Pull request #3190: Quic: Quic stream dependent changes

Merge in SNORT/snort3 from ~KBHANDAN/snort3:quic to master

Squashed commit of the following:

commit 11114860690bc12e4fcfe410ce5406d207db08e2
Author: sunimukh <sunimukh@cisco.com>
Date:   Tue Nov 23 23:23:49 2021 +0530

    Quic: Quic stream dependent changes

diff --git a/src/helpers/CMakeLists.txt b/src/helpers/CMakeLists.txt
index 0743bbb7020cd682fb45ce4e671df1840b94790f..33059c92f8855a949083024e18700fdae2eb8fc9 100644 (file)
--- a/src/helpers/CMakeLists.txt
+++ b/src/helpers/CMakeLists.txt
@@ -18,13 +18,13 @@ set (HELPERS_INCLUDES
     literal_search.h
     scratch_allocator.h
     json_stream.h
+    bitop.h
 )
 
 add_library (helpers OBJECT
     ${HELPERS_INCLUDES}
     ${HYPER_SOURCES}
     base64_encoder.cc
-    bitop.h
     boyer_moore_search.cc
     buffer_data.cc
     chunk.cc

diff --git a/src/main/CMakeLists.txt b/src/main/CMakeLists.txt
index c26feb611abb45cef2eaf588122d84967f6b6ebe..97746692dc1a1873325e80de6719f8e6b287957c 100644 (file)
--- a/src/main/CMakeLists.txt
+++ b/src/main/CMakeLists.txt
@@ -1,5 +1,6 @@
 
 set (INCLUDES
+    analyzer.h
     analyzer_command.h
     policy.h
     reload_tracker.h
@@ -23,7 +24,6 @@ endif ( ENABLE_SHELL )
 
 add_library (main OBJECT
     analyzer.cc
-    analyzer.h
     analyzer_command.cc
     help.cc
     help.h

diff --git a/src/main/analyzer.h b/src/main/analyzer.h
index 18e00e3e085b786469b7f95ce555e4d7161066fc..e2d98476352c3fd375f78381a9002aa30768217e 100644 (file)
--- a/src/main/analyzer.h
+++ b/src/main/analyzer.h
@@ -32,6 +32,7 @@
 #include <queue>
 #include <string>
 
+#include "main/snort_types.h"
 #include "thread.h"
 
 class ContextSwitcher;
@@ -74,7 +75,7 @@ public:
         NUM_STATES
     };
 
-    static Analyzer* get_local_analyzer();
+    SO_PUBLIC static Analyzer* get_local_analyzer();
     static ContextSwitcher* get_switcher();
     static void set_main_hook(MainHook_f);
 
@@ -94,7 +95,7 @@ public:
 
     void post_process_packet(snort::Packet*);
     bool process_rebuilt_packet(snort::Packet*, const DAQ_PktHdr_t*, const uint8_t* pkt, uint32_t pktlen);
-    bool inspect_rebuilt(snort::Packet*);
+    SO_PUBLIC bool inspect_rebuilt(snort::Packet*);
     void finalize_daq_message(DAQ_Msg_h, DAQ_Verdict);
     void add_to_retry_queue(DAQ_Msg_h);
 

diff --git a/src/protocols/packet.h b/src/protocols/packet.h
index 3c9816ca09440f33d54f040b6a8d7f339ce1d5c2..34bf37128120db60efbaacf20ac947762ff72cbe 100644 (file)
--- a/src/protocols/packet.h
+++ b/src/protocols/packet.h
@@ -97,6 +97,7 @@ enum PseudoPacketType
 {
     PSEUDO_PKT_IP,
     PSEUDO_PKT_TCP,
+    PSEUDO_PKT_UDP_QUIC,
     PSEUDO_PKT_USER,
     PSEUDO_PKT_DCE_SEG,
     PSEUDO_PKT_DCE_FRAG,
@@ -230,6 +231,9 @@ struct SO_PUBLIC Packet
     bool has_udp_data() const
     { return (proto_bits & PROTO_BIT__UDP) and data and dsize; }
 
+    bool has_udp_quic_data() const
+    { return (pseudo_type == PSEUDO_PKT_UDP_QUIC) and data and dsize; }
+
     /* Get general, non-boolean information */
     PktType type() const
     { return ptrs.get_pkt_type(); } // defined in codec.h

diff --git a/src/service_inspectors/dce_rpc/dce_smb_inspector.cc b/src/service_inspectors/dce_rpc/dce_smb_inspector.cc
index 76f192106d87589420ebca16c19a0ec8777d732d..59db3f60c05a03282aa402c9edf4aaa7a61179f5 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb_inspector.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb_inspector.cc
@@ -65,7 +65,7 @@ void Dce2Smb::eval(Packet* p)
 
     Profile profile(dce2_smb_pstat_main);
 
-    assert(p->has_tcp_data());
+    assert(p->has_tcp_data() || p->has_udp_quic_data());
     assert(p->flow);
 
     Dce2SmbFlowData* smb_flowdata =

diff --git a/src/stream/paf.h b/src/stream/paf.h
index 685ea1e7dd9e436ca2c49c4f140aad4455b1fece..c4da86f22acdae5281a1363b9d9392b16bce4b56 100644 (file)
--- a/src/stream/paf.h
+++ b/src/stream/paf.h
@@ -25,6 +25,7 @@
 #ifndef PAF_H
 #define PAF_H
 
+#include "main/snort_types.h"
 #include "main/thread.h"
 #include "profiler/profiler_defs.h"
 #include "stream/stream_splitter.h"
@@ -39,7 +40,7 @@ extern THREAD_LOCAL snort::ProfileStats pafPerfStats;
 void* paf_new(unsigned max);     // create new paf config (per policy)
 void paf_delete(void*);  // free config
 
-struct PAF_State     // per session direction
+struct SO_PUBLIC PAF_State     // per session direction
 {
     uint32_t seq;    // stream cursor
     uint32_t pos;    // last flush position
@@ -50,7 +51,7 @@ struct PAF_State     // per session direction
     snort::StreamSplitter::Status paf;  // current scan state
 };
 
-void paf_setup(PAF_State*);  // called at session start
+SO_PUBLIC void paf_setup(PAF_State*);  // called at session start
 void paf_reset(PAF_State*);  // called for do overs
 void paf_clear(PAF_State*);  // called at session end
 
@@ -59,7 +60,7 @@ inline uint32_t paf_position (PAF_State* ps)
     return ps->seq;
 }
 
-inline uint32_t paf_initialized (PAF_State* ps)
+SO_PUBLIC inline uint32_t paf_initialized (PAF_State* ps)
 {
     return ( ps->paf != snort::StreamSplitter::START );
 }
@@ -76,7 +77,7 @@ inline void paf_jump(PAF_State* ps, uint32_t n)
 }
 
 // called on each in order segment
-int32_t paf_check(snort::StreamSplitter* paf_config, PAF_State*, snort::Packet* p,
+SO_PUBLIC int32_t paf_check(snort::StreamSplitter* paf_config, PAF_State*, snort::Packet* p,
     const uint8_t* data, uint32_t len, uint32_t total, uint32_t seq, uint32_t* flags);
 
 #endif