include(CTest)
add_custom_target (check COMMAND ${CMAKE_CTEST_COMMAND})
add_dependencies (check snort)
- add_test (catch_tests ${CMAKE_CURRENT_BINARY_DIR}/src/snort --catch-test all)
+ #add_test (catch_tests ${CMAKE_CURRENT_BINARY_DIR}/src/snort --catch-test all)
endif (ENABLE_UNIT_TESTS)
add_subdirectory (src)
*/
{
Profile exclude(hiPerfStats);
- DetectionEngine de;
- de.detect(p);
+ DetectionEngine::detect(p);
}
/*
#include "packet.h"
+#include "framework/endianness.h"
#include "log/obfuscator.h"
#include "managers/codec_manager.h"
}
obfuscator = nullptr;
+ endianness = nullptr;
reset();
}
void Packet::reset()
{
- if (obfuscator)
+ if ( obfuscator )
delete obfuscator;
+ if ( endianness )
+ delete endianness; // FIXIT-L dce2 leaks in a few cases
+
flow = nullptr;
endianness = nullptr;
obfuscator = nullptr;
#include "dce_co.h"
-#include "detection/detection_engine.h"
#include "main/snort_debug.h"
#include "utils/util.h"
********************************************************************/
static void DCE2_CoReassemble(DCE2_SsnData* sd, DCE2_CoTracker* cot, DCE2_CoRpktType co_rtype)
{
- DetectionEngine de;
-
DceRpcCoHdr* co_hdr = nullptr;
Packet* rpkt = dce_co_reassemble(sd,cot,co_rtype,&co_hdr);
********************************************************************/
static void DCE2_CoSegDecode(DCE2_SsnData* sd, DCE2_CoTracker* cot, DCE2_CoSeg* seg)
{
- DetectionEngine de;
-
const uint8_t* frag_ptr = nullptr;
uint16_t frag_len = 0;
dce2CommonStats* dce_common_stats = dce_get_proto_stats_ptr(sd);
void DCE2_FileDetect()
{
- Packet* top_pkt = DetectionEngine::set_packet();
- DetectionEngine de;
+ Packet* top_pkt = DetectionEngine::get_current_packet();
DebugMessage(DEBUG_DCE_SMB, "Payload:\n");
DCE2_PrintPktData(top_pkt->data, top_pkt->dsize);
Profile profile(dce2_smb_pstat_smb_file_detect);
-
DetectionEngine::detect(top_pkt);
// Reset file data pointer after detecting
#include "dce_udp.h"
-#include "detection/detection_engine.h"
#include "flow/session.h"
#include "main/snort_debug.h"
#include "utils/safec.h"
static void DCE2_ClFragReassemble(
DCE2_SsnData* sd, DCE2_ClActTracker* at, const DceRpcClHdr* cl_hdr)
{
- DetectionEngine de;
-
uint8_t dce2_cl_rbuf[IP_MAXPACKET];
DCE2_ClFragTracker* ft = &at->frag_tracker;
uint8_t* rdata = dce2_cl_rbuf;
uint8_t* data, unsigned len, uint32_t flags, unsigned& copied) override;
bool finish(Flow* flow) override;
bool is_paf() override { return true; }
+
+ // FIXIT-M should return actual packet buffer size
unsigned max(Flow*) override { return HttpEnums::MAX_OCTETS; }
private:
// stream_libtcp_unit_test.h author davis mcpherson <davmcphe@@cisco.com>
// Created on: Jul 30, 2015
+#include "stream_tcp_unit_test.h"
+
#ifndef STREAM_LIBTCP_UNIT_TEST
#define STREAM_LIBTCP_UNIT_TEST
#include "stream_tcp_unit_test.h"
+#include "detection/ips_context.h"
#include "protocols/packet.h"
+#include "protocols/tcp.h"
+#include "stream/tcp/tcp_session.h"
// SYN PACKET
// IP 192.168.0.89.9012 > p3nlh044.shr.prod.phx3.secureserver.net.http: Flags [S], seq 9050, win
pkt->pkth = initDaqHdr();
pkt->dsize = 0;
+ pkt->context = new IpsContext(1);
+ pkt->flow->session = new TcpSession(flow);
+
return pkt;
}
+void release_packet(Packet* p)
+{
+ delete p->flow->session;
+ delete p->context;
+ delete p;
+}
+
Packet* get_syn_packet(Flow* flow)
{
Packet* pkt = init_packet(flow, PKT_FROM_CLIENT);
Packet* get_rst_packet(Flow*);
Packet* get_data_packet(Flow*);
+void release_packet(Packet*);
+
#endif
SECTION("stop inspection")
{
Packet* pkt = get_syn_packet(flow);
- pkt->flow->session = new TcpSession(flow);
int dir;
Stream::stop_inspection(flow, pkt, SSN_DIR_FROM_CLIENT, 0, 0);
CHECK( ( dir == SSN_DIR_FROM_SERVER ) );
CHECK( ( flow->flow_state == Flow::FlowState::ALLOW ) );
- delete pkt->flow->session;
- delete pkt;
+ release_packet(pkt);
}
SECTION("stop inspection from server - client packet")
{
Packet* pkt = get_syn_packet(flow);
- pkt->flow->session = new TcpSession(flow);
Stream::stop_inspection(flow, pkt, SSN_DIR_FROM_SERVER, 0, 0);
bool ignored = Stream::ignored_flow(flow, pkt);
CHECK(ignored);
- delete pkt->flow->session;
- delete pkt;
+ release_packet(pkt);
}
SECTION("stop inspection from server - server packet")
{
Packet* pkt = get_syn_ack_packet(flow);
- pkt->flow->session = new TcpSession(flow);
Stream::stop_inspection(flow, pkt, SSN_DIR_FROM_SERVER, 0, 0);
bool ignored = Stream::ignored_flow(flow, pkt);
CHECK(!ignored);
- delete pkt->flow->session;
- delete pkt;
+
+ release_packet(pkt);
}
SECTION("stop inspection from client - client packet")
{
Packet* pkt = get_syn_packet(flow);
- pkt->flow->session = new TcpSession(flow);
Stream::stop_inspection(flow, pkt, SSN_DIR_FROM_CLIENT, 0, 0);
bool ignored = Stream::ignored_flow(flow, pkt);
CHECK(!ignored);
- delete pkt->flow->session;
- delete pkt;
+ release_packet(pkt);
}
SECTION("stop inspection from client - server packet")
{
Packet* pkt = get_syn_ack_packet(flow);
- pkt->flow->session = new TcpSession(flow);
Stream::stop_inspection(flow, pkt, SSN_DIR_FROM_CLIENT, 0, 0);
bool ignored = Stream::ignored_flow(flow, pkt);
CHECK(ignored);
- delete pkt->flow->session;
- delete pkt;
+
+ release_packet(pkt);
}
SECTION("stop inspection both - client packet")
{
Packet* pkt = get_syn_packet(flow);
- pkt->flow->session = new TcpSession(flow);
Stream::stop_inspection(flow, pkt, SSN_DIR_BOTH, 0, 0);
bool ignored = Stream::ignored_flow(flow, pkt);
CHECK(ignored);
- delete pkt->flow->session;
- delete pkt;
+ release_packet(pkt);
}
SECTION("stop inspection both - server packet")
{
Packet* pkt = get_syn_ack_packet(flow);
- pkt->flow->session = new TcpSession(flow);
Stream::stop_inspection(flow, pkt, SSN_DIR_BOTH, 0, 0);
bool ignored = Stream::ignored_flow(flow, pkt);
CHECK(ignored);
- delete pkt->flow->session;
- delete pkt;
+
+ release_packet(pkt);
}
delete flow;
Flow* flow = new Flow;
Packet* pkt = get_syn_packet(flow);
- pkt->flow->session = new TcpSession(flow);
Cursor cursor(pkt);
SECTION("reassembler initialization")
== STREAM_FLPOLICY_IGNORE ) );
}
#endif
- delete pkt->flow->session;
- delete pkt;
+ release_packet(pkt);
delete flow;
ips_stream_reassemble->mod_dtor(reassembler);
}
void UserTracker::term()
{
- delete splitter;
- splitter = nullptr;
+ if ( splitter )
+ delete splitter;
+
+ for ( auto* p : seg_list )
+ snort_free(p);
+
+ seg_list.clear();
}
-void UserTracker::detect(const Packet* p, const StreamBuffer& sb, uint32_t flags)
+void UserTracker::detect(
+ const Packet* p, const StreamBuffer& sb, uint32_t flags, Packet* up)
{
- Packet up(false);
+ up->pkth = p->pkth;
+ up->ptrs = p->ptrs;
+ up->flow = p->flow;
+ up->data = sb.data;
+ up->dsize = sb.length;
- up.pkth = p->pkth;
- up.ptrs = p->ptrs;
- up.flow = p->flow;
- up.data = sb.data;
- up.dsize = sb.length;
+ up->proto_bits = p->proto_bits;
+ up->pseudo_type = PSEUDO_PKT_USER;
- up.proto_bits = p->proto_bits;
- up.pseudo_type = PSEUDO_PKT_USER;
+ up->packet_flags = flags | PKT_REBUILT_STREAM | PKT_PSEUDO;
+ up->packet_flags |= (p->packet_flags & (PKT_FROM_CLIENT|PKT_FROM_SERVER));
+ up->packet_flags |= (p->packet_flags & (PKT_STREAM_EST|PKT_STREAM_UNEST_UNI));
- up.packet_flags = flags | PKT_REBUILT_STREAM | PKT_PSEUDO;
- up.packet_flags |= (p->packet_flags & (PKT_FROM_CLIENT|PKT_FROM_SERVER));
- up.packet_flags |= (p->packet_flags & (PKT_STREAM_EST|PKT_STREAM_UNEST_UNI));
-
- trace_logf(stream_user, "detect[%d]\n", up.dsize);
- Snort::inspect(&up);
+ trace_logf(stream_user, "detect[%d]\n", up->dsize);
+ Snort::inspect(up);
}
int UserTracker::scan(Packet* p, uint32_t& flags)
if ( seg_list.empty() )
return -1;
+ DetectionEngine::onload(p->flow);
std::list<UserSegment*>::iterator it;
for ( it = seg_list.begin(); it != seg_list.end(); ++it)
StreamBuffer sb = { nullptr, 0 };
trace_logf(stream_user, "flush[%d]\n", flush_amt);
uint32_t rflags = flags & ~PKT_PDU_TAIL;
+ Packet* up = DetectionEngine::set_packet();
while ( !seg_list.empty() and bytes_flushed < flush_amt )
{
len = flush_amt - bytes_flushed;
if ( len + bytes_flushed == flush_amt )
+ {
rflags |= (flags & PKT_PDU_TAIL);
+ len = flush_amt;
+ }
trace_logf(stream_user, "reassemble[%d]\n", len);
sb = splitter->reassemble(
rflags &= ~PKT_PDU_HEAD;
if ( sb.data )
- detect(p, sb, flags);
+ detect(p, sb, flags, up);
if ( bytes_copied == us->get_len() )
{
if ( avail < p->dsize )
{
UserSegment* us = UserSegment::init(p->data+avail, p->dsize-avail);
-
- if ( !us )
- return;
-
seg_list.push_back(us);
}
total += p->dsize;
void add_data(Packet*);
int scan(Packet*, uint32_t&);
void flush(struct Packet*, unsigned, uint32_t);
- void detect(const struct Packet*, const struct StreamBuffer&, uint32_t);
+ void detect(const struct Packet*, const struct StreamBuffer&, uint32_t, Packet* up);
std::list<UserSegment*> seg_list;
StreamSplitter* splitter;
projects / thirdparty / snort3.git / commitdiff
