codec.proto_bits |= PROTO_BIT__IP6_EXT;
codec.ip6_extension_count++;
- // FIXIT-H the comment says to call it after setting next_prot_id,
+ // FIXIT-RC the comment says to call it after setting next_prot_id,
// but it looks like it's called (twice) before setting it.
// must be called AFTER setting next_prot_id
CheckIPv6ExtensionOrder(codec, IpProtocol::FRAGMENT);
- // FIXIT-H this breaks the tests/ips/normalize/ip6/would_opts_nop test
+ // FIXIT-RC this breaks the tests/ips/normalize/ip6/would_opts_nop test
// because ip6frag_hdr->ip6f_nxt is set to FINISHED_DECODE here. (or
// maybe the test has the wrong expected data).
break;
}
-/* written this way since inet_ntoa was typedef'ed to use sfip_ntoa
- * which requires SfIp instead of inaddr's. This call to inet_ntoa
- * is a rare case that doesn't use SfIp's. */
-
-// XXX-IPv6 NOT YET IMPLEMENTED - IPV6 addresses technically not supported - need to change ICMP
-
- /* no inet_ntop in Windows */
snort_inet_ntop(AF_INET, (const void*)(&icmph->s_icmp_gwaddr.s_addr),
buf, sizeof(buf));
TextLog_Print(log, " NEW GW: %s", buf);
{
const ip::IP4Hdr* const ip4h = reinterpret_cast<const ip::IP4Hdr*>(raw_pkt);
- // FIXIT-H this does NOT obfuscate correctly
+ // FIXIT-RC this does NOT obfuscate correctly
if (snort::SnortConfig::obfuscate())
{
TextLog_Print(text_log, "xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx");
{
const ip::IP6Hdr* const ip6h = reinterpret_cast<const ip::IP6Hdr*>(raw_pkt);
- // FIXIT-H this does NOT obfuscate correctly
+ // FIXIT-RC this does NOT obfuscate correctly
if (SnortConfig::obfuscate())
{
TextLog_Print(text_log, "x:x:x:x::x:x:x:x -> x:x:x:x::x:x:x:x");
const udp::UDPHdr* const udph =
reinterpret_cast<const udp::UDPHdr*>(raw.data);
- // FIXIT-M since we no longer let UDP fragments through, erase extra code
+ // FIXIT-RC since we no longer let UDP fragments through, erase extra code
if ((snort.decode_flags & DECODE_FRAG) == 0)
{
uhlen = ntohs(udph->uh_len);
}
sp += sn;
- /* XXX - unroll loop using Duff's device. */
+ /* unroll loop using Duff's device. */
while (--n > 0)
{
cksum += sp[0];
// COPIED DIRECTLY FROM ipv4 CODEC. This is specifically replicated since
// the two are not necessarily the same.
- // FIXIT-H this does NOT obfuscate correctly
+ // FIXIT-RC this does NOT obfuscate correctly
if (SnortConfig::obfuscate())
{
TextLog_Print(text_log, "xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx");
return false;
}
-// orig_frag_offset = ntohs(GET_ORIG_IPH_OFF(p));
-// orig_frag_offset &= 0x1FFF;
+ // orig_frag_offset = ntohs(GET_ORIG_IPH_OFF(p));
+ // orig_frag_offset &= 0x1FFF;
- // XXX NOT YET IMPLEMENTED - fragments inside ICMP payload
+ // FIXIT-L NOT YET IMPLEMENTED - fragments inside ICMP payload
// since we know the protocol ID in this layer (and NOT the
// next layer), set the correct protocol here. Normally,
{
void setup() override
{
- // FIXIT-L workaround for CppUTest mem leak detector issue
+ // FIXIT-RC workaround for CppUTest mem leak detector issue
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
fc_api = (ConnectorApi*)file_connector;
connector_tx_text_config.direction = Connector::CONN_TRANSMIT;
{
void setup() override
{
- // FIXIT-L workaround for CppUTest mem leak detector issue
+ // FIXIT-RC workaround for CppUTest mem leak detector issue
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
fc_api = (ConnectorApi*)file_connector;
connector_tx_text_config.direction = Connector::CONN_TRANSMIT;
{
void setup() override
{
- // FIXIT-L workaround for CppUTest mem leak detector issue
+ // FIXIT-RC workaround for CppUTest mem leak detector issue
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
fc_api = (ConnectorApi*)file_connector;
connector_tx_text_config.direction = Connector::CONN_TRANSMIT;
{
void setup() override
{
- // FIXIT-L workaround for CppUTest mem leak detector issue
+ // FIXIT-RC workaround for CppUTest mem leak detector issue
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
fc_api = (ConnectorApi*)file_connector;
connector_tx_binary_config.direction = Connector::CONN_TRANSMIT;
{
void setup() override
{
- // FIXIT-L workaround for CppUTest mem leak detector issue
+ // FIXIT-RC workaround for CppUTest mem leak detector issue
//MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
tcpc_api = (ConnectorApi*)tcp_connector;
connector_config.direction = Connector::CONN_DUPLEX;
{
void setup() override
{
- // FIXIT-L workaround for CppUTest mem leak detector issue
+ // FIXIT-RC workaround for CppUTest mem leak detector issue
//MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
tcpc_api = (ConnectorApi*)tcp_connector;
set_normal_status();
{
void setup() override
{
- // FIXIT-L workaround for CppUTest mem leak detector issue
+ // FIXIT-RC workaround for CppUTest mem leak detector issue
//MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
}
{
void setup() override
{
- // FIXIT-L workaround for CppUTest mem leak detector issue
+ // FIXIT-RC workaround for CppUTest mem leak detector issue
//MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
tcpc_api = (ConnectorApi*)tcp_connector;
set_normal_status();
{
void setup() override
{
- // FIXIT-L workaround for CppUTest mem leak detector issue
+ // FIXIT-RC workaround for CppUTest mem leak detector issue
//MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
tcpc_api = (ConnectorApi*)tcp_connector;
s_instance = 0;
{
void setup() override
{
- // FIXIT-L workaround for CppUTest mem leak detector issue
+ // FIXIT-RC workaround for CppUTest mem leak detector issue
//MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
tcpc_api = (ConnectorApi*)tcp_connector;
s_instance = 0;
{
void setup() override
{
- // FIXIT-L workaround for CppUTest mem leak detector issue
+ // FIXIT-RC workaround for CppUTest mem leak detector issue
//MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
tcpc_api = (ConnectorApi*)tcp_connector;
s_instance = 0;
{
void setup() override
{
- // FIXIT-L workaround for CppUTest mem leak detector issue
+ // FIXIT-RC workaround for CppUTest mem leak detector issue
//MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
s_instance = 0;
set_normal_status();
uint32_t Total_Out; // total number of bytes output so far
// Configuration settings
- // FIXIT-L Compr_Depth and Decompr_Depth only support OHI and eventually should be removed
+ // FIXIT-RC Compr_Depth and Decompr_Depth only support OHI and eventually should be removed
uint32_t Compr_Depth;
uint32_t Decompr_Depth;
uint32_t Modes; // Bit mapped set of potential file/algo modes
#define FILTER_SPEC_BUF_LEN (40)
#define PARSE_STACK_LEN (12)
-/* FIXIT-L Other than the API prototypes, the other parts of this header should
+/* FIXIT-RC Other than the API prototypes, the other parts of this header should
be private to file_decomp_pdf. */
enum fd_PDF_States
uint8_t State;
};
-// FIXIT-L don't obfuscate pointers
+// FIXIT-RC don't obfuscate pointers
typedef fd_PDF_Parse_Stack_t* fd_PDF_Parse_Stack_p_t;
typedef fd_PDF_Parse_t* fd_PDF_Parse_p_t;
typedef fd_PDF_t* fd_PDF_p_t;
#include "file_decomp.h"
-/* FIXIT-L Other than the API prototypes, the other parts of this header should
+/* FIXIT-RC Other than the API prototypes, the other parts of this header should
be private to file_decomp_swf. */
/* Both ZLIB & LZMA files have an uncompressed eight byte header. The signature is
unsigned hold_count() const;
bool can_hold() const
- { return idle_count() > 5; } // FIXIT-H define appropriate const
+ { return idle_count() > 5; } // FIXIT-RC define appropriate const
bool on_hold(snort::Flow*);
pc.total_alert_pkts++;
#if 0
- // FIXIT-M this should be a generic feature of otn
+ // FIXIT-RC DELETE THIS this should be a generic feature of otn
if ( otn->sigInfo.gid != GID_REPUTATION )
{
/* Don't include IP Reputation events in count */
"Pkt Cnts: Dsz=%u, Alt=%u\n",
(unsigned)p->dsize, (unsigned)p->alt_dsize);
- // FIXIT-L delete alt_dsize (only set by OHI)
uint16_t n = p->alt_dsize > 0 ? p->alt_dsize : p->dsize;
LogBuffer("Packet", p->data, n);
unsigned len;
};
-// FIXIT-L event trace should be placed in its own files
+// FIXIT-RC event trace should be placed in its own files
void EventTrace_Init();
void EventTrace_Term();
if (bytes < (int)pmd->pattern_size)
{
- /* The pattern is all '\0' - use the whole pattern
- * XXX This potentially hurts the performance boost
- * gained by stripping leading zeros */
+ // The pattern is all '\0' - use the whole pattern. This potentially
+ // hurts the performance boost gained by stripping leading zeros.
if (bytes == 0)
{
bytes = pmd->pattern_size;
bool MpseStash::process(MpseMatch match, void* context)
{
if ( !enable )
- return true; // maxed out - quit, FIXIT-H count this condition
+ return true; // maxed out - quit, FIXIT-RC count this condition
if ( count > pmqs.max_inq )
pmqs.max_inq = count;
{
if ( Mpse* so = omd->pg->mpse[pmt] )
{
- // FIXIT-H get the context packet number
+ // FIXIT-H DELETE ME done - get the context packet number
trace_logf(detection, TRACE_FP_SEARCH, "%" PRIu64 " fp %s.%s[%d]\n",
omd->p->context->packet_number, gadget->get_name(), pm_type_strings[pmt], buf.len);
static int CheckAddrPort(sfip_var_t* rule_addr, PortObject* po, Packet* p,
uint32_t flags, int mode)
{
- const SfIp* pkt_addr; /* packet IP address */
- unsigned short pkt_port; /* packet port */
- int global_except_addr_flag = 0; /* global exception flag is set */
- int any_port_flag = 0; /* any port flag set */
- int except_port_flag = 0; /* port exception flag set */
- int ip_match = 0; /* flag to indicate addr match made */
+ const SfIp* pkt_addr;
+ unsigned short pkt_port;
+ int any_port_flag = 0;
+ int ip_match = 0;
/* set up the packet particulars */
if (mode & CHECK_SRC_IP)
pkt_port = p->ptrs.sp;
if (mode & INVERSE)
- {
- global_except_addr_flag = flags & EXCEPT_DST_IP;
any_port_flag = flags & ANY_DST_PORT;
- except_port_flag = flags & EXCEPT_DST_PORT;
- }
else
- {
- global_except_addr_flag = flags & EXCEPT_SRC_IP;
any_port_flag = flags & ANY_SRC_PORT;
- except_port_flag = flags & EXCEPT_SRC_PORT;
- }
}
else
{
pkt_port = p->ptrs.dp;
if (mode & INVERSE)
- {
- global_except_addr_flag = flags & EXCEPT_SRC_IP;
any_port_flag = flags & ANY_SRC_PORT;
- except_port_flag = flags & EXCEPT_SRC_PORT;
- }
else
- {
- global_except_addr_flag = flags & EXCEPT_DST_IP;
any_port_flag = flags & ANY_DST_PORT;
- except_port_flag = flags & EXCEPT_DST_PORT;
- }
}
if (!rule_addr)
goto bail;
- if (!(global_except_addr_flag)) /*modeled after Check{Src,Dst}IP function*/
- {
- if (sfvar_ip_in(rule_addr, pkt_addr))
- ip_match = 1;
- }
- else
- {
- /* global exception flag is up, we can't match on *any*
- * of the source addresses
- */
-
- if (sfvar_ip_in(rule_addr, pkt_addr))
- return 0;
-
- ip_match=1;
- }
+ if (sfvar_ip_in(rule_addr, pkt_addr))
+ ip_match = 1;
bail:
if (!ip_match)
- {
return 0;
- }
/* if the any port flag is up, we're all done (success) */
if (any_port_flag)
- {
return 1;
- }
if (!(mode & (CHECK_SRC_PORT | CHECK_DST_PORT)))
- {
return 1;
- }
/* check the packet port against the rule port */
- if ( !PortObjectHasPort(po,pkt_port) )
- {
- /* if the exception flag isn't up, fail */
- if (!except_port_flag)
- {
- return 0;
- }
- }
- else
- {
- /* if the exception flag is up, fail */
- if (except_port_flag)
- {
- return 0;
- }
- }
+ /* if the exception flag isn't up, fail */
+ if ( !PortObjectHasPort(po, pkt_port) )
+ return 0;
/* ports and address match */
return 1;
if (CheckAddrPort(rtn_idx->dip, CHECK_ADDR_DST_ARGS(rtn_idx), p,
rtn_idx->flags, (CHECK_SRC_IP | INVERSE | (check_ports ? CHECK_SRC_PORT : 0))))
{
- if (!CheckAddrPort(rtn_idx->sip, CHECK_ADDR_SRC_ARGS(rtn_idx), p,
- rtn_idx->flags, (CHECK_DST_IP | INVERSE | (check_ports ? CHECK_DST_PORT : 0))))
+ if (!CheckAddrPort(rtn_idx->sip, CHECK_ADDR_SRC_ARGS(rtn_idx), p, rtn_idx->flags,
+ (CHECK_DST_IP | INVERSE | (check_ports ? CHECK_DST_PORT : 0))))
{
return 0;
}
return 1;
}
-/****************************************************************************
- *
- * Function: CheckSrcIp(Packet *, RuleTreeNode *, RuleFpList *)
- *
- * Purpose: Test the source IP and see if it equals the SIP of the packet
- *
- * Arguments: p => ptr to the decoded packet data structure
- * rtn_idx => ptr to the current rule data struct
- * fp_list => ptr to the current function pointer node
- *
- * Returns: 0 on failure (no match), 1 on success (match)
- *
- ***************************************************************************/
+// Purpose: Test the source IP and see if it equals the SIP of the packet
+// Returns: 0 on failure (no match), 1 on success (match)
int CheckSrcIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ports)
{
- if (!(rtn_idx->flags & EXCEPT_SRC_IP))
- {
- if ( sfvar_ip_in(rtn_idx->sip, p->ptrs.ip_api.get_src()) )
- {
- /* the packet matches this test, proceed to the next test */
- return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports);
- }
- }
- else
+ if ( sfvar_ip_in(rtn_idx->sip, p->ptrs.ip_api.get_src()) )
{
- /* global exception flag is up, we can't match on *any*
- * of the source addresses
- */
- if ( sfvar_ip_in(rtn_idx->sip, p->ptrs.ip_api.get_src()) )
- return 0;
-
+ /* the packet matches this test, proceed to the next test */
return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports);
}
return 0;
}
-/****************************************************************************
- *
- * Function: CheckDstIp(Packet *, RuleTreeNode *, RuleFpList *)
- *
- * Purpose: Test the dest IP and see if it equals the DIP of the packet
- *
- * Arguments: p => ptr to the decoded packet data structure
- * rtn_idx => ptr to the current rule data struct
- * fp_list => ptr to the current function pointer node
- *
- * Returns: 0 on failure (no match), 1 on success (match)
- *
- ***************************************************************************/
+// Purpose: Test the dest IP and see if it equals the DIP of the packet
+// Returns: 0 on failure (no match), 1 on success (match)
int CheckDstIP(Packet* p, RuleTreeNode* rtn_idx, RuleFpList* fp_list, int check_ports)
{
- if (!(rtn_idx->flags & EXCEPT_DST_IP))
- {
- if ( sfvar_ip_in(rtn_idx->dip, p->ptrs.ip_api.get_dst()) )
- {
- /* the packet matches this test, proceed to the next test */
- return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports);
- }
- }
- else
+ if ( sfvar_ip_in(rtn_idx->dip, p->ptrs.ip_api.get_dst()) )
{
- /* global exception flag is up, we can't match on *any*
- * of the source addresses */
- if ( sfvar_ip_in(rtn_idx->dip, p->ptrs.ip_api.get_dst()) )
- return 0;
-
+ /* the packet matches this test, proceed to the next test */
return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next, check_ports);
}
-
return 0;
}
#include "actions/actions.h"
-#define EXCEPT_SRC_IP 0x0001 // FIXIT-L checked but not set, same as 2.X
-#define EXCEPT_DST_IP 0x0002 // FIXIT-L checked but not set, same as 2.X
-#define ANY_SRC_PORT 0x0004
-#define ANY_DST_PORT 0x0008
-#define ANY_FLAGS 0x0010
-#define EXCEPT_SRC_PORT 0x0020
-#define EXCEPT_DST_PORT 0x0040
-#define BIDIRECTIONAL 0x0080
-#define ANY_SRC_IP 0x0100
-#define ANY_DST_IP 0x0200
+#define ANY_SRC_PORT 0x01
+#define ANY_DST_PORT 0x02
+#define ANY_FLAGS 0x04
+#define BIDIRECTIONAL 0x08
+#define ANY_SRC_IP 0x10
+#define ANY_DST_IP 0x20
#define GID_DEFAULT 1
#define GID_SESSION 135
ReferenceSystemNode* ReferenceSystemAdd(snort::SnortConfig*, const char*, const char* = nullptr);
-/* XXX: update to point to the ReferenceURLNode in the referenceURL list */
struct ReferenceNode
{
char* id;
#include "main/snort_types.h"
-#define CB_SUCCESS 0 // FIXIT-L use bool
+#define CB_SUCCESS 0 // FIXIT-RC use bool
#define CB_FAIL (-1)
// Opaque buffer element type. This would be defined by the application.
void cbuffer_free(CircularBuffer* cb);
-int cbuffer_is_full(CircularBuffer* cb); // FIXIT-L use bool
-int cbuffer_is_empty(CircularBuffer* cb); // FIXIT-L use bool
+int cbuffer_is_full(CircularBuffer* cb); // FIXIT-RC use bool
+int cbuffer_is_empty(CircularBuffer* cb); // FIXIT-RC use bool
// Returns number of elements in use
uint64_t cbuffer_used(CircularBuffer* cb);
#include "circular_buffer.h"
-#define FILE_MEM_SUCCESS 0 // FIXIT-L use bool
+#define FILE_MEM_SUCCESS 0 // FIXIT-RC use bool
#define FILE_MEM_FAIL (-1)
class FileMemPool
void show_dynamic_stats() override;
- // FIXIT-L delete file_id gid when bogus rules are eliminated
- // (this ensures those rules don't fire on every packet)
- unsigned get_gid() const override
- { return 146; }
-
private:
FileMagicRule rule;
FileMagicData magic;
processed_total[0], processed_total[1]);
#if 0
- LogLabel("file type verdicts"); // FIXIT-L what's up with this code
+ LogLabel("file type verdicts"); // FIXIT-RC should be fixed
uint64_t verdicts_total = 0;#include "file_capture.h"
for (unsigned i = 0; i < FILE_VERDICT_MAX; i++)
#ifndef FILE_STATS_H
#define FILE_STATS_H
-// FIXIT-M This will be refactored soon
-
#include "framework/counts.h"
#include "main/thread.h"
while ( flow and pruned <= cleanup_flows )
{
#if 0
- // FIXIT-H this loops forever if 1 flow in cache
+ // FIXIT-RC this loops forever if 1 flow in cache
if (flow == save_me)
{
break;
void FlowControl::preemptive_cleanup()
{
- // FIXIT-H is there a possibility of this looping forever?
+ // FIXIT-RC is there a possibility of this looping forever?
while ( memory::MemoryCap::over_threshold() )
{
if ( !prune_one(PruneReason::PREEMPTIVE, true) )
void init_vlan(uint16_t);
void init_address_space(uint16_t);
- // XXX If this data structure changes size, compare must be updated!
+ // If this data structure changes size, compare must be updated!
static uint32_t hash(HashFnc*, const unsigned char* d, int);
static int compare(const void* s1, const void* s2, size_t);
if ( /*hs_error_t err =*/ hs_alloc_scratch(config.db, &s_scratch) )
{
- // FIXIT-L why is this failing but everything is working?
+ // FIXIT-RC why is this failing but everything is working?
//ParseError("can't initialize regex for '%s' (%d) %p",
// config.re.c_str(), err, s_scratch);
}
// and then clone to thread specific after all rules are loaded. s_scratch is
// a prototype that is large enough for all uses.
-// FIXIT-L Determine if it's worthwhile to use a single scratch space for both
-// "regex" and "sd_pattern" keywords.
-// FIXIT-L See ips_regex.cc for more information.
static hs_scratch_t* s_scratch = nullptr;
static unsigned scratch_index;
for ( int i = 0; i < root.num_children; ++i )
{
auto& child_state = root.children[i]->state[get_instance_id()];
- // FIXIT-L rename to something like latency_timeout_count
++child_state.latency_timeouts;
++child_state.latency_suspends;
}
{
for ( int i = 0; i < root.num_children; ++i )
{
- // FIXIT-L rename to something like latency_timeout_count
++root.children[i]->state[get_instance_id()].latency_timeouts;
}
}
break;
case ICMP_REDIRECT:
-// XXX-IPv6 "NOT YET IMPLEMENTED - ICMP printing"
+ // FIXIT-L IPv6 not yet implemented - ICMP printing
break;
case ICMP_ECHO:
break;
}
-/* written this way since inet_ntoa was typedef'ed to use sfip_ntoa
- * which requires SfIp instead of inaddr's. This call to inet_ntoa
- * is a rare case that doesn't use SfIp's. */
-
-// XXX-IPv6 NOT YET IMPLEMENTED - IPV6 addresses technically not supported - need to change ICMP
-
- /* no inet_ntop in Windows */
+ // FIXIT-L IPv6 NOT YET IMPLEMENTED - need to change ICMP
snort_inet_ntop(AF_INET, (const void*)(&p->ptrs.icmph->s_icmp_gwaddr.s_addr),
buf, sizeof(buf));
TextLog_Print(log, " NEW GW: %s", buf);
SO_PUBLIC void WarningMessage(const char*, ...) __attribute__((format (printf, 1, 2)));
SO_PUBLIC void ErrorMessage(const char*, ...) __attribute__((format (printf, 1, 2)));
-// FIXIT-M do not call FatalError() during runtime
+// FIXIT-RC do not call FatalError() during runtime
[[noreturn]] SO_PUBLIC void FatalError(const char*, ...) __attribute__((format (printf, 1, 2)));
NORETURN_ASSERT void log_safec_error(const char*, void*, int);
// #define UNIFIED2_IDS_EVENT_IPV6 72
// #define UNIFIED2_IDS_EVENT_MPLS 99
// #define UNIFIED2_IDS_EVENT_IPV6_MPLS 100
+// #define UNIFIED2_IDS_EVENT_APPSTAT 113
// CURRENT
#define UNIFIED2_PACKET 2
#define UNIFIED2_IDS_EVENT_VLAN 104 // legacy_events
#define UNIFIED2_IDS_EVENT_IPV6_VLAN 105 // legacy_events
#define UNIFIED2_EXTRA_DATA 110
-#define UNIFIED2_IDS_EVENT_APPSTAT 113 // FIXIT-L owned by appid (should have own # space)
#define UNIFIED2_EVENT3 114
#define MAX_EVENT_APPNAME_LEN 64
if ( first )
first = false;
else
- // FIXIT-M need to check csv_log for nullptr
+ // FIXIT-RC need to check csv_log for nullptr
TextLog_Puts(csv_log, sep.c_str());
f(a);
#include <lua.hpp>
-#define LUA_DIR_SEP '/' // FIXIT-L do we really want to hardcode this?
+#define LUA_DIR_SEP '/'
#define SCRIPT_DIR_VARNAME "SCRIPT_DIR"
namespace Lua
#ifdef PIGLET
if ( Piglet::piglet_mode() )
{
- // FIXIT-L the early return means that piglet and catch tests cannot
- // be run in the same process
main_exit_code = Piglet::main();
return false;
}
void ACGetStats::execute(Analyzer&)
{
- // FIXIT-P This incurs locking on all threads to retrieve stats. It could be reimplemented to
- // optimize for large thread counts by retrieving stats in the command and accumulating in the
- // main thread.
+
+ // FIXIT-P This incurs locking on all threads to retrieve stats. It
+ // could be reimplemented to optimize for large thread counts by
+ // retrieving stats in the command and accumulating in the main thread.
ModuleManager::accumulate(snort::SnortConfig::get_conf());
}
ACGetStats::~ACGetStats()
{
- // FIXIT-L This should track the owner so it can dump stats to the shell instead of the logs
- // when initiated by a shell command
+
+ // FIXIT-L This should track the owner so it can dump stats to the
+ // shell instead of the logs when initiated by a shell command
DropStats();
}
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
-static const Parameter profiler_params[] = // FIXIT-L add help
+static const Parameter profiler_params[] =
{
{ "modules", Parameter::PT_TABLE, profiler_time_params, nullptr,
"module time profiling" },
#define MODULES_H
// this is for builtin module initialization.
-// ideally, modules.cc would be refactored and several files.
+// ideally, modules.cc would be refactored into several files.
#include "framework/counts.h"
#include "main/snort_debug.h"
static void pass_pkts(Packet*) { }
static MainHook_f main_hook = pass_pkts;
-static void set_policy(Packet* p) // FIXIT-M delete this?
+static void set_policy(Packet* p)
{
set_default_policy();
p->user_inspection_policy_id = get_inspection_policy()->user_policy_id;
if ( scratch_handlers[i - 1].second )
scratch_handlers[i - 1].second(this);
}
- // FIXIT-T: Do we need to shrink_to_fit() state->scratch at this point?
+ // FIXIT-L: Do we need to shrink_to_fit() state->scratch at this point?
}
FreeRuleLists(this);
FastPatternConfig* fast_pattern_config = nullptr;
EventQueueConfig* event_queue_config = nullptr;
- /* XXX XXX policy specific? */
+ /* policy specific? */
ThresholdConfig* threshold_config = nullptr;
RateFilterConfig* rate_filter_config = nullptr;
DetectionFilterConfig* detection_filter_config = nullptr;
for ( auto& p : s_actors )
if ( p.api == api )
{
- //assert(!p.act); FIXIT-H memory leak on reload; move to SnortConfig?
+ //assert(!p.act); FIXIT-RC memory leak on reload; move to SnortConfig?
p.act = act;
break;
}
set_default_policy();
InspectionPolicy* pi = snort::get_inspection_policy();
- // FIXIT-H Any inspectors that were once configured/instantiated but no longer exist in the conf
- // cannot have their instance tterm() called and will leak!
+ // FIXIT-RC Any inspectors that were once configured/instantiated but
+ // no longer exist in the conf cannot have their instance tterm()
+ // called and will leak!
+
if ( pi && pi->framework_policy )
{
for ( auto* p : pi->framework_policy->ilist )
sfksearch_print_qinfo();
acsmx2_print_qinfo();
}
-
-// this is commented out of snort.cc
-// combine with above?
-void MpseManager::print_search_engine_stats()
-{
- IntelPmPrintBufferStats();
-}
-
#endif
#ifdef PIGLET
// lua foo
//-------------------------------------------------------------------------
-// FIXIT-L could be a template
+// could be a template
static bool get_field(lua_State* L, const char* key, int& value)
{
lua_pushstring(L, key);
// Email attachment decoder, supports Base64, QP, UU, and Bit7/8
#include "framework/counts.h"
+#include "main/snort_types.h"
#include "mime/decode_base.h"
#include "mime/file_mime_config.h"
+namespace snort
+{
+
enum DecodeType
{
DECODE_NONE = 0,
PegCount bitenc_bytes;
};
-class MimeDecode
+class SO_PUBLIC MimeDecode
{
public:
MimeDecode(snort::DecodeConfig* conf);
DataDecode* decoder = nullptr;
};
+} // namespace snort
+
#endif
// Email headers and emails are also stored in the log buffer
#include <cstdint>
+#include "main/snort_types.h"
enum EmailUserType
{
class Flow;
}
-class MailLogState
+class SO_PUBLIC MailLogState
{
public:
MailLogState(MailLogConfig* conf);
if (data_state == STATE_DATA_INIT)
data_state = STATE_DATA_HEADER;
- /* XXX A line starting with a '.' that isn't followed by a '.' is
+ /* A line starting with a '.' that isn't followed by a '.' is
* deleted (RFC 821 - 4.5.2. TRANSPARENCY). If data starts with
* '. text', i.e a dot followed by white space then text, some
* servers consider it data header and some data body.
if (normalize_data(start, end) < 0)
return nullptr;
- /* now we shouldn't have to worry about copying any data to the alt buffer
- * * only mime headers if we find them and only if we're ignoring data */
+
+ // now we shouldn't have to worry about copying any data to the alt buffer
+ // only mime headers if we find them and only if we're ignoring data
while ((start != nullptr) && (start < end))
{
mime_hdr_search_mpse->prep();
}
-// Free anything that needs it before shutting down preprocessor
void MimeSession::exit()
{
if (mime_hdr_search_mpse != nullptr)
#include "appid_config.h"
#include "appid_inspector.h"
#include "appid_peg_counts.h"
-#include "log/messages.h"
#include "log/unified2.h"
#include "main/snort_config.h"
#include "target_based/snort_protocols.h"
/* snort service key, if it exists */
token = strtok_r(nullptr, CONF_SEPARATORS, &context);
- // FIXIT-H: Sometimes the token is "~". Should we ignore those?
+ // FIXIT-RC: Sometimes the token is "~". Should we ignore those?
if (token)
entry->snort_protocol_id = add_appid_protocol_reference(token, sc);
snort_free((void*)app_detector_dir);
}
-//FIXIT-M: RELOAD - move initialization back to AppIdConfig
-//class constructor
+// FIXIT-M: RELOAD - move initialization back to AppIdConfig class constructor
AppInfoManager& AppIdConfig::app_info_mgr = AppInfoManager::get_instance();
AppIdConfig::AppIdConfig(AppIdModuleConfig* config)
cleanup();
}
-//FIXIT-M: RELOAD - Move app info table cleanup back
-//to AppId config destructor - cleanup()
+// FIXIT-M: RELOAD - Move app info table cleanup back to AppId config destructor - cleanup()
void AppIdConfig::pterm()
{
AppIdConfig::app_info_mgr.cleanup_appid_info_table();
bool AppIdConfig::init_appid(SnortConfig* sc, AppIdInspector *ins)
{
- //FIXIT -M: RELOAD - Get rid of "once" flag
- //Handle the if condition in AppIdConfig::init_appid
+ // FIXIT-M: RELOAD - Get rid of "once" flag
+ // Handle the if condition in AppIdConfig::init_appid
static bool once = false;
if (!once)
{
void process_config_directive(char* toklist[], int /* reload */);
int load_analysis_config(const char* config_file, int reload, int instance_id);
void display_port_config();
- //FIXIT-M: RELOAD - Remove static, once app_info_mgr cleanup is
- //removed from AppIdConfig::pterm
+ // FIXIT-M: RELOAD - Remove static, once app_info_mgr cleanup is
+ // removed from AppIdConfig::pterm
static AppInfoManager& app_info_mgr;
};
{ nullptr, nullptr, nullptr, nullptr }
};
-// FIXIT-M Add appid_rules back in once we start using it.
-#ifdef REMOVED_WHILE_NOT_IN_USE
-static const RuleMap appid_rules[] =
-{
- { 0 /* rule id */, "description" },
- { 0, nullptr }
-};
-#endif
-
static const PegInfo appid_pegs[] =
{
{ CountType::SUM, "packets", "count of packets received" },
snort_free(firewall_early_data);
}
-// FIXIT-L X Move this to somewhere more generally available/appropriate.
+// FIXIT-RC X Move this to somewhere more generally available/appropriate (decode_data.h).
static inline PktType get_pkt_type_from_ip_proto(IpProtocol proto)
{
switch (proto)
assert(type != PktType::NONE);
- // FIXIT-M - port parameter passed in as 0 since we may not know client port, verify this is
- // correct
+ // FIXIT-RC - port parameter passed in as 0 since we may not know client port, verify
+
AppIdSession* asd = new AppIdSession(proto, cliIp, 0, inspector);
asd->common.policyId = asd->config->appIdPolicyId;
AppId misc_app_id = APP_ID_NONE;
- // FIXIT-M netbios_name is never set to a valid value
+ // FIXIT-RC netbios_name is never set to a valid value; set when netbios_domain is set?
char* netbios_name = nullptr;
char* netbios_domain = nullptr;
if (fd->pos >= fd->plen)
{
offset++;
- // FIXIT-L if offset > size then there is probably a D-H Key Exchange Init packet
- // in this payload
- // For now parsing the Key Exchange Init is good enough to declare valid key
- // exchange but for
- // future enhance parsing to validate the D-H Key Exchange Init.
+
+ // FIXIT-L if offset > size then there is probably a D-H
+ // Key Exchange Init packet in this payload. For now parsing
+ // the Key Exchange Init is good enough to declare valid
+ // key exchange but for future enhance parsing to validate
+ // the D-H Key Exchange Init.
+
if (offset == size)
return APPID_SUCCESS;
else
void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, const SfIp* cliIp,
uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol proto, int16_t app_id)
{
- // FIXIT-H: Passing app_id instead of SnortProtocolId to create_future_session is incorrect. We need to look up snort_protocol_id.
- AppIdSession* fp = AppIdSession::create_future_session(pkt, cliIp, cliPort, srvIp, srvPort,
- proto, app_id, APPID_EARLY_SESSION_FLAG_FW_RULE, handler->get_inspector());
+ // FIXIT-RC: Passing app_id instead of SnortProtocolId to
+ // create_future_session is incorrect. We need to look up
+ // snort_protocol_id.
+
+ AppIdSession* fp = AppIdSession::create_future_session(
+ pkt, cliIp, cliPort, srvIp, srvPort, proto, app_id,
+ APPID_EARLY_SESSION_FLAG_FW_RULE, handler->get_inspector());
+
if ( fp )
{
fp->client.set_id(asd.client.get_id());
fp->payload.set_id(asd.payload.get_id());
fp->service.set_id(APP_ID_RTP);
+
// FIXIT-H : snort 2.9.x updated the flag to APPID_SESSION_EXPECTED_EVALUATE.
// Check if it is needed here as well.
//initialize_expected_session(asd, fp, APPID_SESSION_EXPECTED_EVALUATE);
- initialize_expected_session(asd, *fp, APPID_SESSION_IGNORE_ID_FLAGS, APP_ID_APPID_SESSION_DIRECTION_MAX);
+
+ initialize_expected_session(
+ asd, *fp, APPID_SESSION_IGNORE_ID_FLAGS, APP_ID_APPID_SESSION_DIRECTION_MAX);
}
// create an RTCP flow as well
- AppIdSession* fp2 = AppIdSession::create_future_session(pkt, cliIp, cliPort + 1, srvIp,
- srvPort + 1, proto, app_id, APPID_EARLY_SESSION_FLAG_FW_RULE, handler->get_inspector());
+
+ AppIdSession* fp2 = AppIdSession::create_future_session(
+ pkt, cliIp, cliPort + 1, srvIp, srvPort + 1, proto, app_id,
+ APPID_EARLY_SESSION_FLAG_FW_RULE, handler->get_inspector());
+
if ( fp2 )
{
fp2->client.set_id(asd.client.get_id());
fp2->payload.set_id(asd.payload.get_id());
fp2->service.set_id(APP_ID_RTCP);
+
// FIXIT-H : same comment as above
//initialize_expected_session(asd, fp2, APPID_SESSION_EXPECTED_EVALUATE);
- initialize_expected_session(asd, *fp2, APPID_SESSION_IGNORE_ID_FLAGS, APP_ID_APPID_SESSION_DIRECTION_MAX);
+
+ initialize_expected_session(
+ asd, *fp2, APPID_SESSION_IGNORE_ID_FLAGS, APP_ID_APPID_SESSION_DIRECTION_MAX);
}
}
{ SIP_PORT, IpProtocol::TCP, false }
};
- // FIXIT - detector instance in each packet thread is calling this single sip event handler,
- // last guy end wins, works now because it is all the same but this is not right...
+ // FIXIT-RC - detector instance in each packet thread is calling this
+ // single sip event handler, last guy end wins, works now because it is
+ // all the same but this is not right...
+ // Does this still apply?
+
handler->get_inspector().get_sip_event_handler().set_service(this);
handler->register_detector(name, this, proto);
}
* including the NUL terminating character.
*/
// FIXIT-M - refactor this to reduce the number of function parameters
-int SmtpClientDetector::extract_version_and_add_client_app(AppId clientId, const int prefix_len,
- const uint8_t* product, const uint8_t* product_end, ClientSMTPData* const client_data,
- AppIdSession& asd, AppId appId, AppidChangeBits& change_bits)
+int SmtpClientDetector::extract_version_and_add_client_app(
+ AppId clientId, const int prefix_len, const uint8_t* product, const uint8_t* product_end,
+ ClientSMTPData* const client_data, AppIdSession& asd, AppId appId,
+ AppidChangeBits& change_bits)
{
uint8_t* v_end = client_data->version + MAX_VERSION_SIZE - 1;
if (fd->code == 220)
{
dd->client.flags |= CLIENT_FLAG_STARTTLS_SUCCESS;
- //FIXIT-M: FIXIT-M: Revisit SSL decryption countdown after isSSLPolicyEnabled() is ported.
- //Can we use Flow::is_proxied() here?
+
+ // FIXIT-M: Revisit SSL decryption countdown after isSSLPolicyEnabled()
+ // is ported. Can we use Flow::is_proxied() here?
#if 0
if (_dpd.isSSLPolicyEnabled(NULL))
#endif
+
dd->client.decryption_countdown = SSL_WAIT_PACKETS; // start a countdown
#if 0
else
return 1;
}
-// FIXIT-M: Is this still necessary now that we use inspection events?
+// FIXIT-RC: Is this still necessary now that we use inspection events?
void HttpPatternMatchers::get_http_offsets(snort::Packet* pkt, AppIdHttpSession* hsession)
{
constexpr auto MIN_HTTP_REQ_HEADER_SIZE = (sizeof("GET /\r\n\r\n") - 1);
int index = 1;
IpProtocol protocol = (IpProtocol)lua_tonumber(L, ++index);
- uint16_t port = 0; //port = lua_tonumber(L, ++index); FIXIT-L - why commented out?
+ uint16_t port = 0; // port = lua_tonumber(L, ++index); FIXIT-RC - why commented out?
const char* pattern = lua_tolstring(L, ++index, &patternSize);
unsigned position = lua_tonumber(L, ++index);
AppId appId = lua_tointeger(L, ++index);
};
-//FIXIT-M: RELOAD - Don't use this class,
-//required now to store LSD objects
+// FIXIT-M: RELOAD - Don't use this class, required now to store LSD objects
class LuaObject {
public:
lua_getfield(L, -1, lsd->package_info.cleanFunctionName.c_str());
if ( lua_isfunction(L, -1) )
{
- //FIXIT-M: RELOAD - use lua references to get user data object from stack
- //first parameter is DetectorUserData
+ // FIXIT-M: RELOAD - use lua references to get user data object from stack
+ // first parameter is DetectorUserData
std::string name = lsd->package_info.name + "_";
lua_getglobal(L, name.c_str());
return;
lua_detector_mgr = new LuaDetectorManager(config, is_control);
+
if (!lua_detector_mgr->L)
- FatalError("Error - appid: can not create new luaState, instance=%u\n", get_instance_id());
+ FatalError("Error - appid: can not create new luaState, instance=%u\n",
+ get_instance_id());
lua_detector_mgr->initialize_lua_detectors();
lua_detector_mgr->activate_lua_detectors();
{
public:
ServiceDetector();
+
void do_custom_init() override { }
void release_thread_resources() override { }
void register_appid(AppId, unsigned extractsInfo) override;
+
int service_inprocess(AppIdSession&, const snort::Packet*, AppidSessionDirection dir);
- int add_service(AppidChangeBits&, AppIdSession&, const snort::Packet*, AppidSessionDirection dir, AppId,
- const char* vendor = nullptr, const char* version = nullptr,
- const snort::AppIdServiceSubtype* = nullptr);
+
+ int add_service(AppidChangeBits&, AppIdSession&, const snort::Packet*,
+ AppidSessionDirection, AppId, const char* vendor = nullptr,
+ const char* version = nullptr, const snort::AppIdServiceSubtype* = nullptr);
+
int add_service_consume_subtype(AppIdSession&, const snort::Packet*,
AppidSessionDirection dir, AppId, const char* vendor, const char* version,
snort::AppIdServiceSubtype*, AppidChangeBits&);
+
int incompatible_data(AppIdSession&, const snort::Packet*, AppidSessionDirection dir);
int fail_service(AppIdSession&, const snort::Packet*, AppidSessionDirection dir);
uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol proto,
int flags, AppidSessionDirection dir)
{
- //FIXIT-M - Avoid thread locals
+ // FIXIT-M - Avoid thread locals
static THREAD_LOCAL SnortProtocolId ftp_data_snort_protocol_id = UNKNOWN_PROTOCOL_ID;
if(ftp_data_snort_protocol_id == UNKNOWN_PROTOCOL_ID)
ftp_data_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("ftp-data");
uint32_t port = 0;
const uint8_t* data = args.data;
uint16_t size = args.size;
- //FIXIT-M - Avoid thread locals
+ // FIXIT-M - Avoid thread locals
static THREAD_LOCAL SnortProtocolId rexec_snort_protocol_id = UNKNOWN_PROTOCOL_ID;
ServiceREXECData* rd = (ServiceREXECData*)data_get(args.asd);
{
if (rpc->r_name)
{
- // FIXIT-M - the memory allocate here may not be freed...
+ // FIXIT-RC - the memory allocated here may not be freed...
prog = (RPCProgram*)snort_calloc(sizeof(RPCProgram));
prog->program = rpc->r_number;
prog->next = rpc_programs;
uint32_t val = 0;
const uint8_t* end = nullptr;
const RPCProgram* rprog = nullptr;
- //FIXIT-M - Avoid thread locals
+ // FIXIT-M - Avoid thread locals
static THREAD_LOCAL SnortProtocolId sunrpc_snort_protocol_id = UNKNOWN_PROTOCOL_ID;
if (!size)
case RSHELL_STATE_STDERR_CONNECT_SYN_ACK:
if (rd->parent && rd->parent->state == RSHELL_STATE_SERVER_CONNECT)
rd->parent->state = RSHELL_STATE_USERNAME;
- args.asd.set_service_detected(); // FIXIT-M why is this set here and not when add_service is called?
+ // FIXIT-M why is this set here and not when add_service is called?
+ args.asd.set_service_detected();
return APPID_SUCCESS;
default:
goto bail;
const SfIp* dip = p->ptrs.ip_api.get_dst();
const SfIp* sip = p->ptrs.ip_api.get_src();
- // FIXIT-H: Passing appId to create_future_session() is incorrect. We need to pass the snort_protocol_id associated with appId.
- AppIdSession* asd = AppIdSession::create_future_session(p, sip, 0, dip, p->ptrs.dp, IpProtocol::TCP,
- appId, 0, inspector);
+ // FIXIT-H: Passing appId to create_future_session() is incorrect. We
+ // need to pass the snort_protocol_id associated with appId.
+ AppIdSession* asd = AppIdSession::create_future_session(
+ p, sip, 0, dip, p->ptrs.dp, IpProtocol::TCP, appId, 0, inspector);
+
if ( asd )
{
switch (type)
// service_rsync_test.cc author Steve Chew <stechew@cisco.com>
// unit test for service_rsync
-// FIXIT-M - unit tests disabled until mocking support can be figured out
+// FIXIT-RC - unit tests disabled until mocking support can be figured out
#ifdef HAVE_CONFIG_H
#include "config.h"
else if ( ( packet_time() - sds->get_reset_time() ) >= 60 )
{
AppIdServiceState::remove(ip, IpProtocol::TCP, port, asd.is_decrypted());
- // FIXIT-L - Remove if this flag not used anywhere
+ // FIXIT-RC - Remove if this flag not used anywhere
asd.set_session_flags(APPID_SESSION_SERVICE_DELETED);
}
}
void AppIdServiceState::dump_stats()
{
- // FIXIT-L - do we need to keep ipv4 and ipv6 separate?
+ // FIXIT-L - do we need to keep ipv4 and ipv6 separate? CRC: No.
#if 0
LogMessage("Service State:\n");
if (serviceStateCache4)
//
// Or, register observers with THirdPartyAppIDAttributeData and modify the
// set functions to copy the tp buffers directly into the appropriate observer.
+//
+// Or, replace ThirdParty with 1st Party http_inspect.
static inline void process_http_session(AppIdSession& asd,
ThirdPartyAppIDAttributeData& attribute_data, AppidChangeBits& change_bits)
{
// 5. Call write to output the current values in each field.
//
// init_output should be implemented where metadata needs to be written on
-// ouput open.
+// output open.
//
#include <ctime>
const char* file_name = fname.c_str();
bool existed = false;
- /*Check file before change permission*/
+ // Check file before change permission
if (stat(file_name, &pt) == 0)
{
existed = true;
- /*Only change permission for file owned by root*/
+ // Only change permission for file owned by root
if ((0 == pt.st_uid) || (0 == pt.st_gid))
{
if (chmod(file_name, mode) != 0)
PortscanConfig* get_data();
+ // FIXIT-M this should eventually be CONTEXT.
+ // Set to GLOBAL so this isn't selected away when inspection policy switches
Usage get_usage() const override
- { return GLOBAL; } // FIXIT-M this should eventually be CONTEXT.
- // Set to GLOBAL so this isn't selected away when inspection policy switches
+ { return GLOBAL; }
private:
PS_ALERT_CONF* get_alert_conf(const char* fqn);
void ParseConfigFile(snort::SnortConfig*, const char* fname);
void ParseConfigString(snort::SnortConfig*, const char* str);
+void ParseIpVar(snort::SnortConfig*, const char* name, const char* s);
void parse_include(snort::SnortConfig*, const char*);
void AddRuleState(snort::SnortConfig*, const RuleState&);
{
ParseError("Pure NOT ports are not allowed.");
return -1;
- /*
- if( dst_flag )
- rtn->flags |= EXCEPT_DST_PORT;
- else
- rtn->flags |= EXCEPT_SRC_PORT;
- */
}
/*
}
else
{
- /* Attach the proper port checking function to the function list */
- /*
- * the in-line "if's" check to see if the "any" or "not" flags have
- * been set so the PortToFunc call can determine which port testing
- * function to attach to the list
- */
- PortToFunc(rtn, (rtn->flags & ANY_DST_PORT) ? 1 : 0,
- (rtn->flags & EXCEPT_DST_PORT) ? 1 : 0, DST);
-
- /* as above */
- PortToFunc(rtn, (rtn->flags & ANY_SRC_PORT) ? 1 : 0,
- (rtn->flags & EXCEPT_SRC_PORT) ? 1 : 0, SRC);
-
- /* link in the proper IP address detection function */
- AddrToFunc(rtn, SRC);
+ PortToFunc(rtn, (rtn->flags & ANY_DST_PORT) ? 1 : 0, 0, DST);
+ PortToFunc(rtn, (rtn->flags & ANY_SRC_PORT) ? 1 : 0, 0, SRC);
- /* last verse, same as the first (but for dest IP) ;) */
+ AddrToFunc(rtn, SRC);
AddrToFunc(rtn, DST);
}
- /* tack the end (success) function to the list */
AddRuleFuncToList(RuleListEnd, rtn);
}
VarDefine(sc, varbuf, valbuf);
}
-/****************************************************************************
- *
- * Function : DefineAllIfaceVars()
- * Purpose : Find all up interfaces and define iface_ADDRESS vars for them
- * Arguments : none
- * Returns : void function
- *
- ****************************************************************************/
+// Find all up interfaces and define iface_ADDRESS vars for them
static void DefineAllIfaceVars(SnortConfig* sc)
{
else
p->id = var_id;
-#ifdef XXXXXXX
+#if 0
vlen = strlen(value);
LogMessage("Var '%s' defined, value len = %d chars", p->name, vlen);
if ((ipvar = sfvt_lookup_var(ip_vartable, name)) != nullptr)
return ExpandVars(sc, ipvar->value);
- /* XXX Return a string value */
if (PortVarTableFind(portVarTable, name))
return name;
return nullptr;
}
-/****************************************************************************
- *
- * Function: ExpandVars()
- *
- * Purpose: expand all variables in a string
- *
- * Arguments:
- * SnortConfig *
- * The snort config that has the vartables.
- * char *
- * The name of the variable.
- *
- * Returns:
- * char *
- * The expanded string. Note that the string is returned in a
- * static variable and most likely needs to be string dup'ed.
- *
- ***************************************************************************/
+ // The expanded string. Note that the string is returned in a
+ // static variable and most likely needs to be string dup'ed.
const char* ExpandVars(SnortConfig* sc, const char* string)
{
static char estring[ 65536 ]; // FIXIT-L convert this foo to a std::string
VarEntry* VarDefine(snort::SnortConfig*, const char* name, const char* value);
int PortVarDefine(snort::SnortConfig*, const char* name, const char* s);
-// FIXIT-L put ParseIpVar() definition and declaration in matching files
-void ParseIpVar(snort::SnortConfig*, const char* name, const char* s);
-
VarEntry* VarAlloc();
void DeleteVars(VarEntry* var_table);
void AddVarToTable(snort::SnortConfig*, const char*, const char*);
{
int main()
{
- // FIXIT-M allow user selection of output/result functions
+ // FIXIT-L allow user selection of output/result functions
if ( Runner::run_all(verbose_output) )
return 0;
const Api* get_api()
{ return api; }
- std::string get_error()
- { return error; }
-
protected:
lua_State* L;
std::string target;
snort::Module* module;
snort::SnortConfig* snort_conf;
- std::string error; // FIXIT-L unused
-
- void set_error(const std::string& s) // FIXIT-L unused
- { error = s; }
-
private:
const Api* api;
};
static void register_module(const char*, const char*, snort::Module*);
static void register_module(const char*, const char*, snort::get_profile_stats_fn);
- // FIXIT-L do we need to call on main thread?
+ // FIXIT-RC do we need to call on main thread? we should know the answer by now.
// call from packet threads, just before thread termination
static void consolidate_stats();
static void reset_stats();
#include "rule_profiler.h"
-//#include <functional>
-//#include <iostream>
-//#include <sstream>
-//#include <vector>
+#include <algorithm>
+#include <functional>
+#include <iostream>
+#include <sstream>
+#include <vector>
// this include eventually leads to possible issues with std::chrono:
// 1. Undefined or garbage value returned to caller (rep count())
$<TARGET_OBJECTS:dns>
$<TARGET_OBJECTS:ftp_telnet>
$<TARGET_OBJECTS:gtp_inspect>
+ $<TARGET_OBJECTS:imap>
$<TARGET_OBJECTS:modbus>
+ $<TARGET_OBJECTS:pop>
$<TARGET_OBJECTS:rpc_decode>
+ $<TARGET_OBJECTS:smtp>
$<TARGET_OBJECTS:ssh>
$<TARGET_OBJECTS:wizard>
)
set(STATIC_SERVICE_INSPECTOR_PLUGINS
$<TARGET_OBJECTS:http_inspect>
$<TARGET_OBJECTS:http2_inspect>
- $<TARGET_OBJECTS:imap>
- $<TARGET_OBJECTS:pop>
$<TARGET_OBJECTS:sip>
- $<TARGET_OBJECTS:smtp>
$<TARGET_OBJECTS:ssl>
${STATIC_INSPECTOR_OBJS}
CACHE INTERNAL "STATIC_SERVICE_INSPECTOR_PLUGINS"
/* This should be set if we've gotten a Bind */
if (cot->ctx_ids == nullptr)
return DCE2_RET__ERROR;
+
+ // FIXIT-M these Profile aren't actually helping ...
if (sd->trans == DCE2_TRANS_TYPE__TCP)
{
Profile profile(dce2_tcp_pstat_co_ctx);
{
Profile profile(dce2_smb_pstat_co_ctx);
}
- // FIXIT-M add HTTP, UDP cases when these are ported
- // same for all other instances of profiling
+ // FIXIT-M add missing cases (HTTP, UDP, ...)
DCE2_CoCtxIdNode* ctx_id_node =
(DCE2_CoCtxIdNode*)DCE2_ListFind(cot->ctx_ids, (void*)(uintptr_t)ctx_id);
}
else
{
- /* XXX - Not FTP or Telnet */
+ /* Not FTP or Telnet */
assert(false);
p->flow->free_flow_data(FtpFlowData::inspector_id);
return 0;
return FTPP_SUCCESS;
}
-/*
- * Function: ftp_cmd_lookup_add(CMD_LOOKUP *CmdLookup,
- * char *ip, int len,
- * FTP_CMD_CONF *FTPCmd)
- *
- * Purpose: Add a cmd configuration to the list.
- * We add these keys like you would normally think to add
- * them, because on low endian machines the least significant
- * byte is compared first. This is what we want to compare
- * IPs backward, doesn't work on high endian machines, but oh
- * well. Our platform is Intel. FIXIT-L say what? endian madness
- *
- * Arguments: CmdLookup => a pointer to the lookup structure
- * cmd => the ftp cmd
- * len => Length of the cmd
- * FTPCmd => a pointer to the cmd configuration structure
- *
- * Returns: int => return code indicating error or success
- *
- */
int ftp_cmd_lookup_add(CMD_LOOKUP* CmdLookup, const char* cmd, int len,
FTP_CMD_CONF* FTPCmd)
{
if(expected_seg_size == 0)
{
// FIXIT-M: Can we do better than this guess if no MSS is specified?
- // Malware detection won't work if expected_seg_size
- // doesn't match the payload lengths on packets before
- // the last packet.
+ // Malware detection won't work if expected_seg_size doesn't match
+ // the payload lengths on packets before the last packet.
expected_seg_size = 1448;
if(flow->session and flow->pkt_type == PktType::TCP)
static const int DATA_SECTION_SIZE = 16384;
static const int FRAME_HEADER_LENGTH = 9;
-// FIXIT-M need to replace with a real number
+// FIXIT-RC need to replace with a real number. CRC: use 120.
static const uint32_t HTTP2_GID = 219;
// Message originator--client or server
JSNormalizeDecode(js_start, (uint16_t)(end-js_start), (char*)buffer+index,
(uint16_t)(input.length() - index), &ptr, &bytes_copied, &js,
uri_param.iis_unicode ? uri_param.unicode_map : nullptr);
+
index += bytes_copied;
}
else
static const HeaderNormalizer* const header_norms[];
// All of these are indexed by the relative position of the header field in the message
- static const int MAX_HEADERS = 200; // I'm an arbitrary number. FIXIT-L
+ static const int MAX_HEADERS = 200; // I'm an arbitrary number. FIXIT-RC
static const int MAX_HEADER_LENGTH = 4096; // Based on max cookie size of some browsers
void parse_header_block();
{
for (int32_t k=0; table[k].name != nullptr; k++)
{
- if ((text_len == (int)strlen(table[k].name)) && (memcmp(text, table[k].name, text_len) ==
- 0))
+ if ((text_len == (int)strlen(table[k].name)) &&
+ (memcmp(text, table[k].name, text_len) == 0))
{
return table[k].code;
}
#if defined(__clang__)
// Designated initializers are not supported in C++11. However we're going to play compilation
-// roulette and hopes this works.
+// roulette and hope this works.
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wc99-extensions"
#endif
imap_module.h
)
-# can't be be linked dynamically yet
-#if (STATIC_INSPECTORS)
+if (STATIC_INSPECTORS)
add_library( imap OBJECT ${FILE_LIST})
-#else (STATIC_INSPECTORS)
- #add_dynamic_module(imap inspectors ${FILE_LIST})
+else (STATIC_INSPECTORS)
+ add_dynamic_module(imap inspectors ${FILE_LIST})
-#endif (STATIC_INSPECTORS)
+endif (STATIC_INSPECTORS)
nullptr // reset
};
-#undef BUILDING_SO // FIXIT-L can't be linked dynamically yet
-
#ifdef BUILDING_SO
SO_PUBLIC const BaseApi* snort_plugins[] =
{
PegCount sessions;
PegCount concurrent_sessions;
PegCount max_concurrent_sessions;
- MimeStats mime_stats;
+ snort::MimeStats mime_stats;
};
extern const PegInfo imap_peg_names[];
pop_module.h
)
-# can't be be linked dynamically yet
-#if (STATIC_INSPECTORS)
+if (STATIC_INSPECTORS)
add_library( pop OBJECT ${FILE_LIST})
-#else (STATIC_INSPECTORS)
- #add_dynamic_module(pop inspectors ${FILE_LIST})
+else (STATIC_INSPECTORS)
+ add_dynamic_module(pop inspectors ${FILE_LIST})
-#endif (STATIC_INSPECTORS)
+endif (STATIC_INSPECTORS)
nullptr // reset
};
-#undef BUILDING_SO // FIXIT-L can't be linked dynamically yet
-
#ifdef BUILDING_SO
SO_PUBLIC const BaseApi* snort_plugins[] =
{
PegCount sessions;
PegCount concurrent_sessions;
PegCount max_concurrent_sessions;
- MimeStats mime_stats;
+ snort::MimeStats mime_stats;
};
extern const PegInfo pop_peg_names[];
using namespace snort;
-extern const BaseApi* sin_imap;
-extern const BaseApi* sin_pop;
-extern const BaseApi* sin_smtp;
-
extern const BaseApi* sin_file[];
extern const BaseApi* sin_http[];
extern const BaseApi* sin_http2[];
extern const BaseApi* sin_ftp_client;
extern const BaseApi* sin_ftp_server;
extern const BaseApi* sin_ftp_data;
+extern const BaseApi* sin_imap;
+extern const BaseApi* sin_pop;
extern const BaseApi* sin_rpc_decode;
+extern const BaseApi* sin_smtp;
extern const BaseApi* sin_ssh;
extern const BaseApi* sin_telnet;
extern const BaseApi* sin_wizard;
+// these define multiple plugins
extern const BaseApi* sin_dce[];
extern const BaseApi* sin_dnp3[];
extern const BaseApi* sin_gtp[];
const BaseApi* service_inspectors[] =
{
- sin_imap,
- sin_pop,
- sin_smtp,
-
#ifdef STATIC_INSPECTORS
sin_bo,
sin_dns,
sin_ftp_client,
sin_ftp_server,
sin_ftp_data,
+ sin_imap,
+ sin_pop,
sin_rpc_decode,
+ sin_smtp,
sin_ssh,
sin_telnet,
sin_wizard,
if ( !ropts->method_data )
return NO_MATCH;
- //FIXIT-P This should really be evaluated once per request instead of once
- //per rule option evaluation.
+ // FIXIT-P This should really be evaluated once per request instead of once
+ // per rule option evaluation.
std::string method(ropts->method_data, ropts->method_len);
std::transform(method.begin(), method.end(), method.begin(), ::toupper);
smtp_normalize.h
)
-# can't be be linked dynamically yet
-#if (STATIC_INSPECTORS)
+if (STATIC_INSPECTORS)
add_library( smtp OBJECT ${FILE_LIST})
-#else (STATIC_INSPECTORS)
- #add_dynamic_module(smtp inspectors ${FILE_LIST})
+else (STATIC_INSPECTORS)
+ add_dynamic_module(smtp inspectors ${FILE_LIST})
-#endif (STATIC_INSPECTORS)
+endif (STATIC_INSPECTORS)
}
- /* XXX Does VRT want data headers normalized?
+ /* Does VRT want data headers normalized?
* currently the code does not normalize headers */
if (smtp_normalizing)
{
nullptr // reset
};
-#undef BUILDING_SO // FIXIT-L can't be linked dynamically yet
-
#ifdef BUILDING_SO
SO_PUBLIC const BaseApi* snort_plugins[] =
{
PegCount sessions;
PegCount concurrent_sessions;
PegCount max_concurrent_sessions;
- MimeStats mime_stats;
+ snort::MimeStats mime_stats;
};
extern const PegInfo smtp_peg_names[];
* If command doesn't need normalizing it will do nothing, except in
* the case where we are already normalizing in which case the line
* will get copied to the alt buffer.
+ *
* If the command needs normalizing the normalized data will be copied
* to the alt buffer. If we are not already normalizing, all of the
* data up to this point will be copied into the alt buffer first.
*
- * XXX This may copy unwanted data if we are ignoring the data in the
- * message and there was data that came before the command in the
- * packet, for example if there are multiple transactions on the
- * session or if we're normalizing QUIT.
+ * This may copy unwanted data if we are ignoring the data in the
+ * message and there was data that came before the command in the
+ * packet, for example if there are multiple transactions on the
+ * session or if we're normalizing QUIT.
*
* @param p pointer to packet structure
* @param ptr pointer to beginning of command line
void SMTP_GetEOL(const uint8_t* ptr, const uint8_t* end,
const uint8_t** eol, const uint8_t** eolm)
{
- const uint8_t* tmp_eol;
- const uint8_t* tmp_eolm;
+ assert(ptr and end and eol and eolm);
- /* XXX maybe should fatal error here since none of these
- * pointers should be NULL */
- if (ptr == nullptr || end == nullptr || eol == nullptr || eolm == nullptr)
- return;
+ const uint8_t* tmp_eolm;
+ const uint8_t* tmp_eol = (uint8_t*)memchr(ptr, '\n', end - ptr);
- tmp_eol = (uint8_t*)memchr(ptr, '\n', end - ptr);
if (tmp_eol == nullptr)
{
tmp_eol = end;
return addr.set(src, &bits);
}
-/* Check if ip is contained within the network specified by this addr */
-/* Returns SFIP_EQUAL if so.
- * XXX assumes that "ip" is not less specific than "addr" XXX
-*/
+// Check if ip is contained within the network specified by this addr
+// Returns SFIP_EQUAL if so.
+// assumes that "ip" is not less specific than "addr"
+
SfIpRet SfCidr::contains(const SfIp* ip) const
{
uint16_t i;
int bits, i, nBits, nBytes;
uint8_t* bytes = (uint8_t*)buf;
- /* XXX
- * Mask not validated.
- * Only sfip_pton should be using this function, and using it safely.
- * XXX */
+ // Mask not validated.
+ // Only sfip_pton should be using this function, and using it safely.
if (inet_pton(family, mask, buf) < 1)
return -1;
return os << addr->ntop(str);
}
-// FIXIT-L X This should be in utils_net if anywhere, but that makes it way harder to link into unit tests
+// FIXIT-L X This should be in utils_net if anywhere, but that makes it way
+// harder to link into unit tests
SO_PUBLIC const char* snort_inet_ntop(int family, const void* ip_raw, char* buf, int bufsize);
} // namespace snort
#endif
}
else if (var->mode == SFIP_TABLE)
{
- // XXX
+ // FIXIT-L SFIP_TABLE free unimplemented
}
snort_free(var);
return SFIP_SUCCESS;
}
-/* Adds the nodes in 'src' to the variable 'dst' */
-/* The mismatch of types is for ease-of-supporting Snort4 and
- * Snort6 simultaneously */
+// Adds the nodes in 'src' to the variable 'dst'
+// The mismatch of types is for ease-of-supporting Snort4 and
+// Snort6 simultaneously
static SfIpRet sfvar_add_node(sfip_var_t* var, sfip_node_t* node, int negated)
{
sfip_node_t* p;
if (!var || !node)
return SFIP_ARG_ERR;
- /* XXX */
- /* As of this writing, 11/20/06, nodes are always added to
- * the list, regardless of the mode (list or table). */
+ // As of this writing, 11/20/06, nodes are always added to
+ // the list, regardless of the mode (list or table).
if (negated)
{
return SFIP_SUCCESS;
- /* XXX Insert new node into routing table */
-// sfrt_add(node->ip,
+ // FIXIT-L Insert new node into routing table
+ // sfrt_add(node->ip,
}
sfip_var_t* sfvar_create_alias(const sfip_var_t* alias_from, const char* alias_to)
#define ip_addr ip; /* To ease porting Snort */
struct _ip_node* next;
int flags;
- // XXX
int addr_flags; /* Flags used exclusively by Snort */
/* Keeping these variables separate keeps
* this from stepping on Snort's toes. */
return nullptr;
}
-// XXX this implementation is just used to support
+// this implementation is just used to support
// Snort's underlying implementation better
SfIpRet sfvt_define(vartable_t* table, const char* name, const char* value)
{
if (*name == '$')
name++;
- /* XXX should I assume there will be trailing garbage or
+ /* should I assume there will be trailing garbage or
* should I automatically find where the variable ends? */
- for (end=name;
- *end && !isspace((int)*end) && *end != '\\' && *end != ']';
- end++)
- ;
+ for (end=name; *end && !isspace((int)*end) && *end != '\\' && *end != ']'; end++);
+
len = end - name;
for (p=table->head; len && p; p=p->next)
else
return nullptr;
- /* FIXIT-M - Is is true that we don't support v6 yet? */
- /* IPv6 not yet supported */
+ // FIXIT-RC IPv6 not yet supported by sfrt?
if (table->ip_type == IPv6)
return nullptr;
#include "flow/flow_control.h"
#include "flow/prune_stats.h"
#include "main/snort_config.h"
+#include "main/snort_types.h"
#include "managers/inspector_manager.h"
#include "profiler/profiler_defs.h"
#include "protocols/packet.h"
static inline bool is_eligible(Packet* p)
{
- // FIXIT-M extra check? bad checksums should be removed in detect.c snort_inspect()
- if ( p->ptrs.decode_flags & DECODE_ERR_CKSUM_IP )
- return false;
-
- if ( p->packet_flags & PKT_REBUILT_STREAM )
- return false;
-
- if ( !p->ptrs.ip_api.is_valid() )
- return false;
+#ifdef NDEBUG
+ UNUSED(p);
+#endif
+ assert(!(p->ptrs.decode_flags & DECODE_ERR_CKSUM_IP));
+ assert(!(p->packet_flags & PKT_REBUILT_STREAM));
+ assert(p->ptrs.ip_api.is_valid());
return true;
}
* offset of the new last frag to immediately
* after the existing last frag.
*/
- /* XXX: how to handle that case? punt? */
+ /* how to handle that case? punt? */
retVal = FRAG_LAST_OFFSET_ADJUST;
}
break;
{
/* check that options match those from other non-offset 0 packets */
- /* XXX: could check each individual option here, but that
- * would be performance ugly. So, we'll just check that the
- * option sizes match. Alert if invalid, but still include in
- * reassembly.
+ /* could check each individual option here, but that would be
+ * performance ugly. So, we'll just check that the option sizes
+ * match. Alert if invalid, but still include in reassembly.
*/
if (ft->copied_ip_options_len)
{
}
else if (ft->copied_ip_options_len)
{
- /* XXX: should we log a warning here? there were IP options
- * copied across all fragments, EXCEPT the offset 0 fragment.
+ /* should we log a warning here? there were IP options copied
+ * across all fragments, EXCEPT the offset 0 fragment.
*/
}
{
if ( !p->is_ip6() )
{
- /*XXX: Log message, failed to copy */
+ /* Log message, failed to copy */
ft->frag_flags = ft->frag_flags | FRAG_REBUILT;
return;
}
/* insert the fragment into the frag list */
ft->fraglist = f;
ft->fraglist_tail = f;
- ft->fraglist_count = 1; /* XXX: Are these duplicates? */
+ ft->fraglist_count = 1; /* Are these duplicates? */
ft->frag_pkts = 1;
/*
// SYN PACKET
// IP 192.168.0.89.9012 > p3nlh044.shr.prod.phx3.secureserver.net.http: Flags [S], seq 9050, win
// 8192, length 0
-uint8_t cooked_syn[] =
+static const uint8_t cooked_syn[] =
"\x00\x21\x91\x01\xb2\x48\xaa\x00\x04\x00\x0a\x04\x08\x00\x45\x00\x00\x28\x00\x01\x00\x00\x40\x06\x88\x96\xc0\xa8\x00\x59\x48\xa7\xe8\x90\x23\x34\x00\x50\x00\x00\x23\x5a\x00\x00\x00\x00\x50\x02\x20\x00\x56\xcb\x00\x00";
// SYN-ACK PACKET
// IP p3nlh044.shr.prod.phx3.secureserver.net.http > 192.168.0.89.9012: Flags [S.], seq 9025, ack
// 9051, win 8192, length 0
-uint8_t cooked_syn_ack[] =
+static const uint8_t cooked_syn_ack[] =
"\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00\x45\x00\x00\x28\x00\x01\x00\x00\x40\x06\x88\x96\x48\xa7\xe8\x90\xc0\xa8\x00\x59\x00\x50\x23\x34\x00\x00\x23\x41\x00\x00\x23\x5b\x50\x12\x20\x00\x33\x79\x00\x00";
// ACK PACKET
// IP 192.168.0.89.9012 > p3nlh044.shr.prod.phx3.secureserver.net.http: Flags [.], ack 1, win 8192,
// length 0
-uint8_t cooked_ack[] =
+static const uint8_t cooked_ack[] =
"\x00\x21\x91\x01\xb2\x48\xaa\x00\x04\x00\x0a\x04\x08\x00\x45\x00\x00\x28\x00\x01\x00\x00\x40\x06\x88\x96\xc0\xa8\x00\x59\x48\xa7\xe8\x90\x23\x34\x00\x50\x00\x00\x23\x5b\x00\x00\x23\x42\x50\x10\x20\x00\x33\x7a\x00\x00";
// FIXIT-H this is not a FIN PACKET yet...
// IP 192.168.0.89.9012 > p3nlh044.shr.prod.phx3.secureserver.net.http: Flags [.], ack 1, win 8192,
// length 0
-uint8_t cooked_fin[] =
+static const uint8_t cooked_fin[] =
"\x00\x21\x91\x01\xb2\x48\xaa\x00\x04\x00\x0a\x04\x08\x00\x45\x00\x00\x28\x00\x01\x00\x00\x40\x06\x88\x96\xc0\xa8\x00\x59\x48\xa7\xe8\x90\x23\x34\x00\x50\x00\x00\x23\x5b\x00\x00\x23\x42\x50\x10\x20\x00\x33\x7a\x00\x00";
// FIXIT-H this is not a RST PACKET yet...
// IP 192.168.0.89.9012 > p3nlh044.shr.prod.phx3.secureserver.net.http: Flags [.], ack 1, win 8192,
// length 0
-uint8_t cooked_rst[] =
+static const uint8_t cooked_rst[] =
"\x00\x21\x91\x01\xb2\x48\xaa\x00\x04\x00\x0a\x04\x08\x00\x45\x00\x00\x28\x00\x01\x00\x00\x40\x06\x88\x96\xc0\xa8\x00\x59\x48\xa7\xe8\x90\x23\x34\x00\x50\x00\x00\x23\x5b\x00\x00\x23\x42\x50\x10\x20\x00\x33\x7a\x00\x00";
// DATA PACKET
// IP 192.168.0.89.9012 > p3nlh044.shr.prod.phx3.secureserver.net.http: Flags [P.], seq 1:43, ack
// 1, win 8192, length 42
-uint8_t cooked_data[] =
+static const uint8_t cooked_data[] =
"\x00\x21\x91\x01\xb2\x48\xaa\x00\x04\x00\x0a\x04\x08\x00\x45\x00\x00\x52\x00\x01\x00\x00\x40\x06\x88\x6c\xc0\xa8\x00\x59\x48\xa7\xe8\x90\x23\x34\x00\x50\x00\x00\x23\x5b\x00\x00\x23\x42\x50\x18\x20\x00\x14\x83\x00\x00\x47\x45\x54\x20\x2f\x20\x48\x54\x54\x50\x2f\x31\x2e\x31\x0d\x0a\x48\x6f\x73\x74\x3a\x20\x77\x77\x77\x2e\x6d\x61\x6c\x66\x6f\x72\x67\x65\x2e\x63\x6f\x6d\x0d\x0a\x0d\x0a";
DAQ_PktHdr_t daqHdr;
return false;
}
-// FIXIT-H get the unit test working again
+// FIXIT-RC get the unit test working again
#ifdef UNIT_TEST_FOO
SCENARIO("TCP State Handler Base Class", "[state_handlers][stream_tcp]")
virtual void clear_session(
bool free_flow_data, bool flush_segments, bool restart, snort::Packet* p = nullptr) = 0;
- // FIXIT-L these 2 function names convey no meaning afaict... figure out
+ // FIXIT-RC these 2 function names convey no meaning afaict... figure out
// why are they called and name appropriately...
virtual void retransmit_process(snort::Packet* p)
{
set_splitter(new AtomSplitter(!client_tracker) );
}
-void TcpStreamTracker::reset_splitter( )
-{
- if ( splitter )
- splitter->reset();
-}
-
void TcpStreamTracker::init_on_syn_sent(TcpSegmentDescriptor& tsd)
{
DeepProfile profile(s5TcpNewSessPerfStats);
virtual void init_flush_policy();
virtual void set_splitter(snort::StreamSplitter* ss);
virtual void set_splitter(const snort::Flow* flow);
- virtual void reset_splitter( );
virtual void init_on_syn_sent(TcpSegmentDescriptor&);
virtual void init_on_syn_recv(TcpSegmentDescriptor&);
virtual bool is_paf() { return false; }
virtual unsigned max(Flow*);
- // FIXIT-L reset is not currently used and may not be needed at all.
- // determine if this is so and remove if possible
- virtual void reset() { }
virtual void update() { }
unsigned get_max_pdu() { return max_pdu; }
AtomSplitter(bool, uint16_t size = 0);
Status scan(Flow*, const uint8_t*, uint32_t, uint32_t, uint32_t*) override;
- void reset() override;
void update() override;
+private:
+ void reset();
+
private:
uint16_t base;
uint16_t min;
Status scan(Flow*, const uint8_t*, uint32_t, uint32_t, uint32_t*) override;
+private:
bool saw_data()
{ return byte_count > 0; }
- void reset() override
+ void reset()
{ byte_count = 0; }
private:
assert(SEQ_LEQ(trs.sos.seq, trs.sos.right->i_seq));
trs.sos.overlap = ( int )( trs.sos.seq_end - trs.sos.right->i_seq );
- // Treat sequence number overlap as a retransmission, only check right side since
- // left side happens rarely
+ // Treat sequence number overlap as a retransmission,
+ // only check right side since left side happens rarely
trs.sos.session->retransmit_handle(trs.sos.tsd->get_pkt());
if ( trs.sos.overlap < trs.sos.right->i_len )
class TcpSession;
class TcpStreamTracker;
-#define STREAM_INSERT_OK 0 // FIXIT-L replace with bool
+#define STREAM_INSERT_OK 0 // FIXIT-RC replace with bool CRC: if useful else just delete
struct SegmentOverlapState
{
buffer++;
// If all spaces or a negative sign is found, return error.
- // XXX May also want to exclude '+' as well.
+ // May want to exclude '+' as well.
if ((*buffer == '\0') || (*buffer == '-'))
return -1;
ptr++;
}
- //dst = s.output.data; FIXIT-L dead store; should be?
*bytes_copied = s.output.len;
return iRet;
(*ptr)++;
}
- //dst = s.dest.data; FIXIT-L dead store; should be?
*bytes_copied = s.dest.len;
return RET_OK;
{
Converter bind_cv;
- // This will ensure that the final ouput file contains
- // lua syntax - even if their are only rules in the file
+ // This will ensure that the final output file contains
+ // lua syntax - even if there are only rules in the file
bind_cv.get_table_api().open_top_level_table("ips");
bind_cv.get_table_api().close_table();
bind["http_proxy"] = &bind_http_proxy;
bind["http_server"] = &bind_http_server;
- // FIXIT-N add when there is a way to make this play with http_inspect bindings
+ // FIXIT-M add when there is a way to make this play with http_inspect bindings
// port 80 should not be added by default. If explicitly configured and conflicting
// with other bindings, punt to wizard
bind["http_proxy"]->print_binding(false);
projects / thirdparty / snort3.git / commitdiff
