Squashed commit of the following:
commit
7f1303b3e1e50a8986acd72989e37bb0d8f9461e
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Mar 30 20:35:41 2021 -0400
reputation: Registering inspector to the IT_FIRST type
commit
df1ace6dae83f3959acd3a226de38e54f8940957
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Mar 30 20:11:08 2021 -0400
framework: Adding IT_FIRST inspector type to analyze the first packet of a flow
commit
4be59cff4ad586e556306aa5dba3914d0ccab076
Author: Masud Hasan <mashasan@cisco.com>
Date: Tue Mar 30 15:45:45 2021 -0400
main: Adding reload id to track config/module/policy reloads
unsigned inspection_policy_id;
unsigned ips_policy_id;
unsigned network_policy_id;
- unsigned reputation_id;
+ unsigned reload_id;
uint32_t default_session_timeout;
"wizard",
"packet",
"stream",
+ "first",
"network",
"service",
"control",
IT_WIZARD, // guesses service inspector
IT_PACKET, // processes raw packets only (eg normalize, capture)
IT_STREAM, // flow tracking and reassembly (eg ip, tcp, udp)
- IT_NETWORK, // process packets w/o service (eg arp, bo, rep)
+ IT_FIRST, // analyze 1st pkt of new flow and 1st pkt after reload of ongoing flow (eg rep)
+ IT_NETWORK, // process packets w/o service (eg arp, bo)
IT_SERVICE, // extract and analyze service PDUs (eg dce, http, ssl)
IT_CONTROL, // process all packets before detection (eg appid)
IT_PROBE, // process all packets after detection (eg perf_monitor, port_scan)
}
PluginManager::reload_so_plugins_cleanup(sc);
+ sc->update_reload_id();
SnortConfig::set_conf(sc);
TraceApi::thread_reinit(sc->trace_config);
proc_stats.conf_reloads++;
current_request->respond("== reload failed\n");
return 0;
}
+ sc->update_reload_id();
SnortConfig::set_conf(sc);
proc_stats.policy_reloads++;
current_request->respond("== reload failed\n");
return 0;
}
+ sc->update_reload_id();
SnortConfig::set_conf(sc);
proc_stats.policy_reloads++;
IpsManager::global_init(sc);
sc->post_setup();
+ sc->update_reload_id();
const MpseApi* search_api = sc->fast_pattern_config->get_search_api();
const MpseApi* offload_search_api = sc->fast_pattern_config->get_offload_search_api();
reload_tuners.clear();
}
+void SnortConfig::update_reload_id()
+{
+ static unsigned reload_id_tracker = 0;
+ reload_id = ++reload_id_tracker;
+}
+
void SnortConfig::cleanup_fatal_error()
{
// FIXIT-L need a generic way to manage type other threads
bool cloned = false;
Plugins* plugins = nullptr;
SoRules* so_rules = nullptr;
+ unsigned reload_id = 0;
DumpConfigType dump_config_type = DUMP_CONFIG_NONE;
private:
void clear_reload_resource_tuner_list();
+ void update_reload_id();
+
bool get_default_rule_state() const;
ConfigOutput* create_config_output() const;
PHVector passive;
PHVector packet;
+ PHVector first;
PHVector network;
PHVector session;
PHVector service;
{
passive.alloc(ilist.size());
packet.alloc(ilist.size());
+ first.alloc(ilist.size());
network.alloc(ilist.size());
session.alloc(ilist.size());
service.alloc(ilist.size());
packet.add(p);
break;
+ case IT_FIRST:
+ first.add(p);
+ break;
+
case IT_NETWORK:
network.add(p);
break;
if ( !p->flow )
{
+ if ( fp_dft != fp )
+ ::execute<T>(p, fp_dft->first.vec, fp_dft->first.num);
+ ::execute<T>(p, fp->first.vec, fp->first.num);
+
+ if ( p->disable_inspect )
+ return;
+
if (fp_dft != fp)
::execute<T>(p, fp_dft->network.vec, fp_dft->network.num);
::execute<T>(p, fp->network.vec, fp->network.num);
if ( !p->has_paf_payload() and p->flow->flow_state == Flow::FlowState::INSPECT )
p->flow->session->process(p);
+ if ( p->flow->reload_id != sc->reload_id )
+ {
+ if ( fp_dft != fp )
+ ::execute<T>(p, fp_dft->first.vec, fp_dft->first.num);
+ ::execute<T>(p, fp->first.vec, fp->first.num);
+
+ p->flow->reload_id = sc->reload_id;
+ if ( p->disable_inspect )
+ return;
+ }
+
if ( !p->flow->service )
{
if (fp_dft != fp)
}
}
-static unsigned create_reputation_id()
-{
- static unsigned reputation_id_tracker = 0;
- if (++reputation_id_tracker == 0)
- ++reputation_id_tracker;
- return reputation_id_tracker;
-}
-
static const char* to_string(NestedIP nip)
{
switch (nip)
Reputation::Reputation(ReputationConfig* pc)
{
- reputation_id = create_reputation_id();
config = *pc;
ReputationConfig* conf = &config;
if (!config.list_dir.empty())
if (p->is_rebuilt())
return;
- if (p->flow)
- {
- if (p->flow->reputation_id == reputation_id) // reputation previously checked
- return;
- else
- p->flow->reputation_id = reputation_id; // disable future reputation checking
- }
-
snort_reputation(&config, p);
++reputationstats.packets;
}
mod_ctor,
mod_dtor
},
- IT_NETWORK,
+ IT_FIRST,
PROTO_BIT__ANY_IP,
nullptr, // buffers
nullptr, // service
private:
ReputationConfig config;
- unsigned reputation_id;
};
#endif
projects / thirdparty / snort3.git / commitdiff
