1. If you specify --include-path, this directory will be tried first.
2. Snort will try the directory containing the including file.
3. Snort will try the directory containing the -c configuration file.
+4. Snort will try the current working directory.
Some things to keep in mind:
unsigned SnortConfig::get_thread_reload_id()
{ return thread_snort_config.reload_id; }
+std::mutex SnortConfig::reload_id_mutex;
+
void SnortConfig::update_thread_reload_id()
-{ thread_snort_config.reload_id = thread_snort_config.snort_conf->reload_id; }
+{
+ std::lock_guard<std::mutex> reload_id_lock(reload_id_mutex);
+ thread_snort_config.reload_id = thread_snort_config.snort_conf->reload_id;
+}
void SnortConfig::set_conf(const SnortConfig* sc)
{
void SnortConfig::update_reload_id()
{
+ std::lock_guard<std::mutex> reload_id_lock(reload_id_mutex);
static unsigned reload_id_tracker = 0;
reload_id = ++reload_id_tracker;
}
DumpConfigType dump_config_type = DUMP_CONFIG_NONE;
private:
std::list<ReloadResourceTuner*> reload_tuners;
+ static std::mutex reload_id_mutex;
unsigned reload_id = 0;
static std::mutex static_names_mutex;
static std::unordered_map<std::string, std::string> static_names;
return valid_file(file, path);
}
+static bool relative_to_working_dir(const char* file, std::string& path)
+{
+ path = ".";
+ return valid_file(file, path);
+}
+
const char* get_config_file(const char* arg, std::string& file)
{
assert(arg);
if ( relative_to_config_dir(arg, file) )
return "C";
+ if ( relative_to_working_dir(arg, file) )
+ return "W";
+
return nullptr;
}
}
}
+const uint8_t* HttpEvent::get_uri_query(int32_t& length)
+{
+ return get_header(HttpEnums::HTTP_BUFFER_URI, HttpEnums::UC_QUERY, length);
+}
+
const uint8_t* HttpEvent::get_location(int32_t& length)
{
return get_header(HttpEnums::HTTP_BUFFER_HEADER, HttpEnums::HEAD_LOCATION,
const uint8_t* get_cookie(int32_t &length);
const uint8_t* get_authority(int32_t &length);
const uint8_t* get_uri_host(int32_t &length);
+ const uint8_t* get_uri_query(int32_t &length);
const uint8_t* get_location(int32_t &length);
const uint8_t* get_referer(int32_t &length);
const uint8_t* get_server(int32_t &length);
#include "http_request_body_event.h"
+#include "service_inspectors/http_inspect/http_field.h"
#include "service_inspectors/http_inspect/http_flow_data.h"
+#include "service_inspectors/http_inspect/http_msg_body.h"
+#include "service_inspectors/http_inspect/http_msg_header.h"
using namespace snort;
return nullptr;
}
+const uint8_t* HttpRequestBodyEvent::get_client_body(int32_t& length)
+{
+ if (http_msg_body)
+ {
+ const Field& body = http_msg_body->get_classic_client_body();
+
+ length = body.length();
+ return body.start();
+ }
+
+ length = 0;
+ return nullptr;
+}
+
bool HttpRequestBodyEvent::is_last_request_body_piece()
{
return last_piece;
}
+bool HttpRequestBodyEvent::is_mime() const
+{
+ if (http_msg_body)
+ {
+ HttpMsgHeader* header = http_msg_body->get_header(HttpCommon::SRC_CLIENT);
+
+ if (header)
+ return header->has_mime_boundary();
+ }
+
+ return false;
+}
+
int64_t HttpRequestBodyEvent::get_httpx_stream_id() const
{
return http_flow_data->get_hx_stream_id();
#define HTTP_REQUEST_BODY_EVENT_H
#include "framework/data_bus.h"
-#include "service_inspectors/http_inspect/http_enum.h"
-#include "service_inspectors/http_inspect/http_field.h"
-#include "service_inspectors/http_inspect/http_msg_body.h"
#include "http_event_ids.h"
+class HttpMsgBody;
class HttpFlowData;
namespace snort
{ }
const uint8_t* get_request_body_data(int32_t& length, int32_t& offset);
+ const uint8_t* get_client_body(int32_t& length);
bool is_last_request_body_piece();
+ bool is_mime() const;
int64_t get_httpx_stream_id() const;
private:
- const HttpMsgBody* const http_msg_body;
+ HttpMsgBody* const http_msg_body;
const int32_t msg_offset;
const bool last_piece;
HttpFlowData* const http_flow_data;
void HttpMsgBody::clean_partial(uint32_t&, uint32_t&, uint8_t*&, uint32_t&) {}
void HttpMsgBody::bookkeeping_regular_flush(uint32_t&, uint8_t*&, uint32_t&, int32_t) {}
bool HttpMsgBody::run_detection(snort::Packet*) { return true; }
+const Field& HttpMsgBody::get_classic_client_body() { return classic_client_body; }
void HttpMsgBody::clear() {}
void HttpMsgSection::clear() {}
#ifdef REG_TEST
"of preference as defined" },
{ "request_body_app_detection", Parameter::PT_BOOL, nullptr, "true",
- "make HTTP/2 request message bodies available for application detection "
- "(detection requires AppId)" },
+ "make HTTP request message bodies available for application detection "
+ "(AppId) and other inspectors" },
{ "allowed_methods", Parameter::PT_STRING, nullptr, nullptr,
"list of allowed methods" },
// body
session_data->detect_depth_remaining[source_id] = INT64_MAX;
}
- if ((source_id == SRC_CLIENT) and params->publish_request_body and session_data->for_httpx)
+ if ((source_id == SRC_CLIENT) and params->publish_request_body)
{
session_data->publish_octets[source_id] = 0;
session_data->publish_depth_remaining[source_id] = REQUEST_PUBLISH_DEPTH;
{
if (boundary_present(content_type))
{
+ mime_boundary_found = true;
+
// Generate the unique file id for multi file processing
set_multi_file_processing_id(get_transaction_id(), session_data->get_hx_stream_id());
const Field& get_true_ip_addr();
int32_t get_num_cookies();
+ bool has_mime_boundary() const
+ { return mime_boundary_found; }
+
// The multi_file_processing_id is unique for each file transferred within a single connection
// and is used by file processing to store partially processed file contexts in the flow data.
void set_multi_file_processing_id(const uint64_t transaction_id, const uint32_t stream_id);
// Dummy configurations to support MIME processing
snort::MailLogConfig mime_conf;
+ bool mime_boundary_found = false;
+
Field true_ip;
Field true_ip_addr;
int32_t num_cookies = HttpCommon::STAT_NOT_COMPUTE;
#include "catch/snort_catch.h"
#endif
+#ifdef _WIN32
+#define STAT _stat
+#else
+#define STAT stat
+#endif
+
+#ifdef _WIN32
+#define ISREG(m) (((m) & _S_IFMT) == _S_IFREG)
+#else
+#define ISREG(m) S_ISREG(m)
+#endif
+
using namespace snort;
/****************************************************************************
return seed;
}
+bool get_file_size(const std::string& path, size_t& size)
+{
+ struct STAT sb;
+
+ if (STAT(path.c_str(), &sb))
+ return false;
+
+ if (!ISREG(sb.st_mode))
+ return false;
+
+ if (sb.st_size < 0)
+ return false;
+
+ size = static_cast<size_t>(sb.st_size);
+ return true;
+}
+
#if defined(NOCOREFILE)
void SetNoCores()
{
bool EnterChroot(std::string& root_dir, std::string& log_dir);
void InitProtoNames();
unsigned int get_random_seed();
+bool get_file_size(const std::string&, size_t&);
#if defined(NOCOREFILE)
void SetNoCores();
projects / thirdparty / snort3.git / commitdiff
