------------
// analyzer.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "analyzer.h"
-#include <chrono>
#include <thread>
+#include "helpers/swapper.h"
+#include "log/messages.h"
#include "main.h"
+#include "packet_io/sfdaq.h"
+
#include "snort.h"
#include "snort_debug.h"
#include "thread.h"
-#include "helpers/swapper.h"
-#include "log/messages.h"
-#include "memory/memory_cap.h"
-#include "packet_io/sfdaq.h"
using namespace std;
// to control the thread and swap configuration.
#include <atomic>
-#include "main/snort_types.h"
enum AnalyzerCommand
{
//--------------------------------------------------------------------------
// help.cc author Russ Combs <rucombs@cisco.com>
-#include "help.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <syslog.h>
+#include "help.h"
+
#include <iostream>
-#include <string>
-#include "main.h"
-#include "main/snort_config.h"
-#include "main/snort_module.h"
#include "framework/module.h"
-#include "framework/parameter.h"
+#include "helpers/markup.h"
+#include "helpers/process.h"
#include "managers/event_manager.h"
-#include "managers/so_manager.h"
#include "managers/inspector_manager.h"
#include "managers/module_manager.h"
#include "managers/plugin_manager.h"
#include "managers/script_manager.h"
-#include "packet_io/sfdaq.h"
+#include "managers/so_manager.h"
#include "packet_io/intf.h"
-#include "parser/config_file.h"
-#include "helpers/process.h"
+#include "packet_io/sfdaq.h"
#include "utils/util.h"
-#include "helpers/markup.h"
+
+#include "snort_config.h"
+#include "snort_module.h"
using namespace std;
// modules.cc author Russ Combs <rucombs@cisco.com>
-#include "modules.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "snort_config.h"
-#include "snort_module.h"
-#include "thread_config.h"
+#include "modules.h"
#include "codecs/codec_module.h"
#include "detection/fp_config.h"
-#include "file_api/file_module.h"
#include "filters/detection_filter.h"
#include "filters/rate_filter.h"
#include "filters/sfrf.h"
#include "filters/sfthd.h"
-#include "flow/ha_module.h"
#include "filters/sfthreshold.h"
+#include "flow/ha_module.h"
#include "framework/module.h"
#include "host_tracker/host_tracker_module.h"
#include "host_tracker/host_cache_module.h"
#include "parser/parse_conf.h"
#include "parser/parse_ip.h"
#include "parser/parser.h"
-#include "profiler/profiler.h"
+#include "profiler/profiler_defs.h"
#include "search_engines/pat_stats.h"
#include "side_channel/side_channel_module.h"
-#include "sfip/sf_ip.h"
#include "sfip/sf_ipvar.h"
#include "stream/stream.h"
#include "target_based/sftarget_data.h"
#include "target_based/snort_protocols.h"
+#include "snort_config.h"
+#include "snort_module.h"
+#include "thread_config.h"
+
using namespace std;
//-------------------------------------------------------------------------
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "policy.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <stdlib.h>
-#include <string.h>
-#include <assert.h>
+#include "policy.h"
+#include "detection/detect.h"
#include "managers/inspector_manager.h"
#include "parser/vars.h"
-#include "main/shell.h"
-#include "main/snort_config.h"
-#include "detection/detect.h"
-#include "ports/port_table.h"
-#include "ports/port_utils.h"
#include "ports/port_var_table.h"
+#include "shell.h"
+#include "snort_config.h"
+
//-------------------------------------------------------------------------
// traffic policy
//-------------------------------------------------------------------------
// -- inspection - for flow handling
// -- ips - for rule handling
-#include <string>
-#include <vector>
-
-#include "main/snort_types.h"
#include "framework/data_bus.h"
struct PortTable;
//--------------------------------------------------------------------------
// shell.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "shell.h"
-#include <assert.h>
-#include <string.h>
-#include <string>
-#include <lua.hpp>
+#include <cassert>
+#include <cstring>
#include <stdexcept>
-#include "framework/module.h"
+#include "log/messages.h"
#include "lua/lua.h"
#include "managers/module_manager.h"
-#include "parser/parser.h"
-#include "log/messages.h"
using namespace std;
// Shell encapsulates a Lua state. There is one for each policy file.
#include <string>
+
struct lua_State;
class Shell
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "snort.h"
-
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
-#include <assert.h>
-#include <ctype.h>
-#include <fcntl.h>
-#include <netdb.h>
-#include <string.h>
-#include <syslog.h>
-#include <time.h>
-#include <unistd.h>
+#include "snort.h"
-#include <netinet/in.h>
#include <sys/stat.h>
+#include <syslog.h>
#include "actions/ips_actions.h"
#include "codecs/codec_api.h"
#include "ips_options/ips_options.h"
#include "latency/packet_latency.h"
#include "latency/rule_latency.h"
+#include "log/log.h"
#include "log/messages.h"
#include "loggers/loggers.h"
+#include "main.h"
#include "managers/action_manager.h"
#include "managers/codec_manager.h"
#include "managers/inspector_manager.h"
#include "managers/plugin_manager.h"
#include "managers/script_manager.h"
#include "network_inspectors/network_inspectors.h"
-#include "packet_io/sfdaq.h"
#include "packet_io/active.h"
+#include "packet_io/sfdaq.h"
#include "packet_io/trough.h"
#include "parser/cmd_line.h"
#include "parser/parser.h"
#include "perf_monitor/perf_monitor.h"
#include "profiler/profiler.h"
-#include "protocols/packet.h"
-#include "protocols/packet_manager.h"
#include "search_engines/search_engines.h"
#include "service_inspectors/service_inspectors.h"
#include "side_channel/side_channel.h"
#endif
#include "build.h"
-#include "main.h"
#include "snort_config.h"
-#include "snort_debug.h"
#include "thread_config.h"
using namespace std;
// Snort is the top-level application class.
-#include <assert.h>
-#include <sys/types.h>
-#include <stdio.h>
-#include "main/snort_types.h"
-
-extern "C" {
#include <daq_common.h>
-}
+
+#include "main/snort_types.h"
class Flow;
struct Packet;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "snort_config.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "snort_config.h"
+
#include "detection/fp_config.h"
#include "detection/fp_create.h"
#include "filters/detection_filter.h"
#include "parser/parser.h"
#include "parser/vars.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
#include "sfip/sf_ip.h"
-#include "thread_config.h"
#include "target_based/sftarget_reader.h"
+#include "target_based/snort_protocols.h"
#include "utils/util.h"
#ifdef HAVE_HYPERSCAN
#include "search_engines/hyperscan.h"
#endif
+#include "thread_config.h"
+
THREAD_LOCAL SnortConfig* snort_conf = nullptr;
uint32_t SnortConfig::warning_flags = 0;
// SnortConfig encapsulates all data loaded from the config files.
// FIXIT-L privatize most of this stuff.
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#include "events/event_queue.h"
#include "file_api/file_config.h"
#include "framework/bits.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "snort_debug.h"
-#include <stdio.h>
-#include <stdarg.h>
#include <syslog.h>
-#include <stdlib.h>
+
+#include <cstring>
#include "log/messages.h"
+#include "utils/safec.h"
-#include "snort_types.h"
#include "snort_config.h"
-#include "utils/safec.h"
bool Debug::init = false;
uint64_t Debug::mask = 0;
//
// FIXIT-M debug flags needs to be replaced with a module facility.
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#include <cstdarg>
-#include <cstdio>
-#include <stdint.h>
-#include <ctype.h>
#include "main/snort_types.h"
// snort_module.cc author Russ Combs <rucombs@cisco.com>
-#include "snort_module.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <string.h>
-
-#include <string>
+#include "snort_module.h"
-#include "main.h"
-#include "snort_config.h"
-#include "help.h"
-#include "shell.h"
-#include "thread_config.h"
-#include "detection/detect.h"
-#include "framework/base_api.h"
#include "framework/module.h"
#include "framework/parameter.h"
#include "log/messages.h"
-#include "managers/module_manager.h"
-#include "managers/plugin_manager.h"
+#include "main.h"
#include "packet_io/sfdaq_config.h"
+#include "packet_io/trough.h"
#include "parser/config_file.h"
#include "parser/parser.h"
#include "parser/parse_utils.h"
#include "parser/vars.h"
-#include "packet_io/trough.h"
-#include "utils/stats.h"
#ifdef UNIT_TEST
#include "catch/unit_test.h"
#endif
+#include "help.h"
+#include "shell.h"
+#include "snort_config.h"
+#include "thread_config.h"
+
using namespace std;
//-------------------------------------------------------------------------
// defines common types if not already defined
-#define __STDC_FORMAT_MACROS
-#include <inttypes.h>
-
-#include <stdint.h>
-#include <sys/types.h>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
+#include <cinttypes>
+#include <cstddef>
+#include <cstdint>
typedef uint16_t Port;
-/* use these macros (and those in <inttypes.h>)
- * for 64 bit format portability
- */
+/* use these macros for 64 bit format portability */
#define STDu64 "%" PRIu64
-#define CSVu64 STDu64 ","
#define FMTu64(fmt) "%" fmt PRIu64
#define STDi64 "%" PRIi64
-#define CSVi64 STDi64 ","
#define FMTi64(fmt) "%" fmt PRIi64
#define STDx64 "%" PRIx64
-#define CSVx64 STDx64 ","
#define FMTx64(fmt) "%" fmt PRIx64
-#ifndef UINT8_MAX
-# define UINT8_MAX 0xff
-#endif
-
-#ifndef USHRT_MAX
-# define USHRT_MAX 0xffff
-#endif
-
-#ifndef UINT16_MAX
-# define UINT16_MAX 0xffff
-#endif
-
-#ifndef UINT32_MAX
-# define UINT32_MAX (4294967295U)
-#endif
-
-#ifndef UINT64_MAX
-# if SIZEOF_UNSIGNED_LONG_INT == 8
-# define UINT64_MAX (18446744073709551615UL)
-# else
-# define UINT64_MAX (18446744073709551615ULL)
-# endif
-#endif
-
-/* Somewhat arbitrary, but should be enough for this application
- * since files shouldn't be buried too deep. This provides about
- * 15 levels of 255 character path components */
-#ifndef PATH_MAX
-# define PATH_MAX 4096
-#endif
-
-/* utilities */
-
-#ifndef SIZE_MAX
-#define SIZE_MAX 0xFFFFFFFF // FIXIT-L use c++ define
-#endif
-
-#ifndef INT32_MAX
-#define INT32_MAX 0x7FFFFFFF // FIXIT-L use c++ define
-#endif
-
#define UNUSED(x) (void)(x)
#ifndef SO_PUBLIC
//--------------------------------------------------------------------------
// thread.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "thread.h"
#include <sys/stat.h>
// basic thread management utilities
#include <string>
+
#include "main/snort_types.h"
#define THREAD_LOCAL_TBD
//--------------------------------------------------------------------------
// thread_config.cc author Michael Altizer <mialtize@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "thread_config.h"
#include <hwloc.h>
)
set( MANAGERS_INCLUDES
+ codec_manager.h
inspector_manager.h
)
${MANAGERS_INCLUDES}
action_manager.h
action_manager.cc
- codec_manager.h
codec_manager.cc
event_manager.cc
event_manager.h
x_mgrdir = $(pkgincludedir)/managers
x_mgr_HEADERS = \
+codec_manager.h \
inspector_manager.h
noinst_LIBRARIES = libmanagers.a
//--------------------------------------------------------------------------
// action_manager.cc author Russ Combs <rucombs@cisco.com>
-#include "action_manager.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
+#include "action_manager.h"
#include <list>
#include "actions/act_replace.h"
-#include "actions/ips_actions.h"
-#include "framework/ips_action.h"
#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "main/snort_debug.h"
-#include "managers/module_manager.h"
-#include "parser/parser.h"
#include "packet_io/active.h"
-#include "utils/util.h"
+#include "parser/parser.h"
using namespace std;
// which is just a single response deferred until end of current packet
// processing.
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include "main/snort_types.h"
#include "actions/actions.h"
-#include "framework/base_api.h"
+#include "framework/ips_action.h"
+#include "framework/module.h"
#ifdef PIGLET
#include "framework/ips_action.h"
-#include "piglet/piglet_api.h"
#endif
struct ActionApi;
// codec_manager.cc author Josh Rosenbaum <jrosenba@cisco.com>
#ifdef HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
-#include <algorithm>
-#include <string.h>
+#include "codec_manager.h"
-#include "main/snort_config.h"
-#include "framework/codec.h"
-#include "managers/codec_manager.h"
-#include "protocols/packet_manager.h"
#include "log/messages.h"
-#include "parser/parser.h"
+#include "main/snort_config.h"
#include "packet_io/sfdaq.h"
+#include "protocols/packet_manager.h"
#include "utils/dnet_header.h"
struct CodecManager::CodecApiWrapper
// Factory for Codecs. Runtime support is provided by PacketManager.
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#include <array>
-#include <string>
#include <vector>
-#include <cstdint>
#include "main/thread.h"
#include "protocols/protocol_ids.h"
#ifdef PIGLET
#include "framework/codec.h"
-#include "piglet/piglet_api.h"
#endif
struct SnortConfig;
//--------------------------------------------------------------------------
// connector_manager.cc author Ed Borgoyn <eborgoyn@cisco.com>
-#include "connector_manager.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
+#include "connector_manager.h"
+#include <cassert>
#include <list>
+#include <map>
#include <unordered_map>
-#include <utility>
#include "framework/connector.h"
#include "log/messages.h"
-#include "main/snort_config.h"
#include "main/snort_debug.h"
#include "utils/util.h"
-#include "module_manager.h"
-
// ConnectorManager Private Data
// One ConnectorElem for each Connector within the ConnectorCommon configuration
// Factory for Connectors.
-#include "framework/connector.h"
+#include <string>
struct SnortConfig;
struct ConnectorApi;
//--------------------------------------------------------------------------
// event_manager.cc author Russ Combs <rucombs@cisco.com>
-#include "event_manager.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <errno.h>
+#include "event_manager.h"
+#include <cassert>
#include <list>
-#include "plugin_manager.h"
-#include "module_manager.h"
-
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
#include "framework/logger.h"
-#include "framework/module.h"
-#include "loggers/loggers.h"
-#include "parser/parser.h"
#include "log/messages.h"
+#include "main/snort_config.h"
+
+#include "module_manager.h"
using namespace std;
// OutputSet is a group of Loggers that can be attached to external data.
// Also provides runtime logging.
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "main/snort_types.h"
-#include "framework/base_api.h"
+#include "framework/module.h"
#ifdef PIGLET
#include "framework/logger.h"
-#include "piglet/piglet_api.h"
#endif
#define OUTPUT_TYPE_FLAG__NONE 0x0
//--------------------------------------------------------------------------
// inspector_manager.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "inspector_manager.h"
-#include <assert.h>
-#include <algorithm>
#include <list>
#include <vector>
-#include "module_manager.h"
-#include "main/snort_config.h"
-#include "main/thread_config.h"
+#include "binder/bind_module.h"
+#include "binder/binder.h"
+#include "detection/detect.h"
#include "flow/flow.h"
#include "flow/session.h"
-#include "framework/inspector.h"
-#include "detection/detection_util.h"
#include "log/messages.h"
-#include "packet_io/active.h"
+#include "main/snort_config.h"
+#include "main/thread_config.h"
+#include "protocols/packet.h"
#include "target_based/snort_protocols.h"
-#include "binder/bind_module.h"
-#include "binder/binder.h"
+
+#include "module_manager.h"
using namespace std;
// Factory for Inspectors.
// Also provides packet evaluation.
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "main/snort_types.h"
-#include "framework/base_api.h"
#include "framework/inspector.h"
#ifdef PIGLET
#include "framework/inspector.h"
-#include "piglet/piglet_api.h"
#endif
struct Packet;
//--------------------------------------------------------------------------
// ips_manager.cc author Russ Combs <rucombs@cisco.com>
-#include "ips_manager.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
-#include <zlib.h>
+#include "ips_manager.h"
+#include <cassert>
#include <list>
-#include <fstream>
-#include "plugin_manager.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "main/snort_debug.h"
-#include "framework/ips_option.h"
-#include "framework/so_rule.h"
-#include "framework/module.h"
-#include "framework/parameter.h"
-#include "managers/module_manager.h"
-#include "ips_options/ips_options.h"
-#include "utils/util.h"
-#include "parser/parser.h"
+#include "detection/treenodes.h"
#include "log/messages.h"
+#include "main/snort_config.h"
+
+#include "module_manager.h"
+#include "plugin_manager.h"
using namespace std;
// Factory for IpsOptions.
// Runtime use of IpsOptions is via detection option tree.
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <string>
-
-#include "main/snort_types.h"
#include "detection/detection_options.h"
-#include "framework/base_api.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "detection/treenodes.h"
-
-#ifdef PIGLET
-#include "piglet/piglet_api.h"
-#endif
struct SnortConfig;
struct IpsApi;
//--------------------------------------------------------------------------
// module_manager.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "module_manager.h"
-#include <assert.h>
+#include <lua.hpp>
+#include <cassert>
#include <iostream>
-#include <list>
#include <mutex>
#include <string>
-#include <sstream>
-#include <lua.hpp>
-#include "plugin_manager.h"
+#include "framework/base_api.h"
+#include "framework/module.h"
+#include "helpers/markup.h"
#include "log/messages.h"
-#include "main/snort_config.h"
#include "main/modules.h"
#include "main/shell.h"
-#include "main/snort_types.h"
#include "main/snort.h"
-#include "framework/base_api.h"
-#include "framework/module.h"
-#include "parser/parser.h"
+#include "main/snort_config.h"
#include "parser/parse_conf.h"
+#include "parser/parser.h"
#include "parser/vars.h"
#include "profiler/profiler.h"
-#include "helpers/markup.h"
-#include "utils/stats.h"
+
+#include "plugin_manager.h"
using namespace std;
// Modules are strictly used during parse time.
#include <list>
-#include <string>
//-------------------------------------------------------------------------
//--------------------------------------------------------------------------
// mpse_manager.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "mpse_manager.h"
#include <list>
-#include "module_manager.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
#include "framework/mpse.h"
-#include "parser/parser.h"
#include "log/messages.h"
-#include "search_engines/search_common.h"
+
+#include "module_manager.h"
using namespace std;
// as searching by inspectors with a SearchTool. Runtime use of the Mpse
// is by the fast pattern detection module.
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include "main/snort_types.h"
-#include "framework/base_api.h"
+#include "framework/module.h"
#ifdef PIGLET
#include "framework/mpse.h"
-#include "piglet/piglet_api.h"
#endif
struct MpseApi;
//--------------------------------------------------------------------------
// plugin_manager.cc author Russ Combs <rucombs@cisco.com>
-#include "plugin_manager.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <sys/stat.h>
+#include "plugin_manager.h"
+
#include <dlfcn.h>
+#include <sys/stat.h>
-#include <map>
-#include <vector>
#include <iostream>
-
-#ifdef PIGLET
-#include "piglet/piglet_api.h"
-#include "piglet/piglet_manager.h"
-#endif
+#include <map>
#include "framework/codec.h"
+#include "framework/connector.h"
#include "framework/logger.h"
-#include "framework/ips_action.h"
-#include "framework/ips_option.h"
-#include "framework/inspector.h"
#include "framework/mpse.h"
-#include "framework/so_rule.h"
-
-#include "log/messages.h"
#include "helpers/directory.h"
#include "helpers/markup.h"
-#include "parser/parser.h"
+#include "log/messages.h"
+
+#ifdef PIGLET
+#include "piglet/piglet_api.h"
+#include "piglet/piglet_manager.h"
+#endif
#include "action_manager.h"
+#include "codec_manager.h"
#include "connector_manager.h"
#include "event_manager.h"
#include "inspector_manager.h"
#include "ips_manager.h"
#include "module_manager.h"
#include "mpse_manager.h"
-#include "codec_manager.h"
#include "script_manager.h"
#include "so_manager.h"
//-------------------------------------------------------------------------
#include <string>
-#include <vector>
-#include "main/snort_types.h"
#include "framework/base_api.h"
class Module;
//--------------------------------------------------------------------------
// script_manager.cc author Russ Combs <rucombs@cisco.com>
-#include "script_manager.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string.h>
+#include "script_manager.h"
-#include <string>
-#include <vector>
#include <sys/stat.h>
-#include <lua.hpp>
-#include "ips_manager.h"
-#include "plugin_manager.h"
-#include "lua/lua.h"
-#include "lua/lua_util.h"
#include "framework/ips_option.h"
#include "framework/logger.h"
#include "framework/lua_api.h"
-#include "log/messages.h"
#include "helpers/directory.h"
+#include "log/messages.h"
+#include "lua/lua.h"
+#include "lua/lua_util.h"
#ifdef PIGLET
#include "piglet/piglet_manager.h"
#include <string>
#include <vector>
-#include "main/snort_types.h"
#include "framework/base_api.h"
//-------------------------------------------------------------------------
//--------------------------------------------------------------------------
// so_manager.cc author Russ Combs <rucombs@cisco.com>
-#include "so_manager.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
+#include "so_manager.h"
+
#include <zlib.h>
-#include <list>
+#include <cassert>
+#include <cstdlib>
+#include <cstring>
#include <iomanip>
#include <iostream>
+#include <list>
#include <sstream>
-#include "plugin_manager.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "main/snort_debug.h"
-#include "framework/so_rule.h"
-#include "framework/module.h"
-#include "utils/util.h"
-#include "parser/parser.h"
#include "log/messages.h"
using namespace std;
// Factory for shared object rules.
// Runtime is same as for text rules.
-#include "main/snort_types.h"
-#include "framework/base_api.h"
#include "framework/so_rule.h"
struct SnortConfig;
// memory_allocator.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "memory_allocator.h"
#include <cstdlib>
// memory_cap.cc author Joel Cornett <jocornet@cisco.com>
-#include "memory_cap.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <cassert>
+#include "memory_cap.h"
+
#include "log/messages.h"
#include "main/snort_config.h"
-#include "main/snort_debug.h"
-#include "main/thread.h"
#include "profiler/memory_profiler_active_context.h"
#include "memory_config.h"
#include "config.h"
#endif
-#include <new>
-#include <cstdio>
#include <cassert>
+#include <new>
#include "main/thread.h"
// memory_module.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "memory_module.h"
#include "main/snort_config.h"
+
#include "memory_config.h"
// -----------------------------------------------------------------------------
// prune_handler.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "prune_handler.h"
+
#include "stream/stream.h"
namespace memory
set( MIME_INCLUDES
decode_b64.h
decode_base.h
- decode_bit.h
- decode_buffer.h
- decode_qp.h
- decode_uu.h
file_mime_config.h
file_mime_decode.h
file_mime_log.h
decode_base.cc
decode_b64.cc
decode_bit.cc
+ decode_bit.h
decode_buffer.cc
+ decode_buffer.h
decode_qp.cc
+ decode_qp.h
decode_uu.cc
-
+ decode_uu.h
)
target_link_libraries(mime file_api)
x_include_HEADERS = \
decode_b64.h \
decode_base.h \
-decode_bit.h \
-decode_buffer.h \
-decode_qp.h \
-decode_uu.h \
file_mime_config.h \
file_mime_decode.h \
file_mime_log.h \
decode_b64.cc \
decode_base.cc \
decode_bit.cc \
+decode_bit.h \
decode_buffer.cc \
+decode_buffer.h \
decode_qp.cc \
+decode_qp.h \
decode_uu.cc \
+decode_uu.h \
file_mime_config.cc \
file_mime_decode.cc \
file_mime_log.cc \
//--------------------------------------------------------------------------
// decode_b64.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "decode_b64.h"
-#include "utils/util.h"
#include "utils/util_unfold.h"
-#include "decode_base.h"
#include "decode_buffer.h"
void B64Decode::reset_decode_state()
// Email attachment decoder
-#include <stdlib.h>
-
#include "main/snort_types.h"
#include "mime/decode_base.h"
//--------------------------------------------------------------------------
// decode_base.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "decode_base.h"
-#include "utils/util.h"
void DataDecode::reset_decoded_bytes()
{
// Email attachment decoder
-#include <stdlib.h>
-#include "main/snort_types.h"
+#include <cstdint>
enum DecodeResult
{
//--------------------------------------------------------------------------
// decode_bit.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "decode_bit.h"
-#include "utils/util.h"
void BitDecode::reset_decode_state()
{
// Email attachment decoder
-#include <stdlib.h>
#include "mime/decode_base.h"
class BitDecode : public DataDecode
//--------------------------------------------------------------------------
// decode_buffer.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "decode_buffer.h"
+
#include "utils/util.h"
void DecodeBuffer::reset_saved()
// Manage decode/encode buffers
-#include <stdlib.h>
#include "main/snort_types.h"
class DecodeBuffer
//--------------------------------------------------------------------------
// decode_qp.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "decode_qp.h"
-#include "utils/util.h"
+#include <cctype>
+#include <cstdlib>
+
#include "utils/util_unfold.h"
#include "decode_buffer.h"
// Email attachment decoder
-#include <stdlib.h>
#include "mime/decode_base.h"
class QPDecode : public DataDecode
//--------------------------------------------------------------------------
// decode_uu.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "decode_uu.h"
#include "utils/safec.h"
#include "utils/util.h"
-#include "utils/util_unfold.h"
#include "decode_buffer.h"
// file_mime_config.cc author Hui Cao <huica@cisco.com>
// 9.25.2012 - Initial Source Code. Hui Cao
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "file_mime_config.h"
#include "log/messages.h"
-#include "main/snort_types.h"
#include "file_api/file_service.h"
-#include "file_mime_process.h"
-
void DecodeConfig::set_ignore_data(bool ignored)
{
ignore_data = ignored;
//--------------------------------------------------------------------------
// file_mime_decode.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "file_mime_decode.h"
-#include "utils/util_unfold.h"
#include "utils/util.h"
#include "decode_b64.h"
// Email attachment decoder, supports Base64, QP, UU, and Bit7/8
-#include <stdlib.h>
-
#include "framework/counts.h"
-#include "main/snort_types.h"
#include "mime/decode_base.h"
#include "mime/file_mime_config.h"
// file_mime_log.cc author Hui Cao <huica@cisco.com>
// 9.25.2012 - Initial Source Code. Hui Cao
-#include "file_mime_log.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "utils/util.h"
-#include "file_api/file_api.h"
+#include "file_mime_log.h"
+
#include "file_api/file_flows.h"
#include "utils/safec.h"
+#include "utils/util.h"
#define MAX_FILE 1024
#define MAX_EMAIL 1024
// File name will be extracted from MIME header
// Email headers and emails are also stored in the log buffer
-#include "mime/file_mime_config.h"
-#include "file_api/file_api.h"
+#include <cstdint>
enum EmailUserType
{
// file_mime_paf.cc author Hui Cao <huica@cisco.com>
// 9.25.2012 - Initial Source Code. Hui Cao
-#include "file_mime_paf.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "file_api/file_api.h"
+#include "file_mime_paf.h"
+
+#include <cctype>
-#include "file_mime_config.h"
+#include "main/snort_debug.h"
static const char* boundary_str = "boundary=";
// Provides list of MIME processing functions. Encoded file data will be decoded
// and file name will be extracted from MIME header
-#include "mime/decode_base.h"
-#include "mime/file_mime_config.h"
-#include "file_api/file_api.h"
+#include "main/snort_types.h"
/* State tracker for data */
enum MimeDataState
// file_mime_process.cc author Hui Cao <huica@cisco.com>
// 9.25.2012 - Initial Source Code. Hui Cao
-#include "file_mime_process.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "main/snort_types.h"
+#include "file_mime_process.h"
+
#include "detection/detection_util.h"
-#include "file_api/file_api.h"
#include "file_api/file_flows.h"
-#include "framework/data_bus.h"
#include "log/messages.h"
-#include "protocols/packet.h"
#include "search_engines/search_tool.h"
-#include "utils/util.h"
-
-#include "file_mime_config.h"
-#include "file_mime_decode.h"
struct MimeToken
{
// Provides list of MIME processing functions. Encoded file data will be decoded
// and file name will be extracted from MIME header
-#include "main/snort_types.h"
#include "file_api/file_api.h"
#include "mime/file_mime_config.h"
-#include "mime/file_mime_paf.h"
-#include "mime/file_mime_log.h"
#include "mime/file_mime_decode.h"
+#include "mime/file_mime_log.h"
+#include "mime/file_mime_paf.h"
/* state flags */
#define MIME_FLAG_FOLDING 0x00000001
// app_forecast.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "app_forecast.h"
#include "hash/sfxhash.h"
-#include "time/packet_time.h"
#include "log/messages.h"
-#include "application_ids.h"
+#include "protocols/packet.h"
+#include "time/packet_time.h"
+
+#include "appid_session.h"
static AFActKey master_key;
static THREAD_LOCAL SFXHASH* AF_indicators = nullptr; // App Forecasting list of "indicator apps"
#define APP_FORECAST_H
// AppId flow forcasting data structures and methods
-//
-#include <time.h>
-#include "appid_api.h"
-#include "protocols/packet.h"
+#include "flow/flow.h"
-#include "appid_session.h"
+class AppIdSession;
+struct Packet;
// indicator - the appId that indicates there may be subsequent flows to look for, from the same host
// forecast - the appId in the subsequent flow that we are looking for
// for now, indicator and target are WEB APPLICATIONS. The forecast is APP PROTOCOL. We can change this
// later by adding app type info for each, if we find a use case.
-class AppIdConfig;
enum ApplicationId : int32_t;
struct AFElement
// app_info_table.cc author Sourcefire Inc.
-#include "app_info_table.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "application_ids.h"
+#include "app_info_table.h"
+
+#include <limits.h>
+
#include "log/messages.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
+
+#include "appid_config.h"
#include "service_plugins/service_util.h"
#define MAX_TABLE_LINE_LEN 1024
#ifndef APP_INFO_TABLE_H
#define APP_INFO_TABLE_H
-#include <cstdint>
-#include <unordered_map>
#include <mutex>
+#include <unordered_map>
-#include "application_ids.h"
-#include "appid_api.h"
-#include "appid_config.h"
+#include "flow/flow.h"
#include "utils/util.h"
+#include "application_ids.h"
+
#define APP_PRIORITY_DEFAULT 2
#define SF_APPID_MAX 40000
#define SF_APPID_BUILDIN_MAX 30000
// appid_api.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "appid_api.h"
#include "app_info_table.h"
#include "service_plugins/service_base.h"
-#include "app_info_table.h"
-
-#include "utils/util.h"
#define SSL_WHITELIST_PKT_LIMIT 20
#ifndef APPID_API_H
#define APPID_API_H
-#include <cstdint>
-
#include "flow/flow.h"
enum class IpProtocol : uint8_t;
//--------------------------------------------------------------------------
// appid_config.cc author Sourcefire Inc.
-#include <cstring>
-#include <glob.h>
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include "appid_config.h"
+
+#include <glob.h>
+#include <limits.h>
+
+#include "log/messages.h"
+#include "main/snort_debug.h"
+
#include "app_info_table.h"
-#include "appid_utils/network_set.h"
-#include "appid_utils/ip_funcs.h"
#include "appid_utils/appid_utils.h"
-#include "main/snort_debug.h"
-#include "log/messages.h"
-#include "utils/util.h"
-#include "thirdparty_appid_utils.h"
+#include "appid_utils/network_set.h"
#include "service_plugins/service_base.h"
#define ODP_PORT_DETECTORS "odp/port/*"
// Receive events from the HTTP inspector containing header information
// to be used to detect AppIds.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "appid_http_event_handler.h"
-#include "appid_config.h"
-#include "appid_session.h"
+
#include "appid_module.h"
-#include "thirdparty_appid_utils.h"
-#include "utils/util.h"
static void replace_header_data(char **data, uint16_t &datalen, const uint8_t *header_start,
int32_t header_length)
#ifndef APPID_HTTP_EVENT_HANDLER_H
#define APPID_HTTP_EVENT_HANDLER_H
-#include "framework/data_bus.h"
-
#include "pub_sub/http_events.h"
class HttpEventHandler : public DataHandler
// appid_inspector.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: May 10, 2016
-#include "appid_inspector.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "appid_inspector.h"
+
#include <openssl/crypto.h>
#include "log/messages.h"
-#include "main/thread.h"
#include "profiler/profiler.h"
-#include "appid_stats.h"
-#include "appid_session.h"
-#include "lua_detector_module.h"
-#include "lua_detector_api.h"
-#include "host_port_app_cache.h"
+#include "pub_sub/sip_events.h"
+
#include "app_forecast.h"
-#include "service_plugins/service_base.h"
-#include "service_plugins/service_ssl.h"
+#include "appid_http_event_handler.h"
+#include "appid_module.h"
+#include "appid_stats.h"
#include "client_plugins/client_app_base.h"
#include "detector_plugins/detector_base.h"
#include "detector_plugins/detector_dns.h"
#include "detector_plugins/detector_http.h"
-#include "detector_plugins/detector_sip.h"
#include "detector_plugins/detector_pattern.h"
-#include "appid_http_event_handler.h"
-#include "pub_sub/sip_events.h"
+#include "host_port_app_cache.h"
+#include "lua_detector_api.h"
+#include "lua_detector_module.h"
+#include "service_plugins/service_base.h"
+#include "service_plugins/service_ssl.h"
static void dump_appid_stats()
{
#ifndef APPID_INSPECTOR_H
#define APPID_INSPECTOR_H
-#include "main/snort_config.h"
-#include "protocols/packet.h"
+#include "appid_config.h"
-#include "appid_module.h"
+struct Packet;
+struct SnortConfig;
class AppIdInspector : public Inspector
{
// appid_module.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: May 10, 2016
-#include "appid_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
+#include "appid_module.h"
#include "log/messages.h"
#include "profiler/profiler.h"
-#include "sfip/sf_ip.h"
-#include "utils/util.h"
using namespace std;
#ifndef APPID_MODULE_H
#define APPID_MODULE_H
-#include "main/snort_types.h"
#include "framework/module.h"
#include "appid_config.h"
//--------------------------------------------------------------------------
// appid_session.cc author Sourcefire Inc.
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "appid_session.h"
#include "log/messages.h"
#include "main/snort_config.h"
-#include "protocols/tcp.h"
#include "profiler/profiler.h"
-#include "target_based/snort_protocols.h"
-#include "sfip/sf_ip.h"
+#include "protocols/packet.h"
+#include "protocols/tcp.h"
#include "stream/stream.h"
+#include "target_based/snort_protocols.h"
#include "time/packet_time.h"
-#include "utils/util.h"
+#include "app_forecast.h"
#include "app_info_table.h"
#include "appid_module.h"
#include "appid_stats.h"
-#include "app_forecast.h"
-#include "host_port_app_cache.h"
-#include "lua_detector_module.h"
#include "appid_utils/ip_funcs.h"
#include "client_plugins/client_app_base.h"
-#include "detector_plugins/detector_http.h"
#include "detector_plugins/detector_dns.h"
+#include "detector_plugins/detector_http.h"
+#include "host_port_app_cache.h"
#include "service_plugins/service_base.h"
#include "service_plugins/service_ssl.h"
-#include "service_plugins/service_util.h"
-
ProfileStats tpPerfStats;
ProfileStats tpLibPerfStats;
// AppId configuration data structures and access methods
-#include <cstdint>
-#include <ctime>
-
-#include "protocols/packet.h"
#include "utils/sflsq.h"
#include "appid_api.h"
#include "application_ids.h"
+#include "http_common.h"
#include "length_app_cache.h"
#include "service_state.h"
-#include "http_common.h"
#include "thirdparty_appid_api.h"
#include "thirdparty_appid_types.h"
#include "thirdparty_appid_utils.h"
// appid_stats.cc author Sourcefire Inc.
-#include "appid_stats.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <cerrno>
-#include <cstdio>
-#include <ctime>
-#include <cstdint>
+#include "appid_stats.h"
#include "log/messages.h"
#include "log/unified2.h"
-#include "utils/sflsq.h"
-#include "utils/util.h"
-#include "appid_module.h"
-#include "appid_api.h"
-#include "appid_session.h"
#include "app_info_table.h"
+#include "appid_config.h"
#include "appid_utils/fw_avltree.h"
#define URLCATBUCKETS 100
// appid_module.cc author Steve Chew <stechew@cisco.com>
// Created on: Auguest 18, 2016
-#include "main/thread.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "appid_module.h"
THREAD_LOCAL AppIdStats appid_stats;
// sfutil.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "appid_utils.h"
#include <cctype>
-#include <string.h>
-
-#include "utils/util.h"
+#include <cstring>
int AppIdUtils::split(char* data, char** toklist, int max_toks, const char* separator)
{
// fw_avltree.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "fw_avltree.h"
-#include <string.h>
-#include <stdlib.h>
#include "utils/util.h"
#ifndef FW_AVL_TREE_H
#define FW_AVL_TREE_H
-#include <stdint.h>
-#include <stdlib.h>
+#include <cstddef>
+#include <cstdint>
struct FwAvlNode
{
// ip_funcs.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ip_funcs.h"
-#include "appid_utils.h"
+#include <netinet/in.h>
+
#include "log/messages.h"
#include "utils/util.h"
+#include "appid_utils.h"
+
RNAIpAddrSet* ParseIpCidr(char* ipstring, uint32_t* netmasks)
{
char* toks[2];
#ifndef IP_FUNCS_H
#define IP_FUNCS_H
-#include <stdint.h>
-#include "protocols/ipv6.h"
+#include <cstdint>
+#include <cstring>
+
#include "sfip/sf_ip.h"
+
#include "network_set.h"
#define IPFUNCS_EXCEPT_IP 0x01
// network_set.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "network_set.h"
+#include <sys/socket.h>
+
#include "log/messages.h"
#include "utils/util.h"
#ifndef NETWORK_SET_H
#define NETWORK_SET_H
-/* System includes */
-#include <stdio.h>
-#include <sys/types.h>
-#include <stdint.h>
-#include <string.h>
-#include <limits.h>
+#include <cstdio>
-#include "utils/sflsq.h"
#include "hash/sfxhash.h"
#include "protocols/ipv6.h"
+#include "utils/sflsq.h"
// network_set.h author Sourcefire Inc.
// sf_mlmp.cc author Sourcefire Inc.
-#include "sf_mlmp.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string.h>
+#include "sf_mlmp.h"
#include "main/snort_debug.h"
#include "search_engines/search_tool.h"
#ifndef SF_MULTI_PART_MPSE_H
#define SF_MULTI_PART_MPSE_H
-#include <stdlib.h>
-#include <stdint.h>
+#include <cstddef>
+#include <cstdint>
struct tMlmpPattern
{
// sf_multi_mpse.cc author Sourcefire Inc.
-#include "sf_multi_mpse.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <stdio.h>
-#include <stdint.h>
-#include <string.h>
+#include "sf_multi_mpse.h"
#include "search_engines/search_tool.h"
#include "utils/util.h"
#ifndef SF_MULTI_MPSE_H
#define SF_MULTI_MPSE_H
-#include <stdlib.h>
-#include <stdint.h>
+#include <cstddef>
+#include <cstdint>
struct tMlpPattern
{
// client_app_aim.cc author Sourcefire Inc.
-#include "client_app_api.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <cstdint>
+#include "client_app_api.h"
#include "main/snort_debug.h"
-#include "utils/sflsq.h"
#include "app_info_table.h"
-#include "application_ids.h"
#include "appid_module.h"
#pragma pack(1)
#include "appid_api.h"
#include "appid_session.h"
-#include "utils/util.h"
struct Packet;
class Detector;
// client_app_base.cc author Ron Dempster <Ron.Dempster@sourcefire.com>
-#include "client_app_base.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <time.h>
-#include <string.h>
-#include <stdlib.h>
-#include <limits.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
+#include "client_app_base.h"
#include "main/snort_debug.h"
#include "log/messages.h"
#include "protocols/packet.h"
-#include "utils/sflsq.h"
-#include "utils/util.h"
-#include "profiler/profiler.h"
-#include "appid_api.h"
-#include "appid_config.h"
#include "app_info_table.h"
+#include "appid_config.h"
+#include "detector_plugins/detector_dns.h"
+#include "detector_plugins/detector_pattern.h"
+#include "detector_plugins/detector_sip.h"
+
+#include "client_app_aim.h"
#include "client_app_api.h"
-#include "client_app_base.h"
#include "client_app_msn.h"
-#include "client_app_aim.h"
#include "client_app_ym.h"
-#include "detector_plugins/detector_sip.h"
-#include "lua_detector_module.h"
-#include "lua_detector_api.h"
-#include "http_common.h"
-#include "service_plugins/service_ssl.h"
-#include "detector_plugins/detector_dns.h"
-#include "detector_plugins/detector_pattern.h"
/*#define CLIENT_APP_DEBUG 1 */
// client_app_bit.cc author Sourcefire Inc.
-#include "client_app_api.h"
-#include "application_ids.h"
-#include "appid_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include "main/snort_debug.h"
-#include "utils/util.h"
+
+#include "appid_module.h"
+
+#include "client_app_api.h"
static const char BIT_BANNER[] = "\023BitTorrent protocol";
// client_app_bit_tracker.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "utils/sflsq.h"
-#include "utils/util.h"
-#include "app_info_table.h"
-#include "application_ids.h"
-#include "client_app_api.h"
#include "appid_module.h"
+#include "client_app_api.h"
+
static const char UDP_BIT_QUERY[] = "d1:a";
static const char UDP_BIT_RESPONSE[] = "d1:r";
static const char UDP_BIT_ERROR[] = "d1:e";
#ifndef CLIENT_APP_CONFIG_H
#define CLIENT_APP_CONFIG_H
-#include "utils/sflsq.h"
#include "search_engines/search_tool.h"
+#include "utils/sflsq.h"
struct RNAClientAppModule;
struct RNAClientAppRecord;
// client_app_msn.cc author Sourcefire Inc.
-#include "client_app_msn.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "main/snort_debug.h"
+
+#include "client_app_msn.h"
+
#include "app_info_table.h"
-#include "application_ids.h"
#include "appid_module.h"
#define MAX_VERSION_SIZE 64
// client_app_rtp.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "utils/sflsq.h"
-#include "utils/util.h"
-#include "application_ids.h"
-#include "client_app_api.h"
#include "appid_module.h"
+#include "client_app_api.h"
+
enum RTPState
{
RTP_STATE_CONNECTION,
// client_app_ssh.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "utils/sflsq.h"
-#include "utils/util.h"
#include "app_info_table.h"
-#include "application_ids.h"
-#include "client_app_api.h"
#include "appid_module.h"
+#include "client_app_api.h"
+
static const char SSH_CLIENT_BANNER[] = "SSH-";
#define SSH_CLIENT_BANNER_LEN (sizeof(SSH_CLIENT_BANNER)-1)
#define SSH_CLIENT_BANNER_MAXPOS (sizeof(SSH_CLIENT_BANNER)-2)
// client_app_timbuktu.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "utils/sflsq.h"
-#include "utils/util.h"
-#include "app_info_table.h"
-#include "application_ids.h"
#include "client_app_api.h"
static const char TIMBUKTU_BANNER[] = "\000\001";
// client_app_tns.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "utils/sflsq.h"
-#include "utils/util.h"
#include "app_info_table.h"
-#include "application_ids.h"
-#include "client_app_api.h"
#include "appid_module.h"
+#include "client_app_api.h"
+
static const char TNS_BANNER[] = "\000\000";
#define TNS_BANNER_LEN (sizeof(TNS_BANNER)-1)
// client_app_vnc.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "main/snort_debug.h"
+
+#include "app_info_table.h"
+#include "appid_module.h"
+
+#include "client_app_api.h"
+
+#if 0
#include "protocols/packet.h"
#include "utils/sflsq.h"
#include "utils/util.h"
-#include "app_info_table.h"
-#include "application_ids.h"
-#include "client_app_api.h"
-#include "appid_module.h"
+#endif
static const char VNC_BANNER[] = "RFB ";
static const char VNC_BANNER2[] = ".";
// client_app_ym.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "client_app_ym.h"
#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "utils/sflsq.h"
#include "app_info_table.h"
-#include "application_ids.h"
-#include "client_app_api.h"
#include "appid_module.h"
struct YM_CLIENT_APP_CONFIG
// detector_base.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "detector_base.h"
-#include "client_plugins/client_app_base.h"
-#include "detector_api.h"
#include "log/messages.h"
+
+#include "client_plugins/client_app_base.h"
#include "service_plugins/service_base.h"
-#include "detector_plugins/detector_smtp.h"
+
+#include "detector_smtp.h"
static void* detector_flowdata_get(AppIdSession* asd, unsigned detector_id);
static int detector_flowdata_add(AppIdSession* asd, void* data, unsigned detector_id,
// detector_dns.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "detector_dns.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
-#include "appid_module.h"
#include "app_info_table.h"
-#include "application_ids.h"
+#include "appid_module.h"
#include "client_plugins/client_app_api.h"
-#include "service_plugins/service_api.h"
-#include "service_plugins/service_config.h"
#define MAX_OPCODE 5
#define INVALID_OPCODE 3
// detector_http.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "detector_http.h"
-#include "search_engines/search_tool.h"
#include "main/snort_debug.h"
-#include "sfip/sf_ip.h"
-
-#include "service_plugins/service_api.h"
-#include "service_plugins/service_util.h"
-#include "appid_utils/sf_mlmp.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
+#include "search_engines/search_tool.h"
#include "app_info_table.h"
-#include "application_ids.h"
+#include "appid_config.h"
+#include "appid_utils/sf_mlmp.h"
#include "client_plugins/client_app_base.h"
+#include "service_plugins/service_util.h"
+
#include "http_url_patterns.h"
/* URL line patterns for identifying client */
// detector_imap.cc author Sourcefire Inc.
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include <sys/types.h>
-#include <netinet/in.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include "detector_api.h"
+
+#include "main/snort_debug.h"
+#include "search_engines/search_tool.h"
+
#include "app_info_table.h"
-#include "application_ids.h"
-#include "appid_api.h"
-#include "appid_config.h"
#include "appid_module.h"
#include "client_plugins/client_app_api.h"
#include "service_plugins/service_api.h"
-#include "main/snort_debug.h"
-#include "search_engines/search_tool.h"
-#include "utils/util.h"
-
static const unsigned IMAP_USER_NAME_MAX_LEN = 32;
static const unsigned IMAP_TAG_MAX_LEN = 6;
static const unsigned MIN_CMDS = 3;
// detector_kerberos.cc author Sourcefire Inc.
-#include "appid_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "main/snort_debug.h"
+#include "protocols/packet.h"
+
#include "app_info_table.h"
-#include "application_ids.h"
+#include "appid_module.h"
#include "client_plugins/client_app_api.h"
#include "service_plugins/service_api.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
-
enum KerberosState
{
KRB_STATE_TCP_LENGTH,
// detector_pattern.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "detector_pattern.h"
-#include "app_info_table.h"
-#include "client_plugins/client_app_base.h"
-#include "service_plugins/service_api.h"
#include "log/messages.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
+#include "search_engines/search_tool.h"
+
+#include "app_info_table.h"
+#include "client_plugins/client_app_base.h"
+#include "service_plugins/service_api.h"
static THREAD_LOCAL ServicePortPattern service_port_patterns;
static THREAD_LOCAL ClientPortPattern clientPortPattern;
// detector_pop3.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "detector_api.h"
+
+#include "main/snort_debug.h"
+#include "search_engines/search_tool.h"
+
#include "app_info_table.h"
-#include "application_ids.h"
#include "appid_module.h"
#include "client_plugins/client_app_api.h"
-#include "detector_plugins/detector_api.h"
-#include "service_plugins/service_api.h"
#include "service_plugins/service_util.h"
-#include "log/messages.h"
-#include "main/snort_debug.h"
-#include "search_engines/search_tool.h"
-#include "utils/util.h"
-
/*#define DEBUG_POP3 1 */
struct POP3_CLIENT_APP_CONFIG
// detector_sip.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "detector_sip.h"
-#include "log/messages.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
#include "pub_sub/sip_events.h"
-#include "service_inspectors/sip/sip_common.h"
-#include "appid_module.h"
#include "app_info_table.h"
+#include "appid_module.h"
+#include "appid_utils/sf_mlmp.h"
#include "client_plugins/client_app_api.h"
#include "service_plugins/service_base.h"
+
#include "http_url_patterns.h"
-#include "appid_utils/sf_mlmp.h"
using namespace std;
-#include "app_info_table.h"
-#include "client_plugins/client_app_api.h"
-#include "service_plugins/service_base.h"
-#include "http_url_patterns.h"
-#include "appid_utils/sf_mlmp.h"
-
static const char SIP_REGISTER_BANNER[] = "REGISTER ";
static const char SIP_INVITE_BANNER[] = "INVITE ";
static const char SIP_CANCEL_BANNER[] = "CANCEL ";
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include "detector_smtp.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
-#include "utils/sflsq.h"
+#include "protocols/packet.h"
-#include "application_ids.h"
-#include "detector_api.h"
-#include "client_plugins/client_app_api.h"
-#include "service_plugins/service_util.h"
#include "app_info_table.h"
-#include "appid_api.h"
#include "appid_module.h"
+#include "client_plugins/client_app_api.h"
+#include "service_plugins/service_util.h"
enum SMTPClientState
{
// http_url_patterns.cc author Sourcefire Inc.
-#include "http_url_patterns.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string.h>
+#include "http_url_patterns.h"
#include "log/messages.h"
+#include "utils/util.h"
-#include "application_ids.h"
-#include "http_common.h"
-#include "appid_utils/sf_multi_mpse.h"
#include "appid_utils/sf_mlmp.h"
-#include "utils/util.h"
+#include "application_ids.h"
static const char* const FP_OPERATION_AND = "%&%";
static const unsigned PATTERN_PART_MAX = 10;
// client_app_smtp_test.cc author Steve Chew <stechew@cisco.com>
// unit test for client_app_smtp
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "network_inspectors/appid/detector_plugins/detector_smtp.cc"
#include <CppUTest/CommandLineTestRunner.h>
+++ /dev/null
-#!/bin/bash
-
-# run make on selected files from MANIFEST.txt
-
-USAGE="$0 [-h] [<status>] [<cisco_username>]"
-
-if [[ $1 == -h ]]; then
- echo $USAGE >&2
- exit
-fi
-
-file_status=$1
-cisco_username=$2
-filter=
-
-if [[ -n "$file_status" ]]; then
- filter="$filter *$file_status"
-fi
-
-if [[ -n "$cisco_username" ]]; then
- filter="$filter *$USER"
-fi
-
-grep -v ^# MANIFEST.txt | while IFS='' read -r line || [[ -n "$line" ]]; do
- echo $line | grep "$filter" >/dev/null && {
- filename=$(echo $line | awk '{print $1}')
- make "${filename%.*}_${filename##*.}" >/dev/null || echo $filename
- }
-done
// host_port_app_cache.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "host_port_app_cache.h"
#include <map>
-#include "appid_config.h"
#include "log/messages.h"
-#include "sfip/sf_ip.h"
+#include "utils/cpp_macros.h"
PADDING_GUARD_BEGIN
struct HostPortKey
#ifndef HOST_PORT_APP_CACHE_H
#define HOST_PORT_APP_CACHE_H
-#include "sfip/sf_ip.h"
#include "appid_api.h"
struct HostPortVal
#ifndef HTTP_COMMON_H
#define HTTP_COMMON_H
-#include "appid_api.h"
-#include "appid_utils/sf_multi_mpse.h"
+#include <vector>
+
+#include "flow/flow.h"
-#include "utils/sflsq.h"
+#include "appid_utils/sf_multi_mpse.h"
#define MAX_USERNAME_SIZE 64
#define MAX_URL_SIZE 65535
// ips_appid_option.cc author: davis mcpherson <davmcphe@cisco.com>
-#include <algorithm> // std::mismatch
-#include <vector> // std::vector
-#include <utility> // std::pair
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "app_info_table.h"
-
-#include "main/snort_debug.h"
+#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
-#include "detection/detect.h"
-#include "detection/detection_defines.h"
#include "hash/sfhashfcn.h"
-#include "log/messages.h"
#include "profiler/profiler.h"
-#include "stream/stream.h"
+#include "protocols/packet.h"
#include "utils/util.h"
+#include "app_info_table.h"
+
//-------------------------------------------------------------------------
// appid option
//-------------------------------------------------------------------------
// length_app_cache.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "length_app_cache.h"
#include "hash/sfxhash.h"
#include "log/messages.h"
-#include "appid_config.h"
#include "application_ids.h"
#define HASH_NUM_ROWS (1024)
#ifndef LENGTH_APP_CACHE_H
#define LENGTH_APP_CACHE_H
-#include "appid_api.h"
+#include "flow/flow.h"
#define LENGTH_SEQUENCE_CNT_MAX (5)
// lua_detector_api.cc author Sourcefire Inc.
-#include "lua_detector_api.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <cstring>
+#include "lua_detector_api.h"
-#include <pcre.h>
#include <lua.hpp>
+#include <pcre.h>
#include "hash/sfxhash.h"
#include "log/messages.h"
#include "main/snort_debug.h"
#include "profiler/profiler.h"
-#include "protocols/protocol_ids.h"
-#include "sfip/sf_ip.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
-#include "appid_module.h"
#include "app_forecast.h"
#include "app_info_table.h"
+#include "appid_module.h"
+#include "client_plugins/client_app_base.h"
+#include "detector_plugins/detector_dns.h"
+#include "detector_plugins/detector_http.h"
+#include "detector_plugins/detector_pattern.h"
#include "host_port_app_cache.h"
-#include "http_common.h"
#include "lua_detector_flow_api.h"
#include "lua_detector_module.h"
#include "lua_detector_util.h"
#include "service_plugins/service_base.h"
-#include "service_plugins/service_ssl.h"
-#include "client_plugins/client_app_base.h"
-#include "detector_plugins/detector_dns.h"
-#include "detector_plugins/detector_http.h"
-#include "detector_plugins/detector_pattern.h"
#define DETECTOR "Detector"
#define OVECCOUNT 30 /* should be a multiple of 3 */
// This module supports basic API towards Lua detectors.
-#include <cstdint>
-#include <string>
-
#include "client_plugins/client_app_api.h"
#include "service_plugins/service_api.h"
// lua_detector_flow_api.cc author Sourcefire Inc.
-#include "lua_detector_flow_api.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <lua.hpp>
+#include "lua_detector_flow_api.h"
#include "appid_api.h"
-#include "log/messages.h"
#include "lua_detector_api.h"
-#include "lua_detector_util.h"
#include "lua_detector_module.h"
-#include "main/snort_debug.h"
-#include "sfip/sf_ip.h"
+#include "lua_detector_util.h"
/* Lua flag bit/index to C flag value (0 for invalid). */
static const uint64_t FLAGS_TABLE_LUA_TO_C[32]
// supporting Lua detectors in core engine.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "lua_detector_module.h"
-#include <algorithm>
#include <glob.h>
#include <libgen.h>
-#include <lua.hpp>
-#include <libgen.h>
-#include "appid_config.h"
-#include "client_plugins/client_app_base.h"
-#include "service_plugins/service_base.h"
#include "log/messages.h"
#include "lua/lua.h"
-#include "lua_detector_util.h"
+#include "main/snort_debug.h"
+
+#include "appid_config.h"
+#include "client_plugins/client_app_base.h"
#include "lua_detector_api.h"
#include "lua_detector_flow_api.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "lua_detector_util.h"
+#include "service_plugins/service_base.h"
#define MAX_LUA_DETECTOR_FILENAME_LEN 1024
#define MAX_DEFAULT_NUM_LUA_TRACKERS 10000
#ifndef LUA_DETECTOR_MODULE_H
#define LUA_DETECTOR_MODULE_H
+#include <cstdint>
#include <list>
-#include "main/thread.h"
-#include "utils/sflsq.h"
-
class AppIdConfig;
class Detector;
struct DetectorFlow;
// encapsulate Lua interface boilerplate to get sane, identical behavior across users
-#include <cassert>
-
#include <lua.hpp>
+#include <cassert>
+
template<typename T>
struct UserData
{
// dcerpc.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dcerpc.h"
-#include <netinet/in.h>
+#include <arpa/inet.h>
#define min(x,y) ((x)<(y) ? (x) : (y))
#ifndef DCERPC_H
#define DCERPC_H
-#include <stdint.h>
+#include <cstdint>
int dcerpc_validate(const uint8_t* data, int size);
// service_base.cc author Ron Dempster <Ron.Dempster@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_base.h"
-#include <vector>
#include <algorithm>
-#include <limits.h>
+
+#include "log/messages.h"
+#include "main/snort_debug.h"
+#include "protocols/packet.h"
+#include "search_engines/search_tool.h"
#include "app_info_table.h"
+#include "appid_config.h"
+#include "appid_utils/ip_funcs.h"
+#include "detector_plugins/detector_dns.h"
+#include "detector_plugins/detector_pattern.h"
+#include "detector_plugins/detector_sip.h"
+#include "lua_detector_api.h"
+
#include "service_api.h"
#include "service_battle_field.h"
#include "service_bgp.h"
#include "service_ssl.h"
#include "service_telnet.h"
#include "service_tftp.h"
-#include "appid_session.h"
-#include "appid_config.h"
-#include "lua_detector_api.h"
-#include "lua_detector_module.h"
-#include "appid_utils/ip_funcs.h"
-#include "detector_plugins/detector_dns.h"
-#include "detector_plugins/detector_pattern.h"
-#include "detector_plugins/detector_sip.h"
-
-#include "log/messages.h"
-#include "main/snort_debug.h"
-#include "search_engines/search_tool.h"
-#include "utils/util.h"
-#include "sfip/sf_ip.h"
//#define SERVICE_DEBUG 1
//#define SERVICE_DEBUG_PORT 80
#ifndef SERVICE_BASE_H
#define SERVICE_BASE_H
-#include <cstdint>
-
#include "appid_api.h"
#include "appid_session.h"
#include "service_api.h"
-#include "sfip/sf_ip.h"
class AppIdConfig;
class AppIdSession;
// service_battle_field.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_battle_field.h"
-#include "appid_module.h"
-#include "application_ids.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
+
+#include "appid_module.h"
enum CONNECTION_STATES
{
// service_bgp.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_bgp.h"
-#include "appid_module.h"
-#include "application_ids.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
+
+#include "appid_module.h"
static const unsigned BGP_PORT = 179;
// service_bit.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "main/snort_debug.h"
-#include "application_ids.h"
-#include "service_api.h"
#include "appid_module.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "service_api.h"
static const char svc_name[] = "bt";
static const uint8_t BIT_BANNER[] = "\023BitTorrent protocol";
// service_bootp.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_bootp.h"
+
#include "main/snort_debug.h"
#include "protocols/eth.h"
+#include "protocols/packet.h"
+
#include "app_info_table.h"
-#include "application_ids.h"
#include "appid_module.h"
#define DHCP_MAGIC_COOKIE 0x63825363
// Service detector configuration
-#include <cstdint>
-
#include "service_api.h"
#define RNA_SERVICE_MAX_PORT 65536
// service_dcerpc.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_dcerpc.h"
-#include "appid_module.h"
-#include "application_ids.h"
-#include "dcerpc.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
+
+#include "appid_module.h"
+
+#include "dcerpc.h"
#define DCERPC_THRESHOLD 3
// service_direct_connect.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_direct_connect.h"
-#include "application_ids.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
#include "appid_module.h"
// service_flap.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_flap.h"
-#include "application_ids.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
#define FLAP_PORT 5190
// service_ftp.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_ftp.h"
#include "main/snort_debug.h"
-#include "sfip/sf_ip.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
#include "app_info_table.h"
-#include "appid_api.h"
-#include "appid_session.h"
-#include "application_ids.h"
+#include "appid_module.h"
+
#include "service_base.h"
#include "service_util.h"
-#include "appid_module.h"
#define FTP_PORT 21
// service_irc.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_irc.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
-#include "appid_session.h"
-#include "application_ids.h"
#include "appid_module.h"
#define IRC_COUNT_THRESHOLD 10
// service_lpr.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "main/snort_debug.h"
-#include "utils/util.h"
#include "appid_module.h"
-#include "application_ids.h"
-#include "appid_session.h"
-#include "app_info_table.h"
+
#include "service_api.h"
#define LPR_COUNT_THRESHOLD 2
// service_mdns.cc author Sourcefire Inc.
-#include "service_mdns.h"
-
-#include "appid_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "appid_config.h"
-#include "app_info_table.h"
-#include "appid_session.h"
-#include "http_common.h"
-#include "lua_detector_api.h"
-#include "service_api.h"
-#include "service_base.h"
-#include "service_ssl.h"
-#include "client_plugins/client_app_base.h"
-#include "detector_plugins/http_url_patterns.h"
-#include "detector_plugins/detector_http.h"
+#include "service_mdns.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
#include "search_engines/search_tool.h"
+#include "app_info_table.h"
+#include "appid_module.h"
+
#define MDNS_PORT 5353
#define PATTERN_REFERENCE_PTR 3
#define PATTERN_STR_LOCAL_1 "\005local"
// service_mysql.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_mysql.h"
#include "main/snort_debug.h"
-#include "application_ids.h"
#include "app_info_table.h"
-#include "appid_session.h"
-
-#include "service_api.h"
#include "appid_module.h"
#pragma pack(1)
// service_netbios.cc author Sourcefire Inc.
-#include "service_netbios.h"
-
#ifdef HAVE_CONFIG_H
-#include "config.h" /* for WORDS_BIGENDIAN */
+#include "config.h"
#endif
-#include "log/messages.h"
+#include "service_netbios.h"
+
#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
-#include "appid_module.h"
#include "app_info_table.h"
-#include "appid_api.h"
-#include "appid_session.h"
-#include "application_ids.h"
+#include "appid_module.h"
+
#include "dcerpc.h"
-#include "service_api.h"
/*#define RNA_DEBUG_NETBIOS 1 */
// service_nntp.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_nntp.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
-#include "appid_session.h"
#include "appid_module.h"
-#include "application_ids.h"
-#include "service_api.h"
#define NNTP_PORT 119
// service_ntp.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_ntp.h"
#include "main/snort_debug.h"
-#include "appid_session.h"
#include "appid_module.h"
-#include "application_ids.h"
-#include "service_api.h"
#pragma pack(1)
// service_radius.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_radius.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
#include "app_info_table.h"
-#include "appid_session.h"
-#include "application_ids.h"
-#include "service_api.h"
#include "appid_module.h"
#define RADIUS_CODE_ACCESS_REQUEST 1
// service_rexec.cc author Sourcefire Inc.
-#include "service_rexec.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include <sys/types.h>
-#include <netinet/in.h>
+#include "service_rexec.h"
-#include "protocols/packet.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
-#include "appid_api.h"
#include "app_info_table.h"
-#include "appid_session.h"
#include "appid_module.h"
-#include "application_ids.h"
-#include "service_api.h"
+
#include "service_base.h"
#include "service_util.h"
// service_rfb.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_rfb.h"
-#include "service_api.h"
+#include "main/snort_debug.h"
+
#include "app_info_table.h"
-#include "application_ids.h"
#include "appid_module.h"
-#include "main/snort_debug.h"
+#include "service_api.h"
#define RFB_BANNER_SIZE 12
// service_rlogin.cc author Sourcefire Inc.
-#include "service_rlogin.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "service_api.h"
-#include "application_ids.h"
-#include "appid_module.h"
+#include "service_rlogin.h"
#include "main/snort_debug.h"
+#include "protocols/packet.h"
#include "protocols/tcp.h"
-#include "utils/util.h"
+
+#include "appid_module.h"
+
+#include "service_api.h"
#define RLOGIN_PASSWORD "Password: "
enum RLOGINState
// service_rpc.cc author Sourcefire Inc.
-#include "service_rpc.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "service_rpc.h"
+
#include <netdb.h>
#if defined(__FreeBSD__) || defined(__OpenBSD__)
#include <rpc/rpcent.h>
#endif
-#include "application_ids.h"
-#include "service_api.h"
-#include "app_info_table.h"
-#include "service_util.h"
-
-#include "log/messages.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
+
+#include "app_info_table.h"
#include "appid_module.h"
+#include "service_api.h"
+#include "service_util.h"
+
/*#define RNA_DEBUG_RPC 1 */
enum RPCState
// service_rshell.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_rshell.h"
-#include "application_ids.h"
-#include "service_api.h"
-#include "service_base.h"
-#include "service_util.h"
+#include "log/messages.h"
+#include "main/snort_debug.h"
+#include "protocols/packet.h"
+
#include "app_info_table.h"
#include "appid_module.h"
-#include "log/messages.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "service_base.h"
+#include "service_util.h"
#define RSHELL_PORT 514
#define RSHELL_MAX_PORT_PACKET 6
// service_rsync.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_rsync.h"
-#include "application_ids.h"
-#include "service_api.h"
+#include "main/snort_debug.h"
+
#include "app_info_table.h"
#include "appid_module.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
-
#define RSYNC_PORT 873
#define RSYNC_BANNER "@RSYNCD: "
// service_rtmp.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_rtmp.h"
-#include "application_ids.h"
-#include "service_api.h"
+#include "main/snort_debug.h"
+
#include "app_info_table.h"
#include "appid_module.h"
-#include "log/messages.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "service_api.h"
#define RTMP_PORT 1935
// service_snmp.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_snmp.h"
#include "log/messages.h"
-#include "utils/util.h"
+#include "main/snort_debug.h"
+#include "protocols/packet.h"
-#include "appid_api.h"
-#include "appid_module.h"
#include "app_info_table.h"
+#include "appid_module.h"
+
#include "service_base.h"
#include "service_util.h"
-#include "application_ids.h"
#define SNMP_PORT 161
// service_ssh.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_ssh.h"
-#include "app_info_table.h"
-#include "service_base.h"
-#include "application_ids.h"
-#include "utils/util.h"
+#include "main/snort_debug.h"
+
+#include "app_info_table.h"
#include "appid_module.h"
+#include "service_base.h"
+
#define SSH_PORT 22
#define SSH_BANNER "SSH-"
// service_ssl.cc author Sourcefire Inc.
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include <mutex>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <openssl/x509.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "appid_module.h"
-#include "app_info_table.h"
-#include "appid_session.h"
-#include "service_config.h"
-#include "service_base.h"
#include "service_ssl.h"
+#include <openssl/x509.h>
+
+#include <mutex>
+
#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
+
+#include "app_info_table.h"
+#include "appid_module.h"
#define SSL_PORT 443
// service_telnet.cc author Sourcefire Inc.
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include <sys/types.h>
-#include <netinet/in.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include "main/snort_debug.h"
-#include "utils/util.h"
-#include "appid_session.h"
-#include "application_ids.h"
-#include "service_api.h"
#include "appid_module.h"
+#include "service_api.h"
+
#define TELNET_COUNT_THRESHOLD 3
#define TELNET_IAC 255
// service_tftp.cc author Sourcefire Inc.
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include <sys/types.h>
-#include <netinet/in.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "main/snort_debug.h"
#include "log/messages.h"
-#include "target_based/snort_protocols.h"
-#include "utils/util.h"
+#include "main/snort_debug.h"
+#include "protocols/packet.h"
#include "app_info_table.h"
-#include "appid_api.h"
-#include "appid_session.h"
#include "appid_module.h"
-#include "application_ids.h"
-#include "service_api.h"
+
#include "service_base.h"
#include "service_util.h"
// service_timbuktu.cc author Sourcefire Inc.
-#include "appid_module.h"
-#include "appid_session.h"
-#include "application_ids.h"
-#include "service_api.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include "main/snort_debug.h"
-#include "utils/util.h"
+
+#include "appid_module.h"
+
+#include "service_api.h"
static const char svc_name[] = "timbuktu";
static char TIMBUKTU_BANNER[] = "\001\001";
// service_tns.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "main/snort_debug.h"
+
#include "app_info_table.h"
-#include "appid_session.h"
#include "appid_module.h"
-#include "application_ids.h"
-#include "service_api.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
+#include "service_api.h"
static const char svc_name[] = "oracle";
static const uint8_t TNS_BANNER[] = "\000\000";
#ifndef SERVICE_UTIL_H
#define SERVICE_UTIL_H
-#include <stdint.h>
-#include <string.h>
#include <mutex>
#include "main/snort_config.h"
// service_rsync_test.cc author Steve Chew <stechew@cisco.com>
// unit test for service_rsync
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "network_inspectors/appid/service_plugins/service_rsync.cc"
#include <CppUTest/CommandLineTestRunner.h>
// service_state.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_state.h"
#include <map>
#include "log/messages.h"
-#include "service_plugins/service_base.h"
-#include "sfip/sf_ip.h"
-#include "utils/util.h"
+#include "utils/cpp_macros.h"
+
+#include "service_plugins/service_api.h"
//#define DEBUG_SERVICE_STATE 1
// appid_http_event_test.cc author Steve Chew <stechew@cisco.com>
// unit test for the http inspection event handler.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
// Must be included before CppUTest files to avoid compiler error.
#include "network_inspectors/appid/appid_http_event_handler.cc"
#ifndef THIRDPARTY_APPID_API_H
#define THIRDPARTY_APPID_API_H
-#include "protocols/packet.h"
-
-#include "appid_api.h"
#include "thirdparty_appid_types.h"
+struct Packet;
+
#define THIRD_PARTY_APP_ID_API_VERSION 1
#define TP_PATH_MAX 4096
#ifndef THIRDPARTY_APPID_TYPES_H
#define THIRDPARTY_APPID_TYPES_H
-#include <stdint.h>
#include "http_common.h"
#define TP_SESSION_FLAG_DPI 0x00000001
// thirdparty_appid_utils.cc author Sourcefire Inc.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "thirdparty_appid_utils.h"
#include <dlfcn.h>
-#include "main/snort_debug.h"
#include "log/messages.h"
+#include "main/snort_debug.h"
+
#include "appid_config.h"
#include "thirdparty_appid_api.h"
// arp_module.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "arp_module.h"
#define ARPSPOOF_UNICAST_ARP_REQUEST_STR \
#ifndef ARP_SPOOF_MODULE_H
#define ARP_SPOOF_MODULE_H
-#include <vector>
-
#include "framework/module.h"
-#include "main/thread.h"
#define MOD_NAME "arp_spoof"
#define MOD_HELP "detect ARP attacks and anomalies"
*/
/* I N C L U D E S ************************************************/
-#include "arp_module.h"
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <sys/types.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/detect.h"
-#include "events/event.h"
#include "events/event_queue.h"
-#include "parser/parser.h"
-#include "utils/util.h"
+#include "log/messages.h"
#include "profiler/profiler.h"
-#include "framework/inspector.h"
-#include "protocols/packet.h"
-#include "protocols/layer.h"
#include "protocols/arp.h"
#include "protocols/eth.h"
+#include "protocols/packet.h"
#include "sfip/sf_ip.h"
+#include "arp_module.h"
+
static const uint8_t bcast[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
THREAD_LOCAL ProfileStats arpPerfStats;
// bind_module.cc author Russ Combs <rucombs@cisco.com>
-#include "bind_module.h"
-
-#include <assert.h>
-#include <string.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
+#include "bind_module.h"
-#include "binding.h"
-#include "protocols/packet.h"
-#include "parser/parse_ip.h"
#include "log/messages.h"
-#include "main/policy.h"
-#include "main/snort_config.h"
#include "main/shell.h"
-#include "managers/module_manager.h"
-#include "parser/parser.h"
+#include "main/snort_config.h"
+#include "parser/parse_ip.h"
+#include "protocols/packet.h"
using namespace std;
// binder management interface
-#include <vector>
-
#include "framework/module.h"
-#include "main/thread.h"
#include "binding.h"
#define BIND_NAME "binder"
extern THREAD_LOCAL BindStats bstats;
extern THREAD_LOCAL ProfileStats bindPerfStats;
-struct Binding;
class BinderModule : public Module
{
//--------------------------------------------------------------------------
// binder.cc author Russ Combs <rucombs@cisco.com>
-#include "binder.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <vector>
+#include "binder.h"
-#include "binding.h"
-#include "bind_module.h"
#include "flow/flow.h"
-#include "flow/session.h"
-#include "framework/inspector.h"
+#include "flow/flow_key.h"
+#include "log/messages.h"
+#include "main/snort_config.h"
#include "managers/inspector_manager.h"
-#include "managers/plugin_manager.h"
+#include "profiler/profiler.h"
#include "protocols/packet.h"
-#include "protocols/vlan.h"
-#include "protocols/layer.h"
+#include "stream/stream.h"
#include "stream/stream_splitter.h"
-#include "profiler/profiler.h"
-#include "utils/stats.h"
-#include "log/messages.h"
-#include "main/snort_config.h"
-#include "main/policy.h"
-#include "parser/parser.h"
-#include "target_based/sftarget_data.h"
-#include "target_based/snort_protocols.h"
#include "target_based/sftarget_reader.h"
-#include "packet_io/active.h"
+#include "target_based/snort_protocols.h"
+
+#include "bind_module.h"
+#include "binding.h"
using namespace std;
// binder_test.cc author Ed Borgoyn <eborgoyn@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "network_inspectors/binder/binder.cc"
#include "network_inspectors/binder/bind_module.h"
#include "config.h"
#endif
-#include "framework/inspector.h"
#include "managers/plugin_manager.h"
extern const BaseApi* nin_binder;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "norm.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string.h>
+#include "norm.h"
#include "main/snort_config.h"
#include "packet_io/sfdaq.h"
-#include "protocols/ipv4.h"
+#include "protocols/icmp4.h"
+#include "protocols/icmp6.h"
#include "protocols/ipv4_options.h"
#include "protocols/tcp.h"
#include "protocols/tcp_options.h"
-#include "protocols/icmp4.h"
-#include "protocols/icmp6.h"
#include "stream/tcp/tcp_normalizer.h"
-#include "utils/stats.h"
enum PegCounts
{
#ifndef NORM_H
#define NORM_H
-#include "normalize.h"
#include "protocols/packet_manager.h"
+#include "normalize.h"
struct NormalizerConfig;
struct Packet;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "norm_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string.h>
-#include <string>
-#include <sstream>
-#include <vector>
+#include "norm_module.h"
+#include "main/policy.h"
#include "stream/tcp/tcp_normalizer.h"
using namespace std;
#ifndef NORM_MODULE_H
#define NORM_MODULE_H
-#include <string>
-#include <vector>
-
#include "framework/module.h"
#include "norm.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "normalize.h"
-#include "norm.h"
-#include "norm_module.h"
+#include "log/messages.h"
+#include "main/policy.h"
#include "packet_io/active.h"
#include "packet_io/sfdaq.h"
-#include "parser/parser.h"
#include "profiler/profiler.h"
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "framework/inspector.h"
-#include "flow/flow.h"
+
+#include "norm_module.h"
THREAD_LOCAL ProfileStats norm_perf_stats;
static THREAD_LOCAL uint32_t t_flags = 0;
#ifndef NORMALIZE_H
#define NORMALIZE_H
-#include <cstdint>
-#include <stdint.h>
-
-#include "main/policy.h"
#include "framework/counts.h"
// these control protocol specific normalizations
// capture_module.cc author Carter Waxman <cwaxman@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "capture_module.h"
#include <lua.hpp>
-#include "packet_capture.h"
#include "profiler/profiler.h"
-#include "utils/util.h"
+
+#include "packet_capture.h"
using namespace std;
#include <pcap.h>
#include <sfbpf.h>
-#include <string>
#include "framework/inspector.h"
#include "log/messages.h"
-#include "main/snort_config.h"
-#include "main/thread.h"
#include "protocols/packet.h"
-#include "utils/util.h"
#ifdef UNIT_TEST
#include "catch/catch.hpp"
#endif
+#include "capture_module.h"
+
using namespace std;
#define FILE_NAME "packet_capture.pcap"
#ifndef PACKET_CAPTURE_H
#define PACKET_CAPTURE_H
-#include "capture_module.h"
+#include <string>
void packet_capture_enable(std::string);
void packet_capture_disable();
// base_tracker.cc author Carter Waxman <cwaxman@cisco.com>
-#include "base_tracker.h" // FIXIT-W Returning null reference (from <vector>)
-#include "perf_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "framework/module.h"
+#include "base_tracker.h" // FIXIT-W Returning null reference (from <vector>)
#ifdef UNIT_TEST
#include "catch/catch.hpp"
// cpu_tracker.cc author Carter Waxman <cwaxman@cisco.com>
-#include "cpu_tracker.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "utils/stats.h"
-#include "utils/util.h"
+#include "cpu_tracker.h"
#include <sys/resource.h>
+#include <sys/time.h>
#ifdef __APPLE__
#include <mach/mach_host.h>
#include <mach/thread_act.h>
#endif
-#define CPU_FILE (PERF_NAME "_cpu.csv")
-
#ifdef UNIT_TEST
#include "catch/catch.hpp"
#endif
+#define CPU_FILE (PERF_NAME "_cpu.csv")
+
static inline uint64_t get_microseconds(struct timeval t)
{
return (uint64_t)t.tv_sec * 1000000 + t.tv_usec;
#ifndef CPU_TRACKER_H
#define CPU_TRACKER_H
-#include "perf_module.h"
#include "perf_tracker.h"
-#include <sys/time.h>
-
class CPUTracker : public PerfTracker
{
public:
// csv_formatter.cc author Carter Waxman <cwaxman@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "csv_formatter.h"
#include <sstream>
// flow_ip_tracker.cc author Carter Waxman <cwaxman@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "flow_ip_tracker.h"
#include "log/messages.h"
-#include "sfip/sf_ip.h"
-#include "utils/util.h"
-#include "utils/util_net.h"
-
-#include "perf_module.h"
+#include "protocols/packet.h"
#define FLIP_FILE (PERF_NAME "_flow_ip.csv")
// flow_tracker.cc author Carter Waxman <cwaxman@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "flow_tracker.h"
-#include "perf_module.h"
#include "protocols/icmp4.h"
+#include "protocols/packet.h"
#include "protocols/tcp.h"
#include "protocols/udp.h"
-#include "utils/util.h"
#ifdef UNIT_TEST
#include "catch/catch.hpp"
// perf_formatter.cc author Carter Waxman <cwaxman@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "perf_formatter.h"
using namespace std;
// ouput open.
//
-#include <framework/counts.h>
-
#include <string>
#include <vector>
+#include "framework/counts.h"
+
union FormatterValue
{
PegCount* pc;
// perf_module.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "perf_module.h"
#include "managers/module_manager.h"
-#include "managers/plugin_manager.h"
-#include "utils/util.h"
//-------------------------------------------------------------------------
// perf attributes
#include "config.h"
#endif
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-#include <unistd.h>
-
-#include <string>
-
#include "perf_monitor.h"
-#include "perf_module.h"
#include "log/messages.h"
-#include "main/snort_config.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "parser/parser.h"
-#include "packet_io/sfdaq.h"
#include "profiler/profiler.h"
-#include "framework/inspector.h"
-#include "utils/stats.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
#include "base_tracker.h"
#include "cpu_tracker.h"
-#include "flow_tracker.h"
#include "flow_ip_tracker.h"
+#include "flow_tracker.h"
#ifdef UNIT_TEST
#include "catch/catch.hpp"
// These are the basic functions and structures that are needed to call
// performance functions.
-#include <vector>
#include "perf_module.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "main/thread.h"
-#include "protocols/packet.h"
+
+struct Packet;
extern PerfConfig* perfmon_config; // FIXIT-M shouldn't be needed externally
extern THREAD_LOCAL bool perfmon_rotate_perf_file;
// perf_tracker.cc author Carter Waxman <cwaxman@cisco.com>
-#include <sys/stat.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include "perf_tracker.h"
-#include "csv_formatter.h"
-#include "perf_module.h"
-#include "text_formatter.h"
+#include <limits.h>
+#include <sys/stat.h>
#include "log/messages.h"
#include "main/snort_config.h"
-#include "main/thread.h"
-#include "parser/parser.h"
#include "utils/util.h"
+#include "csv_formatter.h"
+#include "text_formatter.h"
+
static inline bool check_file_size(FILE* fh, uint64_t max_file_size)
{
int fd;
// text_formatter.cc author Carter Waxman <cwaxman@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "text_formatter.h"
#include <sstream>
objects, and collections of IP ADDRESSes as objects
*/
-#include "ipobj.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
+#include "ipobj.h"
#include "protocols/packet.h"
#include "utils/util.h"
-#include "utils/snort_bounds.h"
-#include "sfip/sf_ip.h"
/*
IP COLLECTION INTERFACE
#ifndef IPOBJ_H
#define IPOBJ_H
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "utils/sflsq.h"
#include "sfip/sf_cidr.h"
+#include "utils/sflsq.h"
struct PORTRANGE
{
#include "config.h"
#endif
-#include <assert.h>
-#include <sys/types.h>
-#include <errno.h>
-
-#include <string>
-
-#include "ps_detect.h"
-#include "ps_inspect.h"
-#include "ps_module.h"
-
-#include "ipobj.h"
-#include "log/messages.h"
-#include "main/snort_config.h"
-#include "managers/inspector_manager.h"
-#include "protocols/packet_manager.h"
-#include "protocols/packet.h"
+#include "detection/detect.h"
#include "events/event.h"
#include "events/event_wrapper.h"
#include "filters/sfthreshold.h"
-#include "utils/util.h"
-#include "utils/sfsnprintfappend.h"
-#include "framework/inspector.h"
+#include "log/messages.h"
+#include "managers/inspector_manager.h"
#include "profiler/profiler.h"
-#include "time/packet_time.h"
-#include "detection/detect.h"
+#include "protocols/packet_manager.h"
+#include "utils/sfsnprintfappend.h"
+#include "utils/util.h"
+
+#include "ps_inspect.h"
+#include "ps_module.h"
#define PROTO_BUFFER_SIZE 256
** on hosts that are portscanned. This idea makes portscan a lot more
** useful for analysts.
*/
-#include "ps_detect.h"
-#include "ps_inspect.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
+#include "ps_detect.h"
-#include "ipobj.h"
+#include "hash/sfxhash.h"
#include "log/messages.h"
-#include "main/snort_config.h"
+#include "protocols/icmp4.h"
#include "protocols/packet.h"
-#include "time/packet_time.h"
-#include "hash/sfxhash.h"
#include "protocols/tcp.h"
-#include "protocols/udp.h"
-#include "protocols/icmp4.h"
-#include "protocols/icmp6.h"
-#include "protocols/eth.h"
-#include "sfip/sf_ip.h"
#include "stream/stream.h"
+#include "time/packet_time.h"
+#include "utils/cpp_macros.h"
+
+#include "ps_inspect.h"
PADDING_GUARD_BEGIN
typedef struct s_PS_HASH_KEY
#ifndef PS_DETECT_H
#define PS_DETECT_H
-#include <time.h>
#include <sys/time.h>
+#include <time.h>
-#include "ipobj.h"
#include "sfip/sf_ip.h"
+#include "ipobj.h"
#define PS_OPEN_PORTS 8
#ifndef PS_INSPECT_H
#define PS_INSPECT_H
-#include <time.h>
-#include <sys/time.h>
-
#include "framework/inspector.h"
#include "ps_detect.h"
// ps_module.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ps_module.h"
+#include <cassert>
+
//-------------------------------------------------------------------------
// port_scan tables
//-------------------------------------------------------------------------
#include "framework/module.h"
#include "ps_detect.h"
-#include "main/thread.h"
#define PS_NAME "port_scan"
#define PS_HELP "port scan inspector; also configure port_scan_global"
#ifndef REPUTATION_CONFIG_H
#define REPUTATION_CONFIG_H
-#include "main/snort_types.h"
-#include "sfrt/sfrt_flat.h"
-#include "main/snort_debug.h"
#include "framework/counts.h"
-#include "main/thread.h"
+#include "main/snort_debug.h"
+#include "sfrt/sfrt_flat.h"
#define NUM_INDEX_PER_ENTRY 4
// reputation_inspect.cc author Hui Cao <huica@cisco.com>
-#include "reputation_inspect.h"
-
-#include "reputation_module.h"
-#include "reputation_parse.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <sys/types.h>
+#include "reputation_inspect.h"
-#include "protocols/packet.h"
-#include "sfip/sf_ip.h"
+#include "detection/detect.h"
#include "events/event_queue.h"
#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "profiler/profiler.h"
-#include "file_api/file_api.h"
-#include "parser/parser.h"
-#include "framework/inspector.h"
-#include "utils/sfsnprintfappend.h"
-#include "target_based/snort_protocols.h"
-#include "detection/detect.h"
#include "packet_io/active.h"
+#include "profiler/profiler.h"
+
+#include "reputation_module.h"
THREAD_LOCAL ProfileStats reputationPerfStats;
ReputationStats reputationstats;
#ifndef REPUTATION_INSPECT_H
#define REPUTATION_INSPECT_H
-#include "protocols/packet.h"
+#include "flow/flow.h"
// Per-session data block containing current state
// of the Reputation preprocessor for the session.
// reputation_module.cc author Bhagya Tholpady <bbantwal@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "reputation_module.h"
-#include <assert.h>
-#include <sstream>
+#include <cassert>
#include "log/messages.h"
#include "utils/util.h"
// Interface to the REPUTATION network inspector
#include "framework/module.h"
-#include "framework/bits.h"
-#include "main/thread.h"
#include "reputation_config.h"
#define GID_REPUTATION 136
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
// reputation_parse.cc author Hui Cao <huica@cisco.com>
-//
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include "reputation_parse.h"
-#include <assert.h>
+#include <limits.h>
#include <netinet/in.h>
+#include <cassert>
#include <limits>
#include "log/messages.h"
-#include "main/snort_debug.h"
#include "parser/config_file.h"
#include "sfip/sf_cidr.h"
#include "utils/util.h"
#include "active.h"
#include "log/messages.h"
+#include "main/snort_config.h"
#include "managers/action_manager.h"
-#include "packet_io/sfdaq.h"
#include "protocols/tcp.h"
#include "stream/stream.h"
#include "utils/dnet_header.h"
+#include "sfdaq.h"
+
#define MAX_ATTEMPTS 20
// these can't be pkt flags because we do the handling
// manages packet processing verdicts returned to the DAQ. action (what to
// do) is separate from status (whether we can actually do it or not).
-#include "main/snort_config.h"
#include "protocols/packet_manager.h"
struct Packet;
+struct SnortConfig;
class SO_PUBLIC Active
{
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "intf.h"
#include <netinet/in.h>
#include <pcap.h>
-#include <stdio.h>
#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
#include "sfip/sf_ip.h"
//------------------------------------------------------------------------------
// sfdaq.cc author Michael Altizer <mialtize@cisco.com>
-#include "sfdaq.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string.h>
-
-#include <mutex>
-#include <ostream>
+#include "sfdaq.h"
extern "C" {
#include <daq.h>
#include <sfbpf_dlt.h>
}
+#include <mutex>
+
#include "log/messages.h"
#include "main/snort_config.h"
-#include "parser/parser.h"
#include "protocols/packet.h"
#include "protocols/vlan.h"
-#include "utils/util.h"
#include "sfdaq_config.h"
#ifndef SFDAQ_H
#define SFDAQ_H
-extern "C" {
#include <daq_common.h>
-}
#include <string>
// sfdaq_config.cc author Michael Altizer <mialtize@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "sfdaq_config.h"
using namespace std;
#include "sfdaq_module.h"
-#include <assert.h>
+#include <cassert>
#include "log/messages.h"
#include "main/snort_config.h"
// unit tests
// -----------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "catch/catch.hpp"
#include "catch/unit_test.h"
#include "main/snort_config.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "trough.h"
#include <dirent.h>
//--------------------------------------------------------------------------
// arg_list.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "arg_list.h"
-#include <string.h>
+#include <cstring>
void ArgList::dump()
{
//--------------------------------------------------------------------------
// cmd_line.cc author Russ Combs <rucombs@cisco.com>
-#include "cmd_line.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string>
+#include "cmd_line.h"
+#include "framework/module.h"
#include "log/messages.h"
#include "main/help.h"
-#include "main/snort_module.h"
#include "main/snort_config.h"
-#include "framework/module.h"
-#include "framework/parameter.h"
+#include "main/snort_module.h"
#include "packet_io/trough.h"
-#include "parser/arg_list.h"
-#include "parser/parser.h"
-#include "utils/util.h"
+
+#include "arg_list.h"
using namespace std;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "config_file.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-#include <string.h>
-#include <assert.h>
-#include <errno.h>
-#include <ctype.h>
-#include <unistd.h>
-#include <stdarg.h>
-#include <pcap.h>
+#include "config_file.h"
+
#include <grp.h>
#include <pwd.h>
#include <syslog.h>
-#include "parser.h"
-#include "cmd_line.h"
-#include "mstring.h"
-
#include "detection/detect.h"
#include "log/messages.h"
#include "main/snort.h"
#include "main/snort_config.h"
-#include "main/snort_types.h"
#include "main/snort_debug.h"
-#include "ips_options/ips_flowbits.h"
#include "managers/event_manager.h"
-#include "packet_io/sfdaq.h"
-#include "packet_io/sfdaq_config.h"
-#include "sfip/sf_ip.h"
#include "utils/dnet_header.h"
#include "utils/util.h"
+#include "mstring.h"
+
#define LOG_NONE "none"
#define LOG_DUMP "dump"
#define LOG_CODECS "codecs"
#ifndef CONFIG_FILE_H
#define CONFIG_FILE_H
-#include "main/snort_types.h"
-#include "main/policy.h"
-
struct SnortConfig;
const char* get_snort_conf();
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "mstring.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <sys/types.h>
+#include "mstring.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/detection_util.h"
#include "utils/util.h"
static char* mSplitAddTok(const char*, const int, const char*, const char);
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "parse_conf.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <sys/types.h>
+#include "parse_conf.h"
+
#include <sys/stat.h>
-#include <stdlib.h>
-#include <string.h>
-#include <assert.h>
-#include <errno.h>
-#include <ctype.h>
-#include <unistd.h>
-#include <stdarg.h>
-#include <pcap.h>
-#include <grp.h>
-#include <pwd.h>
-#include <fnmatch.h>
-#include <stack>
-#include <string>
#include <fstream>
-#include <sstream>
-
-#include "parser.h"
-#include "parse_stream.h"
-#include "cmd_line.h"
-#include "parse_rule.h"
-#include "config_file.h"
-#include "vars.h"
+#include <stack>
-#include "actions/actions.h"
-#include "detection/rules.h"
-#include "detection/treenodes.h"
-#include "detection/signature.h"
-#include "main/snort_debug.h"
-#include "main/snort_config.h"
-#include "utils/util.h"
-#include "hash/sfghash.h"
-#include "sfip/sf_ip.h"
-#include "sfip/sf_vartable.h"
-#include "packet_io/active.h"
-#include "file_api/file_config.h"
-#include "framework/ips_option.h"
#include "log/messages.h"
+#include "main/snort_config.h"
#include "managers/action_manager.h"
-#include "actions/actions.h"
+#include "sfip/sf_vartable.h"
#include "target_based/snort_protocols.h"
+#include "utils/util.h"
+
+#include "config_file.h"
+#include "parser.h"
+#include "parse_stream.h"
+#include "vars.h"
struct Location
{
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "parse_ip.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <errno.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <netdb.h>
-#include <ctype.h>
-#include <sys/types.h>
+#include "parse_ip.h"
-#include "parser.h"
#include "log/messages.h"
+#include "main/policy.h"
#include "main/snort_debug.h"
-#include "sfip/sf_vartable.h"
#include "sfip/sf_ipvar.h"
+#include "sfip/sf_vartable.h"
#include "utils/util.h"
sfip_var_t* sfip_var_from_string(const char* addr)
#ifndef PARSE_IP_H
#define PARSE_IP_H
-#include <sys/types.h>
-#include "main/snort_types.h"
-
struct sfip_var_t;
sfip_var_t* sfip_var_from_string(const char*);
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "parse_ports.h"
-#include "protocols/packet.h"
-#include "ports/port_table.h"
+
#include "main/snort_debug.h"
-#include "utils/snort_bounds.h"
+#include "protocols/packet.h"
#include "utils/util.h"
static int POParserInit(POParser* pop, const char* s, PortVarTable* pvTable)
#define PARSE_PORTS_H
#include "ports/port_var_table.h"
-#include "utils/sflsq.h"
//-------------------------------------------------------------------------
// parser
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "parse_rule.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-#include <string.h>
-#include <assert.h>
-#include <errno.h>
-#include <ctype.h>
-#include <unistd.h>
-#include <stdarg.h>
-#include <pcap.h>
-#include <grp.h>
-#include <pwd.h>
-#include <fnmatch.h>
-
-#include "parser.h"
-#include "cmd_line.h"
-#include "config_file.h"
-#include "parse_conf.h"
-#include "parse_ports.h"
+#include "parse_rule.h"
-#include "detection/rules.h"
-#include "detection/treenodes.h"
#include "detection/detect.h"
-#include "detection/tag.h"
-#include "detection/signature.h"
#include "detection/fp_config.h"
-#include "detection/fp_create.h"
#include "detection/fp_utils.h"
-#include "detection/pattern_match_data.h"
-#include "detection/sfrim.h"
-#include "main/snort_debug.h"
+#include "detection/treenodes.h"
+#include "framework/decode_data.h"
+#include "log/messages.h"
#include "main/snort_config.h"
+#include "main/snort_debug.h"
#include "main/thread_config.h"
-#include "ports/port_object.h"
-#include "ports/rule_port_tables.h"
-#include "protocols/packet.h"
-#include "filters/sfthreshold.h"
-#include "filters/sfthd.h"
-#include "hash/sfghash.h"
-#include "sfip/sf_vartable.h"
-#include "sfip/sf_ip.h"
-#include "sfip/sf_ipvar.h"
-#include "utils/sflsq.h"
-#include "utils/util.h"
-#include "filters/rate_filter.h"
-#include "filters/detection_filter.h"
-#include "packet_io/active.h"
-#include "file_api/file_config.h"
-#include "framework/ips_option.h"
-#include "log/messages.h"
#include "managers/ips_manager.h"
#include "managers/so_manager.h"
+#include "ports/rule_port_tables.h"
+#include "sfip/sf_ipvar.h"
+#include "sfip/sf_vartable.h"
#include "target_based/snort_protocols.h"
+#include "utils/util.h"
+
+#include "parser.h"
+#include "parse_conf.h"
+#include "parse_ports.h"
#define SRC 0
#define DST 1
//--------------------------------------------------------------------------
// parse_stream.cc author Russ Combs <rucombs@cisco.com>
-#include "parse_stream.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
+#include "parse_stream.h"
-#include <istream>
#include <sstream>
-#include <string>
+
+#include "log/messages.h"
+#include "managers/ips_manager.h"
#include "parser.h"
#include "parse_conf.h"
#include "parse_rule.h"
-#include "detection/treenodes.h"
-#include "log/messages.h"
-#include "managers/ips_manager.h"
using namespace std;
//--------------------------------------------------------------------------
// parse_uitls.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "parse_utils.h"
-#include <assert.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
+#include <cassert>
-#include "parser.h"
#include "log/messages.h"
#include "utils/util.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "parser.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-#include <string.h>
-#include <assert.h>
-#include <errno.h>
-#include <ctype.h>
-#include <unistd.h>
-#include <stdarg.h>
+#include "parser.h"
+
#include <pcap.h>
-#include <grp.h>
-#include <pwd.h>
-#include <fnmatch.h>
+#include <cassert>
#include <iostream>
-#include <string>
-
-#include "cmd_line.h"
-#include "mstring.h"
-#include "config_file.h"
-#include "parse_conf.h"
-#include "parse_rule.h"
-#include "parse_stream.h"
-#include "vars.h"
-#include "utils/util.h"
-#include "utils/sflsq.h"
-#include "ports/port_object.h"
-#include "ports/port_table.h"
-#include "ports/port_utils.h"
-#include "ports/rule_port_tables.h"
-#include "main/snort_config.h"
-#include "main/shell.h"
-#include "main/snort_debug.h"
-#include "detection/signature.h"
-#include "detection/treenodes.h"
-#include "detection/rules.h"
-#include "detection/detect.h"
#include "detection/fp_config.h"
-#include "detection/tag.h"
#include "detection/sfrim.h"
-#include "protocols/packet.h"
-#include "filters/sfthreshold.h"
-#include "filters/sfthd.h"
-#include "filters/rate_filter.h"
#include "filters/detection_filter.h"
-#include "hash/sfghash.h"
-#include "sfip/sf_vartable.h"
-#include "sfip/sf_ip.h"
-#include "sfip/sf_ipvar.h"
-#include "packet_io/active.h"
-#include "file_api/file_config.h"
-#include "actions/actions.h"
+#include "filters/rate_filter.h"
+#include "filters/sfthreshold.h"
#include "log/messages.h"
+#include "main/shell.h"
+#include "main/snort_config.h"
#include "managers/event_manager.h"
#include "managers/module_manager.h"
+#include "ports/port_object.h"
+#include "ports/port_table.h"
+#include "ports/rule_port_tables.h"
+#include "sfip/sf_ipvar.h"
#include "target_based/snort_protocols.h"
+#include "utils/util.h"
+
+#include "config_file.h"
+#include "mstring.h"
+#include "parse_conf.h"
+#include "parse_rule.h"
+#include "parse_stream.h"
+#include "vars.h"
static struct rule_index_map_t* ruleIndexMap = nullptr;
#ifndef PARSER_H
#define PARSER_H
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <stdio.h>
-
#include "detection/rules.h"
-#include "detection/sfrim.h"
#include "detection/treenodes.h"
#include "main/policy.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "vars.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-#include <string.h>
-#include <assert.h>
-#include <errno.h>
-#include <ctype.h>
-#include <unistd.h>
-#include <stdarg.h>
-#include <pcap.h>
-#include <grp.h>
-#include <pwd.h>
-#include <fnmatch.h>
-
-#include "config_file.h"
-#include "parser/parser.h"
-#include "cmd_line.h"
-#include "parse_ports.h"
+#include "vars.h"
#include "log/messages.h"
-#include "main/snort_debug.h"
#include "main/snort_config.h"
-#include "detection/rules.h"
-#include "detection/treenodes.h"
-#include "detection/detect.h"
-#include "detection/tag.h"
-#include "detection/signature.h"
-#include "detection/sfrim.h"
-#include "utils/util.h"
-#include "utils/sflsq.h"
-#include "ports/port_object.h"
-#include "protocols/packet.h"
-#include "filters/sfthreshold.h"
-#include "filters/sfthd.h"
-#include "filters/rate_filter.h"
-#include "filters/detection_filter.h"
-#include "hash/sfghash.h"
-#include "sfip/sf_vartable.h"
-#include "sfip/sf_ip.h"
+#include "main/snort_debug.h"
#include "sfip/sf_ipvar.h"
-#include "packet_io/active.h"
-#include "file_api/file_config.h"
-#include "framework/ips_option.h"
+#include "utils/util.h"
+
+#include "parse_ports.h"
#ifdef UNIT_TEST
#include "catch/catch.hpp"
#ifndef VARS_H
#define VARS_H
-#include "main/snort_types.h"
+#include <cstdint>
+
#include "sfip/sf_vartable.h"
struct SnortConfig;
//--------------------------------------------------------------------------
// piglet.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "piglet.h"
#include <iostream>
#include <chrono>
#include "main/snort_config.h"
-#include "piglet_manager.h"
+
#include "piglet_output.h"
#include "piglet_runner.h"
-#include "piglet_utils.h"
namespace Piglet
{
// Piglet plugin API
#include <string>
-#include <utility>
#include "framework/base_api.h"
#include "log/messages.h"
//--------------------------------------------------------------------------
// piglet_manager.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "piglet_manager.h"
-#include <map>
-#include <string>
-#include <vector>
-#include <assert.h>
+#include <cassert>
#include "log/messages.h"
#include "main/snort_config.h"
#include "managers/module_manager.h"
#include "managers/plugin_manager.h"
-#include "piglet_utils.h"
+
#include "piglet_api.h"
+#include "piglet_utils.h"
#define PLUGIN_KEY_SEP "::"
//--------------------------------------------------------------------------
// piglet_output.cc author Joel Cornett <jocornet@cisco.com>
-#include "piglet_output.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <iostream>
-#include <string>
-#include <sstream>
-#include <vector>
-#include <stdio.h>
+#include "piglet_output.h"
#include "piglet_runner.h"
#include "piglet_utils.h"
//--------------------------------------------------------------------------
// piglet_runner.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "piglet_runner.h"
-#include <string>
-#include <assert.h>
-#include <lua.hpp>
+#include <cassert>
+#include "lua/lua.h"
#include "lua/lua_table.h"
#include "lua/lua_util.h"
+
#include "piglet_api.h"
#include "piglet_manager.h"
#include "piglet_output.h"
//--------------------------------------------------------------------------
// piglet_utils.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "piglet_utils.h"
namespace Piglet
//--------------------------------------------------------------------------
// piglet_plugins.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "piglet_plugins.h"
#include "managers/plugin_manager.h"
//--------------------------------------------------------------------------
// pp_buffer_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_buffer_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <lua.hpp>
+#include "pp_buffer_iface.h"
#include "framework/codec.h"
#include "lua/lua_arg.h"
-#include "lua/lua_ref.h"
+
#include "pp_raw_buffer_iface.h"
static const luaL_Reg methods[] =
//--------------------------------------------------------------------------
// pp_codec.cc author Joel Cornett <jocornet@cisco.com>
-#include "piglet_plugins.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
-
-#include "lua/lua_iface.h"
#include "managers/codec_manager.h"
#include "piglet/piglet_api.h"
#include "pp_buffer_iface.h"
-#include "pp_daq_pkthdr_iface.h"
#include "pp_codec_data_iface.h"
+#include "pp_codec_iface.h"
+#include "pp_daq_pkthdr_iface.h"
#include "pp_decode_data_iface.h"
#include "pp_enc_state_iface.h"
#include "pp_raw_buffer_iface.h"
-#include "pp_codec_iface.h"
-
class CodecPiglet : public Piglet::BasePlugin
{
public:
//--------------------------------------------------------------------------
// pp_codec_data_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_codec_data_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string.h>
-#include <lua.hpp>
+#include "pp_codec_data_iface.h"
#include "framework/codec.h"
-#include "lua/lua_table.h"
#include "lua/lua_arg.h"
static void set_fields(lua_State* L, int tindex, CodecData& self)
//--------------------------------------------------------------------------
// pp_codec_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_codec_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <limits>
-#include <vector>
-#include <assert.h>
-#include <lua.hpp>
+#include "pp_codec_iface.h"
#include "framework/codec.h"
#include "lua/lua_arg.h"
-#include "lua/lua_table.h"
-#include "protocols/ip.h"
#include "log/text_log.h"
#include "pp_buffer_iface.h"
#include "pp_daq_pkthdr_iface.h"
#include "pp_decode_data_iface.h"
#include "pp_enc_state_iface.h"
+#include "pp_flow_iface.h"
#include "pp_ip_api_iface.h"
#include "pp_raw_buffer_iface.h"
-#include "pp_flow_iface.h"
// FIXIT-M delete this, and make the IpApi arg in codec.update required
static const ip::IpApi default_ip_api {};
//--------------------------------------------------------------------------
// pp_cursor_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_cursor_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <lua.hpp>
+#include "pp_cursor_iface.h"
#include "framework/cursor.h"
#include "lua/lua_arg.h"
-#include "lua/lua_ref.h"
#include "protocols/packet.h"
+
#include "pp_packet_iface.h"
#include "pp_raw_buffer_iface.h"
//--------------------------------------------------------------------------
// pp_codec_data_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_daq_pkthdr_iface.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string.h>
-#include <lua.hpp>
+#include "pp_daq_pkthdr_iface.h"
-extern "C" {
#include <daq_common.h>
-}
-#include "lua/lua_arg.h"
-#include "lua/lua_table.h"
+#include <cstring>
+#include "lua/lua_arg.h"
static void set_fields(lua_State* L, int tindex, struct _daq_pkthdr& self)
{
//--------------------------------------------------------------------------
// pp_decode_data_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_decode_data_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
-#include <lua.hpp>
+#include "pp_decode_data_iface.h"
#include "framework/decode_data.h"
#include "lua/lua_arg.h"
-#include "lua/lua_table.h"
-#include "protocols/ipv4.h"
#include "pp_ip_api_iface.h"
#include "pp_raw_buffer_iface.h"
//--------------------------------------------------------------------------
// pp_enc_state_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_enc_state_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <lua.hpp>
+#include "pp_enc_state_iface.h"
#include "framework/codec.h"
#include "lua/lua_arg.h"
-#include "protocols/ip.h"
// FIXIT-M ip_api should also be its own object (copyable)
static const class ip::IpApi ip_api {};
//--------------------------------------------------------------------------
// pp_event_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_event_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string.h>
+#include "pp_event_iface.h"
-#include <lua.hpp>
+#include <cstring>
#include "detection/signature.h"
#include "events/event.h"
#include "lua/lua_arg.h"
-#include "lua/lua_table.h"
+
#include "pp_raw_buffer_iface.h"
static struct SigInfo* create_sig_info()
//--------------------------------------------------------------------------
// pp_flow_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_flow_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <limits>
-#include <lua.hpp>
+#include "pp_flow_iface.h"
#include "flow/flow.h"
#include "lua/lua_arg.h"
//--------------------------------------------------------------------------
// pp_inspector.cc author Joel Cornett <jocornet@cisco.com>
-#include "piglet_plugins.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
-#include <assert.h>
-
-#include "log/messages.h"
-#include "lua/lua_iface.h"
#include "managers/inspector_manager.h"
#include "piglet/piglet_api.h"
#include "stream/flush_bucket.h"
#include "pp_decode_data_iface.h"
#include "pp_flow_iface.h"
+#include "pp_inspector_iface.h"
#include "pp_ip_api_iface.h"
#include "pp_packet_iface.h"
#include "pp_raw_buffer_iface.h"
#include "pp_stream_splitter_iface.h"
-#include "pp_inspector_iface.h"
-
class InspectorPiglet : public Piglet::BasePlugin
{
public:
//--------------------------------------------------------------------------
// pp_inspector_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_inspector_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <limits>
-#include <string>
-#include <assert.h>
-#include <lua.hpp>
+#include "pp_inspector_iface.h"
#include "framework/inspector.h"
#include "lua/lua_arg.h"
#include "main/snort_config.h"
+
#include "pp_packet_iface.h"
#include "pp_raw_buffer_iface.h"
#include "pp_stream_splitter_iface.h"
//--------------------------------------------------------------------------
// pp_ip_api_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_ip_api_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
-#include <lua.hpp>
+#include "pp_ip_api_iface.h"
#include "lua/lua_arg.h"
#include "protocols/ip.h"
-#include "protocols/ipv4.h"
-#include "protocols/ipv6.h"
#include "pp_raw_buffer_iface.h"
//--------------------------------------------------------------------------
// pp_ips_action.cc author Joel Cornett <jocornet@cisco.com>
-#include "piglet_plugins.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "lua/lua_iface.h"
#include "managers/action_manager.h"
#include "piglet/piglet_api.h"
+#include "pp_ips_action_iface.h"
#include "pp_packet_iface.h"
#include "pp_raw_buffer_iface.h"
-#include "pp_ips_action_iface.h"
-
class IpsActionPiglet : public Piglet::BasePlugin
{
public:
//--------------------------------------------------------------------------
// pp_ips_action_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_ips_action_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <lua.hpp>
+#include "pp_ips_action_iface.h"
#include "framework/ips_action.h"
+
#include "pp_packet_iface.h"
static const luaL_Reg methods[] =
//--------------------------------------------------------------------------
// pp_ips_option.cc author Joel Cornett <jocornet@cisco.com>
-#include "piglet_plugins.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string>
-
#include "detection/treenodes.h"
-#include "lua/lua_iface.h"
#include "managers/ips_manager.h"
#include "piglet/piglet_api.h"
#include "pp_cursor_iface.h"
+#include "pp_ips_option_iface.h"
#include "pp_packet_iface.h"
#include "pp_raw_buffer_iface.h"
-#include "pp_ips_option_iface.h"
-
class IpsOptionPiglet : public Piglet::BasePlugin
{
public:
//--------------------------------------------------------------------------
// pp_ips_option_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_ips_option_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <lua.hpp>
+#include "pp_ips_option_iface.h"
#include "framework/ips_option.h"
#include "lua/lua_stack.h"
+
#include "pp_packet_iface.h"
#include "pp_cursor_iface.h"
//--------------------------------------------------------------------------
// pp_logger.cc author Joel Cornett <jocornet@cisco.com>
-#include "piglet_plugins.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "lua/lua_iface.h"
#include "managers/event_manager.h"
#include "piglet/piglet_api.h"
#include "pp_decode_data_iface.h"
#include "pp_event_iface.h"
#include "pp_ip_api_iface.h"
+#include "pp_logger_iface.h"
#include "pp_packet_iface.h"
#include "pp_raw_buffer_iface.h"
-#include "pp_logger_iface.h"
-
class LoggerPiglet : public Piglet::BasePlugin
{
public:
//--------------------------------------------------------------------------
// pp_logger_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_logger_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <lua.hpp>
+#include "pp_logger_iface.h"
#include "framework/logger.h"
#include "lua/lua_arg.h"
-#include "lua/lua_stack.h"
+
#include "pp_event_iface.h"
#include "pp_packet_iface.h"
//--------------------------------------------------------------------------
// pp_packet_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_packet_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string.h>
-#include <lua.hpp>
+#include "pp_packet_iface.h"
#include "lua/lua_arg.h"
-#include "lua/lua_table.h"
#include "protocols/packet.h"
+
+#include "pp_daq_pkthdr_iface.h"
#include "pp_decode_data_iface.h"
#include "pp_flow_iface.h"
#include "pp_raw_buffer_iface.h"
-#include "pp_daq_pkthdr_iface.h"
static void set_fields(lua_State* L, int tindex, Packet& self)
{
//--------------------------------------------------------------------------
// pp_raw_buffer_iface.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "pp_raw_buffer_iface.h"
#include "lua/lua_arg.h"
-#include "lua/lua_stack.h"
// FIXIT-H a lot of users keep references to this data. Need to prevent
// Lua's garbage collection from destroying RawBuffer while other C++ types
//--------------------------------------------------------------------------
// pp_search_engine.cc author Joel Cornett <jocornet@cisco.com>
-#include "piglet_plugins.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string>
-
-#include "lua/lua_iface.h"
#include "managers/mpse_manager.h"
#include "piglet/piglet_api.h"
//--------------------------------------------------------------------------
// pp_search_engine_iface.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "pp_search_engine_iface.h"
#include "framework/mpse.h"
//--------------------------------------------------------------------------
// pp_so_rule.cc author Joel Cornett <jocornet@cisco.com>
-#include "piglet_plugins.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string>
+#include "piglet_plugins.h"
-#include "lua/lua_iface.h"
#include "managers/so_manager.h"
#include "piglet/piglet_api.h"
//--------------------------------------------------------------------------
// pp_so_rule_iface.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "pp_so_rule_iface.h"
#include "framework/so_rule.h"
//--------------------------------------------------------------------------
// pp_stream_splitter_iface.cc author Joel Cornett <jocornet@cisco.com>
-#include "pp_stream_splitter_iface.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <limits>
-#include <lua.hpp>
+#include "pp_stream_splitter_iface.h"
#include "lua/lua_arg.h"
-#include "lua/lua_stack.h"
#include "stream/stream_splitter.h"
+
#include "pp_flow_iface.h"
#include "pp_raw_buffer_iface.h"
//--------------------------------------------------------------------------
// pp_test.cc author Joel Cornett <jocornet@cisco.com>
-#include "piglet_plugins.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string>
-
-#include "lua/lua_iface.h"
#include "piglet/piglet_api.h"
#include "pp_buffer_iface.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "port_group.h"
-#include <stdlib.h>
#include "utils/util.h"
void PortGroup::add_rule()
// port_item.cc derived from sfportobject.h by Marc Noron
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "port_item.h"
-#include <string.h>
#include "utils/util.h"
/*
#ifndef PORT_ITEM_H
#define PORT_ITEM_H
-#include "framework/bits.h"
-#include "utils/sflsq.h"
+#include <cstdint>
#define SFPO_MAX_LPORTS 500
#define SFPO_MAX_PORTS 65536
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "port_object.h"
-
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <ctype.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <memory>
+#include "port_object.h"
-#include "port_item.h"
-#include "port_utils.h"
#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
#include "main/snort_debug.h"
-#include "detection/sfrim.h"
#include "parser/parser.h"
#include "utils/util.h"
-#include "utils/snort_bounds.h"
-#include "hash/sfhashfcn.h"
+
+#include "port_item.h"
+#include "port_utils.h"
//-------------------------------------------------------------------------
// PortObject - public
#ifndef PORT_OBJECT_H
#define PORT_OBJECT_H
-#include "framework/bits.h"
#include "utils/sflsq.h"
//-------------------------------------------------------------------------
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "port_object2.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <ctype.h>
-
-#include <memory>
-
-#include "port_object.h"
-#include "port_item.h"
-#include "port_table.h"
-#include "port_utils.h"
+#include "port_object2.h"
+#include "hash/sfhashfcn.h"
#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
#include "main/snort_debug.h"
-#include "detection/sfrim.h"
#include "parser/parser.h"
#include "utils/util.h"
-#include "hash/sfhashfcn.h"
+
+#include "port_item.h"
+#include "port_object.h"
+#include "port_utils.h"
#define PO_EXTRA_RULE_CNT 25
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "port_table.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <ctype.h>
+#include "port_table.h"
#include <memory>
-#include "port_item.h"
-#include "port_object.h"
-#include "port_object2.h"
-#include "port_utils.h"
-
+#include "hash/sfhashfcn.h"
#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
#include "main/snort_debug.h"
-#include "detection/sfrim.h"
-#include "parser/parser.h"
#include "utils/util.h"
-#include "hash/sfhashfcn.h"
+
+#include "port_utils.h"
#define PTBL_LRC_DEFAULT 10
#define PO_INIT_ID 1000000
#define PORT_TABLE_H
#include "hash/sfghash.h"
-#include "utils/sflsq.h"
#include "ports/port_item.h"
#include "ports/port_object.h"
#include "ports/port_object2.h"
+#include "utils/sflsq.h"
//-------------------------------------------------------------------------
// PortTable - provides support to analyze the Port List objects defined by
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "port_utils.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <ctype.h>
+#include "port_utils.h"
-#include <memory>
+#include "utils/util.h"
#include "port_item.h"
#include "port_object.h"
-#include "port_table.h"
-
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "main/snort_debug.h"
-#include "detection/sfrim.h"
-#include "parser/parser.h"
-#include "utils/snort_bounds.h"
-#include "utils/util.h"
//-------------------------------------------------------------------------
// bitset conversions
#include "framework/bits.h"
#include "protocols/packet.h"
#include "utils/sflsq.h"
-#include "utils/snort_bounds.h"
struct PortObject;
struct PortObjectItem;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "port_var_table.h"
//-------------------------------------------------------------------------
#include "hash/sfghash.h"
#include "ports/port_object.h"
#include "ports/port_table.h"
-#include "utils/sflsq.h"
//-------------------------------------------------------------------------
// PortVarTable
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "rule_port_tables.h"
+#include "log/messages.h"
+
#include "port_object.h"
#include "port_table.h"
-#include "log/messages.h"
-#include "parser/parser.h"
-#include "utils/util.h"
#define DEFAULT_LARGE_RULE_GROUP 9
memory_defs.h \
memory_context.h \
memory_profiler_defs.h \
-memory_profiler_active_context.h \
profiler.h \
profiler_defs.h \
rule_profiler_defs.h \
memory_context.cc \
memory_profiler.cc \
memory_profiler.h \
+memory_profiler_active_context.h \
profiler.cc \
profiler_printer.h \
profiler_stats_table.cc \
// memory_context.cc author Joel Cornett <jocornet@cisco.com>
-#include "memory_context.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <cassert>
-#include <cstdlib>
+#include "memory_context.h"
+
#include <mutex>
#include <new>
#ifndef MEMORY_CONTEXT_H
#define MEMORY_CONTEXT_H
-#include "main/thread.h"
-
struct CombinedMemoryStats;
class MemoryProfiler
#ifndef MEMORY_DEFS_H
#define MEMORY_DEFS_H
-#include "main/snort_types.h"
-#include "memory_context.h"
+#include "main/thread.h"
struct MemoryStats
{
// memory_profiler.cc author Joel Cornett <jocornet@cisco.com>
-#include "memory_profiler.h"
-
#if HAVE_CONFIG_H
#include "config.h"
#endif
-#include <memory>
+#include "memory_profiler.h"
-#include "profiler_tree_builder.h"
#include "profiler_nodes.h"
#include "profiler_printer.h"
-#include "profiler_stats_table.h"
#include "memory_defs.h"
#ifdef UNIT_TEST
// profiler.cc author Joel Cornett <jocornet@cisco.com>
-#include "profiler.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "profiler.h"
+
#include <cassert>
-#include <mutex>
#include "framework/module.h"
#include "main/snort_config.h"
-#include "profiler_nodes.h"
#include "memory_context.h"
#include "memory_profiler.h"
-#include "time_profiler.h"
+#include "profiler_nodes.h"
#include "rule_profiler.h"
+#include "time_profiler.h"
#ifdef UNIT_TEST
#include "catch/catch.hpp"
// profiler_nodes.cc author Joel Cornett <jocornet@cisco.com>
-#include "profiler_nodes.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "profiler_nodes.h"
+
#include <cassert>
#include <mutex>
#include "framework/module.h"
+
#include "profiler_defs.h"
#ifdef UNIT_TEST
#ifndef PROFILER_PRINTER_H
#define PROFILER_PRINTER_H
-#include <cassert>
#include <algorithm>
+#include <cassert>
#include <functional>
#include <sstream>
#include <string>
// profiler_stats_table.cc author Joel Cornett <jocornet@cisco.com>
-#include "profiler_stats_table.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "profiler_stats_table.h"
+
#include <cassert>
#include <cstring>
#include <iomanip>
// rule_profiler.cc author Joel Cornett <jocornet@cisco.com>
-#include "rule_profiler.h"
-
#if HAVE_CONFIG_H
#include "config.h"
#endif
-#include <algorithm>
-#include <functional>
-#include <iostream>
-#include <sstream>
-#include <vector>
+#include "rule_profiler.h"
+
+//#include <algorithm>
+//#include <functional>
+//#include <iostream>
+//#include <sstream>
+//#include <vector>
// this include eventually leads to possible issues with std::chrono:
// 1. Undefined or garbage value returned to caller (rep count())
#include "detection/detection_options.h" // ... FIXIT-W
#include "detection/treenodes.h"
-#include "hash/sfghash.h"
#include "main/snort_config.h"
#include "main/thread_config.h"
#include "parser/parser.h"
#ifndef RULE_PROFILER_DEFS_H
#define RULE_PROFILER_DEFS_H
-#include "detection/treenodes.h"
-#include "time_profiler_defs.h"
+#include "time/clock_defs.h"
+#include "time/stopwatch.h"
struct dot_node_state_t;
// time_profiler.cc author Joel Cornett <jocornet@cisco.com>
-#include "time_profiler.h"
-
#if HAVE_CONFIG_H
#include "config.h"
#endif
-#include <chrono>
-#include <iostream>
-#include <string>
+#include "time_profiler.h"
#include "profiler_nodes.h"
#include "profiler_tree_builder.h"
//--------------------------------------------------------------------------
// ip.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include <arpa/inet.h>
-#include "protocols/ip.h"
-#include "protocols/packet.h"
-#include "sfip/sf_ip.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "ip.h"
+
+#include "layer.h"
namespace ip
{
#ifndef PROTOCOLS_IP_H
#define PROTOCOLS_IP_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <net/if.h>
#include <cstring>
#include "main/snort_types.h"
#ifndef PROTOCOLS_IPV4_H
#define PROTOCOLS_IPV4_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <cstdint>
#include <arpa/inet.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <net/if.h>
#include "protocols/protocol_ids.h" // include ipv4 protocol numbers
//--------------------------------------------------------------------------
// ipv4_options.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include "protocols/ipv4_options.h"
-#include "protocols/ipv4.h"
-#include "protocols/layer.h"
-#include "protocols/packet.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "ipv4_options.h"
+
+#include "packet.h"
namespace ip
{
#ifndef PROTOCOLS_IP_OPTIONS_H
#define PROTOCOLS_IP_OPTIONS_H
-#include <cstdint>
#include "main/snort_types.h"
struct Packet;
#ifndef PROTOCOLS_IPV6_H
#define PROTOCOLS_IPV6_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <cstdint>
#include <arpa/inet.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <net/if.h>
#include "protocols/protocol_ids.h"
//--------------------------------------------------------------------------
// layer.cc author Josh Rosenbaum <jrosenba@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "layer.h"
-#include <netinet/in.h>
-#include "protocols/layer.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/packet.h"
-#include "protocols/ipv4.h"
-#include "protocols/ipv6.h"
-#include "protocols/ip.h"
-#include "main/thread.h"
+#include "packet.h"
namespace layer
{
#ifndef PROTOCOLS_LAYER_H
#define PROTOCOLS_LAYER_H
-#include <cstdint>
#include "main/snort_types.h"
-#include "protocol_ids.h"
+#include "protocols/protocol_ids.h"
struct Layer
{
//--------------------------------------------------------------------------
// packet.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include <assert.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "packet.h"
-#include "protocols/packet.h"
-#include "protocols/packet_manager.h"
-#include "protocols/protocol_ids.h"
#include "log/obfuscator.h"
-#include "log/messages.h"
#include "managers/codec_manager.h"
-#include "utils/util.h"
+
+#include "packet_manager.h"
Packet::Packet(bool packet_data)
{
#ifndef PROTOCOLS_PACKET_H
#define PROTOCOLS_PACKET_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <stddef.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <net/if.h>
-
-extern "C" {
#include <daq_common.h>
-}
-#include "main/snort_types.h"
-#include "framework/decode_data.h"
#include "flow/flow.h"
-#include "protocols/layer.h"
-#include "framework/endianness.h"
+#include "framework/decode_data.h"
+#include "main/snort_types.h"
/* packet status flags */
#define PKT_REBUILT_FRAG 0x00000001 /* is a rebuilt fragment */
//--------------------------------------------------------------------------
// packet_manager.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include "protocols/packet_manager.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <vector>
-#include <cstring>
-#include <mutex>
-#include <algorithm>
-#include <limits>
-#include <type_traits> // static_assert
+#include "packet_manager.h"
-#include "framework/codec.h"
-#include "managers/codec_manager.h"
-#include "main/snort_config.h"
-#include "main/thread.h"
-#include "log/messages.h"
-#include "detection/fp_detect.h"
-
-#include "protocols/packet.h"
-#include "protocols/protocol_ids.h"
-#include "protocols/eth.h"
-#include "protocols/icmp4.h"
-#include "protocols/icmp6.h"
-#include "profiler/profiler.h"
-#include "parser/parser.h"
+#include <mutex>
#include "codecs/codec_module.h"
#include "codecs/ip/checksum.h"
-#include "utils/stats.h"
#include "log/text_log.h"
+#include "main/snort_config.h"
#include "main/snort_debug.h"
-#include "packet_io/sfdaq.h"
#include "packet_io/active.h"
+#include "packet_io/sfdaq.h"
+#include "profiler/profiler_defs.h"
#include "stream/stream.h"
+#include "eth.h"
+#include "icmp4.h"
+#include "icmp6.h"
+
THREAD_LOCAL ProfileStats decodePerfStats;
// Decoding statistics
// PacketManager provides decode and encode services by leveraging Codecs.
#include <array>
-#include <list>
-#include "main/snort_types.h"
-#include "protocols/packet.h"
-#include "framework/counts.h"
#include "framework/codec.h"
+#include "framework/counts.h"
+#include "main/snort_types.h"
#include "managers/codec_manager.h"
+#include "protocols/packet.h"
-struct _daq_pkthdr;
+struct Packet;
struct TextLog;
enum class TcpResponse
#ifndef PROTOCOLS_PROTOCOL_IDS_H
#define PROTOCOLS_PROTOCOL_IDS_H
-#include <assert.h>
+#include <cassert>
#include <cstdint>
-#include <type_traits>
#include <limits>
+#include <type_traits>
/*****************************************************************
***** NOTE: Protocols are only included in this file when ****
// ssl.h author Adam Keeton
-#include "ssl.h"
-
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
+#include "ssl.h"
-#include "protocols/packet.h"
+#include "packet.h"
#define THREE_BYTE_LEN(x) (x[2] | x[1] << 8 | x[0] << 16)
#ifndef SSL_H
#define SSL_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <ctype.h>
-#include <stdint.h>
-#include <stdlib.h>
-
#include "main/snort_types.h"
#define SSL_NO_FLAG 0x00000000
#ifndef PROTOCOLS_TCP_H
#define PROTOCOLS_TCP_H
-#include <cstdint>
#include <arpa/inet.h>
+#include <cstdint>
+
// these are bits in th_flags:
#define TH_FIN 0x01
#define TH_SYN 0x02
//--------------------------------------------------------------------------
// tcp_options.cc author Josh Rosenbaum <jrosenba@cisco.com>
-#include "protocols/tcp_options.h"
-#include "protocols/tcp.h"
-#include "protocols/layer.h"
-#include "protocols/packet.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "tcp_options.h"
+
+#include "packet.h"
+#include "tcp.h"
namespace tcp
{
#ifndef PROTOCOLS_TCP_OPTIONS_H
#define PROTOCOLS_TCP_OPTIONS_H
-#include <cstdint>
#include "main/snort_types.h"
struct Packet;
#ifndef PROTOCOLS_TOKEN_RING_H
#define PROTOCOLS_TOKEN_RING_H
-#include <cstdint>
#include <arpa/inet.h>
+
#include "protocols/protocol_ids.h"
namespace token_ring
#ifndef PROTOCOLS_UDP_H
#define PROTOCOLS_UDP_H
-#include <cstdint>
#include <arpa/inet.h>
namespace udp
// Inspection events published by the Http Inspector. Modules can subscribe
// to receive the events.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "http_events.h"
+
#include "service_inspectors/http_inspect/http_msg_header.h"
const uint8_t* HttpEvent::get_header(unsigned id, uint64_t sub_id, int32_t& length)
//--------------------------------------------------------------------------
// sip_events.cc author Carter Waxman <cwaxman@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "sip_events.h"
-#include "service_inspectors/sip/sip_common.h"
#include "service_inspectors/sip/sip_dialog.h"
using namespace std;
#include <list>
#include "framework/data_bus.h"
-#include "protocols/packet.h"
#define SIP_EVENT_TYPE_SIP_DIALOG_KEY "sip_event_type_sip_dialog"
SIP_EVENT_TYPE_SIP_DIALOG
};
+struct Packet;
+struct SfIp;
struct SIPMsg;
struct SIP_DialogData;
struct SIP_MediaSession;
set (SEARCH_ENGINE_INCLUDES
- pat_stats.h
search_common.h
search_tool.h
)
endif ()
set (SEARCH_ENGINE_SOURCES
+ pat_stats.h
search_engines.cc
search_engines.h
search_tool.cc
x_includedir = $(pkgincludedir)/search_engines
x_include_HEADERS = \
-pat_stats.h \
search_common.h \
search_tool.h
$(intel_sources)
libsearch_engines_a_SOURCES = \
+pat_stats.h \
search_engines.cc \
search_engines.h \
search_tool.cc \
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "framework/mpse.h"
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "profiler/profiler.h"
-#include "utils/util.h"
-#include "acsmx.h"
#include "acsmx2.h"
//-------------------------------------------------------------------------
* 3/06 - Added AC_BNFA search
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "framework/mpse.h"
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "profiler/profiler.h"
-#include "utils/util.h"
#include "bnfa_search.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "framework/mpse.h"
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "profiler/profiler.h"
-#include "utils/util.h"
-#include "acsmx.h"
#include "acsmx2.h"
//-------------------------------------------------------------------------
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "framework/mpse.h"
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "profiler/profiler.h"
-#include "utils/util.h"
-#include "acsmx.h"
#include "acsmx2.h"
//-------------------------------------------------------------------------
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "framework/mpse.h"
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "profiler/profiler.h"
-#include "utils/util.h"
-#include "acsmx.h"
#include "acsmx2.h"
//-------------------------------------------------------------------------
#endif
#include "framework/mpse.h"
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "main/snort_config.h"
-#include "profiler/profiler.h"
-#include "utils/util.h"
#include "acsmx.h"
-#include "acsmx2.h"
//-------------------------------------------------------------------------
// "ac_std"
** Nov 2,2002: Fixed queue_init() , added count=0
*/
-#include "acsmx.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
+#include "acsmx.h"
#include <list>
-#include "main/snort_debug.h"
#include "main/thread.h"
#include "utils/util.h"
// version 1
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
+#include <cstdint>
-#include "main/snort_types.h"
#include "search_common.h"
#define ALPHABET_SIZE 256
** SparseBands changed ps increment to 2+n to increment between bands.
*/
-#include "acsmx2.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
+#include "acsmx2.h"
#include <list>
-#define ACSMX2_TRACK_Q
-
-#ifdef ACSMX2_TRACK_Q
-#include "main/snort_config.h"
-#endif
-
#include "log/messages.h"
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
#include "utils/stats.h"
#include "utils/util.h"
// Version 2.0
-#include <stdio.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
+#include <cstdint>
#include "search_common.h"
#include "config.h"
#endif
-#include "framework/mpse.h"
+#include "main/snort_types.h"
+
#include "search_engines.h"
extern const BaseApi* se_ac_banded;
** queue ops is optional, as this can impose a modest
** performance hit of a few percent.
*/
-#include "bnfa_search.h"
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
+#include "bnfa_search.h"
#include <list>
-#include "search_common.h"
#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "utils/stats.h"
#include "utils/util.h"
** date: 12/21/05
*/
-#include <stdio.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
+#include <cstdint>
#include "search_common.h"
// hyperscan.cc author Russ Combs <rucombs@cisco.com>
-#include "hyperscan.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <string.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
-#include <vector>
+#include "hyperscan.h"
#include <hs_compile.h>
#include <hs_runtime.h>
+#include <cassert>
+#include <cstring>
+
#include "framework/mpse.h"
#include "log/messages.h"
#include "main/snort_config.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#ifdef INTEL_SOFT_CPM
-#include "intel_soft_cpm.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "intel_soft_cpm.h"
+
#include "framework/mpse.h"
#include "main/snort_debug.h"
#include "main/snort_types.h"
nullptr
};
-#endif
-
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "intel_soft_cpm.h"
#include <stdio.h>
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "search_engines.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "search_engines.h"
+
#include "managers/plugin_manager.h"
struct BaseApi;
//--------------------------------------------------------------------------
// search_tool.cc author Russ Combs <rucombs@cisco.com>
-#include "search_tool.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <sys/types.h>
-#include <stdlib.h>
-#include <ctype.h>
+#include "search_tool.h"
-#include "main/thread.h"
-#include "framework/mpse.h"
#include "managers/mpse_manager.h"
SearchTool::SearchTool() : SearchTool("ac_bnfa")
// hyperscan_test.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "search_engines/hyperscan.h"
#include <string.h>
// search_tool_test.cc author Steve Chew <stechew@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
// Change private to public to give access to private members.
#define private public
#include "search_engines/search_tool.h"
FileVerdict FilePolicy::signature_lookup(Flow*, FileInfo*)
{ return FILE_VERDICT_UNKNOWN; }
-void LogValue(const char*, const char*, FILE* = stdout)
+void LogValue(const char*, const char*, FILE*)
{
}
void LogCount(char const*, uint64_t, FILE*)
{ }
-void LogStat(const char*, double, FILE* = stdout)
+void LogStat(const char*, double, FILE*)
{}
static void* s_tree = (void*)"tree";
#include "config.h"
#endif
-#include <assert.h>
-#include <sys/types.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/detect.h"
-#include "events/event.h"
#include "events/event_queue.h"
-#include "parser/parser.h"
-#include "utils/util.h"
-#include "profiler/profiler.h"
#include "framework/inspector.h"
#include "framework/module.h"
-#include "protocols/udp.h"
+#include "log/messages.h"
+#include "profiler/profiler.h"
#include "protocols/packet.h"
#define BO_DEFAULT_KEY 31337
// dce_co.cc author Rashmi Pitre <rrp@cisco.com>
// based on work by Todd Wease
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_co.h"
#include "main/snort_debug.h"
#include "dce_smb.h"
#include "dce_smb_module.h"
+#include "dce_smb_utils.h"
#include "dce_tcp.h"
#include "dce_tcp_module.h"
-#include "dce_smb_utils.h"
THREAD_LOCAL int co_reassembled = 0;
// dce_common.cc author Rashmi Pitre <rrp@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_common.h"
#include "detection/detect.h"
#include "events/event_queue.h"
#include "framework/counts.h"
+#include "framework/endianness.h"
#include "framework/value.h"
#include "protocols/packet.h"
#include <assert.h>
*
****************************************************************************/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_list.h"
#include "main/snort_debug.h"
// dce_smb.cc author Rashmi Pitre <rrp@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_smb.h"
#include "detection/detect.h"
#include "utils/util.h"
#include "packet_io/active.h"
+#include "dce_smb_commands.h"
#include "dce_smb_module.h"
-#include "dce_smb_utils.h"
#include "dce_smb_paf.h"
-#include "dce_smb_commands.h"
#include "dce_smb_transaction.h"
+#include "dce_smb_utils.h"
#include "dce_smb2.h"
THREAD_LOCAL int dce2_smb_inspector_instances = 0;
// SMB2 file processing
// Author(s): Hui Cao <huica@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_smb2.h"
#include "detection/detection_util.h"
// Smb commands processing
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_smb_commands.h"
#include "main/snort_debug.h"
// dce_smb_module.cc author Rashmi Pitre <rrp@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_smb_module.h"
#include "log/messages.h"
// dce_smb_paf.cc author Rashmi Pitre <rrp@cisco.com>
// based on work by Todd Wease
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_smb_paf.h"
#include "main/snort_debug.h"
// Smb transaction commands processing
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_smb_transaction.h"
#include "main/snort_debug.h"
// Smb transaction commands utils
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_smb_transaction_utils.h"
#include "main/snort_debug.h"
// dce_smb_utils.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Todd Wease
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_smb_utils.h"
+#include "detection/detect.h"
#include "detection/detection_util.h"
-#include "utils/util.h"
-#include "packet_io/active.h"
#include "main/snort.h"
+#include "packet_io/active.h"
+#include "utils/util.h"
#include "dce_smb_module.h"
ssd->fapi_ftracker = nullptr;
}
-FileContext* DCE2_get_main_file_context(DCE2_SmbSsnData* ssd)
+static FileContext* DCE2_get_main_file_context(DCE2_SmbSsnData* ssd)
{
assert(ssd->sd.wire_pkt);
FileFlows* file_flows = FileFlows::get_file_flows((ssd->sd.wire_pkt)->flow);
// dce_tcp.cc author Rashmi Pitre <rrp@cisco.com>
// based on work by Todd Wease
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_tcp.h"
#include "detection/detect.h"
// dce_tcp_module.cc author Rashmi Pitre <rrp@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_tcp_module.h"
#include "log/messages.h"
// dce_tcp_paf.cc author Rashmi Pitre <rrp@cisco.com>
// based on work by Todd Wease
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_tcp_paf.h"
#include "main/snort_debug.h"
// dce_udp.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Todd Wease
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_udp.h"
#include "detection/detect.h"
// dce_udp_module.cc author Maya Dagon <mdagon@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_udp_module.h"
#include "log/messages.h"
// within each activity. Also sets appropriate data for use with
// preprocessor rule options.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_udp.h"
#include "flow/session.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_utils.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
#include "utils/safec.h"
+#include "utils/util.h"
/********************************************************************
* Function: DCE2_GetValue()
// ips_dce_iface.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Todd Wease
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <cerrno>
#include "detection/detection_defines.h"
// ips_dce_opnum.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Todd Wease
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
// ips_dce_stub_data.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Todd Wease
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "detection/detection_defines.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
// smb_message.cc author Rashmi Pitre <rrp@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_smb.h"
#include "detection/detect.h"
#include "utils/util.h"
#include "packet_io/active.h"
+#include "dce_smb.h"
+#include "dce_smb_commands.h"
#include "dce_smb_module.h"
-#include "dce_smb_utils.h"
#include "dce_smb_paf.h"
-#include "dce_smb_commands.h"
#include "dce_smb_transaction.h"
+#include "dce_smb_utils.h"
#include "dce_smb2.h"
-#include "dce_smb.h"
/********************************************************************
* Global variables
// dnp3.cc author Rashmi Pitre <rrp@cisco.com>
// based on work by Ryan Jordan
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dnp3.h"
-#include "dnp3_paf.h"
-#include "dnp3_reassembly.h"
#include "events/event_queue.h"
+#include "protocols/packet.h"
+
+#include "dnp3_paf.h"
+#include "dnp3_reassembly.h"
THREAD_LOCAL Dnp3Stats dnp3_stats;
THREAD_LOCAL ProfileStats dnp3_perf_stats;
#ifndef DNP3_H
#define DNP3_H
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
+#include "flow/flow.h"
#include "framework/counts.h"
+#include "profiler/profiler_defs.h"
#define DNP3_NAME "dnp3"
#define DNP3_HELP "dnp3 inspection"
// dnp3_map.cc author Ryan Jordan
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dnp3_map.h"
-#include <stdlib.h>
-#include <string.h>
+
+#include <cstddef>
+#include <cstring>
/* Name/value pair struct */
struct dnp3_map_t
#ifndef DNP3_MAP__H
#define DNP3_MAP__H
-#include <stdint.h>
+#include <cstdint>
/* Check if "code" is in the function map.
*
// dnp3_module.cc author Rashmi Pitre <rrp@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dnp3_module.h"
-#include "dnp3.h"
+
#include "log/messages.h"
-#include "main/snort_config.h"
+
+#include "dnp3.h"
using namespace std;
// dnp3_paf.cc author Rashmi Pitre <rrp@cisco.com>
// based on work by Ryan Jordan
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dnp3_paf.h"
+
#include "dnp3.h"
/* Function: dnp3_paf()
// Protocol aware flushing for DNP3.
-#include "main/snort_types.h"
#include "stream/stream_splitter.h"
enum dnp3_paf_state
// dnp3_reassembly.cc author Ryan Jordan
// modifications for snort3 by Rashmi Pitre <rrp@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dnp3_reassembly.h"
-#include "events/event_queue.h"
+
#include "detection/detect.h"
+#include "events/event_queue.h"
+#include "protocols/packet.h"
+
#include "dnp3_map.h"
-#include "dnp3.h"
-#include "dnp3_module.h"
/* CRC look-up table, for computeCRC() below */
static uint16_t crcLookUpTable[256] =
// ips_dnp3_data.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Ryan Jordan
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "detection/detection_defines.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
// ips_dnp3_func.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Ryan Jordan
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
-#include "detection/detection_defines.h"
#include "hash/sfhashfcn.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
#include "dnp3.h"
#include "dnp3_map.h"
// ips_dnp3_ind.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Ryan Jordan
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
-#include "detection/detection_defines.h"
#include "hash/sfhashfcn.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
#include "dnp3.h"
#include "dnp3_map.h"
// ips_dnp3_obj.cc author Maya Dagon <mdagon@cisco.com>
// based on work by Ryan Jordan
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
-#include "detection/detect.h"
-#include "detection/detection_defines.h"
#include "hash/sfhashfcn.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
#include "dnp3.h"
// Alert for DNS client rdata buffer overflow.
// Alert for Obsolete or Experimental RData types (per RFC 1035)
-#include "dns.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <sys/types.h>
+#include "dns.h"
#include "events/event_queue.h"
#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "profiler/profiler.h"
-#include "parser/parser.h"
-#include "framework/inspector.h"
+#include "protocols/packet.h"
#include "stream/stream.h"
-#include "utils/sfsnprintfappend.h"
#include "dns_module.h"
#ifndef DNS_H
#define DNS_H
-#include "protocols/packet.h"
+#include "flow/flow.h"
// Implementation header with definitions, datatypes and flowdata class for
// DNS service inspector.
// dns_module.cc author Bhagyashree Bantwal <bbantwal@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dns_module.h"
-#include <assert.h>
-#include <sstream>
using namespace std;
#define DNS_MODULE_H
//Interface to the DNS service inspector
-#include "framework/module.h"
#include "framework/bits.h"
+#include "framework/module.h"
#include "main/thread.h"
#define GID_DNS 131
* of the external network.
*/
-#include "ft_main.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "ftpp_return_codes.h"
-#include "ftp_cmd_lookup.h"
-#include "ftp_bounce_lookup.h"
+#include "ft_main.h"
#include "detection/detect.h"
#include "framework/data_bus.h"
#include "log/messages.h"
#include "utils/util.h"
+#include "ftp_cmd_lookup.h"
+#include "ftp_bounce_lookup.h"
+#include "ftpp_return_codes.h"
+
void CleanupFTPCMDConf(void* ftpCmd)
{
FTP_CMD_CONF* FTPCmd = (FTP_CMD_CONF*)ftpCmd;
#ifndef FT_MAIN_H
#define FT_MAIN_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#include "ftpp_ui_config.h"
-#include "protocols/packet.h"
#define BUF_SIZE 1024
+struct Packet;
struct ProfileStats;
+struct SnortConfig;
extern int16_t ftp_data_app_id;
#include "config.h"
#endif
-#include "ftp_module.h"
-#include "ftpp_si.h"
-#include "ftpp_return_codes.h"
-#include "ftp_cmd_lookup.h"
+#include "main/snort_config.h"
+#include "managers/inspector_manager.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
+#include "stream/stream.h"
+#include "target_based/snort_protocols.h"
+#include "utils/util.h"
+
#include "ft_main.h"
+#include "ftp_cmd_lookup.h"
+#include "ftp_data.h"
+#include "ftp_module.h"
#include "ftp_parse.h"
#include "ftp_print.h"
#include "ftp_splitter.h"
+#include "ftpp_return_codes.h"
+#include "ftpp_si.h"
#include "pp_ftp.h"
-#include "ftp_data.h"
#include "telnet.h"
-#include "main/snort_config.h"
-#include "main/snort_types.h"
-#include "managers/inspector_manager.h"
-#include "profiler/profiler.h"
-#include "target_based/snort_protocols.h"
-#include "utils/util.h"
-
int16_t ftp_data_app_id = SFTARGET_UNKNOWN_PROTOCOL;
#define client_key "ftp_client"
* Kevin Liu <kliu@sourcefire.com>
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ftp_bounce_lookup.h"
-#include "ftpp_return_codes.h"
#include "ft_main.h"
+#include "ftpp_return_codes.h"
/*
* Function: ftp_bounce_lookup_init(BOUNCE_LOOKUP **BounceLookup)
* Kevin Liu <kliu@sourcefire.com>
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ftp_cmd_lookup.h"
-#include "ftpp_return_codes.h"
#include "ft_main.h"
+#include "ftpp_return_codes.h"
/*
* Function: ftp_cmd_lookup_init(CMD_LOOKUP **CmdLookup)
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "ftp_data.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "ftp_module.h"
-#include "ftpp_si.h"
+#include "ftp_data.h"
#include "detection/detection_util.h"
-#include "file_api/file_service.h"
#include "file_api/file_flows.h"
+#include "file_api/file_service.h"
+#include "packet_io/active.h"
#include "profiler/profiler.h"
+#include "stream/stream.h"
#include "utils/util.h"
-#include "packet_io/active.h"
+
+#include "ftp_module.h"
+#include "ftpp_si.h"
#define s_name "ftp_data"
// ftp_module.cc author Russ Combs <rucombs@cisco.com>
-#include "ftp_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <sstream>
+#include "ftp_module.h"
#include "log/messages.h"
#ifndef FTP_MODULE_H
#define FTP_MODULE_H
-#include <string>
-#include <vector>
-
-#include "ftpp_ui_config.h"
#include "framework/module.h"
-#include "main/thread.h"
+#include "ftpp_ui_config.h"
#define GID_FTP 125
* Marc A. Norton <mnorton@sourcefire.com>
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ftp_parse.h"
-#include <assert.h>
+#include <cassert>
+
+#include "log/messages.h"
+#include "utils/util.h"
#include "ftp_bounce_lookup.h"
#include "ftp_cmd_lookup.h"
#include "ftpp_return_codes.h"
-#include "log/messages.h"
-#include "sfip/sf_ip.h"
-#include "utils/util.h"
-
#define CONF_SEPARATORS " \n"
#define ALLOW_BOUNCE "bounce_to"
#define FTP_PARSE_H
#include "ftpp_ui_config.h"
-#include "protocols/packet.h"
-#include "framework/bits.h"
/*
* These are the definitions of the parser section delimiting
* Marc A. Norton <mnorton@sourcefire.com>
*/
-#include "ftp_print.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "ftp_print.h"
+
+#include <cstring>
+
+#include "log/messages.h"
+#include "utils/sfsnprintfappend.h"
+
#include "ft_main.h"
-#include "ftp_cmd_lookup.h"
#include "ftp_bounce_lookup.h"
+#include "ftp_cmd_lookup.h"
#include "ftp_parse.h"
#include "ftpp_return_codes.h"
-#include "log/messages.h"
-#include "utils/sfsnprintfappend.h"
-
int PrintConfOpt(bool on, const char* Option)
{
LogMessage(" %s: %s\n", Option, on ? "ON" : "OFF");
//--------------------------------------------------------------------------
// ftp_splitter.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ftp_splitter.h"
-#include <string.h>
+#include <cstring>
FtpSplitter::FtpSplitter(bool c2s) : StreamSplitter(c2s) { }
FtpSplitter::~FtpSplitter() { }
* Marc A. Norton <mnorton@sourcefire.com>
* Kevin Liu <kliu@sourcefire.com>
*/
-#include "ftpp_si.h"
-#include "ft_main.h"
-#include "ftpp_return_codes.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "ftpp_si.h"
-#include "sfip/sf_ip.h"
+#include "protocols/packet.h"
#include "stream/stream.h"
#include "utils/util.h"
+#include "ft_main.h"
+#include "ftpp_return_codes.h"
+
unsigned FtpFlowData::flow_id = 0;
unsigned TelnetFlowData::flow_id = 0;
#ifndef FTPP_SI_H
#define FTPP_SI_H
-#include <stdint.h>
+#include "file_api/file_api.h"
+#include "flow/flow.h"
+#include "flow/flow_key.h"
-#include "ftpp_ui_config.h"
#include "ftp_client.h"
#include "ftp_server.h"
-#include "protocols/packet.h"
-#include "file_api/file_api.h"
-#include "flow/flow.h"
-#include "stream/stream.h"
+#include "ftpp_ui_config.h"
/*
* These are the defines for the different types of
* Daniel J. Roelker <droelker@sourcefire.com>
* Marc A. Norton <mnorton@sourcefire.com>
*/
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ftpp_ui_config.h"
+#include "utils/util.h"
+
#include "ftp_bounce_lookup.h"
#include "ftp_cmd_lookup.h"
#include "ftpp_return_codes.h"
-#include "utils/util.h"
-
FTP_CLIENT_PROTO_CONF::FTP_CLIENT_PROTO_CONF()
{
memset(this, 0, sizeof(*this));
#ifndef FTPP_UI_CONFIG_H
#define FTPP_UI_CONFIG_H
-#include "framework/bits.h"
#include "sfip/sf_ip.h"
-#include "sfrt/sfrt.h"
#include "utils/kmap.h"
/*
/* your preprocessor header file goes here */
-#include "pp_ftp.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "pp_ftp.h"
+
#include "detection/detection_util.h"
#include "file_api/file_service.h"
-#include "sfip/sf_ip.h"
+#include "protocols/packet.h"
+#include "stream/stream.h"
#include "utils/util.h"
#include "ft_main.h"
// declares the ftp checking functions
-#include <sys/types.h>
-
-#include "ftpp_ui_config.h"
#include "ftpp_si.h"
/* list of function prototypes for this preprocessor */
/* your preprocessor header file goes here */
-#include "pp_telnet.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "ftpp_return_codes.h"
-#include "telnet_module.h"
+#include "pp_telnet.h"
#include "detection/detection_util.h"
+#include "protocols/packet.h"
+#include "stream/stream.h"
+
+#include "ftpp_return_codes.h"
+#include "telnet_module.h"
#define NUL 0x00
#define CR 0x0d
// declares the telnet checking functions
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <sys/types.h>
-
/* RFC 885 defines an End of Record telnet option */
#define RFC885
/* RFC 1184 defines Abort, Suspend, and End of File telnet optinos */
#define RFC1184
-#include "ftpp_ui_config.h"
#include "ftpp_si.h"
/* define the telnet negotiation codes (TNC) that we're interested in */
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "telnet.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "telnet.h"
+
+#include "log/messages.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
+
#include "ft_main.h"
#include "ftp_print.h"
#include "ftpp_return_codes.h"
#include "pp_telnet.h"
#include "telnet_module.h"
-#include "log/messages.h"
-#include "profiler/profiler.h"
-
THREAD_LOCAL ProfileStats telnetPerfStats;
THREAD_LOCAL SimpleStats tnstats;
// telnet_module.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "telnet_module.h"
+#include <cassert>
+
using namespace std;
//-------------------------------------------------------------------------
#ifndef TELNET_MODULE_H
#define TELNET_MODULE_H
-#include "ftpp_ui_config.h"
#include "framework/module.h"
-#include "main/thread.h"
+#include "ftpp_ui_config.h"
#define GID_TELNET 126
#include "gtp.h"
-#include <assert.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <syslog.h>
-#include <string.h>
-#include <strings.h>
-#include <sys/time.h>
-
#include "main/snort_debug.h"
-#include "main/snort_types.h"
#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "gtp.h"
#include "gtp_inspect.h"
-#include "gtp_parser.h"
#define GTPMSG_ZERO_LEN offsetof(GTPMsg, msg_id)
// Provides convenience functions for parsing and querying configuration.
#include <string>
-#include "main/thread.h"
+
#include "framework/counts.h"
+#include "main/thread.h"
#define MIN_GTP_VERSION_CODE (0)
#define MAX_GTP_VERSION_CODE (2)
// gtp_inspect.cc author Russ Combs <rucombs@cisco.com>
// adapt 2x preprocessor code to 3x inspector
-#include "gtp_inspect.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "gtp_inspect.h"
+
#include "managers/inspector_manager.h"
-#include "protocols/packet.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
#include "gtp.h"
#include "gtp_module.h"
#define GTP_INSPECT_H
#include "flow/flow.h"
+
#include "gtp_parser.h"
// FIXIT-M why store per packet on flow?
// gtp_module.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "gtp_module.h"
#include <cassert>
-#include "gtp.h"
#include "profiler/profiler.h"
+#include "gtp.h"
+
THREAD_LOCAL ProfileStats gtp_inspect_prof;
#define GTP_EVENT_BAD_MSG_LEN_STR "message length is invalid"
#ifndef GTP_MODULE_H
#define GTP_MODULE_H
-#include <vector>
-#include <string>
-
#include "framework/module.h"
-#include "main/thread.h"
#define GID_GTP 143
#include "gtp_parser.h"
-#include <ctype.h>
+#include <arpa/inet.h>
-#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "events/event_queue.h"
-#include "protocols/packet.h"
+#include "log/messages.h"
#include "gtp.h"
#include "gtp_module.h"
#ifndef GTP_PARSER_H
#define GTP_PARSER_H
-#include "main/snort_types.h"
+#include <cstdint>
struct GTP_IEData
{
// gtp_info rule option implementation
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "detection/detection_defines.h"
+#include "hash/sfhashfcn.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "hash/sfhashfcn.h"
-#include "protocols/packet.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
#include "gtp.h"
#include "gtp_inspect.h"
// gtp_type rule option implementation
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "detection/detection_defines.h"
-#include "framework/bits.h"
#include "framework/ips_option.h"
#include "framework/module.h"
#include "hash/sfhashfcn.h"
// gtp_version rule option implementation
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
//--------------------------------------------------------------------------
// http_api.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "http_enum.h"
-#include "http_inspect.h"
#include "http_api.h"
+#include "http_inspect.h"
+
const char* HttpApi::http_my_name = HTTP_NAME;
const char* HttpApi::http_help = "the new HTTP inspector!";
#ifndef HTTP_API_H
#define HTTP_API_H
-#include "framework/parameter.h"
-#include "framework/module.h"
#include "framework/inspector.h"
+#include "framework/module.h"
-#include "http_module.h"
#include "http_flow_data.h"
+#include "http_module.h"
class HttpApi
{
//--------------------------------------------------------------------------
// http_cutter.cc author Tom Peters <thopeter@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "http_cutter.h"
using namespace HttpEnums;
#include <assert.h>
#include "http_enum.h"
-#include "http_infractions.h"
#include "http_event_gen.h"
+#include "http_infractions.h"
//-------------------------------------------------------------------------
// HttpCutter class and subclasses
#ifndef HTTP_ENUM_H
#define HTTP_ENUM_H
-#include <stdint.h>
+#include <cstdint>
namespace HttpEnums
{
#ifndef HTTP_EVENT_GEN_H
#define HTTP_EVENT_GEN_H
-#include <assert.h>
#include <bitset>
+#include <cassert>
#include "events/event_queue.h"
+#include "utils/util.h"
#include "http_enum.h"
-#include "utils/util.h"
//-------------------------------------------------------------------------
// Event generator class
//--------------------------------------------------------------------------
// http_field.cc author Tom Peters <thopeter@cisco.com>
-#include <sys/types.h>
-#include <stdio.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "main/snort_types.h"
+#include "http_field.h"
-#include "http_enum.h"
#include "http_test_manager.h"
-#include "http_field.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_flow_data.cc author Tom Peters <thopeter@cisco.com>
-#include "http_enum.h"
-#include "http_test_manager.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "http_flow_data.h"
+
+#include "http_test_manager.h"
#include "http_transaction.h"
-#include "http_js_norm.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_head_norm.cc author Tom Peters <thopeter@cisco.com>
-#include <assert.h>
-#include <string.h>
-#include <sys/types.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "main/snort_types.h"
-
-#include "http_enum.h"
-#include "http_str_to_code.h"
#include "http_head_norm.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_inspect.cc author Tom Peters <thopeter@cisco.com>
-#include "http_inspect.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
-#include <stdio.h>
+#include "http_inspect.h"
-#include "main/snort_types.h"
+#include "protocols/packet.h"
-#include "http_enum.h"
-#include "http_msg_request.h"
-#include "http_msg_status.h"
-#include "http_msg_header.h"
#include "http_msg_body.h"
#include "http_msg_body_chunk.h"
#include "http_msg_body_cl.h"
#include "http_msg_body_old.h"
+#include "http_msg_header.h"
+#include "http_msg_request.h"
+#include "http_msg_status.h"
#include "http_msg_trailer.h"
-#include "http_test_manager.h"
-#include "http_field.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_js_norm.cc author Tom Peters <thopeter@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "http_js_norm.h"
+
#include "utils/util_jsnorm.h"
-#include "utils/util.h"
#include "utils/safec.h"
-#include "http_enum.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_module.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "http_module.h"
#include "log/messages.h"
-#include "http_uri_norm.h"
#include "http_js_norm.h"
-#include "http_module.h"
+#include "http_uri_norm.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_msg_body.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
-#include <stdio.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "http_msg_body.h"
-#include "detection/detection_util.h"
-#include "file_api/file_api.h"
#include "file_api/file_flows.h"
-#include "mime/file_mime_process.h"
-#include "http_enum.h"
#include "http_api.h"
-#include "http_msg_request.h"
-#include "http_msg_body.h"
#include "http_js_norm.h"
+#include "http_msg_request.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_msg_body_chunk.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
-#include <stdio.h>
-
-#include "mime/file_mime_process.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "http_enum.h"
#include "http_msg_body_chunk.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_msg_body_cl.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
-#include <stdio.h>
-
-#include "detection/detection_util.h"
-#include "file_api/file_api.h"
-#include "file_api/file_flows.h"
-#include "mime/file_mime_process.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "http_enum.h"
-#include "http_msg_request.h"
#include "http_msg_body_cl.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_msg_body_old.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
-#include <stdio.h>
-
-#include "detection/detection_util.h"
-#include "file_api/file_api.h"
-#include "file_api/file_flows.h"
-#include "mime/file_mime_process.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "http_enum.h"
-#include "http_msg_request.h"
#include "http_msg_body_old.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_msg_head_shared.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
-#include <stdio.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "http_enum.h"
-#include "http_normalizers.h"
-#include "http_uri_norm.h"
#include "http_msg_head_shared.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_msg_head_shared_util.cc author Tom Peters <thopeter@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "http_msg_head_shared.h"
-#include <string>
int32_t HttpMsgHeadShared::get_next_code(const Field& field, int32_t& offset,
const StrCode table[])
//--------------------------------------------------------------------------
// http_msg_header.cc author Tom Peters <thopeter@cisco.com>
-#include <cstring>
-#include <cstdio>
-#include <sys/types.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "http_msg_header.h"
-#include "utils/util.h"
-#include "detection/detection_util.h"
-#include "file_api/file_service.h"
#include "file_api/file_flows.h"
+#include "file_api/file_service.h"
+#include "pub_sub/http_events.h"
-#include "http_module.h"
#include "http_api.h"
-#include "http_normalizers.h"
#include "http_msg_request.h"
-#include "http_msg_header.h"
-#include "pub_sub/http_events.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_msg_request.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
-#include <stdio.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "detection/detection_util.h"
+#include "http_msg_request.h"
-#include "http_enum.h"
#include "http_api.h"
-#include "http_msg_request.h"
-#include "http_msg_header.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_msg_section.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
-#include <stdio.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "http_enum.h"
-#include "http_transaction.h"
-#include "http_test_manager.h"
#include "http_msg_section.h"
-#include "http_msg_request.h"
-#include "http_msg_status.h"
+
+#include "http_msg_body.h"
#include "http_msg_head_shared.h"
#include "http_msg_header.h"
+#include "http_msg_request.h"
+#include "http_msg_status.h"
#include "http_msg_trailer.h"
-#include "http_msg_body.h"
+#include "http_test_manager.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_msg_start.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
-#include <stdio.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "http_enum.h"
#include "http_msg_start.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_msg_status.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
-#include <stdio.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "detection/detection_util.h"
+#include "http_msg_status.h"
-#include "http_enum.h"
#include "http_api.h"
-#include "http_msg_status.h"
-#include "http_msg_header.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_msg_trailer.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
-#include <stdio.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "detection/detection_util.h"
+#include "http_msg_trailer.h"
-#include "http_enum.h"
#include "http_api.h"
-#include "http_msg_trailer.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_normalizers.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
-#include <sys/types.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "http_enum.h"
-#include "http_str_to_code.h"
#include "http_normalizers.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_str_to_code.cc author Tom Peters <thopeter@cisco.com>
-#include <string.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "main/snort_types.h"
+#include "http_str_to_code.h"
+
+#include <cstring>
#include "http_enum.h"
-#include "http_str_to_code.h"
// Need to replace this simple algorithm for better performance FIXIT-P
int32_t str_to_code(const uint8_t* text, const int32_t text_len, const StrCode table[])
#ifndef HTTP_STR_TO_CODE_H
#define HTTP_STR_TO_CODE_H
+#include <cstdint>
+
struct StrCode
{
int32_t code;
//--------------------------------------------------------------------------
// http_stream_splitter_reassemble.cc author Tom Peters <thopeter@cisco.com>
-#include <assert.h>
-#include <sys/types.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "protocols/packet.h"
-#include "file_api/file_flows.h"
-#include "http_enum.h"
-#include "http_field.h"
-#include "http_test_manager.h"
-#include "http_test_input.h"
#include "http_inspect.h"
#include "http_stream_splitter.h"
+#include "http_test_input.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_stream_splitter_scan.cc author Tom Peters <thopeter@cisco.com>
-#include <assert.h>
-#include <sys/types.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include "file_api/file_flows.h"
-#include "http_enum.h"
-#include "http_field.h"
-#include "http_msg_request.h"
-#include "http_test_manager.h"
-#include "http_test_input.h"
-#include "http_cutter.h"
+
#include "http_inspect.h"
+#include "http_msg_request.h"
#include "http_stream_splitter.h"
+#include "http_test_input.h"
using namespace HttpEnums;
#include "config.h"
#endif
-#include <string.h>
-#include <sys/types.h>
-
-#include "framework/module.h"
-#include "framework/counts.h"
-
-#include "utils/util_utf.h"
-
-#include "http_enum.h"
-#include "http_str_to_code.h"
-#include "http_normalizers.h"
-#include "http_head_norm.h"
-#include "http_msg_request.h"
#include "http_msg_header.h"
-#include "http_module.h"
-#include "http_uri_norm.h"
-#include "http_cutter.h"
+#include "http_msg_request.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_test_input.cc author Tom Peters <thopeter@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#ifdef REG_TEST
-#include <assert.h>
-#include <stdexcept>
+#include "http_test_input.h"
#include "http_module.h"
#include "http_test_manager.h"
-#include "http_test_input.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_test_manager.cc author Tom Peters <thopeter@cisco.com>
-#ifdef REG_TEST
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <stdexcept>
+#ifdef REG_TEST
#include "http_test_manager.h"
+
#include "http_test_input.h"
bool HttpTestManager::test_input = false;
//--------------------------------------------------------------------------
// http_transaction.cc author Tom Peters <thopeter@cisco.com>
-#include <sys/types.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "http_enum.h"
#include "http_transaction.h"
+
+#include "http_msg_body.h"
+#include "http_msg_header.h"
#include "http_msg_request.h"
#include "http_msg_status.h"
-#include "http_msg_header.h"
#include "http_msg_trailer.h"
-#include "http_msg_body.h"
using namespace HttpEnums;
//--------------------------------------------------------------------------
// http_uri.cc author Tom Peters <thopeter@cisco.com>
-#include <assert.h>
-#include <string.h>
-#include <sys/types.h>
-#include <stdio.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "http_enum.h"
-#include "http_module.h"
#include "http_uri.h"
#include "hash/sfhashfcn.h"
//--------------------------------------------------------------------------
// http_uri_norm.cc author Tom Peters <thopeter@cisco.com>
-#include <assert.h>
-#include <sys/types.h>
-#include <cstring>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "http_uri_norm.h"
+
#include <sstream>
-#include <string>
#include "log/messages.h"
-#include "http_enum.h"
-#include "http_uri_norm.h"
-
using namespace HttpEnums;
void UriNormalizer::normalize(const Field& input, Field& result, bool do_path, uint8_t* buffer,
//--------------------------------------------------------------------------
// ips_http.cc author Tom Peters <thopeter@cisco.com>
-#include <array>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "ips_http.h"
-#include "protocols/packet.h"
-#include "flow/flow.h"
#include "detection/detection_defines.h"
#include "framework/cursor.h"
#include "hash/sfhashfcn.h"
#include "log/messages.h"
+#include "protocols/packet.h"
#include "http_inspect.h"
#include "http_msg_head_shared.h"
-#include "ips_http.h"
using namespace HttpEnums;
#ifndef IPS_HTTP_H
#define IPS_HTTP_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <string>
#include <array>
-#include "main/snort_types.h"
#include "profiler/profiler.h"
#include "framework/ips_option.h"
#include "framework/module.h"
// http_module_test.cc author Tom Peters <thopeter@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "log/messages.h"
#include "events/event_queue.h"
// http_msg_head_shared_util_test.cc author Tom Peters <thopeter@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_inspectors/http_inspect/http_msg_head_shared.h"
#include "service_inspectors/http_inspect/http_field.h"
#include "service_inspectors/http_inspect/http_str_to_code.h"
// http_normalizers_test.cc author Tom Peters <thopeter@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_inspectors/http_inspect/http_msg_header.h"
#include "service_inspectors/http_inspect/http_test_manager.h"
// http_transaction_test.cc author Tom Peters <thopeter@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "service_inspectors/http_inspect/http_transaction.h"
#include "service_inspectors/http_inspect/http_module.h"
#include "service_inspectors/http_inspect/http_flow_data.h"
// http_uri_norm_test.cc author Tom Peters <thopeter@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "log/messages.h"
#include "service_inspectors/http_inspect/http_uri_norm.h"
#include "service_inspectors/http_inspect/http_js_norm.h"
// imap.cc author Bhagyashree Bantwal <bbantwal@cisco.com>
-#include "imap.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <sys/types.h>
+#include "imap.h"
#include "events/event_queue.h"
#include "log/messages.h"
-#include "main/snort_types.h"
#include "main/snort_debug.h"
#include "profiler/profiler.h"
-#include "file_api/file_api.h"
-#include "parser/parser.h"
-#include "framework/inspector.h"
-#include "target_based/snort_protocols.h"
-#include "search_engines/search_tool.h"
-#include "utils/sfsnprintfappend.h"
-#include "utils/util.h"
+#include "protocols/packet.h"
#include "protocols/ssl.h"
-#include "mime/file_mime_process.h"
+#include "search_engines/search_tool.h"
#include "stream/stream.h"
+#include "utils/util.h"
-#include "imap_paf.h"
#include "imap_module.h"
+#include "imap_paf.h"
THREAD_LOCAL ProfileStats imapPerfStats;
THREAD_LOCAL ImapStats imapstats;
// Implementation header with definitions, datatypes and flowdata class for
// IMAP service inspector.
-#include "protocols/packet.h"
-#include "stream/stream.h"
-#include "imap_config.h"
+#include "flow/flow.h"
+#include "mime/file_mime_process.h"
// Direction packet is coming from, if we can figure it out
#define IMAP_PKT_FROM_UNKNOWN 0
// imap_module.cc author Bhagyashree Bantwal <bbantwal@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "imap_module.h"
-#include <assert.h>
-#include <sstream>
+#include <cassert>
#include "log/messages.h"
-#include "main/snort_config.h"
using namespace std;
// Interface to the IMAP service inspector
#include "framework/module.h"
-#include "framework/bits.h"
-#include "main/thread.h"
#include "imap_config.h"
#define GID_IMAP 141
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include <sys/types.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "imap_paf.h"
-#include "main/snort_types.h"
#include "main/snort_debug.h"
+#include "protocols/packet.h"
+#include "stream/stream.h"
-#include "imap_paf.h"
#include "imap.h"
extern IMAPToken imap_resps[];
// Protocol aware flushing for IMAP
-#include "main/snort_types.h"
-#include "stream/stream_splitter.h"
#include "mime/file_mime_paf.h"
+#include "stream/stream_splitter.h"
struct ImapDataInfo
{
// ips_modbus_data.cc author Russ Combs <rucombs@cisco.com>
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "detection/detection_defines.h"
#include "framework/cursor.h"
#include "framework/ips_option.h"
#include "framework/module.h"
#include "hash/sfhashfcn.h"
-#include "protocols/packet.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
-#include "modbus.h"
#include "modbus_decode.h"
static const char* s_name = "modbus_data";
// ips_modbus_func.cc author Russ Combs <rucombs@cisco.com>
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
// ips_modbus_unit.cc author Russ Combs <rucombs@cisco.com>
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
// modbus.cc author Russ Combs <rucombs@cisco.com>
-#include "modbus.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "modbus.h"
+
#include "events/event_queue.h"
-#include "managers/inspector_manager.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
#include "modbus_decode.h"
#include "modbus_module.h"
#include "flow/flow.h"
#include "framework/counts.h"
-#include "main/thread.h"
struct ModbusStats
{
// modbus_decode.cc author Ryan Jordan
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "modbus_decode.h"
+#include "events/event_queue.h"
+#include "protocols/packet.h"
+
#include "modbus.h"
#include "modbus_module.h"
-#include "protocols/packet.h"
-#include "events/event_queue.h"
// FIXIT-L convert this stuff to a table and make configurable
// modbus_module.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "modbus_module.h"
-#include "modbus.h"
#include "profiler/profiler.h"
+#include "modbus.h"
+
THREAD_LOCAL ProfileStats modbus_prof;
//-------------------------------------------------------------------------
#define MODUBS_MODULE_H
#include "framework/module.h"
-#include "main/thread.h"
#define GID_MODBUS 144
// modbus_paf.cc author Ryan Jordan
// Protocol-Aware Flushing (PAF) code for the Modbus preprocessor.
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "modbus_paf.h"
-#include "modbus_decode.h"
-#include "modbus_module.h"
#include "events/event_queue.h"
+#include "modbus.h"
+#include "modbus_module.h"
+
#define MODBUS_MIN_HDR_LEN 2 // Enough for Unit ID + Function
#define MODBUS_MAX_HDR_LEN 254 // Max PDU size is 260, 6 bytes already seen
// Protocol-Aware Flushing (PAF) code for the Modbus preprocessor.
-#include "modbus.h"
-#include "protocols/packet.h"
#include "stream/stream_splitter.h"
enum modbus_paf_state_t
// pop.cc author Bhagyashree Bantwal < bbantwal@cisco.com>
-#include "pop.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <sys/types.h>
+#include "pop.h"
#include "events/event_queue.h"
#include "log/messages.h"
-#include "main/snort_types.h"
#include "main/snort_debug.h"
#include "profiler/profiler.h"
-#include "parser/parser.h"
-#include "framework/inspector.h"
-#include "target_based/snort_protocols.h"
+#include "protocols/packet.h"
+#include "protocols/ssl.h"
#include "search_engines/search_tool.h"
-#include "utils/sfsnprintfappend.h"
+#include "stream/stream.h"
#include "utils/util.h"
-#include "protocols/ssl.h"
-#include "file_api/file_api.h"
-#include "mime/file_mime_process.h"
#include "pop_module.h"
#include "pop_paf.h"
// Implementation header with definitions, datatypes and flowdata class for
// POP service inspector.
-#include "protocols/packet.h"
-#include "stream/stream.h"
-#include "pop_config.h"
+#include "flow/flow.h"
+#include "mime/file_mime_process.h"
// Direction packet is coming from, if we can figure it out
#define POP_PKT_FROM_UNKNOWN 0
// pop_module.cc author Bhagyashree Bantwal <bbantwal@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "pop_module.h"
-#include <assert.h>
-#include <sstream>
+#include <cassert>
#include "log/messages.h"
-#include "main/snort_config.h"
using namespace std;
#ifndef POP_MODULE_H
#define POP_MODULE_H
+// Interface to the IMAP service inspector
+
#include "framework/module.h"
-#include "framework/bits.h"
-#include "main/thread.h"
#include "pop_config.h"
-// Interface to the IMAP service inspector
#define GID_POP 142
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "pop_paf.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <sys/types.h>
+#include "pop_paf.h"
-#include "main/snort_types.h"
#include "main/snort_debug.h"
+#include "protocols/packet.h"
+#include "stream/stream.h"
#include "pop.h"
// Protocol aware flushing for POP.
-#include "main/snort_types.h"
-#include "stream/stream_splitter.h"
#include "mime/file_mime_paf.h"
+#include "stream/stream_splitter.h"
// Structure used to record expected server termination sequence
enum PopExpectedResp
#include "config.h"
#endif
-#include <assert.h>
-#include <sys/types.h>
-#include <stdlib.h>
-#include <ctype.h>
-
-#include "parser/parser.h"
+#include "detection/detection_util.h"
+#include "framework/data_bus.h"
#include "log/messages.h"
-#include "main/snort_debug.h"
-#include "detection/detect.h"
-#include "log/log.h"
#include "profiler/profiler.h"
-#include "utils/util.h"
-#include "detection/detection_util.h"
-#include "stream/stream_splitter.h"
-#include "target_based/snort_protocols.h"
-#include "protocols/tcp.h"
#include "protocols/packet.h"
-#include "framework/data_bus.h"
-#include "framework/inspector.h"
#include "stream/stream.h"
+#include "stream/stream_splitter.h"
#include "utils/safec.h"
+#include "utils/util.h"
#include "rpc_module.h"
// rpc_module.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "rpc_module.h"
-#include <assert.h>
#define RPC_FRAG_TRAFFIC_STR \
"fragmented RPC records"
// Interface to the RPC decode service inspector
#include "framework/module.h"
-#include "framework/bits.h"
-#include "main/thread.h"
#define GID_RPC_DECODE 106
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "service_inspectors.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "framework/inspector.h"
+#include "service_inspectors.h"
+
#include "managers/plugin_manager.h"
extern const BaseApi* sin_imap;
#include <array>
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
-#include "profiler/profiler.h"
-#include "flow/flow.h"
#include "detection/detection_defines.h"
-#include "framework/ips_option.h"
#include "framework/cursor.h"
-#include "framework/inspector.h"
+#include "framework/ips_option.h"
#include "framework/module.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
#include "sip.h"
#include "config.h"
#endif
-#include "sip.h"
+#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
-#include "detection/detect.h"
-#include "detection/detection_defines.h"
#include "hash/sfhashfcn.h"
#include "log/messages.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
+
+#include "sip.h"
//-------------------------------------------------------------------------
// sip_method
#include "config.h"
#endif
-#include "sip.h"
-
-#include "detection/detect.h"
#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
#include "hash/sfhashfcn.h"
#include "log/messages.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
+
+#include "sip.h"
//-------------------------------------------------------------------------
// sip_stat_code
//--------------------------------------------------------------------------
// sip.cc author Hui Cao <huica@cisco.com>
-#include "sip.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <sys/types.h>
+#include "sip.h"
+#include "events/event_queue.h"
#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "main/snort_config.h"
-#include "profiler/profiler.h"
-#include "file_api/file_api.h"
-#include "parser/parser.h"
-#include "framework/inspector.h"
-#include "utils/sfsnprintfappend.h"
-#include "target_based/snort_protocols.h"
#include "managers/inspector_manager.h"
+#include "profiler/profiler.h"
+#include "protocols/packet.h"
-#include "sip_utils.h"
#include "sip_module.h"
+#include "sip_utils.h"
THREAD_LOCAL ProfileStats sipPerfStats;
#define SIP_H
// Implementation header with definitions, datatypes and flowdata class for SIP service inspector.
-#include "protocols/packet.h"
-#include "sip_config.h"
+#include "flow/flow.h"
#include "sip_dialog.h"
#include "sip_parser.h"
#include "sip_roptions.h"
#ifndef SIP_COMMON_H
#define SIP_COMMON_H
-#include "framework/data_bus.h"
+#include "sfip/sf_ip.h"
// Header containing datatypes/definitions shared by SSL inspector files.
// sip_config.cc author Hui Cao <huica@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "sip_config.h"
#include "log/messages.h"
#include "main/snort_debug.h"
-#include "parser/parser.h"
#include "utils/util.h"
#define SIP_SEPERATORS "()<>@,;:\\/[]?={}\" "
// Configuration for SIP service inspector
-#include "protocols/packet.h"
#include "framework/counts.h"
#include "main/thread.h"
#include "sip_common.h"
// sip_dialog.cc author Hui Cao <huica@cisco.com>
-#include "sip_dialog.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
+#include "sip_dialog.h"
+#include "events/event_queue.h"
#include "framework/data_bus.h"
-#include "main/snort_config.h"
#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "pub_sub/sip_events.h"
+#include "protocols/packet.h"
#include "protocols/vlan.h"
-#include "sfip/sf_ip.h"
+#include "pub_sub/sip_events.h"
#include "stream/stream.h"
#include "utils/util.h"
-#include "sip_module.h"
#include "sip.h"
+#include "sip_module.h"
static void SIP_updateMedias(SIP_MediaSession*, SIP_MediaList*);
static int SIP_compareMedias(SIP_MediaDataList, SIP_MediaDataList);
// Dialog management for SIP call flow analysis
-#include "sip_config.h"
#include "sip_parser.h"
+struct Packet;
+
#define TOTAL_RESPONSES 0
#define RESPONSE1XX 1
#define RESPONSE2XX 2
// sip_module.cc author Bhagyashree Bantwal <bbantwal@cisco.com>
-#include "sip_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
-#include <sstream>
+#include "sip_module.h"
-#include "utils/util.h"
+#include <cassert>
using namespace std;
// Interface to the SIP service inspector
#include "framework/module.h"
-#include "framework/bits.h"
-#include "main/thread.h"
#include "sip_config.h"
#define GID_SIP 140
#include "config.h"
#endif
-#include <ctype.h>
+#include "sip_parser.h"
-#include "main/snort_types.h"
+#include "events/event_queue.h"
#include "main/snort_debug.h"
-#include "main/snort_config.h"
-#include "sfip/sf_ip.h"
#include "utils/util.h"
-#include "sip_parser.h"
-#include "sip_config.h"
-#include "sip_utils.h"
#include "sip_module.h"
+#include "sip_utils.h"
#define MAX_NUM_32BIT 2147483647
// sip_utils.cc author: Hui Cao <huica@cisco.com>
-#include "sip_utils.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <ctype.h>
-#include "main/snort_types.h"
+
+#include "sip_utils.h"
+
+#include <cstring>
+
+#include "hash/sfhashfcn.h"
/********************************************************************
* Function: SIP_IsEmptyStr()
// Utility functions for SIP inspector
-#include "hash/sfhashfcn.h"
#include "sip_config.h"
int SIP_IsEmptyStr(char*);
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "smtp.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <stdio.h>
-#include <sys/types.h>
+#include "smtp.h"
+#include "detection/detection_util.h"
#include "log/messages.h"
-#include "main/snort_types.h"
+#include "log/unified2.h"
#include "main/snort_debug.h"
#include "profiler/profiler.h"
-#include "file_api/file_api.h"
-#include "mime/file_mime_process.h"
-#include "parser/parser.h"
-#include "framework/inspector.h"
-#include "utils/sfsnprintfappend.h"
-#include "target_based/snort_protocols.h"
+#include "protocols/packet.h"
#include "protocols/ssl.h"
-#include "log/unified2.h"
-#include "detection/detection_util.h"
+#include "stream/stream.h"
#include "utils/safec.h"
+#include "utils/sfsnprintfappend.h"
#include "utils/util.h"
#include "smtp_module.h"
+#include "smtp_normalize.h"
#include "smtp_paf.h"
#include "smtp_util.h"
-#include "smtp_normalize.h"
#include "smtp_xlink2state.h"
THREAD_LOCAL ProfileStats smtpPerfStats;
// Implementation header with definitions, datatypes and flowdata class for
// SMTP service inspector.
-#include "main/thread.h"
-#include "protocols/packet.h"
-#include "stream/stream.h"
+#include "flow/flow.h"
#include "smtp_config.h"
// Direction packet is coming from, if we can figure it out
#define SMTP_CONFIG_H
// Configuration for SMTP inspector
+
#include "mime/file_mime_process.h"
#include "search_engines/search_tool.h"
// smtp_module.cc author Bhagyashree Bantwal <bbantwal@cisco.com>
-#include "smtp_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
-#include <sstream>
+#include "smtp_module.h"
#include "log/messages.h"
-#include "main/snort_config.h"
#include "utils/util.h"
using namespace std;
// Interface to the SMTP service inspector
#include "framework/module.h"
-#include "framework/bits.h"
-#include "main/thread.h"
#include "smtp_config.h"
#define GID_SMTP 124
*
*/
-#include "smtp_normalize.h"
-#include <string.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "smtp_normalize.h"
+
+#include "protocols/packet.h"
+
#include "smtp.h"
#include "smtp_util.h"
// Implementation of normalizing SMTP traffic into the alternate buffer
-#include "protocols/packet.h"
+#include <cstdint>
+
+struct Packet;
int SMTP_NormalizeCmd(Packet*, const uint8_t*, const uint8_t*, const uint8_t*);
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "smtp_paf.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <sys/types.h>
+#include "smtp_paf.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
#include "events/event_queue.h"
+#include "main/snort_debug.h"
+#include "protocols/packet.h"
+#include "stream/stream.h"
-#include "smtp.h"
#include "smtp_module.h"
/* State tracker for MIME PAF */
// Protocol aware flushing for SMTP
-#include "main/snort_types.h"
-#include "stream/stream_splitter.h"
#include "mime/file_mime_paf.h"
+#include "stream/stream_splitter.h"
// State tracker for SMTP PAF
enum SmtpPafState
// smtp_util.cc author Andy Mullican
// This file contains SMTP helper functions.
-#include "smtp_util.h"
-
-#include <sys/types.h>
-#include <stdlib.h>
-#include <ctype.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "smtp.h"
-#include "smtp_config.h"
+#include "smtp_util.h"
+
#include "detection/detection_util.h"
+#include "protocols/packet.h"
+#include "stream/stream.h"
#include "utils/safec.h"
+#include "smtp.h"
+
static THREAD_LOCAL DataBuffer DecodeBuf;
void SMTP_GetEOL(const uint8_t* ptr, const uint8_t* end,
#ifndef SMTP_UTIL_H
#define SMTP_UTIL_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
// SMTP helper functions
#include "smtp_config.h"
-#include "protocols/packet.h"
+
+struct Packet;
void SMTP_GetEOL(const uint8_t*, const uint8_t*, const uint8_t**, const uint8_t**);
void SMTP_LogFuncs(SMTP_PROTO_CONF* config, Packet* p, MimeSession* mime_ssn);
// smtp_xlink2state.c author Andy Mullican
// This file handles the X-Link2State vulnerability.
-#include "smtp_xlink2state.h"
-
-#include <strings.h>
-#include <ctype.h>
-#include <string.h>
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "smtp_util.h"
-#include "smtp_module.h"
+#include "smtp_xlink2state.h"
+#include "events/event_queue.h"
#include "packet_io/active.h"
+#include "smtp_module.h"
+
#define XLINK_OTHER 1
#define XLINK_FIRST 2
#define XLINK_CHUNK 3
// declares the API to handle the X-Link2State vulnerability
-#include "protocols/packet.h"
#include "smtp.h"
-#include "smtp_config.h"
int ParseXLink2State(SMTP_PROTO_CONF*, Packet*, SMTPData*, const uint8_t*);
* Contributors: Adam Keeton, Ryan Jordan
*/
-#include "ssh.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <sys/types.h>
+#include "ssh.h"
#include "events/event_queue.h"
-#include "file_api/file_api.h"
-#include "framework/inspector.h"
#include "log/messages.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "parser/parser.h"
#include "profiler/profiler.h"
-#include "utils/sfsnprintfappend.h"
-#include "target_based/snort_protocols.h"
+#include "protocols/packet.h"
+#include "stream/stream.h"
#include "ssh_module.h"
// client or server traffic appears to flow the wrong direction, or if
// packets appear malformed/spoofed.
-#include "protocols/packet.h"
-#include "stream/stream.h"
-#include "ssh_config.h"
+#include "flow/flow.h"
// Per-session data block containing current state
// of the SSH preprocessor for the session.
// ssh_module.cc author Bhagyashree Bantwal <bbantwal@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ssh_module.h"
-#include <assert.h>
-#include <sstream>
+
+#include <cassert>
using namespace std;
// Interface to the SSH service inspector
#include "framework/module.h"
-#include "framework/bits.h"
-#include "main/thread.h"
#include "ssh_config.h"
#define GID_SSH 128
#include "config.h"
#endif
-#include "protocols/ssl.h"
+#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
-#include "detection/detect.h"
-#include "detection/detection_defines.h"
#include "hash/sfhashfcn.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
+#include "protocols/ssl.h"
#include "ssl_inspector.h"
#include "config.h"
#endif
-#include "protocols/ssl.h"
+#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
-#include "detection/detect.h"
-#include "detection/detection_defines.h"
#include "hash/sfhashfcn.h"
#include "profiler/profiler.h"
+#include "protocols/packet.h"
+#include "protocols/ssl.h"
#include "ssl_inspector.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "framework/counts.h"
-
#ifndef SSL_CONFIG_H
#define SSL_CONFIG_H
// Configuration for SSL service inspector
+#include "framework/counts.h"
+
struct SSL_PROTO_CONF
{
bool trustservers;
//--------------------------------------------------------------------------
//
-/*
- * SSL inspector
- *
- */
-
-#include "ssl_inspector.h"
+// SSL inspector
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <sys/types.h>
+#include "ssl_inspector.h"
+#include "detection/detect.h"
#include "events/event_queue.h"
#include "log/messages.h"
-#include "main/snort_types.h"
#include "main/snort_debug.h"
#include "profiler/profiler.h"
-#include "parser/parser.h"
-#include "framework/inspector.h"
-#include "utils/sfsnprintfappend.h"
-#include "target_based/snort_protocols.h"
-#include "detection/detect.h"
+#include "protocols/packet.h"
#include "protocols/ssl.h"
#include "stream/stream.h"
// Implementation header with definitions, datatypes and flowdata class for SSL service inspector.
-#include "protocols/packet.h"
-#include "ssl_config.h"
+#include "flow/flow.h"
#define SSLPP_ENCRYPTED_FLAGS \
(SSL_HS_SDONE_FLAG | SSL_CLIENT_KEYX_FLAG | \
// ssl_module.cc author Bhagyashree Bantwal <bbantwal@cisco.com>
-#include "ssl_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
-#include <sstream>
+#include "ssl_module.h"
-#include "parser/parser.h"
-#include "ssl_inspector.h"
+#include <cassert>
using namespace std;
// Interface to the SSL service inspector
#include "framework/module.h"
-#include "framework/bits.h"
-#include "main/thread.h"
#include "ssl_config.h"
#define GID_SSL 137
//--------------------------------------------------------------------------
// curses.cc author Maya Dagon <mdagon@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "curses.h"
using namespace std;
#ifndef CURSES_H
#define CURSES_H
-#include <ctype.h>
-
+#include <cstdint>
#include <string>
#include <vector>
//--------------------------------------------------------------------------
// magic.cc author Russ Combs <rucombs@cisco.com>
-#include <ctype.h>
-#include <stdlib.h>
-#include <strings.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <cstdlib>
#include "magic.h"
//--------------------------------------------------------------------------
// magic.cc author Russ Combs <rucombs@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "magic.h"
MagicPage::MagicPage(const MagicBook& b) : book(b)
//--------------------------------------------------------------------------
// magic.h author Russ Combs <rucombs@cisco.com>
-#include <string>
-#include <vector>
-
#ifndef MAGIC_H
#define MAGIC_H
+#include <string>
+#include <vector>
+
class MagicBook;
struct MagicPage
//--------------------------------------------------------------------------
// spells.cc author Russ Combs <rucombs@cisco.com>
-#include <ctype.h>
-#include <strings.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include "magic.h"
// wiz_module.cc author Russ Combs <rucombs@cisco.com>
-#include "wiz_module.h"
-
-#include <assert.h>
-#include <string.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
+#include "wiz_module.h"
#include "curses.h"
#include "magic.h"
// wizard management interface
-#include <string>
-#include <vector>
-
#include "framework/module.h"
-#include "main/thread.h"
#define WIZ_NAME "wizard"
#define WIZ_HELP "inspector that implements port-independent protocol identification"
//--------------------------------------------------------------------------
// wizard.cc author Russ Combs <rucombs@cisco.com>
-#include <vector>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include "host_tracker/host_cache.h"
#include "flow/flow.h"
-#include "framework/inspector.h"
-#include "managers/inspector_manager.h"
+#include "log/messages.h"
+#include "profiler/profiler.h"
#include "protocols/packet.h"
#include "stream/stream_splitter.h"
-#include "profiler/profiler.h"
-#include "utils/stats.h"
-#include "log/messages.h"
-#include "host_tracker/host_cache.h"
#include "curses.h"
#include "magic.h"
set(SFIP_INCLUDES
sf_cidr.h
sf_ip.h
- sf_ipvar.h
sf_returns.h
)
sf_cidr.cc
sf_ip.cc
sf_ipvar.cc
+ sf_ipvar.h
sf_vartable.cc
sf_vartable.h
)
x_include_HEADERS = \
sf_returns.h \
sf_cidr.h \
-sf_ip.h \
-sf_ipvar.h
+sf_ip.h
libsfip_a_SOURCES = \
sf_cidr.cc \
sf_ip.cc \
sf_ipvar.cc \
+sf_ipvar.h \
sf_vartable.cc \
sf_vartable.h
//--------------------------------------------------------------------------
// sf_cidr.cc author Michael Altizer <mialtize@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "sf_cidr.h"
SfIpRet SfCidr::set(const char* src)
/* Library for managing IP addresses of either v6 or v4 families. */
-#include "sf_ip.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <math.h> // For ceil
+#include "sf_ip.h"
+
+#include <cassert>
+#include <cmath> // For ceil
#include "main/thread.h"
#include "utils/util.h"
#define SF_IP_H
#include <arpa/inet.h>
-#include <assert.h>
#include <sys/socket.h>
-#include <stddef.h>
#include <sstream>
*
* Library for IP variables.
*/
-#include "sf_ipvar.h"
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <stdio.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "sf_ipvar.h"
#include "utils/util.h"
#define SFIP_NEGATED 1
#define SFIP_ANY 2
-#include <stdio.h>
-#include <stdint.h>
+#include <cstdint>
#include "sfip/sf_returns.h"
*
* Library for managing IP variables.
*/
-#include "sf_vartable.h"
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
+#include "sf_vartable.h"
-#include "main/snort_types.h"
-#include "sfip/sf_vartable.h"
#include "sfip/sf_ipvar.h"
#include "utils/util.h"
-
-set ( SFRT_INCLUDES
- sfrt.h
- sfrt_trie.h
- sfrt_dir.h
- sfrt_flat.h
- sfrt_flat_dir.h
-)
-
if ( ENABLE_UNIT_TESTS )
set(TEST_FILES sfrt_test.cc)
endif()
add_library ( sfrt STATIC
sfrt.cc
+ sfrt.h
sfrt_dir.cc
+ sfrt_dir.h
sfrt_flat.cc
+ sfrt_flat.h
sfrt_flat_dir.cc
- ${SFRT_INCLUDES}
+ sfrt_flat_dir.h
+ sfrt_trie.h
${TEST_FILES}
)
-install (FILES ${SFRT_INCLUDES}
- DESTINATION "${INCLUDE_INSTALL_PATH}/sfrt"
-)
noinst_LIBRARIES = libsfrt.a
-x_includedir = $(pkgincludedir)/sfrt
-
-x_include_HEADERS = \
-sfrt.h \
-sfrt_trie.h \
-sfrt_dir.h \
-sfrt_flat.h \
-sfrt_flat_dir.h
-
libsfrt_a_SOURCES = \
sfrt.cc \
+sfrt.h \
sfrt_dir.cc \
+sfrt_dir.h \
sfrt_flat.cc \
-sfrt_flat_dir.cc
+sfrt_flat.h \
+sfrt_flat_dir.cc \
+sfrt_flat_dir.h
if ENABLE_UNIT_TESTS
libsfrt_a_SOURCES += sfrt_test.cc
* sfrt_free - free table
*/
-#include "sfrt.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "sfrt.h"
+
#include "sfip/sf_cidr.h"
#include "utils/util.h"
#ifndef SFRT_H
#define SFRT_H
-#include <stdint.h>
+#include <cstdint>
#include "sfip/sf_ip.h"
#include "sfrt/sfrt_trie.h"
* DIR-n-m.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "sfrt.h" // FIXIT-L these includes are circular
#include "sfrt_dir.h"
#include <stdarg.h>
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#include "utils/util.h"
typedef struct
// The implementation uses an multibit-trie that is similar to Gupta et-al's
// DIR-n-m.
-#include <stdint.h>
+#include <cstdint>
/*******************************************************************/
/* DIR-n-m data structures
//--------------------------------------------------------------------------
// 9/7/2011 - Initial implementation ... Hui Cao <hcao@sourcefire.com>
-#include "sfrt_flat.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "sfrt_flat.h"
+
#include "sfip/sf_cidr.h"
//--------------------------------------------------------------------------
// 9/7/2011 - Initial implementation ... Hui Cao <hcao@sourcefire.com>
-#include "sfrt_flat.h" // FIXIT-L these includes are circular
-#include "sfrt_flat_dir.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "sfrt_flat.h" // FIXIT-L these includes are circular
+#include "sfrt_flat_dir.h"
+
#include <stdarg.h>
#if SIZEOF_UNSIGNED_LONG_INT == 8
//--------------------------------------------------------------------------
// sfrt_test.cc author Hui Cao <hcao@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "catch/catch.hpp"
#include "catch/unit_test.h"
#include "sfip/sf_cidr.h"
// side_channel.cc author Ed Borgoyn <eborgoyn@cisco.com>
-#include "side_channel.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <time.h>
-#include <thread>
-#include <vector>
-#include <utility>
+#include "side_channel.h"
+
+#include <sys/time.h>
+
+#include <cassert>
+#include "framework/counts.h"
#include "main/snort_debug.h"
#include "managers/connector_manager.h"
-#include "profiler/profiler.h"
-#include "utils/stats.h"
+#include "profiler/profiler_defs.h"
/* Globals ****************************************************************/
#ifndef SIDE_CHANNEL_H
#define SIDE_CHANNEL_H
-#include <vector>
-#include <string>
#include <functional>
#include "framework/bits.h"
uint64_t time_seconds;
};
-class ConnectorMsgHandle;
-class Connector;
-
struct SCMessage
{
SideChannel* sc;
// side_channel_module.cc author Ed Borgoyn <eborgoyn@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "side_channel_module.h"
-#include <assert.h>
-#include <utility>
+#include <cassert>
-#include "main/snort_debug.h"
#include "log/messages.h"
+
#include "side_channel.h"
static const PegInfo sc_pegs[] =
#ifndef SIDE_CHANNEL_MODULE_H
#define SIDE_CHANNEL_MODULE_H
-#include <vector>
-
-#include "framework/connector.h"
#include "framework/module.h"
-#include "main/thread.h"
-#include "side_channel.h"
+#include "side_channel/side_channel.h"
#define SIDECHANNEL_NAME "side_channel"
#define SIDECHANNEL_HELP "implement the side-channel asynchronous messaging subsystem"
// side_channel_module_test.cc author Ed Borgoyn <eborgoyn@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "side_channel/side_channel.h"
#include "side_channel/side_channel_module.h"
// side_channel_test.cc author Ed Borgoyn <eborgoyn@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "side_channel/side_channel.h"
#include "log/messages.h"
#include "config.h"
#endif
-#include <assert.h>
-
#include "flow/flow_control.h"
#include "flow/prune_stats.h"
-#include "main/snort_debug.h"
+#include "protocols/packet.h"
#include "managers/inspector_manager.h"
-#include "profiler/profiler.h"
+#include "profiler/profiler_defs.h"
-#include "stream/tcp/tcp_session.h"
-#include "stream_module.h"
#include "stream_ha.h"
+#include "stream_module.h"
//-------------------------------------------------------------------------
// stats
//--------------------------------------------------------------------------
// stream_ha.cc author Ed Borgoyn <eborgoyn@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "stream_ha.h"
-#include <thread>
#include <unordered_map>
#include "binder/binder.h"
+#include "flow/flow_key.h"
#include "main/snort_debug.h"
#include "managers/inspector_manager.h"
#include "stream/stream.h"
-#include "sfip/sf_ip.h"
// HA Session flags helper macros
#define HA_IGNORED_SESSION_FLAGS \
#include "flow/flow.h"
#include "flow/ha.h"
-#include "main/snort_types.h"
//-------------------------------------------------------------------------
// stream_module.cc author Russ Combs <rucombs@cisco.com>
-#include "stream_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
+#include "stream_module.h"
using namespace std;
#ifndef STREAM_MODULE_H
#define STREAM_MODULE_H
-#include "main/snort_types.h"
-#include "framework/module.h"
#include "flow/flow_config.h"
+#include "framework/module.h"
extern THREAD_LOCAL ProfileStats s5PerfStats;
struct SnortConfig;
//--------------------------------------------------------------------------
// file_module.cc author Russ Combs <rucombs@cisco.com>
-#include "file_module.h"
-
-#include <string>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "stream_file.h"
-#include "main/snort_config.h"
+#include "file_module.h"
using namespace std;
#ifndef FILE_MODULE_H
#define FILE_MODULE_H
-#include "main/snort_types.h"
-#include "main/thread.h"
#include "framework/module.h"
struct SnortConfig;
//--------------------------------------------------------------------------
// file_session.cc author Russ Combs <rucombs@cisco.com>
-#include "file_session.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "file_api/file_api.h"
-#include "perf_monitor/perf_monitor.h"
+#include "file_session.h"
+
+#include "detection/detection_util.h"
#include "file_api/file_flows.h"
-#include "profiler/profiler.h"
#include "packet_io/sfdaq.h"
-#include "detection/detection_util.h"
+#include "profiler/profiler_defs.h"
+#include "protocols/packet.h"
#include "target_based/snort_protocols.h"
#include "stream_file.h"
-#include "file_module.h"
#define DECODE_PDU (DECODE_SOF | DECODE_EOF)
//--------------------------------------------------------------------------
// file_session.h author Russ Combs <rucombs@cisco.com>
-#ifndef USER_SESSION_H
-#define USER_SESSION_H
-
-#include <assert.h>
-#include <list>
+#ifndef FILE_SESSION_H
+#define FILE_SESSION_H
#include "flow/session.h"
-#include "stream/paf.h"
class FileSession : public Session
{
//--------------------------------------------------------------------------
// stream_file.cc author Russ Combs <rucombs@cisco.com>
-#include "stream_file.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-
-#include "log/messages.h"
-#include "protocols/packet.h"
+#include "stream_file.h"
#include "file_module.h"
#include "file_session.h"
//--------------------------------------------------------------------------
// flush_bucket.cc author Russ Combs <rucombs@cisco.com>
-#include "flush_bucket.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
-#include <string.h>
+#include "flush_bucket.h"
+#include <cassert>
#include <random>
#include "main/snort_config.h"
-#include "protocols/packet.h"
//-------------------------------------------------------------------------
// static base members
#ifndef FLUSH_BUCKET_H
#define FLUSH_BUCKET_H
-#include "main/snort_types.h"
-#include "main/thread.h"
+#include <cstdint>
class FlushBucket
{
//--------------------------------------------------------------------------
// icmp_ha.cc author Ed Borgoyn <eborgoyn@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "icmp_ha.h"
-#include "flow/flow_control.h"
-#include "main/snort_debug.h"
#include "stream/icmp/icmp_session.h"
#include "stream/stream.h"
#ifndef ICMP_HA_H
#define ICMP_HA_H
-#include "main/snort_types.h"
#include "stream/base/stream_ha.h"
//-------------------------------------------------------------------------
// icmp_module.cc author Russ Combs <rucombs@cisco.com>
-#include "icmp_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
+#include "icmp_module.h"
#include "stream_icmp.h"
#ifndef ICMP_MODULE_H
#define ICMP_MODULE_H
-#include "main/snort_types.h"
-#include "main/thread.h"
#include "flow/session.h"
#include "framework/module.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "stream_icmp.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "hash/sfxhash.h"
-#include "utils/util.h"
-#include "stream/stream.h"
-#include "flow/flow.h"
-#include "flow/flow_control.h"
-#include "flow/session.h"
-#include "profiler/profiler.h"
-#include "protocols/packet.h"
-#include "protocols/layer.h"
-#include "protocols/vlan.h"
-#include "protocols/ip.h"
+#include "icmp_session.h"
+
+#include "flow/flow_key.h"
+#include "profiler/profiler_defs.h"
#include "protocols/icmp4.h"
-#include "protocols/udp.h"
+#include "protocols/packet.h"
#include "protocols/tcp.h"
-#include "sfip/sf_ip.h"
+#include "protocols/udp.h"
+#include "protocols/vlan.h"
+#include "utils/util.h"
#include "icmp_ha.h"
#include "icmp_module.h"
-#include "icmp_session.h"
+#include "stream_icmp.h"
const PegInfo icmp_pegs[] =
{
#include "config.h"
#endif
-#include <assert.h>
-
#include "stream_icmp.h"
+
+#include "log/messages.h"
+
#include "icmp_ha.h"
#include "icmp_module.h"
#include "icmp_session.h"
-#include "log/messages.h"
-#include "framework/inspector.h"
-#include "protocols/packet.h"
-
//-------------------------------------------------------------------------
// helpers
//-------------------------------------------------------------------------
#ifndef STREAM_ICMP_H
#define STREAM_ICMP_H
-#include "main/snort_types.h"
+#include <cstdint>
struct StreamIcmpConfig
{
#include "config.h"
#endif
-#include <assert.h>
-#include <sys/types.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <rpc/types.h>
-#include <errno.h>
-#include <array>
-
-#include "framework/codec.h"
-#include "flow/flow_control.h"
#include "ip_defrag.h"
-#include "stream/ip/ip_session.h"
-#include "stream/ip/ip_module.h"
-#include "stream/ip/stream_ip.h"
+
+#include "detection/detect.h"
+#include "log/messages.h"
+#include "main/snort.h"
+#include "main/snort_config.h"
#include "packet_io/active.h"
#include "packet_io/sfdaq.h"
-#include "protocols/layer.h"
+#include "profiler/profiler_defs.h"
#include "protocols/ipv4_options.h"
-#include "protocols/packet_manager.h"
-#include "log/messages.h"
-#include "main/snort.h"
-#include "main/snort_debug.h"
-#include "profiler/profiler.h"
#include "time/timersub.h"
-#include "utils/stats.h"
-#include "detection/detect.h"
#include "utils/safec.h"
#include "utils/util.h"
+#include "ip_session.h"
+#include "stream_ip.h"
+
/* D E F I N E S **************************************************/
/* flags for the FragTracker->frag_flags field */
// ip datagram reassembly
-int drop_all_fragments(Packet* p);
-int fragGetApplicationProtocolId(Packet* p);
+#include <cstdint>
struct FragEngine;
struct FragTracker;
struct Fragment;
+struct Packet;
+struct SnortConfig;
+
+int drop_all_fragments(Packet* p);
+int fragGetApplicationProtocolId(Packet* p);
class Defrag
{
//--------------------------------------------------------------------------
// ip_ha.cc author Ed Borgoyn <eborgoyn@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "ip_ha.h"
-#include "main/snort_debug.h"
#include "stream/stream.h"
+
#include "ip_session.h"
Flow* IpHA::create_session(FlowKey* key)
#ifndef IP_HA_H
#define IP_HA_H
-#include "main/snort_types.h"
#include "stream/base/stream_ha.h"
//-------------------------------------------------------------------------
// ip_module.cc author Russ Combs <rucombs@cisco.com>
-#include "ip_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
+#include "ip_module.h"
#include "stream_ip.h"
-#include "ip_defrag.h"
-#include "stream/stream.h"
using namespace std;
#ifndef IP_MODULE_H
#define IP_MODULE_H
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "main/thread.h"
#include "flow/session.h"
#include "framework/module.h"
+#include "main/snort_debug.h"
struct SnortConfig;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "ip_session.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "stream_ip.h"
-#include "ip_module.h"
+#include "ip_session.h"
+
+#include "profiler/profiler_defs.h"
+#include "protocols/packet.h"
+
#include "ip_defrag.h"
#include "ip_ha.h"
-#include "stream/stream.h"
-#include "sfip/sf_ip.h"
-#include "profiler/profiler.h"
+#include "stream_ip.h"
const PegInfo ip_pegs[] =
{
#ifndef IP_SESSION_H
#define IP_SESSION_H
-#include "ip_module.h"
-
-#include <sys/time.h>
-#include "flow/session.h"
-#include "framework/counts.h"
+#include "stream/ip/ip_module.h"
struct Fragment;
struct FragEngine;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "stream_ip.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
+#include "stream_ip.h"
+
+#include "log/messages.h"
-#include "ip_module.h"
#include "ip_defrag.h"
#include "ip_ha.h"
+#include "ip_module.h"
#include "ip_session.h"
-#include "log/messages.h"
-#include "protocols/packet.h"
/* max frags in a single frag tracker */
#define DEFAULT_MAX_FRAGS 8192
#ifndef STREAM_IP_H
#define STREAM_IP_H
-#include "flow/flow.h"
+#include "framework/inspector.h"
/* engine-based defragmentation policy enums */
// must update stream.h::IP_POLICIES if this changes
#ifndef STREAM_LIBTCP_UNIT_TEST
#define STREAM_LIBTCP_UNIT_TEST
-#include <stdint.h>
-#include <sys/time.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "protocols/packet.h"
-#include "protocols/tcp.h"
#include "stream_tcp_unit_test.h"
+#include "protocols/packet.h"
+
// SYN PACKET
// IP 192.168.0.89.9012 > p3nlh044.shr.prod.phx3.secureserver.net.http: Flags [S], seq 9050, win
// 8192, length 0
#ifndef STREAM_LIBTCP_UNIT_TEST_H
#define STREAM_LIBTCP_UNIT_TEST_H
-#include <stdint.h>
-
-#include "protocols/packet.h"
+class Flow;
+struct Packet;
Packet* get_syn_packet(Flow*);
Packet* get_syn_ack_packet(Flow*);
// tcp_segment_descriptor.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: Jul 30, 2015
-#include "log/messages.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "tcp_segment_descriptor.h"
+
+#include "detection/rules.h"
#include "main/snort_debug.h"
#include "protocols/tcp_options.h"
-#include "detection/rules.h"
-
#include "stream/tcp/tcp_defs.h"
-#include "stream/tcp/tcp_event_logger.h"
-#include "tcp_segment_descriptor.h"
using namespace tcp;
#define TCP_SEGMENT_DESCRIPTOR_H
#include "flow/flow.h"
-#include "protocols/tcp.h"
#include "protocols/packet.h"
-
+#include "protocols/tcp.h"
#include "stream/tcp/tcp_event_logger.h"
class TcpSegmentDescriptor
// tcp_state_handler.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Jun 24, 2015
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "tcp_state_handler.h"
+
#include <iostream>
#include "main/snort_debug.h"
#include "tcp_state_machine.h"
-#include "tcp_state_handler.h"
#ifdef UNIT_TEST
#include "catch/catch.hpp"
-#include "stream_tcp_unit_test.h"
#endif
using namespace std;
#define TCP_STATE_HANDLER_H
#include "protocols/tcp.h"
-#include "tcp_segment_descriptor.h"
-#include "tcp_stream_tracker.h"
+#include "stream/libtcp/tcp_segment_descriptor.h"
+#include "stream/libtcp/tcp_stream_tracker.h"
class TcpStateMachine;
// tcp_state_machine.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: Jul 29, 2015
-#include "tcp_stream_tracker.h"
-#include "tcp_stream_session.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_state_machine.h"
TcpStateMachine::TcpStateMachine()
#ifndef TCP_STATE_MACHINE_H
#define TCP_STATE_MACHINE_H
-#include <memory>
-
-#include "tcp_state_handler.h"
-#include "tcp_stream_tracker.h"
-#include "tcp_segment_descriptor.h"
+#include "stream/libtcp/tcp_state_handler.h"
+#include "stream/libtcp/tcp_stream_tracker.h"
+#include "stream/libtcp/tcp_segment_descriptor.h"
class TcpStateMachine
{
// tcp_stream_session.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: Feb 18, 2016
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "tcp_stream_session.h"
+
#include "log/messages.h"
#include "main/snort_debug.h"
-#include "sfip/sf_ip.h"
#include "stream/tcp/tcp_ha.h"
-#include "tcp_stream_session.h"
-
#ifdef DEBUG_MSGS
const char* const flush_policy_names[] =
{
#ifndef TCP_STREAM_SESSION_H_
#define TCP_STREAM_SESSION_H_
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#include "detection/detect.h"
#include "flow/session.h"
+#include "stream/libtcp/tcp_stream_tracker.h"
#include "stream/tcp/tcp_stream_config.h"
-#include "stream/tcp/tcp_event_logger.h"
-#include "tcp_stream_tracker.h"
#ifdef DEBUG_MSGS
extern const char* const flush_policy_names[];
// tcp_stream_tracker.cpp author davis mcpherson <davmcphe@@cisco.com>
// Created on: Jun 24, 2015
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_stream_tracker.h"
-#include "profiler/profiler.h"
#include "protocols/eth.h"
-#include "protocols/tcp.h"
-#include "protocols/tcp_options.h"
#include "stream/stream.h"
const char* tcp_state_names[] =
#ifndef TCP_STREAM_TRACKER_H
#define TCP_STREAM_TRACKER_H
-#include "stdint.h"
-
+#include "stream/libtcp/tcp_segment_descriptor.h"
#include "stream/paf.h"
#include "stream/tcp/tcp_defs.h"
-#include "tcp_segment_descriptor.h"
/* Only track a maximum number of alerts per session */
#define MAX_SESSION_ALERTS 8
// paf.cc author Russ Combs <rcombs@sourcefire.com>
-#include "paf.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
+#include "paf.h"
-#include "main/snort_types.h"
#include "main/snort_debug.h"
#include "protocols/packet.h"
#ifndef PAF_H
#define PAF_H
-#include <stdint.h>
-
-#include "main/snort_types.h"
#include "stream/stream_splitter.h"
struct SnortConfig;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "stream.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <stdio.h>
-#include <sys/time.h>
-#include <sys/types.h>
+#include "stream.h"
-#include "main/snort_config.h"
-#include "main/snort_debug.h"
-#include "main/snort_debug.h"
#include "flow/flow_control.h"
-#include "flow/flow_cache.h"
+#include "flow/flow_key.h"
#include "flow/ha.h"
#include "flow/prune_stats.h"
-#include "flow/session.h"
-#include "stream/stream.h"
-#include "stream/paf.h"
-#include "tcp/tcp_session.h"
-#include "tcp/stream_tcp.h"
-#include "udp/stream_udp.h"
-#include "icmp/stream_icmp.h"
-#include "ip/stream_ip.h"
-#include "detection/detect.h"
+#include "main/snort_config.h"
+#include "main/snort_debug.h"
#include "packet_io/active.h"
-#include "packet_io/sfdaq.h"
-#include "ips_options/ips_flowbits.h"
-#include "protocols/packet.h"
-#include "protocols/layer.h"
#include "protocols/vlan.h"
-#include "target_based/snort_protocols.h"
#include "target_based/sftarget_hostentry.h"
-#include "utils/bitop.h"
+#include "target_based/snort_protocols.h"
#include "utils/util.h"
+#include "tcp/tcp_session.h"
+
#ifdef UNIT_TEST
#include "catch/catch.hpp"
-#include "stream/libtcp/stream_tcp_unit_test.h"
+#include "libtcp/stream_tcp_unit_test.h"
#endif
// this should not be publicly accessible
// provides a common flow management interface
-#include <sys/types.h>
-
-#include "protocols/packet.h"
#include "flow/flow.h"
-#include "main/snort_types.h"
/* traffic direction identification */
#define FROM_SERVER 0
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "stream_inspectors.h"
-#include "framework/inspector.h"
#include "managers/plugin_manager.h"
extern const BaseApi* nin_stream_base;
//--------------------------------------------------------------------------
// stream_splitter.cc author Russ Combs <rucombs@cisco.com>
-#include "stream_splitter.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
-#include <string.h>
+#include "stream_splitter.h"
#include "main/snort_config.h"
#include "protocols/packet.h"
#define TCP_SPLITTER_H
#include "main/snort_types.h"
-#include "main/thread.h"
class Flow;
#include "config.h"
#endif
-#include "tcp_session.h"
-
-#include "main/snort_config.h"
-#include "stream/stream_splitter.h"
+#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
-#include "detection/detect.h"
-#include "detection/detection_defines.h"
#include "hash/sfhashfcn.h"
+#include "main/snort_config.h"
#include "profiler/profiler.h"
+#include "tcp_session.h"
+
#ifdef UNIT_TEST
#include "catch/catch.hpp"
#include "stream/libtcp/stream_tcp_unit_test.h"
#include "config.h"
#endif
-#include "tcp_session.h"
+#include "detection/detection_defines.h"
#include "framework/ips_option.h"
#include "framework/module.h"
-#include "framework/parameter.h"
#include "framework/range.h"
-#include "detection/detect.h"
-#include "detection/detection_defines.h"
#include "hash/sfhashfcn.h"
-#include "profiler/profiler.h"
-#include "sfip/sf_ip.h"
+#include "profiler/profiler_defs.h"
+
+#include "tcp_session.h"
//-------------------------------------------------------------------------
// stream_size
// segment_overlap_editor.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Oct 11, 2015
-#include "segment_overlap_editor.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <assert.h>
+#include "segment_overlap_editor.h"
#include "log/messages.h"
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
#include "tcp_module.h"
-#include "tcp_event_logger.h"
#include "tcp_normalizer.h"
-#include "tcp_reassembler.h"
bool SegmentOverlapEditor::is_segment_retransmit(bool* full_retransmit)
{
#define SEGMENT_OVERLAP_EDITOR_H
#include "normalize/normalize.h"
-#include "tcp_defs.h"
-#include "tcp_segment_node.h"
-#include "tcp_session.h"
+#include "stream/tcp/tcp_segment_node.h"
+
+class TcpSession;
#define STREAM_INSERT_OK 0 // FIXIT-L replace with bool
#include "config.h"
#endif
-#include <assert.h>
+#include "stream_tcp.h"
#include "main/snort_config.h"
#include "stream/flush_bucket.h"
-#include "stream/stream_splitter.h"
-#include "stream_tcp.h"
#include "tcp_ha.h"
#include "tcp_module.h"
#include "tcp_session.h"
#ifndef STREAM_TCP_H
#define STREAM_TCP_H
-#include "flow/flow.h"
-#include "protocols/packet.h"
-
-#include "tcp_defs.h"
-#include "tcp_stream_config.h"
+class Flow;
+class Inspector;
+class TcpStreamConfig;
+class Session;
// misc stuff
Session* get_tcp_session(Flow*);
#ifndef TCP_DEBUG_TRACE_H
#define TCP_DEBUG_TRACE_H
-#include "protocols/tcp.h"
-#include "tcp_reassembler.h"
+#include "stream/tcp/tcp_reassembler.h"
#ifndef REG_TEST
#define S5TraceTCP(pkt, flow, tsd, evt)
#ifndef TCP_DEFS_H
#define TCP_DEFS_H
-#include "main/snort_debug.h"
-#include "protocols/packet.h"
+#include "main/thread.h"
+
+struct Packet;
/* actions */
#define ACTION_NOTHING 0x00000000
// tcp_event_logger.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Jul 30, 2015
-#include "strings.h"
-#include "main/snort_config.h"
-#include "events/event_queue.h"
-#include "filters/sfrf.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "tcp_event_logger.h"
+
#include "detection/rules.h"
+#include "filters/sfrf.h"
+#include "main/snort_config.h"
-#include "tcp_defs.h"
#include "tcp_module.h"
-#include "tcp_event_logger.h"
#define EVENT_SYN_ON_EST 0x00000001
#define EVENT_DATA_ON_SYN 0x00000002
#ifndef TCP_EVENT_LOGGER_H
#define TCP_EVENT_LOGGER_H
+#include <cstdint>
+
/* events */
#define EVENT_SYN_ON_EST 0x00000001
#define EVENT_DATA_ON_SYN 0x00000002
//--------------------------------------------------------------------------
// tcp_ha.cc author Ed Borgoyn <eborgoyn@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_ha.h"
#include "main/snort_debug.h"
#include "stream/stream.h"
+
#include "tcp_session.h"
Flow* TcpHA::create_session(FlowKey* key)
#ifndef TCP_HA_H
#define TCP_HA_H
-#include "main/snort_types.h"
#include "stream/base/stream_ha.h"
//-------------------------------------------------------------------------
// tcp_module.cc author Russ Combs <rucombs@cisco.com>
-#include "tcp_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
+#include "tcp_module.h"
-#include "profiler/profiler.h"
-#include "stream/stream.h"
-#include "stream_tcp.h"
+#include "profiler/profiler_defs.h"
using namespace std;
#ifndef TCP_MODULE_H
#define TCP_MODULE_H
-#include <string>
-#include <vector>
-
-#include "main/snort_types.h"
-#include "main/thread.h"
#include "flow/session.h"
#include "framework/module.h"
-#include "tcp_stream_config.h"
+#include "stream/tcp/tcp_stream_config.h"
#define GID_STREAM_TCP 129
// tcp_normalization.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Jul 31, 2015
-#include "packet_io/active.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include "tcp_normalizer.h"
-#include "tcp_event_logger.h"
+
+#include "main/snort_debug.h"
+#include "packet_io/active.h"
THREAD_LOCAL PegCount tcp_norm_stats[PC_TCP_MAX][NORM_MODE_MAX];
#ifndef TCP_NORMALIZER_H
#define TCP_NORMALIZER_H
-#include "main/snort_types.h"
-#include "framework/counts.h"
-#include "protocols/tcp_options.h"
-#include "protocols/tcp.h"
#include "normalize/normalize.h"
-#include "tcp_session.h"
-#include "tcp_defs.h"
+#include "protocols/tcp_options.h"
+#include "stream/tcp/tcp_session.h"
enum TcpPegCounts
{
// tcp_normalizers.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Sep 22, 2015
-#include "tcp_defs.h"
-#include "tcp_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_normalizers.h"
+#include "tcp_module.h"
+
class TcpNormalizerFirst : public TcpNormalizer
{
public:
#ifndef TCP_NORMALIZERS_H
#define TCP_NORMALIZERS_H
-#include "tcp_defs.h"
-#include "tcp_normalizer.h"
+#include "stream/tcp/tcp_normalizer.h"
class TcpNormalizerFactory
{
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// tcp_reassembly.cc author davis mcpherson <davmcphe@@cisco.com>
+// tcp_reassember.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Jul 31, 2015
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <errno.h>
-#include <assert.h>
+#include "tcp_reassembler.h"
+#include "log/log.h"
#include "main/snort.h"
-#include "protocols/packet.h"
-#include "protocols/packet_manager.h"
#include "profiler/profiler.h"
-#include "flow/flow_control.h"
+#include "protocols/packet_manager.h"
#include "tcp_module.h"
-#include "tcp_session.h"
-#include "tcp_event_logger.h"
#include "tcp_normalizer.h"
-#include "tcp_reassembler.h"
THREAD_LOCAL Packet* s5_pkt = nullptr;
#ifndef TCP_REASSEMBLER_H
#define TCP_REASSEMBLER_H
-#include "framework/counts.h"
-#include "detection/detect.h"
-#include "normalize/normalize.h"
-
-#include "segment_overlap_editor.h"
-#include "tcp_defs.h"
-#include "tcp_segment_node.h"
+#include "stream/stream.h"
+#include "stream/tcp/segment_overlap_editor.h"
class TcpSession;
class TcpStreamTracker;
// tcp_reassemblers.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Oct 9, 2015
-#include "tcp_module.h"
-#include "tcp_event_logger.h"
-#include "tcp_session.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_reassemblers.h"
class TcpReassemblerFirst : public TcpReassembler
#ifndef TCP_REASSEMBLERS_H
#define TCP_REASSEMBLERS_H
-#include "tcp_defs.h"
-#include "tcp_reassembler.h"
+#include "stream/tcp/tcp_reassembler.h"
class TcpReassemblerFactory
{
// tcp_segment.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Sep 21, 2015
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_segment_node.h"
-#include "flow/flow_control.h"
-#include "protocols/packet.h"
#include "utils/util.h"
+
#include "tcp_module.h"
// FIXIT-P this is going to set each member 2X; once here and once in init
#define TCP_SEGMENT_H
#include "main/snort_debug.h"
-#include "protocols/packet.h"
-
-#include "tcp_defs.h"
#include "stream/libtcp/tcp_segment_descriptor.h"
+#include "stream/tcp/tcp_defs.h"
//-----------------------------------------------------------------
// we make a lot of TcpSegments so it is organized by member
#include "config.h"
#endif
-#include <errno.h>
-#include <assert.h>
-
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "main/snort_config.h"
-#include "detection/detect.h"
-#include "detection/detection_util.h"
-#include "hash/sfxhash.h"
-#include "utils/util.h"
-#include "utils/util_net.h"
-#include "utils/sflsq.h"
-#include "time/packet_time.h"
+#include "tcp_session.h"
+
+#include "log/log.h"
#include "perf_monitor/flow_ip_tracker.h"
-#include "sfip/sf_ip.h"
-#include "protocols/packet.h"
-#include "protocols/packet_manager.h"
-#include "protocols/tcp_options.h"
-#include "protocols/tcp.h"
-#include "protocols/eth.h"
-#include "log/log_text.h"
-#include "stream/stream.h"
-#include "stream/stream_splitter.h"
-#include "flow/session.h"
#include "profiler/profiler.h"
-#include "file_api/file_api.h"
-#include "perf_monitor/flow_tracker.h"
-#include "filters/sfrf.h"
+#include "protocols/eth.h"
-#include "stream/paf.h"
#include "stream_tcp.h"
+#include "tcp_debug_trace.h"
#include "tcp_ha.h"
#include "tcp_module.h"
-#include "tcp_event_logger.h"
-#include "tcp_debug_trace.h"
#include "tcp_normalizers.h"
#include "tcp_reassemblers.h"
#include "tcp_stream_state_machine.h"
-#include "tcp_session.h"
DEBUG_WRAP(const char* t_name = NULL; const char* l_name = NULL; )
#ifndef TCP_SESSION_H
#define TCP_SESSION_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "detection/detect.h"
-
#include "stream/libtcp/tcp_stream_session.h"
#include "stream/libtcp/tcp_state_machine.h"
-#include "stream_tcp.h"
-#include "tcp_defs.h"
-#include "tcp_stream_config.h"
-#include "tcp_tracker.h"
+#include "stream/tcp/tcp_tracker.h"
class TcpEventLogger;
// tcp_state_close_wait.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: Aug 5, 2015
-#include <iostream>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "tcp_module.h"
-#include "tcp_tracker.h"
-#include "tcp_session.h"
-#include "tcp_normalizer.h"
#include "tcp_state_close_wait.h"
+#include "main/snort_debug.h"
+
+#include "tcp_normalizer.h"
+#include "tcp_session.h"
+
#ifdef UNIT_TEST
#include "catch/catch.hpp"
#endif
// tcp_state_closed.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Jul 30, 2015
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_state_closed.h"
-#include "tcp_module.h"
-#include "tcp_tracker.h"
#include "tcp_session.h"
-#include "tcp_normalizer.h"
#ifdef UNIT_TEST
#include "catch/catch.hpp"
-#include "stream/libtcp/stream_tcp_unit_test.h"
#endif
TcpStateClosed::TcpStateClosed(TcpStateMachine& tsm) :
// tcp_state_closing.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: Aug 5, 2015
-#include <iostream>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "tcp_module.h"
-#include "tcp_tracker.h"
-#include "tcp_session.h"
-#include "tcp_normalizer.h"
#include "tcp_state_closing.h"
+#include "main/snort_debug.h"
+
+#include "tcp_normalizer.h"
+#include "tcp_session.h"
+
#ifdef UNIT_TEST
#include "catch/catch.hpp"
#endif
// tcp_state_established.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Jul 30, 2015
-#include "tcp_module.h"
-#include "tcp_tracker.h"
-#include "tcp_session.h"
-#include "tcp_normalizer.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_state_established.h"
+#include "tcp_normalizer.h"
+#include "tcp_session.h"
+
TcpStateEstablished::TcpStateEstablished(TcpStateMachine& tsm) :
TcpStateHandler(TcpStreamTracker::TCP_ESTABLISHED, tsm)
{
// tcp_state_fin_wait1.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: Aug 5, 2015
-#include <iostream>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "tcp_module.h"
-#include "tcp_tracker.h"
-#include "tcp_session.h"
-#include "tcp_normalizer.h"
#include "tcp_state_fin_wait1.h"
-#ifdef UNIT_TEST
-#include "catch/catch.hpp"
-#endif
+#include "main/snort_debug.h"
+
+#include "tcp_normalizer.h"
+#include "tcp_module.h"
+#include "tcp_session.h"
using namespace std;
// tcp_state_fin_wait2.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: Aug 5, 2015
-#include <iostream>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "tcp_module.h"
-#include "tcp_tracker.h"
-#include "tcp_session.h"
-#include "tcp_normalizer.h"
#include "tcp_state_fin_wait2.h"
-#ifdef UNIT_TEST
-#include "catch/catch.hpp"
-#endif
+#include "tcp_normalizer.h"
+#include "tcp_session.h"
using namespace std;
// tcp_state_last_ack.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: Aug 5, 2015
-#include <iostream>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "tcp_module.h"
-#include "tcp_tracker.h"
-#include "tcp_session.h"
-#include "tcp_normalizer.h"
#include "tcp_state_last_ack.h"
-#ifdef UNIT_TEST
-#include "catch/catch.hpp"
-#endif
+#include "tcp_normalizer.h"
+#include "tcp_session.h"
using namespace std;
// tcp_state_listen.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Jul 30, 2015
-#include "tcp_module.h"
-#include "tcp_tracker.h"
-#include "tcp_session.h"
-#include "tcp_normalizer.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_state_listen.h"
+#include "tcp_normalizer.h"
+#include "tcp_session.h"
+
TcpStateListen::TcpStateListen(TcpStateMachine& tsm) :
TcpStateHandler(TcpStreamTracker::TCP_LISTEN, tsm)
{
// tcp_state_none.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Jul 30, 2015
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_state_none.h"
-#include "tcp_module.h"
-#include "tcp_tracker.h"
-#include "tcp_session.h"
#include "tcp_normalizer.h"
-
-#ifdef UNIT_TEST
-#include "catch/catch.hpp"
-#include "stream/libtcp/stream_tcp_unit_test.h"
-#endif
+#include "tcp_session.h"
TcpStateNone::TcpStateNone(TcpStateMachine& tsm) :
TcpStateHandler(TcpStreamTracker::TCP_STATE_NONE, tsm)
// tcp_state_syn_recv.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Aug 5, 2015
-#include <iostream>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "tcp_state_syn_recv.h"
#include "tcp_module.h"
-#include "tcp_tracker.h"
-#include "tcp_session.h"
#include "tcp_normalizer.h"
-#include "tcp_state_syn_recv.h"
+#include "tcp_session.h"
using namespace std;
// tcp_state_syn_sent.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: Aug 5, 2015
-#include <iostream>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "tcp_module.h"
-#include "tcp_tracker.h"
-#include "tcp_session.h"
-#include "tcp_normalizer.h"
#include "tcp_state_syn_sent.h"
-#ifdef UNIT_TEST
-#include "catch/catch.hpp"
-#endif
+#include "tcp_session.h"
using namespace std;
// tcp_state_time_wait.cc author davis mcpherson <davmcphe@cisco.com>
// Created on: Aug 5, 2015
-#include <iostream>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include "tcp_module.h"
-#include "tcp_tracker.h"
-#include "tcp_session.h"
-#include "tcp_normalizer.h"
#include "tcp_state_time_wait.h"
-#ifdef UNIT_TEST
-#include "catch/catch.hpp"
-#endif
+#include "main/snort_debug.h"
+
+#include "tcp_normalizer.h"
+#include "tcp_session.h"
using namespace std;
// tcp_stream_config.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Oct 22, 2015
-#include "log/messages.h"
-#include "main/snort_config.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_stream_config.h"
+#include "log/messages.h"
+
static const char* const reassembly_policy_names[] =
{ "no policy", "first", "last", "linux", "old_linux", "bsd", "macos", "solaris", "irix",
"hpux11", "hpux10", "windows", "win_2003", "vista", "proxy" };
#ifndef TCP_STREAM_CONFIG_H
#define TCP_STREAM_CONFIG_H
+#include "protocols/packet.h"
+#include "stream/tcp/tcp_defs.h"
#include "time/packet_time.h"
-#include "tcp_defs.h"
#define STREAM_CONFIG_STATEFUL_INSPECTION 0x00000001
#define STREAM_CONFIG_LOG_STREAMS 0x00000004
// tcp_stream_state_machine.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Apr 1, 2016
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "tcp_stream_state_machine.h"
+
#include "tcp_state_none.h"
#include "tcp_state_closed.h"
#include "tcp_state_listen.h"
#include "tcp_state_last_ack.h"
#include "tcp_state_time_wait.h"
-#include "tcp_stream_state_machine.h"
-
TcpStreamStateMachine::TcpStreamStateMachine()
{
// initialize stream tracker state machine with handler for each state...
// tcp_tracker.cc author davis mcpherson <davmcphe@@cisco.com>
// Created on: Dec 1, 2015
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "tcp_tracker.h"
#include "log/messages.h"
#include "profiler/profiler_defs.h"
+
#include "tcp_module.h"
-#include "tcp_normalizers.h"
-#include "tcp_reassemblers.h"
-#include "tcp_session.h"
+#include "tcp_normalizer.h"
+#include "tcp_reassembler.h"
TcpTracker::TcpTracker(bool client, TcpSession* ssn) :
TcpStreamTracker(client)
#define TCP_TRACKER_H_
#include "stream/libtcp/tcp_stream_tracker.h"
-#include "tcp_defs.h"
//-------------------------------------------------------------------------
// extra, extra - read all about it!
// tcp_normalizer_test.cc author Davis McPherson <davmcphe@cisco.com>
// unit test main
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "stream/tcp/tcp_module.h"
#include "stream/tcp/tcp_normalizers.h"
#include "protocols/tcp_options.h"
#include "config.h"
#endif
-#include <assert.h>
-
#include "stream_udp.h"
-#include "udp_module.h"
-#include "udp_ha.h"
-#include "stream/udp/udp_session.h"
+
#include "log/messages.h"
-#include "protocols/packet.h"
+
+#include "udp_ha.h"
+#include "udp_module.h"
+#include "udp_session.h"
//-------------------------------------------------------------------------
// helpers
#ifndef STREAM_UDP_H
#define STREAM_UDP_H
-#include "flow/flow.h"
+#include <cstdint>
+
+class Inspector;
struct StreamUdpConfig
{
//--------------------------------------------------------------------------
// udp_ha.cc author Ed Borgoyn <eborgoyn@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "udp_ha.h"
-#include "main/snort_debug.h"
#include "stream/stream.h"
+
#include "udp_session.h"
Flow* UdpHA::create_session(FlowKey* key)
#ifndef UDP_HA_H
#define UDP_HA_H
-#include "main/snort_types.h"
#include "stream/base/stream_ha.h"
//-------------------------------------------------------------------------
// udp_module.cc author Russ Combs <rucombs@cisco.com>
-#include "udp_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
+#include "udp_module.h"
#include "stream_udp.h"
#ifndef UDP_MODULE_H
#define UDP_MODULE_H
-#include <string>
-#include <vector>
-
-#include "main/snort_types.h"
-#include "main/thread.h"
#include "flow/session.h"
#include "framework/module.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "udp_session.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "stream/stream.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
-#include "detection/detect.h"
-#include "detection/rules.h"
-#include "detection/treenodes.h"
-#include "hash/sfxhash.h"
-#include "utils/util.h"
-#include "protocols/packet.h"
+#include "udp_session.h"
+
#include "flow/session.h"
-#include "packet_io/active.h"
#include "perf_monitor/flow_ip_tracker.h"
-#include "profiler/profiler.h"
-#include "sfip/sf_ip.h"
-#include "stream/stream.h"
+#include "profiler/profiler_defs.h"
+#include "protocols/packet.h"
-#include "stream_udp.h"
-#include "udp_module.h"
#include "udp_ha.h"
+#include "udp_module.h"
+#include "stream_udp.h"
// NOTE: sender is assumed to be client
// responder is assumed to be server
#ifndef UDP_SESSION_H
#define UDP_SESSION_H
-#include <sys/time.h>
#include "flow/session.h"
class UdpSession : public Session
//--------------------------------------------------------------------------
// stream_user.cc author Russ Combs <rucombs@cisco.com>
-#include "stream_user.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
+#include "stream_user.h"
+
+#include "log/messages.h"
#include "user_module.h"
#include "user_session.h"
-#include "log/messages.h"
-#include "protocols/packet.h"
//-------------------------------------------------------------------------
// helpers
#ifndef STREAM_USER_H
#define STREAM_USER_H
-#include "flow/flow.h"
+#include <cstdint>
+
+class Inspector;
struct StreamUserConfig
{
//--------------------------------------------------------------------------
// user_module.cc author Russ Combs <rucombs@cisco.com>
-#include "user_module.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <string>
+#include "user_module.h"
#include "stream_user.h"
-#include "main/snort_config.h"
using namespace std;
#ifndef USER_MODULE_H
#define USER_MODULE_H
-#include "main/snort_debug.h"
-#include "main/snort_types.h"
-#include "main/thread.h"
#include "framework/module.h"
-#include "stream/stream.h"
struct SnortConfig;
//--------------------------------------------------------------------------
// user_session.cc author Russ Combs <rucombs@cisco.com>
-#include "user_session.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+#include "user_session.h"
+
#include "main/snort.h"
-#include "perf_monitor/perf_monitor.h"
-#include "profiler/profiler.h"
-#include "sfip/sf_ip.h"
+#include "profiler/profiler_defs.h"
+#include "protocols/packet.h"
#include "utils/util.h"
-#include "stream/stream.h"
-#include "stream/stream_splitter.h"
-#include "stream/paf.h"
-
#include "stream_user.h"
#include "user_module.h"
#ifndef USER_SESSION_H
#define USER_SESSION_H
-#include <assert.h>
#include <list>
#include "flow/session.h"
// sftarget_hostentry.c author Steven Sturges
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "sftarget_hostentry.h"
#if 0
#define SFTARGET_HOSTENTRY_H
#include "target_based/sftarget_reader.h"
-#include "target_based/sftarget_data.h"
/* API for HostAttributeEntry 'class' */
* sftarget_reader.c
*/
-#include "sftarget_reader.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <assert.h>
-#include <stdio.h>
-#include <signal.h>
-#include <sys/types.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <unistd.h>
-#include <time.h>
-
-#include "snort_protocols.h"
-#include "sftarget_hostentry.h"
-#include "sftarget_data.h"
+#include "sftarget_reader.h"
-#include "hash/sfxhash.h"
#include "log/messages.h"
#include "main/snort_config.h"
#include "main/snort_debug.h"
-#include "parser/parser.h"
#include "protocols/packet.h"
+#include "sfrt/sfrt.h"
#include "utils/stats.h"
#include "utils/util.h"
-#include "utils/util_net.h"
-#include "sfip/sf_ip.h"
-#include "sfrt/sfrt.h"
#define ATTRIBUTE_MAP_MAX_ROWS 1024
// snort_protocols.cc derived from sftarget_protocol_reference.c by Steven Sturges
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "snort_protocols.h"
#include <algorithm>
-#include <string>
-#include <vector>
#include "hash/sfghash.h"
#include "log/messages.h"
-#include "main/snort_config.h"
#include "main/snort_debug.h"
-#include "stream/stream.h"
+#include "protocols/packet.h"
#include "utils/util.h"
-#include "sftarget_reader.h"
-#include "sftarget_hostentry.h"
#include "sftarget_data.h"
using namespace std;
#include <string>
#include <vector>
-#include "main/snort_config.h"
#include "main/snort_types.h"
// FIXIT-L use logical type instead of int16_t
#ifndef CLOCK_DEFS_H
#define CLOCK_DEFS_H
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#ifdef USE_TSC_CLOCK
#include "time/tsc_clock.h"
using SnortClock = TscClock;
* or use the packet time. I choose the latter.
*/
-#include "time/packet_time.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "main/thread.h"
+#include "packet_time.h"
+
static THREAD_LOCAL struct timeval s_recent_packet = { 0, 0 };
static THREAD_LOCAL uint32_t s_first_packet = 0;
#define PACKET_TIME_H
#include <sys/time.h>
-#include <stdint.h>
#include "main/snort_types.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "periodic.h"
#include <list>
#ifndef PERIODIC_H
#define PERIODIC_H
-#include "main/snort_types.h"
+#include <cstdint>
using PeriodicHook = void (*)(void*);
// stopwatch_test.cc author Joel Cornett <jocornet@cisco.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "catch/catch.hpp"
#include "catch/unit_test.h"
//--------------------------------------------------------------------------
// tsc_clock.cc author Russ Combs <rucombs@cisco.com>
-#include "tsc_clock.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <time.h>
+#include "tsc_clock.h"
+
+#include <ctime>
long clock_scale()
{
set( UTIL_INCLUDES
bitop.h
cpp_macros.h
- dnet_header.h
kmap.h
safec.h
segment_mem.h
sflsq.h
sfmemcap.h
sfsnprintfappend.h
- snort_bounds.h
stats.h
util.h
util_jsnorm.h
${SNPRINTF_SOURCES}
boyer_moore.cc
boyer_moore.h
+ dnet_header.h
dyn_array.cc
dyn_array.h
kmap.cc
sflsq.cc
sfmemcap.cc
sfsnprintfappend.cc
+ snort_bounds.h
stats.cc
util.cc
util_jsnorm.cc
x_include_HEADERS = \
bitop.h \
cpp_macros.h \
-dnet_header.h \
kmap.h \
safec.h \
segment_mem.h \
sflsq.h \
sfmemcap.h \
sfsnprintfappend.h \
-snort_bounds.h \
stats.h \
util.h \
util_jsnorm.h \
libutils_a_SOURCES = \
boyer_moore.cc boyer_moore.h \
+dnet_header.h \
dyn_array.cc dyn_array.h \
kmap.cc \
segment_mem.cc \
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "catch/catch.hpp"
#include "catch/unit_test.h"
* 07/24/01 MFR Fixed Regex pattern matcher introduced by Fyodor
*
**************************************************************************/
-#include "boyer_moore.h"
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <sys/types.h>
+#include "boyer_moore.h"
-#include "main/snort_types.h"
#include "main/snort_debug.h"
-#include "utils/util.h"
+
+#include "util.h"
/****************************************************************
*
// Provide the correct dnet interface
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
-
#if defined(__clang__)
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wc99-extensions"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "dyn_array.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
+#include "dyn_array.h"
-#include "main/snort_debug.h"
-#include "sfrt/sfrt.h"
-#include "utils/util.h"
+#include "util.h"
// number of additional policies allocated with each re-alloc operation
#define POLICY_ALLOCATION_CHUNK 10
// kmap.cc author Marc Norton
// a generic map library - maps key + data pairs
-#include "kmap.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string>
+#include "kmap.h"
+
#include <limits>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
+#include <string>
-#include "utils/util.h"
+#include "util.h"
void keep_kmap_lib() { }
#ifndef UTILS_SAFEC_H
#define UTILS_SAFEC_H
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
-
//FIXIT-M combine these macros in the build foo
#if defined(HAVE_SAFEC) && defined(ENABLE_SAFEC)
//--------------------------------------------------------------------------
// 8/7/2011 - Initial implementation ... Hui Cao <hcao@sourcefire.com>
-#include "segment_mem.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <string.h>
-#include "main/snort_types.h"
-#ifndef SIZE_MAX
-#define SIZE_MAX 0xFFFFFFFF // FIXIT-L use c++ value
-#endif
+#include "segment_mem.h"
+
+#include <cstring>
/*point to the start of the unused memory*/
static MEM_OFFSET unused_ptr = 0;
// Segment memory allocation used by sfrt
-#include "main/snort_types.h"
+#include <cstddef>
+#include <cstdint>
using MEM_OFFSET = uint32_t;
MEM_OFFSET segment_snort_calloc(size_t num, size_t size);
size_t segment_unusedmem();
void* segment_basePtr();
+
#endif
* multiple readers to traverse a list.
*/
-#include "sflsq.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
+#include "sflsq.h"
-#include "main/snort_types.h"
-#include "utils/util.h"
+#include "util.h"
/*
* private alloc
Marc Norton
*/
-#include "sfmemcap.h"
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "sfmemcap.h"
#include "util.h"
-#include "main/snort_types.h"
-#include "main/snort_debug.h"
/*
* Set max # bytes & init other variables.
*
* Author: Steven Sturges
*/
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "sfsnprintfappend.h"
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <unistd.h>
-#include <string.h>
+#include <cstdarg>
#include "util.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "stats.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "util.h"
+#include "stats.h"
+
+#include "file_api/file_stats.h"
+#include "filters/sfthreshold.h"
+#include "helpers/process.h"
#include "log/messages.h"
#include "main/snort_config.h"
-#include "helpers/process.h"
-#include "packet_io/sfdaq.h"
+#include "managers/module_manager.h"
#include "packet_io/active.h"
+#include "packet_io/sfdaq.h"
#include "packet_io/trough.h"
-#include "target_based/sftarget_reader.h"
-#include "managers/module_manager.h"
-#include "managers/codec_manager.h"
-#include "protocols/packet_manager.h"
-#include "detection/fp_create.h"
-#include "filters/sfthreshold.h"
#include "profiler/profiler.h"
+#include "protocols/packet_manager.h"
#include "time/timersub.h"
-#include "file_api/file_stats.h"
+
+#include "util.h"
#define STATS_SEPARATOR \
"--------------------------------------------------"
// Provides facilities for displaying Snort exit stats
-#include <sys/time.h>
-#include <sys/types.h>
-
-#include <stdlib.h>
-#include <errno.h>
-#include <unistd.h>
-#include <string.h>
#include <vector>
-#include "main/thread.h"
-#include "main/snort_types.h"
#include "framework/counts.h"
+#include "main/snort_types.h"
+#include "main/thread.h"
using IndexVec = std::vector<unsigned>;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "util.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <fcntl.h>
+#include "util.h"
+
#include <grp.h>
#include <luajit.h>
#include <netdb.h>
}
#include <fstream>
-#include <sstream>
#include "log/messages.h"
#include "main/build.h"
#define TIMEBUF_SIZE 26
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
#if defined(__linux__)
#include <sys/syscall.h>
#endif
+#include <unistd.h>
+#include <cerrno>
+#include <cstdlib>
+#include <cstring>
#include <string>
#include "main/snort_types.h"
//--------------------------------------------------------------------------
// Writen by Bhagyashree Bantwal <bbantwal@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "util_jsnorm.h"
-#include <stdlib.h>
-#include <string.h>
+#include <cstdlib>
+#include <cstring>
+
#include "main/thread.h"
#define INVALID_HEX_VAL -1
// Javascript Normalization
-#include <stdint.h>
#include "main/snort_types.h"
#define ALERT_SPACES_EXCEEDED 0x1
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#include "util_net.h"
-
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include <netinet/in.h>
-#include <stdio.h>
-#include <string.h>
+#include "util_net.h"
#include "main/thread.h"
+#include "sfip/sf_ip.h"
+
#include "util.h"
/**
// Be aware that subsequent calls will overwrite the memory that is pointed to
#include "main/snort_types.h"
-#include "sfip/sf_ip.h"
+
+struct SfIp;
SO_PUBLIC char* inet_ntoax(const SfIp*);
//--------------------------------------------------------------------------
// Writen by Bhagyashree Bantwal <bbantwal@sourcefire.com>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "util_unfold.h"
/* Given a string, removes header folding (\r\n followed by linear whitespace)
/* Some UTF-{16,32}{le,be} normalization functions */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "util_utf.h"
-#include <stdlib.h>
-#include <string.h>
+#include <cstring>
#define DSTATE_FIRST 0
#define DSTATE_SECOND 1
projects / thirdparty / snort3.git / commitdiff
