From: Russ Combs (rucombs) Date: Thu, 22 Feb 2018 21:55:02 +0000 (-0500) Subject: Merge pull request #1109 in SNORT/snort3 from action_header_fix to master X-Git-Tag: 3.0.0-244~20 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=65d341096c0d50cd225f6d8aae587d2ad2b28620;p=thirdparty%2Fsnort3.git Merge pull request #1109 in SNORT/snort3 from action_header_fix to master Squashed commit of the following: commit d36f4b59bdbffd7dc89ec484f9dc95400f6edb07 Author: Micheal Okutubo Date: Tue Feb 13 13:51:37 2018 -0500 actions: refactor actions.h into a class with static methods actions: remove redundant identifiers and macros actions: change redundant identifiers actions: refactor actions.h into a class --- diff --git a/src/actions/act_react.cc b/src/actions/act_react.cc index 5c4001528..7d9245cb3 100644 --- a/src/actions/act_react.cc +++ b/src/actions/act_react.cc @@ -342,7 +342,7 @@ static const ActionApi react_api = mod_ctor, mod_dtor }, - RULE_TYPE__DROP, + Actions::DROP, nullptr, // pinit nullptr, // pterm nullptr, // tinit diff --git a/src/actions/act_reject.cc b/src/actions/act_reject.cc index 40dcf0f0e..bad595fc4 100644 --- a/src/actions/act_reject.cc +++ b/src/actions/act_reject.cc @@ -228,7 +228,7 @@ static const ActionApi rej_api = mod_ctor, mod_dtor }, - RULE_TYPE__RESET, + Actions::RESET, nullptr, nullptr, nullptr, diff --git a/src/actions/act_replace.cc b/src/actions/act_replace.cc index a5e080fe8..57bdc1a50 100644 --- a/src/actions/act_replace.cc +++ b/src/actions/act_replace.cc @@ -201,7 +201,7 @@ static ActionApi rep_api mod_ctor, mod_dtor }, - RULE_TYPE__ALERT, + Actions::ALERT, nullptr, nullptr, rep_tinit, diff --git a/src/actions/actions.cc b/src/actions/actions.cc index d83bb81ac..6be845efe 100644 --- a/src/actions/actions.cc +++ b/src/actions/actions.cc @@ -57,78 +57,78 @@ static void alert(Packet* p, const OptTreeNode* otn) CallLogFuncs(p, otn, rtn->listhead); } -static const char* const rule_type[RULE_TYPE__MAX] = +static const char* const type[Actions::MAX] = { "none", "log", "pass", "alert", "drop", "block", "reset" }; -const char* get_action_string(RuleType action) +const char* Actions::get_string(Actions::Type action) { - if ( action < RULE_TYPE__MAX ) - return rule_type[action]; + if ( action < Actions::MAX ) + return type[action]; return "ERROR"; } -RuleType get_action_type(const char* s) +Actions::Type Actions::get_type(const char* s) { if ( !s ) - return RULE_TYPE__NONE; + return Actions::NONE; - else if ( !strcasecmp(s, ACTION_LOG) ) - return RULE_TYPE__LOG; + else if ( !strcasecmp(s, Actions::get_string(Actions::LOG)) ) + return Actions::LOG; - else if ( !strcasecmp(s, ACTION_PASS) ) - return RULE_TYPE__PASS; + else if ( !strcasecmp(s, Actions::get_string(Actions::PASS)) ) + return Actions::PASS; - else if ( !strcasecmp(s, ACTION_ALERT) ) - return RULE_TYPE__ALERT; + else if ( !strcasecmp(s, Actions::get_string(Actions::ALERT)) ) + return Actions::ALERT; - else if ( !strcasecmp(s, ACTION_DROP) ) - return RULE_TYPE__DROP; + else if ( !strcasecmp(s, Actions::get_string(Actions::DROP)) ) + return Actions::DROP; - else if ( !strcasecmp(s, ACTION_BLOCK) ) - return RULE_TYPE__BLOCK; + else if ( !strcasecmp(s, Actions::get_string(Actions::BLOCK)) ) + return Actions::BLOCK; - else if ( !strcasecmp(s, ACTION_RESET) ) - return RULE_TYPE__RESET; + else if ( !strcasecmp(s, Actions::get_string(Actions::RESET)) ) + return Actions::RESET; - return RULE_TYPE__NONE; + return Actions::NONE; } -void action_execute(RuleType action, Packet* p, const OptTreeNode* otn, +void Actions::execute(Actions::Type action, Packet* p, const OptTreeNode* otn, uint16_t event_id) { switch (action) { - case RULE_TYPE__PASS: + case Actions::PASS: pass(); SetTags(p, otn, event_id); break; - case RULE_TYPE__ALERT: + case Actions::ALERT: alert(p, otn); SetTags(p, otn, event_id); break; - case RULE_TYPE__LOG: + case Actions::LOG: log(p, otn); SetTags(p, otn, event_id); break; - case RULE_TYPE__DROP: + case Actions::DROP: Active::drop_packet(p); alert(p, otn); SetTags(p, otn, event_id); break; - case RULE_TYPE__BLOCK: + case Actions::BLOCK: Active::block_session(p); alert(p, otn); SetTags(p, otn, event_id); break; - case RULE_TYPE__RESET: + case Actions::RESET: Active::reset_session(p); alert(p, otn); SetTags(p, otn, event_id); @@ -139,19 +139,19 @@ void action_execute(RuleType action, Packet* p, const OptTreeNode* otn, } } -void action_apply(RuleType action, Packet* p) +void Actions::apply(Actions::Type action, Packet* p) { switch ( action ) { - case RULE_TYPE__DROP: + case Actions::DROP: Active::drop_packet(p); break; - case RULE_TYPE__BLOCK: + case Actions::BLOCK: Active::block_session(p); break; - case RULE_TYPE__RESET: + case Actions::RESET: Active::reset_session(p); break; diff --git a/src/actions/actions.h b/src/actions/actions.h index 48e9f8e88..28fc910ab 100644 --- a/src/actions/actions.h +++ b/src/actions/actions.h @@ -23,40 +23,28 @@ #include -#define ACTION_LOG "log" -#define ACTION_PASS "pass" -#define ACTION_ALERT "alert" -#define ACTION_DROP "drop" -#define ACTION_BLOCK "block" -#define ACTION_RESET "reset" +#include "main/snort_types.h" struct Packet; struct OptTreeNode; -// FIXIT-L if RuleType is changed, RateFilterModule must be updated -enum RuleType // FIXIT-L convert to a scoped enum +class SO_PUBLIC Actions { - RULE_TYPE__NONE = 0, - RULE_TYPE__LOG, - RULE_TYPE__PASS, - RULE_TYPE__ALERT, - RULE_TYPE__DROP, - RULE_TYPE__BLOCK, - RULE_TYPE__RESET, - RULE_TYPE__MAX -}; - -// FIXIT-L these functions could be static methods of class enclosing RuleType enum -const char* get_action_string(RuleType); -RuleType get_action_type(const char*); +public: + // FIXIT-L if Type is changed, RateFilterModule and type in actions.cc must be updated + enum Type + { NONE = 0, LOG, PASS, ALERT, DROP, BLOCK, RESET, MAX }; -void action_execute(RuleType, struct Packet*, const struct OptTreeNode*, - uint16_t event_id); + static const char* get_string(Type); + static Type get_type(const char*); -void action_apply(RuleType, struct Packet*); + static void execute(Type, struct Packet*, const struct OptTreeNode*, + uint16_t event_id); -inline bool pass_action(RuleType a) -{ return ( a == RULE_TYPE__PASS ); } + static void apply(Type, struct Packet*); + static inline bool is_pass(Type a) + { return ( a == PASS ); } +}; #endif diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc index 9a9abd711..4509936d9 100644 --- a/src/detection/detection_engine.cc +++ b/src/detection/detection_engine.cc @@ -410,7 +410,7 @@ int DetectionEngine::queue_event(const OptTreeNode* otn) return 0; } -int DetectionEngine::queue_event(unsigned gid, unsigned sid, RuleType type) +int DetectionEngine::queue_event(unsigned gid, unsigned sid, Actions::Type type) { OptTreeNode* otn = GetOTN(gid, sid); diff --git a/src/detection/detection_engine.h b/src/detection/detection_engine.h index 50edbfd08..4c3a85fa0 100644 --- a/src/detection/detection_engine.h +++ b/src/detection/detection_engine.h @@ -77,8 +77,8 @@ public: static void inspect(Packet*); static int queue_event(const struct OptTreeNode*); - static int queue_event(unsigned gid, unsigned sid, RuleType = RULE_TYPE__NONE); - + static int queue_event(unsigned gid, unsigned sid, Actions::Type = Actions::NONE); + static void disable_all(Packet*); static bool all_disabled(Packet*); diff --git a/src/detection/detection_util.cc b/src/detection/detection_util.cc index 9f854c00c..3ead2e9d7 100644 --- a/src/detection/detection_util.cc +++ b/src/detection/detection_util.cc @@ -71,7 +71,7 @@ static void LogBuffer(const char* s, const uint8_t* p, unsigned n) void EventTrace_Log(const Packet* p, const OptTreeNode* otn, int action) { - const char* acts = get_action_string((RuleType)action); + const char* acts = Actions::get_string((Actions::Type)action); if ( !tlog ) return; diff --git a/src/detection/fp_detect.cc b/src/detection/fp_detect.cc index 6fb439c6a..e7243671a 100644 --- a/src/detection/fp_detect.cc +++ b/src/detection/fp_detect.cc @@ -107,7 +107,7 @@ static inline void fpLogOther( PacketTracer::log("Event: %u:%u:%u, Action %s\n", otn->sigInfo.gid, otn->sigInfo.sid, otn->sigInfo.rev, - get_action_string((RuleType)action)); + Actions::get_string((Actions::Type)action)); // rule option actions are queued here (eg replace) otn_trigger_actions(otn, p); @@ -128,7 +128,7 @@ int fpLogEvent(const RuleTreeNode* rtn, const OptTreeNode* otn, Packet* p) int action = -1, rateAction = -1; int override, filterEvent = 0; - if ( pass_action(rtn->type) ) + if ( Actions::is_pass(rtn->type) ) p->packet_flags |= PKT_PASS_RULE; if ( otn->stateless ) @@ -151,16 +151,16 @@ int fpLogEvent(const RuleTreeNode* rtn, const OptTreeNode* otn, Packet* p) { // We still want to drop packets that are drop rules. // We just don't want to see the alert. - action_apply(rtn->type, p); + Actions::apply(rtn->type, p); fpLogOther(p, rtn, otn, rtn->type); return 1; } // perform rate filtering tests - impacts action taken rateAction = RateFilter_Test(otn, p); - override = ( rateAction >= RULE_TYPE__MAX ); + override = ( rateAction >= Actions::MAX ); if ( override ) - rateAction -= RULE_TYPE__MAX; + rateAction -= Actions::MAX; // internal events are no-ops if ( (rateAction < 0) && EventIsInternal(otn->sigInfo.gid) ) @@ -194,7 +194,7 @@ int fpLogEvent(const RuleTreeNode* rtn, const OptTreeNode* otn, Packet* p) ** If InlineMode is on, then we still want to drop packets ** that are drop rules. We just don't want to see the alert. */ - action_apply((RuleType)action, p); + Actions::apply((Actions::Type)action, p); fpLogOther(p, rtn, otn, action); pc.event_limit++; return 1; @@ -205,7 +205,7 @@ int fpLogEvent(const RuleTreeNode* rtn, const OptTreeNode* otn, Packet* p) * If its order is lower than 'pass', it should have been passed. * This is consistent with other detection rules */ if ( (p->packet_flags & PKT_PASS_RULE) - &&(SnortConfig::get_eval_index(rtn->type) > SnortConfig::get_eval_index(RULE_TYPE__PASS))) + &&(SnortConfig::get_eval_index(rtn->type) > SnortConfig::get_eval_index(Actions::PASS))) { fpLogOther(p, rtn, otn, rtn->type); return 1; @@ -214,7 +214,7 @@ int fpLogEvent(const RuleTreeNode* rtn, const OptTreeNode* otn, Packet* p) otn->state[get_instance_id()].alerts++; event_id++; - action_execute((RuleType)action, p, otn, event_id); + Actions::execute((Actions::Type)action, p, otn, event_id); fpLogOther(p, rtn, otn, action); return 0; @@ -672,7 +672,7 @@ static inline int fpFinalSelectEvent(OtnxMatchData* o, Packet* p) otn = o->matchInfo[i].MatchArray[j]; rtn = getRtnFromOtn(otn); - if (otn && rtn && pass_action(rtn->type)) + if (otn && rtn && Actions::is_pass(rtn->type)) { /* Already acted on rules, so just don't act on anymore */ if ( tcnt > 0 ) @@ -713,7 +713,7 @@ static inline int fpFinalSelectEvent(OtnxMatchData* o, Packet* p) } /* only log/count one pass */ - if ( otn && rtn && pass_action(rtn->type)) + if ( otn && rtn && Actions::is_pass(rtn->type)) { p->packet_flags |= PKT_PASS_RULE; return 1; diff --git a/src/detection/rules.h b/src/detection/rules.h index 735867e32..0f6aa436b 100644 --- a/src/detection/rules.h +++ b/src/detection/rules.h @@ -61,7 +61,7 @@ struct ListHead struct RuleListNode { ListHead* RuleList; /* The rule list associated with this node */ - RuleType mode; /* the rule mode */ + Actions::Type mode; /* the rule mode */ int evalIndex; /* eval index for this rule set */ char* name; /* name of this rule list */ RuleListNode* next; /* the next RuleListNode */ diff --git a/src/detection/treenodes.h b/src/detection/treenodes.h index 7e8e0c0d0..7c2fd2040 100644 --- a/src/detection/treenodes.h +++ b/src/detection/treenodes.h @@ -148,7 +148,7 @@ struct RuleTreeNode uint32_t flags; /* control flags */ - RuleType type; + Actions::Type type; // reference count from otn. // Multiple OTNs can reference this RTN with the same policy. diff --git a/src/events/event_queue.h b/src/events/event_queue.h index 33cdcfd47..1100a7bd6 100644 --- a/src/events/event_queue.h +++ b/src/events/event_queue.h @@ -38,7 +38,7 @@ struct EventNode { const struct OptTreeNode* otn; const struct RuleTreeNode* rtn; - RuleType type; + Actions::Type type; }; EventQueueConfig* EventQueueConfigNew(); diff --git a/src/filters/sfrf.cc b/src/filters/sfrf.cc index 491c16413..3b5035fa4 100644 --- a/src/filters/sfrf.cc +++ b/src/filters/sfrf.cc @@ -405,7 +405,7 @@ static int SFRF_TestObject( // if the count were not incremented in such cases, the // threshold would never be exceeded. if ( !cfgNode->seconds && dynNode->count > cfgNode->count ) - if ( cfgNode->newAction == RULE_TYPE__DROP ) + if ( cfgNode->newAction == Actions::DROP ) dynNode->count--; #ifdef SFRF_DEBUG @@ -744,7 +744,7 @@ static int _checkThreshold( fflush(stdout); #endif - return RULE_TYPE__MAX + cfgNode->newAction; + return Actions::MAX + cfgNode->newAction; } static void _updateDependentThresholds( diff --git a/src/filters/sfrf.h b/src/filters/sfrf.h index 8eda15f25..5faaca0ba 100644 --- a/src/filters/sfrf.h +++ b/src/filters/sfrf.h @@ -89,7 +89,7 @@ struct tSFRFConfigNode unsigned seconds; // Action that replaces original rule action on reaching threshold - RuleType newAction; + Actions::Type newAction; // Threshold action duration in seconds before reverting to original rule action unsigned timeout; diff --git a/src/filters/sfrf_test.cc b/src/filters/sfrf_test.cc index 9e0e570f4..ed9b16eff 100644 --- a/src/filters/sfrf_test.cc +++ b/src/filters/sfrf_test.cc @@ -909,7 +909,7 @@ static void Init(unsigned cap) cfg.tracking = p->track; cfg.count = p->count; cfg.seconds = p->seconds; - cfg.newAction = (RuleType)RULE_NEW; + cfg.newAction = (Actions::Type)RULE_NEW; cfg.timeout = p->timeout; cfg.applyTo = p->ip ? sfip_var_from_string(p->ip) : nullptr; @@ -950,8 +950,8 @@ static int EventTest(EventData* p) status = SFRF_TestThreshold( rfc, p->gid, p->sid, &sip, &dip, curtime, op); - if ( status >= RULE_TYPE__MAX ) - status -= RULE_TYPE__MAX; + if ( status >= Actions::MAX ) + status -= Actions::MAX; return status; } diff --git a/src/framework/ips_action.h b/src/framework/ips_action.h index f4680308c..bacf2be18 100644 --- a/src/framework/ips_action.h +++ b/src/framework/ips_action.h @@ -76,7 +76,7 @@ typedef void (* ActDelFunc)(IpsAction*); struct ActionApi { BaseApi base; - RuleType type; + Actions::Type type; IpsActFunc pinit; IpsActFunc pterm; diff --git a/src/main/modules.cc b/src/main/modules.cc index 1b16d52c8..1b9c1b021 100644 --- a/src/main/modules.cc +++ b/src/main/modules.cc @@ -1597,7 +1597,7 @@ static const Parameter rate_filter_params[] = "count interval" }, { "new_action", Parameter::PT_ENUM, - // FIXIT-L new_action options must match RuleType and + // FIXIT-L new_action options must match Actions::Type and // should include pluggable actions as well "log | pass | alert | drop | block | reset", "alert", "take this action on future hits until timeout" }, @@ -1661,7 +1661,7 @@ bool RateFilterModule::set(const char*, Value& v, SnortConfig*) thdx.applyTo = sfip_var_from_string(v.get_string()); else if ( v.is("new_action") ) - thdx.newAction = (RuleType)(v.get_long() + 1); + thdx.newAction = (Actions::Type)(v.get_long() + 1); else return false; diff --git a/src/main/snort_config.h b/src/main/snort_config.h index c040f1213..eae9c8ab5 100644 --- a/src/main/snort_config.h +++ b/src/main/snort_config.h @@ -296,7 +296,7 @@ public: int num_rule_types = 0; struct RuleListNode* rule_lists = nullptr; - int evalOrder[RULE_TYPE__MAX + 1]; + int evalOrder[Actions::MAX + 1]; struct FrameworkConfig* framework_config = nullptr; @@ -483,7 +483,7 @@ public: static bool process_all_events() { return get_conf()->event_queue_config->process_all_events; } - static int get_eval_index(RuleType type) + static int get_eval_index(Actions::Type type) { return get_conf()->evalOrder[type]; } static int get_default_rule_state() diff --git a/src/managers/action_manager.cc b/src/managers/action_manager.cc index 9a9ffa470..ee1917a02 100644 --- a/src/managers/action_manager.cc +++ b/src/managers/action_manager.cc @@ -94,14 +94,14 @@ static void store(const ActionApi* api, IpsAction* act) //------------------------------------------------------------------------- -RuleType ActionManager::get_action_type(const char* s) +Actions::Type ActionManager::get_action_type(const char* s) { for ( auto& p : s_actors ) { if ( !strcmp(p.api->base.name, s) ) return p.api->type; } - return RULE_TYPE__NONE; + return Actions::NONE; } void ActionManager::instantiate( diff --git a/src/managers/action_manager.h b/src/managers/action_manager.h index 14378b201..8008b49e2 100644 --- a/src/managers/action_manager.h +++ b/src/managers/action_manager.h @@ -63,7 +63,7 @@ public: static void release_plugins(); static void dump_plugins(); - static RuleType get_action_type(const char*); + static Actions::Type get_action_type(const char*); static void instantiate(const ActionApi*, Module*, SnortConfig*); diff --git a/src/parser/parse_conf.cc b/src/parser/parse_conf.cc index 0be44f434..9373c4d39 100644 --- a/src/parser/parse_conf.cc +++ b/src/parser/parse_conf.cc @@ -191,27 +191,27 @@ static inline int ScLoadAsDropRules() return ( SnortConfig::inline_test_mode() || SnortConfig::adaptor_inline_test_mode() ); } -RuleType get_rule_type(const char* s) +Actions::Type get_rule_type(const char* s) { - RuleType rt = get_action_type(s); + Actions::Type rt = Actions::get_type(s); - if ( rt == RULE_TYPE__NONE ) + if ( rt == Actions::NONE ) rt = ActionManager::get_action_type(s); switch ( rt ) { - case RULE_TYPE__DROP: - case RULE_TYPE__BLOCK: - case RULE_TYPE__RESET: + case Actions::DROP: + case Actions::BLOCK: + case Actions::RESET: if ( SnortConfig::treat_drop_as_alert() ) - return RULE_TYPE__ALERT; + return Actions::ALERT; if ( ScKeepDropRules() || ScLoadAsDropRules() ) return rt; - return RULE_TYPE__NONE; + return Actions::NONE; - case RULE_TYPE__NONE: + case Actions::NONE: ParseError("unknown rule type '%s'", s); break; diff --git a/src/parser/parse_conf.h b/src/parser/parse_conf.h index fbcfb4a23..568ebd2a4 100644 --- a/src/parser/parse_conf.h +++ b/src/parser/parse_conf.h @@ -36,7 +36,7 @@ void parse_include(SnortConfig*, const char*); void AddRuleState(SnortConfig*, const RuleState&); void add_service_to_otn(SnortConfig*, OptTreeNode*, const char*); -RuleType get_rule_type(const char*); +Actions::Type get_rule_type(const char*); ListHead* get_rule_list(SnortConfig*, const char*); #endif diff --git a/src/parser/parse_rule.cc b/src/parser/parse_rule.cc index a677961f5..5099e9e95 100644 --- a/src/parser/parse_rule.cc +++ b/src/parser/parse_rule.cc @@ -1054,7 +1054,7 @@ void parse_rule_type(SnortConfig* sc, const char* s, RuleTreeNode& rtn) memset(&rtn, 0, sizeof(rtn)); rtn.type = get_rule_type(s); - if ( rtn.type == RULE_TYPE__NONE ) + if ( rtn.type == Actions::NONE ) { s_ignore = true; return; diff --git a/src/parser/parser.cc b/src/parser/parser.cc index cd2dba01a..3ec83a0ca 100644 --- a/src/parser/parser.cc +++ b/src/parser/parser.cc @@ -91,12 +91,12 @@ void parser_term(SnortConfig* sc) static void CreateDefaultRules(SnortConfig* sc) { - CreateRuleType(sc, ACTION_LOG, RULE_TYPE__LOG); - CreateRuleType(sc, ACTION_PASS, RULE_TYPE__PASS); - CreateRuleType(sc, ACTION_ALERT, RULE_TYPE__ALERT); - CreateRuleType(sc, ACTION_DROP, RULE_TYPE__DROP); - CreateRuleType(sc, ACTION_BLOCK, RULE_TYPE__BLOCK); - CreateRuleType(sc, ACTION_RESET, RULE_TYPE__RESET); + CreateRuleType(sc, Actions::get_string(Actions::LOG), Actions::LOG); + CreateRuleType(sc, Actions::get_string(Actions::PASS), Actions::PASS); + CreateRuleType(sc, Actions::get_string(Actions::ALERT), Actions::ALERT); + CreateRuleType(sc, Actions::get_string(Actions::DROP), Actions::DROP); + CreateRuleType(sc, Actions::get_string(Actions::BLOCK), Actions::BLOCK); + CreateRuleType(sc, Actions::get_string(Actions::RESET), Actions::RESET); } static void FreeRuleTreeNodes(SnortConfig* sc) @@ -594,7 +594,7 @@ void ParseRules(SnortConfig* sc) * Returns: the ListHead for the rule type * ***************************************************************************/ -ListHead* CreateRuleType(SnortConfig* sc, const char* name, RuleType mode) +ListHead* CreateRuleType(SnortConfig* sc, const char* name, Actions::Type mode) { RuleListNode* node; int evalIndex = 0; diff --git a/src/parser/parser.h b/src/parser/parser.h index 6462e3cdc..a7c38bc06 100644 --- a/src/parser/parser.h +++ b/src/parser/parser.h @@ -78,7 +78,7 @@ inline RuleTreeNode* getRuntimeRtnFromOtn(const struct OptTreeNode* otn) return getRtnFromOtn(otn); } -ListHead* CreateRuleType(SnortConfig* sc, const char* name, RuleType); +ListHead* CreateRuleType(SnortConfig* sc, const char* name, Actions::Type); void FreeRuleTreeNode(RuleTreeNode*); void DestroyRuleTreeNode(RuleTreeNode*); diff --git a/src/service_inspectors/http_inspect/test/http_module_test.cc b/src/service_inspectors/http_inspect/test/http_module_test.cc index 86dff7a33..d8a4b0af1 100644 --- a/src/service_inspectors/http_inspect/test/http_module_test.cc +++ b/src/service_inspectors/http_inspect/test/http_module_test.cc @@ -45,7 +45,7 @@ void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } void show_stats(SimpleStats*, const char*) { } void Value::get_bits(std::bitset<256ul>&) const {} -int DetectionEngine::queue_event(unsigned int, unsigned int, RuleType) { return 0; } +int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { return 0; } int32_t str_to_code(const uint8_t*, const int32_t, const StrCode []) { return 0; } int32_t substr_to_code(const uint8_t*, const int32_t, const StrCode []) { return 0; } diff --git a/src/service_inspectors/http_inspect/test/http_transaction_test.cc b/src/service_inspectors/http_inspect/test/http_transaction_test.cc index c65bd3bc1..24cd375e4 100644 --- a/src/service_inspectors/http_inspect/test/http_transaction_test.cc +++ b/src/service_inspectors/http_inspect/test/http_transaction_test.cc @@ -38,7 +38,7 @@ using namespace HttpEnums; unsigned FlowData::flow_data_id = 0; FlowData::FlowData(unsigned, Inspector*) {} FlowData::~FlowData() {} -int DetectionEngine::queue_event(unsigned int, unsigned int, RuleType) { return 0; } +int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { return 0; } THREAD_LOCAL PegCount HttpModule::peg_counts[1]; fd_status_t File_Decomp_StopFree(fd_session_t*) { return File_Decomp_OK; } diff --git a/src/service_inspectors/http_inspect/test/http_uri_norm_test.cc b/src/service_inspectors/http_inspect/test/http_uri_norm_test.cc index 64815e5b4..f4ab0d81e 100644 --- a/src/service_inspectors/http_inspect/test/http_uri_norm_test.cc +++ b/src/service_inspectors/http_inspect/test/http_uri_norm_test.cc @@ -40,7 +40,7 @@ void show_stats( PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } void show_stats(SimpleStats*, const char*) { } void Value::get_bits(std::bitset<256ul>&) const {} -int DetectionEngine::queue_event(unsigned int, unsigned int, RuleType) { return 0; } +int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { return 0; } HttpJsNorm::HttpJsNorm(int, const HttpParaList::UriParam& uri_param_) : max_javascript_whitespaces(0), uri_param(uri_param_), javascript_search_mpse(nullptr),