From: Michael Altizer (mialtize) Date: Tue, 15 Oct 2019 14:27:30 +0000 (-0400) Subject: Merge pull request #1795 in SNORT/snort3 from ~MIALTIZE/snort3:namespace to master X-Git-Tag: 3.0.0-263~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c91419fe86a629da1b1ff8c788a1353d347b4650;p=thirdparty%2Fsnort3.git Merge pull request #1795 in SNORT/snort3 from ~MIALTIZE/snort3:namespace to master Squashed commit of the following: commit 9aab09747acdbb68c1f95d6a6b5a7cfd44d9dd32 Author: Michael Altizer Date: Wed Oct 9 16:42:57 2019 -0400 mime: Put MailLogConfig in the snort namespace commit f5628e7cbae4b8e68b2f66161e11c7b38fbfe234 Author: Michael Altizer Date: Wed Oct 9 16:42:27 2019 -0400 file_api: Put FileCapture in the snort namespace commit cc82c6f0aa7db229675ab4f255892d8efaa109d3 Author: Michael Altizer Date: Wed Oct 9 14:49:12 2019 -0400 build: Clean up snort namespace usage --- diff --git a/src/actions/act_reject.cc b/src/actions/act_reject.cc index 479caaf76..1b36eca55 100644 --- a/src/actions/act_reject.cc +++ b/src/actions/act_reject.cc @@ -139,16 +139,16 @@ void RejectAction::send(Packet* p) act->send_reset(p, ENC_FLAG_FWD); if ( flags & REJ_UNR_FWD ) - act->send_unreach(p, snort::UnreachResponse::FWD); + act->send_unreach(p, UnreachResponse::FWD); if ( flags & REJ_UNR_NET ) - act->send_unreach(p, snort::UnreachResponse::NET); + act->send_unreach(p, UnreachResponse::NET); if ( flags & REJ_UNR_HOST ) - act->send_unreach(p, snort::UnreachResponse::HOST); + act->send_unreach(p, UnreachResponse::HOST); if ( flags & REJ_UNR_PORT ) - act->send_unreach(p, snort::UnreachResponse::PORT); + act->send_unreach(p, UnreachResponse::PORT); } //------------------------------------------------------------------------- diff --git a/src/actions/ips_actions.cc b/src/actions/ips_actions.cc index bf3d597ff..c0e18a2d4 100644 --- a/src/actions/ips_actions.cc +++ b/src/actions/ips_actions.cc @@ -25,11 +25,13 @@ #include "managers/plugin_manager.h" +using namespace snort; + #ifdef STATIC_IPS_ACTIONS -extern const snort::BaseApi* act_react[]; -extern const snort::BaseApi* act_reject[]; +extern const BaseApi* act_react[]; +extern const BaseApi* act_reject[]; #endif -extern const snort::BaseApi* act_replace[]; +extern const BaseApi* act_replace[]; void load_actions() { diff --git a/src/codecs/ip/cd_ipv4.cc b/src/codecs/ip/cd_ipv4.cc index f39fd9cb8..a916fa7c4 100644 --- a/src/codecs/ip/cd_ipv4.cc +++ b/src/codecs/ip/cd_ipv4.cc @@ -166,7 +166,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) return false; } - if ( snort::SnortConfig::get_conf()->hit_ip_maxlayers(codec.ip_layer_cnt) ) + if ( SnortConfig::get_conf()->hit_ip_maxlayers(codec.ip_layer_cnt) ) { codec_event(codec, DECODE_IP_MULTIPLE_ENCAPSULATION); return false; @@ -223,7 +223,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) /* If the previous layer was not IP-in-IP, this is not a 4-in-6 tunnel */ if ( codec.codec_flags & CODEC_NON_IP_TUNNEL ) codec.codec_flags &= ~CODEC_NON_IP_TUNNEL; - else if ( snort::SnortConfig::tunnel_bypass_enabled(TUNNEL_4IN6) ) + else if ( SnortConfig::tunnel_bypass_enabled(TUNNEL_4IN6) ) codec.tunnel_bypass = true; } else if (snort.ip_api.is_ip4()) @@ -231,7 +231,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) /* If the previous layer was not IP-in-IP, this is not a 4-in-4 tunnel */ if ( codec.codec_flags & CODEC_NON_IP_TUNNEL ) codec.codec_flags &= ~CODEC_NON_IP_TUNNEL; - else if (snort::SnortConfig::tunnel_bypass_enabled(TUNNEL_4IN4)) + else if (SnortConfig::tunnel_bypass_enabled(TUNNEL_4IN4)) codec.tunnel_bypass = true; } @@ -253,7 +253,7 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) */ IP4AddrTests(iph, codec, snort); - if (snort::SnortConfig::ip_checksums() && !valid_checksum_from_daq(raw)) + if (SnortConfig::ip_checksums() && !valid_checksum_from_daq(raw)) { // routers drop packets with bad IP checksums, we don't really need to check them... int16_t csum = checksum::ip_cksum((const uint16_t*)iph, hlen); @@ -556,7 +556,7 @@ void Ipv4Codec::log(TextLog* const text_log, const uint8_t* raw_pkt, const ip::IP4Hdr* const ip4h = reinterpret_cast(raw_pkt); // FIXIT-RC this does NOT obfuscate correctly - if (snort::SnortConfig::obfuscate()) + if (SnortConfig::obfuscate()) { TextLog_Print(text_log, "xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx"); } diff --git a/src/connectors/connectors.cc b/src/connectors/connectors.cc index 557551553..2f2343217 100644 --- a/src/connectors/connectors.cc +++ b/src/connectors/connectors.cc @@ -25,8 +25,10 @@ #include "framework/connector.h" #include "managers/plugin_manager.h" -extern const snort::BaseApi* file_connector[]; -extern const snort::BaseApi* tcp_connector[]; +using namespace snort; + +extern const BaseApi* file_connector[]; +extern const BaseApi* tcp_connector[]; void load_connectors() { diff --git a/src/detection/fp_create.cc b/src/detection/fp_create.cc index 4cdc7f558..c4482256b 100644 --- a/src/detection/fp_create.cc +++ b/src/detection/fp_create.cc @@ -379,7 +379,7 @@ static int pmx_create_tree_offload(SnortConfig* sc, void* id, void** existing_tr } static int fpFinishPortGroupRule( - SnortConfig* sc, snort::Mpse* mpse, OptTreeNode* otn, PatternMatchData* pmd, + SnortConfig* sc, Mpse* mpse, OptTreeNode* otn, PatternMatchData* pmd, FastPatternConfig* fp, Mpse::MpseType mpse_type, bool get_final_pat) { const char* pattern; @@ -502,7 +502,7 @@ static int fpFinishPortGroup( return 0; } -static void fpAddAlternatePatterns(SnortConfig* sc, snort::Mpse* mpse, +static void fpAddAlternatePatterns(SnortConfig* sc, Mpse* mpse, OptTreeNode* otn, PatternMatchData* pmd, FastPatternConfig* fp, Mpse::MpseType mpse_type) { fpFinishPortGroupRule(sc, mpse, otn, pmd, fp, mpse_type, false); diff --git a/src/detection/pcrm.cc b/src/detection/pcrm.cc index 3af868d05..3a2344890 100644 --- a/src/detection/pcrm.cc +++ b/src/detection/pcrm.cc @@ -42,6 +42,8 @@ #include "fp_config.h" +using namespace snort; + PORT_RULE_MAP* prmNewMap() { PORT_RULE_MAP* p = (PORT_RULE_MAP*)snort_calloc(sizeof(PORT_RULE_MAP)); @@ -88,16 +90,16 @@ static int prmFindRuleGroup( assert(src and dst and gen); *src = *dst = *gen = nullptr; - if ( (dport != ANYPORT) and (dport < snort::MAX_PORTS) ) + if ( (dport != ANYPORT) and (dport < MAX_PORTS) ) *dst = p->prmDstPort[dport]; - if ( (sport != ANYPORT) and (sport < snort::MAX_PORTS) ) + if ( (sport != ANYPORT) and (sport < MAX_PORTS) ) *src = p->prmSrcPort[sport]; /* If no Src/Dst rules - use the generic set, if any exist */ if ( p->prmGeneric and (p->prmGeneric->rule_count > 0) ) { - if ( snort::SnortConfig::get_conf()->fast_pattern_config->get_split_any_any() or (!*src and !*dst) ) + if ( SnortConfig::get_conf()->fast_pattern_config->get_split_any_any() or (!*src and !*dst) ) { *gen = p->prmGeneric; } diff --git a/src/detection/regex_offload.cc b/src/detection/regex_offload.cc index 45376a464..4316eeef3 100644 --- a/src/detection/regex_offload.cc +++ b/src/detection/regex_offload.cc @@ -48,7 +48,7 @@ using namespace snort; // FIXIT-L this could be offloader specific struct RegexRequest { - snort::Packet* packet = nullptr; + Packet* packet = nullptr; std::thread* thread; std::mutex mutex; @@ -99,7 +99,7 @@ void RegexOffload::stop() assert(busy.empty()); } -bool RegexOffload::on_hold(snort::Flow* f) const +bool RegexOffload::on_hold(Flow* f) const { for ( auto* req : busy ) { @@ -115,7 +115,7 @@ bool RegexOffload::on_hold(snort::Flow* f) const MpseRegexOffload::MpseRegexOffload(unsigned max) : RegexOffload(max) { } -void MpseRegexOffload::put(snort::Packet* p) +void MpseRegexOffload::put(Packet* p) { Profile profile(mpsePerfStats); @@ -135,19 +135,19 @@ void MpseRegexOffload::put(snort::Packet* p) p->context->searches.offload_search(); } -bool MpseRegexOffload::get(snort::Packet*& p) +bool MpseRegexOffload::get(Packet*& p) { Profile profile(mpsePerfStats); assert(!busy.empty()); - snort::Mpse::MpseRespType resp_ret; - snort::MpseBatch* batch; + Mpse::MpseRespType resp_ret; + MpseBatch* batch; - resp_ret = snort::MpseBatch::poll_offload_responses(batch); + resp_ret = MpseBatch::poll_offload_responses(batch); - if (resp_ret != snort::Mpse::MPSE_RESP_NOT_COMPLETE) + if (resp_ret != Mpse::MPSE_RESP_NOT_COMPLETE) { - if (resp_ret == snort::Mpse::MPSE_RESP_COMPLETE_FAIL) + if (resp_ret == Mpse::MPSE_RESP_COMPLETE_FAIL) { if (batch->can_fallback()) { @@ -157,7 +157,7 @@ bool MpseRegexOffload::get(snort::Packet*& p) pc.offload_failures++; } - snort::IpsContext* c = (snort::IpsContext*)(batch->context); + IpsContext* c = (IpsContext*)(batch->context); p = c->packet; // Finished with items in batch so clear @@ -184,7 +184,7 @@ ThreadRegexOffload::ThreadRegexOffload(unsigned max) : RegexOffload(max) unsigned i = ThreadConfig::get_instance_max(); for ( auto* req : idle ) - req->thread = new std::thread(worker, req, snort::SnortConfig::get_conf(), i++); + req->thread = new std::thread(worker, req, SnortConfig::get_conf(), i++); } ThreadRegexOffload::~ThreadRegexOffload() @@ -208,7 +208,7 @@ void ThreadRegexOffload::stop() } } -void ThreadRegexOffload::put(snort::Packet* p) +void ThreadRegexOffload::put(Packet* p) { Profile profile(mpsePerfStats); @@ -239,7 +239,7 @@ void ThreadRegexOffload::put(snort::Packet* p) #endif } -bool ThreadRegexOffload::get(snort::Packet*& p) +bool ThreadRegexOffload::get(Packet*& p) { Profile profile(mpsePerfStats); assert(!busy.empty()); @@ -266,10 +266,10 @@ bool ThreadRegexOffload::get(snort::Packet*& p) } void ThreadRegexOffload::worker( - RegexRequest* req, snort::SnortConfig* initial_config, unsigned id) + RegexRequest* req, SnortConfig* initial_config, unsigned id) { set_instance_id(id); - snort::SnortConfig::set_conf(initial_config); + SnortConfig::set_conf(initial_config); while ( true ) { @@ -288,9 +288,9 @@ void ThreadRegexOffload::worker( assert(req->packet->is_offloaded()); assert(req->packet->context->searches.items.size() > 0); - snort::SnortConfig::set_conf(req->packet->context->conf); - snort::IpsContext* c = req->packet->context; - snort::Mpse::MpseRespType resp_ret; + SnortConfig::set_conf(req->packet->context->conf); + IpsContext* c = req->packet->context; + Mpse::MpseRespType resp_ret; c->searches.offload_search(); @@ -298,9 +298,9 @@ void ThreadRegexOffload::worker( { resp_ret = c->searches.receive_offload_responses(); } - while (resp_ret == snort::Mpse::MPSE_RESP_NOT_COMPLETE); + while (resp_ret == Mpse::MPSE_RESP_NOT_COMPLETE); - if (resp_ret == snort::Mpse::MPSE_RESP_COMPLETE_FAIL) + if (resp_ret == Mpse::MPSE_RESP_COMPLETE_FAIL) { if (c->searches.can_fallback()) { @@ -320,8 +320,8 @@ void ThreadRegexOffload::worker( } #endif } - snort::ModuleManager::accumulate_offload("search_engine"); - snort::ModuleManager::accumulate_offload("detection"); + ModuleManager::accumulate_offload("search_engine"); + ModuleManager::accumulate_offload("detection"); // FIXIT-M break this over-coupling. In reality we shouldn't be evaluating latency in offload. PacketLatency::tterm(); diff --git a/src/detection/rules.cc b/src/detection/rules.cc index 94abe2e97..d00d408f0 100644 --- a/src/detection/rules.cc +++ b/src/detection/rules.cc @@ -109,12 +109,12 @@ void RuleState::update_rtn(RuleTreeNode* rtn) { switch ( action ) { - case IpsPolicy::LOG: rtn->action = snort::Actions::Type::LOG; break; - case IpsPolicy::PASS: rtn->action = snort::Actions::Type::PASS; break; - case IpsPolicy::ALERT: rtn->action = snort::Actions::Type::ALERT; break; - case IpsPolicy::DROP: rtn->action = snort::Actions::Type::DROP; break; - case IpsPolicy::BLOCK: rtn->action = snort::Actions::Type::BLOCK; break; - case IpsPolicy::RESET: rtn->action = snort::Actions::Type::RESET; break; + case IpsPolicy::LOG: rtn->action = Actions::Type::LOG; break; + case IpsPolicy::PASS: rtn->action = Actions::Type::PASS; break; + case IpsPolicy::ALERT: rtn->action = Actions::Type::ALERT; break; + case IpsPolicy::DROP: rtn->action = Actions::Type::DROP; break; + case IpsPolicy::BLOCK: rtn->action = Actions::Type::BLOCK; break; + case IpsPolicy::RESET: rtn->action = Actions::Type::RESET; break; case IpsPolicy::INHERIT_ACTION: break; } switch ( enable ) diff --git a/src/detection/treenodes.cc b/src/detection/treenodes.cc index bbb67f008..2c77caecd 100644 --- a/src/detection/treenodes.cc +++ b/src/detection/treenodes.cc @@ -27,6 +27,8 @@ #include "framework/ips_option.h" #include "utils/util.h" +using namespace snort; + OptFpList* AddOptFuncToList(RuleOptEvalFunc ro_eval_func, OptTreeNode* otn) { OptFpList* ofp = (OptFpList*)snort_calloc(sizeof(OptFpList)); @@ -49,7 +51,7 @@ OptFpList* AddOptFuncToList(RuleOptEvalFunc ro_eval_func, OptTreeNode* otn) return ofp; } -bool otn_set_agent(OptTreeNode* otn, snort::IpsOption* opt) +bool otn_set_agent(OptTreeNode* otn, IpsOption* opt) { if ( otn->agent ) return false; @@ -58,7 +60,7 @@ bool otn_set_agent(OptTreeNode* otn, snort::IpsOption* opt) return true; } -void otn_trigger_actions(const OptTreeNode* otn, snort::Packet* p) +void otn_trigger_actions(const OptTreeNode* otn, Packet* p) { if ( otn->agent ) otn->agent->action(p); diff --git a/src/events/event.cc b/src/events/event.cc index abfdc142c..f66443320 100644 --- a/src/events/event.cc +++ b/src/events/event.cc @@ -26,6 +26,8 @@ #include "detection/signature.h" #include "main/snort_config.h" +using namespace snort; + THREAD_LOCAL uint16_t event_id; // FIXIT-M also incremented in fpLogEvent() void SetEvent( @@ -39,7 +41,7 @@ void SetEvent( event.sig_info->priority = priority; /* this one gets set automatically */ - event.event_id = ++event_id | snort::SnortConfig::get_event_log_id(); + event.event_id = ++event_id | SnortConfig::get_event_log_id(); if (event_ref) event.event_reference = event_ref; diff --git a/src/file_api/file_capture.h b/src/file_api/file_capture.h index 36a3ee97c..1c029949d 100644 --- a/src/file_api/file_capture.h +++ b/src/file_api/file_capture.h @@ -38,11 +38,11 @@ #include "file_api.h" +class FileMemPool; + namespace snort { class FileInfo; -} -class FileMemPool; struct FileCaptureBlock { @@ -125,6 +125,7 @@ private: int64_t capture_min_size; int64_t capture_max_size; }; +} #endif diff --git a/src/file_api/file_config.cc b/src/file_api/file_config.cc index 706279002..2d0802b9b 100644 --- a/src/file_api/file_config.cc +++ b/src/file_api/file_config.cc @@ -35,6 +35,8 @@ #include "file_flows.h" +using namespace snort; + bool FileConfig::process_file_magic(FileMagicData& magic) { bool negated = false; @@ -72,7 +74,7 @@ FileMagicRule* FileConfig::get_rule_from_id(uint32_t id) } void FileConfig::get_magic_rule_ids_from_type(const std::string& type, - const std::string& version, snort::FileTypeBitSet& ids_set) + const std::string& version, FileTypeBitSet& ids_set) { return fileIdentifier.get_magic_rule_ids_from_type(type, version, ids_set); } @@ -102,9 +104,9 @@ std::string file_type_name(uint32_t id) return "NA"; } -FileConfig* get_file_config(snort::SnortConfig* sc) +FileConfig* get_file_config(SnortConfig* sc) { - snort::FileInspect* fi = (snort::FileInspect*)snort::InspectorManager::get_inspector(FILE_ID_NAME, true, sc); + FileInspect* fi = (FileInspect*)InspectorManager::get_inspector(FILE_ID_NAME, true, sc); if (fi) return (fi->config); @@ -115,7 +117,7 @@ FileConfig* get_file_config(snort::SnortConfig* sc) namespace snort { void get_magic_rule_ids_from_type(const std::string& type, const std::string& version, - snort::FileTypeBitSet& ids_set, snort::SnortConfig* sc) + FileTypeBitSet& ids_set, SnortConfig* sc) { FileConfig* conf = get_file_config(sc); if (conf) diff --git a/src/file_api/file_identifier.cc b/src/file_api/file_identifier.cc index 8a2263d5f..897678bc1 100644 --- a/src/file_api/file_identifier.cc +++ b/src/file_api/file_identifier.cc @@ -68,7 +68,7 @@ void FileMagicRule::clear() void FileIdentifier::init_merge_hash() { - identifier_merge_hash = snort::ghash_new(1000, sizeof(MergeNode), 0, nullptr); + identifier_merge_hash = ghash_new(1000, sizeof(MergeNode), 0, nullptr); assert(identifier_merge_hash); } @@ -374,7 +374,7 @@ FileMagicRule* FileIdentifier::get_rule_from_id(uint32_t id) } void FileIdentifier::get_magic_rule_ids_from_type(const std::string& type, - const std::string& version, snort::FileTypeBitSet& ids_set) + const std::string& version, FileTypeBitSet& ids_set) { ids_set.reset(); diff --git a/src/file_api/file_lib.h b/src/file_api/file_lib.h index 47f846e4b..b05d1d8ba 100644 --- a/src/file_api/file_lib.h +++ b/src/file_api/file_lib.h @@ -33,12 +33,12 @@ #define SNORT_FILE_TYPE_UNKNOWN UINT16_MAX #define SNORT_FILE_TYPE_CONTINUE 0 -class FileCapture; class FileConfig; class FileSegments; namespace snort { +class FileCapture; class FileInspect; class Flow; diff --git a/src/file_api/file_policy.cc b/src/file_api/file_policy.cc index 6f744ca33..8387d7b76 100644 --- a/src/file_api/file_policy.cc +++ b/src/file_api/file_policy.cc @@ -86,26 +86,26 @@ void FilePolicy::insert_file_rule(FileRule& rule) } // Enable file type for all other features - snort::FileService::enable_file_type(); + FileService::enable_file_type(); type_enabled = true; if (rule.use.signature_enabled) - snort::FileService::enable_file_signature(); + FileService::enable_file_signature(); if (rule.use.capture_enabled) - snort::FileService::enable_file_capture(); + FileService::enable_file_capture(); } void FilePolicy::load() { if (type_enabled) - snort::FileService::enable_file_type(); + FileService::enable_file_type(); if (signature_enabled) - snort::FileService::enable_file_signature(); + FileService::enable_file_signature(); if (capture_enabled) - snort::FileService::enable_file_capture(); + FileService::enable_file_capture(); // Use default global setting emptyRule.use.type_enabled = type_enabled; diff --git a/src/file_api/file_segment.cc b/src/file_api/file_segment.cc index 6069f763d..eec10fdd7 100644 --- a/src/file_api/file_segment.cc +++ b/src/file_api/file_segment.cc @@ -25,13 +25,15 @@ #include "file_lib.h" +using namespace snort; + FileSegment::~FileSegment () { if (data) delete data; } -FileSegments::FileSegments (snort::FileContext* ctx) +FileSegments::FileSegments (FileContext* ctx) { head = nullptr; current_offset = 0; @@ -150,15 +152,15 @@ FilePosition FileSegments::get_file_position(uint64_t data_size, uint64_t file_s return SNORT_FILE_MIDDLE; } -int FileSegments::process_one(snort::Packet* p, const uint8_t* file_data, int data_size, - snort::FilePolicyBase* policy) +int FileSegments::process_one(Packet* p, const uint8_t* file_data, int data_size, + FilePolicyBase* policy) { FilePosition position = get_file_position(data_size, context->get_file_size()); return context->process(p, file_data, data_size, position, policy); } -int FileSegments::process_all(snort::Packet* p, snort::FilePolicyBase* policy) +int FileSegments::process_all(Packet* p, FilePolicyBase* policy) { int ret = 1; @@ -190,8 +192,8 @@ int FileSegments::process_all(snort::Packet* p, snort::FilePolicyBase* policy) * 1: continue processing/log/block this file * 0: ignore this file */ -int FileSegments::process(snort::Packet* p, const uint8_t* file_data, uint64_t data_size, - uint64_t offset, snort::FilePolicyBase* policy) +int FileSegments::process(Packet* p, const uint8_t* file_data, uint64_t data_size, + uint64_t offset, FilePolicyBase* policy) { int ret = 0; diff --git a/src/filters/detection_filter.cc b/src/filters/detection_filter.cc index 2f3886c24..b41b6c244 100644 --- a/src/filters/detection_filter.cc +++ b/src/filters/detection_filter.cc @@ -53,7 +53,7 @@ void DetectionFilterConfigFree(DetectionFilterConfig* config) snort_free(config); } -int detection_filter_test(void* pv, const snort::SfIp* sip, const snort::SfIp* dip, long curtime) +int detection_filter_test(void* pv, const SfIp* sip, const SfIp* dip, long curtime) { if (pv == nullptr) return 0; @@ -95,7 +95,7 @@ void detection_filter_term() if ( !detection_filter_hash ) return; - snort::xhash_delete(detection_filter_hash); + xhash_delete(detection_filter_hash); detection_filter_hash = nullptr; } diff --git a/src/filters/rate_filter.cc b/src/filters/rate_filter.cc index cdeb2e975..daddb3434 100644 --- a/src/filters/rate_filter.cc +++ b/src/filters/rate_filter.cc @@ -69,7 +69,7 @@ void RateFilter_Cleanup() * Create and Add a Thresholding Event Object */ int RateFilter_Create( - snort::SnortConfig* sc, RateFilterConfig* rf_config, tSFRFConfigNode* thdx) + SnortConfig* sc, RateFilterConfig* rf_config, tSFRFConfigNode* thdx) { int error; @@ -103,14 +103,14 @@ int RateFilter_Create( returns 1 - rate threshold reached 0 - rate threshold not reached */ -int RateFilter_Test(const OptTreeNode* otn, snort::Packet* p) +int RateFilter_Test(const OptTreeNode* otn, Packet* p) { unsigned gid = otn->sigInfo.gid; unsigned sid = otn->sigInfo.sid; - const snort::SfIp* sip; - const snort::SfIp* dip; - snort::SfIp cleared; + const SfIp* sip; + const SfIp* dip; + SfIp cleared; if ( p->ptrs.ip_api.is_ip() ) { @@ -124,8 +124,8 @@ int RateFilter_Test(const OptTreeNode* otn, snort::Packet* p) dip = &cleared; } - if ((snort::SnortConfig::get_conf() == nullptr) || - (snort::SnortConfig::get_conf()->rate_filter_config == nullptr)) + if ((SnortConfig::get_conf() == nullptr) || + (SnortConfig::get_conf()->rate_filter_config == nullptr)) { /* this should not happen, see the create fcn */ return -1; @@ -137,12 +137,12 @@ int RateFilter_Test(const OptTreeNode* otn, snort::Packet* p) // events and these require: src -> client, dst -> server. if ( p->is_from_server() ) { - return SFRF_TestThreshold(snort::SnortConfig::get_conf()->rate_filter_config, gid, sid, + return SFRF_TestThreshold(SnortConfig::get_conf()->rate_filter_config, gid, sid, dip, sip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT); } } - return SFRF_TestThreshold(snort::SnortConfig::get_conf()->rate_filter_config, gid, sid, + return SFRF_TestThreshold(SnortConfig::get_conf()->rate_filter_config, gid, sid, sip, dip, p->pkth->ts.tv_sec, SFRF_COUNT_INCREMENT); } diff --git a/src/filters/sfrf.cc b/src/filters/sfrf.cc index 522003823..d3da43376 100644 --- a/src/filters/sfrf.cc +++ b/src/filters/sfrf.cc @@ -66,7 +66,7 @@ typedef struct * whether dos threshold is tracking by source or destination IP address. For tracking * by rule, it is cleared out (all 0s). */ - snort::SfIp ip; + SfIp ip; uint16_t padding; } tSFRFTrackingNodeKey; PADDING_GUARD_END @@ -115,7 +115,7 @@ static int _checkSamplingPeriod( ); static tSFRFTrackingNode* _getSFRFTrackingNode( - const snort::SfIp*, + const SfIp*, unsigned tid, time_t curTime ); @@ -124,8 +124,8 @@ static void _updateDependentThresholds( RateFilterConfig* config, unsigned gid, unsigned sid, - const snort::SfIp* sip, - const snort::SfIp* dip, + const SfIp* sip, + const SfIp* dip, time_t curTime ); @@ -232,14 +232,14 @@ int SFRF_Alloc(unsigned int memcap) * * @return @retval 0 successfully added the thresholding object, !0 otherwise */ -int SFRF_ConfigAdd(snort::SnortConfig*, RateFilterConfig* rf_config, tSFRFConfigNode* cfgNode) +int SFRF_ConfigAdd(SnortConfig*, RateFilterConfig* rf_config, tSFRFConfigNode* cfgNode) { GHash* genHash; tSFRFSidNode* pSidNode; tSFRFConfigNode* pNewConfigNode; tSFRFGenHashKey key = { 0,0 }; - PolicyId policy_id = snort::get_ips_policy()->policy_id; + PolicyId policy_id = get_ips_policy()->policy_id; if ((rf_config == nullptr) || (cfgNode == nullptr)) return -1; @@ -361,7 +361,7 @@ int SFRF_ConfigAdd(snort::SnortConfig*, RateFilterConfig* rf_config, tSFRFConfig */ static int SFRF_TestObject( tSFRFConfigNode* cfgNode, - const snort::SfIp* ip, + const SfIp* ip, time_t curTime, SFRF_COUNT_OPERATION op ) @@ -414,7 +414,7 @@ static int SFRF_TestObject( // if the count were not incremented in such cases, the // threshold would never be exceeded. if ( !cfgNode->seconds && dynNode->count > cfgNode->count ) - if ( cfgNode->newAction == snort::Actions::DROP ) + if ( cfgNode->newAction == Actions::DROP ) dynNode->count--; #ifdef SFRF_DEBUG @@ -427,7 +427,7 @@ static int SFRF_TestObject( return retValue; } -static inline int SFRF_AppliesTo(tSFRFConfigNode* pCfg, const snort::SfIp* ip) +static inline int SFRF_AppliesTo(tSFRFConfigNode* pCfg, const SfIp* ip) { return ( !pCfg->applyTo || sfvar_ip_in(pCfg->applyTo, ip) ); } @@ -451,8 +451,8 @@ int SFRF_TestThreshold( RateFilterConfig* config, unsigned gid, unsigned sid, - const snort::SfIp* sip, - const snort::SfIp* dip, + const SfIp* sip, + const SfIp* dip, time_t curTime, SFRF_COUNT_OPERATION op ) @@ -464,7 +464,7 @@ int SFRF_TestThreshold( int status = -1; tSFRFGenHashKey key; - PolicyId policy_id = snort::get_ips_policy()->policy_id; + PolicyId policy_id = get_ips_policy()->policy_id; #ifdef SFRF_DEBUG printf("--%d-%u-%u: %s() entering\n", 0, gid, sid, __func__); @@ -546,7 +546,7 @@ int SFRF_TestThreshold( case SFRF_TRACK_BY_RULE: { - snort::SfIp cleared; + SfIp cleared; cleared.clear(); newStatus = SFRF_TestObject(cfgNode, &cleared, curTime, op); } @@ -753,15 +753,15 @@ static int _checkThreshold( fflush(stdout); #endif - return snort::Actions::MAX + cfgNode->newAction; + return Actions::MAX + cfgNode->newAction; } static void _updateDependentThresholds( RateFilterConfig* config, unsigned gid, unsigned sid, - const snort::SfIp* sip, - const snort::SfIp* dip, + const SfIp* sip, + const SfIp* dip, time_t curTime ) { @@ -781,7 +781,7 @@ static void _updateDependentThresholds( } } -static tSFRFTrackingNode* _getSFRFTrackingNode(const snort::SfIp* ip, unsigned tid, time_t curTime) +static tSFRFTrackingNode* _getSFRFTrackingNode(const SfIp* ip, unsigned tid, time_t curTime) { tSFRFTrackingNode* dynNode = nullptr; tSFRFTrackingNodeKey key; @@ -789,7 +789,7 @@ static tSFRFTrackingNode* _getSFRFTrackingNode(const snort::SfIp* ip, unsigned t /* Setup key */ key.ip = *(ip); key.tid = tid; - key.policyId = snort::get_ips_policy()->policy_id; + key.policyId = get_ips_policy()->policy_id; key.padding = 0; /* diff --git a/src/filters/sfrf_test.cc b/src/filters/sfrf_test.cc index 012d3d846..65e526d28 100644 --- a/src/filters/sfrf_test.cc +++ b/src/filters/sfrf_test.cc @@ -29,6 +29,8 @@ #include "rate_filter.h" #include "sfrf.h" +using namespace snort; + //--------------------------------------------------------------- #define IP_ANY nullptr // used to get "unset" @@ -908,7 +910,7 @@ static void Init(unsigned cap) cfg.tracking = p->track; cfg.count = p->count; cfg.seconds = p->seconds; - cfg.newAction = (snort::Actions::Type)RULE_NEW; + cfg.newAction = (Actions::Type)RULE_NEW; cfg.timeout = p->timeout; cfg.applyTo = p->ip ? sfip_var_from_string(p->ip, "sfrf_test") : nullptr; @@ -942,15 +944,15 @@ static int EventTest(EventData* p) // this is the only acceptable public value for op SFRF_COUNT_OPERATION op = SFRF_COUNT_INCREMENT; - snort::SfIp sip, dip; + SfIp sip, dip; sip.set(p->sip); dip.set(p->dip); status = SFRF_TestThreshold( rfc, p->gid, p->sid, &sip, &dip, curtime, op); - if ( status >= snort::Actions::MAX ) - status -= snort::Actions::MAX; + if ( status >= Actions::MAX ) + status -= Actions::MAX; return status; } diff --git a/src/filters/sfthd.cc b/src/filters/sfthd.cc index ba519086b..86d0f277c 100644 --- a/src/filters/sfthd.cc +++ b/src/filters/sfthd.cc @@ -289,14 +289,14 @@ the current event should be logged or dropped. */ static int sfthd_create_threshold_local( - snort::SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config) + SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config) { GHash* sfthd_hash; THD_ITEM* sfthd_item; THD_NODE* sfthd_node; tThdItemKey key; - PolicyId policy_id = snort::get_network_policy()->policy_id; + PolicyId policy_id = get_network_policy()->policy_id; if (thd_objs == nullptr ) return -1; @@ -484,10 +484,10 @@ static int sfthd_create_threshold_local( /* */ static int sfthd_create_threshold_global( - snort::SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config) + SnortConfig*, ThresholdObjects* thd_objs, THD_NODE* config) { THD_NODE* sfthd_node; - PolicyId policy_id = snort::get_network_policy()->policy_id; + PolicyId policy_id = get_network_policy()->policy_id; if (thd_objs == nullptr) return -1; @@ -588,7 +588,7 @@ the current event should be logged or dropped. */ int sfthd_create_threshold( - snort::SnortConfig* sc, + SnortConfig* sc, ThresholdObjects* thd_objs, unsigned gen_id, unsigned sig_id, @@ -600,7 +600,7 @@ int sfthd_create_threshold( sfip_var_t* ip_address) { //allocate memory fpr sfthd_array if needed. - PolicyId policyId = snort::get_network_policy()->policy_id; + PolicyId policyId = get_network_policy()->policy_id; THD_NODE sfthd_node; memset(&sfthd_node, 0, sizeof(sfthd_node)); @@ -647,7 +647,7 @@ static char* printIP(unsigned u, char* buf, unsigned len) #endif int sfthd_test_rule(XHash* rule_hash, THD_NODE* sfthd_node, - const snort::SfIp* sip, const snort::SfIp* dip, long curtime) + const SfIp* sip, const SfIp* dip, long curtime) { if ((rule_hash == nullptr) || (sfthd_node == nullptr)) return 0; @@ -659,7 +659,7 @@ int sfthd_test_rule(XHash* rule_hash, THD_NODE* sfthd_node, static inline int sfthd_test_suppress( THD_NODE* sfthd_node, - const snort::SfIp* ip) + const SfIp* ip) { if ( !sfthd_node->ip_address || sfvar_ip_in(sfthd_node->ip_address, ip) ) @@ -837,15 +837,15 @@ static inline int sfthd_test_non_suppress( int sfthd_test_local( XHash* local_hash, THD_NODE* sfthd_node, - const snort::SfIp* sip, - const snort::SfIp* dip, + const SfIp* sip, + const SfIp* dip, time_t curtime) { THD_IP_NODE_KEY key; THD_IP_NODE data,* sfthd_ip_node; - const snort::SfIp* ip; + const SfIp* ip; - PolicyId policy_id = snort::get_network_policy()->policy_id; + PolicyId policy_id = get_network_policy()->policy_id; #ifdef THD_DEBUG char buf[24]; @@ -939,16 +939,16 @@ static inline int sfthd_test_global( XHash* global_hash, THD_NODE* sfthd_node, unsigned sig_id, /* from current event */ - const snort::SfIp* sip, /* " */ - const snort::SfIp* dip, /* " */ + const SfIp* sip, /* " */ + const SfIp* dip, /* " */ time_t curtime) { THD_IP_GNODE_KEY key; THD_IP_NODE data; THD_IP_NODE* sfthd_ip_node; - const snort::SfIp* ip; + const SfIp* ip; - PolicyId policy_id = snort::get_network_policy()->policy_id; + PolicyId policy_id = get_network_policy()->policy_id; #ifdef THD_DEBUG char buf[24]; @@ -1053,8 +1053,8 @@ int sfthd_test_threshold( THD_STRUCT* thd, unsigned gen_id, unsigned sig_id, - const snort::SfIp* sip, - const snort::SfIp* dip, + const SfIp* sip, + const SfIp* dip, long curtime) { tThdItemKey key; @@ -1066,7 +1066,7 @@ int sfthd_test_threshold( int cnt; #endif - PolicyId policy_id = snort::get_network_policy()->policy_id; + PolicyId policy_id = get_network_policy()->policy_id; if ((thd_objs == nullptr) || (thd == nullptr)) return 0; diff --git a/src/filters/sfthd_test.cc b/src/filters/sfthd_test.cc index 104a81f6c..9621a9964 100644 --- a/src/filters/sfthd_test.cc +++ b/src/filters/sfthd_test.cc @@ -836,7 +836,7 @@ static int EventTest(EventData* p, THD_NODE* rule) long curtime = (long)p->now; int status; - snort::SfIp sip, dip; + SfIp sip, dip; sip.set(p->sip); dip.set(p->dip); diff --git a/src/filters/sfthreshold.cc b/src/filters/sfthreshold.cc index 9ebacd599..f72d934d3 100644 --- a/src/filters/sfthreshold.cc +++ b/src/filters/sfthreshold.cc @@ -49,6 +49,8 @@ #include "sfthd.h" +using namespace snort; + /* Data */ static THREAD_LOCAL THD_STRUCT* thd_runtime = nullptr; @@ -105,7 +107,7 @@ int sfthreshold_alloc(unsigned int l_memcap, unsigned int g_memcap) int sfthreshold_create( - snort::SnortConfig* sc, ThresholdConfig* thd_config, THDX_STRUCT* thdx) + SnortConfig* sc, ThresholdConfig* thd_config, THDX_STRUCT* thdx) { if (thd_config == nullptr) return -1; @@ -138,11 +140,11 @@ int sfthreshold_create( returns 0 - log !0 - don't log */ -int sfthreshold_test(unsigned gen_id, unsigned sig_id, const snort::SfIp* sip, - const snort::SfIp* dip, long curtime) +int sfthreshold_test(unsigned gen_id, unsigned sig_id, const SfIp* sip, + const SfIp* dip, long curtime) { - if ((snort::SnortConfig::get_conf()->threshold_config == nullptr) || - !snort::SnortConfig::get_conf()->threshold_config->enabled) + if ((SnortConfig::get_conf()->threshold_config == nullptr) || + !SnortConfig::get_conf()->threshold_config->enabled) { return 0; } @@ -150,7 +152,7 @@ int sfthreshold_test(unsigned gen_id, unsigned sig_id, const snort::SfIp* sip, if (!thd_checked) { thd_checked = 1; - thd_answer = sfthd_test_threshold(snort::SnortConfig::get_conf()->threshold_config->thd_objs, + thd_answer = sfthd_test_threshold(SnortConfig::get_conf()->threshold_config->thd_objs, thd_runtime, gen_id, sig_id, sip, dip, curtime); } diff --git a/src/flow/test/flow_test.cc b/src/flow/test/flow_test.cc index 9ed70a3dd..f1080fbf0 100644 --- a/src/flow/test/flow_test.cc +++ b/src/flow/test/flow_test.cc @@ -59,7 +59,7 @@ FlowHAState::FlowHAState() = default; void FlowHAState::reset() {} -snort::FlowStash::~FlowStash() = default; +FlowStash::~FlowStash() = default; void FlowStash::reset() {} @@ -73,14 +73,14 @@ DetectionEngine::DetectionEngine() = default; DetectionEngine::~DetectionEngine() {} -bool snort::layer::set_outer_ip_api(const Packet* const, ip::IpApi&, int8_t&) +bool layer::set_outer_ip_api(const Packet* const, ip::IpApi&, int8_t&) { return false; } uint8_t ip::IpApi::ttl() const { return 0; } -const Layer* snort::layer::get_mpls_layer(const Packet* const) { return nullptr; } +const Layer* layer::get_mpls_layer(const Packet* const) { return nullptr; } -void snort::DataBus::publish(const char*, Packet*, Flow*) {} +void DataBus::publish(const char*, Packet*, Flow*) {} TEST_GROUP(nondefault_timeout) { diff --git a/src/flow/test/session_test.cc b/src/flow/test/session_test.cc index 24830e0b8..e0004744d 100644 --- a/src/flow/test/session_test.cc +++ b/src/flow/test/session_test.cc @@ -33,7 +33,7 @@ using namespace snort; class DummySession : public Session { public: - DummySession(snort::Flow* f) : Session(f) { } + DummySession(Flow* f) : Session(f) { } void clear() override { } ~DummySession() { } }; diff --git a/src/framework/data_bus.cc b/src/framework/data_bus.cc index 8885d3b5a..63bb6b71d 100644 --- a/src/framework/data_bus.cc +++ b/src/framework/data_bus.cc @@ -30,7 +30,7 @@ using namespace snort; static DataBus& get_data_bus() -{ return snort::get_inspection_policy()->dbus; } +{ return get_inspection_policy()->dbus; } class BufferEvent : public DataEvent { @@ -130,11 +130,11 @@ void DataBus::unsubscribe_default(const char* key, DataHandler* h, SnortConfig* // notify subscribers of event void DataBus::publish(const char* key, DataEvent& e, Flow* f) { - InspectionPolicy* pi = snort::get_inspection_policy(); + InspectionPolicy* pi = get_inspection_policy(); pi->dbus._publish(key, e, f); // also publish to default policy to notify control subscribers such as appid - InspectionPolicy* di = snort::get_default_inspection_policy(SnortConfig::get_conf()); + InspectionPolicy* di = get_default_inspection_policy(SnortConfig::get_conf()); // of course, only when current is not default if ( di != pi ) diff --git a/src/hash/hashfcn.cc b/src/hash/hashfcn.cc index 449541ddb..56f6964ba 100644 --- a/src/hash/hashfcn.cc +++ b/src/hash/hashfcn.cc @@ -40,6 +40,8 @@ #include "primetable.h" +using namespace snort; + HashFnc* hashfcn_new(int m) { HashFnc* p; @@ -53,7 +55,7 @@ HashFnc* hashfcn_new(int m) p = (HashFnc*)snort_calloc(sizeof(*p)); - if ( snort::SnortConfig::static_hash() ) + if ( SnortConfig::static_hash() ) { p->seed = 3193; p->scale = 719; diff --git a/src/helpers/chunk.cc b/src/helpers/chunk.cc index 770515a9e..8ce1fa54c 100644 --- a/src/helpers/chunk.cc +++ b/src/helpers/chunk.cc @@ -30,6 +30,7 @@ #include "catch/snort_catch.h" #endif +using namespace snort; using namespace std; #define opt_init "init" @@ -45,21 +46,21 @@ bool init_chunk( if ( luaL_loadbuffer(L, chunk.c_str(), chunk.size(), name) ) { - snort::ParseError("%s luajit failed to load chunk %s", name, lua_tostring(L, -1)); + ParseError("%s luajit failed to load chunk %s", name, lua_tostring(L, -1)); return false; } // now exec the chunk to define functions etc in L if ( lua_pcall(L, 0, 0, 0) ) { - snort::ParseError("%s luajit failed to init chunk %s", name, lua_tostring(L, -1)); + ParseError("%s luajit failed to init chunk %s", name, lua_tostring(L, -1)); return false; } // load the args table if ( luaL_dostring(L, args.c_str()) ) { - snort::ParseError("%s luajit failed to init args %s", name, lua_tostring(L, -1)); + ParseError("%s luajit failed to init args %s", name, lua_tostring(L, -1)); return false; } @@ -71,10 +72,10 @@ bool init_chunk( return true; if ( lua_pcall(L, 0, 1, 0) || lua_type(L, -1) == LUA_TSTRING ) - snort::ParseError("%s %s", name, lua_tostring(L, -1)); + ParseError("%s %s", name, lua_tostring(L, -1)); else if ( !lua_toboolean(L, -1) ) - snort::ParseError("%s init() returned false", name); + ParseError("%s init() returned false", name); else return true; diff --git a/src/helpers/discovery_filter.cc b/src/helpers/discovery_filter.cc index 3fadcd432..4a1868601 100644 --- a/src/helpers/discovery_filter.cc +++ b/src/helpers/discovery_filter.cc @@ -258,7 +258,7 @@ bool DiscoveryFilter::is_monitored(const Packet* p, FilterType type) return sfvar_ip_in(varip, p->ptrs.ip_api.get_src()); // source ip only } -bool DiscoveryFilter::is_port_excluded(const snort::Packet* p) +bool DiscoveryFilter::is_port_excluded(const Packet* p) { // Port exclusion: if the ip is in the port x protocol list, return true. uint32_t key; diff --git a/src/helpers/process.cc b/src/helpers/process.cc index 78d35ef2a..ef610238f 100644 --- a/src/helpers/process.cc +++ b/src/helpers/process.cc @@ -122,7 +122,7 @@ static void exit_handler(int signal) static void dirty_handler(int signal) { - snort::SnortConfig::get_conf()->dirty_pig = true; + SnortConfig::get_conf()->dirty_pig = true; exit_handler(signal); } @@ -356,7 +356,7 @@ void daemonize() if ( errno ) FatalError("failed to setsid - %s", get_error(errno)); - if ( snort::SnortConfig::log_quiet() or snort::SnortConfig::log_syslog() ) + if ( SnortConfig::log_quiet() or SnortConfig::log_syslog() ) snuff_stdio(); pid_t ppid = getppid(); diff --git a/src/host_tracker/host_cache_module.cc b/src/host_tracker/host_cache_module.cc index 6aca91ddd..8c92cee46 100644 --- a/src/host_tracker/host_cache_module.cc +++ b/src/host_tracker/host_cache_module.cc @@ -114,7 +114,7 @@ bool HostCacheModule::end(const char* fqn, int, SnortConfig*) //------------------------------------------------------------------------- HostCacheModule::HostCacheModule() : - snort::Module(HOST_CACHE_NAME, HOST_CACHE_HELP, host_cache_params) { } + Module(HOST_CACHE_NAME, HOST_CACHE_HELP, host_cache_params) { } HostCacheModule::~HostCacheModule() { diff --git a/src/ips_options/asn1_util.cc b/src/ips_options/asn1_util.cc index 414b68e11..b626a720c 100644 --- a/src/ips_options/asn1_util.cc +++ b/src/ips_options/asn1_util.cc @@ -48,6 +48,8 @@ #include "main/snort_config.h" #include "utils/util.h" +using namespace snort; + /* ** Macros */ @@ -112,7 +114,7 @@ static ASN1_TYPE* asn1_node_alloc() ** @return none ** */ -void asn1_init_mem(snort::SnortConfig* sc) +void asn1_init_mem(SnortConfig* sc) { asn1_config.num_nodes = sc->asn1_mem; @@ -132,7 +134,7 @@ void asn1_init_mem(snort::SnortConfig* sc) ** @return none ** */ -void asn1_free_mem(snort::SnortConfig*) +void asn1_free_mem(SnortConfig*) { if (asn1_config.mem != nullptr) { diff --git a/src/ips_options/ips_content.cc b/src/ips_options/ips_content.cc index 73f8c93a9..137a6b7c8 100644 --- a/src/ips_options/ips_content.cc +++ b/src/ips_options/ips_content.cc @@ -75,7 +75,7 @@ void ContentData::init() void ContentData::setup_bm() { - skip_stride = snort::make_skip(pmd.pattern_buf, pmd.pattern_size); + skip_stride = make_skip(pmd.pattern_buf, pmd.pattern_size); shift_stride = make_shift(pmd.pattern_buf, pmd.pattern_size); } diff --git a/src/ips_options/ips_sd_pattern.cc b/src/ips_options/ips_sd_pattern.cc index 41cb69156..7bb04a323 100644 --- a/src/ips_options/ips_sd_pattern.cc +++ b/src/ips_options/ips_sd_pattern.cc @@ -352,7 +352,7 @@ bool SdPatternModule::set(const char*, Value& v, SnortConfig*) return false; // Check if built-in pattern should be used. - IpsPolicy* p = snort::get_ips_policy(); + IpsPolicy* p = get_ips_policy(); if (config.pii == "credit_card") { config.pii = SD_CREDIT_PATTERN_ALL; diff --git a/src/log/messages.cc b/src/log/messages.cc index dded5601f..726dbf4a9 100644 --- a/src/log/messages.cc +++ b/src/log/messages.cc @@ -35,6 +35,8 @@ #include "time/packet_time.h" #include "utils/util_cstring.h" +using namespace snort; + static int already_fatal = 0; static unsigned parse_errors = 0; @@ -73,20 +75,20 @@ static void log_message(FILE* file, const char* type, const char* msg) get_parse_location(file_name, file_line); if ( file_line ) - snort::LogMessage(file, "%s: %s:%d %s\n", type, file_name, file_line, msg); + LogMessage(file, "%s: %s:%d %s\n", type, file_name, file_line, msg); else if ( file_name ) - snort::LogMessage(file, "%s: %s: %s\n", type, file_name, msg); + LogMessage(file, "%s: %s: %s\n", type, file_name, msg); else - snort::LogMessage(file, "%s: %s\n", type, msg); + LogMessage(file, "%s: %s\n", type, msg); } namespace snort { void ParseWarning(WarningGroup wg, const char* format, ...) { - if ( !(snort::SnortConfig::get_conf()->warning_flags & (1 << wg)) ) + if ( !(SnortConfig::get_conf()->warning_flags & (1 << wg)) ) return; char buf[STD_BUF+1]; @@ -155,12 +157,12 @@ void ReloadError(const char* format, ...) static void WriteLogMessage(FILE* fh, bool prefer_fh, const char* format, va_list& ap) { - if ( snort::SnortConfig::get_conf() && !prefer_fh ) + if ( SnortConfig::get_conf() && !prefer_fh ) { - if ( snort::SnortConfig::log_quiet() ) + if ( SnortConfig::log_quiet() ) return; - if ( snort::SnortConfig::log_syslog() ) + if ( SnortConfig::log_syslog() ) { char buf[STD_BUF+1]; vsnprintf(buf, STD_BUF, format, ap); @@ -216,12 +218,12 @@ void WarningMessage(const char* format,...) { va_list ap; - if ( snort::SnortConfig::get_conf() and snort::SnortConfig::log_quiet() ) + if ( SnortConfig::get_conf() and SnortConfig::log_quiet() ) return; va_start(ap, format); - if ( snort::SnortConfig::get_conf() and snort::SnortConfig::log_syslog() ) + if ( SnortConfig::get_conf() and SnortConfig::log_syslog() ) { char buf[STD_BUF+1]; vsnprintf(buf, STD_BUF, format, ap); @@ -252,7 +254,7 @@ void ErrorMessage(const char* format,...) va_start(ap, format); - if ( snort::SnortConfig::get_conf() and snort::SnortConfig::log_syslog() ) + if ( SnortConfig::get_conf() and SnortConfig::log_syslog() ) { char buf[STD_BUF+1]; vsnprintf(buf, STD_BUF, format, ap); @@ -296,7 +298,7 @@ void ErrorMessage(const char* format,...) buf[STD_BUF] = '\0'; - if ( snort::SnortConfig::get_conf() and snort::SnortConfig::log_syslog() ) + if ( SnortConfig::get_conf() and SnortConfig::log_syslog() ) { syslog(LOG_CONS | LOG_DAEMON | LOG_ERR, "FATAL ERROR: %s", buf); } diff --git a/src/lua/lua.cc b/src/lua/lua.cc index cbc873958..a427570d8 100644 --- a/src/lua/lua.cc +++ b/src/lua/lua.cc @@ -28,6 +28,8 @@ #include "log/messages.h" +using namespace snort; + namespace Lua { State::State(bool openlibs) @@ -35,7 +37,7 @@ State::State(bool openlibs) state = luaL_newstate(); if ( !state ) - snort::FatalError("Lua state instantiation failed\n"); + FatalError("Lua state instantiation failed\n"); if ( openlibs ) luaL_openlibs(state); diff --git a/src/main/analyzer_command.cc b/src/main/analyzer_command.cc index eeb9c8908..40f1524df 100644 --- a/src/main/analyzer_command.cc +++ b/src/main/analyzer_command.cc @@ -36,6 +36,8 @@ #include "snort_config.h" #include "swapper.h" +using namespace snort; + bool ACStart::execute(Analyzer& analyzer, void**) { analyzer.start(); @@ -79,7 +81,7 @@ bool ACGetStats::execute(Analyzer&, void**) // FIXIT-P This incurs locking on all threads to retrieve stats. It // could be reimplemented to optimize for large thread counts by // retrieving stats in the command and accumulating in the main thread. - snort::ModuleManager::accumulate(snort::SnortConfig::get_conf()); + ModuleManager::accumulate(SnortConfig::get_conf()); return true; } @@ -103,18 +105,18 @@ bool ACSwap::execute(Analyzer& analyzer, void** ac_state) { ps->apply(analyzer); - snort::SnortConfig* sc = ps->get_new_conf(); + SnortConfig* sc = ps->get_new_conf(); if ( sc ) { - std::list* reload_tuners; + std::list* reload_tuners; if ( !*ac_state ) { - reload_tuners = new std::list(sc->get_reload_resource_tuners()); + reload_tuners = new std::list(sc->get_reload_resource_tuners()); *ac_state = reload_tuners; } else - reload_tuners = (std::list*)*ac_state; + reload_tuners = (std::list*)*ac_state; if ( !reload_tuners->empty() ) { @@ -141,13 +143,13 @@ ACSwap::~ACSwap() { if (ps) { - snort::SnortConfig* sc = ps->get_new_conf(); + SnortConfig* sc = ps->get_new_conf(); if ( sc ) sc->clear_reload_resource_tuner_list(); } delete ps; Swapper::set_reload_in_progress(false); - snort::LogMessage("== reload complete\n"); + LogMessage("== reload complete\n"); request->respond("== reload complete\n", from_shell, true); } @@ -159,10 +161,10 @@ bool ACDAQSwap::execute(Analyzer& analyzer, void**) ACDAQSwap::~ACDAQSwap() { - snort::LogMessage("== daq module reload complete\n"); + LogMessage("== daq module reload complete\n"); } -snort::SFDAQInstance* snort::AnalyzerCommand::get_daq_instance(Analyzer& analyzer) +SFDAQInstance* AnalyzerCommand::get_daq_instance(Analyzer& analyzer) { return analyzer.get_daq_instance(); } diff --git a/src/main/control.cc b/src/main/control.cc index d409f6551..8bb21a8cb 100644 --- a/src/main/control.cc +++ b/src/main/control.cc @@ -30,6 +30,7 @@ #include "request.h" #include "shell.h" +using namespace snort; using namespace std; //------------------------------------------------------------------------ @@ -56,7 +57,7 @@ ControlConn::~ControlConn() void ControlConn::configure() const { - snort::ModuleManager::load_commands(sh); + ModuleManager::load_commands(sh); } int ControlConn::shell_execute(int& current_fd, Request*& current_request) diff --git a/src/main/request.cc b/src/main/request.cc index fb3fecee8..a028d0953 100644 --- a/src/main/request.cc +++ b/src/main/request.cc @@ -26,6 +26,8 @@ #include "main.h" #include "utils/util.h" +using namespace snort; + //------------------------------------------------------------------------- // request foo //------------------------------------------------------------------------- @@ -89,7 +91,7 @@ void Request::respond(const char* s, bool queue_response, bool remote_only) if ( fd < 1 ) { if (!remote_only) - snort::LogMessage("%s", s); + LogMessage("%s", s); return; } diff --git a/src/main/snort_debug.cc b/src/main/snort_debug.cc index a938f6fba..03ac19db5 100644 --- a/src/main/snort_debug.cc +++ b/src/main/snort_debug.cc @@ -79,7 +79,7 @@ static inline void trace_vprintf(const char* name, Trace mask, const char* file, vsnprintf(buf_ptr, buf_len, fmt, ap); - if ( snort::SnortConfig::get_conf() and snort::SnortConfig::log_syslog() ) + if ( SnortConfig::get_conf() and SnortConfig::log_syslog() ) syslog(LOG_DAEMON | LOG_DEBUG, "%s", buf); else output(buf, stdout); diff --git a/src/main/swapper.cc b/src/main/swapper.cc index f4ca31e16..a7f208c70 100644 --- a/src/main/swapper.cc +++ b/src/main/swapper.cc @@ -82,8 +82,8 @@ void Swapper::apply(Analyzer& analyzer) { if ( new_conf ) { - const bool reload = (snort::SnortConfig::get_conf() != nullptr); - snort::SnortConfig::set_conf(new_conf); + const bool reload = (SnortConfig::get_conf() != nullptr); + SnortConfig::set_conf(new_conf); // FIXIT-M Determine whether we really want to do this before or after the set_conf if (reload) analyzer.reinit(new_conf); diff --git a/src/main/thread.cc b/src/main/thread.cc index 4abc65b20..b865bc4b7 100644 --- a/src/main/thread.cc +++ b/src/main/thread.cc @@ -73,28 +73,28 @@ SThreadType get_thread_type() const char* get_instance_file(std::string& file, const char* name) { bool sep = false; - file = !snort::SnortConfig::get_conf()->log_dir.empty() ? - snort::SnortConfig::get_conf()->log_dir : "./"; + file = !SnortConfig::get_conf()->log_dir.empty() ? + SnortConfig::get_conf()->log_dir : "./"; if ( file.back() != '/' ) file += '/'; - if ( !snort::SnortConfig::get_conf()->run_prefix.empty() ) + if ( !SnortConfig::get_conf()->run_prefix.empty() ) { - file += snort::SnortConfig::get_conf()->run_prefix; + file += SnortConfig::get_conf()->run_prefix; sep = true; } - if ( (ThreadConfig::get_instance_max() > 1) || snort::SnortConfig::get_conf()->id_zero ) + if ( (ThreadConfig::get_instance_max() > 1) || SnortConfig::get_conf()->id_zero ) { char id[8]; snprintf(id, sizeof(id), "%u", - get_instance_id() + snort::SnortConfig::get_conf()->id_offset); + get_instance_id() + SnortConfig::get_conf()->id_offset); file += id; sep = true; } - if ( snort::SnortConfig::get_conf()->id_subdir ) + if ( SnortConfig::get_conf()->id_subdir ) { file += '/'; struct stat s; diff --git a/src/main/thread_config.cc b/src/main/thread_config.cc index 10b7579a1..4108bd74f 100644 --- a/src/main/thread_config.cc +++ b/src/main/thread_config.cc @@ -32,6 +32,8 @@ #include "catch/snort_catch.h" #endif +using namespace snort; + static hwloc_topology_t topology = nullptr; static hwloc_cpuset_t process_cpuset = nullptr; static const struct hwloc_topology_support* topology_support = nullptr; @@ -136,7 +138,7 @@ void ThreadConfig::set_thread_affinity(SThreadType type, unsigned id, CpuSet* cp thread_affinity[key] = cpuset; } else - snort::ParseWarning(WARN_CONF, "This platform does not support setting thread affinity.\n"); + ParseWarning(WARN_CONF, "This platform does not support setting thread affinity.\n"); } void ThreadConfig::implement_thread_affinity(SThreadType type, unsigned id) @@ -158,13 +160,13 @@ void ThreadConfig::implement_thread_affinity(SThreadType type, unsigned id) current_cpuset = hwloc_bitmap_alloc(); hwloc_get_cpubind(topology, current_cpuset, HWLOC_CPUBIND_THREAD); if (!hwloc_bitmap_isequal(current_cpuset, desired_cpuset)) - snort::LogMessage("Binding thread %u (type %u) to %s.\n", id, type, s); + LogMessage("Binding thread %u (type %u) to %s.\n", id, type, s); hwloc_bitmap_free(current_cpuset); if (hwloc_set_cpubind(topology, desired_cpuset, HWLOC_CPUBIND_THREAD)) { - snort::FatalError("Failed to pin thread %u (type %u) to %s: %s (%d)\n", - id, type, s, snort::get_error(errno), errno); + FatalError("Failed to pin thread %u (type %u) to %s: %s (%d)\n", + id, type, s, get_error(errno), errno); } free(s); diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc index 39cf0918f..35e6a4d34 100644 --- a/src/managers/inspector_manager.cc +++ b/src/managers/inspector_manager.cc @@ -420,7 +420,7 @@ static PHInstance* get_new( if ( get_instance(fp, keyword, false, old_it) ) { - if ( snort::Snort::is_reloading() ) + if ( Snort::is_reloading() ) { (*old_it)->set_reloaded(RELOAD_TYPE_REENABLED); fp->ilist.erase(old_it); @@ -438,7 +438,7 @@ static PHInstance* get_new( return nullptr; } - if ( snort::Snort::is_reloading() ) + if ( Snort::is_reloading() ) { if ( reloaded ) p->set_reloaded(RELOAD_TYPE_REENABLED); @@ -499,7 +499,7 @@ void InspectorManager::dispatch_meta(FrameworkPolicy* fp, int type, const uint8_ Binder* InspectorManager::get_binder() { - InspectionPolicy* pi = snort::get_inspection_policy(); + InspectionPolicy* pi = get_inspection_policy(); if ( !pi || !pi->framework_policy ) return nullptr; @@ -536,11 +536,11 @@ Inspector* InspectorManager::get_inspector(const char* key, bool dflt_only, Snor InspectionPolicy* pi; if (dflt_only && (sc != nullptr)) - pi = snort::get_default_inspection_policy(sc); + pi = get_default_inspection_policy(sc); else if (dflt_only) - pi = snort::get_default_inspection_policy(SnortConfig::get_conf()); + pi = get_default_inspection_policy(SnortConfig::get_conf()); else - pi = snort::get_inspection_policy(); + pi = get_inspection_policy(); if ( !pi || !pi->framework_policy ) return nullptr; @@ -661,7 +661,7 @@ void InspectorManager::thread_init(SnortConfig* sc) // pin->tinit() only called for default policy set_default_policy(); - InspectionPolicy* pi = snort::get_inspection_policy(); + InspectionPolicy* pi = get_inspection_policy(); if ( pi && pi->framework_policy ) { @@ -692,7 +692,7 @@ void InspectorManager::thread_reinit(SnortConfig* sc) } // pin->tinit() only called for default policy - InspectionPolicy* pi = snort::get_default_inspection_policy(sc); + InspectionPolicy* pi = get_default_inspection_policy(sc); if ( pi && pi->framework_policy ) { @@ -717,7 +717,7 @@ void InspectorManager::thread_stop(SnortConfig*) // pin->tterm() only called for default policy set_default_policy(); - InspectionPolicy* pi = snort::get_inspection_policy(); + InspectionPolicy* pi = get_inspection_policy(); // FIXIT-RC Any inspectors that were once configured/instantiated but // no longer exist in the conf cannot have their instance tterm() @@ -764,7 +764,7 @@ void InspectorManager::instantiate( assert(mod); FrameworkConfig* fc = sc->framework_config; - FrameworkPolicy* fp = snort::get_inspection_policy()->framework_policy; + FrameworkPolicy* fp = get_inspection_policy()->framework_policy; // FIXIT-L should not need to lookup inspector etc // since given api and mod @@ -800,7 +800,7 @@ Inspector* InspectorManager::instantiate( if ( !ppc ) return nullptr; - auto fp = snort::get_inspection_policy()->framework_policy; + auto fp = get_inspection_policy()->framework_policy; auto ppi = get_new(ppc, fp, name, mod, sc); if ( !ppi ) @@ -949,7 +949,7 @@ bool InspectorManager::configure(SnortConfig* sc, bool cloned) void InspectorManager::print_config(SnortConfig* sc) { - InspectionPolicy* pi = snort::get_inspection_policy(); + InspectionPolicy* pi = get_inspection_policy(); if ( !pi->framework_policy ) return; @@ -1030,7 +1030,7 @@ void InspectorManager::full_inspection(Packet* p) void InspectorManager::execute(Packet* p) { - FrameworkPolicy* fp = snort::get_inspection_policy()->framework_policy; + FrameworkPolicy* fp = get_inspection_policy()->framework_policy; assert(fp); if ( !p->has_paf_payload() ) @@ -1040,7 +1040,7 @@ void InspectorManager::execute(Packet* p) // a flow control wrapper) and use eval() instead of process() // for stream_*. ::execute(p, fp->session.vec, fp->session.num); - fp = snort::get_inspection_policy()->framework_policy; + fp = get_inspection_policy()->framework_policy; } // must check between each ::execute() if ( p->disable_inspect ) @@ -1053,7 +1053,7 @@ void InspectorManager::execute(Packet* p) return; SnortConfig* sc = SnortConfig::get_conf(); - FrameworkPolicy* fp_dft = snort::get_default_inspection_policy(sc)->framework_policy; + FrameworkPolicy* fp_dft = get_default_inspection_policy(sc)->framework_policy; if ( !p->flow ) { @@ -1091,7 +1091,7 @@ void InspectorManager::execute(Packet* p) void InspectorManager::probe(Packet* p) { - InspectionPolicy* policy = snort::SnortConfig::get_conf()->policy_map->get_inspection_policy(0); + InspectionPolicy* policy = SnortConfig::get_conf()->policy_map->get_inspection_policy(0); FrameworkPolicy* fp = policy->framework_policy; ::execute(p, fp->probe.vec, fp->probe.num); } diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc index 7e2b3a901..af7b9974e 100644 --- a/src/managers/module_manager.cc +++ b/src/managers/module_manager.cc @@ -417,7 +417,7 @@ static bool set_var(const char* fqn, Value& val) if ( val.get_type() != Value::VT_STR ) return false; - if ( snort::get_ips_policy() == nullptr ) + if ( get_ips_policy() == nullptr ) return true; trace("var", fqn, val); @@ -706,7 +706,7 @@ SO_PUBLIC bool open_table(const char* s, int idx) return false; // FIXIT-M only basic modules, inspectors and ips actions can be reloaded at present - if ( ( snort::Snort::is_reloading() ) and h->api + if ( ( Snort::is_reloading() ) and h->api and h->api->type != PT_INSPECTOR and h->api->type != PT_IPS_ACTION ) return false; @@ -1046,7 +1046,7 @@ void ModuleManager::show_module(const char* name) cout << "no match" << endl; } -void ModuleManager::reload_module(const char* name, snort::SnortConfig* sc) +void ModuleManager::reload_module(const char* name, SnortConfig* sc) { ModHook* h = get_hook(name); diff --git a/src/managers/so_manager.cc b/src/managers/so_manager.cc index 5ee4ae5aa..7d8dec88c 100644 --- a/src/managers/so_manager.cc +++ b/src/managers/so_manager.cc @@ -36,6 +36,7 @@ #include "log/messages.h" #include "parser/parse_so_rule.h" +using namespace snort; using namespace std; static list s_rules; @@ -56,7 +57,7 @@ void SoManager::release_plugins() void SoManager::dump_plugins() { - snort::Dumper d("SO Rules"); + Dumper d("SO Rules"); for ( auto* p : s_rules ) d.dump(p->base.name, p->base.version); diff --git a/src/memory/memory_cap.cc b/src/memory/memory_cap.cc index 32903fab5..c3d93a6f0 100644 --- a/src/memory/memory_cap.cc +++ b/src/memory/memory_cap.cc @@ -182,7 +182,7 @@ bool MemoryCap::over_threshold() void MemoryCap::calculate(unsigned num_threads) { assert(!is_packet_thread()); - const MemoryConfig& config = *snort::SnortConfig::get_conf()->memory; + const MemoryConfig& config = *SnortConfig::get_conf()->memory; auto main_thread_used = s_tracker.used(); @@ -219,12 +219,12 @@ void MemoryCap::print() if ( !MemoryModule::is_active() ) return; - const MemoryConfig& config = *snort::SnortConfig::get_conf()->memory; + const MemoryConfig& config = *SnortConfig::get_conf()->memory; - if ( snort::SnortConfig::log_verbose() or mem_stats.allocations ) + if ( SnortConfig::log_verbose() or mem_stats.allocations ) LogLabel("memory (heap)"); - if ( snort::SnortConfig::log_verbose() ) + if ( SnortConfig::log_verbose() ) { LogMessage(" global cap: %zu\n", config.cap); LogMessage(" global preemptive threshold percent: %u\n", config.threshold); diff --git a/src/memory/prune_handler.cc b/src/memory/prune_handler.cc index 5119dce41..fa8b5fbf4 100644 --- a/src/memory/prune_handler.cc +++ b/src/memory/prune_handler.cc @@ -26,12 +26,14 @@ #include "stream/stream.h" +using namespace snort; + namespace memory { void prune_handler() { - snort::Stream::prune_flows(); + Stream::prune_flows(); } } // namespace memory diff --git a/src/mime/decode_b64.cc b/src/mime/decode_b64.cc index d3ac12cd3..803877c8d 100644 --- a/src/mime/decode_b64.cc +++ b/src/mime/decode_b64.cc @@ -28,6 +28,8 @@ #include "decode_buffer.h" +using namespace snort; + void B64Decode::reset_decode_state() { reset_decoded_bytes(); @@ -47,7 +49,7 @@ DecodeResult B64Decode::decode_data(const uint8_t* start, const uint8_t* end, ui uint32_t encode_avail = buffer->get_encode_avail() - buffer->get_prev_encoded_bytes(); - if (snort::sf_strip_CRLF(start, (end-start), buffer->get_encode_buff() + buffer->get_prev_encoded_bytes(), + if (sf_strip_CRLF(start, (end-start), buffer->get_encode_buff() + buffer->get_prev_encoded_bytes(), encode_avail, &act_encode_size) != 0) { reset_decode_state(); @@ -68,7 +70,7 @@ DecodeResult B64Decode::decode_data(const uint8_t* start, const uint8_t* end, ui else buffer->reset_saved(); - if (snort::sf_base64decode(buffer->get_encode_buff(), act_encode_size, + if (sf_base64decode(buffer->get_encode_buff(), act_encode_size, decode_buf, buffer->get_decode_avail(), &act_decode_size) != 0) { reset_decode_state(); diff --git a/src/mime/decode_qp.cc b/src/mime/decode_qp.cc index 20623ab89..9e03658c4 100644 --- a/src/mime/decode_qp.cc +++ b/src/mime/decode_qp.cc @@ -31,6 +31,8 @@ #include "decode_buffer.h" +using namespace snort; + void QPDecode::reset_decode_state() { reset_decoded_bytes(); @@ -49,7 +51,7 @@ DecodeResult QPDecode::decode_data(const uint8_t* start, const uint8_t* end, uin uint32_t encode_avail = buffer->get_encode_avail() - buffer->get_prev_encoded_bytes(); - if (snort::sf_strip_LWS(start, (end-start), buffer->get_encode_buff() + buffer->get_prev_encoded_bytes(), + if (sf_strip_LWS(start, (end-start), buffer->get_encode_buff() + buffer->get_prev_encoded_bytes(), encode_avail, &act_encode_size) != 0) { reset_decode_state(); diff --git a/src/mime/decode_uu.cc b/src/mime/decode_uu.cc index c537c7e25..262a8e31b 100644 --- a/src/mime/decode_uu.cc +++ b/src/mime/decode_uu.cc @@ -31,6 +31,8 @@ #include "decode_buffer.h" +using namespace snort; + #define UU_DECODE_CHAR(c) (((c) - 0x20) & 0x3f) void UUDecode::reset_decode_state() @@ -149,13 +151,13 @@ int sf_uudecode(uint8_t* src, uint32_t slen, uint8_t* dst, uint32_t dlen, uint32 } else { - const uint8_t* sod = (const uint8_t*)snort::SnortStrnStr((const char*)src, 5, "begin"); + const uint8_t* sod = (const uint8_t*)SnortStrnStr((const char*)src, 5, "begin"); if (sod) { *begin_found = true; /*begin str found. Move to the actual data*/ - ptr = (const uint8_t*)snort::SnortStrnStr((const char*)(sod), (end - sod), "\n"); + ptr = (const uint8_t*)SnortStrnStr((const char*)(sod), (end - sod), "\n"); if ( !ptr ) { *bytes_read = slen; diff --git a/src/mime/file_mime_config.cc b/src/mime/file_mime_config.cc index 153c96647..8dd625bbf 100644 --- a/src/mime/file_mime_config.cc +++ b/src/mime/file_mime_config.cc @@ -124,7 +124,7 @@ bool DecodeConfig::is_decoding_enabled() // update file depth and max_depth etc void DecodeConfig::sync_all_depths() { - file_depth = snort::FileService::get_max_file_depth(); + file_depth = FileService::get_max_file_depth(); if ((file_depth >= 0)or (b64_depth >= 0) or (qp_depth >= 0) or (bitenc_depth >= 0) or (uu_depth >= 0)) decode_enabled = true; diff --git a/src/mime/file_mime_decode.cc b/src/mime/file_mime_decode.cc index 099244dae..be75dc6a9 100644 --- a/src/mime/file_mime_decode.cc +++ b/src/mime/file_mime_decode.cc @@ -216,7 +216,7 @@ void MimeDecode::file_decomp_init() (void)File_Decomp_Init(fd_state); } -MimeDecode::MimeDecode(snort::DecodeConfig* conf) +MimeDecode::MimeDecode(DecodeConfig* conf) { config = conf; file_decomp_init(); diff --git a/src/mime/file_mime_log.h b/src/mime/file_mime_log.h index 9938b73d6..c65423d88 100644 --- a/src/mime/file_mime_log.h +++ b/src/mime/file_mime_log.h @@ -27,6 +27,8 @@ #include #include "main/snort_types.h" +namespace snort +{ enum EmailUserType { EMAIL_SENDER, @@ -42,10 +44,7 @@ struct MailLogConfig uint32_t email_hdrs_log_depth = 0; }; -namespace snort -{ class Flow; -} class SO_PUBLIC MailLogState { @@ -82,6 +81,7 @@ private: uint16_t file_logged; uint16_t file_current; }; +} #endif diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc index caca44b71..f85f6d33b 100644 --- a/src/network_inspectors/appid/app_info_table.cc +++ b/src/network_inspectors/appid/app_info_table.cc @@ -549,14 +549,14 @@ void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* pa } SnortProtocolId AppInfoManager::add_appid_protocol_reference(const char* protocol, - snort::SnortConfig* sc) + SnortConfig* sc) { SnortProtocolId snort_protocol_id = sc->proto_ref->add(protocol); return snort_protocol_id; } void AppInfoManager::init_appid_info_table(AppIdModuleConfig* mod_config, - snort::SnortConfig* sc) + SnortConfig* sc) { if ( !mod_config->app_detector_dir ) { diff --git a/src/network_inspectors/appid/appid_app_descriptor.cc b/src/network_inspectors/appid/appid_app_descriptor.cc index 6e666d840..cca482263 100644 --- a/src/network_inspectors/appid/appid_app_descriptor.cc +++ b/src/network_inspectors/appid/appid_app_descriptor.cc @@ -11,7 +11,9 @@ #include "appid_app_descriptor.h" #include "lua_detector_api.h" -void ApplicationDescriptor::set_id(const snort::Packet& p, AppIdSession& asd, +using namespace snort; + +void ApplicationDescriptor::set_id(const Packet& p, AppIdSession& asd, AppidSessionDirection dir, AppId app_id, AppidChangeBits& change_bits) { if ( my_id != app_id ) diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index bc75f53f1..68d880226 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -158,7 +158,7 @@ void AppIdDiscovery::do_application_discovery(Packet* p, AppIdInspector& inspect misc_id, change_bits); } -void AppIdDiscovery::publish_appid_event(AppidChangeBits& change_bits, snort::Flow* flow) +void AppIdDiscovery::publish_appid_event(AppidChangeBits& change_bits, Flow* flow) { if (change_bits.none()) return; diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc index 584b73444..fea08bd95 100644 --- a/src/network_inspectors/appid/appid_http_session.cc +++ b/src/network_inspectors/appid/appid_http_session.cc @@ -825,7 +825,7 @@ void AppIdHttpSession::update_http_xff_address(struct XffFieldValue* xff_fields, // FIXIT_H: - this code is wrong. We can't have // tmp-xff_fields[j].value when tmp=0. - // xff_addr = new snort::SfIp(); + // xff_addr = new SfIp(); // char* xff_addr_str = nullptr; // char* tmp = strchr(xff_fields[j].value, ','); diff --git a/src/network_inspectors/appid/appid_peg_counts.cc b/src/network_inspectors/appid/appid_peg_counts.cc index 2efa7183d..bcfa62b5a 100644 --- a/src/network_inspectors/appid/appid_peg_counts.cc +++ b/src/network_inspectors/appid/appid_peg_counts.cc @@ -30,6 +30,8 @@ #include "utils/stats.h" +using namespace snort; + std::unordered_map AppIdPegCounts::appid_detector_pegs_idx; std::vector AppIdPegCounts::appid_detectors_info; THREAD_LOCAL std::vector* AppIdPegCounts::appid_peg_counts; @@ -133,7 +135,7 @@ void AppIdPegCounts::print() if (!print && unknown_pegs->all_zeros()) return; - snort::LogLabel("Appid dynamic stats:"); + LogLabel("Appid dynamic stats:"); for (unsigned i = 0; i < app_num; i++) { @@ -142,14 +144,14 @@ void AppIdPegCounts::print() continue; std::string app_name = AppIdPegCounts::appid_detectors_info[i]; - snort::LogMessage("%s: ", app_name.c_str()); + LogMessage("%s: ", app_name.c_str()); pegs->print(); } // Print unknown app stats if (!unknown_pegs->all_zeros()) { - snort::LogMessage("unknown_app: flows: %" PRIu64 ", clients: %" PRIu64 ", users: %" PRIu64 ", payloads %" + LogMessage("unknown_app: flows: %" PRIu64 ", clients: %" PRIu64 ", users: %" PRIu64 ", payloads %" PRIu64 ", misc: %" PRIu64 "\n", unknown_pegs->stats[0], unknown_pegs->stats[1], unknown_pegs->stats[2], unknown_pegs->stats[3], unknown_pegs->stats[4]); diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc index 91c9664cd..b298b992d 100644 --- a/src/network_inspectors/appid/appid_stats.cc +++ b/src/network_inspectors/appid/appid_stats.cc @@ -242,7 +242,7 @@ static void update_stats(const AppIdSession& asd, AppId app_id, StatsBucket* buc } else { - snort::WarningMessage("Error saving statistics record for app id: %d", app_id); + WarningMessage("Error saving statistics record for app id: %d", app_id); snort_free(record); record = nullptr; } diff --git a/src/network_inspectors/appid/appid_utils/sf_mlmp.cc b/src/network_inspectors/appid/appid_utils/sf_mlmp.cc index a6f0e6dd2..efdb8af3a 100644 --- a/src/network_inspectors/appid/appid_utils/sf_mlmp.cc +++ b/src/network_inspectors/appid/appid_utils/sf_mlmp.cc @@ -28,6 +28,8 @@ #include "search_engines/search_tool.h" #include "utils/util.h" +using namespace snort; + struct tPatternNode { tMlmpPattern pattern; @@ -59,7 +61,7 @@ struct tPatternPrimaryNode /*Node for mlmp tree */ struct tMlmpTree { - snort::SearchTool* patternTree; + SearchTool* patternTree; tPatternPrimaryNode* patternList; uint32_t level; }; @@ -198,12 +200,12 @@ static int compareMlmpPatterns(const void* p1, const void* p2) detroyTreesRecursively. */ static int createTreesRecusively(tMlmpTree* rootNode) { - snort::SearchTool* patternMatcher; + SearchTool* patternMatcher; tPatternPrimaryNode* primaryPatternNode; tPatternNode* ddPatternNode; /* set up the MPSE for url patterns */ - patternMatcher = rootNode->patternTree = new snort::SearchTool("ac_full", true); + patternMatcher = rootNode->patternTree = new SearchTool("ac_full", true); for (primaryPatternNode = rootNode->patternList; primaryPatternNode; diff --git a/src/network_inspectors/appid/appid_utils/sf_multi_mpse.cc b/src/network_inspectors/appid/appid_utils/sf_multi_mpse.cc index 1e7fda4c2..805d32ac7 100644 --- a/src/network_inspectors/appid/appid_utils/sf_multi_mpse.cc +++ b/src/network_inspectors/appid/appid_utils/sf_multi_mpse.cc @@ -28,6 +28,8 @@ #include "search_engines/search_tool.h" #include "utils/util.h" +using namespace snort; + struct tPatternRootNode; struct tPatternList { @@ -41,7 +43,7 @@ struct tPatternList /*Root node */ struct tPatternRootNode { - snort::SearchTool* patternTree; + SearchTool* patternTree; tPatternList* patternList; tPatternList* lastPattern; unsigned int level; /*some searches may be specific to levels. Increments from 1 at top @@ -180,11 +182,11 @@ static int compareAppUrlPatterns(const void* p1, const void* p2) static int createTreesRecusively(void* root) { tPatternRootNode* rootNode = (tPatternRootNode*)root; - snort::SearchTool* patternMatcher; + SearchTool* patternMatcher; tPatternList* patternNode; /* set up the MPSE for url patterns */ - if (!(patternMatcher = rootNode->patternTree = new snort::SearchTool("ac_full", true))) + if (!(patternMatcher = rootNode->patternTree = new SearchTool("ac_full", true))) return -1; for (patternNode = rootNode->patternList; diff --git a/src/network_inspectors/appid/client_plugins/client_detector.cc b/src/network_inspectors/appid/client_plugins/client_detector.cc index b404b92f2..a7dcfd5c3 100644 --- a/src/network_inspectors/appid/client_plugins/client_detector.cc +++ b/src/network_inspectors/appid/client_plugins/client_detector.cc @@ -32,6 +32,8 @@ #include "protocols/packet.h" #include "log/messages.h" +using namespace snort; + static THREAD_LOCAL unsigned client_module_index = 0; ClientDetector::ClientDetector() @@ -47,7 +49,7 @@ void ClientDetector::register_appid(AppId appId, unsigned extractsInfo) { if ( AppInfoManager::get_instance().configured() ) { - snort::ParseWarning(WARN_RULES, + ParseWarning(WARN_RULES, "appid: no entry for %d in appMapping.data; no rule support for this ID.", appId); } diff --git a/src/network_inspectors/appid/detector_plugins/detector_dns.cc b/src/network_inspectors/appid/detector_plugins/detector_dns.cc index 81d4986a9..696220122 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_dns.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_dns.cc @@ -30,6 +30,8 @@ #include "app_info_table.h" #include "application_ids.h" +using namespace snort; + #define MAX_OPCODE 5 #define INVALID_OPCODE 3 @@ -159,7 +161,7 @@ struct MatchedDNSPatterns struct ServiceDnsConfig { DetectorDNSHostPattern* DetectorDNSHostPatternList; - snort::SearchTool* dns_host_host_matcher; + SearchTool* dns_host_host_matcher; }; static ServiceDnsConfig serviceDnsConfig; // DNS service configuration @@ -184,7 +186,7 @@ static int dns_host_detector_create_matcher(DetectorDNSHostPattern* list) if (serviceDnsConfig.dns_host_host_matcher) delete serviceDnsConfig.dns_host_host_matcher; - serviceDnsConfig.dns_host_host_matcher = new snort::SearchTool("ac_full", true); + serviceDnsConfig.dns_host_host_matcher = new SearchTool("ac_full", true); if (!serviceDnsConfig.dns_host_host_matcher) return 0; @@ -741,7 +743,7 @@ inprocess: return APPID_INPROCESS; } -static int dns_host_scan_patterns(snort::SearchTool* matcher, const uint8_t* pattern, size_t size, +static int dns_host_scan_patterns(SearchTool* matcher, const uint8_t* pattern, size_t size, AppId* ClientAppId, AppId* payloadId) { MatchedDNSPatterns* mp = nullptr; diff --git a/src/network_inspectors/appid/detector_plugins/detector_imap.cc b/src/network_inspectors/appid/detector_plugins/detector_imap.cc index 877cfe6b7..48adb30dc 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_imap.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_imap.cc @@ -31,6 +31,8 @@ #include "search_engines/search_tool.h" #include "utils/util.h" +using namespace snort; + static const unsigned IMAP_USER_NAME_MAX_LEN = 32; static const unsigned IMAP_TAG_MAX_LEN = 6; static const unsigned MIN_CMDS = 3; @@ -516,7 +518,7 @@ ImapClientDetector::~ImapClientDetector() void ImapClientDetector::do_custom_init() { - cmd_matcher = new snort::SearchTool("ac_full", true); + cmd_matcher = new SearchTool("ac_full", true); if ( !tcp_patterns.empty() ) { diff --git a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc index f863e4ee1..c36fe979a 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_kerberos.cc @@ -115,7 +115,7 @@ static KerberosClientDetector* krb_client_detector; static KerberosServiceDetector* krb_service_detector; static int krb_walk_server_packet(KRBState* krbs, const uint8_t* s, const uint8_t* end, - AppIdSession& asd, snort::Packet* pkt, const AppidSessionDirection dir, + AppIdSession& asd, Packet* pkt, const AppidSessionDirection dir, const char* reqCname, AppidChangeBits& change_bits) { static const uint8_t KRB_SERVER_VERSION[] = "\x0a0\x003\x002\x001"; diff --git a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc index b1c57020c..35e96ba19 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pattern.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_pattern.cc @@ -119,14 +119,14 @@ static void read_patterns(PortPatternNode* portPatternList, PatternService** ser } } -static void register_pattern(snort::SearchTool** patterns, Pattern* pattern) +static void register_pattern(SearchTool** patterns, Pattern* pattern) { if (!*patterns) { - *patterns = new snort::SearchTool("ac_full", true); + *patterns = new SearchTool("ac_full", true); if (!*patterns) { - snort::ErrorMessage("Error initializing the pattern table\n"); + ErrorMessage("Error initializing the pattern table\n"); return; } } @@ -200,7 +200,7 @@ static int pattern_match(void* id, void*, int match_end_pos, void* data, void*) return 0; } -static int csd_pattern_tree_search(const uint8_t* data, uint16_t size, snort::SearchTool* patternTree) +static int csd_pattern_tree_search(const uint8_t* data, uint16_t size, SearchTool* patternTree) { PServiceMatch* matches = nullptr; @@ -460,7 +460,7 @@ PatternServiceDetector::~PatternServiceDetector() int PatternServiceDetector::validate(AppIdDiscoveryArgs& args) { - snort::SearchTool* patternTree = nullptr; + SearchTool* patternTree = nullptr; if (!args.data ) return APPID_ENULL; @@ -542,7 +542,7 @@ int PatternClientDetector::validate(AppIdDiscoveryArgs& args) if (!args.size || args.dir == APP_ID_FROM_RESPONDER) return APPID_INPROCESS; - snort::SearchTool* patternTree = (args.asd.protocol == IpProtocol::UDP) ? + SearchTool* patternTree = (args.asd.protocol == IpProtocol::UDP) ? udp_pattern_matcher : tcp_pattern_matcher; AppId id = csd_pattern_tree_search(args.data, args.size, patternTree); if (!id) diff --git a/src/network_inspectors/appid/detector_plugins/detector_pop3.cc b/src/network_inspectors/appid/detector_plugins/detector_pop3.cc index 73ec4c231..5c335ee66 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_pop3.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_pop3.cc @@ -114,7 +114,7 @@ struct ServicePOP3Data unsigned count; const char* vendor; char version[MAX_VERSION_SIZE]; - snort::AppIdServiceSubtype* subtype; + AppIdServiceSubtype* subtype; int error; }; @@ -211,7 +211,7 @@ Pop3ClientDetector::~Pop3ClientDetector() void Pop3ClientDetector::do_custom_init() { - cmd_matcher = new snort::SearchTool("ac_full", true); + cmd_matcher = new SearchTool("ac_full", true); if ( !tcp_patterns.empty() ) { @@ -246,7 +246,7 @@ static void pop3_free_state(void* data) ServicePOP3Data* sd = &dd->server; while (sd->subtype) { - snort::AppIdServiceSubtype* sub = sd->subtype; + AppIdServiceSubtype* sub = sd->subtype; sd->subtype = sub->next; if (sub->service) snort_free((void*)sub->service); @@ -416,7 +416,7 @@ static int pop3_server_validate(POP3DetectorData* dd, const uint8_t* data, uint1 pd->vendor = ven_im; else if ((p=service_strstr(begin, len, (const unsigned char*)ven_po, sizeof(ven_po)-1))) { - snort::AppIdServiceSubtype* sub; + AppIdServiceSubtype* sub; pd->vendor = ven_po; p += (sizeof(ven_po) - 1); @@ -487,7 +487,7 @@ static int pop3_server_validate(POP3DetectorData* dd, const uint8_t* data, uint1 ; if (p == s || p >= line_end || !(*p)) goto ven_ver_done; - sub = (snort::AppIdServiceSubtype*)snort_calloc(sizeof(snort::AppIdServiceSubtype)); + sub = (AppIdServiceSubtype*)snort_calloc(sizeof(AppIdServiceSubtype)); unsigned sub_len; sub_len = p - s; diff --git a/src/network_inspectors/appid/detector_plugins/detector_smtp.cc b/src/network_inspectors/appid/detector_plugins/detector_smtp.cc index 07c9a18c8..007a78e38 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_smtp.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_smtp.cc @@ -27,6 +27,8 @@ #include "app_info_table.h" #include "protocols/packet.h" +using namespace snort; + enum SMTPClientState { SMTP_CLIENT_STATE_NONE, @@ -207,7 +209,7 @@ int SmtpClientDetector::extract_version_and_add_client_app( * Returns 0 if a recognized product is found. Otherwise returns 1. */ int SmtpClientDetector::identify_client_version(ClientSMTPData* const fd, const uint8_t* product, - const uint8_t* data_end, AppIdSession& asd, snort::Packet*, AppidChangeBits& change_bits) + const uint8_t* data_end, AppIdSession& asd, Packet*, AppidChangeBits& change_bits) { const uint8_t* p; AppId appId = APP_ID_SMTP; diff --git a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc index ceaf04c5b..547e290e3 100644 --- a/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc +++ b/src/network_inspectors/appid/detector_plugins/http_url_patterns.cc @@ -677,7 +677,7 @@ int HttpPatternMatchers::process_host_patterns(DetectorHTTPPatterns patterns) int HttpPatternMatchers::process_chp_list(CHPListElement* chplist) { for (size_t i = 0; i < NUM_HTTP_FIELDS; i++) - chp_matchers[i] = new snort::SearchTool("ac_full", true); + chp_matchers[i] = new SearchTool("ac_full", true); for (CHPListElement* chpe = chplist; chpe; chpe = chpe->next) chp_matchers[chpe->chp_action.ptype]->add(chpe->chp_action.pattern, @@ -717,10 +717,10 @@ static FieldPattern http_field_patterns[] = HTTP_FIELD_PREFIX_USER_AGENT_SIZE }, }; -static snort::SearchTool* process_http_field_patterns(FieldPattern* patternList, +static SearchTool* process_http_field_patterns(FieldPattern* patternList, size_t patternListCount) { - snort::SearchTool* patternMatcher = new snort::SearchTool("ac_full", true); + SearchTool* patternMatcher = new SearchTool("ac_full", true); for (size_t i=0; i < patternListCount; i++) patternMatcher->add( (const char*)patternList[i].data, patternList[i].length, @@ -730,7 +730,7 @@ static snort::SearchTool* process_http_field_patterns(FieldPattern* patternList, return patternMatcher; } -static void process_patterns(snort::SearchTool& matcher, DetectorHTTPPatterns& patterns, bool +static void process_patterns(SearchTool& matcher, DetectorHTTPPatterns& patterns, bool last = true) { for (auto& pat: patterns) @@ -790,7 +790,7 @@ static int http_field_pattern_match(void* id, void*, int match_end_pos, void* da } // FIXIT-RC: Is this still necessary now that we use inspection events? -void HttpPatternMatchers::get_http_offsets(snort::Packet* pkt, AppIdHttpSession* hsession) +void HttpPatternMatchers::get_http_offsets(Packet* pkt, AppIdHttpSession* hsession) { constexpr auto MIN_HTTP_REQ_HEADER_SIZE = (sizeof("GET /\r\n\r\n") - 1); static const uint8_t crlfcrlf[] = "\r\n\r\n"; @@ -1723,7 +1723,7 @@ bool HttpPatternMatchers::get_appid_from_url(char* host, const char* url, char** } void HttpPatternMatchers::get_server_vendor_version(const char* data, int len, char** version, - char** vendor, snort::AppIdServiceSubtype** subtype) + char** vendor, AppIdServiceSubtype** subtype) { int vendor_len = len; @@ -1762,9 +1762,9 @@ void HttpPatternMatchers::get_server_vendor_version(const char* data, int len, c { if ( subname && subname_len > 0 && subver && *subname ) { - snort::AppIdServiceSubtype* sub = - (snort::AppIdServiceSubtype*)snort_calloc( - sizeof(snort::AppIdServiceSubtype)); + AppIdServiceSubtype* sub = + (AppIdServiceSubtype*)snort_calloc( + sizeof(AppIdServiceSubtype)); char* tmp = (char*)snort_calloc(subname_len + 1); memcpy(tmp, subname, subname_len); tmp[subname_len] = 0; @@ -1796,8 +1796,8 @@ void HttpPatternMatchers::get_server_vendor_version(const char* data, int len, c if ( subname && subname_len > 0 && subver && *subname ) { - snort::AppIdServiceSubtype* sub = - (snort::AppIdServiceSubtype*)snort_calloc(sizeof(snort::AppIdServiceSubtype)); + AppIdServiceSubtype* sub = + (AppIdServiceSubtype*)snort_calloc(sizeof(AppIdServiceSubtype)); char* tmp = (char*)snort_calloc(subname_len + 1); memcpy(tmp, subname, subname_len); tmp[subname_len] = 0; @@ -1862,7 +1862,7 @@ uint32_t HttpPatternMatchers::parse_multiple_http_patterns(const char* pattern, for (unsigned i = 0; i <= partNum; i++) snort_free((void*)parts[i].pattern); - snort::ErrorMessage("Failed to allocate memory"); + ErrorMessage("Failed to allocate memory"); return 0; } partNum++; diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index fc2ecaa3d..f19aa3289 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -58,7 +58,7 @@ static uint16_t my_length[NUM_HTTP_FIELDS] = { 0 }; static CHPAction my_match; static void* my_chp_rewritten = nullptr; -void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } TEST_GROUP(http_url_patterns_tests) { diff --git a/src/network_inspectors/appid/lua_detector_flow_api.cc b/src/network_inspectors/appid/lua_detector_flow_api.cc index 54b1f96e5..e4ff3e3ed 100644 --- a/src/network_inspectors/appid/lua_detector_flow_api.cc +++ b/src/network_inspectors/appid/lua_detector_flow_api.cc @@ -31,6 +31,8 @@ #include "lua_detector_module.h" #include "lua_detector_util.h" +using namespace snort; + /* Lua flag bit/index to C flag value (0 for invalid). */ static const uint64_t FLAGS_TABLE_LUA_TO_C[32] { @@ -155,8 +157,8 @@ static inline uint64_t convert_flags_c_to_lua(uint64_t in) */ static int create_detector_flow(lua_State* L) { - snort::SfIp saddr; - snort::SfIp daddr; + SfIp saddr; + SfIp daddr; AppIdDetector* ud = *UserData::check(L, DETECTOR, 1); // Verify detector user data and that we are in packet context diff --git a/src/network_inspectors/appid/service_plugins/service_mdns.cc b/src/network_inspectors/appid/service_plugins/service_mdns.cc index fc694a0f3..435bb4668 100644 --- a/src/network_inspectors/appid/service_plugins/service_mdns.cc +++ b/src/network_inspectors/appid/service_plugins/service_mdns.cc @@ -107,7 +107,7 @@ MdnsServiceDetector::MdnsServiceDetector(ServiceDiscovery* sd) { 5353, IpProtocol::UDP, false }, }; - matcher = new snort::SearchTool("ac_full", true); + matcher = new SearchTool("ac_full", true); for (unsigned i = 0; i < sizeof(patterns) / sizeof(*patterns); i++) matcher->add((const char*)patterns[i].pattern, patterns[i].length, &patterns[i]); matcher->prep(); diff --git a/src/network_inspectors/appid/service_plugins/service_rexec.cc b/src/network_inspectors/appid/service_plugins/service_rexec.cc index a22591044..b48d372e5 100644 --- a/src/network_inspectors/appid/service_plugins/service_rexec.cc +++ b/src/network_inspectors/appid/service_plugins/service_rexec.cc @@ -29,6 +29,8 @@ #include "app_info_table.h" #include "protocols/packet.h" +using namespace snort; + #define REXEC_PORT 512 #define REXEC_MAX_PORT_PACKET 6 @@ -120,7 +122,7 @@ int RexecServiceDetector::validate(AppIdDiscoveryArgs& args) { case REXEC_STATE_PORT: if(rexec_snort_protocol_id == UNKNOWN_PROTOCOL_ID) - rexec_snort_protocol_id = snort::SnortConfig::get_conf()->proto_ref->find("rexec"); + rexec_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("rexec"); if (args.dir != APP_ID_FROM_INITIATOR) goto bail; @@ -140,8 +142,8 @@ int RexecServiceDetector::validate(AppIdDiscoveryArgs& args) goto bail; if (port && args.pkt) { - const snort::SfIp* sip; - const snort::SfIp* dip; + const SfIp* sip; + const SfIp* dip; dip = args.pkt->ptrs.ip_api.get_dst(); sip = args.pkt->ptrs.ip_api.get_src(); diff --git a/src/network_inspectors/appid/service_plugins/service_rshell.cc b/src/network_inspectors/appid/service_plugins/service_rshell.cc index 8365ef5ae..716eb43fd 100644 --- a/src/network_inspectors/appid/service_plugins/service_rshell.cc +++ b/src/network_inspectors/appid/service_plugins/service_rshell.cc @@ -31,6 +31,8 @@ #include "appid_debug.h" #include "appid_inspector.h" +using namespace snort; + #define RSHELL_PORT 514 #define RSHELL_MAX_PORT_PACKET 6 @@ -115,7 +117,7 @@ int RshellServiceDetector::validate(AppIdDiscoveryArgs& args) } if (appidDebug->is_active()) - snort::LogMessage("AppIdDbg %s RSHELL state %d\n", appidDebug->get_debug_session(), rd->state); + LogMessage("AppIdDbg %s RSHELL state %d\n", appidDebug->get_debug_session(), rd->state); switch (rd->state) { @@ -139,14 +141,14 @@ int RshellServiceDetector::validate(AppIdDiscoveryArgs& args) if (port) { if(rsh_error_snort_protocol_id == UNKNOWN_PROTOCOL_ID) - rsh_error_snort_protocol_id = snort::SnortConfig::get_conf()->proto_ref->find("rsh-error"); + rsh_error_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("rsh-error"); ServiceRSHELLData* tmp_rd = (ServiceRSHELLData*)snort_calloc( sizeof(ServiceRSHELLData)); tmp_rd->state = RSHELL_STATE_STDERR_CONNECT_SYN; tmp_rd->parent = rd; - const snort::SfIp* dip = args.pkt->ptrs.ip_api.get_dst(); - const snort::SfIp* sip = args.pkt->ptrs.ip_api.get_src(); + const SfIp* dip = args.pkt->ptrs.ip_api.get_dst(); + const SfIp* sip = args.pkt->ptrs.ip_api.get_src(); AppIdSession* pf = AppIdSession::create_future_session(args.pkt, dip, 0, sip, (uint16_t)port, IpProtocol::TCP, rsh_error_snort_protocol_id, APPID_EARLY_SESSION_FLAG_FW_RULE); if (pf) diff --git a/src/network_inspectors/appid/service_plugins/service_snmp.cc b/src/network_inspectors/appid/service_plugins/service_snmp.cc index b2f7bb809..1ce4b44b4 100644 --- a/src/network_inspectors/appid/service_plugins/service_snmp.cc +++ b/src/network_inspectors/appid/service_plugins/service_snmp.cc @@ -32,6 +32,8 @@ #include "appid_debug.h" #include "appid_inspector.h" +using namespace snort; + #define SNMP_PORT 161 #define SNMP_VERSION_1 0 @@ -423,7 +425,7 @@ int SnmpServiceDetector::validate(AppIdDiscoveryArgs& args) if (snmp_verify_packet(&data, data+size, &pdu, &version)) { if (appidDebug->is_active()) - snort::LogMessage("AppIdDbg %s SNMP payload verify failed\n", appidDebug->get_debug_session()); + LogMessage("AppIdDbg %s SNMP payload verify failed\n", appidDebug->get_debug_session()); if (args.asd.get_session_flags(APPID_SESSION_UDP_REVERSED)) { if (args.dir == APP_ID_FROM_RESPONDER) @@ -441,7 +443,7 @@ int SnmpServiceDetector::validate(AppIdDiscoveryArgs& args) } if (appidDebug->is_active()) - snort::LogMessage("AppIdDbg %s SNMP state %d\n", appidDebug->get_debug_session(), sd->state); + LogMessage("AppIdDbg %s SNMP state %d\n", appidDebug->get_debug_session(), sd->state); switch (sd->state) { @@ -477,10 +479,10 @@ int SnmpServiceDetector::validate(AppIdDiscoveryArgs& args) /*adding expected connection in case the server doesn't send from 161*/ if(snmp_snort_protocol_id == UNKNOWN_PROTOCOL_ID) - snmp_snort_protocol_id = snort::SnortConfig::get_conf()->proto_ref->find("snmp"); + snmp_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("snmp"); - const snort::SfIp* dip = args.pkt->ptrs.ip_api.get_dst(); - const snort::SfIp* sip = args.pkt->ptrs.ip_api.get_src(); + const SfIp* dip = args.pkt->ptrs.ip_api.get_dst(); + const SfIp* sip = args.pkt->ptrs.ip_api.get_src(); AppIdSession* pf = AppIdSession::create_future_session(args.pkt, dip, 0, sip, args.pkt->ptrs.sp, args.asd.protocol, snmp_snort_protocol_id, 0); if (pf) diff --git a/src/network_inspectors/appid/service_plugins/service_tftp.cc b/src/network_inspectors/appid/service_plugins/service_tftp.cc index 9ca0f4949..94d0cdd85 100644 --- a/src/network_inspectors/appid/service_plugins/service_tftp.cc +++ b/src/network_inspectors/appid/service_plugins/service_tftp.cc @@ -127,8 +127,8 @@ int TftpServiceDetector::validate(AppIdDiscoveryArgs& args) int mode = 0; uint16_t block = 0; uint16_t tmp = 0; - const snort::SfIp* sip = nullptr; - const snort::SfIp* dip = nullptr; + const SfIp* sip = nullptr; + const SfIp* dip = nullptr; AppIdSession* pf = nullptr; const uint8_t* data = args.data; uint16_t size = args.size; @@ -184,7 +184,7 @@ int TftpServiceDetector::validate(AppIdDiscoveryArgs& args) goto bail; if(tftp_snort_protocol_id == UNKNOWN_PROTOCOL_ID) - tftp_snort_protocol_id = snort::SnortConfig::get_conf()->proto_ref->find("tftp"); + tftp_snort_protocol_id = SnortConfig::get_conf()->proto_ref->find("tftp"); tmp_td = (ServiceTFTPData*)snort_calloc(sizeof(ServiceTFTPData)); tmp_td->state = TFTP_STATE_TRANSFER; diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc index 3bf25201d..b15d8d3d3 100644 --- a/src/network_inspectors/appid/test/appid_api_test.cc +++ b/src/network_inspectors/appid/test/appid_api_test.cc @@ -53,7 +53,7 @@ class Inspector* InspectorManager::get_inspector(char const*, bool, SnortConfig* } -void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } const char* AppInfoManager::get_app_name(AppId) { return test_app_name; diff --git a/src/network_inspectors/appid/test/appid_debug_test.cc b/src/network_inspectors/appid/test/appid_debug_test.cc index fc53c1693..1053376d0 100644 --- a/src/network_inspectors/appid/test/appid_debug_test.cc +++ b/src/network_inspectors/appid/test/appid_debug_test.cc @@ -45,7 +45,7 @@ FlowData::FlowData(unsigned, Inspector*) { } FlowData::~FlowData() = default; } -void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } class AppIdInspector { public: diff --git a/src/network_inspectors/appid/test/appid_detector_test.cc b/src/network_inspectors/appid/test/appid_detector_test.cc index bcfac4645..633e69e7d 100644 --- a/src/network_inspectors/appid/test/appid_detector_test.cc +++ b/src/network_inspectors/appid/test/appid_detector_test.cc @@ -36,7 +36,7 @@ #include #include -void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } void AppIdHttpSession::set_http_change_bits(AppidChangeBits&, HttpFieldIds) {} class TestDetector : public AppIdDetector diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index d46606f2e..356a6af41 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -116,26 +116,26 @@ void DataBus::publish(const char*, DataEvent& event, Flow*) // Stubs for matchers static HttpPatternMatchers* http_matchers; HttpPatternMatchers::~HttpPatternMatchers() {} -void HttpPatternMatchers::get_http_offsets(snort::Packet*, AppIdHttpSession*) {} +void HttpPatternMatchers::get_http_offsets(Packet*, AppIdHttpSession*) {} HttpPatternMatchers* HttpPatternMatchers::get_instance() { return http_matchers; } -void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } // Stubs for AppIdModule -AppIdModule::AppIdModule(): snort::Module("appid_mock", "appid_mock_help") {} +AppIdModule::AppIdModule(): Module("appid_mock", "appid_mock_help") {} AppIdModule::~AppIdModule() {} void AppIdModule::sum_stats(bool) {} void AppIdModule::show_dynamic_stats() {} -bool AppIdModule::begin(char const*, int, snort::SnortConfig*) { return true; } -bool AppIdModule::end(char const*, int, snort::SnortConfig*) { return true; } -bool AppIdModule::set(char const*, snort::Value&, snort::SnortConfig*) { return true; } -const snort::Command* AppIdModule::get_commands() const { return nullptr; } +bool AppIdModule::begin(char const*, int, SnortConfig*) { return true; } +bool AppIdModule::end(char const*, int, SnortConfig*) { return true; } +bool AppIdModule::set(char const*, Value&, SnortConfig*) { return true; } +const Command* AppIdModule::get_commands() const { return nullptr; } const PegInfo* AppIdModule::get_pegs() const { return nullptr; } PegCount* AppIdModule::get_counts() const { return nullptr; } -snort::ProfileStats* AppIdModule::get_profile() const { return nullptr; } +ProfileStats* AppIdModule::get_profile() const { return nullptr; } // Stubs for config AppIdModuleConfig::~AppIdModuleConfig() {} @@ -156,9 +156,9 @@ AppId AppIdConfig::get_protocol_service_id(IpProtocol) // Stubs for AppIdInspector AppIdInspector::AppIdInspector(AppIdModule&) {} AppIdInspector::~AppIdInspector() = default; -void AppIdInspector::eval(snort::Packet*) { } -bool AppIdInspector::configure(snort::SnortConfig*) { return true; } -void AppIdInspector::show(snort::SnortConfig*) { } +void AppIdInspector::eval(Packet*) { } +bool AppIdInspector::configure(SnortConfig*) { return true; } +void AppIdInspector::show(SnortConfig*) { } void AppIdInspector::tinit() { } void AppIdInspector::tterm() { } AppIdConfig* AppIdInspector::get_appid_config() diff --git a/src/network_inspectors/appid/test/appid_expected_flags_test.cc b/src/network_inspectors/appid/test/appid_expected_flags_test.cc index f2c41f665..871e2f9e9 100644 --- a/src/network_inspectors/appid/test/appid_expected_flags_test.cc +++ b/src/network_inspectors/appid/test/appid_expected_flags_test.cc @@ -28,7 +28,7 @@ #include #include -void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } void AppIdHttpSession::set_http_change_bits(AppidChangeBits&, HttpFieldIds) {} class MockServiceDetector : public ServiceDetector diff --git a/src/network_inspectors/appid/test/appid_http_event_test.cc b/src/network_inspectors/appid/test/appid_http_event_test.cc index a7b203adf..cc885344f 100644 --- a/src/network_inspectors/appid/test/appid_http_event_test.cc +++ b/src/network_inspectors/appid/test/appid_http_event_test.cc @@ -42,7 +42,7 @@ THREAD_LOCAL AppIdDebug* appidDebug = nullptr; void AppIdDebug::activate(const Flow*, const AppIdSession*, bool) { active = true; } -void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } using namespace snort; namespace snort @@ -67,7 +67,7 @@ class FakeHttpMsgHeader }; FakeHttpMsgHeader* fake_msg_header = nullptr; -void AppIdDiscovery::publish_appid_event(AppidChangeBits&, snort::Flow*) {} +void AppIdDiscovery::publish_appid_event(AppidChangeBits&, Flow*) {} void AppIdHttpSession::set_http_change_bits(AppidChangeBits&, HttpFieldIds) {} diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc index 1b3473081..96fb2489a 100644 --- a/src/network_inspectors/appid/test/appid_http_session_test.cc +++ b/src/network_inspectors/appid/test/appid_http_session_test.cc @@ -44,7 +44,7 @@ #include using namespace snort; -void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } const char* AppInfoManager::get_app_name(AppId) { return ""; @@ -72,7 +72,7 @@ AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor&, char**, char**, } void HttpPatternMatchers::get_server_vendor_version(const char*, int, char**, - char**, snort::AppIdServiceSubtype**) + char**, AppIdServiceSubtype**) { } diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc index f97d79239..33dc2d9c0 100644 --- a/src/network_inspectors/appid/test/appid_session_api_test.cc +++ b/src/network_inspectors/appid/test/appid_session_api_test.cc @@ -30,7 +30,7 @@ #include #include -void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } void BootpServiceDetector::AppIdFreeDhcpData(DHCPData* data) { delete data; diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc index 05dfc7858..6944275b5 100644 --- a/src/network_inspectors/appid/test/service_state_test.cc +++ b/src/network_inspectors/appid/test/service_state_test.cc @@ -71,7 +71,7 @@ THREAD_LOCAL AppIdStats appid_stats; void AppIdDebug::activate(const Flow*, const AppIdSession*, bool) { active = true; } -void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } +void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { } AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector&) : FlowData(0) {} AppIdSession::~AppIdSession() = default; diff --git a/src/network_inspectors/appid/test/tp_mock.cc b/src/network_inspectors/appid/test/tp_mock.cc index 0372357b4..3eb1b3423 100644 --- a/src/network_inspectors/appid/test/tp_mock.cc +++ b/src/network_inspectors/appid/test/tp_mock.cc @@ -36,6 +36,7 @@ #define WhereMacro __FILE__ << ": " << __FUNCTION__ << ": " << __LINE__ +using namespace snort; using namespace std; class ThirdPartyAppIDModuleImpl : public ThirdPartyAppIDModule @@ -78,7 +79,7 @@ class ThirdPartyAppIDSessionImpl : public ThirdPartyAppIDSession public: bool reset() override { return 1; } - TPState process(const snort::Packet&, AppidSessionDirection, vector&, + TPState process(const Packet&, AppidSessionDirection, vector&, ThirdPartyAppIDAttributeData&) override { return TP_STATE_INIT; } int disable_flags(uint32_t) override { return 0; } diff --git a/src/network_inspectors/arp_spoof/arp_module.cc b/src/network_inspectors/arp_spoof/arp_module.cc index bb608381b..cca13a18d 100644 --- a/src/network_inspectors/arp_spoof/arp_module.cc +++ b/src/network_inspectors/arp_spoof/arp_module.cc @@ -135,7 +135,7 @@ bool ArpSpoofModule::end(const char*, int idx, SnortConfig*) } const PegInfo* ArpSpoofModule::get_pegs() const -{ return snort::simple_pegs; } +{ return simple_pegs; } PegCount* ArpSpoofModule::get_counts() const { return (PegCount*)&asstats; } diff --git a/src/network_inspectors/arp_spoof/arp_spoof.cc b/src/network_inspectors/arp_spoof/arp_spoof.cc index ecf8b2815..3b3295de6 100644 --- a/src/network_inspectors/arp_spoof/arp_spoof.cc +++ b/src/network_inspectors/arp_spoof/arp_spoof.cc @@ -154,7 +154,7 @@ void ArpSpoof::eval(Packet* p) } else { - const snort::wlan::WifiHdr* wifih = snort::layer::get_wifi_layer(p); + const wlan::WifiHdr* wifih = layer::get_wifi_layer(p); if (wifih == nullptr) return; @@ -181,7 +181,7 @@ void ArpSpoof::eval(Packet* p) } } - const snort::arp::EtherARP* ah = snort::layer::get_arp_layer(p); + const arp::EtherARP* ah = layer::get_arp_layer(p); /* is the ARP protocol type IP and the ARP hardware type Ethernet? */ if ((ntohs(ah->ea_hdr.ar_hrd) != 0x0001) || diff --git a/src/network_inspectors/normalize/norm.cc b/src/network_inspectors/normalize/norm.cc index 2760126ac..b0b2506e7 100644 --- a/src/network_inspectors/normalize/norm.cc +++ b/src/network_inspectors/normalize/norm.cc @@ -164,7 +164,7 @@ static inline NormMode get_norm_mode(const Packet * const p) { NormMode mode = NORM_MODE_ON; - if ( snort::get_inspection_policy()->policy_mode != POLICY_MODE__INLINE ) + if ( get_inspection_policy()->policy_mode != POLICY_MODE__INLINE ) mode = NORM_MODE_TEST; if ( !SFDAQ::forwarding_packet(p->pkth) ) diff --git a/src/network_inspectors/normalize/norm_module.cc b/src/network_inspectors/normalize/norm_module.cc index 21e91e2fa..bc55a7f08 100644 --- a/src/network_inspectors/normalize/norm_module.cc +++ b/src/network_inspectors/normalize/norm_module.cc @@ -358,13 +358,13 @@ bool NormalizeModule::end(const char* fqn, int, SnortConfig* sc) { if ( !strcmp(fqn, NORM_NAME) ) { - NetworkPolicy* policy = snort::get_network_policy(); + NetworkPolicy* policy = get_network_policy(); // FIXIT-M untangle these policies. this is a workaround for loading inspection-only confs if ( policy == nullptr ) { set_network_policy(sc); - policy = snort::get_network_policy(); + policy = get_network_policy(); set_network_policy((NetworkPolicy*)nullptr); } diff --git a/src/network_inspectors/normalize/normalize.cc b/src/network_inspectors/normalize/normalize.cc index 2ccd008f8..e1c2a1f18 100644 --- a/src/network_inspectors/normalize/normalize.cc +++ b/src/network_inspectors/normalize/normalize.cc @@ -70,7 +70,7 @@ static void Print_IP4(SnortConfig*, const NormalizerConfig* nc) if ( Norm_IsEnabled(nc, NORM_IP4_TTL) ) { - NetworkPolicy* policy = snort::get_network_policy(); + NetworkPolicy* policy = get_network_policy(); LogMessage("%12s: %s (min=%d, new=%d)\n", "ip4.ttl", ON, policy->min_ttl, policy->new_ttl); } @@ -92,7 +92,7 @@ static void Print_IP6(SnortConfig*, const NormalizerConfig* nc) if ( Norm_IsEnabled(nc, NORM_IP6_TTL) ) { - NetworkPolicy* policy = snort::get_network_policy(); + NetworkPolicy* policy = get_network_policy(); LogMessage("%12s: %s (min=%d, new=%d)\n", "ip6.hops", ON, policy->min_ttl, policy->new_ttl); } @@ -172,9 +172,9 @@ class Normalizer : public Inspector public: Normalizer(const NormalizerConfig&); - bool configure(snort::SnortConfig*) override; - void show(snort::SnortConfig*) override; - void eval(snort::Packet*) override; + bool configure(SnortConfig*) override; + void show(SnortConfig*) override; + void eval(Packet*) override; private: NormalizerConfig config; @@ -189,11 +189,11 @@ Normalizer::Normalizer(const NormalizerConfig& nc) // but would be better if binder could select // in which case normal_mask must be moved to flow // from cwaxman - why can't normal_mask be applied directly from Normalizer? -bool Normalizer::configure(snort::SnortConfig*) +bool Normalizer::configure(SnortConfig*) { // FIXIT-M move entire config to network policy? Leaving split loads the currently selected // network policy with whichever instantiation of an inspection policy this normalize is in - NetworkPolicy* nap = snort::get_network_policy(); + NetworkPolicy* nap = get_network_policy(); nap->normal_mask = config.normalizer_flags; @@ -211,10 +211,10 @@ bool Normalize_IsEnabled(NormFlags nf) if ( !(t_flags & nf) ) return false; - if ( snort::get_inspection_policy()->policy_mode != POLICY_MODE__INLINE ) + if ( get_inspection_policy()->policy_mode != POLICY_MODE__INLINE ) return false; - NetworkPolicy* nap = snort::get_network_policy(); + NetworkPolicy* nap = get_network_policy(); return ( (nap->normal_mask & nf) != 0 ); } @@ -222,7 +222,7 @@ NormMode Normalize_GetMode(NormFlags nf) { if (Normalize_IsEnabled(nf)) { - const PolicyMode mode = snort::get_inspection_policy()->policy_mode; + const PolicyMode mode = get_inspection_policy()->policy_mode; if ( mode == POLICY_MODE__INLINE ) return NORM_MODE_ON; @@ -230,7 +230,7 @@ NormMode Normalize_GetMode(NormFlags nf) return NORM_MODE_TEST; } -void Normalizer::show(snort::SnortConfig* sc) +void Normalizer::show(SnortConfig* sc) { LogMessage("Normalizer config:\n"); Print_IP4(sc, &config); @@ -240,7 +240,7 @@ void Normalizer::show(snort::SnortConfig* sc) Print_TCP(&config); } -void Normalizer::eval(snort::Packet* p) +void Normalizer::eval(Packet* p) { Profile profile(norm_perf_stats); diff --git a/src/network_inspectors/perf_monitor/cpu_tracker.cc b/src/network_inspectors/perf_monitor/cpu_tracker.cc index c5e3e17cd..2561e78ac 100644 --- a/src/network_inspectors/perf_monitor/cpu_tracker.cc +++ b/src/network_inspectors/perf_monitor/cpu_tracker.cc @@ -38,7 +38,7 @@ #define TRACKER_NAME PERF_NAME "_cpu" -using namespace std; +using namespace snort; static inline uint64_t get_microseconds(struct timeval t) { @@ -47,7 +47,7 @@ static inline uint64_t get_microseconds(struct timeval t) CPUTracker::CPUTracker(PerfConfig *perf) : PerfTracker(perf, TRACKER_NAME) { - formatter->register_section("thread_" + to_string(snort::get_instance_id())); + formatter->register_section("thread_" + std::to_string(get_instance_id())); formatter->register_field("cpu_user", &user_stat); formatter->register_field("cpu_system", &system_stat); formatter->register_field("cpu_wall", &wall_stat); diff --git a/src/network_inspectors/perf_monitor/perf_module.cc b/src/network_inspectors/perf_monitor/perf_module.cc index 4a61e3270..b9de75f84 100644 --- a/src/network_inspectors/perf_monitor/perf_module.cc +++ b/src/network_inspectors/perf_monitor/perf_module.cc @@ -217,7 +217,7 @@ PerfConfig* PerfMonModule::get_config() } const PegInfo* PerfMonModule::get_pegs() const -{ return snort::simple_pegs; } +{ return simple_pegs; } PegCount* PerfMonModule::get_counts() const { return (PegCount*)&pmstats; } diff --git a/src/network_inspectors/perf_monitor/perf_tracker.cc b/src/network_inspectors/perf_monitor/perf_tracker.cc index d03d6cd59..fb36cc207 100644 --- a/src/network_inspectors/perf_monitor/perf_tracker.cc +++ b/src/network_inspectors/perf_monitor/perf_tracker.cc @@ -123,12 +123,12 @@ bool PerfTracker::open(bool append) file_name, mode, get_error(errno)); } - if (chown(file_name, snort::SnortConfig::get_uid(), - snort::SnortConfig::get_gid()) != 0) + if (chown(file_name, SnortConfig::get_uid(), + SnortConfig::get_gid()) != 0) { WarningMessage("perfmonitor: Unable to change permissions of " "stats file '%s' to user:%d and group:%d: %s.\n", - file_name, snort::SnortConfig::get_uid(), snort::SnortConfig::get_gid(), + file_name, SnortConfig::get_uid(), SnortConfig::get_gid(), get_error(errno)); } } diff --git a/src/network_inspectors/port_scan/ps_module.cc b/src/network_inspectors/port_scan/ps_module.cc index 9f49d128e..85abdd373 100644 --- a/src/network_inspectors/port_scan/ps_module.cc +++ b/src/network_inspectors/port_scan/ps_module.cc @@ -199,7 +199,7 @@ ProfileStats* PortScanModule::get_profile() const { return &psPerfStats; } const PegInfo* PortScanModule::get_pegs() const -{ return snort::simple_pegs; } +{ return simple_pegs; } PegCount* PortScanModule::get_counts() const { return (PegCount*)&spstats; } diff --git a/src/network_inspectors/reputation/reputation_parse.cc b/src/network_inspectors/reputation/reputation_parse.cc index 659ef4212..8938f3c67 100644 --- a/src/network_inspectors/reputation/reputation_parse.cc +++ b/src/network_inspectors/reputation/reputation_parse.cc @@ -308,7 +308,7 @@ static int64_t update_entry_info(INFO* current, INFO new_entry, SaveDest save_de return bytes_allocated; } -static int add_ip(snort::SfCidr* ip_addr,INFO info_ptr, ReputationConfig* config) +static int add_ip(SfCidr* ip_addr,INFO info_ptr, ReputationConfig* config) { int ret; int final_ret = IP_INSERT_SUCCESS; @@ -358,7 +358,7 @@ static int add_ip(snort::SfCidr* ip_addr,INFO info_ptr, ReputationConfig* config } // FIXIT-L X Remove this or at least move it to SfCidr? -static int snort_pton_address(char const* src, snort::SfCidr* dest) +static int snort_pton_address(char const* src, SfCidr* dest) { unsigned char _temp[sizeof(struct in6_addr)]; @@ -374,7 +374,7 @@ static int snort_pton_address(char const* src, snort::SfCidr* dest) // FIXIT-L X Remove this or at least move it to SfCidr? #define isident(x) (isxdigit((x)) || (x) == ':' || (x) == '.') -static int snort_pton(char const* src, snort::SfCidr* dest) +static int snort_pton(char const* src, SfCidr* dest) { char ipbuf[INET6_ADDRSTRLEN]; char cidrbuf[sizeof("128")]; @@ -498,7 +498,7 @@ static int snort_pton(char const* src, snort::SfCidr* dest) static int process_line(char* line, INFO info, ReputationConfig* config) { - snort::SfCidr address; + SfCidr address; if ( !line || *line == '\0' ) return IP_INSERT_SUCCESS; diff --git a/src/network_inspectors/rna/rna_pnd.cc b/src/network_inspectors/rna/rna_pnd.cc index ed818d6d5..1dd6c5ecd 100644 --- a/src/network_inspectors/rna/rna_pnd.cc +++ b/src/network_inspectors/rna/rna_pnd.cc @@ -42,7 +42,7 @@ using namespace snort; static inline bool is_eligible_packet(const Packet* p) { if ( p->has_ip() or - memcmp(snort::layer::get_eth_layer(p)->ether_src, zero_mac, MAC_SIZE) ) + memcmp(layer::get_eth_layer(p)->ether_src, zero_mac, MAC_SIZE) ) return true; return false; } @@ -68,8 +68,8 @@ static inline bool is_eligible_udp(const Packet* p) return false; if ( p->is_from_client() ) { - const snort::SfIp* src = p->ptrs.ip_api.get_src(); - const snort::SfIp* dst = p->ptrs.ip_api.get_dst(); + const SfIp* src = p->ptrs.ip_api.get_src(); + const SfIp* dst = p->ptrs.ip_api.get_dst(); if ( !src->is_set() and IN6_IS_ADDR_MULTICAST(dst->get_ip6_ptr()) and p->ptrs.sp == 68 and p->ptrs.dp == 67 ) return false; // skip BOOTP @@ -162,7 +162,7 @@ void RnaPnd::discover_network(const Packet* p, u_int8_t ttl) } -void RnaPnd::generate_change_host_update(RnaTracker* ht, const snort::Packet* p, +void RnaPnd::generate_change_host_update(RnaTracker* ht, const Packet* p, const SfIp* src_ip, const uint8_t* src_mac, time_t sec) { if ( !ht || !update_timeout) diff --git a/src/packet_io/active.cc b/src/packet_io/active.cc index 8c5359927..1e7841b29 100644 --- a/src/packet_io/active.cc +++ b/src/packet_io/active.cc @@ -149,9 +149,9 @@ void Active::kill_session(Packet* p, EncodeFlags flags) default: if ( packet_force_dropped() ) - send_unreach(p, snort::UnreachResponse::FWD); + send_unreach(p, UnreachResponse::FWD); else - send_unreach(p, snort::UnreachResponse::PORT); + send_unreach(p, UnreachResponse::PORT); break; } } @@ -217,7 +217,7 @@ void Active::send_reset(Packet* p, EncodeFlags ef) } } -void Active::send_unreach(Packet* p, snort::UnreachResponse type) +void Active::send_unreach(Packet* p, UnreachResponse type) { uint32_t len; const uint8_t* rej; diff --git a/src/parser/parse_ip.cc b/src/parser/parse_ip.cc index 7c7994ba5..d3469b5fc 100644 --- a/src/parser/parse_ip.cc +++ b/src/parser/parse_ip.cc @@ -28,14 +28,16 @@ #include "sfip/sf_vartable.h" #include "utils/util.h" +using namespace snort; + sfip_var_t* sfip_var_from_string(const char* addr, const char* caller) { sfip_var_t* ret; int ret_code; vartable_t* ip_vartable = nullptr; - if (snort::get_ips_policy()) - ip_vartable = snort::get_ips_policy()->ip_vartable; + if (get_ips_policy()) + ip_vartable = get_ips_policy()->ip_vartable; ret = (sfip_var_t*)snort_calloc(sizeof(sfip_var_t)); @@ -43,26 +45,26 @@ sfip_var_t* sfip_var_from_string(const char* addr, const char* caller) { if (ret_code == SFIP_LOOKUP_FAILURE) { - snort::ParseError("%s: Undefined variable in the IP list: %s", caller, addr); + ParseError("%s: Undefined variable in the IP list: %s", caller, addr); return ret; } else if (ret_code == SFIP_CONFLICT) { - snort::ParseError("%s: Negated IP ranges equal to or" + ParseError("%s: Negated IP ranges equal to or" " more-specific than non-negated ranges are not allowed." " Consider inverting the logic: %s.", caller, addr); return ret; } else if (ret_code == SFIP_LOOKUP_UNAVAILABLE) { - snort::ParseError("%s: Error parsing IP list: %s. " + ParseError("%s: Error parsing IP list: %s. " "Snort variables are only permitted in rule headers, otherwise use Lua variables.", caller, addr); return ret; } else { - snort::ParseError("%s: Unable to process IP list: %s", caller, addr); + ParseError("%s: Unable to process IP list: %s", caller, addr); return ret; } } diff --git a/src/parser/parse_ports.cc b/src/parser/parse_ports.cc index e69f95adb..83d642ba9 100644 --- a/src/parser/parse_ports.cc +++ b/src/parser/parse_ports.cc @@ -286,7 +286,7 @@ static PortObject* _POParsePort(POParser* pop) (c == ',')) { /* Open ended range, highport is 65k */ - hport = snort::MAX_PORTS - 1; + hport = MAX_PORTS - 1; PortObjectAddRange(po, lport, hport); return po; } diff --git a/src/parser/parse_stream.cc b/src/parser/parse_stream.cc index ebf82e0c0..2de80d146 100644 --- a/src/parser/parse_stream.cc +++ b/src/parser/parse_stream.cc @@ -487,7 +487,7 @@ struct RuleParseState static bool exec( FsmAction act, string& tok, - RuleParseState& rps, snort::SnortConfig* sc) + RuleParseState& rps, SnortConfig* sc) { switch ( act ) { @@ -615,7 +615,7 @@ static int get_escape(const string& s) return 1; // escape, option goes to " } -void parse_stream(istream& is, snort::SnortConfig* sc) +void parse_stream(istream& is, SnortConfig* sc) { string tok; TokenType type; diff --git a/src/parser/vars.cc b/src/parser/vars.cc index 321c0bed0..5daab05e4 100644 --- a/src/parser/vars.cc +++ b/src/parser/vars.cc @@ -127,7 +127,7 @@ int PortVarDefine(SnortConfig* sc, const char* name, const char* s) PortObject* po; POParser pop; int rstat; - PortVarTable* portVarTable = snort::get_ips_policy()->portVarTable; + PortVarTable* portVarTable = get_ips_policy()->portVarTable; DisallowCrossTableDuplicateVars(sc, name, VAR_TYPE__PORTVAR); @@ -366,7 +366,7 @@ int VarIsIpList(vartable_t* ip_vartable, const char* value) void DisallowCrossTableDuplicateVars( SnortConfig*, const char* name, VarType var_type) { - IpsPolicy* dp = snort::get_ips_policy(); + IpsPolicy* dp = get_ips_policy(); VarEntry* var_table = dp->var_table; PortVarTable* portVarTable = dp->portVarTable; vartable_t* ip_vartable = dp->ip_vartable; @@ -457,7 +457,7 @@ void DisallowCrossTableDuplicateVars( VarEntry* VarDefine( SnortConfig* sc, const char* name, const char* value) { - IpsPolicy* dp = snort::get_ips_policy(); + IpsPolicy* dp = get_ips_policy(); VarEntry* var_table = dp->var_table; vartable_t* ip_vartable = dp->ip_vartable; VarEntry* p; @@ -644,7 +644,7 @@ void DeleteVars(VarEntry* var_table) const char* VarSearch(SnortConfig* sc, const char* name) { - IpsPolicy* dp = snort::get_ips_policy(); + IpsPolicy* dp = get_ips_policy(); VarEntry* var_table = dp->var_table; PortVarTable* portVarTable = dp->portVarTable; vartable_t* ip_vartable = dp->ip_vartable; diff --git a/src/piglet/piglet.cc b/src/piglet/piglet.cc index 916ae5ea9..fac58947f 100644 --- a/src/piglet/piglet.cc +++ b/src/piglet/piglet.cc @@ -31,6 +31,8 @@ #include "piglet_output.h" #include "piglet_runner.h" +using namespace snort; + namespace Piglet { int main() @@ -43,5 +45,5 @@ int main() } bool piglet_mode() -{ return snort::SnortConfig::get_conf()->run_flags & RUN_FLAG__PIGLET; } +{ return SnortConfig::get_conf()->run_flags & RUN_FLAG__PIGLET; } } // namespace Piglet diff --git a/src/piglet_plugins/pp_search_engine_iface.cc b/src/piglet_plugins/pp_search_engine_iface.cc index d1c8668e4..e6088064d 100644 --- a/src/piglet_plugins/pp_search_engine_iface.cc +++ b/src/piglet_plugins/pp_search_engine_iface.cc @@ -25,12 +25,14 @@ #include "framework/mpse.h" +using namespace snort; + static const luaL_Reg methods[] = { { nullptr, nullptr } }; -const struct Lua::InstanceInterface SearchEngineIface = +const struct Lua::InstanceInterface SearchEngineIface = { "SearchEngine", methods diff --git a/src/ports/port_object.cc b/src/ports/port_object.cc index 45b947277..48d6bb975 100644 --- a/src/ports/port_object.cc +++ b/src/ports/port_object.cc @@ -117,7 +117,7 @@ int PortObjectAddItem(PortObject* po, PortObjectItem* poi, int* errflag) p=(PortObjectItem*)sflist_next(&pos) ) { if ((p->lport == poi->lport) && (p->hport == poi->hport)) - snort::ParseWarning(WARN_RULES, "duplicate ports in list"); + ParseWarning(WARN_RULES, "duplicate ports in list"); } sflist_add_tail(po->item_list, poi); @@ -553,7 +553,7 @@ void PortObjectPrintPortsRaw(PortObject* po) SnortSnprintfAppend(buf, bufsize, " ]"); - snort::LogMessage("%s", buf); + LogMessage("%s", buf); snort_free(buf); } @@ -572,7 +572,7 @@ void PortObjectPrintEx(PortObject* po, po_print_f print_index_map) unsigned i; /* static for printing so we don't put so many bytes on the stack */ - static char print_buf[snort::MAX_PORTS]; // FIXIT-L delete this; replace with local stringstream + static char print_buf[MAX_PORTS]; // FIXIT-L delete this; replace with local stringstream int bufsize = sizeof(print_buf); print_buf[0] = '\0'; @@ -640,7 +640,7 @@ void PortObjectPrintEx(PortObject* po, po_print_f print_index_map) } SnortSnprintfAppend(print_buf, bufsize, " ]\n }\n"); - snort::LogMessage("%s", print_buf); + LogMessage("%s", print_buf); snort_free(rlist); } diff --git a/src/ports/port_utils.cc b/src/ports/port_utils.cc index 1cd40987f..c2f571e26 100644 --- a/src/ports/port_utils.cc +++ b/src/ports/port_utils.cc @@ -213,5 +213,5 @@ int* RuleListToSortedArray(SF_LIST* rl) // printing //------------------------------------------------------------------------- -char po_print_buf[snort::MAX_PORTS]; +char po_print_buf[MAX_PORTS]; diff --git a/src/ports/rule_port_tables.cc b/src/ports/rule_port_tables.cc index e6efc4107..c276e4a22 100644 --- a/src/ports/rule_port_tables.cc +++ b/src/ports/rule_port_tables.cc @@ -28,6 +28,8 @@ #include "port_object.h" #include "port_table.h" +using namespace snort; + #define DEFAULT_LARGE_RULE_GROUP 9 PortProto::PortProto() @@ -39,7 +41,7 @@ PortProto::PortProto() nfp = PortObjectNew(); if ( !src or !dst or !any or !nfp ) - snort::ParseAbort("can't allocate port structs"); + ParseAbort("can't allocate port structs"); // someday these could be read from snort.conf, something like... // 'config portlist: large-rule-count ' @@ -70,7 +72,7 @@ RulePortTables* PortTablesNew() RulePortTables* rpt = new RulePortTables; if ( !(rpt->svc_any = PortObjectNew()) ) - snort::ParseAbort("ParseRulesFile udp any-any PortObjectNew() failed"); + ParseAbort("ParseRulesFile udp any-any PortObjectNew() failed"); PortObjectAddPortAny(rpt->svc_any); diff --git a/src/protocols/packet_manager.cc b/src/protocols/packet_manager.cc index f182abb35..e729c31a4 100644 --- a/src/protocols/packet_manager.cc +++ b/src/protocols/packet_manager.cc @@ -516,16 +516,16 @@ const uint8_t* PacketManager::encode_reject(UnreachResponse type, switch (type) { - case snort::UnreachResponse::NET: + case UnreachResponse::NET: icmph->code = icmp::IcmpCode::NET_UNREACH; break; - case snort::UnreachResponse::HOST: + case UnreachResponse::HOST: icmph->code = icmp::IcmpCode::HOST_UNREACH; break; - case snort::UnreachResponse::PORT: + case UnreachResponse::PORT: icmph->code = icmp::IcmpCode::PORT_UNREACH; break; - case snort::UnreachResponse::FWD: + case UnreachResponse::FWD: icmph->code = icmp::IcmpCode::PKT_FILTERED; break; default: // future proofing @@ -572,16 +572,16 @@ const uint8_t* PacketManager::encode_reject(UnreachResponse type, switch (type) { - case snort::UnreachResponse::NET: + case UnreachResponse::NET: icmph->code = icmp::Icmp6Code::UNREACH_NET; break; - case snort::UnreachResponse::HOST: + case UnreachResponse::HOST: icmph->code = icmp::Icmp6Code::UNREACH_HOST; break; - case snort::UnreachResponse::PORT: + case UnreachResponse::PORT: icmph->code = icmp::Icmp6Code::UNREACH_PORT; break; - case snort::UnreachResponse::FWD: + case UnreachResponse::FWD: icmph->code = icmp::Icmp6Code::UNREACH_FILTER_PROHIB; break; default: // future proofing diff --git a/src/search_engines/acsmx.cc b/src/search_engines/acsmx.cc index 777885f77..87291d0ef 100644 --- a/src/search_engines/acsmx.cc +++ b/src/search_engines/acsmx.cc @@ -60,6 +60,8 @@ #include "main/thread.h" #include "utils/util.h" +using namespace snort; + #define MEMASSERT(p,s) if (!(p)) { fprintf(stderr,"ACSM-No Memory: %s\n",s); exit(0); } static int max_memory = 0; @@ -315,7 +317,7 @@ int acsmAddPattern( return 0; } -static void acsmBuildMatchStateTrees(snort::SnortConfig* sc, ACSM_STRUCT* acsm) +static void acsmBuildMatchStateTrees(SnortConfig* sc, ACSM_STRUCT* acsm) { ACSM_PATTERN* mlist; @@ -402,7 +404,7 @@ static inline int _acsmCompile(ACSM_STRUCT* acsm) return 0; } -int acsmCompile(snort::SnortConfig* sc, ACSM_STRUCT* acsm) +int acsmCompile(SnortConfig* sc, ACSM_STRUCT* acsm) { if ( int rval = _acsmCompile (acsm) ) return rval; diff --git a/src/search_engines/acsmx2.cc b/src/search_engines/acsmx2.cc index d98dfab7b..e5a3829b2 100644 --- a/src/search_engines/acsmx2.cc +++ b/src/search_engines/acsmx2.cc @@ -128,7 +128,7 @@ using namespace snort; #define printf LogMessage -#define MEMASSERT(p,s) if (!(p)) { snort::FatalError("ACSM-No Memory: %s\n",s); } +#define MEMASSERT(p,s) if (!(p)) { FatalError("ACSM-No Memory: %s\n",s); } static int acsm2_total_memory = 0; static int acsm2_pattern_memory = 0; @@ -1192,7 +1192,7 @@ static void acsmUpdateMatchStates(ACSM_STRUCT2* acsm) } } -static void acsmBuildMatchStateTrees2(snort::SnortConfig* sc, ACSM_STRUCT2* acsm) +static void acsmBuildMatchStateTrees2(SnortConfig* sc, ACSM_STRUCT2* acsm) { ACSM_PATTERN2** MatchList = acsm->acsmMatchList; ACSM_PATTERN2* mlist; @@ -1365,7 +1365,7 @@ static inline int _acsmCompile2(ACSM_STRUCT2* acsm) return 0; } -int acsmCompile2(snort::SnortConfig* sc, ACSM_STRUCT2* acsm) +int acsmCompile2(SnortConfig* sc, ACSM_STRUCT2* acsm) { if ( int rval = _acsmCompile2(acsm) ) return rval; diff --git a/src/search_engines/bnfa_search.cc b/src/search_engines/bnfa_search.cc index 34791135a..0e0511bd3 100644 --- a/src/search_engines/bnfa_search.cc +++ b/src/search_engines/bnfa_search.cc @@ -355,7 +355,7 @@ static int _bnfa_list_free_table(bnfa_struct_t* bnfa) return 0; } -static void bnfaBuildMatchStateTrees(snort::SnortConfig* sc, bnfa_struct_t* bnfa) +static void bnfaBuildMatchStateTrees(SnortConfig* sc, bnfa_struct_t* bnfa) { bnfa_match_node_t* mn; bnfa_match_node_t** MatchList = bnfa->bnfaMatchList; @@ -1451,7 +1451,7 @@ static inline int _bnfaCompile(bnfa_struct_t* bnfa) return 0; } -int bnfaCompile(snort::SnortConfig* sc, bnfa_struct_t* bnfa) +int bnfaCompile(SnortConfig* sc, bnfa_struct_t* bnfa) { if ( int rval = _bnfaCompile (bnfa) ) return rval; diff --git a/src/service_inspectors/back_orifice/back_orifice.cc b/src/service_inspectors/back_orifice/back_orifice.cc index 16613dc2f..478cb7779 100644 --- a/src/service_inspectors/back_orifice/back_orifice.cc +++ b/src/service_inspectors/back_orifice/back_orifice.cc @@ -198,7 +198,7 @@ public: }; const PegInfo* BoModule::get_pegs() const -{ return snort::simple_pegs; } +{ return simple_pegs; } PegCount* BoModule::get_counts() const { return (PegCount*)&bostats; } diff --git a/src/service_inspectors/dce_rpc/dce_common.cc b/src/service_inspectors/dce_rpc/dce_common.cc index dbf55b849..f9c501cde 100644 --- a/src/service_inspectors/dce_rpc/dce_common.cc +++ b/src/service_inspectors/dce_rpc/dce_common.cc @@ -164,14 +164,14 @@ void DCE2_Detect(DCE2_SsnData* sd) DCE2_Detect(sd); return; } - snort::Packet* top_pkt = DetectionEngine::get_current_packet(); + Packet* top_pkt = DetectionEngine::get_current_packet(); DetectionEngine::detect(top_pkt); dce2_detected = 1; /* Always reset rule option data after detecting */ DCE2_ResetRopts(sd , top_pkt); } -DCE2_TransType get_dce2_trans_type(const snort::Packet* p) +DCE2_TransType get_dce2_trans_type(const Packet* p) { DCE2_SmbSsnData* smb_data = get_dce2_smb_session_data(p->flow); DCE2_SsnData* sd = (smb_data != nullptr) ? &(smb_data->sd) : nullptr; @@ -239,7 +239,7 @@ bool DceEndianness::get_offset_endianness(int32_t offset, uint8_t& endian) uint16_t DCE2_GetRpktMaxData(DCE2_RpktType rtype) { - snort::Packet* p = DetectionEngine::get_current_packet(); + Packet* p = DetectionEngine::get_current_packet(); uint16_t overhead = 0; switch (rtype) @@ -275,10 +275,10 @@ uint16_t DCE2_GetRpktMaxData(DCE2_RpktType rtype) assert(false); return 0; } - return (snort::Packet::max_dsize - overhead); + return (Packet::max_dsize - overhead); } -static void dce2_fill_rpkt_info(snort::Packet* rpkt, snort::Packet* p) +static void dce2_fill_rpkt_info(Packet* rpkt, Packet* p) { rpkt->endianness = new DceEndianness(); rpkt->pkth = p->pkth; @@ -292,10 +292,10 @@ static void dce2_fill_rpkt_info(snort::Packet* rpkt, snort::Packet* p) rpkt->user_network_policy_id = p->user_network_policy_id; } -snort::Packet* DCE2_GetRpkt(snort::Packet* p,DCE2_RpktType rpkt_type, +Packet* DCE2_GetRpkt(Packet* p,DCE2_RpktType rpkt_type, const uint8_t* data, uint32_t data_len) { - snort::Packet* rpkt = DetectionEngine::set_next_packet(p); + Packet* rpkt = DetectionEngine::set_next_packet(p); uint8_t* wrdata = const_cast(rpkt->data); dce2_fill_rpkt_info(rpkt, p); uint16_t data_overhead = 0; @@ -394,10 +394,10 @@ snort::Packet* DCE2_GetRpkt(snort::Packet* p,DCE2_RpktType rpkt_type, return nullptr; } - if ((data_overhead + data_len) > snort::Packet::max_dsize) - data_len -= (data_overhead + data_len) - snort::Packet::max_dsize; + if ((data_overhead + data_len) > Packet::max_dsize) + data_len -= (data_overhead + data_len) - Packet::max_dsize; - if (data_len > snort::Packet::max_dsize - data_overhead) + if (data_len > Packet::max_dsize - data_overhead) { delete rpkt->endianness; rpkt->endianness = nullptr; @@ -405,14 +405,14 @@ snort::Packet* DCE2_GetRpkt(snort::Packet* p,DCE2_RpktType rpkt_type, } memcpy_s((void*)(rpkt->data + data_overhead), - snort::Packet::max_dsize - data_overhead, data, data_len); + Packet::max_dsize - data_overhead, data, data_len); rpkt->dsize = data_len + data_overhead; using_rpkt = true; return rpkt; } -DCE2_Ret DCE2_AddDataToRpkt(snort::Packet* rpkt, const uint8_t* data, uint32_t data_len) +DCE2_Ret DCE2_AddDataToRpkt(Packet* rpkt, const uint8_t* data, uint32_t data_len) { if ((rpkt == nullptr) || (data == nullptr) || (data_len == 0)) return DCE2_RET__ERROR; @@ -421,16 +421,16 @@ DCE2_Ret DCE2_AddDataToRpkt(snort::Packet* rpkt, const uint8_t* data, uint32_t d return DCE2_RET__ERROR; // FIXIT-L PORT_IF_NEEDED packet size and hdr check - const uint8_t* pkt_data_end = rpkt->data + snort::Packet::max_dsize; + const uint8_t* pkt_data_end = rpkt->data + Packet::max_dsize; const uint8_t* payload_end = rpkt->data + rpkt->dsize; if ((payload_end + data_len) > pkt_data_end) data_len = pkt_data_end - payload_end; - if (data_len > snort::Packet::max_dsize - rpkt->dsize) + if (data_len > Packet::max_dsize - rpkt->dsize) return DCE2_RET__ERROR; - memcpy_s((void*)(payload_end), snort::Packet::max_dsize - rpkt->dsize, + memcpy_s((void*)(payload_end), Packet::max_dsize - rpkt->dsize, data, data_len); rpkt->dsize += (uint16_t)data_len; diff --git a/src/service_inspectors/dce_rpc/dce_smb.cc b/src/service_inspectors/dce_rpc/dce_smb.cc index 41ed77648..25d6cfabc 100644 --- a/src/service_inspectors/dce_rpc/dce_smb.cc +++ b/src/service_inspectors/dce_rpc/dce_smb.cc @@ -38,8 +38,10 @@ #include "dce_smb_utils.h" #include "dce_smb2.h" +using namespace snort; + THREAD_LOCAL dce2SmbStats dce2_smb_stats; -THREAD_LOCAL snort::ProfileStats dce2_smb_pstat_main; +THREAD_LOCAL ProfileStats dce2_smb_pstat_main; //------------------------------------------------------------------------- // debug stuff @@ -314,16 +316,16 @@ const char* get_smb_com_string(uint8_t b) // class stuff //------------------------------------------------------------------------- -class Dce2Smb : public snort::Inspector +class Dce2Smb : public Inspector { public: Dce2Smb(const dce2SmbProtoConf&); ~Dce2Smb() override; - void show(snort::SnortConfig*) override; - void eval(snort::Packet*) override; - void clear(snort::Packet*) override; - snort::StreamSplitter* get_splitter(bool c2s) override + void show(SnortConfig*) override; + void eval(Packet*) override; + void clear(Packet*) override; + StreamSplitter* get_splitter(bool c2s) override { return new Dce2SmbSplitter(c2s); } @@ -338,7 +340,7 @@ Dce2Smb::Dce2Smb(const dce2SmbProtoConf& pc) if ((config.smb_file_inspection == DCE2_SMB_FILE_INSPECTION_ONLY) || (config.smb_file_inspection == DCE2_SMB_FILE_INSPECTION_ON)) { - snort::Active::set_enabled(); + Active::set_enabled(); } } @@ -350,15 +352,15 @@ Dce2Smb::~Dce2Smb() } } -void Dce2Smb::show(snort::SnortConfig*) +void Dce2Smb::show(SnortConfig*) { print_dce2_smb_conf(config); } -void Dce2Smb::eval(snort::Packet* p) +void Dce2Smb::eval(Packet* p) { DCE2_SmbSsnData* dce2_smb_sess; - snort::Profile profile(dce2_smb_pstat_main); + Profile profile(dce2_smb_pstat_main); assert(p->has_tcp_data()); assert(p->flow); @@ -385,7 +387,7 @@ void Dce2Smb::eval(snort::Packet* p) } } -void Dce2Smb::clear(snort::Packet* p) +void Dce2Smb::clear(Packet* p) { DCE2_SmbSsnData* dce2_smb_sess = get_dce2_smb_session_data(p->flow); if ( dce2_smb_sess ) @@ -398,12 +400,12 @@ void Dce2Smb::clear(snort::Packet* p) // api stuff //------------------------------------------------------------------------- -static snort::Module* mod_ctor() +static Module* mod_ctor() { return new Dce2SmbModule; } -static void mod_dtor(snort::Module* m) +static void mod_dtor(Module* m) { delete m; } @@ -416,7 +418,7 @@ static void dce2_smb_init() DceContextData::init(DCE2_TRANS_TYPE__SMB); } -static snort::Inspector* dce2_smb_ctor(snort::Module* m) +static Inspector* dce2_smb_ctor(Module* m) { Dce2SmbModule* mod = (Dce2SmbModule*)m; dce2SmbProtoConf config; @@ -424,16 +426,16 @@ static snort::Inspector* dce2_smb_ctor(snort::Module* m) return new Dce2Smb(config); } -static void dce2_smb_dtor(snort::Inspector* p) +static void dce2_smb_dtor(Inspector* p) { delete p; } -const snort::InspectApi dce2_smb_api = +const InspectApi dce2_smb_api = { { PT_INSPECTOR, - sizeof(snort::InspectApi), + sizeof(InspectApi), INSAPI_VERSION, 0, API_RESERVED, @@ -443,7 +445,7 @@ const snort::InspectApi dce2_smb_api = mod_ctor, mod_dtor }, - snort::IT_SERVICE, + IT_SERVICE, PROTO_BIT__PDU, nullptr, // buffers "netbios-ssn", diff --git a/src/service_inspectors/dce_rpc/dce_smb_commands.cc b/src/service_inspectors/dce_rpc/dce_smb_commands.cc index 49b093a75..84e258d77 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_commands.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_commands.cc @@ -422,7 +422,7 @@ static DCE2_Ret DCE2_SmbWriteAndXRawRequest(DCE2_SmbSsnData* ssd, const SmbNtHdr { const uint8_t* data_ptr = DCE2_BufferData(ftracker->fp_writex_raw->buf); uint32_t data_len = DCE2_BufferLength(ftracker->fp_writex_raw->buf); - snort::Packet* rpkt = DCE2_SmbGetRpkt(ssd, + Packet* rpkt = DCE2_SmbGetRpkt(ssd, &data_ptr, &data_len, DCE2_RPKT_TYPE__SMB_TRANS); if (rpkt == nullptr) @@ -752,7 +752,7 @@ DCE2_Ret DCE2_SmbRead(DCE2_SmbSsnData* ssd, const SmbNtHdr*, uint16_t byte_count = DCE2_ComInfoByteCount(com_info); uint16_t com_dcnt = SmbReadRespCount((const SmbReadResp*)nb_ptr); uint8_t fmt = *(nb_ptr + com_size); - uint16_t fmt_dcnt = snort::alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1)); + uint16_t fmt_dcnt = alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1)); dce2_move(nb_ptr, nb_len, (com_size + 3)); @@ -782,7 +782,7 @@ DCE2_Ret DCE2_SmbWrite(DCE2_SmbSsnData* ssd, const SmbNtHdr*, uint16_t byte_count = DCE2_ComInfoByteCount(com_info); uint8_t fmt = *(nb_ptr + com_size); uint16_t com_dcnt = SmbWriteReqCount((const SmbWriteReq*)nb_ptr); - uint16_t fmt_dcnt = snort::alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1)); + uint16_t fmt_dcnt = alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1)); uint16_t fid = SmbWriteReqFid((const SmbWriteReq*)nb_ptr); uint32_t offset = SmbWriteReqOffset((const SmbWriteReq*)nb_ptr); @@ -894,7 +894,7 @@ DCE2_Ret DCE2_SmbLockAndRead(DCE2_SmbSsnData* ssd, const SmbNtHdr*, uint16_t byte_count = DCE2_ComInfoByteCount(com_info); uint8_t fmt = *(nb_ptr + com_size); uint16_t com_dcnt = SmbLockAndReadRespCount((const SmbLockAndReadResp*)nb_ptr); - uint16_t fmt_dcnt = snort::alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1)); + uint16_t fmt_dcnt = alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1)); dce2_move(nb_ptr, nb_len, (com_size + 3)); @@ -949,7 +949,7 @@ DCE2_Ret DCE2_SmbWriteAndUnlock(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, uint16_t byte_count = DCE2_ComInfoByteCount(com_info); uint8_t fmt = *(nb_ptr + com_size); uint16_t com_dcnt = SmbWriteAndUnlockReqCount((const SmbWriteAndUnlockReq*)nb_ptr); - uint16_t fmt_dcnt = snort::alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1)); + uint16_t fmt_dcnt = alignedNtohs((const uint16_t*)(nb_ptr + com_size + 1)); uint16_t fid = SmbWriteAndUnlockReqFid((const SmbWriteAndUnlockReq*)nb_ptr); uint32_t offset = SmbWriteAndUnlockReqOffset((const SmbWriteAndUnlockReq*)nb_ptr); diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.cc b/src/service_inspectors/dce_rpc/dce_smb_module.cc index d2d01d800..6a4c06237 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_module.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_module.cc @@ -340,7 +340,7 @@ static bool set_smb_invalid_shares(dce2SmbProtoConf& config, Value& v) return(true); } -bool Dce2SmbModule::set(const char* fqn, snort::Value& v, snort::SnortConfig* c) +bool Dce2SmbModule::set(const char* fqn, Value& v, SnortConfig* c) { if (dce2_set_co_config(v,config.common)) return true; diff --git a/src/service_inspectors/dce_rpc/dce_smb_module.h b/src/service_inspectors/dce_rpc/dce_smb_module.h index 505cf2c68..11eb1e237 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_module.h +++ b/src/service_inspectors/dce_rpc/dce_smb_module.h @@ -25,7 +25,10 @@ #include "framework/module.h" #include "dce_list.h" +namespace snort +{ struct SnortConfig; +} #define DCE2_VALID_SMB_VERSION_FLAG_V1 1 #define DCE2_VALID_SMB_VERSION_FLAG_V2 2 diff --git a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc index bdf43dec7..7b1a1d4e9 100644 --- a/src/service_inspectors/dce_rpc/dce_smb_transaction.cc +++ b/src/service_inspectors/dce_rpc/dce_smb_transaction.cc @@ -217,7 +217,7 @@ static DCE2_Ret DCE2_SmbTransactionReq(DCE2_SmbSsnData* ssd, // Only two parameters but more seems okay if (param_len >= 2) { - if ((snort::alignedNtohs((const uint16_t*)param_ptr) & PIPE_STATE_MESSAGE_MODE)) + if ((alignedNtohs((const uint16_t*)param_ptr) & PIPE_STATE_MESSAGE_MODE)) ttracker->pipe_byte_mode = false; else ttracker->pipe_byte_mode = true; @@ -1031,7 +1031,7 @@ static DCE2_Ret DCE2_SmbTrans2SetFileInfoReq(DCE2_SmbSsnData* ssd, || (ftracker->ff_bytes_processed != 0)) return DCE2_RET__IGNORE; - ssd->cur_rtracker->file_size = snort::alignedNtohq((const uint64_t*)data_ptr); + ssd->cur_rtracker->file_size = alignedNtohq((const uint64_t*)data_ptr); ssd->cur_rtracker->ftracker = ftracker; return DCE2_RET__SUCCESS; @@ -1138,7 +1138,7 @@ DCE2_Ret DCE2_SmbTransaction(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_hdr, { const uint8_t* data_ptr = DCE2_BufferData(ttracker->dbuf); uint32_t data_len = DCE2_BufferLength(ttracker->dbuf); - snort::Packet* rpkt = DCE2_SmbGetRpkt(ssd, &data_ptr, + Packet* rpkt = DCE2_SmbGetRpkt(ssd, &data_ptr, &data_len, DCE2_RPKT_TYPE__SMB_TRANS); if (rpkt == nullptr) @@ -1592,7 +1592,7 @@ DCE2_Ret DCE2_SmbTransactionSecondary(DCE2_SmbSsnData* ssd, const SmbNtHdr* smb_ { const uint8_t* data_ptr = DCE2_BufferData(ttracker->dbuf); uint32_t data_len = DCE2_BufferLength(ttracker->dbuf); - snort::Packet* rpkt = DCE2_SmbGetRpkt(ssd, &data_ptr, &data_len, DCE2_RPKT_TYPE__SMB_TRANS); + Packet* rpkt = DCE2_SmbGetRpkt(ssd, &data_ptr, &data_len, DCE2_RPKT_TYPE__SMB_TRANS); if (rpkt == nullptr) return DCE2_RET__ERROR; diff --git a/src/service_inspectors/dce_rpc/smb_message.cc b/src/service_inspectors/dce_rpc/smb_message.cc index 085d87d51..7bbb6aa30 100644 --- a/src/service_inspectors/dce_rpc/smb_message.cc +++ b/src/service_inspectors/dce_rpc/smb_message.cc @@ -1344,7 +1344,7 @@ static DCE2_SmbSsnData* dce2_create_new_smb_session(Packet* p, dce2SmbProtoConf* dce2_smb_sess->tid = DCE2_SENTINEL; dce2_smb_sess->ftracker.fid_v1 = DCE2_SENTINEL; dce2_smb_sess->rtracker.mid = DCE2_SENTINEL; - dce2_smb_sess->max_file_depth = snort::FileService::get_max_file_depth(); + dce2_smb_sess->max_file_depth = FileService::get_max_file_depth(); DCE2_ResetRopts(&dce2_smb_sess->sd, p); diff --git a/src/service_inspectors/ftp_telnet/ft_main.cc b/src/service_inspectors/ftp_telnet/ft_main.cc index 3c65406d6..28c13fa6d 100644 --- a/src/service_inspectors/ftp_telnet/ft_main.cc +++ b/src/service_inspectors/ftp_telnet/ft_main.cc @@ -54,6 +54,8 @@ #include "ftp_bounce_lookup.h" #include "ftpp_return_codes.h" +using namespace snort; + void CleanupFTPCMDConf(void* ftpCmd) { FTP_CMD_CONF* FTPCmd = (FTP_CMD_CONF*)ftpCmd; @@ -125,7 +127,7 @@ static int CheckFTPCmdOptions(FTP_SERVER_PROTO_CONF* serverConf) if ( cmdConf->check_validity && !len ) { - snort::ErrorMessage("FTPConfigCheck() configuration for server, " + ErrorMessage("FTPConfigCheck() configuration for server, " "command '%s' has max length of 0 and parameters to validate\n", cmdConf->cmd_name); config_error = 1; @@ -146,24 +148,24 @@ static int CheckFTPCmdOptions(FTP_SERVER_PROTO_CONF* serverConf) * Returns: -1 on error * */ -int CheckFTPServerConfigs(snort::SnortConfig*, FTP_SERVER_PROTO_CONF* serverConf) +int CheckFTPServerConfigs(SnortConfig*, FTP_SERVER_PROTO_CONF* serverConf) { if (CheckFTPCmdOptions(serverConf)) { - snort::ErrorMessage("FTPConfigCheck(): invalid configuration for FTP commands\n"); + ErrorMessage("FTPConfigCheck(): invalid configuration for FTP commands\n"); return -1; } return 0; } // FIXIT-L eliminate legacy void* cruft -int FTPCheckConfigs(snort::SnortConfig* sc, void* pData) +int FTPCheckConfigs(SnortConfig* sc, void* pData) { FTP_SERVER_PROTO_CONF* config = (FTP_SERVER_PROTO_CONF*)pData; if ( !config ) { - snort::ErrorMessage("FTP configuration requires " + ErrorMessage("FTP configuration requires " "default client and default server configurations.\n"); return -1; } @@ -173,24 +175,24 @@ int FTPCheckConfigs(snort::SnortConfig* sc, void* pData) return rval; // Verify that FTP client and FTP data inspectors are initialized. - if(!snort::InspectorManager::get_inspector(FTP_CLIENT_NAME, false)) + if(!InspectorManager::get_inspector(FTP_CLIENT_NAME, false)) { - snort::ParseError("ftp_server requires that %s also be configured.", FTP_CLIENT_NAME); + ParseError("ftp_server requires that %s also be configured.", FTP_CLIENT_NAME); return -1; } - if(!snort::InspectorManager::get_inspector(FTP_DATA_NAME, false)) + if(!InspectorManager::get_inspector(FTP_DATA_NAME, false)) { - snort::ParseError("ftp_server requires that %s also be configured.", FTP_DATA_NAME); + ParseError("ftp_server requires that %s also be configured.", FTP_DATA_NAME); return -1; } return 0; } -void do_detection(snort::Packet* p) +void do_detection(Packet* p) { - snort::DataBus::publish(PACKET_EVENT, p); - snort::DetectionEngine::disable_all(p); + DataBus::publish(PACKET_EVENT, p); + DetectionEngine::disable_all(p); } diff --git a/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc b/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc index a084390cf..0382d9e59 100644 --- a/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc +++ b/src/service_inspectors/ftp_telnet/ftp_bounce_lookup.cc @@ -82,7 +82,7 @@ int ftp_bounce_lookup_cleanup(BOUNCE_LOOKUP** BounceLookup) * Returns: int => return code indicating error or success * */ -int ftp_bounce_lookup_add(BOUNCE_LOOKUP* BounceLookup, const snort::SfIp* Ip, +int ftp_bounce_lookup_add(BOUNCE_LOOKUP* BounceLookup, const SfIp* Ip, FTP_BOUNCE_TO* BounceTo) { int iRet; @@ -130,7 +130,7 @@ int ftp_bounce_lookup_add(BOUNCE_LOOKUP* BounceLookup, const snort::SfIp* Ip, * matching IP if found, NULL otherwise. * */ -FTP_BOUNCE_TO* ftp_bounce_lookup_find(BOUNCE_LOOKUP* BounceLookup, const snort::SfIp* Ip, +FTP_BOUNCE_TO* ftp_bounce_lookup_find(BOUNCE_LOOKUP* BounceLookup, const SfIp* Ip, int* iError) { FTP_BOUNCE_TO* BounceTo = nullptr; diff --git a/src/service_inspectors/ftp_telnet/ftp_data.cc b/src/service_inspectors/ftp_telnet/ftp_data.cc index 801ec82a4..e97132793 100644 --- a/src/service_inspectors/ftp_telnet/ftp_data.cc +++ b/src/service_inspectors/ftp_telnet/ftp_data.cc @@ -253,7 +253,7 @@ public: }; const PegInfo* FtpDataModule::get_pegs() const -{ return snort::simple_pegs; } +{ return simple_pegs; } PegCount* FtpDataModule::get_counts() const { return (PegCount*)&fdstats; } diff --git a/src/service_inspectors/ftp_telnet/ftp_parse.cc b/src/service_inspectors/ftp_telnet/ftp_parse.cc index e448ad6a5..57a9f5e39 100644 --- a/src/service_inspectors/ftp_telnet/ftp_parse.cc +++ b/src/service_inspectors/ftp_telnet/ftp_parse.cc @@ -38,6 +38,8 @@ #include "ftp_cmd_lookup.h" #include "ftpp_return_codes.h" +using namespace snort; + #define CONF_SEPARATORS " \n" #define ALLOW_BOUNCE "bounce_to" @@ -413,7 +415,7 @@ static int DoNextFormat(FTP_PARAM_FMT* ThisFmt, int allocated, { /* explicit check that we have enough room for copy */ if (numChoices <= ThisFmt->numChoices) - snort::ParseError("Can't do memcpy - index out of range "); + ParseError("Can't do memcpy - index out of range "); memcpy(tmpChoices, ThisFmt->choices, sizeof(FTP_PARAM_FMT*) * ThisFmt->numChoices); @@ -647,7 +649,7 @@ int ProcessFTPAllowBounce( if (iRet) { - snort::ParseError("Failed to add configuration for Bounce object '%s'.", ALLOW_BOUNCE); + ParseError("Failed to add configuration for Bounce object '%s'.", ALLOW_BOUNCE); snort_free(newBounce); return FTPP_FATAL_ERR; } diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc index 762ebcf43..bf36435e4 100644 --- a/src/service_inspectors/ftp_telnet/pp_ftp.cc +++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc @@ -1753,7 +1753,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) char *file_name = strrchr(ftpssn->filename, '/'); if(!file_name) file_name = ftpssn->filename; - ftpssn->path_hash = snort::str_to_hash((uint8_t *)file_name, strlen(file_name)); + ftpssn->path_hash = str_to_hash((uint8_t *)file_name, strlen(file_name)); // 0 for Download, 1 for Upload ftpssn->data_xfer_dir = CmdConf->file_get_cmd ? false : true; diff --git a/src/service_inspectors/gtp/gtp_parser.cc b/src/service_inspectors/gtp/gtp_parser.cc index 85ef05d45..8c9571d54 100644 --- a/src/service_inspectors/gtp/gtp_parser.cc +++ b/src/service_inspectors/gtp/gtp_parser.cc @@ -42,7 +42,7 @@ using namespace snort; #pragma pack(1) static inline void alert(int sid) { - snort::DetectionEngine::queue_event(GID_GTP, sid); + DetectionEngine::queue_event(GID_GTP, sid); gtp_stats.events++; } diff --git a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc index 51288c52f..faf8f0990 100644 --- a/src/service_inspectors/http2_inspect/http2_stream_splitter.cc +++ b/src/service_inspectors/http2_inspect/http2_stream_splitter.cc @@ -41,7 +41,7 @@ using namespace Http2Enums; StreamSplitter::Status Http2StreamSplitter::scan(Packet* pkt, const uint8_t* data, uint32_t length, uint32_t, uint32_t* flush_offset) { - snort::Profile profile(Http2Module::get_profile_stats()); + Profile profile(Http2Module::get_profile_stats()); // This is the session state information we share with Http2Inspect and store with stream. A // session is defined by a TCP connection. Since scan() is the first to see a new TCP @@ -99,7 +99,7 @@ StreamSplitter::Status Http2StreamSplitter::scan(Packet* pkt, const uint8_t* dat const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, unsigned offset, const uint8_t* data, unsigned len, uint32_t flags, unsigned& copied) { - snort::Profile profile(Http2Module::get_profile_stats()); + Profile profile(Http2Module::get_profile_stats()); copied = len; @@ -109,7 +109,7 @@ const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, u #ifdef REG_TEST if (HttpTestManager::use_test_input(HttpTestManager::IN_HTTP2)) { - snort::StreamBuffer http_buf { nullptr, 0 }; + StreamBuffer http_buf { nullptr, 0 }; if (!(flags & PKT_PDU_TAIL)) { return http_buf; @@ -143,7 +143,7 @@ const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, u // is implemented if (session_data->payload_discard[source_id]) { - snort::StreamBuffer frame_buf { nullptr, 0 }; + StreamBuffer frame_buf { nullptr, 0 }; session_data->payload_discard[source_id] = false; #ifdef REG_TEST @@ -175,7 +175,7 @@ const StreamBuffer Http2StreamSplitter::reassemble(Flow* flow, unsigned total, u // Eventually we will need to address unexpected connection closes bool Http2StreamSplitter::finish(Flow* flow) { - snort::Profile profile(Http2Module::get_profile_stats()); + Profile profile(Http2Module::get_profile_stats()); Http2FlowData* session_data = (Http2FlowData*)flow->get_flow_data(Http2FlowData::inspector_id); // FIXIT-M - this assert has been changed to check for null session data and return false if so @@ -201,9 +201,9 @@ bool Http2StreamSplitter::finish(Flow* flow) return false; } -bool Http2StreamSplitter::init_partial_flush(snort::Flow* flow) +bool Http2StreamSplitter::init_partial_flush(Flow* flow) { - snort::Profile profile(Http2Module::get_profile_stats()); + Profile profile(Http2Module::get_profile_stats()); if (source_id != SRC_SERVER) { diff --git a/src/service_inspectors/http2_inspect/http2_tables.cc b/src/service_inspectors/http2_inspect/http2_tables.cc index 510df8ccb..04a44eb70 100644 --- a/src/service_inspectors/http2_inspect/http2_tables.cc +++ b/src/service_inspectors/http2_inspect/http2_tables.cc @@ -27,8 +27,9 @@ #include "http2_module.h" using namespace Http2Enums; +using namespace snort; -const snort::RuleMap Http2Module::http2_events[] = +const RuleMap Http2Module::http2_events[] = { { EVENT_INT_DECODE_FAILURE, "error in HPACK integer value" }, { EVENT_INT_LEADING_ZEROS, "integer value has leading zeros" }, diff --git a/src/service_inspectors/http_inspect/http_js_norm.cc b/src/service_inspectors/http_inspect/http_js_norm.cc index f35a0ac2c..8a3702d89 100644 --- a/src/service_inspectors/http_inspect/http_js_norm.cc +++ b/src/service_inspectors/http_inspect/http_js_norm.cc @@ -46,8 +46,8 @@ void HttpJsNorm::configure() if ( javascript_search_mpse || htmltype_search_mpse ) return; - javascript_search_mpse = new snort::SearchTool; - htmltype_search_mpse = new snort::SearchTool; + javascript_search_mpse = new SearchTool; + htmltype_search_mpse = new SearchTool; javascript_search_mpse->add(script_start, script_start_length, JS_JAVASCRIPT); javascript_search_mpse->prep(); diff --git a/src/service_inspectors/http_inspect/http_msg_body.cc b/src/service_inspectors/http_inspect/http_msg_body.cc index 9613bd5bb..38173f923 100644 --- a/src/service_inspectors/http_inspect/http_msg_body.cc +++ b/src/service_inspectors/http_inspect/http_msg_body.cc @@ -36,7 +36,7 @@ using namespace HttpCommon; using namespace HttpEnums; HttpMsgBody::HttpMsgBody(const uint8_t* buffer, const uint16_t buf_size, - HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, snort::Flow* flow_, + HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, Flow* flow_, const HttpParaList* params_) : HttpMsgSection(buffer, buf_size, session_data_, source_id_, buf_owner, flow_, params_), body_octets(session_data->body_octets[source_id]), @@ -60,7 +60,7 @@ void HttpMsgBody::analyze() detect_data.set(detect_length, js_norm_body.start()); if (!session_data->partial_flush[source_id]) session_data->detect_depth_remaining[source_id] -= detect_length; - snort::set_file_data(const_cast(detect_data.start()), + set_file_data(const_cast(detect_data.start()), (unsigned)detect_data.length()); } @@ -223,7 +223,7 @@ void HttpMsgBody::do_file_processing(const Field& file_data) if (!session_data->mime_state[source_id]) { - snort::FileFlows* file_flows = snort::FileFlows::get_file_flows(flow); + FileFlows* file_flows = FileFlows::get_file_flows(flow); const bool download = (source_id == SRC_SERVER); size_t file_index = 0; diff --git a/src/service_inspectors/http_inspect/http_msg_header.h b/src/service_inspectors/http_inspect/http_msg_header.h index f969dbfd3..8c4f7fb8e 100644 --- a/src/service_inspectors/http_inspect/http_msg_header.h +++ b/src/service_inspectors/http_inspect/http_msg_header.h @@ -54,7 +54,7 @@ private: void setup_file_decompression(); // Dummy configurations to support MIME processing - MailLogConfig mime_conf; + snort::MailLogConfig mime_conf; snort::DecodeConfig decode_conf; Field true_ip; diff --git a/src/service_inspectors/http_inspect/http_msg_request.cc b/src/service_inspectors/http_inspect/http_msg_request.cc index 26fe7347d..260f50416 100644 --- a/src/service_inspectors/http_inspect/http_msg_request.cc +++ b/src/service_inspectors/http_inspect/http_msg_request.cc @@ -29,9 +29,10 @@ using namespace HttpCommon; using namespace HttpEnums; +using namespace snort; HttpMsgRequest::HttpMsgRequest(const uint8_t* buffer, const uint16_t buf_size, - HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, snort::Flow* flow_, + HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, Flow* flow_, const HttpParaList* params_) : HttpMsgStart(buffer, buf_size, session_data_, source_id_, buf_owner, flow_, params_) { diff --git a/src/service_inspectors/http_inspect/http_msg_section.cc b/src/service_inspectors/http_inspect/http_msg_section.cc index b6fbaba6a..d99577e7b 100644 --- a/src/service_inspectors/http_inspect/http_msg_section.cc +++ b/src/service_inspectors/http_inspect/http_msg_section.cc @@ -37,9 +37,10 @@ using namespace HttpCommon; using namespace HttpEnums; +using namespace snort; HttpMsgSection::HttpMsgSection(const uint8_t* buffer, const uint16_t buf_size, - HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, snort::Flow* flow_, + HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, Flow* flow_, const HttpParaList* params_) : msg_text(buf_size, buffer, buf_owner), session_data(session_data_), @@ -88,14 +89,14 @@ void HttpMsgSection::update_depth() const else { // Just for file processing - session_data->section_size_target[source_id] = snort::SnortConfig::get_conf()->max_pdu; + session_data->section_size_target[source_id] = SnortConfig::get_conf()->max_pdu; session_data->stretch_section_to_packet[source_id] = true; } return; } const unsigned target_size = (session_data->compression[source_id] == CMP_NONE) ? - snort::SnortConfig::get_conf()->max_pdu : GZIP_BLOCK_SIZE; + SnortConfig::get_conf()->max_pdu : GZIP_BLOCK_SIZE; if (detect_depth_remaining <= target_size) { diff --git a/src/service_inspectors/http_inspect/http_msg_status.cc b/src/service_inspectors/http_inspect/http_msg_status.cc index 4c647f761..49a49b45a 100644 --- a/src/service_inspectors/http_inspect/http_msg_status.cc +++ b/src/service_inspectors/http_inspect/http_msg_status.cc @@ -31,9 +31,10 @@ using namespace HttpCommon; using namespace HttpEnums; +using namespace snort; HttpMsgStatus::HttpMsgStatus(const uint8_t* buffer, const uint16_t buf_size, - HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, snort::Flow* flow_, + HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, Flow* flow_, const HttpParaList* params_) : HttpMsgStart(buffer, buf_size, session_data_, source_id_, buf_owner, flow_, params_) { diff --git a/src/service_inspectors/http_inspect/http_msg_trailer.cc b/src/service_inspectors/http_inspect/http_msg_trailer.cc index e4c52fc78..067573f77 100644 --- a/src/service_inspectors/http_inspect/http_msg_trailer.cc +++ b/src/service_inspectors/http_inspect/http_msg_trailer.cc @@ -29,9 +29,10 @@ using namespace HttpCommon; using namespace HttpEnums; +using namespace snort; HttpMsgTrailer::HttpMsgTrailer(const uint8_t* buffer, const uint16_t buf_size, - HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, snort::Flow* flow_, + HttpFlowData* session_data_, SourceId source_id_, bool buf_owner, Flow* flow_, const HttpParaList* params_) : HttpMsgHeadShared(buffer, buf_size, session_data_, source_id_, buf_owner, flow_, params_) { diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_finish.cc b/src/service_inspectors/http_inspect/http_stream_splitter_finish.cc index 69fe076c9..46b2c63fc 100644 --- a/src/service_inspectors/http_inspect/http_stream_splitter_finish.cc +++ b/src/service_inspectors/http_inspect/http_stream_splitter_finish.cc @@ -33,10 +33,11 @@ using namespace HttpCommon; using namespace HttpEnums; +using namespace snort; -bool HttpStreamSplitter::finish(snort::Flow* flow) +bool HttpStreamSplitter::finish(Flow* flow) { - snort::Profile profile(HttpModule::get_profile_stats()); + Profile profile(HttpModule::get_profile_stats()); HttpFlowData* session_data = (HttpFlowData*)flow->get_flow_data(HttpFlowData::inspector_id); // FIXIT-M - this assert has been changed to check for null session data and return false if so @@ -123,10 +124,10 @@ bool HttpStreamSplitter::finish(snort::Flow* flow) (session_data->cutter[source_id] != nullptr) && (session_data->cutter[source_id]->get_octets_seen() == 0)) { - snort::Packet* packet = snort::DetectionEngine::get_current_packet(); + Packet* packet = DetectionEngine::get_current_packet(); if (!session_data->mime_state[source_id]) { - snort::FileFlows* file_flows = snort::FileFlows::get_file_flows(flow); + FileFlows* file_flows = FileFlows::get_file_flows(flow); const bool download = (source_id == SRC_SERVER); size_t file_index = 0; @@ -155,9 +156,9 @@ bool HttpStreamSplitter::finish(snort::Flow* flow) return session_data->section_type[source_id] != SEC__NOT_COMPUTE; } -bool HttpStreamSplitter::init_partial_flush(snort::Flow* flow) +bool HttpStreamSplitter::init_partial_flush(Flow* flow) { - snort::Profile profile(HttpModule::get_profile_stats()); + Profile profile(HttpModule::get_profile_stats()); if (source_id != SRC_SERVER) { diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc b/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc index 01baa31dc..5cc775191 100644 --- a/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc +++ b/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc @@ -29,6 +29,7 @@ #include "http_test_input.h" using namespace HttpEnums; +using namespace snort; void HttpStreamSplitter::chunk_spray(HttpFlowData* session_data, uint8_t* buffer, const uint8_t* data, unsigned length) const @@ -221,12 +222,12 @@ void HttpStreamSplitter::decompress_copy(uint8_t* buffer, uint32_t& offset, cons offset += length; } -const snort::StreamBuffer HttpStreamSplitter::reassemble(snort::Flow* flow, unsigned total, +const StreamBuffer HttpStreamSplitter::reassemble(Flow* flow, unsigned total, unsigned, const uint8_t* data, unsigned len, uint32_t flags, unsigned& copied) { - snort::Profile profile(HttpModule::get_profile_stats()); + Profile profile(HttpModule::get_profile_stats()); - snort::StreamBuffer http_buf { nullptr, 0 }; + StreamBuffer http_buf { nullptr, 0 }; copied = len; diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc index c68e5fcf5..9901b70d0 100644 --- a/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc +++ b/src/service_inspectors/http_inspect/http_stream_splitter_scan.cc @@ -125,7 +125,7 @@ void HttpStreamSplitter::detain_packet(Packet* pkt) StreamSplitter::Status HttpStreamSplitter::scan(Packet* pkt, const uint8_t* data, uint32_t length, uint32_t, uint32_t* flush_offset) { - snort::Profile profile(HttpModule::get_profile_stats()); + Profile profile(HttpModule::get_profile_stats()); assert(length <= MAX_OCTETS); diff --git a/src/service_inspectors/http_inspect/http_tables.cc b/src/service_inspectors/http_inspect/http_tables.cc index 960bf803d..92ab812fe 100644 --- a/src/service_inspectors/http_inspect/http_tables.cc +++ b/src/service_inspectors/http_inspect/http_tables.cc @@ -26,6 +26,7 @@ #include "http_msg_request.h" using namespace HttpEnums; +using namespace snort; const StrCode HttpMsgRequest::method_list[] = { @@ -274,7 +275,7 @@ const HeaderNormalizer* const HttpMsgHeadShared::header_norms[HEAD__MAX_VALUE] = &NORMALIZER_BASIC, // HEAD_PROXY_AGENT }; -const snort::RuleMap HttpModule::http_events[] = +const RuleMap HttpModule::http_events[] = { { EVENT_ASCII, "ascii encoding" }, { EVENT_DOUBLE_DECODE, "double decoding attack" }, diff --git a/src/service_inspectors/http_inspect/http_uri.cc b/src/service_inspectors/http_inspect/http_uri.cc index 1355a9023..b1e1183ea 100644 --- a/src/service_inspectors/http_inspect/http_uri.cc +++ b/src/service_inspectors/http_inspect/http_uri.cc @@ -29,6 +29,7 @@ using namespace HttpCommon; using namespace HttpEnums; +using namespace snort; void HttpUri::parse_uri() { @@ -319,7 +320,7 @@ size_t HttpUri::get_file_proc_hash() if (abs_path.length() > 0 ) { - abs_path_hash = snort::str_to_hash(abs_path.start(), abs_path.length()); + abs_path_hash = str_to_hash(abs_path.start(), abs_path.length()); } return abs_path_hash; diff --git a/src/service_inspectors/http_inspect/http_uri_norm.cc b/src/service_inspectors/http_inspect/http_uri_norm.cc index 02127e2c6..a072e697b 100644 --- a/src/service_inspectors/http_inspect/http_uri_norm.cc +++ b/src/service_inspectors/http_inspect/http_uri_norm.cc @@ -29,6 +29,7 @@ #include "log/messages.h" using namespace HttpEnums; +using namespace snort; void UriNormalizer::normalize(const Field& input, Field& result, bool do_path, uint8_t* buffer, const HttpParaList::UriParam& uri_param, HttpInfractions* infractions, HttpEventGen* events) @@ -634,21 +635,21 @@ void UriNormalizer::load_unicode_map(uint8_t map[65536], const char* filename, i FILE* file = fopen(filename, "r"); if (file == nullptr) { - snort::ParseError("Cannot open unicode map file %s", filename); + ParseError("Cannot open unicode map file %s", filename); return; } // Advance file to the desired code page if (!advance_to_code_page(file, code_page)) { - snort::ParseError("Did not find code page %d in unicode map file %s", code_page, filename); + ParseError("Did not find code page %d in unicode map file %s", code_page, filename); fclose(file); return; } if (!map_code_points(file, map)) { - snort::ParseError("Error while reading code page %d in unicode map file %s", code_page, filename); + ParseError("Error while reading code page %d in unicode map file %s", code_page, filename); fclose(file); return; } diff --git a/src/service_inspectors/imap/imap_config.h b/src/service_inspectors/imap/imap_config.h index 64b86ae3c..8e66f51e8 100644 --- a/src/service_inspectors/imap/imap_config.h +++ b/src/service_inspectors/imap/imap_config.h @@ -26,7 +26,7 @@ struct IMAP_PROTO_CONF { snort::DecodeConfig decode_conf; - MailLogConfig log_config; + snort::MailLogConfig log_config; }; struct ImapStats diff --git a/src/service_inspectors/pop/pop_config.h b/src/service_inspectors/pop/pop_config.h index ec6834c22..cbd631919 100644 --- a/src/service_inspectors/pop/pop_config.h +++ b/src/service_inspectors/pop/pop_config.h @@ -26,7 +26,7 @@ struct POP_PROTO_CONF { snort::DecodeConfig decode_conf; - MailLogConfig log_config; + snort::MailLogConfig log_config; }; struct PopStats diff --git a/src/service_inspectors/sip/test/sip_splitter_scan_test.cc b/src/service_inspectors/sip/test/sip_splitter_scan_test.cc index d17b38eb1..3fb0d127c 100644 --- a/src/service_inspectors/sip/test/sip_splitter_scan_test.cc +++ b/src/service_inspectors/sip/test/sip_splitter_scan_test.cc @@ -31,6 +31,8 @@ #include #include +using namespace snort; + TEST_GROUP(sip_splitter_scan_test) { SipSplitterUT ssut = SipSplitterUT(SipSplitter(true)); @@ -44,9 +46,9 @@ TEST_GROUP(sip_splitter_scan_test) TEST(sip_splitter_scan_test, scan_start_content_len_test) { uint32_t fp = 0; - snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr, + StreamSplitter::Status ret = ssut.splitter_scan(nullptr, (const uint8_t *)"0xBEEF0xBEEF\n", 13, 0, &fp); - CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH); + CHECK_EQUAL(ret, StreamSplitter::SEARCH); CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_CONTENT_LEN_CMD); CHECK_EQUAL(fp, 0); } @@ -54,9 +56,9 @@ TEST(sip_splitter_scan_test, scan_start_content_len_test) TEST(sip_splitter_scan_test, scan_start_content_len_negative_test) { uint32_t fp = 0; - snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr, + StreamSplitter::Status ret = ssut.splitter_scan(nullptr, (const uint8_t *)"0xBEEF0xBEEF", 12, 0, &fp); - CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH); + CHECK_EQUAL(ret, StreamSplitter::SEARCH); CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_START_STATE); CHECK_EQUAL(fp, 0); } @@ -65,9 +67,9 @@ TEST(sip_splitter_scan_test, scan_process_cmd_test) { uint32_t fp = 0; ssut.splitter_set_paf_state(SIP_PAF_CONTENT_LEN_CMD); - snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr, + StreamSplitter::Status ret = ssut.splitter_scan(nullptr, (const uint8_t *)"C", 1, 0, &fp); - CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH); + CHECK_EQUAL(ret, StreamSplitter::SEARCH); CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_CONTENT_LEN_CMD); CHECK_EQUAL(*ssut.splitter_get_next_letter(), (ssut.splitter_get_content_length_key())[1]); CHECK_EQUAL(fp, 0); @@ -77,9 +79,9 @@ TEST(sip_splitter_scan_test, scan_content_len_convert_body_search_test) { uint32_t fp = 0; ssut.splitter_set_paf_state(SIP_PAF_CONTENT_LEN_CONVERT); - snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr, + StreamSplitter::Status ret = ssut.splitter_scan(nullptr, (const uint8_t *)"144 ", 4, 0, &fp); - CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH); + CHECK_EQUAL(ret, StreamSplitter::SEARCH); CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_BODY_SEARCH); CHECK_EQUAL(ssut.splitter_get_content_length(), 144); CHECK_EQUAL(fp, 0); @@ -89,9 +91,9 @@ TEST(sip_splitter_scan_test, scan_content_len_invalid_test) { uint32_t fp = 0; ssut.splitter_set_paf_state(SIP_PAF_CONTENT_LEN_CONVERT); - snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr, + StreamSplitter::Status ret = ssut.splitter_scan(nullptr, (const uint8_t *)"144i", 4, 0, &fp); - CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH); + CHECK_EQUAL(ret, StreamSplitter::SEARCH); CHECK_TRUE(ssut.is_init()); CHECK_EQUAL(fp, 0); } @@ -100,9 +102,9 @@ TEST(sip_splitter_scan_test, scan_search_body_test) { uint32_t fp = 0; ssut.splitter_set_paf_state(SIP_PAF_BODY_SEARCH); - snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr, + StreamSplitter::Status ret = ssut.splitter_scan(nullptr, (const uint8_t *)"\r\n\r\n", 4, 0, &fp); - CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH); + CHECK_EQUAL(ret, StreamSplitter::SEARCH); CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_FLUSH_STATE); CHECK_EQUAL(fp, 0); @@ -110,7 +112,7 @@ TEST(sip_splitter_scan_test, scan_search_body_test) ssut.splitter_set_paf_state(SIP_PAF_BODY_SEARCH); ret = ssut.splitter_scan(nullptr, (const uint8_t *)"\n\n", 2, 0, &fp); - CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH); + CHECK_EQUAL(ret, StreamSplitter::SEARCH); CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_FLUSH_STATE); CHECK_EQUAL(fp, 0); } @@ -122,9 +124,9 @@ TEST(sip_splitter_scan_test, scan_flush_test) ssut.splitter_set_content_length(6); // Sip splitter starts searching body from one character behind the actual body. - snort::StreamSplitter::Status ret = ssut.splitter_scan(nullptr, + StreamSplitter::Status ret = ssut.splitter_scan(nullptr, (const uint8_t *)"\nfoobar", 7, 0, &fp); - CHECK_EQUAL(ret, snort::StreamSplitter::FLUSH); + CHECK_EQUAL(ret, StreamSplitter::FLUSH); CHECK_TRUE(ssut.is_init()); CHECK_EQUAL(fp, 7); @@ -135,14 +137,14 @@ TEST(sip_splitter_scan_test, scan_flush_test) ssut.splitter_set_content_length(12); ret = ssut.splitter_scan(nullptr, (const uint8_t *)"\nfoobar", 7, 0, &fp); - CHECK_EQUAL(ret, snort::StreamSplitter::SEARCH); + CHECK_EQUAL(ret, StreamSplitter::SEARCH); CHECK_EQUAL(ssut.splitter_get_paf_state(), SIP_PAF_FLUSH_STATE); CHECK_EQUAL(ssut.splitter_get_content_length(), 5); CHECK_EQUAL(fp, 0); //Continue scanning the remaining buffer ret = ssut.splitter_scan(nullptr, (const uint8_t *)"foobar", 6, 0, &fp); - CHECK_EQUAL(ret, snort::StreamSplitter::FLUSH); + CHECK_EQUAL(ret, StreamSplitter::FLUSH); CHECK_TRUE(ssut.is_init()); CHECK_EQUAL(fp, 6); } diff --git a/src/service_inspectors/smtp/smtp.cc b/src/service_inspectors/smtp/smtp.cc index ff189989f..721e4c351 100644 --- a/src/service_inspectors/smtp/smtp.cc +++ b/src/service_inspectors/smtp/smtp.cc @@ -1588,7 +1588,7 @@ TEST_CASE("handle_header_line", "[smtp]") { // Setup MailLogConfig log_config; - snort::DecodeConfig decode_conf; + DecodeConfig decode_conf; log_config.log_email_hdrs = 0; SmtpMime mime_ssn(&decode_conf, &log_config); smtp_normalizing = true; @@ -1614,7 +1614,7 @@ TEST_CASE("normalize_data", "[smtp]") { // Setup MailLogConfig log_config; - snort::DecodeConfig decode_conf; + DecodeConfig decode_conf; SmtpMime mime_ssn(&decode_conf, &log_config); smtp_normalizing = true; SMTP_PROTO_CONF config; diff --git a/src/service_inspectors/smtp/smtp_config.h b/src/service_inspectors/smtp/smtp_config.h index ffdb30a1a..3a0d16320 100644 --- a/src/service_inspectors/smtp/smtp_config.h +++ b/src/service_inspectors/smtp/smtp_config.h @@ -129,7 +129,7 @@ struct SMTP_PROTO_CONF int max_header_line_len = 0; int max_response_line_len = 0; int xlink2state; - MailLogConfig log_config; + snort::MailLogConfig log_config; snort::DecodeConfig decode_conf; uint32_t xtra_filename_id; diff --git a/src/service_inspectors/smtp/smtp_normalize.cc b/src/service_inspectors/smtp/smtp_normalize.cc index 3731e18f2..8e22f647c 100644 --- a/src/service_inspectors/smtp/smtp_normalize.cc +++ b/src/service_inspectors/smtp/smtp_normalize.cc @@ -41,6 +41,8 @@ #include "smtp.h" #include "smtp_util.h" +using namespace snort; + /* * SMTP_NormalizeCmd * @@ -66,7 +68,7 @@ * @retval 0 function succeeded without error * @retval -1 there were errors */ -int SMTP_NormalizeCmd(snort::Packet* p, const uint8_t* ptr, const uint8_t* eolm, const uint8_t* eol) +int SMTP_NormalizeCmd(Packet* p, const uint8_t* ptr, const uint8_t* eolm, const uint8_t* eol) { const uint8_t* tmp; const uint8_t* cmd_start; diff --git a/src/service_inspectors/smtp/smtp_xlink2state.cc b/src/service_inspectors/smtp/smtp_xlink2state.cc index 70a6c74a7..a1a837bb4 100644 --- a/src/service_inspectors/smtp/smtp_xlink2state.cc +++ b/src/service_inspectors/smtp/smtp_xlink2state.cc @@ -32,6 +32,8 @@ #include "smtp_module.h" +using namespace snort; + #define XLINK_OTHER 1 #define XLINK_FIRST 2 #define XLINK_CHUNK 3 @@ -175,7 +177,7 @@ static char get_xlink_keyword(const uint8_t* ptr, const uint8_t* end) * @retval 1 if alert raised * @retval 0 if no alert raised */ -int ParseXLink2State(SMTP_PROTO_CONF* config, snort::Packet* p, SMTPData* smtp_ssn, const uint8_t* ptr) +int ParseXLink2State(SMTP_PROTO_CONF* config, Packet* p, SMTPData* smtp_ssn, const uint8_t* ptr) { const uint8_t* lf = nullptr; uint32_t len = 0; @@ -245,7 +247,7 @@ int ParseXLink2State(SMTP_PROTO_CONF* config, snort::Packet* p, SMTPData* smtp_s if (config->xlink2state == DROP_XLINK2STATE) p->active->reset_session(p); - snort::DetectionEngine::queue_event(GID_SMTP, SMTP_XLINK2STATE_OVERFLOW); + DetectionEngine::queue_event(GID_SMTP, SMTP_XLINK2STATE_OVERFLOW); smtp_ssn->session_flags |= SMTP_FLAG_XLINK2STATE_ALERTED; return 1; diff --git a/src/sfip/sf_ipvar.cc b/src/sfip/sf_ipvar.cc index 9ba09b483..28087d051 100644 --- a/src/sfip/sf_ipvar.cc +++ b/src/sfip/sf_ipvar.cc @@ -1321,23 +1321,23 @@ TEST_CASE("SfIpVarListMerge", "[SfIpVar]") CHECK(!strcmp("!9.0.0.0,!dead:beef:0000:0000:0000:0000:0000:0000", sfipvar_test_buff)); /* Check lookups */ - snort::SfIp* ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp)); + SfIp* ip = (SfIp *)snort_alloc(sizeof(SfIp)); CHECK(ip->set("9.8.3.2") == SFIP_SUCCESS); CHECK((sfvar_ip_in(var1, ip) == false)); snort_free(ip); - ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp)); + ip = (SfIp *)snort_alloc(sizeof(SfIp)); uint16_t srcBits; CHECK(ip->set("1.2.3.4/24", &srcBits) == SFIP_SUCCESS); CHECK((sfvar_ip_in(var1, ip) == true)); snort_free(ip); - ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp)); + ip = (SfIp *)snort_alloc(sizeof(SfIp)); CHECK(ip->set("dead:beef::0") == SFIP_SUCCESS); CHECK((sfvar_ip_in(var1, ip) == false)); snort_free(ip); - ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp)); + ip = (SfIp *)snort_alloc(sizeof(SfIp)); CHECK(ip->set("cafe:abcd::9999") == SFIP_SUCCESS); CHECK((sfvar_ip_in(var1, ip) == true)); snort_free(ip); diff --git a/src/sfip/sf_vartable.cc b/src/sfip/sf_vartable.cc index dab2be090..bac6498b0 100644 --- a/src/sfip/sf_vartable.cc +++ b/src/sfip/sf_vartable.cc @@ -195,7 +195,7 @@ SfIpRet sfvt_define(vartable_t* table, const char* name, const char* value) len = strlen(name) + strlen(value) + 2; buf = (char*)snort_alloc(len); - snort::SnortSnprintf(buf, len, "%s %s", name, value); + SnortSnprintf(buf, len, "%s %s", name, value); ret = sfvt_add_str(table, buf, &ipret); if ((ret == SFIP_SUCCESS) || (ret == SFIP_DUPLICATE)) @@ -361,7 +361,7 @@ TEST_CASE("SfVarTable_Kitchen_Sink", "[SfVarTable]") { vartable_t* table; sfip_var_t* var; - snort::SfIp* ip; + SfIp* ip; SfIpRet status; table = sfvt_alloc_table(); @@ -388,7 +388,7 @@ TEST_CASE("SfVarTable_Kitchen_Sink", "[SfVarTable]") /* Containment tests */ var = sfvt_lookup_var(table, "goo"); - ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp)); + ip = (SfIp *)snort_alloc(sizeof(SfIp)); status = ip->set("192.168.248.255"); CHECK(SFIP_SUCCESS == status); CHECK((sfvar_ip_in(var, ip) == false)); @@ -404,12 +404,12 @@ TEST_CASE("SfVarTable_Kitchen_Sink", "[SfVarTable]") /* Check boundary cases */ var = sfvt_lookup_var(table, "goo"); snort_free(ip); - ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp)); + ip = (SfIp *)snort_alloc(sizeof(SfIp)); status = ip->set("192.168.0.3"); CHECK(SFIP_SUCCESS == status); CHECK((sfvar_ip_in(var, ip) == false)); snort_free(ip); - ip = (snort::SfIp *)snort_alloc(sizeof(snort::SfIp)); + ip = (SfIp *)snort_alloc(sizeof(SfIp)); status = ip->set("192.168.0.2"); CHECK(SFIP_SUCCESS == status); CHECK((sfvar_ip_in(var, ip) == true)); diff --git a/src/stream/flush_bucket.cc b/src/stream/flush_bucket.cc index 05915d4b1..b19fd15a3 100644 --- a/src/stream/flush_bucket.cc +++ b/src/stream/flush_bucket.cc @@ -28,6 +28,8 @@ #include "main/snort_config.h" +using namespace snort; + //------------------------------------------------------------------------- // static base members //------------------------------------------------------------------------- @@ -42,7 +44,7 @@ void FlushBucket::set(unsigned sz) if ( sz ) s_flush_bucket = new ConstFlushBucket(sz); - else if ( snort::SnortConfig::static_hash() ) + else if ( SnortConfig::static_hash() ) s_flush_bucket = new StaticFlushBucket; else diff --git a/src/stream/libtcp/tcp_stream_session.cc b/src/stream/libtcp/tcp_stream_session.cc index a05839478..820dfb5a0 100644 --- a/src/stream/libtcp/tcp_stream_session.cc +++ b/src/stream/libtcp/tcp_stream_session.cc @@ -275,7 +275,7 @@ int TcpStreamSession::update_alert(Packet* p, uint32_t gid, uint32_t sid, return -1; } -bool TcpStreamSession::set_packet_action_to_hold(snort::Packet* p) +bool TcpStreamSession::set_packet_action_to_hold(Packet* p) { return listener->set_held_packet(p); } diff --git a/src/stream/libtcp/tcp_stream_tracker.cc b/src/stream/libtcp/tcp_stream_tracker.cc index 5d8dac635..13c1f05f7 100644 --- a/src/stream/libtcp/tcp_stream_tracker.cc +++ b/src/stream/libtcp/tcp_stream_tracker.cc @@ -669,7 +669,7 @@ bool TcpStreamTracker::is_segment_seq_valid(TcpSegmentDescriptor& tsd) return valid_seq; } -bool TcpStreamTracker::set_held_packet(snort::Packet* p) +bool TcpStreamTracker::set_held_packet(Packet* p) { // FIXIT-M - limit of packets held per packet thread should be determined based on runtime criteria // such as # of DAQ Msg buffers, # of threads, etc... for now we use small number like 10 @@ -694,7 +694,7 @@ bool TcpStreamTracker::set_held_packet(snort::Packet* p) return false; } -bool TcpStreamTracker::is_retransmit_of_held_packet(snort::Packet* cp) +bool TcpStreamTracker::is_retransmit_of_held_packet(Packet* cp) { if ( !held_packet or ( cp->daq_msg == held_packet ) ) return false; @@ -709,7 +709,7 @@ bool TcpStreamTracker::is_retransmit_of_held_packet(snort::Packet* cp) return false; } -void TcpStreamTracker::finalize_held_packet(snort::Packet* cp) +void TcpStreamTracker::finalize_held_packet(Packet* cp) { if ( held_packet ) { @@ -730,7 +730,7 @@ void TcpStreamTracker::finalize_held_packet(snort::Packet* cp) } } -void TcpStreamTracker::finalize_held_packet(snort::Flow* flow) +void TcpStreamTracker::finalize_held_packet(Flow* flow) { if ( held_packet ) { diff --git a/src/stream/paf.cc b/src/stream/paf.cc index a307358eb..d74904ed9 100644 --- a/src/stream/paf.cc +++ b/src/stream/paf.cc @@ -57,7 +57,7 @@ struct PafAux // max paf max = max datagram - eth mtu - 255 = 63780 #define MAX_PAF_MAX (65535 - PAF_LIMIT_FUZZ - 255) -THREAD_LOCAL snort::ProfileStats pafPerfStats; +THREAD_LOCAL ProfileStats pafPerfStats; //-------------------------------------------------------------------- diff --git a/src/stream/tcp/segment_overlap_editor.cc b/src/stream/tcp/segment_overlap_editor.cc index ba410a289..7c89cb56c 100644 --- a/src/stream/tcp/segment_overlap_editor.cc +++ b/src/stream/tcp/segment_overlap_editor.cc @@ -32,12 +32,13 @@ #include "tcp_normalizers.h" #include "tcp_session.h" +using namespace snort; -static void set_retransmit_flag(snort::Packet* p) +static void set_retransmit_flag(Packet* p) { - if ( snort::PacketTracer::is_active() ) + if ( PacketTracer::is_active() ) { - snort::PacketTracer::log("Packet was retransmitted and %s from the retry queue.\n", + PacketTracer::log("Packet was retransmitted and %s from the retry queue.\n", p->is_retry() ? "is" : "is not"); } @@ -517,12 +518,12 @@ int SegmentOverlapEditor::full_right_overlap_os5(TcpReassemblerState& trs) void SegmentOverlapEditor::print(TcpReassemblerState& trs) { - snort::LogMessage(" seglist_base_seq: %X\n", trs.sos.seglist_base_seq); - snort::LogMessage(" seglist head: %p\n", (void*)trs.sos.seglist.head); - snort::LogMessage(" seglist tail: %p\n", (void*)trs.sos.seglist.tail); - snort::LogMessage(" seglist current: %p\n", (void*)trs.sos.seglist.cur_rseg); - snort::LogMessage(" seg_count: %d\n", trs.sos.seg_count); - snort::LogMessage(" seg_bytes_total: %d\n", trs.sos.seg_bytes_total); - snort::LogMessage(" seg_bytes_logical: %d\n", trs.sos.seg_bytes_logical); + LogMessage(" seglist_base_seq: %X\n", trs.sos.seglist_base_seq); + LogMessage(" seglist head: %p\n", (void*)trs.sos.seglist.head); + LogMessage(" seglist tail: %p\n", (void*)trs.sos.seglist.tail); + LogMessage(" seglist current: %p\n", (void*)trs.sos.seglist.cur_rseg); + LogMessage(" seg_count: %d\n", trs.sos.seg_count); + LogMessage(" seg_bytes_total: %d\n", trs.sos.seg_bytes_total); + LogMessage(" seg_bytes_logical: %d\n", trs.sos.seg_bytes_logical); } diff --git a/src/stream/tcp/tcp_event_logger.cc b/src/stream/tcp/tcp_event_logger.cc index 2c7c08487..63629a032 100644 --- a/src/stream/tcp/tcp_event_logger.cc +++ b/src/stream/tcp/tcp_event_logger.cc @@ -32,6 +32,8 @@ #include "tcp_module.h" +using namespace snort; + struct tcp_event_sid { uint32_t event_id; @@ -69,10 +71,10 @@ struct tcp_event_sid tcp_event_sids[] = void TcpEventLogger::log_internal_event(uint32_t eventSid) { - if (is_internal_event_enabled(snort::SnortConfig::get_conf()->rate_filter_config, eventSid)) + if (is_internal_event_enabled(SnortConfig::get_conf()->rate_filter_config, eventSid)) { tcpStats.internalEvents++; - snort::DetectionEngine::queue_event(GID_SESSION, eventSid); + DetectionEngine::queue_event(GID_SESSION, eventSid); } } @@ -83,7 +85,7 @@ void TcpEventLogger::log_tcp_events() uint32_t idx = ffs(tcp_events); if ( idx ) { - snort::DetectionEngine::queue_event(GID_STREAM_TCP, tcp_event_sids[ idx ].sid); + DetectionEngine::queue_event(GID_STREAM_TCP, tcp_event_sids[ idx ].sid); tcp_events ^= tcp_event_sids[ idx ].event_id; tcpStats.events++; } diff --git a/src/stream/tcp/tcp_module.cc b/src/stream/tcp/tcp_module.cc index 69db3d00d..1d04d43fa 100644 --- a/src/stream/tcp/tcp_module.cc +++ b/src/stream/tcp/tcp_module.cc @@ -29,7 +29,6 @@ #include "stream/paf.h" using namespace snort; -using namespace std; //------------------------------------------------------------------------- // stream_tcp module diff --git a/src/stream/tcp/tcp_state_close_wait.cc b/src/stream/tcp/tcp_state_close_wait.cc index 441ad1b5b..1c2dba0ee 100644 --- a/src/stream/tcp/tcp_state_close_wait.cc +++ b/src/stream/tcp/tcp_state_close_wait.cc @@ -33,7 +33,7 @@ #include "catch/snort_catch.h" #endif -using namespace std; +using namespace snort; TcpStateCloseWait::TcpStateCloseWait(TcpStateMachine& tsm) : TcpStateHandler(TcpStreamTracker::TCP_CLOSE_WAIT, tsm) @@ -84,7 +84,7 @@ bool TcpStateCloseWait::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& tr bool TcpStateCloseWait::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - snort::Flow* flow = tsd.get_flow(); + Flow* flow = tsd.get_flow(); trk.update_tracker_ack_recv(tsd); diff --git a/src/stream/tcp/tcp_state_closed.cc b/src/stream/tcp/tcp_state_closed.cc index dfacd1f70..517241e33 100644 --- a/src/stream/tcp/tcp_state_closed.cc +++ b/src/stream/tcp/tcp_state_closed.cc @@ -31,6 +31,8 @@ #include "catch/snort_catch.h" #endif +using namespace snort; + TcpStateClosed::TcpStateClosed(TcpStateMachine& tsm) : TcpStateHandler(TcpStreamTracker::TCP_CLOSED, tsm) { @@ -44,7 +46,7 @@ bool TcpStateClosed::syn_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateClosed::syn_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - snort::Flow* flow = tsd.get_flow(); + Flow* flow = tsd.get_flow(); flow->set_expire(tsd.get_pkt(), trk.session->config->session_timeout); return true; } @@ -63,7 +65,7 @@ bool TcpStateClosed::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateClosed::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - snort::Flow* flow = tsd.get_flow(); + Flow* flow = tsd.get_flow(); trk.update_tracker_ack_sent(tsd); // data on a segment when we're not accepting data any more alert! @@ -135,7 +137,7 @@ bool TcpStateClosed::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpStr if ( trk.get_tcp_event() != TcpStreamTracker::TCP_FIN_RECV_EVENT ) { TcpStreamTracker::TcpState talker_state = trk.session->get_talker_state(); - snort::Flow* flow = tsd.get_flow(); + Flow* flow = tsd.get_flow(); if ( ( talker_state == TcpStreamTracker::TCP_TIME_WAIT ) || !flow->two_way_traffic() ) { @@ -157,7 +159,7 @@ bool TcpStateClosed::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpStr TEST_CASE("TCP State Closed", "[tcp_closed_state][stream_tcp]") { // initialization code here - snort::Flow* flow = new snort::Flow; + Flow* flow = new Flow; TcpStreamTracker* ctrk = new TcpStreamTracker(true); TcpStreamTracker* strk = new TcpStreamTracker(false); TcpEventLogger* tel = new TcpEventLogger; diff --git a/src/stream/tcp/tcp_state_closing.cc b/src/stream/tcp/tcp_state_closing.cc index 6a5b2d50b..7ae77f8f1 100644 --- a/src/stream/tcp/tcp_state_closing.cc +++ b/src/stream/tcp/tcp_state_closing.cc @@ -32,7 +32,7 @@ #include "catch/snort_catch.h" #endif -using namespace std; +using namespace snort; TcpStateClosing::TcpStateClosing(TcpStateMachine& tsm) : TcpStateHandler(TcpStreamTracker::TCP_CLOSING, tsm) @@ -89,7 +89,7 @@ bool TcpStateClosing::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateClosing::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - snort::Flow* flow = tsd.get_flow(); + Flow* flow = tsd.get_flow(); trk.update_tracker_ack_recv(tsd); if ( SEQ_GT(tsd.get_seg_seq(), trk.get_fin_final_seq() ) ) diff --git a/src/stream/tcp/tcp_state_fin_wait1.cc b/src/stream/tcp/tcp_state_fin_wait1.cc index 916a03fd6..f1a8baa22 100644 --- a/src/stream/tcp/tcp_state_fin_wait1.cc +++ b/src/stream/tcp/tcp_state_fin_wait1.cc @@ -29,7 +29,7 @@ #include "tcp_module.h" #include "tcp_session.h" -using namespace std; +using namespace snort; TcpStateFinWait1::TcpStateFinWait1(TcpStateMachine& tsm) : TcpStateHandler(TcpStreamTracker::TCP_FIN_WAIT1, tsm) @@ -95,7 +95,7 @@ bool TcpStateFinWait1::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk bool TcpStateFinWait1::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - snort::Flow* flow = tsd.get_flow(); + Flow* flow = tsd.get_flow(); trk.update_tracker_ack_recv(tsd); if ( trk.update_on_fin_recv(tsd) ) diff --git a/src/stream/tcp/tcp_state_fin_wait2.cc b/src/stream/tcp/tcp_state_fin_wait2.cc index 070105068..37738109e 100644 --- a/src/stream/tcp/tcp_state_fin_wait2.cc +++ b/src/stream/tcp/tcp_state_fin_wait2.cc @@ -28,7 +28,7 @@ #include "tcp_normalizers.h" #include "tcp_session.h" -using namespace std; +using namespace snort; TcpStateFinWait2::TcpStateFinWait2(TcpStateMachine& tsm) : TcpStateHandler(TcpStreamTracker::TCP_FIN_WAIT2, tsm) @@ -103,7 +103,7 @@ bool TcpStateFinWait2::data_seg_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker bool TcpStateFinWait2::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - snort::Flow* flow = tsd.get_flow(); + Flow* flow = tsd.get_flow(); trk.update_tracker_ack_recv(tsd); if ( trk.update_on_fin_recv(tsd) ) diff --git a/src/stream/tcp/tcp_state_last_ack.cc b/src/stream/tcp/tcp_state_last_ack.cc index 1bd5dd171..0964c7645 100644 --- a/src/stream/tcp/tcp_state_last_ack.cc +++ b/src/stream/tcp/tcp_state_last_ack.cc @@ -28,7 +28,7 @@ #include "tcp_normalizers.h" #include "tcp_session.h" -using namespace std; +using namespace snort; TcpStateLastAck::TcpStateLastAck(TcpStateMachine& tsm) : TcpStateHandler(TcpStreamTracker::TCP_LAST_ACK, tsm) @@ -85,7 +85,7 @@ bool TcpStateLastAck::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateLastAck::fin_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - snort::Flow* flow = tsd.get_flow(); + Flow* flow = tsd.get_flow(); trk.update_tracker_ack_recv(tsd); if ( SEQ_EQ(tsd.get_seg_ack(), trk.get_snd_nxt() ) ) @@ -129,7 +129,7 @@ bool TcpStateLastAck::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpSt ( trk.get_tcp_event() != TcpStreamTracker::TCP_FIN_RECV_EVENT ) ) { TcpStreamTracker::TcpState talker_state = trk.session->get_talker_state(); - snort::Flow* flow = tsd.get_flow(); + Flow* flow = tsd.get_flow(); if ( ( talker_state == TcpStreamTracker::TCP_TIME_WAIT ) || ( talker_state == TcpStreamTracker::TCP_CLOSED ) ) diff --git a/src/stream/tcp/tcp_state_syn_recv.cc b/src/stream/tcp/tcp_state_syn_recv.cc index 0ac5ffb7e..528c9807b 100644 --- a/src/stream/tcp/tcp_state_syn_recv.cc +++ b/src/stream/tcp/tcp_state_syn_recv.cc @@ -30,7 +30,6 @@ #include "tcp_session.h" using namespace snort; -using namespace std; TcpStateSynRecv::TcpStateSynRecv(TcpStateMachine& tsm) : TcpStateHandler(TcpStreamTracker::TCP_SYN_RECV, tsm) diff --git a/src/stream/tcp/tcp_state_syn_sent.cc b/src/stream/tcp/tcp_state_syn_sent.cc index 7d98b502d..b923bb155 100644 --- a/src/stream/tcp/tcp_state_syn_sent.cc +++ b/src/stream/tcp/tcp_state_syn_sent.cc @@ -27,7 +27,7 @@ #include "tcp_session.h" -using namespace std; +using namespace snort; TcpStateSynSent::TcpStateSynSent(TcpStateMachine& tsm) : TcpStateHandler(TcpStreamTracker::TCP_SYN_SENT, tsm) @@ -64,7 +64,7 @@ bool TcpStateSynSent::syn_ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& bool TcpStateSynSent::ack_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - snort::Flow* flow = tsd.get_flow(); + Flow* flow = tsd.get_flow(); // FIXIT-H verify ack being sent is valid... trk.update_tracker_ack_sent(tsd); @@ -85,7 +85,7 @@ bool TcpStateSynSent::ack_recv(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) bool TcpStateSynSent::data_seg_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& trk) { - snort::Flow* flow = tsd.get_flow(); + Flow* flow = tsd.get_flow(); // FIXIT-H verify ack being sent is valid... trk.update_tracker_ack_sent(tsd); diff --git a/src/stream/tcp/tcp_state_time_wait.cc b/src/stream/tcp/tcp_state_time_wait.cc index 3209fa7eb..9d3ffd6bd 100644 --- a/src/stream/tcp/tcp_state_time_wait.cc +++ b/src/stream/tcp/tcp_state_time_wait.cc @@ -28,7 +28,7 @@ #include "tcp_normalizers.h" #include "tcp_session.h" -using namespace std; +using namespace snort; TcpStateTimeWait::TcpStateTimeWait(TcpStateMachine& tsm) : TcpStateHandler(TcpStreamTracker::TCP_TIME_WAIT, tsm) @@ -113,7 +113,7 @@ bool TcpStateTimeWait::do_post_sm_packet_actions(TcpSegmentDescriptor& tsd, TcpS if ( trk.get_tcp_event() != TcpStreamTracker::TCP_FIN_RECV_EVENT ) { TcpStreamTracker::TcpState talker_state = trk.session->get_talker_state(); - snort::Flow* flow = tsd.get_flow(); + Flow* flow = tsd.get_flow(); if ( ( talker_state == TcpStreamTracker::TCP_TIME_WAIT ) || ( talker_state == TcpStreamTracker::TCP_CLOSED ) )