From: Tom Peters (thopeter) Date: Fri, 7 Jan 2022 18:12:29 +0000 (+0000) Subject: Pull request #3230: stream_user: change packet type from PDU to USER for hext daq... X-Git-Tag: 3.1.20.0~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c56bc531ef42a2fc30a092f17b905b2775acb846;p=thirdparty%2Fsnort3.git Pull request #3230: stream_user: change packet type from PDU to USER for hext daq, user codec, and stream_user Merge in SNORT/snort3 from ~KATHARVE/snort3:hext to master Squashed commit of the following: commit 2eda9ec4fa6b39f1ae9a11183e9900d72437da59 Author: Katura Harvey Date: Tue Dec 21 15:47:52 2021 -0500 stream_user: change packet type from PDU to USER for hext daq, user codec, and stream_user --- diff --git a/src/codecs/misc/cd_user.cc b/src/codecs/misc/cd_user.cc index 965fdc860..981c848e3 100644 --- a/src/codecs/misc/cd_user.cc +++ b/src/codecs/misc/cd_user.cc @@ -111,7 +111,7 @@ bool UserCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) if ( pci->ip_proto ) { set_ip(pci, codec, snort); - snort.set_pkt_type(PktType::PDU); + snort.set_pkt_type(PktType::USER); } else { diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc index c3f4708a2..90a816466 100644 --- a/src/detection/detection_engine.cc +++ b/src/detection/detection_engine.cc @@ -579,6 +579,7 @@ bool DetectionEngine::detect(Packet* p, bool offload_ok) case PktType::UDP: case PktType::ICMP: case PktType::FILE: + case PktType::USER: if ( offload_ok and p->flow ) return offload(p); diff --git a/src/flow/flow.h b/src/flow/flow.h index 276485c42..208f4fe7d 100644 --- a/src/flow/flow.h +++ b/src/flow/flow.h @@ -264,7 +264,7 @@ public: { return (ssn_state.session_flags & SSNFLAG_PROXIED) != 0; } bool is_stream() - { return pkt_type == PktType::TCP or pkt_type == PktType::PDU; } + { return pkt_type == PktType::TCP or pkt_type == PktType::USER; } void block() { ssn_state.session_flags |= SSNFLAG_BLOCK; } diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc index a09b8ee2f..919624054 100644 --- a/src/flow/flow_control.cc +++ b/src/flow/flow_control.cc @@ -288,8 +288,8 @@ static void init_roles(Packet* p, Flow* flow) init_roles_udp(p, flow); break; - case PktType::PDU: case PktType::FILE: + case PktType::USER: swapped = init_roles_user(p, flow); break; diff --git a/src/framework/decode_data.h b/src/framework/decode_data.h index 98ba24846..21c5ab1b8 100644 --- a/src/framework/decode_data.h +++ b/src/framework/decode_data.h @@ -44,7 +44,7 @@ struct ICMPHdr; /* NOTE: if A protocol is added, update DecodeFlags! */ enum class PktType : std::uint8_t { - NONE, IP, TCP, UDP, ICMP, PDU, FILE, MAX + NONE, IP, TCP, UDP, ICMP, USER, FILE, PDU, MAX }; // the first several of these bits must map to PktType @@ -54,9 +54,9 @@ enum class PktType : std::uint8_t #define PROTO_BIT__TCP 0x000002 #define PROTO_BIT__UDP 0x000004 #define PROTO_BIT__ICMP 0x000008 -#define PROTO_BIT__PDU 0x000010 +#define PROTO_BIT__USER 0x000010 #define PROTO_BIT__FILE 0x000020 -#define PROTO_BIT__ARP 0x000040 +#define PROTO_BIT__PDU 0x000040 #define PROTO_BIT__TEREDO 0x000080 #define PROTO_BIT__GTP 0x000100 #define PROTO_BIT__MPLS 0x000200 @@ -72,7 +72,8 @@ enum class PktType : std::uint8_t #define PROTO_BIT__UDP_TUNNELED 0x080000 #define PROTO_BIT__OTHER 0x100000 #define PROTO_BIT__GENEVE 0x200000 -#define PROTO_BIT__ALL 0x3FFFFF +#define PROTO_BIT__ARP 0x400000 +#define PROTO_BIT__ALL 0x7FFFFF #define PROTO_BIT__ICMP_EMBED \ (PROTO_BIT__TCP_EMBED_ICMP | PROTO_BIT__UDP_EMBED_ICMP | \ @@ -80,7 +81,7 @@ enum class PktType : std::uint8_t #define PROTO_BIT__ANY_IP (PROTO_BIT__IP | PROTO_BIT__TCP | PROTO_BIT__UDP | PROTO_BIT__ICMP) #define PROTO_BIT__ANY_PDU (PROTO_BIT__TCP | PROTO_BIT__UDP | PROTO_BIT__PDU) -#define PROTO_BIT__ANY_SSN (PROTO_BIT__ANY_IP | PROTO_BIT__PDU | PROTO_BIT__FILE) +#define PROTO_BIT__ANY_SSN (PROTO_BIT__ANY_IP | PROTO_BIT__PDU | PROTO_BIT__FILE | PROTO_BIT__USER) #define PROTO_BIT__ANY_TYPE (PROTO_BIT__ANY_SSN | PROTO_BIT__ARP) enum DecodeFlags : std::uint16_t diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc index b18a0c998..7f03987d2 100644 --- a/src/managers/inspector_manager.cc +++ b/src/managers/inspector_manager.cc @@ -1216,7 +1216,7 @@ static void instantiate_default_binder(SnortConfig* sc, FrameworkPolicy* fp) m->add(PROTO_BIT__UDP, wiz_id); if ( tcp or udp or pdu ) - m->add(PROTO_BIT__PDU, wiz_id); + m->add(PROTO_BIT__USER, wiz_id); const InspectApi* api = get_plugin(bind_id); InspectorManager::instantiate(api, m, sc); diff --git a/src/network_inspectors/binder/bind_module.cc b/src/network_inspectors/binder/bind_module.cc index 5f51665e4..8ad488d24 100644 --- a/src/network_inspectors/binder/bind_module.cc +++ b/src/network_inspectors/binder/bind_module.cc @@ -289,7 +289,7 @@ bool BinderModule::set(const char* fqn, Value& v, SnortConfig*) const unsigned mask[] = { PROTO_BIT__ANY_TYPE, PROTO_BIT__IP, PROTO_BIT__ICMP, - PROTO_BIT__TCP, PROTO_BIT__UDP, PROTO_BIT__PDU, PROTO_BIT__FILE + PROTO_BIT__TCP, PROTO_BIT__UDP, PROTO_BIT__USER, PROTO_BIT__FILE, PROTO_BIT__PDU, }; binding.when.protos = mask[v.get_uint8()]; binding.when.add_criteria(BindWhen::Criteria::BWC_PROTO); diff --git a/src/network_inspectors/binder/binder.cc b/src/network_inspectors/binder/binder.cc index c5b6ee2a3..c22698802 100644 --- a/src/network_inspectors/binder/binder.cc +++ b/src/network_inspectors/binder/binder.cc @@ -149,7 +149,7 @@ static std::string proto_to_string(unsigned proto) return "tcp"; case PROTO_BIT__UDP: return "udp"; - case PROTO_BIT__PDU: + case PROTO_BIT__USER: return "user"; case PROTO_BIT__FILE: return "file"; @@ -610,7 +610,7 @@ bool Binder::configure(SnortConfig* sc) case PktType::TCP: name = "stream_tcp"; break; case PktType::UDP: name = "stream_udp"; break; case PktType::ICMP: name = "stream_icmp"; break; - case PktType::PDU: name = "stream_user"; break; + case PktType::USER: name = "stream_user"; break; case PktType::FILE: name = "stream_file"; break; default: name = nullptr; break; } diff --git a/src/protocols/packet.cc b/src/protocols/packet.cc index e51068342..01b759a9d 100644 --- a/src/protocols/packet.cc +++ b/src/protocols/packet.cc @@ -164,6 +164,7 @@ const char* Packet::get_type() const return "UDP"; case PktType::PDU: + case PktType::USER: case PktType::FILE: if ( proto_bits & PROTO_BIT__TCP ) return "TCP"; diff --git a/src/protocols/packet.h b/src/protocols/packet.h index 1076e4138..3c9816ca0 100644 --- a/src/protocols/packet.h +++ b/src/protocols/packet.h @@ -201,7 +201,8 @@ struct SO_PUBLIC Packet { return ptrs.get_pkt_type() == PktType::ICMP; } bool is_data() const - { return (ptrs.get_pkt_type() == PktType::PDU) or (ptrs.get_pkt_type() == PktType::FILE); } + { return (ptrs.get_pkt_type() == PktType::PDU) or (ptrs.get_pkt_type() == PktType::FILE) or + (ptrs.get_pkt_type() == PktType::USER); } bool is_cooked() const { return ((packet_flags & PKT_PSEUDO) != 0); } diff --git a/src/stream/base/stream_base.cc b/src/stream/base/stream_base.cc index 6e5340baa..032ff3613 100644 --- a/src/stream/base/stream_base.cc +++ b/src/stream/base/stream_base.cc @@ -206,8 +206,8 @@ void StreamBase::tinit() if ( (f = InspectorManager::get_session(PROTO_BIT__UDP)) ) flow_con->init_proto(PktType::UDP, f); - if ( (f = InspectorManager::get_session(PROTO_BIT__PDU)) ) - flow_con->init_proto(PktType::PDU, f); + if ( (f = InspectorManager::get_session(PROTO_BIT__USER)) ) + flow_con->init_proto(PktType::USER, f); if ( (f = InspectorManager::get_session(PROTO_BIT__FILE)) ) flow_con->init_proto(PktType::FILE, f); @@ -292,15 +292,15 @@ void StreamBase::eval(Packet* p) } break; - case PktType::PDU: - flow_con->process(PktType::PDU, p); + case PktType::USER: + flow_con->process(PktType::USER, p); break; case PktType::FILE: flow_con->process(PktType::FILE, p); break; - case PktType::MAX: + default: break; } } diff --git a/src/stream/base/stream_module.cc b/src/stream/base/stream_module.cc index e3812a3e1..63ee07d49 100644 --- a/src/stream/base/stream_module.cc +++ b/src/stream/base/stream_module.cc @@ -200,7 +200,7 @@ bool StreamModule::set(const char* fqn, Value& v, SnortConfig* c) else if ( strstr(fqn, "udp_cache") ) type = PktType::UDP; else if ( strstr(fqn, "user_cache") ) - type = PktType::PDU; + type = PktType::USER; else if ( strstr(fqn, "file_cache") ) type = PktType::FILE; else @@ -350,7 +350,7 @@ void StreamModuleConfig::show() const ConfigLogger::log_value("max_aux_ip", SnortConfig::get_conf()->max_aux_ip); ConfigLogger::log_value("pruning_timeout", flow_cache_cfg.pruning_timeout); - for (int i = to_utype(PktType::IP); i < to_utype(PktType::MAX); ++i) + for (int i = to_utype(PktType::IP); i < to_utype(PktType::PDU); ++i) { std::string tmp; tmp += "{ idle_timeout = " + std::to_string(flow_cache_cfg.proto[i].nominal_timeout); diff --git a/src/stream/user/stream_user.cc b/src/stream/user/stream_user.cc index 2c187f78b..25393d5c8 100644 --- a/src/stream/user/stream_user.cc +++ b/src/stream/user/stream_user.cc @@ -128,7 +128,7 @@ static const InspectApi user_api = mod_dtor }, IT_STREAM, - PROTO_BIT__PDU, + PROTO_BIT__USER, nullptr, // buffers nullptr, // service nullptr, // pinit diff --git a/src/stream/user/user_session.cc b/src/stream/user/user_session.cc index a5af59112..a458538ba 100644 --- a/src/stream/user/user_session.cc +++ b/src/stream/user/user_session.cc @@ -159,6 +159,7 @@ void UserTracker::detect( up->proto_bits = p->proto_bits; up->pseudo_type = PSEUDO_PKT_USER; + up->ptrs.set_pkt_type(PktType::PDU); up->packet_flags = flags | PKT_REBUILT_STREAM | PKT_PSEUDO; up->packet_flags |= (p->packet_flags & (PKT_FROM_CLIENT|PKT_FROM_SERVER));