THREAD_LOCAL ProfileStats file_connector_perfstats;
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { }
namespace snort
{
Connector* connector_rb;
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { }
namespace snort
{
THREAD_LOCAL ProfileStats tcp_connector_perfstats;
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { }
namespace snort
{
Connector* connector;
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { }
namespace snort
{
}
}
-void DetectionEngine::resume_ready_suspends(IpsContextChain& chain)
+void DetectionEngine::resume_ready_suspends(const IpsContextChain& chain)
{
while ( chain.front() and !chain.front()->packet->is_offloaded() )
{
static void offload_thread(IpsContext*);
static void complete(snort::Packet*);
static void resume(snort::Packet*);
- static void resume_ready_suspends(IpsContextChain&);
+ static void resume_ready_suspends(const IpsContextChain&);
static int log_events(Packet*);
static void clear_events(Packet*);
int detection_option_node_evaluate(
detection_option_tree_node_t* node, detection_option_eval_data_t* eval_data,
- Cursor& orig_cursor)
+ const Cursor& orig_cursor)
{
// need node->state to do perf profiling
if ( !node )
void* add_detection_option_tree(struct snort::SnortConfig*, detection_option_tree_node_t*);
int detection_option_node_evaluate(
- detection_option_tree_node_t*, detection_option_eval_data_t*, class Cursor&);
+ detection_option_tree_node_t*, detection_option_eval_data_t*, const class Cursor&);
void DetectionHashTableFree(snort::XHash*);
void DetectionTreeHashTableFree(snort::XHash*);
class LogHandler : public DataHandler
{
public:
- LogHandler(FileLogConfig& conf) : DataHandler(s_name)
+ LogHandler(const FileLogConfig& conf) : DataHandler(s_name)
{ config = conf; }
void handle(DataEvent&, Flow*) override;
class FileLog : public Inspector
{
public:
- FileLog(FileLogConfig& conf) { config = conf; }
+ FileLog(const FileLogConfig& conf) { config = conf; }
void show(SnortConfig*) override;
void eval(Packet*) override { }
// Write the key type, key length, and key into the message.
// Return the type of key written so it can be stored in the message header.
-static uint8_t write_flow_key(Flow& flow, HAMessage& msg)
+static uint8_t write_flow_key(const Flow& flow, HAMessage& msg)
{
const FlowKey* key = flow.key;
assert(key);
// Write the HA header and key sections. Position the cursor
// at the beginning of the content section.
-static void write_msg_header(Flow& flow, HAEvent event, uint16_t content_length, HAMessage& msg)
+static void write_msg_header(const Flow& flow, HAEvent event, uint16_t content_length, HAMessage& msg)
{
HAMessageHeader* hdr = (HAMessageHeader*) msg.cursor;
hdr->event = (uint8_t) event;
hdr->key_type = write_flow_key(flow, msg);
}
-static uint16_t update_msg_header_length(HAMessage& msg)
+static uint16_t update_msg_header_length(const HAMessage& msg)
{
HAMessageHeader* hdr = (HAMessageHeader*) msg.buffer;
hdr->total_length = msg.cursor_position();
{
}
- int get_object_type()
+ int get_object_type() const
{
return object_type;
}
std::string chunk;
protected:
- LuaApi(std::string& s, std::string& c)
+ LuaApi(const std::string& s, const std::string& c)
{
name = s;
chunk = c;
const char* luaL_optlstring(lua_State*, int, const char*, size_t*) { return nullptr; }
}
-void show_stats(PegCount*, const PegInfo*, unsigned, const char*)
-{ }
-
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*)
-{ }
+void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { }
TEST_GROUP(host_cache_module)
{
// Fake show_stats to avoid bringing in a ton of dependencies.
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { }
SfIp expected_addr;
CHECK(p_last_seen == 1562198400);
CHECK(p_macs != nullptr);
CHECK(p_macs->size() == 1);
- auto& copied_data = p_macs->front();
+ const auto& copied_data = p_macs->front();
CHECK(copied_data.ttl == 50);
CHECK(copied_data.primary == 1);
CHECK(copied_data.last_seen == 1562198400);
class Asn1Option : public IpsOption
{
public:
- Asn1Option(ASN1_CTXT& c) : IpsOption(s_name, RULE_OPTION_TYPE_BUFFER_USE)
+ Asn1Option(const ASN1_CTXT& c) : IpsOption(s_name, RULE_OPTION_TYPE_BUFFER_USE)
{ config = c; }
uint32_t hash() const override;
class FileTypeOption : public IpsOption
{
public:
- FileTypeOption(FileTypeBitSet&);
+ FileTypeOption(const FileTypeBitSet&);
uint32_t hash() const override;
bool operator==(const IpsOption& ips) const override;
// class methods
//-------------------------------------------------------------------------
-FileTypeOption::FileTypeOption(FileTypeBitSet& t) : IpsOption(s_name)
+FileTypeOption::FileTypeOption(const FileTypeBitSet& t) : IpsOption(s_name)
{
types = t;
}
class ReplaceOption : public IpsOption
{
public:
- ReplaceOption(string&);
+ ReplaceOption(const string&);
~ReplaceOption() override;
EvalStatus eval(Cursor&, Packet*) override;
int* offset; /* >=0 is offset to start of replace */
};
-ReplaceOption::ReplaceOption(string& s) : IpsOption(s_name)
+ReplaceOption::ReplaceOption(const string& s) : IpsOption(s_name)
{
unsigned n = ThreadConfig::get_instance_max();
offset = new int[n];
ProfileStats* get_profile() const override
{ return &rpcCheckPerfStats; }
- bool set(Value&, uint32_t& field, int flag);
+ bool set(const Value&, uint32_t& field, int flag);
Usage get_usage() const override
{ return DETECT; }
return true;
}
-bool RpcModule::set(Value& v, uint32_t& field, int flag)
+bool RpcModule::set(const Value& v, uint32_t& field, int flag)
{
if ( flag and !strcmp(v.get_string(), "*") )
return true;
EvalStatus eval(Cursor&, Packet* p) override;
private:
- unsigned SdSearch(Cursor&, Packet*);
+ unsigned SdSearch(const Cursor&, Packet*);
SdPatternConfig config;
};
return 0;
}
-unsigned SdPatternOption::SdSearch(Cursor& c, Packet* p)
+unsigned SdPatternOption::SdSearch(const Cursor& c, Packet* p)
{
const uint8_t* const start = c.buffer();
const uint8_t* buf = c.start();
{ set("pkt_data", p->data, p->dsize); }
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { }
//-------------------------------------------------------------------------
// helpers
const Event& event;
};
-static void ff_action(Args& a)
+static void ff_action(const Args& a)
{
TextLog_Puts(csv_log, a.pkt->active->get_action_string());
}
-static void ff_class(Args& a)
+static void ff_class(const Args& a)
{
const char* cls = "none";
if ( a.event.sig_info->class_type and a.event.sig_info->class_type->name )
TextLog_Puts(csv_log, cls);
}
-static void ff_b64_data(Args& a)
+static void ff_b64_data(const Args& a)
{
const unsigned block_size = 2048;
char out[2*block_size];
TextLog_Putc(csv_log, '"');
}
-static void ff_dir(Args& a)
+static void ff_dir(const Args& a)
{
const char* dir;
TextLog_Puts(csv_log, dir);
}
-static void ff_dst_addr(Args& a)
+static void ff_dst_addr(const Args& a)
{
if ( a.pkt->has_ip() or a.pkt->is_data() )
{
}
}
-static void ff_dst_ap(Args& a)
+static void ff_dst_ap(const Args& a)
{
SfIpString addr = "";
unsigned port = 0;
TextLog_Print(csv_log, "%s:%u", addr, port);
}
-static void ff_dst_port(Args& a)
+static void ff_dst_port(const Args& a)
{
if ( a.pkt->proto_bits & (PROTO_BIT__TCP|PROTO_BIT__UDP) )
TextLog_Print(csv_log, "%u", a.pkt->ptrs.dp);
}
-static void ff_eth_dst(Args& a)
+static void ff_eth_dst(const Args& a)
{
if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) )
return;
eh->ether_dst[4], eh->ether_dst[5]);
}
-static void ff_eth_len(Args& a)
+static void ff_eth_len(const Args& a)
{
if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) )
return;
TextLog_Print(csv_log, "%u", a.pkt->pkth->pktlen);
}
-static void ff_eth_src(Args& a)
+static void ff_eth_src(const Args& a)
{
if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) )
return;
eh->ether_src[4], eh->ether_src[5]);
}
-static void ff_eth_type(Args& a)
+static void ff_eth_type(const Args& a)
{
if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) )
return;
TextLog_Print(csv_log, "0x%X", ntohs(eh->ether_type));
}
-static void ff_gid(Args& a)
+static void ff_gid(const Args& a)
{
TextLog_Print(csv_log, "%u", a.event.sig_info->gid);
}
-static void ff_icmp_code(Args& a)
+static void ff_icmp_code(const Args& a)
{
if (a.pkt->ptrs.icmph )
TextLog_Print(csv_log, "%u", a.pkt->ptrs.icmph->code);
}
-static void ff_icmp_id(Args& a)
+static void ff_icmp_id(const Args& a)
{
if (a.pkt->ptrs.icmph )
TextLog_Print(csv_log, "%u", ntohs(a.pkt->ptrs.icmph->s_icmp_id));
}
-static void ff_icmp_seq(Args& a)
+static void ff_icmp_seq(const Args& a)
{
if (a.pkt->ptrs.icmph )
TextLog_Print(csv_log, "%u", ntohs(a.pkt->ptrs.icmph->s_icmp_seq));
}
-static void ff_icmp_type(Args& a)
+static void ff_icmp_type(const Args& a)
{
if (a.pkt->ptrs.icmph )
TextLog_Print(csv_log, "%u", a.pkt->ptrs.icmph->type);
}
-static void ff_iface(Args&)
+static void ff_iface(const Args&)
{
TextLog_Print(csv_log, "%s", SFDAQ::get_input_spec());
}
-static void ff_ip_id(Args& a)
+static void ff_ip_id(const Args& a)
{
if (a.pkt->has_ip())
TextLog_Print(csv_log, "%u", a.pkt->ptrs.ip_api.id());
}
-static void ff_ip_len(Args& a)
+static void ff_ip_len(const Args& a)
{
if (a.pkt->has_ip())
TextLog_Print(csv_log, "%u", a.pkt->ptrs.ip_api.pay_len());
}
-static void ff_msg(Args& a)
+static void ff_msg(const Args& a)
{
TextLog_Puts(csv_log, a.msg);
}
-static void ff_mpls(Args& a)
+static void ff_mpls(const Args& a)
{
uint32_t mpls;
TextLog_Print(csv_log, "%u", ntohl(mpls));
}
-static void ff_pkt_gen(Args& a)
+static void ff_pkt_gen(const Args& a)
{
TextLog_Puts(csv_log, a.pkt->get_pseudo_type());
}
-static void ff_pkt_len(Args& a)
+static void ff_pkt_len(const Args& a)
{
if (a.pkt->has_ip())
TextLog_Print(csv_log, "%u", a.pkt->ptrs.ip_api.dgram_len());
TextLog_Print(csv_log, "%u", a.pkt->dsize);
}
-static void ff_pkt_num(Args& a)
+static void ff_pkt_num(const Args& a)
{
TextLog_Print(csv_log, STDu64, a.pkt->context->packet_number);
}
-static void ff_priority(Args& a)
+static void ff_priority(const Args& a)
{
TextLog_Print(csv_log, "%u", a.event.sig_info->priority);
}
-static void ff_proto(Args& a)
+static void ff_proto(const Args& a)
{
TextLog_Puts(csv_log, a.pkt->get_type());
}
-static void ff_rev(Args& a)
+static void ff_rev(const Args& a)
{
TextLog_Print(csv_log, "%u", a.event.sig_info->rev);
}
-static void ff_rule(Args& a)
+static void ff_rule(const Args& a)
{
TextLog_Print(csv_log, "%u:%u:%u",
a.event.sig_info->gid, a.event.sig_info->sid, a.event.sig_info->rev);
}
-static void ff_seconds(Args& a)
+static void ff_seconds(const Args& a)
{
TextLog_Print(csv_log, "%u", a.pkt->pkth->ts.tv_sec);
}
-static void ff_service(Args& a)
+static void ff_service(const Args& a)
{
const char* svc = "unknown";
if ( a.pkt->flow and a.pkt->flow->service )
TextLog_Puts(csv_log, svc);
}
-static void ff_sid(Args& a)
+static void ff_sid(const Args& a)
{
TextLog_Print(csv_log, "%u", a.event.sig_info->sid);
}
-static void ff_src_addr(Args& a)
+static void ff_src_addr(const Args& a)
{
if ( a.pkt->has_ip() or a.pkt->is_data() )
{
}
}
-static void ff_src_ap(Args& a)
+static void ff_src_ap(const Args& a)
{
SfIpString addr = "";
unsigned port = 0;
TextLog_Print(csv_log, "%s:%u", addr, port);
}
-static void ff_src_port(Args& a)
+static void ff_src_port(const Args& a)
{
if ( a.pkt->proto_bits & (PROTO_BIT__TCP|PROTO_BIT__UDP) )
TextLog_Print(csv_log, "%u", a.pkt->ptrs.sp);
}
-static void ff_target(Args& a)
+static void ff_target(const Args& a)
{
SfIpString addr = "";
TextLog_Print(csv_log, "%s", addr);
}
-static void ff_tcp_ack(Args& a)
+static void ff_tcp_ack(const Args& a)
{
if (a.pkt->ptrs.tcph )
TextLog_Print(csv_log, "0x%lX", (u_long)ntohl(a.pkt->ptrs.tcph->th_ack));
}
-static void ff_tcp_flags(Args& a)
+static void ff_tcp_flags(const Args& a)
{
if (a.pkt->ptrs.tcph )
{
}
}
-static void ff_tcp_len(Args& a)
+static void ff_tcp_len(const Args& a)
{
if (a.pkt->ptrs.tcph )
TextLog_Print(csv_log, "%u", (a.pkt->ptrs.tcph->off()));
}
-static void ff_tcp_seq(Args& a)
+static void ff_tcp_seq(const Args& a)
{
if (a.pkt->ptrs.tcph )
TextLog_Print(csv_log, "0x%lX", (u_long)ntohl(a.pkt->ptrs.tcph->th_seq));
}
-static void ff_tcp_win(Args& a)
+static void ff_tcp_win(const Args& a)
{
if (a.pkt->ptrs.tcph )
TextLog_Print(csv_log, "0x%X", ntohs(a.pkt->ptrs.tcph->th_win));
}
-static void ff_timestamp(Args& a)
+static void ff_timestamp(const Args& a)
{
LogTimeStamp(csv_log, a.pkt);
}
-static void ff_tos(Args& a)
+static void ff_tos(const Args& a)
{
if (a.pkt->has_ip())
TextLog_Print(csv_log, "%u", a.pkt->ptrs.ip_api.tos());
}
-static void ff_ttl(Args& a)
+static void ff_ttl(const Args& a)
{
if (a.pkt->has_ip())
TextLog_Print(csv_log, "%u",a.pkt->ptrs.ip_api.ttl());
}
-static void ff_udp_len(Args& a)
+static void ff_udp_len(const Args& a)
{
if (a.pkt->ptrs.udph )
TextLog_Print(csv_log, "%u", ntohs(a.pkt->ptrs.udph->uh_len));
}
-static void ff_vlan(Args& a)
+static void ff_vlan(const Args& a)
{
uint16_t vid;
// module stuff
//-------------------------------------------------------------------------
-typedef void (*CsvFunc)(Args&);
+typedef void (*CsvFunc)(const Args&);
static const CsvFunc csv_func[] =
{
// helper
static void load_buf_ids(
- Inspector* ins, std::vector<const char*>& keys, std::vector<unsigned>& ids)
+ Inspector* ins, const std::vector<const char*>& keys, std::vector<unsigned>& ids)
{
for ( auto key : keys )
{
bool comma;
};
-static void print_label(Args& a, const char* label)
+static void print_label(const Args& a, const char* label)
{
if ( a.comma )
TextLog_Print(json_log, ",");
TextLog_Print(json_log, " \"%s\" : ", label);
}
-static bool ff_action(Args& a)
+static bool ff_action(const Args& a)
{
print_label(a, "action");
TextLog_Quote(json_log, a.pkt->active->get_action_string());
return true;
}
-static bool ff_class(Args& a)
+static bool ff_class(const Args& a)
{
const char* cls = "none";
return true;
}
-static bool ff_b64_data(Args& a)
+static bool ff_b64_data(const Args& a)
{
if ( !a.pkt->dsize )
return false;
return true;
}
-static bool ff_dir(Args& a)
+static bool ff_dir(const Args& a)
{
const char* dir;
return true;
}
-static bool ff_dst_addr(Args& a)
+static bool ff_dst_addr(const Args& a)
{
if ( a.pkt->has_ip() or a.pkt->is_data() )
{
return false;
}
-static bool ff_dst_ap(Args& a)
+static bool ff_dst_ap(const Args& a)
{
SfIpString addr = "";
unsigned port = 0;
return true;
}
-static bool ff_dst_port(Args& a)
+static bool ff_dst_port(const Args& a)
{
if ( a.pkt->proto_bits & (PROTO_BIT__TCP|PROTO_BIT__UDP) )
{
return false;
}
-static bool ff_eth_dst(Args& a)
+static bool ff_eth_dst(const Args& a)
{
if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) )
return false;
return true;
}
-static bool ff_eth_len(Args& a)
+static bool ff_eth_len(const Args& a)
{
if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) )
return false;
return true;
}
-static bool ff_eth_src(Args& a)
+static bool ff_eth_src(const Args& a)
{
if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) )
return false;
return true;
}
-static bool ff_eth_type(Args& a)
+static bool ff_eth_type(const Args& a)
{
if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) )
return false;
return true;
}
-static bool ff_gid(Args& a)
+static bool ff_gid(const Args& a)
{
print_label(a, "gid");
TextLog_Print(json_log, "%u", a.event.sig_info->gid);
return true;
}
-static bool ff_icmp_code(Args& a)
+static bool ff_icmp_code(const Args& a)
{
if (a.pkt->ptrs.icmph )
{
return false;
}
-static bool ff_icmp_id(Args& a)
+static bool ff_icmp_id(const Args& a)
{
if (a.pkt->ptrs.icmph )
{
return false;
}
-static bool ff_icmp_seq(Args& a)
+static bool ff_icmp_seq(const Args& a)
{
if (a.pkt->ptrs.icmph )
{
return false;
}
-static bool ff_icmp_type(Args& a)
+static bool ff_icmp_type(const Args& a)
{
if (a.pkt->ptrs.icmph )
{
return false;
}
-static bool ff_iface(Args& a)
+static bool ff_iface(const Args& a)
{
print_label(a, "iface");
TextLog_Quote(json_log, SFDAQ::get_input_spec());
return true;
}
-static bool ff_ip_id(Args& a)
+static bool ff_ip_id(const Args& a)
{
if (a.pkt->has_ip())
{
return false;
}
-static bool ff_ip_len(Args& a)
+static bool ff_ip_len(const Args& a)
{
if (a.pkt->has_ip())
{
return false;
}
-static bool ff_msg(Args& a)
+static bool ff_msg(const Args& a)
{
print_label(a, "msg");
TextLog_Puts(json_log, a.msg);
return true;
}
-static bool ff_mpls(Args& a)
+static bool ff_mpls(const Args& a)
{
uint32_t mpls;
return true;
}
-static bool ff_pkt_gen(Args& a)
+static bool ff_pkt_gen(const Args& a)
{
print_label(a, "pkt_gen");
TextLog_Quote(json_log, a.pkt->get_pseudo_type());
return true;
}
-static bool ff_pkt_len(Args& a)
+static bool ff_pkt_len(const Args& a)
{
print_label(a, "pkt_len");
return true;
}
-static bool ff_pkt_num(Args& a)
+static bool ff_pkt_num(const Args& a)
{
print_label(a, "pkt_num");
TextLog_Print(json_log, STDu64, a.pkt->context->packet_number);
return true;
}
-static bool ff_priority(Args& a)
+static bool ff_priority(const Args& a)
{
print_label(a, "priority");
TextLog_Print(json_log, "%u", a.event.sig_info->priority);
return true;
}
-static bool ff_proto(Args& a)
+static bool ff_proto(const Args& a)
{
print_label(a, "proto");
TextLog_Quote(json_log, a.pkt->get_type());
return true;
}
-static bool ff_rev(Args& a)
+static bool ff_rev(const Args& a)
{
print_label(a, "rev");
TextLog_Print(json_log, "%u", a.event.sig_info->rev);
return true;
}
-static bool ff_rule(Args& a)
+static bool ff_rule(const Args& a)
{
print_label(a, "rule");
return true;
}
-static bool ff_seconds(Args& a)
+static bool ff_seconds(const Args& a)
{
print_label(a, "seconds");
TextLog_Print(json_log, "%u", a.pkt->pkth->ts.tv_sec);
return true;
}
-static bool ff_service(Args& a)
+static bool ff_service(const Args& a)
{
const char* svc = "unknown";
return true;
}
-static bool ff_sid(Args& a)
+static bool ff_sid(const Args& a)
{
print_label(a, "sid");
TextLog_Print(json_log, "%u", a.event.sig_info->sid);
return true;
}
-static bool ff_src_addr(Args& a)
+static bool ff_src_addr(const Args& a)
{
if ( a.pkt->has_ip() or a.pkt->is_data() )
{
return false;
}
-static bool ff_src_ap(Args& a)
+static bool ff_src_ap(const Args& a)
{
SfIpString addr = "";
unsigned port = 0;
return true;
}
-static bool ff_src_port(Args& a)
+static bool ff_src_port(const Args& a)
{
if ( a.pkt->proto_bits & (PROTO_BIT__TCP|PROTO_BIT__UDP) )
{
return false;
}
-static bool ff_target(Args& a)
+static bool ff_target(const Args& a)
{
SfIpString addr = "";
return true;
}
-static bool ff_tcp_ack(Args& a)
+static bool ff_tcp_ack(const Args& a)
{
if (a.pkt->ptrs.tcph )
{
return false;
}
-static bool ff_tcp_flags(Args& a)
+static bool ff_tcp_flags(const Args& a)
{
if (a.pkt->ptrs.tcph )
{
return false;
}
-static bool ff_tcp_len(Args& a)
+static bool ff_tcp_len(const Args& a)
{
if (a.pkt->ptrs.tcph )
{
return false;
}
-static bool ff_tcp_seq(Args& a)
+static bool ff_tcp_seq(const Args& a)
{
if (a.pkt->ptrs.tcph )
{
return false;
}
-static bool ff_tcp_win(Args& a)
+static bool ff_tcp_win(const Args& a)
{
if (a.pkt->ptrs.tcph )
{
return false;
}
-static bool ff_timestamp(Args& a)
+static bool ff_timestamp(const Args& a)
{
print_label(a, "timestamp");
TextLog_Putc(json_log, '"');
return true;
}
-static bool ff_tos(Args& a)
+static bool ff_tos(const Args& a)
{
if (a.pkt->has_ip())
{
return false;
}
-static bool ff_ttl(Args& a)
+static bool ff_ttl(const Args& a)
{
if (a.pkt->has_ip())
{
return false;
}
-static bool ff_udp_len(Args& a)
+static bool ff_udp_len(const Args& a)
{
if (a.pkt->ptrs.udph )
{
return false;
}
-static bool ff_vlan(Args& a)
+static bool ff_vlan(const Args& a)
{
uint16_t vid;
// module stuff
//-------------------------------------------------------------------------
-typedef bool (*JsonFunc)(Args&);
+typedef bool (*JsonFunc)(const Args&);
static const JsonFunc json_func[] =
{
bool ControlMgmt::process_control_commands(int& current_fd, Request*& current_request, int evnt_fd)
{
- bool ret = false;
auto control_conn = controls.find(evnt_fd);
if (control_conn == controls.end())
- return ret;
+ return false;
Request* old_request = current_request;
int fd = control_conn->second->shell_execute(current_fd, current_request);
current_fd = -1;
current_request = old_request;
- if (fd >= 0)
- {
- if (control_conn->second->is_local_control())
- proc_stats.local_commands++;
- else
- proc_stats.remote_commands++;
- ret = true;
- }
- return ret;
+ if (fd < 0)
+ return false;
+
+ if (control_conn->second->is_local_control())
+ proc_stats.local_commands++;
+ else
+ proc_stats.remote_commands++;
+
+ return true;
}
bool ControlMgmt::service_users(int& current_fd, Request*& current_request)
bytes_read = 0;
}
-bool Request::read(int& f)
+bool Request::read(const int& f)
{
bool newline_found = false;
char buf;
public:
Request(int f = -1);
- bool read(int&);
+ bool read(const int&);
const char* get() { return read_buf; }
bool write_response(const char* s) const;
void respond(const char* s, bool queue_response = false, bool remote_only = false);
AppIdApi appid_api;
}
-AppIdSession* AppIdApi::get_appid_session(Flow& flow)
+AppIdSession* AppIdApi::get_appid_session(const Flow& flow)
{
AppIdSession* asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id);
return AppInfoManager::get_instance().get_app_name(app_id);
}
-const char* AppIdApi::get_application_name(Flow& flow, bool from_client)
+const char* AppIdApi::get_application_name(const Flow& flow, bool from_client)
{
const char* app_name = nullptr;
AppId appid = APP_ID_NONE;
#define APPID_HA_FLAGS_SVC_DONE ( 1 << 2 )
#define APPID_HA_FLAGS_HTTP ( 1 << 3 )
-uint32_t AppIdApi::produce_ha_state(Flow& flow, uint8_t* buf)
+uint32_t AppIdApi::produce_ha_state(const Flow& flow, uint8_t* buf)
{
assert(buf);
AppIdSessionHA* appHA = (AppIdSessionHA*)buf;
return false;
}
-AppIdSessionApi* AppIdApi::create_appid_session_api(Flow& flow)
+AppIdSessionApi* AppIdApi::create_appid_session_api(const Flow& flow)
{
AppIdSession* asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id);
public:
SO_PRIVATE AppIdApi() = default;
- AppIdSession* get_appid_session(Flow& flow);
+ AppIdSession* get_appid_session(const Flow& flow);
const char* get_application_name(AppId app_id);
- const char* get_application_name(Flow& flow, bool from_client);
+ const char* get_application_name(const Flow& flow, bool from_client);
AppId get_application_id(const char* appName);
- uint32_t produce_ha_state(Flow& flow, uint8_t* buf);
+ uint32_t produce_ha_state(const Flow& flow, uint8_t* buf);
uint32_t consume_ha_state(Flow& flow, const uint8_t* buf, uint8_t length, IpProtocol,
SfIp*, uint16_t initiatorPort);
bool ssl_app_group_id_lookup(Flow* flow, const char*, const char*, AppId& service_id, AppId& client_id, AppId& payload_id);
- AppIdSessionApi* create_appid_session_api(Flow& flow);
+ AppIdSessionApi* create_appid_session_api(const Flow& flow);
void free_appid_session_api(AppIdSessionApi* api);
};
uint16_t sport;
uint16_t dport;
IpProtocol protocol = IpProtocol::PROTO_NOT_SET;
- bool proto_match(IpProtocol& proto)
+ bool proto_match(IpProtocol proto) const
{
return (protocol == IpProtocol::PROTO_NOT_SET or protocol == proto);
}
- bool port_match(uint16_t p1, uint16_t p2)
+ bool port_match(uint16_t p1, uint16_t p2) const
{
return (!sport or sport == p1) and (!dport or dport == p2);
}
- bool ip_match(const uint32_t* ip1, const uint32_t* ip2)
+ bool ip_match(const uint32_t* ip1, const uint32_t* ip2) const
{
return
((!sip_flag or !memcmp(sip.get_ip6_ptr(), ip1, sizeof(snort::ip::snort_in6_addr))) and
return false;
}
-static uint64_t is_session_monitored(AppIdSession& asd, const Packet* p, AppidSessionDirection dir,
+static uint64_t is_session_monitored(const AppIdSession& asd, const Packet* p, AppidSessionDirection dir,
AppIdInspector& inspector)
{
uint64_t flags;
using namespace snort;
-bool AppIdSessionApi::refresh(Flow& flow)
+bool AppIdSessionApi::refresh(const Flow& flow)
{
AppIdSession* new_asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id);
{
public:
AppIdSessionApi(AppIdSession* asd) : asd(asd) {}
- bool refresh(Flow& flow);
+ bool refresh(const Flow& flow);
AppId get_service_app_id();
AppId get_port_service_app_id();
AppId get_only_service_app_id();
void AppIdStatistics::cleanup()
{ delete appid_stats_manager; }
-static void update_stats(AppIdSession& asd, AppId app_id, StatsBucket* bucket)
+static void update_stats(const AppIdSession& asd, AppId app_id, StatsBucket* bucket)
{
AppIdStatRecord* record = (AppIdStatRecord*)(fwAvlLookup(app_id, bucket->appsTree));
if ( !record )
tPatternNode* newNode;
tPatternPrimaryNode* prevPrimaryPatternNode = nullptr;
tPatternPrimaryNode* primaryNode = nullptr;
- const tMlmpPattern* patterns = inputPatternList;
+ const tMlmpPattern* patterns;
uint32_t partTotal = 0;
uint32_t i;
}
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { }
class AppIdInspector : public snort::Inspector
{
return static_cast<ServiceDiscovery*>(handler)->fail_service(asd, pkt, dir, this);
}
-void ServiceDetector::initialize_expected_session(AppIdSession& parent, AppIdSession& expected,
+void ServiceDetector::initialize_expected_session(const AppIdSession& parent, AppIdSession& expected,
uint64_t flags, AppidSessionDirection dir)
{
if (dir == APP_ID_FROM_INITIATOR)
asd.misc_app_id = miscId;
}
- void initialize_expected_session(AppIdSession&, AppIdSession&, uint64_t flags, AppidSessionDirection dir);
+ void initialize_expected_session(const AppIdSession&, AppIdSession&, uint64_t flags, AppidSessionDirection dir);
private:
int update_service_data(AppIdSession&, const snort::Packet*, AppidSessionDirection dir, AppId,
Flow* flow = nullptr;
AppIdSession* mock_session = nullptr;
-AppIdSession* AppIdApi::get_appid_session(Flow&)
+AppIdSession* AppIdApi::get_appid_session(const Flow&)
{
mock().actualCall("get_appid_session");
return mock_session;
}
static inline void process_third_party_results(AppIdSession& asd, int confidence,
- vector<AppId>& proto_list, ThirdPartyAppIDAttributeData& attribute_data,
+
const vector<AppId>& proto_list, ThirdPartyAppIDAttributeData& attribute_data,
AppidChangeBits& change_bits)
{
if ( asd.payload.get_id() == APP_ID_NONE and contains(proto_list, APP_ID_EXCHANGE) )
// implementation stuff
//-------------------------------------------------------------------------
-static IPMacEntry* LookupIPMacEntryByIP(
- IPMacEntryList& ipmel, uint32_t ipv4_addr)
+static const IPMacEntry* LookupIPMacEntryByIP(const IPMacEntryList& ipmel, uint32_t ipv4_addr)
{
for ( auto& p : ipmel )
{
if (!config->check_overwrite)
return;
- IPMacEntry* ipme = LookupIPMacEntryByIP(config->ipmel, ah->arp_spa32);
+ const IPMacEntry* ipme = LookupIPMacEntryByIP(config->ipmel, ah->arp_spa32);
if ( ipme )
{
auto cmp_ether_src = memcmp(src_mac_addr, ipme->mac_addr, 6);
uint16_t dport;
IpProtocol protocol = IpProtocol::PROTO_NOT_SET;
- bool proto_match(IpProtocol& proto)
+ bool proto_match(const IpProtocol& proto) const
{
return (protocol == IpProtocol::PROTO_NOT_SET or protocol == proto);
}
- bool port_match(uint16_t p1, uint16_t p2)
+ bool port_match(uint16_t p1, uint16_t p2) const
{
return (!sport or sport == p1) and (!dport or dport == p2);
}
- bool ip_match(const uint32_t* ip1, const uint32_t* ip2)
+ bool ip_match(const uint32_t* ip1, const uint32_t* ip2) const
{
return
((!sip_flag or !memcmp(sip.get_ip6_ptr(), ip1, sizeof(snort::ip::snort_in6_addr))) and
return true;
}
-bool Trough::get_pcaps(std::vector<struct PcapReadObject> &pol)
+bool Trough::get_pcaps(const std::vector<struct PcapReadObject> &pol)
{
for (const PcapReadObject &pro : pol)
{
static bool add_pcaps_dir(const std::string& dirname, const std::string& filter);
static bool add_pcaps_list_file(const std::string& list_filename, const std::string& filter);
static bool add_pcaps_list(const std::string& list);
- static bool get_pcaps(std::vector<struct PcapReadObject> &pol);
+ static bool get_pcaps(const std::vector<struct PcapReadObject> &pol);
static std::vector<struct PcapReadObject> pcap_object_list;
static std::vector<std::string> pcap_queue;
L, chunk.buffer.c_str(), chunk.buffer.size(), chunk.filename.c_str());
}
-static bool setup_globals(lua_State* L, Test& t)
+static bool setup_globals(lua_State* L, const Test& t)
{
// Add script_dir env var
Lua::set_script_dir(L, SCRIPT_DIR_VARNAME, t.chunk->filename);
{
int bnfa_memory=0;
bnfa_struct_t* p = (bnfa_struct_t*)BNFA_MALLOC(sizeof(bnfa_struct_t),bnfa_memory);
- if (!p)
- return nullptr;
if ( p )
{
class Dce2Smb : public snort::Inspector
{
public:
- Dce2Smb(dce2SmbProtoConf&);
+ Dce2Smb(const dce2SmbProtoConf&);
~Dce2Smb() override;
void show(snort::SnortConfig*) override;
dce2SmbProtoConf config;
};
-Dce2Smb::Dce2Smb(dce2SmbProtoConf& pc)
+Dce2Smb::Dce2Smb(const dce2SmbProtoConf& pc)
{
config = pc;
if ((config.smb_file_inspection == DCE2_SMB_FILE_INSPECTION_ONLY)
class Dce2Tcp : public Inspector
{
public:
- Dce2Tcp(dce2TcpProtoConf&);
+ Dce2Tcp(const dce2TcpProtoConf&);
void show(SnortConfig*) override;
void eval(Packet*) override;
dce2TcpProtoConf config;
};
-Dce2Tcp::Dce2Tcp(dce2TcpProtoConf& pc)
+Dce2Tcp::Dce2Tcp(const dce2TcpProtoConf& pc)
{
config = pc;
}
class Dce2Udp : public Inspector
{
public:
- Dce2Udp(dce2UdpProtoConf&);
+ Dce2Udp(const dce2UdpProtoConf&);
void show(SnortConfig*) override;
void eval(Packet*) override;
void clear(Packet*) override;
dce2UdpProtoConf config;
};
-Dce2Udp::Dce2Udp(dce2UdpProtoConf& pc)
+Dce2Udp::Dce2Udp(const dce2UdpProtoConf& pc)
{
config = pc;
}
class Dce2OpnumOption : public IpsOption
{
public:
- Dce2OpnumOption(DCE2_Opnum& src_opnum) : IpsOption(s_name)
+ Dce2OpnumOption(const DCE2_Opnum& src_opnum) : IpsOption(s_name)
{ opnum = src_opnum; }
uint32_t hash() const override;
bool operator==(const IpsOption&) const override;
}
}
-static bool dnp3_process_udp(dnp3ProtoConf& config, dnp3_session_data_t* dnp3_sess, Packet* p)
+static bool dnp3_process_udp(const dnp3ProtoConf& config, dnp3_session_data_t* dnp3_sess, Packet* p)
{
/* Possibly multiple PDUs in this UDP payload.
Split up and process individually. */
/* Main runtime entry point */
-static void process_dnp3(dnp3ProtoConf& config, Packet* p)
+static void process_dnp3(const dnp3ProtoConf& config, Packet* p)
{
if ( p->has_tcp_data() && !p->is_full_pdu() )
{
class Dnp3 : public Inspector
{
public:
- Dnp3(dnp3ProtoConf&);
+ Dnp3(const dnp3ProtoConf&);
void show(SnortConfig*) override;
void eval(Packet*) override;
dnp3ProtoConf config;
};
-Dnp3::Dnp3(dnp3ProtoConf& pc)
+Dnp3::Dnp3(const dnp3ProtoConf& pc)
{
config.check_crc = pc.check_crc;
}
bool dnp3_func_is_defined(uint16_t code)
{
size_t num_funcs = sizeof(func_map) / sizeof(func_map[0]);
- size_t i;
- int func_is_defined = false;
/* Check to see if code is higher than all codes in func map */
- if (code > func_map[num_funcs-1].value)
- return func_is_defined;
+ if (code > func_map[num_funcs - 1].value)
+ return false;
- for (i = 0; i < num_funcs-1; i++)
+ for (size_t i = 0; i < num_funcs - 1; i++)
{
/* This short-circuit check assumes that the function map remains
in-order. */
- if (code <= func_map[i].value)
+ if (code < func_map[i].value)
break;
+ if (code == func_map[i].value)
+ return true;
}
- if (code == func_map[i].value)
- func_is_defined = true;
-
- return func_is_defined;
+ return false;
}
int dnp3_func_str_to_code(const char* name)
dnp3_config.check_crc = config.check_crc;
}
-void print_dnp3_conf(dnp3ProtoConf& config)
+void print_dnp3_conf(const dnp3ProtoConf& config)
{
LogMessage("DNP3 config: \n");
LogMessage(" Check CRC: %s\n",
dnp3ProtoConf config;
};
-void print_dnp3_conf(dnp3ProtoConf& config);
+void print_dnp3_conf(const dnp3ProtoConf& config);
#endif
}
/* Check CRCs in a Link-Layer Frame, then fill a buffer containing just the user data */
-static bool dnp3_check_remove_crc(dnp3ProtoConf& config, const uint8_t* pdu_start,
+static bool dnp3_check_remove_crc(const dnp3ProtoConf& config, const uint8_t* pdu_start,
uint16_t pdu_length, char* buf, uint16_t* buflen)
{
const char* cursor;
}
/* Main DNP3 Reassembly function. */
-bool dnp3_full_reassembly(dnp3ProtoConf& config, dnp3_session_data_t* session, Packet* packet,
+bool dnp3_full_reassembly(const dnp3ProtoConf& config, dnp3_session_data_t* session, Packet* packet,
const uint8_t* pdu_start, uint16_t pdu_length)
{
char buf[DNP3_TPDU_MAX];
#include "dnp3_module.h"
#include "dnp3.h"
-bool dnp3_full_reassembly(dnp3ProtoConf& config, dnp3_session_data_t* session, snort::Packet* p,
+bool dnp3_full_reassembly(const dnp3ProtoConf& config, dnp3_session_data_t* session, snort::Packet* p,
const uint8_t* pdu_start, uint16_t pdu_length);
void dnp3_reassembly_reset(dnp3_reassembly_data_t* rdata);
return true;
}
-BounceTo::BounceTo(string& a, Port l, Port h)
+BounceTo::BounceTo(const string& a, Port l, Port h)
{
address = a;
low = l;
// server stuff
//-------------------------------------------------------------------------
-FtpCmd::FtpCmd(std::string& key, uint32_t flg, int num)
+FtpCmd::FtpCmd(const std::string& key, uint32_t flg, int num)
{
name = key;
flags = flg;
number = num;
}
-FtpCmd::FtpCmd(std::string& key, std::string& fmt, int num)
+FtpCmd::FtpCmd(const std::string& key, const std::string& fmt, int num)
{
name = key;
format = fmt;
Port low;
Port high;
- BounceTo(std::string& address, Port lo, Port hi);
+ BounceTo(const std::string& address, Port lo, Port hi);
};
class FtpClientModule : public snort::Module
uint32_t flags;
unsigned number;
- FtpCmd(std::string&, uint32_t, int);
- FtpCmd(std::string&, std::string&, int);
+ FtpCmd(const std::string&, uint32_t, int);
+ FtpCmd(const std::string&, const std::string&, int);
};
class FtpServerModule : public snort::Module
const unsigned char* end = p->data + p->dsize;
- DataBuffer& buf = DetectionEngine::get_alt_buffer(p);
+ const DataBuffer& buf = DetectionEngine::get_alt_buffer(p);
if ( buf.len )
end = buf.data + buf.len;
const uint8_t* get_telnet_buffer(Packet* p, unsigned& len)
{
- DataBuffer& buf = DetectionEngine::get_alt_buffer(p);
+ const DataBuffer& buf = DetectionEngine::get_alt_buffer(p);
len = buf.len;
return len ? buf.data : nullptr;
}
if ( !gfd or !gfd->ropts.gtp_infoElements )
return NO_MATCH;
- GTP_Roptions& ropts = gfd->ropts;
+ const GTP_Roptions& ropts = gfd->ropts;
// match the status code
uint8_t ieType = types[ropts.gtp_version];
snort::FlowData::~FlowData() = default;
unsigned snort::FlowData::flow_data_id = 0;
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
-void show_stats(SimpleStats*, const char*) { }
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { }
class Http2FlowDataTest : public Http2FlowData
{
transaction->get_infractions(source_id), transaction->get_events(source_id));
}
-void HttpMsgBody::do_file_processing(Field& file_data)
+void HttpMsgBody::do_file_processing(const Field& file_data)
{
// Using the trick that cutter is deleted when regular or chunked body is complete
Packet* p = DetectionEngine::get_current_packet();
#endif
private:
- void do_file_processing(Field& file_data);
+ void do_file_processing(const Field& file_data);
void do_utf_decoding(const Field& input, Field& output);
void do_file_decompression(const Field& input, Field& output);
void do_js_normalization(const Field& input, Field& output);
void HttpMsgSection::update_depth() const
{
- int64_t& file_depth_remaining = session_data->file_depth_remaining[source_id];
- int64_t& detect_depth_remaining = session_data->detect_depth_remaining[source_id];
+ const int64_t& file_depth_remaining = session_data->file_depth_remaining[source_id];
+ const int64_t& detect_depth_remaining = session_data->detect_depth_remaining[source_id];
if ((detect_depth_remaining <= 0) &&
(session_data->detection_status[source_id] == DET_ON))
{
ChunkState& curr_state = session_data->chunk_state[source_id];
uint32_t& expected = session_data->chunk_expected_length[source_id];
- bool& is_broken_chunk = session_data->is_broken_chunk[source_id];
+ const bool& is_broken_chunk = session_data->is_broken_chunk[source_id];
uint32_t& num_good_chunks = session_data->num_good_chunks[source_id];
if (is_broken_chunk && (num_good_chunks == 0))
}
}
-void HttpUri::check_oversize_dir(Field& uri_field)
+void HttpUri::check_oversize_dir(const Field& uri_field)
{
const uint8_t* last_dir = nullptr;
const uint8_t* cur;
void parse_authority();
void parse_abs_path();
- void check_oversize_dir(Field&);
+ void check_oversize_dir(const Field&);
};
#endif
}
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
-void show_stats(SimpleStats*, const char*) { }
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { }
int32_t str_to_code(const uint8_t*, const int32_t, const StrCode []) { return 0; }
int32_t substr_to_code(const uint8_t*, const int32_t, const StrCode []) { return 0; }
}
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
-void show_stats( PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
-void show_stats(SimpleStats*, const char*) { }
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { }
HttpJsNorm::HttpJsNorm(int, const HttpParaList::UriParam& uri_param_) :
max_javascript_whitespaces(0), uri_param(uri_param_), javascript_search_mpse(nullptr),
if ( ibt != InspectionBuffer::IBT_ALT )
return false;
- DataBuffer& buf = DetectionEngine::get_alt_buffer(p);
+ const DataBuffer& buf = DetectionEngine::get_alt_buffer(p);
b.len = buf.len;
b.data = (b.len > 0) ? buf.data : nullptr;
static bool SMTP_IsAuthChanged(SMTPData* smtp_ssn, const uint8_t* start_ptr, const
uint8_t* end_ptr)
{
- int length;
- bool auth_changed = false;
const uint8_t* start = start_ptr;
const uint8_t* end = end_ptr;
end--;
if (start >= end)
- return auth_changed;
+ return false;
- length = end - start;
+ int length = end - start;
if (length > MAX_AUTH_NAME_LEN)
- return auth_changed;
+ return false;
if (SMTP_IsAuthCtxIgnored(start, length))
- return auth_changed;
+ return false;
/* if authentication mechanism is set, compare it with current one*/
+ bool auth_changed = false;
if (smtp_ssn->auth_name)
{
if (smtp_ssn->auth_name->length != length)
using namespace snort;
using namespace std;
-SmtpCmd::SmtpCmd(std::string& key, uint32_t flg, int num)
+SmtpCmd::SmtpCmd(const std::string& key, uint32_t flg, int num)
{
name = key;
flags = flg;
number = num;
}
-SmtpCmd::SmtpCmd(std::string& key, int num)
+SmtpCmd::SmtpCmd(const std::string& key, int num)
{
name = key;
uint32_t flags;
unsigned number;
- SmtpCmd(std::string&, uint32_t, int);
- SmtpCmd(std::string&, int);
+ SmtpCmd(const std::string&, uint32_t, int);
+ SmtpCmd(const std::string&, int);
};
class SmtpModule : public snort::Module
const uint8_t* SMTP_GetAltBuffer(Packet* p, unsigned& len)
{
- DataBuffer& buf = DetectionEngine::get_alt_buffer(p);
+ const DataBuffer& buf = DetectionEngine::get_alt_buffer(p);
len = buf.len;
return len ? buf.data : nullptr;
}
bool finished(Wand&);
bool cast_spell(Wand&, Flow*, const uint8_t*, unsigned);
bool spellbind(const MagicPage*&, Flow*, const uint8_t*, unsigned);
- bool cursebind(vector<CurseServiceTracker>&, Flow*, const uint8_t*, unsigned);
+ bool cursebind(const vector<CurseServiceTracker>&, Flow*, const uint8_t*, unsigned);
public:
MagicBook* c2s_hexes;
return ( f->service != nullptr );
}
-bool Wizard::cursebind(vector<CurseServiceTracker>& curse_tracker, Flow* f,
+bool Wizard::cursebind(const vector<CurseServiceTracker>& curse_tracker, Flow* f,
const uint8_t* data, unsigned len)
{
for (const CurseServiceTracker& cst : curse_tracker)
}
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { }
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { }
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { }
namespace snort
{
TcpStreamTracker::~TcpStreamTracker()
{ delete splitter; }
-TcpStreamTracker::TcpEvent TcpStreamTracker::set_tcp_event(TcpSegmentDescriptor& tsd)
+TcpStreamTracker::TcpEvent TcpStreamTracker::set_tcp_event(const TcpSegmentDescriptor& tsd)
{
bool talker;
const tcp::TCPHdr* tcph = tsd.get_tcph();
return true;
}
-void TcpStreamTracker::cache_mac_address(TcpSegmentDescriptor& tsd, uint8_t direction)
+void TcpStreamTracker::cache_mac_address(const TcpSegmentDescriptor& tsd, uint8_t direction)
{
/* Not Ethernet based, nothing to do */
if ( tsd.get_pkt()->is_eth() )
TcpEvent get_tcp_event() const
{ return tcp_event; }
- TcpEvent set_tcp_event(TcpSegmentDescriptor&);
+ TcpEvent set_tcp_event(const TcpSegmentDescriptor&);
void set_tcp_event(TcpEvent tcp_event)
{ this->tcp_event = tcp_event; }
}
// ack number must ack syn
- bool is_rst_valid_in_syn_sent(TcpSegmentDescriptor& tsd)
+ bool is_rst_valid_in_syn_sent(const TcpSegmentDescriptor& tsd) const
{ return tsd.get_seg_ack() == snd_una; }
uint32_t get_ts_last() const
void set_tcp_options_len(uint8_t tcp_options_len)
{ this->tcp_options_len = tcp_options_len; }
- void cache_mac_address(TcpSegmentDescriptor&, uint8_t direction);
+ void cache_mac_address(const TcpSegmentDescriptor&, uint8_t direction);
bool compare_mac_addresses(const uint8_t eth_addr[]);
bool is_rst_pkt_sent() const
//--------------------------------------------------------------------
-static uint32_t paf_flush (PAF_State* ps, PafAux& px, uint32_t* flags)
+static uint32_t paf_flush (PAF_State* ps, const PafAux& px, uint32_t* flags)
{
uint32_t at = 0;
*flags &= ~(PKT_PDU_HEAD | PKT_PDU_TAIL);
static inline int handle_repeated_syn_mswin(
TcpStreamTracker* talker, TcpStreamTracker* listener,
- TcpSegmentDescriptor& tsd, TcpStreamSession* session)
+ const TcpSegmentDescriptor& tsd, TcpStreamSession* session)
{
/* Windows has some strange behavior here. If the sequence of the reset is the
* next expected sequence, it Resets. Otherwise it ignores the 2nd SYN.
}
static inline int handle_repeated_syn_bsd(
- TcpStreamTracker* talker, TcpSegmentDescriptor& tsd, TcpStreamSession* session)
+ TcpStreamTracker* talker, const TcpSegmentDescriptor& tsd, TcpStreamSession* session)
{
/* If its not a retransmission of the actual SYN... RESET */
if (!SEQ_EQ(tsd.get_seg_seq(), talker->get_iss()))
// Older Linux ( <= 2.2 kernel ), Win32 (non 2K3) allow the 3whs to use a 0 timestamp.
static inline bool paws_3whs_zero_ts_supported(
- TcpStreamTracker* talker, TcpStreamTracker* listener, TcpSegmentDescriptor& tsd)
+ TcpStreamTracker* talker, TcpStreamTracker* listener, const TcpSegmentDescriptor& tsd)
{
bool check_ts = true;
return ( get_pending_segment_count(trs, 2) > 1 ); // FIXIT-L return false?
}
-bool TcpReassembler::next_no_gap(TcpSegmentNode& tsn)
+bool TcpReassembler::next_no_gap(const TcpSegmentNode& tsn)
{
return tsn.next and (tsn.next->i_seq == tsn.i_seq + tsn.i_len);
}
-void TcpReassembler::update_next(TcpReassemblerState& trs, TcpSegmentNode& tsn)
+void TcpReassembler::update_next(TcpReassemblerState& trs, const TcpSegmentNode& tsn)
{
trs.sos.seglist.cur_rseg = next_no_gap(tsn) ? tsn.next : nullptr;
if ( trs.sos.seglist.cur_rseg )
}
bool TcpReassembler::is_segment_fasttrack(
- TcpReassemblerState&, TcpSegmentNode* tail, TcpSegmentDescriptor& tsd)
+ TcpReassemblerState&, TcpSegmentNode* tail, const TcpSegmentDescriptor& tsd)
{
if ( SEQ_EQ(tsd.get_seg_seq(), tail->i_seq + tail->i_len) )
return true;
int trim_delete_reassembly_segment(TcpReassemblerState&, TcpSegmentNode*, uint32_t flush_seq);
void queue_reassembly_segment(TcpReassemblerState&, TcpSegmentNode* prev, TcpSegmentNode*);
void init_overlap_editor(TcpReassemblerState&, TcpSegmentDescriptor&);
- bool is_segment_fasttrack(TcpReassemblerState&, TcpSegmentNode* tail, TcpSegmentDescriptor&);
+ bool is_segment_fasttrack(TcpReassemblerState&, TcpSegmentNode* tail, const TcpSegmentDescriptor&);
void show_rebuilt_packet(TcpReassemblerState&, snort::Packet*);
uint32_t get_flush_data_len(
TcpReassemblerState&, TcpSegmentNode*, uint32_t to_seq, unsigned max);
int32_t flush_pdu_ackd(TcpReassemblerState&, uint32_t* flags, snort::Packet*);
void purge_to_seq(TcpReassemblerState&, uint32_t flush_seq);
- bool next_no_gap(TcpSegmentNode&);
- void update_next(TcpReassemblerState&, TcpSegmentNode&);
+ bool next_no_gap(const TcpSegmentNode&);
+ void update_next(TcpReassemblerState&, const TcpSegmentNode&);
};
#endif
return tsn;
}
-TcpSegmentNode* TcpSegmentNode::init(TcpSegmentDescriptor& tsd)
+TcpSegmentNode* TcpSegmentNode::init(const TcpSegmentDescriptor& tsd)
{
return create(tsd.get_pkt()->pkth->ts, tsd.get_pkt()->data, tsd.get_seg_len());
}
static TcpSegmentNode* create(const struct timeval& tv, const uint8_t* segment, uint16_t len);
public:
- static TcpSegmentNode* init(TcpSegmentDescriptor&);
+ static TcpSegmentNode* init(const TcpSegmentDescriptor&);
static TcpSegmentNode* init(TcpSegmentNode&);
void term();
DataBus::publish(FLOW_STATE_EVENT, nullptr, flow);
}
-bool TcpSession::flow_exceeds_config_thresholds(TcpSegmentDescriptor& tsd)
+bool TcpSession::flow_exceeds_config_thresholds(const TcpSegmentDescriptor& tsd)
{
if ( listener->flush_policy == STREAM_FLPOLICY_IGNORE )
{
}
}
-void TcpSession::update_stream_order(TcpSegmentDescriptor& tsd, bool aligned)
+void TcpSession::update_stream_order(const TcpSegmentDescriptor& tsd, bool aligned)
{
switch ( listener->order )
{
st.reassembler.set_xtradata_mask(st.reassembler.get_xtradata_mask() | BIT(xid));
}
-static inline void set_window_scale(TcpStreamTracker& talker, TcpStreamTracker& listener,
+static inline void set_window_scale(const TcpStreamTracker& talker, const TcpStreamTracker& listener,
TcpSegmentDescriptor& tsd)
{
// scale the window. Only if BOTH client and server specified wscale option as part
private:
void set_os_policy() override;
- bool flow_exceeds_config_thresholds(TcpSegmentDescriptor&);
- void update_stream_order(TcpSegmentDescriptor&, bool aligned);
+ bool flow_exceeds_config_thresholds(const TcpSegmentDescriptor&);
+ void update_stream_order(const TcpSegmentDescriptor&, bool aligned);
void process_tcp_stream(TcpSegmentDescriptor&);
int process_tcp_data(TcpSegmentDescriptor&);
void swap_trackers();
void UserTracker::flush(Packet* p, unsigned flush_amt, uint32_t flags)
{
unsigned bytes_flushed = 0;
- StreamBuffer sb = { nullptr, 0 };
trace_logf(stream_user, "flush[%d]\n", flush_amt);
uint32_t rflags = flags & ~PKT_PDU_TAIL;
Packet* up = DetectionEngine::set_next_packet(p);
}
trace_logf(stream_user, "reassemble[%d]\n", len);
- sb = splitter->reassemble(
+ StreamBuffer sb = splitter->reassemble(
p->flow, flush_amt, bytes_flushed, data, len, rflags, bytes_copied);
bytes_flushed += bytes_copied;
StreamSplitter* UserSession::get_splitter(bool c2s)
{
- UserTracker& ut = c2s ? server : client;
+ const UserTracker& ut = c2s ? server : client;
return ut.splitter;
}
#include "config.h"
#endif
+#include "packet_time.h"
+
#include "main/thread.h"
#include "time/timersub.h"
-#include "packet_time.h"
-
static THREAD_LOCAL struct timeval s_recent_packet = { 0, 0 };
static THREAD_LOCAL uint32_t s_first_packet = 0;
void packet_time_update(const struct timeval* cur_tv)
{
- if (timercmp(cur_tv, &s_recent_packet, >))
+ if (timercmp(&s_recent_packet, cur_tv, <))
{
if ( !s_first_packet )
s_first_packet = cur_tv->tv_sec;
void show_stats(
PegCount* pegs, const PegInfo* info,
- IndexVec& peg_idxs, const char* module_name, FILE* fh)
+ const IndexVec& peg_idxs, const char* module_name, FILE* fh)
{
bool head = false;
void sum_stats(PegCount* sums, PegCount* counts, unsigned n);
void show_stats(PegCount*, const PegInfo*, const char* module_name = nullptr);
void show_stats(PegCount*, const PegInfo*, unsigned n, const char* module_name = nullptr);
-void show_stats(PegCount*, const PegInfo*, IndexVec&, const char* module_name, FILE*);
+void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char* module_name, FILE*);
void show_percent_stats(PegCount*, const char*[], unsigned n, const char* module_name = nullptr);
void sum_stats(SimpleStats* sums, SimpleStats* counts);
return true;
}
-bool BerReader::convert(BerElement& e, uint32_t& intval)
+bool BerReader::convert(const BerElement& e, uint32_t& intval)
{
if ( e.type != BerType::INTEGER )
return false;
class SO_PUBLIC BerReader
{
public:
- BerReader(Cursor& c)
+ BerReader(const Cursor& c)
{
beg = c.buffer();
end = c.endo();
bool read(const uint8_t* c, BerElement& e);
- bool convert(BerElement& e, uint32_t& intval);
+ bool convert(const BerElement& e, uint32_t& intval);
bool extract(const uint8_t*& c, uint32_t& intval);
bool skip(const uint8_t*& c, uint32_t type);
namespace snort
{
-char* ObfuscateIpToText(const SfIp* ip, SfCidr& homenet, SfCidr& obfunet, InetBuf& ab)
+char* ObfuscateIpToText(const SfIp* ip, const SfCidr& homenet, SfCidr& obfunet, InetBuf& ab)
{
ab[0] = 0;
typedef char InetBuf[INET6_ADDRSTRLEN];
SO_PUBLIC char* ObfuscateIpToText(
- const struct SfIp*, SfCidr& homenet, SfCidr& obfuscate_net, InetBuf&);
+ const struct SfIp*, const SfCidr& homenet, SfCidr& obfuscate_net, InetBuf&);
}
#endif
return std::string();
}
-void Rule::update_option(const std::string& keyword, std::string& val)
+void Rule::update_option(const std::string& keyword, const std::string& val)
{
for (auto option : options)
{
{
curr_sticky_buffer = new_buffer;
RuleOption* new_opt = new RuleOption(new_buffer);
- options.insert(iter, new_opt);
+ iter = options.insert(iter, new_opt);
++iter;
}
}
void add_option(const std::string& keyword);
void add_option(const std::string& keyword, const std::string& data);
std::string get_option(const std::string& keyword);
- void update_option(const std::string& keyword, std::string& val);
+ void update_option(const std::string& keyword, const std::string& val);
void add_suboption(const std::string& keyword);
void add_suboption(const std::string& keyword, const std::string& val);
void set_curr_options_buffer(const std::string& buffer, bool add_option);
inline const std::string& get_name() { return name; }
inline const std::string& get_value() { return value; }
- inline void update_value(std::string& new_value) { value = new_value; }
+ inline void update_value(const std::string& new_value) { value = new_value; }
bool add_suboption(const std::string& name);
bool add_suboption(const std::string& name, const std::string& val);
return curr_rule->get_option(keyword);
}
-void RuleApi::update_option(const std::string& keyword, std::string& val)
+void RuleApi::update_option(const std::string& keyword, const std::string& val)
{
if (!curr_rule)
return;
void add_option(const std::string& keyword);
void add_option(const std::string& keyword, const std::string& val);
std::string get_option(const std::string& keyword);
- void update_option(const std::string& keyword, std::string& val);
+ void update_option(const std::string& keyword, const std::string& val);
void add_suboption(const std::string& keyword);
void add_suboption(const std::string& keyword, const std::string& val);
void set_curr_options_buffer(const std::string& buffer, bool add_option=false);
{
public:
TableApi() = default;
- TableApi(TableApi* d, TableDelegation& td) : delegate(d), delegations(td) {}
+ TableApi(TableApi* d, const TableDelegation& td) : delegate(d), delegations(td) {}
virtual ~TableApi();
void reset_state();
projects / thirdparty / snort3.git / commitdiff
