From: Bhargava Jandhyala (bjandhya) Date: Wed, 2 Jun 2021 18:36:33 +0000 (+0000) Subject: Merge pull request #2914 in SNORT/snort3 from ~DIPANDIT/snort3:enable_multi_pinhole... X-Git-Tag: 3.1.6.0~31 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c8c63b1728bfb52b61e2aa687b278f1a2fed7330;p=thirdparty%2Fsnort3.git Merge pull request #2914 in SNORT/snort3 from ~DIPANDIT/snort3:enable_multi_pinhole to master Squashed commit of the following: commit 6c01d79f5fe0e1a8f97273eeda35c35fa4d9b834 Author: Dipto Pandit (dipandit) Date: Mon May 31 03:17:32 2021 -0400 stream: enable support for multiple expected sessions commit 3a4a0ef78eeec528f37a95ac0da488f54084af5f Author: Dipto Pandit (dipandit) Date: Mon May 31 03:14:04 2021 -0400 flow: enable support for multiple expected sessions commit b4bdb05a1c69c9e4db890447d0fa67e160a64880 Author: Dipto Pandit (dipandit) Date: Mon May 31 03:04:00 2021 -0400 packet_io: enable expected session flags --- diff --git a/src/flow/expect_cache.cc b/src/flow/expect_cache.cc index 998a90b81..e6748772c 100644 --- a/src/flow/expect_cache.cc +++ b/src/flow/expect_cache.cc @@ -316,8 +316,8 @@ ExpectCache::~ExpectCache() * */ int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_proto, - const SfIp* cliIP, uint16_t cliPort, const SfIp* srvIP, uint16_t srvPort, - char direction, FlowData* fd, SnortProtocolId snort_protocol_id, bool swap_app_direction) + const SfIp* cliIP, uint16_t cliPort, const SfIp* srvIP, uint16_t srvPort, char direction, + FlowData* fd, SnortProtocolId snort_protocol_id, bool swap_app_direction, bool expect_multi) { /* Just pull the VLAN ID, MPLS ID, and Address Space ID from the control packet until we have a use case for not doing so. */ @@ -392,8 +392,11 @@ int ExpectCache::add_flow(const Packet *ctrlPkt, PktType type, IpProtocol ip_pro PacketTracer::log("Create expected channel request sent with %s -> %s %hu %hhu\n", dipstr, sipstr, srvPort, static_cast(ip_proto)); } + unsigned flag = 0; + if (expect_multi) + flag |= DAQ_EFLOW_ALLOW_MULTIPLE; ctrlPkt->daq_instance->add_expected(ctrlPkt, cliIP, cliPort, srvIP, srvPort, - ip_proto, 1000, 0); + ip_proto, 1000, flag); } } diff --git a/src/flow/expect_cache.h b/src/flow/expect_cache.h index 6eb294b59..5b5313bab 100644 --- a/src/flow/expect_cache.h +++ b/src/flow/expect_cache.h @@ -98,7 +98,7 @@ public: int add_flow(const snort::Packet *ctrlPkt, PktType, IpProtocol, const snort::SfIp* cliIP, uint16_t cliPort, const snort::SfIp* srvIP, uint16_t srvPort, char direction, snort::FlowData*, SnortProtocolId snort_protocol_id = UNKNOWN_PROTOCOL_ID, - bool swap_app_direction = false); + bool swap_app_direction = false, bool expect_multi = false); bool is_expected(snort::Packet*); bool check(snort::Packet*, snort::Flow*); diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc index 839b78792..1d9349122 100644 --- a/src/flow/flow_control.cc +++ b/src/flow/flow_control.cc @@ -573,10 +573,10 @@ int FlowControl::add_expected_ignore( const Packet* ctrlPkt, PktType type, IpPro int FlowControl::add_expected( const Packet* ctrlPkt, PktType type, IpProtocol ip_proto, const SfIp *srcIP, uint16_t srcPort, const SfIp *dstIP, uint16_t dstPort, - SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction) + SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction, bool expect_multi) { return exp_cache->add_flow( ctrlPkt, type, ip_proto, srcIP, srcPort, dstIP, dstPort, - SSN_DIR_BOTH, fd, snort_protocol_id, swap_app_direction); + SSN_DIR_BOTH, fd, snort_protocol_id, swap_app_direction, expect_multi); } bool FlowControl::is_expected(Packet* p) diff --git a/src/flow/flow_control.h b/src/flow/flow_control.h index 9a7a7a90f..de1930301 100644 --- a/src/flow/flow_control.h +++ b/src/flow/flow_control.h @@ -78,8 +78,8 @@ public: char direction, snort::FlowData*); int add_expected(const snort::Packet* ctrlPkt, PktType, IpProtocol, const snort::SfIp *srcIP, - uint16_t srcPort, const snort::SfIp *dstIP, uint16_t dstPort, - SnortProtocolId snort_protocol_id, snort::FlowData*, bool swap_app_direction = false); + uint16_t srcPort, const snort::SfIp *dstIP, uint16_t dstPort, SnortProtocolId snort_protocol_id, + snort::FlowData*, bool swap_app_direction = false, bool expect_multi = false); class ExpectCache* get_exp_cache() { return exp_cache; } diff --git a/src/flow/test/flow_cache_test.cc b/src/flow/test/flow_cache_test.cc index 8803f9b25..582818dd1 100644 --- a/src/flow/test/flow_cache_test.cc +++ b/src/flow/test/flow_cache_test.cc @@ -121,7 +121,7 @@ void Stream::stop_inspection(Flow*, Packet*, char, int32_t, int) { } int ExpectCache::add_flow(const Packet*, PktType, IpProtocol, const SfIp*, uint16_t, - const SfIp*, uint16_t, char, FlowData*, SnortProtocolId, bool) + const SfIp*, uint16_t, char, FlowData*, SnortProtocolId, bool, bool) { return 1; } diff --git a/src/flow/test/flow_control_test.cc b/src/flow/test/flow_control_test.cc index 027048762..d03fb7aea 100644 --- a/src/flow/test/flow_control_test.cc +++ b/src/flow/test/flow_control_test.cc @@ -167,7 +167,7 @@ int ExpectCache::add_flow(const Packet*, PktType, IpProtocol, const SfIp*, uint16_t, const SfIp*, uint16_t, - char, FlowData*, SnortProtocolId, bool) + char, FlowData*, SnortProtocolId, bool, bool) { return 1; } diff --git a/src/packet_io/sfdaq_instance.cc b/src/packet_io/sfdaq_instance.cc index a074b9f11..a3e0c694c 100644 --- a/src/packet_io/sfdaq_instance.cc +++ b/src/packet_io/sfdaq_instance.cc @@ -341,7 +341,7 @@ int SFDAQInstance::set_packet_trace_data(DAQ_Msg_h msg, uint8_t* buff, uint32_t // FIXIT-L X Add Snort flag definitions for callers to use and translate/pass them through to // the DAQ module int SFDAQInstance::add_expected(const Packet* ctrlPkt, const SfIp* cliIP, uint16_t cliPort, - const SfIp* srvIP, uint16_t srvPort, IpProtocol protocol, unsigned timeout_ms, unsigned /* flags */) + const SfIp* srvIP, uint16_t srvPort, IpProtocol protocol, unsigned timeout_ms, unsigned flags) { DIOCTL_CreateExpectedFlow d_cef; @@ -386,6 +386,10 @@ int SFDAQInstance::add_expected(const Packet* ctrlPkt, const SfIp* cliIP, uint16 key->vlan_cnots = 1; d_cef.flags = 0; + + if (flags & DAQ_EFLOW_ALLOW_MULTIPLE) + d_cef.flags |= DAQ_EFLOW_ALLOW_MULTIPLE; + /* if (flags & DAQ_DC_FLOAT) d_cef.flags |= DAQ_EFLOW_FLOAT; diff --git a/src/packet_io/sfdaq_instance.h b/src/packet_io/sfdaq_instance.h index 8af2e9930..04e7fb8c2 100644 --- a/src/packet_io/sfdaq_instance.h +++ b/src/packet_io/sfdaq_instance.h @@ -80,7 +80,7 @@ public: int set_packet_trace_data(DAQ_Msg_h, uint8_t* buff, uint32_t buff_len); int add_expected(const Packet* ctrlPkt, const SfIp* cliIP, uint16_t cliPort, const SfIp* srvIP, uint16_t srvPort, IpProtocol, unsigned timeout_ms, - unsigned /* flags */); + unsigned flags); bool get_tunnel_bypass(uint16_t proto); private: diff --git a/src/stream/stream.cc b/src/stream/stream.cc index b56b2dcd2..c0ca827ff 100644 --- a/src/stream/stream.cc +++ b/src/stream/stream.cc @@ -386,13 +386,13 @@ int Stream::set_snort_protocol_id_expected( const Packet* ctrlPkt, PktType type, IpProtocol ip_proto, const SfIp* srcIP, uint16_t srcPort, const SfIp* dstIP, uint16_t dstPort, - SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction) + SnortProtocolId snort_protocol_id, FlowData* fd, bool swap_app_direction, bool expect_multi) { assert(flow_con); return flow_con->add_expected( ctrlPkt, type, ip_proto, srcIP, srcPort, dstIP, dstPort, snort_protocol_id, fd, - swap_app_direction); + swap_app_direction, expect_multi); } void Stream::set_snort_protocol_id_from_ha( diff --git a/src/stream/stream.h b/src/stream/stream.h index 402ce2b95..0ef87b9c9 100644 --- a/src/stream/stream.h +++ b/src/stream/stream.h @@ -173,7 +173,7 @@ public: static int set_snort_protocol_id_expected( const Packet* ctrlPkt, PktType, IpProtocol, const snort::SfIp* srcIP, uint16_t srcPort, const snort::SfIp* dstIP, uint16_t dstPort, SnortProtocolId, FlowData*, - bool swap_app_direction = false); + bool swap_app_direction = false, bool expect_multi = false); // Get pointer to application data for a flow based on the lookup tuples for cases where // Snort does not have an active packet that is relevant.