void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { }
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+namespace snort
+{
char* snort_strdup(const char* s)
{ return strdup(s); }
+}
TEST_GROUP(file_connector_module)
{
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { }
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+namespace snort
+{
const char* get_instance_file(std::string& file, const char* name)
{ file += name; return nullptr; }
+}
FileConnectorModule::FileConnectorModule() :
Module("FC", "FC Help", nullptr)
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { }
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+namespace snort
+{
char* snort_strdup(const char* s)
{ return strdup(s); }
+}
TEST_GROUP(tcp_connector_module)
{
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { }
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+namespace snort
+{
unsigned get_instance_id()
{ return s_instance; }
void ErrorMessage(const char*, ...) { }
void LogMessage(const char*, ...) { }
+}
int connect (int, const struct sockaddr*, socklen_t) { return s_connect_return; }
ssize_t send (int, const void*, size_t n, int)
#include "catch/snort_catch.h"
#endif
+using namespace snort;
+
static const char PDF_Sig[5] = { '%', 'P', 'D', 'F', '-' };
static const char SWF_ZLIB_Sig[3] = { 'C', 'W', 'S' };
#ifdef HAVE_LZMA
return( Ret_Code );
}
+namespace snort
+{
/* The caller provides Compr_Depth, Decompr_Depth and Modes in the session object.
Based on the requested Modes, gear=up to initialize the potential decompressors. */
fd_status_t File_Decomp_Init(fd_session_t* SessionPtr)
(SessionPtr->Alert_Callback)(SessionPtr->Alert_Context, Event);
}
+} // namespace snort
+
//--------------------------------------------------------------------------
// unit tests
//--------------------------------------------------------------------------
}
/* API Functions */
-
+namespace snort
+{
/* Create a new decompression session object */
SO_PUBLIC fd_session_t* File_Decomp_New();
/* Call the error alerting call-back function */
SO_PUBLIC void File_Decomp_Alert(fd_session_t*, int Event);
+}
#endif
#include "catch/snort_catch.h"
#endif
+using namespace snort;
+
/* Define characters and tokens in PDF grammar */
#define TOK_STRM_OPEN "stream"
#define TOK_STRM_CLOSE "endstream"
#include "catch/snort_catch.h"
#endif
+using namespace snort;
+
#ifdef HAVE_LZMA
#define LZMA_HEADER_LEN (13)
#define LZMA_PRP_OFFSET (0)
{
struct Packet;
struct SnortConfig;
+struct XHash;
}
struct RuleLatencyState;
-struct XHash;
typedef int (* eval_func_t)(void* option_data, class Cursor&, snort::Packet*);
int detection_option_node_evaluate(
detection_option_tree_node_t*, detection_option_eval_data_t*, class Cursor&);
-void DetectionHashTableFree(XHash*);
-void DetectionTreeHashTableFree(XHash*);
+void DetectionHashTableFree(snort::XHash*);
+void DetectionTreeHashTableFree(snort::XHash*);
void print_option_tree(detection_option_tree_node_t*, int level);
-void detection_option_tree_update_otn_stats(XHash*);
+void detection_option_tree_update_otn_stats(snort::XHash*);
detection_option_tree_root_t* new_root(OptTreeNode*);
void free_detection_option_root(void** existing_tree);
/* Process src PORT groups */
if ( src )
{
- for ( GHashNode* node=ghash_findfirst(src->pt_mpxo_hash);
+ for ( GHashNode* node = ghash_findfirst(src->pt_mpxo_hash);
node;
node=ghash_findnext(src->pt_mpxo_hash) )
{
namespace snort
{
struct SnortConfig;
+struct GHash;
}
struct PortGroup;
-struct GHash;
// Service Rule Map Master Table
struct srmm_table_t
{
- GHash* to_srv[SNORT_PROTO_MAX];
- GHash* to_cli[SNORT_PROTO_MAX];
+ snort::GHash* to_srv[SNORT_PROTO_MAX];
+ snort::GHash* to_cli[SNORT_PROTO_MAX];
};
srmm_table_t* ServiceMapNew();
namespace snort
{
+struct GHash;
struct SnortConfig;
}
struct OptTreeNode;
-struct GHash;
/* this contains a list of the URLs for various reference systems */
struct ReferenceSystemNode
Target target;
};
-GHash* OtnLookupNew();
-void OtnLookupAdd(GHash*, OptTreeNode*);
-OptTreeNode* OtnLookup(GHash*, uint32_t gid, uint32_t sid);
-void OtnLookupFree(GHash*);
-void OtnRemove(GHash*, OptTreeNode*);
+snort::GHash* OtnLookupNew();
+void OtnLookupAdd(snort::GHash*, OptTreeNode*);
+OptTreeNode* OtnLookup(snort::GHash*, uint32_t gid, uint32_t sid);
+void OtnLookupFree(snort::GHash*);
+void OtnRemove(snort::GHash*, OptTreeNode*);
void OtnDeleteData(void* data);
void OtnFree(void* data);
return nullptr;
}
+namespace snort
+{
bool otn_has_plugin(OptTreeNode* otn, const char* name)
{
OptFpList* fpl = otn->opt_func;
}
return false;
}
-
+}
void* get_rule_type_data(OptTreeNode*, const char* name);
+namespace snort
+{
SO_PUBLIC bool otn_has_plugin(OptTreeNode* otn, const char* name);
+}
inline bool otn_has_plugin(OptTreeNode* otn, int id)
{ return (otn->plugins & (0x1 << id)) != 0; }
* after that anyway because the file that
* caused this will be gone.
*/
- time_t now = packet_time();
+ time_t now = snort::packet_time();
new_node.expires = now + timeout;
new_node.file = new FileContext;
#include "file_config.h"
+namespace snort
+{
struct XHash;
struct XHashNode;
+}
class FileCache
{
int store_verdict(snort::Flow*, snort::FileInfo*, int64_t timeout);
/* The hash table of expected files */
- XHash* fileHash = nullptr;
+ snort::XHash* fileHash = nullptr;
int64_t block_timeout = DEFAULT_FILE_BLOCK_TIMEOUT;
int64_t lookup_timeout = DEFAULT_FILE_LOOKUP_TIMEOUT;
int64_t max_files = DEFAULT_MAX_FILES_CACHED;
#include "catch/snort_catch.h"
#endif
+using namespace snort;
+
struct MergeNode
{
IdentifierNode* shared_node; /*the node that is shared*/
void FileIdentifier::init_merge_hash()
{
- identifier_merge_hash = ghash_new(1000, sizeof(MergeNode), 0, nullptr);
+ identifier_merge_hash = snort::ghash_new(1000, sizeof(MergeNode), 0, nullptr);
assert(identifier_merge_hash);
}
/*properties*/
IdentifierNode* identifier_root = nullptr; /*Root of magic tries*/
uint32_t memory_used = 0; /*Track memory usage*/
- GHash* identifier_merge_hash = nullptr;
+ snort::GHash* identifier_merge_hash = nullptr;
FileMagicRule file_magic_rules[FILE_ID_MAX + 1];
IDMemoryBlocks id_memory_blocks;
};
#include "log/messages.h"
#include "utils/util.h"
+using namespace snort;
+
/*This magic is used for double free detection*/
#define FREE_MAGIC 0x2525252525252525
#include "file_capture.h"
+using namespace snort;
+
THREAD_LOCAL FileCounts file_counts;
THREAD_LOCAL FileStats* file_stats = nullptr;
#include "sfthd.h"
+using namespace snort;
+
static THREAD_LOCAL XHash* detection_filter_hash = nullptr;
DetectionFilterConfig* DetectionFilterConfigNew()
if ( !detection_filter_hash )
return;
- xhash_delete(detection_filter_hash);
+ snort::xhash_delete(detection_filter_hash);
detection_filter_hash = nullptr;
}
#include "sfrf.h"
+using namespace snort;
+
//static int _printThresholdContext(RateFilterConfig*);
RateFilterConfig* RateFilter_ConfigNew()
#include "utils/sflsq.h"
#include "utils/util.h"
+using namespace snort;
+
// Number of hash rows for gid 1 (rules)
#define SFRF_GEN_ID_1_ROWS 4096
// Number of hash rows for non-zero gid
/* Array of hash, indexed by gid. Each array element is a hash, which
* is keyed on sid/policyId and data is a tSFRFSidNode node.
*/
- struct GHash* genHash [SFRF_MAX_GENID];
+ struct snort::GHash* genHash [SFRF_MAX_GENID];
// Number of DOS thresholds added.
int count;
#include "utils/sflsq.h"
#include "utils/util.h"
+using namespace snort;
+
// Debug Printing
//#define THD_DEBUG
namespace snort
{
-struct SnortConfig;
-}
struct GHash;
struct XHash;
+struct SnortConfig;
+}
+
typedef struct sf_list SF_LIST;
/*!
*/
struct THD_STRUCT
{
- XHash* ip_nodes; /* Global hash of active IP's key=THD_IP_NODE_KEY, data=THD_IP_NODE */
- XHash* ip_gnodes; /* Global hash of active IP's key=THD_IP_GNODE_KEY, data=THD_IP_GNODE */
+ snort::XHash* ip_nodes; /* Global hash of active IP's key=THD_IP_NODE_KEY, data=THD_IP_NODE */
+ snort::XHash* ip_gnodes; /* Global hash of active IP's key=THD_IP_GNODE_KEY, data=THD_IP_GNODE */
};
struct ThresholdObjects
{
int count; /* Total number of thresholding/suppression objects */
- GHash* sfthd_array[THD_MAX_GENID]; /* Local Hash of THD_ITEM nodes, lookup by key=sig_id
+ snort::GHash* sfthd_array[THD_MAX_GENID]; /* Local Hash of THD_ITEM nodes, lookup by key=sig_id
*/
/* Double array of THD_NODE pointers. First index is policyId and therefore variable length.
// lbytes = local threshold memcap
// gbytes = global threshold memcap (0 to disable global)
THD_STRUCT* sfthd_new(unsigned lbytes, unsigned gbytes);
-XHash* sfthd_local_new(unsigned bytes);
-XHash* sfthd_global_new(unsigned bytes);
+snort::XHash* sfthd_local_new(unsigned bytes);
+snort::XHash* sfthd_global_new(unsigned bytes);
void sfthd_free(THD_STRUCT*);
ThresholdObjects* sfthd_objs_new();
void sfthd_objs_free(ThresholdObjects*);
-int sfthd_test_rule(XHash* rule_hash, THD_NODE* sfthd_node,
+int sfthd_test_rule(snort::XHash* rule_hash, THD_NODE* sfthd_node,
const snort::SfIp* sip, const snort::SfIp* dip, long curtime);
THD_NODE* sfthd_create_rule_threshold(
int sfthd_test_threshold(ThresholdObjects*, THD_STRUCT*, unsigned gen_id, unsigned sig_id,
const snort::SfIp* sip, const snort::SfIp* dip, long curtime);
-XHash* sfthd_new_hash(unsigned, size_t, size_t);
+snort::XHash* sfthd_new_hash(unsigned, size_t, size_t);
-int sfthd_test_local(XHash* local_hash, THD_NODE* sfthd_node, const snort::SfIp* sip,
+int sfthd_test_local(snort::XHash* local_hash, THD_NODE* sfthd_node, const snort::SfIp* sip,
const snort::SfIp* dip, time_t curtime);
#ifdef THD_DEBUG
#include "sfthd.h"
+using namespace snort;
+
//---------------------------------------------------------------
#define IP_ANY nullptr // used to get "unset"
{ return (PegCount*)&ha_stats; }
const PegInfo* get_pegs() const override
- { return simple_pegs; }
+ { return snort::simple_pegs; }
snort::ProfileStats* get_profile() const override;
using namespace snort;
-void LogMessage(const char*,...) { }
-
THREAD_LOCAL SimpleStats ha_stats;
THREAD_LOCAL ProfileStats ha_perf_stats;
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { }
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+namespace snort
+{
+void LogMessage(const char*,...) { }
void ParseWarning(WarningGroup, const char*, ...) { }
-
char* snort_strdup(const char* str) { return strdup(str); }
+}
static bool s_port_1_set = false;
static bool s_use_daq = false;
s_delete_session_called = true;
}
+namespace snort
+{
void ErrorMessage(const char*,...) { }
void LogMessage(const char*,...) { }
+}
void packet_gettimeofday(struct timeval* tv)
{ *tv = s_packet_time; }
const char* help;
};
+
+namespace snort
+{
SO_PUBLIC extern const struct PegInfo simple_pegs[];
+} // namespace snort
#define array_size(a) (sizeof(a)/sizeof((a)[0]))
#include "main/snort_types.h"
+namespace snort
+{
class SO_PUBLIC Endianness
{
public:
virtual ~Endianness() = default;
virtual bool get_offset_endianness(int32_t offset, uint8_t& endian) = 0;
};
-
+}
#endif
return end(fqn, idx, c);
}
-const PegInfo simple_pegs[] =
-{
- { CountType::SUM, "packets", "total packets" },
- { CountType::END, nullptr, nullptr }
-};
-
void Module::enable_trace()
{
if ( trace )
*trace = 1;
}
+namespace snort
+{
+const PegInfo simple_pegs[] =
+{
+ { CountType::SUM, "packets", "total packets" },
+ { CountType::END, nullptr, nullptr }
+};
+}
#include "catch/snort_catch.h"
#endif
+using namespace snort;
using namespace std;
//--------------------------------------------------------------------------
// <=> for dsize style and >< for icode style so rule options
// can coerce <> if needed for backwards compatibility
+namespace snort
+{
class SO_PUBLIC RangeCheck
{
public:
bool eval(long) const;
bool validate(const char* s, const char* r);
};
-
+}
#endif
#include "hashfcn.h"
#include "primetable.h"
+namespace snort
+{
/*
*
* Create a new hash table
return hashfcn_set_keyops(h->hashfcn, hash_fcn, keycmp_fcn);
}
+}
struct HashFnc;
+namespace snort
+{
+
#define GHASH_NOMEM (-2)
#define GHASH_ERR (-1)
#define GHASH_OK 0
SO_PUBLIC int ghash_set_keyops(GHash*,
unsigned (* hash_fcn)(HashFnc* p, const unsigned char* d, int n),
int (* keycmp_fcn)(const void* s1, const void* s2, size_t n));
-
+}
#endif
#include <openssl/md5.h>
#include <openssl/sha.h>
+namespace snort
+{
void sha256(const unsigned char* data, size_t size, unsigned char* digest)
{
SHA256_CTX c;
MD5_Final(digest, &c);
}
+}
#include "main/snort_types.h"
+namespace snort
+{
#define MD5_HASH_SIZE 16
#define SHA256_HASH_SIZE 32
#define SHA512_HASH_SIZE 64
SO_PUBLIC void md5(const unsigned char* data, size_t size, unsigned char* digest);
SO_PUBLIC void sha256(const unsigned char* data, size_t size, unsigned char* digest);
SO_PUBLIC void sha512(const unsigned char* data, size_t size, unsigned char* digest);
-
+}
#endif
return -1;
}
+namespace snort
+{
void mix_str(
uint32_t& a, uint32_t& b, uint32_t& c,
const char* s, unsigned n)
finalize(a,b,c);
return c;
}
-
+} //namespace snort
(c) ^= (b); (c) -= rot(b,24); \
}
+namespace snort
+{
SO_PUBLIC void mix_str(
uint32_t& a, uint32_t& b, uint32_t& c,
// n == 0 => strlen(s)
const char* s, unsigned n = 0);
SO_PUBLIC size_t str_to_hash(const uint8_t *str, int length);
+}
struct HashFnc
{
#include "utils/util.h"
#include "hashfcn.h"
+using namespace snort;
+
/*
* Implements XHash as specialized hash container
*/
return nrows;
}
+namespace snort
+{
/*
* Create a new hash table
*
assert(h and hash_fcn and keycmp_fcn);
hashfcn_set_keyops(h->hashfcn, hash_fcn, keycmp_fcn);
}
+} // namespace snort
/*
* -----------------------------------------------------------------------------------------
struct HashFnc;
+namespace snort
+{
#define XHASH_NOMEM (-2)
#define XHASH_ERR (-1)
#define XHASH_OK 0
SO_PUBLIC XHashNode* xhash_gfindfirst(XHash* t);
SO_PUBLIC XHashNode* xhash_gfindnext(XHash* t);
-
+} // namespace snort
#endif
#include "catch/snort_catch.h"
#endif
+using namespace snort;
+
static inline char b64(uint8_t idx)
{
static const char* encoding =
#include <cstdint>
#include "main/snort_types.h"
+namespace snort
+{
class SO_PUBLIC Base64Encoder
{
public:
Steps step;
uint8_t state;
};
-
+}
#endif
if ( luaL_loadbuffer(L, chunk.c_str(), chunk.size(), name) )
{
- ParseError("%s luajit failed to load chunk %s", name, lua_tostring(L, -1));
+ snort::ParseError("%s luajit failed to load chunk %s", name, lua_tostring(L, -1));
return false;
}
// now exec the chunk to define functions etc in L
if ( lua_pcall(L, 0, 0, 0) )
{
- ParseError("%s luajit failed to init chunk %s", name, lua_tostring(L, -1));
+ snort::ParseError("%s luajit failed to init chunk %s", name, lua_tostring(L, -1));
return false;
}
// load the args table
if ( luaL_dostring(L, args.c_str()) )
{
- ParseError("%s luajit failed to init args %s", name, lua_tostring(L, -1));
+ snort::ParseError("%s luajit failed to init args %s", name, lua_tostring(L, -1));
return false;
}
return true;
if ( lua_pcall(L, 0, 1, 0) || lua_type(L, -1) == LUA_TSTRING )
- ParseError("%s %s", name, lua_tostring(L, -1));
+ snort::ParseError("%s %s", name, lua_tostring(L, -1));
else if ( !lua_toboolean(L, -1) )
- ParseError("%s init() returned false", name);
+ snort::ParseError("%s init() returned false", name);
else
return true;
#include "markup.h"
#include "ring.h"
+using namespace snort;
using namespace std;
#ifndef SIGNAL_SNORT_RELOAD
using namespace snort;
+namespace snort
+{
// Fakes to avoid bringing in a ton of dependencies.
SnortProtocolId ProtocolReference::add(char const*) { return 0; }
SnortProtocolId ProtocolReference::find(char const*) { return 0; }
SnortConfig* SnortConfig::get_conf() { return nullptr; }
+char* snort_strdup(const char* s)
+{ return strdup(s); }
+}
void show_stats(PegCount*, const PegInfo*, unsigned, const char*)
{ }
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*)
{ }
-char* snort_strdup(const char* s)
-{ return strdup(s); }
-
#define FRAG_POLICY 33
#define STREAM_POLICY 100
using namespace snort;
+namespace snort
+{
SnortConfig s_conf;
THREAD_LOCAL SnortConfig* snort_conf = &s_conf;
-
SnortConfig::SnortConfig(const SnortConfig* const) { }
-
SnortConfig::~SnortConfig() = default;
-
SnortConfig* SnortConfig::get_conf()
{ return snort_conf; }
SnortProtocolId ProtocolReference::find(char const*) { return 0; }
-
SnortProtocolId ProtocolReference::add(const char* protocol)
{
if (!strcmp("servicename", protocol))
{
return strdup(str);
}
+}
TEST_GROUP(host_cache)
{
using namespace snort;
+namespace snort
+{
SnortConfig* SnortConfig::get_conf() { return nullptr; }
-
SnortProtocolId ProtocolReference::find(char const*) { return 0; }
-
SnortProtocolId ProtocolReference::add(const char* protocol)
{
if (!strcmp("servicename", protocol))
return 1;
}
-// Fake show_stats to avoid bringing in a ton of dependencies.
-void show_stats(PegCount*, const PegInfo*, unsigned, const char*)
-{ }
-
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*)
-{ }
-
char* snort_strdup(const char* s)
{ return strdup(s); }
+}
+
+// Fake show_stats to avoid bringing in a ton of dependencies.
+void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
+void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
#define FRAG_POLICY 33
#define STREAM_POLICY 100
using namespace snort;
+namespace snort
+{
// Fake snort_strdup() because sfutil dependencies suck
char* snort_strdup(const char* str)
-{
- return strdup(str);
+{ return strdup(str); }
}
TEST_GROUP(host_tracker)
{
case REL_OFFSET:
if (!rel_ptr)
- {
return 0;
- }
/*
** Check that it is in bounds first.
** Bound checked also after offset is applied
*/
if (!inBounds(start, end + 1, rel_ptr))
- {
return 0;
- }
offset = rel_ptr+ctxt->offset;
if (!inBounds(start, end, offset))
- {
return 0;
- }
break;
offset = start+ctxt->offset;
if (!inBounds(start, end, offset))
- {
return 0;
- }
break;
}
iRet = asn1_decode(offset, size, &asn1);
if (iRet && !asn1)
- {
return 0;
- }
/*
** Let's do detection now.
#include "catch/snort_catch.h"
#endif
+using namespace snort;
using namespace std;
/* Storage for extracted variables */
static THREAD_LOCAL uint32_t extracted_values[NUM_IPS_OPTIONS_VARS];
static THREAD_LOCAL uint8_t extracted_values_cnt = 0;
+namespace snort
+{
/* Given a variable name, retrieve its index.*/
int8_t GetVarByName(const char* name)
{
return num_bytes;
}
+} // namespace snort
+
#ifdef UNIT_TEST
TEST_CASE("ips options bitmask utils")
{
#define IPS_OPTIONS_NO_VAR (-1)
#define INVALID_VAR_ERR_STR "%s uses an undefined rule option variable (%s)"
+namespace snort
+{
SO_PUBLIC int string_extract(
int bytes_to_grab, int base, const uint8_t* ptr,
const uint8_t* start, const uint8_t* end, uint32_t* value);
// Used during eval
SO_PUBLIC int GetVarValueByIndex(uint32_t* dst, uint8_t var_number);
SO_PUBLIC int SetVarValueByIndex(uint32_t value, uint8_t var_number);
-
+}
#endif
void ContentData::setup_bm()
{
- skip_stride = make_skip(pmd.pattern_buf, pmd.pattern_size);
+ skip_stride = snort::make_skip(pmd.pattern_buf, pmd.pattern_size);
shift_stride = make_shift(pmd.pattern_buf, pmd.pattern_size);
}
// stubs, spies, etc.
//-------------------------------------------------------------------------
-extern const BaseApi* ips_regex;
-
-void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
+namespace snort
+{
void mix_str(uint32_t& a, uint32_t&, uint32_t&, const char* s, unsigned)
{ a += strlen(s); }
-namespace snort
-{
SnortConfig s_conf;
THREAD_LOCAL SnortConfig* snort_conf = &s_conf;
Packet::Packet(bool) { }
Packet::~Packet() = default;
-}
-
-Cursor::Cursor(Packet* p)
-{ set("pkt_data", p->data, p->dsize); }
static unsigned s_parse_errors = 0;
unsigned get_instance_id()
{ return 0; }
+char* snort_strdup(const char* s)
+{ return strdup(s); }
+
MemoryContext::MemoryContext(MemoryTracker&) { }
MemoryContext::~MemoryContext() = default;
+}
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+extern const BaseApi* ips_regex;
-char* snort_strdup(const char* s)
-{ return strdup(s); }
+Cursor::Cursor(Packet* p)
+{ set("pkt_data", p->data, p->dsize); }
+
+void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
+void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
//-------------------------------------------------------------------------
// helpers
void setup() override
{
- // FIXIT-L cpputest hangs or crashes in the leak detector
- MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
opt = get_option(" foo ");
scratch_setup(snort_conf);
}
api->dtor(opt);
scratch_cleanup(snort_conf);
api->pterm(snort_conf);
- MemoryLeakWarningPlugin::turnOnNewDeleteOverloads();
}
};
void setup() override
{
- // FIXIT-L cpputest hangs or crashes in the leak detector
- MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
opt = get_option("\\bfoo", true);
scratch_setup(snort_conf);
}
IpsApi* api = (IpsApi*)ips_regex;
api->dtor(opt);
scratch_cleanup(snort_conf);
- MemoryLeakWarningPlugin::turnOnNewDeleteOverloads();
}
};
int main(int argc, char** argv)
{
+ // FIXIT-L cpputest hangs or crashes in the leak detector
+ MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
return CommandLineTestRunner::RunAllTests(argc, argv);
}
get_parse_location(file_name, file_line);
if ( file_line )
- LogMessage(file, "%s: %s:%d %s\n", type, file_name, file_line, msg);
+ snort::LogMessage(file, "%s: %s:%d %s\n", type, file_name, file_line, msg);
else
- LogMessage(file, "%s: %s\n", type, msg);
+ snort::LogMessage(file, "%s: %s\n", type, msg);
}
+namespace snort
+{
void ParseMessage(const char* format, ...)
{
char buf[STD_BUF+1];
assert(false);
}
+} //namespace snort
unsigned get_parse_errors();
unsigned get_parse_warnings();
+namespace snort
+{
SO_PUBLIC void ParseMessage(const char*, ...) __attribute__((format (printf, 1, 2)));
SO_PUBLIC void ParseWarning(WarningGroup, const char*, ...) __attribute__((format (printf, 2, 3)));
SO_PUBLIC void ParseError(const char*, ...) __attribute__((format (printf, 1, 2)));
unsigned max;
unsigned idx;
};
+}
#endif
#include "obfuscator.h"
+using namespace snort;
+
bool Obfuscator::first(ObfuscatorBlock &b)
{
if ( blocks.empty() )
#include "main/snort_types.h"
+namespace snort
+{
struct ObfuscatorBlock
{
// Only used by `class Obfuscator`
iterator it;
static const char mask_char = 'X';
};
+}
#endif
#include <CppUTest/CommandLineTestRunner.h>
#include <CppUTest/TestHarness.h>
+using namespace snort;
+
TEST_GROUP(ObfuscatorTests)
{ };
#include "log.h"
+using namespace snort;
+
/* a reasonable minimum */
#define MIN_BUF (4* K_BYTES)
#define STDLOG_FILENO 3
return txt->pos;
}
+namespace snort
+{
int TextLog_Avail(TextLog* const txt)
{
return txt->maxBuf - txt->pos - 1;
return true;
}
-
+} // namespace snort
// or some such to get stdout or syslog
struct TextLog;
+namespace snort
+{
SO_PUBLIC TextLog* TextLog_Init(
const char* name, unsigned int maxBuf = 0, size_t maxFile = 0);
SO_PUBLIC void TextLog_Term(TextLog*);
SO_PUBLIC int TextLog_Tell(TextLog* const);
SO_PUBLIC int TextLog_Avail(TextLog* const);
SO_PUBLIC void TextLog_Reset(TextLog* const);
+} // namespace snort
/*-------------------------------------------------------------------
* helper functions
*/
inline bool TextLog_NewLine(TextLog* const txt)
{
- return TextLog_Putc(txt, '\n');
+ return snort::TextLog_Putc(txt, '\n');
}
inline bool TextLog_Puts(TextLog* const txt, const char* str)
{
- return TextLog_Write(txt, str, strlen(str));
+ return snort::TextLog_Write(txt, str, strlen(str));
}
#endif
state = luaL_newstate();
if ( !state )
- FatalError("Lua state instantiation failed\n");
+ snort::FatalError("Lua state instantiation failed\n");
if ( openlibs )
luaL_openlibs(state);
{
delete ps;
Swapper::set_reload_in_progress(false);
- LogMessage("== reload complete\n");
+ snort::LogMessage("== reload complete\n");
}
void ACDAQSwap::execute(Analyzer& analyzer)
ACDAQSwap::~ACDAQSwap()
{
- LogMessage("== daq module reload complete\n");
+ snort::LogMessage("== daq module reload complete\n");
}
#include "request.h"
#include "snort_config.h"
+using namespace snort;
using namespace std;
static int listener = -1;
int ControlMgmt::setup_socket_family()
{
int family = AF_UNSPEC;
- if ( snort::SnortConfig::get_conf()->remote_control_port )
+ if ( SnortConfig::get_conf()->remote_control_port )
{
memset(&in_addr, 0, sizeof(in_addr));
in_addr.sin_family = AF_INET;
in_addr.sin_addr.s_addr = htonl(0x7F000001);
- in_addr.sin_port = htons(snort::SnortConfig::get_conf()->remote_control_port);
+ in_addr.sin_port = htons(SnortConfig::get_conf()->remote_control_port);
sock_addr = (struct sockaddr*)&in_addr;
sock_addr_size = sizeof(in_addr);
family = AF_INET;
}
- else if ( !snort::SnortConfig::get_conf()->remote_control_socket.empty() )
+ else if ( !SnortConfig::get_conf()->remote_control_socket.empty() )
{
std::string fullpath;
- const char* path_sep = strrchr(snort::SnortConfig::get_conf()->remote_control_socket.c_str(), '/');
+ const char* path_sep = strrchr(SnortConfig::get_conf()->remote_control_socket.c_str(), '/');
if (path_sep != nullptr)
- fullpath = snort::SnortConfig::get_conf()->remote_control_socket;
+ fullpath = SnortConfig::get_conf()->remote_control_socket;
else
- get_instance_file(fullpath, snort::SnortConfig::get_conf()->remote_control_socket.c_str());
+ get_instance_file(fullpath, SnortConfig::get_conf()->remote_control_socket.c_str());
memset(&unix_addr, 0, sizeof(unix_addr));
unix_addr.sun_family = AF_UNIX;
#define search_engine_help \
"configure fast pattern matcher"
+namespace snort
+{
THREAD_LOCAL PatMatQStat pmqs;
+}
const PegInfo mpse_pegs[] =
{
#include "framework/data_bus.h"
+namespace snort
+{
+struct GHash;
+}
+
struct PortTable;
struct vartable_t;
struct sfip_var_t;
typedef unsigned int PolicyId;
-typedef struct GHash PortVarTable;
+typedef struct snort::GHash PortVarTable;
enum PolicyMode
{
{
if ( fd < 1 )
{
- LogMessage("%s", s);
+ snort::LogMessage("%s", s);
return;
}
struct ClassType;
struct srmm_table_t;
struct sopg_table_t;
-struct GHash;
-struct XHash;
+
struct MemoryConfig;
struct LatencyConfig;
struct PORT_RULE_MAP;
struct SFDAQConfig;
class ThreadConfig;
struct ReferenceSystemNode;
-class ProtocolReference;
struct VarNode;
struct _IntelPmHandles;
namespace snort
{
struct ProfilerConfig;
+class ProtocolReference;
+struct GHash;
+struct XHash;
struct SnortConfig;
typedef void (* ScScratchFunc)(SnortConfig* sc);
#include "snort_config.h"
+using namespace snort;
+
bool trace_enabled(Trace mask, Trace flags)
{ return mask & flags; }
void set_instance_id(unsigned id)
{ instance_id = id; }
-unsigned get_instance_id()
-{ return instance_id; }
-
void set_thread_type(SThreadType type)
{ thread_type = type; }
-SThreadType get_thread_type()
-{ return thread_type; }
-
//-------------------------------------------------------------------------
// union rules - breaks are mandatory and must be taken in daq thread
//-------------------------------------------------------------------------
return true;
}
+namespace snort
+{
+unsigned get_instance_id()
+{ return instance_id; }
+
+SThreadType get_thread_type()
+{ return thread_type; }
+
+
//-------------------------------------------------------------------------
// format is:
// <logdir>/[<run_prefix>][<id#>][<X>]<name>
return file.c_str();
}
+}
void set_run_num(uint16_t);
uint16_t get_run_num();
+namespace snort
+{
SO_PUBLIC unsigned get_instance_id();
SO_PUBLIC SThreadType get_thread_type();
SO_PUBLIC inline bool is_packet_thread()
// get a packet thread specific path. name should be the module name or
// derived therefrom.
SO_PUBLIC const char* get_instance_file(std::string&, const char* name);
+}
void take_break();
bool break_time();
thread_affinity[key] = cpuset;
}
else
- ParseWarning(WARN_CONF, "This platform does not support setting thread affinity.\n");
+ snort::ParseWarning(WARN_CONF, "This platform does not support setting thread affinity.\n");
}
void ThreadConfig::implement_thread_affinity(SThreadType type, unsigned id)
current_cpuset = hwloc_bitmap_alloc();
hwloc_get_cpubind(topology, current_cpuset, HWLOC_CPUBIND_THREAD);
if (!hwloc_bitmap_isequal(current_cpuset, desired_cpuset))
- LogMessage("Binding thread %u (type %u) to %s.\n", id, type, s);
+ snort::LogMessage("Binding thread %u (type %u) to %s.\n", id, type, s);
hwloc_bitmap_free(current_cpuset);
if (hwloc_set_cpubind(topology, desired_cpuset, HWLOC_CPUBIND_THREAD))
{
- FatalError("Failed to pin thread %u (type %u) to %s: %s (%d)\n",
- id, type, s, get_error(errno), errno);
+ snort::FatalError("Failed to pin thread %u (type %u) to %s: %s (%d)\n",
+ id, type, s, snort::get_error(errno), errno);
}
free(s);
void SoManager::dump_plugins()
{
- Dumper d("SO Rules");
+ snort::Dumper d("SO Rules");
for ( auto* p : s_rules )
d.dump(p->base.name, p->base.version);
#include "catch/snort_catch.h"
#endif
+using namespace snort;
+
namespace memory
{
uint32_t encode_avail = buffer->get_encode_avail() - buffer->get_prev_encoded_bytes();
- if (sf_strip_CRLF(start, (end-start), buffer->get_encode_buff() + buffer->get_prev_encoded_bytes(),
+ if (snort::sf_strip_CRLF(start, (end-start), buffer->get_encode_buff() + buffer->get_prev_encoded_bytes(),
encode_avail, &act_encode_size) != 0)
{
reset_decode_state();
else
buffer->reset_saved();
- if (sf_base64decode(buffer->get_encode_buff(), act_encode_size,
+ if (snort::sf_base64decode(buffer->get_encode_buff(), act_encode_size,
buffer->get_decode_buff(), buffer->get_decode_avail(), &act_decode_size) != 0)
{
reset_decode_state();
100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100
};
+namespace snort
+{
/* base64decode assumes the input data terminates with '=' and/or at the end of the input buffer
* at inbuf_size. If extra characters exist within inbuf before inbuf_size is reached, it will
* happily decode what it can and skip over what it can't. This is consistent with other decoders
else
return(0);
}
+} // namespace snort
class DecodeBuffer* buffer = nullptr;
};
+namespace snort
+{
// FIXIT-L inbuf should probably be const uint8_t*
SO_PUBLIC int sf_base64decode(
uint8_t* inbuf, uint32_t inbuf_size,
uint8_t* outbuf, uint32_t outbuf_size,
uint32_t* bytes_written
);
-
+}
#endif
uint32_t encode_avail = buffer->get_encode_avail() - buffer->get_prev_encoded_bytes();
- if (sf_strip_LWS(start, (end-start), buffer->get_encode_buff() + buffer->get_prev_encoded_bytes(),
+ if (snort::sf_strip_LWS(start, (end-start), buffer->get_encode_buff() + buffer->get_prev_encoded_bytes(),
encode_avail, &act_encode_size) != 0)
{
reset_decode_state();
}
else
{
- const uint8_t* sod = (const uint8_t*)SnortStrnStr((const char*)src, 5, "begin");
+ const uint8_t* sod = (const uint8_t*)snort::SnortStrnStr((const char*)src, 5, "begin");
if (sod)
{
*begin_found = true;
/*begin str found. Move to the actual data*/
- ptr = (const uint8_t*)SnortStrnStr((const char*)(sod), (end - sod), "\n");
+ ptr = (const uint8_t*)snort::SnortStrnStr((const char*)(sod), (end - sod), "\n");
if ( !ptr )
{
*bytes_read = slen;
#include "log/messages.h"
#include "file_api/file_service.h"
+using namespace snort;
+
void DecodeConfig::set_ignore_data(bool ignored)
{
ignore_data = ignored;
#define MAX_DEPTH 65535
#define MIN_DEPTH (-1)
+namespace snort
+{
class SO_PUBLIC DecodeConfig
{
public:
int64_t file_depth = MIN_DEPTH;
bool decode_enabled = true;
};
-
+}
#endif
#include "decode_qp.h"
#include "decode_uu.h"
+using namespace snort;
+
void MimeDecode::reset_decoded_bytes()
{
if (decoder)
return decode_type;
}
-MimeDecode::MimeDecode(DecodeConfig* conf)
+MimeDecode::MimeDecode(snort::DecodeConfig* conf)
{
config = conf;
}
class MimeDecode
{
public:
- MimeDecode(DecodeConfig* conf);
+ MimeDecode(snort::DecodeConfig* conf);
~MimeDecode();
// get the decode type from buffer
private:
DecodeType decode_type = DECODE_NONE;
- DecodeConfig* config;
+ snort::DecodeConfig* config;
DataDecode* decoder = nullptr;
};
#include "main/snort_debug.h"
+using namespace snort;
+
static const char* boundary_str = "boundary=";
/* Save the boundary string into paf state*/
return false;
}
+namespace snort
+{
void reset_mime_paf_state(MimeDataPafInfo* data_info)
{
data_info->boundary_search = nullptr;
*((DataEndState*)data_end_state) = state;
return false;
}
-
+} // namespace snort
return false;
}
+namespace snort
+{
SO_PUBLIC void reset_mime_paf_state(MimeDataPafInfo*);
/* Process data boundary and flush each file based on boundary*/
SO_PUBLIC bool process_mime_paf_data(MimeDataPafInfo*, uint8_t val);
SO_PUBLIC bool check_data_end(void* end_state, uint8_t val);
+}
#endif
AFActVal* test_active_value;
if ((test_active_value = (AFActVal*)xhash_find(AF_actives, &master_key)))
{
- test_active_value->last = packet_time();
+ test_active_value->last = snort::packet_time();
test_active_value->target = ind_element->target;
return;
}
#include "target_based/snort_protocols.h"
#include "utils/util_cstring.h"
+using namespace snort;
+
static AppInfoTable app_info_table;
static AppInfoTable app_info_service_table;
static AppInfoTable app_info_client_table;
#include "tp_lib_handler.h"
#endif
+using namespace snort;
+
#define ODP_PORT_DETECTORS "odp/port/*"
#define CUSTOM_PORT_DETECTORS "custom/port/*"
#define MAX_DISPLAY_SIZE 65536
#include "tp_lib_handler.h"
#endif
+using namespace snort;
+
static const char* httpFieldName[ MAX_HTTP_FIELD_ID ] = // for use in debug messages
{
"useragent",
if (!print && unknown_pegs->all_zeros())
return;
- LogLabel("Appid dynamic stats:");
+ snort::LogLabel("Appid dynamic stats:");
for (unsigned i = 0; i < app_num; i++)
{
continue;
std::string app_name = AppIdPegCounts::appid_detectors_info[i];
- LogMessage("%s: ", app_name.c_str());
+ snort::LogMessage("%s: ", app_name.c_str());
pegs->print();
}
// Print unknown app stats
if (!unknown_pegs->all_zeros())
{
- LogMessage("unknown_app: flows: %" PRIu64 ", clients: %" PRIu64 ", users: %" PRIu64 ", payloads %"
+ snort::LogMessage("unknown_app: flows: %" PRIu64 ", clients: %" PRIu64 ", users: %" PRIu64 ", payloads %"
PRIu64 ", misc: %" PRIu64 "\n",
unknown_pegs->stats[0], unknown_pegs->stats[1], unknown_pegs->stats[2],
unknown_pegs->stats[3], unknown_pegs->stats[4]);
void print()
{
- LogMessage("flows: %" PRIu64 ", clients: %" PRIu64 ", users: %" PRIu64 ", payloads %" PRIu64
+ snort::LogMessage("flows: %" PRIu64 ", clients: %" PRIu64 ", users: %" PRIu64 ", payloads %" PRIu64
", misc: %" PRIu64 ", incompatible: %" PRIu64 ", failed: %" PRIu64 "\n",
stats[0], stats[1], stats[2], stats[3], stats[4], stats[5], stats[6]);
}
void set_tls_host(const char* new_tls_host, uint32_t len)
{
if (tls_host) snort_free(tls_host);
- tls_host=snort_strndup(new_tls_host,len);
- tls_host_strlen=len;
+ tls_host = snort::snort_strndup(new_tls_host,len);
+ tls_host_strlen = len;
}
void set_tls_cname(const char* new_tls_cname, uint32_t len)
{
if (tls_cname) snort_free(tls_cname);
- tls_cname=snort_strndup(new_tls_cname,len);
- tls_cname_strlen=len;
+ tls_cname = snort::snort_strndup(new_tls_cname,len);
+ tls_cname_strlen = len;
}
void set_tls_org_unit(const char* new_tls_org_unit, uint32_t len)
{
if (tls_orgUnit) snort_free(tls_orgUnit);
- tls_orgUnit=snort_strndup(new_tls_org_unit,len);
- tls_orgUnit_strlen=len;
+ tls_orgUnit = snort::snort_strndup(new_tls_org_unit,len);
+ tls_orgUnit_strlen = len;
}
};
#include "app_info_table.h"
#include "appid_session.h"
+using namespace snort;
+
#define URLCATBUCKETS 100
#define URLREPBUCKETS 5
}
else
{
- WarningMessage("Error saving statistics record for app id: %d", app_id);
+ snort::WarningMessage("Error saving statistics record for app id: %d", app_id);
snort_free(record);
record = nullptr;
}
{
if ( AppInfoManager::get_instance().configured() )
{
- ParseWarning(WARN_RULES,
+ snort::ParseWarning(WARN_RULES,
"appid: no entry for %d in appMapping.data; no rule support for this ID.",
appId);
}
}
extractsInfo &= (APPINFO_FLAG_CLIENT_ADDITIONAL | APPINFO_FLAG_CLIENT_USER);
if (!extractsInfo)
- {
return;
- }
pEntry->client_detector = this;
pEntry->flags |= extractsInfo;
#include "protocols/packet.h"
+using namespace snort;
+
enum KerberosState
{
KRB_STATE_TCP_LENGTH,
#include "protocols/packet.h"
#include "search_engines/search_tool.h"
+using namespace snort;
static THREAD_LOCAL PatternServiceDetector* service_pattern_detector;
static THREAD_LOCAL PatternClientDetector* client_pattern_detector;
*patterns = new snort::SearchTool("ac_full", true);
if (!*patterns)
{
- ErrorMessage("Error initializing the pattern table\n");
+ snort::ErrorMessage("Error initializing the pattern table\n");
return;
}
}
#include "app_info_table.h"
+using namespace snort;
+
enum POP3ClientState
{
POP3_CLIENT_STATE_AUTH, // POP3 - AUTHORIZATION state
#include "log/messages.h"
#include "protocols/packet.h"
+using namespace snort;
+
static const char* const FP_OPERATION_AND = "%&%";
static const unsigned PATTERN_PART_MAX = 10;
for (unsigned i = 0; i <= partNum; i++)
snort_free((void*)parts[i].pattern);
- ErrorMessage("Failed to allocate memory");
+ snort::ErrorMessage("Failed to allocate memory");
return 0;
}
partNum++;
{
if( !pat )
{
- ErrorMessage("HTTP pattern string is NULL.");
+ snort::ErrorMessage("HTTP pattern string is NULL.");
return false;
}
if (seq < SINGLE || seq > USER_AGENT_HEADER)
{
- ErrorMessage("Invalid HTTP DHP Sequence.");
+ snort::ErrorMessage("Invalid HTTP DHP Sequence.");
return false;
}
pattern_size = len;
- pattern = (const uint8_t*)snort_strdup((const char*)pat);
+ pattern = (const uint8_t*)snort::snort_strdup((const char*)pat);
sequence = seq;
service_id = service;
client_id = client;
public:
HostUrlDetectorPattern(const uint8_t* host_pattern, unsigned length)
{
- host.pattern = (const uint8_t*)snort_strdup((const char*)host_pattern);
+ host.pattern = (const uint8_t*)snort::snort_strdup((const char*)host_pattern);
host.patternSize = length;
}
#ifndef DETECTOR_PLUGINS_MOCK_H
#define DETECTOR_PLUGINS_MOCK_H
+namespace snort
+{
// Stubs for messages
void ErrorMessage(const char*,...) {}
void WarningMessage(const char*,...) {}
void LogMessage(const char*,...) {}
void ParseWarning(WarningGroup, const char*, ...) {}
-namespace snort
-{
+// Stubs for appid sessions
+FlowData::FlowData(unsigned, Inspector*) {}
+FlowData::~FlowData() = default;
+
// Stubs for packet
Packet::Packet(bool) { }
Packet::~Packet() = default;
bool Inspector::likes(Packet*) { return true; }
bool Inspector::get_buf(const char*, Packet*, InspectionBuffer&) { return true; }
class StreamSplitter* Inspector::get_splitter(bool) { return nullptr; }
+
+// Stubs for search_tool.cc
+SearchTool::SearchTool(const char*, bool) {}
+SearchTool::~SearchTool() = default;
+void SearchTool::add(const char*, unsigned, int, bool) {}
+void SearchTool::add(const char*, unsigned, void*, bool) {}
+void SearchTool::add(const uint8_t*, unsigned, int, bool) {}
+void SearchTool::add(const uint8_t*, unsigned, void*, bool) {}
+void SearchTool::prep() {}
+static bool test_find_all_done = false;
+static bool test_find_all_enabled = false;
+static MatchedPatterns* mock_mp = nullptr;
+int SearchTool::find_all(const char*, unsigned, MpseMatch, bool, void* mp_arg)
+{
+ test_find_all_done = true;
+ if (test_find_all_enabled)
+ memcpy(mp_arg, &mock_mp, sizeof(MatchedPatterns*));
+ return 0;
}
+// Stubs for util.cc
+char* snort_strndup(const char* src, size_t dst_size)
+{
+ char* dup = (char*)snort_calloc(dst_size + 1);
+ if ( SnortStrncpy(dup, src, dst_size + 1) == SNORT_STRNCPY_ERROR )
+ {
+ snort_free(dup);
+ return nullptr;
+ }
+ return dup;
+}
+char* snort_strdup(const char* str)
+{
+ assert(str);
+ size_t n = strlen(str) + 1;
+ char* p = (char*)snort_alloc(n);
+ memcpy(p, str, n);
+ return p;
+}
+}
+
+void show_stats(PegCount*, const PegInfo*, unsigned, const char*) {}
+void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) {}
+void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) {}
+
class AppIdInspector : public snort::Inspector
{
public:
{
return nullptr;
}
-void show_stats(PegCount*, const PegInfo*, unsigned, const char*) {}
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) {}
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) {}
-
-// Stubs for appid sessions
-snort::FlowData::FlowData(unsigned, Inspector*) {}
-snort::FlowData::~FlowData() = default;
// Stubs for inspectors
unsigned AppIdSession::inspector_id = 0;
void AppIdModule::sum_stats(bool) {}
void AppIdModule::show_dynamic_stats() {}
-namespace snort
-{
-// Stubs for search_tool.cc
-SearchTool::SearchTool(const char*, bool) {}
-SearchTool::~SearchTool() = default;
-void SearchTool::add(const char*, unsigned, int, bool) {}
-void SearchTool::add(const char*, unsigned, void*, bool) {}
-void SearchTool::add(const uint8_t*, unsigned, int, bool) {}
-void SearchTool::add(const uint8_t*, unsigned, void*, bool) {}
-void SearchTool::prep() {}
-static bool test_find_all_done = false;
-static bool test_find_all_enabled = false;
-static MatchedPatterns* mock_mp = nullptr;
-int SearchTool::find_all(const char*, unsigned, MpseMatch, bool, void* mp_arg)
-{
- test_find_all_done = true;
- if (test_find_all_enabled)
- memcpy(mp_arg, &mock_mp, sizeof(MatchedPatterns*));
- return 0;
-}
-}
-
// Stubs for appid_session.cc
static bool test_service_strstr_enabled = false;
const uint8_t* service_strstr(const uint8_t* p, unsigned,
return nullptr;
}
-// Stubs for util.cc
-char* snort_strndup(const char* src, size_t dst_size)
-{
- char* dup = (char*)snort_calloc(dst_size + 1);
- if ( SnortStrncpy(dup, src, dst_size + 1) == SNORT_STRNCPY_ERROR )
- {
- snort_free(dup);
- return nullptr;
- }
- return dup;
-}
-char* snort_strdup(const char* str)
-{
- assert(str);
- size_t n = strlen(str) + 1;
- char* p = (char*)snort_alloc(n);
- memcpy(p, str, n);
- return p;
-}
-
#endif
#include "log/messages.h"
#include "main/thread.h"
+using namespace snort;
+
#define HASH_NUM_ROWS (1024)
static THREAD_LOCAL XHash* lengthCache = nullptr;
#include "utils/sflsq.h"
#include "log/messages.h"
+using namespace snort;
+
#define MAX_LUA_DETECTOR_FILENAME_LEN 1024
#define MAX_DEFAULT_NUM_LUA_TRACKERS 10000
#define AVG_LUA_TRACKER_SIZE_IN_BYTES 740
}
if (appidDebug->is_active())
- LogMessage("AppIdDbg %s RSHELL state %d\n", appidDebug->get_debug_session(), rd->state);
+ snort::LogMessage("AppIdDbg %s RSHELL state %d\n", appidDebug->get_debug_session(), rd->state);
switch (rd->state)
{
if (snmp_verify_packet(&data, data+size, &pdu, &version))
{
if (appidDebug->is_active())
- LogMessage("AppIdDbg %s SNMP payload verify failed\n", appidDebug->get_debug_session());
+ snort::LogMessage("AppIdDbg %s SNMP payload verify failed\n", appidDebug->get_debug_session());
if (args.asd.get_session_flags(APPID_SESSION_UDP_REVERSED))
{
if (args.dir == APP_ID_FROM_RESPONDER)
}
if (appidDebug->is_active())
- LogMessage("AppIdDbg %s SNMP state %d\n", appidDebug->get_debug_session(), sd->state);
+ snort::LogMessage("AppIdDbg %s SNMP state %d\n", appidDebug->get_debug_session(), sd->state);
switch (sd->state)
{
#include "appid_debug.h"
#include "appid_inspector.h"
+using namespace snort;
+
#define TFTP_PORT 69
#define TFTP_COUNT_THRESHOLD 1
#define TFTP_MAX_PACKET_SIZE 512
// Mocks
+namespace snort
+{
unsigned get_instance_id() { return 3; }
+FlowData::FlowData(unsigned, Inspector*) { }
+FlowData::~FlowData() = default;
+}
+
class AppIdInspector
{
public:
AppIdInspector() = default;
};
-FlowData::FlowData(unsigned, Inspector*) { }
-FlowData::~FlowData() = default;
-
AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector& inspector)
: FlowData(0), inspector(inspector) { }
AppIdSession::~AppIdSession() = default;
AppIdConfig* pAppidActiveConfig = nullptr;
ThirdPartyAppIDModule* tp_appid_module = nullptr;
+namespace snort
+{
char* snort_strndup(const char* src, size_t dst_size)
{
return strndup(src, dst_size);
return p;
}
+void ErrorMessage(const char*,...) { }
+void WarningMessage(const char*,...) { }
+void LogMessage(const char*,...) { }
+void ParseWarning(WarningGroup, const char*, ...) { }
+
+void LogLabel(const char*, FILE*) {}
+}
+
void Field::set(int32_t length, const uint8_t* start, bool own_the_buffer_)
{
strt = start;
Field global_field;
-void ErrorMessage(const char*,...) { }
-void WarningMessage(const char*,...) { }
-void LogMessage(const char*,...) { }
-void ParseWarning(WarningGroup, const char*, ...) { }
-
-void LogLabel(const char*, FILE*) {}
int ServiceDiscovery::add_ftp_service_state(AppIdSession&)
{
using namespace std;
+namespace snort
+{
// Note: without SO_PUBLIC this is not being exported so tp_mock.so won't
// load because of undefined symbol error.
SO_PUBLIC void ErrorMessage(const char* format,...)
vfprintf(stdout, format, ap);
va_end(ap);
}
-
+}
#endif
#include <CppUTest/CommandLineTestRunner.h>
#include <CppUTest/TestHarness.h>
-// Stubs for AppIdDebug
-THREAD_LOCAL AppIdDebug* appidDebug = nullptr;
-void AppIdDebug::activate(const Flow*, const AppIdSession*, bool) { active = true; }
-
+namespace snort
+{
// Stubs for logs
char test_log[256];
void LogMessage(const char* format,...)
}
void ErrorMessage(const char*,...) {}
void LogLabel(const char*, FILE*) {}
-THREAD_LOCAL AppIdStats appid_stats;
// Stubs for utils
char* snort_strdup(const char* str)
return p;
}
time_t packet_time() { return std::time(0); }
+}
// Stubs for AppInfoManager
AppInfoTableEntry* AppInfoManager::get_app_info_entry(AppId)
class AppIdInspector{};
FlowData::FlowData(unsigned, Inspector*) {}
FlowData::~FlowData() = default;
+
+// Stubs for AppIdDebug
+THREAD_LOCAL AppIdDebug* appidDebug = nullptr;
+THREAD_LOCAL AppIdStats appid_stats;
+
+void AppIdDebug::activate(const Flow*, const AppIdSession*, bool) { active = true; }
+
AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector& inspector)
: FlowData(0), inspector(inspector) {}
AppIdSession::~AppIdSession() = default;
}
const PegInfo* ArpSpoofModule::get_pegs() const
-{ return simple_pegs; }
+{ return snort::simple_pegs; }
PegCount* ArpSpoofModule::get_counts() const
{ return (PegCount*)&asstats; }
CPUTracker::CPUTracker(PerfConfig *perf) : PerfTracker(perf, TRACKER_NAME)
{
- formatter->register_section("thread_" + to_string(get_instance_id()));
+ formatter->register_section("thread_" + to_string(snort::get_instance_id()));
formatter->register_field("cpu_user", &user_stat);
formatter->register_field("cpu_system", &system_stat);
formatter->register_field("cpu_wall", &wall_stat);
private:
FlowStateValue stats;
- XHash* ip_map;
+ snort::XHash* ip_map;
char ip_a[41], ip_b[41];
FlowStateValue* find_stats(const snort::SfIp* src_addr, const snort::SfIp* dst_addr, int* swapped);
{ return config; }
const PegInfo* PerfMonModule::get_pegs() const
-{ return simple_pegs; }
+{ return snort::simple_pegs; }
PegCount* PerfMonModule::get_counts() const
{ return (PegCount*)&pmstats; }
#include "json_formatter.h"
#include "text_formatter.h"
+using namespace snort;
using namespace std;
static inline bool check_file_size(FILE* fh, uint64_t max_file_size)
#include "utils/util.h"
#endif
+using namespace snort;
using namespace std;
void TextFormatter::write(FILE* fh, time_t)
{ return &psPerfStats; }
const PegInfo* PortScanModule::get_pegs() const
-{ return simple_pegs; }
+{ return snort::simple_pegs; }
PegCount* PortScanModule::get_counts() const
{ return (PegCount*)&spstats; }
#include "utils/util.h"
#include "utils/util_cstring.h"
+using namespace snort;
using namespace std;
enum
int j = 1;
if (pcap_findalldevs(&alldevs, errorbuf) == -1)
- FatalError("Could not get device list: %s.", errorbuf);
+ snort::FatalError("Could not get device list: %s.", errorbuf);
printf("Index\tDevice\tPhysical Address\tIP Address\tDescription\n");
printf("-----\t------\t----------------\t----------\t-----------\n");
#include "main/snort_config.h"
#include "utils/util.h"
+using namespace snort;
+
std::vector<struct Trough::PcapReadObject> Trough::pcap_object_list;
std::vector<std::string> Trough::pcap_queue;
std::string Trough::pcap_filter;
if (args == nullptr)
return CHECKSUM_FLAG__ALL;
- toks = mSplit(args, " \t", 10, &num_toks, 0);
+ toks = snort::mSplit(args, " \t", 10, &num_toks, 0);
for (i = 0; i < num_toks; i++)
{
if (strcasecmp(toks[i], CHECKSUM_MODE_OPT__ALL) == 0)
}
else
{
- ParseError("unknown command line checksum option: %s.", toks[i]);
+ snort::ParseError("unknown command line checksum option: %s.", toks[i]);
return ret_flags;
}
}
ret_flags = negative_flags;
}
- mSplitFree(&toks, num_toks);
+ snort::mSplitFree(&toks, num_toks);
return ret_flags;
}
#include "utils/util.h"
+namespace snort
+{
static char* mSplitAddTok(const char*, const int, const char*, const char);
/****************************************************************
snort_free(buf);
*pbuf = nullptr;
}
-
+} // namespace snort
#define TOKS_BUF_SIZE 100
+namespace snort
+{
SO_PUBLIC char** mSplit(const char*, const char*, const int, int*, const char);
SO_PUBLIC void mSplitFree(char*** toks, int numtoks);
-
+}
#endif
{
if (ret_code == SFIP_LOOKUP_FAILURE)
{
- ParseError("Undefined variable in the string: %s", addr);
+ snort::ParseError("Undefined variable in the string: %s", addr);
return ret;
}
else if (ret_code == SFIP_CONFLICT)
{
- ParseError("Negated IP ranges that equal to or are"
+ snort::ParseError("Negated IP ranges that equal to or are"
" more-specific than non-negated ranges are not allowed."
" Consider inverting the logic: %s.", addr);
return ret;
}
else
{
- ParseError("Unable to process the IP address: %s", addr);
+ snort::ParseError("Unable to process the IP address: %s", addr);
return ret;
}
}
#include "protocols/packet.h"
#include "utils/util.h"
+using namespace snort;
+
static int POParserInit(POParser* pop, const char* s, PortVarTable* pvTable)
{
memset(pop,0,sizeof(POParser));
}
/*
-* Read an unsigned short (a port)
+* read an unsigned short (a port)
*/
static uint16_t POParserGetShort(POParser* pop)
{
#include "parse_conf.h"
#include "parse_rule.h"
+using namespace snort;
using namespace std;
static unsigned chars = 0, tokens = 0;
#include "log/messages.h"
#include "utils/util_cstring.h"
+using namespace snort;
using namespace std;
static inline int xton(int c)
{
class Module;
struct SnortConfig;
-}
+} // namespace snort
#define PIGLET_API_VERSION 1
{
fmt.insert(0, "piglet: ");
fmt.append("\n");
- ErrorMessage(fmt.c_str(), std::forward<Args>(args)...);
+
snort::ErrorMessage(fmt.c_str(), std::forward<Args>(args)...);
}
} // namespace Piglet
struct Chunk;
struct Api;
class BasePlugin;
-}
-namespace Piglet
-{
class Manager
{
public:
#include "piglet_output.h"
#include "piglet_utils.h"
+using namespace snort;
+
namespace Piglet
{
using namespace std;
struct Chunk;
struct Test;
struct Output;
-}
-namespace Piglet
-{
struct Summary
{
unsigned passed = 0;
#include "utils/util.h"
#include "utils/util_cstring.h"
+using namespace snort;
+
/*
* Create a new PortObjectItem
*/
#include "port_item.h"
#include "port_utils.h"
+using namespace snort;
+
//-------------------------------------------------------------------------
// PortObject - public
//-------------------------------------------------------------------------
p=(PortObjectItem*)sflist_next(&pos) )
{
if ((p->lport == poi->lport) && (p->hport == poi->hport))
- ParseWarning(WARN_RULES, "duplicate ports in list");
+ snort::ParseWarning(WARN_RULES, "duplicate ports in list");
}
sflist_add_tail(po->item_list, poi);
SnortSnprintfAppend(buf, bufsize, " ]");
- LogMessage("%s", buf);
+ snort::LogMessage("%s", buf);
snort_free(buf);
}
}
SnortSnprintfAppend(po_print_buf, bufsize, " ]\n }\n");
- LogMessage("%s", po_print_buf);
+ snort::LogMessage("%s", po_print_buf);
snort_free(rlist);
}
#include "port_object.h"
#include "port_utils.h"
+using namespace snort;
+
#define PO_EXTRA_RULE_CNT 25
//-------------------------------------------------------------------------
// PortObject2 is similar to PortObject
//-------------------------------------------------------------------------
+
struct PortObject;
struct PortObject2
int id; /* internal tracking - compiling sets this value */
SF_LIST* item_list; /* list of port and port-range items */
- GHash* rule_hash; /* hash of rule (rule-indexes) in use */
+ snort::GHash* rule_hash; /* hash of rule (rule-indexes) in use */
PortBitSet* port_list; /* for collecting ports that use this object */
struct PortGroup* group; /* PortGroup based on rule_hash */
#include "port_utils.h"
+using namespace snort;
+
#define PTBL_LRC_DEFAULT 10
#define PO_INIT_ID 1000000
#define PO_HASH_TBL_ROWS 10000
int pt_poid;
/* Compiled / merged port object hash table */
- GHash* pt_mpo_hash;
- GHash* pt_mpxo_hash;
+ snort::GHash* pt_mpo_hash;
+ snort::GHash* pt_mpxo_hash;
/*
* Final Port/Rule Groupings, one port object per port, or null
#include "port_item.h"
#include "port_object.h"
+using namespace snort;
+
//-------------------------------------------------------------------------
// bitset conversions
//-------------------------------------------------------------------------
#include "port_var_table.h"
+using namespace snort;
+
//-------------------------------------------------------------------------
// PortVarTable
//-------------------------------------------------------------------------
// PortVars are internally stored in PortObjects
//-------------------------------------------------------------------------
-typedef GHash PortVarTable;
+typedef snort::GHash PortVarTable;
PortVarTable* PortVarTableCreate();
int PortVarTableFree(PortVarTable* pvt);
nfp = PortObjectNew();
if ( !src or !dst or !any or !nfp )
- ParseAbort("can't allocate port structs");
+ snort::ParseAbort("can't allocate port structs");
// someday these could be read from snort.conf, something like...
// 'config portlist: large-rule-count <val>'
RulePortTables* rpt = new RulePortTables;
if ( !(rpt->svc_any = PortObjectNew()) )
- ParseAbort("ParseRulesFile udp any-any PortObjectNew() failed");
+ snort::ParseAbort("ParseRulesFile udp any-any PortObjectNew() failed");
PortObjectAddPortAny(rpt->svc_any);
inline void CombinedMemoryStats::update_allocs(size_t n)
{
- if ( is_packet_thread() )
+ if ( snort::is_packet_thread() )
runtime.update_allocs(n);
else
startup.update_allocs(n);
inline void CombinedMemoryStats::update_deallocs(size_t n)
{
- if ( is_packet_thread() )
+ if ( snort::is_packet_thread() )
runtime.update_deallocs(n);
else
startup.update_deallocs(n);
table << StatsTable::HEADER;
}
- LogMessage("%s", ss.str().c_str());
+ snort::LogMessage("%s", ss.str().c_str());
print_recursive(root, root, 1, count, max_depth);
print_row(root, root, 0, 0);
table << cur.view.pct_caller() << cur.view.pct_of(root.view.get_stats());
}
- LogMessage("%s", ss.str().c_str());
+ snort::LogMessage("%s", ss.str().c_str());
}
private:
int max_depth = -1;
};
+namespace snort
+{
struct SO_PUBLIC TimeProfilerStats
{
hr_duration elapsed;
TimeContext ctx;
};
+} // namespace snort
#endif
#include "main/snort_types.h"
#include "target_based/snort_protocols.h"
-class Endianness;
-class Obfuscator;
namespace snort
{
+class Endianness;
class Flow;
class IpsContext;
+class Obfuscator;
/* packet status flags */
#define PKT_REBUILT_FRAG 0x00000001 /* is a rebuilt fragment */
#define SSL2_CHELLO_BYTE 0x01
#define SSL2_SHELLO_BYTE 0x04
-/* very simplistic - just enough to say this is binary data - the rules will make a final
-* judgement. Should maybe add an option to the imap configuration to enable the
-* continuing of command inspection like ftptelnet. */
-bool IsTlsClientHello(const uint8_t* ptr, const uint8_t* end)
-{
- /* at least 3 bytes of data - see below */
- if ((end - ptr) < 3)
- return false;
-
- if ((ptr[0] == SSL3_FIRST_BYTE) && (ptr[1] == SSL3_SECOND_BYTE))
- {
- /* TLS v1 or SSLv3 */
- return true;
- }
- else if ((ptr[2] == SSL2_CHELLO_BYTE) || (ptr[3] == SSL2_CHELLO_BYTE))
- {
- /* SSLv2 */
- return true;
- }
-
- return false;
-}
-
-/* this may at least tell us whether the server accepted the client hello by the presence
- * of binary data */
-
-bool IsTlsServerHello(const uint8_t* ptr, const uint8_t* end)
-{
- /* at least 3 bytes of data - see below */
- if ((end - ptr) < 3)
- return false;
-
- if ((ptr[0] == SSL3_FIRST_BYTE) && (ptr[1] == SSL3_SECOND_BYTE))
- {
- /* TLS v1 or SSLv3 */
- return true;
- }
- else if (ptr[2] == SSL2_SHELLO_BYTE)
- {
- /* SSLv2 */
- return true;
- }
-
- return false;
-}
-
-bool IsSSL(const uint8_t* ptr, int len, int pkt_flags)
-{
- uint32_t ssl_flags = SSL_decode(ptr, len, pkt_flags, 0, nullptr, nullptr, 0);
-
- if ((ssl_flags != SSL_ARG_ERROR_FLAG) &&
- !(ssl_flags & SSL_ERROR_FLAGS))
- {
- return true;
- }
-
- return false;
-}
-
static uint32_t SSL_decode_version_v3(uint8_t major, uint8_t minor)
{
/* Should only be called internally and by functions which have previously
return retval | SSL_VER_SSLV2_FLAG;
}
+namespace snort
+{
uint32_t SSL_decode(
const uint8_t* pkt, int size, uint32_t pkt_flags, uint32_t prev_flags,
uint8_t* alert_flags, uint16_t* partial_rec_len, int max_hb_len)
return SSL_decode_v3(pkt, size, pkt_flags, alert_flags, partial_rec_len, max_hb_len);
}
+/* very simplistic - just enough to say this is binary data - the rules will make a final
+* judgement. Should maybe add an option to the imap configuration to enable the
+* continuing of command inspection like ftptelnet. */
+bool IsTlsClientHello(const uint8_t* ptr, const uint8_t* end)
+{
+ /* at least 3 bytes of data - see below */
+ if ((end - ptr) < 3)
+ return false;
+
+ if ((ptr[0] == SSL3_FIRST_BYTE) && (ptr[1] == SSL3_SECOND_BYTE))
+ {
+ /* TLS v1 or SSLv3 */
+ return true;
+ }
+ else if ((ptr[2] == SSL2_CHELLO_BYTE) || (ptr[3] == SSL2_CHELLO_BYTE))
+ {
+ /* SSLv2 */
+ return true;
+ }
+
+ return false;
+}
+
+/* this may at least tell us whether the server accepted the client hello by the presence
+ * of binary data */
+
+bool IsTlsServerHello(const uint8_t* ptr, const uint8_t* end)
+{
+ /* at least 3 bytes of data - see below */
+ if ((end - ptr) < 3)
+ return false;
+
+ if ((ptr[0] == SSL3_FIRST_BYTE) && (ptr[1] == SSL3_SECOND_BYTE))
+ {
+ /* TLS v1 or SSLv3 */
+ return true;
+ }
+ else if (ptr[2] == SSL2_SHELLO_BYTE)
+ {
+ /* SSLv2 */
+ return true;
+ }
+
+ return false;
+}
+
+bool IsSSL(const uint8_t* ptr, int len, int pkt_flags)
+{
+ uint32_t ssl_flags = SSL_decode(ptr, len, pkt_flags, 0, nullptr, nullptr, 0);
+
+ if ((ssl_flags != SSL_ARG_ERROR_FLAG) &&
+ !(ssl_flags & SSL_ERROR_FLAGS))
+ {
+ return true;
+ }
+
+ return false;
+}
+
+} // namespace snort
#define SSL_HEARTBLEED_RESPONSE 0x02
#define SSL_HEARTBLEED_UNKNOWN 0x04
+namespace snort
+{
SO_PUBLIC uint32_t SSL_decode(
const uint8_t* pkt, int size, uint32_t pktflags, uint32_t prevflags,
uint8_t* alert_flags, uint16_t* partial_rec_len, int hblen);
SO_PUBLIC bool IsTlsClientHello(const uint8_t* ptr, const uint8_t* end);
SO_PUBLIC bool IsTlsServerHello(const uint8_t* ptr, const uint8_t* end);
SO_PUBLIC bool IsSSL(const uint8_t* ptr, int len, int pkt_flags);
-
+}
#endif
#include "service_inspectors/http_inspect/http_msg_header.h"
#include "service_inspectors/http_inspect/http_msg_request.h"
+using namespace snort;
+
const uint8_t* HttpEvent::get_header(unsigned id, uint64_t sub_id, int32_t& length)
{
const Field& field = http_msg_header->get_classic_buffer(id, sub_id, 0);
class HttpMsgHeader;
+namespace snort
+{
class SO_PUBLIC HttpEvent : public snort::DataEvent
{
public:
const uint8_t* get_header(unsigned, uint64_t, int32_t&);
};
-
+}
#endif
#include "utils/stats.h"
#include "utils/util.h"
+using namespace snort;
+
#define printf LogMessage
-#define MEMASSERT(p,s) if (!(p)) { FatalError("ACSM-No Memory: %s\n",s); }
+#define MEMASSERT(p,s) if (!(p)) { snort::FatalError("ACSM-No Memory: %s\n",s); }
static int acsm2_total_memory = 0;
static int acsm2_pattern_memory = 0;
#include "utils/stats.h"
#include "utils/util.h"
+using namespace snort;
+
/*
* Used to initialize last state, states are limited to 0-16M
* so this will not conflict.
PegCount matched_bytes;
};
+namespace snort
+{
SO_PUBLIC extern THREAD_LOCAL PatMatQStat pmqs;
-
+}
#endif
SnortConfig* SnortConfig::get_conf()
{ return snort_conf; }
+static unsigned parse_errors = 0;
+void ParseError(const char*, ...)
+{ parse_errors++; }
+
+void LogCount(char const*, uint64_t, FILE*)
+{ }
+
+unsigned get_instance_id()
+{ return 0; }
+
}
//-------------------------------------------------------------------------
// stubs, spies, etc.
extern const BaseApi* se_hyperscan;
static unsigned hits = 0;
-static unsigned parse_errors = 0;
-
-void ParseError(const char*, ...)
-{ parse_errors++; }
-
-void LogCount(char const*, uint64_t, FILE*)
-{ }
static int match(
void* /*user*/, void* /*tree*/, int /*index*/, void* /*context*/, void* /*list*/)
{ ++hits; return 0; }
-
-unsigned get_instance_id()
-{ return 0; }
-
static void* s_user = (void*)"user";
static void* s_tree = (void*)"tree";
static void* s_list = (void*)"list";
SnortConfig* SnortConfig::get_conf()
{ return snort_conf; }
-}
unsigned get_instance_id()
{ return 0; }
-void LogValue(const char*, const char*, FILE*)
-{
-}
-
-SO_PUBLIC void LogMessage(const char*, ...)
-{
-}
-
-[[noreturn]] void FatalError(const char*,...)
-{
- exit(1);
-}
-
-void LogCount(char const*, uint64_t, FILE*)
-{ }
-
-void LogStat(const char*, double, FILE*)
-{}
+void LogValue(const char*, const char*, FILE*) { }
+SO_PUBLIC void LogMessage(const char*, ...) { }
+[[noreturn]] void FatalError(const char*,...) { exit(1); }
+void LogCount(char const*, uint64_t, FILE*) { }
+void LogStat(const char*, double, FILE*) { }
static void* s_tree = (void*)"tree";
static void* s_list = (void*)"list";
-namespace snort
-{
static MpseAgent s_agent =
{
[](struct SnortConfig* sc, void*, void** ppt)
};
const PegInfo* BoModule::get_pegs() const
-{ return simple_pegs; }
+{ return snort::simple_pegs; }
PegCount* BoModule::get_counts() const
{ return (PegCount*)&bostats; }
uint32_t srv_nseq;
};
-class DceEndianness : public Endianness
+class DceEndianness : public snort::Endianness
{
public:
int hdr_byte_order; /* Set to sentinel if not applicable */
assert(p->flow);
if (p->flow->get_session_flags() & SSNFLAG_MIDSTREAM)
- {
return;
- }
dce2_smb_sess = dce2_handle_smb_session(p, &config);
p->packet_flags |= PKT_ALLOW_MULTIPLE_DETECT;
dce2_detected = 0;
- p->endianness = (Endianness*)new DceEndianness();
+ p->endianness = (snort::Endianness*)new DceEndianness();
DCE2_SmbProcess(dce2_smb_sess);
#include "dce_smb_module.h"
#include "dce_smb_transaction_utils.h"
+using namespace snort;
+
#define SMB_DIALECT_NT_LM_012 "NT LM 0.12" // NT LAN Manager
#define SERVICE_0 (0) // IPC start
#include "dce_smb_module.h"
#include "dce_smb_transaction_utils.h"
+using namespace snort;
+
#define DCE2_SMB_TRANS__NONE 0x00
#define DCE2_SMB_TRANS__DATA 0x01
#define DCE2_SMB_TRANS__PARAMS 0x02
if ( cmdConf->check_validity && !len )
{
- ErrorMessage("FTPConfigCheck() configuration for server, "
+ snort::ErrorMessage("FTPConfigCheck() configuration for server, "
"command '%s' has max length of 0 and parameters to validate\n",
cmdConf->cmd_name);
config_error = 1;
{
if (CheckFTPCmdOptions(serverConf))
{
- ErrorMessage("FTPConfigCheck(): invalid configuration for FTP commands\n");
+ snort::ErrorMessage("FTPConfigCheck(): invalid configuration for FTP commands\n");
return -1;
}
return 0;
if ( !config )
{
- ErrorMessage("FTP configuration requires "
+ snort::ErrorMessage("FTP configuration requires "
"default client and default server configurations.\n");
return -1;
}
// Verify that FTP client and FTP data inspectors are initialized.
if(!snort::InspectorManager::get_inspector(FTP_CLIENT_NAME, false))
{
- ParseError("ftp_server requires that %s also be configured.", FTP_CLIENT_NAME);
+ snort::ParseError("ftp_server requires that %s also be configured.", FTP_CLIENT_NAME);
return -1;
}
if(!snort::InspectorManager::get_inspector(FTP_DATA_NAME, false))
{
- ParseError("ftp_server requires that %s also be configured.", FTP_DATA_NAME);
+ snort::ParseError("ftp_server requires that %s also be configured.", FTP_DATA_NAME);
return -1;
}
#include "ft_main.h"
#include "ftpp_return_codes.h"
+using namespace snort;
+
/*
* Function: ftp_bounce_lookup_init(BOUNCE_LOOKUP **BounceLookup)
*
#include "ft_main.h"
#include "ftpp_return_codes.h"
+using namespace snort;
+
/*
* Function: ftp_cmd_lookup_init(CMD_LOOKUP **CmdLookup)
*
};
const PegInfo* FtpDataModule::get_pegs() const
-{ return simple_pegs; }
+{ return snort::simple_pegs; }
PegCount* FtpDataModule::get_counts() const
{ return (PegCount*)&fdstats; }
{
/* explicit check that we have enough room for copy */
if (numChoices <= ThisFmt->numChoices)
- ParseError("Can't do memcpy - index out of range ");
+ snort::ParseError("Can't do memcpy - index out of range ");
memcpy(tmpChoices, ThisFmt->choices,
sizeof(FTP_PARAM_FMT*) * ThisFmt->numChoices);
if (iRet)
{
- ParseError("Failed to add configuration for Bounce object '%s'.", ALLOW_BOUNCE);
+ snort::ParseError("Failed to add configuration for Bounce object '%s'.", ALLOW_BOUNCE);
snort_free(newBounce);
return FTPP_FATAL_ERR;
}
#include "ftp_parse.h"
#include "ftpp_return_codes.h"
+using namespace snort;
+
int PrintConfOpt(bool on, const char* Option)
{
LogMessage(" %s: %s\n", Option, on ? "ON" : "OFF");
#include "gtp_inspect.h"
#include "gtp_module.h"
+using namespace snort;
+
#pragma pack(1)
static inline void alert(int sid)
{
bool get_fp_buf(snort::InspectionBuffer::Type ibt, snort::Packet* p,
snort::InspectionBuffer& b) override;
bool configure(snort::SnortConfig*) override;
- void show(snort::SnortConfig*) override { LogMessage("Http2Inspect\n"); }
+ void show(snort::SnortConfig*) override { snort::LogMessage("Http2Inspect\n"); }
void eval(snort::Packet* p) override;
void clear(snort::Packet* p) override;
void tinit() override { }
void generate_misformatted_http(const uint8_t* buffer, uint32_t length)
{
- if ( SnortStrnStr((const char*)buffer, length, "HTTP/") != nullptr )
+ if ( snort::SnortStrnStr((const char*)buffer, length, "HTTP/") != nullptr )
create_event(HttpEnums::EVENT_MISFORMATTED_HTTP);
else
create_event(HttpEnums::EVENT_LOSS_OF_SYNC);
#include "http_test_manager.h"
#include "http_transaction.h"
+using namespace snort;
using namespace HttpEnums;
unsigned HttpFlowData::inspector_id = 0;
int64_t detect_depth_remaining[2] = { HttpEnums::STAT_NOT_PRESENT,
HttpEnums::STAT_NOT_PRESENT };
snort::MimeSession* mime_state[2] = { nullptr, nullptr };
- UtfDecodeSession* utf_state = nullptr; // SRC_SERVER only
+ snort::UtfDecodeSession* utf_state = nullptr; // SRC_SERVER only
fd_session_t* fd_state = nullptr; // SRC_SERVER only
struct FdCallbackContext
{
snort::InspectionBuffer& b);
bool get_fp_buf(snort::InspectionBuffer::Type ibt, snort::Packet* p, snort::InspectionBuffer& b) override;
bool configure(snort::SnortConfig*) override;
- void show(snort::SnortConfig*) override { LogMessage("HttpInspect\n"); }
+ void show(snort::SnortConfig*) override { snort::LogMessage("HttpInspect\n"); }
void eval(snort::Packet* p) override;
void clear(snort::Packet* p) override;
void tinit() override { }
#include "utils/safec.h"
using namespace HttpEnums;
+using namespace snort;
HttpJsNorm::HttpJsNorm(int max_javascript_whitespaces_, const HttpParaList::UriParam& uri_param_) :
max_javascript_whitespaces(max_javascript_whitespaces_), uri_param(uri_param_),
#include "http_js_norm.h"
#include "http_msg_request.h"
+using namespace snort;
using namespace HttpEnums;
HttpMsgBody::HttpMsgBody(const uint8_t* buffer, const uint16_t buf_size,
private:
// Dummy configurations to support MIME processing
MailLogConfig mime_conf;
- DecodeConfig decode_conf;
+ snort::DecodeConfig decode_conf;
void prepare_body();
void setup_file_processing();
if (abs_path.length() > 0 )
{
- abs_path_hash = str_to_hash(abs_path.start(), abs_path.length());
+ abs_path_hash = snort::str_to_hash(abs_path.start(), abs_path.length());
}
return abs_path_hash;
FILE* file = fopen(filename, "r");
if (file == nullptr)
{
- ParseError("Cannot open unicode map file %s", filename);
+ snort::ParseError("Cannot open unicode map file %s", filename);
return;
}
// Advance file to the desired code page
if (!advance_to_code_page(file, code_page))
{
- ParseError("Did not find code page %d in unicode map file %s", code_page, filename);
+ snort::ParseError("Did not find code page %d in unicode map file %s", code_page, filename);
fclose(file);
return;
}
if (!map_code_points(file, map))
{
- ParseError("Error while reading code page %d in unicode map file %s", code_page, filename);
+ snort::ParseError("Error while reading code page %d in unicode map file %s", code_page, filename);
fclose(file);
return;
}
using namespace snort;
using namespace HttpEnums;
+namespace snort
+{
// Stubs whose sole purpose is to make the test code link
void ParseWarning(WarningGroup, const char*, ...) {}
void ParseError(const char*, ...) {}
+void Value::get_bits(std::bitset<256ul>&) const {}
+int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { return 0; }
+}
+
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
void show_stats(SimpleStats*, const char*) { }
-void Value::get_bits(std::bitset<256ul>&) const {}
-int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { return 0; }
-
int32_t str_to_code(const uint8_t*, const int32_t, const StrCode []) { return 0; }
int32_t substr_to_code(const uint8_t*, const int32_t, const StrCode []) { return 0; }
long HttpTestManager::print_amount {};
using namespace snort;
using namespace HttpEnums;
+namespace snort
+{
// Stubs whose sole purpose is to make the test code link
unsigned FlowData::flow_data_id = 0;
FlowData::FlowData(unsigned, Inspector*) {}
FlowData::~FlowData() = default;
int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { return 0; }
-THREAD_LOCAL PegCount HttpModule::peg_counts[1];
fd_status_t File_Decomp_StopFree(fd_session_t*) { return File_Decomp_OK; }
+}
+
+THREAD_LOCAL PegCount HttpModule::peg_counts[1];
class HttpUnitTestSetup
{
using namespace snort;
+namespace snort
+{
// Stubs whose sole purpose is to make the test code link
void ParseWarning(WarningGroup, const char*, ...) {}
void ParseError(const char*, ...) {}
+void Value::get_bits(std::bitset<256ul>&) const {}
+int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { return 0; }
+}
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
void show_stats( PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
void show_stats(SimpleStats*, const char*) { }
-void Value::get_bits(std::bitset<256ul>&) const {}
-int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { return 0; }
-
HttpJsNorm::HttpJsNorm(int, const HttpParaList::UriParam& uri_param_) :
max_javascript_whitespaces(0), uri_param(uri_param_), javascript_search_mpse(nullptr),
htmltype_search_mpse(nullptr) {}
struct IMAP_PROTO_CONF
{
- DecodeConfig decode_conf;
+ snort::DecodeConfig decode_conf;
MailLogConfig log_config;
};
struct POP_PROTO_CONF
{
- DecodeConfig decode_conf;
+ snort::DecodeConfig decode_conf;
MailLogConfig log_config;
};
#include "main/snort_debug.h"
#include "utils/util.h"
+using namespace snort;
+
#define SIP_SEPERATORS "()<>@,;:\\/[]?={}\" "
static SIPMethodNode* SIP_AddMethodToList(
int max_response_line_len = 0;
int xlink2state;
MailLogConfig log_config;
- DecodeConfig decode_conf;
+ snort::DecodeConfig decode_conf;
uint32_t xtra_filename_id;
uint32_t xtra_mfrom_id;
// FIXIT-L X This should be in utils_net if anywhere, but that makes it way harder to link into unit tests
SO_PUBLIC const char* snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize);
-}
+} // namespace snort
#endif
#include "catch/snort_catch.h"
#endif
+using namespace snort;
+
vartable_t* sfvt_alloc_table()
{
vartable_t* table = (vartable_t*)snort_calloc(sizeof(vartable_t));
len = strlen(name) + strlen(value) + 2;
buf = (char*)snort_alloc(len);
- SnortSnprintf(buf, len, "%s %s", name, value);
+ snort::SnortSnprintf(buf, len, "%s %s", name, value);
ret = sfvt_add_str(table, buf, &ipret);
if ((ret == SFIP_SUCCESS) || (ret == SFIP_DUPLICATE))
{ return (PegCount*)&sc_stats; }
const PegInfo* get_pegs() const override
- { return simple_pegs; }
+ { return snort::simple_pegs; }
snort::ProfileStats* get_profile() const override;
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { }
void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+namespace snort
+{
void ParseWarning(WarningGroup, const char*, ...) { }
char* snort_strdup(const char* s)
{ return strdup(s); }
+}
TEST_GROUP(side_channel_module)
{ };
void SegmentOverlapEditor::print(TcpReassemblerState& trs)
{
- LogMessage(" seglist_base_seq: %X\n", trs.sos.seglist_base_seq);
- LogMessage(" seglist head: %p\n", (void*)trs.sos.seglist.head);
- LogMessage(" seglist tail: %p\n", (void*)trs.sos.seglist.tail);
- LogMessage(" seglist next: %p\n", (void*)trs.sos.seglist.next);
- LogMessage(" seg_count: %d\n", trs.sos.seg_count);
- LogMessage(" seg_bytes_total: %d\n", trs.sos.seg_bytes_total);
- LogMessage(" seg_bytes_logical: %d\n", trs.sos.seg_bytes_logical);
+ snort::LogMessage(" seglist_base_seq: %X\n", trs.sos.seglist_base_seq);
+ snort::LogMessage(" seglist head: %p\n", (void*)trs.sos.seglist.head);
+ snort::LogMessage(" seglist tail: %p\n", (void*)trs.sos.seglist.tail);
+ snort::LogMessage(" seglist next: %p\n", (void*)trs.sos.seglist.next);
+ snort::LogMessage(" seg_count: %d\n", trs.sos.seg_count);
+ snort::LogMessage(" seg_bytes_total: %d\n", trs.sos.seg_bytes_total);
+ snort::LogMessage(" seg_bytes_logical: %d\n", trs.sos.seg_bytes_logical);
}
uint32_t rack = ( rxd ) ? h->ack() - rxd : h->ack();
fprintf(stdout, "\n" FMTu64("-3") " %s=0x%02x Seq=%-4u Ack=%-4u Win=%-4hu Len=%-4hu%s\n",
//"\n" FMTu64("-3") " %s=0x%02x Seq=%-4u Ack=%-4u Win=%-4u Len=%-4u End=%-4u%s\n",
- get_packet_number(), flags, h->th_flags, rseq, rack, h->win(), p->dsize, order);
+ snort::get_packet_number(), flags, h->th_flags, rseq, rack, h->win(), p->dsize, order);
}
inline void TraceSession(const snort::Flow* lws)
#include "log/messages.h"
+using namespace snort;
+
static const char* const reassembly_policy_names[] =
{ "no policy", "first", "last", "linux", "old_linux", "bsd", "macos", "solaris", "irix",
"hpux11", "hpux10", "windows", "win_2003", "vista", "proxy" };
{ return proto > SNORT_PROTO_UDP; }
// A mapping between names and IDs.
+namespace snort
+{
class SO_PUBLIC ProtocolReference
{
public:
void init(ProtocolReference* old_proto_ref);
};
-
+}
#endif
static THREAD_LOCAL struct timeval s_recent_packet = { 0, 0 };
static THREAD_LOCAL uint32_t s_first_packet = 0;
+namespace snort
+{
+time_t packet_time()
+{
+ return s_recent_packet.tv_sec;
+}
+}
+
void packet_time_update(const struct timeval* cur_tv)
{
if ( !s_first_packet )
return s_first_packet;
}
-time_t packet_time()
-{
- return s_recent_packet.tv_sec;
-}
-
void packet_gettimeofday(struct timeval* tv)
{
*tv = s_recent_packet;
#include "main/snort_types.h"
-void packet_time_update(const struct timeval* cur_tv);
+namespace snort
+{
SO_PUBLIC time_t packet_time();
+}
+
+void packet_time_update(const struct timeval* cur_tv);
uint32_t packet_first_time();
void packet_gettimeofday(struct timeval* tv);
#include "util.h"
+namespace snort
+{
/****************************************************************
*
* Function: make_skip(char *, int)
return -1;
}
-
+}
#include "main/snort_types.h"
+namespace snort
+{
// FIXIT-M no associated resource destructor for make_skip & make_shift :(
SO_PUBLIC int* make_skip(const char*, int);
SO_PUBLIC int* make_shift(const char*, int);
SO_PUBLIC int mSearch(const char*, int, const char*, int, const int*, const int*);
SO_PUBLIC int mSearchCI(const char*, int, const char*, int, const int*, const int*);
-
+}
#endif
#include "util.h"
+namespace snort
+{
KMAP* KMapNew(KMapUserFreeFunc userfree)
{
KMAP* km = (KMAP*)snort_calloc(sizeof(KMAP));
return km->keynext->userdata;
}
+} //namespace snort
+
#ifdef KMAP_MAIN
/*
*
*/
+using namespace snort;
int main(int argc, char** argv)
{
int i,n=10;
int nocase;
} KMAP;
+namespace snort
+{
SO_PUBLIC KMAP* KMapNew(KMapUserFreeFunc userfree);
SO_PUBLIC void KMapDelete(KMAP* km);
SO_PUBLIC void* KMapFind(KMAP* km, void* key, int ksize);
SO_PUBLIC void* KMapFindFirst(KMAP* km);
SO_PUBLIC void* KMapFindNext(KMAP* km);
-
+}
#endif
#include "util.h"
-/*
-* private alloc
-*/
+// private alloc
static void* s_alloc(size_t n)
{
return snort_calloc(n);
snort_free(p);
}
-/*
-* INIT - called by the NEW functions
-*/
-void sflist_init(SF_LIST* s)
+namespace snort
{
- s->count=0;
- s->head = s->tail = nullptr;
-}
-
-/*
-* NEW
-*/
SF_LIST* sflist_new()
{
SF_LIST* s;
return s;
}
-SF_QUEUE* sfqueue_new()
+void sflist_init(SF_LIST* s)
{
- return (SF_QUEUE*)sflist_new();
+ s->count=0;
+ s->head = s->tail = nullptr;
}
-/*
-* Add-before Item
-*/
void sflist_add_before(SF_LIST* s, SF_LNODE* lnode, NODE_DATA ndata)
{
SF_LNODE* q;
}
}
-/*
-* ADD to List/Queue/Dictionary
-*/
-/*
-* Add-Head Item
-*/
void sflist_add_head(SF_LIST* s, NODE_DATA ndata)
{
SF_LNODE* q;
s->count++;
}
-/*
-* Add-Tail Item
-*/
void sflist_add_tail(SF_LIST* s, NODE_DATA ndata)
{
SF_LNODE* q;
s->count++;
}
-void sfqueue_add(SF_QUEUE* s, NODE_DATA ndata)
-{
- sflist_add_tail (s, ndata);
-}
-
-/*
-* List walk - First/Next - return the node data or NULL
-*/
NODE_DATA sflist_first(SF_LIST* s, SF_LNODE** v)
{
if ( !s )
return nullptr;
}
-/*
-* Remove Head Item from list
-*/
NODE_DATA sflist_remove_head(SF_LIST* s)
{
NODE_DATA ndata = nullptr;
return (NODE_DATA)ndata;
}
-/*
-* Remove tail Item from list
-*/
NODE_DATA sflist_remove_tail(SF_LIST* s)
{
NODE_DATA ndata = nullptr;
}
}
-/*
-* Remove Head Item from queue
-*/
-NODE_DATA sfqueue_remove(SF_QUEUE* s)
-{
- return (NODE_DATA)sflist_remove_head(s);
-}
-
-/*
-* COUNT
-*/
-int sfqueue_count(SF_QUEUE* s)
+int sflist_count(SF_LIST* s)
{
if (!s)
return 0;
return s->count;
}
-int sflist_count(SF_LIST* s)
+void sflist_free(SF_LIST* s)
{
- if (!s)
- return 0;
- return s->count;
+ while ( sflist_count(s) )
+ {
+ sflist_remove_head(s);
+ }
+ s_free(s);
}
-/*
-* Free List + Free it's data nodes using 'nfree'
-*/
void sflist_free_all(SF_LIST* s, void (* nfree)(void*) )
{
if (!s)
s_free(s);
}
-void sfqueue_free_all(SF_QUEUE* s,void (* nfree)(void*) )
-{
- sflist_free_all(s, nfree);
-}
-
void sflist_static_free_all(SF_LIST* s, void (* nfree)(void*) )
{
if (!s)
}
}
-/*
-* FREE List/Queue/Dictionary
-*
-* This does not free a nodes data
-*/
-void sflist_free(SF_LIST* s)
+}
+
+// ----- queue methods -----
+
+using namespace snort;
+
+SF_QUEUE* sfqueue_new()
{
- while ( sflist_count(s) )
- {
- sflist_remove_head(s);
- }
- s_free(s);
+ return (SF_QUEUE*)sflist_new();
}
+void sfqueue_add(SF_QUEUE* s, NODE_DATA ndata)
+{
+ sflist_add_tail (s, ndata);
+}
+
+
+NODE_DATA sfqueue_remove(SF_QUEUE* s)
+{
+ return (NODE_DATA)sflist_remove_head(s);
+}
+
+int sfqueue_count(SF_QUEUE* s)
+{
+ if (!s)
+ return 0;
+ return s->count;
+}
+
+void sfqueue_free_all(SF_QUEUE* s,void (* nfree)(void*) )
+{
+ sflist_free_all(s, nfree);
+}
+
+
// -----------------------------------------------------------------------------
// Linked List Interface
// -----------------------------------------------------------------------------
+namespace snort
+{
SO_PUBLIC SF_LIST* sflist_new();
SO_PUBLIC void sflist_init(SF_LIST*);
SO_PUBLIC void sflist_add_tail(SF_LIST*, NODE_DATA);
SO_PUBLIC void sflist_free(SF_LIST*);
SO_PUBLIC void sflist_free_all(SF_LIST*, void (* free)(void*) );
SO_PUBLIC void sflist_static_free_all(SF_LIST*, void (* nfree)(void*));
+}
// -----------------------------------------------------------------------------
// Queue Interface ( FIFO - First in, First out )
#include "util.h"
-using namespace snort;
-
#define STATS_SEPARATOR \
"--------------------------------------------------"
THREAD_LOCAL AuxCount aux_counts;
-THREAD_LOCAL PacketCount pc;
ProcessCount proc_stats;
-PegCount get_packet_number()
-{ return pc.total_from_daq; }
-
-//-------------------------------------------------------------------------
-
-double CalcPct(uint64_t cnt, uint64_t total)
+namespace snort
{
- double pct = 0.0;
- if (total == 0.0)
- {
- pct = (double)cnt;
- }
- else
- {
- pct = (double)cnt / (double)total;
- }
-
- pct *= 100.0;
+THREAD_LOCAL PacketCount pc;
- return pct;
-}
+PegCount get_packet_number()
+{ return pc.total_from_daq; }
//-------------------------------------------------------------------------
if ( d )
LogMessage(fh, "%25.25s: %g\n", s, d);
}
+}
+
+using namespace snort;
+
+//-------------------------------------------------------------------------
+
+double CalcPct(uint64_t cnt, uint64_t total)
+{
+ double pct = 0.0;
+
+ if (total == 0.0)
+ {
+ pct = (double)cnt;
+ }
+ else
+ {
+ pct = (double)cnt / (double)total;
+ }
+
+ pct *= 100.0;
+
+ return pct;
+}
//-------------------------------------------------------------------------
LogStat(s, c, pegs[0], stdout);
}
}
-
extern ProcessCount proc_stats;
extern THREAD_LOCAL AuxCount aux_counts;
-extern SO_PUBLIC THREAD_LOCAL PacketCount pc;
extern const PegInfo daq_names[];
extern const PegInfo pc_names[];
extern const PegInfo proc_names[];
+namespace snort
+{
+extern SO_PUBLIC THREAD_LOCAL PacketCount pc;
+
SO_PUBLIC PegCount get_packet_number();
SO_PUBLIC void LogLabel(const char*, FILE* = stdout);
SO_PUBLIC void LogStat(const char*, uint64_t n, uint64_t tot, FILE* = stdout);
SO_PUBLIC void LogStat(const char*, double, FILE* = stdout);
+}
void sum_stats(PegCount* sums, PegCount* counts, unsigned n);
void show_stats(PegCount*, const PegInfo*, const char* module_name = nullptr);
using namespace snort;
-char** protocol_names = nullptr;
-
/****************************************************************************
* Store interesting data in memory that would not otherwise be visible
* in a CORE(5) file
return line;
}
-char* snort_strndup(const char* src, size_t dst_size)
-{
- char* dup = (char*)snort_calloc(dst_size + 1);
-
- if ( SnortStrncpy(dup, src, dst_size + 1) == SNORT_STRNCPY_ERROR )
- {
- snort_free(dup);
- return nullptr;
- }
-
- return dup;
-}
-
-char* snort_strdup(const char* str)
-{
- assert(str);
- size_t n = strlen(str) + 1;
- char* p = (char*)snort_alloc(n);
- memcpy(p, str, n);
- return p;
-}
-
typedef char PathBuf[PATH_MAX+1];
static const char* CurrentWorkingDir(PathBuf& buf)
}
#endif
+namespace snort
+{
+char** protocol_names = nullptr;
+
const char* get_error(int errnum)
{
static THREAD_LOCAL char buf[128];
#endif
}
+char* snort_strndup(const char* src, size_t dst_size)
+{
+ char* dup = (char*)snort_calloc(dst_size + 1);
+
+ if ( SnortStrncpy(dup, src, dst_size + 1) == SNORT_STRNCPY_ERROR )
+ {
+ snort_free(dup);
+ return nullptr;
+ }
+
+ return dup;
+}
+
+char* snort_strdup(const char* str)
+{
+ assert(str);
+ size_t n = strlen(str) + 1;
+ char* p = (char*)snort_alloc(n);
+ memcpy(p, str, n);
+ return p;
+}
+
+}
+
+
(x)[8] = (y)[8]; (x)[9] = (y)[9]; (x)[10] = (y)[10]; (x)[11] = (y)[11]; \
(x)[12] = (y)[12]; (x)[13] = (y)[13]; (x)[14] = (y)[14]; (x)[15] = (y)[15];
-// FIXIT-M provide getter function to for standardized access into the protocol_names array
-SO_PUBLIC extern char** protocol_names;
-
void StoreSnortInfoStrings();
int DisplayBanner();
int gmt2local(time_t);
void SetNoCores();
#endif
-SO_PUBLIC char* snort_strdup(const char*);
-SO_PUBLIC char* snort_strndup(const char*, size_t);
-
inline void* snort_alloc(size_t sz)
{ return new uint8_t[sz]; }
#endif
}
+namespace snort
+{
+// FIXIT-M provide getter function to for standardized access into the protocol_names array
+SO_PUBLIC extern char** protocol_names;
+
SO_PUBLIC const char* get_error(int errnum);
+SO_PUBLIC char* snort_strdup(const char*);
+SO_PUBLIC char* snort_strndup(const char*, size_t);
+}
#endif
#include <cstdio>
#include <cstring>
+namespace snort
+{
/* Guaranteed to be '\0' terminated even if truncation occurs.
*
* returns SNORT_SNPRINTF_SUCCESS if successful
return len;
}
+}
+
#include "main/snort_types.h"
+namespace snort
+{
#define SNORT_SNPRINTF_SUCCESS 0
#define SNORT_SNPRINTF_TRUNCATION 1
#define SNORT_SNPRINTF_ERROR (-1)
return 0;
}
-
+}
#endif
#include "main/thread.h"
+namespace snort
+{
#define INVALID_HEX_VAL (-1)
#define MAX_BUF 8
#define NON_ASCII_CHAR 0xff
}*/
+}
#include "main/snort_types.h"
+namespace snort
+{
#define ALERT_SPACES_EXCEEDED 0x1
#define ALERT_LEVELS_EXCEEDED 0x2
#define ALERT_MIXED_ENCODINGS 0x4
SO_PUBLIC int JSNormalizeDecode(
const char*, uint16_t, char*, uint16_t destlen, const char**, int*, JSState*, uint8_t*);
-
+}
#endif
#include "util_unfold.h"
+namespace snort
+{
/* Given a string, removes header folding (\r\n followed by linear whitespace)
* and exits when the end of a header is found, defined as \n followed by a
* non-whitespace. This is especially helpful for HTML.
return(0);
}
+}
+
#include "main/snort_types.h"
+namespace snort
+{
SO_PUBLIC int sf_unfold_header(const uint8_t*, uint32_t, uint8_t*, uint32_t, uint32_t*, int, int*);
SO_PUBLIC int sf_strip_CRLF(const uint8_t*, uint32_t, uint8_t*, uint32_t, uint32_t*);
SO_PUBLIC int sf_strip_LWS(const uint8_t*, uint32_t, uint8_t*, uint32_t, uint32_t*);
-
+}
#endif
#define DSTATE_THIRD 2
#define DSTATE_FOURTH 3
+using namespace snort;
+
UtfDecodeSession::UtfDecodeSession()
{
init_decode_utf_state();
CharsetCode charset;
};
+namespace snort
+{
class SO_PUBLIC UtfDecodeSession
{
public:
bool DecodeUTF32BE(const uint8_t* src, unsigned int src_len, uint8_t* dst, unsigned int dst_len, int* bytes_copied);
void determine_charset(const uint8_t** src, unsigned int* src_len);
};
+}
+
#endif
projects / thirdparty / snort3.git / commitdiff
