From: Maya Dagon (mdagon) Date: Mon, 25 Nov 2024 12:00:34 +0000 (+0000) Subject: Pull request #4509: Publish end of flow X-Git-Tag: 3.6.0.0~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ad2ba5dcdc13662980934da6a7ee6d5e55febb6f;p=thirdparty%2Fsnort3.git Pull request #4509: Publish end of flow Merge in SNORT/snort3 from ~MDAGON/snort3:conn_event to master Squashed commit of the following: commit bf95668b7ea4fc66c9afcebcf658ae3fa1f78949 Author: maya dagon Date: Fri Oct 25 14:13:30 2024 -0400 flow: publish flow end event --- diff --git a/src/flow/flow.cc b/src/flow/flow.cc index f9ec73a28..f2abdd07f 100644 --- a/src/flow/flow.cc +++ b/src/flow/flow.cc @@ -47,6 +47,8 @@ extern THREAD_LOCAL class FlowControl* flow_con; Flow::~Flow() { + DataBus::publish(intrinsic_pub_id, IntrinsicEventIds::FLOW_END, nullptr, this); + free_flow_data(); delete session; diff --git a/src/ips_options/ips_vba_data.cc b/src/ips_options/ips_vba_data.cc index 511ae1819..1f3689edb 100644 --- a/src/ips_options/ips_vba_data.cc +++ b/src/ips_options/ips_vba_data.cc @@ -153,6 +153,7 @@ const BaseApi* ips_vba_data[] = #ifdef UNIT_TEST #include "catch/snort_catch.h" +#include "main/policy.h" TEST_CASE("vba_data test", "[ips_vba_data]") { @@ -171,12 +172,19 @@ TEST_CASE("vba_data test", "[ips_vba_data]") SECTION("null gadget") { - Flow f; - p.flow = &f; + Flow* f = new Flow(); + InspectionPolicy ins; + set_inspection_policy(&ins); + NetworkPolicy net; + set_network_policy(&net); + + p.flow = f; p.flow->gadget = nullptr; Cursor c(&p); REQUIRE(vba_data_opt.eval(c, &p) == IpsOption::NO_MATCH); + + delete f; } } diff --git a/src/network_inspectors/rna/rna_flow.cc b/src/network_inspectors/rna/rna_flow.cc index 4af98298e..2173bd130 100644 --- a/src/network_inspectors/rna/rna_flow.cc +++ b/src/network_inspectors/rna/rna_flow.cc @@ -124,8 +124,8 @@ TEST_CASE("RNA Flow", "[get_tracker]") { timeval curr_time; Packet p; - Flow flow; - p.flow=&flow; + Flow* flow = new Flow(); + p.flow=flow; DiscoveryFilter filter(""); RnaTracker ht(new HostTracker); @@ -137,6 +137,11 @@ TEST_CASE("RNA Flow", "[get_tracker]") RnaTracker rt; uint32_t last_seen; + InspectionPolicy ins; + set_inspection_policy(&ins); + NetworkPolicy net; + set_network_policy(&net); + // test the server path curr_time.tv_sec = 12345678; packet_time_update(&curr_time); @@ -157,7 +162,9 @@ TEST_CASE("RNA Flow", "[get_tracker]") last_seen = ht->get_last_seen(); CHECK(last_seen == curr_time.tv_sec); - flow.free_flow_data(); + flow->free_flow_data(); + + delete flow; } #endif diff --git a/src/network_inspectors/rna/rna_pnd.cc b/src/network_inspectors/rna/rna_pnd.cc index f51e99fbb..4a861c0e4 100644 --- a/src/network_inspectors/rna/rna_pnd.cc +++ b/src/network_inspectors/rna/rna_pnd.cc @@ -1147,9 +1147,13 @@ TEST_CASE("RNA pnd cpe os", "[cpe-os]") RNAFlow::init(); RNAFlow* rna_flow = new RNAFlow(); Packet p; - Flow flow; - p.flow = &flow; + Flow* flow = new Flow(); + p.flow = flow; p.flow->set_flow_data(rna_flow); + InspectionPolicy ins; + set_inspection_policy(&ins); + NetworkPolicy net; + set_network_policy(&net); // Fill packet structure with required information eth::EtherHdr eh; @@ -1200,6 +1204,8 @@ TEST_CASE("RNA pnd cpe os", "[cpe-os]") delete(cpeevent); p.flow->free_flow_data(rna_flow); + + delete flow; } } #endif diff --git a/src/pub_sub/intrinsic_event_ids.h b/src/pub_sub/intrinsic_event_ids.h index 96110888f..1343fdc49 100644 --- a/src/pub_sub/intrinsic_event_ids.h +++ b/src/pub_sub/intrinsic_event_ids.h @@ -54,6 +54,7 @@ struct IntrinsicEventIds FLOW_STATE_SETUP, FLOW_STATE_RELOADED, FLOW_ASSISTANT_GADGET, + FLOW_END, EXPECT_HANDLE_FLOWS, EXPECT_EARLY_SESSION, diff --git a/src/stream/ip/ip_session.cc b/src/stream/ip/ip_session.cc index 4f21db018..297bcf9a4 100644 --- a/src/stream/ip/ip_session.cc +++ b/src/stream/ip/ip_session.cc @@ -257,30 +257,36 @@ public: TEST_CASE("IP Session", "[ip_session]") { - Flow lws; + Flow* lws = new Flow(); Packet p(false); DAQ_PktHdr_t dh = {}; p.pkth = &dh; + InspectionPolicy ins; + set_inspection_policy(&ins); + NetworkPolicy net; + set_network_policy(&net); SECTION("update_session without inspector") { - lws.ssn_server = nullptr; + lws->ssn_server = nullptr; - update_session(&p, &lws); - CHECK(lws.expire_time == 0); + update_session(&p, lws); + CHECK(lws->expire_time == 0); } SECTION("update_session with inspector") { StreamIpConfig* sic = new StreamIpConfig; sic->session_timeout = 360; - lws.set_default_session_timeout(sic->session_timeout, true); + lws->set_default_session_timeout(sic->session_timeout, true); StreamIp si(sic); - lws.ssn_server = &si; + lws->ssn_server = &si; - update_session(&p, &lws); - CHECK(lws.expire_time == 360); - lws.ssn_server = nullptr; + update_session(&p, lws); + CHECK(lws->expire_time == 360); + lws->ssn_server = nullptr; } + + delete lws; } #endif diff --git a/src/stream/stream.cc b/src/stream/stream.cc index 7ab704904..e45358efb 100644 --- a/src/stream/stream.cc +++ b/src/stream/stream.cc @@ -875,6 +875,10 @@ TEST_CASE("Stream API", "[stream_api][stream]") // initialization code here TcpNormalizerFactory::initialize(); Flow* flow = new Flow; + InspectionPolicy ins; + set_inspection_policy(&ins); + NetworkPolicy net; + set_network_policy(&net); SECTION("set/get ignore direction") { diff --git a/src/stream/tcp/ips_stream_reassemble.cc b/src/stream/tcp/ips_stream_reassemble.cc index e1a93ee0a..866857527 100644 --- a/src/stream/tcp/ips_stream_reassemble.cc +++ b/src/stream/tcp/ips_stream_reassemble.cc @@ -280,6 +280,10 @@ TEST_CASE("IPS Stream Reassemble", "[ips_stream_reassemble][stream_tcp]") Flow* flow = new Flow; Packet* pkt = get_syn_packet(flow); Cursor cursor(pkt); + InspectionPolicy ins; + set_inspection_policy(&ins); + NetworkPolicy net; + set_network_policy(&net); SECTION("reassembler initialization") {