Merge pull request #1864 in SNORT/snort3 from ~MIALTIZE/snort3:sfip_copy to master

Squashed commit of the following:

commit 75e04dbd8822d123436d078ed6a8c9264e5fe780
Author: Michael Altizer <mialtize@cisco.com>
Date:   Mon Nov 25 12:51:01 2019 -0500

    port_scan: Only update scanner for ICMP if we have one

commit 79a2e35cf97761f748bd50070c82fb5cc40dd97a
Author: Michael Altizer <mialtize@cisco.com>
Date:   Tue Nov 5 17:52:27 2019 -0500

    flow: Clean up unit test compiler warnings

commit 2c8c1f85b7c24d2c20edc803508018306362ca39
Author: Michael Altizer <mialtize@cisco.com>
Date:   Fri Sep 6 16:05:32 2019 -0400

    sfip: Replace copy setter with implicit copy constructor

    Also, add some more padding guards and give SfCidr a default
    constructor.

diff --git a/src/detection/tag.cc b/src/detection/tag.cc
index bdca30db0faaf1b7cd2621e941b9df99732c1629..a2903fa708428983108437a998b01bfa880d1ce9 100644 (file)
--- a/src/detection/tag.cc
+++ b/src/detection/tag.cc
@@ -367,8 +367,8 @@ static void AddTagNode(Packet* p, TagData* tag, int mode, uint32_t now,
         return;
     }
 
-    idx->key.sip.set(*p->ptrs.ip_api.get_src());
-    idx->key.dip.set(*p->ptrs.ip_api.get_dst());
+    idx->key.sip = *p->ptrs.ip_api.get_src();
+    idx->key.dip = *p->ptrs.ip_api.get_dst();
     idx->key.sp = p->ptrs.sp;
     idx->key.dp = p->ptrs.dp;
     idx->metric = tag->tag_metric;
@@ -453,8 +453,8 @@ int CheckTagList(Packet* p, Event& event, void** log_list)
         return 0;
     }
 
-    idx.key.sip.set(*p->ptrs.ip_api.get_src());
-    idx.key.dip.set(*p->ptrs.ip_api.get_dst());
+    idx.key.sip = *p->ptrs.ip_api.get_src();
+    idx.key.dip = *p->ptrs.ip_api.get_dst();
     idx.key.sp = p->ptrs.sp;
     idx.key.dp = p->ptrs.dp;
 
@@ -463,8 +463,8 @@ int CheckTagList(Packet* p, Event& event, void** log_list)
 
     if (returned == nullptr)
     {
-        idx.key.dip.set(*p->ptrs.ip_api.get_src());
-        idx.key.sip.set(*p->ptrs.ip_api.get_dst());
+        idx.key.dip = *p->ptrs.ip_api.get_src();
+        idx.key.sip = *p->ptrs.ip_api.get_dst();
         idx.key.dp = p->ptrs.sp;
         idx.key.sp = p->ptrs.dp;
 
@@ -480,7 +480,7 @@ int CheckTagList(Packet* p, Event& event, void** log_list)
                 **  Only switch sip, because that's all we check for
                 **  the host tags.
                 */
-                idx.key.sip.set(*p->ptrs.ip_api.get_src());
+                idx.key.sip = *p->ptrs.ip_api.get_src();
 
                 returned = (TagNode*)xhash_find(host_tag_cache_ptr, &idx);
             }

diff --git a/src/file_api/file_cache.cc b/src/file_api/file_cache.cc
index ea25c488f8b8a231531f8c56273d75e842e2c7cd..8e94f8969eb7809d9644c6261674a306f7b06b00 100644 (file)
--- a/src/file_api/file_cache.cc
+++ b/src/file_api/file_cache.cc
@@ -201,8 +201,8 @@ FileContext* FileCache::get_file(Flow* flow, uint64_t file_id, bool to_create,
     int64_t timeout)
 {
     FileHashKey hashKey;
-    hashKey.dip.set(flow->client_ip);
-    hashKey.sip.set(flow->server_ip);
+    hashKey.dip = flow->client_ip;
+    hashKey.sip = flow->server_ip;
     hashKey.padding = 0;
     hashKey.file_id = file_id;
     FileContext* file = find(hashKey, timeout);

diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc
index f700326a7c74a03a11396586069cee8462c02ed2..53f3d22a106db03efafc1386bd5a29acab0f27a7 100644 (file)
--- a/src/flow/flow_control.cc
+++ b/src/flow/flow_control.cc
@@ -200,8 +200,8 @@ static bool is_bidirectional(const Flow* flow)
 static void init_roles_ip(const Packet* p, Flow* flow)
 {
     flow->ssn_state.direction = FROM_CLIENT;
-    flow->client_ip.set(*p->ptrs.ip_api.get_src());
-    flow->server_ip.set(*p->ptrs.ip_api.get_dst());
+    flow->client_ip = *p->ptrs.ip_api.get_src();
+    flow->server_ip = *p->ptrs.ip_api.get_dst();
 }
 
 static void init_roles_tcp(const Packet* p, Flow* flow)
@@ -209,33 +209,33 @@ static void init_roles_tcp(const Packet* p, Flow* flow)
     if ( p->ptrs.tcph->is_syn_only() )
     {
         flow->ssn_state.direction = FROM_CLIENT;
-        flow->client_ip.set(*p->ptrs.ip_api.get_src());
+        flow->client_ip = *p->ptrs.ip_api.get_src();
         flow->client_port = p->ptrs.sp;
-        flow->server_ip.set(*p->ptrs.ip_api.get_dst());
+        flow->server_ip = *p->ptrs.ip_api.get_dst();
         flow->server_port = p->ptrs.dp;
     }
     else if ( p->ptrs.tcph->is_syn_ack() )
     {
         flow->ssn_state.direction = FROM_SERVER;
-        flow->client_ip.set(*p->ptrs.ip_api.get_dst());
+        flow->client_ip = *p->ptrs.ip_api.get_dst();
         flow->client_port = p->ptrs.dp;
-        flow->server_ip.set(*p->ptrs.ip_api.get_src());
+        flow->server_ip = *p->ptrs.ip_api.get_src();
         flow->server_port = p->ptrs.sp;
     }
     else if (p->ptrs.sp > p->ptrs.dp)
     {
         flow->ssn_state.direction = FROM_CLIENT;
-        flow->client_ip.set(*p->ptrs.ip_api.get_src());
+        flow->client_ip = *p->ptrs.ip_api.get_src();
         flow->client_port = p->ptrs.sp;
-        flow->server_ip.set(*p->ptrs.ip_api.get_dst());
+        flow->server_ip = *p->ptrs.ip_api.get_dst();
         flow->server_port = p->ptrs.dp;
     }
     else
     {
         flow->ssn_state.direction = FROM_SERVER;
-        flow->client_ip.set(*p->ptrs.ip_api.get_dst());
+        flow->client_ip = *p->ptrs.ip_api.get_dst();
         flow->client_port = p->ptrs.dp;
-        flow->server_ip.set(*p->ptrs.ip_api.get_src());
+        flow->server_ip = *p->ptrs.ip_api.get_src();
         flow->server_port = p->ptrs.sp;
     }
 }
@@ -243,9 +243,9 @@ static void init_roles_tcp(const Packet* p, Flow* flow)
 static void init_roles_udp(const Packet* p, Flow* flow)
 {
     flow->ssn_state.direction = FROM_CLIENT;
-    flow->client_ip.set(*p->ptrs.ip_api.get_src());
+    flow->client_ip = *p->ptrs.ip_api.get_src();
     flow->client_port = p->ptrs.sp;
-    flow->server_ip.set(*p->ptrs.ip_api.get_dst());
+    flow->server_ip = *p->ptrs.ip_api.get_dst();
     flow->server_port = p->ptrs.dp;
 }
 
@@ -254,17 +254,17 @@ static void init_roles_user(const Packet* p, Flow* flow)
     if ( p->ptrs.decode_flags & DECODE_C2S )
     {
         flow->ssn_state.direction = FROM_CLIENT;
-        flow->client_ip.set(*p->ptrs.ip_api.get_src());
+        flow->client_ip = *p->ptrs.ip_api.get_src();
         flow->client_port = p->ptrs.sp;
-        flow->server_ip.set(*p->ptrs.ip_api.get_dst());
+        flow->server_ip = *p->ptrs.ip_api.get_dst();
         flow->server_port = p->ptrs.dp;
     }
     else
     {
         flow->ssn_state.direction = FROM_SERVER;
-        flow->client_ip.set(*p->ptrs.ip_api.get_dst());
+        flow->client_ip = *p->ptrs.ip_api.get_dst();
         flow->client_port = p->ptrs.dp;
-        flow->server_ip.set(*p->ptrs.ip_api.get_src());
+        flow->server_ip = *p->ptrs.ip_api.get_src();
         flow->server_port = p->ptrs.sp;
     }
 }

diff --git a/src/flow/test/flow_cache_test.cc b/src/flow/test/flow_cache_test.cc
index 5ce7302886e7bf461185d5b9e25ccfdd1e9d1612..afcc5e5486d2d6cd678930840ce229890d79ef78 100644 (file)
--- a/src/flow/test/flow_cache_test.cc
+++ b/src/flow/test/flow_cache_test.cc
@@ -16,7 +16,7 @@
 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 //--------------------------------------------------------------------------
 
-// flow_control_test.cc author Shivakrishna Mulka <smulka@cisco.com>
+// flow_cache_test.cc author davis mcpherson <davmcphe@cisco.com>
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -55,9 +55,9 @@ THREAD_LOCAL PacketTracer* snort::s_pkt_trace = nullptr;
 
 PacketTracer::PacketTracer() { }
 PacketTracer::~PacketTracer() { }
-void PacketTracer::log(const char* format, ...) { }
+void PacketTracer::log(const char*, ...) { }
 void PacketTracer::open_file() { }
-void PacketTracer::dump_to_daq(Packet* p) { }
+void PacketTracer::dump_to_daq(Packet*) { }
 void PacketTracer::reset() { }
 Packet::Packet(bool) { }
 Packet::~Packet() { }
@@ -66,30 +66,30 @@ Flow::~Flow() { }
 DetectionEngine::DetectionEngine() { }
 ExpectCache::~ExpectCache() { }
 DetectionEngine::~DetectionEngine() { }
-void Flow::init(PktType type) { }
+void Flow::init(PktType) { }
 void Flow::term() { }
 void Flow::reset(bool) { }
-void set_network_policy(SnortConfig* sc, unsigned i) { }
-void DataBus::publish(const char* key, const uint8_t* buf, unsigned len, Flow* f) { }
-void DataBus::publish(const char* key, Packet* p, Flow* f) { }
+void set_network_policy(SnortConfig*, unsigned) { }
+void DataBus::publish(const char*, const uint8_t*, unsigned, Flow*) { }
+void DataBus::publish(const char*, Packet*, Flow*) { }
 SnortConfig* SnortConfig::get_conf() { return nullptr; }
-void Flow::set_direction(Packet* p) { }
-void set_inspection_policy(SnortConfig* sc, unsigned i) { }
-void set_ips_policy(SnortConfig* sc, unsigned i) { }
-void Flow::set_mpls_layer_per_dir(Packet* p) { }
-void DetectionEngine::disable_all(Packet* p) { }
-void Stream::drop_traffic(const Packet* p, char dir) { }
-bool Stream::blocked_flow(Packet* p) { return true; }
-ExpectCache::ExpectCache(uint32_t max) { }
-bool ExpectCache::check(Packet* p, Flow* lws) { return true; }
-bool ExpectCache::is_expected(Packet* p) { return true; }
-Flow* HighAvailabilityManager::import(Packet& p, FlowKey& key) { return nullptr; }
-bool HighAvailabilityManager::in_standby(Flow* flow) { return true; }
-SfIpRet SfIp::set(void const*, int) { return SfIpRet::SFIP_SUCCESS; }
+void Flow::set_direction(Packet*) { }
+void set_inspection_policy(SnortConfig*, unsigned) { }
+void set_ips_policy(SnortConfig*, unsigned) { }
+void Flow::set_mpls_layer_per_dir(Packet*) { }
+void DetectionEngine::disable_all(Packet*) { }
+void Stream::drop_traffic(const Packet*, char) { }
+bool Stream::blocked_flow(Packet*) { return true; }
+ExpectCache::ExpectCache(uint32_t) { }
+bool ExpectCache::check(Packet*, Flow*) { return true; }
+bool ExpectCache::is_expected(Packet*) { return true; }
+Flow* HighAvailabilityManager::import(Packet&, FlowKey&) { return nullptr; }
+bool HighAvailabilityManager::in_standby(Flow*) { return true; }
+SfIpRet SfIp::set(void const*, int) { return SFIP_SUCCESS; }
 namespace memory
 {
-void MemoryCap::update_allocations(unsigned long m) { }
-void MemoryCap::update_deallocations(unsigned long m) { }
+void MemoryCap::update_allocations(unsigned long) { }
+void MemoryCap::update_deallocations(unsigned long) { }
 bool MemoryCap::over_threshold() { return true; }
 }
 
@@ -97,7 +97,7 @@ namespace snort
 {
 namespace layer
 {
-const vlan::VlanTagHdr* get_vlan_layer(const Packet* const p) { return nullptr; }
+const vlan::VlanTagHdr* get_vlan_layer(const Packet* const) { return nullptr; }
 }
 time_t packet_time() { return 0; }
 }
@@ -110,16 +110,11 @@ uint32_t IpApi::id() const { return 0; }
 }
 }
 
-void Stream::stop_inspection(
-    Flow* flow, Packet* p, char dir,
-    int32_t /*bytes*/, int /*response*/) { }
+void Stream::stop_inspection(Flow*, Packet*, char, int32_t, int) { }
 
 
-int ExpectCache::add_flow(const Packet *ctrlPkt,
-    PktType type, IpProtocol ip_proto,
-    const SfIp* cliIP, uint16_t cliPort,
-    const SfIp* srvIP, uint16_t srvPort,
-    char direction, FlowData* fd, SnortProtocolId snort_protocol_id)
+int ExpectCache::add_flow(const Packet*, PktType, IpProtocol, const SfIp*, uint16_t,
+    const SfIp*, uint16_t, char, FlowData*, SnortProtocolId)
 { 
     return 1; 
 }
@@ -146,7 +141,6 @@ TEST(flow_prune, blocked_flow_prune_flows)
     fcg.max_flows = 2;
     FlowCache *cache = new FlowCache(fcg);
 
-    Flow *list_flows[fcg.max_flows];
     int first_port = 1;
     int second_port = 2;
 
@@ -156,15 +150,15 @@ TEST(flow_prune, blocked_flow_prune_flows)
     flow_key.pkt_type = PktType::TCP;
     
     flow_key.port_l = first_port;
-    list_flows[0] = cache->allocate(&flow_key);
+    cache->allocate(&flow_key);
 
     flow_key.port_l = second_port;
-    list_flows[1] = cache->allocate(&flow_key);
+    Flow* flow = cache->allocate(&flow_key);
 
     CHECK(cache->get_count() == fcg.max_flows);
 
     // block the second flow
-    list_flows[1]->block();
+    flow->block();
 
     // Access the first flow
     // This will move it to the MRU
@@ -191,13 +185,12 @@ TEST(flow_prune, prune_flows)
     FlowCache *cache = new FlowCache(fcg);
     int port = 1;
 
-    Flow *list_flows[fcg.max_flows];
-    for ( int i = 0; i < fcg.max_flows; i++ )
+    for ( unsigned i = 0; i < fcg.max_flows; i++ )
     {
         FlowKey flow_key;
         flow_key.port_l = port++;
         flow_key.pkt_type = PktType::TCP;
-        list_flows[i] = cache->allocate(&flow_key);
+        cache->allocate(&flow_key);
     }
 
     CHECK(cache->get_count() == fcg.max_flows);
@@ -217,13 +210,12 @@ TEST(flow_prune, prune_all_flows)
     FlowCache *cache = new FlowCache(fcg);
     int port = 1;
 
-    Flow *list_flows[fcg.max_flows];
-    for ( int i = 0; i < fcg.max_flows; i++ )
+    for ( unsigned i = 0; i < fcg.max_flows; i++ )
     {
         FlowKey flow_key;
         flow_key.port_l = port++;
         flow_key.pkt_type = PktType::TCP;
-        list_flows[i] = cache->allocate(&flow_key);
+        cache->allocate(&flow_key);
     }
 
     CHECK(cache->get_count() == fcg.max_flows);
@@ -242,14 +234,13 @@ TEST(flow_prune, prune_all_blocked_flows)
     FlowCache *cache = new FlowCache(fcg);
     int port = 1;
 
-    Flow *list_flows[fcg.max_flows];
-    for ( int i = 0; i < fcg.max_flows; i++ )
+    for ( unsigned i = 0; i < fcg.max_flows; i++ )
     {
         FlowKey flow_key;
         flow_key.port_l = port++;
         flow_key.pkt_type = PktType::TCP;
-        list_flows[i] = cache->allocate(&flow_key);
-        list_flows[i]->block();
+        Flow* flow = cache->allocate(&flow_key);
+        flow->block();
     }
 
     CHECK(cache->get_count() == fcg.max_flows);

diff --git a/src/flow/test/flow_control_test.cc b/src/flow/test/flow_control_test.cc
index 5db1996f19e25685994a856e74a55c045f5a4cf7..0a9bf5a8eb2f78b91e2281b171c46b4821ae0eb9 100644 (file)
--- a/src/flow/test/flow_control_test.cc
+++ b/src/flow/test/flow_control_test.cc
@@ -69,16 +69,16 @@ DetectionEngine::DetectionEngine() = default;
 DetectionEngine::~DetectionEngine() = default;
 ExpectCache::~ExpectCache() = default;
 unsigned FlowCache::purge() { return 1; }
-Flow* FlowCache::find(const FlowKey* key) { return nullptr; }
+Flow* FlowCache::find(const FlowKey*) { return nullptr; }
 Flow* FlowCache::allocate(const FlowKey*) { return nullptr; }
-void FlowCache::push(Flow* flow) { }
+void FlowCache::push(Flow*) { }
 bool FlowCache::prune_one(PruneReason, bool) { return true; }
 unsigned FlowCache::delete_flows(unsigned) { return 0; } 
-unsigned FlowCache::timeout(unsigned num_flows, time_t thetime) { return 1; }
-void Flow::init(PktType type) { }
-void set_network_policy(SnortConfig* sc, unsigned i) { } 
-void DataBus::publish(const char* key, const uint8_t* buf, unsigned len, Flow* f) { }
-void DataBus::publish(const char* key, Packet* p, Flow* f) { }
+unsigned FlowCache::timeout(unsigned, time_t) { return 1; }
+void Flow::init(PktType) { }
+void set_network_policy(SnortConfig*, unsigned) { } 
+void DataBus::publish(const char*, const uint8_t*, unsigned, Flow*) { }
+void DataBus::publish(const char*, Packet*, Flow*) { }
 SnortConfig* SnortConfig::get_conf() { return nullptr; }
 void FlowCache::unlink_uni(Flow*) { }
 void Flow::set_direction(Packet*) { }

diff --git a/src/network_inspectors/appid/app_forecast.h b/src/network_inspectors/appid/app_forecast.h
index 9da1d4e21ea81694859a7de541897539a4c43c58..c1a524ca8db4206a901a8dbc9c1d2d381a2b7085 100644 (file)
--- a/src/network_inspectors/appid/app_forecast.h
+++ b/src/network_inspectors/appid/app_forecast.h
@@ -23,8 +23,11 @@
 #define APP_FORECAST_H
 
 #include <ctime>
+
 #include "flow/flow.h"
 #include "protocols/packet.h"
+#include "utils/cpp_macros.h"
+
 #include "appid_types.h"
 #include "application_ids.h"
 
@@ -48,6 +51,7 @@ struct AFElement
     AppId target;
 };
 
+PADDING_GUARD_BEGIN
 class AFActKey
 {
     public:
@@ -68,6 +72,7 @@ class AFActKey
         uint32_t ip[4];
         AppId forecast;
 };
+PADDING_GUARD_END
 
 struct AFActVal
 {

diff --git a/src/network_inspectors/appid/appid_debug.h b/src/network_inspectors/appid/appid_debug.h
index c33c9a86b5f163e41781886bf540f0b7abad7b71..907c7c211b238dd24661f28f7da4ba154b6a06a0 100644 (file)
--- a/src/network_inspectors/appid/appid_debug.h
+++ b/src/network_inspectors/appid/appid_debug.h
@@ -68,9 +68,9 @@ struct AppIdDebugSessionConstraints
 inline void AppIdDebugSessionConstraints::set(const AppIdDebugSessionConstraints& src)
 {
     if ((sip_flag = src.sip_flag))
-        sip.set(src.sip);
+        sip = src.sip;
     if ((dip_flag = src.dip_flag))
-        dip.set(src.dip);
+        dip = src.dip;
     sport = src.sport;
     dport = src.dport;
     protocol = src.protocol;

diff --git a/src/network_inspectors/appid/host_port_app_cache.cc b/src/network_inspectors/appid/host_port_app_cache.cc
index b3fdde38e22335a9aba4023d88e90c6c7f7842e2..d7568b4b8979d8cb9330f23451c802892320f23d 100644 (file)
--- a/src/network_inspectors/appid/host_port_app_cache.cc
+++ b/src/network_inspectors/appid/host_port_app_cache.cc
@@ -79,7 +79,7 @@ HostPortVal* HostPortCache::find(const SfIp* ip, uint16_t port, IpProtocol proto
 {
     HostPortKey hk;
 
-    hk.ip.set(*ip);
+    hk.ip = *ip;
     hk.port = port;
     hk.proto = protocol;
 
@@ -97,7 +97,7 @@ bool HostPortCache::add(const SfIp* ip, uint16_t port, IpProtocol proto, unsigne
     HostPortKey hk;
     HostPortVal hv;
 
-    hk.ip.set(*ip);
+    hk.ip = *ip;
     hk.port = port;
     hk.proto = proto;
 

diff --git a/src/network_inspectors/appid/service_state.h b/src/network_inspectors/appid/service_state.h
index eeb01dd8a446730af5cd70a262da083d1efdc30f..5fd1a6f1b14ba0e625d17667d6b29584013464a9 100644 (file)
--- a/src/network_inspectors/appid/service_state.h
+++ b/src/network_inspectors/appid/service_state.h
@@ -27,9 +27,10 @@
 
 #include "protocols/protocol_ids.h"
 #include "sfip/sf_ip.h"
+#include "utils/cpp_macros.h"
+#include "utils/util.h"
 
 #include "service_plugins/service_discovery.h"
-#include "utils/util.h"
 
 class ServiceDetector;
 
@@ -159,6 +160,7 @@ public:
 };
 
 
+PADDING_GUARD_BEGIN
 class AppIdServiceStateKey
 {
 public:
@@ -174,7 +176,7 @@ public:
     AppIdServiceStateKey(const snort::SfIp* ip_in,
         IpProtocol proto_in, uint16_t port_in, bool decrypted)
     {
-        ip.set(*ip_in);
+        ip = *ip_in;
         port = port_in;
         level = decrypted != 0;
         proto = proto_in;
@@ -191,8 +193,9 @@ private:
     uint16_t port;
     uint32_t level;
     IpProtocol proto;
-    char padding[3];
+    uint8_t padding[3];
 };
+PADDING_GUARD_END
 
 
 class MapList

diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc
index 356a6af41a67c696ff5620f1d7d37138ac6dc958..f2a02f2ce93de7994e463dc2baf17ceb7cf4bbfb 100644 (file)
--- a/src/network_inspectors/appid/test/appid_discovery_test.cc
+++ b/src/network_inspectors/appid/test/appid_discovery_test.cc
@@ -94,8 +94,8 @@ namespace ip
 void IpApi::set(const SfIp& sip, const SfIp& dip)
 {
     type = IAT_DATA;
-    src.set(sip);
-    dst.set(dip);
+    src = sip;
+    dst = dip;
     iph = nullptr;
 }
 } // namespace ip

diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc
index 96fb2489a008c4bdb6282106a0b1d93a9164f96a..910119285d3bfc73e1750ed1eddb653eaecf10cf 100644 (file)
--- a/src/network_inspectors/appid/test/appid_http_session_test.cc
+++ b/src/network_inspectors/appid/test/appid_http_session_test.cc
@@ -269,7 +269,7 @@ TEST(appid_http_session, http_field_ids_enum_order)
 TEST(appid_http_session, set_tun_dest)
 {
     const TunnelDest* tun_dest  = nullptr;
-    SfIp tun_des, ipv6;
+    SfIp ipv6;
     ipv6.set("2001:db8:85a3::8a2e:370:7334");
     AppidChangeBits change_bits;
     hsession.set_field(REQ_URI_FID, new std::string("[2001:db8:85a3::8a2e:370:7334]:51413"), change_bits);

diff --git a/src/network_inspectors/packet_tracer/packet_tracer.h b/src/network_inspectors/packet_tracer/packet_tracer.h
index a5247a40e3cf8b31a328bc95b42960cde5398b2e..d70e04df1061cd5b8f5f1947bef378f689001eec 100644 (file)
--- a/src/network_inspectors/packet_tracer/packet_tracer.h
+++ b/src/network_inspectors/packet_tracer/packet_tracer.h
@@ -67,9 +67,9 @@ struct PTSessionConstraints
 inline void PTSessionConstraints::set(const PTSessionConstraints& src)
 {
     if ((sip_flag = src.sip_flag))
-        sip.set(src.sip);
+        sip = src.sip;
     if ((dip_flag = src.dip_flag))
-        dip.set(src.dip);
+        dip = src.dip;
     sport = src.sport;
     dport = src.dport;
     protocol = src.protocol;

diff --git a/src/network_inspectors/packet_tracer/packet_tracer_module.cc b/src/network_inspectors/packet_tracer/packet_tracer_module.cc
index 47cfaa404dd81f4c49f2a0daacb9219c257044d9..9f7ab449f6a07f3ebd61169670569d36943769cf 100644 (file)
--- a/src/network_inspectors/packet_tracer/packet_tracer_module.cc
+++ b/src/network_inspectors/packet_tracer/packet_tracer_module.cc
@@ -129,13 +129,13 @@ static int enable(lua_State* L)
 
     if (sip.is_set())
     {
-        constraints.sip.set(sip);
+        constraints.sip = sip;
         constraints.sip_flag = true;
     }
 
     if (dip.is_set())
     {
-        constraints.dip.set(dip);
+        constraints.dip = dip;
         constraints.dip_flag = true;
     }
 

diff --git a/src/network_inspectors/perf_monitor/flow_ip_tracker.cc b/src/network_inspectors/perf_monitor/flow_ip_tracker.cc
index a35e09ab8e519ed1a284352db872e101809479c5..8f074a209a6478a27e327e8f958f89b92b64cb1b 100644 (file)
--- a/src/network_inspectors/perf_monitor/flow_ip_tracker.cc
+++ b/src/network_inspectors/perf_monitor/flow_ip_tracker.cc
@@ -45,14 +45,14 @@ FlowStateValue* FlowIPTracker::find_stats(const SfIp* src_addr, const SfIp* dst_
 
     if (src_addr->less_than(*dst_addr))
     {
-        key.ipA.set(*src_addr);
-        key.ipB.set(*dst_addr);
+        key.ipA = *src_addr;
+        key.ipB = *dst_addr;
         *swapped = 0;
     }
     else
     {
-        key.ipA.set(*dst_addr);
-        key.ipB.set(*src_addr);
+        key.ipA = *dst_addr;
+        key.ipB = *src_addr;
         *swapped = 1;
     }
 

diff --git a/src/network_inspectors/port_scan/ps_detect.cc b/src/network_inspectors/port_scan/ps_detect.cc
index 0cb3bfd9215e49d2c32aa148bbe1e7f9acbdb80e..e2f48a07380192c7b87b76598e4d11b374e2cdf1 100644 (file)
--- a/src/network_inspectors/port_scan/ps_detect.cc
+++ b/src/network_inspectors/port_scan/ps_detect.cc
@@ -314,9 +314,9 @@ bool PortScan::ps_tracker_lookup(
         key.scanner.clear();
 
         if (ps_pkt->reverse_pkt)
-            key.scanned.set(*p->ptrs.ip_api.get_src());
+            key.scanned = *p->ptrs.ip_api.get_src();
         else
-            key.scanned.set(*p->ptrs.ip_api.get_dst());
+            key.scanned = *p->ptrs.ip_api.get_dst();
 
         *scanned = ps_tracker_get(&key);
     }
@@ -327,9 +327,9 @@ bool PortScan::ps_tracker_lookup(
         key.scanned.clear();
 
         if (ps_pkt->reverse_pkt)
-            key.scanner.set(*p->ptrs.ip_api.get_dst());
+            key.scanner = *p->ptrs.ip_api.get_dst();
         else
-            key.scanner.set(*p->ptrs.ip_api.get_src());
+            key.scanner = *p->ptrs.ip_api.get_src();
 
         *scanner = ps_tracker_get(&key);
     }
@@ -470,7 +470,7 @@ int PortScan::ps_proto_update(PS_PROTO* proto, int ps_cnt, int pri_cnt,
     if (!proto->u_ips.equals(*ip, false))
     {
         proto->u_ip_count++;
-        proto->u_ips.set(*ip);
+        proto->u_ips = *ip;
     }
 
     /* we need to do the IP comparisons in host order */
@@ -478,21 +478,21 @@ int PortScan::ps_proto_update(PS_PROTO* proto, int ps_cnt, int pri_cnt,
     if (proto->low_ip.is_set())
     {
         if (proto->low_ip.greater_than(*ip))
-            proto->low_ip.set(*ip);
+            proto->low_ip = *ip;
     }
     else
     {
-        proto->low_ip.set(*ip);
+        proto->low_ip = *ip;
     }
 
     if (proto->high_ip.is_set())
     {
         if (proto->high_ip.less_than(*ip))
-            proto->high_ip.set(*ip);
+            proto->high_ip = *ip;
     }
     else
     {
-        proto->high_ip.set(*ip);
+        proto->high_ip = *ip;
     }
 
     if (proto->u_ports != port)
@@ -803,9 +803,6 @@ void PortScan::ps_tracker_update_icmp(
     Packet* p = (Packet*)ps_pkt->pkt;
     unsigned win = config->icmp_window;
 
-    SfIp cleared;
-    cleared.clear();
-
     if (p->ptrs.icmph)
     {
         switch (p->ptrs.icmph->type)
@@ -814,13 +811,22 @@ void PortScan::ps_tracker_update_icmp(
         case ICMP_TIMESTAMP:
         case ICMP_ADDRESS:
         case ICMP_INFO_REQUEST:
-            ps_proto_update(&scanner->proto, 1, 0, win,
-                p->ptrs.ip_api.get_dst(), 0, packet_time());
+            if (scanner)
+            {
+                ps_proto_update(&scanner->proto, 1, 0, win,
+                    p->ptrs.ip_api.get_dst(), 0, packet_time());
+            }
             break;
 
         case ICMP_DEST_UNREACH:
-            ps_proto_update(&scanner->proto, 0, 1, win, &cleared, 0, 0);
-            scanner->priority_node = 1;
+            if (scanner)
+            {
+                SfIp cleared;
+                cleared.clear();
+
+                ps_proto_update(&scanner->proto, 0, 1, win, &cleared, 0, 0);
+                scanner->priority_node = 1;
+            }
             break;
 
         default:

diff --git a/src/protocols/ip.cc b/src/protocols/ip.cc
index 3ce7fbc6193a85d324fadca6f3b961258a8fcf9f..b7e37061fabdb492b310b4eb292c1a0850b1eb62 100644 (file)
--- a/src/protocols/ip.cc
+++ b/src/protocols/ip.cc
@@ -58,8 +58,8 @@ void IpApi::set(const ip::IP6Hdr* h6)
 void IpApi::set(const SfIp& sip, const SfIp& dip)
 {
     type = IAT_DATA;
-    src.set(sip);
-    dst.set(dip);
+    src = sip;
+    dst = dip;
     iph = nullptr;
 }
 
@@ -85,8 +85,8 @@ bool IpApi::set(const uint8_t* raw_ip_data)
 
 void IpApi::update(const SfIp& sip, const SfIp& dip)
 {
-    src.set(sip);
-    dst.set(dip);
+    src = sip;
+    dst = dip;
 }
 
 uint16_t IpApi::tos() const

diff --git a/src/service_inspectors/ftp_telnet/ftpp_si.cc b/src/service_inspectors/ftp_telnet/ftpp_si.cc
index 7d7ba57cb4b236aae8140161c8654f8fa3ac242b..414bef68a07792ef92bdfd829b2201619c78cbdf 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftpp_si.cc
+++ b/src/service_inspectors/ftp_telnet/ftpp_si.cc
@@ -519,8 +519,8 @@ int FTPsessionInspection(
  */
 int SetSiInput(FTPP_SI_INPUT* SiInput, Packet* p)
 {
-    SiInput->sip.set(*p->ptrs.ip_api.get_src());
-    SiInput->dip.set(*p->ptrs.ip_api.get_dst());
+    SiInput->sip = *p->ptrs.ip_api.get_src();
+    SiInput->dip = *p->ptrs.ip_api.get_dst();
     SiInput->sport = p->ptrs.sp;
     SiInput->dport = p->ptrs.dp;
 

diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc
index bf36435e42af5277358fcd988d48a58361a05d35..2a9aff09ca4bf01eccb1e99e1d0ca4dc001570cc 100644 (file)
--- a/src/service_inspectors/ftp_telnet/pp_ftp.cc
+++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc
@@ -1059,13 +1059,13 @@ static int do_stateful_checks(FTP_SESSION* session, Packet* p,
                         if (iRet == FTPP_SUCCESS)
                         {
                             if (!ipAddr.is_set())
-                                session->serverIP.set(*p->ptrs.ip_api.get_src());
+                                session->serverIP = *p->ptrs.ip_api.get_src();
                             else
                             {
                                 session->serverIP = ipAddr;
                             }
                             session->serverPort = port;
-                            session->clientIP.set(*p->ptrs.ip_api.get_dst());
+                            session->clientIP = *p->ptrs.ip_api.get_dst();
                             session->clientPort = 0;
 
                             if ((FileService::get_max_file_depth() > 0) ||
@@ -1136,7 +1136,7 @@ static int do_stateful_checks(FTP_SESSION* session, Packet* p,
                         /* Server is listening/sending from its own IP,
                          * FTP Port -1 */
                         /* Client IP, Port specified via PORT command */
-                        session->serverIP.set(*p->ptrs.ip_api.get_src());
+                        session->serverIP = *p->ptrs.ip_api.get_src();
 
                         /* Can't necessarily guarantee this, especially
                          * in the case of a proxy'd connection where the

diff --git a/src/sfip/sf_cidr.h b/src/sfip/sf_cidr.h
index 283812219e5164a20b50a8d346468c6bd6f47e4d..26129dbb89dc980e8f6cb7e3f2ef0d7bb303e714 100644 (file)
--- a/src/sfip/sf_cidr.h
+++ b/src/sfip/sf_cidr.h
@@ -32,6 +32,11 @@ namespace snort
 
 struct SO_PUBLIC SfCidr
 {
+    /*
+     * Constructors
+     */
+    SfCidr() = default;
+
     /*
      * Modifiers (incl. convenience ones that delegate to addr)
      */
@@ -74,13 +79,13 @@ inline void SfCidr::clear()
 
 inline void SfCidr::set(const SfCidr& src)
 {
-    addr.set(src.addr);
+    addr = src.addr;
     bits = src.bits;
 }
 
 inline void SfCidr::set(const SfIp& src)
 {
-    addr.set(src);
+    addr = src;
     bits = 128;
 }
 

diff --git a/src/sfip/sf_ip.h b/src/sfip/sf_ip.h
index 6eef4fa210c300012bbf9e12935a88ea9a99ff19..15caec61ffc4d3d42b01a0f0d85660b180ac9d62 100644 (file)
--- a/src/sfip/sf_ip.h
+++ b/src/sfip/sf_ip.h
@@ -35,6 +35,7 @@ namespace snort
 using SfIpString = char[INET6_ADDRSTRLEN];
 
 struct SfCidr;
+
 struct SO_PUBLIC SfIp
 {
     /*
@@ -47,7 +48,6 @@ struct SO_PUBLIC SfIp
      * Modifiers
      */
     void clear();
-    void set(const SfIp& src);
     SfIpRet set(const char* src, uint16_t* srcBits = nullptr);
     /* Sets to a raw source IP (4 or 16 bytes, according to family) */
     SfIpRet set(const void* src, int fam);
@@ -122,17 +122,6 @@ inline void SfIp::clear()
     ip32[0] = ip32[1] = ip32[2] = ip32[3] = 0;
 }
 
-inline void SfIp::set(const SfIp& src)
-{
-    /* This is a simple structure, so is this really better than
-     *this = src?. */
-    family = src.family;
-    ip32[0] = src.ip32[0];
-    ip32[1] = src.ip32[1];
-    ip32[2] = src.ip32[2];
-    ip32[3] = src.ip32[3];
-}
-
 inline uint16_t SfIp::get_family() const
 {
     return family;

diff --git a/src/sfip/sfip_test.cc b/src/sfip/sfip_test.cc
index 56a085faafb3244040f1daf84ebebbce5259b245..b95e6d9323210d2465b408d2fc2bb07436075b10 100644 (file)
--- a/src/sfip/sfip_test.cc
+++ b/src/sfip/sfip_test.cc
@@ -373,7 +373,7 @@ static int CopyCheck(int i)
     SfIp ip1, ip2;
 
     ip1.set(f->arg1);
-    ip2.set(ip1);
+    ip2 = ip1;
 
     return !memcmp(&ip1, &ip2, sizeof(ip1));
 }

diff --git a/src/utils/util_net.cc b/src/utils/util_net.cc
index cf5a9eca2566089c9e61b4ce9c7dc5779e3bb7e1..b5ce3b700f9d239ec8c4cd079a254096d5f4458b 100644 (file)
--- a/src/utils/util_net.cc
+++ b/src/utils/util_net.cc
@@ -44,12 +44,11 @@ char* ObfuscateIpToText(const SfIp* ip, const SfCidr& homenet, SfCidr& obfunet,
     }
     else
     {
-        SfIp tmp;
-        tmp.set(*ip);
+        SfIp tmp(*ip);
 
         if ( homenet.is_set() )
         {
-            if ( homenet.contains(&tmp) == SFIP_CONTAINS )
+            if ( homenet.contains(ip) == SFIP_CONTAINS )
                 tmp.obfuscate(&obfunet);
         }
         else