Squashed commit of the following:
commit
d7a95b1ffbc9d5624eec6487b4190aca2eb870ab
Author: Michael Altizer <mialtize@cisco.com>
Date: Wed Apr 17 16:17:41 2019 -0400
build: Remove perpetually stale reference to lua_plugffi.h
commit
57d3b9bbec7694a892616c81221f4733e6592114
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Oct 16 01:35:50 2018 -0400
log_pcap, packet_capture: Don't try to use a DAQ pkthdr as a PCAP pkthdr
This is not forward-compatible and generally bad practice. Build the
PCAP pkthdr manually instead.
commit
bae93a9ced6e132a0c4bbd8eb078ef39d7dc40cf
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Apr 16 18:31:03 2019 -0400
analyzer: Print pause indicator from analyzer threads
commit
a82a42d59d9058be8202f1b567e2174073e9ef6e
Author: Michael Altizer <mialtize@cisco.com>
Date: Tue Apr 9 14:56:27 2019 -0400
stream_tcp: Try to work with a cleaner Packet when purging at shutdown
if ( data->limit && (context.size + dumpSize > data->limit) )
TcpdumpRollLogFile(data);
- pcap_dump((uint8_t*)context.dumpd, reinterpret_cast<const struct pcap_pkthdr*>(p->pkth), p->pkt);
+ struct pcap_pkthdr pcaphdr;
+ pcaphdr.ts = p->pkth->ts;
+ pcaphdr.caplen = p->pkth->caplen;
+ pcaphdr.len = p->pkth->pktlen;
+ pcap_dump((uint8_t*)context.dumpd, &pcaphdr, p->pkt);
context.size += dumpSize;
if (!SnortConfig::line_buffered_logging()) // FIXIT-L misnomer
void Analyzer::pause()
{
if (state == State::RUNNING)
+ {
set_state(State::PAUSED);
+ LogMessage("== [%u] paused\n", id);
+ }
else
ErrorMessage("Analyzer: Received PAUSE command while in state %s\n",
get_state_string());
)
set (CPP_INCLUDES
- ${CMAKE_CURRENT_BINARY_DIR}/lua_plugffi.h
${CMAKE_CURRENT_BINARY_DIR}/lua_bootstrap.h
${CMAKE_CURRENT_BINARY_DIR}/lua_coreinit.h
)
)
add_library( managers OBJECT
+ ${LUA_INCLUDES}
${MANAGERS_INCLUDES}
${CPP_INCLUDES}
action_manager.h
)
add_custom_command (
- OUTPUT lua_plugffi.h snort_plugin.lua
+ OUTPUT plugffi.lua snort_plugin.lua
COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/ffi_wrap.sh ${CMAKE_CURRENT_SOURCE_DIR}/lua_plugin_defs.h > plugffi.lua
COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/plugffi.lua ${CMAKE_CURRENT_BINARY_DIR}/snort_plugin.lua
)
void PacketCapture::write_packet(Packet* p)
{
- //DAQ_PktHdr_t is compatible with pcap_pkthdr
- pcap_dump((unsigned char*)dumper, (const pcap_pkthdr*)p->pkth, p->pkt);
+ struct pcap_pkthdr pcaphdr;
+ pcaphdr.ts = p->pkth->ts;
+ pcaphdr.caplen = p->pkth->caplen;
+ pcaphdr.len = p->pkth->pktlen;
+ pcap_dump((unsigned char*)dumper, &pcaphdr, p->pkt);
pcap_dump_flush(dumper);
}
trs.sos.session->GetPacketHeaderFoo(&pkth, pkt_flags);
PacketManager::format_tcp(enc_flags, p, pdu, PSEUDO_PKT_TCP, &pkth, pkth.opaque);
prep_pdu(trs, trs.sos.session->flow, p, pkt_flags, pdu);
- (const_cast<DAQ_PktHdr_t*>(pdu->pkth))->ts = tv;
+ assert(pdu->pkth == pdu->context->pkth);
+ pdu->context->pkth->ts = tv;
// FIXIT-M: This hack will go away with daqng
- (const_cast<DAQ_PktHdr_t*>(pdu->pkth))->priv_ptr = p->pkth->priv_ptr;
+ pdu->context->pkth->priv_ptr = p->pkth->priv_ptr;
pdu->dsize = 0;
pdu->data = nullptr;
return pdu;
static Packet* set_packet(Flow* flow, uint32_t flags, bool c2s)
{
+ // FIXIT-M this implicitly relies on a fresh packet/context being pushed by Flow::reset()
+ // calling DetectionEngine::set_next_packet() while passing a null Packet through the
+ // cleanup routines, which is super hinky, but also why we don't need to call p->reset().
+ // The end result is a skeleton of a TCP PDU packet with no data and the IPs/ports/flow set.
+ // We should probably be clearing more Packet fields.
Packet* p = DetectionEngine::get_current_packet();
- p->reset();
- DAQ_PktHdr_t* ph = const_cast<DAQ_PktHdr_t*>(p->pkth);
+ assert(p->pkth == p->context->pkth);
+ DAQ_PktHdr_t* ph = p->context->pkth;
memset(ph, 0, sizeof(*ph));
packet_gettimeofday(&ph->ts);
+ p->data = nullptr;
+ p->dsize = 0;
+
p->ptrs.set_pkt_type(PktType::PDU);
p->proto_bits |= PROTO_BIT__TCP;
p->flow = flow;
projects / thirdparty / snort3.git / commitdiff
