Pull request #3230: stream_user: change packet type from PDU to USER for hext daq...

Merge in SNORT/snort3 from ~KATHARVE/snort3:hext to master

Squashed commit of the following:

commit 2eda9ec4fa6b39f1ae9a11183e9900d72437da59
Author: Katura Harvey <katharve@cisco.com>
Date:   Tue Dec 21 15:47:52 2021 -0500

    stream_user: change packet type from PDU to USER for hext daq, user codec, and stream_user

diff --git a/src/codecs/misc/cd_user.cc b/src/codecs/misc/cd_user.cc
index 965fdc86012504b709dd81a8a05883000dbb44b6..981c848e3e78503dcfb34519a66189462f731cfb 100644 (file)
--- a/src/codecs/misc/cd_user.cc
+++ b/src/codecs/misc/cd_user.cc
@@ -111,7 +111,7 @@ bool UserCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
     if ( pci->ip_proto )
     {
         set_ip(pci, codec, snort);
-        snort.set_pkt_type(PktType::PDU);
+        snort.set_pkt_type(PktType::USER);
     }
     else
     {

diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc
index c3f4708a2b9a832cc21954660fb4fd2a312709a0..90a81646697d663fbf6b6b2911e5aad1dd6cb8ec 100644 (file)
--- a/src/detection/detection_engine.cc
+++ b/src/detection/detection_engine.cc
@@ -579,6 +579,7 @@ bool DetectionEngine::detect(Packet* p, bool offload_ok)
     case PktType::UDP:
     case PktType::ICMP:
     case PktType::FILE:
+    case PktType::USER:
         if ( offload_ok and p->flow )
             return offload(p);
 

diff --git a/src/flow/flow.h b/src/flow/flow.h
index 276485c42a364f1310d28a083fa740a9e2e8b418..208f4fe7dd086b827242c08eb0cd370e499e48af 100644 (file)
--- a/src/flow/flow.h
+++ b/src/flow/flow.h
@@ -264,7 +264,7 @@ public:
     { return (ssn_state.session_flags & SSNFLAG_PROXIED) != 0; }
 
     bool is_stream()
-    { return pkt_type == PktType::TCP or pkt_type == PktType::PDU; }
+    { return pkt_type == PktType::TCP or pkt_type == PktType::USER; }
 
     void block()
     { ssn_state.session_flags |= SSNFLAG_BLOCK; }

diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc
index a09b8ee2f756c66240d497fa689e5d14dafb2918..919624054046dd53c61c1ff7247a949f1750668d 100644 (file)
--- a/src/flow/flow_control.cc
+++ b/src/flow/flow_control.cc
@@ -288,8 +288,8 @@ static void init_roles(Packet* p, Flow* flow)
             init_roles_udp(p, flow);
             break;
 
-        case PktType::PDU:
         case PktType::FILE:
+        case PktType::USER:
             swapped = init_roles_user(p, flow);
             break;
 

diff --git a/src/framework/decode_data.h b/src/framework/decode_data.h
index 98ba2484691551c93375ed91549d009b8c8ef926..21c5ab1b82c4dc3b7028503b0feca17efd516946 100644 (file)
--- a/src/framework/decode_data.h
+++ b/src/framework/decode_data.h
@@ -44,7 +44,7 @@ struct ICMPHdr;
 /* NOTE: if A protocol is added, update DecodeFlags! */
 enum class PktType : std::uint8_t
 {
-    NONE, IP, TCP, UDP, ICMP, PDU, FILE, MAX
+    NONE, IP, TCP, UDP, ICMP, USER, FILE, PDU, MAX
 };
 
 // the first several of these bits must map to PktType
@@ -54,9 +54,9 @@ enum class PktType : std::uint8_t
 #define PROTO_BIT__TCP              0x000002
 #define PROTO_BIT__UDP              0x000004
 #define PROTO_BIT__ICMP             0x000008
-#define PROTO_BIT__PDU              0x000010
+#define PROTO_BIT__USER             0x000010
 #define PROTO_BIT__FILE             0x000020
-#define PROTO_BIT__ARP              0x000040
+#define PROTO_BIT__PDU              0x000040
 #define PROTO_BIT__TEREDO           0x000080
 #define PROTO_BIT__GTP              0x000100
 #define PROTO_BIT__MPLS             0x000200
@@ -72,7 +72,8 @@ enum class PktType : std::uint8_t
 #define PROTO_BIT__UDP_TUNNELED     0x080000
 #define PROTO_BIT__OTHER            0x100000
 #define PROTO_BIT__GENEVE           0x200000
-#define PROTO_BIT__ALL              0x3FFFFF
+#define PROTO_BIT__ARP              0x400000
+#define PROTO_BIT__ALL              0x7FFFFF
 
 #define PROTO_BIT__ICMP_EMBED \
     (PROTO_BIT__TCP_EMBED_ICMP | PROTO_BIT__UDP_EMBED_ICMP | \
@@ -80,7 +81,7 @@ enum class PktType : std::uint8_t
 
 #define PROTO_BIT__ANY_IP   (PROTO_BIT__IP | PROTO_BIT__TCP | PROTO_BIT__UDP | PROTO_BIT__ICMP)
 #define PROTO_BIT__ANY_PDU  (PROTO_BIT__TCP | PROTO_BIT__UDP | PROTO_BIT__PDU)
-#define PROTO_BIT__ANY_SSN  (PROTO_BIT__ANY_IP | PROTO_BIT__PDU | PROTO_BIT__FILE)
+#define PROTO_BIT__ANY_SSN  (PROTO_BIT__ANY_IP | PROTO_BIT__PDU | PROTO_BIT__FILE | PROTO_BIT__USER)
 #define PROTO_BIT__ANY_TYPE (PROTO_BIT__ANY_SSN | PROTO_BIT__ARP)
 
 enum DecodeFlags : std::uint16_t

diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc
index b18a0c998224fb3d7900ba4fe2cc4d4a07b9f932..7f03987d2b59c9b5f43aecfb64f67ce917d8a882 100644 (file)
--- a/src/managers/inspector_manager.cc
+++ b/src/managers/inspector_manager.cc
@@ -1216,7 +1216,7 @@ static void instantiate_default_binder(SnortConfig* sc, FrameworkPolicy* fp)
         m->add(PROTO_BIT__UDP, wiz_id);
 
     if ( tcp or udp or pdu )
-        m->add(PROTO_BIT__PDU, wiz_id);
+        m->add(PROTO_BIT__USER, wiz_id);
 
     const InspectApi* api = get_plugin(bind_id);
     InspectorManager::instantiate(api, m, sc);

diff --git a/src/network_inspectors/binder/bind_module.cc b/src/network_inspectors/binder/bind_module.cc
index 5f51665e4fd0ddce116c8908fda6ae8d929afdc0..8ad488d244eee04c86bfcf59c134ea6603a77c04 100644 (file)
--- a/src/network_inspectors/binder/bind_module.cc
+++ b/src/network_inspectors/binder/bind_module.cc
@@ -289,7 +289,7 @@ bool BinderModule::set(const char* fqn, Value& v, SnortConfig*)
         const unsigned mask[] =
         {
             PROTO_BIT__ANY_TYPE, PROTO_BIT__IP, PROTO_BIT__ICMP,
-            PROTO_BIT__TCP, PROTO_BIT__UDP, PROTO_BIT__PDU, PROTO_BIT__FILE
+            PROTO_BIT__TCP, PROTO_BIT__UDP, PROTO_BIT__USER, PROTO_BIT__FILE, PROTO_BIT__PDU,
         };
         binding.when.protos = mask[v.get_uint8()];
         binding.when.add_criteria(BindWhen::Criteria::BWC_PROTO);

diff --git a/src/network_inspectors/binder/binder.cc b/src/network_inspectors/binder/binder.cc
index c5b6ee2a338065c0b6a30a7a8fae3f8955a91588..c226988021ae7980fbc7f99ba34014edd4abbd69 100644 (file)
--- a/src/network_inspectors/binder/binder.cc
+++ b/src/network_inspectors/binder/binder.cc
@@ -149,7 +149,7 @@ static std::string proto_to_string(unsigned proto)
             return "tcp";
         case PROTO_BIT__UDP:
             return "udp";
-        case PROTO_BIT__PDU:
+        case PROTO_BIT__USER:
             return "user";
         case PROTO_BIT__FILE:
             return "file";
@@ -610,7 +610,7 @@ bool Binder::configure(SnortConfig* sc)
             case PktType::TCP:  name = "stream_tcp"; break;
             case PktType::UDP:  name = "stream_udp"; break;
             case PktType::ICMP: name = "stream_icmp"; break;
-            case PktType::PDU:  name = "stream_user"; break;
+            case PktType::USER:  name = "stream_user"; break;
             case PktType::FILE: name = "stream_file"; break;
             default:            name = nullptr; break;
         }

diff --git a/src/protocols/packet.cc b/src/protocols/packet.cc
index e5106834257646f41110e47b86480652d0f975f2..01b759a9d047d2a60f65305864182ff4d5b7ef97 100644 (file)
--- a/src/protocols/packet.cc
+++ b/src/protocols/packet.cc
@@ -164,6 +164,7 @@ const char* Packet::get_type() const
         return "UDP";
 
     case PktType::PDU:
+    case PktType::USER:
     case PktType::FILE:
         if ( proto_bits & PROTO_BIT__TCP )
             return "TCP";

diff --git a/src/protocols/packet.h b/src/protocols/packet.h
index 1076e4138a1a562a753c377cc2885301efc5d16f..3c9816ca09440f33d54f040b6a8d7f339ce1d5c2 100644 (file)
--- a/src/protocols/packet.h
+++ b/src/protocols/packet.h
@@ -201,7 +201,8 @@ struct SO_PUBLIC Packet
     { return ptrs.get_pkt_type() == PktType::ICMP; }
 
     bool is_data() const
-    { return (ptrs.get_pkt_type() == PktType::PDU) or (ptrs.get_pkt_type() == PktType::FILE); }
+    { return (ptrs.get_pkt_type() == PktType::PDU) or (ptrs.get_pkt_type() == PktType::FILE) or
+        (ptrs.get_pkt_type() == PktType::USER); }
 
     bool is_cooked() const
     { return ((packet_flags & PKT_PSEUDO) != 0); }

diff --git a/src/stream/base/stream_base.cc b/src/stream/base/stream_base.cc
index 6e5340baa89003098e525406ca8d1ab99014eaaf..032ff36132df05a8ae6a4da8b3c98e2770022d74 100644 (file)
--- a/src/stream/base/stream_base.cc
+++ b/src/stream/base/stream_base.cc
@@ -206,8 +206,8 @@ void StreamBase::tinit()
     if ( (f = InspectorManager::get_session(PROTO_BIT__UDP)) )
         flow_con->init_proto(PktType::UDP, f);
 
-    if ( (f = InspectorManager::get_session(PROTO_BIT__PDU)) )
-        flow_con->init_proto(PktType::PDU, f);
+    if ( (f = InspectorManager::get_session(PROTO_BIT__USER)) )
+        flow_con->init_proto(PktType::USER, f);
 
     if ( (f = InspectorManager::get_session(PROTO_BIT__FILE)) )
         flow_con->init_proto(PktType::FILE, f);
@@ -292,15 +292,15 @@ void StreamBase::eval(Packet* p)
         }
         break;
 
-    case PktType::PDU:
-        flow_con->process(PktType::PDU, p);
+    case PktType::USER:
+        flow_con->process(PktType::USER, p);
         break;
 
     case PktType::FILE:
         flow_con->process(PktType::FILE, p);
         break;
 
-    case PktType::MAX:
+    default:
         break;
     }
 }

diff --git a/src/stream/base/stream_module.cc b/src/stream/base/stream_module.cc
index e3812a3e11e95763c3d32444e016d0deaf7ac9b2..63ee07d49b54e78e8e449972fa5b28b37ce99d7e 100644 (file)
--- a/src/stream/base/stream_module.cc
+++ b/src/stream/base/stream_module.cc
@@ -200,7 +200,7 @@ bool StreamModule::set(const char* fqn, Value& v, SnortConfig* c)
     else if ( strstr(fqn, "udp_cache") )
         type = PktType::UDP;
     else if ( strstr(fqn, "user_cache") )
-        type = PktType::PDU;
+        type = PktType::USER;
     else if ( strstr(fqn, "file_cache") )
         type = PktType::FILE;
     else
@@ -350,7 +350,7 @@ void StreamModuleConfig::show() const
     ConfigLogger::log_value("max_aux_ip", SnortConfig::get_conf()->max_aux_ip);
     ConfigLogger::log_value("pruning_timeout", flow_cache_cfg.pruning_timeout);
 
-    for (int i = to_utype(PktType::IP); i < to_utype(PktType::MAX); ++i)
+    for (int i = to_utype(PktType::IP); i < to_utype(PktType::PDU); ++i)
     {
         std::string tmp;
         tmp += "{ idle_timeout = " + std::to_string(flow_cache_cfg.proto[i].nominal_timeout);

diff --git a/src/stream/user/stream_user.cc b/src/stream/user/stream_user.cc
index 2c187f78ba4aa822b89af43b19589b6698e5ecf7..25393d5c8edfe9cbd5b868f7aaddc8dea6e4662c 100644 (file)
--- a/src/stream/user/stream_user.cc
+++ b/src/stream/user/stream_user.cc
@@ -128,7 +128,7 @@ static const InspectApi user_api =
         mod_dtor
     },
     IT_STREAM,
-    PROTO_BIT__PDU,
+    PROTO_BIT__USER,
     nullptr, // buffers
     nullptr, // service
     nullptr, // pinit

diff --git a/src/stream/user/user_session.cc b/src/stream/user/user_session.cc
index a5af591127f54b61abca0dc9ad341757085e3819..a458538baab843e627e8ef92e7fb95926d2935d1 100644 (file)
--- a/src/stream/user/user_session.cc
+++ b/src/stream/user/user_session.cc
@@ -159,6 +159,7 @@ void UserTracker::detect(
 
     up->proto_bits = p->proto_bits;
     up->pseudo_type = PSEUDO_PKT_USER;
+    up->ptrs.set_pkt_type(PktType::PDU);
 
     up->packet_flags = flags | PKT_REBUILT_STREAM | PKT_PSEUDO;
     up->packet_flags |= (p->packet_flags & (PKT_FROM_CLIENT|PKT_FROM_SERVER));