From: Russ Combs (rucombs) Date: Sat, 28 Mar 2020 00:10:29 +0000 (+0000) Subject: Merge pull request #2095 in SNORT/snort3 from ~RUCOMBS/snort3:fixit_h to master X-Git-Tag: 3.0.1-1~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=827988d8ba7bccb5b85ed61033059449383d1d83;p=thirdparty%2Fsnort3.git Merge pull request #2095 in SNORT/snort3 from ~RUCOMBS/snort3:fixit_h to master Squashed commit of the following: commit 0ebc66453a734219078df3fd286d01dd63fa8474 Author: Russ Combs Date: Sun Mar 22 13:22:33 2020 -0400 doc: add FIXIT-E description commit fb12eb5b0cbdc6976de6a27bb13866085969a0e2 Author: Russ Combs Date: Sun Mar 22 13:04:12 2020 -0400 src: udpate high priority "to be fixed" comments (FIXIT-H) --- diff --git a/doc/style.txt b/doc/style.txt index 6113b4f52..956ea6854 100644 --- a/doc/style.txt +++ b/doc/style.txt @@ -94,10 +94,18 @@ yet firm so feedback is welcome to get something we can live with. day or even just a minute. That way we can find them easily and won't lose track of them. -* Presently using FIXIT-X where X = A | W | P | H | M | L | D, indicating - analysis, warning, perf, high, med, low priority, or deprecated. Place A and - W comments on the exact warning line so we can match up comments and build - output. Supporting comments can be added above. +* Presently using FIXIT-X where X is one of the characters below. Place A + and W comments on the exact warning line so we can match up comments and + build output. Supporting comments can be added above. + + * A = known static analysis issue + * D = deprecated - code to be removed after users update + * E = enhancement - next steps for incomplete features (not a bug) + * H = high priority - urgent deficiency + * L = low priority - cleanup or similar technical debt (not a bug) + * M = medium priority - suspected non-urgent deficiency + * P = performance issue (not a bug) + * W = warning - known compiler warning * Put the copyright(s) and license in a comment block at the top of each source file (.h and .cc). Don't bother with trivial scripts and make diff --git a/src/codecs/ip/cd_ipv4.cc b/src/codecs/ip/cd_ipv4.cc index a4f2b1835..bc96a6e09 100644 --- a/src/codecs/ip/cd_ipv4.cc +++ b/src/codecs/ip/cd_ipv4.cc @@ -341,7 +341,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) /* if this packet isn't a fragment * or if it is, its a UDP packet and offset is 0 */ if (!(snort.decode_flags & DECODE_FRAG) /*|| - ((frag_off == 0) && // FIXIT-H this forces flow to udp instead of ip + ((frag_off == 0) && // FIXIT-M this forces flow to udp instead of ip (iph->proto() == IpProtocol::UDP))*/) { if (to_utype(iph->proto()) >= to_utype(ProtocolId::MIN_UNASSIGNED_IP_PROTO)) diff --git a/src/codecs/ip/cd_ipv6.cc b/src/codecs/ip/cd_ipv6.cc index 4c8fb8af5..4aac146c5 100644 --- a/src/codecs/ip/cd_ipv6.cc +++ b/src/codecs/ip/cd_ipv6.cc @@ -622,7 +622,6 @@ void Ipv6Codec::update(const ip::IpApi&, const EncodeFlags flags, // in such case we do not modify the packet length. if ( (flags & UPD_MODIFIED) && !(flags & UPD_RESIZED) ) { - // FIXIT-H this worked in Snort. In Snort++, will this be accurate? updated_len = ntohs(h->ip6_payload_len) + ip::IP6_HEADER_LEN; } else diff --git a/src/codecs/ip/cd_no_next.cc b/src/codecs/ip/cd_no_next.cc index 52d6d5a7c..de1ef8b8f 100644 --- a/src/codecs/ip/cd_no_next.cc +++ b/src/codecs/ip/cd_no_next.cc @@ -55,8 +55,10 @@ bool Ipv6NoNextCodec::decode(const RawData& raw, CodecData& codec, DecodeData&) return false; } - // FIXIT-H what if the packet's data is non-zero? For example, some - // regression pcaps have the following: eth:ipv4:nonext:data + // FIXIT-M what if the packet's data is non-zero? For example, some + // regression pcaps have the following: eth:ipv4:nonext:data. + // We should raise an alert, optionally normalize / trim, and if we + // don't trim, support detection on the data. // The size of this packet's data should be zero. So, set this layer's // length and the packet's remaining length to the same number. diff --git a/src/codecs/misc/cd_icmp6_ip.cc b/src/codecs/misc/cd_icmp6_ip.cc index 8c2b8063c..abe6674ce 100644 --- a/src/codecs/misc/cd_icmp6_ip.cc +++ b/src/codecs/misc/cd_icmp6_ip.cc @@ -92,7 +92,7 @@ bool Icmp6IpCodec::decode(const RawData& raw, CodecData& codec, DecodeData&) // this case because I don't want this going to the TCP, UDP, or // ICMP codec. Therefore, doing a minor decode here. - // FIXIT-H will fail to decode Ipv6 options + // FIXIT-M will fail to decode Ipv6 options switch (ip6h->next()) { case IpProtocol::TCP: /* decode the interesting part of the header */ @@ -103,7 +103,7 @@ bool Icmp6IpCodec::decode(const RawData& raw, CodecData& codec, DecodeData&) codec.proto_bits |= PROTO_BIT__UDP_EMBED_ICMP; break; - // FIXIT-H do we need to handle ICMPV6 here? + // FIXIT-M do we need to handle ICMPV6 here? case IpProtocol::ICMPV4: codec.proto_bits |= PROTO_BIT__ICMP_EMBED_ICMP; break; diff --git a/src/detection/context_switcher.h b/src/detection/context_switcher.h index 4b78f9cf6..170f78add 100644 --- a/src/detection/context_switcher.h +++ b/src/detection/context_switcher.h @@ -51,7 +51,7 @@ class IpsContext; class IpsContextData; } -// FIXIT-H add the hold to catch offloads that don't return +// FIXIT-E add the hold to catch offloads that don't return class ContextSwitcher { public: diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc index b7c92151d..e02c61efd 100644 --- a/src/detection/detection_engine.cc +++ b/src/detection/detection_engine.cc @@ -118,7 +118,7 @@ DetectionEngine::~DetectionEngine() void DetectionEngine::reset() { IpsContext* c = Analyzer::get_switcher()->get_context(); - c->alt_data.len = 0; // FIXIT-H need context::reset() + c->alt_data.len = 0; // FIXIT-L need context::reset() } IpsContext* DetectionEngine::get_context() @@ -584,7 +584,7 @@ bool DetectionEngine::inspect(Packet* p) else { enable_content(p); - p->alt_dsize = 0; // FIXIT-H should be redundant + p->alt_dsize = 0; // FIXIT-M should be redundant InspectorManager::execute(p); inspected = true; diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc index 21135de0c..95676a004 100644 --- a/src/detection/fp_detect.cc +++ b/src/detection/fp_detect.cc @@ -895,7 +895,6 @@ static inline int search_buffer( // Depending on where we are searching we call the appropriate mpse if ( MpseGroup* so = pg->mpsegrp[pmt] ) { - // FIXIT-H DELETE ME done - get the context packet number debug_logf(detection_trace, TRACE_FP_SEARCH, "%" PRIu64 " fp %s.%s[%d]\n", p->context->packet_number, gadget->get_name(), pm_type_strings[pmt], buf.len); @@ -980,7 +979,7 @@ static inline void eval_fp( { int8_t curr_ip_layer = 0; - tmp_payload = p->data; // FIXIT-H restore even with offload + tmp_payload = p->data; // FIXIT-M restore even with offload tmp_dsize = p->dsize; if (layer::set_outer_ip_api(p, p->ptrs.ip_api, curr_ip_layer)) diff --git a/src/detection/fp_utils.cc b/src/detection/fp_utils.cc index a2b57e070..8945147c6 100644 --- a/src/detection/fp_utils.cc +++ b/src/detection/fp_utils.cc @@ -252,7 +252,7 @@ FpSelector::FpSelector(CursorActionType c, PatternMatchData* p) cat = c; pmd = p; - // FIXIT-H unconditional trim is bad mkay? see fpGetFinalPattern + // FIXIT-M unconditional trim is bad mkay? see fpGetFinalPattern size = flp_trim(pmd->pattern_buf, pmd->pattern_size, nullptr); } diff --git a/src/detection/regex_offload.cc b/src/detection/regex_offload.cc index 94ba3702d..2c0ba8201 100644 --- a/src/detection/regex_offload.cc +++ b/src/detection/regex_offload.cc @@ -124,7 +124,7 @@ void MpseRegexOffload::put(Packet* p) assert(p->context->searches.items.size() > 0); RegexRequest* req = idle.front(); - idle.pop_front(); // FIXIT-H use splice to move instead + idle.pop_front(); busy.emplace_back(req); // Because a list is a doubly linked list we can store the iterator @@ -217,7 +217,7 @@ void ThreadRegexOffload::put(Packet* p) assert(p->context->searches.items.size() > 0); RegexRequest* req = idle.front(); - idle.pop_front(); // FIXIT-H use splice to move instead + idle.pop_front(); busy.emplace_back(req); p->context->regex_req_it = std::prev(busy.end()); diff --git a/src/host_tracker/host_tracker_module.h b/src/host_tracker/host_tracker_module.h index 2b2b25691..e3d1a3c79 100644 --- a/src/host_tracker/host_tracker_module.h +++ b/src/host_tracker/host_tracker_module.h @@ -23,7 +23,7 @@ // Loads host configuration data. -// FIXIT-H temporarily create new HostTracker module to test new +// FIXIT-M temporarily create new HostTracker module to test new // HostTracker object. May eventually replace old Hosts module with this // one. diff --git a/src/ips_options/ips_hash.cc b/src/ips_options/ips_hash.cc index b3b6f741a..1023b1795 100644 --- a/src/ips_options/ips_hash.cc +++ b/src/ips_options/ips_hash.cc @@ -165,8 +165,6 @@ int HashOption::match(Cursor& c) pos += offset; } - // FIXIT-H should fail if offset is out of bounds - // same for content and possibly others too if ( pos < 0 ) pos = 0; diff --git a/src/loggers/unified2.cc b/src/loggers/unified2.cc index 808175c94..29cbee71d 100644 --- a/src/loggers/unified2.cc +++ b/src/loggers/unified2.cc @@ -166,7 +166,7 @@ static void alert_event(Packet* p, const char*, Unified2Config* config, const Ev Unified2Event u2_event; memset(&u2_event, 0, sizeof(u2_event)); - u2_event.snort_id = 0; // FIXIT-H define / use + u2_event.snort_id = 0; // FIXIT-H alert_event define / use u2_event.event_id = htonl(event->event_id); u2_event.event_second = htonl(event->ref_time.tv_sec); diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc index a2023e745..9197b51ac 100644 --- a/src/main/analyzer.cc +++ b/src/main/analyzer.cc @@ -571,7 +571,7 @@ void Analyzer::idle() void Analyzer::init_unprivileged() { // using dummy values until further integration - // FIXIT-H max_contexts must be <= DAQ msg pool to avoid permanent stall + // FIXIT-M max_contexts must be <= DAQ msg pool to avoid permanent stall (offload only) // condition (polling for packets that won't come to resume ready suspends) #ifdef REG_TEST const unsigned max_contexts = 20; diff --git a/src/main/snort_config.h b/src/main/snort_config.h index 7bf773e7a..f69d1e0d5 100644 --- a/src/main/snort_config.h +++ b/src/main/snort_config.h @@ -214,7 +214,7 @@ public: //------------------------------------------------------ // output module stuff #ifdef REG_TEST - // FIXIT-H builtin modules should set SnortConfig defaults instead + // FIXIT-M builtin modules should set SnortConfig defaults instead uint32_t output_flags = OUTPUT_FLAG__WIDE_HEX; #else uint32_t output_flags = 0; diff --git a/src/managers/ips_manager.cc b/src/managers/ips_manager.cc index 089432347..c69c62ae4 100644 --- a/src/managers/ips_manager.cc +++ b/src/managers/ips_manager.cc @@ -210,7 +210,7 @@ bool IpsManager::option_begin( return false; } - // FIXIT-H allow service too + // FIXIT-M allow service too //if ( opt->api->protos && !(proto & opt->api->protos) ) //{ // ParseError("%s not allowed with given rule protocol", opt->api->base.name); diff --git a/src/network_inspectors/appid/appid_debug.cc b/src/network_inspectors/appid/appid_debug.cc index f0f6a9129..f3a92007a 100644 --- a/src/network_inspectors/appid/appid_debug.cc +++ b/src/network_inspectors/appid/appid_debug.cc @@ -111,7 +111,7 @@ void AppIdDebug::activate(const Flow *flow, const AppIdSession* session, bool lo } const FlowKey* key = flow->key; - // FIXIT-H FlowKey does not yet support different address families for src and dst IPs + // FIXIT-E FlowKey does not yet support different address families for src and dst IPs // (e.g., IPv4 src and IPv6 dst, or vice-versa). Once it is supported, we need to pass // two key->version here to create the proper debug_session string. activate(key->ip_l, key->ip_h, key->port_l, key->port_h, (IpProtocol)(key->ip_protocol), diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index d45b09f31..79ca46af3 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -432,7 +432,7 @@ bool AppIdDiscovery::handle_unmonitored_session(AppIdSession* asd, const Packet* port = (dir == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp; } - // FIXIT-H - Creating AppId session even when flow is ignored (not monitored, e.g., + // FIXIT-E - Creating AppId session even when flow is ignored (not monitored, e.g., // when AppId discovery is disabled) will consume a lot of unneeded memory and perform // unneeded tasks in constructor. Snort2 uses static APPID_SESSION_STRUCT_FLAG ignore_fsf. // Snort3 may use something like that or a dummy class/object having only common.flow_type diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc index ce6ba0c8d..54e0afdb7 100644 --- a/src/network_inspectors/appid/appid_http_session.cc +++ b/src/network_inspectors/appid/appid_http_session.cc @@ -757,7 +757,7 @@ int AppIdHttpSession::process_http_packet(AppidSessionDirection direction, return 0; } -// FIXIT-H - Implement this function when (reconfigurable) XFF is supported. +// FIXIT-E - Implement this function when (reconfigurable) XFF is supported. void AppIdHttpSession::update_http_xff_address(struct XffFieldValue* xff_fields, uint32_t numXffFields, AppidChangeBits& change_bits) { diff --git a/src/network_inspectors/appid/detector_plugins/detector_sip.cc b/src/network_inspectors/appid/detector_plugins/detector_sip.cc index 3f8a6be45..79c06544a 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_sip.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_sip.cc @@ -179,9 +179,9 @@ struct ServiceSIPData void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, const SfIp* cliIp, uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol protocol, int16_t app_id) { - // FIXIT-RC: Passing app_id instead of SnortProtocolId to - // create_future_session is incorrect. We need to look up - // snort_protocol_id. + // FIXIT-E: Passing app_id instead of SnortProtocolId to + // create_future_session is incorrect. We need to look up + // snort_protocol_id. AppIdSession* fp = AppIdSession::create_future_session( pkt, cliIp, cliPort, srvIp, srvPort, protocol, app_id, @@ -193,7 +193,7 @@ void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, con fp->payload.set_id(asd.payload.get_id()); fp->service.set_id(APP_ID_RTP, asd.ctxt.get_odp_ctxt()); - // FIXIT-H : snort 2.9.x updated the flag to APPID_SESSION_EXPECTED_EVALUATE. + // FIXIT-M : snort 2.9.x updated the flag to APPID_SESSION_EXPECTED_EVALUATE. // Check if it is needed here as well. //initialize_expected_session(asd, fp, APPID_SESSION_EXPECTED_EVALUATE); @@ -213,7 +213,7 @@ void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, con fp2->payload.set_id(asd.payload.get_id()); fp2->service.set_id(APP_ID_RTCP, asd.ctxt.get_odp_ctxt()); - // FIXIT-H : same comment as above + // FIXIT-M : same comment as above //initialize_expected_session(asd, fp2, APPID_SESSION_EXPECTED_EVALUATE); initialize_expected_session( diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 4d89c51c1..7911089b7 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -2805,11 +2805,11 @@ LuaServiceObject::LuaServiceObject(AppIdDiscovery* sdm, const std::string& detec lua_pushvalue(L, -1); - // FIXIT-M: RELOAD - go back to using lua reference + // FIXIT-E: RELOAD - go back to using lua reference // instead of using a string for lookups // lsd.detector_user_data_ref = luaL_ref(L, LUA_REGISTRYINDEX); - // FIXIT-H: The control and thread states have the same initialization + // FIXIT-E: The control and thread states have the same initialization // sequence, the stack index shouldn't change between the states, maybe // use a common index for a detector between all the states std::string name = detector_name + "_"; @@ -2876,11 +2876,11 @@ LuaClientObject::LuaClientObject(const std::string& detector_name, lua_pushvalue(L, -1); - // FIXIT-M: RELOAD - go back to using lua reference + // FIXIT-E: RELOAD - go back to using lua reference // instead of using a string for lookups // lsd.detector_user_data_ref = luaL_ref(L, LUA_REGISTRYINDEX); - // FIXIT-H: The control and thread states have the same initialization + // FIXIT-E: The control and thread states have the same initialization // sequence, the stack index shouldn't change between the states, maybe // use a common index for a detector between all the states std::string name = detector_name + "_"; diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc index 7e6647b56..b31553d0f 100644 --- a/src/network_inspectors/appid/service_plugins/service_ssl.cc +++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc @@ -815,7 +815,7 @@ bool setSSLSquelch(Packet* p, int type, AppId appId, OdpContext& odp_ctxt) const SfIp* dip = p->ptrs.ip_api.get_dst(); const SfIp* sip = p->ptrs.ip_api.get_src(); - /* FIXIT-H: Passing appId to create_future_session() is incorrect. We + /* FIXIT-E: Passing appId to create_future_session() is incorrect. We need to pass the snort_protocol_id associated with appId. */ AppIdSession* asd = AppIdSession::create_future_session(p, sip, 0, dip, p->ptrs.dp, IpProtocol::TCP, appId, 0); diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc index e5d6f852e..ff19dcf8a 100644 --- a/src/network_inspectors/appid/test/appid_api_test.cc +++ b/src/network_inspectors/appid/test/appid_api_test.cc @@ -143,7 +143,7 @@ TEST(appid_api, produce_ha_state) ip.pton(AF_INET, "192.168.1.222"); val = appid_api.consume_ha_state(*flow, (uint8_t*)&appHA, 0, IpProtocol::TCP, &ip, 1066); CHECK_TRUE(val == sizeof(appHA)); - //FIXIT-H refactor below code to test AppId consume functionality + // FIXIT-E refactor below code to test AppId consume functionality /* AppIdSession* session = (AppIdSession*)flow->get_flow_data(AppIdSession::inspector_id); CHECK_TRUE(session); @@ -165,7 +165,7 @@ TEST(appid_api, produce_ha_state) mock_flow_data= nullptr; val = appid_api.consume_ha_state(*flow, (uint8_t*)&appHA, 0, IpProtocol::TCP, &ip, 1066); CHECK_TRUE(val == sizeof(appHA)); - //FIXIT-H refactor below code to test AppId consume functionality + // FIXIT-E refactor below code to test AppId consume functionality /* session = (AppIdSession*)flow->get_flow_data(AppIdSession::inspector_id); CHECK_TRUE(session); diff --git a/src/network_inspectors/port_scan/ps_detect.cc b/src/network_inspectors/port_scan/ps_detect.cc index 693bb7a9f..3335bb399 100644 --- a/src/network_inspectors/port_scan/ps_detect.cc +++ b/src/network_inspectors/port_scan/ps_detect.cc @@ -599,7 +599,7 @@ void PortScan::ps_tracker_update_tcp(PS_PKT* ps_pkt, PS_TRACKER* scanner, ** picked up midstream, then we don't care about the MIDSTREAM flag. ** Otherwise, only consider streams not picked up midstream. */ - // FIXIT-H using SSNFLAG_COUNTED_INITIALIZE is a hack to get parity with 2.X + // FIXIT-E using SSNFLAG_COUNTED_INITIALIZE is a hack to get parity with 2.X // this should be completely redone and port_scan should require stream_tcp if ( p->flow and (p->flow->ssn_state.session_flags & SSNFLAG_COUNTED_INITIALIZE) ) { diff --git a/src/parser/parse_rule.cc b/src/parser/parse_rule.cc index 46de30591..011afb993 100644 --- a/src/parser/parse_rule.cc +++ b/src/parser/parse_rule.cc @@ -1079,7 +1079,8 @@ static void parse_rule_state(SnortConfig* sc, const RuleTreeNode& rtn, OptTreeNo RuleKey key = { otn->sigInfo.gid, otn->sigInfo.sid }; RuleState state = { - snort::get_ips_policy()->policy_id, // FIXIT-H need parsing policy for reload + // FIXIT-H parse_rule_state needs parsing policy for reload + snort::get_ips_policy()->policy_id, rtn.action, otn->enable }; diff --git a/src/parser/parser.cc b/src/parser/parser.cc index 964d3bb17..a05eb3bda 100644 --- a/src/parser/parser.cc +++ b/src/parser/parser.cc @@ -549,7 +549,7 @@ void OrderRuleLists(SnortConfig* sc) const char* order = sc->rule_order.c_str(); if ( !*order ) - order = "pass drop alert log"; // FIXIT-H apply builtin module defaults + order = "pass drop alert log"; // FIXIT-M apply builtin module defaults std::stringstream ss(order); std::string tok; diff --git a/src/piglet_plugins/pp_inspector_iface.cc b/src/piglet_plugins/pp_inspector_iface.cc index 854cba5ef..1c8bd85a4 100644 --- a/src/piglet_plugins/pp_inspector_iface.cc +++ b/src/piglet_plugins/pp_inspector_iface.cc @@ -33,7 +33,7 @@ using namespace snort; -// FIXIT-H needs to be updated for addition of get_fp_buf() +// FIXIT-M needs to be updated for addition of get_fp_buf() template static inline bool get_buf( Inspector& i, T v, Packet& p, std::string& rb) diff --git a/src/piglet_plugins/pp_raw_buffer_iface.cc b/src/piglet_plugins/pp_raw_buffer_iface.cc index 7da02a40b..eafea7c37 100644 --- a/src/piglet_plugins/pp_raw_buffer_iface.cc +++ b/src/piglet_plugins/pp_raw_buffer_iface.cc @@ -25,7 +25,7 @@ #include "lua/lua_arg.h" -// FIXIT-H a lot of users keep references to this data. Need to prevent +// FIXIT-M a lot of users keep references to this data. Need to prevent // Lua's garbage collection from destroying RawBuffer while other C++ types // are using the data (unbeknownst to Lua). Add a container data type // which hold ref counts to RawBuffer and only frees when the ref count is diff --git a/src/protocols/ip.cc b/src/protocols/ip.cc index 4018fa12d..03907d30b 100644 --- a/src/protocols/ip.cc +++ b/src/protocols/ip.cc @@ -161,12 +161,12 @@ uint8_t IpApi::ver() const return 0; } +// FIXIT-H is this really supposed to be a shallow compare? bool operator==(const IpApi& lhs, const IpApi& rhs) { if ( lhs.type != rhs.type ) return false; - // FIXIT-H is this really supposed to be a shallow compare? return ( lhs.iph == rhs.iph ); } diff --git a/src/service_inspectors/http2_inspect/http2_frame.cc b/src/service_inspectors/http2_inspect/http2_frame.cc index a36ac5d08..f5a331e11 100644 --- a/src/service_inspectors/http2_inspect/http2_frame.cc +++ b/src/service_inspectors/http2_inspect/http2_frame.cc @@ -49,7 +49,7 @@ Http2Frame::Http2Frame(const uint8_t* header_buffer, const int32_t header_len, Http2Frame* Http2Frame::new_frame(const uint8_t* header, const int32_t header_len, const uint8_t* data, const int32_t data_len, Http2FlowData* session_data, SourceId source_id) { - // FIXIT-H call the appropriate frame subclass constructor based on the type + // FIXIT-E call the appropriate frame subclass constructor based on the type switch(session_data->frame_type[source_id]) { case FT_HEADERS: diff --git a/src/service_inspectors/http2_inspect/http2_inspect.cc b/src/service_inspectors/http2_inspect/http2_inspect.cc index e0e4b49ec..aeb05ad21 100644 --- a/src/service_inspectors/http2_inspect/http2_inspect.cc +++ b/src/service_inspectors/http2_inspect/http2_inspect.cc @@ -118,7 +118,7 @@ void Http2Inspect::eval(Packet* p) if (!session_data) return; - // FIXIT-H Workaround for unexpected eval() calls + // FIXIT-E Workaround for unexpected eval() calls // Avoid eval if scan/reassemble aborts if (session_data->frame_type[source_id] == FT__ABORT) return; diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc index 8d60e1b87..8674fea24 100644 --- a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc +++ b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc @@ -209,7 +209,7 @@ bool Http2StreamSplitter::finish(Flow* flow) } #endif - // FIXIT-H not supported yet + // FIXIT-E not supported yet return false; } @@ -236,7 +236,7 @@ bool Http2StreamSplitter::init_partial_flush(Flow* flow) } #endif - // FIXIT-H not supported yet + // FIXIT-E not supported yet return false; } diff --git a/src/service_inspectors/http_inspect/http_inspect.cc b/src/service_inspectors/http_inspect/http_inspect.cc index 90ddd2331..d32ed4383 100644 --- a/src/service_inspectors/http_inspect/http_inspect.cc +++ b/src/service_inspectors/http_inspect/http_inspect.cc @@ -362,7 +362,7 @@ void HttpInspect::eval(Packet* p) HttpFlowData* session_data = http_get_flow_data(p->flow); - // FIXIT-H Workaround for unexpected eval() calls. Convert to asserts when possible. + // FIXIT-E Workaround for unexpected eval() calls. Convert to asserts when possible. if ((session_data->section_type[source_id] == SEC__NOT_COMPUTE) || (session_data->type_expected[source_id] == SEC_ABORT) || (session_data->octets_reassembled[source_id] != p->dsize)) diff --git a/src/service_inspectors/http_inspect/http_msg_body_h2.cc b/src/service_inspectors/http_inspect/http_msg_body_h2.cc index 9911a9b2d..1f57873e7 100644 --- a/src/service_inspectors/http_inspect/http_msg_body_h2.cc +++ b/src/service_inspectors/http_inspect/http_msg_body_h2.cc @@ -28,14 +28,14 @@ void HttpMsgBodyH2::update_flow() session_data->body_octets[source_id] = body_octets; if (session_data->http2_end_stream[source_id]) { - // FIXIT-H check content length header against bytes received + // FIXIT-E check content length header against bytes received session_data->trailer_prep(source_id); session_data->http2_end_stream[source_id] = false; } else { - //FIXIT-H check have not exceeded content length + // FIXIT-E check have not exceeded content length update_depth(); } } diff --git a/src/service_inspectors/http_inspect/http_msg_header.cc b/src/service_inspectors/http_inspect/http_msg_header.cc index ac2be52f4..362b386d5 100644 --- a/src/service_inspectors/http_inspect/http_msg_header.cc +++ b/src/service_inspectors/http_inspect/http_msg_header.cc @@ -198,7 +198,7 @@ void HttpMsgHeader::update_flow() if (session_data->for_http2) { - // FIXIT-H check for transfer-encoding and content-length headers + // FIXIT-E check for transfer-encoding and content-length headers session_data->type_expected[source_id] = SEC_BODY_H2; prepare_body(); return; diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc b/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc index fde9e491b..04b408142 100644 --- a/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc +++ b/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc @@ -294,14 +294,14 @@ const StreamBuffer HttpStreamSplitter::reassemble(Flow* flow, unsigned total, uint32_t& partial_raw_bytes = session_data->partial_raw_bytes[source_id]; assert(partial_raw_bytes + total <= MAX_OCTETS); - // FIXIT-H this is a precaution/workaround for stream issues. When they are fixed replace this + // FIXIT-E this is a precaution/workaround for stream issues. When they are fixed replace this // block with an assert. if ((session_data->section_offset[source_id] == 0) && (session_data->octets_expected[source_id] != partial_raw_bytes + total)) { if (session_data->octets_expected[source_id] == 0) { - // FIXIT-H This is a known problem. No data was scanned and yet somehow stream can + // FIXIT-E This is a known problem. No data was scanned and yet somehow stream can // give us data when we ask for an empty message section. Dropping the unexpected data // enables us to send the HTTP headers through detection as originally planned. total = 0; diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc index d9ed4e59b..1e6f19367 100644 --- a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc +++ b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc @@ -238,7 +238,7 @@ StreamSplitter::Status HttpStreamSplitter::scan(Packet* pkt, const uint8_t* data // FIXIT-L the following call seems inappropriate for headers and trailers. Those cases // should be an unconditional EVENT_LOSS_OF_SYNC. session_data->events[source_id]->generate_misformatted_http(data, length); - // FIXIT-H need to process this data not just discard it. + // FIXIT-E need to process this data not just discard it. session_data->type_expected[source_id] = SEC_ABORT; delete cutter; cutter = nullptr; diff --git a/src/stream/file/file_session.cc b/src/stream/file/file_session.cc index ffc8a8681..c1044e46d 100644 --- a/src/stream/file/file_session.cc +++ b/src/stream/file/file_session.cc @@ -51,9 +51,6 @@ FileSession::~FileSession() bool FileSession::setup(Packet*) { - // FIXIT-H file context is null here - //const char* s = DAQ_GetInterfaceSpec(); - //file_api->set_file_name(p->flow, (uint8_t*)s, strlen(s)); return true; } diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc index 0b339f2ba..a745a2ad5 100644 --- a/src/stream/tcp/tcp_module.cc +++ b/src/stream/tcp/tcp_module.cc @@ -167,8 +167,6 @@ static const Parameter s_params[] = { "max_pdu", Parameter::PT_INT, "1460:32768", "16384", "maximum reassembled PDU size" }, - // FIXIT-H: This should become an API call so that - // an inspector can enable no-ack processing on specific flows { "no_ack", Parameter::PT_BOOL, nullptr, "false", "received data is implicitly acked immediately" }, diff --git a/src/stream/tcp/tcp_normalizer.cc b/src/stream/tcp/tcp_normalizer.cc index 1db5fdeb9..3c59f8531 100644 --- a/src/stream/tcp/tcp_normalizer.cc +++ b/src/stream/tcp/tcp_normalizer.cc @@ -219,7 +219,7 @@ uint32_t TcpNormalizer::get_tcp_timestamp( bool TcpNormalizer::validate_rst_seq_geq( TcpNormalizerState& tns, TcpSegmentDescriptor& tsd) { - // FIXIT-H check for rcv_nxt == 0 is hack for uninitialized rcv_nxt, fix this + // FIXIT-M check for rcv_nxt == 0 is hack for uninitialized rcv_nxt if ( ( tns.tracker->rcv_nxt == 0 ) || SEQ_GEQ(tsd.get_seg_seq(), tns.tracker->rcv_nxt) ) return true; @@ -229,7 +229,7 @@ bool TcpNormalizer::validate_rst_seq_geq( bool TcpNormalizer::validate_rst_end_seq_geq( TcpNormalizerState& tns, TcpSegmentDescriptor& tsd) { - // FIXIT-H check for r_win_base == 0 is hack for uninitialized r_win_base, fix this + // FIXIT-M check for r_win_base == 0 is hack for uninitialized r_win_base if ( tns.tracker->r_win_base == 0 ) return true; @@ -248,7 +248,7 @@ bool TcpNormalizer::validate_rst_seq_eq( { uint32_t expected_seq = tns.tracker->rcv_nxt + tns.tracker->get_fin_seq_adjust(); - // FIXIT-H check for rcv_nxt == 0 is hack for uninitialized rcv_nxt, fix this + // FIXIT-M check for rcv_nxt == 0 is hack for uninitialized rcv_nxt if ( ( tns.tracker->rcv_nxt == 0 ) || SEQ_EQ(tsd.get_seg_seq(), expected_seq) ) return true; diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc index 3278d6e0f..589529967 100644 --- a/src/stream/tcp/tcp_reassembler.cc +++ b/src/stream/tcp/tcp_reassembler.cc @@ -529,8 +529,8 @@ int TcpReassembler::_flush_to_seq( { if ( !p ) { - // FIXIT-H we need to have user_policy_id in this case - // FIXIT-H this leads to format_tcp() copying from pdu to pdu + // FIXIT-M we need to have user_policy_id in this case + // FIXIT-M this leads to format_tcp() copying from pdu to pdu // (neither of these issues is created by passing null through to here) p = DetectionEngine::set_next_packet(); } @@ -1092,6 +1092,7 @@ int TcpReassembler::flush_on_data_policy(TcpReassemblerState& trs, Packet* p) // FIXIT-H a drop rule will yoink the seglist out from under us // because apply_delayed_action is only deferred to end of context + // this is causing stability issues if ( flushed and trs.sos.seg_count and !trs.sos.session->flow->two_way_traffic() and !p->ptrs.tcph->is_syn() ) { diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc index 0f2ba718c..62ca780dc 100644 --- a/src/stream/tcp/tcp_session.cc +++ b/src/stream/tcp/tcp_session.cc @@ -126,7 +126,6 @@ void TcpSession::restart(Packet* p) listener = &server; } - // FIXIT-H on data / on ack must be based on flush policy if (p->dsize > 0) listener->reassembler.flush_on_data_policy(p); @@ -297,7 +296,7 @@ bool TcpSession::flow_exceeds_config_thresholds(const TcpSegmentDescriptor& tsd) return true; } - // FIXIT-H any discards must be counted and in many cases alerted as well + // FIXIT-M any discards must be counted and in many cases alerted as well // (count all but alert at most once per flow) // three cases in this function; look for others if ( ( config->flags & STREAM_CONFIG_NO_ASYNC_REASSEMBLY ) && !flow->two_way_traffic() ) @@ -316,7 +315,7 @@ bool TcpSession::flow_exceeds_config_thresholds(const TcpSegmentDescriptor& tsd) && ( listener->reassembler.get_seg_bytes_total() > config->max_queued_bytes ) ) { tcpStats.exceeded_max_bytes++; - // FIXIT-H add one alert per flow per above + // FIXIT-M add one alert per flow per above return true; } @@ -324,7 +323,7 @@ bool TcpSession::flow_exceeds_config_thresholds(const TcpSegmentDescriptor& tsd) && ( listener->reassembler.get_seg_count() + 1 > config->max_queued_segs ) ) { tcpStats.exceeded_max_segs++; - // FIXIT-H add one alert per flow per above + // FIXIT-M add one alert per flow per above return true; } @@ -460,7 +459,7 @@ void TcpSession::set_os_policy() server.reassembler.init(this, &server, server_os_policy, true); } -// FIXIT-H this is no longer called (but should be) +// FIXIT-M this is no longer called (but should be) #if 0 void TcpSession::swap_trackers() { @@ -763,8 +762,8 @@ void TcpSession::handle_data_segment(TcpSegmentDescriptor& tsd) st->normalizer.trim_win_payload( tsd, (st->r_win_base + st->get_snd_wnd() - st->rcv_nxt)); - // FIXIT-H: MSS is not being set on client so packets sent - // to client are not trimmed. + // FIXIT-H: MSS is not set on client so packets sent to client are not trimmed + // use case? if (st->get_mss()) st->normalizer.trim_mss_payload(tsd, st->get_mss()); @@ -1061,7 +1060,7 @@ int TcpSession::process(Packet* p) return ACTION_NOTHING; } - // FIXIT-H need to do something here to handle check for need to swap trackers?? + // FIXIT-M need to do something here to handle check for need to swap trackers?? if ( !config ) config = get_tcp_cfg(flow->ssn_server); diff --git a/src/stream/tcp/tcp_state_closed.cc b/src/stream/tcp/tcp_state_closed.cc index cb3c20ecf..c22922469 100644 --- a/src/stream/tcp/tcp_state_closed.cc +++ b/src/stream/tcp/tcp_state_closed.cc @@ -152,7 +152,7 @@ bool TcpStateClosed::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpStr return true; } -#ifdef FOO // FIXIT-H UNIT_TEST need work +#if 0 // FIXIT-M unit tests need work #include "tcp_normalizers.h" #include "tcp_reassemblers.h" diff --git a/src/stream/tcp/tcp_state_listen.cc b/src/stream/tcp/tcp_state_listen.cc index 6b58bb479..4e45ba2ef 100644 --- a/src/stream/tcp/tcp_state_listen.cc +++ b/src/stream/tcp/tcp_state_listen.cc @@ -98,11 +98,9 @@ bool TcpStateListen::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) && ( tsd.has_wscale() || ( tsd.get_seg_len() > 0 ) ) ) { Flow* flow = tsd.get_flow(); - - // FIXIT-H do we need to verify the ACK field is >= the seq of the SYN-ACK? - // 3-way Handshake complete, create TCP session flow->session_state |= ( STREAM_STATE_ACK | STREAM_STATE_SYN_ACK | STREAM_STATE_ESTABLISHED ); + trk.init_on_3whs_ack_sent(tsd); trk.session->init_new_tcp_session(tsd); trk.session->update_perf_base_state(TcpStreamTracker::TCP_ESTABLISHED); diff --git a/src/stream/tcp/tcp_state_none.cc b/src/stream/tcp/tcp_state_none.cc index 8cd9967ab..c9c84f8d2 100644 --- a/src/stream/tcp/tcp_state_none.cc +++ b/src/stream/tcp/tcp_state_none.cc @@ -190,7 +190,7 @@ bool TcpStateNone::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { if ( trk.session->config->midstream_allowed(tsd.get_pkt() ) ) { - // FIXIT-H handle FIN on midstream + // FIXIT-M handle FIN on midstream } else if ( trk.session->config->require_3whs() ) { @@ -204,7 +204,7 @@ bool TcpStateNone::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { if ( trk.session->config->midstream_allowed(tsd.get_pkt() ) ) { - // FIXIT-H handle FIN on midstream + // FIXIT-M handle FIN on midstream } else if ( trk.session->config->require_3whs() ) { @@ -218,7 +218,7 @@ bool TcpStateNone::rst_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { if ( trk.session->config->midstream_allowed(tsd.get_pkt() ) ) { - // FIXIT-H handle RST on midstream + // FIXIT-M handle RST on midstream } return true; } @@ -238,7 +238,7 @@ bool TcpStateNone::rst_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) return true; } -#ifdef FOO // FIXIT-H UNIT_TEST need work +#if 0 // FIXIT-M unit tests need work #include "tcp_normalizers.h" #include "tcp_reassemblers.h" diff --git a/src/stream/tcp/tcp_state_syn_recv.cc b/src/stream/tcp/tcp_state_syn_recv.cc index 6d8140066..0f1806e1c 100644 --- a/src/stream/tcp/tcp_state_syn_recv.cc +++ b/src/stream/tcp/tcp_state_syn_recv.cc @@ -67,6 +67,7 @@ bool TcpStateSynRecv::syn_ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& Flow* flow = tsd.get_flow(); // FIXIT-H verify ack being sent is valid... + // norm/drop + discard trk.finish_server_init(tsd); trk.normalizer.ecn_tracker(tsd.get_tcph(), trk.session->config->require_3whs()); flow->session_state |= STREAM_STATE_SYN_ACK; diff --git a/src/stream/tcp/tcp_state_syn_sent.cc b/src/stream/tcp/tcp_state_syn_sent.cc index 6db841412..9a5ace001 100644 --- a/src/stream/tcp/tcp_state_syn_sent.cc +++ b/src/stream/tcp/tcp_state_syn_sent.cc @@ -67,6 +67,7 @@ bool TcpStateSynSent::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) Flow* flow = tsd.get_flow(); // FIXIT-H verify ack being sent is valid... + // norm/drop + discard trk.update_tracker_ack_sent(tsd); flow->set_session_flags(SSNFLAG_ESTABLISHED); flow->session_state |= ( STREAM_STATE_ACK | STREAM_STATE_ESTABLISHED ); @@ -88,6 +89,7 @@ bool TcpStateSynSent::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& Flow* flow = tsd.get_flow(); // FIXIT-H verify ack being sent is valid... + // norm/drop + discard trk.update_tracker_ack_sent(tsd); flow->set_session_flags(SSNFLAG_ESTABLISHED); flow->session_state |= ( STREAM_STATE_ACK | STREAM_STATE_ESTABLISHED ); diff --git a/src/stream/tcp/tcp_stream_session.cc b/src/stream/tcp/tcp_stream_session.cc index 5a203bad0..ae76bb21c 100644 --- a/src/stream/tcp/tcp_stream_session.cc +++ b/src/stream/tcp/tcp_stream_session.cc @@ -214,8 +214,6 @@ bool TcpStreamSession::are_packets_missing(uint8_t dir) return false; } -// FIXIT-H add alert and check alerted go away when we finish -// packet / PDU split because PDU rules won't run on raw packets bool TcpStreamSession::add_alert(Packet* p, uint32_t gid, uint32_t sid) { TcpStreamTracker& st = p->ptrs.ip_api.get_src()->equals(flow->client_ip) ? server : client; diff --git a/src/stream/tcp/tcp_stream_tracker.cc b/src/stream/tcp/tcp_stream_tracker.cc index e4226efb8..b3711884c 100644 --- a/src/stream/tcp/tcp_stream_tracker.cc +++ b/src/stream/tcp/tcp_stream_tracker.cc @@ -94,6 +94,7 @@ TcpStreamTracker::TcpEvent TcpStreamTracker::set_tcp_event(const TcpSegmentDescr tcp_event = TCP_ACK_SENT_EVENT; } else if ( tsd.get_seg_len() > 0 ) // FIXIT-H no flags set, how do we handle this? + // discard; drop if normalizing tcp_event = TCP_DATA_SEG_SENT_EVENT; else tcp_event = TCP_ACK_SENT_EVENT; @@ -136,6 +137,7 @@ TcpStreamTracker::TcpEvent TcpStreamTracker::set_tcp_event(const TcpSegmentDescr tcp_event = TCP_ACK_RECV_EVENT; } else if ( tsd.get_seg_len() > 0 ) // FIXIT-H no flags set, how do we handle this? + // discard; drop if normalizing tcp_event = TCP_DATA_SEG_RECV_EVENT; else tcp_event = TCP_ACK_RECV_EVENT; @@ -281,7 +283,7 @@ void TcpStreamTracker::init_on_syn_sent(TcpSegmentDescriptor& tsd) void TcpStreamTracker::init_on_syn_recv(TcpSegmentDescriptor& tsd) { irs = tsd.get_seg_seq(); - // FIXIT-H can we really set the vars below now? + rcv_nxt = tsd.get_seg_seq() + 1; r_win_base = tsd.get_seg_seq() + 1; reassembler.set_seglist_base_seq(tsd.get_seg_seq() + 1); @@ -386,7 +388,6 @@ void TcpStreamTracker::init_on_data_seg_sent(TcpSegmentDescriptor& tsd) else flow->set_session_flags(SSNFLAG_SEEN_SERVER); - // FIXIT-H should we init these? iss = tsd.get_seg_seq(); irs = tsd.get_seg_ack(); snd_una = tsd.get_seg_seq(); @@ -432,7 +433,7 @@ void TcpStreamTracker::finish_server_init(TcpSegmentDescriptor& tsd) snd_nxt = tsd.get_end_seq(); snd_wnd = tsd.get_seg_wnd(); - // FIXIT-H move this to fin handler for syn_recv state .. + // FIXIT-M move this to fin handler for syn_recv state .. //if ( tcph->is_fin() ) // server->set_snd_nxt(server->get_snd_nxt() - 1); @@ -493,6 +494,7 @@ void TcpStreamTracker::update_tracker_ack_sent(TcpSegmentDescriptor& tsd) //snd_una = tsd.get_seg_seq(); // FIXIT-H add check to validate ack... + // norm/drop + discard if ( SEQ_GT(tsd.get_end_seq(), snd_nxt) ) snd_nxt = tsd.get_end_seq(); diff --git a/src/stream/tcp/test/stream_tcp_test_utils.cc b/src/stream/tcp/test/stream_tcp_test_utils.cc index 47a1ff768..66170bd84 100644 --- a/src/stream/tcp/test/stream_tcp_test_utils.cc +++ b/src/stream/tcp/test/stream_tcp_test_utils.cc @@ -51,13 +51,13 @@ static const uint8_t cooked_syn_ack[] = static const uint8_t cooked_ack[] = "\x00\x21\x91\x01\xb2\x48\xaa\x00\x04\x00\x0a\x04\x08\x00\x45\x00\x00\x28\x00\x01\x00\x00\x40\x06\x88\x96\xc0\xa8\x00\x59\x48\xa7\xe8\x90\x23\x34\x00\x50\x00\x00\x23\x5b\x00\x00\x23\x42\x50\x10\x20\x00\x33\x7a\x00\x00"; -// FIXIT-H this is not a FIN PACKET yet... +// FIXIT-M this is not a FIN PACKET yet... // IP 192.168.0.89.9012 > p3nlh044.shr.prod.phx3.secureserver.net.http: Flags [.], ack 1, win 8192, // length 0 static const uint8_t cooked_fin[] = "\x00\x21\x91\x01\xb2\x48\xaa\x00\x04\x00\x0a\x04\x08\x00\x45\x00\x00\x28\x00\x01\x00\x00\x40\x06\x88\x96\xc0\xa8\x00\x59\x48\xa7\xe8\x90\x23\x34\x00\x50\x00\x00\x23\x5b\x00\x00\x23\x42\x50\x10\x20\x00\x33\x7a\x00\x00"; -// FIXIT-H this is not a RST PACKET yet... +// FIXIT-M this is not a RST PACKET yet... // IP 192.168.0.89.9012 > p3nlh044.shr.prod.phx3.secureserver.net.http: Flags [.], ack 1, win 8192, // length 0 static const uint8_t cooked_rst[] = diff --git a/src/target_based/sftarget_hostentry.cc b/src/target_based/sftarget_hostentry.cc index e6e383d90..3fbb7ca01 100644 --- a/src/target_based/sftarget_hostentry.cc +++ b/src/target_based/sftarget_hostentry.cc @@ -127,8 +127,6 @@ SnortProtocolId get_snort_protocol_id_from_host_table(const HostAttributeEntry* } } - /* FIXIT-H client? doesn't make much sense in terms of specific port */ - return 0; } diff --git a/tools/snort2lua/config_states/config_deleted.cc b/tools/snort2lua/config_states/config_deleted.cc index 1c2bed21c..45d9895f1 100644 --- a/tools/snort2lua/config_states/config_deleted.cc +++ b/tools/snort2lua/config_states/config_deleted.cc @@ -575,7 +575,7 @@ const ConvertMap* protected_content_map = &protected_content_api; ************* sidechannel **************** *************************************************/ -// FIXIT-H: This is temporary and needs to be translated to an appropriate `side_channel = {}` +// FIXIT-L: This is temporary and needs to be translated to an appropriate `side_channel = {}` static const std::string sidechannel = "sidechannel"; static const ConvertMap sidechannel_api =