From: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Fri, 12 Apr 2024 18:27:27 +0000 (+0000)
Subject: Pull request #4264: anaylzer, framework: add a data bus method to publish to all... 
X-Git-Tag: 3.2.1.0~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2aa27e86f10c5791aac812f67ea6465a8ced9fb3;p=thirdparty%2Fsnort3.git

Pull request #4264: anaylzer, framework: add a data bus method to publish to all network policies and use it for idle

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:idle_event to master

Squashed commit of the following:

commit bd6b74533e1b6880a21fcdcc70d2464505360d1d
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Mar 29 09:35:52 2024 -0400

    anaylzer, framework: add a data bus method to publish to all network policies and use it for idle
---

diff --git a/src/framework/data_bus.cc b/src/framework/data_bus.cc
index 5ece4d881..ab9159617 100644
--- a/src/framework/data_bus.cc
+++ b/src/framework/data_bus.cc
@@ -186,6 +186,31 @@ void DataBus::publish(unsigned pid, unsigned eid, Packet* p, Flow* f)
     publish(pid, eid, e, f);
 }
 
+void DataBus::publish_to_all_network_policies(unsigned pub_id, unsigned evt_id)
+{
+    BareDataEvent e;
+
+    const SnortConfig* sc = SnortConfig::get_conf();
+    sc->global_dbus->_publish(pub_id, evt_id, e, nullptr);
+
+    NetworkPolicy* current_np = get_network_policy();
+    InspectionPolicy* current_ip = get_inspection_policy();
+
+    for ( unsigned nidx = 0; nidx < sc->policy_map->network_policy_count(); ++nidx )
+    {
+        NetworkPolicy* np = sc->policy_map->get_network_policy(nidx);
+        assert(np);
+        set_network_policy(np);
+        InspectionPolicy* ip = np->get_inspection_policy(0);
+        assert(ip);
+        set_inspection_policy(ip);
+        np->dbus._publish(pub_id, evt_id, e, nullptr);
+        ip->dbus._publish(pub_id, evt_id, e, nullptr);
+    }
+    set_inspection_policy(current_ip);
+    set_network_policy(current_np);
+}
+
 //--------------------------------------------------------------------------
 // private methods
 //--------------------------------------------------------------------------
diff --git a/src/framework/data_bus.h b/src/framework/data_bus.h
index 1491e9906..6f27e4a65 100644
--- a/src/framework/data_bus.h
+++ b/src/framework/data_bus.h
@@ -124,6 +124,7 @@ public:
     // convenience methods
     static void publish(unsigned pub_id, unsigned evt_id, const uint8_t*, unsigned, Flow* = nullptr);
     static void publish(unsigned pub_id, unsigned evt_id, Packet*, Flow* = nullptr);
+    static void publish_to_all_network_policies(unsigned pub_id, unsigned evt_id);
 
 private:
     void _subscribe(unsigned pub_id, unsigned evt_id, DataHandler*);
diff --git a/src/framework/test/data_bus_test.cc b/src/framework/test/data_bus_test.cc
index a747206c9..f96789303 100644
--- a/src/framework/test/data_bus_test.cc
+++ b/src/framework/test/data_bus_test.cc
@@ -68,6 +68,10 @@ InspectionPolicy* get_inspection_policy()
         (InspectionPolicy*)mock().getData("my_inspection_policy").getObjectPointer();
     return my_inspection_policy;
 }
+void set_network_policy(NetworkPolicy*)
+{ }
+void set_inspection_policy(InspectionPolicy*)
+{ }
 
 THREAD_LOCAL PacketCount pc;
 }
diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc
index 061933477..7a951acd8 100644
--- a/src/main/analyzer.cc
+++ b/src/main/analyzer.cc
@@ -591,7 +591,7 @@ void Analyzer::idle()
     timeradd(&now, &increment, &now);
     packet_time_update(&now);
 
-    DataBus::publish(intrinsic_pub_id, IntrinsicEventIds::THREAD_IDLE, nullptr);
+    DataBus::publish_to_all_network_policies(intrinsic_pub_id, IntrinsicEventIds::THREAD_IDLE);
 
     // Service the retry queue with the new packet time.
     process_retry_queue();
diff --git a/src/main/test/distill_verdict_stubs.h b/src/main/test/distill_verdict_stubs.h
index 8ef8fae1c..5613c64c0 100644
--- a/src/main/test/distill_verdict_stubs.h
+++ b/src/main/test/distill_verdict_stubs.h
@@ -144,6 +144,7 @@ Packet::~Packet()  = default;
 IpsPolicy* get_ips_policy() { return nullptr; }
 void DataBus::publish(unsigned, unsigned, Packet*, Flow*) { }
 void DataBus::publish(unsigned, unsigned, DataEvent&, Flow*) { }
+void DataBus::publish_to_all_network_policies(unsigned int, unsigned int) { }
 SFDAQInstance::SFDAQInstance(const char*, unsigned, const SFDAQConfig*) { }
 SFDAQInstance::~SFDAQInstance() = default;
 void SFDAQInstance::reload() { }
diff --git a/src/network_inspectors/rna/rna_event_handler.cc b/src/network_inspectors/rna/rna_event_handler.cc
index f720f8881..c109b6313 100644
--- a/src/network_inspectors/rna/rna_event_handler.cc
+++ b/src/network_inspectors/rna/rna_event_handler.cc
@@ -118,12 +118,11 @@ void RnaUdpNewFlowEventHandler::handle(DataEvent& event, Flow*)
     pnd.analyze_flow_udp(event.get_packet());
 }
 
-void RnaIdleEventHandler::handle(DataEvent& event, Flow*)
+void RnaIdleEventHandler::handle(DataEvent&, Flow*)
 {
     // cppcheck-suppress unreadVariable
     Profile profile(rna_perf_stats);
     ++rna_stats.change_host_update;
-    update_rna_pkt_stats(event);
     pnd.generate_change_host_update();
 }