} // anonymous namespace
void AuthCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::AUTH); }
+{ v.emplace_back(ProtocolId::AUTH); }
bool AuthCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
{
void BadProtocalCodec::get_protocol_ids(std::vector<ProtocolId>& proto_ids)
{
- proto_ids.push_back(ProtocolId::SWIPE);
- proto_ids.push_back(ProtocolId::MOBILITY);
- proto_ids.push_back(ProtocolId::SUN_ND);
- proto_ids.push_back(ProtocolId::PIM);
+ proto_ids.emplace_back(ProtocolId::SWIPE);
+ proto_ids.emplace_back(ProtocolId::MOBILITY);
+ proto_ids.emplace_back(ProtocolId::SUN_ND);
+ proto_ids.emplace_back(ProtocolId::PIM);
}
bool BadProtocalCodec::decode(const RawData&, CodecData& codec, DecodeData&)
}
void Ipv6DSTOptsCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::DSTOPTS); }
+{ v.emplace_back(ProtocolId::DSTOPTS); }
//-------------------------------------------------------------------------
// api
} // anonymous namespace
void EspCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::ESP); }
+{ v.emplace_back(ProtocolId::ESP); }
/*
* Attempt to decode Encapsulated Security Payload.
}
void Ipv6FragCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::FRAGMENT); }
+{ v.emplace_back(ProtocolId::FRAGMENT); }
void Ipv6FragCodec::log(TextLog* const text_log, const uint8_t* raw_pkt,
const uint16_t /*lyr_len*/)
} // anonymous namespace
void GreCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::GRE); }
+{ v.emplace_back(ProtocolId::GRE); }
/*
* see RFCs 1701, 2784 and 2637
void Ipv6HopOptsCodec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::HOPOPTS);
+ v.emplace_back(ProtocolId::HOPOPTS);
}
//-------------------------------------------------------------------------
} // namespace
void Icmp4Codec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::ICMPV4); }
+{ v.emplace_back(ProtocolId::ICMPV4); }
bool Icmp4Codec::decode(const RawData& raw, CodecData& codec,DecodeData& snort)
{
} // anonymous namespace
void Icmp6Codec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::ICMPV6); }
+{ v.emplace_back(ProtocolId::ICMPV6); }
bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
{
void IgmpCodec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::IGMP);
+ v.emplace_back(ProtocolId::IGMP);
}
//-------------------------------------------------------------------------
void Ipv4Codec::get_data_link_type(std::vector<int>& v)
{
- v.push_back(DLT_IPV4);
+ v.emplace_back(DLT_IPV4);
}
void Ipv4Codec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::ETHERTYPE_IPV4);
- v.push_back(ProtocolId::IPIP);
+ v.emplace_back(ProtocolId::ETHERTYPE_IPV4);
+ v.emplace_back(ProtocolId::IPIP);
}
bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
void Ipv6Codec::get_data_link_type(std::vector<int>& v)
{
- v.push_back(DLT_IPV6);
+ v.emplace_back(DLT_IPV6);
}
void Ipv6Codec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::ETHERTYPE_IPV6);
- v.push_back(ProtocolId::IPV6);
+ v.emplace_back(ProtocolId::ETHERTYPE_IPV6);
+ v.emplace_back(ProtocolId::IPV6);
}
bool Ipv6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
void MobilityCodec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::MOBILITY_IPV6);
+ v.emplace_back(ProtocolId::MOBILITY_IPV6);
}
bool MobilityCodec::decode(const RawData& raw, CodecData& codec, DecodeData&)
}
void Ipv6NoNextCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::NONEXT); }
+{ v.emplace_back(ProtocolId::NONEXT); }
//-------------------------------------------------------------------------
// api
void PgmCodec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::PGM);
+ v.emplace_back(ProtocolId::PGM);
}
//-------------------------------------------------------------------------
} // namespace
void Ipv6RoutingCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::ROUTING); }
+{ v.emplace_back(ProtocolId::ROUTING); }
bool Ipv6RoutingCodec::decode(const RawData& raw, CodecData& codec, DecodeData&)
{
void TcpCodec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::TCP);
+ v.emplace_back(ProtocolId::TCP);
}
bool TcpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
void UdpCodec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::UDP);
+ v.emplace_back(ProtocolId::UDP);
}
bool UdpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
void ArpCodec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::ETHERTYPE_ARP);
- v.push_back(ProtocolId::ETHERTYPE_REVARP);
+ v.emplace_back(ProtocolId::ETHERTYPE_ARP);
+ v.emplace_back(ProtocolId::ETHERTYPE_REVARP);
}
bool ArpCodec::decode(const RawData& raw, CodecData& codec, DecodeData&)
} // namespace
void CiscoMetaDataCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::ETHERTYPE_CISCO_META); }
+{ v.emplace_back(ProtocolId::ETHERTYPE_CISCO_META); }
bool CiscoMetaDataCodec::decode(const RawData& raw, CodecData& codec, DecodeData&)
{
} // namespace
void Erspan2Codec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::ETHERTYPE_ERSPAN_TYPE2); }
+{ v.emplace_back(ProtocolId::ETHERTYPE_ERSPAN_TYPE2); }
bool Erspan2Codec::decode(const RawData& raw, CodecData& codec, DecodeData&)
{
} // anonymous namespace
void Erspan3Codec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::ETHERTYPE_ERSPAN_TYPE3); }
+{ v.emplace_back(ProtocolId::ETHERTYPE_ERSPAN_TYPE3); }
bool Erspan3Codec::decode(const RawData& raw, CodecData& codec, DecodeData&)
{
} // anonymous namespace
void FabricPathCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::ETHERTYPE_FPATH); }
+{ v.emplace_back(ProtocolId::ETHERTYPE_FPATH); }
bool FabricPathCodec::decode(const RawData& raw, CodecData& codec, DecodeData&)
{
void MplsCodec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::ETHERTYPE_MPLS_UNICAST);
- v.push_back(ProtocolId::ETHERTYPE_MPLS_MULTICAST);
- v.push_back(ProtocolId::MPLS_IP);
+ v.emplace_back(ProtocolId::ETHERTYPE_MPLS_UNICAST);
+ v.emplace_back(ProtocolId::ETHERTYPE_MPLS_MULTICAST);
+ v.emplace_back(ProtocolId::MPLS_IP);
}
bool MplsCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
} // namespace
void PppEncap::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::ETHERTYPE_PPP); }
+{ v.emplace_back(ProtocolId::ETHERTYPE_PPP); }
bool PppEncap::decode(const RawData& raw, CodecData& codec, DecodeData&)
{
PPPoEDiscCodec() : PPPoECodec(CD_PPPOEPKT_DISC_NAME, PppoepktType::DISCOVERY) { }
void get_protocol_ids(std::vector<ProtocolId>& v) override
- { v.push_back(ProtocolId::ETHERTYPE_PPPOE_DISC); }
+ { v.emplace_back(ProtocolId::ETHERTYPE_PPPOE_DISC); }
};
class PPPoESessCodec : public PPPoECodec
PPPoESessCodec() : PPPoECodec(CD_PPPOEPKT_SESS_NAME, PppoepktType::SESSION) { }
void get_protocol_ids(std::vector<ProtocolId>& v) override
- { v.push_back(ProtocolId::ETHERTYPE_PPPOE_SESS); }
+ { v.emplace_back(ProtocolId::ETHERTYPE_PPPOE_SESS); }
};
} // namespace
} // anonymous namespace
void TransbridgeCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::ETHERTYPE_TRANS_ETHER_BRIDGING); }
+{ v.emplace_back(ProtocolId::ETHERTYPE_TRANS_ETHER_BRIDGING); }
bool TransbridgeCodec::decode(const RawData& raw, CodecData& codec, DecodeData&)
{
void VlanCodec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::ETHERTYPE_8021Q);
- v.push_back(ProtocolId::ETHERTYPE_8021AD);
- v.push_back(ProtocolId::ETHERTYPE_QINQ_NS1);
- v.push_back(ProtocolId::ETHERTYPE_QINQ_NS2);
+ v.emplace_back(ProtocolId::ETHERTYPE_8021Q);
+ v.emplace_back(ProtocolId::ETHERTYPE_8021AD);
+ v.emplace_back(ProtocolId::ETHERTYPE_QINQ_NS1);
+ v.emplace_back(ProtocolId::ETHERTYPE_QINQ_NS2);
}
bool VlanCodec::decode(const RawData& raw, CodecData& codec, DecodeData&)
DefaultCodec() : Codec(CD_DEFAULT_NAME) { }
void get_protocol_ids(std::vector<ProtocolId>& v) override
- { v.push_back(ProtocolId::FINISHED_DECODE); }
+ { v.emplace_back(ProtocolId::FINISHED_DECODE); }
bool decode(const RawData&, CodecData&, DecodeData&) override
{ return false; }
void GtpCodec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::GTP);
+ v.emplace_back(ProtocolId::GTP);
}
bool GtpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& dd)
} // namespace
void Icmp4IpCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::IP_EMBEDDED_IN_ICMP4); }
+{ v.emplace_back(ProtocolId::IP_EMBEDDED_IN_ICMP4); }
bool Icmp4IpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
{
} // namespace
void Icmp6IpCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::IP_EMBEDDED_IN_ICMP6); }
+{ v.emplace_back(ProtocolId::IP_EMBEDDED_IN_ICMP6); }
bool Icmp6IpCodec::decode(const RawData& raw, CodecData& codec, DecodeData&)
{
} // namespace
void LlcCodec::get_protocol_ids(std::vector<ProtocolId>& v)
-{ v.push_back(ProtocolId::ETHERNET_LLC); }
+{ v.emplace_back(ProtocolId::ETHERNET_LLC); }
bool LlcCodec::decode(const RawData& raw, CodecData& codec, DecodeData&)
{
void TeredoCodec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::TEREDO);
+ v.emplace_back(ProtocolId::TEREDO);
}
bool TeredoCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
void UserCodec::get_data_link_type(std::vector<int>& v)
{
- v.push_back(DLT_USER);
+ v.emplace_back(DLT_USER);
}
static void set_ip(const DAQ_UsrHdr_t* pci, CodecData& codec, DecodeData& snort)
void EthCodec::get_data_link_type(std::vector<int>& v)
{
- v.push_back(DLT_PPP_ETHER);
- v.push_back(DLT_EN10MB);
+ v.emplace_back(DLT_PPP_ETHER);
+ v.emplace_back(DLT_EN10MB);
}
void EthCodec::get_protocol_ids(std::vector<ProtocolId>& v)
{
- v.push_back(ProtocolId::ETHERNET_802_3);
+ v.emplace_back(ProtocolId::ETHERNET_802_3);
}
bool EthCodec::decode(const RawData& raw, CodecData& codec, DecodeData&)
void RawCodec::get_data_link_type(std::vector<int>& v)
{
- v.push_back(DLT_RAW);
+ v.emplace_back(DLT_RAW);
}
//-------------------------------------------------------------------------
{
if (idx != 0)
{
- config_set->push_back(config);
+ config_set->emplace_back(config);
config = nullptr;
}
{
if (idx != 0)
{
- config_set->push_back(config);
+ config_set->emplace_back(config);
config = nullptr;
}
static std::vector<IdleHook> s_idle_handlers;
void IdleProcessing::register_handler(IdleHook f)
-{ s_idle_handlers.push_back(f); }
+{ s_idle_handlers.emplace_back(f); }
void IdleProcessing::execute()
{
void ContextSwitcher::push(IpsContext* c)
{
c->set_slot(idle.size() + 1);
- idle.push_back(c);
+ idle.emplace_back(c);
}
IpsContext* ContextSwitcher::pop()
assert(!idle.empty());
trace_logf(detection, TRACE_DETECTION_ENGINE, "(wire) %" PRIu64 " cs::start %u (i=%zu, b=%zu)\n",
get_packet_number(), idle.back()->get_slot(), idle.size(), busy.size());
- busy.push_back(idle.back());
+ busy.emplace_back(idle.back());
idle.pop_back();
}
assert(busy.size() == 1);
trace_logf(detection, TRACE_DETECTION_ENGINE, "(wire) %" PRIu64 " cs::stop %u (i=%zu, b=%zu)\n",
get_packet_number(), busy.back()->get_slot(), idle.size(), busy.size());
- idle.push_back(busy.back());
+ idle.emplace_back(busy.back());
busy.pop_back();
}
trace_logf(detection, TRACE_DETECTION_ENGINE, "%" PRIu64 " cs::abort hold",
hold[i]->packet_number);
- idle.push_back(hold[i]);
+ idle.emplace_back(hold[i]);
hold[i] = nullptr;
}
}
trace_logf(detection, TRACE_DETECTION_ENGINE, "%" PRIu64 " cs::abort busy",
busy[0]->packet_number);
- idle.push_back(busy.back());
+ idle.emplace_back(busy.back());
busy.pop_back();
}
}
assert(!idle.empty());
trace_logf(detection, TRACE_DETECTION_ENGINE, "%" PRIu64 " cs::interrupt %u (i=%zu, b=%zu)\n",
idle.back()->packet_number, idle.back()->get_slot(), idle.size(), busy.size());
- busy.push_back(idle.back());
+ busy.emplace_back(idle.back());
idle.pop_back();
return busy.back();
}
c->packet_number, busy.back()->get_slot(), idle.size(), busy.size());
c->clear_context_data();
- idle.push_back(c);
+ idle.emplace_back(c);
busy.pop_back();
return busy.empty() ? nullptr : busy.back();
}
assert(slot <= hold.capacity());
trace_logf(detection, TRACE_DETECTION_ENGINE, "%" PRIu64 " cs::resume %u (i=%zu, b=%zu)\n",
hold[slot]->packet_number, slot, idle.size(), busy.size());
- busy.push_back(hold[slot]);
+ busy.emplace_back(hold[slot]);
hold[slot] = nullptr;
}
r.data = s;
r.offset = off;
- Snort::get_switcher()->get_context()->rpl.push_back(r);
+ Snort::get_switcher()->get_context()->rpl.emplace_back(r);
}
bool DetectionEngine::get_replacement(std::string& s, unsigned& off)
// Add alternate pattern
PatternMatchData* alt_pmd = ofl->ips_opt->get_alternate_pattern();
if (alt_pmd)
- pmds.push_back(alt_pmd);
+ pmds.emplace_back(alt_pmd);
// Add main pattern last
- pmds.push_back(best.pmd);
+ pmds.emplace_back(best.pmd);
}
}
{ NONE, NON_CONTENT, CONTENT };
void register_post_callback(Callback callback)
- { post_callbacks.push_back(callback); }
+ { post_callbacks.emplace_back(callback); }
void clear_callbacks()
{ post_callbacks.clear(); }
{
RegexRequest* req = new RegexRequest;
req->thread = new std::thread(worker, req);
- idle.push_back(req);
+ idle.emplace_back(req);
}
}
RegexRequest* req = idle.front();
idle.pop_front(); // FIXIT-H use splice to move instead
- busy.push_back(req);
+ busy.emplace_back(req);
std::unique_lock<std::mutex> lock(req->mutex);
req->packet = nullptr;
busy.pop_front(); // FIXIT-H use splice to move instead
- idle.push_back(req);
+ idle.emplace_back(req);
return true;
}
rule_number_t rn(gid, sid);
int index = rim->map.size();
- rim->map.push_back(rn);
+ rim->map.emplace_back(rn);
//printf("RuleIndexMapping: index=%d gid=%u sid=%u\n",index,gid,sid);
return index;
void* ret = snort_calloc(size);
memory_used += size;
/*For memory management*/
- id_memory_blocks.push_back(ret);
+ id_memory_blocks.emplace_back(ret);
return ret;
}
FileMagicRule rule;
rule.type = "pdf";
- rule.file_magics.push_back(magic);
+ rule.file_magics.emplace_back(magic);
rule.id = 1;
FileIdentifier rc;
FileMagicRule rule;
rule.type = "pdf";
- rule.file_magics.push_back(magic);
+ rule.file_magics.emplace_back(magic);
rule.id = 1;
FileIdentifier rc;
FileMagicRule rule;
rule.type = "exe";
- rule.file_magics.push_back(magic);
+ rule.file_magics.emplace_back(magic);
rule.id = 1;
FileIdentifier rc;
rule.clear();
rule.type = "exe";
- rule.file_magics.push_back(magic);
+ rule.file_magics.emplace_back(magic);
rule.id = 3;
rc.insert_file_rule(rule);
FileMagicRule rule;
rule.type = "exe";
- rule.file_magics.push_back(magic);
+ rule.file_magics.emplace_back(magic);
rule.id = 1;
FileIdentifier rc;
rule.clear();
rule.type = "exe";
- rule.file_magics.push_back(magic);
+ rule.file_magics.emplace_back(magic);
rule.id = 3;
rc.insert_file_rule(rule);
FileMagicRule rule;
rule.type = "exe";
- rule.file_magics.push_back(magic);
+ rule.file_magics.emplace_back(magic);
rule.id = 1;
FileIdentifier rc;
rule.clear();
rule.type = "exe";
- rule.file_magics.push_back(magic);
+ rule.file_magics.emplace_back(magic);
rule.id = 3;
rc.insert_file_rule(rule);
std::string tmpstr;
while(std::getline(stream, tmpstr, ','))
{
- rule.groups.push_back(tmpstr);
+ rule.groups.emplace_back(tmpstr);
}
}
else if ( !strcmp(fqn, "file_id.file_rules.magic") )
{
fc->process_file_magic(magic);
- rule.file_magics.push_back(magic);
+ rule.file_magics.emplace_back(magic);
}
else if ( !strcmp(fqn, "file_id.file_policy") )
{
void FilePolicy::insert_file_rule(FileRule& rule)
{
- file_rules.push_back(rule);
+ file_rules.emplace_back(rule);
if (!rule.when.sha256.empty())
{
if (new_expect_flow)
{
// chain all expected flows created by this packet
- packet_expect_flows->push_back(last);
+ packet_expect_flows->emplace_back(last);
ExpectEvent event(ctrlPkt, last, fd);
DataBus::publish(EXPECT_EVENT_TYPE_EARLY_SESSION_CREATE_KEY, event, ctrlPkt->flow);
unsigned inspection_policy_id;
unsigned ips_policy_id;
unsigned network_policy_id;
+ unsigned reputation_id;
uint16_t client_port;
uint16_t server_port;
con.cache->push(con.mem + i);
con.get_ssn = get_ssn;
- types.push_back(type);
+ types.emplace_back(type);
}
// FIXIT-P apply more filtering logic here, eg require_3whs
void DataBus::_subscribe(const char* key, DataHandler* h)
{
DataList& v = map[key];
- v.push_back(h);
+ v.emplace_back(h);
}
void DataBus::_unsubscribe(const char* key, DataHandler* h)
while ( pos != string::npos )
{
if ( last != pos )
- strs.push_back(txt.substr(last, pos - last));
+ strs.emplace_back(txt.substr(last, pos - last));
last = txt.find_first_not_of(delim, pos + 1);
pos = txt.find_first_of(delim, last);
// add the last one
if ( last != string::npos )
- strs.push_back(txt.substr(last, min(pos, txt.size()) - last));
+ strs.emplace_back(txt.substr(last, min(pos, txt.size()) - last));
return strs.size();
}
for (auto& entry : list )
{
- vec.push_back(entry);
+ vec.emplace_back(entry);
}
return vec;
return true;
}
}
- services.push_back(svc);
+ services.emplace_back(svc);
return true;
}
fields.clear();
while ( v.get_next_token(tok) )
- fields.push_back(csv_func[Parameter::index(csv_range, tok.c_str())]);
+ fields.emplace_back(csv_func[Parameter::index(csv_range, tok.c_str())]);
}
else if ( v.is("limit") )
v.set_first_token();
while ( v.get_next_token(tok) )
- fields.push_back(csv_func[Parameter::index(csv_range, tok.c_str())]);
+ fields.emplace_back(csv_func[Parameter::index(csv_range, tok.c_str())]);
}
return true;
}
{
unsigned id = ins->get_buf_id(key);
assert(id);
- ids.push_back(id);
+ ids.emplace_back(id);
}
}
fields.clear();
while ( v.get_next_token(tok) )
- fields.push_back(json_func[Parameter::index(json_range, tok.c_str())]);
+ fields.emplace_back(json_func[Parameter::index(json_range, tok.c_str())]);
}
else if ( v.is("limit") )
v.set_first_token();
while ( v.get_next_token(tok) )
- fields.push_back(json_func[Parameter::index(json_range, tok.c_str())]);
+ fields.emplace_back(json_func[Parameter::index(json_range, tok.c_str())]);
}
return true;
}
bool SfSocketModule::end(const char* fqn, int, SnortConfig*)
{
if ( !strcmp(fqn, "alert_sfsocket.rules") )
- rulez.push_back(rule);
+ rulez.emplace_back(rule);
return true;
}
void ControlMgmt::add_control(int fd, bool local)
{
- controls.push_back(new ControlConn(fd, local));
+ controls.emplace_back(new ControlConn(fd, local));
}
bool ControlMgmt::find_control(int fd, std::vector<ControlConn*>::iterator& control)
{
if ( i == 0 )
{
- inspection_policy.push_back(new InspectionPolicy(other_map->inspection_policy[i]));
+ inspection_policy.emplace_back(new InspectionPolicy(other_map->inspection_policy[i]));
}
else
- inspection_policy.push_back(other_map->inspection_policy[i]);
+ inspection_policy.emplace_back(other_map->inspection_policy[i]);
}
shell_map = other_map->shell_map;
unsigned PolicyMap::add_inspection_shell(Shell* sh)
{
unsigned idx = inspection_policy.size();
- shells.push_back(sh);
- inspection_policy.push_back(new InspectionPolicy(idx));
+ shells.emplace_back(sh);
+ inspection_policy.emplace_back(new InspectionPolicy(idx));
shell_map[sh] = std::make_shared<PolicyTuple>(inspection_policy.back(), nullptr, nullptr);
return idx;
unsigned PolicyMap::add_ips_shell(Shell* sh)
{
unsigned idx = ips_policy.size();
- shells.push_back(sh);
- ips_policy.push_back(new IpsPolicy(idx));
+ shells.emplace_back(sh);
+ ips_policy.emplace_back(new IpsPolicy(idx));
shell_map[sh] = std::make_shared<PolicyTuple>(nullptr, ips_policy.back(), nullptr);
return idx;
}
unsigned PolicyMap::add_network_shell(Shell* sh)
{
unsigned idx = network_policy.size();
- shells.push_back(sh);
- network_policy.push_back(new NetworkPolicy(idx));
+ shells.emplace_back(sh);
+ network_policy.emplace_back(new NetworkPolicy(idx));
shell_map[sh] = std::make_shared<PolicyTuple>(nullptr, nullptr, network_policy.back());
return idx;
}
std::shared_ptr<PolicyTuple> PolicyMap::add_shell(Shell* sh)
{
- shells.push_back(sh);
- inspection_policy.push_back(new InspectionPolicy(inspection_policy.size()));
- ips_policy.push_back(new IpsPolicy(ips_policy.size()));
- network_policy.push_back(new NetworkPolicy(network_policy.size()));
+ shells.emplace_back(sh);
+ inspection_policy.emplace_back(new InspectionPolicy(inspection_policy.size()));
+ ips_policy.emplace_back(new IpsPolicy(ips_policy.size()));
+ network_policy.emplace_back(new NetworkPolicy(network_policy.size()));
return shell_map[sh] = std::make_shared<PolicyTuple>(inspection_policy.back(),
ips_policy.back(), network_policy.back());
void SnortConfig::add_script_path(const char* path)
{
if (path)
- script_paths.push_back(path);
+ script_paths.emplace_back(path);
}
void SnortConfig::set_alert_mode(const char* val)
SO_PUBLIC int SnortConfig::request_scratch(ScScratchFunc setup, ScScratchFunc cleanup)
{
- scratch_handlers.push_back(std::make_pair(setup, cleanup));
+ scratch_handlers.emplace_back(std::make_pair(setup, cleanup));
// We return an index that the caller uses to reference their per thread
// scratch space
if ( api->pinit )
api->pinit();
- s_actors.push_back(a);
+ s_actors.emplace_back(a);
}
void ActionManager::release_plugins()
wrap.api = api;
wrap.init = false;
- s_codecs.push_back(wrap);
+ s_codecs.emplace_back(wrap);
}
void CodecManager::release_plugins()
assert(conn.second->thread_connectors.count(tid) == 0);
Connector* connector = sc.api->tinit(conn.second->config);
- std::pair<pid_t, Connector*> element (tid, std::move(connector));
- conn.second->thread_connectors.insert(element);
+ conn.second->thread_connectors.emplace(tid, std::move(connector));
}
}
}
{
ConnectorElem* connector_elem = new ConnectorElem;
connector_elem->config = &*cfg;
- std::pair<std::string, ConnectorElem*> element (cfg->connector_name, std::move(connector_elem));
- c.connectors.insert(element);
+ c.connectors.emplace(cfg->connector_name, std::move(connector_elem));
}
- s_connector_commons.push_back(c);
+ s_connector_commons.emplace_back(c);
}
{
// can't assert - alert_sf_socket operates differently
//assert(api->flags & (OUTPUT_TYPE_FLAG__ALERT | OUTPUT_TYPE_FLAG__LOG));
- s_outputs.push_back(new Output(api));
+ s_outputs.emplace_back(new Output(api));
}
void EventManager::release_plugins()
if ( !*ofn )
*ofn = new OutputSet;
- (*ofn)->outputs.push_back(eh);
+ (*ofn)->outputs.emplace_back(eh);
}
void EventManager::copy_outputs(OutputSet* dst, OutputSet* src)
assert(p->handler);
p->handler->set_api(p->api);
- s_loggers.outputs.push_back(p->handler);
+ s_loggers.outputs.emplace_back(p->handler);
}
// command line outputs
if ( p->handler )
{
// configured by conf
- s_loggers.outputs.push_back(p->handler);
+ s_loggers.outputs.emplace_back(p->handler);
return;
}
Module* mod = ModuleManager::get_default_module(name, sc);
void InspectorManager::add_plugin(const InspectApi* api)
{
PHGlobal* g = new PHGlobal(*api);
- s_handlers.push_back(g);
+ s_handlers.emplace_back(g);
}
static const InspectApi* get_plugin(const char* keyword)
else
p->set_reloaded(RELOAD_TYPE_NEW);
}
- fp->ilist.push_back(p);
+ fp->ilist.emplace_back(p);
return p;
}
continue;
if ( p->handler->get_api()->type == IT_PASSIVE )
- s_trash2.push_back(p->handler);
+ s_trash2.emplace_back(p->handler);
else
- s_trash.push_back(p->handler);
+ s_trash.emplace_back(p->handler);
delete p;
}
p->initialized = true;
}
PHClass* ppc = new PHClass(p->api);
- fc->clist.push_back(ppc);
+ fc->clist.emplace_back(ppc);
return ppc;
}
return nullptr;
void IpsManager::add_plugin(const IpsApi* api)
{
- s_options.push_back(new Option(api));
+ s_options.emplace_back(new Option(api));
}
void IpsManager::release_plugins()
void ModuleManager::add_module(Module* m, const BaseApi* b)
{
ModHook* mh = new ModHook(m, b);
- s_modules.push_back(mh);
+ s_modules.emplace_back(mh);
Profiler::register_module(m);
list<Module*> ret;
for ( auto& m : s_modules )
- ret.push_back(m->mod);
+ ret.emplace_back(m->mod);
return ret;
}
void MpseManager::add_plugin(const MpseApi* api)
{
- s_engines.push_back(api);
+ s_engines.emplace_back(api);
}
void MpseManager::release_plugins()
}
if ( type == IpsLuaApi::type )
- lua_api.push_back(new IpsLuaApi(name, chunk, ver));
+ lua_api.emplace_back(new IpsLuaApi(name, chunk, ver));
else if ( type == LogLuaApi::type )
- lua_api.push_back(new LogLuaApi(name, chunk, ver));
+ lua_api.emplace_back(new LogLuaApi(name, chunk, ver));
#ifdef PIGLET
else if ( type == "piglet" )
base_api.clear();
for ( auto p : lua_api )
- base_api.push_back(p->get_base());
+ base_api.emplace_back(p->get_base());
- base_api.push_back(nullptr);
+ base_api.emplace_back(nullptr);
return (const BaseApi**)&base_api[0];
}
void SoManager::add_plugin(const SoApi* api)
{
- s_rules.push_back(api);
+ s_rules.emplace_back(api);
}
void SoManager::release_plugins()
AFElement val;
val.forecast = forecast;
val.target = target;
- if (false == AF_indicators.insert({indicator, val}).second)
+ if (false == AF_indicators.emplace(indicator, val).second)
ErrorMessage("LuaDetectorApi:Failed to add AFElement for appId %d", indicator);
}
{
const snort::SfIp* src = dir ? p->ptrs.ip_api.get_dst() : p->ptrs.ip_api.get_src();
- for (int i = 0; i < 4; i++)
- master_key.ip[i] = src->get_ip6_ptr()[i];
+ memcpy(master_key.ip, src->get_ip6_ptr(), sizeof(master_key.ip));
master_key.forecast = forecast;
}
uint8_t* const pattern, unsigned size, unsigned nocase)
{
AppIdPatternMatchNode* pd = new AppIdPatternMatchNode(detector, position, size);
- pattern_data.push_back(pd);
+ pattern_data.emplace_back(pd);
st->add((const char*)pattern, size, pd, nocase);
}
asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
asd.client_disco_state = APPID_DISCO_STATE_FINISHED;
asd.set_session_flags(APPID_SESSION_SERVICE_DETECTED);
-#ifdef ENABLE_THIRD_PARTY_APPID
+#ifdef ENABLE_APPID_THIRD_PARTY
if (asd.tpsession)
asd.tpsession->reset();
#endif
if ((p->packet_flags & PKT_STREAM_ORDER_BAD) ||
(p->dsize && !(p->packet_flags & (PKT_STREAM_ORDER_OK | PKT_REBUILT_STREAM))))
{
- asd->set_session_flags(APPID_SESSION_OOO);
+ asd->set_session_flags(APPID_SESSION_OOO | APPID_SESSION_OOO_CHECK_TP);
if (appidDebug->is_active())
LogMessage("AppIdDbg %s Packet out-of-order, %s%sflow\n",
appidDebug->get_debug_session(),
#endif
}
- asd.set_application_ids(service_id, asd.pick_client_app_id(), payload_id,
- asd.pick_misc_app_id(), change_bits);
-
// Set the field that the Firewall queries to see if we have a search engine
if (asd.search_support_type == UNKNOWN_SEARCH_ENGINE && payload_id > APP_ID_NONE)
{
if ( service_id != APP_ID_NONE )
{
- if ( payload_id != APP_ID_NONE && payload_id != asd.past_indicator)
+ if ( payload_id != asd.past_indicator and payload_id != APP_ID_NONE)
{
asd.past_indicator = payload_id;
check_session_for_AF_indicator(p, direction, (AppId)payload_id);
}
- if (asd.payload.get_id() == APP_ID_NONE && asd.past_forecast != service_id &&
- asd.past_forecast != APP_ID_UNKNOWN)
+ if ( asd.past_forecast != service_id and asd.past_forecast != APP_ID_UNKNOWN and
+ asd.payload.get_id() == APP_ID_NONE )
{
asd.past_forecast = check_session_for_AF_forecast(asd, p, direction,
(AppId)service_id);
- asd.set_application_ids(service_id, asd.pick_client_app_id(),
- asd.pick_payload_app_id(), asd.pick_misc_app_id(), change_bits);
+ if (asd.past_forecast != APP_ID_UNKNOWN)
+ payload_id = asd.pick_payload_app_id();
}
}
+#ifdef ENABLE_APPID_THIRD_PARTY
+ if (asd.get_session_flags(APPID_SESSION_OOO_CHECK_TP) and asd.tpsession and
+ (asd.scan_flags & SCAN_HOST_PORT_FLAG) and (service_id or payload_id))
+ {
+ asd.clear_session_flags(APPID_SESSION_OOO_CHECK_TP); // don't repeat this block
+ if (!asd.is_tp_appid_done())
+ {
+ asd.tpsession->set_state(TP_STATE_TERMINATED);
+ if (appidDebug->is_active())
+ LogMessage("AppIdDbg %s Stopped 3rd party detection\n",
+ appidDebug->get_debug_session());
+ }
+ }
+#endif
+
+ asd.set_application_ids(service_id, asd.pick_client_app_id(), payload_id,
+ asd.pick_misc_app_id(), change_bits);
publish_appid_event(change_bits, p->flow);
}
}
hsession->process_http_packet(direction, change_bits);
+
if (asd->service.get_id() == APP_ID_HTTP)
{
asd->set_application_ids(asd->pick_service_app_id(), asd->pick_client_app_id(),
std::replace(app_name.begin(), app_name.end(), ' ', '_');
appid_detector_pegs_idx[app_id] = appid_detectors_info.size();
- appid_detectors_info.push_back({ app_name });
+ appid_detectors_info.emplace_back(app_name);
}
void AppIdPegCounts::sum_stats()
service_disco_state = APPID_DISCO_STATE_FINISHED;
- if ( (is_tp_appid_available() or get_session_flags(APPID_SESSION_NO_TPI) )
- and payload.get_id() == APP_ID_NONE )
+ if ( payload.get_id() == APP_ID_NONE and
+ ( is_tp_appid_available() or get_session_flags(APPID_SESSION_NO_TPI) ) )
payload.set_id(APP_ID_UNKNOWN);
set_session_flags(APPID_SESSION_SERVICE_DETECTED);
if (service.get_id() > APP_ID_NONE && !deferred)
return service.get_id();
- if (is_tp_appid_available() && tp_app_id > APP_ID_NONE)
+ if (tp_app_id > APP_ID_NONE and is_tp_appid_available())
return tp_app_id;
else if (deferred)
return service.get_id();
bool AppIdSession::is_tp_processing_done() const
{
#ifdef ENABLE_APPID_THIRD_PARTY
- if ( TPLibHandler::have_tp() &&
- !get_session_flags(APPID_SESSION_NO_TPI) &&
+ if (!get_session_flags(APPID_SESSION_NO_TPI) &&
(!is_tp_appid_done() ||
get_session_flags(APPID_SESSION_APP_REINSPECT | APPID_SESSION_APP_REINSPECT_SSL)))
return false;
#ifdef ENABLE_APPID_THIRD_PARTY
if ( TPLibHandler::have_tp() )
{
- unsigned state;
+ if (!tpsession)
+ return false;
- if (tpsession)
- state = tpsession->get_state();
- else
- state = TP_STATE_INIT;
+ unsigned state = tpsession->get_state();
return (state == TP_STATE_CLASSIFIED || state == TP_STATE_TERMINATED
|| state == TP_STATE_MONITORING);
#define APPID_SESSION_NO_TPI (1ULL << 38)
#define APPID_SESSION_IGNORE_FLOW (1ULL << 39)
#define APPID_SESSION_IGNORE_FLOW_IDED (1ULL << 40)
+#define APPID_SESSION_OOO_CHECK_TP (1ULL << 41)
#define APPID_SESSION_IGNORE_ID_FLAGS \
(APPID_SESSION_IGNORE_FLOW | \
APPID_SESSION_NOT_A_SERVICE | \
}
sflist_add_tail(&network_set->networks, (void*)network);
- if (network_set->ids.insert(network->info.id).second == false)
+ if (network_set->ids.emplace(network->info.id).second == false)
{
ErrorMessage("NetworkSet: Failed to add id %u\n", network->info.id);
return -1;
}
sflist_add_tail(&network_set->networks6, (void*)network);
- if (network_set->ids6.insert(network->info.id).second == false)
+ if (network_set->ids6.emplace(network->info.id).second == false)
{
ErrorMessage("NetworkSet: Failed to add IPv6 id %u\n", network->info.id);
return -1;
{
if ( p->flow->get_session_flags() & SSNFLAG_MIDSTREAM )
asd.client_disco_state = APPID_DISCO_STATE_FINISHED;
- else if ( asd.is_tp_appid_available()
- && ( tp_app_id > APP_ID_NONE && tp_app_id < SF_APPID_MAX ) )
+ else if ( tp_app_id > APP_ID_NONE and asd.is_tp_appid_available() )
{
- //tp has positively identified appId, Dig deeper only if sourcefire
+ // Third party has positively identified appId; Dig deeper only if our
// detector identifies additional information
entry = asd.app_info_mgr->get_app_info_entry(tp_app_id);
if ( entry && entry->client_detector
}
//stop rna inspection as soon as tp has classified a valid AppId
- if ( ( asd.client_disco_state == APPID_DISCO_STATE_STATEFUL ||
- asd.client_disco_state == APPID_DISCO_STATE_DIRECT) &&
- asd.client_disco_state == prevRnaClientState &&
- !asd.get_session_flags(APPID_SESSION_NO_TPI) &&
- asd.is_tp_appid_available() &&
- tp_app_id > APP_ID_NONE && tp_app_id < SF_APPID_MAX)
+ if ( tp_app_id > APP_ID_NONE and
+ ( asd.client_disco_state == APPID_DISCO_STATE_STATEFUL or
+ asd.client_disco_state == APPID_DISCO_STATE_DIRECT ) and
+ asd.client_disco_state == prevRnaClientState and
+ !asd.get_session_flags(APPID_SESSION_NO_TPI) and
+ asd.is_tp_appid_available() )
{
entry = asd.app_info_mgr->get_app_info_entry(tp_app_id);
if ( !( entry && entry->client_detector
switch (pType)
{
case HTTP_PAYLOAD:
- host_payload_patterns.push_back(pattern);
+ host_payload_patterns.emplace_back(pattern);
break;
case HTTP_URL:
- url_patterns.push_back(pattern);
+ url_patterns.emplace_back(pattern);
break;
case HTTP_USER_AGENT:
- client_agent_patterns.push_back(pattern);
+ client_agent_patterns.emplace_back(pattern);
break;
}
}
void HttpPatternMatchers::insert_content_type_pattern(DetectorHTTPPattern& pattern)
{
- content_type_patterns.push_back(pattern);
+ content_type_patterns.emplace_back(pattern);
}
void HttpPatternMatchers::insert_url_pattern(DetectorAppUrlPattern* pattern)
{
- app_url_patterns.push_back(pattern);
+ app_url_patterns.emplace_back(pattern);
}
void HttpPatternMatchers::insert_rtmp_url_pattern(DetectorAppUrlPattern* pattern)
{
- rtmp_url_patterns.push_back(pattern);
+ rtmp_url_patterns.emplace_back(pattern);
}
void HttpPatternMatchers::insert_app_url_pattern(DetectorAppUrlPattern* pattern)
HostUrlDetectorPattern* detector = new HostUrlDetectorPattern(pattern.pattern,
pattern.pattern_size);
- host_url_patterns.push_back(detector);
+ host_url_patterns.emplace_back(detector);
detector->payload_id = pattern.payload_id;
detector->service_id = pattern.service_id;
HostUrlDetectorPattern* detector = new HostUrlDetectorPattern(pattern.patterns.host.pattern,
pattern.patterns.host.patternSize);
- host_url_patterns.push_back(detector);
+ host_url_patterns.emplace_back(detector);
if (pattern.patterns.path.pattern)
{
ChpMatchDescriptor* cmd = (ChpMatchDescriptor*)data;
CHPAction* target = (CHPAction*)id;
- cmd->chp_matches[cmd->cur_ptype].push_back({ target, match_end_pos - target->psize });
+ cmd->chp_matches[cmd->cur_ptype].emplace_back( MatchedCHPAction{ target,
+ match_end_pos - target->psize } );
return 0;
}
return;
}
- match_tally.push_back({ chpapp, chpapp->key_pattern_length_sum,
- chpapp->key_pattern_count - 1 });
+ match_tally.emplace_back( CHPMatchCandidate{ chpapp, chpapp->key_pattern_length_sum,
+ chpapp->key_pattern_count - 1 } );
}
// In addition to creating the linked list of matching actions this function will
chc.chpapp = &chpapp;
chc.key_pattern_countdown = 1;
chc.key_pattern_length_sum = 0;
- match_tally.push_back(chc);
+ match_tally.emplace_back(chc);
chp_add_candidate_to_tally(match_tally, &chpapp);
CHECK_EQUAL(match_tally[0].key_pattern_countdown, 0);
}
chpa.appIdInstance = APP_ID_NONE;
chpa.action = DEFER_TO_SIMPLE_DETECT;
mchp.mpattern = &chpa;
- cmd.chp_matches[RSP_BODY_FID].push_back(mchp);
+ cmd.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd.cur_ptype = RSP_BODY_FID;
mod_config.safe_search_enabled = false;
CHECK(hm->scan_chp(cmd, &version, &user, &total_found, &hsession, (const
chpa.appIdInstance = APP_ID_NONE;
chpa.action = ALTERNATE_APPID;
mchp.mpattern = &chpa;
- cmd.chp_matches[RSP_BODY_FID].push_back(mchp);
+ cmd.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd.cur_ptype = RSP_BODY_FID;
mod_config.safe_search_enabled = false;
CHECK(hm->scan_chp(cmd, &version, &user, &total_found, &hsession, (const
mchp.start_match_pos = 0;
cmd.cur_ptype = RSP_BODY_FID;
mod_config.safe_search_enabled = false;
- cmd.chp_matches[RSP_BODY_FID].push_back(mchp);
+ cmd.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd.buffer[RSP_BODY_FID] = (const char*)"userid\n\rpassword";
cmd.length[RSP_BODY_FID] = strlen(cmd.buffer[RSP_BODY_FID]);
CHECK(hm->scan_chp(cmd, &version, &user, &total_found, &hsession, (const
chpa.psize = 1;
mchp.mpattern = &chpa;
mchp.start_match_pos = 0;
- cmd.chp_matches[RSP_BODY_FID].push_back(mchp);
+ cmd.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd.buffer[RSP_BODY_FID] = my_chp_data;
cmd.length[RSP_BODY_FID] = strlen(cmd.buffer[RSP_BODY_FID]);
CHECK(hm->scan_chp(cmd, &version, &user, &total_found, &hsession, (const
chpa.psize = 1;
mchp.mpattern = &chpa;
mchp.start_match_pos = 0;
- cmd.chp_matches[RSP_BODY_FID].push_back(mchp);
+ cmd.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd.buffer[RSP_BODY_FID] = my_chp_data;
cmd.length[RSP_BODY_FID] = strlen(cmd.buffer[RSP_BODY_FID]);
CHECK(hm->scan_chp(cmd, &version, &user, &total_found, &hsession, (const
chpa.psize = 1;
mchp.mpattern = &chpa;
mchp.start_match_pos = 0;
- cmd.chp_matches[RSP_BODY_FID].push_back(mchp);
+ cmd.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd.buffer[RSP_BODY_FID] = my_chp_data;
cmd.length[RSP_BODY_FID] = strlen(cmd.buffer[RSP_BODY_FID]);
CHECK(hm->scan_chp(cmd, &version, &user, &total_found, &hsession, (const
chpa.appIdInstance = APP_ID_NONE;
chpa.action = HOLD_FLOW;
mchp.mpattern = &chpa;
- cmd.chp_matches[RSP_BODY_FID].push_back(mchp);
+ cmd.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd.cur_ptype = RSP_BODY_FID;
mod_config.safe_search_enabled = false;
chpa.psize = 1;
chpa.appIdInstance = APP_ID_NONE;
chpa.action = FUTURE_APPID_SESSION_SIP;
mchp.mpattern = &chpa;
- cmd.chp_matches[RSP_BODY_FID].push_back(mchp);
+ cmd.chp_matches[RSP_BODY_FID].emplace_back(mchp);
CHECK(hm->scan_chp(cmd, &version, &user, &total_found, &hsession, (const
AppIdModuleConfig*)&mod_config) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
char *lcase_tok = AppInfoManager::strdup_to_lower(tok.c_str());
string app_name(lcase_tok);
- appid_table.insert(app_name);
+ appid_table.emplace(app_name);
snort_free(lcase_tok);
}
bool add_length_app_cache(const LengthKey& key, AppId val)
{
- return (length_cache->insert(std::make_pair(key, val))).second == true;
+ return (length_cache->emplace(key, val)).second == true;
}
}
/**Is this a customer defined detector. Lua detectors can call this function to verify if the detector
- * was created by Sourcefire or not.
+ * was created by odp or not.
* Callback could be used either at init or during packet processing
*
* @param Lua_State* - Lua state variable.
* @param detector/stack - detector object
* @return int - Number of elements on stack, which is always 1.
- * @return integer/stack - -1 if failed, 0 if sourcefire created, 1 otherwise.
+ * @return integer/stack - -1 if failed, 0 if odp created, 1 otherwise.
*/
static int service_is_custom_detector(lua_State* L)
{
new_app->app_type_flags = app_type_flags;
new_app->num_matches = num_matches;
- if (CHP_glossary->insert(std::make_pair(appIdInstance, new_app)).second == false)
+ if (CHP_glossary->emplace(appIdInstance, new_app).second == false)
{
ErrorMessage("LuaDetectorApi:Failed to add CHP for appId %d, instance %d",
CHP_APPIDINSTANCE_TO_ID(appIdInstance), CHP_APPIDINSTANCE_TO_INSTANCE(appIdInstance));
for ( auto kv : tcp_detectors )
{
kv.second->initialize();
- service_detector_list.push_back(kv.second);
+ service_detector_list.emplace_back(kv.second);
}
for ( auto kv : udp_detectors )
{
kv.second->initialize();
- service_detector_list.push_back(kv.second);
+ service_detector_list.emplace_back(kv.second);
}
#ifdef APPID_DEEP_PERF_PROFILING
if (pp.port == 21 && !ftp_service)
ftp_service = service;
- tcp_services[ pp.port ].push_back(service);
+ tcp_services[ pp.port ].emplace_back(service);
}
else if (pp.proto == IpProtocol::UDP)
{
if (!pp.reversed_validation)
- udp_services[ pp.port ].push_back(service);
+ udp_services[ pp.port ].emplace_back(service);
else
- udp_reversed_services[ pp.port ].push_back(service);
+ udp_reversed_services[ pp.port ].emplace_back(service);
}
else
{
std::vector<ServiceMatch*> smOrderedList;
for (ServiceMatch* sm = match_list; sm; sm = sm->next)
- smOrderedList.push_back(sm);
+ smOrderedList.emplace_back(sm);
if (!smOrderedList.empty() )
{
if ( std::find(asd.service_candidates.begin(), asd.service_candidates.end(),
sm->service) == asd.service_candidates.end() )
{
- asd.service_candidates.push_back(sm->service);
+ asd.service_candidates.emplace_back(sm->service);
}
snort_free(sm);
}
proto, p->ptrs.sp, asd.is_decrypted());
std::unordered_map<uint16_t, std::vector<ServiceDetector*>>::iterator urs_iterator;
if ( rsds && rsds->get_service() )
- asd.service_candidates.push_back(rsds->get_service());
+ asd.service_candidates.emplace_back(rsds->get_service());
else if ( ( urs_iterator = udp_reversed_services.find(p->ptrs.sp) )
!= udp_reversed_services.end() and !urs_iterator->second.empty() )
{
asd.set_session_flags(APPID_SESSION_SERVICE_DETECTED);
asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
- if ( (asd.is_tp_appid_available() ||
- asd.get_session_flags(APPID_SESSION_NO_TPI))
- && asd.payload.get_id() == APP_ID_NONE )
+ if (asd.payload.get_id() == APP_ID_NONE and
+ (asd.is_tp_appid_available() or asd.get_session_flags(APPID_SESSION_NO_TPI)))
asd.payload.set_id(APP_ID_UNKNOWN);
}
}
- else if (asd.is_tp_appid_available())
+ else if (tp_app_id > APP_ID_NONE and asd.is_tp_appid_available())
{
- if (tp_app_id > APP_ID_NONE)
+ // Third party has positively identified appId; Dig deeper only if our
+ // detector identifies additional information or flow is UDP reversed.
+ AppInfoTableEntry* entry = asd.app_info_mgr->get_app_info_entry(tp_app_id);
+ if ( entry && entry->service_detector &&
+ ( ( entry->flags & APPINFO_FLAG_SERVICE_ADDITIONAL ) ||
+ ( ( entry->flags & APPINFO_FLAG_SERVICE_UDP_REVERSED ) &&
+ asd.protocol == IpProtocol::UDP &&
+ asd.get_session_flags(APPID_SESSION_INITIATOR_MONITORED |
+ APPID_SESSION_RESPONDER_MONITORED) ) ) )
{
- //tp has positively identified appId, Dig deeper only if sourcefire
- // detector identifies additional information or flow is UDP reversed.
- AppInfoTableEntry* entry = asd.app_info_mgr->get_app_info_entry(tp_app_id);
- if ( entry && entry->service_detector &&
- ( ( entry->flags & APPINFO_FLAG_SERVICE_ADDITIONAL ) ||
- ( ( entry->flags & APPINFO_FLAG_SERVICE_UDP_REVERSED ) &&
- asd.protocol == IpProtocol::UDP &&
- asd.get_session_flags(APPID_SESSION_INITIATOR_MONITORED |
- APPID_SESSION_RESPONDER_MONITORED) ) ) )
- {
- asd.free_flow_data_by_mask(APPID_SESSION_DATA_SERVICE_MODSTATE_BIT);
- asd.service_detector = entry->service_detector;
- asd.service_disco_state = APPID_DISCO_STATE_STATEFUL;
- }
- else
- asd.stop_rna_service_inspection(p, direction);
+ asd.free_flow_data_by_mask(APPID_SESSION_DATA_SERVICE_MODSTATE_BIT);
+ asd.service_detector = entry->service_detector;
+ asd.service_disco_state = APPID_DISCO_STATE_STATEFUL;
}
else
- asd.service_disco_state = APPID_DISCO_STATE_STATEFUL;
+ asd.stop_rna_service_inspection(p, direction);
}
else
asd.service_disco_state = APPID_DISCO_STATE_STATEFUL;
}
//stop rna inspection as soon as tp has classified a valid AppId later in the session
- if ( asd.service_disco_state == APPID_DISCO_STATE_STATEFUL &&
- prevRnaServiceState == APPID_DISCO_STATE_STATEFUL &&
- !asd.get_session_flags(APPID_SESSION_NO_TPI) &&
- asd.is_tp_appid_available() &&
- tp_app_id > APP_ID_NONE && tp_app_id < SF_APPID_MAX)
+ if ( tp_app_id > APP_ID_NONE and
+ asd.service_disco_state == APPID_DISCO_STATE_STATEFUL and
+ prevRnaServiceState == APPID_DISCO_STATE_STATEFUL and
+ !asd.get_session_flags(APPID_SESSION_NO_TPI) and
+ asd.is_tp_appid_available() )
{
AppInfoTableEntry* entry = asd.app_info_mgr->get_app_info_entry(tp_app_id);
if ( entry && entry->service_detector &&
APPID_SESSION_CONTINUE) == APPID_SESSION_SERVICE_DETECTED)
{
asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
- if ( (asd.is_tp_appid_available() ||
- asd.get_session_flags(APPID_SESSION_NO_TPI)) &&
- asd.payload.get_id() == APP_ID_NONE )
+ if ( asd.payload.get_id() == APP_ID_NONE and
+ ( asd.is_tp_appid_available() or
+ asd.get_session_flags(APPID_SESSION_NO_TPI) ) )
{
asd.payload.set_id(APP_ID_UNKNOWN);
}
public:
bool reset() { return 1; }
-
bool process(const snort::Packet&, AppidSessionDirection, vector<AppId>&,
- ThirdPartyAppIDAttributeData&) { return 1; }
+
TPState process(const snort::Packet&, AppidSessionDirection, vector<AppId>&,
+ ThirdPartyAppIDAttributeData&) { return TP_STATE_INIT; }
int disable_flags(uint32_t) { return 0; }
TPState get_state() { return state; }
void getXffFields()
{
xff_fields.clear();
- xff_fields.push_back(HTTP_XFF_FIELD_X_FORWARDED_FOR);
- xff_fields.push_back(HTTP_XFF_FIELD_TRUE_CLIENT_IP);
+ xff_fields.emplace_back(HTTP_XFF_FIELD_X_FORWARDED_FOR);
+ xff_fields.emplace_back(HTTP_XFF_FIELD_TRUE_CLIENT_IP);
}
};
virtual ~ThirdPartyAppIDSession() { }
virtual bool reset() = 0; // just reset state
- virtual bool process(const snort::Packet&,
+ virtual TPState process(const snort::Packet&,
AppidSessionDirection direction,
std::vector<AppId>& proto_list,
ThirdPartyAppIDAttributeData& attribute_data) = 0;
}
#endif
-// std::vector does not have a convenient find() function.
-// There is a generic std::find() in <algorithm>, but this might be faster.
-template<class Type_t, class ValType_t>
-static bool contains(const vector<Type_t>& vec, const ValType_t& val)
+static inline bool contains(const vector<AppId>& vec, const AppId val)
{
- const Type_t* v=&vec[0], * vend=v+vec.size();
- while (v<vend)
- if ( *(v++)==(Type_t)val )
+ for (const auto& elem : vec)
+ if (elem == val)
return true;
return false;
}
static inline bool check_reinspect(const Packet* p, const AppIdSession& asd)
{
- return p->dsize && !asd.get_session_flags(APPID_SESSION_NO_TPI) &&
- asd.get_session_flags(APPID_SESSION_HTTP_SESSION) && asd.is_tp_appid_done();
+ return asd.get_session_flags(APPID_SESSION_HTTP_SESSION) and
+ !asd.get_session_flags(APPID_SESSION_NO_TPI) and asd.is_tp_appid_done() and p->dsize;
}
static inline int check_ssl_appid_for_reinspect(AppId app_id)
FatalError("Could not allocate asd.tpsession data");
} // debug output of packet content
- asd.tpsession->process(*p, direction,
+ TPState current_tp_state = asd.tpsession->process(*p, direction,
tp_proto_list, tp_attribute_data);
tp_app_id = asd.tpsession->get_appid(tp_confidence);
if (asd.get_session_flags(APPID_SESSION_APP_REINSPECT_SSL))
asd.clear_session_flags(APPID_SESSION_APP_REINSPECT_SSL);
- if (asd.tpsession->get_state() == TP_STATE_CLASSIFIED)
+ if (current_tp_state == TP_STATE_CLASSIFIED)
asd.clear_session_flags(APPID_SESSION_APP_REINSPECT);
+ else if (current_tp_state == TP_STATE_MONITORING)
+ {
+ asd.tpsession->disable_flags(TP_SESSION_FLAG_ATTRIBUTE |
+ TP_SESSION_FLAG_TUNNELING | TP_SESSION_FLAG_FUTUREFLOW);
+ }
if (appidDebug->is_active())
{
}
// if the third-party appId must be treated as a client, do it now
unsigned app_info_flags = asd.app_info_mgr->get_app_info_flags(tp_app_id,
- APPINFO_FLAG_TP_CLIENT | APPINFO_FLAG_IGNORE);
+ APPINFO_FLAG_TP_CLIENT | APPINFO_FLAG_IGNORE | APPINFO_FLAG_SSL_SQUELCH);
if ( app_info_flags & APPINFO_FLAG_TP_CLIENT )
asd.client.set_id(tp_app_id);
process_third_party_results(asd, tp_confidence, tp_proto_list, tp_attribute_data,
change_bits);
- if (asd.get_session_flags(APPID_SESSION_SSL_SESSION) &&
+ if ((app_info_flags & APPINFO_FLAG_SSL_SQUELCH) and
+ asd.get_session_flags(APPID_SESSION_SSL_SESSION) and
!(asd.scan_flags & SCAN_SSL_HOST_FLAG))
{
setSSLSquelch(p, 1, tp_app_id, asd.get_inspector());
else
tp_app_id = APP_ID_NONE;
}
+ if (tp_app_id == APP_ID_SSL &&
+ (Stream::get_snort_protocol_id(p->flow) == snortId_for_ftp_data))
+ {
+ // If we see SSL on an FTP data channel set tpAppId back
+ // to APP_ID_NONE so the FTP preprocessor picks up the flow.
+ tp_app_id = APP_ID_NONE;
+ }
}
else
{
tp_app_id = APP_ID_NONE;
}
- if (asd.tpsession and asd.tpsession->get_state() == TP_STATE_MONITORING)
- {
- asd.tpsession->disable_flags(TP_SESSION_FLAG_ATTRIBUTE |
- TP_SESSION_FLAG_TUNNELING | TP_SESSION_FLAG_FUTUREFLOW);
- }
-
- if (tp_app_id == APP_ID_SSL &&
- (Stream::get_snort_protocol_id(p->flow) == snortId_for_ftp_data))
- {
- // If we see SSL on an FTP data channel set tpAppId back
- // to APP_ID_NONE so the FTP preprocessor picks up the flow.
- tp_app_id = APP_ID_NONE;
- }
-
if ( tp_app_id > APP_ID_NONE
&& (!asd.get_session_flags(APPID_SESSION_APP_REINSPECT)
|| asd.payload.get_id() > APP_ID_NONE) )
if (asd.payload.get_id() == APP_ID_HTTP_SSL_TUNNEL)
snort_app_id = APP_ID_SSL;
- if (asd.is_tp_appid_available() && asd.get_tp_app_id() ==
- APP_ID_HTTP
- && !asd.get_session_flags(APPID_SESSION_APP_REINSPECT))
+ if (asd.get_tp_app_id() == APP_ID_HTTP and
+ !asd.get_session_flags(APPID_SESSION_APP_REINSPECT) and
+ asd.is_tp_appid_available())
{
asd.client_disco_state = APPID_DISCO_STATE_FINISHED;
+ asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
asd.set_session_flags(APPID_SESSION_CLIENT_DETECTED |
APPID_SESSION_SERVICE_DETECTED);
- asd.client_disco_state = APPID_DISCO_STATE_FINISHED;
asd.clear_session_flags(APPID_SESSION_CONTINUE);
if (direction == APP_ID_FROM_INITIATOR)
{
bool ArpSpoofModule::end(const char*, int idx, SnortConfig*)
{
if ( idx )
- config->ipmel.push_back(host);
+ config->ipmel.emplace_back(host);
else
config->check_overwrite = !config->ipmel.empty();
if ( work->use.name.empty() )
work->use.name = work->use.type;
- bindings.push_back(work);
+ bindings.emplace_back(work);
work = nullptr;
}
return true;
b->when.svc = svc;
b->use.type = type;
b->use.name = type;
- bindings.push_back(b);
+ bindings.emplace_back(b);
}
void BinderModule::add(unsigned proto, const char* type)
b->when.protos = proto;
b->use.type = type;
b->use.name = type;
- bindings.push_back(b);
+ bindings.emplace_back(b);
}
vector<Binding*>& BinderModule::get_data()
void eval(Packet*) override { }
void add(Binding* b)
- { bindings.push_back(b); }
+ { bindings.emplace_back(b); }
void handle_flow_setup(Packet*);
void handle_flow_service_change(Flow*);
std::string* test_name = new std::string("test_");
test_name->append(norm.name);
- test_text.push_back(test_name);
+ test_text.emplace_back(test_name);
test.name = test_text.back()->c_str();
std::string* test_info = new std::string("test ");
test_info->append(norm.help);
- test_text.push_back(test_info);
+ test_text.emplace_back(test_info);
test.help = test_text.back()->c_str();
test.type = norm.type;
- test_pegs.push_back(test);
+ test_pegs.emplace_back(test);
}
const PegInfo* NormalizeModule::get_pegs() const
while ( p->name )
{
add_test_peg(*p);
- test_pegs.push_back(*p);
+ test_pegs.emplace_back(*p);
p++;
}
while ( p->name )
{
add_test_peg(*p);
- test_pegs.push_back(*p);
+ test_pegs.emplace_back(*p);
p++;
}
- test_pegs.push_back(*p);
+ test_pegs.emplace_back(*p);
return &test_pegs[0];
}
protected:
void write_packet(Packet* p) override
{
- pcap.push_back(p);
+ pcap.emplace_back(p);
write_packet_called = true;
}
if ( s_pkt_trace == nullptr )
return global_mutes.val - 1;
- s_pkt_trace->mutes.push_back(false);
+ s_pkt_trace->mutes.emplace_back(false);
return s_pkt_trace->mutes.size() - 1;
}
ModuleConfig mod_cfg;
mod_cfg.ptr = &mod;
mod_cfg.pegs = {0, 2, 4};
- config.modules.push_back(mod_cfg);
+ config.modules.emplace_back(mod_cfg);
MockBaseTracker tracker(&config);
MockFormatter *formatter = (MockFormatter*)tracker.output;
f.finalize_fields();
f.init_output(fh);
- kvp.push_back(50);
- kvp.push_back(60);
- kvp.push_back(70);
+ kvp.emplace_back(50);
+ kvp.emplace_back(60);
+ kvp.emplace_back(70);
f.write(fh, (time_t)1234567890);
void FbsFormatter::register_field(const std::string& name, PegCount* value)
{
- non_offset_names.push_back(name);
- non_offset_values.push_back(value);
+ non_offset_names.emplace_back(name);
+ non_offset_values.emplace_back(value);
}
void FbsFormatter::register_field(const std::string& name, const char* value)
FormatterValue fv;
fv.s = value;
- offset_names.push_back(name);
- offset_types.push_back(FT_STRING);
- offset_values.push_back(fv);
+ offset_names.emplace_back(name);
+ offset_types.emplace_back(FT_STRING);
+ offset_values.emplace_back(fv);
}
void FbsFormatter::register_field(const std::string& name, std::vector<PegCount>* value)
FormatterValue fv;
fv.ipc = value;
- offset_names.push_back(name);
- offset_types.push_back(FT_IDX_PEG_COUNT);
- offset_values.push_back(fv);
+ offset_names.emplace_back(name);
+ offset_types.emplace_back(FT_IDX_PEG_COUNT);
+ offset_values.emplace_back(fv);
}
//Apply order to fields so that leaf nodes are created first in one pass
auto reflection_schema = reflection::GetSchema(schema_builder.GetBufferPointer());
auto root_fields = reflection_schema->root_table()->fields();
- vtable_offsets.push_back(vector<flatbuffers::uoffset_t>());
+ vtable_offsets.emplace_back(vector<flatbuffers::uoffset_t>());
for( unsigned i = 0; i < section_names.size(); i++ )
{
- vtable_offsets.push_back(vector<flatbuffers::uoffset_t>());
+ vtable_offsets.emplace_back(vector<flatbuffers::uoffset_t>());
auto module_field = root_fields->LookupByKey(lowercase(section_names[i]).c_str());
- vtable_offsets[0].push_back(module_field->offset());
+ vtable_offsets[0].emplace_back(module_field->offset());
auto module_table = reflection_schema->objects()->Get(module_field->type()->index());
for( unsigned j = 0; j < field_names[i].size(); j++ )
{
auto field = module_table->fields()->LookupByKey(lowercase(field_names[i][j]).c_str());
- vtable_offsets[i + 1].push_back(field->offset());
+ vtable_offsets[i + 1].emplace_back(field->offset());
if( types[i][j] == FT_IDX_PEG_COUNT )
{
auto field_name = lowercase(field_names[i][j]) + "_map";
field = module_table->fields()->LookupByKey(field_name.c_str());
- vtable_offsets[i + 1].push_back(field->offset());
+ vtable_offsets[i + 1].emplace_back(field->offset());
}
}
}
if( ipc[k] )
{
nz_found = true;
- map.push_back(k);
- mapped_ipc.push_back(ipc[k]);
+ map.emplace_back(k);
+ mapped_ipc.emplace_back(ipc[k]);
if( map.size() > nz_break_even )
break;
f.finalize_fields();
f.init_output(fh);
- kvp.push_back(50);
- kvp.push_back(0);
- kvp.push_back(70);
+ kvp.emplace_back(50);
+ kvp.emplace_back(0);
+ kvp.emplace_back(70);
f.write(fh, (time_t)1234567890);
void PerfFormatter::register_section(const string& name)
{
- types.push_back(vector<FormatterType>());
- values.push_back(vector<FormatterValue>());
+ types.emplace_back(vector<FormatterType>());
+ values.emplace_back(vector<FormatterValue>());
- section_names.push_back(name);
- field_names.push_back(vector<string>());
+ section_names.emplace_back(name);
+ field_names.emplace_back(vector<string>());
last_section++;
}
FormatterValue fv;
fv.pc = val;
- values[last_section].push_back(fv);
- types[last_section].push_back(FT_PEG_COUNT);
+ values[last_section].emplace_back(fv);
+ types[last_section].emplace_back(FT_PEG_COUNT);
- field_names[last_section].push_back(name);
+ field_names[last_section].emplace_back(name);
}
void PerfFormatter::register_field(const string& name, const char* val)
FormatterValue fv;
fv.s = val;
- values[last_section].push_back(fv);
- types[last_section].push_back(FT_STRING);
+ values[last_section].emplace_back(fv);
+ types[last_section].emplace_back(FT_STRING);
- field_names[last_section].push_back(name);
+ field_names[last_section].emplace_back(name);
}
void PerfFormatter::register_field(const string& name, vector<PegCount>* val)
FormatterValue fv;
fv.ipc = val;
- values[last_section].push_back(fv);
- types[last_section].push_back(FT_IDX_PEG_COUNT);
+ values[last_section].emplace_back(fv);
+ types[last_section].emplace_back(FT_IDX_PEG_COUNT);
- field_names[last_section].push_back(name);
+ field_names[last_section].emplace_back(name);
}
{
for( unsigned i = 0; i < values.size(); i++ )
for( unsigned j = 0; j < values[i].size(); j++ )
- public_values.insert(std::pair<std::string, FormatterValue>(
- section_names[i] + "." + field_names[i][j],
- values[i][j]));
+ public_values.emplace(section_names[i] + "." + field_names[i][j], values[i][j]);
}
};
#endif
config = new PerfConfig;
}
if ( idx != 0 && strcmp(fqn, "perf_monitor.modules") == 0 )
- config->modules.push_back(ModuleConfig());
+ config->modules.emplace_back(ModuleConfig());
return true;
}
if ( peg_names.empty() )
{
for ( unsigned i = 0; peg_info[i].name != nullptr; i++ )
- pegs.push_back(i);
+ pegs.emplace_back(i);
}
else
{
if ( peg_ittr != peg_names.end() )
{
peg_ittr->second = true;
- pegs.push_back(i);
+ pegs.emplace_back(i);
}
}
{
ModuleConfig cfg;
cfg.set_name(mod->get_name());
- modules.push_back(cfg);
+ modules.emplace_back(cfg);
}
}
return false;
if ( mod.ptr->counts_need_prep() )
- mods_to_prep.push_back(mod.ptr);
+ mods_to_prep.emplace_back(mod.ptr);
}
return true;
trackers = new std::vector<PerfTracker*>();
if (config->perf_flags & PERF_BASE)
- trackers->push_back(new BaseTracker(config));
+ trackers->emplace_back(new BaseTracker(config));
if (config->perf_flags & PERF_FLOW)
- trackers->push_back(new FlowTracker(config));
+ trackers->emplace_back(new FlowTracker(config));
if (config->perf_flags & PERF_FLOWIP)
{
flow_ip_tracker = new FlowIPTracker(config);
- trackers->push_back(flow_ip_tracker);
+ trackers->emplace_back(flow_ip_tracker);
}
if (config->perf_flags & PERF_CPU )
- trackers->push_back(new CPUTracker(config));
+ trackers->emplace_back(new CPUTracker(config));
for (unsigned i = 0; i < trackers->size(); i++)
{
f.finalize_fields();
f.init_output(fh);
- kvp.push_back(50);
- kvp.push_back(0);
- kvp.push_back(70);
+ kvp.emplace_back(50);
+ kvp.emplace_back(0);
+ kvp.emplace_back(70);
f.write(fh, (time_t)1234567890);
#include "packet_io/active.h"
#include "profiler/profiler.h"
-#include "reputation_module.h"
#include "reputation_parse.h"
#define VERDICT_REASON_REPUTATION 19
*/
static void snort_reputation(ReputationConfig* GlobalConf, Packet* p);
-unsigned ReputationFlowData::inspector_id = 0;
-
static void print_iplist_stats(ReputationConfig* config)
{
/*Print out the summary*/
// class stuff
//-------------------------------------------------------------------------
-class Reputation : public Inspector
-{
-public:
- Reputation(ReputationConfig*);
-
- void show(SnortConfig*) override;
- void eval(Packet*) override;
-
-private:
- ReputationConfig config;
- unsigned reputation_id;
- bool is_reputation_disabled(Flow* flow);
-};
-
Reputation::Reputation(ReputationConfig* pc)
{
reputation_id = create_reputation_id();
reputationstats.memory_allocated = sfrt_flat_usage(conf->ip_list);
}
-bool Reputation::is_reputation_disabled(Flow* flow)
-{
- if (!flow)
- return false;
-
- ReputationFlowData* fd = (ReputationFlowData*)flow->get_flow_data(
- ReputationFlowData::inspector_id);
-
- if (!fd)
- {
- fd = new ReputationFlowData;
- flow->set_flow_data(fd);
- }
- else if (fd->checked_reputation_id == reputation_id) // reputation previously checked
- return true;
-
- fd->checked_reputation_id = reputation_id; // disable future reputation checking
- return false;
-}
-
void Reputation::show(SnortConfig*)
{
print_reputation_conf(&config);
// precondition - what we registered for
assert(p->has_ip());
- if (!p->is_rebuilt() && !is_reputation_disabled(p->flow))
+ if (p->is_rebuilt())
+ return;
+
+ if (p->flow)
{
- snort_reputation(&config, p);
- ++reputationstats.packets;
+ if (p->flow->reputation_id == reputation_id) // reputation previously checked
+ return;
+ else
+ p->flow->reputation_id = reputation_id; // disable future reputation checking
}
+
+ snort_reputation(&config, p);
+ ++reputationstats.packets;
}
//-------------------------------------------------------------------------
static void reputation_init()
{
- ReputationFlowData::init();
PacketTracer::register_verdict_reason(VERDICT_REASON_REPUTATION, PacketTracer::PRIORITY_LOW);
}
#include "flow/flow.h"
-class ReputationFlowData : public snort::FlowData
+#include "reputation_module.h"
+
+class Reputation : public snort::Inspector
{
public:
- ReputationFlowData() : snort::FlowData(inspector_id){}
+ Reputation(ReputationConfig*);
- static void init()
- { inspector_id = snort::FlowData::create_flow_data_id(); }
+ void show(snort::SnortConfig*) override;
+ void eval(snort::Packet*) override;
- static unsigned inspector_id;
- unsigned checked_reputation_id = 0;
+private:
+ ReputationConfig config;
+ unsigned reputation_id;
};
#endif
listItem->file_name = config->blacklist_path;
listItem->file_type = BLACK_LIST;
listItem->list_id = 0;
- config->list_files.push_back(listItem);
+ config->list_files.emplace_back(listItem);
}
if (config->whitelist_path.size())
{
listItem->file_name = config->whitelist_path;
listItem->file_type = WHITE_LIST;
listItem->list_id = 0;
- config->list_files.push_back(listItem);
+ config->list_files.emplace_back(listItem);
}
}
return false;
}
- list_item->zones.insert(zone_id);
+ list_item->zones.emplace(zone_id);
has_zone = true;
}
list_item->all_zones_enabled = true;
}
- config->list_files.push_back(list_item);
+ config->list_files.emplace_back(list_item);
return true;
}
void SFDAQInstanceConfig::set_variable(const char* varkvp)
{
- variables.push_back(parse_variable(varkvp));
+ variables.emplace_back(parse_variable(varkvp));
}
/*
void SFDAQConfig::add_module_dir(const char* module_dir)
{
if (module_dir)
- module_dirs.push_back(module_dir);
+ module_dirs.emplace_back(module_dir);
}
void SFDAQConfig::set_input_spec(const char* input_spec_str, int instance_id)
ic->set_variable(varkvp);
}
else
- variables.push_back(parse_variable(varkvp));
+ variables.emplace_back(parse_variable(varkvp));
}
void SFDAQConfig::overlay(const SFDAQConfig* other)
return -1;
}
while ((pcap_filename = pcap_dir.next()))
- tmp_queue.push_back(pcap_filename);
+ tmp_queue.emplace_back(pcap_filename);
std::sort(tmp_queue.begin(), tmp_queue.end());
pcap_queue.reserve(pcap_queue.size() + tmp_queue.size());
pcap_queue.insert(pcap_queue.end(), tmp_queue.begin(), tmp_queue.end());
{
if (filter.empty() ||
(fnmatch(filter.c_str(), pcap_name.c_str(), 0) == 0))
- pcap_queue.push_back(pcap_name);
+ pcap_queue.emplace_back(pcap_name);
}
else
{
}
}
- pcap_queue.push_back(pcap_name);
+ pcap_queue.emplace_back(pcap_name);
} while (pos != std::string::npos);
}
return -1;
}
while ((pcap_filename = pcap_dir.next()))
- tmp_queue.push_back(pcap_filename);
+ tmp_queue.emplace_back(pcap_filename);
std::sort(tmp_queue.begin(), tmp_queue.end());
pcap_queue.reserve(pcap_queue.size() + tmp_queue.size());
pcap_queue.insert(pcap_queue.end(), tmp_queue.begin(), tmp_queue.end());
pro.arg = list;
pro.filter = pcap_filter;
- pcap_object_list.push_back(pro);
+ pcap_object_list.emplace_back(pro);
}
void Trough::set_filter(const char *f)
}
void Manager::add_chunk(const string& filename, const string& target, const string& chunk)
-{ chunks.push_back(Chunk(filename, target, chunk)); }
+{ chunks.emplace_back(Chunk(filename, target, chunk)); }
const vector<Chunk>& Manager::get_chunks()
{ return chunks; }
inline void set_error(const std::string& s)
{
result = ERROR;
- messages.push_back(s);
+ messages.emplace_back(s);
}
Test(const Chunk& ch) : chunk { &ch } { }
std::vector<uint16_t> tmp;
tmp.reserve(ret.size());
for(auto a: ret)
- tmp.push_back(to_utype(a));
+ tmp.emplace_back(to_utype(a));
lua_newtable(L);
Lua::fill_table_from_vector(L, lua_gettop(L), tmp);
{ stats.reset(); }
void add_child(ProfilerNode* node)
- { children.push_back(node); }
+ { children.emplace_back(node); }
const std::vector<ProfilerNode*> get_children() const
{ return children; }
g_stats[CodecManager::s_proto_map[to_utype(ProtocolId::FINISHED_DECODE)] + stat_offset] = 0;
for (unsigned int i = 0; i < stat_names.size(); i++)
- pkt_names.push_back(stat_names[i]);
+ pkt_names.emplace_back(stat_names[i]);
for (int i = 0; CodecManager::s_protocols[i] != nullptr; i++)
- pkt_names.push_back(CodecManager::s_protocols[i]->get_name());
+ pkt_names.emplace_back(CodecManager::s_protocols[i]->get_name());
show_percent_stats((PegCount*)&g_stats, &pkt_names[0],
(unsigned int)pkt_names.size(), "codec");
if (s)
{
- queue.push_back(s);
+ queue.emplace_back(s);
acsm->acsmStateTable[s].FailState = 0;
}
}
if ( s != ACSM_FAIL_STATE )
{
- queue.push_back(s);
+ queue.emplace_back(s);
int fs = acsm->acsmStateTable[r].FailState;
int next;
for (int i = 0; i < ALPHABET_SIZE; i++)
{
if ( int s = acsm->acsmStateTable[0].NextState[i] )
- queue.push_back(s);
+ queue.emplace_back(s);
}
/* Start building the next layer of transitions */
if ( s != ACSM_FAIL_STATE )
{
- queue.push_back(s);
+ queue.emplace_back(s);
}
else
{
{
if ( !queue_array[s] )
{
- queue.push_back(s);
+ queue.emplace_back(s);
queue_array[s] = true;
}
FailState[s] = 0;
{
if ( !queue_array[s] )
{
- queue.push_back(s);
+ queue.emplace_back(s);
queue_array[s] = true;
}
int fs = FailState[r];
{
if ( !queue_array[s] )
{
- queue.push_back(s);
+ queue.emplace_back(s);
queue_array[s] = true;
}
}
{
if ( !queue_array[s] )
{
- queue.push_back(s);
+ queue.emplace_back(s);
queue_array[s] = true;
}
}
int s = _bnfa_list_get_next_state(bnfa,0,i);
if ( s ) /* don't bother adding state zero */
{
- queue.push_back(s);
+ queue.emplace_back(s);
FailState[s] = 0;
}
}
if ( s == (int)BNFA_FAIL_STATE )
continue;
- queue.push_back(s);
+ queue.emplace_back(s);
fs = FailState[r];
const PatternDescriptor& desc, void* user) override
{
Pattern p(pat, len, desc, user);
- pvector.push_back(p);
+ pvector.emplace_back(p);
++patterns;
return 0;
}
for ( auto& p : pvector )
{
- pats.push_back(p.pat.c_str());
- flags.push_back(p.flags);
- ids.push_back(id++);
+ pats.emplace_back(p.pat.c_str());
+ flags.emplace_back(p.flags);
+ ids.emplace_back(id++);
}
if ( hs_compile_multi(&pats[0], &flags[0], &ids[0], pvector.size(), HS_MODE_BLOCK,
ParseError("bad ftp_client.bounce_to [%d]", idx);
return false;
}
- bounce_to.push_back(new BounceTo(address, port, last_port));
+ bounce_to.emplace_back(new BounceTo(address, port, last_port));
}
return true;
}
v.set_first_token();
while ( v.get_next_token(tok) )
- cmds.push_back(new FtpCmd(tok, flags, num));
+ cmds.emplace_back(new FtpCmd(tok, flags, num));
}
const FtpCmd* FtpServerModule::get_cmd(unsigned idx)
return true;
if ( !strcmp(fqn, "ftp_server.cmd_validity") )
- cmds.push_back(new FtpCmd(names, format, number));
+ cmds.emplace_back(new FtpCmd(names, format, number));
else if ( !strcmp(fqn, "ftp_server.directory_cmds") )
{
for ( unsigned i = 0; i < temp.size(); ++i )
{
temp[i].version = stuff.version;
- config.push_back(temp[i]);
+ config.emplace_back(temp[i]);
}
temp.clear();
}
else if ( !strcmp(fqn, "gtp_inspect.messages") and idx )
{
assert(stuff.length < 0);
- temp.push_back(stuff);
+ temp.emplace_back(stuff);
}
else if ( !strcmp(fqn, "gtp_inspect.infos") and idx )
{
assert(stuff.length >= 0);
- temp.push_back(stuff);
+ temp.emplace_back(stuff);
}
return true;
}
v.set_first_token();
while ( v.get_next_token(tok) )
- cmds.push_back(new SmtpCmd(tok, flags, 0));
+ cmds.emplace_back(new SmtpCmd(tok, flags, 0));
}
const SmtpCmd* SmtpModule::get_cmd(unsigned idx)
return true;
if ( !strcmp(fqn, "smtp.alt_max_command_line_len") )
- cmds.push_back(new SmtpCmd(names, number));
+ cmds.emplace_back(new SmtpCmd(names, number));
return true;
}
if (curse.name == key)
{
if (curse.is_tcp)
- tcp_curses.push_back(&curse);
+ tcp_curses.emplace_back(&curse);
else
- non_tcp_curses.push_back(&curse);
+ non_tcp_curses.emplace_back(&curse);
return true;
}
}
else if ( !hex )
{
if ( in[i] == '?' )
- out.push_back(WILD);
+ out.emplace_back(WILD);
else
- out.push_back(in[i]);
+ out.emplace_back(in[i]);
}
else if ( in[i] != ' ' )
{
if ( push && !byte.empty() )
{
int b = strtol(byte.c_str(), nullptr, 16);
- out.push_back((uint8_t)b);
+ out.emplace_back((uint8_t)b);
byte.clear();
}
++i;
if ( wild )
{
if ( in[i] != '*' )
- out.push_back(WILD);
+ out.emplace_back(WILD);
- out.push_back(in[i]);
+ out.emplace_back(in[i]);
wild = false;
}
else
if ( in[i] == '*' )
wild = true;
else
- out.push_back(in[i]);
+ out.emplace_back(in[i]);
}
++i;
}
return true;
else if ( v.is("hex") )
- spells.push_back(v.get_string());
+ spells.emplace_back(v.get_string());
else if ( v.is("spell") )
- spells.push_back(v.get_string());
+ spells.emplace_back(v.get_string());
else if ( v.is("curses") )
curses->add_curse(v.get_string());
for ( const CurseDetails* curse : pages )
{
if (tcp)
- w.curse_tracker.push_back({ curse, new CurseTracker });
+ w.curse_tracker.emplace_back( CurseServiceTracker{ curse, new CurseTracker } );
else
- w.curse_tracker.push_back({ curse, nullptr });
+ w.curse_tracker.emplace_back( CurseServiceTracker{ curse, nullptr } );
}
}
}
scm->connectors = *connectors;
scm->ports = *ports;
- s_maps.push_back(scm);
+ s_maps.emplace_back(scm);
}
// Initialize state to be ready to accept configuration
}
/* Save the thread specific map */
- map_list->push_back(map);
+ map_list->emplace_back(map);
}
/* Finally, save the thread-specific list */
assert(config);
if ( v.is("connector") )
- config->connectors.push_back(std::move(v.get_string()));
+ config->connectors.emplace_back(std::move(v.get_string()));
else if ( v.is("ports") )
{
SCConnectors test_connectors;
PortBitSet test_ports;
- test_connectors.push_back("R");
- test_connectors.push_back("T");
+ test_connectors.emplace_back("R");
+ test_connectors.emplace_back("T");
test_ports.set(1);
SideChannelManager::instantiate(&test_connectors, &test_ports);
test_connectors.clear();
test_ports.reset(1);
- test_connectors.push_back("R");
+ test_connectors.emplace_back("R");
test_ports.set(2);
SideChannelManager::instantiate(&test_connectors, &test_ports);
test_connectors.clear();
test_ports.reset(2);
- test_connectors.push_back("T");
+ test_connectors.emplace_back("T");
test_ports.set(3);
SideChannelManager::instantiate(&test_connectors, &test_ports);
test_connectors.clear();
test_ports.reset(4);
- test_connectors.push_back("D");
+ test_connectors.emplace_back("D");
test_ports.set(5);
SideChannelManager::instantiate(&test_connectors, &test_ports);
if ( proto_map == nullptr )
proto_map = new ProtocolMap;
- proto_map->insert(std::make_pair((int)protocol, this));
+ proto_map->emplace((int)protocol, this);
}
ProtocolHA::~ProtocolHA()
void VarFlushBucket::set_next(uint16_t pt)
{
- flush_points.push_back(pt);
+ flush_points.emplace_back(pt);
}
uint16_t VarFlushBucket::get_next()
if ( avail < p->dsize )
{
UserSegment* us = UserSegment::init(p->data+avail, p->dsize-avail);
- seg_list.push_back(us);
+ seg_list.emplace_back(us);
}
total += p->dsize;
process(p);
if ( ind_map.size() < id_map.size() )
{
while ( ind_map.size() < id_map.size() )
- ind_map.push_back((SnortProtocolId)ind_map.size());
+ ind_map.emplace_back((SnortProtocolId)ind_map.size());
Compare c { id_map };
sort(ind_map.begin(), ind_map.end(), c);
}
SnortProtocolId snort_protocol_id = protocol_number++;
- id_map.push_back(protocol);
+ id_map.emplace_back(protocol);
ref_table[protocol] = snort_protocol_id;
return snort_protocol_id;
static std::vector<int> s_test_args;
static void s_test_handler(void* pv)
-{ s_test_args.push_back(*(int*)(pv)); }
+{ s_test_args.emplace_back(*(int*)(pv)); }
TEST_CASE("periodic", "[periodic]")
{
projects / thirdparty / snort3.git / commitdiff
