Merge pull request #2786 in SNORT/snort3 from ~MIALTIZE/snort3:flowstats_style to...

Squashed commit of the following:

commit 29bb7fe503dc2b2a8a87a164717a124368db13df
Author: Michael Altizer <mialtize@cisco.com>
Date:   Tue Mar 9 21:46:30 2021 -0500

    snort: Update for DAQ_FlowStats_t structure and field name changes

diff --git a/daqs/daq_hext.c b/daqs/daq_hext.c
index 97899826700b81aebf155a1ab34fcc9fc8a3ff85..d88afb18ab873d21063e9f9d197a77af9ccf6aa1 100644 (file)
--- a/daqs/daq_hext.c
+++ b/daqs/daq_hext.c
@@ -53,7 +53,7 @@ typedef struct _hext_msg_desc
 {
     DAQ_Msg_t msg;
     DAQ_PktHdr_t pkthdr;
-    Flow_Stats_t flowstats;
+    DAQ_FlowStats_t flowstats;
     DAQ_UsrHdr_t pci;
     uint8_t* data;
     struct _hext_msg_desc* next;
@@ -242,22 +242,22 @@ static void IpAddr(uint32_t* addr, char const* ip)
 static bool parse_flowstats(DAQ_MsgType type, const char* line, HextMsgDesc *desc)
 {
 #define FLOWSTATS_FORMAT \
-    "%" SCNi16 " "  /* ingressGroup */  \
-    "%" SCNi16 " "  /* egressGroup */   \
-    "%" SCNi32 " "  /* ingressIntf */   \
-    "%" SCNi32 " "  /* egressIntf */    \
+    "%" SCNi16 " "  /* ingress_group */  \
+    "%" SCNi16 " "  /* egress_group */   \
+    "%" SCNi32 " "  /* ingress_intf */   \
+    "%" SCNi32 " "  /* egress_intf */    \
     "%s "           /* srcAddr */       \
-    "%" SCNu16 " "  /* initiatorPort */ \
+    "%" SCNu16 " "  /* initiator_port */ \
     "%s "           /* dstAddr */       \
-    "%" SCNu16 " "  /* responderPort */ \
+    "%" SCNu16 " "  /* responder_port */ \
     "%" SCNu32 " "  /* opaque */        \
-    "%" SCNu64 " "  /* initiatorPkts */ \
-    "%" SCNu64 " "  /* responderPkts */ \
-    "%" SCNu64 " "  /* initiatorPktsDropped */  \
-    "%" SCNu64 " "  /* responderPktsDropped */  \
-    "%" SCNu64 " "  /* initiatorBytesDropped */ \
-    "%" SCNu64 " "  /* responderBytesDropped */ \
-    "%" SCNu8  " "  /* isQoSAppliedOnSrcIntf */ \
+    "%" SCNu64 " "  /* initiator_pkts */ \
+    "%" SCNu64 " "  /* responder_pkts */ \
+    "%" SCNu64 " "  /* initiator_pkts_dropped */  \
+    "%" SCNu64 " "  /* responder_pkts_dropped */  \
+    "%" SCNu64 " "  /* initiator_bytes_dropped */ \
+    "%" SCNu64 " "  /* responder_bytes_dropped */ \
+    "%" SCNu8  " "  /* is_qos_applied_on_src_intf */ \
     "%" SCNu32 " "  /* sof_timestamp.tv_sec */  \
     "%" SCNu32 " "  /* eof_timestamp.tv_sec */  \
     "%" SCNu16 " "  /* vlan_tag */      \
@@ -265,13 +265,13 @@ static bool parse_flowstats(DAQ_MsgType type, const char* line, HextMsgDesc *des
     "%" SCNu8  " "  /* protocol */ \
     "%" SCNu8       /* flags */
 #define FLOWSTATS_ITEMS 22
-    Flow_Stats_t* f = &desc->flowstats;
+    DAQ_FlowStats_t* f = &desc->flowstats;
     char srcaddr[INET6_ADDRSTRLEN], dstaddr[INET6_ADDRSTRLEN];
     uint32_t sof_sec, eof_sec;
-    int rval = sscanf(line, FLOWSTATS_FORMAT, &f->ingressGroup, &f->egressGroup, &f->ingressIntf,
-            &f->egressIntf, srcaddr, &f->initiatorPort, dstaddr, &f->responderPort, &f->opaque,
-            &f->initiatorPkts, &f->responderPkts, &f->initiatorPktsDropped, &f->responderPktsDropped,
-            &f->initiatorBytesDropped, &f->responderBytesDropped, &f->isQoSAppliedOnSrcIntf,
+    int rval = sscanf(line, FLOWSTATS_FORMAT, &f->ingress_group, &f->egress_group, &f->ingress_intf,
+            &f->egress_intf, srcaddr, &f->initiator_port, dstaddr, &f->responder_port, &f->opaque,
+            &f->initiator_pkts, &f->responder_pkts, &f->initiator_pkts_dropped, &f->responder_pkts_dropped,
+            &f->initiator_bytes_dropped, &f->responder_bytes_dropped, &f->is_qos_applied_on_src_intf,
             &sof_sec, &eof_sec, &f->vlan_tag, &f->address_space_id,
             &f->protocol, &f->flags);
     if (rval != FLOWSTATS_ITEMS)
@@ -286,10 +286,10 @@ static bool parse_flowstats(DAQ_MsgType type, const char* line, HextMsgDesc *des
     desc->msg.data_len = 0;
     desc->msg.data = NULL;
 
-    IpAddr((uint32_t*)&f->initiatorIp, srcaddr);
-    f->initiatorPort = htons(f->initiatorPort);
-    IpAddr((uint32_t*)&f->responderIp, dstaddr);
-    f->responderPort = htons(f->responderPort);
+    IpAddr((uint32_t*)&f->initiator_ip, srcaddr);
+    f->initiator_port = htons(f->initiator_port);
+    IpAddr((uint32_t*)&f->responder_ip, dstaddr);
+    f->responder_port = htons(f->responder_port);
     f->sof_timestamp.tv_usec = 0;
     f->eof_timestamp.tv_usec = 0;
     if (f->vlan_tag == 0)

diff --git a/doc/user/daq.txt b/doc/user/daq.txt
index 1e1b8b081714a9abbef0799fa2c88b07b060b37d..8076ac5f8e001a2f9055b39771115c1222fac344 100644 (file)
--- a/doc/user/daq.txt
+++ b/doc/user/daq.txt
@@ -275,8 +275,8 @@ command or a blank line.  Data after a blank line will start another packet
 with the same tuple as the prior one.
 
 $sof and $eof commands generate Start of Flow and End of Flow metapackets
-respectively. They are followed by a definition of a Flow_Stats_t data structure
-which will be fed into Snort via the metadata callback.
+respectively. They are followed by a definition of a DAQ_FlowStats_t data
+structure which will be fed into Snort via the metadata callback.
 
 Strings may contain the following escape sequences:
 

diff --git a/src/loggers/log_hext.cc b/src/loggers/log_hext.cc
index abaa81feae1dcc5c15dceb6ed7ebc713a98d86cf..0e74fb4ad26dea2fbe6d5268d4d059a91d1985f5 100644 (file)
--- a/src/loggers/log_hext.cc
+++ b/src/loggers/log_hext.cc
@@ -67,14 +67,14 @@ void DaqMessageEventHandler::handle(DataEvent& event, Flow*)
             return;
     }
 
-    const Flow_Stats_t* fs = (const Flow_Stats_t*) dme->get_header();
+    const DAQ_FlowStats_t* fs = (const DAQ_FlowStats_t*) dme->get_header();
 
     SfIp src, dst;
     char shost[INET6_ADDRSTRLEN];
     char dhost[INET6_ADDRSTRLEN];
 
-    src.set(fs->initiatorIp);
-    dst.set(fs->responderIp);
+    src.set(fs->initiator_ip);
+    dst.set(fs->responder_ip);
 
     src.ntop(shost, sizeof(shost));
     dst.ntop(dhost, sizeof(dhost));
@@ -83,22 +83,22 @@ void DaqMessageEventHandler::handle(DataEvent& event, Flow*)
 
     TextLog_Print(hext_log,
         "\n$%s "        // type (sof or eof)
-        "%hd "          // ingressGroup
-        "%hd "          // egressGroup
-        "%d "           // ingressIntf
-        "%d "           // egressIntf
-        "%s "           // initiatorIp (stringified)
-        "%d "           // initiatorPort (host order)
-        "%s "           // responderIp (stringified)
-        "%d "           // responderPort (host order)
+        "%hd "          // ingress_group
+        "%hd "          // egress_group
+        "%d "           // ingress_intf
+        "%d "           // egress_intf
+        "%s "           // initiator_ip (stringified)
+        "%d "           // initiator_port (host order)
+        "%s "           // responder_ip (stringified)
+        "%d "           // responder_port (host order)
         "%u "           // opaque
-        "%" PRIu64 " "  // initiatorPkts
-        "%" PRIu64 " "  // responderPkts
-        "%" PRIu64 " "  // initiatorPktsDropped
-        "%" PRIu64 " "  // responderPktsDropped
-        "%" PRIu64 " "  // initiatorBytesDropped
-        "%" PRIu64 " "  // responderBytesDropped
-        "%hhu "         // isQoSAppliedOnSrcIntf
+        "%" PRIu64 " "  // initiator_pkts
+        "%" PRIu64 " "  // responder_pkts
+        "%" PRIu64 " "  // initiator_pkts_dropped
+        "%" PRIu64 " "  // responder_pkts_dropped
+        "%" PRIu64 " "  // initiator_bytes_dropped
+        "%" PRIu64 " "  // responder_bytes_dropped
+        "%hhu "         // is_qos_applied_on_src_intf
         "%ld "          // sof_timestamp.tv_sec
         "%ld "          // eof_timestamp.tv_sec
         "%hu "          // vlan_tag
@@ -106,20 +106,20 @@ void DaqMessageEventHandler::handle(DataEvent& event, Flow*)
         "%hhu"          // protocol
         "\n",
         cmd,
-        fs->ingressGroup,
-        fs->egressGroup,
-        fs->ingressIntf,
-        fs->egressIntf,
-        shost, ntohs(fs->initiatorPort),
-        dhost, ntohs(fs->responderPort),
+        fs->ingress_group,
+        fs->egress_group,
+        fs->ingress_intf,
+        fs->egress_intf,
+        shost, ntohs(fs->initiator_port),
+        dhost, ntohs(fs->responder_port),
         fs->opaque,
-        fs->initiatorPkts,
-        fs->responderPkts,
-        fs->initiatorPktsDropped,
-        fs->responderPktsDropped,
-        fs->initiatorBytesDropped,
-        fs->responderBytesDropped,
-        fs->isQoSAppliedOnSrcIntf,
+        fs->initiator_pkts,
+        fs->responder_pkts,
+        fs->initiator_pkts_dropped,
+        fs->responder_pkts_dropped,
+        fs->initiator_bytes_dropped,
+        fs->responder_bytes_dropped,
+        fs->is_qos_applied_on_src_intf,
         fs->sof_timestamp.tv_sec,
         fs->eof_timestamp.tv_sec,
         vlan_tag,

diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc
index 2aa9e40b49fe47ffa6e987cb05df4220a7cd9614..0c32d7cbeb0b8b0428605599beb166df4008aaee 100644 (file)
--- a/src/main/analyzer.cc
+++ b/src/main/analyzer.cc
@@ -165,7 +165,7 @@ void Analyzer::set_main_hook(MainHook_f f)
 
 static void process_daq_sof_eof_msg(DAQ_Msg_h msg, DAQ_Verdict& verdict)
 {
-    const Flow_Stats_t *stats = (const Flow_Stats_t *) daq_msg_get_hdr(msg);
+    const DAQ_FlowStats_t *stats = (const DAQ_FlowStats_t*) daq_msg_get_hdr(msg);
     const char* key;
 
     if (daq_msg_get_type(msg) == DAQ_MSG_TYPE_EOF)

diff --git a/src/sfip/sf_ip.h b/src/sfip/sf_ip.h
index b5cd78cc7b6e2a663942be2654975ecd106b7db1..29187526ab8ba01086896ff13b4b1f72992d3bb5 100644 (file)
--- a/src/sfip/sf_ip.h
+++ b/src/sfip/sf_ip.h
@@ -52,7 +52,7 @@ struct SO_PUBLIC SfIp
     /* Sets to a raw source IP (4 or 16 bytes, according to family) */
     SfIpRet set(const void* src, int fam);
     /* Sets to a raw source IP, source must be a 128 bit IPv6 (detects IPv4 mapped IPv6)
-     * This is specifically for conversion of Flow_Stats_t ipv4 mapped ipv6 addresses */
+     * This is specifically for conversion of DAQ_FlowStats_t ipv4 mapped ipv6 addresses */
     SfIpRet set(const void* src);
     /* Converts string IP format to an array of values. Also checks IP address format. */
     SfIpRet pton(const int fam, const char* ip);