Merge pull request #1795 in SNORT/snort3 from ~MIALTIZE/snort3:namespace to master

author Michael Altizer (mialtize) <mialtize@cisco.com>

Tue, 15 Oct 2019 14:27:30 +0000 (10:27 -0400)

committer Michael Altizer (mialtize) <mialtize@cisco.com>

Tue, 15 Oct 2019 14:27:30 +0000 (10:27 -0400)
author Michael Altizer (mialtize) <mialtize@cisco.com>
Tue, 15 Oct 2019 14:27:30 +0000 (10:27 -0400)
committer Michael Altizer (mialtize) <mialtize@cisco.com>
Tue, 15 Oct 2019 14:27:30 +0000 (10:27 -0400)
diff --git a/src/actions/act_reject.cc b/src/actions/act_reject.cc

index 479caaf7671b551e053897bb2e0fb8e38601c7f6..1b36eca55baec44d93dfc6c33140ca52ba0cadb9 100644 (file)
--- a/src/actions/act_reject.cc
+++ b/src/actions/act_reject.cc
@@ -139,16 +139,16 @@ void RejectAction::send(Packet* p)
          act->send_reset(p, ENC_FLAG_FWD);
  
      if ( flags & REJ_UNR_FWD )
-        act->send_unreach(p, snort::UnreachResponse::FWD);
+        act->send_unreach(p, UnreachResponse::FWD);
  
      if ( flags & REJ_UNR_NET )
-        act->send_unreach(p, snort::UnreachResponse::NET);
+        act->send_unreach(p, UnreachResponse::NET);
  
      if ( flags & REJ_UNR_HOST )
-        act->send_unreach(p, snort::UnreachResponse::HOST);
+        act->send_unreach(p, UnreachResponse::HOST);
  
      if ( flags & REJ_UNR_PORT )
-        act->send_unreach(p, snort::UnreachResponse::PORT);
+        act->send_unreach(p, UnreachResponse::PORT);
  }
  
  //-------------------------------------------------------------------------
diff --git a/src/actions/ips_actions.cc b/src/actions/ips_actions.cc

index bf3d597ff3dc943c7d062e43f174dd83ed4ff6ca..c0e18a2d41650bf89033186fc2018903144c8352 100644 (file)
--- a/src/actions/ips_actions.cc
+++ b/src/actions/ips_actions.cc
@@ -25,11 +25,13 @@
  
  #include "managers/plugin_manager.h"
  
+using namespace snort;
+
  #ifdef STATIC_IPS_ACTIONS
-extern const snort::BaseApi* act_react[];
-extern const snort::BaseApi* act_reject[];
+extern const BaseApi* act_react[];
+extern const BaseApi* act_reject[];
  #endif
-extern const snort::BaseApi* act_replace[];
+extern const BaseApi* act_replace[];
  
  void load_actions()
  {
diff --git a/src/codecs/ip/cd_ipv4.cc b/src/codecs/ip/cd_ipv4.cc

index f39fd9cb8a64030c329bc4085f4672e36c372ebb..a916fa7c43d68a08e38be9465fbef58b4f0c3f41 100644 (file)
--- a/src/codecs/ip/cd_ipv4.cc
+++ b/src/codecs/ip/cd_ipv4.cc
@@ -166,7 +166,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
          return false;
      }
  
-    if ( snort::SnortConfig::get_conf()->hit_ip_maxlayers(codec.ip_layer_cnt) )
+    if ( SnortConfig::get_conf()->hit_ip_maxlayers(codec.ip_layer_cnt) )
      {
          codec_event(codec, DECODE_IP_MULTIPLE_ENCAPSULATION);
          return false;
@@ -223,7 +223,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
          /* If the previous layer was not IP-in-IP, this is not a 4-in-6 tunnel */
          if ( codec.codec_flags & CODEC_NON_IP_TUNNEL )
              codec.codec_flags &= ~CODEC_NON_IP_TUNNEL;
-        else if ( snort::SnortConfig::tunnel_bypass_enabled(TUNNEL_4IN6) )
+        else if ( SnortConfig::tunnel_bypass_enabled(TUNNEL_4IN6) )
              codec.tunnel_bypass = true;
      }
      else if (snort.ip_api.is_ip4())
@@ -231,7 +231,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
          /* If the previous layer was not IP-in-IP, this is not a 4-in-4 tunnel */
          if ( codec.codec_flags & CODEC_NON_IP_TUNNEL )
              codec.codec_flags &= ~CODEC_NON_IP_TUNNEL;
-        else if (snort::SnortConfig::tunnel_bypass_enabled(TUNNEL_4IN4))
+        else if (SnortConfig::tunnel_bypass_enabled(TUNNEL_4IN4))
              codec.tunnel_bypass = true;
      }
  
@@ -253,7 +253,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort)
       */
      IP4AddrTests(iph, codec, snort);
  
-    if (snort::SnortConfig::ip_checksums() && !valid_checksum_from_daq(raw))
+    if (SnortConfig::ip_checksums() && !valid_checksum_from_daq(raw))
      {
          // routers drop packets with bad IP checksums, we don't really need to check them...
          int16_t csum = checksum::ip_cksum((const uint16_t*)iph, hlen);
@@ -556,7 +556,7 @@ void Ipv4Codec::log(TextLog* const text_log, const uint8_t* raw_pkt,
      const ip::IP4Hdr* const ip4h = reinterpret_cast<const ip::IP4Hdr*>(raw_pkt);
  
      // FIXIT-RC this does NOT obfuscate correctly
-    if (snort::SnortConfig::obfuscate())
+    if (SnortConfig::obfuscate())
      {
          TextLog_Print(text_log, "xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx");
      }
diff --git a/src/connectors/connectors.cc b/src/connectors/connectors.cc

index 5575515535d2ec4880e34b43bea60aa9295f5cd0..2f23432179cd0d28d467f07d43b1361d82e2a1c8 100644 (file)
--- a/src/connectors/connectors.cc
+++ b/src/connectors/connectors.cc
@@ -25,8 +25,10 @@
  #include "framework/connector.h"
  #include "managers/plugin_manager.h"
  
-extern const snort::BaseApi* file_connector[];
-extern const snort::BaseApi* tcp_connector[];
+using namespace snort;
+
+extern const BaseApi* file_connector[];
+extern const BaseApi* tcp_connector[];
  
  void load_connectors()
  {
diff --git a/src/detection/fp_create.cc b/src/detection/fp_create.cc

index 4cdc7f55814c9ab49c11dc7f0946ff1568af3485..c4482256be55c32b2fbaa922d2d662d9cdfbde33 100644 (file)
--- a/src/detection/fp_create.cc
+++ b/src/detection/fp_create.cc
@@ -379,7 +379,7 @@ static int pmx_create_tree_offload(SnortConfig* sc, void* id, void** existing_tr
  }
  
  static int fpFinishPortGroupRule(
-    SnortConfig* sc, snort::Mpse* mpse, OptTreeNode* otn, PatternMatchData* pmd,
+    SnortConfig* sc, Mpse* mpse, OptTreeNode* otn, PatternMatchData* pmd,
      FastPatternConfig* fp, Mpse::MpseType mpse_type, bool get_final_pat)
  {
      const char* pattern;
@@ -502,7 +502,7 @@ static int fpFinishPortGroup(
      return 0;
  }
  
-static void fpAddAlternatePatterns(SnortConfig* sc, snort::Mpse* mpse,
+static void fpAddAlternatePatterns(SnortConfig* sc, Mpse* mpse,
      OptTreeNode* otn, PatternMatchData* pmd, FastPatternConfig* fp, Mpse::MpseType mpse_type)
  {
      fpFinishPortGroupRule(sc, mpse, otn, pmd, fp, mpse_type, false);
diff --git a/src/detection/pcrm.cc b/src/detection/pcrm.cc

index 3af868d0592ffa8cd4e3c8b65f64f66430870030..3a23448908c4e2e286b88779aa3cb8496729b909 100644 (file)
--- a/src/detection/pcrm.cc
+++ b/src/detection/pcrm.cc
@@ -42,6 +42,8 @@
  
  #include "fp_config.h"
  
+using namespace snort;
+
  PORT_RULE_MAP* prmNewMap()
  {
      PORT_RULE_MAP* p = (PORT_RULE_MAP*)snort_calloc(sizeof(PORT_RULE_MAP));
@@ -88,16 +90,16 @@ static int prmFindRuleGroup(
      assert(src and dst and gen);
      *src = *dst = *gen = nullptr;
  
-    if ( (dport != ANYPORT) and (dport < snort::MAX_PORTS) )
+    if ( (dport != ANYPORT) and (dport < MAX_PORTS) )
          *dst = p->prmDstPort[dport];
  
-    if ( (sport != ANYPORT) and (sport < snort::MAX_PORTS) )
+    if ( (sport != ANYPORT) and (sport < MAX_PORTS) )
          *src = p->prmSrcPort[sport];
  
      /* If no Src/Dst rules - use the generic set, if any exist  */
      if ( p->prmGeneric and (p->prmGeneric->rule_count > 0) )
      {
-        if ( snort::SnortConfig::get_conf()->fast_pattern_config->get_split_any_any() or (!*src and !*dst) )
+        if ( SnortConfig::get_conf()->fast_pattern_config->get_split_any_any() or (!*src and !*dst) )
          {
              *gen = p->prmGeneric;
          }
diff --git a/src/detection/regex_offload.cc b/src/detection/regex_offload.cc

index 45376a4645d267808ebe25f4c18af2fda6592674..4316eeef356814f7ed7b23fcabdec91b653d279f 100644 (file)
--- a/src/detection/regex_offload.cc
+++ b/src/detection/regex_offload.cc
@@ -48,7 +48,7 @@ using namespace snort;
  // FIXIT-L this could be offloader specific
  struct RegexRequest
  {
-    snort::Packet* packet = nullptr;
+    Packet* packet = nullptr;
  
      std::thread* thread;
      std::mutex mutex;
@@ -99,7 +99,7 @@ void RegexOffload::stop()
      assert(busy.empty());
  }
  
-bool RegexOffload::on_hold(snort::Flow* f) const
+bool RegexOffload::on_hold(Flow* f) const
  {
      for ( auto* req : busy )
      {
@@ -115,7 +115,7 @@ bool RegexOffload::on_hold(snort::Flow* f) const
  
  MpseRegexOffload::MpseRegexOffload(unsigned max) : RegexOffload(max) { }
  
-void MpseRegexOffload::put(snort::Packet* p)
+void MpseRegexOffload::put(Packet* p)
  {
      Profile profile(mpsePerfStats);
  
@@ -135,19 +135,19 @@ void MpseRegexOffload::put(snort::Packet* p)
      p->context->searches.offload_search();
  }
  
-bool MpseRegexOffload::get(snort::Packet*& p)
+bool MpseRegexOffload::get(Packet*& p)
  {
      Profile profile(mpsePerfStats);
      assert(!busy.empty());
  
-    snort::Mpse::MpseRespType resp_ret;
-    snort::MpseBatch* batch;
+    Mpse::MpseRespType resp_ret;
+    MpseBatch* batch;
  
-    resp_ret = snort::MpseBatch::poll_offload_responses(batch);
+    resp_ret = MpseBatch::poll_offload_responses(batch);
  
-    if (resp_ret != snort::Mpse::MPSE_RESP_NOT_COMPLETE)
+    if (resp_ret != Mpse::MPSE_RESP_NOT_COMPLETE)
      {
-        if (resp_ret == snort::Mpse::MPSE_RESP_COMPLETE_FAIL)
+        if (resp_ret == Mpse::MPSE_RESP_COMPLETE_FAIL)
          {
              if (batch->can_fallback())
              {
@@ -157,7 +157,7 @@ bool MpseRegexOffload::get(snort::Packet*& p)
              pc.offload_failures++;
          }
  
-        snort::IpsContext* c = (snort::IpsContext*)(batch->context);
+        IpsContext* c = (IpsContext*)(batch->context);
          p = c->packet;
  
          // Finished with items in batch so clear
@@ -184,7 +184,7 @@ ThreadRegexOffload::ThreadRegexOffload(unsigned max) : RegexOffload(max)
      unsigned i = ThreadConfig::get_instance_max();
  
      for ( auto* req : idle )
-        req->thread = new std::thread(worker, req, snort::SnortConfig::get_conf(), i++);
+        req->thread = new std::thread(worker, req, SnortConfig::get_conf(), i++);
  }
  
  ThreadRegexOffload::~ThreadRegexOffload()
@@ -208,7 +208,7 @@ void ThreadRegexOffload::stop()
      }
  }
  
-void ThreadRegexOffload::put(snort::Packet* p)
+void ThreadRegexOffload::put(Packet* p)
  {
      Profile profile(mpsePerfStats);
  
@@ -239,7 +239,7 @@ void ThreadRegexOffload::put(snort::Packet* p)
  #endif
  }
  
-bool ThreadRegexOffload::get(snort::Packet*& p)
+bool ThreadRegexOffload::get(Packet*& p)
  {
      Profile profile(mpsePerfStats);
      assert(!busy.empty());
@@ -266,10 +266,10 @@ bool ThreadRegexOffload::get(snort::Packet*& p)
  }
  
  void ThreadRegexOffload::worker(
-    RegexRequest* req, snort::SnortConfig* initial_config, unsigned id)
+    RegexRequest* req, SnortConfig* initial_config, unsigned id)
  {
      set_instance_id(id);
-    snort::SnortConfig::set_conf(initial_config);
+    SnortConfig::set_conf(initial_config);
  
      while ( true )
      {
@@ -288,9 +288,9 @@ void ThreadRegexOffload::worker(
          assert(req->packet->is_offloaded());
          assert(req->packet->context->searches.items.size() > 0);
  
-        snort::SnortConfig::set_conf(req->packet->context->conf);
-        snort::IpsContext* c = req->packet->context;
-        snort::Mpse::MpseRespType resp_ret;
+        SnortConfig::set_conf(req->packet->context->conf);
+        IpsContext* c = req->packet->context;
+        Mpse::MpseRespType resp_ret;
  
          c->searches.offload_search();
  
@@ -298,9 +298,9 @@ void ThreadRegexOffload::worker(
          {
              resp_ret = c->searches.receive_offload_responses();
          }
-        while (resp_ret == snort::Mpse::MPSE_RESP_NOT_COMPLETE);
+        while (resp_ret == Mpse::MPSE_RESP_NOT_COMPLETE);
  
-        if (resp_ret == snort::Mpse::MPSE_RESP_COMPLETE_FAIL)
+        if (resp_ret == Mpse::MPSE_RESP_COMPLETE_FAIL)
          {
              if (c->searches.can_fallback())
              {
@@ -320,8 +320,8 @@ void ThreadRegexOffload::worker(
          }
  #endif
      }
-    snort::ModuleManager::accumulate_offload("search_engine");
-    snort::ModuleManager::accumulate_offload("detection");
+    ModuleManager::accumulate_offload("search_engine");
+    ModuleManager::accumulate_offload("detection");
  
      // FIXIT-M break this over-coupling. In reality we shouldn't be evaluating latency in offload.
      PacketLatency::tterm();
diff --git a/src/detection/rules.cc b/src/detection/rules.cc

index 94abe2e974b28a34e74a548823a995ee77263e24..d00d408f0015f8c5e2457b7d6cd4f0386fed140a 100644 (file)
--- a/src/detection/rules.cc
+++ b/src/detection/rules.cc
@@ -109,12 +109,12 @@ void RuleState::update_rtn(RuleTreeNode* rtn)
  {
      switch ( action )
      {
-        case IpsPolicy::LOG: rtn->action = snort::Actions::Type::LOG; break;
-        case IpsPolicy::PASS: rtn->action = snort::Actions::Type::PASS; break;
-        case IpsPolicy::ALERT: rtn->action = snort::Actions::Type::ALERT; break;
-        case IpsPolicy::DROP: rtn->action = snort::Actions::Type::DROP; break;
-        case IpsPolicy::BLOCK: rtn->action = snort::Actions::Type::BLOCK; break;
-        case IpsPolicy::RESET: rtn->action = snort::Actions::Type::RESET; break;
+        case IpsPolicy::LOG: rtn->action = Actions::Type::LOG; break;
+        case IpsPolicy::PASS: rtn->action = Actions::Type::PASS; break;
+        case IpsPolicy::ALERT: rtn->action = Actions::Type::ALERT; break;
+        case IpsPolicy::DROP: rtn->action = Actions::Type::DROP; break;
+        case IpsPolicy::BLOCK: rtn->action = Actions::Type::BLOCK; break;
+        case IpsPolicy::RESET: rtn->action = Actions::Type::RESET; break;
          case IpsPolicy::INHERIT_ACTION: break;
      }
      switch ( enable )
diff --git a/src/detection/treenodes.cc b/src/detection/treenodes.cc

index bbb67f008e8bdae9e7946fa68cb4d2cdb08f2b34..2c77caecde4a12db071493f31293c46066564eae 100644 (file)
--- a/src/detection/treenodes.cc
+++ b/src/detection/treenodes.cc
@@ -27,6 +27,8 @@
  #include "framework/ips_option.h"
  #include "utils/util.h"
  
+using namespace snort;
+
  OptFpList* AddOptFuncToList(RuleOptEvalFunc ro_eval_func, OptTreeNode* otn)
  {
      OptFpList* ofp = (OptFpList*)snort_calloc(sizeof(OptFpList));
@@ -49,7 +51,7 @@ OptFpList* AddOptFuncToList(RuleOptEvalFunc ro_eval_func, OptTreeNode* otn)
      return ofp;
  }
  
-bool otn_set_agent(OptTreeNode* otn, snort::IpsOption* opt)
+bool otn_set_agent(OptTreeNode* otn, IpsOption* opt)
  {
      if ( otn->agent )
          return false;
@@ -58,7 +60,7 @@ bool otn_set_agent(OptTreeNode* otn, snort::IpsOption* opt)
      return true;
  }
  
-void otn_trigger_actions(const OptTreeNode* otn, snort::Packet* p)
+void otn_trigger_actions(const OptTreeNode* otn, Packet* p)
  {
      if ( otn->agent )
          otn->agent->action(p);
diff --git a/src/events/event.cc b/src/events/event.cc

index abfdc142c57d375245567f5440759fa340d729ae..f66443320fd241b1adcab11a7ae465f645bc2541 100644 (file)
--- a/src/events/event.cc
+++ b/src/events/event.cc
@@ -26,6 +26,8 @@
  #include "detection/signature.h"
  #include "main/snort_config.h"
  
+using namespace snort;
+
  THREAD_LOCAL uint16_t event_id; // FIXIT-M also incremented in fpLogEvent()
  
  void SetEvent(
@@ -39,7 +41,7 @@ void SetEvent(
      event.sig_info->priority = priority;
  
      /* this one gets set automatically */
-    event.event_id = ++event_id | snort::SnortConfig::get_event_log_id();
+    event.event_id = ++event_id | SnortConfig::get_event_log_id();
  
      if (event_ref)
          event.event_reference = event_ref;
diff --git a/src/file_api/file_capture.h b/src/file_api/file_capture.h

index 36a3ee97c6daf46b139a9e2ee771a430893dd840..1c029949d0ee7ba94ec86e95d4edfcb2bb19d449 100644 (file)
--- a/src/file_api/file_capture.h
+++ b/src/file_api/file_capture.h
@@ -38,11 +38,11 @@
  
  #include "file_api.h"
  
+class FileMemPool;
+
  namespace snort
  {
  class FileInfo;
-}
-class FileMemPool;
  
  struct FileCaptureBlock
  {
@@ -125,6 +125,7 @@ private:
      int64_t capture_min_size;
      int64_t capture_max_size;
  };
+}
  
  #endif
  
diff --git a/src/file_api/file_config.cc b/src/file_api/file_config.cc

index 706279002acb5b1f723fd2f60b956d10d7ec299b..2d0802b9bc632708c1caa11d015179effae12aeb 100644 (file)
--- a/src/file_api/file_config.cc
+++ b/src/file_api/file_config.cc
@@ -35,6 +35,8 @@
  
  #include "file_flows.h"
  
+using namespace snort;
+
  bool FileConfig::process_file_magic(FileMagicData& magic)
  {
      bool negated = false;
@@ -72,7 +74,7 @@ FileMagicRule* FileConfig::get_rule_from_id(uint32_t id)
  }
  
  void FileConfig::get_magic_rule_ids_from_type(const std::string& type,
-    const std::string& version, snort::FileTypeBitSet& ids_set)
+    const std::string& version, FileTypeBitSet& ids_set)
  {
      return fileIdentifier.get_magic_rule_ids_from_type(type, version, ids_set);
  }
@@ -102,9 +104,9 @@ std::string file_type_name(uint32_t id)
          return "NA";
  }
  
-FileConfig* get_file_config(snort::SnortConfig* sc)
+FileConfig* get_file_config(SnortConfig* sc)
  {
-    snort::FileInspect* fi = (snort::FileInspect*)snort::InspectorManager::get_inspector(FILE_ID_NAME, true, sc);
+    FileInspect* fi = (FileInspect*)InspectorManager::get_inspector(FILE_ID_NAME, true, sc);
  
      if (fi)
          return (fi->config);
@@ -115,7 +117,7 @@ FileConfig* get_file_config(snort::SnortConfig* sc)
  namespace snort
  {
  void get_magic_rule_ids_from_type(const std::string& type, const std::string& version,
-    snort::FileTypeBitSet& ids_set, snort::SnortConfig* sc)
+    FileTypeBitSet& ids_set, SnortConfig* sc)
  {
      FileConfig* conf = get_file_config(sc);
      if (conf)
diff --git a/src/file_api/file_identifier.cc b/src/file_api/file_identifier.cc

index 8a2263d5f5a6aea14accbb78dffa6451862d0392..897678bc1217ade85bbc034f1740258a13550e92 100644 (file)
--- a/src/file_api/file_identifier.cc
+++ b/src/file_api/file_identifier.cc
@@ -68,7 +68,7 @@ void FileMagicRule::clear()
  
  void FileIdentifier::init_merge_hash()
  {
-    identifier_merge_hash = snort::ghash_new(1000, sizeof(MergeNode), 0, nullptr);
+    identifier_merge_hash = ghash_new(1000, sizeof(MergeNode), 0, nullptr);
      assert(identifier_merge_hash);
  }
  
@@ -374,7 +374,7 @@ FileMagicRule* FileIdentifier::get_rule_from_id(uint32_t id)
  }
  
  void FileIdentifier::get_magic_rule_ids_from_type(const std::string& type,
-    const std::string& version, snort::FileTypeBitSet& ids_set)
+    const std::string& version, FileTypeBitSet& ids_set)
  {
      ids_set.reset();
  
diff --git a/src/file_api/file_lib.h b/src/file_api/file_lib.h

index 47f846e4bf60ccbb473b1c0c1cd7c06c341b7e33..b05d1d8bae59e5f12540559d58ad233c39117143 100644 (file)
--- a/src/file_api/file_lib.h
+++ b/src/file_api/file_lib.h
@@ -33,12 +33,12 @@
  #define SNORT_FILE_TYPE_UNKNOWN          UINT16_MAX
  #define SNORT_FILE_TYPE_CONTINUE         0
  
-class FileCapture;
  class FileConfig;
  class FileSegments;
  
  namespace snort
  {
+class FileCapture;
  class FileInspect;
  class Flow;
  
diff --git a/src/file_api/file_policy.cc b/src/file_api/file_policy.cc

index 6f744ca330538107bc99cc2d27c569da0223f8f0..8387d7b761a726bbe022e30d7e47703c959bc07b 100644 (file)
--- a/src/file_api/file_policy.cc
+++ b/src/file_api/file_policy.cc
@@ -86,26 +86,26 @@ void FilePolicy::insert_file_rule(FileRule& rule)
      }
  
      // Enable file type for all other features
-    snort::FileService::enable_file_type();
+    FileService::enable_file_type();
      type_enabled = true;
  
      if (rule.use.signature_enabled)
-        snort::FileService::enable_file_signature();
+        FileService::enable_file_signature();
  
      if (rule.use.capture_enabled)
-        snort::FileService::enable_file_capture();
+        FileService::enable_file_capture();
  }
  
  void FilePolicy::load()
  {
      if (type_enabled)
-        snort::FileService::enable_file_type();
+        FileService::enable_file_type();
  
      if (signature_enabled)
-        snort::FileService::enable_file_signature();
+        FileService::enable_file_signature();
  
      if (capture_enabled)
-        snort::FileService::enable_file_capture();
+        FileService::enable_file_capture();
  
      // Use default global setting
      emptyRule.use.type_enabled = type_enabled;
diff --git a/src/file_api/file_segment.cc b/src/file_api/file_segment.cc

index 6069f763d7fd8dc28e7b46c7b509f9c983da7d02..eec10fdd78d84c674e08a5da0edf4893224c77e1 100644 (file)
--- a/src/file_api/file_segment.cc
+++ b/src/file_api/file_segment.cc
@@ -25,13 +25,15 @@
  
  #include "file_lib.h"
  
+using namespace snort;
+
  FileSegment::~FileSegment ()
  {
      if (data)
          delete data;
  }
  
-FileSegments::FileSegments (snort::FileContext* ctx)
+FileSegments::FileSegments (FileContext* ctx)
  {
      head = nullptr;
      current_offset = 0;
@@ -150,15 +152,15 @@ FilePosition FileSegments::get_file_position(uint64_t data_size, uint64_t file_s
      return SNORT_FILE_MIDDLE;
  }
  
-int FileSegments::process_one(snort::Packet* p, const uint8_t* file_data, int data_size,
-    snort::FilePolicyBase* policy)
+int FileSegments::process_one(Packet* p, const uint8_t* file_data, int data_size,
+    FilePolicyBase* policy)
  {
      FilePosition position = get_file_position(data_size, context->get_file_size());
  
      return context->process(p, file_data, data_size, position, policy);
  }
  
-int FileSegments::process_all(snort::Packet* p, snort::FilePolicyBase* policy)
+int FileSegments::process_all(Packet* p, FilePolicyBase* policy)
  {
      int ret = 1;
  
@@ -190,8 +192,8 @@ int FileSegments::process_all(snort::Packet* p, snort::FilePolicyBase* policy)
   *    1: continue processing/log/block this file
   *    0: ignore this file
   */
-int FileSegments::process(snort::Packet* p, const uint8_t* file_data, uint64_t data_size,
-    uint64_t offset, snort::FilePolicyBase* policy)
+int FileSegments::process(Packet* p, const uint8_t* file_data, uint64_t data_size,
+    uint64_t offset, FilePolicyBase* policy)
  {
      int ret = 0;
  
diff --git a/src/filters/detection_filter.cc b/src/filters/detection_filter.cc

index 2f3886c2434fa884d93cf26aea63c61fca953edf..b41b6c2443d6a30e6e29eb714e97e78547af79b5 100644 (file)
--- a/src/filters/detection_filter.cc
+++ b/src/filters/detection_filter.cc
@@ -53,7 +53,7 @@ void DetectionFilterConfigFree(DetectionFilterConfig* config)
      snort_free(config);
  }
  
-int detection_filter_test(void* pv, const snort::SfIp* sip, const snort::SfIp* dip, long curtime)
+int detection_filter_test(void* pv, const SfIp* sip, const SfIp* dip, long curtime)
  {
      if (pv == nullptr)
          return 0;
@@ -95,7 +95,7 @@ void detection_filter_term()
      if ( !detection_filter_hash )
          return;
  
-    snort::xhash_delete(detection_filter_hash);
+    xhash_delete(detection_filter_hash);
      detection_filter_hash = nullptr;
  }
  
diff --git a/src/filters/rate_filter.cc b/src/filters/rate_filter.cc

index cdeb2e975b64e2ef55176516ac4e9f0cf676a3fc..daddb3434cbbf66d1a17a6504a01d388af295e6e 100644 (file)
--- a/src/filters/rate_filter.cc
+++ b/src/filters/rate_filter.cc
@@ -69,7 +69,7 @@ void RateFilter_Cleanup()
   * Create and Add a Thresholding Event Object
   */
  int RateFilter_Create(
-    snort::SnortConfig* sc, RateFilterConfig* rf_config, tSFRFConfigNode* thdx)
+    SnortConfig* sc, RateFilterConfig* rf_config, tSFRFConfigNode* thdx)
  {
      int error;
  
@@ -103,14 +103,14 @@ int RateFilter_Create(
      returns 1 - rate threshold reached
              0 - rate threshold not reached
  */
-int RateFilter_Test(const OptTreeNode* otn, snort::Packet* p)
+int RateFilter_Test(const OptTreeNode* otn, Packet* p)
  {
      unsigned gid = otn->sigInfo.gid;
      unsigned sid = otn->sigInfo.sid;
  
-    const snort::SfIp* sip;
-    const snort::SfIp* dip;
-    snort::SfIp cleared;
+    const SfIp* sip;
+    const SfIp* dip;
+    SfIp cleared;
  
      if ( p->ptrs.ip_api.is_ip() )
      {
@@ -124,8 +124,8 @@ int RateFilter_Test(const OptTreeNode* otn, snort::Packet* p)
          dip = &cleared;
      }
  
-    if ((snort::SnortConfig::get_conf() == nullptr) ||
-        (snort::SnortConfig::get_conf()->rate_filter_config == nullptr))
+    if ((SnortConfig::get_conf() == nullptr) ||
+        (SnortConfig::get_conf()->rate_filter_config == nullptr))
      {
          /* this should not happen, see the create fcn */
          return -1;
@@ -137,12 +137,12 @@ int RateFilter_Test(const OptTreeNode* otn, snort::Packet* p)
          // events and these require: src -> client, dst -> server.
          if ( p->is_from_server() )
          {
-            return SFRF_TestThreshold(snort::SnortConfig::get_conf()->rate_filter_config, gid, sid,
+            return SFRF_TestThreshold(SnortConfig::get_conf()->rate_filter_config, gid, sid,
                  dip, sip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT);
          }
      }
  
-    return SFRF_TestThreshold(snort::SnortConfig::get_conf()->rate_filter_config, gid, sid,
+    return SFRF_TestThreshold(SnortConfig::get_conf()->rate_filter_config, gid, sid,
          sip, dip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT);
  }
  
diff --git a/src/filters/sfrf.cc b/src/filters/sfrf.cc

index 52200382372cc098f9d1d3b9e596992b03f3ffaf..d3da43376765d7820757eec0648f58a8faf9eae4 100644 (file)
--- a/src/filters/sfrf.cc
+++ b/src/filters/sfrf.cc
@@ -66,7 +66,7 @@ typedef struct
       * whether dos threshold is tracking by source or destination IP address. For tracking
       * by rule, it is cleared out (all 0s).
       */
-    snort::SfIp ip;
+    SfIp ip;
      uint16_t padding;
  } tSFRFTrackingNodeKey;
  PADDING_GUARD_END
@@ -115,7 +115,7 @@ static int _checkSamplingPeriod(
      );
  
  static tSFRFTrackingNode* _getSFRFTrackingNode(
-    const snort::SfIp*,
+    const SfIp*,
      unsigned tid,
      time_t curTime
      );
@@ -124,8 +124,8 @@ static void _updateDependentThresholds(
      RateFilterConfig* config,
      unsigned gid,
      unsigned sid,
-    const snort::SfIp* sip,
-    const snort::SfIp* dip,
+    const SfIp* sip,
+    const SfIp* dip,
      time_t curTime
      );
  
@@ -232,14 +232,14 @@ int SFRF_Alloc(unsigned int memcap)
   *
   * @return @retval  0 successfully added the thresholding object, !0 otherwise
  */
-int SFRF_ConfigAdd(snort::SnortConfig*, RateFilterConfig* rf_config, tSFRFConfigNode* cfgNode)
+int SFRF_ConfigAdd(SnortConfig*, RateFilterConfig* rf_config, tSFRFConfigNode* cfgNode)
  {
      GHash* genHash;
      tSFRFSidNode* pSidNode;
      tSFRFConfigNode* pNewConfigNode;
      tSFRFGenHashKey key = { 0,0 };
  
-    PolicyId policy_id = snort::get_ips_policy()->policy_id;
+    PolicyId policy_id = get_ips_policy()->policy_id;
  
      if ((rf_config == nullptr) || (cfgNode == nullptr))
          return -1;
@@ -361,7 +361,7 @@ int SFRF_ConfigAdd(snort::SnortConfig*, RateFilterConfig* rf_config, tSFRFConfig
   */
  static int SFRF_TestObject(
      tSFRFConfigNode* cfgNode,
-    const snort::SfIp* ip,
+    const SfIp* ip,
      time_t curTime,
      SFRF_COUNT_OPERATION op
      )
@@ -414,7 +414,7 @@ static int SFRF_TestObject(
      // if the count were not incremented in such cases, the
      // threshold would never be exceeded.
      if ( !cfgNode->seconds && dynNode->count > cfgNode->count )
-        if ( cfgNode->newAction == snort::Actions::DROP )
+        if ( cfgNode->newAction == Actions::DROP )
              dynNode->count--;
  
  #ifdef SFRF_DEBUG
@@ -427,7 +427,7 @@ static int SFRF_TestObject(
      return retValue;
  }
  
-static inline int SFRF_AppliesTo(tSFRFConfigNode* pCfg, const snort::SfIp* ip)
+static inline int SFRF_AppliesTo(tSFRFConfigNode* pCfg, const SfIp* ip)
  {
      return ( !pCfg->applyTo || sfvar_ip_in(pCfg->applyTo, ip) );
  }
@@ -451,8 +451,8 @@ int SFRF_TestThreshold(
      RateFilterConfig* config,
      unsigned gid,
      unsigned sid,
-    const snort::SfIp* sip,
-    const snort::SfIp* dip,
+    const SfIp* sip,
+    const SfIp* dip,
      time_t curTime,
      SFRF_COUNT_OPERATION op
      )
@@ -464,7 +464,7 @@ int SFRF_TestThreshold(
      int status = -1;
      tSFRFGenHashKey key;
  
-    PolicyId policy_id = snort::get_ips_policy()->policy_id;
+    PolicyId policy_id = get_ips_policy()->policy_id;
  
  #ifdef SFRF_DEBUG
      printf("--%d-%u-%u: %s() entering\n", 0, gid, sid, __func__);
@@ -546,7 +546,7 @@ int SFRF_TestThreshold(
  
          case SFRF_TRACK_BY_RULE:
          {
-            snort::SfIp cleared;
+            SfIp cleared;
              cleared.clear();
              newStatus = SFRF_TestObject(cfgNode, &cleared, curTime, op);
          }
@@ -753,15 +753,15 @@ static int _checkThreshold(
      fflush(stdout);
  #endif
  
-    return snort::Actions::MAX + cfgNode->newAction;
+    return Actions::MAX + cfgNode->newAction;
  }
  
  static void _updateDependentThresholds(
      RateFilterConfig* config,
      unsigned gid,
      unsigned sid,
-    const snort::SfIp* sip,
-    const snort::SfIp* dip,
+    const SfIp* sip,
+    const SfIp* dip,
      time_t curTime
      )
  {
@@ -781,7 +781,7 @@ static void _updateDependentThresholds(
      }
  }
  
-static tSFRFTrackingNode* _getSFRFTrackingNode(const snort::SfIp* ip, unsigned tid, time_t curTime)
+static tSFRFTrackingNode* _getSFRFTrackingNode(const SfIp* ip, unsigned tid, time_t curTime)
  {
      tSFRFTrackingNode* dynNode = nullptr;
      tSFRFTrackingNodeKey key;
@@ -789,7 +789,7 @@ static tSFRFTrackingNode* _getSFRFTrackingNode(const snort::SfIp* ip, unsigned t
      /* Setup key */
      key.ip = *(ip);
      key.tid = tid;
-    key.policyId = snort::get_ips_policy()->policy_id;
+    key.policyId = get_ips_policy()->policy_id;
      key.padding = 0;
  
      /*
diff --git a/src/filters/sfrf_test.cc b/src/filters/sfrf_test.cc

index 012d3d846d638e006fc2325a56022bb193e2244d..65e526d28b17a0dd7868cdd8b0d0b28ba5e52a1a 100644 (file)
--- a/src/filters/sfrf_test.cc
+++ b/src/filters/sfrf_test.cc
@@ -29,6 +29,8 @@
  #include "rate_filter.h"
  #include "sfrf.h"
  
+using namespace snort;
+
  //---------------------------------------------------------------
  
  #define IP_ANY   nullptr          // used to get "unset"
@@ -908,7 +910,7 @@ static void Init(unsigned cap)
          cfg.tracking = p->track;
          cfg.count = p->count;
          cfg.seconds = p->seconds;
-        cfg.newAction = (snort::Actions::Type)RULE_NEW;
+        cfg.newAction = (Actions::Type)RULE_NEW;
          cfg.timeout = p->timeout;
          cfg.applyTo = p->ip ? sfip_var_from_string(p->ip, "sfrf_test") : nullptr;
  
@@ -942,15 +944,15 @@ static int EventTest(EventData* p)
      // this is the only acceptable public value for op
      SFRF_COUNT_OPERATION op = SFRF_COUNT_INCREMENT;
  
-    snort::SfIp sip, dip;
+    SfIp sip, dip;
      sip.set(p->sip);
      dip.set(p->dip);
  
      status = SFRF_TestThreshold(
          rfc, p->gid, p->sid, &sip, &dip, curtime, op);
  
-    if ( status >= snort::Actions::MAX )
-        status -= snort::Actions::MAX;
+    if ( status >= Actions::MAX )
+        status -= Actions::MAX;
  
      return status;
  }
diff --git a/src/filters/sfthd.cc b/src/filters/sfthd.cc

index ba519086b874481eae763199be8291d72ce9081d..86d0f277c71992d79e6d34853c56da62d9eaee48 100644 (file)
--- a/src/filters/sfthd.cc
+++ b/src/filters/sfthd.cc
@@ -289,14 +289,14 @@ the current event should be logged or dropped.
  
  */
  static int sfthd_create_threshold_local(
-    snort::SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config)
+    SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config)
  {
      GHash* sfthd_hash;
      THD_ITEM* sfthd_item;
      THD_NODE* sfthd_node;
      tThdItemKey key;
  
-    PolicyId policy_id = snort::get_network_policy()->policy_id;
+    PolicyId policy_id = get_network_policy()->policy_id;
  
      if (thd_objs == nullptr )
          return -1;
@@ -484,10 +484,10 @@ static int sfthd_create_threshold_local(
  /*
   */
  static int sfthd_create_threshold_global(
-    snort::SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config)
+    SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config)
  {
      THD_NODE* sfthd_node;
-    PolicyId policy_id = snort::get_network_policy()->policy_id;
+    PolicyId policy_id = get_network_policy()->policy_id;
  
      if (thd_objs == nullptr)
          return -1;
@@ -588,7 +588,7 @@ the current event should be logged or dropped.
  
  */
  int sfthd_create_threshold(
-    snort::SnortConfig* sc,
+    SnortConfig* sc,
      ThresholdObjects* thd_objs,
      unsigned gen_id,
      unsigned sig_id,
@@ -600,7 +600,7 @@ int sfthd_create_threshold(
      sfip_var_t* ip_address)
  {
      //allocate memory fpr sfthd_array if needed.
-    PolicyId policyId = snort::get_network_policy()->policy_id;
+    PolicyId policyId = get_network_policy()->policy_id;
      THD_NODE sfthd_node;
      memset(&sfthd_node, 0, sizeof(sfthd_node));
  
@@ -647,7 +647,7 @@ static char* printIP(unsigned u, char* buf, unsigned len)
  #endif
  
  int sfthd_test_rule(XHash* rule_hash, THD_NODE* sfthd_node,
-    const snort::SfIp* sip, const snort::SfIp* dip, long curtime)
+    const SfIp* sip, const SfIp* dip, long curtime)
  {
      if ((rule_hash == nullptr) || (sfthd_node == nullptr))
          return 0;
@@ -659,7 +659,7 @@ int sfthd_test_rule(XHash* rule_hash, THD_NODE* sfthd_node,
  
  static inline int sfthd_test_suppress(
      THD_NODE* sfthd_node,
-    const snort::SfIp* ip)
+    const SfIp* ip)
  {
      if ( !sfthd_node->ip_address ||
          sfvar_ip_in(sfthd_node->ip_address, ip) )
@@ -837,15 +837,15 @@ static inline int sfthd_test_non_suppress(
  int sfthd_test_local(
      XHash* local_hash,
      THD_NODE* sfthd_node,
-    const snort::SfIp* sip,
-    const snort::SfIp* dip,
+    const SfIp* sip,
+    const SfIp* dip,
      time_t curtime)
  {
      THD_IP_NODE_KEY key;
      THD_IP_NODE data,* sfthd_ip_node;
-    const snort::SfIp* ip;
+    const SfIp* ip;
  
-    PolicyId policy_id = snort::get_network_policy()->policy_id;
+    PolicyId policy_id = get_network_policy()->policy_id;
  
  #ifdef THD_DEBUG
      char buf[24];
@@ -939,16 +939,16 @@ static inline int sfthd_test_global(
      XHash* global_hash,
      THD_NODE* sfthd_node,
      unsigned sig_id,     /* from current event */
-    const snort::SfIp* sip,        /* " */
-    const snort::SfIp* dip,        /* " */
+    const SfIp* sip,        /* " */
+    const SfIp* dip,        /* " */
      time_t curtime)
  {
      THD_IP_GNODE_KEY key;
      THD_IP_NODE data;
      THD_IP_NODE* sfthd_ip_node;
-    const snort::SfIp* ip;
+    const SfIp* ip;
  
-    PolicyId policy_id = snort::get_network_policy()->policy_id;
+    PolicyId policy_id = get_network_policy()->policy_id;
  
  #ifdef THD_DEBUG
      char buf[24];
@@ -1053,8 +1053,8 @@ int sfthd_test_threshold(
      THD_STRUCT* thd,
      unsigned gen_id,
      unsigned sig_id,
-    const snort::SfIp* sip,
-    const snort::SfIp* dip,
+    const SfIp* sip,
+    const SfIp* dip,
      long curtime)
  {
      tThdItemKey key;
@@ -1066,7 +1066,7 @@ int sfthd_test_threshold(
      int cnt;
  #endif
  
-    PolicyId policy_id = snort::get_network_policy()->policy_id;
+    PolicyId policy_id = get_network_policy()->policy_id;
  
      if ((thd_objs == nullptr) || (thd == nullptr))
          return 0;
diff --git a/src/filters/sfthd_test.cc b/src/filters/sfthd_test.cc

index 104a81f6ceae3e675425fccaf5d10bb9b4c78200..9621a9964fddfd3d05c071db85d50a7f3a06e708 100644 (file)
--- a/src/filters/sfthd_test.cc
+++ b/src/filters/sfthd_test.cc
@@ -836,7 +836,7 @@ static int EventTest(EventData* p, THD_NODE* rule)
      long curtime = (long)p->now;
      int status;
  
-    snort::SfIp sip, dip;
+    SfIp sip, dip;
      sip.set(p->sip);
      dip.set(p->dip);
  
diff --git a/src/filters/sfthreshold.cc b/src/filters/sfthreshold.cc

index 9ebacd5992ad1e0faf1083e6f058bfa022d9a9cd..f72d934d3783ed25f30a93e3ec25241603f2742c 100644 (file)
--- a/src/filters/sfthreshold.cc
+++ b/src/filters/sfthreshold.cc
@@ -49,6 +49,8 @@
  
  #include "sfthd.h"
  
+using namespace snort;
+
  /* Data */
  static THREAD_LOCAL THD_STRUCT* thd_runtime = nullptr;
  
@@ -105,7 +107,7 @@ int sfthreshold_alloc(unsigned int l_memcap, unsigned int g_memcap)
  
  
  int sfthreshold_create(
-    snort::SnortConfig* sc, ThresholdConfig* thd_config, THDX_STRUCT* thdx)
+    SnortConfig* sc, ThresholdConfig* thd_config, THDX_STRUCT* thdx)
  {
      if (thd_config == nullptr)
          return -1;
@@ -138,11 +140,11 @@ int sfthreshold_create(
      returns 0 - log
             !0 - don't log
  */
-int sfthreshold_test(unsigned gen_id, unsigned sig_id, const snort::SfIp* sip,
-    const snort::SfIp* dip, long curtime)
+int sfthreshold_test(unsigned gen_id, unsigned sig_id, const SfIp* sip,
+    const SfIp* dip, long curtime)
  {
-    if ((snort::SnortConfig::get_conf()->threshold_config == nullptr) ||
-        !snort::SnortConfig::get_conf()->threshold_config->enabled)
+    if ((SnortConfig::get_conf()->threshold_config == nullptr) ||
+        !SnortConfig::get_conf()->threshold_config->enabled)
      {
          return 0;
      }
@@ -150,7 +152,7 @@ int sfthreshold_test(unsigned gen_id, unsigned sig_id, const snort::SfIp* sip,
      if (!thd_checked)
      {
          thd_checked = 1;
-        thd_answer = sfthd_test_threshold(snort::SnortConfig::get_conf()->threshold_config->thd_objs,
+        thd_answer = sfthd_test_threshold(SnortConfig::get_conf()->threshold_config->thd_objs,
              thd_runtime, gen_id, sig_id, sip, dip, curtime);
      }
  
diff --git a/src/flow/test/flow_test.cc b/src/flow/test/flow_test.cc

index 9ed70a3ddd9d1fc05ca6d862f3eee8fb884034ef..f1080fbf0c10794fc5b8f14fba3b70c3b05dc6bb 100644 (file)
--- a/src/flow/test/flow_test.cc
+++ b/src/flow/test/flow_test.cc
@@ -59,7 +59,7 @@ FlowHAState::FlowHAState() = default;
  
  void FlowHAState::reset() {}
  
-snort::FlowStash::~FlowStash() = default;
+FlowStash::~FlowStash() = default;
  
  void FlowStash::reset() {}
  
@@ -73,14 +73,14 @@ DetectionEngine::DetectionEngine() = default;
  
  DetectionEngine::~DetectionEngine() {}
  
-bool snort::layer::set_outer_ip_api(const Packet* const, ip::IpApi&, int8_t&)
+bool layer::set_outer_ip_api(const Packet* const, ip::IpApi&, int8_t&)
  { return false; }
  
  uint8_t ip::IpApi::ttl() const { return 0; }
  
-const Layer* snort::layer::get_mpls_layer(const Packet* const) { return nullptr; }
+const Layer* layer::get_mpls_layer(const Packet* const) { return nullptr; }
  
-void snort::DataBus::publish(const char*, Packet*, Flow*) {}
+void DataBus::publish(const char*, Packet*, Flow*) {}
  
  TEST_GROUP(nondefault_timeout)
  {
diff --git a/src/flow/test/session_test.cc b/src/flow/test/session_test.cc

index 24830e0b8b287bf3e33daa37f1a733d6ec9e32fd..e0004744d1fab1df2af40750f09acfa8408ca1fa 100644 (file)
--- a/src/flow/test/session_test.cc
+++ b/src/flow/test/session_test.cc
@@ -33,7 +33,7 @@ using namespace snort;
  class DummySession : public Session
  {
      public:
-        DummySession(snort::Flow* f) : Session(f) { }
+        DummySession(Flow* f) : Session(f) { }
          void clear() override { }
          ~DummySession() { }
  };
diff --git a/src/framework/data_bus.cc b/src/framework/data_bus.cc

index 8885d3b5a5b15f0bff8c4169c1277eb1c76469f7..63bb6b71da89226311d5569cd886bd44aaa29cb6 100644 (file)
--- a/src/framework/data_bus.cc
+++ b/src/framework/data_bus.cc
@@ -30,7 +30,7 @@
  using namespace snort;
  
  static DataBus& get_data_bus()
-{ return snort::get_inspection_policy()->dbus; }
+{ return get_inspection_policy()->dbus; }
  
  class BufferEvent : public DataEvent
  {
@@ -130,11 +130,11 @@ void DataBus::unsubscribe_default(const char* key, DataHandler* h, SnortConfig*
  // notify subscribers of event
  void DataBus::publish(const char* key, DataEvent& e, Flow* f)
  {
-    InspectionPolicy* pi = snort::get_inspection_policy();
+    InspectionPolicy* pi = get_inspection_policy();
      pi->dbus._publish(key, e, f);
  
      // also publish to default policy to notify control subscribers such as appid
-    InspectionPolicy* di = snort::get_default_inspection_policy(SnortConfig::get_conf());
+    InspectionPolicy* di = get_default_inspection_policy(SnortConfig::get_conf());
  
      // of course, only when current is not default
      if ( di != pi )
diff --git a/src/hash/hashfcn.cc b/src/hash/hashfcn.cc

index 449541ddb08fe7f7d75ab8e655799a829685960f..56f6964ba8159ba436e286078284fd1d47b2f40f 100644 (file)
--- a/src/hash/hashfcn.cc
+++ b/src/hash/hashfcn.cc
@@ -40,6 +40,8 @@
  
  #include "primetable.h"
  
+using namespace snort;
+
  HashFnc* hashfcn_new(int m)
  {
      HashFnc* p;
@@ -53,7 +55,7 @@ HashFnc* hashfcn_new(int m)
  
      p = (HashFnc*)snort_calloc(sizeof(*p));
  
-    if ( snort::SnortConfig::static_hash() )
+    if ( SnortConfig::static_hash() )
      {
          p->seed     = 3193;
          p->scale    = 719;
diff --git a/src/helpers/chunk.cc b/src/helpers/chunk.cc

index 770515a9ed6c1599ae3f12a3a6dbfe509a38779a..8ce1fa54c6fe8a1fa12acf42b2e017dcdb54dce2 100644 (file)
--- a/src/helpers/chunk.cc
+++ b/src/helpers/chunk.cc
@@ -30,6 +30,7 @@
  #include "catch/snort_catch.h"
  #endif
  
+using namespace snort;
  using namespace std;
  
  #define opt_init "init"
@@ -45,21 +46,21 @@ bool init_chunk(
  
      if ( luaL_loadbuffer(L, chunk.c_str(), chunk.size(), name) )
      {
-        snort::ParseError("%s luajit failed to load chunk %s", name, lua_tostring(L, -1));
+        ParseError("%s luajit failed to load chunk %s", name, lua_tostring(L, -1));
          return false;
      }
  
      // now exec the chunk to define functions etc in L
      if ( lua_pcall(L, 0, 0, 0) )
      {
-        snort::ParseError("%s luajit failed to init chunk %s", name, lua_tostring(L, -1));
+        ParseError("%s luajit failed to init chunk %s", name, lua_tostring(L, -1));
          return false;
      }
  
      // load the args table
      if ( luaL_dostring(L, args.c_str()) )
      {
-        snort::ParseError("%s luajit failed to init args %s", name, lua_tostring(L, -1));
+        ParseError("%s luajit failed to init args %s", name, lua_tostring(L, -1));
          return false;
      }
  
@@ -71,10 +72,10 @@ bool init_chunk(
          return true;
  
      if ( lua_pcall(L, 0, 1, 0) || lua_type(L, -1) == LUA_TSTRING )
-        snort::ParseError("%s %s", name, lua_tostring(L, -1));
+        ParseError("%s %s", name, lua_tostring(L, -1));
  
      else if ( !lua_toboolean(L, -1) )
-        snort::ParseError("%s init() returned false", name);
+        ParseError("%s init() returned false", name);
  
      else
          return true;
diff --git a/src/helpers/discovery_filter.cc b/src/helpers/discovery_filter.cc

index 3fadcd432a7369c1b5b8a031d6e92d7758797242..4a186860107df16f336925aedaa9a6d7b314819a 100644 (file)
--- a/src/helpers/discovery_filter.cc
+++ b/src/helpers/discovery_filter.cc
@@ -258,7 +258,7 @@ bool DiscoveryFilter::is_monitored(const Packet* p, FilterType type)
      return sfvar_ip_in(varip, p->ptrs.ip_api.get_src()); // source ip only
  }
  
-bool DiscoveryFilter::is_port_excluded(const snort::Packet* p)
+bool DiscoveryFilter::is_port_excluded(const Packet* p)
  {
      // Port exclusion: if the ip is in the port x protocol list, return true.
      uint32_t key;
diff --git a/src/helpers/process.cc b/src/helpers/process.cc

index 78d35ef2a63d3146168ba17103ceb4f4fcc04187..ef610238ff9938d0fe8ca24eb07bc8ef8dc7fa2e 100644 (file)
--- a/src/helpers/process.cc
+++ b/src/helpers/process.cc
@@ -122,7 +122,7 @@ static void exit_handler(int signal)
  
  static void dirty_handler(int signal)
  {
-    snort::SnortConfig::get_conf()->dirty_pig = true;
+    SnortConfig::get_conf()->dirty_pig = true;
      exit_handler(signal);
  }
  
@@ -356,7 +356,7 @@ void daemonize()
      if ( errno )
          FatalError("failed to setsid - %s", get_error(errno));
  
-    if ( snort::SnortConfig::log_quiet() or snort::SnortConfig::log_syslog() )
+    if ( SnortConfig::log_quiet() or SnortConfig::log_syslog() )
          snuff_stdio();
  
      pid_t ppid = getppid();
diff --git a/src/host_tracker/host_cache_module.cc b/src/host_tracker/host_cache_module.cc

index 6aca91dddc2f7890f7fe44587332cbad18084104..8c92cee46c6bd2333d3f3620c29e368a5933a5a8 100644 (file)
--- a/src/host_tracker/host_cache_module.cc
+++ b/src/host_tracker/host_cache_module.cc
@@ -114,7 +114,7 @@ bool HostCacheModule::end(const char* fqn, int, SnortConfig*)
  //-------------------------------------------------------------------------
  
  HostCacheModule::HostCacheModule() :
-    snort::Module(HOST_CACHE_NAME, HOST_CACHE_HELP, host_cache_params) { }
+    Module(HOST_CACHE_NAME, HOST_CACHE_HELP, host_cache_params) { }
  
  HostCacheModule::~HostCacheModule()
  {
diff --git a/src/ips_options/asn1_util.cc b/src/ips_options/asn1_util.cc

index 414b68e11325349d4e6fb8c00e63a7ef705a6157..b626a720c3a5595c578afd9b76818f903af9d458 100644 (file)
--- a/src/ips_options/asn1_util.cc
+++ b/src/ips_options/asn1_util.cc
@@ -48,6 +48,8 @@
  #include "main/snort_config.h"
  #include "utils/util.h"
  
+using namespace snort;
+
  /*
  **  Macros
  */
@@ -112,7 +114,7 @@ static ASN1_TYPE* asn1_node_alloc()
  **  @return none
  **
  */
-void asn1_init_mem(snort::SnortConfig* sc)
+void asn1_init_mem(SnortConfig* sc)
  {
      asn1_config.num_nodes = sc->asn1_mem;
  
@@ -132,7 +134,7 @@ void asn1_init_mem(snort::SnortConfig* sc)
  **  @return none
  **
  */
-void asn1_free_mem(snort::SnortConfig*)
+void asn1_free_mem(SnortConfig*)
  {
      if (asn1_config.mem != nullptr)
      {
diff --git a/src/ips_options/ips_content.cc b/src/ips_options/ips_content.cc

index 73f8c93a9a5b6c617d656b877e53198914c9e7eb..137a6b7c87ba80278c3edf3ea56b56c780f0eb39 100644 (file)
--- a/src/ips_options/ips_content.cc
+++ b/src/ips_options/ips_content.cc
@@ -75,7 +75,7 @@ void ContentData::init()
  
  void ContentData::setup_bm()
  {
-    skip_stride = snort::make_skip(pmd.pattern_buf, pmd.pattern_size);
+    skip_stride = make_skip(pmd.pattern_buf, pmd.pattern_size);
      shift_stride = make_shift(pmd.pattern_buf, pmd.pattern_size);
  }
  
diff --git a/src/ips_options/ips_sd_pattern.cc b/src/ips_options/ips_sd_pattern.cc

index 41cb69156fd299a9eb8b446d5026cd6498846335..7bb04a3231109e64ffc62dd4d09309829a9b396e 100644 (file)
--- a/src/ips_options/ips_sd_pattern.cc
+++ b/src/ips_options/ips_sd_pattern.cc
@@ -352,7 +352,7 @@ bool SdPatternModule::set(const char*, Value& v, SnortConfig*)
          return false;
  
      // Check if built-in pattern should be used.
-    IpsPolicy* p = snort::get_ips_policy();
+    IpsPolicy* p = get_ips_policy();
      if (config.pii == "credit_card")
      {
          config.pii = SD_CREDIT_PATTERN_ALL;
diff --git a/src/log/messages.cc b/src/log/messages.cc

index dded5601f6616080306e23caa010c035a2a2b699..726dbf4a9aeba1e6991fa8c28609226b60fb3bb7 100644 (file)
--- a/src/log/messages.cc
+++ b/src/log/messages.cc
@@ -35,6 +35,8 @@
  #include "time/packet_time.h"
  #include "utils/util_cstring.h"
  
+using namespace snort;
+
  static int already_fatal = 0;
  
  static unsigned parse_errors = 0;
@@ -73,20 +75,20 @@ static void log_message(FILE* file, const char* type, const char* msg)
      get_parse_location(file_name, file_line);
  
      if ( file_line )
-        snort::LogMessage(file, "%s: %s:%d %s\n", type, file_name, file_line, msg);
+        LogMessage(file, "%s: %s:%d %s\n", type, file_name, file_line, msg);
  
      else if ( file_name )
-        snort::LogMessage(file, "%s: %s: %s\n", type, file_name, msg);
+        LogMessage(file, "%s: %s: %s\n", type, file_name, msg);
  
      else
-        snort::LogMessage(file, "%s: %s\n", type, msg);
+        LogMessage(file, "%s: %s\n", type, msg);
  }
  
  namespace snort
  {
  void ParseWarning(WarningGroup wg, const char* format, ...)
  {
-    if ( !(snort::SnortConfig::get_conf()->warning_flags & (1 << wg)) )
+    if ( !(SnortConfig::get_conf()->warning_flags & (1 << wg)) )
          return;
  
      char buf[STD_BUF+1];
@@ -155,12 +157,12 @@ void ReloadError(const char* format, ...)
  
  static void WriteLogMessage(FILE* fh, bool prefer_fh, const char* format, va_list& ap)
  {
-    if ( snort::SnortConfig::get_conf() && !prefer_fh )
+    if ( SnortConfig::get_conf() && !prefer_fh )
      {
-        if ( snort::SnortConfig::log_quiet() )
+        if ( SnortConfig::log_quiet() )
              return;
  
-        if ( snort::SnortConfig::log_syslog() )
+        if ( SnortConfig::log_syslog() )
          {
              char buf[STD_BUF+1];
              vsnprintf(buf, STD_BUF, format, ap);
@@ -216,12 +218,12 @@ void WarningMessage(const char* format,...)
  {
      va_list ap;
  
-    if ( snort::SnortConfig::get_conf() and snort::SnortConfig::log_quiet() )
+    if ( SnortConfig::get_conf() and SnortConfig::log_quiet() )
          return;
  
      va_start(ap, format);
  
-    if ( snort::SnortConfig::get_conf() and snort::SnortConfig::log_syslog() )
+    if ( SnortConfig::get_conf() and SnortConfig::log_syslog() )
      {
          char buf[STD_BUF+1];
          vsnprintf(buf, STD_BUF, format, ap);
@@ -252,7 +254,7 @@ void ErrorMessage(const char* format,...)
  
      va_start(ap, format);
  
-    if ( snort::SnortConfig::get_conf() and snort::SnortConfig::log_syslog() )
+    if ( SnortConfig::get_conf() and SnortConfig::log_syslog() )
      {
          char buf[STD_BUF+1];
          vsnprintf(buf, STD_BUF, format, ap);
@@ -296,7 +298,7 @@ void ErrorMessage(const char* format,...)
  
      buf[STD_BUF] = '\0';
  
-    if ( snort::SnortConfig::get_conf() and snort::SnortConfig::log_syslog() )
+    if ( SnortConfig::get_conf() and SnortConfig::log_syslog() )
      {
          syslog(LOG_CONS | LOG_DAEMON | LOG_ERR, "FATAL ERROR: %s", buf);
      }
diff --git a/src/lua/lua.cc b/src/lua/lua.cc

index cbc8739589b87207951930a178cae83910506d96..a427570d896576cdcbaecede35bcd22426e1b927 100644 (file)
--- a/src/lua/lua.cc
+++ b/src/lua/lua.cc
@@ -28,6 +28,8 @@
  
  #include "log/messages.h"
  
+using namespace snort;
+
  namespace Lua
  {
  State::State(bool openlibs)
@@ -35,7 +37,7 @@ State::State(bool openlibs)
      state = luaL_newstate();
  
      if ( !state )
-        snort::FatalError("Lua state instantiation failed\n");
+        FatalError("Lua state instantiation failed\n");
  
      if ( openlibs )
          luaL_openlibs(state);
diff --git a/src/main/analyzer_command.cc b/src/main/analyzer_command.cc

index eeb9c890813f3d7a929036afffaadabb4dbd4ef0..40f1524df369e44a30efd01927d13ecadd975791 100644 (file)
--- a/src/main/analyzer_command.cc
+++ b/src/main/analyzer_command.cc
@@ -36,6 +36,8 @@
  #include "snort_config.h"
  #include "swapper.h"
  
+using namespace snort;
+
  bool ACStart::execute(Analyzer& analyzer, void**)
  {
      analyzer.start();
@@ -79,7 +81,7 @@ bool ACGetStats::execute(Analyzer&, void**)
      // FIXIT-P This incurs locking on all threads to retrieve stats.  It
      // could be reimplemented to optimize for large thread counts by
      // retrieving stats in the command and accumulating in the main thread.
-    snort::ModuleManager::accumulate(snort::SnortConfig::get_conf());
+    ModuleManager::accumulate(SnortConfig::get_conf());
      return true;
  }
  
@@ -103,18 +105,18 @@ bool ACSwap::execute(Analyzer& analyzer, void** ac_state)
      {
          ps->apply(analyzer);
  
-        snort::SnortConfig* sc = ps->get_new_conf();
+        SnortConfig* sc = ps->get_new_conf();
          if ( sc )
          {
-            std::list<snort::ReloadResourceTuner*>* reload_tuners;
+            std::list<ReloadResourceTuner*>* reload_tuners;
  
              if ( !*ac_state )
              {
-                reload_tuners = new std::list<snort::ReloadResourceTuner*>(sc->get_reload_resource_tuners());
+                reload_tuners = new std::list<ReloadResourceTuner*>(sc->get_reload_resource_tuners());
                  *ac_state = reload_tuners;
              }
              else
-                reload_tuners = (std::list<snort::ReloadResourceTuner*>*)*ac_state;
+                reload_tuners = (std::list<ReloadResourceTuner*>*)*ac_state;
  
              if ( !reload_tuners->empty() )
              {
@@ -141,13 +143,13 @@ ACSwap::~ACSwap()
  {
      if (ps)
      {
-        snort::SnortConfig* sc = ps->get_new_conf();
+        SnortConfig* sc = ps->get_new_conf();
          if ( sc )
              sc->clear_reload_resource_tuner_list();
      }
      delete ps;
      Swapper::set_reload_in_progress(false);
-    snort::LogMessage("== reload complete\n");
+    LogMessage("== reload complete\n");
      request->respond("== reload complete\n", from_shell, true);
  }
  
@@ -159,10 +161,10 @@ bool ACDAQSwap::execute(Analyzer& analyzer, void**)
  
  ACDAQSwap::~ACDAQSwap()
  {
-    snort::LogMessage("== daq module reload complete\n");
+    LogMessage("== daq module reload complete\n");
  }
  
-snort::SFDAQInstance* snort::AnalyzerCommand::get_daq_instance(Analyzer& analyzer) 
+SFDAQInstance* AnalyzerCommand::get_daq_instance(Analyzer& analyzer) 
  {
      return analyzer.get_daq_instance();
  }
diff --git a/src/main/control.cc b/src/main/control.cc

index d409f65510f934f685a7cb76056f2a6a9eb1b86c..8bb21a8cbf8df92dd4465654ae00ea5375450484 100644 (file)
--- a/src/main/control.cc
+++ b/src/main/control.cc
@@ -30,6 +30,7 @@
  #include "request.h"
  #include "shell.h"
  
+using namespace snort;
  using namespace std;
  
  //------------------------------------------------------------------------
@@ -56,7 +57,7 @@ ControlConn::~ControlConn()
  
  void ControlConn::configure() const
  {
-    snort::ModuleManager::load_commands(sh);
+    ModuleManager::load_commands(sh);
  }
  
  int ControlConn::shell_execute(int& current_fd, Request*& current_request)
diff --git a/src/main/request.cc b/src/main/request.cc

index fb3fecee8a0b474c6a3de6d4435f8a8e3c5e343c..a028d09534034cb5feb486071b1a3f9f4f2e5305 100644 (file)
--- a/src/main/request.cc
+++ b/src/main/request.cc
@@ -26,6 +26,8 @@
  #include "main.h"
  #include "utils/util.h"
  
+using namespace snort;
+
  //-------------------------------------------------------------------------
  // request foo
  //-------------------------------------------------------------------------
@@ -89,7 +91,7 @@ void Request::respond(const char* s, bool queue_response, bool remote_only)
      if ( fd < 1 )
      {
          if (!remote_only)
-            snort::LogMessage("%s", s);
+            LogMessage("%s", s);
          return;
      }
  
diff --git a/src/main/snort_debug.cc b/src/main/snort_debug.cc

index a938f6fbac3942be846cb44d6342858f8310dd66..03ac19db53cd687ed197a5ace4051930326cf157 100644 (file)
--- a/src/main/snort_debug.cc
+++ b/src/main/snort_debug.cc
@@ -79,7 +79,7 @@ static inline void trace_vprintf(const char* name, Trace mask, const char* file,
  
      vsnprintf(buf_ptr, buf_len, fmt, ap);
  
-    if ( snort::SnortConfig::get_conf() and snort::SnortConfig::log_syslog() )
+    if ( SnortConfig::get_conf() and SnortConfig::log_syslog() )
          syslog(LOG_DAEMON | LOG_DEBUG, "%s", buf);
      else
          output(buf, stdout);
diff --git a/src/main/swapper.cc b/src/main/swapper.cc

index f4ca31e169c8eeea1d0f18568445a36357482651..a7f208c7032031d90b2626a77a21a9cffd5bc2f7 100644 (file)
--- a/src/main/swapper.cc
+++ b/src/main/swapper.cc
@@ -82,8 +82,8 @@ void Swapper::apply(Analyzer& analyzer)
  {
      if ( new_conf )
      {
-        const bool reload = (snort::SnortConfig::get_conf() != nullptr);
-        snort::SnortConfig::set_conf(new_conf);
+        const bool reload = (SnortConfig::get_conf() != nullptr);
+        SnortConfig::set_conf(new_conf);
          // FIXIT-M Determine whether we really want to do this before or after the set_conf
          if (reload)
              analyzer.reinit(new_conf);
diff --git a/src/main/thread.cc b/src/main/thread.cc

index 4abc65b203d10a91ab32dc044d9db22a8ee3b715..b865bc4b7407c3935c6be2f4dd331d7c02f80804 100644 (file)
--- a/src/main/thread.cc
+++ b/src/main/thread.cc
@@ -73,28 +73,28 @@ SThreadType get_thread_type()
  const char* get_instance_file(std::string& file, const char* name)
  {
      bool sep = false;
-    file = !snort::SnortConfig::get_conf()->log_dir.empty() ?
-        snort::SnortConfig::get_conf()->log_dir : "./";
+    file = !SnortConfig::get_conf()->log_dir.empty() ?
+        SnortConfig::get_conf()->log_dir : "./";
  
      if ( file.back() != '/' )
          file += '/';
  
-    if ( !snort::SnortConfig::get_conf()->run_prefix.empty() )
+    if ( !SnortConfig::get_conf()->run_prefix.empty() )
      {
-        file += snort::SnortConfig::get_conf()->run_prefix;
+        file += SnortConfig::get_conf()->run_prefix;
          sep = true;
      }
  
-    if ( (ThreadConfig::get_instance_max() > 1) || snort::SnortConfig::get_conf()->id_zero )
+    if ( (ThreadConfig::get_instance_max() > 1) || SnortConfig::get_conf()->id_zero )
      {
          char id[8];
          snprintf(id, sizeof(id), "%u",
-            get_instance_id() + snort::SnortConfig::get_conf()->id_offset);
+            get_instance_id() + SnortConfig::get_conf()->id_offset);
          file += id;
          sep = true;
      }
  
-    if ( snort::SnortConfig::get_conf()->id_subdir )
+    if ( SnortConfig::get_conf()->id_subdir )
      {
          file += '/';
          struct stat s;
diff --git a/src/main/thread_config.cc b/src/main/thread_config.cc

index 10b7579a17d983c6e93b4d624154e14363a42800..4108bd74fc9fba7a901434833038d67b58d1cee2 100644 (file)
--- a/src/main/thread_config.cc
+++ b/src/main/thread_config.cc
@@ -32,6 +32,8 @@
  #include "catch/snort_catch.h"
  #endif
  
+using namespace snort;
+
  static hwloc_topology_t topology = nullptr;
  static hwloc_cpuset_t process_cpuset = nullptr;
  static const struct hwloc_topology_support* topology_support = nullptr;
@@ -136,7 +138,7 @@ void ThreadConfig::set_thread_affinity(SThreadType type, unsigned id, CpuSet* cp
          thread_affinity[key] = cpuset;
      }
      else
-        snort::ParseWarning(WARN_CONF, "This platform does not support setting thread affinity.\n");
+        ParseWarning(WARN_CONF, "This platform does not support setting thread affinity.\n");
  }
  
  void ThreadConfig::implement_thread_affinity(SThreadType type, unsigned id)
@@ -158,13 +160,13 @@ void ThreadConfig::implement_thread_affinity(SThreadType type, unsigned id)
      current_cpuset = hwloc_bitmap_alloc();
      hwloc_get_cpubind(topology, current_cpuset, HWLOC_CPUBIND_THREAD);
      if (!hwloc_bitmap_isequal(current_cpuset, desired_cpuset))
-        snort::LogMessage("Binding thread %u (type %u) to %s.\n", id, type, s);
+        LogMessage("Binding thread %u (type %u) to %s.\n", id, type, s);
      hwloc_bitmap_free(current_cpuset);
  
      if (hwloc_set_cpubind(topology, desired_cpuset, HWLOC_CPUBIND_THREAD))
      {
-        snort::FatalError("Failed to pin thread %u (type %u) to %s: %s (%d)\n",
-                id, type, s, snort::get_error(errno), errno);
+        FatalError("Failed to pin thread %u (type %u) to %s: %s (%d)\n",
+                id, type, s, get_error(errno), errno);
      }
  
      free(s);
diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc

index 39cf0918f93b2345a27ea6015b1bf22911119009..35e6a4d348f3c9c7896230cf51de251b5663ea44 100644 (file)
--- a/src/managers/inspector_manager.cc
+++ b/src/managers/inspector_manager.cc
@@ -420,7 +420,7 @@ static PHInstance* get_new(
  
      if ( get_instance(fp, keyword, false, old_it) )
      {
-        if ( snort::Snort::is_reloading() )
+        if ( Snort::is_reloading() )
          {
              (*old_it)->set_reloaded(RELOAD_TYPE_REENABLED);
              fp->ilist.erase(old_it);
@@ -438,7 +438,7 @@ static PHInstance* get_new(
          return nullptr;
      }
  
-    if ( snort::Snort::is_reloading() )
+    if ( Snort::is_reloading() )
      {
          if ( reloaded )
              p->set_reloaded(RELOAD_TYPE_REENABLED);
@@ -499,7 +499,7 @@ void InspectorManager::dispatch_meta(FrameworkPolicy* fp, int type, const uint8_
  
  Binder* InspectorManager::get_binder()
  {
-    InspectionPolicy* pi = snort::get_inspection_policy();
+    InspectionPolicy* pi = get_inspection_policy();
  
      if ( !pi || !pi->framework_policy )
          return nullptr;
@@ -536,11 +536,11 @@ Inspector* InspectorManager::get_inspector(const char* key, bool dflt_only, Snor
      InspectionPolicy* pi;
  
      if (dflt_only && (sc != nullptr))
-        pi = snort::get_default_inspection_policy(sc);
+        pi = get_default_inspection_policy(sc);
      else if (dflt_only)
-        pi = snort::get_default_inspection_policy(SnortConfig::get_conf());
+        pi = get_default_inspection_policy(SnortConfig::get_conf());
      else
-        pi = snort::get_inspection_policy();
+        pi = get_inspection_policy();
  
      if ( !pi || !pi->framework_policy )
          return nullptr;
@@ -661,7 +661,7 @@ void InspectorManager::thread_init(SnortConfig* sc)
  
      // pin->tinit() only called for default policy
      set_default_policy();
-    InspectionPolicy* pi = snort::get_inspection_policy();
+    InspectionPolicy* pi = get_inspection_policy();
  
      if ( pi && pi->framework_policy )
      {
@@ -692,7 +692,7 @@ void InspectorManager::thread_reinit(SnortConfig* sc)
      }
  
      // pin->tinit() only called for default policy
-    InspectionPolicy* pi = snort::get_default_inspection_policy(sc);
+    InspectionPolicy* pi = get_default_inspection_policy(sc);
  
      if ( pi && pi->framework_policy )
      {
@@ -717,7 +717,7 @@ void InspectorManager::thread_stop(SnortConfig*)
  
      // pin->tterm() only called for default policy
      set_default_policy();
-    InspectionPolicy* pi = snort::get_inspection_policy();
+    InspectionPolicy* pi = get_inspection_policy();
  
      // FIXIT-RC Any inspectors that were once configured/instantiated but
      // no longer exist in the conf cannot have their instance tterm()
@@ -764,7 +764,7 @@ void InspectorManager::instantiate(
      assert(mod);
  
      FrameworkConfig* fc = sc->framework_config;
-    FrameworkPolicy* fp = snort::get_inspection_policy()->framework_policy;
+    FrameworkPolicy* fp = get_inspection_policy()->framework_policy;
  
      // FIXIT-L should not need to lookup inspector etc
      // since given api and mod
@@ -800,7 +800,7 @@ Inspector* InspectorManager::instantiate(
      if ( !ppc )
          return nullptr;
  
-    auto fp = snort::get_inspection_policy()->framework_policy;
+    auto fp = get_inspection_policy()->framework_policy;
      auto ppi = get_new(ppc, fp, name, mod, sc);
  
      if ( !ppi )
@@ -949,7 +949,7 @@ bool InspectorManager::configure(SnortConfig* sc, bool cloned)
  
  void InspectorManager::print_config(SnortConfig* sc)
  {
-    InspectionPolicy* pi = snort::get_inspection_policy();
+    InspectionPolicy* pi = get_inspection_policy();
  
      if ( !pi->framework_policy )
          return;
@@ -1030,7 +1030,7 @@ void InspectorManager::full_inspection(Packet* p)
  
  void InspectorManager::execute(Packet* p)
  {
-    FrameworkPolicy* fp = snort::get_inspection_policy()->framework_policy;
+    FrameworkPolicy* fp = get_inspection_policy()->framework_policy;
      assert(fp);
  
      if ( !p->has_paf_payload() )
@@ -1040,7 +1040,7 @@ void InspectorManager::execute(Packet* p)
          // a flow control wrapper) and use eval() instead of process()
          // for stream_*.
          ::execute(p, fp->session.vec, fp->session.num);
-        fp = snort::get_inspection_policy()->framework_policy;
+        fp = get_inspection_policy()->framework_policy;
      }
      // must check between each ::execute()
      if ( p->disable_inspect )
@@ -1053,7 +1053,7 @@ void InspectorManager::execute(Packet* p)
          return;
  
      SnortConfig* sc = SnortConfig::get_conf();
-    FrameworkPolicy* fp_dft = snort::get_default_inspection_policy(sc)->framework_policy;
+    FrameworkPolicy* fp_dft = get_default_inspection_policy(sc)->framework_policy;
  
      if ( !p->flow )
      {
@@ -1091,7 +1091,7 @@ void InspectorManager::execute(Packet* p)
  
  void InspectorManager::probe(Packet* p)
  {
-    InspectionPolicy* policy = snort::SnortConfig::get_conf()->policy_map->get_inspection_policy(0);
+    InspectionPolicy* policy = SnortConfig::get_conf()->policy_map->get_inspection_policy(0);
      FrameworkPolicy* fp = policy->framework_policy;
      ::execute(p, fp->probe.vec, fp->probe.num);
  }
diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc

index 7e2b3a901726ec8e06265cc0934726d293e2a89c..af7b9974ee345dc4526101052dae38e094cfcb74 100644 (file)
--- a/src/managers/module_manager.cc
+++ b/src/managers/module_manager.cc
@@ -417,7 +417,7 @@ static bool set_var(const char* fqn, Value& val)
      if ( val.get_type() != Value::VT_STR )
          return false;
  
-    if ( snort::get_ips_policy() == nullptr )
+    if ( get_ips_policy() == nullptr )
          return true;
  
      trace("var", fqn, val);
@@ -706,7 +706,7 @@ SO_PUBLIC bool open_table(const char* s, int idx)
          return false;
  
      // FIXIT-M only basic modules, inspectors and ips actions can be reloaded at present
-    if ( ( snort::Snort::is_reloading() ) and h->api
+    if ( ( Snort::is_reloading() ) and h->api
              and h->api->type != PT_INSPECTOR and h->api->type != PT_IPS_ACTION )
          return false;
  
@@ -1046,7 +1046,7 @@ void ModuleManager::show_module(const char* name)
          cout << "no match" << endl;
  }
  
-void ModuleManager::reload_module(const char* name, snort::SnortConfig* sc)
+void ModuleManager::reload_module(const char* name, SnortConfig* sc)
  {
      ModHook* h = get_hook(name);
  
diff --git a/src/managers/so_manager.cc b/src/managers/so_manager.cc

index 5ee4ae5aa113fc442f627b03b968cfad1bf090b4..7d8dec88c2d1170600c02e7ac22274a4640ebb29 100644 (file)
--- a/src/managers/so_manager.cc
+++ b/src/managers/so_manager.cc
@@ -36,6 +36,7 @@
  #include "log/messages.h"
  #include "parser/parse_so_rule.h"
  
+using namespace snort;
  using namespace std;
  
  static list<const SoApi*> s_rules;
@@ -56,7 +57,7 @@ void SoManager::release_plugins()
  
  void SoManager::dump_plugins()
  {
-    snort::Dumper d("SO Rules");
+    Dumper d("SO Rules");
  
      for ( auto* p : s_rules )
          d.dump(p->base.name, p->base.version);
diff --git a/src/memory/memory_cap.cc b/src/memory/memory_cap.cc

index 32903fab5c981caa62ad7946b85c8441f08e2e6f..c3d93a6f081b2f27358d9f02a600ba9ac21907cf 100644 (file)
--- a/src/memory/memory_cap.cc
+++ b/src/memory/memory_cap.cc
@@ -182,7 +182,7 @@ bool MemoryCap::over_threshold()
  void MemoryCap::calculate(unsigned num_threads)
  {
      assert(!is_packet_thread());
-    const MemoryConfig& config = *snort::SnortConfig::get_conf()->memory;
+    const MemoryConfig& config = *SnortConfig::get_conf()->memory;
  
      auto main_thread_used = s_tracker.used();
  
@@ -219,12 +219,12 @@ void MemoryCap::print()
      if ( !MemoryModule::is_active() )
          return;
  
-    const MemoryConfig& config = *snort::SnortConfig::get_conf()->memory;
+    const MemoryConfig& config = *SnortConfig::get_conf()->memory;
  
-    if ( snort::SnortConfig::log_verbose() or mem_stats.allocations )
+    if ( SnortConfig::log_verbose() or mem_stats.allocations )
          LogLabel("memory (heap)");
  
-    if ( snort::SnortConfig::log_verbose() )
+    if ( SnortConfig::log_verbose() )
      {
          LogMessage("    global cap: %zu\n", config.cap);
          LogMessage("    global preemptive threshold percent: %u\n", config.threshold);
diff --git a/src/memory/prune_handler.cc b/src/memory/prune_handler.cc

index 5119dce41532aa2d2082f44fcc6cff682b83b375..fa8b5fbf41ad7fda3b027fa89140671f19cb9064 100644 (file)
--- a/src/memory/prune_handler.cc
+++ b/src/memory/prune_handler.cc
@@ -26,12 +26,14 @@
  
  #include "stream/stream.h"
  
+using namespace snort;
+
  namespace memory
  {
  
  void prune_handler()
  {
-    snort::Stream::prune_flows();
+    Stream::prune_flows();
  }
  
  } // namespace memory
diff --git a/src/mime/decode_b64.cc b/src/mime/decode_b64.cc

index d3ac12cd3130d7bcacd58f80e9e277d04240d734..803877c8d71815ef8a9665ae057609204e3ba551 100644 (file)
--- a/src/mime/decode_b64.cc
+++ b/src/mime/decode_b64.cc
@@ -28,6 +28,8 @@
  
  #include "decode_buffer.h"
  
+using namespace snort;
+
  void B64Decode::reset_decode_state()
  {
      reset_decoded_bytes();
@@ -47,7 +49,7 @@ DecodeResult B64Decode::decode_data(const uint8_t* start, const uint8_t* end, ui
  
      uint32_t encode_avail = buffer->get_encode_avail() - buffer->get_prev_encoded_bytes();
  
-    if (snort::sf_strip_CRLF(start, (end-start), buffer->get_encode_buff() + buffer->get_prev_encoded_bytes(),
+    if (sf_strip_CRLF(start, (end-start), buffer->get_encode_buff() + buffer->get_prev_encoded_bytes(),
          encode_avail, &act_encode_size) != 0)
      {
          reset_decode_state();
@@ -68,7 +70,7 @@ DecodeResult B64Decode::decode_data(const uint8_t* start, const uint8_t* end, ui
      else
          buffer->reset_saved();
  
-    if (snort::sf_base64decode(buffer->get_encode_buff(), act_encode_size,
+    if (sf_base64decode(buffer->get_encode_buff(), act_encode_size,
          decode_buf, buffer->get_decode_avail(), &act_decode_size) != 0)
      {
          reset_decode_state();
diff --git a/src/mime/decode_qp.cc b/src/mime/decode_qp.cc

index 20623ab89abaf3a3ddd3f50bac370a2a53e2117e..9e03658c4f9b5f59784d58bd7c8a62055c99d707 100644 (file)
--- a/src/mime/decode_qp.cc
+++ b/src/mime/decode_qp.cc
@@ -31,6 +31,8 @@
  
  #include "decode_buffer.h"
  
+using namespace snort;
+
  void QPDecode::reset_decode_state()
  {
      reset_decoded_bytes();
@@ -49,7 +51,7 @@ DecodeResult QPDecode::decode_data(const uint8_t* start, const uint8_t* end, uin
  
      uint32_t encode_avail = buffer->get_encode_avail() - buffer->get_prev_encoded_bytes();
  
-    if (snort::sf_strip_LWS(start, (end-start), buffer->get_encode_buff() + buffer->get_prev_encoded_bytes(),
+    if (sf_strip_LWS(start, (end-start), buffer->get_encode_buff() + buffer->get_prev_encoded_bytes(),
          encode_avail, &act_encode_size) != 0)
      {
          reset_decode_state();
diff --git a/src/mime/decode_uu.cc b/src/mime/decode_uu.cc

index c537c7e25a4cbede2082505092bf94b951051f58..262a8e31bd144581e68a546c1fb09d799672fd90 100644 (file)
--- a/src/mime/decode_uu.cc
+++ b/src/mime/decode_uu.cc
@@ -31,6 +31,8 @@
  
  #include "decode_buffer.h"
  
+using namespace snort;
+
  #define UU_DECODE_CHAR(c) (((c) - 0x20) & 0x3f)
  
  void UUDecode::reset_decode_state()
@@ -149,13 +151,13 @@ int sf_uudecode(uint8_t* src, uint32_t slen, uint8_t* dst, uint32_t dlen, uint32
          }
          else
          {
-            const uint8_t* sod = (const uint8_t*)snort::SnortStrnStr((const char*)src, 5, "begin");
+            const uint8_t* sod = (const uint8_t*)SnortStrnStr((const char*)src, 5, "begin");
  
              if (sod)
              {
                  *begin_found = true;
                  /*begin str found. Move to the actual data*/
-                ptr = (const uint8_t*)snort::SnortStrnStr((const char*)(sod), (end - sod), "\n");
+                ptr = (const uint8_t*)SnortStrnStr((const char*)(sod), (end - sod), "\n");
                  if ( !ptr )
                  {
                      *bytes_read = slen;
diff --git a/src/mime/file_mime_config.cc b/src/mime/file_mime_config.cc

index 153c96647cffecff0f5fbf6b34a1ede5791674dc..8dd625bbf71726b6eb100c2398369bebf33135e1 100644 (file)
--- a/src/mime/file_mime_config.cc
+++ b/src/mime/file_mime_config.cc
@@ -124,7 +124,7 @@ bool DecodeConfig::is_decoding_enabled()
  // update file depth and max_depth etc
  void DecodeConfig::sync_all_depths()
  {
-    file_depth = snort::FileService::get_max_file_depth();
+    file_depth = FileService::get_max_file_depth();
      if ((file_depth >= 0)or (b64_depth >= 0) or (qp_depth >= 0)
          or (bitenc_depth >= 0) or (uu_depth >= 0))
          decode_enabled = true;
diff --git a/src/mime/file_mime_decode.cc b/src/mime/file_mime_decode.cc

index 099244dae832ebda4d522933278b5080c4fa71e7..be75dc6a98ea5136fe81b52404f85760d5b4b68e 100644 (file)
--- a/src/mime/file_mime_decode.cc
+++ b/src/mime/file_mime_decode.cc
@@ -216,7 +216,7 @@ void MimeDecode::file_decomp_init()
      (void)File_Decomp_Init(fd_state);
  }
  
-MimeDecode::MimeDecode(snort::DecodeConfig* conf)
+MimeDecode::MimeDecode(DecodeConfig* conf)
  {
      config = conf;
      file_decomp_init();
diff --git a/src/mime/file_mime_log.h b/src/mime/file_mime_log.h

index 9938b73d661726a1f451768ef383d848df2b1c91..c65423d88703b34676f3b2c28533e18182704a7b 100644 (file)
--- a/src/mime/file_mime_log.h
+++ b/src/mime/file_mime_log.h
@@ -27,6 +27,8 @@
  #include <cstdint>
  #include "main/snort_types.h"
  
+namespace snort
+{
  enum EmailUserType
  {
      EMAIL_SENDER,
@@ -42,10 +44,7 @@ struct MailLogConfig
      uint32_t email_hdrs_log_depth = 0;
  };
  
-namespace snort
-{
  class Flow;
-}
  
  class SO_PUBLIC MailLogState
  {
@@ -82,6 +81,7 @@ private:
      uint16_t file_logged;
      uint16_t file_current;
  };
+}
  
  #endif
  
diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc

index caca44b71616858e297009586154eafeb7c1d9e3..f85f6d33b55e690b7bf74fca747cbd12e8e8573d 100644 (file)
--- a/src/network_inspectors/appid/app_info_table.cc
+++ b/src/network_inspectors/appid/app_info_table.cc
@@ -549,14 +549,14 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa
  }
  
  SnortProtocolId AppInfoManager::add_appid_protocol_reference(const char* protocol,
-    snort::SnortConfig* sc)
+    SnortConfig* sc)
  {
      SnortProtocolId snort_protocol_id = sc->proto_ref->add(protocol);
      return snort_protocol_id;
  }
  
  void AppInfoManager::init_appid_info_table(AppIdModuleConfig* mod_config,
-    snort::SnortConfig* sc)
+    SnortConfig* sc)
  {
      if ( !mod_config->app_detector_dir )
      {
diff --git a/src/network_inspectors/appid/appid_app_descriptor.cc b/src/network_inspectors/appid/appid_app_descriptor.cc

index 6e666d8408e19089dd7b5cd66785a778b43f4499..cca482263c1ae8cb73fd8f3bf477c693c8f14dd7 100644 (file)
--- a/src/network_inspectors/appid/appid_app_descriptor.cc
+++ b/src/network_inspectors/appid/appid_app_descriptor.cc
@@ -11,7 +11,9 @@
  #include "appid_app_descriptor.h"
  #include "lua_detector_api.h"
  
-void ApplicationDescriptor::set_id(const snort::Packet& p, AppIdSession& asd,
+using namespace snort;
+
+void ApplicationDescriptor::set_id(const Packet& p, AppIdSession& asd,
      AppidSessionDirection dir, AppId app_id, AppidChangeBits& change_bits)
  {
      if ( my_id != app_id )
diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc

index bc75f53f104708ce176ac6f6f0f9bc5d40049ac5..68d8802265e8f19c8dd80b6a8f19c0d54ddc0ce0 100644 (file)
--- a/src/network_inspectors/appid/appid_discovery.cc
+++ b/src/network_inspectors/appid/appid_discovery.cc
@@ -158,7 +158,7 @@ void AppIdDiscovery::do_application_discovery(Packet* p, AppIdInspector& inspect
          misc_id, change_bits);
  }
  
-void AppIdDiscovery::publish_appid_event(AppidChangeBits& change_bits, snort::Flow* flow)
+void AppIdDiscovery::publish_appid_event(AppidChangeBits& change_bits, Flow* flow)
  {
      if (change_bits.none())
          return;
diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc

index 584b73444808368659ba5fda9200d08c9cbaa61d..fea08bd955f702de4fe42b4307eb2f2a43b49a74 100644 (file)
--- a/src/network_inspectors/appid/appid_http_session.cc
+++ b/src/network_inspectors/appid/appid_http_session.cc
@@ -825,7 +825,7 @@ void AppIdHttpSession::update_http_xff_address(struct XffFieldValue* xff_fields,
                  // FIXIT_H: - this code is wrong. We can't have
                  // tmp-xff_fields[j].value when tmp=0.
  
-                // xff_addr = new snort::SfIp();
+                // xff_addr = new SfIp();
                  // char* xff_addr_str = nullptr;
                  // char* tmp = strchr(xff_fields[j].value, ',');
  
diff --git a/src/network_inspectors/appid/appid_peg_counts.cc b/src/network_inspectors/appid/appid_peg_counts.cc

index 2efa7183d03fffd55d188eea4e2c2607c902fe70..bcfa62b5a2ba004f8e3ed72e3b649e0cf63b29ca 100644 (file)
--- a/src/network_inspectors/appid/appid_peg_counts.cc
+++ b/src/network_inspectors/appid/appid_peg_counts.cc
@@ -30,6 +30,8 @@
  
  #include "utils/stats.h"
  
+using namespace snort;
+
  std::unordered_map<AppId, uint32_t> AppIdPegCounts::appid_detector_pegs_idx;
  std::vector<std::string> AppIdPegCounts::appid_detectors_info;
  THREAD_LOCAL std::vector<AppIdPegCounts::AppIdDynamicPeg>* AppIdPegCounts::appid_peg_counts;
@@ -133,7 +135,7 @@ void AppIdPegCounts::print()
      if (!print && unknown_pegs->all_zeros())
          return;
  
-    snort::LogLabel("Appid dynamic stats:");
+    LogLabel("Appid dynamic stats:");
  
      for (unsigned i = 0; i < app_num; i++)
      {
@@ -142,14 +144,14 @@ void AppIdPegCounts::print()
              continue;
  
          std::string app_name = AppIdPegCounts::appid_detectors_info[i];
-        snort::LogMessage("%s: ", app_name.c_str());
+        LogMessage("%s: ", app_name.c_str());
          pegs->print();
      }
  
      // Print unknown app stats
      if (!unknown_pegs->all_zeros())
      {
-        snort::LogMessage("unknown_app: flows: %" PRIu64 ", clients: %" PRIu64 ", users: %" PRIu64 ", payloads %"
+        LogMessage("unknown_app: flows: %" PRIu64 ", clients: %" PRIu64 ", users: %" PRIu64 ", payloads %"
              PRIu64 ", misc: %" PRIu64 "\n",
              unknown_pegs->stats[0], unknown_pegs->stats[1], unknown_pegs->stats[2],
              unknown_pegs->stats[3], unknown_pegs->stats[4]);
diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc

index 91c9664cd0586bbb4a033f750e49376c8e0b829f..b298b992d50cfdeb986fc85a67aaa34318d40e1b 100644 (file)
--- a/src/network_inspectors/appid/appid_stats.cc
+++ b/src/network_inspectors/appid/appid_stats.cc
@@ -242,7 +242,7 @@ static void update_stats(const AppIdSession& asd, AppId app_id, StatsBucket* buc
          }
          else
          {
-            snort::WarningMessage("Error saving statistics record for app id: %d", app_id);
+            WarningMessage("Error saving statistics record for app id: %d", app_id);
              snort_free(record);
              record = nullptr;
          }
diff --git a/src/network_inspectors/appid/appid_utils/sf_mlmp.cc b/src/network_inspectors/appid/appid_utils/sf_mlmp.cc

index a6f0e6dd27153a4ebf79085122068b54666a75ef..efdb8af3a6570ba31cd872e96bfabf3167407a26 100644 (file)
--- a/src/network_inspectors/appid/appid_utils/sf_mlmp.cc
+++ b/src/network_inspectors/appid/appid_utils/sf_mlmp.cc
@@ -28,6 +28,8 @@
  #include "search_engines/search_tool.h"
  #include "utils/util.h"
  
+using namespace snort;
+
  struct tPatternNode
  {
      tMlmpPattern pattern;
@@ -59,7 +61,7 @@ struct tPatternPrimaryNode
  /*Node for mlmp tree */
  struct tMlmpTree
  {
-    snort::SearchTool* patternTree;
+    SearchTool* patternTree;
      tPatternPrimaryNode* patternList;
      uint32_t level;
  };
@@ -198,12 +200,12 @@ static int compareMlmpPatterns(const void* p1, const void* p2)
     detroyTreesRecursively. */
  static int createTreesRecusively(tMlmpTree* rootNode)
  {
-    snort::SearchTool* patternMatcher;
+    SearchTool* patternMatcher;
      tPatternPrimaryNode* primaryPatternNode;
      tPatternNode* ddPatternNode;
  
      /* set up the MPSE for url patterns */
-    patternMatcher = rootNode->patternTree = new snort::SearchTool("ac_full", true);
+    patternMatcher = rootNode->patternTree = new SearchTool("ac_full", true);
  
      for (primaryPatternNode = rootNode->patternList;
          primaryPatternNode;
diff --git a/src/network_inspectors/appid/appid_utils/sf_multi_mpse.cc b/src/network_inspectors/appid/appid_utils/sf_multi_mpse.cc

index 1e7fda4c2997027d68556c69d3d9557b45e95579..805d32ac76e976def90fb6bbe131cf8e4337c0fc 100644 (file)
--- a/src/network_inspectors/appid/appid_utils/sf_multi_mpse.cc
+++ b/src/network_inspectors/appid/appid_utils/sf_multi_mpse.cc
@@ -28,6 +28,8 @@
  #include "search_engines/search_tool.h"
  #include "utils/util.h"
  
+using namespace snort;
+
  struct tPatternRootNode;
  struct tPatternList
  {
@@ -41,7 +43,7 @@ struct tPatternList
  /*Root node */
  struct tPatternRootNode
  {
-    snort::SearchTool* patternTree;
+    SearchTool* patternTree;
      tPatternList* patternList;
      tPatternList* lastPattern;
      unsigned int level;        /*some searches may be specific to levels. Increments from 1 at top
@@ -180,11 +182,11 @@ static int compareAppUrlPatterns(const void* p1, const void* p2)
  static int createTreesRecusively(void* root)
  {
      tPatternRootNode* rootNode = (tPatternRootNode*)root;
-    snort::SearchTool* patternMatcher;
+    SearchTool* patternMatcher;
      tPatternList* patternNode;
  
      /* set up the MPSE for url patterns */
-    if (!(patternMatcher = rootNode->patternTree = new snort::SearchTool("ac_full", true)))
+    if (!(patternMatcher = rootNode->patternTree = new SearchTool("ac_full", true)))
          return -1;
  
      for (patternNode = rootNode->patternList;
diff --git a/src/network_inspectors/appid/client_plugins/client_detector.cc b/src/network_inspectors/appid/client_plugins/client_detector.cc

index b404b92f2dcdfc4448d253e8df9ca246fcb7d50b..a7dcfd5c326b9f4fef42f35cdab3e6e7a67a0767 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_detector.cc
+++ b/src/network_inspectors/appid/client_plugins/client_detector.cc
@@ -32,6 +32,8 @@
  #include "protocols/packet.h"
  #include "log/messages.h"
  
+using namespace snort;
+
  static THREAD_LOCAL unsigned client_module_index = 0;
  
  ClientDetector::ClientDetector()
@@ -47,7 +49,7 @@ void ClientDetector::register_appid(AppId appId, unsigned extractsInfo)
      {
          if ( AppInfoManager::get_instance().configured() )
          {
-            snort::ParseWarning(WARN_RULES,
+            ParseWarning(WARN_RULES,
                  "appid: no entry for %d in appMapping.data; no rule support for this ID.",
                  appId);
          }
diff --git a/src/network_inspectors/appid/detector_plugins/detector_dns.cc b/src/network_inspectors/appid/detector_plugins/detector_dns.cc

index 81d4986a911ec2929721f0cddd39d2a43456fe48..696220122b3e6fb1f872a8ed09daf6df281ba940 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_dns.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_dns.cc
@@ -30,6 +30,8 @@
  #include "app_info_table.h"
  #include "application_ids.h"
  
+using namespace snort;
+
  #define MAX_OPCODE     5
  #define INVALID_OPCODE 3
  
@@ -159,7 +161,7 @@ struct MatchedDNSPatterns
  struct ServiceDnsConfig
  {
      DetectorDNSHostPattern* DetectorDNSHostPatternList;
-    snort::SearchTool* dns_host_host_matcher;
+    SearchTool* dns_host_host_matcher;
  };
  static ServiceDnsConfig serviceDnsConfig;      // DNS service configuration
  
@@ -184,7 +186,7 @@ static int dns_host_detector_create_matcher(DetectorDNSHostPattern* list)
      if (serviceDnsConfig.dns_host_host_matcher)
          delete serviceDnsConfig.dns_host_host_matcher;
  
-    serviceDnsConfig.dns_host_host_matcher = new snort::SearchTool("ac_full", true);
+    serviceDnsConfig.dns_host_host_matcher = new SearchTool("ac_full", true);
      if (!serviceDnsConfig.dns_host_host_matcher)
          return 0;
  
@@ -741,7 +743,7 @@ inprocess:
      return APPID_INPROCESS;
  }
  
-static int dns_host_scan_patterns(snort::SearchTool* matcher, const uint8_t* pattern, size_t size,
+static int dns_host_scan_patterns(SearchTool* matcher, const uint8_t* pattern, size_t size,
      AppId* ClientAppId, AppId* payloadId)
  {
      MatchedDNSPatterns* mp = nullptr;
diff --git a/src/network_inspectors/appid/detector_plugins/detector_imap.cc b/src/network_inspectors/appid/detector_plugins/detector_imap.cc

index 877cfe6b7a37775d628658667d7b9840a38ff6b5..48adb30dcf7a75847da02d7cabb75ee751cfeeb0 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_imap.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_imap.cc
@@ -31,6 +31,8 @@
  #include "search_engines/search_tool.h"
  #include "utils/util.h"
  
+using namespace snort;
+
  static const unsigned IMAP_USER_NAME_MAX_LEN = 32;
  static const unsigned IMAP_TAG_MAX_LEN = 6;
  static const unsigned MIN_CMDS = 3;
@@ -516,7 +518,7 @@ ImapClientDetector::~ImapClientDetector()
  
  void ImapClientDetector::do_custom_init()
  {
-    cmd_matcher = new snort::SearchTool("ac_full", true);
+    cmd_matcher = new SearchTool("ac_full", true);
  
      if ( !tcp_patterns.empty() )
      {
diff --git a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc

index f863e4ee150cc912f0249c124a3dbb4c1a314b1c..c36fe979a0ffb207ff54a6b2a0f9f5c82876f626 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc
@@ -115,7 +115,7 @@ static KerberosClientDetector* krb_client_detector;
  static KerberosServiceDetector* krb_service_detector;
  
  static int krb_walk_server_packet(KRBState* krbs, const uint8_t* s, const uint8_t* end,
-    AppIdSession& asd, snort::Packet* pkt, const AppidSessionDirection dir,
+    AppIdSession& asd, Packet* pkt, const AppidSessionDirection dir,
      const char* reqCname, AppidChangeBits& change_bits)
  {
      static const uint8_t KRB_SERVER_VERSION[] = "\x0a0\x003\x002\x001";
diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc

index b1c57020cca0242d8791e37f5ca6ee8bee0f6205..35e96ba191e158613d0e93e469086d855433f451 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc
@@ -119,14 +119,14 @@ static void read_patterns(PortPatternNode* portPatternList, PatternService** ser
      }
  }
  
-static void register_pattern(snort::SearchTool** patterns, Pattern* pattern)
+static void register_pattern(SearchTool** patterns, Pattern* pattern)
  {
      if (!*patterns)
      {
-        *patterns = new snort::SearchTool("ac_full", true);
+        *patterns = new SearchTool("ac_full", true);
          if (!*patterns)
          {
-            snort::ErrorMessage("Error initializing the pattern table\n");
+            ErrorMessage("Error initializing the pattern table\n");
              return;
          }
      }
@@ -200,7 +200,7 @@ static int pattern_match(void* id, void*, int match_end_pos, void* data, void*)
      return 0;
  }
  
-static int csd_pattern_tree_search(const uint8_t* data, uint16_t size, snort::SearchTool* patternTree)
+static int csd_pattern_tree_search(const uint8_t* data, uint16_t size, SearchTool* patternTree)
  {
      PServiceMatch* matches = nullptr;
  
@@ -460,7 +460,7 @@ PatternServiceDetector::~PatternServiceDetector()
  
  int PatternServiceDetector::validate(AppIdDiscoveryArgs& args)
  {
-    snort::SearchTool* patternTree = nullptr;
+    SearchTool* patternTree = nullptr;
  
      if (!args.data )
          return APPID_ENULL;
@@ -542,7 +542,7 @@ int PatternClientDetector::validate(AppIdDiscoveryArgs& args)
      if (!args.size || args.dir == APP_ID_FROM_RESPONDER)
          return APPID_INPROCESS;
  
-    snort::SearchTool* patternTree = (args.asd.protocol == IpProtocol::UDP) ?
+    SearchTool* patternTree = (args.asd.protocol == IpProtocol::UDP) ?
          udp_pattern_matcher : tcp_pattern_matcher;
      AppId id = csd_pattern_tree_search(args.data, args.size, patternTree);
      if (!id)
diff --git a/src/network_inspectors/appid/detector_plugins/detector_pop3.cc b/src/network_inspectors/appid/detector_plugins/detector_pop3.cc

index 73ec4c231c628e182ec437ba61094f5995621c7c..5c335ee6683b131ea3164f7f24cfd0053a0e1029 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_pop3.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_pop3.cc
@@ -114,7 +114,7 @@ struct ServicePOP3Data
      unsigned count;
      const char* vendor;
      char version[MAX_VERSION_SIZE];
-    snort::AppIdServiceSubtype* subtype;
+    AppIdServiceSubtype* subtype;
      int error;
  };
  
@@ -211,7 +211,7 @@ Pop3ClientDetector::~Pop3ClientDetector()
  
  void Pop3ClientDetector::do_custom_init()
  {
-    cmd_matcher = new snort::SearchTool("ac_full", true);
+    cmd_matcher = new SearchTool("ac_full", true);
  
      if ( !tcp_patterns.empty() )
      {
@@ -246,7 +246,7 @@ static void pop3_free_state(void* data)
          ServicePOP3Data* sd = &dd->server;
          while (sd->subtype)
          {
-            snort::AppIdServiceSubtype* sub = sd->subtype;
+            AppIdServiceSubtype* sub = sd->subtype;
              sd->subtype = sub->next;
              if (sub->service)
                  snort_free((void*)sub->service);
@@ -416,7 +416,7 @@ static int pop3_server_validate(POP3DetectorData* dd, const uint8_t* data, uint1
                  pd->vendor = ven_im;
              else if ((p=service_strstr(begin, len, (const unsigned char*)ven_po, sizeof(ven_po)-1)))
              {
-                snort::AppIdServiceSubtype* sub;
+                AppIdServiceSubtype* sub;
  
                  pd->vendor = ven_po;
                  p += (sizeof(ven_po) - 1);
@@ -487,7 +487,7 @@ static int pop3_server_validate(POP3DetectorData* dd, const uint8_t* data, uint1
                      ;
                  if (p == s || p >= line_end || !(*p))
                      goto ven_ver_done;
-                sub = (snort::AppIdServiceSubtype*)snort_calloc(sizeof(snort::AppIdServiceSubtype));
+                sub = (AppIdServiceSubtype*)snort_calloc(sizeof(AppIdServiceSubtype));
                  unsigned sub_len;
  
                  sub_len = p - s;
diff --git a/src/network_inspectors/appid/detector_plugins/detector_smtp.cc b/src/network_inspectors/appid/detector_plugins/detector_smtp.cc

index 07c9a18c8a060dc7d06e4835144fba503dab64fe..007a78e38df3976ea6f617e0a52825e5d6ce2a2e 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_smtp.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_smtp.cc
@@ -27,6 +27,8 @@
  #include "app_info_table.h"
  #include "protocols/packet.h"
  
+using namespace snort;
+
  enum SMTPClientState
  {
      SMTP_CLIENT_STATE_NONE,
@@ -207,7 +209,7 @@ int SmtpClientDetector::extract_version_and_add_client_app(
   *  Returns 0 if a recognized product is found.  Otherwise returns 1.
   */
  int SmtpClientDetector::identify_client_version(ClientSMTPData* const fd, const uint8_t* product,
-    const uint8_t* data_end, AppIdSession& asd, snort::Packet*, AppidChangeBits& change_bits)
+    const uint8_t* data_end, AppIdSession& asd, Packet*, AppidChangeBits& change_bits)
  {
      const uint8_t* p;
      AppId appId = APP_ID_SMTP;
diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc

index ceaf04c5b4059b970f306adc1af00648cbdb4e4c..547e290e32e708fac692a91cdb10476b675d39f1 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
+++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc
@@ -677,7 +677,7 @@ int HttpPatternMatchers::process_host_patterns(DetectorHTTPPatterns patterns)
  int HttpPatternMatchers::process_chp_list(CHPListElement* chplist)
  {
      for (size_t i = 0; i < NUM_HTTP_FIELDS; i++)
-        chp_matchers[i] = new snort::SearchTool("ac_full", true);
+        chp_matchers[i] = new SearchTool("ac_full", true);
  
      for (CHPListElement* chpe = chplist; chpe; chpe = chpe->next)
          chp_matchers[chpe->chp_action.ptype]->add(chpe->chp_action.pattern,
@@ -717,10 +717,10 @@ static FieldPattern http_field_patterns[] =
        HTTP_FIELD_PREFIX_USER_AGENT_SIZE },
  };
  
-static snort::SearchTool* process_http_field_patterns(FieldPattern* patternList,
+static SearchTool* process_http_field_patterns(FieldPattern* patternList,
      size_t patternListCount)
  {
-    snort::SearchTool* patternMatcher = new snort::SearchTool("ac_full", true);
+    SearchTool* patternMatcher = new SearchTool("ac_full", true);
  
      for (size_t i=0; i < patternListCount; i++)
          patternMatcher->add( (const char*)patternList[i].data, patternList[i].length,
@@ -730,7 +730,7 @@ static snort::SearchTool* process_http_field_patterns(FieldPattern* patternList,
      return patternMatcher;
  }
  
-static void process_patterns(snort::SearchTool& matcher, DetectorHTTPPatterns& patterns, bool
+static void process_patterns(SearchTool& matcher, DetectorHTTPPatterns& patterns, bool
      last = true)
  {
      for (auto& pat: patterns)
@@ -790,7 +790,7 @@ static int http_field_pattern_match(void* id, void*, int match_end_pos, void* da
  }
  
  // FIXIT-RC: Is this still necessary now that we use inspection events?
-void HttpPatternMatchers::get_http_offsets(snort::Packet* pkt, AppIdHttpSession* hsession)
+void HttpPatternMatchers::get_http_offsets(Packet* pkt, AppIdHttpSession* hsession)
  {
      constexpr auto MIN_HTTP_REQ_HEADER_SIZE = (sizeof("GET /\r\n\r\n") - 1);
      static const uint8_t crlfcrlf[] = "\r\n\r\n";
@@ -1723,7 +1723,7 @@ bool HttpPatternMatchers::get_appid_from_url(char* host, const char* url, char**
  }
  
  void HttpPatternMatchers::get_server_vendor_version(const char* data, int len, char** version,
-    char** vendor, snort::AppIdServiceSubtype** subtype)
+    char** vendor, AppIdServiceSubtype** subtype)
  {
      int vendor_len = len;
  
@@ -1762,9 +1762,9 @@ void HttpPatternMatchers::get_server_vendor_version(const char* data, int len, c
                  {
                      if ( subname && subname_len > 0 && subver && *subname )
                      {
-                        snort::AppIdServiceSubtype* sub =
-                            (snort::AppIdServiceSubtype*)snort_calloc(
-                            sizeof(snort::AppIdServiceSubtype));
+                        AppIdServiceSubtype* sub =
+                            (AppIdServiceSubtype*)snort_calloc(
+                            sizeof(AppIdServiceSubtype));
                          char* tmp = (char*)snort_calloc(subname_len + 1);
                          memcpy(tmp, subname, subname_len);
                          tmp[subname_len] = 0;
@@ -1796,8 +1796,8 @@ void HttpPatternMatchers::get_server_vendor_version(const char* data, int len, c
  
          if ( subname && subname_len > 0 && subver && *subname )
          {
-            snort::AppIdServiceSubtype* sub =
-                (snort::AppIdServiceSubtype*)snort_calloc(sizeof(snort::AppIdServiceSubtype));
+            AppIdServiceSubtype* sub =
+                (AppIdServiceSubtype*)snort_calloc(sizeof(AppIdServiceSubtype));
              char* tmp = (char*)snort_calloc(subname_len + 1);
              memcpy(tmp, subname, subname_len);
              tmp[subname_len] = 0;
@@ -1862,7 +1862,7 @@ uint32_t HttpPatternMatchers::parse_multiple_http_patterns(const char* pattern,
              for (unsigned i = 0; i <= partNum; i++)
                  snort_free((void*)parts[i].pattern);
  
-            snort::ErrorMessage("Failed to allocate memory");
+            ErrorMessage("Failed to allocate memory");
              return 0;
          }
          partNum++;
diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc

index fc2ecaa3df86a39ec0a9e682c1cef8163a590987..f19aa328989e3c2588c06fc85e46e7edafec0c7f 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc
+++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc
@@ -58,7 +58,7 @@ static uint16_t my_length[NUM_HTTP_FIELDS] = { 0 };
  static CHPAction my_match;
  static void* my_chp_rewritten = nullptr;
  
-void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
  
  TEST_GROUP(http_url_patterns_tests)
  {
diff --git a/src/network_inspectors/appid/lua_detector_flow_api.cc b/src/network_inspectors/appid/lua_detector_flow_api.cc

index 54b1f96e5352153a67fc2483a919fade6304cfd5..e4ff3e3ed8a6ebf6fd85ff5d1f1445784e178bc7 100644 (file)
--- a/src/network_inspectors/appid/lua_detector_flow_api.cc
+++ b/src/network_inspectors/appid/lua_detector_flow_api.cc
@@ -31,6 +31,8 @@
  #include "lua_detector_module.h"
  #include "lua_detector_util.h"
  
+using namespace snort;
+
  /* Lua flag bit/index to C flag value (0 for invalid). */
  static const uint64_t FLAGS_TABLE_LUA_TO_C[32]
  {
@@ -155,8 +157,8 @@ static inline uint64_t convert_flags_c_to_lua(uint64_t in)
   */
  static int create_detector_flow(lua_State* L)
  {
-    snort::SfIp saddr;
-    snort::SfIp daddr;
+    SfIp saddr;
+    SfIp daddr;
  
      AppIdDetector* ud = *UserData<AppIdDetector>::check(L, DETECTOR, 1);
      // Verify detector user data and that we are in packet context
diff --git a/src/network_inspectors/appid/service_plugins/service_mdns.cc b/src/network_inspectors/appid/service_plugins/service_mdns.cc

index fc694a0f3ce8b0de278c1547f070b3a1c3cc9760..435bb46684a52b1d4f98afcf0a3cc917ef26c243 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_mdns.cc
+++ b/src/network_inspectors/appid/service_plugins/service_mdns.cc
@@ -107,7 +107,7 @@ MdnsServiceDetector::MdnsServiceDetector(ServiceDiscovery* sd)
          { 5353, IpProtocol::UDP, false },
      };
  
-    matcher = new snort::SearchTool("ac_full", true);
+    matcher = new SearchTool("ac_full", true);
      for (unsigned i = 0; i < sizeof(patterns) / sizeof(*patterns); i++)
          matcher->add((const char*)patterns[i].pattern, patterns[i].length, &patterns[i]);
      matcher->prep();
diff --git a/src/network_inspectors/appid/service_plugins/service_rexec.cc b/src/network_inspectors/appid/service_plugins/service_rexec.cc

index a22591044b3282190a26c3443bb90167d5c8806b..b48d372e55354515f42d22172cb066fad7b10e73 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rexec.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rexec.cc
@@ -29,6 +29,8 @@
  #include "app_info_table.h"
  #include "protocols/packet.h"
  
+using namespace snort;
+
  #define REXEC_PORT  512
  #define REXEC_MAX_PORT_PACKET 6
  
@@ -120,7 +122,7 @@ int RexecServiceDetector::validate(AppIdDiscoveryArgs& args)
      {
      case REXEC_STATE_PORT:
          if(rexec_snort_protocol_id == UNKNOWN_PROTOCOL_ID)
-            rexec_snort_protocol_id = snort::SnortConfig::get_conf()->proto_ref->find("rexec");
+            rexec_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("rexec");
  
          if (args.dir != APP_ID_FROM_INITIATOR)
              goto bail;
@@ -140,8 +142,8 @@ int RexecServiceDetector::validate(AppIdDiscoveryArgs& args)
              goto bail;
          if (port && args.pkt)
          {
-            const snort::SfIp* sip;
-            const snort::SfIp* dip;
+            const SfIp* sip;
+            const SfIp* dip;
  
              dip = args.pkt->ptrs.ip_api.get_dst();
              sip = args.pkt->ptrs.ip_api.get_src();
diff --git a/src/network_inspectors/appid/service_plugins/service_rshell.cc b/src/network_inspectors/appid/service_plugins/service_rshell.cc

index 8365ef5ae3d78b9b27137f229f6526e4233fb7d4..716eb43fde6da0000cc4c3bd6fb185b5d3c307f2 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rshell.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rshell.cc
@@ -31,6 +31,8 @@
  #include "appid_debug.h"
  #include "appid_inspector.h"
  
+using namespace snort;
+
  #define RSHELL_PORT  514
  #define RSHELL_MAX_PORT_PACKET 6
  
@@ -115,7 +117,7 @@ int RshellServiceDetector::validate(AppIdDiscoveryArgs& args)
      }
  
      if (appidDebug->is_active())
-        snort::LogMessage("AppIdDbg %s RSHELL state %d\n", appidDebug->get_debug_session(), rd->state);
+        LogMessage("AppIdDbg %s RSHELL state %d\n", appidDebug->get_debug_session(), rd->state);
  
      switch (rd->state)
      {
@@ -139,14 +141,14 @@ int RshellServiceDetector::validate(AppIdDiscoveryArgs& args)
          if (port)
          {
              if(rsh_error_snort_protocol_id == UNKNOWN_PROTOCOL_ID)
-                rsh_error_snort_protocol_id = snort::SnortConfig::get_conf()->proto_ref->find("rsh-error");
+                rsh_error_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("rsh-error");
  
              ServiceRSHELLData* tmp_rd = (ServiceRSHELLData*)snort_calloc(
                  sizeof(ServiceRSHELLData));
              tmp_rd->state = RSHELL_STATE_STDERR_CONNECT_SYN;
              tmp_rd->parent = rd;
-            const snort::SfIp* dip = args.pkt->ptrs.ip_api.get_dst();
-            const snort::SfIp* sip = args.pkt->ptrs.ip_api.get_src();
+            const SfIp* dip = args.pkt->ptrs.ip_api.get_dst();
+            const SfIp* sip = args.pkt->ptrs.ip_api.get_src();
              AppIdSession* pf = AppIdSession::create_future_session(args.pkt, dip, 0, sip,
                  (uint16_t)port, IpProtocol::TCP, rsh_error_snort_protocol_id, APPID_EARLY_SESSION_FLAG_FW_RULE);
              if (pf)
diff --git a/src/network_inspectors/appid/service_plugins/service_snmp.cc b/src/network_inspectors/appid/service_plugins/service_snmp.cc

index b2f7bb80907fc4d947ae9bfb882db934a09f05be..1ce4b44b42391fc40ee16b3f27a4842d8d457f1b 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_snmp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_snmp.cc
@@ -32,6 +32,8 @@
  #include "appid_debug.h"
  #include "appid_inspector.h"
  
+using namespace snort;
+
  #define SNMP_PORT   161
  
  #define SNMP_VERSION_1  0
@@ -423,7 +425,7 @@ int SnmpServiceDetector::validate(AppIdDiscoveryArgs& args)
      if (snmp_verify_packet(&data, data+size, &pdu, &version))
      {
          if (appidDebug->is_active())
-            snort::LogMessage("AppIdDbg %s SNMP payload verify failed\n", appidDebug->get_debug_session());
+            LogMessage("AppIdDbg %s SNMP payload verify failed\n", appidDebug->get_debug_session());
          if (args.asd.get_session_flags(APPID_SESSION_UDP_REVERSED))
          {
              if (args.dir == APP_ID_FROM_RESPONDER)
@@ -441,7 +443,7 @@ int SnmpServiceDetector::validate(AppIdDiscoveryArgs& args)
      }
  
      if (appidDebug->is_active())
-        snort::LogMessage("AppIdDbg %s SNMP state %d\n", appidDebug->get_debug_session(), sd->state);
+        LogMessage("AppIdDbg %s SNMP state %d\n", appidDebug->get_debug_session(), sd->state);
  
      switch (sd->state)
      {
@@ -477,10 +479,10 @@ int SnmpServiceDetector::validate(AppIdDiscoveryArgs& args)
  
          /*adding expected connection in case the server doesn't send from 161*/
          if(snmp_snort_protocol_id == UNKNOWN_PROTOCOL_ID)
-            snmp_snort_protocol_id = snort::SnortConfig::get_conf()->proto_ref->find("snmp");
+            snmp_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("snmp");
  
-        const snort::SfIp* dip = args.pkt->ptrs.ip_api.get_dst();
-        const snort::SfIp* sip = args.pkt->ptrs.ip_api.get_src();
+        const SfIp* dip = args.pkt->ptrs.ip_api.get_dst();
+        const SfIp* sip = args.pkt->ptrs.ip_api.get_src();
          AppIdSession* pf = AppIdSession::create_future_session(args.pkt, dip, 0, sip,
              args.pkt->ptrs.sp, args.asd.protocol, snmp_snort_protocol_id, 0);
          if (pf)
diff --git a/src/network_inspectors/appid/service_plugins/service_tftp.cc b/src/network_inspectors/appid/service_plugins/service_tftp.cc

index 9ca0f4949bb8674e24d24b031396c4b2751c198b..94d0cdd85ceb3d3af9b6a8ec04947ad0b901f6a2 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_tftp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_tftp.cc
@@ -127,8 +127,8 @@ int TftpServiceDetector::validate(AppIdDiscoveryArgs& args)
      int mode = 0;
      uint16_t block = 0;
      uint16_t tmp = 0;
-    const snort::SfIp* sip = nullptr;
-    const snort::SfIp* dip = nullptr;
+    const SfIp* sip = nullptr;
+    const SfIp* dip = nullptr;
      AppIdSession* pf = nullptr;
      const uint8_t* data = args.data;
      uint16_t size = args.size;
@@ -184,7 +184,7 @@ int TftpServiceDetector::validate(AppIdDiscoveryArgs& args)
              goto bail;
  
          if(tftp_snort_protocol_id == UNKNOWN_PROTOCOL_ID)
-            tftp_snort_protocol_id = snort::SnortConfig::get_conf()->proto_ref->find("tftp");
+            tftp_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("tftp");
  
          tmp_td = (ServiceTFTPData*)snort_calloc(sizeof(ServiceTFTPData));
          tmp_td->state = TFTP_STATE_TRANSFER;
diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc

index 3bf25201dfe626d3f8b16b0ce20caa322a867aec..b15d8d3d329be98b9c15d0548172e367a44c053e 100644 (file)
--- a/src/network_inspectors/appid/test/appid_api_test.cc
+++ b/src/network_inspectors/appid/test/appid_api_test.cc
@@ -53,7 +53,7 @@ class Inspector* InspectorManager::get_inspector(char const*, bool, SnortConfig*
  
  }
  
-void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
  const char* AppInfoManager::get_app_name(AppId)
  {
      return test_app_name;
diff --git a/src/network_inspectors/appid/test/appid_debug_test.cc b/src/network_inspectors/appid/test/appid_debug_test.cc

index fc53c1693c05f63f403f8b6ff48175a9c9642c45..1053376d097af216e06ea19b2f4bb27cfb478d7d 100644 (file)
--- a/src/network_inspectors/appid/test/appid_debug_test.cc
+++ b/src/network_inspectors/appid/test/appid_debug_test.cc
@@ -45,7 +45,7 @@ FlowData::FlowData(unsigned, Inspector*) { }
  FlowData::~FlowData() = default;
  }
  
-void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
  class AppIdInspector
  {
  public:
diff --git a/src/network_inspectors/appid/test/appid_detector_test.cc b/src/network_inspectors/appid/test/appid_detector_test.cc

index bcfac4645d575d8f4cec5e94768cb2d9e9dd374c..633e69e7dc134c68c4570244c4abe524f1a9f4d3 100644 (file)
--- a/src/network_inspectors/appid/test/appid_detector_test.cc
+++ b/src/network_inspectors/appid/test/appid_detector_test.cc
@@ -36,7 +36,7 @@
  #include <CppUTest/CommandLineTestRunner.h>
  #include <CppUTest/TestHarness.h>
  
-void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
  void AppIdHttpSession::set_http_change_bits(AppidChangeBits&, HttpFieldIds) {}
  
  class TestDetector : public AppIdDetector
diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc

index d46606f2e2e897422741f2985822a4093ebafdfb..356a6af41a67c696ff5620f1d7d37138ac6dc958 100644 (file)
--- a/src/network_inspectors/appid/test/appid_discovery_test.cc
+++ b/src/network_inspectors/appid/test/appid_discovery_test.cc
@@ -116,26 +116,26 @@ void DataBus::publish(const char*, DataEvent& event, Flow*)
  // Stubs for matchers
  static HttpPatternMatchers* http_matchers;
  HttpPatternMatchers::~HttpPatternMatchers() {}
-void HttpPatternMatchers::get_http_offsets(snort::Packet*, AppIdHttpSession*) {}
+void HttpPatternMatchers::get_http_offsets(Packet*, AppIdHttpSession*) {}
  HttpPatternMatchers* HttpPatternMatchers::get_instance()
  {
      return http_matchers;
  }
  
-void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
  
  // Stubs for AppIdModule
-AppIdModule::AppIdModule(): snort::Module("appid_mock", "appid_mock_help") {}
+AppIdModule::AppIdModule(): Module("appid_mock", "appid_mock_help") {}
  AppIdModule::~AppIdModule() {}
  void AppIdModule::sum_stats(bool) {}
  void AppIdModule::show_dynamic_stats() {}
-bool AppIdModule::begin(char const*, int, snort::SnortConfig*) { return true; }
-bool AppIdModule::end(char const*, int, snort::SnortConfig*) { return true; }
-bool AppIdModule::set(char const*, snort::Value&, snort::SnortConfig*) { return true; }
-const snort::Command* AppIdModule::get_commands() const { return nullptr; }
+bool AppIdModule::begin(char const*, int, SnortConfig*) { return true; }
+bool AppIdModule::end(char const*, int, SnortConfig*) { return true; }
+bool AppIdModule::set(char const*, Value&, SnortConfig*) { return true; }
+const Command* AppIdModule::get_commands() const { return nullptr; }
  const PegInfo* AppIdModule::get_pegs() const { return nullptr; }
  PegCount* AppIdModule::get_counts() const { return nullptr; }
-snort::ProfileStats* AppIdModule::get_profile() const { return nullptr; }
+ProfileStats* AppIdModule::get_profile() const { return nullptr; }
  
  // Stubs for config
  AppIdModuleConfig::~AppIdModuleConfig() {}
@@ -156,9 +156,9 @@ AppId AppIdConfig::get_protocol_service_id(IpProtocol)
  // Stubs for AppIdInspector
  AppIdInspector::AppIdInspector(AppIdModule&) {}
  AppIdInspector::~AppIdInspector() = default;
-void AppIdInspector::eval(snort::Packet*) { }
-bool AppIdInspector::configure(snort::SnortConfig*) { return true; }
-void AppIdInspector::show(snort::SnortConfig*) { }
+void AppIdInspector::eval(Packet*) { }
+bool AppIdInspector::configure(SnortConfig*) { return true; }
+void AppIdInspector::show(SnortConfig*) { }
  void AppIdInspector::tinit() { }
  void AppIdInspector::tterm() { }
  AppIdConfig* AppIdInspector::get_appid_config()
diff --git a/src/network_inspectors/appid/test/appid_expected_flags_test.cc b/src/network_inspectors/appid/test/appid_expected_flags_test.cc

index f2c41f665b825e553957da4ed99aa6bc24773207..871e2f9e9633101c0dc1e87b9bb1c627c9201304 100644 (file)
--- a/src/network_inspectors/appid/test/appid_expected_flags_test.cc
+++ b/src/network_inspectors/appid/test/appid_expected_flags_test.cc
@@ -28,7 +28,7 @@
  #include <CppUTest/CommandLineTestRunner.h>
  #include <CppUTest/TestHarness.h>
  
-void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
  void AppIdHttpSession::set_http_change_bits(AppidChangeBits&, HttpFieldIds) {}
  
  class MockServiceDetector : public ServiceDetector
diff --git a/src/network_inspectors/appid/test/appid_http_event_test.cc b/src/network_inspectors/appid/test/appid_http_event_test.cc

index a7b203adfbf23ca54ca077b013b12ce373c614bd..cc885344fbc17693deec7ba1a7b0425e2f44abb8 100644 (file)
--- a/src/network_inspectors/appid/test/appid_http_event_test.cc
+++ b/src/network_inspectors/appid/test/appid_http_event_test.cc
@@ -42,7 +42,7 @@
  
  THREAD_LOCAL AppIdDebug* appidDebug = nullptr;
  void AppIdDebug::activate(const Flow*, const AppIdSession*, bool) { active = true; }
-void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
  using namespace snort;
  
  namespace snort
@@ -67,7 +67,7 @@ class FakeHttpMsgHeader
  };
  FakeHttpMsgHeader* fake_msg_header = nullptr;
  
-void AppIdDiscovery::publish_appid_event(AppidChangeBits&, snort::Flow*) {}
+void AppIdDiscovery::publish_appid_event(AppidChangeBits&, Flow*) {}
  
  void AppIdHttpSession::set_http_change_bits(AppidChangeBits&, HttpFieldIds) {}
  
diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc

index 1b34730812b4945aaf747ff08bb935c176f4060a..96fb2489a008c4bdb6282106a0b1d93a9164f96a 100644 (file)
--- a/src/network_inspectors/appid/test/appid_http_session_test.cc
+++ b/src/network_inspectors/appid/test/appid_http_session_test.cc
@@ -44,7 +44,7 @@
  #include <CppUTest/TestHarness.h>
  using namespace snort;
  
-void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
  const char* AppInfoManager::get_app_name(AppId)
  {
      return "";
@@ -72,7 +72,7 @@ AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor&, char**, char**,
  }
  
  void HttpPatternMatchers::get_server_vendor_version(const char*, int, char**,
-    char**, snort::AppIdServiceSubtype**)
+    char**, AppIdServiceSubtype**)
  {
  }
  
diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc

index f97d79239ba30d489e180111a26e92692902e2a9..33dc2d9c0cbb0f31d0c33f4b6b582b679c8e139c 100644 (file)
--- a/src/network_inspectors/appid/test/appid_session_api_test.cc
+++ b/src/network_inspectors/appid/test/appid_session_api_test.cc
@@ -30,7 +30,7 @@
  #include <CppUTest/CommandLineTestRunner.h>
  #include <CppUTest/TestHarness.h>
  
-void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
  void BootpServiceDetector::AppIdFreeDhcpData(DHCPData* data)
  {
      delete data;
diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc

index 05dfc78582ad711278e90b6e32e3cb803f29b49d..6944275b5593bd2fef17c851ec50ac5b7336a66e 100644 (file)
--- a/src/network_inspectors/appid/test/service_state_test.cc
+++ b/src/network_inspectors/appid/test/service_state_test.cc
@@ -71,7 +71,7 @@ THREAD_LOCAL AppIdStats appid_stats;
  
  void AppIdDebug::activate(const Flow*, const AppIdSession*, bool) { active = true; }
  
-void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
  AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector&)
      : FlowData(0) {}
  AppIdSession::~AppIdSession() = default;
diff --git a/src/network_inspectors/appid/test/tp_mock.cc b/src/network_inspectors/appid/test/tp_mock.cc

index 0372357b492239957777c7160cae5fe9f7f14c32..3eb1b3423f19d71a70960829ab708ff645effbc2 100644 (file)
--- a/src/network_inspectors/appid/test/tp_mock.cc
+++ b/src/network_inspectors/appid/test/tp_mock.cc
@@ -36,6 +36,7 @@
  
  #define WhereMacro __FILE__ << ": " << __FUNCTION__ << ": " << __LINE__
  
+using namespace snort;
  using namespace std;
  
  class ThirdPartyAppIDModuleImpl : public ThirdPartyAppIDModule
@@ -78,7 +79,7 @@ class ThirdPartyAppIDSessionImpl : public ThirdPartyAppIDSession
  public:
  
      bool reset() override { return 1; }
-    TPState process(const snort::Packet&, AppidSessionDirection, vector<AppId>&,
+    TPState process(const Packet&, AppidSessionDirection, vector<AppId>&,
          ThirdPartyAppIDAttributeData&) override { return TP_STATE_INIT; }
  
      int disable_flags(uint32_t) override { return 0; }
diff --git a/src/network_inspectors/arp_spoof/arp_module.cc b/src/network_inspectors/arp_spoof/arp_module.cc

index bb608381b376b3a5663af4e76f5e3a93557973d4..cca13a18d93175261ed6b979b23846d049ea50e0 100644 (file)
--- a/src/network_inspectors/arp_spoof/arp_module.cc
+++ b/src/network_inspectors/arp_spoof/arp_module.cc
@@ -135,7 +135,7 @@ bool ArpSpoofModule::end(const char*, int idx, SnortConfig*)
  }
  
  const PegInfo* ArpSpoofModule::get_pegs() const
-{ return snort::simple_pegs; }
+{ return simple_pegs; }
  
  PegCount* ArpSpoofModule::get_counts() const
  { return (PegCount*)&asstats; }
diff --git a/src/network_inspectors/arp_spoof/arp_spoof.cc b/src/network_inspectors/arp_spoof/arp_spoof.cc

index ecf8b28158623b61c0889f09b9d73b7d72928d2e..3b3295de637ea48af38e5296097cfa8613f82922 100644 (file)
--- a/src/network_inspectors/arp_spoof/arp_spoof.cc
+++ b/src/network_inspectors/arp_spoof/arp_spoof.cc
@@ -154,7 +154,7 @@ void ArpSpoof::eval(Packet* p)
      }
      else
      {
-        const snort::wlan::WifiHdr* wifih = snort::layer::get_wifi_layer(p);
+        const wlan::WifiHdr* wifih = layer::get_wifi_layer(p);
          if (wifih == nullptr)
              return;
  
@@ -181,7 +181,7 @@ void ArpSpoof::eval(Packet* p)
           }
      }
  
-    const snort::arp::EtherARP* ah = snort::layer::get_arp_layer(p);
+    const arp::EtherARP* ah = layer::get_arp_layer(p);
  
      /* is the ARP protocol type IP and the ARP hardware type Ethernet? */
      if ((ntohs(ah->ea_hdr.ar_hrd) != 0x0001) ||
diff --git a/src/network_inspectors/normalize/norm.cc b/src/network_inspectors/normalize/norm.cc

index 2760126acaef01e9c1da46836148ae1dd0b166ac..b0b2506e73da567e50ae74d0bb37952cf5b96cf8 100644 (file)
--- a/src/network_inspectors/normalize/norm.cc
+++ b/src/network_inspectors/normalize/norm.cc
@@ -164,7 +164,7 @@ static inline NormMode get_norm_mode(const Packet * const p)
  {
      NormMode mode = NORM_MODE_ON;
  
-    if ( snort::get_inspection_policy()->policy_mode != POLICY_MODE__INLINE )
+    if ( get_inspection_policy()->policy_mode != POLICY_MODE__INLINE )
          mode = NORM_MODE_TEST;
  
      if ( !SFDAQ::forwarding_packet(p->pkth) )
diff --git a/src/network_inspectors/normalize/norm_module.cc b/src/network_inspectors/normalize/norm_module.cc

index 21e91e2fa8f4c188df93677ee99ed6528d4e3414..bc55a7f0870911a45a17b50680522ea051a5a5b6 100644 (file)
--- a/src/network_inspectors/normalize/norm_module.cc
+++ b/src/network_inspectors/normalize/norm_module.cc
@@ -358,13 +358,13 @@ bool NormalizeModule::end(const char* fqn, int, SnortConfig* sc)
  {
      if ( !strcmp(fqn, NORM_NAME) )
      {
-        NetworkPolicy* policy = snort::get_network_policy();
+        NetworkPolicy* policy = get_network_policy();
  
          // FIXIT-M untangle these policies. this is a workaround for loading inspection-only confs
          if ( policy == nullptr )
          {
              set_network_policy(sc);
-            policy = snort::get_network_policy();
+            policy = get_network_policy();
              set_network_policy((NetworkPolicy*)nullptr);
          }
  
diff --git a/src/network_inspectors/normalize/normalize.cc b/src/network_inspectors/normalize/normalize.cc

index 2ccd008f8101f2a9731707043e004669caf6017c..e1c2a1f18a2c645794559119676ca413a450d2b1 100644 (file)
--- a/src/network_inspectors/normalize/normalize.cc
+++ b/src/network_inspectors/normalize/normalize.cc
@@ -70,7 +70,7 @@ static void Print_IP4(SnortConfig*, const NormalizerConfig* nc)
  
      if ( Norm_IsEnabled(nc, NORM_IP4_TTL) )
      {
-        NetworkPolicy* policy = snort::get_network_policy();
+        NetworkPolicy* policy = get_network_policy();
          LogMessage("%12s: %s (min=%d, new=%d)\n", "ip4.ttl", ON,
              policy->min_ttl, policy->new_ttl);
      }
@@ -92,7 +92,7 @@ static void Print_IP6(SnortConfig*, const NormalizerConfig* nc)
  
      if ( Norm_IsEnabled(nc, NORM_IP6_TTL) )
      {
-        NetworkPolicy* policy = snort::get_network_policy();
+        NetworkPolicy* policy = get_network_policy();
          LogMessage("%12s: %s (min=%d, new=%d)\n", "ip6.hops",
              ON, policy->min_ttl, policy->new_ttl);
      }
@@ -172,9 +172,9 @@ class Normalizer : public Inspector
  public:
      Normalizer(const NormalizerConfig&);
  
-    bool configure(snort::SnortConfig*) override;
-    void show(snort::SnortConfig*) override;
-    void eval(snort::Packet*) override;
+    bool configure(SnortConfig*) override;
+    void show(SnortConfig*) override;
+    void eval(Packet*) override;
  
  private:
      NormalizerConfig config;
@@ -189,11 +189,11 @@ Normalizer::Normalizer(const NormalizerConfig& nc)
  // but would be better if binder could select
  // in which case normal_mask must be moved to flow
  // from cwaxman - why can't normal_mask be applied directly from Normalizer?
-bool Normalizer::configure(snort::SnortConfig*)
+bool Normalizer::configure(SnortConfig*)
  {
      // FIXIT-M move entire config to network policy? Leaving split loads the currently selected
      // network policy with whichever instantiation of an inspection policy this normalize is in
-    NetworkPolicy* nap = snort::get_network_policy();
+    NetworkPolicy* nap = get_network_policy();
  
      nap->normal_mask = config.normalizer_flags;
  
@@ -211,10 +211,10 @@ bool Normalize_IsEnabled(NormFlags nf)
      if ( !(t_flags & nf) )
          return false;
  
-    if ( snort::get_inspection_policy()->policy_mode != POLICY_MODE__INLINE )
+    if ( get_inspection_policy()->policy_mode != POLICY_MODE__INLINE )
          return false;
  
-    NetworkPolicy* nap = snort::get_network_policy();
+    NetworkPolicy* nap = get_network_policy();
      return ( (nap->normal_mask & nf) != 0 );
  }
  
@@ -222,7 +222,7 @@ NormMode Normalize_GetMode(NormFlags nf)
  {
      if (Normalize_IsEnabled(nf))
      {
-        const PolicyMode mode = snort::get_inspection_policy()->policy_mode;
+        const PolicyMode mode = get_inspection_policy()->policy_mode;
  
          if ( mode == POLICY_MODE__INLINE )
              return NORM_MODE_ON;
@@ -230,7 +230,7 @@ NormMode Normalize_GetMode(NormFlags nf)
      return NORM_MODE_TEST;
  }
  
-void Normalizer::show(snort::SnortConfig* sc)
+void Normalizer::show(SnortConfig* sc)
  {
      LogMessage("Normalizer config:\n");
      Print_IP4(sc, &config);
@@ -240,7 +240,7 @@ void Normalizer::show(snort::SnortConfig* sc)
      Print_TCP(&config);
  }
  
-void Normalizer::eval(snort::Packet* p)
+void Normalizer::eval(Packet* p)
  {
      Profile profile(norm_perf_stats);
  
diff --git a/src/network_inspectors/perf_monitor/cpu_tracker.cc b/src/network_inspectors/perf_monitor/cpu_tracker.cc

index c5e3e17cd42a7ada95c32dc2253b113d24e016ea..2561e78ac3154d1516537978b0db75a87cfd1262 100644 (file)
--- a/src/network_inspectors/perf_monitor/cpu_tracker.cc
+++ b/src/network_inspectors/perf_monitor/cpu_tracker.cc
@@ -38,7 +38,7 @@
  
  #define TRACKER_NAME PERF_NAME "_cpu"
  
-using namespace std;
+using namespace snort;
  
  static inline uint64_t get_microseconds(struct timeval t)
  {
@@ -47,7 +47,7 @@ static inline uint64_t get_microseconds(struct timeval t)
  
  CPUTracker::CPUTracker(PerfConfig *perf) : PerfTracker(perf, TRACKER_NAME)
  {
-    formatter->register_section("thread_" + to_string(snort::get_instance_id()));
+    formatter->register_section("thread_" + std::to_string(get_instance_id()));
      formatter->register_field("cpu_user", &user_stat);
      formatter->register_field("cpu_system", &system_stat);
      formatter->register_field("cpu_wall", &wall_stat);
diff --git a/src/network_inspectors/perf_monitor/perf_module.cc b/src/network_inspectors/perf_monitor/perf_module.cc

index 4a61e32705d68931fa446133f4d982614f571c46..b9de75f84fa78a550f76fd5d1629336a618c209b 100644 (file)
--- a/src/network_inspectors/perf_monitor/perf_module.cc
+++ b/src/network_inspectors/perf_monitor/perf_module.cc
@@ -217,7 +217,7 @@ PerfConfig* PerfMonModule::get_config()
  }
  
  const PegInfo* PerfMonModule::get_pegs() const
-{ return snort::simple_pegs; }
+{ return simple_pegs; }
  
  PegCount* PerfMonModule::get_counts() const
  { return (PegCount*)&pmstats; }
diff --git a/src/network_inspectors/perf_monitor/perf_tracker.cc b/src/network_inspectors/perf_monitor/perf_tracker.cc

index d03d6cd5957c4ea4bb8f834da372ee5fd8345371..fb36cc207b025ee18facf5532a7260e5ae41eb3a 100644 (file)
--- a/src/network_inspectors/perf_monitor/perf_tracker.cc
+++ b/src/network_inspectors/perf_monitor/perf_tracker.cc
@@ -123,12 +123,12 @@ bool PerfTracker::open(bool append)
                          file_name, mode, get_error(errno));
                  }
  
-                if (chown(file_name, snort::SnortConfig::get_uid(),
-                    snort::SnortConfig::get_gid()) != 0)
+                if (chown(file_name, SnortConfig::get_uid(),
+                    SnortConfig::get_gid()) != 0)
                  {
                      WarningMessage("perfmonitor: Unable to change permissions of "
                          "stats file '%s' to user:%d and group:%d: %s.\n",
-                        file_name, snort::SnortConfig::get_uid(), snort::SnortConfig::get_gid(),
+                        file_name, SnortConfig::get_uid(), SnortConfig::get_gid(),
                          get_error(errno));
                  }
              }
diff --git a/src/network_inspectors/port_scan/ps_module.cc b/src/network_inspectors/port_scan/ps_module.cc

index 9f49d128e42e0e8fe90275bc37ba6e53ea3bb9a7..85abdd373d98d36fd1fcb2c3f3c2d186bc3d7b5d 100644 (file)
--- a/src/network_inspectors/port_scan/ps_module.cc
+++ b/src/network_inspectors/port_scan/ps_module.cc
@@ -199,7 +199,7 @@ ProfileStats* PortScanModule::get_profile() const
  { return &psPerfStats; }
  
  const PegInfo* PortScanModule::get_pegs() const
-{ return snort::simple_pegs; }
+{ return simple_pegs; }
  
  PegCount* PortScanModule::get_counts() const
  { return (PegCount*)&spstats; }
diff --git a/src/network_inspectors/reputation/reputation_parse.cc b/src/network_inspectors/reputation/reputation_parse.cc

index 659ef4212082c0b2007629f18618183712ede8b5..8938f3c6777c7e61c590ebac68d5188a149d79f9 100644 (file)
--- a/src/network_inspectors/reputation/reputation_parse.cc
+++ b/src/network_inspectors/reputation/reputation_parse.cc
@@ -308,7 +308,7 @@ static int64_t update_entry_info(INFO* current, INFO new_entry, SaveDest save_de
      return bytes_allocated;
  }
  
-static int add_ip(snort::SfCidr* ip_addr,INFO info_ptr, ReputationConfig* config)
+static int add_ip(SfCidr* ip_addr,INFO info_ptr, ReputationConfig* config)
  {
      int ret;
      int final_ret = IP_INSERT_SUCCESS;
@@ -358,7 +358,7 @@ static int add_ip(snort::SfCidr* ip_addr,INFO info_ptr, ReputationConfig* config
  }
  
  // FIXIT-L X Remove this or at least move it to SfCidr?
-static int snort_pton_address(char const* src, snort::SfCidr* dest)
+static int snort_pton_address(char const* src, SfCidr* dest)
  {
      unsigned char _temp[sizeof(struct in6_addr)];
  
@@ -374,7 +374,7 @@ static int snort_pton_address(char const* src, snort::SfCidr* dest)
  
  // FIXIT-L X Remove this or at least move it to SfCidr?
  #define isident(x) (isxdigit((x)) || (x) == ':' || (x) == '.')
-static int snort_pton(char const* src, snort::SfCidr* dest)
+static int snort_pton(char const* src, SfCidr* dest)
  {
      char ipbuf[INET6_ADDRSTRLEN];
      char cidrbuf[sizeof("128")];
@@ -498,7 +498,7 @@ static int snort_pton(char const* src, snort::SfCidr* dest)
  
  static int process_line(char* line, INFO info, ReputationConfig* config)
  {
-    snort::SfCidr address;
+    SfCidr address;
  
      if ( !line || *line == '\0' )
          return IP_INSERT_SUCCESS;
diff --git a/src/network_inspectors/rna/rna_pnd.cc b/src/network_inspectors/rna/rna_pnd.cc

index ed818d6d5851359cfcd03d3b7dbd573b99edfb34..1dd6c5ecdf054eba65a6e53218770da4c87a4491 100644 (file)
--- a/src/network_inspectors/rna/rna_pnd.cc
+++ b/src/network_inspectors/rna/rna_pnd.cc
@@ -42,7 +42,7 @@ using namespace snort;
  static inline bool is_eligible_packet(const Packet* p)
  {
      if ( p->has_ip() or
-        memcmp(snort::layer::get_eth_layer(p)->ether_src, zero_mac, MAC_SIZE) )
+        memcmp(layer::get_eth_layer(p)->ether_src, zero_mac, MAC_SIZE) )
          return true;
      return false;
  }
@@ -68,8 +68,8 @@ static inline bool is_eligible_udp(const Packet* p)
          return false;
      if ( p->is_from_client() )
      {
-        const snort::SfIp* src = p->ptrs.ip_api.get_src();
-        const snort::SfIp* dst = p->ptrs.ip_api.get_dst();
+        const SfIp* src = p->ptrs.ip_api.get_src();
+        const SfIp* dst = p->ptrs.ip_api.get_dst();
          if ( !src->is_set() and IN6_IS_ADDR_MULTICAST(dst->get_ip6_ptr()) and
              p->ptrs.sp == 68 and p->ptrs.dp == 67 )
              return false; // skip BOOTP
@@ -162,7 +162,7 @@ void RnaPnd::discover_network(const Packet* p, u_int8_t ttl)
  
  }
  
-void RnaPnd::generate_change_host_update(RnaTracker* ht, const snort::Packet* p,
+void RnaPnd::generate_change_host_update(RnaTracker* ht, const Packet* p,
      const SfIp* src_ip, const uint8_t* src_mac, time_t sec)
  {
      if ( !ht || !update_timeout)
diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc

index 8c5359927e3b55fff879f1a694d5b2d31fbea7b0..1e7841b2920f51a0b184d5a073e377c9b476d791 100644 (file)
--- a/src/packet_io/active.cc
+++ b/src/packet_io/active.cc
@@ -149,9 +149,9 @@ void Active::kill_session(Packet* p, EncodeFlags flags)
  
      default:
          if ( packet_force_dropped() )
-            send_unreach(p, snort::UnreachResponse::FWD);
+            send_unreach(p, UnreachResponse::FWD);
          else
-            send_unreach(p, snort::UnreachResponse::PORT);
+            send_unreach(p, UnreachResponse::PORT);
          break;
      }
  }
@@ -217,7 +217,7 @@ void Active::send_reset(Packet* p, EncodeFlags ef)
      }
  }
  
-void Active::send_unreach(Packet* p, snort::UnreachResponse type)
+void Active::send_unreach(Packet* p, UnreachResponse type)
  {
      uint32_t len;
      const uint8_t* rej;
diff --git a/src/parser/parse_ip.cc b/src/parser/parse_ip.cc

index 7c7994ba5d4bb17891dac8636738b2626b1c4bbb..d3469b5fc240ab84726861bfb66515f1f691cc63 100644 (file)
--- a/src/parser/parse_ip.cc
+++ b/src/parser/parse_ip.cc
@@ -28,14 +28,16 @@
  #include "sfip/sf_vartable.h"
  #include "utils/util.h"
  
+using namespace snort;
+
  sfip_var_t* sfip_var_from_string(const char* addr, const char* caller)
  {
      sfip_var_t* ret;
      int ret_code;
      vartable_t* ip_vartable = nullptr;
  
-    if (snort::get_ips_policy())
-        ip_vartable = snort::get_ips_policy()->ip_vartable;
+    if (get_ips_policy())
+        ip_vartable = get_ips_policy()->ip_vartable;
  
      ret = (sfip_var_t*)snort_calloc(sizeof(sfip_var_t));
  
@@ -43,26 +45,26 @@ sfip_var_t* sfip_var_from_string(const char* addr, const char* caller)
      {
          if (ret_code == SFIP_LOOKUP_FAILURE)
          {
-            snort::ParseError("%s: Undefined variable in the IP list: %s", caller, addr);
+            ParseError("%s: Undefined variable in the IP list: %s", caller, addr);
              return ret;
          }
          else if (ret_code == SFIP_CONFLICT)
          {
-            snort::ParseError("%s: Negated IP ranges equal to or"
+            ParseError("%s: Negated IP ranges equal to or"
                  " more-specific than non-negated ranges are not allowed."
                  " Consider inverting the logic: %s.", caller, addr);
              return ret;
          }
          else if (ret_code == SFIP_LOOKUP_UNAVAILABLE)
          {
-            snort::ParseError("%s: Error parsing IP list: %s. "
+            ParseError("%s: Error parsing IP list: %s. "
                  "Snort variables are only permitted in rule headers, otherwise use Lua variables.",
                  caller, addr);
              return ret;
          }
          else
          {
-            snort::ParseError("%s: Unable to process IP list: %s", caller, addr);
+            ParseError("%s: Unable to process IP list: %s", caller, addr);
              return ret;
          }
      }
diff --git a/src/parser/parse_ports.cc b/src/parser/parse_ports.cc

index e69f95adba6e953b2f2e07fdd9ae8f242f74fb77..83d642ba9c3eeeb592670740a1dd959550f4dbda 100644 (file)
--- a/src/parser/parse_ports.cc
+++ b/src/parser/parse_ports.cc
@@ -286,7 +286,7 @@ static PortObject* _POParsePort(POParser* pop)
              (c == ','))
          {
              /* Open ended range, highport is 65k */
-            hport = snort::MAX_PORTS - 1;
+            hport = MAX_PORTS - 1;
              PortObjectAddRange(po, lport, hport);
              return po;
          }
diff --git a/src/parser/parse_stream.cc b/src/parser/parse_stream.cc

index ebf82e0c01c3d3696372253593f6b0f7d6173be6..2de80d146e3ce394ca74a429557e968b488ec8ed 100644 (file)
--- a/src/parser/parse_stream.cc
+++ b/src/parser/parse_stream.cc
@@ -487,7 +487,7 @@ struct RuleParseState
  
  static bool exec(
      FsmAction act, string& tok,
-    RuleParseState& rps, snort::SnortConfig* sc)
+    RuleParseState& rps, SnortConfig* sc)
  {
      switch ( act )
      {
@@ -615,7 +615,7 @@ static int get_escape(const string& s)
      return 1;      // escape, option goes to "
  }
  
-void parse_stream(istream& is, snort::SnortConfig* sc)
+void parse_stream(istream& is, SnortConfig* sc)
  {
      string tok;
      TokenType type;
diff --git a/src/parser/vars.cc b/src/parser/vars.cc

index 321c0bed03e7ec25a4a657170ee2c18f2a0c486e..5daab05e4a8ce04b93ec0d999f0598b81487efb9 100644 (file)
--- a/src/parser/vars.cc
+++ b/src/parser/vars.cc
@@ -127,7 +127,7 @@ int PortVarDefine(SnortConfig* sc, const char* name, const char* s)
      PortObject* po;
      POParser pop;
      int rstat;
-    PortVarTable* portVarTable = snort::get_ips_policy()->portVarTable;
+    PortVarTable* portVarTable = get_ips_policy()->portVarTable;
  
      DisallowCrossTableDuplicateVars(sc, name, VAR_TYPE__PORTVAR);
  
@@ -366,7 +366,7 @@ int VarIsIpList(vartable_t* ip_vartable, const char* value)
  void DisallowCrossTableDuplicateVars(
      SnortConfig*, const char* name, VarType var_type)
  {
-    IpsPolicy* dp = snort::get_ips_policy();
+    IpsPolicy* dp = get_ips_policy();
      VarEntry* var_table = dp->var_table;
      PortVarTable* portVarTable = dp->portVarTable;
      vartable_t* ip_vartable = dp->ip_vartable;
@@ -457,7 +457,7 @@ void DisallowCrossTableDuplicateVars(
  VarEntry* VarDefine(
      SnortConfig* sc, const char* name, const char* value)
  {
-    IpsPolicy* dp = snort::get_ips_policy();
+    IpsPolicy* dp = get_ips_policy();
      VarEntry* var_table = dp->var_table;
      vartable_t* ip_vartable = dp->ip_vartable;
      VarEntry* p;
@@ -644,7 +644,7 @@ void DeleteVars(VarEntry* var_table)
  
  const char* VarSearch(SnortConfig* sc, const char* name)
  {
-    IpsPolicy* dp = snort::get_ips_policy();
+    IpsPolicy* dp = get_ips_policy();
      VarEntry* var_table = dp->var_table;
      PortVarTable* portVarTable = dp->portVarTable;
      vartable_t* ip_vartable = dp->ip_vartable;
diff --git a/src/piglet/piglet.cc b/src/piglet/piglet.cc

index 916ae5ea9ec1b74d38a041891022678536612471..fac58947f1a37ee584d29e3cd9e46dca53e32cee 100644 (file)
--- a/src/piglet/piglet.cc
+++ b/src/piglet/piglet.cc
@@ -31,6 +31,8 @@
  #include "piglet_output.h"
  #include "piglet_runner.h"
  
+using namespace snort;
+
  namespace Piglet
  {
  int main()
@@ -43,5 +45,5 @@ int main()
  }
  
  bool piglet_mode()
-{ return snort::SnortConfig::get_conf()->run_flags & RUN_FLAG__PIGLET; }
+{ return SnortConfig::get_conf()->run_flags & RUN_FLAG__PIGLET; }
  } // namespace Piglet
diff --git a/src/piglet_plugins/pp_search_engine_iface.cc b/src/piglet_plugins/pp_search_engine_iface.cc

index d1c8668e43fde94138bf19795b0003ad06f14a29..e6088064d3fc1e9d366bd98b6431f01f4685390a 100644 (file)
--- a/src/piglet_plugins/pp_search_engine_iface.cc
+++ b/src/piglet_plugins/pp_search_engine_iface.cc
@@ -25,12 +25,14 @@
  
  #include "framework/mpse.h"
  
+using namespace snort;
+
  static const luaL_Reg methods[] =
  {
      { nullptr, nullptr }
  };
  
-const struct Lua::InstanceInterface<snort::Mpse> SearchEngineIface =
+const struct Lua::InstanceInterface<Mpse> SearchEngineIface =
  {
      "SearchEngine",
      methods
diff --git a/src/ports/port_object.cc b/src/ports/port_object.cc

index 45b9472774a70367d9f803f3efa9db4aac486c4a..48d6bb9750b39635baa1ed8fd3485cc4a97669e8 100644 (file)
--- a/src/ports/port_object.cc
+++ b/src/ports/port_object.cc
@@ -117,7 +117,7 @@ int PortObjectAddItem(PortObject* po, PortObjectItem* poi, int* errflag)
          p=(PortObjectItem*)sflist_next(&pos) )
      {
          if ((p->lport == poi->lport) && (p->hport == poi->hport))
-            snort::ParseWarning(WARN_RULES, "duplicate ports in list");
+            ParseWarning(WARN_RULES, "duplicate ports in list");
      }
  
      sflist_add_tail(po->item_list, poi);
@@ -553,7 +553,7 @@ void PortObjectPrintPortsRaw(PortObject* po)
  
      SnortSnprintfAppend(buf, bufsize, " ]");
  
-    snort::LogMessage("%s", buf);
+    LogMessage("%s", buf);
  
      snort_free(buf);
  }
@@ -572,7 +572,7 @@ void PortObjectPrintEx(PortObject* po, po_print_f print_index_map)
      unsigned i;
  
      /* static for printing so we don't put so many bytes on the stack */
-    static char print_buf[snort::MAX_PORTS];  // FIXIT-L delete this; replace with local stringstream
+    static char print_buf[MAX_PORTS];  // FIXIT-L delete this; replace with local stringstream
  
      int bufsize = sizeof(print_buf);
      print_buf[0] = '\0';
@@ -640,7 +640,7 @@ void PortObjectPrintEx(PortObject* po, po_print_f print_index_map)
      }
      SnortSnprintfAppend(print_buf, bufsize, "  ]\n }\n");
  
-    snort::LogMessage("%s", print_buf);
+    LogMessage("%s", print_buf);
      snort_free(rlist);
  }
  
diff --git a/src/ports/port_utils.cc b/src/ports/port_utils.cc

index 1cd40987f0488cb2bfb649d129e05922c58dc722..c2f571e2650227bfae78df2c11fb99c330ecd4a4 100644 (file)
--- a/src/ports/port_utils.cc
+++ b/src/ports/port_utils.cc
@@ -213,5 +213,5 @@ int* RuleListToSortedArray(SF_LIST* rl)
  // printing
  //-------------------------------------------------------------------------
  
-char po_print_buf[snort::MAX_PORTS];
+char po_print_buf[MAX_PORTS];
  
diff --git a/src/ports/rule_port_tables.cc b/src/ports/rule_port_tables.cc

index e6efc41071e26bc768ab67451ddbb67523126240..c276e4a22c5299f36e1d7c829b7d1316e6c1163d 100644 (file)
--- a/src/ports/rule_port_tables.cc
+++ b/src/ports/rule_port_tables.cc
@@ -28,6 +28,8 @@
  #include "port_object.h"
  #include "port_table.h"
  
+using namespace snort;
+
  #define DEFAULT_LARGE_RULE_GROUP 9
  
  PortProto::PortProto()
@@ -39,7 +41,7 @@ PortProto::PortProto()
      nfp = PortObjectNew();
  
      if ( !src or !dst or !any or !nfp )
-        snort::ParseAbort("can't allocate port structs");
+        ParseAbort("can't allocate port structs");
  
     // someday these could be read from snort.conf, something like...
     // 'config portlist: large-rule-count <val>'
@@ -70,7 +72,7 @@ RulePortTables* PortTablesNew()
      RulePortTables* rpt = new RulePortTables;
  
      if ( !(rpt->svc_any = PortObjectNew()) )
-        snort::ParseAbort("ParseRulesFile udp any-any PortObjectNew() failed");
+        ParseAbort("ParseRulesFile udp any-any PortObjectNew() failed");
  
      PortObjectAddPortAny(rpt->svc_any);
  
diff --git a/src/protocols/packet_manager.cc b/src/protocols/packet_manager.cc

index f182abb35b572e8aa49b782b6f5934ff7248a26c..e729c31a4ac7ca4afaf209a522230ed0a49b69ed 100644 (file)
--- a/src/protocols/packet_manager.cc
+++ b/src/protocols/packet_manager.cc
@@ -516,16 +516,16 @@ const uint8_t* PacketManager::encode_reject(UnreachResponse type,
  
          switch (type)
          {
-        case snort::UnreachResponse::NET:
+        case UnreachResponse::NET:
              icmph->code = icmp::IcmpCode::NET_UNREACH;
              break;
-        case snort::UnreachResponse::HOST:
+        case UnreachResponse::HOST:
              icmph->code = icmp::IcmpCode::HOST_UNREACH;
              break;
-        case snort::UnreachResponse::PORT:
+        case UnreachResponse::PORT:
              icmph->code = icmp::IcmpCode::PORT_UNREACH;
              break;
-        case snort::UnreachResponse::FWD:
+        case UnreachResponse::FWD:
              icmph->code = icmp::IcmpCode::PKT_FILTERED;
              break;
          default:     // future proofing
@@ -572,16 +572,16 @@ const uint8_t* PacketManager::encode_reject(UnreachResponse type,
  
          switch (type)
          {
-        case snort::UnreachResponse::NET:
+        case UnreachResponse::NET:
              icmph->code = icmp::Icmp6Code::UNREACH_NET;
              break;
-        case snort::UnreachResponse::HOST:
+        case UnreachResponse::HOST:
              icmph->code = icmp::Icmp6Code::UNREACH_HOST;
              break;
-        case snort::UnreachResponse::PORT:
+        case UnreachResponse::PORT:
              icmph->code = icmp::Icmp6Code::UNREACH_PORT;
              break;
-        case snort::UnreachResponse::FWD:
+        case UnreachResponse::FWD:
              icmph->code = icmp::Icmp6Code::UNREACH_FILTER_PROHIB;
              break;
          default:     // future proofing
diff --git a/src/search_engines/acsmx.cc b/src/search_engines/acsmx.cc

index 777885f774fcd94075f80f64cada2840c200a520..87291d0ef613e939f580266dbf4392c6a8cdcd3e 100644 (file)
--- a/src/search_engines/acsmx.cc
+++ b/src/search_engines/acsmx.cc
@@ -60,6 +60,8 @@
  #include "main/thread.h"
  #include "utils/util.h"
  
+using namespace snort;
+
  #define MEMASSERT(p,s) if (!(p)) { fprintf(stderr,"ACSM-No Memory: %s\n",s); exit(0); }
  
  static int max_memory = 0;
@@ -315,7 +317,7 @@ int acsmAddPattern(
      return 0;
  }
  
-static void acsmBuildMatchStateTrees(snort::SnortConfig* sc, ACSM_STRUCT* acsm)
+static void acsmBuildMatchStateTrees(SnortConfig* sc, ACSM_STRUCT* acsm)
  {
      ACSM_PATTERN* mlist;
  
@@ -402,7 +404,7 @@ static inline int _acsmCompile(ACSM_STRUCT* acsm)
      return 0;
  }
  
-int acsmCompile(snort::SnortConfig* sc, ACSM_STRUCT* acsm)
+int acsmCompile(SnortConfig* sc, ACSM_STRUCT* acsm)
  {
      if ( int rval = _acsmCompile (acsm) )
          return rval;
diff --git a/src/search_engines/acsmx2.cc b/src/search_engines/acsmx2.cc

index d98dfab7b940abec8c1f61f115ce9500861faea5..e5a3829b2651cfc1501064cd2c3038262d80b89e 100644 (file)
--- a/src/search_engines/acsmx2.cc
+++ b/src/search_engines/acsmx2.cc
@@ -128,7 +128,7 @@ using namespace snort;
  
  #define printf LogMessage
  
-#define MEMASSERT(p,s) if (!(p)) { snort::FatalError("ACSM-No Memory: %s\n",s); }
+#define MEMASSERT(p,s) if (!(p)) { FatalError("ACSM-No Memory: %s\n",s); }
  
  static int acsm2_total_memory = 0;
  static int acsm2_pattern_memory = 0;
@@ -1192,7 +1192,7 @@ static void acsmUpdateMatchStates(ACSM_STRUCT2* acsm)
      }
  }
  
-static void acsmBuildMatchStateTrees2(snort::SnortConfig* sc, ACSM_STRUCT2* acsm)
+static void acsmBuildMatchStateTrees2(SnortConfig* sc, ACSM_STRUCT2* acsm)
  {
      ACSM_PATTERN2** MatchList = acsm->acsmMatchList;
      ACSM_PATTERN2* mlist;
@@ -1365,7 +1365,7 @@ static inline int _acsmCompile2(ACSM_STRUCT2* acsm)
      return 0;
  }
  
-int acsmCompile2(snort::SnortConfig* sc, ACSM_STRUCT2* acsm)
+int acsmCompile2(SnortConfig* sc, ACSM_STRUCT2* acsm)
  {
      if ( int rval = _acsmCompile2(acsm) )
          return rval;
diff --git a/src/search_engines/bnfa_search.cc b/src/search_engines/bnfa_search.cc

index 34791135a14f37eddd3d494d90b0a321eb70fe3a..0e0511bd307809331e57e16688c021868c780e4c 100644 (file)
--- a/src/search_engines/bnfa_search.cc
+++ b/src/search_engines/bnfa_search.cc
@@ -355,7 +355,7 @@ static int _bnfa_list_free_table(bnfa_struct_t* bnfa)
      return 0;
  }
  
-static void bnfaBuildMatchStateTrees(snort::SnortConfig* sc, bnfa_struct_t* bnfa)
+static void bnfaBuildMatchStateTrees(SnortConfig* sc, bnfa_struct_t* bnfa)
  {
      bnfa_match_node_t* mn;
      bnfa_match_node_t** MatchList = bnfa->bnfaMatchList;
@@ -1451,7 +1451,7 @@ static inline int _bnfaCompile(bnfa_struct_t* bnfa)
      return 0;
  }
  
-int bnfaCompile(snort::SnortConfig* sc, bnfa_struct_t* bnfa)
+int bnfaCompile(SnortConfig* sc, bnfa_struct_t* bnfa)
  {
      if ( int rval = _bnfaCompile (bnfa) )
          return rval;
diff --git a/src/service_inspectors/back_orifice/back_orifice.cc b/src/service_inspectors/back_orifice/back_orifice.cc

index 16613dc2ffe1935301b6f148e88c723d88e28a14..478cb777963747185d735046facf9c3500698c70 100644 (file)
--- a/src/service_inspectors/back_orifice/back_orifice.cc
+++ b/src/service_inspectors/back_orifice/back_orifice.cc
@@ -198,7 +198,7 @@ public:
  };
  
  const PegInfo* BoModule::get_pegs() const
-{ return snort::simple_pegs; }
+{ return simple_pegs; }
  
  PegCount* BoModule::get_counts() const
  { return (PegCount*)&bostats; }
diff --git a/src/service_inspectors/dce_rpc/dce_common.cc b/src/service_inspectors/dce_rpc/dce_common.cc

index dbf55b84936fc53c994720f526cb042bcfddbc21..f9c501cdeafebccf44ed242dc5ba9a0eccc3f8f9 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_common.cc
+++ b/src/service_inspectors/dce_rpc/dce_common.cc
@@ -164,14 +164,14 @@ void DCE2_Detect(DCE2_SsnData* sd)
          DCE2_Detect(sd);
          return;
      }
-    snort::Packet* top_pkt = DetectionEngine::get_current_packet();
+    Packet* top_pkt = DetectionEngine::get_current_packet();
      DetectionEngine::detect(top_pkt);
      dce2_detected = 1;
      /* Always reset rule option data after detecting */
      DCE2_ResetRopts(sd , top_pkt);
  }
  
-DCE2_TransType get_dce2_trans_type(const snort::Packet* p)
+DCE2_TransType get_dce2_trans_type(const Packet* p)
  {
      DCE2_SmbSsnData* smb_data = get_dce2_smb_session_data(p->flow);
      DCE2_SsnData* sd = (smb_data != nullptr) ? &(smb_data->sd) : nullptr;
@@ -239,7 +239,7 @@ bool DceEndianness::get_offset_endianness(int32_t offset, uint8_t& endian)
  
  uint16_t DCE2_GetRpktMaxData(DCE2_RpktType rtype)
  {
-    snort::Packet* p = DetectionEngine::get_current_packet();
+    Packet* p = DetectionEngine::get_current_packet();
      uint16_t overhead = 0;
  
      switch (rtype)
@@ -275,10 +275,10 @@ uint16_t DCE2_GetRpktMaxData(DCE2_RpktType rtype)
          assert(false);
          return 0;
      }
-    return (snort::Packet::max_dsize - overhead);
+    return (Packet::max_dsize - overhead);
  }
  
-static void dce2_fill_rpkt_info(snort::Packet* rpkt, snort::Packet* p)
+static void dce2_fill_rpkt_info(Packet* rpkt, Packet* p)
  {
      rpkt->endianness = new DceEndianness();
      rpkt->pkth = p->pkth;
@@ -292,10 +292,10 @@ static void dce2_fill_rpkt_info(snort::Packet* rpkt, snort::Packet* p)
      rpkt->user_network_policy_id = p->user_network_policy_id;
  }
  
-snort::Packet* DCE2_GetRpkt(snort::Packet* p,DCE2_RpktType rpkt_type,
+Packet* DCE2_GetRpkt(Packet* p,DCE2_RpktType rpkt_type,
      const uint8_t* data, uint32_t data_len)
  {
-    snort::Packet* rpkt = DetectionEngine::set_next_packet(p);
+    Packet* rpkt = DetectionEngine::set_next_packet(p);
      uint8_t* wrdata = const_cast<uint8_t*>(rpkt->data);
      dce2_fill_rpkt_info(rpkt, p);
      uint16_t data_overhead = 0;
@@ -394,10 +394,10 @@ snort::Packet* DCE2_GetRpkt(snort::Packet* p,DCE2_RpktType rpkt_type,
          return nullptr;
      }
  
-    if ((data_overhead + data_len) > snort::Packet::max_dsize)
-        data_len -= (data_overhead + data_len) - snort::Packet::max_dsize;
+    if ((data_overhead + data_len) > Packet::max_dsize)
+        data_len -= (data_overhead + data_len) - Packet::max_dsize;
  
-    if (data_len > snort::Packet::max_dsize - data_overhead)
+    if (data_len > Packet::max_dsize - data_overhead)
      {
          delete rpkt->endianness;
          rpkt->endianness = nullptr;
@@ -405,14 +405,14 @@ snort::Packet* DCE2_GetRpkt(snort::Packet* p,DCE2_RpktType rpkt_type,
      }
  
      memcpy_s((void*)(rpkt->data + data_overhead),
-        snort::Packet::max_dsize - data_overhead, data, data_len);
+        Packet::max_dsize - data_overhead, data, data_len);
  
      rpkt->dsize = data_len + data_overhead;
      using_rpkt = true;
      return rpkt;
  }
  
-DCE2_Ret DCE2_AddDataToRpkt(snort::Packet* rpkt, const uint8_t* data, uint32_t data_len)
+DCE2_Ret DCE2_AddDataToRpkt(Packet* rpkt, const uint8_t* data, uint32_t data_len)
  {
      if ((rpkt == nullptr) || (data == nullptr) || (data_len == 0))
          return DCE2_RET__ERROR;
@@ -421,16 +421,16 @@ DCE2_Ret DCE2_AddDataToRpkt(snort::Packet* rpkt, const uint8_t* data, uint32_t d
          return DCE2_RET__ERROR;
  
      // FIXIT-L PORT_IF_NEEDED packet size and hdr check
-    const uint8_t* pkt_data_end = rpkt->data + snort::Packet::max_dsize;
+    const uint8_t* pkt_data_end = rpkt->data + Packet::max_dsize;
      const uint8_t* payload_end = rpkt->data + rpkt->dsize;
  
      if ((payload_end + data_len) > pkt_data_end)
          data_len = pkt_data_end - payload_end;
  
-    if (data_len > snort::Packet::max_dsize - rpkt->dsize)
+    if (data_len > Packet::max_dsize - rpkt->dsize)
          return DCE2_RET__ERROR;
  
-    memcpy_s((void*)(payload_end), snort::Packet::max_dsize - rpkt->dsize,
+    memcpy_s((void*)(payload_end), Packet::max_dsize - rpkt->dsize,
          data, data_len);
  
      rpkt->dsize += (uint16_t)data_len;
diff --git a/src/service_inspectors/dce_rpc/dce_smb.cc b/src/service_inspectors/dce_rpc/dce_smb.cc

index 41ed7764806b206119aedb62abe817e3354dc956..25d6cfabc27938ebaccd5a80ffad02173dd9390c 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb.cc
@@ -38,8 +38,10 @@
  #include "dce_smb_utils.h"
  #include "dce_smb2.h"
  
+using namespace snort;
+
  THREAD_LOCAL dce2SmbStats dce2_smb_stats;
-THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_main;
+THREAD_LOCAL ProfileStats dce2_smb_pstat_main;
  
  //-------------------------------------------------------------------------
  // debug stuff
@@ -314,16 +316,16 @@ const char* get_smb_com_string(uint8_t b)
  // class stuff
  //-------------------------------------------------------------------------
  
-class Dce2Smb : public snort::Inspector
+class Dce2Smb : public Inspector
  {
  public:
      Dce2Smb(const dce2SmbProtoConf&);
      ~Dce2Smb() override;
  
-    void show(snort::SnortConfig*) override;
-    void eval(snort::Packet*) override;
-    void clear(snort::Packet*) override;
-    snort::StreamSplitter* get_splitter(bool c2s) override
+    void show(SnortConfig*) override;
+    void eval(Packet*) override;
+    void clear(Packet*) override;
+    StreamSplitter* get_splitter(bool c2s) override
      {
          return new Dce2SmbSplitter(c2s);
      }
@@ -338,7 +340,7 @@ Dce2Smb::Dce2Smb(const dce2SmbProtoConf& pc)
      if ((config.smb_file_inspection == DCE2_SMB_FILE_INSPECTION_ONLY)
          || (config.smb_file_inspection == DCE2_SMB_FILE_INSPECTION_ON))
      {
-        snort::Active::set_enabled();
+        Active::set_enabled();
      }
  }
  
@@ -350,15 +352,15 @@ Dce2Smb::~Dce2Smb()
      }
  }
  
-void Dce2Smb::show(snort::SnortConfig*)
+void Dce2Smb::show(SnortConfig*)
  {
      print_dce2_smb_conf(config);
  }
  
-void Dce2Smb::eval(snort::Packet* p)
+void Dce2Smb::eval(Packet* p)
  {
      DCE2_SmbSsnData* dce2_smb_sess;
-    snort::Profile profile(dce2_smb_pstat_main);
+    Profile profile(dce2_smb_pstat_main);
  
      assert(p->has_tcp_data());
      assert(p->flow);
@@ -385,7 +387,7 @@ void Dce2Smb::eval(snort::Packet* p)
      }
  }
  
-void Dce2Smb::clear(snort::Packet* p)
+void Dce2Smb::clear(Packet* p)
  {
      DCE2_SmbSsnData* dce2_smb_sess = get_dce2_smb_session_data(p->flow);
      if ( dce2_smb_sess )
@@ -398,12 +400,12 @@ void Dce2Smb::clear(snort::Packet* p)
  // api stuff
  //-------------------------------------------------------------------------
  
-static snort::Module* mod_ctor()
+static Module* mod_ctor()
  {
      return new Dce2SmbModule;
  }
  
-static void mod_dtor(snort::Module* m)
+static void mod_dtor(Module* m)
  {
      delete m;
  }
@@ -416,7 +418,7 @@ static void dce2_smb_init()
      DceContextData::init(DCE2_TRANS_TYPE__SMB);
  }
  
-static snort::Inspector* dce2_smb_ctor(snort::Module* m)
+static Inspector* dce2_smb_ctor(Module* m)
  {
      Dce2SmbModule* mod = (Dce2SmbModule*)m;
      dce2SmbProtoConf config;
@@ -424,16 +426,16 @@ static snort::Inspector* dce2_smb_ctor(snort::Module* m)
      return new Dce2Smb(config);
  }
  
-static void dce2_smb_dtor(snort::Inspector* p)
+static void dce2_smb_dtor(Inspector* p)
  {
      delete p;
  }
  
-const snort::InspectApi dce2_smb_api =
+const InspectApi dce2_smb_api =
  {
      {
          PT_INSPECTOR,
-        sizeof(snort::InspectApi),
+        sizeof(InspectApi),
          INSAPI_VERSION,
          0,
          API_RESERVED,
@@ -443,7 +445,7 @@ const snort::InspectApi dce2_smb_api =
          mod_ctor,
          mod_dtor
      },
-    snort::IT_SERVICE,
+    IT_SERVICE,
      PROTO_BIT__PDU,
      nullptr,  // buffers
      "netbios-ssn",
diff --git a/src/service_inspectors/dce_rpc/dce_smb_commands.cc b/src/service_inspectors/dce_rpc/dce_smb_commands.cc

index 49b093a75cc1b5456b1633d69c6ccc82054195be..84e258d77ea9b7832849c59e79e60f8a9b93e968 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb_commands.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb_commands.cc
@@ -422,7 +422,7 @@ static DCE2_Ret DCE2_SmbWriteAndXRawRequest(DCE2_SmbSsnData* ssd, const SmbNtHdr
              {
                  const uint8_t* data_ptr = DCE2_BufferData(ftracker->fp_writex_raw->buf);
                  uint32_t data_len = DCE2_BufferLength(ftracker->fp_writex_raw->buf);
-                snort::Packet* rpkt = DCE2_SmbGetRpkt(ssd,
+                Packet* rpkt = DCE2_SmbGetRpkt(ssd,
                      &data_ptr, &data_len, DCE2_RPKT_TYPE__SMB_TRANS);
  
                  if (rpkt == nullptr)
@@ -752,7 +752,7 @@ DCE2_Ret DCE2_SmbRead(DCE2_SmbSsnData* ssd, const SmbNtHdr*,
          uint16_t byte_count = DCE2_ComInfoByteCount(com_info);
          uint16_t com_dcnt = SmbReadRespCount((const SmbReadResp*)nb_ptr);
          uint8_t fmt = *(nb_ptr + com_size);
-        uint16_t fmt_dcnt = snort::alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1));
+        uint16_t fmt_dcnt = alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1));
  
          dce2_move(nb_ptr, nb_len, (com_size + 3));
  
@@ -782,7 +782,7 @@ DCE2_Ret DCE2_SmbWrite(DCE2_SmbSsnData* ssd, const SmbNtHdr*,
          uint16_t byte_count = DCE2_ComInfoByteCount(com_info);
          uint8_t fmt = *(nb_ptr + com_size);
          uint16_t com_dcnt = SmbWriteReqCount((const SmbWriteReq*)nb_ptr);
-        uint16_t fmt_dcnt = snort::alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1));
+        uint16_t fmt_dcnt = alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1));
          uint16_t fid = SmbWriteReqFid((const SmbWriteReq*)nb_ptr);
          uint32_t offset = SmbWriteReqOffset((const SmbWriteReq*)nb_ptr);
  
@@ -894,7 +894,7 @@ DCE2_Ret DCE2_SmbLockAndRead(DCE2_SmbSsnData* ssd, const SmbNtHdr*,
          uint16_t byte_count = DCE2_ComInfoByteCount(com_info);
          uint8_t fmt = *(nb_ptr + com_size);
          uint16_t com_dcnt = SmbLockAndReadRespCount((const SmbLockAndReadResp*)nb_ptr);
-        uint16_t fmt_dcnt = snort::alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1));
+        uint16_t fmt_dcnt = alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1));
  
          dce2_move(nb_ptr, nb_len, (com_size + 3));
  
@@ -949,7 +949,7 @@ DCE2_Ret DCE2_SmbWriteAndUnlock(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr,
          uint16_t byte_count = DCE2_ComInfoByteCount(com_info);
          uint8_t fmt = *(nb_ptr + com_size);
          uint16_t com_dcnt = SmbWriteAndUnlockReqCount((const SmbWriteAndUnlockReq*)nb_ptr);
-        uint16_t fmt_dcnt = snort::alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1));
+        uint16_t fmt_dcnt = alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1));
          uint16_t fid = SmbWriteAndUnlockReqFid((const SmbWriteAndUnlockReq*)nb_ptr);
          uint32_t offset = SmbWriteAndUnlockReqOffset((const SmbWriteAndUnlockReq*)nb_ptr);
  
diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.cc b/src/service_inspectors/dce_rpc/dce_smb_module.cc

index d2d01d800c2d935ff508a5d49bbe758a8e1cf17f..6a4c062378925fbb0eea0d9f2393fa550fa8d471 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb_module.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb_module.cc
@@ -340,7 +340,7 @@ static bool set_smb_invalid_shares(dce2SmbProtoConf& config, Value& v)
      return(true);
  }
  
-bool Dce2SmbModule::set(const char* fqn, snort::Value& v, snort::SnortConfig* c)
+bool Dce2SmbModule::set(const char* fqn, Value& v, SnortConfig* c)
  {
      if (dce2_set_co_config(v,config.common))
          return true;
diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.h b/src/service_inspectors/dce_rpc/dce_smb_module.h

index 505cf2c68e58530b04ef1c09d794554422fefa14..11eb1e237f41657fd7177e59ecb27bac7b8bd095 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb_module.h
+++ b/src/service_inspectors/dce_rpc/dce_smb_module.h
@@ -25,7 +25,10 @@
  #include "framework/module.h"
  #include "dce_list.h"
  
+namespace snort
+{
  struct SnortConfig;
+}
  
  #define DCE2_VALID_SMB_VERSION_FLAG_V1 1
  #define DCE2_VALID_SMB_VERSION_FLAG_V2 2
diff --git a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc

index bdf43dec75619818b95e7f0178ad62a5a3491a67..7b1a1d4e97ab7b875d7ef6828ed1622f0c544c53 100644 (file)
--- a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc
@@ -217,7 +217,7 @@ static DCE2_Ret DCE2_SmbTransactionReq(DCE2_SmbSsnData* ssd,
          // Only two parameters but more seems okay
          if (param_len >= 2)
          {
-            if ((snort::alignedNtohs((const uint16_t*)param_ptr) & PIPE_STATE_MESSAGE_MODE))
+            if ((alignedNtohs((const uint16_t*)param_ptr) & PIPE_STATE_MESSAGE_MODE))
                  ttracker->pipe_byte_mode = false;
              else
                  ttracker->pipe_byte_mode = true;
@@ -1031,7 +1031,7 @@ static DCE2_Ret DCE2_SmbTrans2SetFileInfoReq(DCE2_SmbSsnData* ssd,
          || (ftracker->ff_bytes_processed != 0))
          return DCE2_RET__IGNORE;
  
-    ssd->cur_rtracker->file_size = snort::alignedNtohq((const uint64_t*)data_ptr);
+    ssd->cur_rtracker->file_size = alignedNtohq((const uint64_t*)data_ptr);
      ssd->cur_rtracker->ftracker = ftracker;
  
      return DCE2_RET__SUCCESS;
@@ -1138,7 +1138,7 @@ DCE2_Ret DCE2_SmbTransaction(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr,
              {
                  const uint8_t* data_ptr = DCE2_BufferData(ttracker->dbuf);
                  uint32_t data_len = DCE2_BufferLength(ttracker->dbuf);
-                snort::Packet* rpkt = DCE2_SmbGetRpkt(ssd, &data_ptr,
+                Packet* rpkt = DCE2_SmbGetRpkt(ssd, &data_ptr,
                      &data_len, DCE2_RPKT_TYPE__SMB_TRANS);
  
                  if (rpkt == nullptr)
@@ -1592,7 +1592,7 @@ DCE2_Ret DCE2_SmbTransactionSecondary(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_
      {
          const uint8_t* data_ptr = DCE2_BufferData(ttracker->dbuf);
          uint32_t data_len = DCE2_BufferLength(ttracker->dbuf);
-        snort::Packet* rpkt = DCE2_SmbGetRpkt(ssd, &data_ptr, &data_len, DCE2_RPKT_TYPE__SMB_TRANS);
+        Packet* rpkt = DCE2_SmbGetRpkt(ssd, &data_ptr, &data_len, DCE2_RPKT_TYPE__SMB_TRANS);
  
          if (rpkt == nullptr)
              return DCE2_RET__ERROR;    
diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc

index 085d87d515cb4d107f53b90fd28805ebed63203c..7bbb6aa30b624e7f0474309db905a505a7d018f4 100644 (file)
--- a/src/service_inspectors/dce_rpc/smb_message.cc
+++ b/src/service_inspectors/dce_rpc/smb_message.cc
@@ -1344,7 +1344,7 @@ static DCE2_SmbSsnData* dce2_create_new_smb_session(Packet* p, dce2SmbProtoConf*
          dce2_smb_sess->tid = DCE2_SENTINEL;
          dce2_smb_sess->ftracker.fid_v1 = DCE2_SENTINEL;
          dce2_smb_sess->rtracker.mid = DCE2_SENTINEL;
-        dce2_smb_sess->max_file_depth = snort::FileService::get_max_file_depth();
+        dce2_smb_sess->max_file_depth = FileService::get_max_file_depth();
  
          DCE2_ResetRopts(&dce2_smb_sess->sd, p);
  
diff --git a/src/service_inspectors/ftp_telnet/ft_main.cc b/src/service_inspectors/ftp_telnet/ft_main.cc

index 3c65406d6c2e91223cd38bd00b46fd71e8266108..28c13fa6d2a6a6f787547d7682f05c38890458ed 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ft_main.cc
+++ b/src/service_inspectors/ftp_telnet/ft_main.cc
@@ -54,6 +54,8 @@
  #include "ftp_bounce_lookup.h"
  #include "ftpp_return_codes.h"
  
+using namespace snort;
+
  void CleanupFTPCMDConf(void* ftpCmd)
  {
      FTP_CMD_CONF* FTPCmd = (FTP_CMD_CONF*)ftpCmd;
@@ -125,7 +127,7 @@ static int CheckFTPCmdOptions(FTP_SERVER_PROTO_CONF* serverConf)
  
          if ( cmdConf->check_validity && !len )
          {
-            snort::ErrorMessage("FTPConfigCheck() configuration for server, "
+            ErrorMessage("FTPConfigCheck() configuration for server, "
                  "command '%s' has max length of 0 and parameters to validate\n",
                  cmdConf->cmd_name);
              config_error = 1;
@@ -146,24 +148,24 @@ static int CheckFTPCmdOptions(FTP_SERVER_PROTO_CONF* serverConf)
   * Returns: -1 on error
   *
   */
-int CheckFTPServerConfigs(snort::SnortConfig*, FTP_SERVER_PROTO_CONF* serverConf)
+int CheckFTPServerConfigs(SnortConfig*, FTP_SERVER_PROTO_CONF* serverConf)
  {
      if (CheckFTPCmdOptions(serverConf))
      {
-        snort::ErrorMessage("FTPConfigCheck(): invalid configuration for FTP commands\n");
+        ErrorMessage("FTPConfigCheck(): invalid configuration for FTP commands\n");
          return -1;
      }
      return 0;
  }
  
  // FIXIT-L eliminate legacy void* cruft
-int FTPCheckConfigs(snort::SnortConfig* sc, void* pData)
+int FTPCheckConfigs(SnortConfig* sc, void* pData)
  {
      FTP_SERVER_PROTO_CONF* config = (FTP_SERVER_PROTO_CONF*)pData;
  
      if ( !config )
      {
-        snort::ErrorMessage("FTP configuration requires "
+        ErrorMessage("FTP configuration requires "
              "default client and default server configurations.\n");
          return -1;
      }
@@ -173,24 +175,24 @@ int FTPCheckConfigs(snort::SnortConfig* sc, void* pData)
          return rval;
  
      //  Verify that FTP client and FTP data inspectors are initialized.
-    if(!snort::InspectorManager::get_inspector(FTP_CLIENT_NAME, false))
+    if(!InspectorManager::get_inspector(FTP_CLIENT_NAME, false))
      {
-        snort::ParseError("ftp_server requires that %s also be configured.", FTP_CLIENT_NAME);
+        ParseError("ftp_server requires that %s also be configured.", FTP_CLIENT_NAME);
          return -1;
      }
  
-    if(!snort::InspectorManager::get_inspector(FTP_DATA_NAME, false))
+    if(!InspectorManager::get_inspector(FTP_DATA_NAME, false))
      {
-        snort::ParseError("ftp_server requires that %s also be configured.", FTP_DATA_NAME);
+        ParseError("ftp_server requires that %s also be configured.", FTP_DATA_NAME);
          return -1;
      }
  
      return 0;
  }
  
-void do_detection(snort::Packet* p)
+void do_detection(Packet* p)
  {
-    snort::DataBus::publish(PACKET_EVENT, p);
-    snort::DetectionEngine::disable_all(p);
+    DataBus::publish(PACKET_EVENT, p);
+    DetectionEngine::disable_all(p);
  }
  
diff --git a/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc b/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc

index a084390cf05d7919119b050e72c317d13a32880a..0382d9e596c2efe7f0de833fe62dc70edba88069 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc
+++ b/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc
@@ -82,7 +82,7 @@ int ftp_bounce_lookup_cleanup(BOUNCE_LOOKUP** BounceLookup)
   * Returns: int => return code indicating error or success
   *
   */
-int ftp_bounce_lookup_add(BOUNCE_LOOKUP* BounceLookup, const snort::SfIp* Ip,
+int ftp_bounce_lookup_add(BOUNCE_LOOKUP* BounceLookup, const SfIp* Ip,
      FTP_BOUNCE_TO* BounceTo)
  {
      int iRet;
@@ -130,7 +130,7 @@ int ftp_bounce_lookup_add(BOUNCE_LOOKUP* BounceLookup, const snort::SfIp* Ip,
   *                            matching IP if found, NULL otherwise.
   *
   */
-FTP_BOUNCE_TO* ftp_bounce_lookup_find(BOUNCE_LOOKUP* BounceLookup, const snort::SfIp* Ip,
+FTP_BOUNCE_TO* ftp_bounce_lookup_find(BOUNCE_LOOKUP* BounceLookup, const SfIp* Ip,
      int* iError)
  {
      FTP_BOUNCE_TO* BounceTo = nullptr;
diff --git a/src/service_inspectors/ftp_telnet/ftp_data.cc b/src/service_inspectors/ftp_telnet/ftp_data.cc

index 801ec82a4043338546f9f3dceb32060e3b4f533b..e971327930627f86fe7077b8fa40c43887a7b2d8 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftp_data.cc
+++ b/src/service_inspectors/ftp_telnet/ftp_data.cc
@@ -253,7 +253,7 @@ public:
  };
  
  const PegInfo* FtpDataModule::get_pegs() const
-{ return snort::simple_pegs; }
+{ return simple_pegs; }
  
  PegCount* FtpDataModule::get_counts() const
  { return (PegCount*)&fdstats; }
diff --git a/src/service_inspectors/ftp_telnet/ftp_parse.cc b/src/service_inspectors/ftp_telnet/ftp_parse.cc

index e448ad6a591f7b8cddf069a10313aa34aa7292dc..57a9f5e399f68dd876b3759d14def8c03cfed5fc 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftp_parse.cc
+++ b/src/service_inspectors/ftp_telnet/ftp_parse.cc
@@ -38,6 +38,8 @@
  #include "ftp_cmd_lookup.h"
  #include "ftpp_return_codes.h"
  
+using namespace snort;
+
  #define CONF_SEPARATORS " \n"
  
  #define ALLOW_BOUNCE      "bounce_to"
@@ -413,7 +415,7 @@ static int DoNextFormat(FTP_PARAM_FMT* ThisFmt, int allocated,
              {
                  /* explicit check that we have enough room for copy */
                  if (numChoices <= ThisFmt->numChoices)
-                    snort::ParseError("Can't do memcpy - index out of range ");
+                    ParseError("Can't do memcpy - index out of range ");
  
                  memcpy(tmpChoices, ThisFmt->choices,
                      sizeof(FTP_PARAM_FMT*) * ThisFmt->numChoices);
@@ -647,7 +649,7 @@ int ProcessFTPAllowBounce(
  
      if (iRet)
      {
-        snort::ParseError("Failed to add configuration for Bounce object '%s'.", ALLOW_BOUNCE);
+        ParseError("Failed to add configuration for Bounce object '%s'.", ALLOW_BOUNCE);
          snort_free(newBounce);
          return FTPP_FATAL_ERR;
      }
diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc

index 762ebcf43ba94a0679274b412b591bd4fa090c11..bf36435e42af5277358fcd988d48a58361a05d35 100644 (file)
--- a/src/service_inspectors/ftp_telnet/pp_ftp.cc
+++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc
@@ -1753,7 +1753,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode)
                              char *file_name = strrchr(ftpssn->filename, '/');
                              if(!file_name)
                                  file_name = ftpssn->filename;
-                            ftpssn->path_hash = snort::str_to_hash((uint8_t *)file_name, strlen(file_name));
+                            ftpssn->path_hash = str_to_hash((uint8_t *)file_name, strlen(file_name));
  
                              // 0 for Download, 1 for Upload
                              ftpssn->data_xfer_dir = CmdConf->file_get_cmd ? false : true;
diff --git a/src/service_inspectors/gtp/gtp_parser.cc b/src/service_inspectors/gtp/gtp_parser.cc

index 85ef05d458ddee8f39dd7024e87bbaa63e8374bc..8c9571d5481d0dc71f9193e49dc792168e93c262 100644 (file)
--- a/src/service_inspectors/gtp/gtp_parser.cc
+++ b/src/service_inspectors/gtp/gtp_parser.cc
@@ -42,7 +42,7 @@ using namespace snort;
  #pragma pack(1)
  static inline void alert(int sid)
  {
-    snort::DetectionEngine::queue_event(GID_GTP, sid);
+    DetectionEngine::queue_event(GID_GTP, sid);
      gtp_stats.events++;
  }
  
diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc

index 51288c52f8213fc80bc9febc28d080f75496da10..faf8f0990f10bb974d349e488f5f08447d192987 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
+++ b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc
@@ -41,7 +41,7 @@ using namespace Http2Enums;
  StreamSplitter::Status Http2StreamSplitter::scan(Packet* pkt, const uint8_t* data, uint32_t length,
      uint32_t, uint32_t* flush_offset)
  {
-    snort::Profile profile(Http2Module::get_profile_stats());
+    Profile profile(Http2Module::get_profile_stats());
  
      // This is the session state information we share with Http2Inspect and store with stream. A
      // session is defined by a TCP connection. Since scan() is the first to see a new TCP
@@ -99,7 +99,7 @@ StreamSplitter::Status Http2StreamSplitter::scan(Packet* pkt, const uint8_t* dat
  const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, unsigned offset,
      const uint8_t* data, unsigned len, uint32_t flags, unsigned& copied)
  {
-    snort::Profile profile(Http2Module::get_profile_stats());
+    Profile profile(Http2Module::get_profile_stats());
  
      copied = len;
  
@@ -109,7 +109,7 @@ const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, u
  #ifdef REG_TEST
      if (HttpTestManager::use_test_input(HttpTestManager::IN_HTTP2))
      {
-        snort::StreamBuffer http_buf { nullptr, 0 };
+        StreamBuffer http_buf { nullptr, 0 };
          if (!(flags & PKT_PDU_TAIL))
          {
              return http_buf;
@@ -143,7 +143,7 @@ const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, u
      // is implemented
      if (session_data->payload_discard[source_id])
      {
-        snort::StreamBuffer frame_buf { nullptr, 0 };
+        StreamBuffer frame_buf { nullptr, 0 };
          session_data->payload_discard[source_id] = false;
  
  #ifdef REG_TEST
@@ -175,7 +175,7 @@ const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, u
  // Eventually we will need to address unexpected connection closes
  bool Http2StreamSplitter::finish(Flow* flow)
  {
-    snort::Profile profile(Http2Module::get_profile_stats());
+    Profile profile(Http2Module::get_profile_stats());
  
      Http2FlowData* session_data = (Http2FlowData*)flow->get_flow_data(Http2FlowData::inspector_id);
      // FIXIT-M - this assert has been changed to check for null session data and return false if so
@@ -201,9 +201,9 @@ bool Http2StreamSplitter::finish(Flow* flow)
      return false;
  }
  
-bool Http2StreamSplitter::init_partial_flush(snort::Flow* flow)
+bool Http2StreamSplitter::init_partial_flush(Flow* flow)
  {
-    snort::Profile profile(Http2Module::get_profile_stats());
+    Profile profile(Http2Module::get_profile_stats());
  
      if (source_id != SRC_SERVER)
      {
diff --git a/src/service_inspectors/http2_inspect/http2_tables.cc b/src/service_inspectors/http2_inspect/http2_tables.cc

index 510df8ccb730421ed9121f08ab54ffb2f3987bd3..04a44eb70d9a7ef71121464e20e4d9fdf8847f0b 100644 (file)
--- a/src/service_inspectors/http2_inspect/http2_tables.cc
+++ b/src/service_inspectors/http2_inspect/http2_tables.cc
@@ -27,8 +27,9 @@
  #include "http2_module.h"
  
  using namespace Http2Enums;
+using namespace snort;
  
-const snort::RuleMap Http2Module::http2_events[] =
+const RuleMap Http2Module::http2_events[] =
  {
      { EVENT_INT_DECODE_FAILURE, "error in HPACK integer value" },
      { EVENT_INT_LEADING_ZEROS, "integer value has leading zeros" },
diff --git a/src/service_inspectors/http_inspect/http_js_norm.cc b/src/service_inspectors/http_inspect/http_js_norm.cc

index f35a0ac2cb71635b68ab882a76cad1a7b8c6cfa3..8a3702d898a936904015fc3e8b7b623e57a535f2 100644 (file)
--- a/src/service_inspectors/http_inspect/http_js_norm.cc
+++ b/src/service_inspectors/http_inspect/http_js_norm.cc
@@ -46,8 +46,8 @@ void HttpJsNorm::configure()
      if ( javascript_search_mpse || htmltype_search_mpse )
          return;
  
-    javascript_search_mpse = new snort::SearchTool;
-    htmltype_search_mpse = new snort::SearchTool;
+    javascript_search_mpse = new SearchTool;
+    htmltype_search_mpse = new SearchTool;
  
      javascript_search_mpse->add(script_start, script_start_length, JS_JAVASCRIPT);
      javascript_search_mpse->prep();
diff --git a/src/service_inspectors/http_inspect/http_msg_body.cc b/src/service_inspectors/http_inspect/http_msg_body.cc

index 9613bd5bb760b4766cb61d424d6fc1c4578f9f90..38173f92318aee2924261caaad0c0a899614c5b0 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_body.cc
+++ b/src/service_inspectors/http_inspect/http_msg_body.cc
@@ -36,7 +36,7 @@ using namespace HttpCommon;
  using namespace HttpEnums;
  
  HttpMsgBody::HttpMsgBody(const uint8_t* buffer, const uint16_t buf_size,
-    HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, snort::Flow* flow_,
+    HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, Flow* flow_,
      const HttpParaList* params_) :
      HttpMsgSection(buffer, buf_size, session_data_, source_id_, buf_owner, flow_, params_),
      body_octets(session_data->body_octets[source_id]),
@@ -60,7 +60,7 @@ void HttpMsgBody::analyze()
          detect_data.set(detect_length, js_norm_body.start());
          if (!session_data->partial_flush[source_id])
              session_data->detect_depth_remaining[source_id] -= detect_length;
-        snort::set_file_data(const_cast<uint8_t*>(detect_data.start()),
+        set_file_data(const_cast<uint8_t*>(detect_data.start()),
              (unsigned)detect_data.length());
      }
  
@@ -223,7 +223,7 @@ void HttpMsgBody::do_file_processing(const Field& file_data)
  
      if (!session_data->mime_state[source_id])
      {
-        snort::FileFlows* file_flows = snort::FileFlows::get_file_flows(flow);
+        FileFlows* file_flows = FileFlows::get_file_flows(flow);
          const bool download = (source_id == SRC_SERVER);
  
          size_t file_index = 0;
diff --git a/src/service_inspectors/http_inspect/http_msg_header.h b/src/service_inspectors/http_inspect/http_msg_header.h

index f969dbfd32cbfe70f63a926bf921511113b5c9e0..8c4f7fb8e9e4ce97eba032944aa8029e827c3456 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_header.h
+++ b/src/service_inspectors/http_inspect/http_msg_header.h
@@ -54,7 +54,7 @@ private:
      void setup_file_decompression();
  
      // Dummy configurations to support MIME processing
-    MailLogConfig mime_conf;
+    snort::MailLogConfig mime_conf;
      snort::DecodeConfig decode_conf;
  
      Field true_ip;
diff --git a/src/service_inspectors/http_inspect/http_msg_request.cc b/src/service_inspectors/http_inspect/http_msg_request.cc

index 26fe7347dd609aaca6e6c8788e66208b3f22261b..260f5041603a03b535a24fc7d1255b93c0786d09 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_request.cc
+++ b/src/service_inspectors/http_inspect/http_msg_request.cc
@@ -29,9 +29,10 @@
  
  using namespace HttpCommon;
  using namespace HttpEnums;
+using namespace snort;
  
  HttpMsgRequest::HttpMsgRequest(const uint8_t* buffer, const uint16_t buf_size,
-    HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, snort::Flow* flow_,
+    HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, Flow* flow_,
      const HttpParaList* params_) :
      HttpMsgStart(buffer, buf_size, session_data_, source_id_, buf_owner, flow_, params_)
  {
diff --git a/src/service_inspectors/http_inspect/http_msg_section.cc b/src/service_inspectors/http_inspect/http_msg_section.cc

index b6fbaba6a37e773fdd6a15191cbc47139b9d8369..d99577e7b3ec612d61fb7d707528838952736945 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_section.cc
+++ b/src/service_inspectors/http_inspect/http_msg_section.cc
@@ -37,9 +37,10 @@
  
  using namespace HttpCommon;
  using namespace HttpEnums;
+using namespace snort;
  
  HttpMsgSection::HttpMsgSection(const uint8_t* buffer, const uint16_t buf_size,
-       HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, snort::Flow* flow_,
+       HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, Flow* flow_,
         const HttpParaList* params_) :
      msg_text(buf_size, buffer, buf_owner),
      session_data(session_data_),
@@ -88,14 +89,14 @@ void HttpMsgSection::update_depth() const
          else
          {
              // Just for file processing
-            session_data->section_size_target[source_id] = snort::SnortConfig::get_conf()->max_pdu;
+            session_data->section_size_target[source_id] = SnortConfig::get_conf()->max_pdu;
              session_data->stretch_section_to_packet[source_id] = true;
          }
          return;
      }
  
      const unsigned target_size = (session_data->compression[source_id] == CMP_NONE) ?
-        snort::SnortConfig::get_conf()->max_pdu : GZIP_BLOCK_SIZE;
+        SnortConfig::get_conf()->max_pdu : GZIP_BLOCK_SIZE;
  
      if (detect_depth_remaining <= target_size)
      {
diff --git a/src/service_inspectors/http_inspect/http_msg_status.cc b/src/service_inspectors/http_inspect/http_msg_status.cc

index 4c647f761152a016a909bd4f712517da63a61bf1..49a49b45ac4a9e8f9d981d821f5e409c8c55b6c0 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_status.cc
+++ b/src/service_inspectors/http_inspect/http_msg_status.cc
@@ -31,9 +31,10 @@
  
  using namespace HttpCommon;
  using namespace HttpEnums;
+using namespace snort;
  
  HttpMsgStatus::HttpMsgStatus(const uint8_t* buffer, const uint16_t buf_size,
-    HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, snort::Flow* flow_,
+    HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, Flow* flow_,
      const HttpParaList* params_) :
      HttpMsgStart(buffer, buf_size, session_data_, source_id_, buf_owner, flow_, params_)
  {
diff --git a/src/service_inspectors/http_inspect/http_msg_trailer.cc b/src/service_inspectors/http_inspect/http_msg_trailer.cc

index e4c52fc78574e1cac198fd322f44fddd3b1ebb46..067573f778c19fd32d420a34e4d36e65afd75168 100644 (file)
--- a/src/service_inspectors/http_inspect/http_msg_trailer.cc
+++ b/src/service_inspectors/http_inspect/http_msg_trailer.cc
@@ -29,9 +29,10 @@
  
  using namespace HttpCommon;
  using namespace HttpEnums;
+using namespace snort;
  
  HttpMsgTrailer::HttpMsgTrailer(const uint8_t* buffer, const uint16_t buf_size,
-    HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, snort::Flow* flow_,
+    HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, Flow* flow_,
      const HttpParaList* params_) :
      HttpMsgHeadShared(buffer, buf_size, session_data_, source_id_, buf_owner, flow_, params_)
  {
diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_finish.cc b/src/service_inspectors/http_inspect/http_stream_splitter_finish.cc

index 69fe076c9dab364dedb2c5a7ef2f253b68d605c8..46b2c63fc2893605f7f463f9f7d614c79a64dfb6 100644 (file)
--- a/src/service_inspectors/http_inspect/http_stream_splitter_finish.cc
+++ b/src/service_inspectors/http_inspect/http_stream_splitter_finish.cc
@@ -33,10 +33,11 @@
  
  using namespace HttpCommon;
  using namespace HttpEnums;
+using namespace snort;
  
-bool HttpStreamSplitter::finish(snort::Flow* flow)
+bool HttpStreamSplitter::finish(Flow* flow)
  {
-    snort::Profile profile(HttpModule::get_profile_stats());
+    Profile profile(HttpModule::get_profile_stats());
  
      HttpFlowData* session_data = (HttpFlowData*)flow->get_flow_data(HttpFlowData::inspector_id);
      // FIXIT-M - this assert has been changed to check for null session data and return false if so
@@ -123,10 +124,10 @@ bool HttpStreamSplitter::finish(snort::Flow* flow)
          (session_data->cutter[source_id] != nullptr)               &&
          (session_data->cutter[source_id]->get_octets_seen() == 0))
      {
-        snort::Packet* packet = snort::DetectionEngine::get_current_packet();
+        Packet* packet = DetectionEngine::get_current_packet();
          if (!session_data->mime_state[source_id])
          {
-            snort::FileFlows* file_flows = snort::FileFlows::get_file_flows(flow);
+            FileFlows* file_flows = FileFlows::get_file_flows(flow);
              const bool download = (source_id == SRC_SERVER);
  
              size_t file_index = 0;
@@ -155,9 +156,9 @@ bool HttpStreamSplitter::finish(snort::Flow* flow)
      return session_data->section_type[source_id] != SEC__NOT_COMPUTE;
  }
  
-bool HttpStreamSplitter::init_partial_flush(snort::Flow* flow)
+bool HttpStreamSplitter::init_partial_flush(Flow* flow)
  {
-    snort::Profile profile(HttpModule::get_profile_stats());
+    Profile profile(HttpModule::get_profile_stats());
  
      if (source_id != SRC_SERVER)
      {
diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc b/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc

index 01baa31dc88a5462322af03d1045eb80b944a6d0..5cc775191cabcafce3f42f49fa3972449d53407b 100644 (file)
--- a/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc
+++ b/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc
@@ -29,6 +29,7 @@
  #include "http_test_input.h"
  
  using namespace HttpEnums;
+using namespace snort;
  
  void HttpStreamSplitter::chunk_spray(HttpFlowData* session_data, uint8_t* buffer,
      const uint8_t* data, unsigned length) const
@@ -221,12 +222,12 @@ void HttpStreamSplitter::decompress_copy(uint8_t* buffer, uint32_t& offset, cons
      offset += length;
  }
  
-const snort::StreamBuffer HttpStreamSplitter::reassemble(snort::Flow* flow, unsigned total,
+const StreamBuffer HttpStreamSplitter::reassemble(Flow* flow, unsigned total,
      unsigned, const uint8_t* data, unsigned len, uint32_t flags, unsigned& copied)
  {
-    snort::Profile profile(HttpModule::get_profile_stats());
+    Profile profile(HttpModule::get_profile_stats());
  
-    snort::StreamBuffer http_buf { nullptr, 0 };
+    StreamBuffer http_buf { nullptr, 0 };
  
      copied = len;
  
diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc

index c68e5fcf52e63db6d78cb5a9b9088d5d145db50f..9901b70d07f9bd1fce51a6000ce0448f7c941ecb 100644 (file)
--- a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
+++ b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc
@@ -125,7 +125,7 @@ void HttpStreamSplitter::detain_packet(Packet* pkt)
  StreamSplitter::Status HttpStreamSplitter::scan(Packet* pkt, const uint8_t* data, uint32_t length,
      uint32_t, uint32_t* flush_offset)
  {
-    snort::Profile profile(HttpModule::get_profile_stats());
+    Profile profile(HttpModule::get_profile_stats());
  
      assert(length <= MAX_OCTETS);
  
diff --git a/src/service_inspectors/http_inspect/http_tables.cc b/src/service_inspectors/http_inspect/http_tables.cc

index 960bf803d6fa2ee0f51b7135036b107088a3f5b8..92ab812fef7e0338ab9a8eb4690367befefd08dc 100644 (file)
--- a/src/service_inspectors/http_inspect/http_tables.cc
+++ b/src/service_inspectors/http_inspect/http_tables.cc
@@ -26,6 +26,7 @@
  #include "http_msg_request.h"
  
  using namespace HttpEnums;
+using namespace snort;
  
  const StrCode HttpMsgRequest::method_list[] =
  {
@@ -274,7 +275,7 @@ const HeaderNormalizer* const HttpMsgHeadShared::header_norms[HEAD__MAX_VALUE] =
      &NORMALIZER_BASIC,      // HEAD_PROXY_AGENT
  };
  
-const snort::RuleMap HttpModule::http_events[] =
+const RuleMap HttpModule::http_events[] =
  {
      { EVENT_ASCII,                      "ascii encoding" },
      { EVENT_DOUBLE_DECODE,              "double decoding attack" },
diff --git a/src/service_inspectors/http_inspect/http_uri.cc b/src/service_inspectors/http_inspect/http_uri.cc

index 1355a9023504e037bbb5bbb6a0ec3b8c001639f9..b1e1183eaecb904dcf261f533f86b6a132376cf1 100644 (file)
--- a/src/service_inspectors/http_inspect/http_uri.cc
+++ b/src/service_inspectors/http_inspect/http_uri.cc
@@ -29,6 +29,7 @@
  
  using namespace HttpCommon;
  using namespace HttpEnums;
+using namespace snort;
  
  void HttpUri::parse_uri()
  {
@@ -319,7 +320,7 @@ size_t HttpUri::get_file_proc_hash()
  
      if (abs_path.length() > 0 )
      {
-        abs_path_hash = snort::str_to_hash(abs_path.start(), abs_path.length());
+        abs_path_hash = str_to_hash(abs_path.start(), abs_path.length());
      }
  
      return abs_path_hash;
diff --git a/src/service_inspectors/http_inspect/http_uri_norm.cc b/src/service_inspectors/http_inspect/http_uri_norm.cc

index 02127e2c6d9ac26a9226ba122c4cb30f126c56e1..a072e697b540eeca6b5b4a219de0e7a9202a5b6d 100644 (file)
--- a/src/service_inspectors/http_inspect/http_uri_norm.cc
+++ b/src/service_inspectors/http_inspect/http_uri_norm.cc
@@ -29,6 +29,7 @@
  #include "log/messages.h"
  
  using namespace HttpEnums;
+using namespace snort;
  
  void UriNormalizer::normalize(const Field& input, Field& result, bool do_path, uint8_t* buffer,
      const HttpParaList::UriParam& uri_param, HttpInfractions* infractions, HttpEventGen* events)
@@ -634,21 +635,21 @@ void UriNormalizer::load_unicode_map(uint8_t map[65536], const char* filename, i
      FILE* file = fopen(filename, "r");
      if (file == nullptr)
      {
-        snort::ParseError("Cannot open unicode map file %s", filename);
+        ParseError("Cannot open unicode map file %s", filename);
          return;
      }
  
      // Advance file to the desired code page
      if (!advance_to_code_page(file, code_page))
      {
-        snort::ParseError("Did not find code page %d in unicode map file %s", code_page, filename);
+        ParseError("Did not find code page %d in unicode map file %s", code_page, filename);
          fclose(file);
          return;
      }
  
      if (!map_code_points(file, map))
      {
-        snort::ParseError("Error while reading code page %d in unicode map file %s", code_page, filename);
+        ParseError("Error while reading code page %d in unicode map file %s", code_page, filename);
          fclose(file);
          return;
      }
diff --git a/src/service_inspectors/imap/imap_config.h b/src/service_inspectors/imap/imap_config.h

index 64b86ae3c42cfdf5b5f28164d87acb77db12b375..8e66f51e895f3feae5216a49b41355be9d83189e 100644 (file)
--- a/src/service_inspectors/imap/imap_config.h
+++ b/src/service_inspectors/imap/imap_config.h
@@ -26,7 +26,7 @@
  struct IMAP_PROTO_CONF
  {
      snort::DecodeConfig decode_conf;
-    MailLogConfig log_config;
+    snort::MailLogConfig log_config;
  };
  
  struct ImapStats
diff --git a/src/service_inspectors/pop/pop_config.h b/src/service_inspectors/pop/pop_config.h

index ec6834c22a39296767e0fc587f990bcd683f65fc..cbd631919107e6394d565498856278f1c41d3db0 100644 (file)
--- a/src/service_inspectors/pop/pop_config.h
+++ b/src/service_inspectors/pop/pop_config.h
@@ -26,7 +26,7 @@
  struct POP_PROTO_CONF
  {
      snort::DecodeConfig decode_conf;
-    MailLogConfig log_config;
+    snort::MailLogConfig log_config;
  };
  
  struct PopStats
diff --git a/src/service_inspectors/sip/test/sip_splitter_scan_test.cc b/src/service_inspectors/sip/test/sip_splitter_scan_test.cc

index d17b38eb10143c3ee39617bc6bcd1bd9d7669a94..3fb0d127ce9e68de86a932827f017845c657f2cf 100644 (file)
--- a/src/service_inspectors/sip/test/sip_splitter_scan_test.cc
+++ b/src/service_inspectors/sip/test/sip_splitter_scan_test.cc
@@ -31,6 +31,8 @@
  #include <CppUTest/TestHarness.h>
  #include <CppUTestExt/MockSupport.h>
  
+using namespace snort;
+
  TEST_GROUP(sip_splitter_scan_test)
  {
      SipSplitterUT ssut = SipSplitterUT(SipSplitter(true));
@@ -44,9 +46,9 @@ TEST_GROUP(sip_splitter_scan_test)
  TEST(sip_splitter_scan_test, scan_start_content_len_test)
  {
      uint32_t fp = 0;
-    snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
+    StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
                                          (const uint8_t *)"0xBEEF0xBEEF\n", 13, 0, &fp);
-    CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH);
+    CHECK_EQUAL(ret, StreamSplitter::SEARCH);
      CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_CONTENT_LEN_CMD);
      CHECK_EQUAL(fp, 0);
  }
@@ -54,9 +56,9 @@ TEST(sip_splitter_scan_test, scan_start_content_len_test)
  TEST(sip_splitter_scan_test, scan_start_content_len_negative_test)
  {
      uint32_t fp = 0;
-    snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
+    StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
                                          (const uint8_t *)"0xBEEF0xBEEF", 12, 0, &fp);
-    CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH);
+    CHECK_EQUAL(ret, StreamSplitter::SEARCH);
      CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_START_STATE);
      CHECK_EQUAL(fp, 0);
  }
@@ -65,9 +67,9 @@ TEST(sip_splitter_scan_test, scan_process_cmd_test)
  {
      uint32_t fp = 0;
      ssut.splitter_set_paf_state(SIP_PAF_CONTENT_LEN_CMD);
-    snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
+    StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
                                          (const uint8_t *)"C", 1, 0, &fp);
-    CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH);
+    CHECK_EQUAL(ret, StreamSplitter::SEARCH);
      CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_CONTENT_LEN_CMD);
      CHECK_EQUAL(*ssut.splitter_get_next_letter(), (ssut.splitter_get_content_length_key())[1]);
      CHECK_EQUAL(fp, 0);
@@ -77,9 +79,9 @@ TEST(sip_splitter_scan_test, scan_content_len_convert_body_search_test)
  {
      uint32_t fp = 0;
      ssut.splitter_set_paf_state(SIP_PAF_CONTENT_LEN_CONVERT);
-    snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
+    StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
                                          (const uint8_t *)"144 ", 4, 0, &fp);
-    CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH);
+    CHECK_EQUAL(ret, StreamSplitter::SEARCH);
      CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_BODY_SEARCH);
      CHECK_EQUAL(ssut.splitter_get_content_length(), 144);
      CHECK_EQUAL(fp, 0);
@@ -89,9 +91,9 @@ TEST(sip_splitter_scan_test, scan_content_len_invalid_test)
  {
      uint32_t fp = 0;
      ssut.splitter_set_paf_state(SIP_PAF_CONTENT_LEN_CONVERT);
-    snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
+    StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
                                          (const uint8_t *)"144i", 4, 0, &fp);
-    CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH);
+    CHECK_EQUAL(ret, StreamSplitter::SEARCH);
      CHECK_TRUE(ssut.is_init());
      CHECK_EQUAL(fp, 0);
  }
@@ -100,9 +102,9 @@ TEST(sip_splitter_scan_test, scan_search_body_test)
  {
      uint32_t fp = 0;
      ssut.splitter_set_paf_state(SIP_PAF_BODY_SEARCH);
-    snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
+    StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
                                          (const uint8_t *)"\r\n\r\n", 4, 0, &fp);
-    CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH);
+    CHECK_EQUAL(ret, StreamSplitter::SEARCH);
      CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_FLUSH_STATE);
      CHECK_EQUAL(fp, 0);
      
@@ -110,7 +112,7 @@ TEST(sip_splitter_scan_test, scan_search_body_test)
  
      ssut.splitter_set_paf_state(SIP_PAF_BODY_SEARCH);
      ret = ssut.splitter_scan(nullptr, (const uint8_t *)"\n\n", 2, 0, &fp);
-    CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH);
+    CHECK_EQUAL(ret, StreamSplitter::SEARCH);
      CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_FLUSH_STATE);
      CHECK_EQUAL(fp, 0);
  }
@@ -122,9 +124,9 @@ TEST(sip_splitter_scan_test, scan_flush_test)
      ssut.splitter_set_content_length(6);
  
      // Sip splitter starts searching body from one character behind the actual body.
-    snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
+    StreamSplitter::Status ret = ssut.splitter_scan(nullptr,
                                          (const uint8_t *)"\nfoobar", 7, 0, &fp);
-    CHECK_EQUAL(ret, snort::StreamSplitter::FLUSH);
+    CHECK_EQUAL(ret, StreamSplitter::FLUSH);
      CHECK_TRUE(ssut.is_init());
      CHECK_EQUAL(fp, 7);
      
@@ -135,14 +137,14 @@ TEST(sip_splitter_scan_test, scan_flush_test)
      ssut.splitter_set_content_length(12);
  
      ret = ssut.splitter_scan(nullptr, (const uint8_t *)"\nfoobar", 7, 0, &fp);
-    CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH);
+    CHECK_EQUAL(ret, StreamSplitter::SEARCH);
      CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_FLUSH_STATE);
      CHECK_EQUAL(ssut.splitter_get_content_length(), 5);
      CHECK_EQUAL(fp, 0);
  
      //Continue scanning the remaining buffer
      ret = ssut.splitter_scan(nullptr, (const uint8_t *)"foobar", 6, 0, &fp);
-    CHECK_EQUAL(ret, snort::StreamSplitter::FLUSH);
+    CHECK_EQUAL(ret, StreamSplitter::FLUSH);
      CHECK_TRUE(ssut.is_init());
      CHECK_EQUAL(fp, 6);
  }
diff --git a/src/service_inspectors/smtp/smtp.cc b/src/service_inspectors/smtp/smtp.cc

index ff189989f67b23f10787fed5f2a7af64fcfe76c3..721e4c351042b509b98379fe1b38bb862b4e3a8f 100644 (file)
--- a/src/service_inspectors/smtp/smtp.cc
+++ b/src/service_inspectors/smtp/smtp.cc
@@ -1588,7 +1588,7 @@ TEST_CASE("handle_header_line", "[smtp]")
  {
      // Setup
      MailLogConfig log_config;
-    snort::DecodeConfig decode_conf;
+    DecodeConfig decode_conf;
      log_config.log_email_hdrs = 0;
      SmtpMime mime_ssn(&decode_conf, &log_config);
      smtp_normalizing = true;
@@ -1614,7 +1614,7 @@ TEST_CASE("normalize_data", "[smtp]")
  {
      // Setup
      MailLogConfig log_config;
-    snort::DecodeConfig decode_conf;
+    DecodeConfig decode_conf;
      SmtpMime mime_ssn(&decode_conf, &log_config);
      smtp_normalizing = true;
      SMTP_PROTO_CONF config;
diff --git a/src/service_inspectors/smtp/smtp_config.h b/src/service_inspectors/smtp/smtp_config.h

index ffdb30a1a7a497e2111c7710e268d1b382923e31..3a0d1632019f55171ffd77a46bd5f8bee9a1f6b8 100644 (file)
--- a/src/service_inspectors/smtp/smtp_config.h
+++ b/src/service_inspectors/smtp/smtp_config.h
@@ -129,7 +129,7 @@ struct SMTP_PROTO_CONF
      int max_header_line_len = 0;
      int max_response_line_len = 0;
      int xlink2state;
-    MailLogConfig log_config;
+    snort::MailLogConfig log_config;
      snort::DecodeConfig decode_conf;
  
      uint32_t xtra_filename_id;
diff --git a/src/service_inspectors/smtp/smtp_normalize.cc b/src/service_inspectors/smtp/smtp_normalize.cc

index 3731e18f284a87421eec5e3c10726cd5a4a3a634..8e22f647c0f56280509650de191f5ccce8ee183b 100644 (file)
--- a/src/service_inspectors/smtp/smtp_normalize.cc
+++ b/src/service_inspectors/smtp/smtp_normalize.cc
@@ -41,6 +41,8 @@
  #include "smtp.h"
  #include "smtp_util.h"
  
+using namespace snort;
+
  /*
   * SMTP_NormalizeCmd
   *
@@ -66,7 +68,7 @@
   * @retval   0          function succeeded without error
   * @retval  -1          there were errors
   */
-int SMTP_NormalizeCmd(snort::Packet* p, const uint8_t* ptr, const uint8_t* eolm, const uint8_t* eol)
+int SMTP_NormalizeCmd(Packet* p, const uint8_t* ptr, const uint8_t* eolm, const uint8_t* eol)
  {
      const uint8_t* tmp;
      const uint8_t* cmd_start;
diff --git a/src/service_inspectors/smtp/smtp_xlink2state.cc b/src/service_inspectors/smtp/smtp_xlink2state.cc

index 70a6c74a7da09679d5d32c67d6ba12de61c3718f..a1a837bb408b579309588c79f293b27da4745df0 100644 (file)
--- a/src/service_inspectors/smtp/smtp_xlink2state.cc
+++ b/src/service_inspectors/smtp/smtp_xlink2state.cc
@@ -32,6 +32,8 @@
  
  #include "smtp_module.h"
  
+using namespace snort;
+
  #define XLINK_OTHER  1
  #define XLINK_FIRST  2
  #define XLINK_CHUNK  3
@@ -175,7 +177,7 @@ static char get_xlink_keyword(const uint8_t* ptr, const uint8_t* end)
   * @retval  1           if alert raised
   * @retval  0           if no alert raised
   */
-int ParseXLink2State(SMTP_PROTO_CONF* config, snort::Packet* p, SMTPData* smtp_ssn, const uint8_t* ptr)
+int ParseXLink2State(SMTP_PROTO_CONF* config, Packet* p, SMTPData* smtp_ssn, const uint8_t* ptr)
  {
      const uint8_t* lf = nullptr;
      uint32_t len = 0;
@@ -245,7 +247,7 @@ int ParseXLink2State(SMTP_PROTO_CONF* config, snort::Packet* p, SMTPData* smtp_s
          if (config->xlink2state == DROP_XLINK2STATE)
              p->active->reset_session(p);
  
-        snort::DetectionEngine::queue_event(GID_SMTP, SMTP_XLINK2STATE_OVERFLOW);
+        DetectionEngine::queue_event(GID_SMTP, SMTP_XLINK2STATE_OVERFLOW);
          smtp_ssn->session_flags |= SMTP_FLAG_XLINK2STATE_ALERTED;
  
          return 1;
diff --git a/src/sfip/sf_ipvar.cc b/src/sfip/sf_ipvar.cc

index 9ba09b483ed19fea60601814ff2af3ac6763bbb5..28087d051e8a739fc41b10df68a87cbc98252126 100644 (file)
--- a/src/sfip/sf_ipvar.cc
+++ b/src/sfip/sf_ipvar.cc
@@ -1321,23 +1321,23 @@ TEST_CASE("SfIpVarListMerge", "[SfIpVar]")
          CHECK(!strcmp("!9.0.0.0,!dead:beef:0000:0000:0000:0000:0000:0000", sfipvar_test_buff));
  
          /* Check lookups */
-        snort::SfIp* ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp));
+        SfIp* ip = (SfIp *)snort_alloc(sizeof(SfIp));
          CHECK(ip->set("9.8.3.2") == SFIP_SUCCESS);
          CHECK((sfvar_ip_in(var1, ip) == false));
          snort_free(ip);
  
-        ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp));
+        ip = (SfIp *)snort_alloc(sizeof(SfIp));
          uint16_t srcBits;
          CHECK(ip->set("1.2.3.4/24", &srcBits) == SFIP_SUCCESS);
          CHECK((sfvar_ip_in(var1, ip) == true));
          snort_free(ip);
  
-        ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp));
+        ip = (SfIp *)snort_alloc(sizeof(SfIp));
          CHECK(ip->set("dead:beef::0") == SFIP_SUCCESS);
          CHECK((sfvar_ip_in(var1, ip) == false));
          snort_free(ip);
  
-        ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp));
+        ip = (SfIp *)snort_alloc(sizeof(SfIp));
          CHECK(ip->set("cafe:abcd::9999") == SFIP_SUCCESS);
          CHECK((sfvar_ip_in(var1, ip) == true));
          snort_free(ip);
diff --git a/src/sfip/sf_vartable.cc b/src/sfip/sf_vartable.cc

index dab2be09034092ee05484b562e9c23e11b708a7b..bac6498b0b231544d94d0b166f31ebb3af87a221 100644 (file)
--- a/src/sfip/sf_vartable.cc
+++ b/src/sfip/sf_vartable.cc
@@ -195,7 +195,7 @@ SfIpRet sfvt_define(vartable_t* table, const char* name, const char* value)
  
      len = strlen(name) + strlen(value) + 2;
      buf = (char*)snort_alloc(len);
-    snort::SnortSnprintf(buf, len, "%s %s", name, value);
+    SnortSnprintf(buf, len, "%s %s", name, value);
  
      ret = sfvt_add_str(table, buf, &ipret);
      if ((ret == SFIP_SUCCESS) || (ret == SFIP_DUPLICATE))
@@ -361,7 +361,7 @@ TEST_CASE("SfVarTable_Kitchen_Sink", "[SfVarTable]")
  {
      vartable_t* table;
      sfip_var_t* var;
-    snort::SfIp* ip;
+    SfIp* ip;
      SfIpRet status;
  
      table = sfvt_alloc_table();
@@ -388,7 +388,7 @@ TEST_CASE("SfVarTable_Kitchen_Sink", "[SfVarTable]")
  
      /* Containment tests */
      var = sfvt_lookup_var(table, "goo");
-    ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp));
+    ip = (SfIp *)snort_alloc(sizeof(SfIp));
      status = ip->set("192.168.248.255");
      CHECK(SFIP_SUCCESS == status);
      CHECK((sfvar_ip_in(var, ip) == false));
@@ -404,12 +404,12 @@ TEST_CASE("SfVarTable_Kitchen_Sink", "[SfVarTable]")
      /* Check boundary cases */
      var = sfvt_lookup_var(table, "goo");
      snort_free(ip);
-    ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp));
+    ip = (SfIp *)snort_alloc(sizeof(SfIp));
      status = ip->set("192.168.0.3");
      CHECK(SFIP_SUCCESS == status);
      CHECK((sfvar_ip_in(var, ip) == false));
      snort_free(ip);
-    ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp));
+    ip = (SfIp *)snort_alloc(sizeof(SfIp));
      status = ip->set("192.168.0.2");
      CHECK(SFIP_SUCCESS == status);
      CHECK((sfvar_ip_in(var, ip) == true));
diff --git a/src/stream/flush_bucket.cc b/src/stream/flush_bucket.cc

index 05915d4b16d4e86927e51b4cd44149e902536209..b19fd15a3a87d2a375cae817e54c4e0c356cc621 100644 (file)
--- a/src/stream/flush_bucket.cc
+++ b/src/stream/flush_bucket.cc
@@ -28,6 +28,8 @@
  
  #include "main/snort_config.h"
  
+using namespace snort;
+
  //-------------------------------------------------------------------------
  // static base members
  //-------------------------------------------------------------------------
@@ -42,7 +44,7 @@ void FlushBucket::set(unsigned sz)
      if ( sz )
          s_flush_bucket = new ConstFlushBucket(sz);
  
-    else if ( snort::SnortConfig::static_hash() )
+    else if ( SnortConfig::static_hash() )
          s_flush_bucket = new StaticFlushBucket;
  
      else
diff --git a/src/stream/libtcp/tcp_stream_session.cc b/src/stream/libtcp/tcp_stream_session.cc

index a0583947826a4b706ab5612b5ee54147ddbab577..820dfb5a00a44e4072759bcc5974c4ffa5c51f6d 100644 (file)
--- a/src/stream/libtcp/tcp_stream_session.cc
+++ b/src/stream/libtcp/tcp_stream_session.cc
@@ -275,7 +275,7 @@ int TcpStreamSession::update_alert(Packet* p, uint32_t gid, uint32_t sid,
      return -1;
  }
  
-bool TcpStreamSession::set_packet_action_to_hold(snort::Packet* p)
+bool TcpStreamSession::set_packet_action_to_hold(Packet* p)
  {
      return listener->set_held_packet(p);
  }
diff --git a/src/stream/libtcp/tcp_stream_tracker.cc b/src/stream/libtcp/tcp_stream_tracker.cc

index 5d8dac6352c7201ab67627f291c516817851b802..13c1f05f786868b2cac7bc63282bda6bea8812f4 100644 (file)
--- a/src/stream/libtcp/tcp_stream_tracker.cc
+++ b/src/stream/libtcp/tcp_stream_tracker.cc
@@ -669,7 +669,7 @@ bool TcpStreamTracker::is_segment_seq_valid(TcpSegmentDescriptor& tsd)
      return valid_seq;
  }
  
-bool TcpStreamTracker::set_held_packet(snort::Packet* p)
+bool TcpStreamTracker::set_held_packet(Packet* p)
  {
      // FIXIT-M - limit of packets held per packet thread should be determined based on runtime criteria
      //           such as # of DAQ Msg buffers, # of threads, etc... for now we use small number like 10
@@ -694,7 +694,7 @@ bool TcpStreamTracker::set_held_packet(snort::Packet* p)
      return false;
  }
  
-bool TcpStreamTracker::is_retransmit_of_held_packet(snort::Packet* cp)
+bool TcpStreamTracker::is_retransmit_of_held_packet(Packet* cp)
  {
      if ( !held_packet or ( cp->daq_msg == held_packet ) )
          return false;
@@ -709,7 +709,7 @@ bool TcpStreamTracker::is_retransmit_of_held_packet(snort::Packet* cp)
      return false;
  }
  
-void TcpStreamTracker::finalize_held_packet(snort::Packet* cp)
+void TcpStreamTracker::finalize_held_packet(Packet* cp)
  {
      if ( held_packet )
      {
@@ -730,7 +730,7 @@ void TcpStreamTracker::finalize_held_packet(snort::Packet* cp)
      }
  }
  
-void TcpStreamTracker::finalize_held_packet(snort::Flow* flow)
+void TcpStreamTracker::finalize_held_packet(Flow* flow)
  {
      if ( held_packet )
      {
diff --git a/src/stream/paf.cc b/src/stream/paf.cc

index a307358ebb16f8be04d062efbe654722ba89e53c..d74904ed962960698182fe5166f3dab2410bba5e 100644 (file)
--- a/src/stream/paf.cc
+++ b/src/stream/paf.cc
@@ -57,7 +57,7 @@ struct PafAux
  // max paf max = max datagram - eth mtu - 255 = 63780
  #define MAX_PAF_MAX (65535 -  PAF_LIMIT_FUZZ - 255)
  
-THREAD_LOCAL snort::ProfileStats pafPerfStats;
+THREAD_LOCAL ProfileStats pafPerfStats;
  
  //--------------------------------------------------------------------
  
diff --git a/src/stream/tcp/segment_overlap_editor.cc b/src/stream/tcp/segment_overlap_editor.cc

index ba410a289bb191c65534aae3ba568e8999874fb0..7c89cb56c598bcacf2d7fa6e1017823fbadb01a0 100644 (file)
--- a/src/stream/tcp/segment_overlap_editor.cc
+++ b/src/stream/tcp/segment_overlap_editor.cc
@@ -32,12 +32,13 @@
  #include "tcp_normalizers.h"
  #include "tcp_session.h"
  
+using namespace snort;
  
-static void set_retransmit_flag(snort::Packet* p)
+static void set_retransmit_flag(Packet* p)
  {
-    if ( snort::PacketTracer::is_active() )
+    if ( PacketTracer::is_active() )
      {
-        snort::PacketTracer::log("Packet was retransmitted and %s from the retry queue.\n",
+        PacketTracer::log("Packet was retransmitted and %s from the retry queue.\n",
              p->is_retry() ? "is" : "is not");
      }
  
@@ -517,12 +518,12 @@ int SegmentOverlapEditor::full_right_overlap_os5(TcpReassemblerState& trs)
  
  void SegmentOverlapEditor::print(TcpReassemblerState& trs)
  {
-    snort::LogMessage("    seglist_base_seq:   %X\n", trs.sos.seglist_base_seq);
-    snort::LogMessage("    seglist head:       %p\n", (void*)trs.sos.seglist.head);
-    snort::LogMessage("    seglist tail:       %p\n", (void*)trs.sos.seglist.tail);
-    snort::LogMessage("    seglist current:    %p\n", (void*)trs.sos.seglist.cur_rseg);
-    snort::LogMessage("    seg_count:          %d\n", trs.sos.seg_count);
-    snort::LogMessage("    seg_bytes_total:    %d\n", trs.sos.seg_bytes_total);
-    snort::LogMessage("    seg_bytes_logical:  %d\n", trs.sos.seg_bytes_logical);
+    LogMessage("    seglist_base_seq:   %X\n", trs.sos.seglist_base_seq);
+    LogMessage("    seglist head:       %p\n", (void*)trs.sos.seglist.head);
+    LogMessage("    seglist tail:       %p\n", (void*)trs.sos.seglist.tail);
+    LogMessage("    seglist current:    %p\n", (void*)trs.sos.seglist.cur_rseg);
+    LogMessage("    seg_count:          %d\n", trs.sos.seg_count);
+    LogMessage("    seg_bytes_total:    %d\n", trs.sos.seg_bytes_total);
+    LogMessage("    seg_bytes_logical:  %d\n", trs.sos.seg_bytes_logical);
  }
  
diff --git a/src/stream/tcp/tcp_event_logger.cc b/src/stream/tcp/tcp_event_logger.cc

index 2c7c08487dd419a9fdf810486767d8f30921cb79..63629a03243ec27e33db7c068ca714b04f613fb3 100644 (file)
--- a/src/stream/tcp/tcp_event_logger.cc
+++ b/src/stream/tcp/tcp_event_logger.cc
@@ -32,6 +32,8 @@
  
  #include "tcp_module.h"
  
+using namespace snort;
+
  struct tcp_event_sid
  {
      uint32_t event_id;
@@ -69,10 +71,10 @@ struct tcp_event_sid tcp_event_sids[] =
  
  void TcpEventLogger::log_internal_event(uint32_t eventSid)
  {
-    if (is_internal_event_enabled(snort::SnortConfig::get_conf()->rate_filter_config, eventSid))
+    if (is_internal_event_enabled(SnortConfig::get_conf()->rate_filter_config, eventSid))
      {
          tcpStats.internalEvents++;
-        snort::DetectionEngine::queue_event(GID_SESSION, eventSid);
+        DetectionEngine::queue_event(GID_SESSION, eventSid);
      }
  }
  
@@ -83,7 +85,7 @@ void TcpEventLogger::log_tcp_events()
          uint32_t idx = ffs(tcp_events);
          if ( idx )
          {
-            snort::DetectionEngine::queue_event(GID_STREAM_TCP, tcp_event_sids[ idx ].sid);
+            DetectionEngine::queue_event(GID_STREAM_TCP, tcp_event_sids[ idx ].sid);
              tcp_events ^= tcp_event_sids[ idx ].event_id;
              tcpStats.events++;
          }
diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc

index 69db3d00d7f3971d459c57371d46356a53ffff02..1d04d43faf3325191c62f55c45c343758d5ec98f 100644 (file)
--- a/src/stream/tcp/tcp_module.cc
+++ b/src/stream/tcp/tcp_module.cc
@@ -29,7 +29,6 @@
  #include "stream/paf.h"
  
  using namespace snort;
-using namespace std;
  
  //-------------------------------------------------------------------------
  // stream_tcp module
diff --git a/src/stream/tcp/tcp_state_close_wait.cc b/src/stream/tcp/tcp_state_close_wait.cc

index 441ad1b5bf6e62d162ef3d6dcc0dba5df35fa4fe..1c2dba0eed421264d59447ff4b197710b1b58c14 100644 (file)
--- a/src/stream/tcp/tcp_state_close_wait.cc
+++ b/src/stream/tcp/tcp_state_close_wait.cc
@@ -33,7 +33,7 @@
  #include "catch/snort_catch.h"
  #endif
  
-using namespace std;
+using namespace snort;
  
  TcpStateCloseWait::TcpStateCloseWait(TcpStateMachine& tsm) :
      TcpStateHandler(TcpStreamTracker::TCP_CLOSE_WAIT, tsm)
@@ -84,7 +84,7 @@ bool TcpStateCloseWait::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& tr
  
  bool TcpStateCloseWait::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
-    snort::Flow* flow = tsd.get_flow();
+    Flow* flow = tsd.get_flow();
  
      trk.update_tracker_ack_recv(tsd);
  
diff --git a/src/stream/tcp/tcp_state_closed.cc b/src/stream/tcp/tcp_state_closed.cc

index dfacd1f701032422836acba35b7c0bdf0a0ad15a..517241e337f39e2865155eafac63a908d4700134 100644 (file)
--- a/src/stream/tcp/tcp_state_closed.cc
+++ b/src/stream/tcp/tcp_state_closed.cc
@@ -31,6 +31,8 @@
  #include "catch/snort_catch.h"
  #endif
  
+using namespace snort;
+
  TcpStateClosed::TcpStateClosed(TcpStateMachine& tsm) :
      TcpStateHandler(TcpStreamTracker::TCP_CLOSED, tsm)
  {
@@ -44,7 +46,7 @@ bool TcpStateClosed::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  
  bool TcpStateClosed::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
-    snort::Flow* flow = tsd.get_flow();
+    Flow* flow = tsd.get_flow();
      flow->set_expire(tsd.get_pkt(), trk.session->config->session_timeout);
      return true;
  }
@@ -63,7 +65,7 @@ bool TcpStateClosed::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  
  bool TcpStateClosed::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
-    snort::Flow* flow = tsd.get_flow();
+    Flow* flow = tsd.get_flow();
  
      trk.update_tracker_ack_sent(tsd);
      // data on a segment when we're not accepting data any more alert!
@@ -135,7 +137,7 @@ bool TcpStateClosed::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpStr
      if ( trk.get_tcp_event() != TcpStreamTracker::TCP_FIN_RECV_EVENT )
      {
          TcpStreamTracker::TcpState talker_state = trk.session->get_talker_state();
-        snort::Flow* flow = tsd.get_flow();
+        Flow* flow = tsd.get_flow();
  
          if ( ( talker_state == TcpStreamTracker::TCP_TIME_WAIT ) || !flow->two_way_traffic() )
          {
@@ -157,7 +159,7 @@ bool TcpStateClosed::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpStr
  TEST_CASE("TCP State Closed", "[tcp_closed_state][stream_tcp]")
  {
      // initialization code here
-    snort::Flow* flow = new snort::Flow;
+    Flow* flow = new Flow;
      TcpStreamTracker* ctrk = new TcpStreamTracker(true);
      TcpStreamTracker* strk = new TcpStreamTracker(false);
      TcpEventLogger* tel = new TcpEventLogger;
diff --git a/src/stream/tcp/tcp_state_closing.cc b/src/stream/tcp/tcp_state_closing.cc

index 6a5b2d50b3fe7613310dddfaa87a5e16d3fa0523..7ae77f8f19e88be5a0c906fc935cb9de3c63e60e 100644 (file)
--- a/src/stream/tcp/tcp_state_closing.cc
+++ b/src/stream/tcp/tcp_state_closing.cc
@@ -32,7 +32,7 @@
  #include "catch/snort_catch.h"
  #endif
  
-using namespace std;
+using namespace snort;
  
  TcpStateClosing::TcpStateClosing(TcpStateMachine& tsm) :
      TcpStateHandler(TcpStreamTracker::TCP_CLOSING, tsm)
@@ -89,7 +89,7 @@ bool TcpStateClosing::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  
  bool TcpStateClosing::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
-    snort::Flow* flow = tsd.get_flow();
+    Flow* flow = tsd.get_flow();
  
      trk.update_tracker_ack_recv(tsd);
      if ( SEQ_GT(tsd.get_seg_seq(), trk.get_fin_final_seq() ) )
diff --git a/src/stream/tcp/tcp_state_fin_wait1.cc b/src/stream/tcp/tcp_state_fin_wait1.cc

index 916a03fd6ae857f8fe128642a9efd41946d6562b..f1a8baa22afafcbf84634a4a59cbf116ff10b59d 100644 (file)
--- a/src/stream/tcp/tcp_state_fin_wait1.cc
+++ b/src/stream/tcp/tcp_state_fin_wait1.cc
@@ -29,7 +29,7 @@
  #include "tcp_module.h"
  #include "tcp_session.h"
  
-using namespace std;
+using namespace snort;
  
  TcpStateFinWait1::TcpStateFinWait1(TcpStateMachine& tsm) :
      TcpStateHandler(TcpStreamTracker::TCP_FIN_WAIT1, tsm)
@@ -95,7 +95,7 @@ bool TcpStateFinWait1::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk
  
  bool TcpStateFinWait1::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
-    snort::Flow* flow = tsd.get_flow();
+    Flow* flow = tsd.get_flow();
  
      trk.update_tracker_ack_recv(tsd);
      if ( trk.update_on_fin_recv(tsd) )
diff --git a/src/stream/tcp/tcp_state_fin_wait2.cc b/src/stream/tcp/tcp_state_fin_wait2.cc

index 070105068036675c4758bfadc87aa0fad7898582..37738109ebffbe89ce79a2966ea2069f592d1d2f 100644 (file)
--- a/src/stream/tcp/tcp_state_fin_wait2.cc
+++ b/src/stream/tcp/tcp_state_fin_wait2.cc
@@ -28,7 +28,7 @@
  #include "tcp_normalizers.h"
  #include "tcp_session.h"
  
-using namespace std;
+using namespace snort;
  
  TcpStateFinWait2::TcpStateFinWait2(TcpStateMachine& tsm) :
      TcpStateHandler(TcpStreamTracker::TCP_FIN_WAIT2, tsm)
@@ -103,7 +103,7 @@ bool TcpStateFinWait2::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker
  
  bool TcpStateFinWait2::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
-    snort::Flow* flow = tsd.get_flow();
+    Flow* flow = tsd.get_flow();
  
      trk.update_tracker_ack_recv(tsd);
      if ( trk.update_on_fin_recv(tsd) )
diff --git a/src/stream/tcp/tcp_state_last_ack.cc b/src/stream/tcp/tcp_state_last_ack.cc

index 1bd5dd1714682500d53ccc573a0846858c1822a0..0964c764543adc2a379dc8335a735ad2e3ffba33 100644 (file)
--- a/src/stream/tcp/tcp_state_last_ack.cc
+++ b/src/stream/tcp/tcp_state_last_ack.cc
@@ -28,7 +28,7 @@
  #include "tcp_normalizers.h"
  #include "tcp_session.h"
  
-using namespace std;
+using namespace snort;
  
  TcpStateLastAck::TcpStateLastAck(TcpStateMachine& tsm) :
      TcpStateHandler(TcpStreamTracker::TCP_LAST_ACK, tsm)
@@ -85,7 +85,7 @@ bool TcpStateLastAck::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  
  bool TcpStateLastAck::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
-    snort::Flow* flow = tsd.get_flow();
+    Flow* flow = tsd.get_flow();
  
      trk.update_tracker_ack_recv(tsd);
      if ( SEQ_EQ(tsd.get_seg_ack(), trk.get_snd_nxt() ) )
@@ -129,7 +129,7 @@ bool TcpStateLastAck::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpSt
          ( trk.get_tcp_event() != TcpStreamTracker::TCP_FIN_RECV_EVENT ) )
      {
          TcpStreamTracker::TcpState talker_state = trk.session->get_talker_state();
-        snort::Flow* flow = tsd.get_flow();
+        Flow* flow = tsd.get_flow();
  
          if ( ( talker_state == TcpStreamTracker::TCP_TIME_WAIT )
              || ( talker_state == TcpStreamTracker::TCP_CLOSED ) )
diff --git a/src/stream/tcp/tcp_state_syn_recv.cc b/src/stream/tcp/tcp_state_syn_recv.cc

index 0ac5ffb7e99b5e0bb7397dfc417ffdec60af2692..528c9807baf3ab332c51882d1757392fe80430bc 100644 (file)
--- a/src/stream/tcp/tcp_state_syn_recv.cc
+++ b/src/stream/tcp/tcp_state_syn_recv.cc
@@ -30,7 +30,6 @@
  #include "tcp_session.h"
  
  using namespace snort;
-using namespace std;
  
  TcpStateSynRecv::TcpStateSynRecv(TcpStateMachine& tsm) :
      TcpStateHandler(TcpStreamTracker::TCP_SYN_RECV, tsm)
diff --git a/src/stream/tcp/tcp_state_syn_sent.cc b/src/stream/tcp/tcp_state_syn_sent.cc

index 7d98b502deb4a4d002a8090cc00667b7324fc3dc..b923bb15577e32919cef196458d9bcc7f2fbcd43 100644 (file)
--- a/src/stream/tcp/tcp_state_syn_sent.cc
+++ b/src/stream/tcp/tcp_state_syn_sent.cc
@@ -27,7 +27,7 @@
  
  #include "tcp_session.h"
  
-using namespace std;
+using namespace snort;
  
  TcpStateSynSent::TcpStateSynSent(TcpStateMachine& tsm) :
      TcpStateHandler(TcpStreamTracker::TCP_SYN_SENT, tsm)
@@ -64,7 +64,7 @@ bool TcpStateSynSent::syn_ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker&
  
  bool TcpStateSynSent::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
-    snort::Flow* flow = tsd.get_flow();
+    Flow* flow = tsd.get_flow();
  
      // FIXIT-H verify ack being sent is valid...
      trk.update_tracker_ack_sent(tsd);
@@ -85,7 +85,7 @@ bool TcpStateSynSent::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  
  bool TcpStateSynSent::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk)
  {
-    snort::Flow* flow = tsd.get_flow();
+    Flow* flow = tsd.get_flow();
  
      // FIXIT-H verify ack being sent is valid...
      trk.update_tracker_ack_sent(tsd);
diff --git a/src/stream/tcp/tcp_state_time_wait.cc b/src/stream/tcp/tcp_state_time_wait.cc

index 3209fa7eb6d9043f51026745dba2367479ba6410..9d3ffd6bd8d9ce6702335b9b249b11e923e01726 100644 (file)
--- a/src/stream/tcp/tcp_state_time_wait.cc
+++ b/src/stream/tcp/tcp_state_time_wait.cc
@@ -28,7 +28,7 @@
  #include "tcp_normalizers.h"
  #include "tcp_session.h"
  
-using namespace std;
+using namespace snort;
  
  TcpStateTimeWait::TcpStateTimeWait(TcpStateMachine& tsm) :
      TcpStateHandler(TcpStreamTracker::TCP_TIME_WAIT, tsm)
@@ -113,7 +113,7 @@ bool TcpStateTimeWait::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpS
      if ( trk.get_tcp_event() != TcpStreamTracker::TCP_FIN_RECV_EVENT )
      {
          TcpStreamTracker::TcpState talker_state = trk.session->get_talker_state();
-        snort::Flow* flow = tsd.get_flow();
+        Flow* flow = tsd.get_flow();
  
          if ( ( talker_state == TcpStreamTracker::TCP_TIME_WAIT )
              || ( talker_state == TcpStreamTracker::TCP_CLOSED ) )
author	Michael Altizer (mialtize) <mialtize@cisco.com>
	Tue, 15 Oct 2019 14:27:30 +0000 (10:27 -0400)
committer	Michael Altizer (mialtize) <mialtize@cisco.com>
	Tue, 15 Oct 2019 14:27:30 +0000 (10:27 -0400)
src/actions/act_reject.cc		patch \| blob \| blame \| history
src/actions/ips_actions.cc		patch \| blob \| blame \| history
src/codecs/ip/cd_ipv4.cc		patch \| blob \| blame \| history
src/connectors/connectors.cc		patch \| blob \| blame \| history
src/detection/fp_create.cc		patch \| blob \| blame \| history
src/detection/pcrm.cc		patch \| blob \| blame \| history
src/detection/regex_offload.cc		patch \| blob \| blame \| history
src/detection/rules.cc		patch \| blob \| blame \| history
src/detection/treenodes.cc		patch \| blob \| blame \| history
src/events/event.cc		patch \| blob \| blame \| history
src/file_api/file_capture.h		patch \| blob \| blame \| history
src/file_api/file_config.cc		patch \| blob \| blame \| history
src/file_api/file_identifier.cc		patch \| blob \| blame \| history
src/file_api/file_lib.h		patch \| blob \| blame \| history
src/file_api/file_policy.cc		patch \| blob \| blame \| history
src/file_api/file_segment.cc		patch \| blob \| blame \| history
src/filters/detection_filter.cc		patch \| blob \| blame \| history
src/filters/rate_filter.cc		patch \| blob \| blame \| history
src/filters/sfrf.cc		patch \| blob \| blame \| history
src/filters/sfrf_test.cc		patch \| blob \| blame \| history
src/filters/sfthd.cc		patch \| blob \| blame \| history
src/filters/sfthd_test.cc		patch \| blob \| blame \| history
src/filters/sfthreshold.cc		patch \| blob \| blame \| history
src/flow/test/flow_test.cc		patch \| blob \| blame \| history
src/flow/test/session_test.cc		patch \| blob \| blame \| history
src/framework/data_bus.cc		patch \| blob \| blame \| history
src/hash/hashfcn.cc		patch \| blob \| blame \| history
src/helpers/chunk.cc		patch \| blob \| blame \| history
src/helpers/discovery_filter.cc		patch \| blob \| blame \| history
src/helpers/process.cc		patch \| blob \| blame \| history
src/host_tracker/host_cache_module.cc		patch \| blob \| blame \| history
src/ips_options/asn1_util.cc		patch \| blob \| blame \| history
src/ips_options/ips_content.cc		patch \| blob \| blame \| history
src/ips_options/ips_sd_pattern.cc		patch \| blob \| blame \| history
src/log/messages.cc		patch \| blob \| blame \| history
src/lua/lua.cc		patch \| blob \| blame \| history
src/main/analyzer_command.cc		patch \| blob \| blame \| history
src/main/control.cc		patch \| blob \| blame \| history
src/main/request.cc		patch \| blob \| blame \| history
src/main/snort_debug.cc		patch \| blob \| blame \| history
src/main/swapper.cc		patch \| blob \| blame \| history
src/main/thread.cc		patch \| blob \| blame \| history
src/main/thread_config.cc		patch \| blob \| blame \| history
src/managers/inspector_manager.cc		patch \| blob \| blame \| history
src/managers/module_manager.cc		patch \| blob \| blame \| history
src/managers/so_manager.cc		patch \| blob \| blame \| history
src/memory/memory_cap.cc		patch \| blob \| blame \| history
src/memory/prune_handler.cc		patch \| blob \| blame \| history
src/mime/decode_b64.cc		patch \| blob \| blame \| history
src/mime/decode_qp.cc		patch \| blob \| blame \| history
src/mime/decode_uu.cc		patch \| blob \| blame \| history
src/mime/file_mime_config.cc		patch \| blob \| blame \| history
src/mime/file_mime_decode.cc		patch \| blob \| blame \| history
src/mime/file_mime_log.h		patch \| blob \| blame \| history
src/network_inspectors/appid/app_info_table.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_app_descriptor.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_discovery.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_http_session.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_peg_counts.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_stats.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_utils/sf_mlmp.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_utils/sf_multi_mpse.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/client_plugins/client_detector.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/detector_plugins/detector_dns.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/detector_plugins/detector_imap.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/detector_plugins/detector_kerberos.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/detector_plugins/detector_pattern.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/detector_plugins/detector_pop3.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/detector_plugins/detector_smtp.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/detector_plugins/http_url_patterns.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/lua_detector_flow_api.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_mdns.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_rexec.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_rshell.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_snmp.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_tftp.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/test/appid_api_test.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/test/appid_debug_test.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/test/appid_detector_test.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/test/appid_discovery_test.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/test/appid_expected_flags_test.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/test/appid_http_event_test.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/test/appid_http_session_test.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/test/appid_session_api_test.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/test/service_state_test.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/test/tp_mock.cc		patch \| blob \| blame \| history
src/network_inspectors/arp_spoof/arp_module.cc		patch \| blob \| blame \| history
src/network_inspectors/arp_spoof/arp_spoof.cc		patch \| blob \| blame \| history
src/network_inspectors/normalize/norm.cc		patch \| blob \| blame \| history
src/network_inspectors/normalize/norm_module.cc		patch \| blob \| blame \| history
src/network_inspectors/normalize/normalize.cc		patch \| blob \| blame \| history
src/network_inspectors/perf_monitor/cpu_tracker.cc		patch \| blob \| blame \| history
src/network_inspectors/perf_monitor/perf_module.cc		patch \| blob \| blame \| history
src/network_inspectors/perf_monitor/perf_tracker.cc		patch \| blob \| blame \| history
src/network_inspectors/port_scan/ps_module.cc		patch \| blob \| blame \| history
src/network_inspectors/reputation/reputation_parse.cc		patch \| blob \| blame \| history
src/network_inspectors/rna/rna_pnd.cc		patch \| blob \| blame \| history
src/packet_io/active.cc		patch \| blob \| blame \| history
src/parser/parse_ip.cc		patch \| blob \| blame \| history
src/parser/parse_ports.cc		patch \| blob \| blame \| history
src/parser/parse_stream.cc		patch \| blob \| blame \| history
src/parser/vars.cc		patch \| blob \| blame \| history
src/piglet/piglet.cc		patch \| blob \| blame \| history
src/piglet_plugins/pp_search_engine_iface.cc		patch \| blob \| blame \| history
src/ports/port_object.cc		patch \| blob \| blame \| history
src/ports/port_utils.cc		patch \| blob \| blame \| history
src/ports/rule_port_tables.cc		patch \| blob \| blame \| history
src/protocols/packet_manager.cc		patch \| blob \| blame \| history
src/search_engines/acsmx.cc		patch \| blob \| blame \| history
src/search_engines/acsmx2.cc		patch \| blob \| blame \| history
src/search_engines/bnfa_search.cc		patch \| blob \| blame \| history
src/service_inspectors/back_orifice/back_orifice.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/dce_common.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/dce_smb.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/dce_smb_commands.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/dce_smb_module.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/dce_smb_module.h		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/dce_smb_transaction.cc		patch \| blob \| blame \| history
src/service_inspectors/dce_rpc/smb_message.cc		patch \| blob \| blame \| history
src/service_inspectors/ftp_telnet/ft_main.cc		patch \| blob \| blame \| history
src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc		patch \| blob \| blame \| history
src/service_inspectors/ftp_telnet/ftp_data.cc		patch \| blob \| blame \| history
src/service_inspectors/ftp_telnet/ftp_parse.cc		patch \| blob \| blame \| history
src/service_inspectors/ftp_telnet/pp_ftp.cc		patch \| blob \| blame \| history
src/service_inspectors/gtp/gtp_parser.cc		patch \| blob \| blame \| history
src/service_inspectors/http2_inspect/http2_stream_splitter.cc		patch \| blob \| blame \| history
src/service_inspectors/http2_inspect/http2_tables.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_js_norm.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_msg_body.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_msg_header.h		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_msg_request.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_msg_section.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_msg_status.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_msg_trailer.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_stream_splitter_finish.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_stream_splitter_scan.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_tables.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_uri.cc		patch \| blob \| blame \| history
src/service_inspectors/http_inspect/http_uri_norm.cc		patch \| blob \| blame \| history
src/service_inspectors/imap/imap_config.h		patch \| blob \| blame \| history
src/service_inspectors/pop/pop_config.h		patch \| blob \| blame \| history
src/service_inspectors/sip/test/sip_splitter_scan_test.cc		patch \| blob \| blame \| history
src/service_inspectors/smtp/smtp.cc		patch \| blob \| blame \| history
src/service_inspectors/smtp/smtp_config.h		patch \| blob \| blame \| history
src/service_inspectors/smtp/smtp_normalize.cc		patch \| blob \| blame \| history
src/service_inspectors/smtp/smtp_xlink2state.cc		patch \| blob \| blame \| history
src/sfip/sf_ipvar.cc		patch \| blob \| blame \| history
src/sfip/sf_vartable.cc		patch \| blob \| blame \| history
src/stream/flush_bucket.cc		patch \| blob \| blame \| history
src/stream/libtcp/tcp_stream_session.cc		patch \| blob \| blame \| history
src/stream/libtcp/tcp_stream_tracker.cc		patch \| blob \| blame \| history
src/stream/paf.cc		patch \| blob \| blame \| history
src/stream/tcp/segment_overlap_editor.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_event_logger.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_module.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_close_wait.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_closed.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_closing.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_fin_wait1.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_fin_wait2.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_last_ack.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_syn_recv.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_syn_sent.cc		patch \| blob \| blame \| history
src/stream/tcp/tcp_state_time_wait.cc		patch \| blob \| blame \| history