From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Sun, 16 Jun 2019 14:57:58 +0000 (-0400)
Subject: Merge pull request #1636 in SNORT/snort3 from ~BRASTULT/snort3:relative_so to master
X-Git-Tag: 3.0.0-257~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b026863368244445126846577891a6f83af285c4;p=thirdparty%2Fsnort3.git

Merge pull request #1636 in SNORT/snort3 from ~BRASTULT/snort3:relative_so to master

Squashed commit of the following:

commit 578047fa73a2e1485920e81061f7f0aeb229a592
Author: Brandon Stultz <brastult@cisco.com>
Date:   Fri Jun 7 14:22:06 2019 -0400

    ips_options: add relative parameter to so option
---

diff --git a/src/ips_options/ips_so.cc b/src/ips_options/ips_so.cc
index dce28932e..3a5ad6899 100644
--- a/src/ips_options/ips_so.cc
+++ b/src/ips_options/ips_so.cc
@@ -40,27 +40,32 @@ static THREAD_LOCAL ProfileStats soPerfStats;
 class SoOption : public IpsOption
 {
 public:
-    SoOption(const char*, const char*, SoEvalFunc f, void* v);
+    SoOption(const char*, const char*, bool, SoEvalFunc f, void* v);
     ~SoOption() override;
 
     uint32_t hash() const override;
     bool operator==(const IpsOption&) const override;
 
+    bool is_relative() override
+    { return relative_flag; }
+
     EvalStatus eval(Cursor&, Packet*) override;
 
 private:
     const char* soid;
     const char* so;
+    bool relative_flag;
     SoEvalFunc func;
     void* data;
 };
 
 SoOption::SoOption(
-    const char* id, const char* s, SoEvalFunc f, void* v)
+    const char* id, const char* s, bool r, SoEvalFunc f, void* v)
     : IpsOption(s_name)
 {
     soid = id;
     so = s;
+    relative_flag = r;
     func = f;
     data = v;
 }
@@ -73,7 +78,7 @@ SoOption::~SoOption()
 
 uint32_t SoOption::hash() const
 {
-    uint32_t a = 0, b = 0, c = 0;
+    uint32_t a = relative_flag, b = 0, c = 0;
     mix_str(a,b,c,soid);
     mix_str(a,b,c,so);
     finalize(a,b,c);
@@ -90,6 +95,9 @@ bool SoOption::operator==(const IpsOption& ips) const
     if ( strcmp(so, rhs.so) )
         return false;
 
+    if ( relative_flag != rhs.relative_flag )
+        return false;
+
     return true;
 }
 
@@ -108,6 +116,9 @@ static const Parameter s_params[] =
     { "~func", Parameter::PT_STRING, nullptr, nullptr,
       "name of eval function" },
 
+    { "relative", Parameter::PT_IMPLIED, nullptr, nullptr,
+      "offset from cursor instead of start of buffer" },
+
     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
 };
 
@@ -130,11 +141,13 @@ public:
 
 public:
     string name;
+    bool relative_flag;
 };
 
 bool SoModule::begin(const char*, int, SnortConfig*)
 {
     name.clear();
+    relative_flag = false;
     return true;
 }
 
@@ -143,6 +156,9 @@ bool SoModule::set(const char*, Value& v, SnortConfig*)
     if ( v.is("~func") )
         name = v.get_string();
 
+    else if ( v.is("relative") )
+        relative_flag = true;
+
     else
         return false;
 
@@ -168,6 +184,7 @@ static IpsOption* so_ctor(Module* p, OptTreeNode* otn)
     void* data = nullptr;
     SoModule* m = (SoModule*)p;
     const char* name = m->name.c_str();
+    bool relative_flag = m->relative_flag;
 
     if ( !otn->soid )
     {
@@ -181,7 +198,7 @@ static IpsOption* so_ctor(Module* p, OptTreeNode* otn)
         ParseError("can't link so:%s", name);
         return nullptr;
     }
-    return new SoOption(otn->soid, name, func, data);
+    return new SoOption(otn->soid, name, relative_flag, func, data);
 }
 
 static void so_dtor(IpsOption* p)