#include "config.h"
#endif
+#include "detection/detection_engine.h"
#include "events/event_queue.h"
#include "framework/inspector.h"
#include "framework/module.h"
#include "hi_stream_splitter.h"
-<<<<<<< HEAD
+#include "detection/detection_engine.h"
#include "events/event_queue.h"
#include "main/snort_debug.h"
-=======
-#include "hi_events.h"
-#include "main/snort_debug.h"
-#include "detection/detection_engine.h"
->>>>>>> refactor event queue into DetectionEngine
#include "protocols/packet.h"
#include "stream/stream.h"
#include "utils/util.h"
#include "detection_engine.h"
#include "fp_detect.h"
#include "tag.h"
+#include "treenodes.h"
#define CHECK_SRC_IP 0x01
#define CHECK_DST_IP 0x02
sw->complete();
}
+uint8_t* DetectionEngine::get_buffer(unsigned& max)
+{
+ max = IpsContext::buf_size;
+ return Snort::get_switcher()->get_context()->buf;
+}
+
DetectionEngine::ActiveRules DetectionEngine::get_detects()
{ return active_rules; }
static Packet* set_packet();
static void clear_packet();
+ static uint8_t* get_buffer(unsigned& max);
+
static bool detect(Packet*);
static void inspect(Packet*);
{
packet = new Packet(false);
pkth = new DAQ_PktHdr_t;
- buf = new uint8_t[65536]; // FIXIT-H use codec max or let pkt do it
+ buf = new uint8_t[buf_size]; // FIXIT-H use codec max or let pkt do it?
const EventQueueConfig* qc = snort_conf->event_queue_config;
equeue = sfeventq_new(qc->max_events, qc->log_events, sizeof(EventNode));
uint8_t* buf;
struct SF_EVENTQ* equeue;
+ static const unsigned buf_size = 65536;
+
private:
std::vector<IpsContextData*> data;
unsigned slot;
#include "flow_control.h"
-#include "detection/detect.h"
+#include "detection/detection_engine.h"
#include "main/snort_config.h"
#include "main/snort_debug.h"
#include "managers/inspector_manager.h"
#include "connectors/connectors.h"
#include "decompress/file_decomp.h"
#include "detection/context_switcher.h"
+#include "detection/detect.h"
#include "detection/detection_engine.h"
#include "detection/detection_util.h"
#include "detection/fp_config.h"
#include <thread>
#include <vector>
+#include "detection/detection_engine.h"
#include "flow/flow.h"
#include "framework/inspector.h"
#include "managers/inspector_manager.h"
SO_PUBLIC Inspector* InspectorManager::get_inspector(const char*, bool) { return s_inspector; }
InspectorType InspectorManager::get_type(const char*) { return InspectorType::IT_BINDER; }
Inspector* InspectorManager::get_binder() { return nullptr; }
+uint8_t* DetectionEngine::get_buffer(unsigned&) { return nullptr; }
int16_t ProtocolReference::find(const char*) { return 0; }
const char* ProtocolReference::get_name(uint16_t) { return ""; }
Lua::Stack<unsigned>::push(L, copied);
- if ( sb )
+ if ( sb.data )
RawBufferIface.create(
- L, reinterpret_cast<const char*>(sb->data), sb->length);
+ L, reinterpret_cast<const char*>(sb.data), sb.length);
else
lua_pushnil(L);
my_inspector(my_inspector_) { }
Status scan(Flow* flow, const uint8_t* data, uint32_t length, uint32_t not_used,
uint32_t* flush_offset) override;
- const StreamBuffer* reassemble(Flow* flow, unsigned total, unsigned, const
+ const StreamBuffer reassemble(Flow* flow, unsigned total, unsigned, const
uint8_t* data, unsigned len, uint32_t flags, unsigned& copied) override;
bool finish(Flow* flow) override;
bool is_paf() override { return true; }
offset += length;
}
-const StreamBuffer* HttpStreamSplitter::reassemble(Flow* flow, unsigned total, unsigned,
+const StreamBuffer HttpStreamSplitter::reassemble(Flow* flow, unsigned total, unsigned,
const uint8_t* data, unsigned len, uint32_t flags, unsigned& copied)
{
- static THREAD_LOCAL StreamBuffer http_buf;
+ StreamBuffer http_buf { nullptr, 0 };
copied = len;
{
if (!(flags & PKT_PDU_TAIL))
{
- return nullptr;
+ return http_buf;
}
bool tcp_close;
uint8_t* test_buffer;
{
// Source ID does not match test data, no test data was flushed, or there is no
// more test data
- return nullptr;
+ return http_buf;
}
data = test_buffer;
total = len;
// FIXIT-H Workaround for TP Bug 149662
if (session_data->section_type[source_id] == SEC__NOT_COMPUTE)
{
- return nullptr;
+ return { nullptr, 0 };
}
assert(session_data->section_type[source_id] != SEC__NOT_COMPUTE);
}
}
}
- return nullptr;
+ return http_buf;
}
HttpModule::increment_peg_counts(PEG_REASSEMBLE);
fflush(HttpTestManager::get_output_file());
}
#endif
- return &http_buf;
+ return http_buf;
}
my_inspector->clear(session_data, source_id);
}
- return nullptr;
+ return http_buf;
}
#include "stream_splitter.h"
+#include "detection/detection_engine.h"
#include "main/snort_config.h"
#include "protocols/packet.h"
#include "flush_bucket.h"
-static THREAD_LOCAL uint8_t pdu_buf[StreamSplitter::max_buf];
-static THREAD_LOCAL StreamBuffer str_buf;
-
unsigned StreamSplitter::max(Flow*)
{ return snort_conf->max_pdu; }
-const StreamBuffer* StreamSplitter::reassemble(
+const StreamBuffer StreamSplitter::reassemble(
Flow*, unsigned, unsigned offset, const uint8_t* p,
unsigned n, uint32_t flags, unsigned& copied)
{
- assert(offset + n < sizeof(pdu_buf));
+ unsigned max;
+ uint8_t* pdu_buf = DetectionEngine::get_buffer(max);
+
+ assert(offset + n < max);
memcpy(pdu_buf+offset, p, n);
copied = n;
if ( flags & PKT_PDU_TAIL )
- {
- str_buf.data = pdu_buf;
- str_buf.length = offset + n;
- return &str_buf;
- }
- return nullptr;
+ return { pdu_buf, offset + n };
+
+ return { nullptr, 0 };
}
//--------------------------------------------------------------------------
// the last call to reassemble() will be made with len == 0 if
// finish() returned true as an opportunity for a final flush
- virtual const StreamBuffer* reassemble(
+ virtual const StreamBuffer reassemble(
Flow*,
unsigned total, // total amount to flush (sum of iterations)
unsigned offset, // data offset from start of reassembly
|| SEQ_EQ(tsn->seq + bytes_to_copy, to_seq) )
flags |= PKT_PDU_TAIL;
- const StreamBuffer* sb = tracker->splitter->reassemble(
+ const StreamBuffer sb = tracker->splitter->reassemble(
session->flow, total, bytes_flushed, tsn->payload(),
bytes_to_copy, flags, bytes_copied);
flags = 0;
- if ( sb )
+ if ( sb.data )
{
- s5_pkt->data = sb->data;
- s5_pkt->dsize = sb->length;
- assert(sb->length <= s5_pkt->max_dsize);
+ s5_pkt->data = sb.data;
+ s5_pkt->dsize = sb.length;
+ assert(sb.length <= s5_pkt->max_dsize);
bytes_to_copy = bytes_copied;
}
break;
}
- if ( sb || !seglist.next )
+ if ( sb.data || !seglist.next )
break;
if ( bytes_flushed + seglist.next->payload_size >= StreamSplitter::max_buf )
int TcpReassembler::_flush_to_seq(uint32_t bytes, Packet* p, uint32_t pkt_flags)
{
Profile profile(s5TcpFlushPerfStats);
- s5_pkt = Snort::set_detect_packet();
-
s5_pkt = DetectionEngine::set_packet();
DAQ_PktHdr_t pkth;
if ( footprint == 0 )
{
- Snort::clear_detect_packet();
+ DetectionEngine::clear_packet();
return bytes_processed;
}
#include "tcp_session.h"
#include "detection/detection_engine.h"
+#include "detection/rules.h"
#include "log/log.h"
#include "perf_monitor/flow_ip_tracker.h"
#include "profiler/profiler.h"
splitter = nullptr;
}
-void UserTracker::detect(const Packet* p, const StreamBuffer* sb, uint32_t flags)
+void UserTracker::detect(const Packet* p, const StreamBuffer& sb, uint32_t flags)
{
Packet up(false);
up.pkth = p->pkth;
up.ptrs = p->ptrs;
up.flow = p->flow;
- up.data = sb->data;
- up.dsize = sb->length;
+ up.data = sb.data;
+ up.dsize = sb.length;
up.proto_bits = p->proto_bits;
up.pseudo_type = PSEUDO_PKT_USER;
void UserTracker::flush(Packet* p, unsigned flush_amt, uint32_t flags)
{
unsigned bytes_flushed = 0;
- const StreamBuffer* sb = nullptr;
+ StreamBuffer sb = { nullptr, 0 };
trace_logf(stream_user, "flush[%d]\n", flush_amt);
uint32_t rflags = flags & ~PKT_PDU_TAIL;
rflags &= ~PKT_PDU_HEAD;
- if ( sb )
+ if ( sb.data )
detect(p, sb, flags);
if ( bytes_copied == us->get_len() )
void add_data(Packet*);
int scan(Packet*, uint32_t&);
void flush(struct Packet*, unsigned, uint32_t);
- void detect(const struct Packet*, const struct StreamBuffer*, uint32_t);
+ void detect(const struct Packet*, const struct StreamBuffer&, uint32_t);
std::list<UserSegment*> seg_list;
StreamSplitter* splitter;
projects / thirdparty / snort3.git / commitdiff
