Merge pull request #705 in SNORT/snort3 from sdf_out_mask to master

Squashed commit of the following:

commit 969cf8b3badde3bd15c7c58613fff279a76bb690
Author: Bhagya Tholpady <bbantwal@cisco.com>
Date:   Mon Nov 14 12:14:59 2016 -0500

    sdf changes

diff --git a/src/log/log_text.cc b/src/log/log_text.cc
index 631f8f992d38541c877ea67b22ac97e6c73989b0..6e8c2cc96b11f2577162dae69937e49451cc1c22 100644 (file)
--- a/src/log/log_text.cc
+++ b/src/log/log_text.cc
@@ -1502,7 +1502,7 @@ void LogPayload(TextLog* log, Packet* p)
                 std::string buf(p->data, p->data + p->dsize);
 
                 for ( const auto& b : *p->obfuscator )
-                    buf.replace(b.offset, b.length, b.length, '.');
+                    buf.replace(b.offset, b.length, b.length, p->obfuscator->get_mask_char());
 
                 LogNetData(log, (const uint8_t*)buf.c_str(), p->dsize, p);
             }

diff --git a/src/log/obfuscator.h b/src/log/obfuscator.h
index 67a67abdfe8c3a8d0b7a91ab7c7c94f527c1675d..aa2be6e835c7431200ec7472adbfcf72b8c09304 100644 (file)
--- a/src/log/obfuscator.h
+++ b/src/log/obfuscator.h
@@ -65,9 +65,13 @@ public:
     bool first(ObfuscatorBlock &b);
     bool next(ObfuscatorBlock &b);
 
+    const char get_mask_char()
+    { return mask_char; }
+
 private:
     ObSet blocks;
     iterator it;
+    const char mask_char = 'X';
 };
 
 #endif

diff --git a/src/loggers/unified2.cc b/src/loggers/unified2.cc
index ed2a169083d97a1c6bec66c54721f91d109c3e40..5b137c44a3841e7bc84ffb46d6ad7d61580dfa31 100644 (file)
--- a/src/loggers/unified2.cc
+++ b/src/loggers/unified2.cc
@@ -555,7 +555,7 @@ static void _Unified2LogPacketAlert(
                 off = 0;
 
             for ( const auto& b : *p->obfuscator )
-                memset(&start[ off + b.offset ], '.', b.length);
+                memset(&start[ off + b.offset ], p->obfuscator->get_mask_char(), b.length);
         }
     }