src/service_inspectors/dns/Makefile \
src/service_inspectors/ftp_telnet/Makefile \
src/service_inspectors/gtp/Makefile \
-src/service_inspectors/http_inspect/Makefile \
src/service_inspectors/imap/Makefile \
src/service_inspectors/modbus/Makefile \
src/service_inspectors/nhttp_inspect/Makefile \
src/inspectors/Makefile \
src/inspectors/data_log/Makefile \
src/inspectors/dpx/Makefile \
+src/inspectors/http_server/Makefile \
src/ips_options/Makefile \
src/ips_options/find/Makefile \
src/ips_options/ips_pkt_num/Makefile \
add_subdirectory ( dpx )
add_subdirectory ( data_log )
+add_subdirectory ( http_server )
SUBDIRS = \
data_log \
-dpx
+dpx \
+http_server
AM_CPPFLAGS = @AM_CPPFLAGS@
AM_CFLAGS= @AM_CFLAGS@
hi_ui_iis_unicode_map.cc
hi_ui_iis_unicode_map.h
hi_util.h
+ ips_http.cc
+ ips_http_header.cc
)
-# can't be be linked dynamically yet
-#if (STATIC_INSPECTORS)
- add_library(http_inspect STATIC ${FILE_LIST})
+cmake_minimum_required ( VERSION 2.8.11 )
+project ( http_server CXX )
-#else (STATIC_INSPECTORS)
-# add_shared_library(http_inspect inspectors ${FILE_LIST})
+if ( APPLE )
+ set ( CMAKE_MACOSX_RPATH OFF )
+ set (
+ CMAKE_SHARED_LINKER_FLAGS
+ "${CMAKE_SHARED_LINKER_FLAGS} -undefined dynamic_lookup"
+ )
+endif ( APPLE )
+
+include ( FindPkgConfig )
+pkg_search_module ( SNORT3 REQUIRED snort>=3 )
+
+add_library (
+ http_server SHARED
+ ${FILE_LIST}
+)
+
+set ( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11" )
+
+target_include_directories (
+ http_server PUBLIC
+ ${SNORT3_INCLUDE_DIRS}
+)
+
+install (
+ TARGETS http_server
+ LIBRARY DESTINATION "lib/${CMAKE_PROJECT_NAME}/inspectors"
+)
-#endif (STATIC_INSPECTORS)
hi_stream_splitter.cc hi_stream_splitter.h \
hi_ui_config.cc hi_ui_config.h \
hi_ui_iis_unicode_map.cc hi_ui_iis_unicode_map.h \
-hi_util.h
+hi_util.h \
+ips_http.cc \
+ips_http_header.cc
-if STATIC_INSPECTORS
-noinst_LIBRARIES = libhttp_inspect.a
-libhttp_inspect_a_SOURCES = $(file_list)
-else
-shlibdir = $(pkglibdir)/inspectors
-shlib_LTLIBRARIES = libhttp_inspect.la
-libhttp_inspect_la_CXXFLAGS = $(AM_CXXFLAGS) -DBUILDING_SO
-libhttp_inspect_la_LDFLAGS = $(AM_LDFLAGS) -export-dynamic -shared
-libhttp_inspect_la_SOURCES = $(file_list)
-endif
+http_serverlibdir = $(pkglibdir)/inspectors
+
+AM_CXXFLAGS = @SNORT3_CFLAGS@ -std=c++11
+
+http_serverlib_LTLIBRARIES = libhttp_server.la
+libhttp_server_la_CXXFLAGS = $(AM_CXXFLAGS)
+libhttp_server_la_LDFLAGS = -export-dynamic -shared -avoid-version
+libhttp_server_la_SOURCES = $(file_list)
#include "detection/detect.h"
#include "detection/detection_util.h"
#include "events/event.h"
-#include "main/snort_debug.h"
-#include "utils/util.h"
-#include "utils/util_utf.h"
-#include "utils/sfsnprintfappend.h"
-#include <mime/decode_base.h>
-#include "stream/stream_api.h"
-#include "profiler/profiler.h"
-#include "loggers/unified2_common.h"
#include "file_api/file_api.h"
#include "file_api/file_flows.h"
+#include "framework/data_bus.h"
+#include "log/unified2.h"
+#include "main/snort_debug.h"
+#include "mime/decode_base.h"
+#include "profiler/profiler.h"
#include "protocols/packet.h"
#include "protocols/tcp.h"
-#include "framework/data_bus.h"
+#include "search_engines/search_tool.h"
+#include "stream/stream_api.h"
+#include "utils/util.h"
+#include "utils/util_utf.h"
+#include "utils/sfsnprintfappend.h"
#include "hi_return_codes.h"
#include "hi_ui_config.h"
#include <zlib.h>
-#include "hi_ui_config.h"
+#include "detection/detection_util.h"
#include "protocols/packet.h"
#include "stream/stream_api.h"
-#include "detection/detection_util.h"
-#include "search_engines/search_tool.h"
#include "utils/util_jsnorm.h"
#include "utils/util_utf.h"
+#include "hi_ui_config.h"
#define MAX_METHOD_LEN 256
#include "hi_return_codes.h"
#include "detection/detection_util.h"
+#include "search_engines/search_tool.h"
#include "utils/safec.h"
#include "utils/util_utf.h"
#include <string.h>
#include <sys/types.h>
+// FIXIT-L all snort includes should use <form> instead of "form"
#include "protocols/packet.h"
#include "main/snort_debug.h"
-#include "parser/parser.h"
#include "decompress/file_decomp.h"
#include "profiler/profiler.h"
-#include "detection/detection_util.h"
#include "stream/stream_api.h"
-#include "target_based/snort_protocols.h"
#include "file_api/file_api.h"
#include "file_api/file_service.h"
-#include "utils/kmap.h"
-#include <mime/decode_base.h>
+#include "mime/decode_base.h"
#include "utils/util.h"
#include "framework/inspector.h"
#include "managers/inspector_manager.h"
nullptr // reset
};
-#ifdef BUILDING_SO
+extern const BaseApi* ips_http_uri;
+extern const BaseApi* ips_http_header;
+extern const BaseApi* ips_http_client_body;
+extern const BaseApi* ips_http_method;
+extern const BaseApi* ips_http_cookie;
+extern const BaseApi* ips_http_stat_code;
+extern const BaseApi* ips_http_stat_msg;
+extern const BaseApi* ips_http_raw_uri;
+extern const BaseApi* ips_http_raw_header;
+extern const BaseApi* ips_http_raw_cookie;
+
SO_PUBLIC const BaseApi* snort_plugins[] =
{
&hg_api.base,
&hi_api.base,
+ ips_http_uri,
+ ips_http_header,
+ ips_http_client_body,
+ ips_http_method,
+ ips_http_cookie,
+ ips_http_stat_code,
+ ips_http_stat_msg,
+ ips_http_raw_uri,
+ ips_http_raw_header,
+ ips_http_raw_cookie,
nullptr
};
-#else
-const BaseApi* sin_http_global = &hg_api.base;
-const BaseApi* sin_http_inspect = &hi_api.base;
-#endif
PT_IPS_OPTION,
sizeof(IpsApi),
IPSAPI_VERSION,
- 0,
+ 2,
API_RESERVED,
API_OPTIONS,
IPS_OPT,
PT_IPS_OPTION,
sizeof(IpsApi),
IPSAPI_VERSION,
- 0,
+ 2,
API_RESERVED,
API_OPTIONS,
IPS_OPT,
PT_IPS_OPTION,
sizeof(IpsApi),
IPSAPI_VERSION,
- 0,
+ 2,
API_RESERVED,
API_OPTIONS,
IPS_OPT,
PT_IPS_OPTION,
sizeof(IpsApi),
IPSAPI_VERSION,
- 0,
+ 2,
API_RESERVED,
API_OPTIONS,
IPS_OPT,
PT_IPS_OPTION,
sizeof(IpsApi),
IPSAPI_VERSION,
- 0,
+ 2,
API_RESERVED,
API_OPTIONS,
IPS_OPT,
PT_IPS_OPTION,
sizeof(IpsApi),
IPSAPI_VERSION,
- 0,
+ 2,
API_RESERVED,
API_OPTIONS,
IPS_OPT,
PT_IPS_OPTION,
sizeof(IpsApi),
IPSAPI_VERSION,
- 0,
+ 2,
API_RESERVED,
API_OPTIONS,
IPS_OPT,
PT_IPS_OPTION,
sizeof(IpsApi),
IPSAPI_VERSION,
- 0,
+ 2,
API_RESERVED,
API_OPTIONS,
IPS_OPT,
PT_IPS_OPTION,
sizeof(IpsApi),
IPSAPI_VERSION,
- 0,
+ 2,
API_RESERVED,
API_OPTIONS,
IPS_OPT,
#include "main/snort_types.h"
#include "main/snort_debug.h"
-#include "parser/parser.h"
#include "profiler/profiler.h"
#include "flow/flow.h"
#include "detection/detection_defines.h"
PT_IPS_OPTION,
sizeof(IpsApi),
IPSAPI_VERSION,
- 0,
+ 2,
API_RESERVED,
API_OPTIONS,
s_name,
service_inspectors/dns/libdns.a \
service_inspectors/ftp_telnet/libftp_telnet.a \
service_inspectors/gtp/libgtp_inspect.a \
-service_inspectors/http_inspect/libhttp_inspect.a \
service_inspectors/modbus/libmodbus.a \
service_inspectors/nhttp_inspect/libnhttp_inspect.a \
service_inspectors/rpc_decode/librpc_decode.a \
#include "detection/detect.h"
#include "detection/tag.h"
#include "packet_io/active.h"
+#include "parser/parser.h"
#include "utils/stats.h"
static void pass()
noinst_LIBRARIES = libdecompress.a
-libdecompress_a_SOURCES = \
-file_decomp.cc \
+x_includedir = $(pkgincludedir)/decompress
+
+x_include_HEADERS = \
file_decomp.h \
-file_decomp_pdf.cc \
file_decomp_pdf.h \
-file_decomp_swf.cc \
file_decomp_swf.h
+libdecompress_a_SOURCES = \
+file_decomp.cc \
+file_decomp_pdf.cc \
+file_decomp_swf.cc
+
typedef struct fd_session_s* fd_session_p_t, fd_session_t;
-#include "file_decomp_pdf.h"
-#include "file_decomp_swf.h"
+// FIXIT-L this should be unravelled so that these internal includes are not necessary
+#include "decompress/file_decomp_pdf.h"
+#include "decompress/file_decomp_swf.h"
#include <zlib.h>
#ifdef HAVE_LZMA
x_includedir = $(pkgincludedir)/detection
x_include_HEADERS = \
+detect.h \
detection_defines.h \
detection_options.h \
+detection_util.h \
pattern_match_data.h \
rule_option_types.h \
rules.h \
libdetection_a_SOURCES = \
detect.cc \
-detect.h \
detection_options.cc \
detection_util.cc \
-detection_util.h \
fp_config.cc \
fp_config.h \
fp_create.cc \
#include "protocols/packet.h"
#include "detection/rules.h"
#include "detection/treenodes.h"
-#include "parser/parser.h"
#include "log/log.h"
#include "events/event.h"
#include "filters/rate_filter.h"
#include "events/event_wrapper.h"
#include "packet_io/active.h"
+#include "parser/parser.h"
#include "stream/stream_api.h"
#include "utils/sflsq.h"
#include "utils/util.h"
noinst_LIBRARIES = libfile_api.a
+x_includedir = $(pkgincludedir)/file_api
+
+x_include_HEADERS = \
+file_api.h \
+file_config.h \
+file_flows.h \
+file_identifier.h \
+file_lib.h \
+file_policy.h \
+file_service.h
+
libfile_api_a_SOURCES = \
circular_buffer.cc circular_buffer.h \
-file_api.h \
file_capture.cc file_capture.h \
-file_config.cc file_config.h \
-file_flows.cc file_flows.h \
+file_config.cc \
+file_flows.cc \
file_enforcer.cc file_enforcer.h \
-file_identifier.h file_identifier.cc \
+file_identifier.cc \
file_log.cc \
-file_lib.cc file_lib.h \
+file_lib.cc \
file_mempool.cc file_mempool.h \
file_module.cc file_module.h \
-file_policy.cc file_policy.h \
-file_service.cc file_service.h \
+file_policy.cc \
+file_service.cc \
file_stats.cc file_stats.h
// This provides the basic configuration for file processing
-#include "file_lib.h"
-#include "file_identifier.h"
-#include "file_policy.h"
+#include "file_api/file_lib.h"
+#include "file_api/file_identifier.h"
+#include "file_api/file_policy.h"
#define DEFAULT_FILE_TYPE_DEPTH 1460
#define DEFAULT_FILE_SIGNATURE_DEPTH 10485760 /*10 Mbytes*/
#include <sys/types.h>
#include "main/snort_types.h"
-#include "file_policy.h"
+#include "file_api/file_policy.h"
class FileEnforcer;
ips_fragbits.cc
ips_fragoffset.cc
ips_gid.cc
- ips_http.cc
- ips_http_header.cc
ips_icmp_id.cc
ips_icmp_seq.cc
ips_icode.cc
add_shared_library(ips_fragbits ips_options ips_fragbits.cc)
add_shared_library(ips_fragoffset ips_options ips_fragoffset.cc)
add_shared_library(ips_gid ips_options ips_gid.cc)
- add_shared_library(ips_http ips_options ips_http.cc)
- add_shared_library(ips_http_header ips_options ips_http_header.cc)
add_shared_library(ips_icode ips_options ips_icode.cc)
add_shared_library(ips_icmp_id ips_options ips_icmp_id.cc)
add_shared_library(ips_icmp_seq ips_options ips_icmp_seq.cc)
ips_fragbits.cc \
ips_fragoffset.cc \
ips_gid.cc \
-ips_http.cc \
-ips_http_header.cc \
ips_icmp_id.cc \
ips_icmp_seq.cc \
ips_icode.cc \
#libips_hash_la_LDFLAGS = $(AM_LDFLAGS) -export-dynamic -shared
#libips_hash_la_SOURCES = ips_hash.cc
-optlib_LTLIBRARIES += libips_http.la
-libips_http_la_CXXFLAGS = $(AM_CXXFLAGS) -DBUILDING_SO
-libips_http_la_LDFLAGS = $(AM_LDFLAGS) -export-dynamic -shared
-libips_http_la_SOURCES = ips_http.cc
-
-optlib_LTLIBRARIES += libips_http_header.la
-libips_http_header_la_CXXFLAGS = $(AM_CXXFLAGS) -DBUILDING_SO
-libips_http_header_la_LDFLAGS = $(AM_LDFLAGS) -export-dynamic -shared
-libips_http_header_la_SOURCES = ips_http_header.cc
-
optlib_LTLIBRARIES += libips_icmp_id.la
libips_icmp_id_la_CXXFLAGS = $(AM_CXXFLAGS) -DBUILDING_SO
libips_icmp_id_la_LDFLAGS = $(AM_LDFLAGS) -export-dynamic -shared
extern const BaseApi* ips_fragbits;
extern const BaseApi* ips_fragoffset;
extern const BaseApi* ips_gid;
-extern const BaseApi* ips_http_uri;
-extern const BaseApi* ips_http_header;
-extern const BaseApi* ips_http_client_body;
-extern const BaseApi* ips_http_method;
-extern const BaseApi* ips_http_cookie;
-extern const BaseApi* ips_http_stat_code;
-extern const BaseApi* ips_http_stat_msg;
-extern const BaseApi* ips_http_raw_uri;
-extern const BaseApi* ips_http_raw_header;
-extern const BaseApi* ips_http_raw_cookie;
extern const BaseApi* ips_icmp_id;
extern const BaseApi* ips_icmp_seq;
extern const BaseApi* ips_icode;
ips_fragbits,
ips_fragoffset,
ips_gid,
- ips_http_uri,
- ips_http_header,
- ips_http_client_body,
- ips_http_method,
- ips_http_cookie,
- ips_http_stat_code,
- ips_http_stat_msg,
- ips_http_raw_uri,
- ips_http_raw_header,
- ips_http_raw_cookie,
ips_icmp_id,
ips_icmp_seq,
ips_icode,
x_includedir = $(pkgincludedir)/log
x_include_HEADERS = \
+log.h \
messages.h \
obfuscator.h \
-text_log.h
+text_log.h \
+unified2.h
liblog_a_SOURCES = \
log.cc \
-log.h \
log_text.cc \
log_text.h \
messages.cc \
#include "main/snort_config.h"
#include "packet_io/sfdaq.h"
-// should be able to delete this when we cutover to NHI
-#include "service_inspectors/http_inspect/hi_main.h" // FIXIT-H bad dependency for Is*Data()
-
#include "sfip/sf_ip.h"
#include "utils/util.h"
#include "utils/util_net.h"
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-#ifndef UNIFIED2_COMMON_H
-#define UNIFIED2_COMMON_H
+#ifndef UNIFIED2_H
+#define UNIFIED2_H
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <netinet/in.h>
-#include <protocols/protocol_ids.h>
+#include "protocols/protocol_ids.h"
// SNORT DEFINES
// Long time ago...
alert_syslog.cc \
log_hext.cc \
log_pcap.cc \
-unified2.cc \
-unified2_common.h
+unified2.cc
if LINUX
libloggers_a_SOURCES += alert_sf_socket.cc
ehlib_LTLIBRARIES += libunified2.la
libunified2_la_CXXFLAGS = $(AM_CXXFLAGS) -DBUILDING_SO
libunified2_la_LDFLAGS = $(AM_LDFLAGS) -export-dynamic -shared
-libunified2_la_SOURCES = unified2.cc unified2_common.h
+libunified2_la_SOURCES = unified2.cc
endif
*
*/
-#include "loggers/unified2_common.h"
+#include "log/unified2.h"
#ifdef HAVE_CONFIG_H
#include "config.h"
x_luadir = $(pkgincludedir)/lua
-noinst_LIBRARIES = libmanagers.a
-
x_lua_HEADERS = \
snort_config.lua \
snort_plugin.lua
+x_mgrdir = $(pkgincludedir)/managers
+
+x_mgr_HEADERS = \
+inspector_manager.h
+
+noinst_LIBRARIES = libmanagers.a
+
libmanagers_a_SOURCES = \
action_manager.cc action_manager.h \
codec_manager.cc codec_manager.h \
connector_manager.cc connector_manager.h \
event_manager.cc event_manager.h \
-inspector_manager.cc inspector_manager.h \
+inspector_manager.cc \
ips_manager.cc ips_manager.h \
lua_plugin_defs.h \
module_manager.cc module_manager.h \
noinst_LIBRARIES = libmime.a
+x_includedir = $(pkgincludedir)/mime
+
+x_include_HEADERS = \
+decode_b64.h \
+decode_base.h \
+decode_bit.h \
+decode_buffer.h \
+decode_qp.h \
+decode_uu.h \
+file_mime_config.h \
+file_mime_decode.h \
+file_mime_log.h \
+file_mime_paf.h \
+file_mime_process.h
+
libmime_a_SOURCES = \
-file_mime_decode.h file_mime_decode.cc \
-file_mime_log.h file_mime_log.cc \
-file_mime_paf.h file_mime_paf.cc \
-file_mime_process.h file_mime_process.cc \
-file_mime_config.cc file_mime_config.h \
-decode_base.cc decode_base.h \
-decode_b64.cc decode_b64.h \
-decode_bit.cc decode_bit.h \
-decode_qp.cc decode_qp.h \
-decode_uu.cc decode_uu.h \
-decode_buffer.cc decode_buffer.h
+decode_b64.cc \
+decode_base.cc \
+decode_bit.cc \
+decode_buffer.cc \
+decode_qp.cc \
+decode_uu.cc \
+file_mime_config.cc \
+file_mime_decode.cc \
+file_mime_log.cc \
+file_mime_paf.cc \
+file_mime_process.cc
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// Author: Bhagyashree Bantwal <bbantwal@sourcefire.com>
-
-#include <mime/decode_base.h>
+// decode_b64.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
#include "decode_b64.h"
#include "utils/util.h"
#include "utils/util_unfold.h"
+#include "decode_base.h"
+#include "decode_buffer.h"
+
void B64Decode::reset_decode_state()
{
reset_decoded_bytes();
#include <stdlib.h>
#include "main/snort_types.h"
-#include "decode_buffer.h"
-#include "decode_base.h"
+#include "mime/decode_base.h"
-class B64Decode: public DataDecode
+class B64Decode : public DataDecode
{
public:
B64Decode(int max_depth);
void reset_decode_state() override;
private:
- DecodeBuffer* buffer = nullptr;
+ class DecodeBuffer* buffer = nullptr;
};
// FIXIT-L inbuf should probably be const uint8_t*
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// Author: Bhagyashree Bantwal <bbantwal@sourcefire.com>
+// decode_base.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
-#include <mime/decode_base.h>
+#include "decode_base.h"
#include "utils/util.h"
void DataDecode::reset_decoded_bytes()
// Email attachment decoder
#include <stdlib.h>
-
#include "main/snort_types.h"
enum DecodeResult
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// Author: Bhagyashree Bantwal <bbantwal@sourcefire.com>
+// decode_bit.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
-#include <mime/decode_base.h>
#include "decode_bit.h"
-
#include "utils/util.h"
void BitDecode::reset_decode_state()
// Email attachment decoder
#include <stdlib.h>
+#include "mime/decode_base.h"
-#include "main/snort_types.h"
-
-class BitDecode:public DataDecode
+class BitDecode : public DataDecode
{
public:
BitDecode(int max_depth);
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// Author: Bhagyashree Bantwal <bbantwal@sourcefire.com>
+// decode_buffer.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
#include "decode_buffer.h"
-
#include "utils/util.h"
-
void DecodeBuffer::reset()
{
prev_encoded_bytes = 0;
// Manage decode/encode buffers
#include <stdlib.h>
-
#include "main/snort_types.h"
class DecodeBuffer
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// Author: Bhagyashree Bantwal <bbantwal@sourcefire.com>
+// decode_qp.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
-#include <mime/decode_base.h>
#include "decode_qp.h"
#include "utils/util.h"
#include "utils/util_unfold.h"
+#include "decode_buffer.h"
void QPDecode::reset_decode_state()
{
// Email attachment decoder
#include <stdlib.h>
+#include "mime/decode_base.h"
-#include "main/snort_types.h"
-#include "decode_buffer.h"
-
-class QPDecode:public DataDecode
+class QPDecode : public DataDecode
{
public:
QPDecode(int max_depth);
void reset_decode_state() override;
private:
- DecodeBuffer* buffer = nullptr;
+ class DecodeBuffer* buffer = nullptr;
};
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// Author: Bhagyashree Bantwal <bbantwal@sourcefire.com>
+// decode_uu.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
-#include <mime/decode_base.h>
#include "decode_uu.h"
+
#include "utils/safec.h"
#include "utils/util.h"
#include "utils/util_unfold.h"
+#include "decode_buffer.h"
+
#define UU_DECODE_CHAR(c) (((c) - 0x20) & 0x3f)
void UUDecode::reset_decode_state()
//--------------------------------------------------------------------------
// Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
-// Copyright (C) 1998-2013 Sourcefire, Inc.
//
// This program is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License Version 2 as published
// UU decoder
-#include "decode_base.h"
-#include "decode_buffer.h"
+#include "mime/decode_base.h"
-class UUDecode:public DataDecode
+class UUDecode : public DataDecode
{
public:
UUDecode(int max_depth);
private:
bool begin_found = false;
bool end_found = false;
- DecodeBuffer* buffer = nullptr;
+ class DecodeBuffer* buffer = nullptr;
};
int sf_uudecode(uint8_t* src, uint32_t slen, uint8_t* dst, uint32_t dlen, uint32_t* bytes_read,
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-/*
-** Author(s): Hui Cao <huica@cisco.com>
-**
-** NOTES
-** 9.25.2012 - Initial Source Code. Hui Cao
-*/
+
+// file_mime_config.cc author Hui Cao <huica@cisco.com>
+// 9.25.2012 - Initial Source Code. Hui Cao
#include "file_mime_config.h"
#include "log/messages.h"
#include "main/snort_types.h"
#include "file_api/file_service.h"
+
#include "file_mime_process.h"
void DecodeConfig::update_max_depth(int64_t depth)
//--------------------------------------------------------------------------
// Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
-// Copyright (C) 2012-2013 Sourcefire, Inc.
//
// This program is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License Version 2 as published
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// Author: Bhagyashree Bantwal <bbantwal@sourcefire.com>
+// file_mime_decode.cc author Bhagyashree Bantwal <bbantwal@sourcefire.com>
-#include <mime/decode_uu.h>
#include "file_mime_decode.h"
+
+#include "utils/util_unfold.h"
+#include "utils/util.h"
+
#include "decode_b64.h"
#include "decode_bit.h"
#include "decode_qp.h"
#include "decode_uu.h"
-#include "utils/util_unfold.h"
-#include "utils/util.h"
void MimeDecode::reset_decoded_bytes()
{
//--------------------------------------------------------------------------
// Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
-// Copyright (C) 1998-2013 Sourcefire, Inc.
//
// This program is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License Version 2 as published
#include <stdlib.h>
-#include "decode_base.h"
-#include "file_mime_config.h"
-
-#include "main/snort_types.h"
#include "framework/counts.h"
+#include "main/snort_types.h"
+#include "mime/decode_base.h"
+#include "mime/file_mime_config.h"
enum DecodeType
{
private:
DecodeType decode_type = DECODE_NONE;
DecodeConfig* config;
- DataDecode* decoder = NULL;
+ DataDecode* decoder = nullptr;
};
#endif
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-/*
-** Author(s): Hui Cao <huica@cisco.com>
-**
-** NOTES
-** 9.25.2012 - Initial Source Code. Hui Cao
-*/
+
+// file_mime_log.cc author Hui Cao <huica@cisco.com>
+// 9.25.2012 - Initial Source Code. Hui Cao
#include "file_mime_log.h"
//--------------------------------------------------------------------------
// Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
-// Copyright (C) 2012-2013 Sourcefire, Inc.
//
// This program is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License Version 2 as published
// File name will be extracted from MIME header
// Email headers and emails are also stored in the log buffer
-#include "file_mime_config.h"
-#include "file_mime_log.h"
+#include "mime/file_mime_config.h"
#include "file_api/file_api.h"
enum EmailUserType
public:
MailLogState(MailLogConfig* conf);
~MailLogState();
+
/* accumulate MIME attachment filenames. The filenames are appended by commas */
int log_file_name (const uint8_t* start, int length, bool* disp_cont);
- void set_file_name_from_log (Flow* flow);
- int log_email_hdrs (const uint8_t* start, int length);
- int log_email_id (const uint8_t* start, int length, EmailUserType type);
+ void set_file_name_from_log(Flow*);
+
+ int log_email_hdrs(const uint8_t* start, int length);
+ int log_email_id (const uint8_t* start, int length, EmailUserType);
+
void get_file_name (uint8_t** buf, uint32_t* len);
void get_email_hdrs (uint8_t** buf, uint32_t* len);
- void get_email_id (uint8_t** buf, uint32_t* len, EmailUserType type);
+ void get_email_id (uint8_t** buf, uint32_t* len, EmailUserType);
+
bool is_file_name_present();
bool is_email_hdrs_present();
bool is_email_from_present();
private:
int extract_file_name(const char** start, int length, bool* disp_cont);
int log_flags = 0;
- uint8_t* buf = NULL;
+ uint8_t* buf = nullptr;
unsigned char* emailHdrs;
uint32_t log_depth;
uint32_t hdrs_logged;
- uint8_t* recipients = NULL;
+ uint8_t* recipients = nullptr;
uint16_t rcpts_logged;
- uint8_t* senders = NULL;
+ uint8_t* senders = nullptr;
uint16_t snds_logged;
- uint8_t* filenames = NULL;
+ uint8_t* filenames = nullptr;
uint16_t file_logged;
uint16_t file_current;
};
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-/*
-** Author(s): Hui Cao <huica@cisco.com>
-**
-** NOTES
-** 9.25.2012 - Initial Source Code. Hui Cao
-*/
+
+// file_mime_paf.cc author Hui Cao <huica@cisco.com>
+// 9.25.2012 - Initial Source Code. Hui Cao
#include "file_mime_paf.h"
#include "main/snort_types.h"
#include "main/snort_debug.h"
#include "file_api/file_api.h"
+
#include "file_mime_config.h"
static const char* boundary_str = "boundary=";
//--------------------------------------------------------------------------
// Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
-// Copyright (C) 2012-2013 Sourcefire, Inc.
//
// This program is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License Version 2 as published
// Provides list of MIME processing functions. Encoded file data will be decoded
// and file name will be extracted from MIME header
-#include <pcre.h>
-
-#include "decode_base.h"
-#include "file_mime_config.h"
+#include "mime/decode_base.h"
+#include "mime/file_mime_config.h"
#include "file_api/file_api.h"
/* State tracker for data */
struct MimeDataPafInfo
{
MimeDataState data_state;
- char boundary[ MAX_MIME_BOUNDARY_LEN + 1]; /* MIME boundary string + '\0' */
+ char boundary[ MAX_MIME_BOUNDARY_LEN + 1]; /* MIME boundary string + '\0' */
int boundary_len;
char* boundary_search;
MimeBoundaryState boundary_state;
return false;
}
-SO_PUBLIC void reset_mime_paf_state(MimeDataPafInfo *data_info);
+SO_PUBLIC void reset_mime_paf_state(MimeDataPafInfo*);
+
/* Process data boundary and flush each file based on boundary*/
-SO_PUBLIC bool process_mime_paf_data(MimeDataPafInfo *data_info, uint8_t val);
-SO_PUBLIC bool check_data_end(void *end_state, uint8_t val);
+SO_PUBLIC bool process_mime_paf_data(MimeDataPafInfo*, uint8_t val);
+SO_PUBLIC bool check_data_end(void* end_state, uint8_t val);
#endif
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-/*
-** Author(s): Hui Cao <huica@cisco.com>
-**
-** NOTES
-** 9.25.2012 - Initial Source Code. Hui Cao
-*/
+
+// file_mime_process.cc author Hui Cao <huica@cisco.com>
+// 9.25.2012 - Initial Source Code. Hui Cao
#include "file_mime_process.h"
#include "config.h"
#endif
-#include "file_mime_config.h"
-#include "file_mime_decode.h"
-#include "file_api/file_api.h"
-#include "file_api/file_flows.h"
-
#include "main/snort_types.h"
-#include "search_engines/search_tool.h"
-#include "protocols/packet.h"
#include "detection/detection_util.h"
+#include "file_api/file_api.h"
+#include "file_api/file_flows.h"
#include "framework/data_bus.h"
+#include "protocols/packet.h"
+#include "search_engines/search_tool.h"
#include "utils/util.h"
+#include "file_mime_config.h"
+#include "file_mime_decode.h"
+
struct MimeToken
{
const char* name;
//--------------------------------------------------------------------------
// Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
-// Copyright (C) 2012-2013 Sourcefire, Inc.
//
// This program is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License Version 2 as published
#include "main/snort_types.h"
#include "file_api/file_api.h"
-#include "file_mime_config.h"
-#include "file_mime_paf.h"
-#include "file_mime_log.h"
-#include "file_mime_decode.h"
+#include "mime/file_mime_config.h"
+#include "mime/file_mime_paf.h"
+#include "mime/file_mime_log.h"
+#include "mime/file_mime_decode.h"
/* state flags */
#define MIME_FLAG_FOLDING 0x00000001
public:
MimeSession(DecodeConfig*, MailLogConfig*);
virtual ~MimeSession();
+
static void init();
static void exit();
- const uint8_t* process_mime_data(Flow *flow, const uint8_t *data, int data_size,
- bool upload, FilePosition position);
+
+ const uint8_t* process_mime_data(Flow*, const uint8_t *data, int data_size,
+ bool upload, FilePosition);
+
int get_data_state();
void set_data_state(int);
MailLogState* get_log_state();
void set_mime_stats(MimeStats*);
protected:
- MimeDecode* decode_state = NULL;
+ MimeDecode* decode_state = nullptr;
private:
int data_state = STATE_DATA_INIT;
int state_flags = 0;
MimeDataPafInfo mime_boundary;
- DecodeConfig* decode_conf = NULL;
- MailLogConfig* log_config = NULL;
- MailLogState* log_state = NULL;
- MimeStats* mime_stats = NULL;
+ DecodeConfig* decode_conf = nullptr;
+ MailLogConfig* log_config = nullptr;
+ MailLogState* log_state = nullptr;
+ MimeStats* mime_stats = nullptr;
// SMTP, IMAP, POP might have different implementation for this
virtual int handle_header_line(const uint8_t*, const uint8_t*, int) { return 0; }
virtual int normalize_data(const uint8_t* , const uint8_t* ) { return 0; }
- virtual void decode_alert() {}
- virtual void reset_state(Flow* ) {}
+ virtual void decode_alert() { }
+ virtual void reset_state(Flow* ) { }
virtual bool is_end_of_data(Flow* ) { return false; }
void reset_mime_state();
void setup_decode(const char* data, int size, bool cnt_xf);
const uint8_t* process_mime_header(const uint8_t* ptr, const uint8_t* data_end_marker);
const uint8_t* process_mime_body(const uint8_t* ptr, const uint8_t* data_end,bool is_data_end);
- const uint8_t* process_mime_data_paf(Flow* flow, const uint8_t* start, const uint8_t* end,
- bool upload, FilePosition position);
+ const uint8_t* process_mime_data_paf(Flow*, const uint8_t* start, const uint8_t* end,
+ bool upload, FilePosition);
};
#endif
#include <cstdint>
#include "log/messages.h"
-#include "loggers/unified2_common.h"
+#include "log/unified2.h"
#include "utils/sflsq.h"
#include "utils/util.h"
x_include_HEADERS = \
pat_stats.h \
-search_common.h
+search_common.h \
+search_tool.h
acsmx_sources = \
ac_std.cc \
search_engines.cc \
search_engines.h \
search_tool.cc \
-search_tool.h \
$(bnfa_sources) \
$(hyper_sources)
dns \
ftp_telnet \
gtp \
-http_inspect \
imap \
modbus \
nhttp_inspect \
extern const BaseApi* sin_ftp_server;
extern const BaseApi* sin_ftp_data;
extern const BaseApi* sin_gtp;
-extern const BaseApi* sin_http_global;
-extern const BaseApi* sin_http_inspect;
extern const BaseApi* sin_modbus;
extern const BaseApi* sin_nhttp;
extern const BaseApi* sin_rpc_decode;
sin_ftp_server,
sin_ftp_data,
sin_gtp,
- sin_http_global,
- sin_http_inspect,
sin_modbus,
sin_nhttp,
sin_rpc_decode,
#include "utils/sfsnprintfappend.h"
#include "target_based/snort_protocols.h"
#include "protocols/ssl.h"
-#include "loggers/unified2_common.h"
+#include "log/unified2.h"
#include "detection/detection_util.h"
#include "utils/safec.h"
x_include_HEADERS = \
bitop.h \
dnet_header.h \
+kmap.h \
safec.h \
segment_mem.h \
sflsq.h \
sfmemcap.h \
+sfsnprintfappend.h \
snort_bounds.h \
stats.h \
-util.h
+util.h \
+util_jsnorm.h \
+util_unfold.h \
+util_utf.h
libutils_a_SOURCES = \
boyer_moore.cc boyer_moore.h \
dyn_array.cc dyn_array.h \
-kmap.cc kmap.h \
+kmap.cc \
segment_mem.cc \
sflsq.cc \
sfmemcap.cc \
-sfsnprintfappend.cc sfsnprintfappend.h \
+sfsnprintfappend.cc \
snort_bounds.h \
stats.cc \
util.cc \
-util_jsnorm.cc util_jsnorm.h \
+util_jsnorm.cc \
util_net.cc util_net.h \
-util_unfold.cc util_unfold.h \
-util_utf.cc util_utf.h
+util_unfold.cc \
+util_utf.cc
#include <stdio.h>
#include <stdint.h>
-#include "loggers/unified2_common.h"
+#include "log/unified2.h"
struct u2record
{
projects / thirdparty / snort3.git / commitdiff
