From 5ccbf56c3ff154474af92fbef8201f97fc2d1d7a Mon Sep 17 00:00:00 2001 From: "Michael Altizer (mialtize)" Date: Tue, 1 Oct 2019 14:00:50 -0400 Subject: [PATCH] Merge pull request #1760 in SNORT/snort3 from ~MIALTIZE/snort3:decode_data to master Squashed commit of the following: commit 1d85480c83ac1167b16c01b34c6bc992a86f381e Author: Michael Altizer Date: Mon Sep 16 21:09:22 2019 -0400 codecs: Use checksum validation from DAQ packet decode data when available Supported protocols include IP, ICMP, ICMPv6, TCP, and UDP. commit a42a81e8ca5e9c2950dc0c7762dd1b9cf3d052d4 Author: Michael Altizer Date: Mon Sep 23 17:25:43 2019 -0400 protocols: Remove reference to obsolete DAQ_PKT_FLAG_HW_TCP_CS_GOOD flag commit 8ffb5eeca3196e783a89f07ff2a1bd13037c2f25 Author: Michael Altizer Date: Fri Sep 6 16:45:05 2019 -0400 unit-tests: Fix compiler warnings that snuck into CppUTest unit tests --- src/codecs/ip/cd_icmp4.cc | 21 +++- src/codecs/ip/cd_icmp6.cc | 23 +++- src/codecs/ip/cd_ipv4.cc | 25 +++- src/codecs/ip/cd_tcp.cc | 57 +++++---- src/codecs/ip/cd_udp.cc | 106 ++++++++++------- src/flow/test/flow_control_test.cc | 110 +++++++++--------- src/flow/test/flow_test.cc | 22 ++-- .../appid/test/appid_debug_test.cc | 1 - src/protocols/packet_manager.cc | 2 +- 9 files changed, 225 insertions(+), 142 deletions(-) diff --git a/src/codecs/ip/cd_icmp4.cc b/src/codecs/ip/cd_icmp4.cc index fb944fda0..f5eeeeb95 100644 --- a/src/codecs/ip/cd_icmp4.cc +++ b/src/codecs/ip/cd_icmp4.cc @@ -22,6 +22,8 @@ #include "config.h" #endif +#include + #include "codecs/codec_module.h" #include "framework/codec.h" #include "log/text_log.h" @@ -40,12 +42,14 @@ namespace const PegInfo pegs[] { { CountType::SUM, "bad_checksum", "non-zero icmp checksums" }, + { CountType::SUM, "checksum_bypassed", "checksum calculations bypassed" }, { CountType::END, nullptr, nullptr } }; struct Stats { PegCount bad_ip4_cksum; + PegCount cksum_bypassed; }; static THREAD_LOCAL Stats stats; @@ -114,6 +118,7 @@ public: void log(TextLog* const, const uint8_t* pkt, const uint16_t len) override; private: + bool valid_checksum_from_daq(const RawData&); void ICMP4AddrTests(const DecodeData& snort, const CodecData& codec); void ICMP4MiscTests(const ICMPHdr* const, const CodecData&, const uint16_t); }; @@ -122,6 +127,20 @@ private: void Icmp4Codec::get_protocol_ids(std::vector& v) { v.emplace_back(ProtocolId::ICMPV4); } +inline bool Icmp4Codec::valid_checksum_from_daq(const RawData& raw) +{ + const DAQ_PktDecodeData_t* pdd = + (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA); + if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.icmp || !pdd->flags.bits.l4) + return false; + // Sanity check to make sure we're talking about the same thing + const uint8_t* data = daq_msg_get_data(raw.daq_msg); + if (raw.data - data != pdd->l4_offset) + return false; + stats.cksum_bypassed++; + return true; +} + bool Icmp4Codec::decode(const RawData& raw, CodecData& codec,DecodeData& snort) { if (raw.len < icmp::ICMP_BASE_LEN) @@ -134,7 +153,7 @@ bool Icmp4Codec::decode(const RawData& raw, CodecData& codec,DecodeData& snort) const ICMPHdr* const icmph = reinterpret_cast(raw.data); uint16_t len = 0; - if (SnortConfig::icmp_checksums()) + if (SnortConfig::icmp_checksums() && !valid_checksum_from_daq(raw)) { uint16_t csum = checksum::cksum_add((const uint16_t*)icmph, raw.len); diff --git a/src/codecs/ip/cd_icmp6.cc b/src/codecs/ip/cd_icmp6.cc index e6d76d595..2b47a0f28 100644 --- a/src/codecs/ip/cd_icmp6.cc +++ b/src/codecs/ip/cd_icmp6.cc @@ -22,6 +22,8 @@ #include "config.h" #endif +#include + #include "codecs/codec_module.h" #include "framework/codec.h" #include "log/text_log.h" @@ -42,12 +44,14 @@ namespace const PegInfo pegs[] { { CountType::SUM, "bad_icmp6_checksum", "nonzero icmp6 checksums" }, + { CountType::SUM, "checksum_bypassed", "checksum calculations bypassed" }, { CountType::END, nullptr, nullptr } }; struct Stats { PegCount bad_ip6_cksum; + PegCount cksum_bypassed; }; static THREAD_LOCAL Stats stats; @@ -103,12 +107,29 @@ public: uint16_t lyr_len, uint32_t& updated_len) override; void format(bool reverse, uint8_t* raw_pkt, DecodeData& snort) override; void log(TextLog* const, const uint8_t* pkt, const uint16_t len) override; + +private: + bool valid_checksum_from_daq(const RawData&); }; } // anonymous namespace void Icmp6Codec::get_protocol_ids(std::vector& v) { v.emplace_back(ProtocolId::ICMPV6); } +inline bool Icmp6Codec::valid_checksum_from_daq(const RawData& raw) +{ + const DAQ_PktDecodeData_t* pdd = + (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA); + if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.icmp || !pdd->flags.bits.l4) + return false; + // Sanity check to make sure we're talking about the same thing + const uint8_t* data = daq_msg_get_data(raw.daq_msg); + if (raw.data - data != pdd->l4_offset) + return false; + stats.cksum_bypassed++; + return true; +} + bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) { if (raw.len < icmp::ICMP6_HEADER_MIN_LEN) @@ -125,7 +146,7 @@ bool Icmp6Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) const icmp::Icmp6Hdr* const icmp6h = reinterpret_cast(raw.data); - if ( SnortConfig::icmp_checksums() ) + if ( SnortConfig::icmp_checksums() && !valid_checksum_from_daq(raw)) { checksum::Pseudoheader6 ph6; COPY4(ph6.sip, snort.ip_api.get_src()->get_ip6_ptr()); diff --git a/src/codecs/ip/cd_ipv4.cc b/src/codecs/ip/cd_ipv4.cc index 9f9e9e66c..f39fd9cb8 100644 --- a/src/codecs/ip/cd_ipv4.cc +++ b/src/codecs/ip/cd_ipv4.cc @@ -52,12 +52,14 @@ namespace const PegInfo pegs[] { { CountType::SUM, "bad_checksum", "nonzero ip checksums" }, + { CountType::SUM, "checksum_bypassed", "checksum calculations bypassed" }, { CountType::END, nullptr, nullptr } }; struct Stats { PegCount bad_cksum; + PegCount cksum_bypassed; }; static THREAD_LOCAL Stats stats; @@ -120,12 +122,27 @@ public: void format(bool reverse, uint8_t* raw_pkt, DecodeData& snort) override; private: + bool valid_checksum_from_daq(const RawData&); void IP4AddrTests(const ip::IP4Hdr*, const CodecData&, DecodeData&); void IPMiscTests(const ip::IP4Hdr* const ip4h, const CodecData& codec, uint16_t len); void DecodeIPOptions(const uint8_t* start, uint8_t& o_len, CodecData& data); }; } // namespace +inline bool Ipv4Codec::valid_checksum_from_daq(const RawData& raw) +{ + const DAQ_PktDecodeData_t* pdd = + (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA); + if (!pdd || !pdd->flags.bits.l3_checksum || !pdd->flags.bits.ipv4 || !pdd->flags.bits.l3) + return false; + // Sanity check to make sure we're talking about the same thing + const uint8_t* data = daq_msg_get_data(raw.daq_msg); + if (raw.data - data != pdd->l3_offset) + return false; + stats.cksum_bypassed++; + return true; +} + void Ipv4Codec::get_data_link_type(std::vector& v) { v.emplace_back(DLT_IPV4); @@ -236,14 +253,10 @@ bool Ipv4Codec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) */ IP4AddrTests(iph, codec, snort); - if (snort::SnortConfig::ip_checksums()) + if (snort::SnortConfig::ip_checksums() && !valid_checksum_from_daq(raw)) { - /* routers drop packets with bad IP checksums, we don't really - * need to check them (should make this a command line/config - * option - */ + // routers drop packets with bad IP checksums, we don't really need to check them... int16_t csum = checksum::ip_cksum((const uint16_t*)iph, hlen); - if (csum && !codec.is_cooked()) { if ( !(codec.codec_flags & CODEC_UNSURE_ENCAP) ) diff --git a/src/codecs/ip/cd_tcp.cc b/src/codecs/ip/cd_tcp.cc index bb0c46598..9e200f7af 100644 --- a/src/codecs/ip/cd_tcp.cc +++ b/src/codecs/ip/cd_tcp.cc @@ -58,6 +58,7 @@ const PegInfo pegs[] { { CountType::SUM, "bad_tcp4_checksum", "nonzero tcp over ip checksums" }, { CountType::SUM, "bad_tcp6_checksum", "nonzero tcp over ipv6 checksums" }, + { CountType::SUM, "checksum_bypassed", "checksum calculations bypassed" }, { CountType::END, nullptr, nullptr } }; @@ -65,6 +66,7 @@ struct Stats { PegCount bad_ip4_cksum; PegCount bad_ip6_cksum; + PegCount cksum_bypassed; }; static THREAD_LOCAL Stats stats; @@ -127,6 +129,7 @@ public: void format(bool reverse, uint8_t* raw_pkt, DecodeData& snort) override; private: + bool valid_checksum_from_daq(const RawData&); bool valid_checksum4(const RawData&, DecodeData&); bool valid_checksum6(const RawData&, const CodecData&, DecodeData&); @@ -147,6 +150,20 @@ void TcpCodec::get_protocol_ids(std::vector& v) v.emplace_back(ProtocolId::TCP); } +inline bool TcpCodec::valid_checksum_from_daq(const RawData& raw) +{ + const DAQ_PktDecodeData_t* pdd = + (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA); + if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.tcp || !pdd->flags.bits.l4) + return false; + // Sanity check to make sure we're talking about the same thing + const uint8_t* data = daq_msg_get_data(raw.daq_msg); + if (raw.data - data != pdd->l4_offset) + return false; + stats.cksum_bypassed++; + return true; +} + bool TcpCodec::valid_checksum4(const RawData& raw, DecodeData& snort) { const ip::IP4Hdr* ip4h = snort.ip_api.get_ip4h(); @@ -156,20 +173,12 @@ bool TcpCodec::valid_checksum4(const RawData& raw, DecodeData& snort) ph.dip = ip4h->get_dst(); ph.zero = 0; ph.protocol = ip4h->proto(); - ph.len = htons((uint16_t)raw.len); + ph.len = htons((uint16_t) raw.len); - uint16_t csum = checksum::tcp_cksum((const uint16_t*)raw.data, raw.len, &ph); - - if ( csum ) - { - stats.bad_ip4_cksum++; - return false; - } - return true; + return (checksum::tcp_cksum((const uint16_t*) raw.data, raw.len, &ph) == 0); } -bool TcpCodec::valid_checksum6( - const RawData& raw, const CodecData& codec, DecodeData& snort) +bool TcpCodec::valid_checksum6(const RawData& raw, const CodecData& codec, DecodeData& snort) { const ip::IP6Hdr* const ip6h = snort.ip_api.get_ip6h(); @@ -178,16 +187,9 @@ bool TcpCodec::valid_checksum6( COPY4(ph6.dip, ip6h->get_dst()->u6_addr32); ph6.zero = 0; ph6.protocol = codec.ip6_csum_proto; - ph6.len = htons((uint16_t)raw.len); - - uint16_t csum = checksum::tcp_cksum((const uint16_t*)raw.data, raw.len, &ph6); + ph6.len = htons((uint16_t) raw.len); - if ( csum ) - { - stats.bad_ip6_cksum++; - return false; - } - return true; + return (checksum::tcp_cksum((const uint16_t*) raw.data, raw.len, &ph6) == 0); } bool TcpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) @@ -213,20 +215,29 @@ bool TcpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) return false; } - if ( SnortConfig::tcp_checksums() ) + if (SnortConfig::tcp_checksums() && !valid_checksum_from_daq(raw)) { + PegCount* bad_cksum_cnt; bool valid; if (snort.ip_api.is_ip4()) + { valid = valid_checksum4(raw, snort); + bad_cksum_cnt = &stats.bad_ip4_cksum; + } else + { valid = valid_checksum6(raw, codec, snort); + bad_cksum_cnt = &stats.bad_ip6_cksum; + } if (!valid) { - if ( !(codec.codec_flags & CODEC_UNSURE_ENCAP) ) + if (!(codec.codec_flags & CODEC_UNSURE_ENCAP)) + { + (*bad_cksum_cnt)++; snort.decode_flags |= DECODE_ERR_CKSUM_TCP; - + } return false; } } diff --git a/src/codecs/ip/cd_udp.cc b/src/codecs/ip/cd_udp.cc index 59f26dc87..5748db4db 100644 --- a/src/codecs/ip/cd_udp.cc +++ b/src/codecs/ip/cd_udp.cc @@ -45,6 +45,7 @@ const PegInfo pegs[] { { CountType::SUM, "bad_udp4_checksum", "nonzero udp over ipv4 checksums" }, { CountType::SUM, "bad_udp6_checksum", "nonzero udp over ipv6 checksums" }, + { CountType::SUM, "checksum_bypassed", "checksum calculations bypassed" }, { CountType::END, nullptr, nullptr } }; @@ -52,6 +53,7 @@ struct Stats { PegCount bad_ip4_cksum; PegCount bad_ip6_cksum; + PegCount cksum_bypassed; }; static THREAD_LOCAL Stats stats; @@ -150,10 +152,56 @@ public: private: + bool valid_checksum_from_daq(const RawData&); + bool valid_checksum4(const RawData&, const DecodeData&); + bool valid_checksum6(const RawData&, const CodecData&, const DecodeData&); + void UDPMiscTests(const DecodeData&, const CodecData&, uint32_t pay_len); }; } // anonymous namespace +inline bool UdpCodec::valid_checksum_from_daq(const RawData& raw) +{ + const DAQ_PktDecodeData_t* pdd = + (const DAQ_PktDecodeData_t*) daq_msg_get_meta(raw.daq_msg, DAQ_PKT_META_DECODE_DATA); + if (!pdd || !pdd->flags.bits.l4_checksum || !pdd->flags.bits.udp || !pdd->flags.bits.l4) + return false; + // Sanity check to make sure we're talking about the same thing + const uint8_t* data = daq_msg_get_data(raw.daq_msg); + if (raw.data - data != pdd->l4_offset) + return false; + stats.cksum_bypassed++; + return true; +} + +bool UdpCodec::valid_checksum4(const RawData& raw, const DecodeData& snort) +{ + const ip::IP4Hdr* const ip4h = snort.ip_api.get_ip4h(); + + checksum::Pseudoheader ph; + ph.sip = ip4h->get_src(); + ph.dip = ip4h->get_dst(); + ph.zero = 0; + ph.protocol = ip4h->proto(); + ph.len = htons((uint16_t) raw.len); + + return (checksum::udp_cksum((const uint16_t*) raw.data, raw.len, &ph) == 0); +} + +bool UdpCodec::valid_checksum6(const RawData& raw, const CodecData& codec, const DecodeData& snort) +{ + const ip::IP6Hdr* const ip6h = snort.ip_api.get_ip6h(); + + checksum::Pseudoheader6 ph6; + COPY4(ph6.sip, ip6h->ip6_src.u6_addr32); + COPY4(ph6.dip, ip6h->ip6_dst.u6_addr32); + ph6.zero = 0; + ph6.protocol = codec.ip6_csum_proto; + ph6.len = htons((uint16_t) raw.len); + + return (checksum::udp_cksum((const uint16_t*) raw.data, raw.len, &ph6) == 0); +} + void UdpCodec::get_protocol_ids(std::vector& v) { v.emplace_back(ProtocolId::UDP); @@ -213,71 +261,46 @@ bool UdpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) return false; } - if (SnortConfig::udp_checksums()) + if (SnortConfig::udp_checksums() && !valid_checksum_from_daq(raw)) { - /* look at the UDP checksum to make sure we've got a good packet */ - uint16_t csum; PegCount* bad_cksum_cnt; + bool valid; + /* look at the UDP checksum to make sure we've got a good packet */ if (snort.ip_api.is_ip4()) { - bad_cksum_cnt = &(stats.bad_ip4_cksum); - /* Don't do checksum calculation if * 1) Fragmented, OR * 2) UDP header chksum value is 0. */ - if ( !fragmented_udp_flag && udph->uh_chk ) - { - checksum::Pseudoheader ph; - const ip::IP4Hdr* const ip4h = snort.ip_api.get_ip4h(); - ph.sip = ip4h->get_src(); - ph.dip = ip4h->get_dst(); - ph.zero = 0; - ph.protocol = ip4h->proto(); - ph.len = udph->uh_len; - - csum = checksum::udp_cksum((const uint16_t*)(udph), uhlen, &ph); - } + if (!fragmented_udp_flag && udph->uh_chk) + valid = valid_checksum4(raw, snort); else - { - csum = 0; - } + valid = true; + bad_cksum_cnt = &stats.bad_ip4_cksum; } else { - bad_cksum_cnt = &(stats.bad_ip6_cksum); - /* Alert on checksum value 0 for ipv6 packets */ if (!udph->uh_chk) { - csum = 1; + valid = false; codec_event(codec, DECODE_UDP_IPV6_ZERO_CHECKSUM); } /* Don't do checksum calculation if * 1) Fragmented * (UDP checksum is not optional in IP6) */ - else if ( !fragmented_udp_flag ) - { - checksum::Pseudoheader6 ph6; - const ip::IP6Hdr* const ip6h = snort.ip_api.get_ip6h(); - COPY4(ph6.sip, ip6h->ip6_src.u6_addr32); - COPY4(ph6.dip, ip6h->ip6_dst.u6_addr32); - ph6.zero = 0; - ph6.protocol = codec.ip6_csum_proto; - ph6.len = htons((unsigned short)raw.len); - - csum = checksum::udp_cksum((const uint16_t*)(udph), uhlen, &ph6); - } + else if (!fragmented_udp_flag) + valid = valid_checksum6(raw, codec, snort); else - { - csum = 0; - } + valid = true; + bad_cksum_cnt = &stats.bad_ip6_cksum; } - if (csum && !codec.is_cooked()) + + if (!valid && !codec.is_cooked()) { - if ( !(codec.codec_flags & CODEC_UNSURE_ENCAP) ) + if (!(codec.codec_flags & CODEC_UNSURE_ENCAP)) { (*bad_cksum_cnt)++; snort.decode_flags |= DECODE_ERR_CKSUM_UDP; @@ -285,6 +308,7 @@ bool UdpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) return false; } } + uint16_t src_port; uint16_t dst_port; @@ -297,7 +321,7 @@ bool UdpCodec::decode(const RawData& raw, CodecData& codec, DecodeData& snort) else { src_port = udph->src_port(); - dst_port = udph->dst_port(); + dst_port = udph->dst_port(); } /* fill in the printout data structs */ diff --git a/src/flow/test/flow_control_test.cc b/src/flow/test/flow_control_test.cc index 2a4520a5f..5b5050c21 100644 --- a/src/flow/test/flow_control_test.cc +++ b/src/flow/test/flow_control_test.cc @@ -53,46 +53,46 @@ THREAD_LOCAL bool Active::s_suspend = false; THREAD_LOCAL PacketTracer* snort::s_pkt_trace = nullptr; -PacketTracer::PacketTracer() { } -PacketTracer::~PacketTracer() { } -void PacketTracer::log(const char* format, ...) { } +PacketTracer::PacketTracer() = default; +PacketTracer::~PacketTracer() = default; +void PacketTracer::log(const char*, ...) { } void PacketTracer::open_file() { } -void PacketTracer::dump_to_daq(Packet* p) { } +void PacketTracer::dump_to_daq(Packet*) { } void PacketTracer::reset() { } Packet::Packet(bool) { } -Packet::~Packet() { } +Packet::~Packet() = default; FlowCache::FlowCache(const FlowCacheConfig& cfg) : config(cfg) { } -FlowCache::~FlowCache() { } +FlowCache::~FlowCache() = default; Flow::Flow() = default; -Flow::~Flow() { } -DetectionEngine::DetectionEngine() { } -ExpectCache::~ExpectCache() { } -DetectionEngine::~DetectionEngine() { } +Flow::~Flow() = default; +DetectionEngine::DetectionEngine() = default; +DetectionEngine::~DetectionEngine() = default; +ExpectCache::~ExpectCache() = default; unsigned FlowCache::purge() { return 1; } -Flow* FlowCache::find(const FlowKey* key) { return nullptr; } -Flow* FlowCache::get(const FlowKey* key) { return nullptr; } -void FlowCache::push(Flow* flow) { } -bool FlowCache::prune_one(PruneReason reason, bool do_cleanup) { return true; } -unsigned FlowCache::timeout(unsigned num_flows, time_t thetime) { return 1; } -void Flow::init(PktType type) { } -void set_network_policy(SnortConfig* sc, unsigned i) { } -void DataBus::publish(const char* key, const uint8_t* buf, unsigned len, Flow* f) { } -void DataBus::publish(const char* key, Packet* p, Flow* f) { } +Flow* FlowCache::find(const FlowKey*) { return nullptr; } +Flow* FlowCache::get(const FlowKey*) { return nullptr; } +void FlowCache::push(Flow*) { } +bool FlowCache::prune_one(PruneReason, bool) { return true; } +unsigned FlowCache::timeout(unsigned, time_t) { return 1; } +void Flow::init(PktType) { } +void set_network_policy(SnortConfig*, unsigned) { } +void DataBus::publish(const char*, const uint8_t*, unsigned, Flow*) { } +void DataBus::publish(const char*, Packet*, Flow*) { } SnortConfig* SnortConfig::get_conf() { return nullptr; } -void FlowCache::unlink_uni(Flow* flow) { } -void Flow::set_direction(Packet* p) { } -void set_inspection_policy(SnortConfig* sc, unsigned i) { } -void set_ips_policy(SnortConfig* sc, unsigned i) { } -void Flow::set_mpls_layer_per_dir(Packet* p) { } -void DetectionEngine::disable_all(Packet* p) { } -void Stream::drop_traffic(const Packet* p, char dir) { } -bool Stream::blocked_flow(Packet* p) { return true; } -ExpectCache::ExpectCache(uint32_t max) { } -bool ExpectCache::check(Packet* p, Flow* lws) { return true; } -bool ExpectCache::is_expected(Packet* p) { return true; } -Flow* HighAvailabilityManager::import(Packet& p, FlowKey& key) { } - -namespace memory +void FlowCache::unlink_uni(Flow*) { } +void Flow::set_direction(Packet*) { } +void set_inspection_policy(SnortConfig*, unsigned) { } +void set_ips_policy(SnortConfig*, unsigned) { } +void Flow::set_mpls_layer_per_dir(Packet*) { } +void DetectionEngine::disable_all(Packet*) { } +void Stream::drop_traffic(const Packet*, char) { } +bool Stream::blocked_flow(Packet*) { return true; } +ExpectCache::ExpectCache(uint32_t) { } +bool ExpectCache::check(Packet*, Flow*) { return true; } +bool ExpectCache::is_expected(Packet*) { return true; } +Flow* HighAvailabilityManager::import(Packet&, FlowKey&) { return nullptr; } + +namespace memory { bool MemoryCap::over_threshold() { return true; } } @@ -101,7 +101,7 @@ namespace snort { namespace layer { -const vlan::VlanTagHdr* get_vlan_layer(const Packet* const p) { return nullptr; } +const vlan::VlanTagHdr* get_vlan_layer(const Packet* const) { return nullptr; } } } @@ -114,40 +114,38 @@ uint32_t IpApi::id() const { return 0; } } bool FlowKey::init( - PktType type, IpProtocol ip_proto, - const SfIp *srcIP, uint16_t srcPort, - const SfIp *dstIP, uint16_t dstPort, - uint16_t vlanId, uint32_t mplsId, uint16_t addrSpaceId) + PktType, IpProtocol, + const SfIp*, uint16_t, + const SfIp*, uint16_t, + uint16_t, uint32_t, uint16_t) { return true; } bool FlowKey::init( - PktType type, IpProtocol ip_proto, - const SfIp *srcIP, const SfIp *dstIP, - uint32_t id, uint16_t vlanId, - uint32_t mplsId, uint16_t addrSpaceId) + PktType, IpProtocol, + const SfIp*, const SfIp*, + uint32_t, uint16_t, + uint32_t, uint16_t) { return true; } -void Stream::stop_inspection( - Flow* flow, Packet* p, char dir, - int32_t /*bytes*/, int /*response*/) { } +void Stream::stop_inspection(Flow*, Packet*, char, int32_t, int) { } -int ExpectCache::add_flow(const Packet *ctrlPkt, - PktType type, IpProtocol ip_proto, - const SfIp* cliIP, uint16_t cliPort, - const SfIp* srvIP, uint16_t srvPort, - char direction, FlowData* fd, SnortProtocolId snort_protocol_id) -{ - return 1; +int ExpectCache::add_flow(const Packet*, + PktType, IpProtocol, + const SfIp*, uint16_t, + const SfIp*, uint16_t, + char, FlowData*, SnortProtocolId) +{ + return 1; } -int FlowCache::release(Flow* flow, PruneReason reason, bool do_cleanup) -{ - return 1; +int FlowCache::release(Flow*, PruneReason, bool) +{ + return 1; } TEST_GROUP(stale_flow) { }; @@ -178,4 +176,4 @@ TEST(stale_flow, stale_flow) int main(int argc, char** argv) { return CommandLineTestRunner::RunAllTests(argc, argv); -} +} diff --git a/src/flow/test/flow_test.cc b/src/flow/test/flow_test.cc index 56104a933..9ed70a3dd 100644 --- a/src/flow/test/flow_test.cc +++ b/src/flow/test/flow_test.cc @@ -41,17 +41,17 @@ using namespace snort; Packet::Packet(bool) { } -Packet::~Packet() { } +Packet::~Packet() = default; void Inspector::rem_ref() {} void Inspector::add_ref() {} -void memory::MemoryCap::update_allocations(size_t n) {} +void memory::MemoryCap::update_allocations(size_t) {} -void memory::MemoryCap::update_deallocations(size_t n) {} +void memory::MemoryCap::update_deallocations(size_t) {} -bool memory::MemoryCap::free_space(size_t n) { return false; } +bool memory::MemoryCap::free_space(size_t) { return false; } bool HighAvailabilityManager::active() { return false; } @@ -59,13 +59,13 @@ FlowHAState::FlowHAState() = default; void FlowHAState::reset() {} -snort::FlowStash::~FlowStash() {} +snort::FlowStash::~FlowStash() = default; void FlowStash::reset() {} -void DetectionEngine::onload(Flow* flow) {} +void DetectionEngine::onload(Flow*) {} -Packet* DetectionEngine::set_next_packet(Packet* parent) { return nullptr; } +Packet* DetectionEngine::set_next_packet(Packet*) { return nullptr; } IpsContext* DetectionEngine::get_context() { return nullptr; } @@ -73,16 +73,14 @@ DetectionEngine::DetectionEngine() = default; DetectionEngine::~DetectionEngine() {} -bool snort::layer::set_outer_ip_api(const Packet* const p, - ip::IpApi& api, - int8_t& curr_layer) +bool snort::layer::set_outer_ip_api(const Packet* const, ip::IpApi&, int8_t&) { return false; } uint8_t ip::IpApi::ttl() const { return 0; } -const Layer* snort::layer::get_mpls_layer(const Packet* const p) { return nullptr; } +const Layer* snort::layer::get_mpls_layer(const Packet* const) { return nullptr; } -void snort::DataBus::publish(const char* key, Packet* p, Flow* f) {} +void snort::DataBus::publish(const char*, Packet*, Flow*) {} TEST_GROUP(nondefault_timeout) { diff --git a/src/network_inspectors/appid/test/appid_debug_test.cc b/src/network_inspectors/appid/test/appid_debug_test.cc index 53d6c1553..fc53c1693 100644 --- a/src/network_inspectors/appid/test/appid_debug_test.cc +++ b/src/network_inspectors/appid/test/appid_debug_test.cc @@ -62,7 +62,6 @@ static void SetConstraints(IpProtocol protocol, // use IpProtocol::PROTO_NOT_ const char* sipstr, uint16_t sport, const char* dipstr, uint16_t dport, AppIdDebugSessionConstraints& constraints) { - SfIp sip, dip; if (sipstr) { constraints.sip.set(sipstr); diff --git a/src/protocols/packet_manager.cc b/src/protocols/packet_manager.cc index 4980599c9..ac763fefa 100644 --- a/src/protocols/packet_manager.cc +++ b/src/protocols/packet_manager.cc @@ -627,7 +627,7 @@ static void set_hdr( pkth->ingress_group = phdr->ingress_group; pkth->egress_index = phdr->egress_index; pkth->egress_group = phdr->egress_group; - pkth->flags = phdr->flags & (~DAQ_PKT_FLAG_HW_TCP_CS_GOOD); + pkth->flags = phdr->flags; pkth->address_space_id = phdr->address_space_id; pkth->opaque = opaque; } -- 2.47.3