/* Initialize non-zero invariant packet header fields. */
DAQ_PktHdr_t *pkthdr = &desc->pkthdr;
- pkthdr->address_space_id = 0;
pkthdr->ingress_index = DAQ_PKTHDR_UNKNOWN;
pkthdr->ingress_group = DAQ_PKTHDR_UNKNOWN;
pkthdr->egress_index = DAQ_PKTHDR_UNKNOWN;
pkthdr->egress_group = DAQ_PKTHDR_UNKNOWN;
- pkthdr->flags = 0;
/* Initialize non-zero invariant message header fields. */
DAQ_Msg_t *msg = &desc->msg;
/* Initialize non-zero invariant packet header fields. */
DAQ_PktHdr_t *pkthdr = &desc->pkthdr;
- pkthdr->address_space_id = 0;
pkthdr->ingress_index = DAQ_PKTHDR_UNKNOWN;
pkthdr->ingress_group = DAQ_PKTHDR_UNKNOWN;
pkthdr->egress_index = DAQ_PKTHDR_UNKNOWN;
pkthdr->egress_group = DAQ_PKTHDR_UNKNOWN;
- pkthdr->flags = 0;
/* Initialize non-zero invariant message header fields. */
DAQ_Msg_t *msg = &desc->msg;
"%" SCNu8 " " /* is_qos_applied_on_src_intf */ \
"%" SCNu32 " " /* sof_timestamp.tv_sec */ \
"%" SCNu32 " " /* eof_timestamp.tv_sec */ \
+ "%" SCNu32 " " /* address_space_id */ \
+ "%" SCNu32 " " /* tenant_id */ \
"%" SCNu16 " " /* vlan_tag */ \
- "%" SCNu16 " " /* address_space_id */ \
"%" SCNu8 " " /* protocol */ \
"%" SCNu8 /* flags */
-#define FLOWSTATS_ITEMS 22
+#define FLOWSTATS_ITEMS 23
DAQ_FlowStats_t* f = &desc->flowstats;
char srcaddr[INET6_ADDRSTRLEN], dstaddr[INET6_ADDRSTRLEN];
uint32_t sof_sec, eof_sec;
&f->egress_intf, srcaddr, &f->initiator_port, dstaddr, &f->responder_port, &f->opaque,
&f->initiator_pkts, &f->responder_pkts, &f->initiator_pkts_dropped, &f->responder_pkts_dropped,
&f->initiator_bytes_dropped, &f->responder_bytes_dropped, &f->is_qos_applied_on_src_intf,
- &sof_sec, &eof_sec, &f->vlan_tag, &f->address_space_id,
+ &sof_sec, &eof_sec, &f->address_space_id, &f->tenant_id, &f->vlan_tag,
&f->protocol, &f->flags);
if (rval != FLOWSTATS_ITEMS)
return false;
$packet <addr> <port> -> <addr> <port>
- $sof <i32:ingressZone> <i32:egressZone> <i32:ingressIntf> <i32:egressIntf> <s:srcIp> <i16:srcPort> <s:destIp> <i16:dstPort> <u32:opaque> <u64:initiatorPkts> <u64:responderPkts> <u64:initiatorPktsDropped> <u64:responderPktsDropped> <u64:initiatorBytesDropped> <u64:responderBytesDropped> <u8:isQosAppliedOnSrcIntf> <timeval:sof_timestamp> <timeval:eof_timestamp> <u16:vlan> <u16:address_space_id> <u8:protocol>
- $eof <i32:ingressZone> <i32:egressZone> <i32:ingressIntf> <i32:egressIntf> <s:srcIp> <i16:srcPort> <s:destIp> <i16:dstPort> <u32:opaque> <u64:initiatorPkts> <u64:responderPkts> <u64:initiatorPktsDropped> <u64:responderPktsDropped> <u64:initiatorBytesDropped> <u64:responderBytesDropped> <u8:isQosAppliedOnSrcIntf> <timeval:sof_timestamp> <timeval:eof_timestamp> <u16:vlan> <u16:address_space_id> <u8:protocol>
+ $sof <i32:ingressZone> <i32:egressZone> <i32:ingressIntf> <i32:egressIntf> <s:srcIp> <i16:srcPort> <s:destIp> <i16:dstPort> <u32:opaque> <u64:initiatorPkts> <u64:responderPkts> <u64:initiatorPktsDropped> <u64:responderPktsDropped> <u64:initiatorBytesDropped> <u64:responderBytesDropped> <u8:isQosAppliedOnSrcIntf> <timeval:sof_timestamp> <timeval:eof_timestamp> <u32:address_space_id> <u32:tenant_id> <u16:vlan> <u8:protocol> <u8:flags>
+ $eof <i32:ingressZone> <i32:egressZone> <i32:ingressIntf> <i32:egressIntf> <s:srcIp> <i16:srcPort> <s:destIp> <i16:dstPort> <u32:opaque> <u64:initiatorPkts> <u64:responderPkts> <u64:initiatorPktsDropped> <u64:responderPktsDropped> <u64:initiatorBytesDropped> <u64:responderBytesDropped> <u8:isQosAppliedOnSrcIntf> <timeval:sof_timestamp> <timeval:eof_timestamp> <u32:address_space_id> <u32:tenant_id> <u16:vlan> <u8:protocol> <u8:flags>
Client and server are determined as follows. $packet -> client indicates
to the client (from server) and $packet -> server indicates a packet to the
opaque = 0,
flow_id = 0,
address_space_id = 0
+ tenant_id = 0
}
VALUES =
opaque = 8,
flow_id = 9,
address_space_id = 10
+ tenant_id = 11
}
tests =
{
_daq_pkt_hdr pkthdr = {};
pkthdr.address_space_id = key->addressSpaceId;
+ pkthdr.tenant_id = tenant;
select_default_policy(pkthdr, sc);
}
}
flow->server_group = p->pkth->egress_group;
}
- flow->tenant = p->get_flow_geneve_vni();
+ flow->tenant = p->pkth->tenant_id;
flow->flags.app_direction_swapped = false;
if ( flow->ssn_state.direction == FROM_CLIENT )
vlan_tag = 0;
}
-void FlowKey::init_address_space(const SnortConfig* sc, uint16_t addrSpaceId)
+void FlowKey::init_address_space(const SnortConfig* sc, uint32_t addrSpaceId)
{
if (!sc->address_space_agnostic())
addressSpaceId = addrSpaceId;
const SfIp *srcIP, uint16_t srcPort,
const SfIp *dstIP, uint16_t dstPort,
uint16_t vlanId, uint32_t mplsId,
- uint16_t addrSpaceId, int16_t ingress_group,
+ uint32_t addrSpaceId, int16_t ingress_group,
int16_t egress_group)
{
bool reversed;
init_address_space(sc, addrSpaceId);
init_mpls(sc, mplsId);
- if (ingress_group == DAQ_PKTHDR_UNKNOWN or egress_group == DAQ_PKTHDR_UNKNOWN)
- flags.group_used = 0;
- else
- flags.group_used = 1;
+ padding = flags.padding_bits = 0;
+ flags.group_used = (ingress_group != DAQ_PKTHDR_UNKNOWN and egress_group != DAQ_PKTHDR_UNKNOWN);
init_groups(ingress_group, egress_group, reversed);
- flags.ubits = 0;
return reversed;
}
init_address_space(sc, pkt_hdr.address_space_id);
init_mpls(sc, mplsId);
+ padding = flags.padding_bits = 0;
flags.group_used = ((pkt_hdr.flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS) != 0);
init_groups(pkt_hdr.ingress_group, pkt_hdr.egress_group, reversed);
- flags.ubits = 0;
-
return reversed;
}
PktType type, IpProtocol ip_proto,
const SfIp *srcIP, const SfIp *dstIP,
uint32_t id, uint16_t vlanId,
- uint32_t mplsId, uint16_t addrSpaceId,
+ uint32_t mplsId, uint32_t addrSpaceId,
int16_t ingress_group, int16_t egress_group)
{
// to avoid confusing 2 different datagrams or confusing a datagram
init_address_space(sc, addrSpaceId);
init_mpls(sc, mplsId);
- if (ingress_group == DAQ_PKTHDR_UNKNOWN or egress_group == DAQ_PKTHDR_UNKNOWN)
- flags.group_used = 0;
- else
- flags.group_used = 1;
+ padding = flags.padding_bits = 0;
+ flags.group_used = (ingress_group != DAQ_PKTHDR_UNKNOWN and egress_group != DAQ_PKTHDR_UNKNOWN);
init_groups(ingress_group, egress_group, reversed);
- flags.ubits = 0;
-
return false;
}
init_address_space(sc, pkt_hdr.address_space_id);
init_mpls(sc, mplsId);
+ padding = flags.padding_bits = 0;
+
flags.group_used = ((pkt_hdr.flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS) != 0);
init_groups(pkt_hdr.ingress_group, pkt_hdr.egress_group, reversed);
- flags.ubits = 0;
-
return false;
}
{
const uint64_t* a = (const uint64_t*)s1;
const uint64_t* b = (const uint64_t*)s2;
- const uint32_t* c;
- const uint32_t* d;
if (*a - *b)
return false; /* Compares IPv4 lo/hi
a++;
b++;
if (*a - *b)
- return false; /* Compares MPLS label, port lo/hi */
+ return false; /* Compares MPLS label, addressSpaceId */
a++;
b++;
if (*a - *b)
- return false; /* Compares group lo/hi, addressSpaceId, vlan */
+ return false; /* Compares port lo/hi, group lo/hi, vlan */
- c = (const uint32_t*)(++a);
- d = (const uint32_t*)(++b);
- if (*c - *d)
- return false; /* ip_proto, type, version, 8 bit pad */
+ a++;
+ b++;
+ if (*a - *b)
+ return false; /* vlan, pad, ip_proto, type, version, flags */
return true;
}
mix(a, b, c);
- a += d[9]; // port lo & port hi
- b += d[10]; // group lo & group hi
- c += d[11]; // addressSpaceId, vlan
+ a += d[9]; // addressSpaceId
+ b += d[10]; // port lo & port hi
+ c += d[11]; // group lo & group hi
mix(a, b, c);
- a += d[12]; // ip_proto, pkt_type, version, 8 bits of zeroed pad
+ a += d[12]; // vlan & pad
+ b += d[13]; // ip_proto, pkt_type, version, flags
finalize(a, b, c);
uint32_t ip_l[4]; /* Low IP */
uint32_t ip_h[4]; /* High IP */
uint32_t mplsLabel;
+ uint32_t addressSpaceId;
uint16_t port_l; /* Low Port - 0 if ICMP */
uint16_t port_h; /* High Port - 0 if ICMP */
int16_t group_l;
int16_t group_h;
- uint16_t addressSpaceId;
uint16_t vlan_tag;
+ uint16_t padding;
uint8_t ip_protocol;
PktType pkt_type;
uint8_t version;
- struct {
- uint8_t group_used:1; // Is group being used to build key.
- uint8_t ubits:7;
+ struct
+ {
+ bool group_used : 1;
+ uint8_t padding_bits : 7;
} flags;
/* The init() functions return true if the key IP/port fields were actively
const SnortConfig*, PktType, IpProtocol,
const snort::SfIp *srcIP, uint16_t srcPort,
const snort::SfIp *dstIP, uint16_t dstPort,
- uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId,
+ uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId,
int16_t group_h = DAQ_PKTHDR_UNKNOWN, int16_t group_l = DAQ_PKTHDR_UNKNOWN);
bool init(
const SnortConfig*, PktType, IpProtocol,
const snort::SfIp *srcIP, const snort::SfIp *dstIP,
uint32_t id, uint16_t vlanId,
- uint32_t mplsId, uint16_t addrSpaceId,
+ uint32_t mplsId, uint32_t addrSpaceId,
int16_t group_h = DAQ_PKTHDR_UNKNOWN, int16_t group_l = DAQ_PKTHDR_UNKNOWN);
bool init(
void init_mpls(const SnortConfig*, uint32_t);
void init_vlan(const SnortConfig*, uint16_t);
- void init_address_space(const SnortConfig*, uint16_t);
+ void init_address_space(const SnortConfig*, uint32_t);
void init_groups(int16_t, int16_t, bool);
// If this data structure changes size, compare must be updated!
const SfIp*, uint16_t,
const SfIp*, uint16_t,
uint16_t, uint32_t,
- uint16_t, int16_t, int16_t)
+ uint32_t, int16_t, int16_t)
{
return true;
}
PktType, IpProtocol,
const SfIp*, const SfIp*,
uint32_t, uint16_t,
- uint32_t, uint16_t, int16_t,
+ uint32_t, uint32_t, int16_t,
int16_t)
{
return true;
static const FlowKey s_test_key =
{
- { 1, 2, 3, 4 },
- { 5, 6, 7, 8 },
- 9,
- 10,
- 11,
- 0,
- 0,
- 0,
- 12,
- 14,
- PktType::TCP,
- 14,
- 0,
- 0
+ /* .ip_l = */ { 1, 2, 3, 4 },
+ /* .ip_h = */ { 5, 6, 7, 8 },
+ /* .mplsLabel = */ 9,
+ /* .addressSpaceId = */ 0,
+ /* .port_l = */ 10,
+ /* .port_h = */ 11,
+ /* .group_l = */ 0,
+ /* .group_h = */ 0,
+ /* .vlan_tag = */ 12,
+ /* .padding = */ 0,
+ /* .ip_protocol = */ 14,
+ /* .pkt_type = */ PktType::TCP,
+ /* .version = */ 14,
+ /* .flags = */ 0,
};
static struct __attribute__((__packed__)) TestDeleteMessage {
{
HA_DELETE_EVENT,
HA_MESSAGE_VERSION,
- 0x39,
+ 61,
KEY_TYPE_IP6
},
s_test_key
HAMessageHeader mhdr;
FlowKey key;
HAClientHeader schdr;
+ // cppcheck-suppress unusedStructMember
uint8_t scmsg[10];
} s_update_stream_message =
{
{
HA_UPDATE_EVENT,
HA_MESSAGE_VERSION,
- 0x45,
+ 73,
KEY_TYPE_IP6
},
s_test_key,
struct __attribute__((__packed__))
{
HAClientHeader chdr = { 0, 0x42 };
+ // cppcheck-suppress unusedStructMember
uint8_t cmsg[0x42 / 2] = { };
} input;
HAMessage msg((uint8_t*) &input, sizeof(input));
struct __attribute__((__packed__))
{
HAClientHeader chdr = { 0, 10 };
+ // cppcheck-suppress unusedStructMember
uint8_t cmsg[0x42 / 2] = { };
} input;
HAMessage msg((uint8_t*) &input, sizeof(input));
"%hhu " // is_qos_applied_on_src_intf
"%ld " // sof_timestamp.tv_sec
"%ld " // eof_timestamp.tv_sec
+ "%u " // address_space_id
+ "%u " // tenant_id
"%hu " // vlan_tag
- "%hu " // address_space_id
- "%hhu" // protocol
+ "%hhu " // protocol
+ "%hhu" // flags
"\n",
cmd,
fs->ingress_group,
fs->is_qos_applied_on_src_intf,
fs->sof_timestamp.tv_sec,
fs->eof_timestamp.tv_sec,
- vlan_tag,
fs->address_space_id,
- fs->protocol);
+ fs->tenant_id,
+ vlan_tag,
+ fs->protocol,
+ fs->flags);
}
{
using type = T;
using AccessorCallback = void (*)(lua_State*, int, T&);
+ using ConstAccessorCallback = void (*)(lua_State*, int, const T&);
const char* name;
const luaL_Reg* methods;
return 0;
}
- int default_getter(lua_State* L, AccessorCallback acb) const
+ int default_getter(lua_State* L, ConstAccessorCallback acb) const
{
auto& self = this->get(L);
lua_newtable(L);
THREAD_LOCAL AppIdDebug* appidDebug = nullptr;
void AppIdDebug::activate(const uint32_t* ip1, const uint32_t* ip2, uint16_t port1,
- uint16_t port2, IpProtocol protocol, const int version, uint16_t address_space_id,
+ uint16_t port2, IpProtocol protocol, const int version, uint32_t address_space_id,
const AppIdSession* session, bool log_all_sessions, int16_t group1, int16_t group2,
bool inter_group_flow)
{
snprintf(gr_buf, sizeof(gr_buf), " GR=%hd-%hd", sgroup, dgroup);
snprintf(debug_session, sizeof(debug_session),
- "%s %hu -> %s %hu %hhu AS=%hu ID=%u%s",
+ "%s %hu -> %s %hu %hhu AS=%u ID=%u%s",
sipstr, sport, dipstr, dport, static_cast<uint8_t>(protocol),
address_space_id, get_instance_id(), gr_buf);
}
AppIdDebug() = default;
void activate(const uint32_t* ip1, const uint32_t* ip2, uint16_t port1, uint16_t port2,
- IpProtocol protocol, const int version, uint16_t address_space_id,
+ IpProtocol protocol, const int version, uint32_t address_space_id,
const AppIdSession* session, bool log_all_sessions, int16_t group1 = DAQ_PKTHDR_UNKNOWN,
int16_t group2 = DAQ_PKTHDR_UNKNOWN, bool inter_group_flow = false);
void activate(const snort::Flow *flow, const AppIdSession* session, bool log_all_sessions);
}
AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port,
- AppIdInspector& inspector, OdpContext& odp_ctxt, uint16_t asid)
+ AppIdInspector& inspector, OdpContext& odp_ctxt, uint32_t asid)
: FlowData(inspector_id, &inspector), config(inspector.get_ctxt().config),
initiator_port(port), asid(asid), protocol(proto),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(odp_ctxt),
{
public:
AppIdSession(IpProtocol, const snort::SfIp*, uint16_t port, AppIdInspector&,
- OdpContext&, uint16_t asid = 0);
+ OdpContext&, uint32_t asid = 0);
~AppIdSession() override;
static AppIdSession* allocate_session(const snort::Packet*, IpProtocol,
std::unordered_map<unsigned, AppIdFlowData*> flow_data;
uint64_t flags = 0;
uint16_t initiator_port = 0;
- uint16_t asid = 0;
+ uint32_t asid = 0;
uint16_t session_packet_count = 0;
uint16_t init_pkts_without_reply = 0;
AppIdContext stub_ctxt(stub_config);
OdpContext stub_odp_ctxt(stub_config, nullptr);
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector,
- OdpContext& odpctxt, uint16_t) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector),
+ OdpContext& odpctxt, uint32_t) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector),
config(stub_config), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(odpctxt)
{
this->set_session_flags(APPID_SESSION_DISCOVER_APP);
}
ServiceDiscoveryState* AppIdServiceState::add(const SfIp* ip, IpProtocol proto, uint16_t port,
- int16_t group, uint16_t asid, bool decrypted, bool do_touch)
+ int16_t group, uint32_t asid, bool decrypted, bool do_touch)
{
return service_state_cache->add( AppIdServiceStateKey(ip, proto, port, group,
asid, decrypted), do_touch );
}
ServiceDiscoveryState* AppIdServiceState::get(const SfIp* ip, IpProtocol proto, uint16_t port,
- int16_t group, uint16_t asid, bool decrypted, bool do_touch)
+ int16_t group, uint32_t asid, bool decrypted, bool do_touch)
{
return service_state_cache->get( AppIdServiceStateKey(ip, proto, port, group,
asid, decrypted), do_touch);
}
void AppIdServiceState::remove(const SfIp* ip, IpProtocol proto, uint16_t port,
- int16_t group, uint16_t asid, bool decrypted)
+ int16_t group, uint32_t asid, bool decrypted)
{
AppIdServiceStateKey ssk(ip, proto, port, group, asid, decrypted);
Map_t::iterator it = service_state_cache->find(ssk);
}
void AppIdServiceState::check_reset(AppIdSession& asd, const SfIp* ip, uint16_t port,
- int16_t group, uint16_t asid)
+ int16_t group, uint32_t asid)
{
ServiceDiscoveryState* sds = AppIdServiceState::get(ip, IpProtocol::TCP, port,
group, asid, asd.is_decrypted());
static bool initialize(size_t memcap);
static void clean();
static ServiceDiscoveryState* add(const snort::SfIp*, IpProtocol, uint16_t port,
- int16_t group, uint16_t asid, bool decrypted, bool do_touch = false);
+ int16_t group, uint32_t asid, bool decrypted, bool do_touch = false);
static ServiceDiscoveryState* get(const snort::SfIp*, IpProtocol, uint16_t port,
- int16_t group, uint16_t asid, bool decrypted, bool do_touch = false);
+ int16_t group, uint32_t asid, bool decrypted, bool do_touch = false);
static void remove(const snort::SfIp*, IpProtocol, uint16_t port,
- int16_t group, uint16_t asid, bool decrypted);
+ int16_t group, uint32_t asid, bool decrypted);
static void check_reset(AppIdSession& asd, const snort::SfIp* ip, uint16_t port,
- int16_t group, uint16_t asid);
+ int16_t group, uint32_t asid);
static bool prune(size_t max_memory = 0, size_t num_items = -1u);
};
struct AppIdServiceStateKey
{
AppIdServiceStateKey(const snort::SfIp* ip,
- IpProtocol proto, uint16_t port, int16_t group, uint16_t asid, bool decrypted) :
- ip(*ip), port(port), group(group), asid(asid), decrypted(decrypted), proto(proto)
+ IpProtocol proto, uint16_t port, int16_t group, uint32_t asid, bool decrypted) :
+ ip(*ip), port(port), asid(asid), group(group), decrypted(decrypted), proto(proto)
{ }
bool operator<(const AppIdServiceStateKey& right) const
snort::SfIp ip;
uint16_t port;
+ uint32_t asid;
int16_t group;
- uint16_t asid;
bool decrypted;
IpProtocol proto;
};
AppIdContext stub_ctxt(stub_config);
OdpContext stub_odp_ctxt(stub_config, nullptr);
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&,
- OdpContext&, uint16_t) : FlowData(0), config(stub_config),
+ OdpContext&, uint32_t) : FlowData(0), config(stub_config),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { }
AppIdSession::~AppIdSession() = default;
uint16_t sport = 48620;
uint16_t dport = 80;
IpProtocol protocol = IpProtocol::TCP;
- uint16_t address_space_id = 0;
+ uint32_t address_space_id = 0;
// The session...
session.initiator_port = sport;
// activate()
uint16_t sport = 80;
uint16_t dport = 48620;
IpProtocol protocol = IpProtocol::TCP;
- uint16_t address_space_id = 0;
+ uint32_t address_space_id = 0;
// The session...
session.initiator_port = dport; // session initiator is now dst
// activate()
uint16_t sport = 1234;
uint16_t dport = 443;
IpProtocol protocol = IpProtocol::UDP; // also threw in UDP and address space ID for kicks
- uint16_t address_space_id = 100;
+ uint32_t address_space_id = 100;
// The session...
session.initiator_port = sport;
// activate()
uint16_t sport = 48620;
uint16_t dport = 80;
IpProtocol protocol = IpProtocol::TCP;
- uint16_t address_space_id = 0;
+ uint32_t address_space_id = 0;
// The session...
session.initiator_port = 0; // no initiator port yet (uses IPs)
// activate()
uint16_t sport = 80;
uint16_t dport = 48620;
IpProtocol protocol = IpProtocol::TCP;
- uint16_t address_space_id = 0;
+ uint32_t address_space_id = 0;
// The session...
session.initiator_port = 0; // no initiator port yet (uses IPs)... and reversed packet dir from above
// activate()
uint16_t sport = 0;
uint16_t dport = 0;
IpProtocol protocol = IpProtocol::PROTO_NOT_SET;
- uint16_t address_space_id = 0;
+ uint32_t address_space_id = 0;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
protocol, 4, address_space_id, nullptr, false); // null session
uint16_t sport = 48620;
uint16_t dport = 80;
IpProtocol protocol = IpProtocol::UDP; // but this packet is UDP instead
- uint16_t address_space_id = 0;
+ uint32_t address_space_id = 0;
// The session...
session.initiator_port = sport;
// activate()
uint16_t sport = 48620;
uint16_t dport = 80;
IpProtocol protocol = IpProtocol::TCP;
- uint16_t address_space_id = 0;
+ uint32_t address_space_id = 0;
// The session...
session.initiator_port = sport;
// activate()
uint16_t sport = 48620;
uint16_t dport = 80;
IpProtocol protocol = IpProtocol::TCP;
- uint16_t address_space_id = 0;
+ uint32_t address_space_id = 0;
// The session...
session.initiator_port = sport;
// activate()
uint16_t sport = 48620;
uint16_t dport = 80;
IpProtocol protocol = IpProtocol::TCP;
- uint16_t address_space_id = 0;
+ uint32_t address_space_id = 0;
// The session...
session.initiator_port = sport;
// activate()
uint16_t sport = 48620;
uint16_t dport = 80;
IpProtocol protocol = IpProtocol::TCP;
- uint16_t address_space_id = 0;
+ uint32_t address_space_id = 0;
// The session...
session.initiator_port = sport;
// activate()
{
// Stubs for appid api
AppIdApi appid_api;
-const char* AppIdApi::get_application_name(AppId, OdpContext&) { return NULL; }
+const char* AppIdApi::get_application_name(AppId, OdpContext&) { return NULL; }
// Stubs for packet tracer
THREAD_LOCAL PacketTracer* s_pkt_trace = nullptr;
return nullptr;
}
void AppIdServiceState::check_reset(AppIdSession&, const SfIp*, uint16_t,
- int16_t, uint16_t) {}
+ int16_t, uint32_t) {}
bool do_tp_discovery(ThirdPartyAppIdContext& , AppIdSession&, IpProtocol,
Packet*, AppidSessionDirection&, AppidChangeBits&)
{
// AppIdSession mock functions
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector,
- OdpContext&, uint16_t) : FlowData(inspector_id, &inspector), config(stub_config),
+ OdpContext&, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt)
{}
// AppIdDebug mock functions
void AppIdDebug::activate(const uint32_t*, const uint32_t*, uint16_t,
- uint16_t, IpProtocol, const int, uint16_t, const AppIdSession*, bool,
+ uint16_t, IpProtocol, const int, uint32_t, const AppIdSession*, bool,
int16_t, int16_t, bool)
{
}
// Stubs for service_state.h
ServiceDiscoveryState* AppIdServiceState::get(SfIp const*, IpProtocol,
- unsigned short, int16_t, uint16_t, bool, bool)
+ unsigned short, int16_t, uint32_t, bool, bool)
{
return nullptr;
}
ServiceDiscoveryState* AppIdServiceState::add(SfIp const*, IpProtocol,
- unsigned short, int16_t, uint16_t, bool, bool)
+ unsigned short, int16_t, uint32_t, bool, bool)
{
return nullptr;
}
static OdpContext stub_odp_ctxt(stub_config, nullptr);
OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt;
AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t, AppIdInspector& inspector,
- OdpContext&, uint16_t) : FlowData(inspector_id, &inspector), config(stub_config),
+ OdpContext&, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config),
protocol(proto), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt)
{
this->set_session_flags(APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED);
AppIdContext stub_ctxt(stub_config);
OdpContext stub_odp_ctxt(stub_config, nullptr);
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&,
- OdpContext&, uint16_t) : FlowData(0), config(stub_config),
+ OdpContext&, uint32_t) : FlowData(0), config(stub_config),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { }
AppIdSession::~AppIdSession() = default;
AppIdDiscovery::~AppIdDiscovery() = default;
}
else if ( v.is("addr_spaces") )
{
- if (!parse_int_set<uint16_t>(v, binding.when.addr_spaces))
+ if (!parse_int_set<uint32_t>(v, binding.when.addr_spaces))
return false;
binding.when.add_criteria(BindWhen::Criteria::BWC_ADDR_SPACES);
}
if (bw.has_criteria(BindWhen::Criteria::BWC_ADDR_SPACES))
{
- auto addr_spaces = to_string<uint16_t>(bw.addr_spaces);
+ auto addr_spaces = to_string<uint32_t>(bw.addr_spaces);
when += " addr_spaces = " + addr_spaces + ",";
}
if (!when.has_criteria(BindWhen::Criteria::BWC_TENANTS))
return true;
- return when.tenants.count(p->pkth->address_space_id) != 0;
+ return when.tenants.count(p->pkth->tenant_id) != 0;
}
inline bool Binding::check_service(const Flow& flow) const
std::unordered_set<int16_t> src_groups;
std::unordered_set<int16_t> dst_groups;
- std::unordered_set<uint16_t> addr_spaces;
+ std::unordered_set<uint32_t> addr_spaces;
std::unordered_set<uint32_t> tenants;
if (shell_enabled)
{
PacketTracer::log("\n");
- snprintf(debug_session, sizeof(debug_session), "%s %hu -> %s %hu %hhu AS=%hu ID=%u%s ",
+ snprintf(debug_session, sizeof(debug_session), "%s %hu -> %s %hu %hhu AS=%u ID=%u%s ",
sipstr, sport, dipstr, dport, static_cast<uint8_t>(proto),
p.pkth->address_space_id, get_instance_id(), gr_buf);
}
else
{
add_eth_header_info(p);
- PacketTracer::log("%s:%hu -> %s:%hu proto %u AS=%hu ID=%u%s\n",
+ PacketTracer::log("%s:%hu -> %s:%hu proto %u AS=%u ID=%u%s\n",
sipstr, sport, dipstr, dport, static_cast<uint8_t>(proto),
p.pkth->address_space_id, get_instance_id(), gr_buf);
}
snprintf(debug_session, sizeof(debug_session),
"%02X:%02X:%02X:%02X:%02X:%02X -> %02X:%02X:%02X:%02X:%02X:%02X %04X"
- " AS=%hu ID=%u%s ",
+ " AS=%u ID=%u%s ",
eh->ether_src[0], eh->ether_src[1], eh->ether_src[2],
eh->ether_src[3], eh->ether_src[4], eh->ether_src[5],
eh->ether_dst[0], eh->ether_dst[1], eh->ether_dst[2],
{
int protocol;
SfIp scanner;
- SfIp scanned;
int16_t group;
- uint16_t asid;
+ SfIp scanned;
+ uint16_t pad;
+ uint32_t asid;
};
PADDING_GUARD_END
ps_pkt->proto = key.protocol;
key.asid = p->pkth->address_space_id;
+ key.pad = 0;
/*
** Let's lookup the host that is being scanned, taking into account
table.get_field("ip6_csum_proto", reinterpret_cast<uint8_t&>(self.ip6_csum_proto));
}
-static void get_fields(lua_State* L, int tindex, CodecData& self)
+static void get_fields(lua_State* L, int tindex, const CodecData& self)
{
Lua::Table table(L, tindex);
table.get_field("opaque", self.opaque);
table.get_field("flow_id", self.flow_id);
table.get_field("address_space_id", self.address_space_id);
+ table.get_field("tenant_id", self.tenant_id);
// FIXIT-L do we want to be able to set the priv_ptr field?
}
-static void get_fields(lua_State* L, int tindex, DAQ_PktHdr_t& self)
+static void get_fields(lua_State* L, int tindex, const DAQ_PktHdr_t& self)
{
Lua::Table table(L, tindex);
table.set_field("opaque", self.opaque);
table.set_field("flow_id", self.flow_id);
table.set_field("address_space_id", self.address_space_id);
+ table.set_field("tenant_id", self.tenant_id);
}
static const luaL_Reg methods[] =
self.type = static_cast<PktType>(pkt_type);
}
-static void get_fields(lua_State* L, int tindex, DecodeData& self)
+static void get_fields(lua_State* L, int tindex, const DecodeData& self)
{
Lua::Table table(L, tindex);
table.set_field("user_network_policy_id", self.user_network_policy_id);
}
-static void get_fields(lua_State* L, int tindex, Packet& self)
+static void get_fields(lua_State* L, int tindex, const Packet& self)
{
Lua::Table table(L, tindex);
bool AddressSpaceSelector::select_default_policies(const _daq_pkt_hdr& pkthdr,
const SnortConfig* sc)
-{
- return select_default_policies(static_cast<uint32_t>(pkthdr.address_space_id), sc);
-}
+{ return select_default_policies(static_cast<uint32_t>(pkthdr.address_space_id), sc); }
bool AddressSpaceSelector::select_default_policies(const _daq_flow_stats& stats,
const SnortConfig* sc)
-{
- return select_default_policies(static_cast<uint32_t>(stats.address_space_id), sc);
-}
+{ return select_default_policies(static_cast<uint32_t>(stats.address_space_id), sc); }
//-------------------------------------------------------------------------
// api stuff
}
bool TenantSelector::select_default_policies(const _daq_pkt_hdr& pkthdr, const SnortConfig* sc)
-{
- // FIXIT-H replace address_space_id with tenant_id when it is added to the pkthdr
- return select_default_policies(static_cast<uint32_t>(pkthdr.address_space_id), sc);
-}
+{ return select_default_policies(static_cast<uint32_t>(pkthdr.tenant_id), sc); }
bool TenantSelector::select_default_policies(const _daq_flow_stats& stats, const SnortConfig* sc)
-{
- // FIXIT-H replace address_space_id with tenant_id when it is added to the pkthdr
- return select_default_policies(static_cast<uint32_t>(stats.address_space_id), sc);
-}
+{ return select_default_policies(static_cast<uint32_t>(stats.tenant_id), sc); }
//-------------------------------------------------------------------------
// api stuff
pkth->egress_group = phdr->egress_group;
pkth->flags = phdr->flags;
pkth->address_space_id = phdr->address_space_id;
+ pkth->tenant_id = phdr->tenant_id;
pkth->opaque = opaque;
}
key.ip_protocol = flow_key->ip_protocol;
key.pkt_type = (uint8_t)flow_key->pkt_type;
key.version = flow_key->version;
- key.padding = 0;
+ key.padding = key.padding16 = 0;
Smb2KeyHash hasher;
return hasher(key);
key.cgroup = flow->client_group;
key.sgroup = flow->server_group;
key.asid = flow->key->addressSpaceId;
- key.padding = 0;
return key;
}
SMB_DEBUG(dce_smb_trace, DEFAULT_TRACE_OPTION_ID, TRACE_DEBUG_LEVEL,
p, "Encrypted header is received \n");
session = find_session(sid);
- if (session)
+ if (session)
{
bool flag = session->get_encryption_flag();
- if (!flag)
- session->set_encryption_flag(true);
+ if (!flag)
+ session->set_encryption_flag(true);
}
}
uint32_t next_command_offset;
uint32_t cip[4];
uint32_t sip[4];
uint64_t sid;
+ uint32_t asid;
int16_t cgroup;
int16_t sgroup;
- uint16_t asid;
- uint16_t padding;
bool operator==(const Smb2SessionKey& other) const
{
uint32_t ip_l[4]; // Low IP
uint32_t ip_h[4]; // High IP
uint32_t mplsLabel;
+ uint32_t addressSpaceId;
uint16_t port_l; // Low Port - 0 if ICMP
uint16_t port_h; // High Port - 0 if ICMP
int16_t group_l;
int16_t group_h;
uint16_t vlan_tag;
- uint16_t addressSpaceId;
+ uint16_t padding16;
uint8_t ip_protocol;
uint8_t pkt_type;
uint8_t version;
a += d[3]; b += d[4]; c += d[5]; mix(a, b, c);
a += d[6]; b += d[7]; c += d[8]; mix(a, b, c);
a += d[9]; b += d[10]; c += d[11]; mix(a, b, c);
- a += d[12]; finalize(a, b, c);
+ a += d[12]; b += d[13]; finalize(a, b, c);
return c;
}
skey.init_vlan(sc, vlan);
skey.init_address_space(sc, 0);
skey.init_mpls(sc, 0);
+ skey.padding = skey.flags.padding_bits = 0;
skey.flags.group_used = p->is_inter_group_flow();
skey.init_groups(p->pkth->ingress_group, p->pkth->egress_group, reversed);
- skey.flags.ubits = 0;
switch (p->type())
{
PktType type, IpProtocol proto,
const SfIp* srcIP, uint16_t srcPort,
const SfIp* dstIP, uint16_t dstPort,
- uint16_t vlan, uint32_t mplsId, uint16_t addressSpaceId,
+ uint16_t vlan, uint32_t mplsId, uint32_t addressSpaceId,
int16_t ingress_group, int16_t egress_group)
{
FlowKey key;
const SfIp* srcIP, uint16_t srcPort,
const SfIp* dstIP, uint16_t dstPort,
uint16_t vlan, uint32_t mplsId,
- uint16_t addressSpaceID, unsigned flowdata_id,
+ uint32_t addressSpaceID, unsigned flowdata_id,
int16_t ingress_group, int16_t egress_group)
{
Flow* flow = get_flow(
TcpStreamSession* tcp_session = (TcpStreamSession*)flow->session;
- if (tcp_session->held_packet_dir == SSN_DIR_NONE)
+ if (tcp_session->held_packet_dir == SSN_DIR_NONE)
return false;
if (tcp_session->held_packet_dir == SSN_DIR_FROM_CLIENT)
static FlowData* get_flow_data(
PktType type, IpProtocol proto,
const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2,
- uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId, unsigned flowdata_id,
+ uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId, unsigned flowdata_id,
int16_t ingress_group = DAQ_PKTHDR_UNKNOWN, int16_t egress_group = DAQ_PKTHDR_UNKNOWN);
static FlowData* get_flow_data(
static Flow* get_flow(
PktType type, IpProtocol proto,
const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2,
- uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId,
+ uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId,
int16_t ingress_group = DAQ_PKTHDR_UNKNOWN, int16_t egress_group = DAQ_PKTHDR_UNKNOWN);
static Flow* get_flow(
EncodeFlags enc_flags = 0;
DAQ_PktHdr_t pkth;
- trs.sos.session->get_packet_header_foo(&pkth, pkt_flags);
+ trs.sos.session->get_packet_header_foo(&pkth, p->pkth, pkt_flags);
PacketManager::format_tcp(enc_flags, p, pdu, PSEUDO_PKT_TCP, &pkth, pkth.opaque);
prep_pdu(trs, trs.sos.session->flow, p, pkt_flags, pdu);
assert(pdu->pkth == pdu->context->pkth);
address_space_id = p->pkth->address_space_id;
}
-void TcpStreamSession::get_packet_header_foo(DAQ_PktHdr_t* pkth, uint32_t dir)
+void TcpStreamSession::get_packet_header_foo(DAQ_PktHdr_t* pkth, const DAQ_PktHdr_t* orig, uint32_t dir)
{
if ( (dir & PKT_FROM_CLIENT) || (egress_index == DAQ_PKTHDR_UNKNOWN &&
egress_group == DAQ_PKTHDR_UNKNOWN) )
pkth->opaque = 0;
pkth->flags = daq_flags;
pkth->address_space_id = address_space_id;
+ pkth->tenant_id = orig->tenant_id;
}
void TcpStreamSession::reset()
void start_proxy();
void set_packet_header_foo(const TcpSegmentDescriptor&);
- void get_packet_header_foo(DAQ_PktHdr_t*, uint32_t dir);
+ void get_packet_header_foo(DAQ_PktHdr_t*, const DAQ_PktHdr_t* orig, uint32_t dir);
bool can_set_no_ack();
bool set_no_ack(bool);
bool no_ack_mode_enabled() { return no_ack; }
int32_t egress_index = DAQ_PKTHDR_UNKNOWN;
int16_t egress_group = DAQ_PKTHDR_UNKNOWN;
uint32_t daq_flags = 0;
- uint16_t address_space_id = 0;
+ uint32_t address_space_id = 0;
bool generate_3whs_alert = true;
TcpStreamConfig* tcp_config = nullptr;
TcpEventLogger tel;
projects / thirdparty / snort3.git / commitdiff
