Merge pull request #2914 in SNORT/snort3 from ~DIPANDIT/snort3:enable_multi_pinhole...

Squashed commit of the following:

commit 6c01d79f5fe0e1a8f97273eeda35c35fa4d9b834
Author: Dipto Pandit (dipandit) <dipandit@cisco.com>
Date:   Mon May 31 03:17:32 2021 -0400

    stream: enable support for multiple expected sessions

commit 3a4a0ef78eeec528f37a95ac0da488f54084af5f
Author: Dipto Pandit (dipandit) <dipandit@cisco.com>
Date:   Mon May 31 03:14:04 2021 -0400

    flow: enable support for multiple expected sessions

commit b4bdb05a1c69c9e4db890447d0fa67e160a64880
Author: Dipto Pandit (dipandit) <dipandit@cisco.com>
Date:   Mon May 31 03:04:00 2021 -0400

    packet_io: enable expected session flags

diff --git a/src/flow/expect_cache.cc b/src/flow/expect_cache.cc
index 998a90b81004e243a9eddd9413b7589fc8a9bf02..e6748772cdfc9afcbfe46cfe8993c98887bcabe9 100644 (file)
--- a/src/flow/expect_cache.cc
+++ b/src/flow/expect_cache.cc
@@ -316,8 +316,8 @@ ExpectCache::~ExpectCache()
  *
  */
 int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_proto,
-    const SfIp* cliIP, uint16_t cliPort, const SfIp* srvIP, uint16_t srvPort,
-    char direction, FlowData* fd, SnortProtocolId snort_protocol_id, bool swap_app_direction)
+    const SfIp* cliIP, uint16_t cliPort, const SfIp* srvIP, uint16_t srvPort, char direction,
+    FlowData* fd, SnortProtocolId snort_protocol_id, bool swap_app_direction, bool expect_multi)
 {
     /* Just pull the VLAN ID, MPLS ID, and Address Space ID from the
         control packet until we have a use case for not doing so. */
@@ -392,8 +392,11 @@ int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_pro
                 PacketTracer::log("Create expected channel request sent with %s -> %s %hu %hhu\n",
                         dipstr, sipstr, srvPort, static_cast<uint8_t>(ip_proto));
             }
+            unsigned flag = 0;
+            if (expect_multi)
+                flag |= DAQ_EFLOW_ALLOW_MULTIPLE;
             ctrlPkt->daq_instance->add_expected(ctrlPkt, cliIP, cliPort, srvIP, srvPort,
-                    ip_proto, 1000, 0);
+                    ip_proto, 1000, flag);
         }
     }
 

diff --git a/src/flow/expect_cache.h b/src/flow/expect_cache.h
index 6eb294b59a649afb95dc69fa66839252d6439171..5b5313bab478ef087c2a28966c60fad14be68179 100644 (file)
--- a/src/flow/expect_cache.h
+++ b/src/flow/expect_cache.h
@@ -98,7 +98,7 @@ public:
     int add_flow(const snort::Packet *ctrlPkt, PktType, IpProtocol, const snort::SfIp* cliIP,
         uint16_t cliPort, const snort::SfIp* srvIP, uint16_t srvPort, char direction,
         snort::FlowData*, SnortProtocolId snort_protocol_id = UNKNOWN_PROTOCOL_ID,
-        bool swap_app_direction = false);
+        bool swap_app_direction = false, bool expect_multi = false);
 
     bool is_expected(snort::Packet*);
     bool check(snort::Packet*, snort::Flow*);

diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc
index 839b7879288446b6dec72d2816c74fed748e3f1b..1d934912276fd33992afb523ac7e7771fffe7a7d 100644 (file)
--- a/src/flow/flow_control.cc
+++ b/src/flow/flow_control.cc
@@ -573,10 +573,10 @@ int FlowControl::add_expected_ignore( const Packet* ctrlPkt, PktType type, IpPro
 
 int FlowControl::add_expected( const Packet* ctrlPkt, PktType type, IpProtocol ip_proto,
     const SfIp *srcIP, uint16_t srcPort, const SfIp *dstIP, uint16_t dstPort,
-    SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction)
+    SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction, bool expect_multi)
 {
     return exp_cache->add_flow( ctrlPkt, type, ip_proto, srcIP, srcPort, dstIP, dstPort,
-        SSN_DIR_BOTH, fd, snort_protocol_id, swap_app_direction);
+        SSN_DIR_BOTH, fd, snort_protocol_id, swap_app_direction, expect_multi);
 }
 
 bool FlowControl::is_expected(Packet* p)

diff --git a/src/flow/flow_control.h b/src/flow/flow_control.h
index 9a7a7a90f3245c3093153a9df172f36f98b04420..de1930301dce4dbe19b9af71964e8ff5f2fdc000 100644 (file)
--- a/src/flow/flow_control.h
+++ b/src/flow/flow_control.h
@@ -78,8 +78,8 @@ public:
         char direction, snort::FlowData*);
 
     int add_expected(const snort::Packet* ctrlPkt, PktType, IpProtocol, const snort::SfIp *srcIP,
-        uint16_t srcPort, const snort::SfIp *dstIP, uint16_t dstPort,
-        SnortProtocolId snort_protocol_id, snort::FlowData*, bool swap_app_direction = false);
+        uint16_t srcPort, const snort::SfIp *dstIP, uint16_t dstPort, SnortProtocolId snort_protocol_id,
+        snort::FlowData*, bool swap_app_direction = false, bool expect_multi = false);
 
     class ExpectCache* get_exp_cache()
     { return exp_cache; }

diff --git a/src/flow/test/flow_cache_test.cc b/src/flow/test/flow_cache_test.cc
index 8803f9b2507bdbec2eea2aba4c8a91c2154b2368..582818dd10c145c5f198a526123ea74306aeee8b 100644 (file)
--- a/src/flow/test/flow_cache_test.cc
+++ b/src/flow/test/flow_cache_test.cc
@@ -121,7 +121,7 @@ void Stream::stop_inspection(Flow*, Packet*, char, int32_t, int) { }
 
 
 int ExpectCache::add_flow(const Packet*, PktType, IpProtocol, const SfIp*, uint16_t,
-    const SfIp*, uint16_t, char, FlowData*, SnortProtocolId, bool)
+    const SfIp*, uint16_t, char, FlowData*, SnortProtocolId, bool, bool)
 {
     return 1;
 }

diff --git a/src/flow/test/flow_control_test.cc b/src/flow/test/flow_control_test.cc
index 027048762bc35d59d4f4d27f5f2e01297b3d869e..d03fb7aea28ac4f1f8888f067d14964817205984 100644 (file)
--- a/src/flow/test/flow_control_test.cc
+++ b/src/flow/test/flow_control_test.cc
@@ -167,7 +167,7 @@ int ExpectCache::add_flow(const Packet*,
     PktType, IpProtocol,
     const SfIp*, uint16_t,
     const SfIp*, uint16_t,
-    char, FlowData*, SnortProtocolId, bool)
+    char, FlowData*, SnortProtocolId, bool, bool)
 {
     return 1;
 }

diff --git a/src/packet_io/sfdaq_instance.cc b/src/packet_io/sfdaq_instance.cc
index a074b9f115905aa7684e4cbd2cf78a75b5769e03..a3e0c694cbe34189eeb88dee49cb40d4932410a7 100644 (file)
--- a/src/packet_io/sfdaq_instance.cc
+++ b/src/packet_io/sfdaq_instance.cc
@@ -341,7 +341,7 @@ int SFDAQInstance::set_packet_trace_data(DAQ_Msg_h msg, uint8_t* buff, uint32_t
 // FIXIT-L X Add Snort flag definitions for callers to use and translate/pass them through to
 // the DAQ module
 int SFDAQInstance::add_expected(const Packet* ctrlPkt, const SfIp* cliIP, uint16_t cliPort,
-        const SfIp* srvIP, uint16_t srvPort, IpProtocol protocol, unsigned timeout_ms, unsigned /* flags */)
+        const SfIp* srvIP, uint16_t srvPort, IpProtocol protocol, unsigned timeout_ms, unsigned flags)
 {
     DIOCTL_CreateExpectedFlow d_cef;
 
@@ -386,6 +386,10 @@ int SFDAQInstance::add_expected(const Packet* ctrlPkt, const SfIp* cliIP, uint16
     key->vlan_cnots = 1;
 
     d_cef.flags = 0;
+
+    if (flags & DAQ_EFLOW_ALLOW_MULTIPLE)
+        d_cef.flags |= DAQ_EFLOW_ALLOW_MULTIPLE;
+
 /*
     if (flags & DAQ_DC_FLOAT)
         d_cef.flags |= DAQ_EFLOW_FLOAT;

diff --git a/src/packet_io/sfdaq_instance.h b/src/packet_io/sfdaq_instance.h
index 8af2e993070b81be2b722a8be15aa6a6f8cf6185..04e7fb8c29e31f101b14e0d2e84ab919b2e4dfac 100644 (file)
--- a/src/packet_io/sfdaq_instance.h
+++ b/src/packet_io/sfdaq_instance.h
@@ -80,7 +80,7 @@ public:
     int set_packet_trace_data(DAQ_Msg_h, uint8_t* buff, uint32_t buff_len);
     int add_expected(const Packet* ctrlPkt, const SfIp* cliIP, uint16_t cliPort,
             const SfIp* srvIP, uint16_t srvPort, IpProtocol, unsigned timeout_ms,
-            unsigned /* flags */);
+            unsigned flags);
     bool get_tunnel_bypass(uint16_t proto);
 
 private:

diff --git a/src/stream/stream.cc b/src/stream/stream.cc
index b56b2dcd2da9575845f8051cfc38c538aa571b88..c0ca827ff0450de410830157f68836cfa3703ecc 100644 (file)
--- a/src/stream/stream.cc
+++ b/src/stream/stream.cc
@@ -386,13 +386,13 @@ int Stream::set_snort_protocol_id_expected(
     const Packet* ctrlPkt, PktType type, IpProtocol ip_proto,
     const SfIp* srcIP, uint16_t srcPort,
     const SfIp* dstIP, uint16_t dstPort,
-    SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction)
+    SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction, bool expect_multi)
 {
     assert(flow_con);
 
     return flow_con->add_expected(
         ctrlPkt, type, ip_proto, srcIP, srcPort, dstIP, dstPort, snort_protocol_id, fd,
-        swap_app_direction);
+        swap_app_direction, expect_multi);
 }
 
 void Stream::set_snort_protocol_id_from_ha(

diff --git a/src/stream/stream.h b/src/stream/stream.h
index 402ce2b95155d7e83bfe4c9a54452a126e484a16..0ef87b9c948620b9e130095a8116fc2158c397dc 100644 (file)
--- a/src/stream/stream.h
+++ b/src/stream/stream.h
@@ -173,7 +173,7 @@ public:
     static int set_snort_protocol_id_expected(
         const Packet* ctrlPkt, PktType, IpProtocol, const snort::SfIp* srcIP, uint16_t srcPort,
         const snort::SfIp* dstIP, uint16_t dstPort, SnortProtocolId, FlowData*,
-        bool swap_app_direction = false);
+        bool swap_app_direction = false, bool expect_multi = false);
 
     // Get pointer to application data for a flow based on the lookup tuples for cases where
     // Snort does not have an active packet that is relevant.