From: Russ Combs (rucombs) Date: Mon, 6 Jan 2025 17:11:35 +0000 (+0000) Subject: Pull request #4551: Api Tweaks X-Git-Tag: 3.6.2.0~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7e5561c10d04ee0dd08c6a211ea6803eb489d29;p=thirdparty%2Fsnort3.git Pull request #4551: Api Tweaks Merge in SNORT/snort3 from ~RUCOMBS/snort3:api_tweaks to master Squashed commit of the following: commit 50b83b5e26510b702a5c896fe02198a09f024f53 Author: Russ Combs Date: Mon Dec 16 11:24:58 2024 -0500 tcp_pdu: rename to tlv_pdu commit 325cbe349a3c4065244d82d391bad748d40e6d6f Author: Russ Combs Date: Mon Dec 16 11:13:33 2024 -0500 data_bus: remove unsubscribe methods commit f37fc721d0417d20ef6679ad7871c8b06b187bf2 Author: Russ Combs Date: Mon Dec 16 11:13:06 2024 -0500 ips: add access to Event references --- diff --git a/src/detection/signature.cc b/src/detection/signature.cc index 025d007be..52684d67c 100644 --- a/src/detection/signature.cc +++ b/src/detection/signature.cc @@ -54,9 +54,6 @@ using namespace snort; const ReferenceSystem* reference_system_add( SnortConfig* sc, const std::string& name, const char* url) { - if ( !sc->alert_refs() ) - return nullptr; - assert(!name.empty()); ReferenceSystem* sys = new ReferenceSystem(name, url); @@ -65,7 +62,7 @@ const ReferenceSystem* reference_system_add( return sys; } -static const ReferenceSystem* reference_system_lookup(SnortConfig* sc, const std::string& key) +const ReferenceSystem* reference_system_lookup(const SnortConfig* sc, const std::string& key) { const auto it = sc->references.find(key); diff --git a/src/detection/signature.h b/src/detection/signature.h index 919e8e7be..d65948fbd 100644 --- a/src/detection/signature.h +++ b/src/detection/signature.h @@ -48,6 +48,8 @@ struct ReferenceSystem const ReferenceSystem* reference_system_add(snort::SnortConfig*, const std::string&, const char* = ""); +const ReferenceSystem* reference_system_lookup(const snort::SnortConfig*, const std::string& key); + struct ReferenceNode { ReferenceNode(const ReferenceSystem* sys, const std::string& id) : system(sys), id(id) { } diff --git a/src/events/event.cc b/src/events/event.cc index 30c4d0860..18b435375 100644 --- a/src/events/event.cc +++ b/src/events/event.cc @@ -153,6 +153,17 @@ bool Event::get_target(bool& src) const return false; } -const SigInfo& Event::get_sig_info() const -{ return sig_info; } +bool Event::get_reference(unsigned idx, const char*& name, const char*& id, const char*& url) const +{ + if ( idx >= sig_info.refs.size() ) + return false; + + name = sig_info.refs[idx]->system->name.c_str(); + id = sig_info.refs[idx]->id.c_str(); + + auto* ref = reference_system_lookup(SnortConfig::get_conf(), sig_info.refs[idx]->system->name); + url = (ref ? ref->url.c_str() : nullptr); + + return true; +} diff --git a/src/events/event.h b/src/events/event.h index 2bf8a5855..faddf297c 100644 --- a/src/events/event.h +++ b/src/events/event.h @@ -34,8 +34,6 @@ public: static uint16_t get_next_seq_num(); static uint32_t get_next_event_id(); - const SigInfo& get_sig_info() const; - uint32_t get_seconds() const; void get_timestamp(uint32_t& sec, uint32_t& usec) const; @@ -57,6 +55,9 @@ public: uint32_t get_class_id() const; uint32_t get_priority() const; + // start at idx 0 and increment while true to get all refs + bool get_reference(unsigned idx, const char*& name, const char*& id, const char*& url) const; + // returns false if not specified; otherwise src indicates target is source or dest bool get_target(bool& src) const; diff --git a/src/framework/base_api.h b/src/framework/base_api.h index 09be4cb20..581e98244 100644 --- a/src/framework/base_api.h +++ b/src/framework/base_api.h @@ -38,7 +38,7 @@ // depends on includes installed in framework/snort_api.h // see framework/plugins.h -#define BASE_API_VERSION 20 +#define BASE_API_VERSION 21 // set the reserved field to this to be future proof #define API_RESERVED 0 diff --git a/src/framework/data_bus.cc b/src/framework/data_bus.cc index ab9159617..02132fec7 100644 --- a/src/framework/data_bus.cc +++ b/src/framework/data_bus.cc @@ -145,21 +145,6 @@ void DataBus::subscribe_global(const PubKey& key, unsigned eid, DataHandler* h, sc.global_dbus->_subscribe(key, eid, h); } -void DataBus::unsubscribe(const PubKey& key, unsigned eid, DataHandler* h) -{ - get_data_bus()._unsubscribe(key, eid, h); -} - -void DataBus::unsubscribe_network(const PubKey& key, unsigned eid, DataHandler* h) -{ - get_network_data_bus()._unsubscribe(key, eid, h); -} - -void DataBus::unsubscribe_global(const PubKey& key, unsigned eid, DataHandler* h, SnortConfig& sc) -{ - sc.global_dbus->_unsubscribe(key, eid, h); -} - // notify subscribers of event void DataBus::publish(unsigned pid, unsigned eid, DataEvent& e, Flow* f) { @@ -246,24 +231,6 @@ void DataBus::_subscribe(const PubKey& key, unsigned eid, DataHandler* h) _subscribe(pid, eid, h); } -void DataBus::_unsubscribe(const PubKey& key, unsigned eid, const DataHandler* h) -{ - unsigned pid = get_id(key); - unsigned idx = pid + eid; - assert(idx < pub_sub.size()); - - SubList& subs = pub_sub[idx]; - - for ( unsigned i = 0; i < subs.size(); i++ ) - { - if ( subs[i] == h ) - { - subs.erase(subs.begin() + i--); - break; - } - } -} - void DataBus::_publish(unsigned pid, unsigned eid, DataEvent& e, Flow* f) const { unsigned idx = pid + eid; diff --git a/src/framework/data_bus.h b/src/framework/data_bus.h index 6f27e4a65..f46bdf853 100644 --- a/src/framework/data_bus.h +++ b/src/framework/data_bus.h @@ -113,11 +113,6 @@ public: static void subscribe_network(const PubKey&, unsigned id, DataHandler*); static void subscribe_global(const PubKey&, unsigned id, DataHandler*, SnortConfig&); - // FIXIT-L these should be called during cleanup - static void unsubscribe(const PubKey&, unsigned id, DataHandler*); - static void unsubscribe_network(const PubKey&, unsigned id, DataHandler*); - static void unsubscribe_global(const PubKey&, unsigned id, DataHandler*, SnortConfig&); - // runtime methods static void publish(unsigned pub_id, unsigned evt_id, DataEvent&, Flow* = nullptr); @@ -129,7 +124,6 @@ public: private: void _subscribe(unsigned pub_id, unsigned evt_id, DataHandler*); void _subscribe(const PubKey&, unsigned evt_id, DataHandler*); - void _unsubscribe(const PubKey&, unsigned evt_id, const DataHandler*); void _publish(unsigned pub_id, unsigned evt_id, DataEvent&, Flow*) const; private: diff --git a/src/framework/ips_option.h b/src/framework/ips_option.h index a693a6352..1a3dc445c 100644 --- a/src/framework/ips_option.h +++ b/src/framework/ips_option.h @@ -119,7 +119,6 @@ public: static void set_priority(const IpsInfo&, uint32_t); static void set_classtype(IpsInfo&, const char*); - static void set_reference(IpsInfo&, const char* scheme, const char* id); enum Enable { NO, YES, INHERIT }; static void set_enabled(IpsInfo&, Enable); diff --git a/src/framework/logger.h b/src/framework/logger.h index 233c032a0..ffd9fcf50 100644 --- a/src/framework/logger.h +++ b/src/framework/logger.h @@ -27,17 +27,16 @@ // the LOGAPI_VERSION will change if anything in this file changes. // see also framework/base_api.h. +#include "events/event.h" #include "framework/base_api.h" #include "main/snort_types.h" -class Event; - namespace snort { struct Packet; // this is the current version of the api -#define LOGAPI_VERSION ((BASE_API_VERSION << 16) | 1) +#define LOGAPI_VERSION ((BASE_API_VERSION << 16) | 2) #define OUTPUT_TYPE_FLAG__NONE 0x0 #define OUTPUT_TYPE_FLAG__ALERT 0x1 diff --git a/src/framework/test/data_bus_test.cc b/src/framework/test/data_bus_test.cc index b372e543d..4bb7f9734 100644 --- a/src/framework/test/data_bus_test.cc +++ b/src/framework/test/data_bus_test.cc @@ -142,22 +142,16 @@ TEST_GROUP(data_bus) TEST(data_bus, subscribe_global) { - UTestHandler h; - DataBus::subscribe_global(pub_key, DbUtIds::EVENT, &h, *snort_conf); + UTestHandler* h = new UTestHandler(); + DataBus::subscribe_global(pub_key, DbUtIds::EVENT, h, *snort_conf); UTestEvent event(100); DataBus::publish(pub_id, DbUtIds::EVENT, event); - CHECK(100 == h.evt_msg); + CHECK(100 == h->evt_msg); UTestEvent event1(200); DataBus::publish(pub_id, DbUtIds::EVENT, event1); - CHECK(200 == h.evt_msg); - - DataBus::unsubscribe_global(pub_key, DbUtIds::EVENT, &h, *snort_conf); - - UTestEvent event2(300); - DataBus::publish(pub_id, DbUtIds::EVENT, event2); - CHECK(200 == h.evt_msg); // unsubscribed! + CHECK(200 == h->evt_msg); } TEST(data_bus, subscribe_network) @@ -172,14 +166,6 @@ TEST(data_bus, subscribe_network) UTestEvent event1(200); DataBus::publish(pub_id, DbUtIds::EVENT, event1); CHECK(200 == h->evt_msg); - - DataBus::unsubscribe_network(pub_key, DbUtIds::EVENT, h); - - UTestEvent event2(300); - DataBus::publish(pub_id, DbUtIds::EVENT, event2); - CHECK(200 == h->evt_msg); // unsubscribed! - - delete h; } TEST(data_bus, subscribe) @@ -194,14 +180,6 @@ TEST(data_bus, subscribe) UTestEvent event1(200); DataBus::publish(pub_id, DbUtIds::EVENT, event1); CHECK(200 == h->evt_msg); - - DataBus::unsubscribe(pub_key, DbUtIds::EVENT, h); - - UTestEvent event2(300); - DataBus::publish(pub_id, DbUtIds::EVENT, event2); - CHECK(200 == h->evt_msg); // unsubscribed! - - delete h; } TEST(data_bus, order1) @@ -222,14 +200,6 @@ TEST(data_bus, order1) CHECK(1 == h1->seq); CHECK(2 == h9->seq); CHECK(3 == h0->seq); - - DataBus::unsubscribe(pub_key, DbUtIds::EVENT, h0); - DataBus::unsubscribe(pub_key, DbUtIds::EVENT, h1); - DataBus::unsubscribe(pub_key, DbUtIds::EVENT, h9); - - delete h0; - delete h1; - delete h9; } TEST(data_bus, order2) @@ -250,14 +220,6 @@ TEST(data_bus, order2) CHECK(1 == h1->seq); CHECK(2 == h9->seq); CHECK(3 == h0->seq); - - DataBus::unsubscribe(pub_key, DbUtIds::EVENT, h0); - DataBus::unsubscribe(pub_key, DbUtIds::EVENT, h1); - DataBus::unsubscribe(pub_key, DbUtIds::EVENT, h9); - - delete h0; - delete h1; - delete h9; } //------------------------------------------------------------------------- diff --git a/src/log/log_text.cc b/src/log/log_text.cc index faf09fbdd..7e48e7f71 100644 --- a/src/log/log_text.cc +++ b/src/log/log_text.cc @@ -1020,18 +1020,17 @@ void LogICMPHeader(TextLog* log, Packet* p) void LogXrefs(TextLog* log, const Event& e) { - const SigInfo& sig_info = e.get_sig_info(); + unsigned idx = 0; + const char* name = nullptr; + const char* id = nullptr; + const char* url = nullptr; - for ( const auto ref : sig_info.refs ) + while ( e.get_reference(idx++, name, id, url) ) { - if ( !ref->system ) - TextLog_Print(log, "[Xref => %s]", ref->id.c_str()); - - else if ( !ref->system->url.empty() ) - TextLog_Print(log, "[Xref => %s%s]", ref->system->url.c_str(), ref->id.c_str()); - + if ( url and *url ) + TextLog_Print(log, "[Xref => %s%s]", url, id); else - TextLog_Print(log, "[Xref => %s %s]", ref->system->name.c_str(), ref->id.c_str()); + TextLog_Print(log, "[Xref => %s %s]", name, id); } } diff --git a/src/service_inspectors/CMakeLists.txt b/src/service_inspectors/CMakeLists.txt index 55aafe036..bb2637545 100644 --- a/src/service_inspectors/CMakeLists.txt +++ b/src/service_inspectors/CMakeLists.txt @@ -20,7 +20,7 @@ add_subdirectory(sip) add_subdirectory(smtp) add_subdirectory(ssh) add_subdirectory(ssl) -add_subdirectory(tcp_pdu) +add_subdirectory(tlv_pdu) add_subdirectory(wizard) if (STATIC_INSPECTORS) @@ -42,7 +42,7 @@ if (STATIC_INSPECTORS) $ $ $ - $ + $ $ ) endif() diff --git a/src/service_inspectors/service_inspectors.cc b/src/service_inspectors/service_inspectors.cc index d790acca3..b879b922b 100644 --- a/src/service_inspectors/service_inspectors.cc +++ b/src/service_inspectors/service_inspectors.cc @@ -43,7 +43,7 @@ extern const BaseApi* sin_pop; extern const BaseApi* sin_rpc_decode; extern const BaseApi* sin_smtp; extern const BaseApi* sin_ssh; -extern const BaseApi* sin_tcp_pdu; +extern const BaseApi* sin_tlv_pdu; extern const BaseApi* sin_telnet; extern const BaseApi* sin_wizard; @@ -72,7 +72,7 @@ const BaseApi* service_inspectors[] = sin_rpc_decode, sin_smtp, sin_ssh, - sin_tcp_pdu, + sin_tlv_pdu, sin_telnet, sin_wizard, #endif diff --git a/src/service_inspectors/tcp_pdu/CMakeLists.txt b/src/service_inspectors/tcp_pdu/CMakeLists.txt deleted file mode 100644 index 453b05311..000000000 --- a/src/service_inspectors/tcp_pdu/CMakeLists.txt +++ /dev/null @@ -1,17 +0,0 @@ - -set( FILE_LIST - tcp_pdu.cc - tcp_pdu.h - tcp_pdu_splitter.cc -) - -if (STATIC_INSPECTORS) - add_library( tcp_pdu OBJECT ${FILE_LIST}) - -else (STATIC_INSPECTORS) - add_dynamic_module(tcp_pdu inspectors ${FILE_LIST}) - -endif (STATIC_INSPECTORS) - -add_subdirectory(test) - diff --git a/src/service_inspectors/tlv_pdu/CMakeLists.txt b/src/service_inspectors/tlv_pdu/CMakeLists.txt new file mode 100644 index 000000000..d85f90575 --- /dev/null +++ b/src/service_inspectors/tlv_pdu/CMakeLists.txt @@ -0,0 +1,17 @@ + +set( FILE_LIST + tlv_pdu.cc + tlv_pdu.h + tlv_pdu_splitter.cc +) + +if (STATIC_INSPECTORS) + add_library(tlv_pdu OBJECT ${FILE_LIST}) + +else (STATIC_INSPECTORS) + add_dynamic_module(tlv_pdu inspectors ${FILE_LIST}) + +endif (STATIC_INSPECTORS) + +add_subdirectory(test) + diff --git a/src/service_inspectors/tcp_pdu/dev_notes.txt b/src/service_inspectors/tlv_pdu/dev_notes.txt similarity index 52% rename from src/service_inspectors/tcp_pdu/dev_notes.txt rename to src/service_inspectors/tlv_pdu/dev_notes.txt index c6a9a2e69..07d9b1cb4 100644 --- a/src/service_inspectors/tcp_pdu/dev_notes.txt +++ b/src/service_inspectors/tlv_pdu/dev_notes.txt @@ -1,5 +1,5 @@ -The TcpPdu splitter provides a generic TCP stream flush function to support +The TlvPdu splitter provides a generic TCP stream flush function to support IPS. This works for PDUs that contain a length field at a fixed offset that can be extracted and used to set a flush point. @@ -23,27 +23,27 @@ Where: So a PDU with a 4 byte length field in the middle of a 12 byte header would be configured with offset = size = skip = 4. -tcp_pdu is not service specific. An appropriate wizard pattern must direct the -paylaod to a tcp_pdu instance configured for the flow. +tlv_pdu is not service specific. An appropriate wizard pattern must direct the +payload to a tlv_pdu instance configured for the flow. The initial implementation supports these parameters: -* int tcp_pdu.offset = 0: index to first byte of length field { 0:65535 } -* int tcp_pdu.size = 4: number of bytes in length field { 1:4 } -* int tcp_pdu.skip = 0: bytes after length field to end of header { 0:65535 } -* bool tcp_pdu.relative = false: extracted length follows field (instead of whole PDU) +* int tlv_pdu.offset = 0: index to first byte of length field { 0:65535 } +* int tlv_pdu.size = 4: number of bytes in length field { 1:4 } +* int tlv_pdu.skip = 0: bytes after length field to end of header { 0:65535 } +* bool tlv_pdu.relative = false: extracted length follows field (instead of whole PDU) Additional parameters that may be supported in the future if required: -* int tcp_pdu.bitmask = 0xFFFFFFFF: applies as an AND to the extracted value to get length { 0x1:0xFFFFFFFF } -* int tcp_pdu.multiplier = 1: scale extracted value by given amount after masking { 1:65535 } +* int tlv_pdu.bitmask = 0xFFFFFFFF: applies as an AND to the extracted value to get length { 0x1:0xFFFFFFFF } +* int tlv_pdu.multiplier = 1: scale extracted value by given amount after masking { 1:65535 } Still other possibilities: -* bool tcp_pdu.big = false: big endian -* bool tcp_pdu.little = false: little endian -* bool tcp_pdu.string = false: convert from string -* bool tcp_pdu.hex = false: convert from hex string -* bool tcp_pdu.oct = false: convert from octal string -* bool tcp_pdu.dec = false: convert from decimal string +* bool tlv_pdu.big = false: big endian +* bool tlv_pdu.little = false: little endian +* bool tlv_pdu.string = false: convert from string +* bool tlv_pdu.hex = false: convert from hex string +* bool tlv_pdu.oct = false: convert from octal string +* bool tlv_pdu.dec = false: convert from decimal string diff --git a/src/service_inspectors/tcp_pdu/test/CMakeLists.txt b/src/service_inspectors/tlv_pdu/test/CMakeLists.txt similarity index 50% rename from src/service_inspectors/tcp_pdu/test/CMakeLists.txt rename to src/service_inspectors/tlv_pdu/test/CMakeLists.txt index cea38ffd9..83272ba7c 100644 --- a/src/service_inspectors/tcp_pdu/test/CMakeLists.txt +++ b/src/service_inspectors/tlv_pdu/test/CMakeLists.txt @@ -1,7 +1,7 @@ -add_cpputest( tcp_pdu_test +add_cpputest( tlv_pdu_test SOURCES - ../tcp_pdu_splitter.cc + ../tlv_pdu_splitter.cc ../../../stream/stream_splitter.cc ) diff --git a/src/service_inspectors/tcp_pdu/test/tcp_pdu_test.cc b/src/service_inspectors/tlv_pdu/test/tlv_pdu_test.cc similarity index 92% rename from src/service_inspectors/tcp_pdu/test/tcp_pdu_test.cc rename to src/service_inspectors/tlv_pdu/test/tlv_pdu_test.cc index 1973efc70..77f5497af 100644 --- a/src/service_inspectors/tcp_pdu/test/tcp_pdu_test.cc +++ b/src/service_inspectors/tlv_pdu/test/tlv_pdu_test.cc @@ -16,7 +16,7 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// tcp_pdu_test.cc author Russ Combs +// tlv_pdu_test.cc author Russ Combs #ifdef HAVE_CONFIG_H #include "config.h" @@ -29,7 +29,7 @@ #include "stream/flush_bucket.h" #include "stream/stream.h" -#include "../tcp_pdu.h" +#include "../tlv_pdu.h" // must appear after snort_config.h to avoid broken c++ map include #include @@ -77,8 +77,8 @@ TEST_GROUP(relative_length_only) void setup() override { - TcpPduConfig c = { 4, 0, 0, true }; - ss = new TcpPduSplitter(true, c); // cppcheck-suppress unreadVariable + TlvPduConfig c = { 4, 0, 0, true }; + ss = new TlvPduSplitter(true, c); // cppcheck-suppress unreadVariable } void teardown() override { delete ss; } @@ -158,8 +158,8 @@ TEST_GROUP(relative_offset_length) void setup() override { - TcpPduConfig c = { 4, 3, 2, true }; - ss = new TcpPduSplitter(true, c); // cppcheck-suppress unreadVariable + TlvPduConfig c = { 4, 3, 2, true }; + ss = new TlvPduSplitter(true, c); // cppcheck-suppress unreadVariable } void teardown() override { delete ss; } @@ -261,8 +261,8 @@ TEST_GROUP(various) TEST(various, absolute2) { - TcpPduConfig c = { 2, 3, 0, false }; - ss = new TcpPduSplitter(true, c); + TlvPduConfig c = { 2, 3, 0, false }; + ss = new TlvPduSplitter(true, c); uint32_t fp = 0; StreamSplitter::Status result; @@ -277,8 +277,8 @@ TEST(various, absolute2) TEST(various, absolute3) { - TcpPduConfig c = { 3, 2, 0, false }; - ss = new TcpPduSplitter(true, c); + TlvPduConfig c = { 3, 2, 0, false }; + ss = new TlvPduSplitter(true, c); uint32_t fp = 0; StreamSplitter::Status result; @@ -293,8 +293,8 @@ TEST(various, absolute3) TEST(various, abort) { - TcpPduConfig c = { 1, 2, 0, false }; - ss = new TcpPduSplitter(true, c); + TlvPduConfig c = { 1, 2, 0, false }; + ss = new TlvPduSplitter(true, c); uint32_t fp = 0; StreamSplitter::Status result; @@ -305,8 +305,8 @@ TEST(various, abort) TEST(various, header_only) { - TcpPduConfig c = { 1, 2, 0, true }; - ss = new TcpPduSplitter(true, c); + TlvPduConfig c = { 1, 2, 0, true }; + ss = new TlvPduSplitter(true, c); uint32_t fp = 0; StreamSplitter::Status result; @@ -331,8 +331,8 @@ TEST_GROUP(multi_flush) void setup() override { - TcpPduConfig c = { 1, 2, 0, true }; - ss = new TcpPduSplitter(true, c); // cppcheck-suppress unreadVariable + TlvPduConfig c = { 1, 2, 0, true }; + ss = new TlvPduSplitter(true, c); // cppcheck-suppress unreadVariable } void teardown() override { delete ss; } diff --git a/src/service_inspectors/tcp_pdu/tcp_pdu.cc b/src/service_inspectors/tlv_pdu/tlv_pdu.cc similarity index 87% rename from src/service_inspectors/tcp_pdu/tcp_pdu.cc rename to src/service_inspectors/tlv_pdu/tlv_pdu.cc index f70d91dbc..d4dfd85a2 100644 --- a/src/service_inspectors/tcp_pdu/tcp_pdu.cc +++ b/src/service_inspectors/tlv_pdu/tlv_pdu.cc @@ -16,7 +16,7 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// tcp_pdu.cc author Russ Combs +// tlv_pdu.cc author Russ Combs #ifdef HAVE_CONFIG_H #include "config.h" @@ -27,7 +27,7 @@ #include "framework/module.h" #include "profiler/profiler.h" -#include "tcp_pdu.h" +#include "tlv_pdu.h" using namespace snort; using namespace std; @@ -36,7 +36,7 @@ using namespace std; // common foo //------------------------------------------------------------------------- -#define s_name "tcp_pdu" +#define s_name "tlv_pdu" #define s_help "set TCP flush points based on PDU length field" static const PegInfo pdu_pegs[] = @@ -72,10 +72,10 @@ static const Parameter s_params[] = { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; -class TcpPduModule : public snort::Module +class TlvPduModule : public snort::Module { public: - TcpPduModule() : Module(s_name, s_help, s_params) + TlvPduModule() : Module(s_name, s_help, s_params) { } const PegInfo* get_pegs() const override @@ -95,14 +95,14 @@ public: bool set(const char*, Value&, SnortConfig*) override; - TcpPduConfig& get_config() + TlvPduConfig& get_config() { return config; } private: - TcpPduConfig config; + TlvPduConfig config; }; -bool TcpPduModule::set(const char*, Value& v, SnortConfig*) +bool TlvPduModule::set(const char*, Value& v, SnortConfig*) { if (v.is("offset")) config.offset = v.get_int32(); @@ -123,16 +123,16 @@ bool TcpPduModule::set(const char*, Value& v, SnortConfig*) // inspector foo //------------------------------------------------------------------------- -class TcpPdu : public Inspector +class TlvPdu : public Inspector { public: - TcpPdu(TcpPduConfig& c) : config(c) { } + TlvPdu(TlvPduConfig& c) : config(c) { } StreamSplitter* get_splitter(bool c2s) override - { return new TcpPduSplitter(c2s, config); } + { return new TlvPduSplitter(c2s, config); } private: - TcpPduConfig config; + TlvPduConfig config; }; //------------------------------------------------------------------------- @@ -140,15 +140,15 @@ private: //------------------------------------------------------------------------- static Module* mod_ctor() -{ return new TcpPduModule; } +{ return new TlvPduModule; } static void mod_dtor(Module* m) { delete m; } static Inspector* pdu_ctor(Module* m) { - TcpPduModule* tpm = (TcpPduModule*)m; - return new TcpPdu(tpm->get_config()); + TlvPduModule* tpm = (TlvPduModule*)m; + return new TlvPdu(tpm->get_config()); } static void pdu_dtor(Inspector* p) @@ -191,6 +191,6 @@ SO_PUBLIC const BaseApi* snort_plugins[] = nullptr }; #else -const BaseApi* sin_tcp_pdu = &pdu_api.base; +const BaseApi* sin_tlv_pdu = &pdu_api.base; #endif diff --git a/src/service_inspectors/tcp_pdu/tcp_pdu.h b/src/service_inspectors/tlv_pdu/tlv_pdu.h similarity index 89% rename from src/service_inspectors/tcp_pdu/tcp_pdu.h rename to src/service_inspectors/tlv_pdu/tlv_pdu.h index 5c32181f2..7aa777053 100644 --- a/src/service_inspectors/tcp_pdu/tcp_pdu.h +++ b/src/service_inspectors/tlv_pdu/tlv_pdu.h @@ -16,7 +16,7 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// tcp_pdu.h author Russ Combs +// tlv_pdu.h author Russ Combs // provides a simple flush mechanism for TCP PDUs with // a fixed size header containing a length field @@ -28,7 +28,7 @@ #include "main/snort_types.h" #include "stream/stream_splitter.h" -struct TcpPduConfig +struct TlvPduConfig { unsigned size = 0; unsigned offset = 0; @@ -45,17 +45,17 @@ struct PduCounts extern THREAD_LOCAL PduCounts pdu_counts; -class TcpPduSplitter : public snort::StreamSplitter +class TlvPduSplitter : public snort::StreamSplitter { public: - TcpPduSplitter(bool b, TcpPduConfig& c) : snort::StreamSplitter(b), config(c) { } + TlvPduSplitter(bool b, TlvPduConfig& c) : snort::StreamSplitter(b), config(c) { } bool is_paf() override { return true; } Status scan(struct snort::Packet*, const uint8_t*, uint32_t, uint32_t, uint32_t*) override; private: - TcpPduConfig config; + TlvPduConfig config; unsigned index = 0; uint32_t value = 0; }; diff --git a/src/service_inspectors/tcp_pdu/tcp_pdu_splitter.cc b/src/service_inspectors/tlv_pdu/tlv_pdu_splitter.cc similarity index 93% rename from src/service_inspectors/tcp_pdu/tcp_pdu_splitter.cc rename to src/service_inspectors/tlv_pdu/tlv_pdu_splitter.cc index 5a3e3dcc1..b3b05d9c7 100644 --- a/src/service_inspectors/tcp_pdu/tcp_pdu_splitter.cc +++ b/src/service_inspectors/tlv_pdu/tlv_pdu_splitter.cc @@ -16,13 +16,13 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// tcp_pdu_splitter.cc author Russ Combs +// tlv_pdu_splitter.cc author Russ Combs #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include "tcp_pdu.h" +#include "tlv_pdu.h" using namespace snort; @@ -30,7 +30,7 @@ using namespace snort; // splitter foo //------------------------------------------------------------------------- -StreamSplitter::Status TcpPduSplitter::scan(Packet*, const uint8_t* data, uint32_t len, uint32_t, uint32_t* fp) +StreamSplitter::Status TlvPduSplitter::scan(Packet*, const uint8_t* data, uint32_t len, uint32_t, uint32_t* fp) { ++pdu_counts.scans; unsigned prefix = config.offset + config.size;