Squashed commit of the following:
commit
30faa7bb1f3f83b020ce7e5dd8d8c97b5d43f0e2
Author: Carter Waxman <cwaxman@cisco.com>
Date: Tue Nov 27 14:13:12 2018 -0500
regex worker: removed assert that didn't handle locks cleanly
commit
2a72bde15e444742d268a04253ae017c40a6eae6
Author: Carter Waxman <cwaxman@cisco.com>
Date: Mon Nov 26 17:25:46 2018 -0500
detection, stream: fixed assuming packets were offloaded when previous packets on flow have been offloaded
commit
5a03c7594249291950283c9a05e2a6e85a23dc95
Author: Carter Waxman <cwaxman@cisco.com>
Date: Wed Nov 21 14:11:02 2018 -0500
stream tcp: fixed sequence overlap handling when working with empty seglist
commit
30c258f980faef8382623efac34aa44c6e1ff235
Author: Carter Waxman <cwaxman@cisco.com>
Date: Wed Nov 21 07:35:53 2018 -0500
stream tcp: fixed applying post-inspection operations to wrong rebuilt packet
return nullptr;
IpsContext* c = idle.back();
+ assert(!c->has_callbacks());
idle.pop_back();
return c;
}
assert(!idle.empty());
trace_logf(detection, TRACE_DETECTION_ENGINE, "(wire) %" PRIu64 " cs::start %u (i=%zu, b=%zu)\n",
get_packet_number(), idle.back()->get_slot(), idle.size(), busy.size());
+ assert(!idle.back()->has_callbacks());
busy.emplace_back(idle.back());
idle.pop_back();
get_packet_number(), busy.back()->get_slot(), idle.size(), busy.size());
IpsContext* c = busy.back();
+ assert(!c->has_callbacks());
c->clear_context_data();
idle.emplace_back(c);
busy.back()->packet->active = nullptr;
idle.emplace_back(hold[i]);
hold[i] = nullptr;
+ idle.back()->clear_callbacks();
+ idle.back()->clear_context_data();
}
}
while ( !busy.empty() )
idle.emplace_back(busy.back());
busy.pop_back();
+ idle.back()->clear_callbacks();
+ idle.back()->clear_context_data();
}
}
trace_logf(detection, TRACE_DETECTION_ENGINE, "%" PRIu64 " cs::interrupt %u (i=%zu, b=%zu)\n",
idle.back()->packet_number, idle.back()->get_slot(), idle.size(), busy.size());
+ assert(!idle.back()->has_callbacks());
busy.emplace_back(idle.back());
idle.pop_back();
return busy.back();
trace_logf(detection, TRACE_DETECTION_ENGINE, "%" PRIu64 " cs::complete %u (i=%zu, b=%zu)\n",
c->packet_number, busy.back()->get_slot(), idle.size(), busy.size());
+ assert(!c->has_callbacks());
c->clear_context_data();
idle.emplace_back(c);
THREAD_LOCAL ProfileStats eventqPerfStats;
THREAD_LOCAL ProfileStats rebuiltPacketPerfStats;
-void snort_ignore(Packet*) { }
+bool snort_ignore(Packet*) { return true; }
-void snort_log(Packet* p)
+bool snort_log(Packet* p)
{
pc.log_pkts++;
EventManager::call_loggers(nullptr, p, nullptr, nullptr);
+
+ return true;
}
void CallLogFuncs(Packet* p, ListHead* head, Event* event, const char* msg)
extern THREAD_LOCAL snort::ProfileStats rebuiltPacketPerfStats;
// main loop hooks
-void snort_ignore(snort::Packet*);
-void snort_log(snort::Packet*);
+bool snort_ignore(snort::Packet*);
+bool snort_log(snort::Packet*);
// alerts
void CallLogFuncs(snort::Packet*, ListHead*, Event*, const char*);
return false;
}
-void DetectionEngine::inspect(Packet* p)
+bool DetectionEngine::inspect(Packet* p)
{
bool inspected = false;
{
if ( !all_disabled(p) )
{
if ( detect(p, true) )
- return; // don't finish out offloaded packets
+ return false; // don't finish out offloaded packets
}
}
finish_inspect_with_latency(p);
}
finish_inspect(p, inspected);
+ return true;
}
//--------------------------------------------------------------------------
static void clear_replacement();
static bool detect(Packet*, bool offload_ok = false);
- static void inspect(Packet*);
+ static bool inspect(Packet*);
static int queue_event(const struct OptTreeNode*);
static int queue_event(unsigned gid, unsigned sid, Actions::Type = Actions::NONE);
void clear_callbacks()
{ post_callbacks.clear(); }
+ bool has_callbacks() const
+ { return !post_callbacks.empty(); }
+
void post_detection();
public:
if ( !req->offload )
continue;
+
}
assert(req->packet);
- assert(req->packet->flow->is_offloaded());
snort::SnortConfig::set_conf(req->packet->context->conf); // FIXIT-H reload issue
fp_offload(req->packet);
// helpers
//-------------------------------------------------------------------------
-static void pass_pkts(Packet*) { }
+static bool pass_pkts(Packet*) { return true; }
static MainHook_f main_hook = pass_pkts;
static void set_policy(Packet* p)
delete[] s_data;
}
-void Snort::inspect(Packet* p)
+bool Snort::inspect(Packet* p)
{
// Need to include this b/c call is outside the detect tree
Profile detect_profile(detectPerfStats);
Profile rebuilt_profile(rebuiltPacketPerfStats);
DetectionEngine de;
- main_hook(p);
+ return main_hook(p);
}
DAQ_Verdict Snort::process_packet(
struct Packet;
struct SnortConfig;
-typedef void (* MainHook_f)(Packet*);
+typedef bool (* MainHook_f)(Packet*);
class TestPause
{
static DAQ_Verdict packet_callback(void*, const DAQ_PktHdr_t*, const uint8_t*);
- static void inspect(Packet*);
+ static bool inspect(Packet*);
static void set_main_hook(MainHook_f);
static ContextSwitcher* get_switcher();
{
SegmentOverlapState sos;
TcpStreamTracker* tracker;
- snort::Packet* last_pdu = nullptr;
uint32_t flush_count; // number of flushed queued segments
uint32_t xtradata_mask; // extra data available to log
bool server_side;
Stream::log_extra_data(flow, trs.xtradata_mask, ai->event_id, ai->event_second);
}
trs.tracker->alert_count = 0;
- last_pdu = nullptr;
}
int TcpReassembler::purge_to_seq(TcpReassemblerState& trs, uint32_t flush_seq)
tcpStats.rebuilt_bytes += flushed_bytes;
NoProfile exclude(s5TcpFlushPerfStats);
- Snort::inspect(pdu);
- if ( pdu->flow->is_offloaded() )
+ if ( !Snort::inspect(pdu) )
last_pdu = pdu;
+ else
+ last_pdu = nullptr;
}
else
{
tcpStats.rebuilt_buffers++; // FIXIT-L this is not accurate
+ last_pdu = nullptr;
}
// FIXIT-L must check because above may clear trs.sos.session
int TcpReassembler::flush_on_data_policy(TcpReassemblerState& trs, Packet* p)
{
uint32_t flushed = 0;
+ last_pdu = nullptr;
switch ( trs.tracker->flush_policy )
{
int TcpReassembler::flush_on_ack_policy(TcpReassemblerState& trs, Packet* p)
{
- uint32_t flushed = 0;
+ uint32_t flushed = 0;
+ last_pdu = nullptr;
switch (trs.tracker->flush_policy)
{
return;
}
+ if ( SEQ_GT(trs.sos.seglist_base_seq, seq + overlap) )
+ {
+ overlap = trs.sos.seglist_base_seq- seq - overlap;
+
+ if ( overlap >= tsd.get_seg_len() )
+ return;
+ }
+
// BLOCK add new block to trs.sos.seglist containing data
add_reassembly_segment(
trs, tsd, tsd.get_seg_len(), overlap, 0, seq + overlap, nullptr);
projects / thirdparty / snort3.git / commitdiff
