// of FlowData items.
#include "detection/ips_context_chain.h"
+#include "flow/flow_stash.h"
#include "framework/data_bus.h"
#include "framework/decode_data.h"
#include "framework/inspector.h"
#include "protocols/layer.h"
#include "sfip/sf_ip.h"
#include "target_based/snort_protocols.h"
-#include "flow_stash.h"
#define SSNFLAG_SEEN_CLIENT 0x00000001
#define SSNFLAG_SEEN_SENDER 0x00000001
uint8_t response_count;
bool disable_inspect;
+ bool trigger_finalize_event;
private:
void clean();
#include "filters/rate_filter.h"
#include "filters/sfrf.h"
#include "filters/sfthreshold.h"
+#include "flow/flow.h"
#include "flow/ha.h"
#include "framework/data_bus.h"
#include "latency/packet_latency.h"
#include "packet_io/sfdaq_instance.h"
#include "packet_tracer/packet_tracer.h"
#include "profiler/profiler.h"
+#include "pub_sub/finalize_packet_event.h"
#include "side_channel/side_channel.h"
#include "stream/stream.h"
#include "time/packet_time.h"
if (verdict == DAQ_VERDICT_RETRY)
retry_queue->put(p->daq_msg);
else if ( !p->active->is_packet_held() )
+ {
+ // Publish an event if something has indicated that it wants the
+ // finalize event on this flow.
+ if (p->flow and p->flow->trigger_finalize_event)
+ {
+ FinalizePacketEvent event(p, verdict);
+ DataBus::publish(FINALIZE_PACKET_EVENT, event);
+ }
+
p->daq_instance->finalize_message(p->daq_msg, verdict);
+ }
}
void Analyzer::process_daq_pkt_msg(DAQ_Msg_h msg, bool retry)
set (PUB_SUB_INCLUDES
appid_events.h
expect_events.h
+ finalize_packet_event.h
http_events.h
sip_events.h
)
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2019-2019 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+// finalize_packet_event.h author Steve Chew <stechew@cisco.com>
+
+#ifndef FINALIZE_PACKET_EVENT_H
+#define FINALIZE_PACKET_EVENT_H
+
+// An event to indicate that the packet is about to be finalized (sent
+// back to the daq).
+
+#include <daq_common.h>
+
+#include "framework/data_bus.h"
+
+#define FINALIZE_PACKET_EVENT "analyzer.finalize.packet"
+
+namespace snort
+{
+
+class SO_PUBLIC FinalizePacketEvent : public snort::DataEvent
+{
+public:
+ FinalizePacketEvent(const snort::Packet* p, const DAQ_Verdict v) :
+ pkt(p), verdict(v)
+ {
+ }
+
+ const snort::Packet* get_packet() override
+ { return pkt; }
+
+ DAQ_Verdict get_verdict()
+ { return verdict; }
+
+private:
+ const snort::Packet* pkt;
+ const DAQ_Verdict verdict;
+};
+
+}
+
+#endif
//-------------------------------------------------------------------------
// length of given segment splitter (pass-thru)
-class LogSplitter : public StreamSplitter
+class SO_PUBLIC LogSplitter : public StreamSplitter
{
public:
LogSplitter(bool);
projects / thirdparty / snort3.git / commitdiff
