{
PacketLatency::Context pkt_latency_ctx { p };
+ InspectorManager::probe_first(p);
if ( p->ptrs.decode_flags & DECODE_ERR_FLAGS )
{
if ( p->context->conf->ips_inline_mode() and
"control",
"probe",
"file",
+ "probe_first",
};
const char* InspectApi::get_type(InspectorType type)
IT_CONTROL, // process all packets before detection (eg appid)
IT_PROBE, // process all packets after detection (eg perf_monitor, port_scan)
IT_FILE, // file identification inspector
+ IT_PROBE_FIRST, // process all packets before detection (eg packet_capture)
IT_MAX
};
{
PHVector passive;
PHVector probe;
+ PHVector probe_first;
PHVector control;
void vectorize(SnortConfig*) override;
{
passive.alloc(ilist.size());
probe.alloc(ilist.size());
+ probe_first.alloc(ilist.size());
control.alloc(ilist.size());
for ( auto* p : ilist )
{
probe.add(p);
break;
+ case IT_PROBE_FIRST:
+ probe_first.add(p);
+ break;
+
case IT_CONTROL:
control.add_control(p);
break;
case IT_PROBE:
return get_instance_from_vector(key, probe.vec, probe.total_num);
+ case IT_PROBE_FIRST:
+ return get_instance_from_vector(key, probe_first.vec, probe_first.total_num);
+
case IT_CONTROL:
return get_instance_from_vector(key, control.vec, control.total_num);
}
}
+void InspectorManager::probe_first(Packet* p)
+{
+ GlobalInspectorPolicy* pp = p->context->conf->policy_map->get_global_inspector_policy();
+ assert(pp);
+ if ( !trace_enabled(snort_trace, TRACE_INSPECTOR_MANAGER, DEFAULT_TRACE_LOG_LEVEL, p) )
+ ::execute<false>(p, pp->probe_first.vec, pp->probe_first.num, true);
+ else
+ ::execute<true>(p, pp->probe_first.vec, pp->probe_first.num, true);
+}
+
void InspectorManager::clear(Packet* p)
{
if ( !p->context->clear_inspectors )
static void execute(Packet*);
static void probe(Packet*);
+ static void probe_first(Packet*);
static void clear(Packet*);
static void empty_trash();
return dlt;
}
+static int _pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
+ struct bpf_program *program,
+ const char *buf, int optimize, bpf_u_int32 mask)
+{
+ pcap_t *p;
+ int ret;
+
+ p = pcap_open_dead(linktype_arg, snaplen_arg);
+ if (p == NULL)
+ return (PCAP_ERROR);
+ ret = pcap_compile(p, program, buf, optimize, mask);
+ pcap_close(p);
+ return (ret);
+}
+
static bool bpf_compile_and_validate()
{
// FIXIT-M This BPF compilation is not thread-safe and should be handled by the main thread
- if ( pcap_compile_nopcap(SNAP_LEN, get_dlt(), &bpf,
+ if ( _pcap_compile_nopcap(SNAP_LEN, get_dlt(), &bpf,
config.filter.c_str(), 1, 0) >= 0 )
{
if (bpf_validate(bpf.bf_insns, bpf.bf_len))
mod_ctor,
mod_dtor
},
- IT_PROBE,
+ IT_PROBE_FIRST,
PROTO_BIT__ANY_IP | PROTO_BIT__ETH,
nullptr, // buffers
nullptr, // service
static bool bpf_compile_and_validate_test()
{
- if (pcap_compile_nopcap(SNAP_LEN, DLT_EN10MB, &bpf,
+ if (_pcap_compile_nopcap(SNAP_LEN, DLT_EN10MB, &bpf,
config.filter.c_str(), 1, 0) >= 0)
{
if (bpf_validate(bpf.bf_insns, bpf.bf_len))
projects / thirdparty / snort3.git / commitdiff
