* Arguments:
*
* The keyword to reference this plugin is "fragbits". Possible arguments are
- * D, M and R for DF, MF and RB, respectively.
- *
+ * D, M and R for DF, MF and RB, respectively.
+ *
* Possible modes are '+', '!', and '*' for plus, not and any modes.
*
* Effect:
static THREAD_LOCAL ProfileStats fragBitsPerfStats;
-// this class holds the logic for setting up the fragment test
-// data and testing for the data match (is_match function).
+// this class holds the logic for setting up the fragment test
+// data and testing for the data match (is_match function).
class FragBitsData
{
-public:
+public:
FragBitsData()
{
mode = 0;
frag_bits = 0;
}
-
+
uint8_t get_mode() const;
uint16_t get_frag_bits() const;
void set_frag_bits(uint16_t);
void set_more_fragment_bit();
void set_dont_fragment_bit();
void set_reserved_bit();
-
+
//no mode for normal since it is set as the default
void set_not_mode();
void set_any_mode();
void set_plus_mode();
-
+
void parse_fragbits(const char* data);
-
+
bool is_match(Packet *);
-
+
private:
//numeric mode values
enum MODE { NORMAL, PLUS, ANY, NOT};
-
- const static uint16_t BITMASK = 0xE000;
- const static uint16_t RESERVED_BIT = 0x8000;
- const static uint16_t DONT_FRAG_BIT = 0x4000;
- const static uint16_t MORE_FRAG_BIT = 0x2000;
-
+
+ static const uint16_t BITMASK = 0xE000;
+ static const uint16_t RESERVED_BIT = 0x8000;
+ static const uint16_t DONT_FRAG_BIT = 0x4000;
+ static const uint16_t MORE_FRAG_BIT = 0x2000;
+
//flags used to indicate mode
- const static char PLUS_FLAG = '+';
- const static char ANY_FLAG = '*';
- const static char NOT_FLAG = '!';
-
+ static const char PLUS_FLAG = '+';
+ static const char ANY_FLAG = '*';
+ static const char NOT_FLAG = '!';
+
bool check_normal(const uint16_t);
bool check_any(const uint16_t);
bool check_not(const uint16_t);
bool check_plus(const uint16_t);
-
+
uint8_t mode;
uint16_t frag_bits;
};
{ mode = NOT; }
// this is the function that checks for a match
-bool FragBitsData::is_match(Packet* p)
+bool FragBitsData::is_match(Packet* p)
{
- uint16_t packet_fragbits = p->ptrs.ip_api.off_w_flags();
-
+ uint16_t packet_fragbits = p->ptrs.ip_api.off_w_flags();
+
// strip the offset value and leave only the fragment bits
packet_fragbits &= BITMASK;
-
+
bool match = false;
-
+
// get the mode we have .. then check for match
switch( get_mode() )
{
case NORMAL:
- match = check_normal(packet_fragbits);
+ match = check_normal(packet_fragbits);
break;
case ANY:
match = check_any(packet_fragbits);
match = check_not(packet_fragbits);
break;
}
-
+
return match;
}
}
//check for packets that do NOT have matching flags set '!'
-bool FragBitsData::check_not(const uint16_t packet_fragbits)
+bool FragBitsData::check_not(const uint16_t packet_fragbits)
{
if ( (get_frag_bits() & packet_fragbits ) == 0)
{
void FragBitsData::parse_fragbits(const char* data)
{
std::string bit_string;
-
+
// if its null the bit_string will stay empty
if(data)
{
ParseError("no arguments to the fragbits keyword");
return;
}
-
+
unsigned long len = bit_string.length();
-
+
for(unsigned long a = 0; a < len; a++)
{
//if we hit a space skip/continue
if( isspace( bit_string.at(a) ) )
continue;
-
+
switch ( bit_string.at( a ) )
{
case 'd': // dont fragment
- case 'D':
+ case 'D':
set_dont_fragment_bit();
break;
-
+
case 'm': // more fragment
- case 'M':
+ case 'M':
set_more_fragment_bit();
break;
-
+
case 'r': // reserved bit
- case 'R':
+ case 'R':
set_reserved_bit();
break;
-
+
case NOT_FLAG:// NOT flag, fire if flags are NOT set
set_not_mode();
break;
case PLUS_FLAG: // PLUS flag, fire on these bits PLUS any others
set_plus_mode();
break;
-
+
default:
ParseError("Bad fragbit = '%c'. Valid options are: RDM+!*",
bit_string.at(a) );
uint32_t a,b,c;
const FragBitsData* data = &fragBitsData;
- a = data->get_mode();
- b = data->get_frag_bits();
+ a = data->get_mode();
+ b = data->get_frag_bits();
c = 0;
mix_str(a,b,c,get_name());
return DETECTION_OPTION_NO_MATCH;
bool is_match = fragBitsData.is_match(p);
-
+
if(is_match)
return DETECTION_OPTION_MATCH;
-
+
// if the test isn't successful, this function *must* return 0
return DETECTION_OPTION_NO_MATCH;
}
ProfileStats* get_profile() const override
{ return &fragBitsPerfStats; }
-
+
FragBitsData get_fragBits_data();
private:
mod_ctor, //ModNewFunc constructor
mod_dtor //ModDelFunc destructor
},
-
+
//IpsApi struct
OPT_TYPE_DETECTION, //RuleOptType
- 1, //max per rule
+ 1, //max per rule
0, //IpsOptFunc protos
nullptr, //IpsOptFunc pinit
nullptr, //IpsOptFunc pterm
}
}
-void free_port_exclusion_list( SF_LIST** pe_list )
+static void free_port_exclusion_list( SF_LIST** pe_list )
{
for ( unsigned i = 0; i < APP_ID_PORT_ARRAY_SIZE; i++ )
{
return 0;
}
-NODE_DATA sflist_first(SF_LIST*, SF_LNODE**);
-NODE_DATA sflist_next(SF_LNODE**);
static inline int NetworkSet_OrderByNetmask(SF_LIST* ordered_networks, SF_LIST* networks, unsigned
id)
{
krbs->pos++;
break;
case KRB_STATE_APP:
- DebugFormat(DEBUG_INSPECTOR,"%p Type %u (%02X)\n",
+ DebugFormat(DEBUG_INSPECTOR,"%p Type %d (%02X)\n",
(void*)asd, *s & (~ASN_1_TYPE_MASK), *s);
if ((*s & ASN_1_TYPE_MASK) != (ASN_1_APPLICATION|ASN_1_CONSTRUCT))
return KRB_FAILED;
krbs->pos++;
break;
case KRB_STATE_APP:
- DebugFormat(DEBUG_INSPECTOR,"%p Type %u (%02X)\n",
+ DebugFormat(DEBUG_INSPECTOR,"%p Type %d (%02X)\n",
(void*)asd, *s & (~ASN_1_TYPE_MASK), *s);
if ((*s & ASN_1_TYPE_MASK) != (ASN_1_APPLICATION|ASN_1_CONSTRUCT))
return KRB_FAILED;
krbs->pos++;
break;
case KRB_STATE_ERROR_VALUE:
- DebugFormat(DEBUG_INSPECTOR,"%p Error %u\n", (void*)asd, *s);
+ DebugFormat(DEBUG_INSPECTOR,"%p Error %hhu\n", (void*)asd, *s);
if (krbs->msg_len <= 1)
{
krbs->flags |= KRB_FLAG_SERVICE_DETECTED;
DetectorData* fd;
#ifdef DEBUG_MSGS
- DebugFormat(DEBUG_INSPECTOR, "%p Processing %u %u->%u %u %d",
+ DebugFormat(DEBUG_INSPECTOR, "%p Processing %u %hu->%hu %hu %d",
(void*)asd, (unsigned int)asd->protocol, pkt->ptrs.sp, pkt->ptrs.dp, size, dir);
#else
UNUSED(pkt);
const uint8_t* s = data;
const uint8_t* end = (data + size);
- DebugFormat(DEBUG_INSPECTOR, "%p Processing %u %u->%u %u %d",
+ DebugFormat(DEBUG_INSPECTOR, "%p Processing %u %hu->%hu %hu %d",
(void*)asd, (unsigned int)asd->protocol, pkt->ptrs.sp, pkt->ptrs.dp, size, dir);
if (dir != APP_ID_FROM_RESPONDER)
{
for (pattern = ps->pattern; pattern; pattern = pattern->next)
{
- DebugFormat(DEBUG_LOG,"\t%s, %d\n",pattern->data, pattern->length);
+ DebugFormat(DEBUG_LOG,"\t%s, %u\n",pattern->data, pattern->length);
if (pattern->data && pattern->length)
{
- DebugFormat(DEBUG_LOG,"\t\t%s, %d\n",pattern->data, pattern->length);
+ DebugFormat(DEBUG_LOG,"\t\t%s, %u\n",pattern->data, pattern->length);
}
}
}
mdataB = dialog->mediaSessions->nextS->medias;
while ((nullptr != mdataA)&&(nullptr != mdataB))
{
- DebugFormat(DEBUG_SIP, "Adding future channels Source IP: %s Port: %u\n",
+ DebugFormat(DEBUG_SIP, "Adding future channels Source IP: %s Port: %hu\n",
sfip_to_str(&mdataA->maddress), mdataA->mport);
- DebugFormat(DEBUG_SIP, "Adding future channels Destine IP: %s Port: %u\n",
+ DebugFormat(DEBUG_SIP, "Adding future channels Destine IP: %s Port: %hu\n",
sfip_to_str(&mdataB->maddress), mdataB->mport);
createRtpFlow(asd, p, &mdataA->maddress, mdataA->mport, &mdataB->maddress,
if (proto > UINT8_MAX)
{
- ErrorMessage("%s:Invalid protocol value %d\n",__func__, proto);
+ ErrorMessage("%s:Invalid protocol value %u\n",__func__, proto);
return 0;
}
int, const char*);
static void ServiceRegisterPatternUser(RNAServiceValidationFCN, IpProtocol, const uint8_t*,
unsigned, int, const char*);
-void appSetServiceValidator( RNAServiceValidationFCN, AppId, unsigned extractsInfo);
+static void appSetServiceValidator( RNAServiceValidationFCN, AppId, unsigned extractsInfo);
static int CServiceAddPort(const RNAServiceValidationPort*, RNAServiceValidationModule*);
static void CServiceRemovePorts(RNAServiceValidationFCN validate);
const uint32_t NUM_STATIC_SERVICES =
sizeof(static_service_list) / sizeof(RNAServiceValidationModule*);
-void appSetServiceValidator(RNAServiceValidationFCN fcn, AppId appId, unsigned extractsInfo)
+static void appSetServiceValidator(RNAServiceValidationFCN fcn, AppId appId, unsigned extractsInfo)
{
AppInfoTableEntry* pEntry = AppInfoManager::get_instance().get_app_info_entry(appId);
if (!pEntry)
return false;
}
-bool set_api_ip_embed_icmp(Packet* const p)
-{ return set_api_ip_embed_icmp(p, p->ptrs.ip_api); }
-
bool set_api_ip_embed_icmp(const Packet* p, ip::IpApi& api)
{
int num_layers = p->num_layers - 1;
// true - ip layer found and api set
// false - ip layer NOT found, api reset
SO_PUBLIC bool set_api_ip_embed_icmp(const Packet*, ip::IpApi& api);
-// a helper function when the api to be set is inside the packet
-SO_PUBLIC bool set_api_ip_embed_icmp(const Packet* p);
/*
*When a protocol is embedded in ICMP, these functions
if (!p->flow)
return -1;
- FtpDataFlowData* fd = (FtpDataFlowData*)
+ FtpDataFlowData* fdfd = (FtpDataFlowData*)
p->flow->get_flow_data(FtpDataFlowData::flow_id);
- FTP_DATA_SESSION* data_ssn = fd ? &fd->session : nullptr;
+ FTP_DATA_SESSION* data_ssn = fdfd ? &fdfd->session : nullptr;
if ( !data_ssn or (data_ssn->packet_flags & FTPDATA_FLG_STOP) )
return 0;
/* FTP-Data session is in limbo, we need to lookup the control session
* to figure out what to do. */
- FtpFlowData* fd = (FtpFlowData*)Stream::get_flow_data(
+ FtpFlowData* ffd = (FtpFlowData*)Stream::get_flow_data(
&data_ssn->ftp_key, FtpFlowData::flow_id);
- FTP_SESSION* ftp_ssn = fd ? &fd->session : NULL;
+ FTP_SESSION* ftp_ssn = ffd ? &ffd->session : NULL;
if (!PROTO_IS_FTP(ftp_ssn))
{
break;
case FTP_RESPONSE: /* Response */
DebugFormat(DEBUG_FTPTELNET,
- "FTP response: code: %.*s : M len %d : M %.*s\n",
+ "FTP response: code: %.*s : M len %u : M %.*s\n",
req->cmd_size, req->cmd_begin, req->param_size,
req->param_size, req->param_begin);
if ((ftpssn->client_conf->max_resp_len > 0) &&
break;
case FTP_RESPONSE_CONT: /* Response continued */
DebugFormat(DEBUG_FTPTELNET,
- "FTP response: continuation of code: %d : M len %d : M %.*s\n",
+ "FTP response: continuation of code: %d : M len %u : M %.*s\n",
ftpssn->server.response.state, req->param_size,
req->param_size, req->param_begin);
if ((ftpssn->client_conf->max_resp_len > 0) &&
break;
case FTP_RESPONSE_ENDCONT: /* Continued response end */
DebugFormat(DEBUG_FTPTELNET,
- "FTP response: final continue of code: %.*s : M len %d : "
+ "FTP response: final continue of code: %.*s : M len %u : "
"M %.*s\n", req->cmd_size, req->cmd_begin,
req->param_size, req->param_size, req->param_begin);
if ((ftpssn->client_conf->max_resp_len > 0) &&
break;
default:
DebugFormat(DEBUG_FTPTELNET, "FTP command: CMD: %.*s : "
- "P len %d : P %.*s\n", req->cmd_size, req->cmd_begin,
+ "P len %u : P %.*s\n", req->cmd_size, req->cmd_begin,
req->param_size, req->param_size, req->param_begin);
if (CmdConf)
{
/* Alert on param length overrun */
SnortEventqAdd(GID_FTP, FTP_PARAMETER_LENGTH_OVERFLOW);
DebugFormat(DEBUG_FTPTELNET, "FTP command: %.*s"
- "parameter length overrun %d > %d \n",
+ "parameter length overrun %u > %u \n",
req->cmd_size, req->cmd_begin, req->param_size, max);
iRet = FTPP_ALERT;
}
// see flush_pdu_ackd() for details
// the key difference is that we operate on forward moving data
// because we don't wait until it is acknowledged
-uint32_t TcpReassembler::flush_pdu_ips(uint32_t* flags)
+int32_t TcpReassembler::flush_pdu_ips(uint32_t* flags)
{
Profile profile(s5TcpPAFPerfStats);
// - if we partially scan a segment we must save state so we
// know where we left off and can resume scanning the remainder
-uint32_t TcpReassembler::flush_pdu_ackd(uint32_t* flags)
+int32_t TcpReassembler::flush_pdu_ackd(uint32_t* flags)
{
Profile profile(s5TcpPAFPerfStats);
void final_flush(Packet* p, PegCount& peg, uint32_t dir);
uint32_t get_reverse_packet_dir(const Packet* p);
uint32_t get_forward_packet_dir(const Packet* p);
- uint32_t flush_pdu_ips(uint32_t* flags);
+ int32_t flush_pdu_ips(uint32_t* flags);
void fallback();
- uint32_t flush_pdu_ackd(uint32_t* flags);
+ int32_t flush_pdu_ackd(uint32_t* flags);
int purge_to_seq(uint32_t flush_seq);
bool server_side;
projects / thirdparty / snort3.git / commitdiff
