libatomic: System-provided")
endif ()
-if (HAVE_FLATBUFFERS)
- message("\
- Flatbuffers: ON")
-else ()
- message("\
- Flatbuffers: OFF")
-endif ()
-
if (HAVE_HYPERSCAN)
message("\
Hyperscan: ON")
+++ /dev/null
-find_path(FLATBUFFERS_INCLUDE_DIR flatbuffers/flatbuffers.h
- HINTS ${FLATBUFFERS_INCLUDE_DIR_HINT})
-find_library(FLATBUFFERS_LIBRARIES NAMES flatbuffers
- HINTS ${FLATBUFFERS_LIBRARIES_DIR_HINT})
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(Flatbuffers DEFAULT_MSG FLATBUFFERS_LIBRARIES FLATBUFFERS_INCLUDE_DIR)
-
-mark_as_advanced(FLATBUFFERS_INCLUDE_DIR FLATBUFFERS_LIBRARIES)
-
-if (FLATBUFFERS_LIBRARIES)
- set(HAVE_FLATBUFFERS "1")
-endif()
set ( SHELL ${ENABLE_SHELL} )
set ( UNIT_TEST ${ENABLE_UNIT_TESTS} )
-set ( PIGLET ${ENABLE_PIGLET} )
if ( ENABLE_BENCHMARK_TESTS )
add_definitions( -DBENCHMARK_TEST )
option ( ENABLE_SHELL "enable shell support" OFF )
option ( ENABLE_UNIT_TESTS "enable unit tests" OFF )
option ( ENABLE_BENCHMARK_TESTS "enable benchmark tests" OFF )
-option ( ENABLE_PIGLET "enable piglet test harness" OFF )
option ( ENABLE_COREFILES "Prevent Snort from generating core files" ON )
option ( ENABLE_LARGE_PCAP "Enable support for pcaps larger than 2 GB" OFF )
set(TSC_CPPFLAGS "-DUSE_TSC_CLOCK")
endif()
-if(FLATBUFFERS_INCLUDE_DIR)
- set(FLATBUFFERS_CPPFLAGS "-I${FLATBUFFERS_INCLUDE_DIR}")
-endif()
-
if(FLEX_INCLUDES)
set(FLEX_CPPFLAGS "-I${FLEX_INCLUDES}")
endif()
if (ENABLE_SAFEC)
find_package(SafeC QUIET)
endif (ENABLE_SAFEC)
-find_package(Flatbuffers QUIET)
find_package(ICONV QUIET)
find_package(UUID QUIET)
find_package(Libunwind)
/* do not generate a core file on segfault etc */
#cmakedefine NOCOREFILE 1
-/* enable piglet */
-#cmakedefine PIGLET 1
-
/* enable command shell */
#cmakedefine SHELL 1
/* Available libraries */
-/* flatbuffers available */
-#cmakedefine HAVE_FLATBUFFERS 1
-
/* hyperscan available */
#cmakedefine HAVE_HYPERSCAN 1
#cmakedefine HAVE_HS_COMPILE_LIT 1
--enable-appid-third-party
enable third party appid
--enable-unit-tests build unit tests
- --enable-piglet build piglet test harness
--enable-ccache enable ccache support
--disable-static-daq link static DAQ modules
--disable-html-docs don't create the HTML documentation
libhs library directory
--with-atomic-libraries=DIR
atomic library directory
- --with-flatbuffers-includes=DIR
- flatbuffers include directory
- --with-flatbuffers-libraries=DIR
- flatbuffers library directory
--with-flex-prefix=DIR
flex prefix directory
--with-flex-includes=DIR
--disable-benchmark-tests)
append_cache_entry ENABLE_BENCHMARK_TESTS BOOL false
;;
- --enable-piglet)
- append_cache_entry ENABLE_PIGLET BOOL true
- ;;
- --disable-piglet)
- append_cache_entry ENABLE_PIGLET BOOL false
- ;;
--enable-ccache)
append_cache_entry CMAKE_CXX_COMPILER_LAUNCHER STRING ccache
append_cache_entry CMAKE_C_COMPILER_LAUNCHER STRING ccache
--with-atomic-libraries=*)
append_cache_entry ATOMIC_LIBRARIES_DIR_HINT PATH $optarg
;;
- --with-flatbuffers-includes=*)
- append_cache_entry FLATBUFFERS_INCLUDE_DIR_HINT PATH $optarg
- ;;
- --with-flatbuffers-libraries=*)
- append_cache_entry FLATBUFFERS_LIBRARIES_DIR_HINT PATH $optarg
- ;;
--with-flex-prefix=*)
append_cache_entry CMAKE_PREFIX_PATH PATH $optarg
;;
return TraceApi::override_logger_factory(sc, new FooFactory());
}
-
-=== Piglet Test Harness
-
-In order to assist with plugin development, an experimental mode called "piglet" mode
-is provided. With piglet mode, you can call individual methods for a specific plugin.
-The piglet tests are specified as Lua scripts. Each piglet test script defines a test
-for a specific plugin.
-
-Here is a minimal example of a piglet test script for the IPv4 Codec plugin:
-
- plugin =
- {
- type = "piglet",
- name = "codec::ipv4",
- use_defaults = true,
- test = function()
- local daq_header = DAQHeader.new()
- local raw_buffer = RawBuffer.new("some data")
- local codec_data = CodecData.new()
- local decode_data = DecodeData.new()
-
- return Codec.decode(
- daq_header,
- raw_buffer,
- codec_data,
- decode_data
- )
- end
- }
-
-To run snort in piglet mode, first build snort with the ENABLE_PIGLET option turned on
-(pass the flag -DENABLE_PIGLET:BOOL=ON in cmake).
-
-Then, run the following command:
-
- snort --script-path $test_scripts --piglet
-
-(where $test_scripts is the directory containing your piglet tests).
-
-The test runner will generate a check-like output, indicating the
-the results of each test script.
-
-=== Piglet Lua API
-
-This section documents the API that piglet exposes to Lua.
-Refer to the piglet directory in the source tree for examples of usage.
-
-Note: Because of the differences between the Lua and C\++ data model and type
-system, not all parameters map directly to the parameters of the underlying
-C\++ member functions. Every effort has been made to keep the mappings consist,
-but there are still some differences. They are documented below.
-
-==== Plugin Instances
-
-For each test, piglet instantiates plugin specified in the ++name++ field of the
-++plugin++ table. The virtual methods of the instance are exposed in a table
-unique to each plugin type. The name of the table is the CamelCase name of the
-plugin type.
-
-For example, codec plugins have a virtual method called ++decode++. This method
-is called like this:
-
- Codec.decode(...)
-
-*Codec*
-
-* ++Codec.get_data_link_type() -> { int, int, ... }++
-* ++Codec.get_protocol_ids() -> { int, int, ... }++
-* ++Codec.decode(DAQHeader, RawBuffer, CodecData, DecodeData) -> bool++
-* ++Codec.log(RawBuffer, uint[lyr_len])++
-* ++Codec.encode(RawBuffer, EncState, Buffer) -> bool++
-* ++Codec.update(uint[flags_hi], uint[flags_lo], RawBuffer, uint[lyr_len] -> int++
-* ++Codec.format(bool[reverse], RawBuffer, DecodeData)++
-
-Differences:
-
-* In ++Codec.update()++, the ++(uint64_t) flags++ parameter has been split into
-++flags_hi++ and ++flags_lo++
-
-*Inspector*
-
-* ++Inspector.configure()++
-* ++Inspector.tinit()++
-* ++Inspector.tterm()++
-* ++Inspector.likes(Packet)++
-* ++Inspector.eval(Packet)++
-* ++Inspector.clear(Packet)++
-* ++Inspector.get_buf_from_key(string[key], Packet, RawBuffer) -> bool++
-* ++Inspector.get_buf_from_id(uint[id], Packet, RawBuffer) -> bool++
-* ++Inspector.get_buf_from_type(uint[type], Packet, RawBuffer) -> bool++
-* ++Inspector.get_splitter(bool[to_server]) -> StreamSplitter++
-
-Differences:
-* In ++Inspector.configure()++, the ++SnortConfig*++ parameter is passed implicitly.
-* the overloaded ++get_buf()++ member function has been split into three separate methods.
-
-*IpsOption*
-
-* ++IpsOption.hash() -> int++
-* ++IpsOption.is_relative() -> bool++
-* ++IpsOption.fp_research() -> bool++
-* ++IpsOption.get_cursor_type() -> int++
-* ++IpsOption.eval(Cursor, Packet) -> int++
-* ++IpsOption.action(Packet)++
-
-*IpsAction*
-
-* ++IpsAction.exec(Packet)++
-
-*Logger*
-
-* ++Logger.open()++
-* ++Logger.close()++
-* ++Logger.reset()++
-* ++Logger.alert(Packet, string[message], Event)++
-* ++Logger.log(Packet, string[message], Event)++
-
-*SearchEngine*
-
-Currently, SearchEngine does not expose any methods.
-
-*SoRule*
-
-Currently, SoRule does not expose any methods.
-
-===== Interface Objects
-
-Many of the plugins take C\++ classes and structs as arguments. These objects
-are exposed to the Lua API as Lua userdata. Exposed objects are instantiated
-by calling the ++new++ method from each object's method table.
-
-For example, the DecodeData object can be instantiated and exposed to Lua
-like this:
-
- local decode_data = DecodeData.new(...)
-
-Each object also exposes useful methods for getting and setting member variables,
-and calling the C\++ methods contained in the the object. These methods can
-be accessed using the ++:++ accessor syntax:
-
- decode_data:set({ sp = 80, dp = 3500 })
-
-Since this is just syntactic sugar for passing the object as the first parameter
-of the function ++DecodeData.set++, an equivalent form is:
-
- decode_data.set(decode_data, { sp = 80, dp = 3500 })
-
-or even:
-
- DecodeData.set(decode_data, { sp = 80, dp = 3500 })
-
-*Buffer*
-
-* ++Buffer.new(string[data]) -> Buffer++
-* ++Buffer.new(uint[length]) -> Buffer++
-* ++Buffer.new(RawBuffer) -> Buffer++
-* ++Buffer:allocate(uint[length]) -> bool++
-* ++Buffer:clear()++
-
-*CodecData*
-
-* ++CodecData.new() -> CodecData++
-* ++CodecData.new(uint[next_prot_id]) -> CodecData++
-* ++CodecData.new(fields) -> CodecData++
-
-* ++CodecData:get() -> fields++
-* ++CodecData:set(fields)++
-
-++fields++ is a table with the following contents:
-
-* ++next_prot_id++
-* ++lyr_len++
-* ++invalid_bytes++
-* ++proto_bits++
-* ++codec_flags++
-* ++ip_layer_cnt++
-* ++ip6_extension_count++
-* ++curr_ip6_extension++
-* ++ip6_csum_proto++
-
-*Cursor*
-
-* ++Cursor.new() -> Cursor++
-* ++Cursor.new(Packet) -> Cursor++
-* ++Cursor.new(string[data]) -> Cursor++
-* ++Cursor.new(RawBuffer) -> Cursor++
-* ++Cursor:reset()++
-* ++Cursor:reset(Packet)++
-* ++Cursor:reset(string[data])++
-* ++Cursor:reset(RawBuffer)++
-
-*DAQHeader*
-
-* ++DAQHeader.new() -> DAQHeader++
-* ++DAQHeader.new(fields) -> DAQHeader++
-* ++DAQHeader:get() -> fields++
-* ++DAQHeader:set(fields)++
-
-++fields++ is a table with the following contents:
-
-* ++caplen++
-* ++pktlen++
-* ++ingress_index++
-* ++egress_index++
-* ++ingress_group++
-* ++egress_group++
-* ++flags++
-* ++opaque++
-
-*DecodeData*
-
-* ++DecodeData.new() -> DecodeData++
-* ++DecodeData.new(fields) -> DecodeData++
-* ++DecodeData:reset()++
-* ++DecodeData:get() -> fields++
-* ++DecodeData:set(fields)++
-* ++DecodeData:set_ipv4_hdr(RawBuffer, uint[offset])++
-
-++fields++ is a table with the following contents:
-
-* ++sp++
-* ++dp++
-* ++decode_flags++
-* ++type++
-
-*EncState*
-
-* ++EncState.new() -> EncState++
-* ++EncState.new(uint[flags_lo]) -> EncState++
-* ++EncState.new(uint[flags_lo], uint[flags_hi]) -> EncState++
-* ++EncState.new(uint[flags_lo], uint[flags_hi], uint[next_proto]) -> EncState++
-* ++EncState.new(uint[flags_lo], uint[flags_hi], uint[next_proto], uint[ttl]) -> EncState++
-* ++EncState.new(uint[flags_lo], uint[flags_hi], uint[next_proto], uint[ttl], uint[dsize]) -> EncState++
-
-*Event*
-
-* ++Event.new() -> Event++
-* ++Event.new(fields) -> Event++
-* ++Event:get() -> fields++
-* ++Event:set(fields)++
-
-++fields++ is a table with the following contents:
-
-* ++event_id++
-* ++event_reference++
-* ++sig_info++
-** ++generator++
-** ++id++
-** ++rev++
-** ++class_id++
-** ++priority++
-** ++text_rule++
-** ++num_services++
-
-*Flow*
-
-* ++Flow.new() -> Flow++
-* ++Flow:reset()++
-
-*Packet*
-
-* ++Packet.new() -> Packet++
-* ++Packet.new(string[data]) -> Packet++
-* ++Packet.new(uint[size]) -> Packet++
-* ++Packet.new(fields) -> Packet++
-* ++Packet.new(RawBuffer) -> Packet++
-* ++Packet.new(DAQHeader) -> Packet++
-* ++Packet:set_decode_data(DecodeData)++
-* ++Packet:set_data(uint[offset], uint[length])++
-* ++Packet:set_flow(Flow)++
-* ++Packet:get() -> fields++
-* ++Packet:set() ++
-* ++Packet:set(string[data]) ++
-* ++Packet:set(uint[size]) ++
-* ++Packet:set(fields) ++
-* ++Packet:set(RawBuffer) ++
-* ++Packet:set(DAQHeader) ++
-
-++fields++ is a table with the following contents:
-
-* ++packet_flags++
-* ++xtradata_mask++
-* ++proto_bits++
-* ++application_protocol_ordinal++
-* ++alt_dsize++
-* ++num_layers++
-* ++iplist_id++
-* ++user_policy_id++
-* ++ps_proto++
-
-Note: ++Packet.new()++ and ++Packet:set()++ accept multiple arguments of the
-types described above in any order
-
-*RawBuffer*
-
-* ++RawBuffer.new() -> RawBuffer++
-* ++RawBuffer.new(uint[size]) -> RawBuffer++
-* ++RawBuffer.new(string[data]) -> RawBuffer++
-* ++RawBuffer:size() -> int++
-* ++RawBuffer:resize(uint[size])++
-* ++RawBuffer:write(string[data])++
-* ++RawBuffer:write(string[data], uint[size])++
-* ++RawBuffer:read() -> string++
-* ++RawBuffer:read(uint[end]) -> string++
-* ++RawBuffer:read(uint[start], uint[end]) -> string++
-
-Note: calling ++RawBuffer.new()++ with no arguments returns a RawBuffer of size 0
-
-*StreamSplitter*
-
-* ++StreamSplitter:scan(Flow, RawBuffer) -> int, int++
-* ++StreamSplitter:scan(Flow, RawBuffer, uint[len]) -> int, int++
-* ++StreamSplitter:scan(Flow, RawBuffer, uint[len], uint[flags]) -> int, int++
-* ++StreamSplitter:reassemble(Flow, uint[total], uint[offset], RawBuffer) -> int, RawBuffer++
-* ++StreamSplitter:reassemble(Flow, uint[total], uint[offset], RawBuffer, uint[len]) -> int, RawBuffer++
-* ++StreamSplitter:reassemble(Flow, uint[total], uint[offset], RawBuffer, uint[len], uint[flags]) -> int, RawBuffer++
-* ++StreamSplitter:finish(Flow) -> bool++
-
-Note: StreamSplitter does not have a ++new()++ method, it must be created by an inspector via
-++Inspector.get_splitter()++
-
-=== Performance Considerations for Developers
-
-* Since C compilers evaluate compound conditional expression from left to
- right, put the costly condition last. Put the often-false condition first
- in && expression. Put the often-true condition first in || expression.
-
-* Use emplace_back/emplace instead of push_back/insert on STL containers.
-
-* In general, unordered_map is faster than map for frequent lookups using
- integer key on relatively static collection of unsorted elements. Whereas,
- map is faster for frequent insertions/deletions/iterations and for
- non-integer key such as string or custom objects. Consider the same factors
- when deciding ordered vs. unordered multimap and set.
-
-* Iterate using range-based for loop with reference (i.e., auto&).
-
-* Be mindful of construction and destruction of temporary objects which can
- be wasteful. Consider using std::move, std::swap, lvalue reference (&),
- and rvalue reference (&&).
-
-* Avoid thread-local storage. When unavoidable, minimize frequent TLS access
- by caching it to a local variable.
-
-* When writing inter-library APIs, consider interfaces depending on use cases
- to minimize context switching. For example, if two APIs foo() and bar() are
- needed to call, combine these into a single API to minimize jumps.
These options are built only if the required libraries and headers are
present. There is no need to explicitly enable.
-* *flatbuffers*: for an alternative perf_monitor logging format.
-
* *hyperscan* >= 4.4.0: for the regex and sd_pattern rule options and the hyperscan
search engine.
* *--with-pkg-libraries*: specify the directory containing the package
libraries.
-These can be used for pcap, luajit, pcre, dnet, daq, lzma, openssl,
-flatbuffers, iconv, and hyperscan packages. For more information on
-these libraries see the Getting Started section of the manual.
+These can be used for pcap, luajit, pcre, dnet, daq, lzma, openssl, iconv, and hyperscan packages.
+For more information on these libraries see the Getting Started section of the manual.
Some things Snort++ can do today that Snort can not do:
* regex fast patterns, not just literals
-* FlatBuffers and JSON perf monitor logs
+* JSON perf monitor logs
* LuaJIT scriptable rule options and loggers
* pub/sub inspection events (currently used by sip and http_inspect to appid)
* JIT buffer stuffers (notably with new http_inspect)
* New performance monitor
* New time and space profiling
* New latency monitoring and enforcement
-* Piglets to facilitate component testing
* Inspection Events
* Autogenerate reference documentation
* New performance monitor
* New time and space profiling
* New latency monitoring and enforcement
-* Piglets to facilitate component testing
* Inspection Events
* Autogenerate reference documentation
==== Formatters
-Performance monitor allows statistics to be output in a few formats. Along with
-human readable text (as seen at shutdown) and csv formats, a Flatbuffers binary
-format is also available if Flatbuffers is present at build. A utility for
-accessing the statistics generated in this format has been included for
-convenience (see fbstreamer in tools). This tool generates a YAML array of
-records found, allowing the data to be read by humans or passed into other
-analysis tools. For information on working directly with the Flatbuffers file
-format used by Performance monitor, see the developer notes for Performance
-monitor or the code provided for fbstreamer.
+Performance monitor allows statistics to be output in a few formats. Along with human readable text
+(as seen at shutdown) and csv formats, a JSON format format is also available.
+
* dblatex from http://dblatex.sourceforge.net to build the pdf manual (in
addition to asciidoc)
-* flatbuffers from https://google.github.io/flatbuffers/ for enabling the
- flatbuffers serialization format
-
* hyperscan >= 4.4.0 from https://github.com/01org/hyperscan to build new
the regex and sd_pattern rule options and hyperscan search engine.
Hyperscan is large so it recommended to follow their instructions for
+++ /dev/null
-do
- local table = table
- local meta = { __index = table}
-
- -- give tables metatable access to the table library
- function table.new(t)
- t = t or { }
- setmetatable(t, meta)
- return t
- end
-
- function table:imap(fn)
- local iter, a, s = ipairs(self)
- local closure = function(...)
- local i, v = iter(...)
- return i, fn(v)
- end
-
- return closure, self, 0
- end
-
- function table:ifilter(fn)
- local iter, a, s = ipairs(self)
- local closure = function(...)
- local i, v = iter(...)
- while i ~= nil and not fn(v) do
- i, v = iter(a, i)
- end
-
- return i, v
- end
-
- return closure, self, 0
- end
-
- function table:vomit(depth, seen, out)
- depth = depth or 0
-
- -- maintain a list of dumped tables to
- -- avoid infinite loops
- seen = seen or { }
- out = out or { }
-
- local indent = strint.rep(" ", level)
-
- for n, v in pairs(self) do
- if type(v) == "table" and not seen[v] then
- seen[v] = true
- table.insert(out, string.format("%s%s =", indent, tostring(n)))
- self.vomit(v, depth + 1, seen, out)
- else
- table.insert(out, string.format("%s%s = %s", indent, tostring(n), tostring(v)))
- end
- end
-
- return table.concat(out, "\n")
- end
-
- function meta:__tostring()
- if DEBUG then
- return self:vomit()
- else
- return table.__tostring(self)
- end
- end
-end
-
--- string library extensions
-do
- function string:encode_hex()
- local out = table.new()
-
- for tok in self:gmatch("%f[%x](%x%x)") do
- if tok:gmatch("^%x+$") then
- out:insert(string.char(tonumber(tok, 16)))
- end
- end
-
- return out:concat("")
- end
-
- function string:decode_printable()
- local out = table.new()
-
- for tok in self:gmatch(".") do
- if tok:match("%g") then
- out:insert(tok)
- else
- out:insert(".")
- end
- end
-
- return out:concat("")
- end
-
- function string:decode_hex()
- local out = table.new()
-
- for tok in self:gmatch(".") do
- out:insert(string.format("%02x", string.byte(tok)))
- end
-
- return out:concat(" ")
- end
-end
-
--- Assertions library
-check = { }
-do
- function raise(title, msg, lvl)
- lvl = lvl or 3
- local info = debug.getinfo(lvl)
- error(
- string.format(
- "%s:%d: %s: %s",
- info.short_src,
- info.currentline,
- title,
- msg
- )
- )
- end
-
- function check.tables_equal(exp, act)
- if exp == act then return end
-
- for n, e in pairs(exp) do
- local a = act[n]
- if a ~= e then
- raise(
- "tables unequal",
- string.format(
- "item with key %s differs (%s ~= %s)",
- tostring(n),
- tostring(e),
- tostring(a)
- )
- )
- end
- end
- end
-
- function check.arrays_equal(exp, act)
- if exp == act then return end
- if #exp ~= #act then
- raise(
- "arrays unequal",
- string.format(
- "lengths differ (#%d ~= #%d)",
- #exp, #act
- )
- )
- end
-
- for i, e in ipairs(exp) do
- local a = act[i]
- if e ~= a then
- raise(
- "arrays unequal",
- string.format(
- "item at index %d differs (%s ~= %s)",
- i, tostring(e), tostring(a)
- )
- )
- end
- end
- end
-
- function check.raises(fn, msg)
- local ok, err = pcall(fn)
- if ok then
- raise("did not throw", msg or "")
- end
- end
-
- function check.check(expr, msg)
- if not expr then
- raise("assertion failed", msg or "")
- end
- end
-end
-
--- Test runner
-function run_tests(tests)
- local failed = false
-
- for name, fn in pairs(tests) do
- ok, err = pcall(fn)
- if not ok then
- print("--", name, err)
- failed = true
- end
- end
-
- return not failed
-end
-
--- Misc utils
-packet = { }
-do
- function packet.construct_ip4(hdr, data)
- local rb = RawBuffer.new(hdr .. data)
- local dd = DecodeData.new()
- local p = Packet.new(rb)
-
- local ip_api = dd:get_ip_api()
- ip_api:set_ip4(rb)
-
- p:set_data(#hdr, #data)
- p:set { proto_bits = 4 }
- p:set_decode_data(dd)
-
- return p
- end
-end
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "codec::icmp4",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-PROTOCOL_IDS = { 1 }
-
-tests =
-{
- initialize = function()
- assert(Codec)
- end,
-
- get_protocol_ids = function()
- local rv = Codec.get_protocol_ids()
- check.arrays_equal(PROTOCOL_IDS, rv)
- end,
-
- decode = function()
- local daq = DAQHeader.new()
- local rb = RawBuffer.new("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")
- local cd = CodecData.new()
- local dd = DecodeData.new()
-
- local rv = Codec.decode(daq, rb, cd, dd)
- assert(not rv)
- end,
-
- log = function()
- local rb = RawBuffer.new()
- Codec.log(rb)
- Codec.log(rb, 0)
- print()
- end,
-
- encode = function()
- local rb = RawBuffer.new()
- local es = EncState.new()
- local rb_buf = RawBuffer.new(128)
- local buf = Buffer.new(rb_buf)
-
- local rv = Codec.encode(rb, es, buf)
- assert(rv)
- end,
-
- update = function()
- local rb = RawBuffer.new(64)
- assert(1)
- end,
-
- format = function()
- local rb = RawBuffer.new()
- local dd = DecodeData.new()
-
- Codec.format(true, rb, dd)
- Codec.format(false, rb, dd)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "codec::icmp6",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-PROTOCOL_IDS = { 58 }
-
-tests =
-{
- initialize = function()
- assert(Codec)
- end,
-
- get_protocol_ids = function()
- local rv = Codec.get_protocol_ids()
- check.arrays_equal(PROTOCOL_IDS, rv)
- end,
-
- decode = function()
- local daq = DAQHeader.new()
- local rb = RawBuffer.new("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")
- local cd = CodecData.new()
- local dd = DecodeData.new()
-
- local rv = Codec.decode(daq, rb, cd, dd)
- assert(not rv)
- end,
-
- log = function()
- local rb = RawBuffer.new()
- Codec.log(rb)
- Codec.log(rb, 0)
- print()
- end,
-
- encode = function()
- local rb = RawBuffer.new()
- local es = EncState.new()
- local rb_buf = RawBuffer.new(128)
- local buf = Buffer.new(rb_buf)
-
- local rv = Codec.encode(rb, es, buf)
- assert(rv)
- end,
-
- update = function()
- local rb = RawBuffer.new(64)
- assert(1)
- end,
-
- format = function()
- local rb = RawBuffer.new()
- local dd = DecodeData.new()
-
- Codec.format(true, rb, dd)
- Codec.format(false, rb, dd)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "codec::ipv4",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-DATA_LINK_TYPES = { }
-PROTOCOL_IDS = { 2048, 4 }
-
-tests =
-{
- initialize = function()
- assert(Codec)
- end,
-
- get_data_link_type = function()
- local rv = Codec.get_data_link_type()
- check.arrays_equal(DATA_LINK_TYPES, rv)
- end,
-
- get_protocol_ids = function()
- local rv = Codec.get_protocol_ids()
- check.arrays_equal(PROTOCOL_IDS, rv)
- end,
-
- decode = function()
- local daq = DAQHeader.new()
- local rb = RawBuffer.new("foobar")
- local cd = CodecData.new()
- local dd = DecodeData.new()
-
- local rv = Codec.decode(daq, rb, cd, dd)
- assert(not rv)
- end,
-
- log = function()
- local rb = RawBuffer.new()
- Codec.log(rb)
- Codec.log(rb, 0)
- print()
- end,
-
- encode = function()
- local rb = RawBuffer.new()
- local es = EncState.new()
- local rb_buf = RawBuffer.new(128)
- local buf = Buffer.new(rb_buf)
-
- local rv = Codec.encode(rb, es, buf)
- assert(rv)
- end,
-
- update = function()
- local rb = RawBuffer.new(64)
-
- -- FIXIT-H: checksum calculation is failing (temporarily set UPD_COOKED (0x1))
- local rv = Codec.update(0, 1, rb)
- assert(rv == 0)
-
- -- FIXIT-H: checksum calculation is failing (temporarily set UPD_COOKED (0x1))
- local rv = Codec.update(0, 1, rb, 64)
- assert(rv == 0)
- end,
-
- format = function()
- local rb = RawBuffer.new()
- local dd = DecodeData.new()
-
- Codec.format(true, rb, dd)
- Codec.format(false, rb, dd)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "codec::ipv6",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-DATA_LINK_TYPES = { }
-PROTOCOL_IDS = { 0x86dd, 41 }
-
-tests =
-{
- initialize = function()
- assert(Codec)
- end,
-
- get_data_link_type = function()
- local rv = Codec.get_data_link_type()
- check.arrays_equal(DATA_LINK_TYPES, rv)
- end,
-
- get_protocol_ids = function()
- local rv = Codec.get_protocol_ids()
- check.arrays_equal(PROTOCOL_IDS, rv)
- end,
-
- decode = function()
- local daq = DAQHeader.new()
- local rb = RawBuffer.new("foobar")
- local cd = CodecData.new()
- local dd = DecodeData.new()
-
- local rv = Codec.decode(daq, rb, cd, dd)
- assert(not rv)
- end,
-
- log = function()
- local rb = RawBuffer.new()
- Codec.log(rb)
- Codec.log(rb, 0)
- print()
- end,
-
- encode = function()
- local rb = RawBuffer.new()
- local es = EncState.new()
- local rb_buf = RawBuffer.new(128)
- local buf = Buffer.new(rb_buf)
-
- local rv = Codec.encode(rb, es, buf)
- assert(rv)
- end,
-
- update = function()
- local rb = RawBuffer.new(64)
- assert(1)
-
- -- FIXIT-H: checksum calculation is failing (temporarily set UPD_COOKED (0x1))
- --local rv = Codec.update(0, 1, rb)
- --assert(rv == 0)
-
- -- FIXIT-H: checksum calculation is failing (temporarily set UPD_COOKED (0x1))
- --local rv = Codec.update(0, 1, rb, 64)
- --assert(rv == 0)
- end,
-
- format = function()
- local rb = RawBuffer.new()
- local dd = DecodeData.new()
-
- Codec.format(true, rb, dd)
- Codec.format(false, rb, dd)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "codec::tcp",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-PROTOCOL_IDS = { 6 }
-
-tests =
-{
- initialize = function()
- assert(Codec)
- end,
-
- get_protocol_ids = function()
- local rv = Codec.get_protocol_ids()
- check.arrays_equal(PROTOCOL_IDS, rv)
- end,
-
- decode = function()
- local daq = DAQHeader.new()
- local rb = RawBuffer.new("foobar")
- local cd = CodecData.new()
- local dd = DecodeData.new()
-
- local rv = Codec.decode(daq, rb, cd, dd)
- assert(not rv)
- end,
-
- log = function()
- local rb = RawBuffer.new()
- Codec.log(rb)
- Codec.log(rb, 0)
- print()
- end,
-
- encode = function()
- local rb = RawBuffer.new()
- local es = EncState.new()
- local rb_buf = RawBuffer.new(128)
- local buf = Buffer.new(rb_buf)
-
- local rv = Codec.encode(rb, es, buf)
- assert(rv)
- end,
-
- update = function()
- local rb = RawBuffer.new(64)
- assert(1)
- end,
-
- format = function()
- local rb = RawBuffer.new()
- local dd = DecodeData.new()
-
- Codec.format(true, rb, dd)
- Codec.format(false, rb, dd)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "codec::udp",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-PROTOCOL_IDS = { 17 }
-
-tests =
-{
- initialize = function()
- assert(Codec)
- end,
-
- get_protocol_ids = function()
- local rv = Codec.get_protocol_ids()
- check.arrays_equal(PROTOCOL_IDS, rv)
- end,
-
- decode = function()
- local daq = DAQHeader.new()
- local rb = RawBuffer.new("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")
- local cd = CodecData.new()
- local dd = DecodeData.new()
-
- local rv = Codec.decode(daq, rb, cd, dd)
- assert(not rv)
- end,
-
- log = function()
- local rb = RawBuffer.new()
- Codec.log(rb)
- Codec.log(rb, 0)
- print()
- end,
-
- encode = function()
- local rb = RawBuffer.new()
- local es = EncState.new()
- local rb_buf = RawBuffer.new(128)
- local buf = Buffer.new(rb_buf)
-
- local rv = Codec.encode(rb, es, buf)
- assert(rv)
- end,
-
- update = function()
- local rb = RawBuffer.new(64)
- assert(1)
- end,
-
- format = function()
- local rb = RawBuffer.new()
- local dd = DecodeData.new()
-
- Codec.format(true, rb, dd)
- Codec.format(false, rb, dd)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "inspector::telnet",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end,
- -- FIXIT-L: Need this to keep Inspector.configure() happy
- use_defaults = true
-}
-
-IP4 = [[
-45 | 00 | 00 46 | 00 00 | 00 00 | 01 | 06
-00 00 | 00 00 00 01 | 00 00 00 02
-
-00 00 | 00 00 | 00 00 00 00 | 00 00 00 00 | 06 02
-00 00 ff ff | 00 00 | 00 00 | 00 00
-]]
-
-DATA = "abcdefghijklmnopqrstuvwxyz"
-
-get_packet = function()
- return packet.construct_ip4(IP4:encode_hex(), DATA)
-end
-
-tests =
-{
- initialize = function()
- assert(Inspector)
- end,
-
- eval = function()
- local p, rb = get_packet()
- Inspector.eval(p)
- end,
-
- clear = function()
- local p, rb = get_packet()
- Inspector.clear(p)
- end,
-
- get_buf_from_type = function()
- local p, rb = get_packet()
- local ib = RawBuffer.new()
-
- -- InspectionBuffer::Type::IB_ALT == 4
- local rv = Inspector.get_buf_from_type(4, p, ib)
- assert(not rv)
- end,
-
- get_buf_from_key = function()
- local p, rb = get_packet()
- local ib = RawBuffer.new()
-
- local rv = Inspector.get_buf_from_key("foo", p, ib)
- assert(not rv)
- end,
-
- get_buf_from_id = function()
- local p, rb = get_packet()
- local ib = RawBuffer.new()
-
- local rv = Inspector.get_buf_from_id(0, p, ib)
- assert(not rv)
- end,
-
- get_splitter = function()
- local spl = Inspector.get_splitter(false)
- assert(type(spl) == "userdata")
-
- spl = Inspector.get_splitter(true)
- assert(type(spl) == "userdata")
- end,
-
- configure = function()
- assert(Inspector.configure())
- end,
-
- tinit = function()
- Inspector.tinit()
- end,
-
- tterm = function()
- Inspector.tterm()
- end,
-
- likes = function()
- local p = Packet.new()
- assert(not Inspector.likes(p))
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "ips_action::react",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-tests =
-{
- initialize = function()
- assert(IpsAction)
- end,
-
- exec = function()
- local rb = RawBuffer.new()
- local p = Packet.new(rb)
- IpsAction.exec(p)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "ips_option::content",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-tests =
-{
- initialize = function()
- assert(IpsOption)
- end,
-
- hash = function()
- local rv = IpsOption.hash()
- end,
-
- is_relative = function() assert(not IpsOption.is_relative()) end,
-
- fp_research = function() assert(not IpsOption.fp_research()) end,
-
- get_cursor_type = function()
- local rv = IpsOption.get_cursor_type()
- assert(rv == 1)
- end,
-
- eval = function()
- local rb = RawBuffer.new("foobar")
- local cur = Cursor.new(rb)
- local p = Packet.new(rb)
-
- local rv = IpsOption.eval(cur, p)
- assert(rv)
- end,
-
- action = function()
- local rb = RawBuffer.new("foobar")
- local p = Packet.new(rb)
- IpsOption.action(p)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "logger::alert_csv",
- use_defaults = true,
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
-
- Logger.open()
- local rv = run_tests(tests)
- Logger.close()
- return rv
- end
-}
-
-IP4 = [[
-45 | 00 | 00 46 | 00 00 | 00 00 | 01 | 06
-00 00 | 00 00 00 01 | 00 00 00 02
-
-00 00 | 00 00 | 00 00 00 00 | 00 00 00 00 | 06 02
-00 00 ff ff | 00 00 | 00 00 | 00 00
-]]
-
-DATA = "abcdefghijklmnopqrstuvwxyz"
-
-tests =
-{
- exists = function()
- assert(Logger)
- end,
-
- reset = function()
- Logger.reset()
- end,
-
- alert = function()
- local p = packet.construct_ip4(IP4:encode_hex(), DATA)
- local e = Event.new()
-
- e:set { generator = 135, id = 2 }
-
- Logger.alert(p, "foo", e)
- end,
-
- log = function()
- local p = packet.construct_ip4(IP4:encode_hex(), DATA)
- local e = Event.new()
-
- e:set { generator = 135, id = 2 }
-
- Logger.log(p, "foo", e)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "logger::alert_csv",
- use_defaults = true,
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
-
- Logger.open()
- local rv = run_tests(tests)
- Logger.close()
- return rv
- end
-}
-
-IP4 = [[
-45 | 00 | 00 46 | 00 00 | 00 00 | 01 | 06
-00 00 | 00 00 00 01 | 00 00 00 02
-
-00 00 | 00 00 | 00 00 00 00 | 00 00 00 00 | 06 02
-00 00 ff ff | 00 00 | 00 00 | 00 00
-]]
-
-DATA = "abcdefghijklmnopqrstuvwxyz"
-
-tests =
-{
- exists = function()
- assert(Logger)
- end,
-
- reset = function()
- Logger.reset()
- end,
-
- alert = function()
- local p = packet.construct_ip4(IP4:encode_hex(), DATA)
- local e = Event.new()
-
- e:set { generator = 135, id = 2 }
-
- Logger.alert(p, "foo", e)
- end,
-
- log = function()
- local p = packet.construct_ip4(IP4:encode_hex(), DATA)
- local e = Event.new()
-
- e:set { generator = 135, id = 2 }
-
- Logger.log(p, "foo", e)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "logger::alert_fast",
- use_defaults = true,
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
-
- Logger.open()
- local rv = run_tests(tests)
- Logger.close()
- return rv
- end
-}
-
-IP4 = [[
-45 | 00 | 00 46 | 00 00 | 00 00 | 01 | 06
-00 00 | 00 00 00 01 | 00 00 00 02
-
-00 00 | 00 00 | 00 00 00 00 | 00 00 00 00 | 06 02
-00 00 ff ff | 00 00 | 00 00 | 00 00
-]]
-
-DATA = "abcdefghijklmnopqrstuvwxyz"
-
-tests =
-{
- exists = function()
- assert(Logger)
- end,
-
- reset = function()
- Logger.reset()
- end,
-
- alert = function()
- local p = packet.construct_ip4(IP4:encode_hex(), DATA)
- local e = Event.new()
-
- e:set { generator = 135, id = 2 }
-
- Logger.alert(p, "foo", e)
- end,
-
- log = function()
- local p = packet.construct_ip4(IP4:encode_hex(), DATA)
- local e = Event.new()
-
- e:set { generator = 135, id = 2 }
-
- Logger.log(p, "foo", e)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "logger::alert_full",
- use_defaults = true,
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
-
- Logger.open()
- local rv = run_tests(tests)
- Logger.close()
- return rv
- end
-}
-
-IP4 = [[
-45 | 00 | 00 46 | 00 00 | 00 00 | 01 | 06
-00 00 | 00 00 00 01 | 00 00 00 02
-
-00 00 | 00 00 | 00 00 00 00 | 00 00 00 00 | 06 02
-00 00 ff ff | 00 00 | 00 00 | 00 00
-]]
-
-DATA = "abcdefghijklmnopqrstuvwxyz"
-
-tests =
-{
- exists = function()
- assert(Logger)
- end,
-
- reset = function()
- Logger.reset()
- end,
-
- alert = function()
- local p = packet.construct_ip4(IP4:encode_hex(), DATA)
- local e = Event.new()
-
- e:set { generator = 135, id = 2 }
-
- Logger.alert(p, "foo", e)
- end,
-
- log = function()
- local p = packet.construct_ip4(IP4:encode_hex(), DATA)
- local e = Event.new()
-
- e:set { generator = 135, id = 2 }
-
- Logger.log(p, "foo", e)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "search_engine::ac_full",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-tests =
-{
- initialize = function()
- assert(SearchEngine)
- end
-}
+++ /dev/null
-xplugin =
-{
- type = "piglet",
- name = "so_rule::need_rule",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-tests =
-{
- initialize = function()
- assert(SoRule)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "piglet::buffer",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-tests =
-{
- init_with_raw_buffer = function()
- local rb = RawBuffer.new("abcdefghijklmnopqrstuvwxyz")
- local buf = Buffer.new(rb)
- assert(buf)
- end,
-
- init_with_string = function()
- local buf = Buffer.new("abcdefg")
- assert(buf)
- end,
-
- init_with_length = function()
- local buf = Buffer.new(128)
- assert(buf)
- end,
-
- allocate = function()
- local buf = Buffer.new(16)
- assert(buf:allocate(10))
- assert(not buf:allocate(10))
- end,
-
- clear = function()
- local buf = Buffer.new(16)
- buf:allocate(16)
- buf:clear()
- assert(buf:allocate(10))
- end,
-
- to_string = function()
- local buf = Buffer.new("abcdefgh")
- buf:allocate(3)
- local v = tostring(buf)
- assert(#v == 3)
- assert(v == "gh\0")
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "piglet::codec_data",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-INIT_PROTO = 1
-
-DEFAULT_VALUES =
-{
- next_prot_id = 0,
- lyr_len = 0,
- invalid_bytes = 0,
- proto_bits = 0,
- codec_flags = 0,
- ip_layer_cnt = 0,
- ip6_extension_count = 0,
- curr_ip6_extension = 0,
- ip6_csum_proto = 0
-}
-
-VALUES =
-{
- next_prot_id = 1,
- lyr_len = 2,
- invalid_bytes = 3,
- proto_bits = 4,
- codec_flags = 5,
- ip_layer_cnt = 6,
- ip6_extension_count = 7,
- curr_ip6_extension = 8,
- ip6_csum_proto = 9
-}
-
-tests =
-{
- initialize_default = function()
- local cd = CodecData.new()
- assert(cd)
- assert(cd:get().next_prot_id == 0)
- end,
-
- initialize_with_number = function()
- local cd = CodecData.new(INIT_PROTO)
- assert(cd:get().next_prot_id == INIT_PROTO)
- end,
-
- initialize_with_table = function()
- local cd = CodecData.new()
- check.tables_equal(DEFAULT_VALUES, cd:get())
- cd:set(VALUES)
- check.tables_equal(VALUES, cd:get())
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "piglet::cursor",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-tests =
-{
- init_default = function()
- local cur = Cursor.new()
- assert(cur)
- end,
-
- init_from_string = function()
- local cur = Cursor.new("abcdefgh")
- assert(cur)
- end,
-
- init_from_raw_buffer = function()
- local cur = Cursor.new(RawBuffer.new("abcdefgh"))
- assert(cur)
- end,
-
- reset_default = function()
- local cur = Cursor.new()
- cur:reset()
- end,
-
- reset_from_string = function()
- local cur = Cursor.new()
- cur:reset("abcdefgh")
- end,
-
- reset_from_raw_buffer = function()
- local cur = Cursor.new()
- cur:reset(RawBuffer.new("abcdefgh"))
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "piglet::daq_header",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-DEFAULT_VALUES =
-{
- caplen = 0,
- pktlen = 0,
- ingress_index = 0,
- egress_index = 0,
- ingress_group = 0,
- egress_group = 0,
- flags = 0,
- opaque = 0,
- flow_id = 0,
- address_space_id = 0
- tenant_id = 0
-}
-
-VALUES =
-{
- caplen = 1,
- pktlen = 2,
- ingress_index = 3,
- egress_index = 4,
- ingress_group = 5,
- egress_group = 6,
- flags = 7,
- opaque = 8,
- flow_id = 9,
- address_space_id = 10
- tenant_id = 11
-}
-
-tests =
-{
- initialize_default = function()
- local daq = DAQHeader.new()
- assert(daq)
- check.tables_equal(DEFAULT_VALUES, daq:get())
- end,
-
- initialize_with_table = function()
- local daq = DAQHeader.new(VALUES)
- check.tables_equal(VALUES, daq:get())
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "piglet::decode_data",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-DEFAULT_VALUES =
-{
- sp = 0,
- dp = 0,
- decode_flags = 0,
- type = 0
-}
-
-VALUES =
-{
- sp = 1,
- dp = 2,
- decode_flags = 3,
- type = 4
-}
-
-IP4 = [[
-45 | 00 | 00 46 | 00 00 | 00 00 | 01 | 06
-00 00 | 00 00 00 01 | 00 00 00 02
-
-00 00 | 00 00 | 00 00 00 00 | 00 00 00 00 | 06 02
-00 00 ff ff | 00 00 | 00 00 | 00 00
-]]
-
-tests =
-{
- initialize_default = function()
- local dd = DecodeData.new()
- assert(dd)
- check.tables_equal(DEFAULT_VALUES, dd:get())
- end,
-
- initialize_with_table = function()
- local dd = DecodeData.new(VALUES)
- check.tables_equal(VALUES, dd:get())
- end,
-
- ip_api = function()
- local dd = DecodeData.new(VALUES)
- local ip = dd:get_ip_api()
- local raw = IP4:encode_hex()
- ip:set_ip4(raw)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "piglet::enc_state",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-tests =
-{
- initialize = function()
- local es = EncState.new()
- assert(es)
-
- es = EncState.new(0x80000000, 0xffffffff, 2, 24, 128)
- assert(es)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "piglet::event",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-DEFAULT_VALUES =
-{
- event_id = 0,
- event_reference = 0
-}
-
-DEFAULT_SIGINFO_VALUES =
-{
- generator = 0,
- id = 0,
- rev = 0,
- class_id = 0,
- priority = 0,
- text_rule = false,
- num_services = 0
-}
-
-VALUES =
-{
- event_id = 1,
- event_reference = 2
-}
-
-SIGINFO_VALUES =
-{
- generator = 3,
- id = 4,
- rev = 5,
- class_id = 6,
- priority = 7,
- text_rule = true,
- num_services = 8
-}
-
-tests =
-{
- init_default = function()
- local event = Event.new()
- assert(event)
- end,
-
- init_with_table = function()
- local event = Event.new(VALUES)
- check.tables_equal(VALUES, event:get())
- end,
-
- get_and_set = function()
- local event = Event.new()
- check.tables_equal(DEFAULT_VALUES, event:get())
- check.tables_equal(DEFAULT_SIGINFO_VALUES, event:get().sig_info)
-
- event:set(VALUES)
- event:set({ sig_info = SIGINFO_VALUES })
-
- check.tables_equal(VALUES, event:get())
- check.tables_equal(SIGINFO_VALUES, event:get().sig_info)
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "piglet::flow",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-tests =
-{
- initialize = function()
- local flow = Flow.new()
- assert(flow)
-
- flow = Flow.new(1)
- assert(flow)
- end,
-
- reset = function()
- local flow = Flow.new()
- flow:reset()
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "piglet::packet",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-DEFAULT_VALUES =
-{
- packet_flags = 0,
- xtradata_mask = 0,
- proto_bits = 0,
- application_protocol_ordinal = 0,
- alt_dsize = 0,
- num_layers = 0,
- iplist_id = 0,
- user_policy_id = 0,
- ps_proto = 0
-}
-
-VALUES =
-{
- packet_flags = 1,
- xtradata_mask = 2,
- proto_bits = 3,
- application_protocol_ordinal = 4,
- alt_dsize = 5,
- num_layers = 6,
- iplist_id = 7,
- user_policy_id = 8,
- ps_proto = 9
-}
-
-tests =
-{
- initialize_default = function()
- local p = Packet.new()
- assert(p)
- end,
-
- init_with_string = function()
- local p = Packet.new("foobar")
- assert(p)
- end,
-
- init_with_size = function()
- local p = Packet.new(128)
- assert(p)
- end,
-
- init_with_raw_buffer = function()
- local rb = RawBuffer.new()
- local p = Packet.new(rb)
- assert(p)
- end,
-
- init_with_daq = function()
- local daq = DAQHeader.new()
- local p = Packet.new(daq)
- assert(p)
- end,
-
- init_with_table = function()
- local p = Packet.new(VALUES)
- check.tables_equal(VALUES, p:get())
- end,
-
- init_with_everything = function()
- local p = Packet.new("foobar", DAQHeader.new(), { packet_flags = 4 })
- assert(p)
- end,
-
- set_decode_data = function()
- local p = Packet.new()
- local dd = DecodeData.new()
- p:set_decode_data(dd)
- end,
-
- set_data = function()
- local rb = RawBuffer.new()
- local p = Packet.new(rb)
- p:set_data(1, 2)
- end,
-
- set_flow = function()
- local flow = Flow.new()
- local p = Packet.new()
- p:set_flow(flow)
- end,
-
- get_and_set = function()
- local p = Packet.new()
- check.tables_equal(DEFAULT_VALUES, p:get())
- p:set(VALUES)
- check.tables_equal(VALUES, p:get())
- end
-}
+++ /dev/null
-plugin =
-{
- type = "piglet",
- name = "piglet::raw_buffer",
- test = function()
- dofile(SCRIPT_DIR .. "/../common.lua")
- return run_tests(tests)
- end
-}
-
-INIT_SIZE = 16
-INIT_STRING = "foobar"
-INIT_16_CONTENT = string.rep("00 ", 16)
-
-tests =
-{
- initialize_default = function()
- local rb = RawBuffer.new()
- assert(rb)
- assert(rb:size() == 0)
- end,
-
- initialize_with_size = function()
- local rb = RawBuffer.new(INIT_SIZE)
- assert(rb:size() == INIT_SIZE)
- assert(rb:read() == INIT_16_CONTENT:encode_hex())
- end,
-
- initialize_with_string = function()
- local rb = RawBuffer.new(INIT_STRING)
- assert(rb:size() == string.len(INIT_STRING))
- assert(rb:read() == INIT_STRING)
-
- rb = RawBuffer.new(INIT_STRING, INIT_SIZE)
- assert(rb:size() == INIT_SIZE)
- assert(rb:read(0, #INIT_STRING) == INIT_STRING)
- local rv = rb:read(#INIT_STRING, rb:size())
- assert(rb:read(#INIT_STRING, rb:size()) == "\0\0\0\0\0\0\0\0\0\0")
- end,
-
- write = function()
- local rb = RawBuffer.new()
-
- -- write without offset
- rb:write("foobar")
- assert(rb:size() == 6, "write() extends length")
- assert(rb:read() == "foobar")
-
- -- write with offset
- rb = RawBuffer.new()
- -- zero offset (should be same as no offset)
- rb:write("foobar", 0)
- assert(rb:size() == 6, "size should be 6, not " .. rb:size())
- assert(rb:read() == "foobar", "contents should be 'foobar', not '" .. rb:read() .. "'")
-
- -- non-zero offset
- rb = RawBuffer.new()
- rb:write("foobar", 1)
- assert(rb:size() == 7)
- assert(rb:read() == "\0foobar")
- end,
-
- read_empty = function()
- local rv
- local rb = RawBuffer.new()
-
- -- read with no args
- rv = rb:read()
- assert(#rv == 0, "length should equal 0, not " .. tostring(rv))
-
- -- read with 1 arg
- rv = rb:read(0)
- assert(#rv == 0, "length should equal 0, not " .. tostring(rv))
-
- -- read oor with 1 arg (-1, 10)
- check.raises(function() rb:read(-1) end)
- check.raises(function() rb:read(2) end)
-
- -- read with 2 args
- rv = rb:read(0, 0)
- assert(#rv == 0, "length should equal 0, not " .. tostring(rv))
-
- -- read oor with 2 args
- check.raises(function() rb:read(-1, 0) end)
- check.raises(function() rb:read(0, 2) end)
- end,
-
- read_nonempty = function()
- local rb = RawBuffer.new("foobar")
-
- -- read with no args
- local rv = rb:read()
- assert(rv == "foobar")
-
- -- read with 1 arg (full string)
- rv = rb:read(rb:size())
- assert(rv == "foobar")
-
- -- read with 1 arg (slice), length
- rv = rb:read(2)
- assert(rv == "fo")
-
- -- read oob with 1 arg
- check.raises(function() rb:read(10) end)
-
- -- read with 2 args (full string), offset, length
- rv = rb:read(0, rb:size())
- assert(rv == "foobar")
-
- -- read with 2 args (slice begin/end/middle)
- rv = rb:read(0, rb:size() - 1)
- assert(rv == "fooba")
- rv = rb:read(1, rb:size())
- assert(rv == "oobar")
- rv = rb:read(1, rb:size() - 1)
- assert(rv == "ooba")
-
- -- read oob with 2 args (offset/length)
- check.raises(function() rb:read(-1, rb:size()) end)
- check.raises(function() rb:read(0, rb:size() + 1) end)
- end,
-
- resize = function()
- local rb = RawBuffer.new()
- -- resize
- rb:resize(4)
- assert(rb:size() == 4)
- -- new contents is null-initialized
- assert(rb:read() == "\0\0\0\0")
- -- resize less
- rb:resize(3)
- assert(rb:size() == 3)
- assert(rb:read() == "\0\0\0")
- end
-}
infodir=@infodir@
cpp_opts=DAQ LUAJIT
-cpp_opts_other=DNET FLATBUFFERS HWLOC HYPERSCAN LZMA OPENSSL PCAP PCRE UUID
+cpp_opts_other=DNET HWLOC HYPERSCAN LZMA OPENSSL PCAP PCRE UUID
PCAP_CPPFLAGS=@PCAP_CPPFLAGS@
LUAJIT_CPPFLAGS=@LUAJIT_CPPFLAGS@
DNET_CPPFLAGS=@DNET_CPPFLAGS@
DAQ_CPPFLAGS=@DAQ_CPPFLAGS@
-FLATBUFFERS_CPPFLAGS=@FLATBUFFERS_CPPFLAGS@
FLEX_CPPFLAGS=@FLEX_CPPFLAGS@
OPENSSL_CPPFLAGS=@OPENSSL_CPPFLAGS@
HWLOC_CPPFLAGS=@HWLOC_CPPFLAGS@
LIST(APPEND EXTERNAL_LIBRARIES ${ATOMIC_LIBRARIES})
endif()
-if ( HAVE_FLATBUFFERS )
- LIST(APPEND EXTERNAL_LIBRARIES ${FLATBUFFERS_LIBRARIES})
-endif()
-
if ( HAVE_HYPERSCAN )
LIST(APPEND EXTERNAL_LIBRARIES ${HS_LIBRARIES})
LIST(APPEND EXTERNAL_INCLUDES ${HS_INCLUDE_DIRS})
add_subdirectory(catch)
endif ( ENABLE_UNIT_TESTS OR ENABLE_BENCHMARK_TESTS )
-if ( ENABLE_PIGLET )
- set ( PIGLET_LIBRARIES $<TARGET_OBJECTS:piglet> $<TARGET_OBJECTS:piglet_plugins> )
- add_subdirectory ( piglet )
- add_subdirectory ( piglet_plugins )
-endif ( ENABLE_PIGLET )
-
add_subdirectory(actions)
add_subdirectory(codecs)
add_subdirectory(control)
$<TARGET_OBJECTS:time>
$<TARGET_OBJECTS:trace>
$<TARGET_OBJECTS:utils>
- ${PIGLET_LIBRARIES}
${STATIC_CODEC_PLUGINS}
${STATIC_NETWORK_INSPECTOR_PLUGINS}
${STATIC_SERVICE_INSPECTOR_PLUGINS}
then must be configured at run time to be activated. Multiple simultaneous
remote shells are supported.
-Unit test, benchmark test, and piglet test harness build options also
-impact actual execution.
+Unit test and benchmark testbuild options also impact actual execution.
Reload is implemented by swapping a thread local config pointer by each
running Pig. The inspector manager is called to empty trash if the main
PT_LOGGER,
PT_CONNECTOR,
PT_POLICY_SELECTOR,
-#ifdef PIGLET
- PT_PIGLET,
-#endif
PT_MAX
};
WARN_DAQ, WARN_CONF, WARN_CONF_STRICT, WARN_VARS,
WARN_SYMBOLS, WARN_SCRIPTS, WARN_HOSTS, WARN_RULES,
WARN_FLOWBITS, WARN_PLUGINS,
-#ifdef PIGLET
- WARN_PIGLET,
-#endif
WARN_MAX
};
-if ( ENABLE_PIGLET )
- set(PIGLET_FILES
- lua_arg.h
- lua_iface.h
- lua_ref.cc
- lua_ref.h
- lua_table.h
- lua_util.cc
- lua_util.h
- )
-endif ()
-
add_library (lua OBJECT
lua.cc
lua.h
lua_script.h
lua_stack.h
- ${PIGLET_FILES}
)
target_include_directories(lua PUBLIC ${CMAKE_CURRENT_SOURCE_DIR})
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// lua_arg.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef LUA_ARG_H
-#define LUA_ARG_H
-
-#include "lua_stack.h"
-
-namespace Lua
-{
-class Args
-{
-public:
- template<typename T>
- using ArgCallback = void (*)(lua_State*, int, T& ud);
-
- Args(lua_State* state) : L { state }, count { lua_gettop(L) } { }
-
-private:
- lua_State* L;
-
- struct ArgRef
- {
- public:
- ArgRef(lua_State* state, int ct, int i) :
- L { state }, count { ct }, index { i } { }
-
- // We treat nil as !exists
- inline bool exists()
- { return (index > 0) && (index <= count) && !lua_isnoneornil(L, index); }
-
- inline bool is_table()
- { return exists() && lua_istable(L, index); }
-
- inline void check_table()
- { luaL_checktype(L, index, LUA_TTABLE); }
-
- template<typename T>
- inline void check_table(ArgCallback<T> cb, T& ud)
- {
- check_table();
- cb(L, index, ud);
- }
-
- template<typename T>
- inline bool opt_table(ArgCallback<T> cb, T& ud)
- {
- if ( exists() )
- {
- check_table(cb, ud);
- return true;
- }
-
- return false;
- }
-
- inline bool is_function()
- { return exists() && lua_isfunction(L, index); }
-
- // FIXIT-L we *may* need to insert checks for userdata, pointers, etc here
-
- inline bool is_int()
- { return is<int>(); }
-
- inline int get_int()
- { return get<int>(); }
-
- inline int check_int()
- { return check<int>("expected an integer"); }
-
- inline int check_int(int max)
- {
- int v = check_int();
- return argcheck((v <= max), v, "Too big");
- }
-
- inline int check_int(int min, int max)
- {
- int v = check_int(max);
- return argcheck((v >= min), v, "Too small");
- }
-
- inline int opt_int(int d = 0)
- { return ( exists() )? check_int() : d; }
-
- inline int opt_int(int d, int max)
- { return ( exists() )? check_int(max) : d; }
-
- inline int opt_int(int d, int min, int max)
- { return ( exists() )? check_int(min, max) : d; }
-
- inline bool is_size()
- { return is<unsigned>(); }
-
- inline unsigned get_size()
- { return get<unsigned>(); }
-
- inline unsigned check_size()
- { return check<unsigned>("expected an unsigned integer"); }
-
- inline unsigned check_size(unsigned max)
- {
- unsigned v = check_size();
- return argcheck((v <= max), v, "too big");
- }
-
- inline unsigned check_size(unsigned min, unsigned max)
- {
- unsigned v = check_size(max);
- return argcheck((v >= min), v, "too small");
- }
-
- inline unsigned opt_size(unsigned d = 0)
- { return ( exists() ) ? check_size() : d; }
-
- inline unsigned opt_size(unsigned d, unsigned max)
- { return ( exists() ) ? check_size(max) : d; }
-
- inline unsigned opt_size(unsigned d, unsigned min, unsigned max)
- { return ( exists() ) ? check_size(min, max) : d; }
-
- inline bool is_string()
- { return is<const char*>(); }
-
- inline const char* get_string()
- { return get<const char*>(); }
-
- inline const char* check_string()
- { return check<const char*>("expected a string"); }
-
- inline const char* check_string(size_t& len)
- { return check<const char*>("expected a string", len); }
-
- inline const char* opt_string(const char* d = "")
- { return ( exists() ) ? check_string() : d; }
-
- inline const char* opt_string(const char* d, size_t& len)
- { return ( exists() ) ? check_string(len) : d; }
-
- inline bool is_bool()
- { return is<bool>(); }
-
- inline bool get_bool()
- { return get<bool>(); }
-
- inline bool check_bool()
- { return check<bool>("expected a boolean"); }
-
- inline bool opt_bool(bool d = false)
- { return ( exists() ) ? check_bool() : d; }
-
- private:
- lua_State* L;
- const int count;
-
- template<typename T>
- inline T argcheck(bool cond, T v, const char* msg)
- {
- luaL_argcheck(L, exists() && cond, index, msg);
- return v;
- }
-
- template<typename T, typename... Args>
- inline T check(const char* msg, Args&&... args)
- {
- T v = 0;
- return argcheck(
- Stack<T>::validate(L, index, v, std::forward<Args>(args)...),
- v, msg
- );
- }
-
- inline bool is(int type)
- { return exists() && (type == lua_type(L, index)); }
-
- template<typename T>
- inline bool is()
- { return is(Stack<T>::type()); }
-
- template<typename T>
- inline T get()
- { return Stack<T>::get(L, index); }
-
- public:
- const int index;
- };
-
-public:
- const int count;
-
- ArgRef operator[](int i)
- {
- if ( i < 0 )
- i += count + 1;
-
- // If the index is invalid, mark it as such with 0
- if ( i < 0 )
- i = 0;
-
- return ArgRef(L, count, i);
- }
-};
-}
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// lua_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef LUA_IFACE_H
-#define LUA_IFACE_H
-
-#include <cassert>
-
-#include "lua.h"
-#include "lua_ref.h"
-#include "lua_table.h"
-
-namespace Lua
-{
-// -----------------------------------------------------------------------------
-// Helpers
-// -----------------------------------------------------------------------------
-template<typename T>
-inline T** regurgitate(lua_State* L, const char* name, int arg)
-{ return static_cast<T**>(const_cast<void*>(luaL_checkudata(L, arg, name))); }
-
-inline int register_methods(
- lua_State* L, const luaL_Reg* methods, const char* name = nullptr)
-{
- luaL_register(L, name, methods);
- return lua_gettop(L);
-}
-
-inline int register_metamethods(
- lua_State* L, const luaL_Reg* methods, const char* name)
-{
- luaL_newmetatable(L, name);
- luaL_register(L, nullptr, methods);
- return lua_gettop(L);
-}
-
-inline void register_with_closure(
- lua_State* L, const luaL_Reg* methods, int table, int cl)
-{
- ManageStack ms(L, 2);
-
- for ( auto entry = methods; entry->func; entry++ )
- {
- lua_pushstring(L, entry->name);
- lua_pushvalue(L, cl);
- lua_pushcclosure(L, entry->func, 1);
- lua_rawset(L, table);
- }
-}
-
-inline int new_lib(lua_State* L, const char* name)
-{
- const luaL_Reg empty[] = { { nullptr, nullptr } };
- return register_methods(L, empty, name);
-}
-
-// -----------------------------------------------------------------------------
-// TypeInterface
-// -----------------------------------------------------------------------------
-template<typename T>
-struct TypeInterface
-{
- using type = T;
- using AccessorCallback = void (*)(lua_State*, int, T&);
- using ConstAccessorCallback = void (*)(lua_State*, int, const T&);
-
- const char* name;
- const luaL_Reg* methods;
- const luaL_Reg* metamethods;
-
- T** regurgitate(lua_State* L, int arg = 1) const
- {
- T** handle = ::Lua::regurgitate<T>(L, name, arg);
- assert(handle);
- return handle;
- }
-
- T* get_ptr(lua_State* L, int arg = 1) const
- {
- T* ptr = *regurgitate(L, arg);
- assert(ptr);
- return ptr;
- }
-
- T& get(lua_State* L, int arg = 1) const
- { return *get_ptr(L, arg); }
-
- bool is(lua_State* L, int arg = 1) const
- {
- ManageStack ms(L, 1);
-
- if ( lua_type(L, arg) != LUA_TUSERDATA )
- return false;
-
- // Check the registry for metatable with name
- lua_getfield(L, LUA_REGISTRYINDEX, name);
- lua_getmetatable(L, arg);
-
- if ( !lua_rawequal(L, -1, -2) )
- return false;
-
- return true;
- }
-
- T** allocate(lua_State*) const;
-
- template<typename... Args>
- T& create(lua_State*, Args&&...) const;
-
- void destroy(lua_State*, T** = nullptr) const;
-
- int default_tostring(lua_State* L) const
- {
- lua_pushfstring(L, "%s@0x%p", this->name, &this->get(L));
- return 1;
- }
-
- int default_gc(lua_State* L) const
- {
- this->destroy(L);
- return 0;
- }
-
- int default_getter(lua_State* L, ConstAccessorCallback acb) const
- {
- auto& self = this->get(L);
- lua_newtable(L);
- acb(L, lua_gettop(L), self);
- return 1;
- }
-
- int default_setter(lua_State* L, AccessorCallback acb) const
- {
- auto& self = this->get(L, 1);
- luaL_checktype(L, 2, LUA_TTABLE);
- acb(L, 2, self);
- return 0;
- }
-};
-
-template<typename T>
-T** TypeInterface<T>::allocate(lua_State* L) const
-{
- T** handle = static_cast<T**>(lua_newuserdata(L, sizeof(T*)));
-
- assert(handle);
-
- luaL_getmetatable(L, name);
- lua_setmetatable(L, -2);
-
- *handle = nullptr;
- return handle;
-}
-
-template<typename T>
-template<typename... Args>
-T& TypeInterface<T>::create(lua_State* L, Args&&... args) const
-{
- T** handle = allocate(L);
-
- *handle = new T(std::forward<Args>(args)...);
-
- assert(*handle);
-
- return **handle;
-}
-
-template<typename T>
-void TypeInterface<T>::destroy(lua_State* L, T** handle) const
-{
- if ( !handle )
- handle = regurgitate(L, 1);
-
- if ( *handle )
- {
- remove_refs(L, static_cast<void*>(*handle));
- delete *handle;
- *handle = nullptr;
- }
-}
-
-// -----------------------------------------------------------------------------
-// InstanceInterface
-// -----------------------------------------------------------------------------
-template<typename T>
-struct InstanceInterface
-{
- using type = T;
- const char* name;
- const luaL_Reg* methods;
-
- T& get(lua_State* L, int up = 1) const
- { return *get_ptr_from_plain_index(L, lua_upvalueindex(up)); }
-
- T* get_ptr(lua_State* L, int up = 1) const
- { return get_ptr_from_plain_index(L, lua_upvalueindex(up)); }
-
-private:
- T* get_ptr_from_plain_index(lua_State*, int) const;
-};
-
-template<typename T>
-T* InstanceInterface<T>::get_ptr_from_plain_index(lua_State* L, int n) const
-{
- luaL_checktype(L, n, LUA_TLIGHTUSERDATA);
- T* ptr = static_cast<T*>(const_cast<void*>(lua_topointer(L, n)));
-
- assert(ptr);
- return ptr;
-}
-
-// -----------------------------------------------------------------------------
-// Installers
-// -----------------------------------------------------------------------------
-template<typename T>
-void install(lua_State* L, const struct TypeInterface<T>& iface)
-{
- ManageStack ms(L, 4);
-
- int m = register_methods(L, iface.methods, iface.name);
- int mt = register_metamethods(L, iface.metamethods, iface.name);
-
- Table meta(L, mt);
- meta.raw_set_field_from_stack("__index", m);
- meta.raw_set_field_from_stack("__metatable", m);
-}
-
-template<typename T>
-void install(lua_State* L, const struct InstanceInterface<T>& iface, T* instance)
-{
- ManageStack ms(L, 2);
-
- int table = new_lib(L, iface.name);
- lua_pushlightuserdata(L, static_cast<void*>(instance));
- int inst = lua_gettop(L);
- register_with_closure(L, iface.methods, table, inst);
-}
-
-}
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// lua_ref.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "lua_ref.h"
-
-#include "lua.h"
-
-// leave 2 items on the stack (key, ref table)
-// uses 4 slots
-static inline void create_registry_table(lua_State* L, void* p)
-{
- // key = address of object
- lua_pushlightuserdata(L, p);
- // dup key
- lua_pushvalue(L, -1);
- // get: registry[key]
- lua_gettable(L, LUA_REGISTRYINDEX);
-
- if ( lua_isnil(L, -1) )
- {
- // remove nil
- lua_pop(L, 1);
- // ref = new ref table
- lua_newtable(L);
- // dup key
- lua_pushvalue(L, -2);
- // dup ref
- lua_pushvalue(L, -2);
- // set: registry[key] = ref
- lua_settable(L, LUA_REGISTRYINDEX);
- }
-}
-
-// leaves 1 item on the stack (ref table or nil)
-// uses 1 slot
-static inline void lookup_registry_table(lua_State* L, void* p)
-{
- lua_pushlightuserdata(L, p);
- lua_gettable(L, LUA_REGISTRYINDEX);
-}
-
-// leaves nothing extra on the stack
-// uses 1 slot
-static inline void add_entry(lua_State* L, const char* key, int index, int table)
-{
- lua_pushvalue(L, index);
- lua_setfield(L, table, key);
-}
-
-// leaves nothing extra on the stack
-// uses 1 slot
-static inline void remove_entry(lua_State* L, const char* key, int table)
-{
- lua_pushnil(L);
- lua_setfield(L, table, key);
-}
-
-namespace Lua
-{
-void add_ref(lua_State* L, void* owner, const char* key, int ref_index)
-{
- Lua::ManageStack ms(L, 4);
- create_registry_table(L, owner);
- add_entry(L, key, ref_index, lua_gettop(L));
-}
-
-void remove_ref(lua_State* L, void* owner, const char* key)
-{
- Lua::ManageStack ms(L, 2);
- lookup_registry_table(L, owner);
- if ( !lua_isnil(L, -1) )
- remove_entry(L, key, lua_gettop(L));
-}
-
-void remove_refs(lua_State* L, void* owner)
-{
- Lua::ManageStack ms(L, 2);
- lua_pushlightuserdata(L, owner);
- lua_pushnil(L);
- lua_settable(L, LUA_REGISTRYINDEX);
-}
-}
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// lua_util.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "lua_util.h"
-
-#define LUA_MSG_BUFSIZE 128
-
-namespace Lua
-{
-const char* fmt_expected_message(const char* type)
-{
- static char buf[LUA_MSG_BUFSIZE];
- snprintf(buf, LUA_MSG_BUFSIZE, "expected %s", type);
- return buf;
-}
-
-const char* fmt_range_message(unsigned min, unsigned max)
-{
- static char buf[LUA_MSG_BUFSIZE];
- snprintf(
- buf, LUA_MSG_BUFSIZE, "must be between %lld and %lld",
- static_cast<long long>(min), static_cast<long long>(max)
- );
-
- return buf;
-}
-}
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// lua_util.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef LUA_UTIL_H
-#define LUA_UTIL_H
-
-#include <lua.hpp>
-
-namespace Lua
-{
-const char* fmt_expected_message(const char* type);
-const char* fmt_range_message(unsigned min, unsigned max);
-}
-#endif
#include "catch/unit_test.h"
#endif
-#ifdef PIGLET
-#include "piglet/piglet.h"
-#endif
-
#ifdef SHELL
#include "control/control_mgmt.h"
#include "main/ac_shell_cmd.h"
static bool set_mode()
{
-#ifdef PIGLET
- if ( Piglet::piglet_mode() )
- {
- main_exit_code = Piglet::main();
- return false;
- }
-#endif
#if defined(UNIT_TEST) || defined(BENCHMARK_TEST)
// FIXIT-M X we should move this out of set_mode and not do Snort bring up/teardown at all
if ( catch_enabled() )
#include "trace/trace_logger.h"
#include "utils/util.h"
-#ifdef PIGLET
-#include "piglet/piglet.h"
-#include "piglet/piglet_manager.h"
-#include "piglet_plugins/piglet_plugins.h"
-#endif
-
#ifdef SHELL
#include "control/control_mgmt.h"
#include "ac_shell_cmd.h"
load_connectors();
load_ips_options();
load_loggers();
-#ifdef PIGLET
- load_piglets();
-#endif
load_search_engines();
load_policy_selectors();
load_stream_inspectors();
#endif
LogMessage("--------------------------------------------------\n");
-#ifdef PIGLET
- Piglet::Manager::init();
-#endif
-
SideChannelManager::pre_config_init();
ScriptManager::load_scripts(snort_cmd_line_conf->script_paths);
ModuleManager::dump_modules();
PluginManager::dump_plugins();
}
-#ifdef PIGLET
- if ( !Piglet::piglet_mode() )
-#endif
CodecManager::instantiate();
-#ifdef PIGLET
- if ( !Piglet::piglet_mode() )
-#endif
if ( !sc->output.empty() )
EventManager::instantiate(sc->output.c_str(), sc);
if ((offload_search_api != nullptr) and (offload_search_api != search_api))
MpseManager::activate_search_engine(offload_search_api, sc);
-#ifdef PIGLET
- if ( !Piglet::piglet_mode() )
-#endif
/* Finish up the pcap list and put in the queues */
Trough::setup();
IpsManager::global_term(sc);
HostAttributesManager::term();
-#ifdef PIGLET
- if ( !Piglet::piglet_mode() )
-#endif
Trough::cleanup();
-
ClosePidFile();
/* remove pid file */
void SnortConfig::merge(const SnortConfig* cmd_line_conf)
{
// -D / -H / -Q / -r / -T / -x / --alert-before-pass / --create-pidfile / --enable-inline-test / --mem-check /
- // --nolock-pidfile / --pause / --pcap-file / --pcap-dir / --pcap-list / --pcap-show / --pedantic / --piglet /
+ // --nolock-pidfile / --pause / --pcap-file / --pcap-dir / --pcap-list / --pcap-show / --pedantic /
// --shell / --show-file-codes
run_flags |= cmd_line_conf->run_flags;
#ifdef SHELL
RUN_FLAG__SHELL = 0x01000000,
#endif
-#ifdef PIGLET
- RUN_FLAG__PIGLET = 0x02000000,
-#endif
};
enum OutputFlag
{ "--pedantic", Parameter::PT_IMPLIED, nullptr, nullptr,
"warnings are fatal" },
-#ifdef PIGLET
- { "--piglet", Parameter::PT_IMPLIED, nullptr, nullptr,
- "enable piglet test harness mode" },
-#endif
-
{ "--plugin-path", Parameter::PT_STRING, nullptr, nullptr,
"<path> a colon separated list of directories or plugin libraries" },
else if ( is(v, "--pcap-show") )
sc->run_flags |= RUN_FLAG__PCAP_SHOW;
-#ifdef PIGLET
- else if ( is(v, "--piglet") )
- sc->run_flags |= RUN_FLAG__PIGLET;
-#endif
-
else if ( is(v, "--plugin-path") )
sc->add_plugin_path(v.get_string());
}
}
-#ifdef PIGLET
-
-//-------------------------------------------------------------------------
-// piglet breach
-//-------------------------------------------------------------------------
-
-static const ActionApi* find_api(const char* name)
-{
- for ( auto actor : s_actors )
- if ( !strcmp(actor.api->base.name, name) )
- return actor.api;
-
- return nullptr;
-}
-
-IpsActionWrapper* ActionManager::instantiate(const char* name, Module* m)
-{
- auto api = find_api(name);
- if ( !api || !api->ctor )
- return nullptr;
-
- auto p = api->ctor(m);
- if ( !p )
- return nullptr;
-
- return new IpsActionWrapper(api, p);
-}
-
-#endif
-
//-------------------------------------------------------------------------
-#ifdef PIGLET
-struct IpsActionWrapper
-{
- IpsActionWrapper(const snort::ActionApi* a, snort::IpsAction* p) :
- api { a }, instance { p } { }
-
- ~IpsActionWrapper()
- {
- if ( api && instance && api->dtor )
- api->dtor(instance);
- }
-
- const snort::ActionApi* api;
- snort::IpsAction* instance;
-};
-#endif
-
class ActionManager
{
public:
static void thread_init(const snort::SnortConfig*);
static void thread_reinit(const snort::SnortConfig*);
static void thread_term();
-
-#ifdef PIGLET
- static IpsActionWrapper* instantiate(const char*, snort::Module*);
-#endif
};
#endif
d.dump(wrap.api->base.name, wrap.api->base.version);
}
-#ifdef PIGLET
-const CodecApi* CodecManager::find_api(const char* name)
-{
- for ( auto wrap : CodecManager::s_codecs )
- if ( !strcmp(wrap.api->base.name, name) )
- return wrap.api;
-
- return nullptr;
-}
-
-CodecWrapper* CodecManager::instantiate(const char* name, Module* m, SnortConfig*)
-{
- auto api = find_api(name);
- if ( !api )
- return nullptr;
-
- auto p = api->ctor(m);
- if ( !p )
- return nullptr;
-
- return new CodecWrapper(api, p);
-}
-#endif
-
#include "main/thread.h"
#include "protocols/protocol_ids.h"
-#ifdef PIGLET
-#include "framework/codec.h"
-#endif
-
namespace snort
{
class Codec;
extern THREAD_LOCAL snort::ProfileStats decodePerfStats;
-#ifdef PIGLET
-struct CodecWrapper
-{
- CodecWrapper(const snort::CodecApi* a, snort::Codec* p) :
- api { a }, instance { p } { }
-
- ~CodecWrapper()
- {
- if ( api && instance && api->dtor )
- api->dtor(instance);
- }
-
- const snort::CodecApi* api;
- snort::Codec* instance;
-};
-#endif
-
/*
* CodecManager class
*/
// print all of the codec plugins
static void dump_plugins();
-#ifdef PIGLET
- static CodecWrapper* instantiate(const char*, snort::Module*, snort::SnortConfig*);
-#endif
-
static uint8_t get_max_layers()
{ return max_layers; }
static void instantiate(CodecApiWrapper&, snort::Module*, snort::SnortConfig*);
static CodecApiWrapper& get_api_wrapper(const snort::CodecApi* cd_api);
static uint8_t get_codec(const char* const keyword);
-
-#ifdef PIGLET
- static const snort::CodecApi* find_api(const char*);
-#endif
};
#endif
p->log(pkt, message, event);
}
-#ifdef PIGLET
-
-//-------------------------------------------------------------------------
-// piglet breach
-//-------------------------------------------------------------------------
-static const LogApi* find_api(const char* name)
-{
- for ( auto out : s_outputs )
- if ( !strcmp(out->api->base.name, name) )
- return out->api;
-
- return nullptr;
-}
-
-LoggerWrapper* EventManager::instantiate(const char* name, Module* m, SnortConfig*)
-{
- auto api = find_api(name);
- if ( !api || !api->ctor )
- return nullptr;
-
- auto p = api->ctor(m);
- if ( !p )
- return nullptr;
-
- return new LoggerWrapper(api, p);
-}
-
-#endif
-
//-------------------------------------------------------------------------
-#ifdef PIGLET
-struct LoggerWrapper
-{
- LoggerWrapper(const snort::LogApi* a, snort::Logger* p) :
- api { a }, instance { p } { }
-
- ~LoggerWrapper()
- {
- if ( api && instance && api->dtor )
- api->dtor(instance);
- }
-
- const snort::LogApi* api;
- snort::Logger* instance;
-};
-#endif
-
class EventManager
{
public:
static void enable_alerts(bool b) { alert_enabled = b; }
static void enable_logs(bool b) { log_enabled = b; }
-#ifdef PIGLET
- static LoggerWrapper* instantiate(const char* name, snort::Module*, snort::SnortConfig*);
-#endif
-
private:
static void instantiate(struct Output*, snort::Module*, snort::SnortConfig*);
}
}
-#ifdef PIGLET
-// FIXIT-M duplicates logic in void InspectorManager::instantiate()
-
-Inspector* InspectorManager::instantiate(
- const char* name, Module* mod, SnortConfig* sc)
-{
- auto ppc = get_class(name, sc->framework_config);
-
- if ( !ppc )
- return nullptr;
-
- InspectionPolicy* ip = get_inspection_policy();
- assert(ip);
- auto fp = ip->framework_policy;
- auto ppi = get_new(ppc, fp, name, mod, sc);
-
- if ( !ppi )
- return nullptr;
-
- ppi->set_name(name);
-
- // FIXIT-L can't we just unify PHInstance and InspectorWrapper?
- return ppi->handler;
-}
-
-#endif
-
// create default binding for wizard and configured services
static void instantiate_default_binder(SnortConfig* sc, FrameworkPolicy* fp)
{
static void reconcile_inspectors(const SnortConfig*, SnortConfig*, bool cloned = false);
static void clear_removed_inspectors(SnortConfig*);
-#ifdef PIGLET
- static Inspector* instantiate(const char*, Module*, SnortConfig*);
-#endif
-
private:
static void bumble(Packet*);
template<bool T> static void full_inspection(Packet*);
return true;
}
-#ifdef PIGLET
-
-static const IpsApi* find_api(const char* name)
-{
- for ( auto& wrap : s_options )
- if ( !strcmp(wrap.second->api->base.name, name) )
- return wrap.second->api;
-
- return nullptr;
-}
-
-IpsOptionWrapper* IpsManager::instantiate(const char* name, Module* m, struct OptTreeNode* otn)
-{
- auto api = find_api(name);
- if ( !api || !api->ctor )
- return nullptr;
-
- auto p = api->ctor(m, otn);
- if ( !p )
- return nullptr;
-
- return new IpsOptionWrapper(api, p);
-}
-
-#endif
-
//-------------------------------------------------------------------------
-#ifdef PIGLET
-struct IpsOptionWrapper
-{
- IpsOptionWrapper(const snort::IpsApi* a, snort::IpsOption* p) :
- api { a }, instance { p } { }
-
- ~IpsOptionWrapper()
- {
- if ( api && instance && api->dtor )
- api->dtor(instance);
- }
-
- const snort::IpsApi* api;
- snort::IpsOption* instance;
-};
-#endif
-
class IpsManager
{
public:
static void clear_options(const snort::SnortConfig*);
static bool verify(snort::SnortConfig*);
-
-#ifdef PIGLET
- static IpsOptionWrapper* instantiate(const char*, snort::Module*, struct OptTreeNode*);
-#endif
};
#endif
}
#endif
-#ifdef PIGLET
-
-MpseWrapper* MpseManager::instantiate(const char* name, Module* m, SnortConfig* sc)
-{
- auto api = ::get_api(name);
-
- if ( !api || !api->ctor )
- return nullptr;
-
- auto p = api->ctor(sc, m, nullptr);
-
- if ( !p )
- return nullptr;
-
- return new MpseWrapper(api, p);
-}
-
-#endif
-
#include "framework/module.h"
-#ifdef PIGLET
-#include "framework/mpse.h"
-#endif
-
namespace snort
{
struct MpseApi;
//-------------------------------------------------------------------------
-#ifdef PIGLET
-struct MpseWrapper
-{
- MpseWrapper(const snort::MpseApi* a, snort::Mpse* p) :
- api { a }, instance { p } { }
-
- ~MpseWrapper()
- {
- if ( api && instance && api->dtor )
- api->dtor(instance);
- }
-
- const snort::MpseApi* api;
- snort::Mpse* instance;
-};
-#endif
-
class MpseManager
{
public:
static bool is_poll_capable(const snort::MpseApi* api);
static void print_mpse_summary(const snort::MpseApi*);
static void print_search_engine_stats();
-
-#ifdef PIGLET
- static MpseWrapper* instantiate(const char*, snort::Module*, snort::SnortConfig*);
-#endif
};
#endif
#include "log/messages.h"
#include "main/snort_config.h"
-#ifdef PIGLET
-#include "piglet/piglet_api.h"
-#include "piglet/piglet_manager.h"
-#endif
-
#include "action_manager.h"
#include "codec_manager.h"
#include "connector_manager.h"
{ "logger", LOGAPI_VERSION, sizeof(LogApi) },
{ "connector", CONNECTOR_API_VERSION, sizeof(ConnectorApi) },
{ "policy_selector", POLICY_SELECTOR_API_VERSION, sizeof(PolicySelectorApi) },
-#ifdef PIGLET
- { "piglet", PIGLET_API_VERSION, sizeof(Piglet::Api) }
-#endif
};
#else
// this gets around the sequence issue with some compilers
PolicySelectorManager::add_plugin((const PolicySelectorApi*)p.api);
break;
-#ifdef PIGLET
- case PT_PIGLET:
- Piglet::Manager::add_plugin((const Piglet::Api*)p.api);
- break;
-#endif
-
default:
assert(false);
break;
return nullptr;
}
-#ifdef PIGLET
-PlugType PluginManager::get_type_from_name(const std::string& name)
-{
- for ( auto it = s_plugins.plug_map.begin(); it != s_plugins.plug_map.end(); ++it )
- {
- const auto* api = it->second.api;
- if ( name == api->name )
- return api->type;
- }
-
- return PT_MAX;
-}
-
-#endif
-
void PluginManager::instantiate(
const BaseApi* api, Module* mod, SnortConfig* sc)
{
static const char* get_type_name(PlugType);
static const snort::BaseApi* get_api(PlugType, const char* name);
-#ifdef PIGLET
- static PlugType get_type_from_name(const std::string&);
-#endif
static const char* get_current_plugin();
static void instantiate(const snort::BaseApi*, snort::Module*, snort::SnortConfig*);
#include "lua/lua.h"
#include "lua/lua_script.h"
-#ifdef PIGLET
-#include "piglet/piglet_manager.h"
-#endif
-
using namespace snort;
using namespace std;
else if ( type == LogLuaApi::type )
lua_api.emplace_back(new LogLuaApi(name, chunk, ver));
-#ifdef PIGLET
- else if ( type == "piglet" )
- Piglet::Manager::add_chunk(f, name, chunk);
-#endif
-
else
{
ParseError("unknown plugin type in %s = '%s'", f, type.c_str());
-if ( HAVE_FLATBUFFERS )
- set( FLATBUFFERS_SOURCE fbs_formatter.h fbs_formatter.cc )
-endif()
set ( FILE_LIST
base_tracker.cc
csv_formatter.h
cpu_tracker.cc
cpu_tracker.h
- ${FLATBUFFERS_SOURCE}
flow_tracker.cc
flow_tracker.h
flow_ip_tracker.cc
endif (STATIC_INSPECTORS)
-if ( HAVE_FLATBUFFERS )
- target_include_directories( perf_monitor PRIVATE ${FLATBUFFERS_INCLUDE_DIR} )
-endif()
-
add_catch_test( csv_formatter_test
NO_TEST_SOURCE
SOURCES
perf_formatter.cc
)
-if ( HAVE_FLATBUFFERS )
- add_catch_test( fbs_formatter_test
- NO_TEST_SOURCE
- SOURCES
- fbs_formatter.cc
- perf_formatter.cc
- LIBS
- ${FLATBUFFERS_LIBRARIES}
- )
-endif()
-
2. CSV
-3. Flatbuffers (if the library is available at build)
-
-==== Flatbuffers Parsing
-
-While a tool has been included to parse the file format used, it may be
-desired to build analysis tools that deal with the files directly. This can
-be accomplished in a few ways; either the records can be split and passed to
-flatc along with the included schema, or the schema can be parsed using the
-Flatbuffers reflection API and used to read the data within the records.
-The format for the files is as follows:
+3. JSON
===== File Layout
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2017-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-
-// fbs_formatter.cc author Carter Waxman <cwaxman@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "fbs_formatter.h"
-
-#include <queue>
-
-#include <flatbuffers/idl.h>
-#include <flatbuffers/reflection.h>
-
-#include "utils/endian.h"
-
-using namespace std;
-
-typedef flatbuffers::Offset<flatbuffers::Table> TableOffset;
-typedef pair<flatbuffers::Offset<void>, flatbuffers::uoffset_t> OffsetPair;
-
-static string lowercase(string s)
-{
- transform(s.begin(), s.end(), s.begin(), ::tolower);
- return s;
-}
-
-void FbsFormatter::register_field(const string& name, PegCount* value)
-{
- non_offset_names.emplace_back(name);
- non_offset_values.emplace_back(value);
-}
-
-void FbsFormatter::register_field(const string& name, const char* value)
-{
- FormatterValue fv;
- fv.s = value;
-
- offset_names.emplace_back(name);
- offset_types.emplace_back(FT_STRING);
- offset_values.emplace_back(fv);
-}
-
-void FbsFormatter::register_field(const string& name, vector<PegCount>* value)
-{
- FormatterValue fv;
- fv.ipc = value;
-
- offset_names.emplace_back(name);
- offset_types.emplace_back(FT_IDX_PEG_COUNT);
- offset_values.emplace_back(fv);
-}
-
-//Apply order to fields so that leaf nodes are created first in one pass
-void FbsFormatter::commit_field_reorder()
-{
- for( unsigned i = 0; i < offset_types.size(); i++ )
- {
- switch( offset_types[i] )
- {
- case FT_STRING:
- PerfFormatter::register_field(offset_names[i], offset_values[i].s);
- break;
- case FT_IDX_PEG_COUNT:
- PerfFormatter::register_field(offset_names[i], offset_values[i].ipc);
- break;
- case FT_PEG_COUNT:
- assert(false); //Peg count is not an offset type
- }
- }
- offset_types.clear();
- offset_names.clear();
- offset_values.clear();
-
- for( unsigned i = 0; i < non_offset_names.size(); i++ )
- PerfFormatter::register_field(non_offset_names[i], non_offset_values[i]);
-
- non_offset_names.clear();
- non_offset_values.clear();
-}
-
-void FbsFormatter::register_section(const string& section)
-{
- commit_field_reorder();
- PerfFormatter::register_section(section);
-}
-
-void FbsFormatter::finalize_fields()
-{
- commit_field_reorder();
- vtable_offsets.clear();
-
- schema = "namespace Perfmon;table ";
- schema += get_tracker_name() + "{";
-
- string module_tables;
- for( unsigned i = 0; i < section_names.size(); i++ )
- {
- string name = lowercase(section_names[i]);
- schema += name + ":";
- name[0] = toupper(name[0]);
- schema += name + ";";
-
- module_tables += "table " + name + "{";
- for( unsigned j = 0; j < field_names[i].size(); j++ )
- {
- module_tables += lowercase(field_names[i][j]);
-
- switch(types[i][j])
- {
- case FT_PEG_COUNT:
- module_tables += ":ulong;";
- break;
- case FT_STRING:
- module_tables += ":string;";
- break;
- case FT_IDX_PEG_COUNT:
- module_tables += ":[ulong];";
- module_tables += lowercase(field_names[i][j]);
- module_tables += "_map:[ushort];";
- break;
- }
- }
- module_tables += "}";
- }
- schema += "}" + module_tables + "root_type ";
- schema += get_tracker_name() + ";";
-
- flatbuffers::Parser parser;
-#ifndef NDEBUG
- bool parsed =
-#endif
- parser.Parse(schema.c_str());
- assert(parsed); // Above code is broken or bad peg names if this hits
-
- parser.Serialize();
- auto& schema_builder = parser.builder_;
-
- auto reflection_schema = reflection::GetSchema(schema_builder.GetBufferPointer());
- auto root_fields = reflection_schema->root_table()->fields();
- vtable_offsets.emplace_back(vector<flatbuffers::uoffset_t>());
-
- for( unsigned i = 0; i < section_names.size(); i++ )
- {
- vtable_offsets.emplace_back(vector<flatbuffers::uoffset_t>());
-
- auto module_field = root_fields->LookupByKey(lowercase(section_names[i]).c_str());
- vtable_offsets[0].emplace_back(module_field->offset());
-
- auto module_table = reflection_schema->objects()->Get(module_field->type()->index());
- for( unsigned j = 0; j < field_names[i].size(); j++ )
- {
- auto field = module_table->fields()->LookupByKey(lowercase(field_names[i][j]).c_str());
- vtable_offsets[i + 1].emplace_back(field->offset());
-
- if( types[i][j] == FT_IDX_PEG_COUNT )
- {
- auto field_name = lowercase(field_names[i][j]) + "_map";
- field = module_table->fields()->LookupByKey(field_name.c_str());
- vtable_offsets[i + 1].emplace_back(field->offset());
- }
- }
- }
-}
-
-void FbsFormatter::init_output(FILE* fh)
-{
- int size = htonl(schema.length());
-
- fwrite("FLTI", 4, 1, fh);
- fwrite(&size, sizeof(uint32_t), 1, fh);
- fwrite(schema.c_str(), schema.length(), 1, fh);
-}
-
-enum IPC_VERDICT
-{
- IPC_EMPTY = 0,
- IPC_INDEXED,
- IPC_MAPPED
-};
-
-void FbsFormatter::write(FILE* fh, time_t timestamp)
-{
- flatbuffers::FlatBufferBuilder fbb;
- queue<OffsetPair> root_offsets;
-
- for( unsigned i = 0; i < values.size(); i++ )
- {
- bool nz_found = false;
- queue<OffsetPair> leaf_queue;
-
- unsigned j = 0, vj = 0;
-
- for( ; j < values[i].size() && types[i][j] != FT_PEG_COUNT; j++, vj++ )
- {
- switch( types[i][j] )
- {
- case FT_STRING:
- if( *values[i][j].s )
- {
- nz_found = true;
- leaf_queue.push(OffsetPair(fbb.CreateString(values[i][j].s).Union(),
- vtable_offsets[i + 1][j]));
- }
-
- break;
-
- case FT_IDX_PEG_COUNT:
- {
- auto& ipc = *values[i][j].ipc;
-
- // Using a separate vector as map: size = (2 (map_val) + 8 (val)) * nz_elements
- // Using the index of vector to determine mapping: size = 8 * vector_size
- unsigned nz_break_even = ipc.size() * 4 / 5;
-
- vector<uint16_t> map;
- vector<PegCount> mapped_ipc;
- for( unsigned k = 0; k < ipc.size(); k++ )
- {
- if( ipc[k] )
- {
- nz_found = true;
- map.emplace_back(k);
- mapped_ipc.emplace_back(ipc[k]);
-
- if( map.size() > nz_break_even )
- break;
- }
- }
-
- if( !map.empty() )
- {
- if( map.size() <= nz_break_even )
- {
- leaf_queue.push(OffsetPair(fbb.CreateVector<PegCount>(mapped_ipc).Union(),
- vtable_offsets[i + 1][vj]));
-
- leaf_queue.push(OffsetPair(fbb.CreateVector<uint16_t>(map).Union(),
- vtable_offsets[i + 1][vj + 1]));
- }
- else
- {
- leaf_queue.push(OffsetPair(fbb.CreateVector<PegCount>(ipc).Union(),
- vtable_offsets[i + 1][vj]));
- }
- }
- vj++;
- break;
- }
-
- default:
- break;
- }
- }
-
- auto start = fbb.StartTable();
- for( ; j < values[i].size(); j++, vj++ )
- {
- if( *values[i][j].pc )
- {
- nz_found = true;
- fbb.AddElement<PegCount>(vtable_offsets[i + 1][vj], *values[i][j].pc, 0);
- }
- }
-
- while( !leaf_queue.empty() )
- {
- fbb.AddOffset(leaf_queue.front().second, leaf_queue.front().first);
- leaf_queue.pop();
- }
-
- auto table_offset = TableOffset(fbb.EndTable(start, vtable_offsets[i + 1].size()));
- if( nz_found )
- root_offsets.push(OffsetPair(table_offset.Union(), vtable_offsets[0][i]));
- }
-
- auto start = fbb.StartTable();
- while( !root_offsets.empty() )
- {
- fbb.AddOffset(root_offsets.front().second, root_offsets.front().first);
- root_offsets.pop();
- }
-
- fbb.Finish(TableOffset(fbb.EndTable(start, vtable_offsets.size())));
-
- uint64_t ts = htonll(timestamp);
- uint32_t size = htonl(fbb.GetSize());
- fwrite(&ts, sizeof(uint64_t), 1, fh);
- fwrite(&size, sizeof(uint32_t), 1, fh);
- fwrite(fbb.GetBufferPointer(), fbb.GetSize(), 1, fh);
-
- fflush(fh);
-}
-
-#ifdef CATCH_TEST_BUILD
-
-#include "catch/catch.hpp"
-
-static uint8_t* make_prefixed_schema(const char* schema)
-{
- size_t len = strlen(schema);
- uint32_t slen = htonl(len);
- uint8_t* cooked = new uint8_t[slen + 8];
-
- memcpy(cooked, "FLTI", 4);
- memcpy(cooked + 4, &slen, 4);
- memcpy(cooked + 8, schema, len);
-
- return cooked;
-}
-
-static bool test_file(FILE* fh, const uint8_t* cooked)
-{
- auto size = ftell(fh);
- char* fake_file = new char[size + 1];
-
- rewind(fh);
- fread(fake_file, size, 1, fh);
-
- bool ret = memcmp(cooked, fake_file, size);
-
- delete[] fake_file;
-
- return ret;
-}
-
-TEST_CASE("peg schema", "[FbsFormatter]")
-{
- PegCount one = 1, two = 0, three = 0;
-
- const char* schema =
- "namespace Perfmon;"
- "table fbs_formatter{pegs:Pegs;}"
- "table Pegs{one:ulong;two:ulong;three:ulong}"
- "root_table fbs_formatter;";
- uint8_t* cooked = make_prefixed_schema(schema);
-
- FILE* fh = tmpfile();
- FbsFormatter f("fbs_formatter");
- f.register_section("pegs");
- f.register_field("one", &one);
- f.register_field("two", &two);
- f.register_field("three", &three);
- f.finalize_fields();
- f.init_output(fh);
-
- CHECK((test_file(fh, cooked) == true));
-
- fclose(fh);
- delete[] cooked;
-}
-
-TEST_CASE("string schema", "[FbsFormatter]")
-{
- const char one[] = "1", two[] = "0", three[] = "0";
-
- const char* schema =
- "namespace Perfmon;"
- "table fbs_formatter{strings:Strings;}"
- "table Strings{one:string;two:string;three:string}"
- "root_table fbs_formatter;";
- uint8_t* cooked = make_prefixed_schema(schema);
-
- FILE* fh = tmpfile();
- FbsFormatter f("fbs_formatter");
- f.register_section("strings");
- f.register_field("one", one);
- f.register_field("two", two);
- f.register_field("three", three);
- f.finalize_fields();
- f.init_output(fh);
-
- CHECK((test_file(fh, cooked) == true));
-
- fclose(fh);
- delete[] cooked;
-}
-
-TEST_CASE("vector schema", "[FbsFormatter]")
-{
- vector<PegCount> one(10), two(10);
-
- const char* schema =
- "namespace Perfmon;"
- "table fbs_formatter{vectors:Vectors;}"
- "table Vectors{one:[ulong];one_map:[ulong];two:[ulong];two_map:[ulong];}"
- "root_table fbs_formatter;";
- uint8_t* cooked = make_prefixed_schema(schema);
-
- FILE* fh = tmpfile();
- FbsFormatter f("fbs_formatter");
- f.register_section("vectors");
- f.register_field("one", &one);
- f.register_field("two", &two);
- f.finalize_fields();
- f.init_output(fh);
-
- CHECK((test_file(fh, cooked) == true));
-
- fclose(fh);
- delete[] cooked;
-}
-
-TEST_CASE("mixed schema", "[FbsFormatter]")
-{
- PegCount one;
- const char two[] = "0";
- vector<PegCount> three(10);
-
- // meat of this test: fields are reordered
- const char* schema =
- "namespace Perfmon;"
- "table fbs_formatter{mixed:Mixed;}"
- "table Mixed{two:string;three:[ulong];three_map[ulong];one:ulong;}"
- "root_table fbs_formatter;";
- uint8_t* cooked = make_prefixed_schema(schema);
-
- FILE* fh = tmpfile();
- FbsFormatter f("fbs_formatter");
- f.register_section("mixed");
- f.register_field("one", &one);
- f.register_field("two", two);
- f.register_field("three", &three);
- f.finalize_fields();
- f.init_output(fh);
-
- CHECK((test_file(fh, cooked) == true));
-
- fclose(fh);
- delete[] cooked;
-}
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2017-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-
-// fbs_formatter.h author Carter Waxman <cwaxman@cisco.com>
-
-#ifndef FBS_FORMATTER_H
-#define FBS_FORMATTER_H
-
-#include "perf_formatter.h"
-
-#include <flatbuffers/flatbuffers.h>
-
-class FbsFormatter : public PerfFormatter
-{
-public:
- FbsFormatter(const std::string& tracker_name) : PerfFormatter(tracker_name) {}
-
- const char* get_extension() override
- { return ".bfbs"; }
-
- bool allow_append() override
- { return false; }
-
- void register_section(const std::string&) override;
- void register_field(const std::string&, PegCount*) override;
- void register_field(const std::string&, const char*) override;
- void register_field(const std::string&, std::vector<PegCount>*) override;
- void finalize_fields() override;
- void init_output(FILE*) override;
- void write(FILE*, time_t) override;
-
-private:
- std::string schema;
- std::vector<std::vector<flatbuffers::uoffset_t>> vtable_offsets;
-
- std::vector<std::string> offset_names;
- std::vector<FormatterType> offset_types;
- std::vector<FormatterValue> offset_values;
-
- std::vector<std::string> non_offset_names;
- std::vector<PegCount*> non_offset_values;
-
- void commit_field_reorder();
-};
-
-#endif
-
#include "perf_pegs.h"
#include "perf_reload_tuner.h"
-#ifdef HAVE_FLATBUFFERS
-#define FLATBUFFERS_ENUM " | flatbuffers"
-#else
-#define FLATBUFFERS_ENUM
-#endif
-
using namespace snort;
//-------------------------------------------------------------------------
{ "modules", Parameter::PT_LIST, module_params, nullptr,
"gather statistics from the specified modules" },
- { "format", Parameter::PT_ENUM, "csv | text | json" FLATBUFFERS_ENUM, "csv",
+ { "format", Parameter::PT_ENUM, "csv | text | json", "csv",
"output format for stats" },
{ "summary", Parameter::PT_BOOL, nullptr, "false",
CSV,
TEXT,
JSON,
- FBS,
MOCK
};
return "csv";
case PerfFormat::JSON:
return "json";
-#ifdef HAVE_FLATBUFFERS
- case PerfFormat::FBS:
- return "flatbuffers";
-#endif
case PerfFormat::MOCK:
return "mock";
}
#include "utils/util.h"
#include "utils/util_cstring.h"
-#ifdef HAVE_FLATBUFFERS
-#include "fbs_formatter.h"
-#endif
-
#include "csv_formatter.h"
#include "json_formatter.h"
#include "text_formatter.h"
case PerfFormat::CSV: formatter = new CSVFormatter(tracker_name); break;
case PerfFormat::TEXT: formatter = new TextFormatter(tracker_name); break;
case PerfFormat::JSON: formatter = new JSONFormatter(tracker_name); break;
-#ifdef HAVE_FLATBUFFERS
- case PerfFormat::FBS: formatter = new FbsFormatter(tracker_name); break;
-#endif
#ifdef UNIT_TEST
case PerfFormat::MOCK: formatter = new MockFormatter(tracker_name); break;
#endif
+++ /dev/null
-add_library ( piglet OBJECT
- piglet.cc
- piglet_manager.cc
- piglet_output.cc
- piglet_runner.cc
- piglet_utils.cc
-)
+++ /dev/null
-This directory contains the framework used to instantiate, run and collect
-the results from test harness scripts.
-
-The piglet test harness provides a Lua scripted interface to the Snort
-plugins. The tests written by the harness occupy a place somewhere between
-unit tests and integration tests in scope.
-
-When Snort is started in piglet mode, any Lua scripts located in
-"--script-path" are loaded and checked for table named "plugin". If the
-plugin table's "type" field is set to "piglet", the script is considered to
-be a piglet plugin and the Lua chunk is added to Piglet::Manager.
-
-When the Piglet::Main::piglet() entry point is called, Piglet::Runner
-iterates through the test harness chunks and uses Piglet::Manager to
-instantiate the appropriate Piglet for each plugin type.
-
-Each test harness chunk contains a table named "piglet". This table
-contains fields "target" and "type" which indicate the plugin type and name
-of the plugin to be instantiated and tested. The table should also contain
-an entry point function called "test".
-
-The Piglets all derive from Piglet::BasePlugin and contain code to expose
-the target plugin methods to the Lua chunk. There is a Piglet subclass for
-each plugin type. (The enum of plugin types is located in
-framework/base_api.h)
-
-Piglet::Runner than calls the entry point method referenced by piglet.test
-in the Lua script, and then returns the results.
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "piglet.h"
-
-#include <iostream>
-#include <chrono>
-
-#include "main/snort_config.h"
-
-#include "piglet_output.h"
-#include "piglet_runner.h"
-
-using namespace snort;
-
-namespace Piglet
-{
-int main()
-{
- // FIXIT-L allow user selection of output/result functions
- if ( Runner::run_all(verbose_output) )
- return 0;
-
- return 1;
-}
-
-bool piglet_mode()
-{ return SnortConfig::get_conf()->run_flags & RUN_FLAG__PIGLET; }
-} // namespace Piglet
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PIGLET_H
-#define PIGLET_H
-
-// Front end for the piglet test harness.
-
-namespace Piglet
-{
-int main();
-bool piglet_mode();
-}
-
-#endif
-
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet_api.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PIGLET_API_H
-#define PIGLET_API_H
-
-// Piglet plugin API
-
-#include <string>
-
-#include "framework/base_api.h"
-#include "log/messages.h"
-#include "lua/lua.h"
-#include "main/snort_types.h"
-
-struct lua_State;
-namespace snort
-{
-class Module;
-struct SnortConfig;
-} // namespace snort
-
-#define PIGLET_API_VERSION 1
-
-namespace Piglet
-{
-//--------------------------------------------------------------------------
-// Base Plugin
-//--------------------------------------------------------------------------
-
-struct Api;
-
-class SO_PUBLIC BasePlugin
-{
-public:
- BasePlugin(Lua::State& lua, const std::string& t,
- snort::Module* m = nullptr, snort::SnortConfig* sc = nullptr) :
- L { lua.get_ptr() }, target { t },
- module { m }, snort_conf { sc } { }
-
- virtual ~BasePlugin() = default;
-
- // Setup the Lua environment for the test
- virtual bool setup()
- { return false; }
-
- void set_api(const Api* p)
- { api = p; }
-
- const Api* get_api()
- { return api; }
-
-protected:
- lua_State* L;
- std::string target;
- snort::Module* module;
- snort::SnortConfig* snort_conf;
-
-private:
- const Api* api;
-};
-
-//--------------------------------------------------------------------------
-// Plugin ctor/dtor
-//--------------------------------------------------------------------------
-
-using PluginCtor = BasePlugin* (*)(Lua::State&, const std::string&, snort::Module*, snort::SnortConfig*);
-using PluginDtor = void (*)(BasePlugin*);
-
-//--------------------------------------------------------------------------
-// Plugin Api
-//--------------------------------------------------------------------------
-
-struct Api
-{
- snort::BaseApi base;
- PluginCtor ctor;
- PluginDtor dtor;
- PlugType target;
-};
-
-template<typename... Args>
-inline void error(std::string fmt, Args&&... args)
-{
- fmt.insert(0, "piglet: ");
- fmt.append("\n");
- snort::ErrorMessage(fmt.c_str(), std::forward<Args>(args)...);
-}
-
-} // namespace Piglet
-
-#endif
-
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet_manager.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "piglet_manager.h"
-
-#include <cassert>
-#include <map>
-
-#include "log/messages.h"
-#include "main/snort_config.h"
-#include "managers/module_manager.h"
-#include "managers/plugin_manager.h"
-
-#include "piglet_api.h"
-#include "piglet_utils.h"
-
-#define PLUGIN_KEY_SEP "::"
-
-namespace snort
-{
-class Module;
-}
-
-namespace Piglet
-{
-using namespace snort;
-using namespace std;
-
-// -----------------------------------------------------------------------------
-// Manager State
-// -----------------------------------------------------------------------------
-
-std::map<PlugType, const Api*> plugins;
-vector<Chunk> chunks;
-
-// -----------------------------------------------------------------------------
-// Static Definitions
-// -----------------------------------------------------------------------------
-
-static void split_key(const string& key, string& type, string& name)
-{
- type.clear();
- name.clear();
-
- auto split = key.find(PLUGIN_KEY_SEP);
-
- // If there is no split, assume that 'key' only contains plugin name
- if ( split == string::npos )
- {
- name = key;
- }
- else
- {
- type = key.substr(0, split);
- name = key.substr(split + 2);
- }
-}
-
-static const Api* find_piglet(PlugType key)
-{
- auto search = plugins.find(key);
- if ( search != plugins.end() )
- return search->second;
-
- return nullptr;
-}
-
-static BasePlugin* instantiate(
- Lua::State& lua, PlugType key, std::string name, bool use_defaults)
-{
- auto piglet_api = find_piglet(key);
-
- if ( !piglet_api )
- {
- ErrorMessage(
- "piglet: no handler found for plugin type '%s'\n",
- PluginManager::get_type_name(key)
- );
-
- return nullptr;
- }
-
- Module* m;
- if ( key == PT_IPS_OPTION || use_defaults )
- // FIXIT-L this is just a workaround, need to be able to get parsed rule module
- m = ModuleManager::get_default_module(name.c_str(), SnortConfig::get_main_conf());
- else
- m = ModuleManager::get_module(name.c_str());
-
- auto piglet = piglet_api->ctor(lua, name, m, SnortConfig::get_main_conf());
-
- assert(piglet);
-
- piglet->set_api(piglet_api);
- return piglet;
-}
-
-// -----------------------------------------------------------------------------
-// Public Methods
-// -----------------------------------------------------------------------------
-
-void Manager::init()
-{
- chunks.clear();
- plugins.clear();
-}
-
-// FIXIT-M deal with case where 2 plugins have the same target (version priority?)
-void Manager::add_plugin(const Api* api)
-{ plugins[api->target] = api; }
-
-BasePlugin* Manager::instantiate(
- Lua::State& lua, const string& target,
- string& type, string& name, bool use_defaults)
-{
- PlugType pt = PT_MAX;
- split_key(target, type, name);
-
- if ( !type.empty() )
- pt = PluginManager::get_type(type.c_str());
- else if ( !name.empty() )
- pt = PluginManager::get_type_from_name(target);
- else
- {
- ErrorMessage(
- "piglet: invalid plugin specified: '%s'\n", target.c_str());
- return nullptr;
- }
-
- if ( pt == PT_MAX )
- {
- ErrorMessage(
- "piglet: could not find plugin '%s::%s'",
- type.c_str(), name.c_str()
- );
-
- return nullptr;
- }
-
- return ::Piglet::instantiate(lua, pt, name, use_defaults);
-}
-
-void Manager::destroy(BasePlugin* p)
-{
- if ( p )
- {
- auto api = p->get_api();
- if ( api && api->dtor )
- api->dtor(p);
- }
-}
-
-void Manager::add_chunk(const string& filename, const string& target, const string& chunk)
-{ chunks.emplace_back(Chunk(filename, target, chunk)); }
-
-const vector<Chunk>& Manager::get_chunks()
-{ return chunks; }
-} // namespace Piglet
-
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet_manager.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PIGLET_MANAGER_H
-#define PIGLET_MANAGER_H
-
-// Factory for instantiating piglet plugins
-
-#include <string>
-#include <vector>
-
-namespace Lua
-{
-class State;
-}
-
-namespace Piglet
-{
-struct Chunk;
-struct Api;
-class BasePlugin;
-
-class Manager
-{
-public:
- static void init();
-
- static void add_plugin(const Api*);
-
- static BasePlugin* instantiate(
- Lua::State&, const std::string&,
- std::string&, std::string&, bool = false);
-
- static void destroy(BasePlugin*);
-
- static void add_chunk(const std::string&, const std::string&, const std::string&);
- static const std::vector<Chunk>& get_chunks();
-};
-} // namespace Piglet
-
-#endif
-
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet_output.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "piglet_output.h"
-
-#include "piglet_runner.h"
-#include "piglet_utils.h"
-
-static inline double calc_percent(unsigned n, unsigned total)
-{
- if ( total )
- return static_cast<double>(n) / total * 100;
- else
- return 0;
-}
-
-static inline char get_result_short(Piglet::Test::Result result)
-{
- switch ( result )
- {
- case Piglet::Test::PASSED:
- return 'P';
-
- case Piglet::Test::FAILED:
- return 'F';
-
- case Piglet::Test::ERROR:
- return 'E';
-
- default:
- return '?';
- }
-}
-
-static inline const char* get_result_long(Piglet::Test::Result result)
-{
- switch ( result )
- {
- case Piglet::Test::PASSED:
- return "Passed";
-
- case Piglet::Test::FAILED:
- return "Failed";
-
- case Piglet::Test::ERROR:
- return "Error";
-
- default:
- return "?";
- }
-}
-
-namespace Piglet
-{
-// -----------------------------------------------------------------------------
-// Builtin Output structs
-// -----------------------------------------------------------------------------
-const struct Output unit_test_output =
-{
- [](const std::vector<Chunk>& chunks) -> void
- { printf("Running suite: piglet (%zu tests)\n", chunks.size()); },
-
- [](const Summary& sum) -> void
- {
- printf(
- "%f: Checks: %u, Failures: %u, Errors: %u\n",
- calc_percent(sum.passed, sum.total()),
- sum.total(), sum.failed, sum.errors
- );
- },
-
- nullptr,
-
- [](const Test& t, unsigned i) -> void
- {
- printf(
- "%s:%c:piglet:(%s::%s):%u: %s\n",
- t.chunk->filename.c_str(), get_result_short(t.result),
- t.type.c_str(), t.name.c_str(), i, get_result_long(t.result)
- );
- }
-};
-
-const struct Output pretty_output = // FIXIT-L don't want to include this
-{
- [](const std::vector<Chunk>&) -> void
- {
- printf("\n\x1b[35m======\x1b[0m\n");
- printf("\x1b[35mPIGLET\x1b[0m\n");
- printf("\x1b[35m======\x1b[0m\n\n");
- },
- [](const Summary& sum) -> void
- {
- printf("================\n");
-
- if ( sum.failed || sum.errors )
- printf("[\x1b[31mFAIL\x1b[0m] ");
- else
- printf("[\x1b[32mPASS\x1b[0m] ");
-
- printf("%.2f%%", calc_percent(sum.passed, sum.total()));
-
- if ( sum.failed || sum.errors )
- {
- printf(
- " - Passed: \x1b[32m%u\x1b[0m, "
- "Failed: \x1b[31m%u\x1b[0m, "
- "Errors: \x1b[33m%u\x1b[0m",
- sum.passed, sum.failed, sum.errors
- );
- }
-
- printf("\n");
- },
- [](const Test& t, unsigned i) -> void
- {
- printf(
- "%u) \x1b[34m%s::%s\x1b[0m: %s\n",
- i, t.type.c_str(), t.name.c_str(), t.chunk->filename.c_str()
- );
- },
- [](const Test& t, unsigned) -> void
- {
- switch ( t.result )
- {
- case Test::PASSED:
- printf("\x1b[32mPASS\x1b[0m");
- break;
- case Test::FAILED:
- printf("\x1b[31mFAIL\x1b[0m");
- break;
- case Test::ERROR:
- printf("\x1b[33mERROR\x1b[0m");
- break;
- default:
- printf("NA");
- break;
- }
-
- printf("\n");
-
- if ( t.result != Test::PASSED )
- {
- printf("\x1b[35m");
- for ( const auto& m : t.messages )
- printf(" %s\n", m.c_str());
-
- printf("\x1b[0m");
- }
- }
-};
-
-const struct Output verbose_output =
-{
- [](const std::vector<Chunk>& chunks) -> void
- {
- if ( chunks.size() == 1 )
- printf("=== PIGLET (1 test)\n");
- else
- printf("=== PIGLET (%zu tests)\n", chunks.size());
- },
-
- [](const Summary& sum) -> void
- {
- printf("=========================================\n");
- printf(
- "%0.f%% - passed: %u/%u, failed: %u, errors: %u\n",
- calc_percent(sum.passed, sum.total()),
- sum.passed, sum.total(), sum.failed, sum.errors
- );
- },
-
- [](const Test& t, unsigned i) -> void
- {
- printf(
- "[%u] - %s::%s - %s\n",
- i, t.type.c_str(), t.name.c_str(), t.chunk->filename.c_str()
- );
- },
-
- [](const Test& t, unsigned) -> void
- {
- for ( const auto& msg : t.messages )
- printf(" %s\n", msg.c_str());
-
- printf(" %s\n", get_result_long(t.result));
- }
-};
-}
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet_output.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PIGLET_OUTPUT_H
-#define PIGLET_OUTPUT_H
-
-// Output handling for piglet tests
-
-#include <vector>
-
-namespace Piglet
-{
-struct Chunk;
-struct Test;
-struct Summary;
-}
-
-namespace Piglet
-{
-struct Output
-{
- using SuiteHeaderCallback = void (*)(const std::vector<Chunk>&);
- using SuiteResultCallback = void (*)(const Summary&);
- using TestHeaderCallback = void (*)(const Test&, unsigned);
- using TestResultCallback = void (*)(const Test&, unsigned);
-
- SuiteHeaderCallback on_suite_start;
- SuiteResultCallback on_suite_end;
- TestHeaderCallback on_test_start;
- TestResultCallback on_test_end;
-};
-
-// -----------------------------------------------------------------------------
-// Builtin Output structs
-// -----------------------------------------------------------------------------
-extern const struct Output unit_test_output;
-extern const struct Output pretty_output;
-extern const struct Output verbose_output;
-}
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet_runner.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "piglet_runner.h"
-
-#include <cassert>
-
-#include "lua/lua.h"
-#include "lua/lua_table.h"
-#include "lua/lua_script.h"
-
-#include "piglet_api.h"
-#include "piglet_manager.h"
-#include "piglet_output.h"
-#include "piglet_utils.h"
-
-using namespace snort;
-
-namespace Piglet
-{
-using namespace std;
-
-static inline bool load_chunk(lua_State* L, const Chunk& chunk)
-{
- return luaL_loadbuffer(
- L, chunk.buffer.c_str(), chunk.buffer.size(), chunk.filename.c_str());
-}
-
-static bool setup_globals(lua_State* L, const Test& t)
-{
- // Add script_dir env var
- Lua::set_script_dir(L, SCRIPT_DIR_VARNAME, t.chunk->filename);
- return false;
-}
-
-static bool configure_test(lua_State* L, Test& t)
-{
- Lua::ManageStack ms(L);
-
- if ( setup_globals(L, t) )
- {
- t.set_error("couldn't setup globals");
- return true;
- }
-
- if ( load_chunk(L, *t.chunk) )
- {
- t.set_error("couldn't load test chunk");
- t.set_error(lua_tostring(L, -1));
- return true;
- }
-
- if ( lua_pcall(L, 0, LUA_MULTRET, 0) )
- {
- t.set_error("couldn't run test chunk");
- t.set_error(lua_tostring(L, -1));
- return true;
- }
-
- lua_getglobal(L, "plugin");
-
- if ( !lua_istable(L, -1) )
- {
- t.set_error("'plugin' table not found");
- return true;
- }
-
- Lua::Table table(L, -1);
- table.get_field("description", t.description);
- table.get_field("use_defaults", t.use_defaults);
-
- return false;
-}
-
-static bool run_test(lua_State* L, Test& t)
-{
- Lua::ManageStack ms(L, 2);
-
- lua_getglobal(L, "plugin");
- if ( !lua_istable(L, -1) )
- {
- t.set_error("global 'plugin' is not a table");
- return true;
- }
-
- lua_getfield(L, -1, "test");
- if ( !lua_isfunction(L, -1) )
- {
- t.set_error("'plugin.test' is not a function");
- return true;
- }
-
- if ( lua_pcall(L, 0, 1, 0) )
- {
- t.set_error(lua_tostring(L, -1));
- return true;
- }
-
- if ( lua_toboolean(L, -1) )
- t.result = Test::PASSED;
- else
- t.result = Test::FAILED;
-
- return false;
-}
-
-// -----------------------------------------------------------------------------
-// Private Methods
-// -----------------------------------------------------------------------------
-
-void Runner::run(const struct Output& output, Test& t, unsigned i)
-{
- Lua::State state { true };
-
- if ( configure_test(state.get_ptr(), t) )
- {
- t.set_error("couldn't configure test");
- return;
- }
-
- auto p = Manager::instantiate(
- state, t.chunk->target, t.type, t.name, t.use_defaults);
-
- // FIXIT-L this injection is a hack so we can log the test header with
- // all the parsed information filled in
-
- if ( output.on_test_start )
- output.on_test_start(t, i);
-
- if ( p )
- {
- if ( p->setup() )
- t.set_error("environment setup failed");
- else if ( run_test(state.get_ptr(), t) )
- t.set_error("test function error");
-
- Manager::destroy(p);
- }
- else
- {
- t.set_error("couldn't instantiate piglet");
- }
-}
-
-// -----------------------------------------------------------------------------
-// Public Methods
-// -----------------------------------------------------------------------------
-
-bool Runner::run_all(const struct Output& output, const vector<Chunk>& chunks)
-{
- Summary summary;
-
- // FIXIT-L the checks for null belong somewhere else (maybe in Output?)
- if ( output.on_suite_start )
- output.on_suite_start(chunks);
-
- unsigned i = 0;
- for ( const auto& chunk : chunks )
- {
- Test test(chunk);
-
- run(output, test, i); // <-- RUN TEST
-
- // FIXIT-L this logic belongs somewhere else (maybe in Summary?)
- switch ( test.result )
- {
- case Test::PASSED:
- summary.passed++;
- break;
-
- case Test::FAILED:
- summary.failed++;
- break;
-
- case Test::ERROR:
- summary.errors++;
- break;
-
- default:
- assert(false);
- break;
- }
-
- if ( output.on_test_end )
- output.on_test_end(test, i++);
- }
-
- if ( output.on_suite_end )
- output.on_suite_end(summary);
-
- if ( summary.errors || summary.failed )
- return false;
-
- return true;
-}
-
-bool Runner::run_all(const struct Output& output)
-{ return run_all(output, Manager::get_chunks()); }
-} // namespace Piglet
-
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet_runner.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PIGLET_RUNNER_H
-#define PIGLET_RUNNER_H
-
-// Test runner
-
-#include <vector>
-
-namespace Piglet
-{
-struct Chunk;
-struct Test;
-struct Output;
-
-struct Summary
-{
- unsigned passed = 0;
- unsigned failed = 0;
- unsigned errors = 0;
-
- inline unsigned total() const
- { return passed + failed + errors; }
-};
-
-class Runner
-{
-public:
- static bool run_all(const struct Output&);
-
- // FIXIT-L this method should be hidden
- static bool run_all(const struct Output&, const std::vector<Chunk>&);
-
-private:
- static void run(const struct Output&, Test&, unsigned);
-};
-} // namespace Piglet
-
-#endif
-
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet_utils.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "piglet_utils.h"
-
-namespace Piglet
-{
-// -------------------------------------------------------------------------
-// Timer
-// -------------------------------------------------------------------------
-
-void Timer::start()
-{
- if ( !running )
- {
- start_time = system_clock::now();
- running = true;
- }
-}
-
-void Timer::stop()
-{
- if ( running )
- {
- stop_time = system_clock::now();
- running = false;
- }
-}
-} // namespace Piglet
-
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet_utils.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PIGLET_UTILS_H
-#define PIGLET_UTILS_H
-
-// Miscellaneous data objects used for the piglet test harness
-
-#include <chrono>
-#include <string>
-#include <vector>
-
-namespace Piglet
-{
-using time_point = std::chrono::time_point<std::chrono::system_clock>;
-using duration = std::chrono::duration<double>;
-
-// -------------------------------------------------------------------------
-// Timer
-// -------------------------------------------------------------------------
-struct Timer
-{
- using system_clock = std::chrono::system_clock;
- using time_point = std::chrono::time_point<system_clock>;
- using duration = std::chrono::duration<double>;
-
- time_point start_time, stop_time;
-
- bool running = false;
-
- void start();
- void stop();
-
- inline duration delta()
- { return stop_time - start_time; }
-
- // chrono::microseconds d = chrono::duration_cast<microseconds>(dur);
- // d.count();
-};
-
-// -------------------------------------------------------------------------
-// Chunk
-// -------------------------------------------------------------------------
-struct Chunk
-{
- std::string filename;
- std::string target;
- std::string buffer;
-
- Chunk(const std::string& f, const std::string& t, const std::string& b) :
- filename { f }, target { t }, buffer { b } { }
-};
-
-// -------------------------------------------------------------------------
-// Test
-// -------------------------------------------------------------------------
-struct Test
-{
- enum Result
- {
- NA = -1,
- PASSED = 0,
- FAILED,
- ERROR
- };
-
- const Chunk* chunk;
- Timer timer;
-
- Result result = NA;
-
- std::string type;
- std::string name;
- std::string description;
- bool use_defaults = false;
-
- std::vector<std::string> messages;
-
- inline void set_error(const std::string& s)
- {
- result = ERROR;
- messages.emplace_back(s);
- }
-
- Test(const Chunk& ch) : chunk { &ch } { }
-};
-} // namespace Piglet
-
-#endif
-
+++ /dev/null
-set (
- PP_CODEC_DEPENDENCIES
- pp_codec_data_iface.cc
- pp_enc_state_iface.cc
- pp_buffer_iface.cc
- pp_event_iface.cc
- pp_daq_pkthdr_iface.cc
-)
-
-set (
- PP_CODEC_SOURCES
- pp_codec.cc
- pp_codec_iface.cc
- ${PP_CODEC_DEPENDENCIES}
-)
-
-set (
- PP_INSPECTOR_DEPENDENCIES
- pp_stream_splitter_iface.cc
-)
-
-set (
- PP_INSPECTOR_SOURCES
- pp_inspector.cc
- pp_inspector_iface.cc
- ${PP_INSPECTOR_DEPENDENCIES}
-)
-
-set (
- PP_IPS_OPTION_DEPENDENCIES
- pp_cursor_iface.cc
-)
-
-set (
- PP_IPS_OPTION_SOURCES
- pp_ips_option.cc
- pp_ips_option_iface.cc
- ${PP_IPS_OPTION_DEPENDENCIES}
-)
-
-set (
- PP_IPS_ACTION_SOURCES
- pp_ips_action.cc
- pp_ips_action_iface.cc
-)
-
-set (
- PP_LOGGER_SOURCES
- pp_logger.cc
- pp_logger_iface.cc
-)
-
-set (
- PP_SEARCH_ENGINE_SOURCES
- pp_search_engine.cc
- pp_search_engine_iface.cc
-)
-
-set (
- PP_SO_RULE_SOURCES
- pp_so_rule.cc
- pp_so_rule_iface.cc
-)
-
-set (
- PP_TEST_SOURCES
- pp_test.cc
-)
-
-set (
- PP_COMMON_DEPENDENCIES
- pp_raw_buffer_iface.cc
- pp_packet_iface.cc
- pp_decode_data_iface.cc
- pp_flow_iface.cc
- pp_event_iface.cc
- pp_ip_api_iface.cc
-)
-
-set (
- PP_SOURCES
- piglet_plugins.cc
-
- ${PP_COMMON_DEPENDENCIES}
- ${PP_CODEC_SOURCES}
- ${PP_INSPECTOR_SOURCES}
- ${PP_IPS_OPTION_SOURCES}
- ${PP_IPS_ACTION_SOURCES}
- ${PP_LOGGER_SOURCES}
- ${PP_SEARCH_ENGINE_SOURCES}
- ${PP_SO_RULE_SOURCES}
- ${PP_TEST_SOURCES}
-)
-
-add_library ( piglet_plugins OBJECT
- ${PP_SOURCES}
-)
+++ /dev/null
-This directory contains subclasses of Piglet::BasePlugin that correspond to
-each Snort plugin type. Each pp_\*.cc source file is a Snort plugin proper.
-
-piglet_plugins_common contains utilities for working with the Lua C API and
-Lua interfaces for some useful Snort data structures (Packet, DecodeData).
-There is also an interface called RawBuffer. This is essentially a wrapper
-around a std::string.
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet_plugins.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "piglet_plugins.h"
-
-#include "managers/plugin_manager.h"
-
-using namespace snort;
-
-extern const BaseApi* pp_codec;
-extern const BaseApi* pp_inspector;
-extern const BaseApi* pp_ips_action;
-extern const BaseApi* pp_ips_option;
-extern const BaseApi* pp_logger;
-extern const BaseApi* pp_search_engine;
-extern const BaseApi* pp_so_rule;
-extern const BaseApi* pp_test;
-
-static const BaseApi* pp_piglets[] =
-{
- pp_codec,
- pp_inspector,
- pp_ips_action,
- pp_ips_option,
- pp_logger,
- pp_search_engine,
- pp_so_rule,
- pp_test,
- nullptr
-};
-
-void load_piglets()
-{
- PluginManager::load_plugins(pp_piglets);
-}
-
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// piglet_plugins.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PIGLET_PLUGINS_H
-#define PIGLET_PLUGINS_H
-
-void load_piglets();
-
-#endif
-
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_buffer_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_buffer_iface.h"
-
-#include "framework/codec.h"
-#include "lua/lua_arg.h"
-
-#include "pp_raw_buffer_iface.h"
-
-using namespace snort;
-
-static const luaL_Reg methods[] =
-{
- {
- "new",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- RawBuffer* rb;
- size_t len;
- int idx = 1;
-
- if ( args[1].is_string() )
- {
- // Create a RawBuffer object to back the string
- len = 0;
- const char* s = args[1].check_string(len);
- rb = &RawBufferIface.create(L, s, len);
- idx = lua_gettop(L);
- }
- else if ( args[1].is_size() )
- {
- len = args[1].check_size();
- // Create a RawBuffer object to back the string
- rb = &RawBufferIface.create(L, len, '\0');
- idx = lua_gettop(L);
- }
- else
- {
- rb = &RawBufferIface.get(L, 1);
- }
-
- auto& self = BufferIface.create(L, get_mutable_data(*rb), rb->size());
- // Save a reference to the RawBuffer
- // FIXIT-M integrate add_ref() into the interface code so we don't
- // have to do this explicitly
- Lua::add_ref(L, &self, "data", idx);
-
- return 1;
- }
- },
- {
- "allocate",
- [](lua_State* L)
- {
- Lua::Args args(L);
- auto& self = BufferIface.get(L, 1);
- uint32_t len = args[2].check_size();
- bool result = self.allocate(len);
- lua_pushboolean(L, result);
- return 1;
- }
- },
- {
- "clear",
- [](lua_State* L)
- {
- BufferIface.get(L).clear();
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- {
- "__tostring",
- [](lua_State* L)
- {
- auto& self = BufferIface.get(L);
- lua_pushlstring(L, reinterpret_cast<const char*>(self.data()),
- self.size());
- // lua_pushfstring(L, "%s@%p", BufferIface.name, &self);
-
- return 1;
- }
- },
- {
- "__gc",
- [](lua_State* L)
- {
- BufferIface.destroy(L);
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<Buffer> BufferIface =
-{
- "Buffer",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_buffer_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_BUFFER_IFACE_H
-#define PP_BUFFER_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-struct Buffer;
-}
-
-extern const struct Lua::TypeInterface<snort::Buffer> BufferIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_codec.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "managers/codec_manager.h"
-#include "piglet/piglet_api.h"
-
-#include "pp_buffer_iface.h"
-#include "pp_codec_data_iface.h"
-#include "pp_codec_iface.h"
-#include "pp_daq_pkthdr_iface.h"
-#include "pp_decode_data_iface.h"
-#include "pp_enc_state_iface.h"
-#include "pp_raw_buffer_iface.h"
-
-using namespace snort;
-
-class CodecPiglet : public Piglet::BasePlugin
-{
-public:
- CodecPiglet(Lua::State&, const std::string&, Module*, SnortConfig*);
- ~CodecPiglet() override;
- bool setup() override;
-
-private:
- CodecWrapper* wrapper;
-};
-
-CodecPiglet::CodecPiglet(
- Lua::State& state, const std::string& tgt, Module* m, SnortConfig* sc) :
- BasePlugin(state, tgt, m, sc)
-{ wrapper = CodecManager::instantiate(tgt.c_str(), module, snort_conf); }
-
-CodecPiglet::~CodecPiglet()
-{
- if ( wrapper )
- delete wrapper;
-}
-
-bool CodecPiglet::setup()
-{
- if ( !wrapper )
- return true;
-
- install(L, RawBufferIface);
- install(L, DecodeDataIface);
- install(L, CodecDataIface);
- install(L, EncStateIface);
- install(L, BufferIface);
- install(L, DAQHeaderIface);
-
- install(L, CodecIface, wrapper->instance);
-
- return false;
-}
-
-// -----------------------------------------------------------------------------
-// API foo
-// -----------------------------------------------------------------------------
-static Piglet::BasePlugin* ctor(
- Lua::State& state, const std::string& target, Module* m, SnortConfig* sc)
-{ return new CodecPiglet(state, target, m, sc); }
-
-static void dtor(Piglet::BasePlugin* p)
-{ delete p; }
-
-static const struct Piglet::Api piglet_api =
-{
- {
- PT_PIGLET,
- sizeof(Piglet::Api),
- PIGLET_API_VERSION,
- 0,
- API_RESERVED,
- API_OPTIONS,
- "pp_codec",
- "Codec piglet",
- nullptr,
- nullptr
- },
- ctor,
- dtor,
- PT_CODEC
-};
-
-const BaseApi* pp_codec = &piglet_api.base;
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_codec_data_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_codec_data_iface.h"
-
-#include "framework/codec.h"
-#include "lua/lua_arg.h"
-#include "main/snort_config.h"
-
-using namespace snort;
-
-static void set_fields(lua_State* L, int tindex, CodecData& self)
-{
- Lua::Table table(L, tindex);
-
- table.get_field("next_prot_id", reinterpret_cast<uint16_t&>(self.next_prot_id));
- table.get_field("lyr_len", self.lyr_len);
- table.get_field("invalid_bytes", self.invalid_bytes);
- table.get_field("proto_bits", self.proto_bits);
- table.get_field("codec_flags", self.codec_flags);
- table.get_field("ip_layer_cnt", self.ip_layer_cnt);
- table.get_field("ip6_extension_count", self.ip6_extension_count);
- table.get_field("curr_ip6_extension", self.curr_ip6_extension);
- table.get_field("ip6_csum_proto", reinterpret_cast<uint8_t&>(self.ip6_csum_proto));
-}
-
-static void get_fields(lua_State* L, int tindex, const CodecData& self)
-{
- Lua::Table table(L, tindex);
-
- table.set_field("next_prot_id", static_cast<uint16_t>(self.next_prot_id));
- table.set_field("lyr_len", self.lyr_len);
- table.set_field("invalid_bytes", self.invalid_bytes);
- table.set_field("proto_bits", self.proto_bits);
- table.set_field("codec_flags", self.codec_flags);
- table.set_field("ip_layer_cnt", self.ip_layer_cnt);
- table.set_field("ip6_extension_count", self.ip6_extension_count);
- table.set_field("curr_ip6_extension", self.curr_ip6_extension);
- table.set_field("ip6_csum_proto", static_cast<uint8_t>(self.ip6_csum_proto));
-}
-
-static const luaL_Reg methods[] =
-{
- {
- "new",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& self = CodecDataIface.create(
- L, SnortConfig::get_conf(), ProtocolId::ETHERTYPE_NOT_SET);
-
- if ( args[1].is_table() )
- args[1].check_table(set_fields, self);
- else if ( args[1].is_size() )
- {
- // FIXIT-L can check_size limit size to short?
- unsigned int tmp = args[1].check_size();
- if(tmp > UINT16_MAX)
- self.next_prot_id = ProtocolId::ETHERTYPE_NOT_SET;
- else
- self.next_prot_id = (ProtocolId)args[1].check_size();
- }
-
- return 1;
- }
- },
- {
- "get",
- [](lua_State* L)
- { return CodecDataIface.default_getter(L, get_fields); }
- },
- {
- "set",
- [](lua_State* L)
- { return CodecDataIface.default_setter(L, set_fields); }
- },
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- {
- "__tostring",
- [](lua_State* L)
- { return CodecDataIface.default_tostring(L); }
- },
- {
- "__gc",
- [](lua_State* L)
- { return CodecDataIface.default_gc(L); }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<CodecData> CodecDataIface =
-{
- "CodecData",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_codec_data_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_CODEC_DATA_IFACE_H
-#define PP_CODEC_DATA_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-struct CodecData;
-}
-
-extern const struct Lua::TypeInterface<snort::CodecData> CodecDataIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_codec_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_codec_iface.h"
-
-#include <daq_common.h>
-
-#include "framework/codec.h"
-#include "lua/lua_arg.h"
-#include "log/text_log.h"
-
-#include "pp_buffer_iface.h"
-#include "pp_codec_data_iface.h"
-#include "pp_decode_data_iface.h"
-#include "pp_enc_state_iface.h"
-#include "pp_flow_iface.h"
-#include "pp_ip_api_iface.h"
-#include "pp_raw_buffer_iface.h"
-
-using namespace snort;
-
-// FIXIT-M delete this, and make the IpApi arg in codec.update required
-static const ip::IpApi default_ip_api {};
-
-struct TextLogWrapper
-{
- TextLog* text_log;
-
- TextLogWrapper(const char* name)
- {
- text_log = TextLog_Init(name);
- assert(text_log);
- }
-
- ~TextLogWrapper()
- {
- if ( text_log )
- TextLog_Term(text_log);
- }
-};
-
-static const luaL_Reg methods[] =
-{
- {
- "get_data_link_type",
- [](lua_State* L)
- {
- auto& self = CodecIface.get(L);
-
- std::vector<int> ret;
- self.get_data_link_type(ret);
-
- lua_newtable(L);
- Lua::fill_table_from_vector(L, lua_gettop(L), ret);
-
- return 1;
- }
- },
- {
- "get_protocol_ids",
- [](lua_State* L)
- {
- auto& self = CodecIface.get(L);
-
- std::vector<ProtocolId> ret;
- self.get_protocol_ids(ret);
-
- // Convert ProtocolId vector to uint16_t vector to make
- // Lua templates happy.
- // FIXIT-L add support for ProtocolId in Lua code.
- std::vector<uint16_t> tmp;
- tmp.reserve(ret.size());
- for(auto a: ret)
- tmp.emplace_back(to_utype(a));
-
- lua_newtable(L);
- Lua::fill_table_from_vector(L, lua_gettop(L), tmp);
-
- return 1;
- }
- },
- {
- "decode",
- [](lua_State* L)
- {
- bool result;
-
- auto& cd = CodecDataIface.get(L, 3);
- auto& dd = DecodeDataIface.get(L, 4);
-
- auto& self = CodecIface.get(L);
-
- size_t len = 0;
- const uint8_t* data;
-
- if ( RawBufferIface.is(L, 2) )
- {
- data = get_data(RawBufferIface.get(L, 2));
- len = get_data_length(RawBufferIface.get(L, 2));
- }
- else
- data = reinterpret_cast<const uint8_t*>(luaL_checklstring(L, 2, &len));
-
- // Create a fake DAQ packet message to pass through decoding since there is assumed to
- // be one. The constness of the data should be safe since codecs shouldn't attempt to
- // modify message data.
- DAQ_PktHdr_t daq_pkth = { };
- daq_pkth.pktlen = len;
- DAQ_Msg_t daq_msg = { };
- daq_msg.type = DAQ_MSG_TYPE_PACKET;
- daq_msg.hdr = &daq_pkth;
- daq_msg.hdr_len = sizeof(daq_pkth);
- daq_msg.data = const_cast<uint8_t*>(data);
- daq_msg.data_len = len;
-
- RawData rd(&daq_msg, daq_msg.data, daq_msg.data_len);
- result = self.decode(rd, cd, dd);
-
- lua_pushboolean(L, result);
-
- return 1;
- }
- },
- {
- "log",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& rb = RawBufferIface.get(L, 1);
- uint16_t lyr_len = args[2].opt_size(rb.size(), rb.size());
-
- auto& self = CodecIface.get(L);
-
- TextLogWrapper tl_wrap("stdout");
- self.log(tl_wrap.text_log, get_data(rb), lyr_len);
-
- return 0;
- }
- },
- {
- "encode",
- [](lua_State* L)
- {
- auto& rb = RawBufferIface.get(L, 1); // raw_in
- auto& es = EncStateIface.get(L, 2);
- auto& b = BufferIface.get(L, 3);
- auto& flow = FlowIface.get(L, 4);
-
- auto& self = CodecIface.get(L);
-
- bool result = self.encode(get_data(rb), rb.size(), es, b, &flow);
-
- lua_pushboolean(L, result);
-
- return 1;
- }
- },
- {
- "update",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- // FIXIT-M this hacky arg offset stuff is for backwards compatibility
- // it will be removed in later updates
-
- int off = 0;
- const auto* ip_api = &default_ip_api;
-
- if ( IpApiIface.is(L, 1) )
- {
- ip_api = &IpApiIface.get(L, 1);
- off++;
- }
-
- uint32_t flags_hi = args[off + 1].check_size();
- uint32_t flags_lo = args[off + 2].check_size();
- auto& rb = RawBufferIface.get(L, off + 3);
-
- // FIXIT-L Args vs Iface is not orthogonal
- uint16_t lyr_len = args[off + 4].opt_size(0, rb.size());
-
- auto& self = CodecIface.get(L);
-
- uint32_t updated_len = 0;
-
- uint64_t flags = (static_cast<uint64_t>(flags_hi) << 8) | flags_lo;
-
- self.update(*ip_api, flags, get_mutable_data(rb), lyr_len,
- updated_len);
-
- lua_pushinteger(L, updated_len);
-
- return 1;
- }
- },
- {
- "format",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- bool reverse = args[1].get_bool();
- auto& rb = RawBufferIface.get(L, 2);
- auto& dd = DecodeDataIface.get(L, 3);
-
- auto& self = CodecIface.get(L);
-
- self.format(reverse, get_mutable_data(rb), dd);
-
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::InstanceInterface<Codec> CodecIface =
-{
- "Codec",
- methods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_codec_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_CODEC_IFACE_H
-#define PP_CODEC_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-class Codec;
-}
-
-extern const struct Lua::InstanceInterface<snort::Codec> CodecIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_cursor_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_cursor_iface.h"
-
-#include "framework/cursor.h"
-#include "lua/lua_arg.h"
-#include "protocols/packet.h"
-
-#include "pp_packet_iface.h"
-#include "pp_raw_buffer_iface.h"
-
-using namespace snort;
-
-static void reset_from_packet(
- lua_State* L, Cursor& self, Packet& p, int p_idx)
-{
- self.reset(&p);
- Lua::add_ref(L, &self, "data", p_idx);
-}
-
-static void reset_from_raw_buffer(
- lua_State* L, Cursor& self, RawBuffer& rb, int rb_idx)
-{
- Packet p;
- p.reset();
-
- p.data = get_data(rb);
- p.dsize = rb.size();
-
- self.reset(&p);
- Lua::add_ref(L, &self, "data", rb_idx);
-}
-
-static const luaL_Reg methods[] =
-{
- {
- "new",
- [](lua_State* L)
- {
- Lua::Args args(L);
- Packet p;
- p.reset();
-
- auto& self = CursorIface.create(L, &p);
-
- if ( args.count )
- {
- if ( PacketIface.is(L, 1) )
- {
- reset_from_packet(L, self, PacketIface.get(L, 1), 1);
- }
- else if ( args[1].is_string() )
- {
- size_t len = 0;
- const char* s = args[1].check_string(len);
- auto& rb = RawBufferIface.create(L, s, len);
- reset_from_raw_buffer(L, self, rb, lua_gettop(L));
- lua_pop(L, 1);
- }
- else
- {
- reset_from_raw_buffer(L, self, RawBufferIface.get(L, 1), 1);
- }
- }
-
- return 1;
- }
- },
- {
- "reset",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& self = CursorIface.get(L, 1);
-
- if ( args.count > 1 )
- {
- if ( PacketIface.is(L, 2) )
- {
- auto& p = PacketIface.get(L, 2);
- reset_from_packet(L, self, p, 2);
- }
- else
- {
- if ( args[2].is_string() )
- {
- size_t len = 0;
- const char* s = args[2].check_string(len);
- auto& rb = RawBufferIface.create(L, s, len);
- reset_from_raw_buffer(L, self, rb, lua_gettop(L));
- }
- else
- {
- auto& rb = RawBufferIface.get(L, 2);
- reset_from_raw_buffer(L, self, rb, 2);
- }
- }
- }
- else
- {
- Packet p;
-
- p.reset();
- self.reset(&p);
-
- Lua::remove_ref(L, &self, "data");
- }
-
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- {
- "__tostring",
- [](lua_State* L)
- { return CursorIface.default_tostring(L); }
- },
- {
- "__gc",
- [](lua_State* L)
- { return CursorIface.default_gc(L); }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<Cursor> CursorIface =
-{
- "Cursor",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_cursor_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_CURSOR_IFACE_H
-#define PP_CURSOR_IFACE_H
-
-#include "lua/lua_iface.h"
-
-class Cursor;
-
-extern const struct Lua::TypeInterface<Cursor> CursorIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_codec_data_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_daq_pkthdr_iface.h"
-
-#include <daq_common.h>
-
-#include <cstring>
-
-#include "lua/lua_arg.h"
-
-static void set_fields(lua_State* L, int tindex, DAQ_PktHdr_t& self)
-{
- Lua::Table table(L, tindex);
-
- table.get_field("pktlen", self.pktlen);
- table.get_field("ingress_index", self.ingress_index);
- table.get_field("egress_index", self.egress_index);
- table.get_field("ingress_group", self.ingress_group);
- table.get_field("egress_group", self.egress_group);
- table.get_field("flags", self.flags);
- table.get_field("opaque", self.opaque);
- table.get_field("flow_id", self.flow_id);
- table.get_field("address_space_id", self.address_space_id);
- table.get_field("tenant_id", self.tenant_id);
-
- // FIXIT-L do we want to be able to set the priv_ptr field?
-}
-
-static void get_fields(lua_State* L, int tindex, const DAQ_PktHdr_t& self)
-{
- Lua::Table table(L, tindex);
-
- table.set_field("pktlen", self.pktlen);
- table.set_field("ingress_index", self.ingress_index);
- table.set_field("egress_index", self.egress_index);
- table.set_field("ingress_group", self.ingress_group);
- table.set_field("egress_group", self.egress_group);
- table.set_field("flags", self.flags);
- table.set_field("opaque", self.opaque);
- table.set_field("flow_id", self.flow_id);
- table.set_field("address_space_id", self.address_space_id);
- table.set_field("tenant_id", self.tenant_id);
-}
-
-static const luaL_Reg methods[] =
-{
- {
- "new",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& self = DAQHeaderIface.create(L);
- memset(&self, 0, sizeof(self));
-
- args[1].opt_table(set_fields, self);
-
- return 1;
- }
- },
- {
- "get",
- [](lua_State* L)
- { return DAQHeaderIface.default_getter(L, get_fields); }
- },
- {
- "set",
- [](lua_State* L)
- { return DAQHeaderIface.default_setter(L, set_fields); }
- },
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- {
- "__tostring",
- [](lua_State* L)
- { return DAQHeaderIface.default_tostring(L); }
- },
- {
- "__gc",
- [](lua_State* L)
- { return DAQHeaderIface.default_gc(L); }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<DAQ_PktHdr_t> DAQHeaderIface =
-{
- "DAQHeader",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_daq_pkthdr_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_DAQ_PKTHDR_IFACE_H
-#define PP_DAQ_PKTHDR_IFACE_H
-
-#include "lua/lua_iface.h"
-
-struct _daq_pkt_hdr;
-
-extern const struct Lua::TypeInterface<_daq_pkt_hdr> DAQHeaderIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_decode_data_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_decode_data_iface.h"
-
-#include "framework/decode_data.h"
-#include "lua/lua_arg.h"
-
-#include "pp_ip_api_iface.h"
-#include "pp_raw_buffer_iface.h"
-
-// FIXIT-M add Internet Header objects
-// FIXIT-M add Enum Interface
-static void set_fields(lua_State* L, int tindex, DecodeData& self)
-{
- Lua::Table table(L, tindex);
-
- table.get_field("sp", self.sp);
- table.get_field("dp", self.dp);
- table.get_field("decode_flags", self.decode_flags);
-
- uint8_t pkt_type = 0;
- table.get_field("type", pkt_type);
- self.type = static_cast<PktType>(pkt_type);
-}
-
-static void get_fields(lua_State* L, int tindex, const DecodeData& self)
-{
- Lua::Table table(L, tindex);
-
- table.set_field("sp", self.sp);
- table.set_field("dp", self.dp);
- table.set_field("decode_flags", self.decode_flags);
- table.set_field("type", static_cast<uint8_t>(self.type));
-}
-
-static const luaL_Reg methods[] =
-{
- {
- "new",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& self = DecodeDataIface.create(L);
- self.reset();
-
- args[1].opt_table(set_fields, self);
-
- return 1;
- }
- },
- {
- "reset",
- [](lua_State* L)
- {
- DecodeDataIface.get(L).reset();
- return 0;
- }
- },
- {
- "set",
- [](lua_State* L)
- { return DecodeDataIface.default_setter(L, set_fields); }
- },
- {
- "get",
- [](lua_State* L)
- { return DecodeDataIface.default_getter(L, get_fields); }
- },
- {
- // Return a reference to the IpApi attached to DecodeData
- "get_ip_api",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& self = DecodeDataIface.get(L, 1);
-
- auto ip_api_handle = IpApiIface.allocate(L);
-
- // *pointer* to DecodeData::ip_api;
- *ip_api_handle = &self.ip_api;
-
- // Make sure the decode data doesn't run out from under the ref
- Lua::add_ref(L, *ip_api_handle, "decode_data", lua_gettop(L));
-
- return 1;
- }
- },
- // FIXIT-L add access to mplsHdr field
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- {
- "__tostring",
- [](lua_State* L)
- { return DecodeDataIface.default_tostring(L); }
- },
- {
- "__gc",
- [](lua_State* L)
- { return DecodeDataIface.default_gc(L); }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<DecodeData> DecodeDataIface =
-{
- "DecodeData",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_decode_data_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_DECODE_DATA_IFACE_H
-#define PP_DECODE_DATA_IFACE_H
-
-#include "lua/lua_iface.h"
-
-struct DecodeData;
-
-extern const struct Lua::TypeInterface<DecodeData> DecodeDataIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_enc_state_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_enc_state_iface.h"
-
-#include "framework/codec.h"
-#include "lua/lua_arg.h"
-
-using namespace snort;
-
-// FIXIT-M ip_api should also be its own object (copyable)
-static const class ip::IpApi ip_api {};
-
-static inline uint64_t get_encode_flag(uint32_t hi, uint32_t lo)
-{ return (static_cast<uint64_t>(hi) << 4) | lo; }
-
-static const luaL_Reg methods[] =
-{
- {
- "new",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- uint32_t efl_hi = args[1].opt_size();
- uint32_t efl_lo = args[2].opt_size();
- IpProtocol next_proto = (IpProtocol)args[3].opt_size();
- uint8_t ttl = args[4].opt_size();
- uint16_t dsize = args[5].opt_int();
-
- EncStateIface.create(L, ip_api, get_encode_flag(efl_hi, efl_lo),
- next_proto, ttl, dsize);
-
- return 1;
- }
- },
- // FIXIT-L add get and set methods
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- {
- "__tostring",
- [](lua_State* L)
- { return EncStateIface.default_tostring(L); }
- },
- {
- "__gc",
- [](lua_State* L)
- { return EncStateIface.default_gc(L); }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<EncState> EncStateIface =
-{
- "EncState",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_enc_state_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_ENC_STATE_IFACE_H
-#define PP_ENC_STATE_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-struct EncState;
-}
-
-extern const struct Lua::TypeInterface<snort::EncState> EncStateIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_event_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_event_iface.h"
-
-#include <cstring>
-
-#include "detection/signature.h"
-#include "events/event.h"
-#include "lua/lua_arg.h"
-
-#include "pp_raw_buffer_iface.h"
-
-static struct SigInfo* create_sig_info()
-{
- auto si = new SigInfo();
- return si;
-}
-
-static void set_fields(lua_State* L, int tindex, Event& self)
-{
- Lua::Table table(L, tindex);
-
- uint32_t value = 0;
- table.get_field("event_id", value);
- self.set_event_id(value);
-
- table.get_field("event_reference", value);
- self.set_event_reference(value);
-
- const char* s_alt_msg = nullptr;
- if ( table.get_field("alt_msg", s_alt_msg) && s_alt_msg ) // FIXIT-L shouldn't need both conditions
- {
- self.alt_msg = RawBufferIface.create(L, s_alt_msg).c_str();
- Lua::add_ref(L, &self, "alt_msg", lua_gettop(L));
- lua_pop(L, 1);
- }
-
- const char* s_action_string = nullptr;
- // FIXIT-L shouldn't need both conditions
- if ( table.get_field("action_string", s_action_string) && s_action_string )
- {
- self.action_string = RawBufferIface.create(L, s_action_string);
- Lua::add_ref(L, &self, "action_string", lua_gettop(L));
- lua_pop(L, 1);
- }
-}
-
-static void get_fields(lua_State* L, int tindex, Event& self)
-{
- Lua::Table table(L, tindex);
-
- table.set_field("event_id", self.get_event_id());
- table.set_field("event_reference", self.get_event_reference());
-
- if ( self.alt_msg )
- table.set_field("alt_msg", self.alt_msg);
-
- if ( !self.action_string.empty() )
- table.set_field("action_string", self.action_string);
-}
-
-static const luaL_Reg methods[] =
-{
- {
- "new",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& self = EventIface.create(L);
- // FIXIT-M SigInfo should be a separate object
- // (to make resource tracking more uniform)
- self.sig_info = create_sig_info();
-
- args[1].opt_table(set_fields, self);
-
- return 1;
- }
- },
- {
- "get",
- // FIXIT-L add support for getting strings
- [](lua_State* L)
- {
- auto& self = EventIface.get(L);
- lua_newtable(L);
-
- get_fields(L, lua_gettop(L), self);
-
- auto si = self.sig_info;
-
- if ( si )
- {
- Lua::ManageStack lua_ms(L);
- lua_newtable(L);
- Lua::Table si_table(L, lua_gettop(L));
-
- si_table.set_field("generator", si->gid);
- si_table.set_field("id", si->sid);
- si_table.set_field("rev", si->rev);
- si_table.set_field("class_id", si->class_id);
- si_table.set_field("priority", si->priority);
- si_table.set_field("builtin", si->builtin);
-
- Lua::Table(L, 2).set_field_from_stack("sig_info", si_table.index);
- }
-
- return 1;
- }
- },
- {
- "set",
- // FIXIT-L add support for setting strings
- [](lua_State* L)
- {
- auto& self = EventIface.get(L);
- luaL_checktype(L, 2, LUA_TTABLE);
-
- Lua::Table new_table(L, 2);
- new_table.get_field_to_stack("sig_info");
-
- auto* si = const_cast<SigInfo*>(self.sig_info);
-
- if ( si && lua_istable(L, lua_gettop(L)) )
- {
- Lua::ManageStack lua_ms(L);
- Lua::Table si_table(L, lua_gettop(L));
-
- si_table.get_field("generator", si->gid);
- si_table.get_field("id", si->sid);
- si_table.get_field("rev", si->rev);
- si_table.get_field("class_id", si->class_id);
- si_table.get_field("priority", si->priority);
- si_table.get_field("builtin", si->builtin);
- }
-
- set_fields(L, 2, self);
-
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- {
- "__tostring",
- [](lua_State* L)
- { return EventIface.default_tostring(L); }
- },
- {
- "__gc",
- [](lua_State* L)
- {
- auto** t = EventIface.regurgitate(L);
- delete (*t)->sig_info;
- EventIface.destroy(L, t);
-
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<Event> EventIface =
-{
- "Event",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_event_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_EVENT_IFACE_H
-#define PP_EVENT_IFACE_H
-
-#include "lua/lua_iface.h"
-
-struct Event;
-
-extern const struct Lua::TypeInterface<Event> EventIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_flow_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_flow_iface.h"
-
-#include "flow/flow.h"
-#include "lua/lua_arg.h"
-
-using namespace snort;
-
-static const luaL_Reg methods[] =
-{
- {
- "new",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- PktType type = static_cast<PktType>(args[1].opt_size());
-
- FlowIface.create(L).init(type);
-
- return 1;
- }
- },
- {
- "reset",
- [](lua_State* L)
- {
- FlowIface.get(L).reset();
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- {
- "__tostring",
- [](lua_State* L)
- {
- auto& self = FlowIface.get(L);
- lua_pushfstring(L, "%s@%p", FlowIface.name, &self);
-
- return 1;
- }
- },
- {
- "__gc",
- [](lua_State* L)
- {
- auto** t = FlowIface.regurgitate(L);
- (*t)->term();
- FlowIface.destroy(L, t);
-
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<Flow> FlowIface =
-{
- "Flow",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_flow_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_FLOW_IFACE_H
-#define PP_FLOW_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-class Flow;
-}
-
-extern const struct Lua::TypeInterface<snort::Flow> FlowIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_inspector.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "managers/inspector_manager.h"
-#include "piglet/piglet_api.h"
-#include "stream/flush_bucket.h"
-
-#include "pp_decode_data_iface.h"
-#include "pp_flow_iface.h"
-#include "pp_inspector_iface.h"
-#include "pp_ip_api_iface.h"
-#include "pp_packet_iface.h"
-#include "pp_raw_buffer_iface.h"
-#include "pp_stream_splitter_iface.h"
-
-using namespace snort;
-
-class InspectorPiglet : public Piglet::BasePlugin
-{
-public:
- InspectorPiglet(Lua::State&, const std::string&, Module*, SnortConfig*);
- bool setup() override;
-
-private:
- Inspector* instance;
-};
-
-InspectorPiglet::InspectorPiglet(
- Lua::State& state, const std::string& tgt, Module* m, SnortConfig* sc) :
- BasePlugin(state, tgt, m, sc)
-{
- FlushBucket::set(0);
-
- assert(module);
- assert(snort_conf);
-
- instance = InspectorManager::instantiate(tgt.c_str(), module, snort_conf);
-}
-
-
-bool InspectorPiglet::setup()
-{
- if ( !instance )
- {
- Piglet::error("couldn't instantiate Inspector '%s'", target.c_str());
- return true;
- }
-
- install(L, DecodeDataIface);
- install(L, RawBufferIface);
- install(L, FlowIface);
- install(L, IpApiIface);
- install(L, PacketIface);
- install(L, StreamSplitterIface);
-
- install(L, InspectorIface, instance);
-
- return false;
-}
-
-// -----------------------------------------------------------------------------
-// API foo
-// -----------------------------------------------------------------------------
-static Piglet::BasePlugin* ctor(
- Lua::State& state, const std::string& target, Module* m, SnortConfig* sc)
-{ return new InspectorPiglet(state, target, m, sc); }
-
-static void dtor(Piglet::BasePlugin* p)
-{ delete p; }
-
-static const struct Piglet::Api piglet_api =
-{
- {
- PT_PIGLET,
- sizeof(Piglet::Api),
- PIGLET_API_VERSION,
- 0,
- API_RESERVED,
- API_OPTIONS,
- "pp_inspector",
- "Inspector piglet",
- nullptr,
- nullptr
- },
- ctor,
- dtor,
- PT_INSPECTOR
-};
-
-const BaseApi* pp_inspector = &piglet_api.base;
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_inspector_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_inspector_iface.h"
-
-#include "framework/inspector.h"
-#include "lua/lua_arg.h"
-#include "main/snort_config.h"
-
-#include "pp_packet_iface.h"
-#include "pp_raw_buffer_iface.h"
-#include "pp_stream_splitter_iface.h"
-
-using namespace snort;
-
-// FIXIT-M needs to be updated for addition of get_fp_buf()
-template<typename T>
-static inline bool get_buf(
- Inspector& i, T v, snort::Packet& p, std::string& rb)
-{
- struct InspectionBuffer ib;
- bool result = i.get_buf(v, &p, ib);
-
- if ( result )
- rb.assign(reinterpret_cast<const char*>(ib.data), ib.len);
-
- return result;
-}
-
-static const luaL_Reg methods[] =
-{
- {
- "configure",
- [](lua_State* L)
- {
- auto& self = InspectorIface.get(L);
- // FIXIT-L do we need an opaque SnortConfig interface?
- bool result = self.configure(SnortConfig::get_main_conf());
- lua_pushboolean(L, result);
- return 1;
- }
- },
- {
- "tinit",
- [](lua_State* L)
- {
- InspectorIface.get(L).tinit();
- return 0;
- },
- },
- {
- "tterm",
- [](lua_State* L)
- {
- InspectorIface.get(L).tterm();
- return 0;
- }
- },
- {
- "likes",
- [](lua_State* L)
- {
- auto& p = PacketIface.get(L, 1);
- auto& self = InspectorIface.get(L);
- bool result = self.likes(&p);
- lua_pushboolean(L, result);
- return 1;
- }
- },
- {
- "eval",
- [](lua_State* L)
- {
- auto& p = PacketIface.get(L);
- auto& self = InspectorIface.get(L);
-
- self.eval(&p);
-
- return 0;
- }
- },
- {
- "clear",
- [](lua_State* L)
- {
- auto& p = PacketIface.get(L);
- auto& self = InspectorIface.get(L);
-
- self.clear(&p);
-
- return 0;
- }
- },
- // FIXIT-M add exec() method
- {
- "get_buf_from_key",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& p = PacketIface.get(L, 2);
- auto& rb = RawBufferIface.get(L, 3);
-
- auto& self = InspectorIface.get(L);
-
- bool result = get_buf(self, args[1].check_string(), p, rb);
- lua_pushboolean(L, result);
-
- return 1;
- }
- },
- {
- "get_buf_from_id",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- int id = args[1].check_int();
- auto& p = PacketIface.get(L, 2);
- auto& rb = RawBufferIface.get(L, 3);
-
- auto& self = InspectorIface.get(L);
-
- bool result = get_buf(self, id, p, rb);
- lua_pushboolean(L, result);
-
- return 1;
- }
- },
- {
- "get_buf_from_type",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto type = static_cast<InspectionBuffer::Type>(args[1].check_int());
- auto& p = PacketIface.get(L, 2);
- auto& rb = RawBufferIface.get(L, 3);
-
- auto& self = InspectorIface.get(L);
-
- bool result = get_buf(self, type, p, rb);
- lua_pushboolean(L, result);
-
- return 1;
- }
- },
- {
- "get_splitter",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- bool to_server = args[1].check_bool();
- auto& self = InspectorIface.get(L);
-
- auto** sp = StreamSplitterIface.allocate(L);
- *sp = self.get_splitter(to_server);
-
- if ( *sp == nullptr )
- lua_pushnil(L);
-
- return 1;
- }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::InstanceInterface<Inspector> InspectorIface =
-{
- "Inspector",
- methods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_inspector_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_INSPECTOR_IFACE_H
-#define PP_INSPECTOR_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-class Inspector;
-}
-
-extern const struct Lua::InstanceInterface<snort::Inspector> InspectorIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_ip_api_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_ip_api_iface.h"
-
-#include "lua/lua_arg.h"
-#include "protocols/ip.h"
-
-#include "pp_raw_buffer_iface.h"
-
-using namespace snort;
-
-template<typename Header>
-static void set_header(lua_State* L, ip::IpApi& ip_api, RawBuffer& rb)
-{
- if ( rb.size() < sizeof(Header) )
- luaL_error(L,
- "buffer is to small to be cast to header, (need %d, got %d)",
- sizeof(Header), rb.size()
- );
-
- else
- {
- const auto* hdr = reinterpret_cast<const Header*>(rb.data());
- ip_api.set(hdr);
- }
-}
-
-template<typename Header>
-static int set(lua_State* L)
-{
- Lua::Args args(L);
- auto & self = IpApiIface.get(L, 1);
-
- RawBuffer* rb;
- int ref_index = 2;
-
- if ( RawBufferIface.is(L, 2) )
- rb = &RawBufferIface.get(L, 2);
-
- else
- {
- size_t len = 0;
- const char* data = args[2].check_string(len);
- rb = &RawBufferIface.create(L, data, len);
- ref_index = lua_gettop(L);
- }
-
- set_header<Header>(L, self, *rb);
-
- Lua::add_ref(L, &self, "iph", ref_index);
-
- return 0;
-}
-
-static const luaL_Reg methods[] =
-{
- {
- "set_ip4",
- [](lua_State* L)
- { return set<ip::IP4Hdr>(L); }
- },
- {
- "set_ip6",
- [](lua_State* L)
- { return set<ip::IP6Hdr>(L); }
- },
- {
- "reset",
- [](lua_State* L)
- { IpApiIface.get(L).reset(); return 0; }
- },
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- {
- "__tostring",
- [](lua_State* L)
- { return IpApiIface.default_tostring(L); }
- },
- {
- "__gc",
- [](lua_State* L)
- {
- // don't need to delete, because this object is a pointer to
- // a member of a DecodeData
- Lua::remove_refs(L, static_cast<void*>(&IpApiIface.get(L)));
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<ip::IpApi> IpApiIface =
-{
- "IpApi",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_ip_api_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_IP_API_IFACE_H
-#define PP_IP_API_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-namespace ip
-{
-class IpApi;
-}
-}
-
-extern const struct Lua::TypeInterface<snort::ip::IpApi> IpApiIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_ips_action.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "managers/action_manager.h"
-#include "piglet/piglet_api.h"
-
-#include "pp_ips_action_iface.h"
-#include "pp_packet_iface.h"
-#include "pp_raw_buffer_iface.h"
-
-using namespace snort;
-
-class IpsActionPiglet : public Piglet::BasePlugin
-{
-public:
- IpsActionPiglet(Lua::State&, const std::string&, Module*, SnortConfig*);
- ~IpsActionPiglet() override;
- bool setup() override;
-
-private:
- IpsActionWrapper* wrapper;
-};
-
-IpsActionPiglet::IpsActionPiglet(
- Lua::State& state, const std::string& tgt, Module* m, SnortConfig* sc) :
- BasePlugin(state, tgt, m, sc)
-{
- if ( module )
- wrapper = ActionManager::instantiate(tgt.c_str(), m);
-}
-
-IpsActionPiglet::~IpsActionPiglet()
-{
- if ( wrapper )
- delete wrapper;
-}
-
-bool IpsActionPiglet::setup()
-{
- if ( !wrapper )
- return true;
-
- install(L, RawBufferIface);
- install(L, PacketIface);
-
- install(L, IpsActionIface, wrapper->instance);
-
- return false;
-}
-
-// -----------------------------------------------------------------------------
-// API foo
-// -----------------------------------------------------------------------------
-static Piglet::BasePlugin* ctor(
- Lua::State& state, const std::string& target, Module* m, SnortConfig* sc)
-{ return new IpsActionPiglet(state, target, m, sc); }
-
-static void dtor(Piglet::BasePlugin* p)
-{ delete p; }
-
-static const struct Piglet::Api piglet_api =
-{
- {
- PT_PIGLET,
- sizeof(Piglet::Api),
- PIGLET_API_VERSION,
- 0,
- API_RESERVED,
- API_OPTIONS,
- "pp_ips_action",
- "Ips action piglet",
- nullptr,
- nullptr
- },
- ctor,
- dtor,
- PT_IPS_ACTION
-};
-
-const BaseApi* pp_ips_action = &piglet_api.base;
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_ips_action_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_ips_action_iface.h"
-
-#include "framework/ips_action.h"
-
-#include "pp_packet_iface.h"
-
-using namespace snort;
-
-static const luaL_Reg methods[] =
-{
- {
- "exec",
- [](lua_State* L)
- {
- auto& p = PacketIface.get(L);
- auto& self = IpsActionIface.get(L);
-
- self.exec(&p, nullptr);
-
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::InstanceInterface<IpsAction> IpsActionIface =
-{
- "IpsAction",
- methods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_ips_action_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_IPS_ACTION_IFACE_H
-#define PP_IPS_ACTION_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-class IpsAction;
-}
-
-extern const struct Lua::InstanceInterface<snort::IpsAction> IpsActionIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_ips_option.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "detection/treenodes.h"
-#include "managers/ips_manager.h"
-#include "piglet/piglet_api.h"
-
-#include "pp_cursor_iface.h"
-#include "pp_ips_option_iface.h"
-#include "pp_packet_iface.h"
-#include "pp_raw_buffer_iface.h"
-
-using namespace snort;
-
-class IpsOptionPiglet : public Piglet::BasePlugin
-{
-public:
- IpsOptionPiglet(Lua::State&, const std::string&, Module*);
- ~IpsOptionPiglet() override;
- bool setup() override;
-
-private:
- IpsOptionWrapper* wrapper;
- struct OptTreeNode* otn;
-};
-
-IpsOptionPiglet::IpsOptionPiglet(
- Lua::State& state, const std::string& tgt, Module* m) :
- BasePlugin(state, tgt, m)
-{
- if ( !module )
- return;
-
- otn = new struct OptTreeNode;
-
- if ( !otn )
- return;
-
- wrapper = IpsManager::instantiate(tgt.c_str(), m, otn);
-}
-
-IpsOptionPiglet::~IpsOptionPiglet()
-{
- if ( wrapper )
- delete wrapper;
-
- // FIXIT-M is it okay for OTN to be arbitrary?
- if ( otn )
- delete otn;
-}
-
-bool IpsOptionPiglet::setup()
-{
- if ( !wrapper )
- return true;
-
- install(L, RawBufferIface);
- install(L, PacketIface);
- install(L, CursorIface);
-
- install(L, IpsOptionIface, wrapper->instance);
-
- return false;
-}
-
-// -----------------------------------------------------------------------------
-// API foo
-// -----------------------------------------------------------------------------
-static Piglet::BasePlugin* ctor(
- Lua::State& state, const std::string& target, Module* m, SnortConfig*)
-{ return new IpsOptionPiglet(state, target, m); }
-
-static void dtor(Piglet::BasePlugin* p)
-{ delete p; }
-
-static const struct Piglet::Api piglet_api =
-{
- {
- PT_PIGLET,
- sizeof(Piglet::Api),
- PIGLET_API_VERSION,
- 0,
- API_RESERVED,
- API_OPTIONS,
- "pp_ips_option",
- "Ips option piglet",
- nullptr,
- nullptr
- },
- ctor,
- dtor,
- PT_IPS_OPTION
-};
-
-const BaseApi* pp_ips_option = &piglet_api.base;
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_ips_option_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_ips_option_iface.h"
-
-#include "framework/ips_option.h"
-#include "lua/lua_stack.h"
-
-#include "pp_packet_iface.h"
-#include "pp_cursor_iface.h"
-
-using namespace snort;
-
-static const luaL_Reg methods[] =
-{
- {
- "hash",
- [](lua_State* L)
- {
- uint32_t result = IpsOptionIface.get(L).hash();
- Lua::Stack<uint32_t>::push(L, result);
- return 1;
- }
- },
- {
- "is_relative",
- [](lua_State* L)
- {
- bool result = IpsOptionIface.get(L).is_relative();
- lua_pushboolean(L, result);
- return 1;
- }
- },
- {
- "get_cursor_type",
- [](lua_State* L)
- {
- CursorActionType cat = IpsOptionIface.get(L).get_cursor_type();
- Lua::Stack<unsigned>::push(L, static_cast<unsigned>(cat));
- return 1;
- }
- },
- {
- "eval",
- [](lua_State* L)
- {
- auto& c = CursorIface.get(L, 1);
- auto& p = PacketIface.get(L, 2);
-
- auto& self = IpsOptionIface.get(L);
-
- auto result = self.eval(c, &p);
- lua_pushinteger(L, result);
-
- return 1;
- }
- },
- {
- "action",
- [](lua_State* L)
- {
- auto& p = PacketIface.get(L);
- auto& self = IpsOptionIface.get(L);
-
- self.action(&p);
-
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::InstanceInterface<IpsOption> IpsOptionIface =
-{
- "IpsOption",
- methods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_ips_option_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_IPS_OPTION_IFACE_H
-#define PP_IPS_OPTION_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-class IpsOption;
-}
-
-extern const struct Lua::InstanceInterface<snort::IpsOption> IpsOptionIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_logger.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "managers/event_manager.h"
-#include "piglet/piglet_api.h"
-
-#include "pp_decode_data_iface.h"
-#include "pp_event_iface.h"
-#include "pp_ip_api_iface.h"
-#include "pp_logger_iface.h"
-#include "pp_packet_iface.h"
-#include "pp_raw_buffer_iface.h"
-
-using namespace snort;
-
-class LoggerPiglet : public Piglet::BasePlugin
-{
-public:
- LoggerPiglet(Lua::State&, const std::string&, Module*, SnortConfig*);
- ~LoggerPiglet() override;
- bool setup() override;
-
-private:
- LoggerWrapper* wrapper;
-};
-
-LoggerPiglet::LoggerPiglet(
- Lua::State& state, const std::string& tgt, Module* m, SnortConfig* sc) :
- BasePlugin(state, tgt, m, sc)
-{
- // FIXIT-M does Logger need module?
- if ( module )
- wrapper = EventManager::instantiate(tgt.c_str(), m, sc);
-}
-
-LoggerPiglet::~LoggerPiglet()
-{
- if ( wrapper )
- delete wrapper;
-}
-
-bool LoggerPiglet::setup()
-{
- if ( !wrapper )
- return true;
-
- install(L, RawBufferIface);
- install(L, DecodeDataIface);
- install(L, IpApiIface);
- install(L, PacketIface);
- install(L, EventIface);
-
- install(L, LoggerIface, wrapper->instance);
-
- return false;
-}
-
-// -----------------------------------------------------------------------------
-// API foo
-// -----------------------------------------------------------------------------
-static Piglet::BasePlugin* ctor(
- Lua::State& state, const std::string& target, Module* m, SnortConfig* sc)
-{ return new LoggerPiglet(state, target, m, sc); }
-
-static void dtor(Piglet::BasePlugin* p)
-{ delete p; }
-
-static const struct Piglet::Api piglet_api =
-{
- {
- PT_PIGLET,
- sizeof(Piglet::Api),
- PIGLET_API_VERSION,
- 0,
- API_RESERVED,
- API_OPTIONS,
- "pp_logger",
- "Logger piglet",
- nullptr,
- nullptr
- },
- ctor,
- dtor,
- PT_LOGGER
-};
-
-const BaseApi* pp_logger = &piglet_api.base;
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_logger_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_logger_iface.h"
-
-#include "framework/logger.h"
-#include "lua/lua_arg.h"
-
-#include "pp_event_iface.h"
-#include "pp_packet_iface.h"
-
-using namespace snort;
-
-static const luaL_Reg methods[] =
-{
- {
- "open",
- [](lua_State* L)
- {
- LoggerIface.get(L).open();
- return 0;
- }
- },
- {
- "close",
- [](lua_State* L)
- {
- LoggerIface.get(L).close();
- return 0;
- }
- },
- {
- "reset",
- [](lua_State* L)
- {
- LoggerIface.get(L).reset();
- return 0;
- }
- },
- {
- "alert",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& p = PacketIface.get(L, 1);
- auto& e = EventIface.get(L, 3);
-
- auto& self = LoggerIface.get(L);
-
- const char* msg = args[2].check_string();
- self.alert(&p, msg, e);
-
- return 0;
- }
- },
- {
- "log",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& p = PacketIface.get(L, 1);
- auto& e = EventIface.get(L, 3);
-
- auto& self = LoggerIface.get(L);
-
- const char* msg = args[2].check_string();
- self.log(&p, msg, &e);
-
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::InstanceInterface<Logger> LoggerIface =
-{
- "Logger",
- methods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_logger_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_LOGGER_IFACE_H
-#define PP_LOGGER_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-class Logger;
-}
-
-extern const struct Lua::InstanceInterface<snort::Logger> LoggerIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_packet_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_packet_iface.h"
-
-#include "lua/lua_arg.h"
-#include "protocols/packet.h"
-
-#include "pp_daq_pkthdr_iface.h"
-#include "pp_decode_data_iface.h"
-#include "pp_flow_iface.h"
-#include "pp_raw_buffer_iface.h"
-
-using namespace snort;
-
-static void set_fields(lua_State* L, int tindex, Packet& self)
-{
- Lua::Table table(L, tindex);
-
- table.get_field("packet_flags", self.packet_flags);
- table.get_field("xtradata_mask", self.xtradata_mask);
- table.get_field("proto_bits", self.proto_bits);
- table.get_field("alt_dsize", self.alt_dsize);
- table.get_field("num_layers", self.num_layers);
- table.get_field("iplist_id", self.iplist_id);
- table.set_field("user_inspection_policy_id", self.user_inspection_policy_id);
- table.set_field("user_ips_policy_id", self.user_ips_policy_id);
- table.set_field("user_network_policy_id", self.user_network_policy_id);
-}
-
-static void get_fields(lua_State* L, int tindex, const Packet& self)
-{
- Lua::Table table(L, tindex);
-
- table.set_field("packet_flags", self.packet_flags);
- table.set_field("xtradata_mask", self.xtradata_mask);
- table.set_field("proto_bits", self.proto_bits);
- table.set_field("alt_dsize", self.alt_dsize);
- table.set_field("num_layers", self.num_layers);
- table.set_field("iplist_id", self.iplist_id);
- table.set_field("user_inspection_policy_id", self.user_inspection_policy_id);
- table.set_field("user_ips_policy_id", self.user_ips_policy_id);
- table.set_field("user_network_policy_id", self.user_network_policy_id);
-}
-
-static void set(lua_State* L, Packet& self, Lua::Args& args, int start)
-{
- for ( int i = start; i <= args.count; i++ )
- {
- if ( args[i].is_string() )
- {
- size_t len = 0;
- const char* s = args[i].check_string(len);
- auto& rb = RawBufferIface.create(L, s, len);
- self.pkt = get_data(rb);
- Lua::add_ref(L, &self, "pkt", lua_gettop(L));
- lua_pop(L, 1);
- }
- else if ( args[i].is_size() )
- {
- size_t sz = args[i].check_size();
- auto& rb = RawBufferIface.create(L, sz, '\0');
- self.pkt = get_data(rb);
- Lua::add_ref(L, &self, "pkt", lua_gettop(L));
- lua_pop(L, 1);
- }
- else if ( args[i].is_table() )
- {
- args[i].check_table(set_fields, self);
- }
- else if ( RawBufferIface.is(L, i) )
- {
- self.pkt = get_data(RawBufferIface.get(L, i));
- Lua::add_ref(L, &self, "pkt", i);
- }
- else if ( DAQHeaderIface.is(L, i) )
- {
- self.pkth = &DAQHeaderIface.get(L, i);
- Lua::add_ref(L, &self, "pkth", i);
- }
- else
- {
- luaL_argerror(L, i,
- "expected string or unsigned or table or RawBuffer or DAQHeader");
- }
- }
-}
-
-static const luaL_Reg methods[] =
-{
- {
- "new",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& self = PacketIface.create(L);
- self.reset();
-
- set(L, self, args, 1);
-
- return 1;
- }
- },
- {
- "set_decode_data",
- [](lua_State* L)
- {
- PacketIface.get(L, 1).ptrs = DecodeDataIface.get(L, 2);
- return 0;
- }
- },
- {
- "set_data",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& self = PacketIface.get(L, 1);
- size_t offset = args[2].check_size();
- size_t size = args[3].check_size();
-
- self.data = self.pkt + offset;
- self.dsize = size;
-
- return 0;
- }
- },
- {
- "set_flow",
- [](lua_State* L)
- {
- auto& self = PacketIface.get(L, 1);
- auto& flow = FlowIface.get(L, 2);
-
- self.flow = &flow;
- Lua::add_ref(L, &self, "flow", 2);
-
- return 0;
- }
- },
- {
- "get",
- [](lua_State* L)
- { return PacketIface.default_getter(L, get_fields); }
- },
- {
- "set",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& self = PacketIface.get(L, 1);
-
- set(L, self, args, 2);
-
- return 0;
- }
- },
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- {
- "__tostring",
- [](lua_State* L)
- { return PacketIface.default_tostring(L); }
- },
- {
- "__gc",
- [](lua_State* L)
- { return PacketIface.default_gc(L); }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<Packet> PacketIface =
-{
- "Packet",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_packet_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_PACKET_IFACE_H
-#define PP_PACKET_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-struct Packet;
-}
-
-extern const struct Lua::TypeInterface<snort::Packet> PacketIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_raw_buffer_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_raw_buffer_iface.h"
-
-#include "lua/lua_arg.h"
-
-// FIXIT-M a lot of users keep references to this data. Need to prevent
-// Lua's garbage collection from destroying RawBuffer while other C++ types
-// are using the data (unbeknownst to Lua). Add a container data type
-// which hold ref counts to RawBuffer and only frees when the ref count is
-// zero.
-
-static int init_from_string(lua_State* L)
-{
- Lua::Args l_args(L);
-
- size_t len = 0;
- const char* s = l_args[1].check_string(len);
- size_t size = l_args[2].opt_size(len);
-
- // instantiate and adjust size if necessary
- RawBufferIface.create(L, s, len).resize(size, '\0');
-
- return 1;
-}
-
-static int init_from_size(lua_State* L)
-{
- Lua::Args l_args(L);
-
- size_t size = l_args[1].opt_size();
-
- RawBufferIface.create(L, size, '\0');
-
- return 1;
-}
-
-static const luaL_Reg methods[] =
-{
- {
- "new",
- [](lua_State* L)
- {
- Lua::Args lua_args(L);
-
- if ( lua_args[1].is_string() )
- return init_from_string(L);
-
- return init_from_size(L);
- }
- },
- {
- "size",
- [](lua_State* L)
- {
- auto& self = RawBufferIface.get(L);
- lua_pushinteger(L, self.size());
- return 1;
- }
- },
- {
- "resize",
- [](lua_State* L)
- {
- Lua::Args lua_args(L);
-
- auto& self = RawBufferIface.get(L, 1);
- size_t new_size = lua_args[2].check_size();
-
- self.resize(new_size, '\0');
-
- return 0;
- }
- },
- {
- "write",
- [](lua_State* L)
- {
- Lua::Args lua_args(L);
-
- auto& self = RawBufferIface.get(L, 1);
-
- size_t len = 0;
- const char* s = lua_args[2].check_string(len);
- size_t offset = lua_args[3].opt_size();
-
- size_t required = offset + len;
- if ( self.size() < required )
- self.resize(required, '\0');
-
- self.replace(offset, len, s);
-
- return 0;
- }
- },
- {
- "read",
- [](lua_State* L)
- {
- Lua::Args lua_args(L);
-
- auto& self = RawBufferIface.get(L, 1);
-
- if ( lua_args.count > 2 )
- {
- size_t start = lua_args[2].check_size(self.size());
- size_t end = lua_args[3].check_size(start, self.size());
- lua_pushlstring(L, self.data() + start, end - start);
- }
- else
- {
- size_t end = lua_args[2].opt_size(self.size(), self.size());
- lua_pushlstring(L, self.data(), end);
- }
-
- return 1;
- }
- },
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- {
- "__tostring",
- [](lua_State* L)
- {
- auto& self = RawBufferIface.get(L);
- lua_pushlstring(L, self.data(), self.size());
- return 1;
- }
- },
- {
- "__gc",
- [](lua_State* L)
- { return RawBufferIface.default_gc(L); }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<RawBuffer> RawBufferIface =
-{
- "RawBuffer",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_raw_buffer_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_RAW_BUFFER_IFACE_H
-#define PP_RAW_BUFFER_IFACE_H
-
-#include <string>
-
-#include "lua/lua_iface.h"
-
-using RawBuffer = std::string;
-
-inline const uint8_t* get_data(RawBuffer& rb)
-{ return reinterpret_cast<const uint8_t*>(rb.data()); }
-
-inline uint8_t* get_mutable_data(RawBuffer& rb)
-{ return const_cast<uint8_t*>(get_data(rb)); }
-
-inline size_t get_data_length(RawBuffer& rb)
-{ return rb.size(); }
-
-extern const struct Lua::TypeInterface<RawBuffer> RawBufferIface;
-
-#endif
-
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_search_engine.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "managers/mpse_manager.h"
-#include "piglet/piglet_api.h"
-
-#include "pp_search_engine_iface.h"
-
-using namespace snort;
-
-class SearchEnginePiglet : public Piglet::BasePlugin
-{
-public:
- SearchEnginePiglet(Lua::State&, const std::string&, Module*, SnortConfig*);
- ~SearchEnginePiglet() override;
- bool setup() override;
-
-private:
- MpseWrapper* wrapper;
-};
-
-SearchEnginePiglet::SearchEnginePiglet(
- Lua::State& state, const std::string& tgt, Module* m, SnortConfig* sc) :
- BasePlugin(state, tgt, m, sc)
-{ wrapper = MpseManager::instantiate(tgt.c_str(), module, snort_conf); }
-
-SearchEnginePiglet::~SearchEnginePiglet()
-{
- if ( wrapper )
- delete wrapper;
-}
-
-bool SearchEnginePiglet::setup()
-{
- if ( !wrapper )
- return true;
-
- install(L, SearchEngineIface, wrapper->instance);
-
- return false;
-}
-
-// -----------------------------------------------------------------------------
-// API foo
-// -----------------------------------------------------------------------------
-static Piglet::BasePlugin* ctor(
- Lua::State& state, const std::string& target, Module* m, SnortConfig* sc)
-{ return new SearchEnginePiglet(state, target, m, sc); }
-
-static void dtor(Piglet::BasePlugin* p)
-{ delete p; }
-
-static const struct Piglet::Api piglet_api =
-{
- {
- PT_PIGLET,
- sizeof(Piglet::Api),
- PIGLET_API_VERSION,
- 0,
- API_RESERVED,
- API_OPTIONS,
- "pp_search_engine",
- "Search engine piglet",
- nullptr,
- nullptr
- },
- ctor,
- dtor,
- PT_SEARCH_ENGINE
-};
-
-const BaseApi* pp_search_engine = &piglet_api.base;
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_search_engine_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_search_engine_iface.h"
-
-#include "framework/mpse.h"
-
-using namespace snort;
-
-static const luaL_Reg methods[] =
-{
- { nullptr, nullptr }
-};
-
-const struct Lua::InstanceInterface<Mpse> SearchEngineIface =
-{
- "SearchEngine",
- methods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_search_engine_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_SEARCH_ENGINE_IFACE_H
-#define PP_SEARCH_ENGINE_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-class Mpse;
-}
-
-extern const struct Lua::InstanceInterface<snort::Mpse> SearchEngineIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_so_rule.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "piglet_plugins.h"
-
-#include "managers/so_manager.h"
-#include "piglet/piglet_api.h"
-
-#include "pp_so_rule_iface.h"
-
-using namespace snort;
-
-class SoRulePiglet : public Piglet::BasePlugin
-{
-public:
- SoRulePiglet(Lua::State&, const std::string&, Module*, SnortConfig*);
- bool setup() override;
-};
-
-SoRulePiglet::SoRulePiglet(
- Lua::State& state, const std::string& tgt, Module* m, SnortConfig* sc) :
- BasePlugin(state, tgt, m, sc) { }
-
-
-bool SoRulePiglet::setup()
-{
- install(L, SoRuleIface);
-
- return false;
-}
-
-// -----------------------------------------------------------------------------
-// API foo
-// -----------------------------------------------------------------------------
-static Piglet::BasePlugin* ctor(
- Lua::State& state, const std::string& target, Module* m, SnortConfig* sc)
-{ return new SoRulePiglet(state, target, m, sc); }
-
-static void dtor(Piglet::BasePlugin* p)
-{ delete p; }
-
-static const struct Piglet::Api piglet_api =
-{
- {
- PT_PIGLET,
- sizeof(Piglet::Api),
- PIGLET_API_VERSION,
- 0,
- API_RESERVED,
- API_OPTIONS,
- "pp_so_rule",
- "SO rule piglet",
- nullptr,
- nullptr
- },
- ctor,
- dtor,
- PT_SO_RULE
-};
-
-const BaseApi* pp_so_rule = &piglet_api.base;
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_so_rule_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_so_rule_iface.h"
-
-#include "framework/so_rule.h"
-
-using namespace snort;
-
-static const luaL_Reg methods[] =
-{
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<SoRule> SoRuleIface =
-{
- "SoRule",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_so_rule_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_SO_RULE_IFACE_H
-#define PP_SO_RULE_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-class SoRule;
-}
-
-extern const struct Lua::TypeInterface<snort::SoRule> SoRuleIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_stream_splitter_iface.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pp_stream_splitter_iface.h"
-
-#include "lua/lua_arg.h"
-#include "stream/stream_splitter.h"
-
-#include "pp_flow_iface.h"
-#include "pp_packet_iface.h"
-#include "pp_raw_buffer_iface.h"
-
-using namespace snort;
-
-template<typename From, typename To>
-static inline void stack_push(lua_State* L, const From v)
-{ Lua::Stack<To>::push(L, static_cast<To>(v)); }
-
-static const luaL_Reg methods[] =
-{
- {
- "scan",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& self = StreamSplitterIface.get(L, 1);
- auto& pkt = PacketIface.get(L, 2);
- auto& rb = RawBufferIface.get(L, 3);
- uint32_t len = args[4].opt_size(rb.size(), rb.size());
- uint32_t flags = args[5].opt_size();
-
- uint32_t fp = 0;
- auto status = self.scan(&pkt, get_data(rb), len, flags, &fp);
-
- stack_push<StreamSplitter::Status, unsigned>(L, status);
- Lua::Stack<uint32_t>::push(L, fp);
-
- return 2;
- }
- },
- {
- "reassemble",
- [](lua_State* L)
- {
- Lua::Args args(L);
-
- auto& self = StreamSplitterIface.get(L, 1);
- auto& flow = FlowIface.get(L, 2);
- unsigned total = args[3].check_size();
- unsigned offset = args[4].check_size();
- auto& rb = RawBufferIface.get(L, 5);
- unsigned len = args[6].opt_size(rb.size());
- uint32_t flags = args[7].opt_size();
-
- unsigned copied = 0;
-
- auto sb = self.reassemble(&flow, total, offset, get_data(rb), len,
- flags, copied);
-
- Lua::Stack<unsigned>::push(L, copied);
-
- if ( sb.data )
- RawBufferIface.create(
- L, reinterpret_cast<const char*>(sb.data), sb.length);
- else
- lua_pushnil(L);
-
- return 2;
- }
- },
- {
- "finish",
- [](lua_State* L)
- {
- auto& self = StreamSplitterIface.get(L, 1);
- auto& flow = FlowIface.get(L, 2);
-
- bool result = self.finish(&flow);
- lua_pushboolean(L, result);
-
- return 1;
- }
- },
- { nullptr, nullptr }
-};
-
-static const luaL_Reg metamethods[] =
-{
- {
- "__tostring",
- [](lua_State* L)
- { return StreamSplitterIface.default_tostring(L); }
- },
- {
- "__gc",
- [](lua_State* L)
- { return StreamSplitterIface.default_gc(L); }
- },
- { nullptr, nullptr }
-};
-
-const struct Lua::TypeInterface<StreamSplitter> StreamSplitterIface =
-{
- "StreamSplitter",
- methods,
- metamethods
-};
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_stream_splitter_iface.h author Joel Cornett <jocornet@cisco.com>
-
-#ifndef PP_STREAM_SPLITTER_IFACE_H
-#define PP_STREAM_SPLITTER_IFACE_H
-
-#include "lua/lua_iface.h"
-
-namespace snort
-{
-class StreamSplitter;
-}
-
-extern const struct Lua::TypeInterface<snort::StreamSplitter> StreamSplitterIface;
-
-#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2015-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// pp_test.cc author Joel Cornett <jocornet@cisco.com>
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "piglet/piglet_api.h"
-
-#include "pp_buffer_iface.h"
-#include "pp_codec_data_iface.h"
-#include "pp_cursor_iface.h"
-#include "pp_daq_pkthdr_iface.h"
-#include "pp_decode_data_iface.h"
-#include "pp_enc_state_iface.h"
-#include "pp_event_iface.h"
-#include "pp_flow_iface.h"
-#include "pp_ip_api_iface.h"
-#include "pp_packet_iface.h"
-#include "pp_raw_buffer_iface.h"
-
-using namespace snort;
-
-class TestPiglet : public Piglet::BasePlugin
-{
-public:
- TestPiglet(Lua::State& state, const std::string& tgt) :
- BasePlugin(state, tgt) { }
-
- bool setup() override;
-};
-
-bool TestPiglet::setup()
-{
- // FIXIT-L would like to be able to selectively load lua interfaces
- install(L, BufferIface);
- install(L, CodecDataIface);
- install(L, CursorIface);
- install(L, DAQHeaderIface);
- install(L, DecodeDataIface);
- install(L, EncStateIface);
- install(L, EventIface);
- install(L, FlowIface);
- install(L, IpApiIface);
- install(L, PacketIface);
- install(L, RawBufferIface);
-
- return false;
-}
-
-// -----------------------------------------------------------------------------
-// API foo
-// -----------------------------------------------------------------------------
-static Piglet::BasePlugin* ctor(
- Lua::State& state, const std::string& target, Module*, SnortConfig*)
-{ return new TestPiglet(state, target); }
-
-static void dtor(Piglet::BasePlugin* p)
-{ delete p; }
-
-static const struct Piglet::Api piglet_api =
-{
- {
- PT_PIGLET,
- sizeof(Piglet::Api),
- PIGLET_API_VERSION,
- 0,
- API_RESERVED,
- API_OPTIONS,
- "pp_test",
- "Test piglet",
- nullptr,
- nullptr
- },
- ctor,
- dtor,
- PT_PIGLET
-};
-
-const BaseApi* pp_test = &piglet_api.base;
${TEST_FILES}
)
-if ( HAVE_FLATBUFFERS )
- target_include_directories( utils PRIVATE ${FLATBUFFERS_INCLUDE_DIR} )
-endif()
-
install (FILES ${UTIL_INCLUDES}
DESTINATION "${INCLUDE_INSTALL_PATH}/utils"
)
#include <sys/stat.h>
#include <zlib.h>
-#ifdef HAVE_FLATBUFFERS
-#include <flatbuffers/flatbuffers.h>
-#endif
-
#ifdef HAVE_HYPERSCAN
#include <hs_compile.h>
#endif
LogMessage(" Using %s\n", pcap_lib_version());
LogMessage(" Using PCRE version %s\n", pcre_version());
LogMessage(" Using ZLIB version %s\n", zlib_version);
-#ifdef HAVE_FLATBUFFERS
- LogMessage(" Using %s\n", flatbuffers::flatbuffer_version_string);
-#endif
#ifdef HAVE_HYPERSCAN
LogMessage(" Using Hyperscan version %s\n", hs_version());
#endif
-add_subdirectory(flatbuffers)
add_subdirectory(u2boat)
add_subdirectory(u2spewfoo)
add_subdirectory(snort2lua)
+++ /dev/null
-if ( HAVE_FLATBUFFERS )
- add_executable( fbstreamer
- fbstreamer.cc
- )
-
- target_include_directories( fbstreamer
- PRIVATE
- ${FLATBUFFERS_INCLUDE_DIR}
- )
- target_link_libraries( fbstreamer
- ${FLATBUFFERS_LIBRARIES}
- )
-
- install (TARGETS fbstreamer
- RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
- )
-endif()
-
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2017-2022 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-// fbstreamer.cc author Carter Waxman
-
-// This program is a simple utility for reading the flatbuffers files
-// Snort generates. The files consist of a schema with a stream of
-// timestamped records that this program converts into a YAML array for
-// further data processing.
-
-#include <csignal>
-#include <cstring>
-#include <fstream>
-#include <getopt.h>
-#include <iostream>
-
-#include <flatbuffers/idl.h>
-#include <flatbuffers/reflection.h>
-
-#include "src/utils/endian.h"
-
-#define OPT_INFILE 0x1
-#define OPT_BEFORE 0x2
-#define OPT_AFTER 0x4
-#define OPT_TAIL 0x8
-
-using namespace std;
-
-string in_file;
-uint64_t b_stamp = 0, a_stamp = 0;
-uint8_t opt_flags = 0;
-bool done = false;
-FILE* file;
-
-static void help()
-{
- cout << "Flatbuffers Multirecord Streamer for Snort 3\n\n"
- << "Records are output in pairs of YAML objects, representing\n"
- << "timestamp and record data\n\n"
- << "Usage: fbstreamer -i file [-b time] [-a time] [-t]\n"
- << "-i: FlatBuffers records file from Snort (required)\n"
- << "-b: Stream all records before or equal to this timestamp\n"
- << "-a: Stream all records after or equal to this timestamp\n"
- << "-t: Tail mode for reading live files\n";
-}
-
-static void error(const string& e)
-{
- if( done )
- return;
-
- cerr << "{ error: \"" << e << "\" }\n";
- cout << "]\n";
- if( file )
- fclose(file);
- exit(-1);
-}
-
-static bool tail_read(void* buf, size_t size)
-{
- bool tail = opt_flags & OPT_TAIL;
-
- if( ferror(file) || (feof(file) && !tail) )
- return false;
-
- size_t to_read = size;
- do {
- if( tail )
- clearerr(file);
-
- to_read -= fread((char*)buf + (size - to_read), 1, to_read, file);
-
- } while( to_read && tail && !done && feof(file) );
-
- if( tail )
- clearerr(file);
-
- if( to_read )
- return false;
-
- return true;
-}
-
-static uint8_t* read(size_t size, const char* on_error = nullptr)
-{
- uint8_t* ret = (uint8_t*) malloc(size);
-
- if( !ret )
- {
- string s = "Unable to allocate memory";
- error(on_error ? s + string(": ") + string(on_error): s);
- }
- if( !tail_read(ret, size) && on_error )
- error(on_error);
-
- return ret;
-}
-
-template<typename T>
-inline T read(const char* on_error = nullptr)
-{
- T ret = 0;
- if( !tail_read(&ret, sizeof(T)) && on_error )
- error(on_error);
- return ret;
-}
-
-static void sigint_handler(int)
-{ done = true; }
-
-static bool handle_options(int argc, char* argv[])
-{
- int opt;
- while( (opt = getopt(argc, argv, "i:b:a:it")) != -1 )
- {
- switch(opt)
- {
- case 'i':
- {
- in_file = optarg;
- opt_flags |= OPT_INFILE;
- break;
- }
- case 'b':
- {
- b_stamp = strtoull(optarg, nullptr, 10);
- opt_flags |= OPT_BEFORE;
- break;
- }
- case 'a':
- {
- a_stamp = strtoull(optarg, nullptr, 10);
- opt_flags |= OPT_AFTER;
- break;
- }
- case 't':
- {
- opt_flags |= OPT_TAIL;
- break;
- }
- default:
- {
- help();
- return false;
- }
- }
- }
- return true;
-}
-
-static const reflection::Schema* load_schema(flatbuffers::Parser& parser)
-{
- auto schema_size = ntohl(read<uint32_t>("Unable to read schema size"));
- auto schema = read(schema_size, "Unable to read schema");
-
- if( !parser.Parse((const char*)schema) )
- {
- free(schema);
- error("Unable to parse schema");
- }
- free(schema);
- parser.Serialize();
-
- return reflection::GetSchema(parser.builder_.GetBufferPointer());
-}
-
-inline bool is_after_b_stamp(uint64_t timestamp)
-{ return (opt_flags & OPT_BEFORE) && timestamp > b_stamp; }
-
-inline bool is_before_a_stamp(uint64_t timestamp)
-{ return (opt_flags & OPT_AFTER) && timestamp < a_stamp; }
-
-static uint8_t* scan_record(bool skip, uint32_t& size)
-{
- size = ntohl(read<uint32_t>("Unable to read record size"));
-
- if( skip )
- fseek(file, size, SEEK_CUR);
- else
- return read(size, "Unable to read record");
-
- return nullptr;
-}
-
-int main(int argc, char* argv[])
-{
- signal(SIGINT, sigint_handler);
-
- if( !handle_options(argc, argv) )
- return 1;
-
- cout << "[\n";
-
- if( !(opt_flags & OPT_INFILE) )
- error("-i is required");
-
- file = fopen(in_file.c_str(), "rb");
- if( !file )
- error("Unable to open file");
-
- if( ntohl(read<uint32_t>("Unable to read file magic")) != 0x464C5449 )
- error("Unknown file magic");
-
- flatbuffers::Parser parser;
- auto schema = load_schema(parser);
-
- auto timestamp = ntohll(read<uint64_t>());
- while( !ferror(file) && !feof(file) && !done )
- {
- uint32_t size;
-
- if( is_after_b_stamp(timestamp) )
- break;
-
- if( is_before_a_stamp(timestamp) )
- {
- scan_record(true, size);
- timestamp = ntohll(read<uint64_t>());
- continue;
- }
-
- auto record = scan_record(false, size);
- if( flatbuffers::Verify(*schema, *schema->root_table(), record, size) )
- {
- string json;
- if( flatbuffers::GenerateText(parser, record, &json) )
- cout << "[\n{ timestamp: " << timestamp << " },\n" << json << "],\n";
- else
- cerr << "{ status: \"Unable to process record\", timestamp: "
- << timestamp << " },\n";
- }
- else
- cerr << "{ status: \"Record appears to be corrupt\", timestamp: "
- << timestamp << " },\n";
-
- free(record);
-
- timestamp = ntohll(read<uint64_t>());
- }
-
- fclose(file);
- cout << "{ status: \"done\" }\n]\n";
- return 0;
-}
projects / thirdparty / snort3.git / commitdiff
