From: Tom Peters (thopeter) Date: Fri, 20 Aug 2021 22:12:31 +0000 (+0000) Subject: Merge pull request #3032 in SNORT/snort3 from ~THOPETER/snort3:nhttp158 to master X-Git-Tag: 3.1.11.0~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9637f1e3f2263be8f233f90e126b61ca3463b069;p=thirdparty%2Fsnort3.git Merge pull request #3032 in SNORT/snort3 from ~THOPETER/snort3:nhttp158 to master Squashed commit of the following: commit dc970325178f3d16227e3c1f44f22a32ccb1fa70 Author: Tom Peters Date: Thu Aug 19 17:23:25 2021 -0400 http_inspect: support more infractions and events --- diff --git a/src/framework/base_api.h b/src/framework/base_api.h index 45a3a8873..e416771be 100644 --- a/src/framework/base_api.h +++ b/src/framework/base_api.h @@ -29,7 +29,7 @@ // this is the current version of the base api // must be prefixed to subtype version -#define BASE_API_VERSION 5 +#define BASE_API_VERSION 6 // set options to API_OPTIONS to ensure compatibility #ifndef API_OPTIONS diff --git a/src/service_inspectors/http_inspect/http_event.h b/src/service_inspectors/http_inspect/http_event.h index b11b4e30f..16044e3b3 100644 --- a/src/service_inspectors/http_inspect/http_event.h +++ b/src/service_inspectors/http_inspect/http_event.h @@ -52,6 +52,9 @@ public: uint64_t get_raw3() const { return ((events_generated >> BASE_2XX_EVENTS) & bitmask).to_ulong(); } + uint64_t get_raw4() const { return + ((events_generated >> (BASE_2XX_EVENTS + 64)) & bitmask).to_ulong(); } + private: static const unsigned BASE_1XX_EVENTS = 100; static const unsigned BASE_2XX_EVENTS = 200; diff --git a/src/service_inspectors/http_inspect/http_msg_section.cc b/src/service_inspectors/http_inspect/http_msg_section.cc index e31e5718b..1c7ae7741 100644 --- a/src/service_inspectors/http_inspect/http_msg_section.cc +++ b/src/service_inspectors/http_inspect/http_msg_section.cc @@ -421,10 +421,12 @@ void HttpMsgSection::print_section_title(FILE* output, const char* title) const void HttpMsgSection::print_section_wrapup(FILE* output) const { - fprintf(output, "Infractions: %016" PRIx64 " %016" PRIx64 ", Events: %016" PRIx64 " %016" - PRIx64 " %016" PRIx64 ", TCP Close: %s\n\n", + fprintf(output, "Infractions: %016" PRIx64 " %016" PRIx64 " %016" PRIx64 ", Events: %016" + PRIx64 " %016" PRIx64 " %016" PRIx64 " %016" PRIx64 ", TCP Close: %s\n\n", + transaction->get_infractions(source_id)->get_raw3(), transaction->get_infractions(source_id)->get_raw2(), transaction->get_infractions(source_id)->get_raw(), + session_data->events[source_id]->get_raw4(), session_data->events[source_id]->get_raw3(), session_data->events[source_id]->get_raw2(), session_data->events[source_id]->get_raw(), diff --git a/src/utils/infractions.h b/src/utils/infractions.h index d4d8d2139..2cd1979c0 100644 --- a/src/utils/infractions.h +++ b/src/utils/infractions.h @@ -52,6 +52,8 @@ public: (infractions & std::bitset(0xFFFFFFFFFFFFFFFF)).to_ulong(); } uint64_t get_raw2() const { return ((infractions >> 64) & std::bitset(0xFFFFFFFFFFFFFFFF)).to_ulong(); } + uint64_t get_raw3() const { return + ((infractions >> 128) & std::bitset(0xFFFFFFFFFFFFFFFF)).to_ulong(); } private: std::bitset infractions = 0;