enable build with Snort

diff --git a/src/detection/CMakeLists.txt b/src/detection/CMakeLists.txt
index cc3e7716075b5349c263be1b1d3f52a79fd6e979..6ff9a895367de9e5ca5f8c6b7bf9e77d76fb6944 100644 (file)
--- a/src/detection/CMakeLists.txt
+++ b/src/detection/CMakeLists.txt
@@ -3,6 +3,7 @@ set (DETECTION_INCLUDES
     detect.h
     detection_defines.h
     detection_util.h
+    ips_context.h
     rule_option_types.h
     rules.h
     signature.h
@@ -11,6 +12,8 @@ set (DETECTION_INCLUDES
 
 add_library (detection STATIC
     ${DETECTION_INCLUDES}
+    context_switcher.cc
+    context_switcher.h
     detect.cc
     detection_options.cc
     detection_options.h
@@ -23,6 +26,7 @@ add_library (detection STATIC
     fp_detect.h
     fp_utils.cc
     fp_utils.h
+    ips_context.cc
     pattern_match_data.h
     pcrm.cc
     pcrm.h

diff --git a/src/detection/Makefile.am b/src/detection/Makefile.am
index 1cb2e3c080b1e41215ad6ce1b7f0ad3087744465..5ff9478451043248261917f863b2eb06f3884eac 100644 (file)
--- a/src/detection/Makefile.am
+++ b/src/detection/Makefile.am
@@ -7,12 +7,15 @@ x_include_HEADERS = \
 detect.h \
 detection_defines.h \
 detection_util.h \
+ips_context.h \
 rule_option_types.h \
 rules.h \
 signature.h \
 treenodes.h
 
 libdetection_a_SOURCES = \
+context_switcher.cc \
+context_switcher.h \
 detect.cc \
 detection_options.cc \
 detection_options.h \
@@ -25,6 +28,7 @@ fp_detect.cc \
 fp_detect.h \
 fp_utils.cc \
 fp_utils.h \
+ips_context.cc \
 pattern_match_data.h \
 pcrm.cc \
 pcrm.h \

diff --git a/src/detection/context_switcher.cc b/src/detection/context_switcher.cc
index ee4c08a2348b9159f6c113b15f645a184345cb35..d5598d8e726059da6ee8d711f929bff8682e31f8 100644 (file)
--- a/src/detection/context_switcher.cc
+++ b/src/detection/context_switcher.cc
@@ -20,14 +20,16 @@
 
 #include "context_switcher.h"
 
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
 #include <assert.h>
 
 #include "ips_context.h"
 
-#define UNIT_TEST
-
 #ifdef UNIT_TEST
-#include "catch.hpp"
+#include "catch/catch.hpp"
 #endif
 
 //--------------------------------------------------------------------------
@@ -168,7 +170,7 @@ public:
     ContextData(int) { }
 };
 
-TEST_CASE("normal", "[ContextSwitcher]")
+TEST_CASE("ContextSwitcher normal", "[ContextSwitcher]")
 {
     const unsigned max = 3;
     auto mgr = ContextSwitcher(max);
@@ -221,7 +223,7 @@ TEST_CASE("normal", "[ContextSwitcher]")
     CHECK(!mgr.pop());
 }
 
-TEST_CASE("abort", "[ContextSwitcher]")
+TEST_CASE("ContextSwitcher abort", "[ContextSwitcher]")
 {
     const unsigned max = 3;
     auto mgr = ContextSwitcher(max);

diff --git a/src/detection/ips_context.cc b/src/detection/ips_context.cc
index 61babf5fb7155962393c8a3989ebdaec14fe8c48..000d4957b41d5ab0150320bc2b22d4729e95cbfe 100644 (file)
--- a/src/detection/ips_context.cc
+++ b/src/detection/ips_context.cc
@@ -20,15 +20,29 @@
 
 #include "ips_context.h"
 
-#include <assert.h>
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
 
-#define UNIT_TEST
+#include <assert.h>
 
 #ifdef UNIT_TEST
-#include "catch.hpp"
+#include "catch/catch.hpp"
 #endif
 
-unsigned IpsContextData::ips_id = 0;
+//--------------------------------------------------------------------------
+// context data
+//--------------------------------------------------------------------------
+
+// ips_id is not a member of context data so that
+// tests (and only tests) can reset the id
+static unsigned ips_id = 0;
+
+unsigned IpsContextData::get_ips_id()
+{ return ++ips_id; }
+
+unsigned IpsContextData::get_max_id()
+{ return ips_id; }
 
 //--------------------------------------------------------------------------
 // context methods
@@ -64,7 +78,7 @@ IpsContextData* IpsContext::get_context_data(unsigned id) const
 class ContextData : public IpsContextData
 {
 public:
-    ContextData(int i)
+    ContextData(int)
     { ++count; }
 
     ~ContextData()
@@ -75,8 +89,9 @@ public:
 
 int ContextData::count = 0;
 
-TEST_CASE("ips_ids", "[IpsContextData]")
+TEST_CASE("IpsContextData id", "[IpsContextData]")
 {
+    ips_id = 0;
     CHECK(IpsContextData::get_max_id() == 0);
 
     unsigned id1 = IpsContextData::get_ips_id();
@@ -86,8 +101,10 @@ TEST_CASE("ips_ids", "[IpsContextData]")
     CHECK(IpsContextData::get_max_id() == id2);
 }
 
-TEST_CASE("basic", "[IpsContext]")
+TEST_CASE("IpsContext basic", "[IpsContext]")
 {
+    ips_id = 0;
+
     SECTION("one context")
     {
         auto id = IpsContextData::get_ips_id();

diff --git a/src/detection/ips_context.h b/src/detection/ips_context.h
index 7bf172e04eeb6e90d48846afc22a06911fb131ef..04ccb5e41f94b5a9340b7e88ddfa9bab44e0e049 100644 (file)
--- a/src/detection/ips_context.h
+++ b/src/detection/ips_context.h
@@ -36,17 +36,11 @@ class IpsContextData
 public:
     virtual ~IpsContextData() { };
 
-    static unsigned get_ips_id()
-    { return ++ips_id; }
-
-    static unsigned get_max_id()
-    { return ips_id; }
+    static unsigned get_ips_id();
+    static unsigned get_max_id();
 
 protected:
     IpsContextData() { }
-
-private:
-    static unsigned ips_id;
 };
 
 class IpsContext

diff --git a/src/main/snort.cc b/src/main/snort.cc
index 4db936b4da3b0a2f6d536dda7633ca8137d95a9a..d3e77eac4fdf94db509b60ba60efa8a905d44121 100644 (file)
--- a/src/main/snort.cc
+++ b/src/main/snort.cc
@@ -30,10 +30,12 @@
 #include "codecs/codec_api.h"
 #include "connectors/connectors.h"
 #include "decompress/file_decomp.h"
+#include "detection/context_switcher.h"
 #include "detection/detect.h"
 #include "detection/detection_util.h"
 #include "detection/fp_config.h"
 #include "detection/fp_detect.h"
+#include "detection/ips_context.h"
 #include "detection/tag.h"
 #include "file_api/file_service.h"
 #include "filters/detection_filter.h"
@@ -102,6 +104,7 @@ static pid_t snort_main_thread_pid = 0;
 static THREAD_LOCAL DAQ_PktHdr_t s_pkth;
 static THREAD_LOCAL uint8_t s_data[65536];
 static THREAD_LOCAL Packet* s_packet = nullptr;
+static THREAD_LOCAL ContextSwitcher* s_switcher = nullptr;
 
 //-------------------------------------------------------------------------
 // perf stats
@@ -650,6 +653,15 @@ bool Snort::thread_init_privileged(const char* intf)
  */
 void Snort::thread_init_unprivileged()
 {
+    // using dummy values until further integration
+    const unsigned max_contexts = 5;
+    const unsigned max_data = 1;
+
+    s_switcher = new ContextSwitcher(max_contexts);
+
+    for ( unsigned i = 0; i < max_contexts; ++i )
+        s_switcher->push(new IpsContext(max_data));
+
     s_packet = new Packet(false);
     CodecManager::thread_init(snort_conf);
 
@@ -721,6 +733,7 @@ void Snort::thread_term()
 
     SnortEventqFree();
     Active::term();
+    delete s_switcher;
 }
 
 void Snort::detect_rebuilt_packet(Packet* p)
@@ -848,6 +861,8 @@ DAQ_Verdict Snort::packet_callback(
     if ( snort_conf->pkt_skip && pc.total_from_daq <= snort_conf->pkt_skip )
         return DAQ_VERDICT_PASS;
 
+    s_switcher->start();
+
     {
         Profile eventq_profile(eventqPerfStats);
         SnortEventqReset();
@@ -879,5 +894,7 @@ DAQ_Verdict Snort::packet_callback(
     else if ( break_time() )
         SFDAQ::break_loop(0);
 
+    s_switcher->stop();
+
     return verdict;
 }