Merge pull request #1144 in SNORT/snort3 from metapacket to master

Squashed commit of the following:

commit e6660bd853546dd1de7a708a9bc84f2bf922765d
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date:   Tue Mar 27 16:29:28 2018 -0400

    fix

commit 2dc5713408cb250ba89e74298e99437063b1509d
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date:   Fri Mar 16 14:44:14 2018 -0400

    sfip: A version of set() which automatically determines the family

commit 2386b17110b3ae536cde1f9481414510a3e7173d
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date:   Tue Mar 13 15:59:27 2018 -0400

    flow: SO_PUBLIC FlowKey

diff --git a/daqs/daq_hext.c b/daqs/daq_hext.c
index a89c6b71f435ef9d1dd328fcc821926639ef4fc8..ccbaa4e7c9455e12d437e32842d874c75435e1cd 100644 (file)
--- a/daqs/daq_hext.c
+++ b/daqs/daq_hext.c
@@ -133,6 +133,30 @@ static void parse_pci(HextImpl* impl, const char* s)
         impl->pci.flags &= ~DAQ_USR_FLAG_TO_SERVER;
 }
 
+static bool is_ipv4(char const* src)
+{
+    struct in6_addr temp;
+    if ( inet_pton(AF_INET, src, &temp) == 1 )
+        return true;
+    else if ( inet_pton(AF_INET6, src, &temp) == 1 )
+        return false;
+
+    return false;
+}
+
+void IpAddr(uint32_t* addr, char const* ip)
+{
+    if ( is_ipv4(ip) ) {
+        addr[0] = 0;
+        addr[1] = 0;
+        addr[2] = htonl(0xffff);
+        inet_pton(AF_INET, ip, &addr[3]);
+    }
+    else {
+        inet_pton(AF_INET6, ip, addr);
+    }
+}
+
 enum Search {
     I_ZONE,
     E_ZONE,
@@ -179,19 +203,17 @@ static void set_flowstats(Flow_Stats_t* f, enum Search state, const char* s)
             break;
 
         case SRC_HOST:
-            if (inet_pton(AF_INET, s, (uint32_t*)&f->initiatorIp) == 0)
-                inet_pton(AF_INET6, s, (uint32_t*)&f->initiatorIp);
-            break;
-
-        case DST_HOST:
-            if (inet_pton(AF_INET, s, (uint32_t*)&f->responderIp) == 0)
-                inet_pton(AF_INET6, s, (uint32_t*)&f->responderIp);
+            IpAddr((uint32_t*)&f->initiatorIp, s);
             break;
 
         case SRC_PORT:
             f->initiatorPort = htons(atoi(s));
             break;
 
+        case DST_HOST:
+            IpAddr((uint32_t*)&f->responderIp, s);
+            break;
+
         case DST_PORT:
             f->responderPort = htons(atoi(s));
             break;

diff --git a/src/flow/expect_cache.h b/src/flow/expect_cache.h
index e41b2f761fa53f151c9c18d9a6eab52104e7287d..2c505dd1e0537656ccb80af1a985178afd264c36 100644 (file)
--- a/src/flow/expect_cache.h
+++ b/src/flow/expect_cache.h
@@ -111,11 +111,11 @@ public:
 private:
     void prune();
 
-    ExpectNode* get_node(FlowKey&, bool&);
+    ExpectNode* get_node(snort::FlowKey&, bool&);
     snort::ExpectFlow* get_flow(ExpectNode*, uint32_t, int16_t);
     bool set_data(ExpectNode*, snort::ExpectFlow*&, snort::FlowData*);
-    ExpectNode* find_node_by_packet(snort::Packet*, FlowKey&);
-    bool process_expected(ExpectNode*, FlowKey&, snort::Packet*, snort::Flow*);
+    ExpectNode* find_node_by_packet(snort::Packet*, snort::FlowKey&);
+    bool process_expected(ExpectNode*, snort::FlowKey&, snort::Packet*, snort::Flow*);
 
 private:
     class ZHash* hash_table;

diff --git a/src/flow/flow.h b/src/flow/flow.h
index 4eaef486a0b42604131b1234865d9b5faa680a9d..adc69f2dc80dd9a5c1ece79c44924ebf1207279e 100644 (file)
--- a/src/flow/flow.h
+++ b/src/flow/flow.h
@@ -95,11 +95,11 @@
 
 class BitOp;
 class FlowHAState;
-struct FlowKey;
 class Session;
 
 namespace snort
 {
+struct FlowKey;
 struct Packet;
 
 typedef void (* StreamAppDataFree)(void*);

diff --git a/src/flow/flow_cache.h b/src/flow/flow_cache.h
index 7b42654a18a5ccc4c33fa9248bf906af82fad1f4..492ee666f8352a5b50b2da9e146adb3d1cf50ecf 100644 (file)
--- a/src/flow/flow_cache.h
+++ b/src/flow/flow_cache.h
@@ -34,8 +34,8 @@
 namespace snort
 {
 class Flow;
-}
 struct FlowKey;
+}
 
 class FlowCache
 {
@@ -48,8 +48,8 @@ public:
 
     void push(snort::Flow*);
 
-    snort::Flow* find(const FlowKey*);
-    snort::Flow* get(const FlowKey*);
+    snort::Flow* find(const snort::FlowKey*);
+    snort::Flow* get(const snort::FlowKey*);
 
     int release(snort::Flow*, PruneReason = PruneReason::NONE, bool do_cleanup = true);
 

diff --git a/src/flow/flow_control.h b/src/flow/flow_control.h
index bfe6ce513aa38e1a04b9943bc08b3fcc1e8f985c..3966c4ff220e0859c5cdc77ae5dc44444d02936d 100644 (file)
--- a/src/flow/flow_control.h
+++ b/src/flow/flow_control.h
@@ -37,11 +37,11 @@ namespace snort
 {
 class Flow;
 class FlowData;
+struct FlowKey;
 struct Packet;
 struct SfIp;
 }
 class FlowCache;
-struct FlowKey;
 
 enum class PruneReason : uint8_t;
 
@@ -59,8 +59,8 @@ public:
     void process_user(snort::Packet*);
     void process_file(snort::Packet*);
 
-    snort::Flow* find_flow(const FlowKey*);
-    snort::Flow* new_flow(const FlowKey*);
+    snort::Flow* find_flow(const snort::FlowKey*);
+    snort::Flow* new_flow(const snort::FlowKey*);
 
     void init_ip(const FlowConfig&, snort::InspectSsnFunc);
     void init_icmp(const FlowConfig&, snort::InspectSsnFunc);
@@ -70,7 +70,7 @@ public:
     void init_file(const FlowConfig&, snort::InspectSsnFunc);
     void init_exp(uint32_t max);
 
-    void delete_flow(const FlowKey*);
+    void delete_flow(const snort::FlowKey*);
     void delete_flow(snort::Flow*, PruneReason);
     void purge_flows(PktType);
     bool prune_one(PruneReason, bool do_cleanup);
@@ -102,7 +102,7 @@ private:
     FlowCache* get_cache(PktType);
     const FlowCache* get_cache(PktType) const;
 
-    void set_key(FlowKey*, snort::Packet*);
+    void set_key(snort::FlowKey*, snort::Packet*);
 
     unsigned process(snort::Flow*, snort::Packet*);
     void preemptive_cleanup();

diff --git a/src/flow/flow_key.h b/src/flow/flow_key.h
index b117e5f86b83de83b18c9aaab2a379cb87c42f58..44633b7ecbcbe819bbbb716e51a616030471c28d 100644 (file)
--- a/src/flow/flow_key.h
+++ b/src/flow/flow_key.h
@@ -33,10 +33,9 @@ struct HashFnc;
 namespace snort
 {
 struct SfIp;
-}
 
 PADDING_GUARD_BEGIN
-struct FlowKey
+struct SO_PUBLIC FlowKey
 {
     uint32_t   ip_l[4]; /* Low IP */
     uint32_t   ip_h[4]; /* High IP */
@@ -89,5 +88,7 @@ private:
 };
 PADDING_GUARD_END
 
+}
+
 #endif
 

diff --git a/src/flow/ha.h b/src/flow/ha.h
index e1f78093bd1739b362f8dc20cb946bf3699f04f0..60af2f297767568013102bdb0e73a9aaa61b3ede 100644 (file)
--- a/src/flow/ha.h
+++ b/src/flow/ha.h
@@ -30,8 +30,8 @@
 namespace snort
 {
 class Flow;
-}
 struct FlowKey;
+}
 
 // The FlowHAHandle is the dynamically allocated index used uniquely identify
 //   the client.  Used both in the API and HA messages.
@@ -126,7 +126,7 @@ class FlowHAClient
 {
 public:
     virtual ~FlowHAClient() = default;
-    virtual bool consume(snort::Flow*&, FlowKey*, HAMessage*) { return false; }
+    virtual bool consume(snort::Flow*&, snort::FlowKey*, HAMessage*) { return false; }
     virtual bool produce(snort::Flow*, HAMessage*) { return false; }
     virtual bool is_update_required(snort::Flow*) { return false; }
     virtual bool is_delete_required(snort::Flow*) { return false; }

diff --git a/src/loggers/log_hext.cc b/src/loggers/log_hext.cc
index 627febdfed27f28a262a475dae1998a1e382be54..77ea327c00612aa08674ce0d24ef62225e8a686a 100644 (file)
--- a/src/loggers/log_hext.cc
+++ b/src/loggers/log_hext.cc
@@ -62,16 +62,15 @@ void DaqMetaEventHandler::handle(DataEvent& event, Flow*)
 
     const Flow_Stats_t* fs = (const Flow_Stats_t*)ev->get_data();
 
+    SfIp src, dst;
     char shost[INET6_ADDRSTRLEN];
     char dhost[INET6_ADDRSTRLEN];
 
-    const uint32_t *sip = (const uint32_t*)fs->initiatorIp;
-    int fam = AF_INET;
-    if ( sip[1] || sip[2] || sip[3] )
-        fam = AF_INET6;
+    src.set(fs->initiatorIp);
+    dst.set(fs->responderIp);
 
-    inet_ntop(fam, fs->initiatorIp, shost, INET6_ADDRSTRLEN);
-    inet_ntop(fam, fs->responderIp, dhost, INET6_ADDRSTRLEN);
+    src.ntop(shost, sizeof(shost));
+    dst.ntop(dhost, sizeof(dhost));
 
     int vlan_tag = fs->vlan_tag == 0xfff ?  0 : fs->vlan_tag;
 

diff --git a/src/service_inspectors/ftp_telnet/ftpp_si.h b/src/service_inspectors/ftp_telnet/ftpp_si.h
index 60125ed0d9b7655d575ac8f50ee174fdc3daf5e7..b6159644d5a26786437140153c398b9f0bf6bd7a 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftpp_si.h
+++ b/src/service_inspectors/ftp_telnet/ftpp_si.h
@@ -200,7 +200,7 @@ enum
 struct FTP_DATA_SESSION
 {
     FTP_TELNET_SESSION ft_ssn;
-    FlowKey ftp_key;
+    snort::FlowKey ftp_key;
     char* filename;
     int data_chan;
     int file_xfer_info;

diff --git a/src/sfip/sf_ip.cc b/src/sfip/sf_ip.cc
index 9143add445b29a00d8fdcf5b7f9d6df61d4d5408..318bc93b54acfb500f1c0fe12d013e2f21b4dbcf 100644 (file)
--- a/src/sfip/sf_ip.cc
+++ b/src/sfip/sf_ip.cc
@@ -342,6 +342,17 @@ SfIpRet SfIp::set(const void* src, int fam)
     return SFIP_SUCCESS;
 }
 
+SfIpRet SfIp::set(const void* src)
+{
+    assert(src);
+    if ( ((const uint32_t*)src)[0] == 0 &&
+         ((const uint32_t*)src)[1] == 0 &&
+         ((const uint16_t*)src)[4] == 0 &&
+         ((const uint16_t*)src)[5] == 0xffff )
+        return set(&((const uint32_t*)src)[3], AF_INET);
+    return set(src, AF_INET6);
+}
+
 /* Obfuscates this IP with an obfuscation CIDR
     Makes this:  ob | (this & mask) */
 void SfIp::obfuscate(SfCidr* ob)

diff --git a/src/sfip/sf_ip.h b/src/sfip/sf_ip.h
index 714abc3806ed9e7d2523d1f59e0043b9d64b6056..d7a370adc649d7da90895fc9fb17e6c861e368c0 100644 (file)
--- a/src/sfip/sf_ip.h
+++ b/src/sfip/sf_ip.h
@@ -51,6 +51,9 @@ struct SO_PUBLIC SfIp
     SfIpRet set(const char* src, uint16_t* srcBits = nullptr);
     /* Sets to a raw source IP (4 or 16 bytes, according to family) */
     SfIpRet set(const void* src, int fam);
+    /* Sets to a raw source IP, source must be a 128 bit IPv6 (detects IPv4 mapped IPv6)
+     * This is specifically for conversion of Flow_Stats_t ipv4 mapped ipv6 addresses */
+    SfIpRet set(const void* src);
     /* Converts string IP format to an array of values. Also checks IP address format. */
     SfIpRet pton(const int fam, const char* ip);
 

diff --git a/src/stream/base/stream_ha.h b/src/stream/base/stream_ha.h
index 07947f7f523e572a95c6b32e453a29c0e188b799..e995e775e46bee72d4b97d0618463e67e54f6fc3 100644 (file)
--- a/src/stream/base/stream_ha.h
+++ b/src/stream/base/stream_ha.h
@@ -39,7 +39,7 @@ class StreamHAClient : public FlowHAClient
 {
 public:
     StreamHAClient() : FlowHAClient(sizeof(SessionHAContent), true) { }
-    bool consume(snort::Flow*&, FlowKey*, HAMessage*) override;
+    bool consume(snort::Flow*&, snort::FlowKey*, HAMessage*) override;
     bool produce(snort::Flow*, HAMessage*) override;
     bool is_update_required(snort::Flow*) override;
     bool is_delete_required(snort::Flow*) override;
@@ -53,7 +53,7 @@ public:
     ProtocolHA(PktType);
     virtual ~ProtocolHA();
     virtual void delete_session(snort::Flow*) { }
-    virtual snort::Flow* create_session(FlowKey*) { return nullptr; }
+    virtual snort::Flow* create_session(snort::FlowKey*) { return nullptr; }
     virtual void deactivate_session(snort::Flow*) { }
     virtual void process_deletion(snort::Flow*);
 

diff --git a/src/stream/icmp/icmp_ha.h b/src/stream/icmp/icmp_ha.h
index 203cfd6dceae93a6762de10562a41a2deb73d477..bc2d8720f4c2deb66d9a2a1c2c32f0b8ec0dbc8c 100644 (file)
--- a/src/stream/icmp/icmp_ha.h
+++ b/src/stream/icmp/icmp_ha.h
@@ -33,7 +33,7 @@ class IcmpHA : public ProtocolHA
 {
 public:
     IcmpHA() : ProtocolHA(PktType::ICMP) { }
-    snort::Flow* create_session(FlowKey*) override;
+    snort::Flow* create_session(snort::FlowKey*) override;
 
 private:
 };

diff --git a/src/stream/ip/ip_ha.h b/src/stream/ip/ip_ha.h
index f6e7b397f525beef04f5c98b754173bc868fd0a2..fd3f8cd3d464f11c63a68bf52cb5fc8fcb143c30 100644 (file)
--- a/src/stream/ip/ip_ha.h
+++ b/src/stream/ip/ip_ha.h
@@ -33,7 +33,7 @@ class IpHA : public ProtocolHA
 {
 public:
     IpHA() : ProtocolHA(PktType::IP) { }
-    snort::Flow* create_session(FlowKey*) override;
+    snort::Flow* create_session(snort::FlowKey*) override;
 
 private:
 };

diff --git a/src/stream/tcp/tcp_ha.h b/src/stream/tcp/tcp_ha.h
index 36b9190776985c2c07f9072bda72f88af3906fa9..d27f4adf0bb6b295d93cef12c90d5204769f2541 100644 (file)
--- a/src/stream/tcp/tcp_ha.h
+++ b/src/stream/tcp/tcp_ha.h
@@ -33,7 +33,7 @@ class TcpHA : public ProtocolHA
 {
 public:
     TcpHA() : ProtocolHA(PktType::TCP) { }
-    snort::Flow* create_session(FlowKey*) override;
+    snort::Flow* create_session(snort::FlowKey*) override;
     void deactivate_session(snort::Flow*) override;
 
 private:

diff --git a/src/stream/udp/udp_ha.h b/src/stream/udp/udp_ha.h
index 819c77adfbd08d08d234bf661e85afdb82de3e7a..72bc3da2d9694cee40c0ce3b4cf9c552222693c7 100644 (file)
--- a/src/stream/udp/udp_ha.h
+++ b/src/stream/udp/udp_ha.h
@@ -33,7 +33,7 @@ class UdpHA : public ProtocolHA
 {
 public:
     UdpHA() : ProtocolHA(PktType::UDP) { }
-    snort::Flow* create_session(FlowKey*) override;
+    snort::Flow* create_session(snort::FlowKey*) override;
 
 private:
 };