}
void RuleStateMap::apply(
- SnortConfig* sc, OptTreeNode* otn, unsigned ips_num, RuleState& s)
+ SnortConfig* sc, OptTreeNode* otn, unsigned ips_num, const RuleState& s)
{
IpsPolicy* policy = nullptr;
RuleTreeNode* rtn = getRtnFromOtn(otn, ips_num);
private:
RuleTreeNode* dup_rtn(RuleTreeNode*);
void update_rtn(RuleTreeNode*, const RuleState&);
- void apply(snort::SnortConfig*, OptTreeNode*, unsigned ips_num, RuleState&);
+ void apply(snort::SnortConfig*, OptTreeNode*, unsigned ips_num, const RuleState&);
private:
std::map<RuleKey, RuleState> map;
FileVerdict FilePolicy::signature_lookup(Packet*, FileInfo* file)
{
- FileRule& rule = match_file_rule(nullptr, file);
+ const FileRule& rule = match_file_rule(nullptr, file);
if (rule.use.capture_enabled)
{
#include "../bitop.h"
-static unsigned num_set(BitOp& bitop, size_t max)
+static unsigned num_set(const BitOp& bitop, size_t max)
{
unsigned c = 0;
return c;
}
-static bool is_clear(BitOp& bitop, size_t max)
+static bool is_clear(const BitOp& bitop, size_t max)
{ return num_set(bitop, max) == 0; }
TEST_CASE( "bitop", "[bitop]" )
IpsOption::EvalStatus Base64DataOption::eval(Cursor& c, Packet* p)
{
RuleProfile profile(base64PerfStats);
- DataBuffer& base64_decode_buffer = DetectionEngine::get_alt_buffer(p);
+ const DataBuffer& base64_decode_buffer = DetectionEngine::get_alt_buffer(p);
if ( !base64_decode_buffer.len )
return NO_MATCH;
if ( !IpsOption::operator==(ips) )
return false;
- ContentOption& rhs = (ContentOption&)ips;
+ const ContentOption& rhs = (const ContentOption&)ips;
const ContentData& left = *config;
const ContentData& right = *rhs.config;
// latency module
// -----------------------------------------------------------------------------
-static inline bool latency_set(Value& v, PacketLatencyConfig& config)
+static inline bool latency_set(const Value& v, PacketLatencyConfig& config)
{
if ( v.is("max_time") )
{
return true;
}
-static inline bool latency_set(Value& v, RuleLatencyConfig& config)
+static inline bool latency_set(const Value& v, RuleLatencyConfig& config)
{
if ( v.is("max_time") )
{
return snort_protocol_id;
}
-void AppInfoManager::init_appid_info_table(AppIdConfig& config,
+void AppInfoManager::init_appid_info_table(const AppIdConfig& config,
SnortConfig* sc, OdpContext& odp_ctxt)
{
if (!config.app_detector_dir)
return entry ? entry->priority : 0;
}
- void init_appid_info_table(AppIdConfig&, snort::SnortConfig*, OdpContext& odp_ctxt);
+ void init_appid_info_table(const AppIdConfig&, snort::SnortConfig*, OdpContext& odp_ctxt);
void cleanup_appid_info_table();
void dump_app_info_table();
SnortProtocolId add_appid_protocol_reference(const char* protocol, snort::SnortConfig*);
return asd;
}
-const char* AppIdApi::get_application_name(AppId app_id, AppIdContext& ctxt)
+const char* AppIdApi::get_application_name(AppId app_id, const AppIdContext& ctxt)
{
return ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(app_id);
}
return app_name;
}
-AppId AppIdApi::get_application_id(const char* appName, AppIdContext& ctxt)
+AppId AppIdApi::get_application_id(const char* appName, const AppIdContext& ctxt)
{
return ctxt.get_odp_ctxt().get_app_info_mgr().get_appid_by_name(appName);
}
SO_PRIVATE AppIdApi() = default;
AppIdSession* get_appid_session(const Flow& flow);
- const char* get_application_name(AppId app_id, AppIdContext& ctxt);
+ const char* get_application_name(AppId app_id, const AppIdContext& ctxt);
const char* get_application_name(const Flow& flow, bool from_client);
- AppId get_application_id(const char* appName, AppIdContext& ctxt);
+ AppId get_application_id(const char* appName, const AppIdContext& ctxt);
uint32_t produce_ha_state(const Flow& flow, uint8_t* buf);
uint32_t consume_ha_state(Flow& flow, const uint8_t* buf, uint8_t length, IpProtocol,
SfIp*, uint16_t initiatorPort);
config.show();
}
-OdpContext::OdpContext(AppIdConfig& config, SnortConfig* sc)
+OdpContext::OdpContext(const AppIdConfig& config, SnortConfig* sc)
{
app_info_mgr.init_appid_info_table(config, sc, *this);
client_pattern_detector = new PatternClientDetector(&client_disco_mgr);
uint16_t max_packet_before_service_fail = MIN_MAX_PKTS_BEFORE_SERVICE_FAIL;
uint16_t max_packet_service_fail_ignore_bytes = MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES;
- OdpContext(AppIdConfig&, snort::SnortConfig*);
+ OdpContext(const AppIdConfig&, snort::SnortConfig*);
void initialize();
AppInfoManager& get_app_info_mgr()
AppIdSession* asd = snort::appid_api.get_appid_session(*flow);
if (!asd)
return;
- DataDecryptEvent& data_decrypt_event = static_cast<DataDecryptEvent&>(event);
+ const DataDecryptEvent& data_decrypt_event = static_cast<DataDecryptEvent&>(event);
if (data_decrypt_event.get_type() == DataDecryptEvent::DATA_DECRYPT_MONITOR_EVENT)
{
asd->set_session_flags(APPID_SESSION_DECRYPT_MONITOR);
}
}
-void AppIdStatistics::update(AppIdSession& asd)
+void AppIdStatistics::update(const AppIdSession& asd)
{
time_t now = get_time();
static AppIdStatistics* initialize_manager(const AppIdConfig&);
static AppIdStatistics* get_stats_manager();
static void cleanup();
- void update(AppIdSession&);
+ void update(const AppIdSession&);
void flush();
private:
}
int DnsValidator::dns_validate_header(const AppidSessionDirection dir, const DNSHeader* hdr,
- bool host_reporting, AppIdSession& asd)
+ bool host_reporting, const AppIdSession& asd)
{
if (hdr->Opcode > MAX_OPCODE || hdr->Opcode == INVALID_OPCODE)
return APPID_NOMATCH;
uint16_t id, bool host_reporting, AppIdSession&);
int dns_validate_answer(const uint8_t* data, uint16_t* offset, uint16_t size,
uint16_t id, uint8_t rcode, bool host_reporting, AppIdSession&);
- int dns_validate_header(const AppidSessionDirection dir, const DNSHeader*, bool host_reporting, AppIdSession&);
+ int dns_validate_header(const AppidSessionDirection dir, const DNSHeader*, bool host_reporting,
+ const AppIdSession&);
int validate_packet(const uint8_t* data, uint16_t size, const int,
bool host_reporting, AppIdSession&);
};
int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&)
{ return 0; }
-OdpContext::OdpContext(AppIdConfig&, snort::SnortConfig*)
+OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*)
{ }
#endif
using namespace snort;
HostPortVal* HostPortCache::find(const SfIp* ip, uint16_t port, IpProtocol protocol,
- OdpContext& odp_ctxt)
+ const OdpContext& odp_ctxt)
{
HostPortKey hk;
hk.ip = *ip;
AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME);
assert(inspector);
- AppIdContext& ctxt = inspector->get_ctxt();
+ const AppIdContext& ctxt = inspector->get_ctxt();
hk.port = (ctxt.get_odp_ctxt().allow_port_wildcard_host_cache)? 0 : port;
hk.proto = proto;
class HostPortCache
{
public:
- HostPortVal* find(const snort::SfIp*, uint16_t port, IpProtocol, OdpContext&);
+ HostPortVal* find(const snort::SfIp*, uint16_t port, IpProtocol, const OdpContext&);
bool add(const snort::SfIp*, uint16_t port, IpProtocol, unsigned type, AppId);
void dump();
static OdpContext stub_odp_ctxt(stub_config, nullptr);
OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt;
-OdpContext::OdpContext(AppIdConfig&, snort::SnortConfig*)
+OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*)
{ }
#endif
}
// Stubs for misc items
-HostPortVal* HostPortCache::find(const SfIp*, uint16_t, IpProtocol, OdpContext&)
+HostPortVal* HostPortCache::find(const SfIp*, uint16_t, IpProtocol, const OdpContext&)
{
return nullptr;
}
void memory::MemoryCap::update_allocations(unsigned long) { }
void memory::MemoryCap::update_deallocations(unsigned long) { }
-OdpContext::OdpContext(AppIdConfig&, snort::SnortConfig*) { }
+OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { }
AppIdConfig::~AppIdConfig() { }
unsigned AppIdSession::inspector_id = 0;
};
AppIdConfig::~AppIdConfig() { }
-OdpContext::OdpContext(AppIdConfig&, snort::SnortConfig*) { }
+OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { }
static AppIdConfig stub_config;
static AppIdContext stub_ctxt(stub_config);
SipPatternMatchers::~SipPatternMatchers() { }
SslPatternMatchers::~SslPatternMatchers() { }
AppIdConfig::~AppIdConfig() { }
-OdpContext::OdpContext(AppIdConfig&, snort::SnortConfig*) { }
+OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { }
void ServiceDiscovery::initialize() { }
int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&)
{ return 0; }
class ThirdPartyAppIdSession
{
public:
- ThirdPartyAppIdSession(ThirdPartyAppIdContext& ctxt)
+ ThirdPartyAppIdSession(const ThirdPartyAppIdContext& ctxt)
: appid(APP_ID_NONE), confidence(100), state(TP_STATE_INIT), ctxt(ctxt) { }
virtual ~ThirdPartyAppIdSession() { }
ProfileStats* NormalizeModule::get_profile() const
{ return &norm_perf_stats; }
-bool NormalizeModule::set_ip4(const char*, Value& v, SnortConfig*)
+bool NormalizeModule::set_ip4(const char*, const Value& v, SnortConfig*)
{
if ( v.is("base") )
Norm_Set(&config, NORM_IP4_BASE, v.get_bool());
return true;
}
-bool NormalizeModule::set_tcp(const char*, Value& v, SnortConfig*)
+bool NormalizeModule::set_tcp(const char*, const Value& v, SnortConfig*)
{
if ( v.is("base") )
{
{ return INSPECT; }
private:
- bool set_ip4(const char*, snort::Value&, snort::SnortConfig*);
- bool set_tcp(const char*, snort::Value&, snort::SnortConfig*);
+ bool set_ip4(const char*, const snort::Value&, snort::SnortConfig*);
+ bool set_tcp(const char*, const snort::Value&, snort::SnortConfig*);
void add_test_peg(const PegInfo&) const;
return policyStr;
}
-bool dce2_set_common_config(Value& v, dce2CommonProtoConf& common)
+bool dce2_set_common_config(const Value& v, dce2CommonProtoConf& common)
{
if ( v.is("limit_alerts") )
common.limit_alerts = v.get_bool();
return true;
}
-bool dce2_set_co_config(Value& v, dce2CoProtoConf& co)
+bool dce2_set_co_config(const Value& v, dce2CoProtoConf& co)
{
if (dce2_set_common_config(v, co.common))
return true;
stats->events++;
}
-bool dce2_set_common_config(snort::Value&, dce2CommonProtoConf&);
+bool dce2_set_common_config(const snort::Value&, dce2CommonProtoConf&);
void print_dce2_common_config(const dce2CommonProtoConf&);
-bool dce2_set_co_config(snort::Value&, dce2CoProtoConf&);
+bool dce2_set_co_config(const snort::Value&, dce2CoProtoConf&);
void print_dce2_co_config(const dce2CoProtoConf&);
bool dce2_paf_abort(DCE2_SsnData*);
void DCE2_Detect(DCE2_SsnData*);
DataBus::publish(DCERPC_EXP_SESSION_EVENT_KEY, map_resp_event, pkt->flow);
}
-DceTcpExpSsnManager::DceTcpExpSsnManager(dce2TcpProtoConf& config) :
+DceTcpExpSsnManager::DceTcpExpSsnManager(const dce2TcpProtoConf& config) :
DceExpSsnManager("dce-tcp", IpProtocol::TCP, PktType::TCP),
pc(config) { }
{
public:
DceTcpExpSsnManager() = delete;
- DceTcpExpSsnManager(dce2TcpProtoConf&);
+ DceTcpExpSsnManager(const dce2TcpProtoConf&);
DceTcpExpSsnManager(const DceTcpExpSsnManager&) = delete;
DceTcpExpSsnManager& operator=(const DceTcpExpSsnManager&) =delete;
/* match_request() is only used by the s2c splitter instance. */
StreamSplitter::Status
- DceHttpProxySplitter::match_response(const uint8_t* data, uint32_t& len)
+ DceHttpProxySplitter::match_response(const uint8_t* data, const uint32_t& len)
{
uint32_t starting_index = 0;
private:
Status match_request_head(const uint8_t* data, uint32_t& len);
Status match_response_head(const uint8_t* data, uint32_t& len);
- Status match_response(const uint8_t* data, uint32_t& len);
+ Status match_response(const uint8_t* data, const uint32_t& len);
enum DceHttpProxyState
{
}
const Field& HttpInspect::http_get_buf(Cursor& c, Packet* p,
- HttpBufferInfo& buffer_info)
+ const HttpBufferInfo& buffer_info)
{
HttpMsgSection* current_section = HttpContextData::get_snapshot(p);
snort::InspectionBuffer& b) override;
bool get_buf(unsigned id, snort::Packet* p, snort::InspectionBuffer& b) override;
const Field& http_get_buf(Cursor& c, snort::Packet* p,
- HttpBufferInfo& buffer_info);
+ const HttpBufferInfo& buffer_info);
bool get_fp_buf(snort::InspectionBuffer::Type ibt, snort::Packet* p,
snort::InspectionBuffer& b) override;
bool configure(snort::SnortConfig*) override;
return get_classic_buffer(c, buffer_info);
}
-const Field& HttpMsgSection::get_classic_buffer(Cursor& c, HttpBufferInfo& buf)
+const Field& HttpMsgSection::get_classic_buffer(Cursor& c, const HttpBufferInfo& buf)
{
// buffer_side replaces source_id for buffers that support the request option
const SourceId buffer_side = (buf.form & FORM_REQUEST) ? SRC_CLIENT : source_id;
virtual void update_flow() = 0;
const Field& get_classic_buffer(unsigned id, uint64_t sub_id, uint64_t form);
- const Field& get_classic_buffer(Cursor& c, HttpBufferInfo& buf);
+ const Field& get_classic_buffer(Cursor& c, const HttpBufferInfo& buf);
HttpEnums::MethodId get_method_id() const { return method_id; }
if (!(p->packet_flags & PKT_REBUILT_STREAM))
return false;
- TcpStreamTracker& st = p->ptrs.ip_api.get_src()->equals(flow->client_ip) ? server : client;
+ const TcpStreamTracker& st = p->ptrs.ip_api.get_src()->equals(flow->client_ip) ? server : client;
for (int i = 0; i < st.alert_count; i++)
{
/* This is a rebuilt packet and if we've seen this alert before,
for (unsigned i = 0; i < st.alert_count; i++)
{
- StreamAlertInfo* ai = st.alerts + i;
+ StreamAlertInfo* ai = &st.alerts[i];
if (ai->gid == gid && ai->sid == sid && SEQ_EQ(ai->seq, seq_num))
{
projects / thirdparty / snort3.git / commitdiff
