#
-# TODO: Either make a macro or a of platforms and loop over them.
-
-if (${CMAKE_SYSTEM_NAME} MATCHES "openbsd")
- set(OPENBSD "1")
-endif ()
-
-if (${CMAKE_SYSTEM_NAME} MATCHES "solaris")
- set(SOLARIS "1")
-endif ()
-
-if (${CMAKE_SYSTEM_NAME} MATCHES "sunos")
- set(SUNOS "1")
-endif ()
-
-if (${CMAKE_SYSTEM_NAME} MATCHES "linux")
- set(LINUX "1")
-endif ()
-
-if("${CMAKE_SYSTEM_NAME}" MATCHES "Linux")
- set(LINUX "1")
-endif()
-
-if (${CMAKE_SYSTEM_NAME} MATCHES "freebsd")
- set(FREEBSD "1")
-endif ()
-
# APPLE is defined by Cmake
if (APPLE)
- set(MACOS 1)
set(CMAKE_MACOSX_RPATH OFF)
endif()
/* include internal decoders in binary */
#cmakedefine STATIC_CODECS 1
-/* enable proc stats */
-#cmakedefine LINUX_SMP 1
-
-/* pass packet during initialization */
-#cmakedefine INLINE_FAILOPEN 1
-
/* enalbe debug messages */
#cmakedefine DEBUG_MSGS 1
/* enable profiling */
#cmakedefine PROFILE 1
-/* enable sourcefire tweaks */
-#cmakedefine SOURCEFIRE 1
-
/* do not generate a core file on segfault etc */
#cmakedefine NOCOREFILE 1
#cmakedefine USE_TSC_CLOCK 1
-/* platforms */
-
-
-
-/* Define if OpenBSD */
-#cmakedefine OPENBSD 1
-
-/* Define if Irix */
-#cmakedefine IRIX 1
-
-/* Define if Solaris */
-#cmakedefine SOLARIS 1
-
-/* Define if SunOS */
-#cmakedefine SUNOS 1
-
-/* Define if Linux */
-#cmakedefine LINUX 1
-
-/* Define if HP-UX */
-#cmakedefine HPUX 1
-
-/* Define if FreeBSD */
-#cmakedefine FREEBSD 1
-
-/* Define if BSDi */
-#cmakedefine BSDI 1
-
-/* Define if AIX */
-#cmakedefine AIX 1
-
-/* Define if Tru64 or OSF*/
-#cmakedefine OSF1 1
-
-/* Define if MacOS */
-#cmakedefine MACOS 1
-
-
-
/* Print available system types and their sizes */
-
/* Define to 1 if the system has the type `int16_t'. */
#cmakedefine HAVE_INT16_T 1
/* Define to 1 if the system has the type `uint8_t'. */
#cmakedefine HAVE_UINT8_T 1
-/* Define to 1 if the system has the type `u_int16_t'. */
-#cmakedefine HAVE_U_INT16_T 1
-
-/* Define to 1 if the system has the type `u_int32_t'. */
-#cmakedefine HAVE_U_INT32_T 1
-
-/* Define to 1 if the system has the type `u_int64_t'. */
-#cmakedefine HAVE_U_INT64_T 1
-
-/* Define to 1 if the system has the type `u_int8_t'. */
-#cmakedefine HAVE_U_INT8_T 1
-
/* The size of `char', as computed by sizeof. */
#cmakedefine SIZEOF_CHAR @SIZEOF_CHAR@
/* Define if words are big endian */
#cmakedefine WORDS_BIGENDIAN 1
-/* Define if words must align */
-#cmakedefine WORDS_MUSTALIGN 1
-
-
/* Header file definitions */
#cmakedefine HAVE_DUMBNET_H 1
-
/* Available libraries */
/* hyperscan available */
/* Library specific functions */
-/* Can cleanup lex buffer stack created by pcap bpf filter */
-#cmakedefine HAVE_PCAP_LEX_DESTROY 1
-
/* Can output the library version. */
#cmakedefine HAVE_PCAP_LIB_VERSION 1
/* Define if the compiler supports visibility declarations. */
#cmakedefine HAVE_VISIBILITY 1
-/* Define whether linuxthreads is being used */
-#cmakedefine HAVE_LINUXTHREADS 1
-
/* Define if `thread_local` keyword should be used */
#cmakedefine USE_THREAD_LOCAL 1
macos="no"
case "$host" in
- *-openbsd*)
- AC_DEFINE([OPENBSD],[1],[Define if OpenBSD])
- ;;
- *-solaris*)
- AC_DEFINE([SOLARIS],[1],[Define if Solaris])
- ;;
- *-sunos*)
- AC_DEFINE([SUNOS],[1],[Define if SunOS])
- ;;
*-linux*)
linux="yes"
- AC_DEFINE([LINUX],[1],[Define if Linux])
- ;;
- *-freebsd*)
- AC_DEFINE([FREEBSD],[1],[Define if FreeBSD])
;;
*-apple*)
macos="yes"
- AC_DEFINE([MACOS],[1],[Define if MacOS])
esac
#--------------------------------------------------------------------------
AM_CONDITIONAL(MAKE_TEXT_DOC, [test "x$have_w3m" = "xyes" -a "x$have_asciidoc" = "xyes"])
-AC_MSG_CHECKING(for sparc)
-if eval "echo $host_cpu|grep -i sparc >/dev/null"; then
- AC_DEFINE([WORDS_MUSTALIGN],[1],[Define if words must align])
- AC_MSG_RESULT(yes)
-
- # gcc, sparc and optimization not so good
- if test -n "$GCC"; then
- NO_OPTIMIZE="yes"
- fi
-else
- AC_MSG_RESULT(no)
-fi
-
#--------------------------------------------------------------------------
# visibility foo
#--------------------------------------------------------------------------
shouldn't have to sift through implementation details to see what is
available to the client.
+* Any using statements in source files should be added only after all
+ includes have been declared.
+
=== Naming
* Use camel case for namespaces, classes, and types like WhizBangPdfChecker.
* Use lower case identifiers with underscore separators, e.g. some_function()
and my_var.
+* Do not start or end variable names with an underscore. This has a good
+ chance of conflicting with macro and/or system definitions.
+
* Use lower case filenames with underscores.
=== Comments
#endif
#include <string>
-using namespace std;
#include "main/snort_types.h"
#include "main/snort_debug.h"
#include "framework/module.h"
#include "protocols/packet.h"
+using namespace std;
+
#define s_name "http_header"
static THREAD_LOCAL ProfileStats httpHeaderPerfStats;
#include <algorithm>
#include <iostream>
-using namespace std;
#include "main/snort_types.h"
#include "framework/logger.h"
#include "protocols/packet.h"
#include "detection/signature.h"
+using namespace std;
+
static const char* s_name = "alert_ex";
static const char* s_help = "output gid:sid:rev for alerts";
if ( (us.socket = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0 )
FatalError("socket() call failed: %s", get_error(errno));
-#ifdef FREEBSD
+#ifdef __FreeBSD__
int buflen=sizeof(us.alert);
if ( setsockopt(us.socket, SOL_SOCKET, SO_SNDBUF, (char*)&buflen, sizeof(int)) < 0 )
DebugMessage(DEBUG_DECODE, "PPP Packet!\n");
-#ifdef WORDS_MUSTALIGN
- DebugMessage(DEBUG_DECODE, "Packet with PPP header. "
- "PPP is only 1 or 2 bytes and will throw off "
- "alignment on this architecture when decoding IP, "
- "causing a bus error - stop decoding packet.\n");
- return true;
-
-#endif /* WORDS_MUSTALIGN */
-
if (raw.len < 2)
return false;
// not raw ip -> encode layer 2
bool raw = ( enc.flags & ENC_FLAG_RAW );
- if ( !raw && (buf.size() == 0) )
- {
- // for alignment
- if (!buf.allocate(SPARC_TWIDDLE))
- return false;
-
- buf.off = SPARC_TWIDDLE;
- }
-
if ( !raw || (buf.size() != 0) )
{
// we get here for outer-most layer when not raw ip
#include <CppUTest/CommandLineTestRunner.h>
#include <CppUTest/TestHarness.h>
-#ifdef MACOS
+#if defined(__APPLE__)
#define __THROW
#define __SOCKADDR_ARG struct sockaddr*
#define __CONST_SOCKADDR_ARG const struct sockaddr*
int FlowKey::compare(const void* s1, const void* s2, size_t)
{
-#ifndef SPARCV9 /* ie, everything else, use 64bit comparisons */
uint64_t* a,* b;
a = (uint64_t*)s1;
if (*a - *b)
return 1; /* Compares MPLS label, AddressSpace ID and 16bit pad */
-#else /* SPARCV9 */
- uint32_t* a,* b;
-
- a = (uint32_t*)s1;
- b = (uint32_t*)s2;
- if ((*a - *b) || (*(a+1) - *(b+1)))
- return 1; /* Compares IPv4 lo/hi */
- /* Compares IPv6 low[0,1] */
-
- a+=2;
- b+=2;
- if ((*a - *b) || (*(a+1) - *(b+1)))
- return 1; /* Compares port lo/hi, vlan, protocol,
- version */
- /* Compares IPv6 low[2,3] */
-
- a+=2;
- b+=2;
- if ((*a - *b) || (*(a+1) - *(b+1)))
- return 1; /* Compares IPv6 hi[0,1] */
-
- a+=2;
- b+=2;
- if ((*a - *b) || (*(a+1) - *(b+1)))
- return 1; /* Compares IPv6 hi[2,3] */
-
- a+=2;
- b+=2;
- if ((*a - *b) || (*(a+1) - *(b+1)))
- return 1; /* Compares port lo/hi, vlan, protocol,
- version */
-
- a+=2;
- b+=2;
- {
- uint32_t* x, * y;
- x = (uint32_t*)a;
- y = (uint32_t*)b;
- // x++;
- // y++;
- if (*x - *y)
- return 1; /* Compares mpls label */
- }
- a++;
- b++;
- {
- uint16_t* x, * y;
- x = (uint16_t*)a;
- y = (uint16_t*)b;
- // x++;
- // y++;
- if (*x - *y)
- return 1; /* Compares addressSpaceID, no pad */
- }
-#endif /* SPARCV9 */
-
return 0;
}
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-using namespace std;
#include "main/snort_debug.h"
#include "main/snort_types.h"
#include "profiler/profiler.h"
+using namespace std;
+
// this is accumulated only for fast pattern
// searches for the detection engine
static THREAD_LOCAL uint64_t s_bcnt=0;
#include <iomanip>
#include <sstream>
#include <vector>
-using namespace std;
#include "value.h"
#include "utils/dnet_header.h"
+using namespace std;
+
static bool valid_bool(Value& v, const char*)
{
return v.get_type() == Value::VT_BOOL;
#include <string.h>
#include <string>
-using namespace std;
#ifdef UNIT_TEST
#include "catch/catch.hpp"
#endif
+using namespace std;
+
//--------------------------------------------------------------------------
// private parsing methods
//--------------------------------------------------------------------------
#include "sfip/sfip_t.h"
#include "sfip/sf_ip.h"
-using namespace std;
-
#ifdef UNIT_TEST
#include "catch/catch.hpp"
#endif
+using namespace std;
+
Value::~Value()
{
if ( ss )
h->usrfree = usrfree;
h->keysize = keysize;
-#ifdef WORDS_MUSTALIGN
- if ((h->keysize) & 7)
- h->pad = (8 - ((h->keysize) & 7));
-#else
h->pad = 0;
-#endif
h->datasize = datasize;
h->nrows = nrows;
h->max_nodes = 0;
#endif
#include <iostream>
-using namespace std;
#include "main.h"
#include "main/thread.h"
#include "helpers/ring.h"
#include "parser/parser.h"
+using namespace std;
+
#ifndef SIGNAL_SNORT_RELOAD
#define SIGNAL_SNORT_RELOAD SIGHUP
#endif
void init_signals()
{
-#if defined(LINUX) || defined(FREEBSD) || defined(OPENBSD) || \
- defined(SOLARIS) || defined(BSD) || defined(MACOS)
sigset_t set;
sigemptyset(&set);
// FIXIT-L this is undefined for multithreaded apps
sigprocmask(SIG_SETMASK, &set, NULL);
-#else
- sigsetmask(0);
-#endif
/* Make this prog behave nicely when signals come along.
* Windows doesn't like all of these signals, and will
#include "framework/parameter.h"
#include "framework/module.h"
+using namespace std;
+
static THREAD_LOCAL ProfileStats byteJumpPerfStats;
#define s_name "byte_jump"
-using namespace std;
typedef struct _ByteJumpData
{
#include <errno.h>
#include <string>
-using namespace std;
#include "extract.h"
#include "ips_byte_extract.h"
#include "framework/parameter.h"
#include "framework/module.h"
+using namespace std;
+
#define PARSELEN 10
#define TEXTLEN (PARSELEN + 2)
#include <string>
#include <forward_list>
-using namespace std;
#include "main/snort_types.h"
#include "main/snort_debug.h"
#include "framework/parameter.h"
#include "framework/module.h"
+using namespace std;
+
#define s_name "flowbits"
static THREAD_LOCAL ProfileStats flowBitsPerfStats;
#include <string>
#include <vector>
-using namespace std;
#include "main/snort_types.h"
#include "main/snort_debug.h"
#include "parser/parse_conf.h"
#include "parser/parser.h"
+using namespace std;
+
#define s_name "metadata"
//-------------------------------------------------------------------------
#include <assert.h>
#include <string>
-using namespace std;
#include "main/snort_config.h"
#include "main/snort_types.h"
#include "hash/sfhashfcn.h"
#include "profiler/profiler.h"
+using namespace std;
+
static void replace_parse(const char* args, string& s)
{
bool negated;
#endif
#include <string>
-using namespace std;
#include "framework/parameter.h"
#include "framework/module.h"
#include "detection/treenodes.h"
#include "profiler/profiler.h"
+using namespace std;
+
#define s_name "so"
static THREAD_LOCAL ProfileStats soPerfStats;
#include <string>
#include <mutex>
-using namespace std;
#include "log_text.h"
#include "main/snort_debug.h"
// default logger stuff
//--------------------------------------------------------------------
-static mutex log_mutex;
+static std::mutex log_mutex;
static TextLog* text_log = NULL;
#include <errno.h>
#include <signal.h>
+extern "C" {
+#include <sfbpf_dlt.h>
+}
+
#include "log.h"
#include "text_log.h"
#include "obfuscator.h"
#endif
#include <sys/types.h>
-#ifdef LINUX
+#if defined(__linux__)
#include <stdint.h>
#endif
#include <netinet/in.h>
unified2.cc
)
-if (LINUX)
+if("${CMAKE_SYSTEM_NAME}" MATCHES "Linux")
set ( LOGGER_SOURCES
${LOGGER_SOURCES}
alert_sf_socket.cc
#include "packet_io/active.h"
#include "packet_io/sfdaq.h"
+using namespace std;
+
#define LOG_BUFFER (4*K_BYTES)
static THREAD_LOCAL TextLog* csv_log;
#define S_NAME "alert_csv"
#define F_NAME S_NAME ".txt"
-using namespace std;
-
//-------------------------------------------------------------------------
// field formatting functions
//-------------------------------------------------------------------------
#include "packet_io/intf.h"
#include "events/event.h"
+using namespace std;
+
/* full buf was chosen to allow printing max size packets
* in hex/ascii mode:
* each byte => 2 nibbles + space + ascii + overhead
static THREAD_LOCAL TextLog* fast_log = nullptr;
-using namespace std;
-
#define S_NAME "alert_fast"
#define F_NAME S_NAME ".txt"
#include "packet_io/sfdaq.h"
#include "packet_io/intf.h"
+using namespace std;
+
static THREAD_LOCAL TextLog* full_log = nullptr;
#define LOG_BUFFER (4*K_BYTES)
-using namespace std;
-
#define S_NAME "alert_full"
#define F_NAME S_NAME ".txt"
#include "config.h"
#endif
-#ifdef LINUX
+#if defined(__linux__)
#include <sys/socket.h>
#include <sys/un.h>
#include "target_based/snort_protocols.h"
#include "utils/util.h"
+using namespace std;
+
struct SfSock
{
int connected;
static THREAD_LOCAL SfSock context;
-using namespace std;
typedef vector<RuleId> RuleVector;
#define s_name "alert_sfsocket"
const BaseApi* alert_sf_socket = &sf_sock_api.base;
-#endif /* LINUX */
+#endif /* __linux__ */
#include "packet_io/sfdaq.h"
#include "packet_io/intf.h"
+using namespace std;
+
#ifndef LOG_AUTHPRIV
#define LOG_AUTHPRIV LOG_AUTH
#endif
-using namespace std;
-
#define s_name "alert_syslog"
//-------------------------------------------------------------------------
if ( strstr(s, "ndelay") )
opts |= LOG_NDELAY;
+#ifdef LOG_PERROR
if ( strstr(s, "perror") )
opts |= LOG_PERROR;
+#endif
if ( strstr(s, "pid") )
opts |= LOG_PID;
#include <algorithm>
#include <iostream>
#include <string>
-using namespace std;
#include "main/snort_types.h"
#include "framework/logger.h"
#include "log/text_log.h"
#include "sfip/sf_ip.h"
+using namespace std;
+
#define S_NAME "log_hext"
#define F_NAME S_NAME ".txt"
#include "utils/util.h"
#include "utils/stats.h"
+using namespace std;
+
/*
* <pcap file> ::= <pcap file hdr> [<pcap pkt hdr> <packet>]*
* on 64 bit systems, some fields in the <pcap * hdr> are 8 bytes
#define PCAP_FILE_HDR_SZ (24)
#define PCAP_PKT_HDR_SZ (16)
-using namespace std;
-
struct LtdConfig
{
string file;
// to ensure PacketManager::log_protocols() is built into Snort++
extern const BaseApi* log_codecs;
-#ifdef LINUX
+#if defined(__linux__)
extern const BaseApi* alert_sf_socket;
#endif
// loggers
log_codecs,
-#ifdef LINUX
+#if defined(__linux__)
alert_sf_socket,
#endif
template<typename T>
using ArgCallback = void (*)(lua_State*, int, T& ud);
- Args(lua_State* _L) : L { _L }, count { lua_gettop(L) } { }
+ Args(lua_State* state) : L { state }, count { lua_gettop(L) } { }
private:
lua_State* L;
struct ArgRef
{
public:
- ArgRef(lua_State* _L, int ct, int i) :
- L { _L }, count { ct }, index { i } { }
+ ArgRef(lua_State* state, int ct, int i) :
+ L { state }, count { ct }, index { i } { }
// We treat nil as !exists
inline bool exists()
#include <string>
#include <thread>
-using namespace std;
#include "main/analyzer.h"
#include "main/shell.h"
#include "piglet/piglet.h"
#endif
+using namespace std;
+
//-------------------------------------------------------------------------
static Swapper* swapper = NULL;
#include <chrono>
#include <thread>
-using namespace std;
#include "snort.h"
#include "snort_debug.h"
#include "memory/memory_cap.h"
#include "packet_io/sfdaq.h"
+using namespace std;
+
typedef DAQ_Verdict
(* PacketCallback)(void*, const DAQ_PktHdr_t*, const uint8_t*);
#include <syslog.h>
#include <iostream>
#include <string>
-using namespace std;
#include "main.h"
#include "main/snort_config.h"
#include "utils/util.h"
#include "helpers/markup.h"
+using namespace std;
+
#define snort_help \
"\n" \
"Snort has several options to get more help:\n" \
#include <stdio.h>
extern "C" {
-#include <daq.h>
+#include <daq_common.h>
}
class Flow;
OUTPUT_FLAG__APP_DATA = 0x00000008, /* -d */
OUTPUT_FLAG__SHOW_DATA_LINK = 0x00000010, /* -e */
- OUTPUT_FLAG__SHOW_WIFI_MGMT = 0x00000020, /* -w */
- OUTPUT_FLAG__USE_UTC = 0x00000040, /* -U */
- OUTPUT_FLAG__INCLUDE_YEAR = 0x00000080, /* -y */
-
+ OUTPUT_FLAG__USE_UTC = 0x00000020, /* -U */
+ OUTPUT_FLAG__INCLUDE_YEAR = 0x00000040, /* -y */
/* Note using this alters the packet - can't be used inline */
- OUTPUT_FLAG__OBFUSCATE = 0x00000100, /* -B */
- OUTPUT_FLAG__ALERT_IFACE = 0x00000200, /* -I */
- OUTPUT_FLAG__NO_TIMESTAMP = 0x00000400, /* --nostamps */
- OUTPUT_FLAG__ALERTS = 0x00000800, /* -A */
+ OUTPUT_FLAG__OBFUSCATE = 0x00000080, /* -B */
+
+ OUTPUT_FLAG__ALERT_IFACE = 0x00000100, /* -I */
+ OUTPUT_FLAG__NO_TIMESTAMP = 0x00000200, /* --nostamps */
+ OUTPUT_FLAG__ALERTS = 0x00000400, /* -A */
};
enum LoggingFlag
static bool line_buffered_logging()
{ return snort_conf->output_flags & OUTPUT_FLAG__LINE_BUFFER; }
- static bool output_wifi_mgmt()
- { return snort_conf->output_flags & OUTPUT_FLAG__SHOW_WIFI_MGMT; }
-
// run flags
static bool no_lock_pid_file()
{ return snort_conf->run_flags & RUN_FLAG__NO_LOCK_PID_FILE; }
#include <string.h>
#include <string>
-using namespace std;
#include "main.h"
#include "snort_config.h"
#include "catch/unit_test.h"
#endif
+using namespace std;
+
//-------------------------------------------------------------------------
// commands
//-------------------------------------------------------------------------
{ "-W", Parameter::PT_IMPLIED, nullptr, nullptr,
"lists available interfaces" },
-#if defined(DLT_IEEE802_11)
- { "-w", Parameter::PT_IMPLIED, nullptr, nullptr,
- "dump 802.11 management and control frames" },
-#endif
-
{ "-X", Parameter::PT_IMPLIED, nullptr, nullptr,
"dump the raw packet data starting at the link layer" },
else if ( v.is("-W") )
list_interfaces(sc);
-#if defined(DLT_IEEE802_11)
- else if ( v.is("-w") )
- sc->output_flags |= OUTPUT_FLAG__SHOW_WIFI_MGMT;
-#endif
-
else if ( v.is("-X") )
ConfigDumpPayloadVerbose(sc, v.get_string());
#include <assert.h>
#include <list>
-using namespace std;
#include "main/snort_types.h"
#include "main/snort_config.h"
#include "actions/act_replace.h"
#include "packet_io/active.h"
+using namespace std;
+
struct Actor
{
const ActionApi* api;
#include <errno.h>
#include <list>
-using namespace std;
#include "plugin_manager.h"
#include "module_manager.h"
#include "parser/parser.h"
#include "log/messages.h"
+using namespace std;
+
struct Output
{
const LogApi* api;
#include <list>
#include <fstream>
-using namespace std;
#include "plugin_manager.h"
#include "main/snort_types.h"
#include "parser/parser.h"
#include "log/messages.h"
+using namespace std;
+
struct Option
{
const IpsApi* api;
void ModuleManager::accumulate(SnortConfig*)
{
- static mutex stats_mutex;
+ static std::mutex stats_mutex;
stats_mutex.lock();
for ( auto p : s_modules )
#include "mpse_manager.h"
#include <list>
-using namespace std;
#include "module_manager.h"
#include "main/snort_types.h"
#include "log/messages.h"
#include "search_engines/search_common.h"
+using namespace std;
+
typedef list<const MpseApi*> EngineList;
static EngineList s_engines;
#include <map>
#include <vector>
#include <iostream>
-using namespace std;
#include "action_manager.h"
#include "event_manager.h"
#include "parser/parser.h"
#include "file_api/file_service.h"
-#if defined(LINUX)
+using namespace std;
+
+#if defined(__linux__)
#define lib_pattern "*.so"
#else
#define lib_pattern "*.dylib"
{ source.clear(); key.clear(); api = nullptr; handle = nullptr; }
};
-typedef map<string, Plugin> PlugMap;
+typedef std::map<string, Plugin> PlugMap;
static PlugMap plug_map;
struct RefCount
//~RefCount() { assert(!count); }; // FIXIT-L fails on fatal error
};
-typedef map<void*, RefCount> RefMap;
+typedef std::map<void*, RefCount> RefMap;
static RefMap ref_map;
static void set_key(string& key, Symbol* sym, const char* name)
#include "piglet/piglet_manager.h"
#endif
+using namespace std;
+
// FIXIT-P this approach results in N * K lua states where
// N ::= number of instances of script + args and
// K ::= number of threads
// ultimately should look into changing detection engine to
// keep just one copy of rule option + args
-using namespace std;
#define script_pattern "*.lua"
//-------------------------------------------------------------------------
#include <iomanip>
#include <iostream>
#include <sstream>
-using namespace std;
#include "plugin_manager.h"
#include "main/snort_types.h"
#include "parser/parser.h"
#include "log/messages.h"
+using namespace std;
+
static list<const SoApi*> s_rules;
//-------------------------------------------------------------------------
&& dsession && dsession->host)
{
size_t size = dsession->host_len;
- dns_host_scan_hostname((const u_int8_t*) (dsession->host), size, &ClientAppId, &payloadAppId,
+ dns_host_scan_hostname((const uint8_t*) (dsession->host), size, &ClientAppId, &payloadAppId,
&pConfig->serviceDnsConfig);
set_client_app_id_data(ClientAppId, nullptr);
}
session->dsession && session->dsession->host )
{
size_t size = session->dsession->host_len;
- dns_host_scan_hostname((const u_int8_t*)session->dsession->host, size, &ClientAppId,
+ dns_host_scan_hostname((const uint8_t*)session->dsession->host, size, &ClientAppId,
&payloadAppId, &pConfig->serviceDnsConfig);
session->set_client_app_id_data(ClientAppId, nullptr);
}
if ((scan_flags & SCAN_SSL_HOST_FLAG) && tsession->tls_host)
{
size = strlen(tsession->tls_host);
- if ((ret = ssl_scan_hostname((const u_int8_t*)tsession->tls_host, size,
+ if ((ret = ssl_scan_hostname((const uint8_t*)tsession->tls_host, size,
&clientAppId, &payload_app_id, &pConfig->serviceSslConfig)))
{
set_client_app_id_data(clientAppId, nullptr);
if (tsession->tls_cname)
{
size = strlen(tsession->tls_cname);
- if ((ret = ssl_scan_cname((const u_int8_t*)tsession->tls_cname, size,
+ if ((ret = ssl_scan_cname((const uint8_t*)tsession->tls_cname, size,
&clientAppId, &payload_app_id, &pConfig->serviceSslConfig)))
{
set_client_app_id_data(clientAppId, nullptr);
if (tsession->tls_orgUnit)
{
size = strlen(tsession->tls_orgUnit);
- if ((ret = ssl_scan_cname((const u_int8_t*)tsession->tls_orgUnit, size,
+ if ((ret = ssl_scan_cname((const uint8_t*)tsession->tls_orgUnit, size,
&clientAppId, &payload_app_id, &pConfig->serviceSslConfig)))
{
set_client_app_id_data(clientAppId, nullptr);
ddPatternNode->partNum,
ddPatternNode->partTotal,
(char*)ddPatternNode->pattern.pattern,
- (u_int32_t)ddPatternNode->pattern.patternSize);
+ (uint32_t)ddPatternNode->pattern.patternSize);
}
if (primaryPatternNode->nextLevelMatcher)
"\t\tid %d, Pattern %s, size %u, partNum %u, partTotal %u, userData %p\n",
ddPatternNode->patternId,
ddPatternNode->pattern.pattern,
- (u_int32_t)ddPatternNode->pattern.patternSize,
+ (uint32_t)ddPatternNode->pattern.patternSize,
ddPatternNode->partNum,
ddPatternNode->partTotal,
ddPatternNode->userData);
"\t\tSELECTED Id %d, pattern %s, size %u, partNum %u, partTotal %u, userData %p\n",
ddPatternNode->patternId,
ddPatternNode->pattern.pattern,
- (u_int32_t)ddPatternNode->pattern.patternSize,
+ (uint32_t)ddPatternNode->pattern.patternSize,
ddPatternNode->partNum,
ddPatternNode->partTotal,
ddPatternNode->userData);
"\tCallback id %d, Pattern %s, size %u, partNum %u, partTotal %u, userData %p\n",
target->patternId,
target->pattern.pattern,
- (u_int32_t)target->pattern.patternSize,
+ (uint32_t)target->pattern.patternSize,
target->partNum,
target->partTotal,
target->userData);
{
printf("%sPattern %s, size %u, userData %p\n", offset,
(char*)patternNode->pattern.pattern,
- (u_int32_t)patternNode->pattern.patternSize,
+ (uint32_t)patternNode->pattern.patternSize,
patternNode->userData);
/*recursion into next lower level */
struct Client_App_Pattern
{
- const u_int8_t* pattern;
+ const uint8_t* pattern;
unsigned length;
int index;
unsigned appId;
struct Client_App_Pattern
{
- const u_int8_t* pattern;
+ const uint8_t* pattern;
unsigned length;
int index;
unsigned appId;
static CLIENT_APP_RETCODE msn_validate(const uint8_t* data, uint16_t size, const int dir,
AppIdSession* flowp, Packet* pkt, struct Detector*, const AppIdConfig*)
{
- const u_int8_t* end;
- u_int8_t version[MAX_VERSION_SIZE];
- u_int8_t* v;
- u_int8_t* v_end;
+ const uint8_t* end;
+ uint8_t version[MAX_VERSION_SIZE];
+ uint8_t* v;
+ uint8_t* v_end;
uint32_t product_id;
product_id = APP_ID_MSN_MESSENGER;
struct Client_App_Pattern
{
- const u_int8_t* pattern;
+ const uint8_t* pattern;
unsigned length;
int index;
unsigned appId;
struct Client_App_Pattern
{
- const u_int8_t* pattern;
+ const uint8_t* pattern;
unsigned length;
int index;
unsigned appId;
ClientSMTPData* const client_data, AppIdSession* flowp,
AppId appId, PegCount *stat_counter)
{
- const u_int8_t* p;
- u_int8_t* v;
- u_int8_t* v_end;
+ const uint8_t* p;
+ uint8_t* v;
+ uint8_t* v_end;
v_end = client_data->version;
v_end += MAX_VERSION_SIZE - 1;
static int IdentifyClientVersion(ClientSMTPData* const fd, const uint8_t* product,
const uint8_t* data_end, AppIdSession* flowp, Packet*)
{
- const u_int8_t* p;
- u_int8_t* v;
- u_int8_t* v_end;
+ const uint8_t* p;
+ uint8_t* v;
+ uint8_t* v_end;
unsigned len;
unsigned sublen;
AppId appId = (fd->flags & CLIENT_FLAG_SMTPS) ? APP_ID_SMTPS : APP_ID_SMTP;
struct Client_App_Pattern
{
- const u_int8_t* pattern;
+ const uint8_t* pattern;
unsigned length;
int index;
unsigned appId;
struct Client_App_Pattern
{
- const u_int8_t* pattern;
+ const uint8_t* pattern;
unsigned length;
int index;
unsigned appId;
struct Client_App_Pattern
{
- const u_int8_t* pattern;
+ const uint8_t* pattern;
unsigned length;
int index;
unsigned appId;
struct Client_App_Pattern
{
- const u_int8_t* pattern;
+ const uint8_t* pattern;
unsigned length;
int index;
unsigned appId;
struct Client_App_Pattern
{
- const u_int8_t* pattern;
+ const uint8_t* pattern;
unsigned length;
int index;
unsigned appId;
return SERVICE_INPROCESS;
}
-static int dns_host_scan_patterns(SearchTool* matcher, const u_int8_t* pattern, size_t size,
+static int dns_host_scan_patterns(SearchTool* matcher, const uint8_t* pattern, size_t size,
AppId* ClientAppId, AppId* payloadId)
{
MatchedDNSPatterns* mp = nullptr;
return 1;
}
-int dns_host_scan_hostname(const u_int8_t* pattern, size_t size, AppId* ClientAppId,
+int dns_host_scan_hostname(const uint8_t* pattern, size_t size, AppId* ClientAppId,
AppId* payloadId, const ServiceDnsConfig* pDnsConfig)
{
return dns_host_scan_patterns(pDnsConfig->dns_host_host_matcher, pattern, size, ClientAppId,
extern struct RNAClientAppModule dns_udp_client_mod;
extern struct RNAClientAppModule dns_tcp_client_mod;
-int dns_host_scan_hostname(const u_int8_t*, size_t, AppId*, AppId*, const ServiceDnsConfig*);
+int dns_host_scan_hostname(const uint8_t*, size_t, AppId*, AppId*, const ServiceDnsConfig*);
void service_dns_host_clean(ServiceDnsConfig* pConfig);
int dns_host_detector_process_patterns(ServiceDnsConfig* pConfig);
int dns_add_host_pattern(uint8_t*, size_t, uint8_t, AppId, ServiceDnsConfig*);
-int geAppidByViaPattern(const u_int8_t*, unsigned, char**, const DetectorHttpConfig*);
+int geAppidByViaPattern(const uint8_t*, unsigned, char**, const DetectorHttpConfig*);
int getHTTPHeaderLocation(const uint8_t*, unsigned, HttpId, int*, int*, HeaderMatchedPatterns*,
const DetectorHttpConfig*);
inline void FreeMatchedCHPActions(MatchedCHPAction* ma)
const DetectorHttpConfig*);
AppId geAppidByContentType(const uint8_t*, int, const DetectorHttpConfig*);
AppId scan_header_x_working_with(const uint8_t*, uint32_t, char**);
-void identifyUserAgent(const u_int8_t*, int, AppId*, AppId*, char**, const DetectorHttpConfig*);
+void identifyUserAgent(const uint8_t*, int, AppId*, AppId*, char**, const DetectorHttpConfig*);
void getServerVendorVersion(const uint8_t*, int, char**, char**, RNAServiceSubtype**);
int webdav_found(HeaderMatchedPatterns*);
int http_detector_finalize(AppIdConfig*);
char* appVersion,
size_t appVersionSize);
-uint32_t parseMultipleHTTPPatterns(const char* pattern, tMlmpPattern* parts, u_int32_t
+uint32_t parseMultipleHTTPPatterns(const char* pattern, tMlmpPattern* parts, uint32_t
numPartLimit, int level);
void destroyHosUrlPatternList(HosUrlPatternsList** pHosUrlPatternsList);
void dump_appid_stats()
{
LogMessage("Application Identification Preprocessor:\n");
- LogMessage(" Total packets received : %lu\n", appid_stats.packets);
- LogMessage(" Total packets processed : %lu\n", appid_stats.processed_packets);
+ LogMessage(" Total packets received : %" PRIu64 "\n", appid_stats.packets);
+ LogMessage(" Total packets processed : %" PRIu64 "\n", appid_stats.processed_packets);
if (thirdparty_appid_module)
thirdparty_appid_module->print_stats();
- LogMessage(" Total packets ignored : %lu\n", appid_stats.ignored_packets);
+ LogMessage(" Total packets ignored : %" PRIu64 "\n", appid_stats.ignored_packets);
AppIdServiceStateDumpStats();
RNAPndDumpLuaStats();
}
}
AppId appId = lua_tointeger(L, index++);
- u_int16_t port = lua_tointeger(L, index++);
- u_int8_t protocol = lua_tointeger(L, index++);
+ uint16_t port = lua_tointeger(L, index++);
+ uint8_t protocol = lua_tointeger(L, index++);
if (port == 0)
ud->pAppidNewConfig->ip_protocol[protocol] = appId;
return 0;
}
- u_int32_t service_id = lua_tointeger(L, index++);
- u_int32_t client_app = lua_tointeger(L, index++);
- /*u_int32_t client_app_type =*/ lua_tointeger(L, index++);
- u_int32_t payload = lua_tointeger(L, index++);
- /*u_int32_t payload_type =*/ lua_tointeger(L, index++);
+ uint32_t service_id = lua_tointeger(L, index++);
+ uint32_t client_app = lua_tointeger(L, index++);
+ /*uint32_t client_app_type =*/ lua_tointeger(L, index++);
+ uint32_t payload = lua_tointeger(L, index++);
+ /*uint32_t payload_type =*/ lua_tointeger(L, index++);
if (ud->validateParams.pkt)
{
/* Verify that host pattern is a valid string */
size_t hostPatternSize = 0;
- u_int8_t* hostPattern = nullptr;
+ uint8_t* hostPattern = nullptr;
tmpString = lua_tolstring(L, index++, &hostPatternSize);
if (!tmpString || !hostPatternSize)
{
return 0;
}
else
- hostPattern = (u_int8_t*)snort_strdup(tmpString);
+ hostPattern = (uint8_t*)snort_strdup(tmpString);
/* Verify that path pattern is a valid string */
size_t pathPatternSize = 0;
- u_int8_t* pathPattern = nullptr;
+ uint8_t* pathPattern = nullptr;
tmpString = lua_tolstring(L, index++, &pathPatternSize);
if (!tmpString || !pathPatternSize )
{
return 0;
}
else
- pathPattern = (u_int8_t*)snort_strdup(tmpString);
+ pathPattern = (uint8_t*)snort_strdup(tmpString);
/* Verify that scheme pattern is a valid string */
size_t schemePatternSize;
- u_int8_t* schemePattern = nullptr;
+ uint8_t* schemePattern = nullptr;
tmpString = lua_tolstring(L, index++, &schemePatternSize);
if (!tmpString || !schemePatternSize )
{
return 0;
}
else
- schemePattern = (u_int8_t*)snort_strdup(tmpString);
+ schemePattern = (uint8_t*)snort_strdup(tmpString);
/* Verify that query pattern is a valid string */
size_t queryPatternSize;
- u_int8_t* queryPattern = nullptr;
+ uint8_t* queryPattern = nullptr;
tmpString = lua_tolstring(L, index++, &queryPatternSize);
if (tmpString && queryPatternSize)
- queryPattern = (u_int8_t*)snort_strdup(tmpString);
+ queryPattern = (uint8_t*)snort_strdup(tmpString);
- u_int32_t appId = lua_tointeger(L, index++);
+ uint32_t appId = lua_tointeger(L, index++);
/* Allocate memory for data structures */
DetectorAppUrlPattern* pattern =
return 0;
}
- u_int32_t service_id = lua_tointeger(L, index++);
- u_int32_t client_app = lua_tointeger(L, index++);
- /*u_int32_t client_app_type =*/ lua_tointeger(L, index++);
- u_int32_t payload = lua_tointeger(L, index++);
- /*u_int32_t payload_type =*/ lua_tointeger(L, index++);
+ uint32_t service_id = lua_tointeger(L, index++);
+ uint32_t client_app = lua_tointeger(L, index++);
+ /*uint32_t client_app_type =*/ lua_tointeger(L, index++);
+ uint32_t payload = lua_tointeger(L, index++);
+ /*uint32_t payload_type =*/ lua_tointeger(L, index++);
if (ud->validateParams.pkt)
{
/* Verify that host pattern is a valid string */
size_t hostPatternSize = 0;
- u_int8_t* hostPattern = nullptr;
+ uint8_t* hostPattern = nullptr;
tmpString = lua_tolstring(L, index++, &hostPatternSize);
// FIXIT-L: recode all this to something elegant since snort_strdup can't fail (just like Rudy)
- if (!tmpString || !hostPatternSize || !(hostPattern = (u_int8_t*)snort_strdup(tmpString)))
+ if (!tmpString || !hostPatternSize || !(hostPattern = (uint8_t*)snort_strdup(tmpString)))
{
ErrorMessage("Invalid host pattern string.");
return 0;
/* Verify that path pattern is a valid string */
size_t pathPatternSize = 0;
- u_int8_t* pathPattern = nullptr;
+ uint8_t* pathPattern = nullptr;
tmpString = lua_tolstring(L, index++, &pathPatternSize);
// FIXIT-L: recode all this to something elegant since snort_strdup can't fail (just like Rudy)
- if (!tmpString || !pathPatternSize || !(pathPattern = (u_int8_t*)snort_strdup(tmpString)))
+ if (!tmpString || !pathPatternSize || !(pathPattern = (uint8_t*)snort_strdup(tmpString)))
{
ErrorMessage("Invalid path pattern string.");
snort_free(hostPattern);
/* Verify that scheme pattern is a valid string */
size_t schemePatternSize;
- u_int8_t* schemePattern = nullptr;
+ uint8_t* schemePattern = nullptr;
tmpString = lua_tolstring(L, index++, &schemePatternSize);
// FIXIT-L: recode all this to something elegant since snort_strdup can't fail (just like Rudy)
- if (!tmpString || !schemePatternSize || !(schemePattern = (u_int8_t*)snort_strdup(tmpString)))
+ if (!tmpString || !schemePatternSize || !(schemePattern = (uint8_t*)snort_strdup(tmpString)))
{
ErrorMessage("Invalid scheme pattern string.");
snort_free(pathPattern);
/* Verify that query pattern is a valid string */
size_t queryPatternSize;
- u_int8_t* queryPattern = nullptr;
+ uint8_t* queryPattern = nullptr;
tmpString = lua_tolstring(L, index++, &queryPatternSize);
if (tmpString && queryPatternSize)
- queryPattern = (u_int8_t*)snort_strdup(tmpString);
+ queryPattern = (uint8_t*)snort_strdup(tmpString);
- u_int32_t appId = lua_tointeger(L, index++);
+ uint32_t appId = lua_tointeger(L, index++);
/* Allocate memory for data structures */
DetectorAppUrlPattern* pattern = (DetectorAppUrlPattern*)snort_calloc(
/* Verify detector user data and that we are not in packet context */
auto& ud = *UserData<Detector>::check(L, DETECTOR, index++);
- u_int32_t client_app = lua_tointeger(L, index++);
+ uint32_t client_app = lua_tointeger(L, index++);
const char* clientVersion = lua_tostring(L, index++);
if (!clientVersion )
{
}
AppIdConfig* pConfig = ud->pAppidNewConfig;
- u_int32_t serviceAppId = lua_tointeger(L, index++);
- u_int32_t clienAppId = lua_tointeger(L, index++);
- u_int32_t payloadAppId = lua_tointeger(L, index++);
+ uint32_t serviceAppId = lua_tointeger(L, index++);
+ uint32_t clienAppId = lua_tointeger(L, index++);
+ uint32_t payloadAppId = lua_tointeger(L, index++);
if (ud->validateParams.pkt)
{
/* Verify that host pattern is a valid string */
size_t hostPatternSize = 0;
- u_int8_t* hostPattern = nullptr;
+ uint8_t* hostPattern = nullptr;
tmpString = lua_tolstring(L, index++, &hostPatternSize);
- if (!tmpString || !hostPatternSize || !(hostPattern = (u_int8_t* )snort_strdup(tmpString)))
+ if (!tmpString || !hostPatternSize || !(hostPattern = (uint8_t* )snort_strdup(tmpString)))
{
ErrorMessage("Invalid host pattern string.");
return 0;
/* Verify that path pattern is a valid string */
size_t pathPatternSize = 0;
- u_int8_t* pathPattern = nullptr;
+ uint8_t* pathPattern = nullptr;
tmpString = lua_tolstring(L, index++, &pathPatternSize);
- if (!tmpString || !pathPatternSize || !(pathPattern = (u_int8_t*)snort_strdup(tmpString)))
+ if (!tmpString || !pathPatternSize || !(pathPattern = (uint8_t*)snort_strdup(tmpString)))
{
ErrorMessage("Invalid path pattern string.");
snort_free(hostPattern);
/* Verify that scheme pattern is a valid string */
size_t schemePatternSize;
- u_int8_t* schemePattern = nullptr;
+ uint8_t* schemePattern = nullptr;
tmpString = lua_tolstring(L, index++, &schemePatternSize);
- if (!tmpString || !schemePatternSize || !(schemePattern = (u_int8_t*)snort_strdup(tmpString)))
+ if (!tmpString || !schemePatternSize || !(schemePattern = (uint8_t*)snort_strdup(tmpString)))
{
ErrorMessage("Invalid scheme pattern string.");
snort_free(pathPattern);
/* Verify detector user data and that we are not in packet context */
auto& ud = *UserData<Detector>::check(L, DETECTOR, index++);
- u_int32_t client_app = lua_tointeger(L, index++);
+ uint32_t client_app = lua_tointeger(L, index++);
const char* clientVersion = lua_tostring(L, index++);
if (!clientVersion )
{
#define LUA_TRACKERS_MAX 10000
#define LUA_TRACKER_AVG_MEM_BYTES 740
-static inline uint32_t calculateLuaTrackerSize(u_int64_t rnaMemory, uint32_t numDetectors)
+static inline uint32_t calculateLuaTrackerSize(uint64_t rnaMemory, uint32_t numDetectors)
{
- u_int64_t detectorMemory = (rnaMemory/8);
+ uint64_t detectorMemory = (rnaMemory/8);
unsigned numTrackers;
if (!numDetectors)
numDetectors = 1;
#include <netdb.h>
-#if defined(FREEBSD) || defined(OPENBSD)
+#if defined(__FreeBSD__) || defined(__OpenBSD__)
#include <rpc/rpc.h>
+#elif defined(__sun)
+#include <rpc/rpcent.h>
#endif
#include "service_api.h"
return false;
}
-static int ssl_scan_patterns(SearchTool* matcher, const u_int8_t* pattern, size_t size,
+static int ssl_scan_patterns(SearchTool* matcher, const uint8_t* pattern, size_t size,
AppId* ClientAppId, AppId* payloadId)
{
MatchedSSLPatterns* mp = nullptr;
return 1;
}
-int ssl_scan_hostname(const u_int8_t* pattern, size_t size, AppId* ClientAppId, AppId* payloadId,
+int ssl_scan_hostname(const uint8_t* pattern, size_t size, AppId* ClientAppId, AppId* payloadId,
ServiceSslConfig* pSslConfig)
{
return ssl_scan_patterns(pSslConfig->ssl_host_matcher, pattern, size, ClientAppId, payloadId);
}
-int ssl_scan_cname(const u_int8_t* pattern, size_t size, AppId* ClientAppId, AppId* payloadId,
+int ssl_scan_cname(const uint8_t* pattern, size_t size, AppId* ClientAppId, AppId* payloadId,
ServiceSslConfig* pSslConfig)
{
return ssl_scan_patterns(pSslConfig->ssl_cname_matcher, pattern, size, ClientAppId, payloadId);
bool isSslServiceAppId(AppId);
void service_ssl_clean(ServiceSslConfig*);
int ssl_detector_process_patterns(ServiceSslConfig*);
-int ssl_scan_hostname(const u_int8_t*, size_t, AppId*, AppId*, ServiceSslConfig*);
-int ssl_scan_cname(const u_int8_t*, size_t, AppId*, AppId*, ServiceSslConfig*);
+int ssl_scan_hostname(const uint8_t*, size_t, AppId*, AppId*, ServiceSslConfig*);
+int ssl_scan_cname(const uint8_t*, size_t, AppId*, AppId*, ServiceSslConfig*);
int ssl_add_cert_pattern(uint8_t*, size_t, uint8_t, AppId, ServiceSslConfig*);
int ssl_add_cname_pattern(uint8_t*, size_t, uint8_t, AppId, ServiceSslConfig*);
void ssl_detector_free_patterns(ServiceSslConfig*);
static int timbuktu_init(const IniServiceAPI* const init_api)
{
init_api->RegisterPattern(&timbuktu_validate, IpProtocol::TCP, (const
- u_int8_t*)TIMBUKTU_BANNER,
+ uint8_t*)TIMBUKTU_BANNER,
sizeof(TIMBUKTU_BANNER)-1, 0, svc_name, init_api->pAppidConfig);
for (unsigned i=0; i < sizeof(appIdRegistry)/sizeof(*appIdRegistry); i++)
{
return;
LogMessage("Arpspoof IPMacEntry List");
- LogMessage(" Size: %ld\n", ipmel.size());
+ LogMessage(" Size: %zu\n", ipmel.size());
for ( auto p : ipmel )
{
#include <string.h>
#include <string>
-using namespace std;
#include "binding.h"
#include "protocols/packet.h"
#include "managers/module_manager.h"
#include "parser/parser.h"
+using namespace std;
+
#define FILE_KEY ".file"
THREAD_LOCAL BindStats bstats;
#include "binder.h"
#include <vector>
-using namespace std;
#include "binding.h"
#include "bind_module.h"
#include "target_based/sftarget_reader.h"
#include "packet_io/active.h"
+using namespace std;
+
THREAD_LOCAL ProfileStats bindPerfStats;
// FIXIT-P these lookups should be optimized when the dust settles
#include "packet_capture.h"
-#include <pcap/pcap.h>
+#include <pcap.h>
#include <sfbpf.h>
#include <string>
#include "catch/catch.hpp"
#endif
+using namespace std;
+
#define FILE_NAME "packet_capture.pcap"
#define SNAP_LEN 65535
-using namespace std;
-
static CaptureConfig config;
static THREAD_LOCAL pcap_t* pcap = nullptr;
#include "utils/util.h"
#endif
-#define BASE_FILE (PERF_NAME ".csv")
-
using namespace std;
+#define BASE_FILE (PERF_NAME ".csv")
+
BaseTracker::BaseTracker(PerfConfig* perf) : PerfTracker(perf,
perf->output == PERF_FILE ? BASE_FILE : nullptr)
{
sys_time.tv_usec = thi->system_time.microseconds;
#else
struct rusage usage;
+#ifdef RUSAGE_LWP
+ getrusage(RUSAGE_LWP, &usage);
+#else
getrusage(RUSAGE_THREAD, &usage);
+#endif
user_time = usage.ru_utime;
sys_time = usage.ru_stime;
#endif
bool SFDAQInstance::set_filter(const char* bpf)
{
int err = 0;
- static mutex bpf_gate;
+ static std::mutex bpf_gate;
// doesn't look like the bpf flex scanner is reentrant
bpf_gate.lock();
#define SFDAQ_H
extern "C" {
-#include <daq.h>
+#include <daq_common.h>
}
#include <string>
#endif
#include <string>
-using namespace std;
#include "main/help.h"
#include "main/snort_module.h"
#include "parser/parser.h"
#include "utils/util.h"
+using namespace std;
+
//-------------------------------------------------------------------------
static void check_flags(SnortConfig* sc)
#include <istream>
#include <sstream>
#include <string>
-using namespace std;
#include "parser.h"
#include "parse_conf.h"
#include "log/messages.h"
#include "managers/ips_manager.h"
+using namespace std;
+
static unsigned chars = 0, tokens = 0;
static unsigned lines = 1, comments = 0;
static unsigned keys = 0, rules = 0;
// Manager State
// -----------------------------------------------------------------------------
-map<PlugType, Api*> plugins;
+
std::map<PlugType, Api*> plugins;
vector<Chunk> chunks;
// -----------------------------------------------------------------------------
const struct Output unit_test_output =
{
[](const std::vector<Chunk>& chunks) -> void
- { printf("Running suite: piglet (%lu tests)\n", chunks.size()); },
+ { printf("Running suite: piglet (%zu tests)\n", chunks.size()); },
[](const Summary& sum) -> void
{
if ( chunks.size() == 1 )
printf("=== PIGLET (1 test)\n");
else
- printf("=== PIGLET (%lu tests)\n", chunks.size());
+ printf("=== PIGLET (%zu tests)\n", chunks.size());
},
[](const Summary& sum) -> void
#include <lua.hpp>
extern "C" {
-#include <daq.h>
+#include <daq_common.h>
}
#include "lua/lua_arg.h"
}
else
{
- uint8_t* b = new uint8_t[sizeof(*pkth) + Codec::PKT_MAX + SPARC_TWIDDLE];
+ uint8_t* b = new uint8_t[sizeof(*pkth) + Codec::PKT_MAX];
pkth = (DAQ_PktHdr_t*)b;
b += sizeof(*pkth);
- b += SPARC_TWIDDLE;
pkt = b;
}
#include <net/if.h>
extern "C" {
-#include <daq.h>
-#include <sfbpf_dlt.h>
+#include <daq_common.h>
}
#include "main/snort_types.h"
PSEUDO_PKT_MAX
};
-/* We must twiddle to align the offset the ethernet header and align
- * the IP header on solaris -- maybe this will work on HPUX too.
- */
-#if defined (SOLARIS) || defined (SUNOS) || defined (__sparc__) || defined(__sparc64__) || \
- defined (HPUX)
-#define SPARC_TWIDDLE 2
-#else
-#define SPARC_TWIDDLE 0
-#endif
-
/* default mpls flags */
#define DEFAULT_MPLS_PAYLOADTYPE MPLS_PAYLOADTYPE_IPV4
#define DEFAULT_LABELCHAIN_LENGTH -1
inline uint16_t extract_16bits(const uint8_t* const p)
{ return ntohs(*(uint16_t*)(p)); }
-#ifdef WORDS_MUSTALIGN
-
-#ifdef __GNUC__
-/* force word-aligned ntohl parameter */
-inline uint32_t extract_32bits(const uint8_t* p)
-{
- uint32_t tmp;
- memmove(&tmp, p, sizeof(uint32_t));
- return ntohl(tmp);
-}
-#endif
-
-#else
-
-/* allows unaligned ntohl parameter - dies w/SIGBUS on SPARCs */
inline uint32_t extract_32bits(const uint8_t* p)
{
assert(p);
return ntohl(*(uint32_t*)p);
}
-#endif
-
inline uint16_t alignedNtohs(const uint16_t* ptr)
{
uint16_t value;
if (ptr == nullptr)
return 0;
-#ifdef WORDS_MUSTALIGN
- value = *((uint8_t*)ptr) << 8 | *((uint8_t*)ptr + 1);
-#else
value = *ptr;
-#endif
#ifdef WORDS_BIGENDIAN
return ((value & 0xff00) >> 8) | ((value & 0x00ff) << 8);
if (ptr == nullptr)
return 0;
-#ifdef WORDS_MUSTALIGN
- value = *((uint8_t*)ptr) << 24 | *((uint8_t*)ptr + 1) << 16 |
- *((uint8_t*)ptr + 2) << 8 | *((uint8_t*)ptr + 3);
-#else
value = *ptr;
-#endif
#ifdef WORDS_BIGENDIAN
return ((value & 0xff000000) >> 24) | ((value & 0x00ff0000) >> 8) |
if (ptr == NULL)
return 0;
-#ifdef WORDS_MUSTALIGN
- value = *((uint8_t*)ptr) << 56 | *((uint8_t*)ptr + 1) << 48 |
- *((uint8_t*)ptr + 2) << 40 | *((uint8_t*)ptr + 3) << 32 |
- *((uint8_t*)ptr + 4) << 24 | *((uint8_t*)ptr + 5) << 16 |
- *((uint8_t*)ptr + 6) << 8 | *((uint8_t*)ptr + 7);
-#else
value = *ptr;
-#endif
#ifdef WORDS_BIGENDIAN
return ((value & 0xff00000000000000) >> 56) | ((value & 0x00ff000000000000) >> 40) |
// - don't include original options
// - inner layer differs from original (eg tcp data segment becomes rst)
// - must ensure proper ttl/hop limit for reverse direction
-// - sparc twiddle must be factored in packet start for transmission
//
// iterate over decoded layers and encode the response packet. actually
// make nested calls. on the way in we setup invariant stuff and as we
if (smb_create_hdr->end_of_file)
{
file_size = alignedNtohq((const uint64_t*)(&(smb_create_hdr->end_of_file)));
- DebugFormat(DEBUG_DCE_SMB, "Get file size %lu!\n", file_size);
+ DebugFormat(DEBUG_DCE_SMB, "Get file size %" PRIu64 "!\n", file_size);
ssd->ftracker.tracker.file.file_size = file_size;
}
if (smb_set_info_hdr->file_info_class == SMB2_FILE_ENDOFFILE_INFO)
{
uint64_t file_size = alignedNtohq((const uint64_t*)file_data);
- DebugFormat(DEBUG_DCE_SMB, "Get file size %lu!\n", file_size);
+ DebugFormat(DEBUG_DCE_SMB, "Get file size %" PRIu64 "!\n", file_size);
ssd->ftracker.tracker.file.file_size = file_size;
uint64_t fileId_persistent = alignedNtohq(&(smb_set_info_hdr->fileId_persistent));
FileContext* file = get_file_context(ssd, fileId_persistent);
Profile profile(dce2_smb_pstat_smb_file);
DebugFormat(DEBUG_DCE_SMB,
- "File size: %lu, File offset: %lu, Bytes processed: %lu, "
+ "File size: %" PRIu64 ", File offset: %" PRIu64 ", Bytes processed: %" PRIu64 ", "
"Data len: %u\n", ftracker->ff_file_size, ftracker->ff_file_offset,
ftracker->ff_bytes_processed, data_len);
}
else if (ftracker->ff_file_offset < ftracker->ff_bytes_processed)
{
- DebugFormat(DEBUG_DCE_SMB, "File offset %lu is "
- "less than bytes processed %lu - aborting.\n",
+ DebugFormat(DEBUG_DCE_SMB, "File offset %" PRIu64 " is "
+ "less than bytes processed %" PRIu64 " - aborting.\n",
ftracker->ff_file_offset, ftracker->ff_bytes_processed);
DCE2_SmbAbortFileAPI(ssd);
|| ((file_data_depth != 0)
&& (ftracker->ff_bytes_processed >= (uint64_t)file_data_depth)))
{
- DebugFormat(DEBUG_DCE_SMB, "Bytes processed %lu "
- "is at or beyond file data depth %lu - finished.\n",
+ DebugFormat(DEBUG_DCE_SMB, "Bytes processed %" PRIu64
+ "is at or beyond file data depth %" PRIi64 " - finished.\n",
ftracker->ff_bytes_processed, file_data_depth);
DCE2_SmbRemoveFileTracker(ssd, ftracker);
if (ptr == nullptr)
return 0;
-#ifdef WORDS_MUSTALIGN
- value = *((uint8_t*)ptr) << 8 | *((uint8_t*)ptr + 1);
-#else
value = *ptr;
-#endif /* WORDS_MUSTALIGN */
if (bo_flag == DCERPC_BO_FLAG__NONE)
return value;
if (ptr == nullptr)
return 0;
-#ifdef WORDS_MUSTALIGN
- value = *((uint8_t*)ptr) << 24 | *((uint8_t*)ptr + 1) << 16 |
- *((uint8_t*)ptr + 2) << 8 | *((uint8_t*)ptr + 3);
-#else
value = *ptr;
-#endif /* WORDS_MUSTALIGN */
if (bo_flag == DCERPC_BO_FLAG__NONE)
return value;
#include "rpc_module.h"
+using namespace std;
+
#define RPC_MAX_BUF_SIZE 256
#define RPC_FRAG_HDR_SIZE sizeof(uint32_t)
#define RPC_FRAG_LEN(ptr) (ntohl(*((uint32_t*)ptr)) & 0x7FFFFFFF)
static THREAD_LOCAL DataBuffer DecodeBuffer;
-using namespace std;
-
struct RpcDecodeConfig
{
int dummy;
msg->cseqNameLen = end - msg->cseqName;
method = SIP_FindMethod (config->methods, msg->cseqName, msg->cseqNameLen);
}
- DebugFormat(DEBUG_SIP, "CSeq number: %lu, CSeqName: %.*s\n",
+ DebugFormat(DEBUG_SIP, "CSeq number: %" PRIu64 ", CSeqName: %.*s\n",
msg->cseqnum, msg->cseqNameLen, msg->cseqName);
if (NULL == method)
#include <string.h>
#include <string>
-using namespace std;
#include "magic.h"
+using namespace std;
+
//-------------------------------------------------------------------------
// wizard module
//-------------------------------------------------------------------------
// wizard.cc author Russ Combs <rucombs@cisco.com>
#include <vector>
-using namespace std;
#include "flow/flow.h"
#include "framework/inspector.h"
#include "magic.h"
#include "wiz_module.h"
+using namespace std;
+
THREAD_LOCAL ProfileStats wizPerfStats;
struct WizStats
{
if ( ipt->family == AF_INET6 )
return sizeof(*ipt);
- return (unsigned int)((ipt->ip8+4) - (u_int8_t*)ipt);
+ return (unsigned int)((ipt->ip8+4) - (uint8_t*)ipt);
}
/* Member-access *******************************************************/
int sfip_ismapped(const sfip_t* ip);
/* Support function for sfip_compare */
-inline SFIP_RET _ip4_cmp(u_int32_t ip1, u_int32_t ip2)
+inline SFIP_RET _ip4_cmp(uint32_t ip1, uint32_t ip2)
{
- u_int32_t hip1 = htonl(ip1);
- u_int32_t hip2 = htonl(ip2);
+ uint32_t hip1 = htonl(ip1);
+ uint32_t hip2 = htonl(ip2);
if (hip1 < hip2)
return SFIP_LESSER;
if (hip1 > hip2)
inline SFIP_RET _ip6_cmp(const sfip_t* ip1, const sfip_t* ip2)
{
SFIP_RET ret;
- const u_int32_t* p1, * p2;
+ const uint32_t* p1, * p2;
/* XXX
* Argument are assumed trusted!
inline int sfip_fast_lt6(const sfip_t* const ip1, const sfip_t* const ip2)
{
- const u_int32_t* p1, * p2;
+ const uint32_t* p1, * p2;
p1 = ip1->ip32;
p2 = ip2->ip32;
inline int sfip_fast_gt6(const sfip_t* const ip1, const sfip_t* const ip2)
{
- const u_int32_t* p1, * p2;
+ const uint32_t* p1, * p2;
p1 = ip1->ip32;
p2 = ip2->ip32;
inline int sfip_fast_eq6(const sfip_t* ip1, const sfip_t* ip2)
{
- const u_int32_t* p1, * p2;
+ const uint32_t* p1, * p2;
p1 = ip1->ip32;
p2 = ip2->ip32;
/* Checks if ip2 is equal to ip1 or contained within the CIDR ip1 */
inline bool sfip_fast_cont4(const sfip_t* ip1, const sfip_t* ip2)
{
- u_int32_t shift = 32 - sfip_bits(ip1);
- u_int32_t ip = ntohl(*ip2->ip32);
+ uint32_t shift = 32 - sfip_bits(ip1);
+ uint32_t ip = ntohl(*ip2->ip32);
ip >>= shift;
ip <<= shift;
/* Checks if ip2 is equal to ip1 or contained within the CIDR ip1 */
inline int sfip_fast_cont6(const sfip_t* ip1, const sfip_t* ip2)
{
- u_int32_t ip;
+ uint32_t ip;
int i, bits = sfip_bits(ip1);
int words = bits / 32;
bits = 32 - (bits % 32);
#include "file_module.h"
#include <string>
-using namespace std;
#include "stream_file.h"
#include "main/snort_config.h"
+using namespace std;
+
//-------------------------------------------------------------------------
// stream_file module
//-------------------------------------------------------------------------
#include "icmp_module.h"
#include <string>
-using namespace std;
#include "stream_icmp.h"
+using namespace std;
+
//-------------------------------------------------------------------------
// stream_icmp module
//-------------------------------------------------------------------------
LogMessage(" Min fragment Length: %d\n",
engine->min_fragment_length);
#ifdef REG_TEST
- LogMessage(" FragTracker Size: %lu\n",sizeof(FragTracker));
+ LogMessage(" FragTracker Size: %zu\n", sizeof(FragTracker));
#endif
}
#include "ip_module.h"
#include <string>
-using namespace std;
#include "stream_ip.h"
#include "ip_defrag.h"
#include "stream/stream.h"
+using namespace std;
+
#define DEFRAG_IPOPTIONS_STR \
"inconsistent IP options on fragmented packets"
// Created on: Jun 24, 2015
#include <iostream>
-using namespace std;
#include "main/snort_debug.h"
#include "stream_tcp_unit_test.h"
#endif
+using namespace std;
+
TcpStateHandler::TcpStateHandler(TcpStreamTracker::TcpState state, TcpStateMachine& tsm)
: tsm(&tsm), tcp_state(state)
{
// Created on: Aug 5, 2015
#include <iostream>
-using namespace std;
#include "tcp_module.h"
#include "tcp_tracker.h"
#include "catch/catch.hpp"
#endif
+using namespace std;
+
TcpStateCloseWait::TcpStateCloseWait(TcpStateMachine& tsm) :
TcpStateHandler(TcpStreamTracker::TCP_CLOSE_WAIT, tsm)
{
// Created on: Aug 5, 2015
#include <iostream>
-using namespace std;
#include "tcp_module.h"
#include "tcp_tracker.h"
#include "catch/catch.hpp"
#endif
+using namespace std;
+
TcpStateClosing::TcpStateClosing(TcpStateMachine& tsm) :
TcpStateHandler(TcpStreamTracker::TCP_CLOSING, tsm)
{
// Created on: Aug 5, 2015
#include <iostream>
-using namespace std;
#include "tcp_module.h"
#include "tcp_tracker.h"
#include "catch/catch.hpp"
#endif
+using namespace std;
+
TcpStateFinWait1::TcpStateFinWait1(TcpStateMachine& tsm) :
TcpStateHandler(TcpStreamTracker::TCP_FIN_WAIT1, tsm)
{
// Created on: Aug 5, 2015
#include <iostream>
-using namespace std;
#include "tcp_module.h"
#include "tcp_tracker.h"
#include "catch/catch.hpp"
#endif
+using namespace std;
+
TcpStateFinWait2::TcpStateFinWait2(TcpStateMachine& tsm) :
TcpStateHandler(TcpStreamTracker::TCP_FIN_WAIT2, tsm)
{
// Created on: Aug 5, 2015
#include <iostream>
-using namespace std;
#include "tcp_module.h"
#include "tcp_tracker.h"
#include "catch/catch.hpp"
#endif
+using namespace std;
+
TcpStateLastAck::TcpStateLastAck(TcpStateMachine& tsm) :
TcpStateHandler(TcpStreamTracker::TCP_LAST_ACK, tsm)
{
// Created on: Aug 5, 2015
#include <iostream>
-using namespace std;
#include "tcp_module.h"
#include "tcp_tracker.h"
#include "tcp_normalizer.h"
#include "tcp_state_syn_recv.h"
+using namespace std;
+
TcpStateSynRecv::TcpStateSynRecv(TcpStateMachine& tsm) :
TcpStateHandler(TcpStreamTracker::TCP_SYN_RECV, tsm)
{
// Created on: Aug 5, 2015
#include <iostream>
-using namespace std;
#include "tcp_module.h"
#include "tcp_tracker.h"
#include "catch/catch.hpp"
#endif
+using namespace std;
+
TcpStateSynSent::TcpStateSynSent(TcpStateMachine& tsm) :
TcpStateHandler(TcpStreamTracker::TCP_SYN_SENT, tsm)
{
// Created on: Aug 5, 2015
#include <iostream>
-using namespace std;
#include "tcp_module.h"
#include "tcp_tracker.h"
#include "catch/catch.hpp"
#endif
+using namespace std;
+
TcpStateTimeWait::TcpStateTimeWait(TcpStateMachine& tsm) :
TcpStateHandler(TcpStreamTracker::TCP_TIME_WAIT, tsm)
{
LogMessage(" Ignore Any -> Any Rules: %s\n", opt);
#ifdef REG_TEST
- LogMessage(" UDP Session Size: %lu\n",sizeof(UdpSession));
+ LogMessage(" UDP Session Size: %zu\n", sizeof(UdpSession));
#endif
}
#include "udp_module.h"
#include <string>
-using namespace std;
#include "stream_udp.h"
+using namespace std;
+
//-------------------------------------------------------------------------
// stream_udp module
//-------------------------------------------------------------------------
#include "user_module.h"
#include <string>
-using namespace std;
#include "stream_user.h"
#include "main/snort_config.h"
+using namespace std;
+
//-------------------------------------------------------------------------
// stream_user module
//-------------------------------------------------------------------------
#include <algorithm>
#include <string>
#include <vector>
-using namespace std;
#include "hash/sfghash.h"
#include "main/snort_debug.h"
#include "sftarget_hostentry.h"
#include "sftarget_data.h"
+using namespace std;
+
struct SFTargetProtocolReference
{
char name[SFAT_BUFSZ];
#include <fstream>
#include <sstream>
-#ifdef LINUX
+#if defined(__linux__)
#include <sys/syscall.h>
#endif
inline pid_t gettid()
{
-#if defined(LINUX) && defined(SYS_gettid)
+#if defined(__linux__) && defined(SYS_gettid)
return syscall(SYS_gettid);
#else
return getpid();
projects / thirdparty / snort3.git / commitdiff
