is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.
| decode.c (snort-2.9.16.1) | : | decode.c (snort-2.9.17) |
|---|
| | |
| skipping to change at line 621 | | skipping to change at line 621 |
|---|
| { | | { |
| for( i = 0; i < DECODE_INDEX_MAX; i++ ) | | for( i = 0; i < DECODE_INDEX_MAX; i++ ) |
| decodeRulesArray[i] = ( value != 0 ); | | decodeRulesArray[i] = ( value != 0 ); |
| } | | } |
| else if ( sid < DECODE_INDEX_MAX ) | | else if ( sid < DECODE_INDEX_MAX ) |
| { | | { |
| decodeRulesArray[sid] = ( value != 0 ); | | decodeRulesArray[sid] = ( value != 0 ); |
| } | | } |
| } | | } |
| | |
|
| | static ThrottleInfo log_throttleInfo = {0, 60, 0, 100}; |
| | |
| // this must be called iff the layer is successfully decoded because, when | | // this must be called iff the layer is successfully decoded because, when |
| // enabled, the normalizer assumes that the encoding is structurally sound | | // enabled, the normalizer assumes that the encoding is structurally sound |
| static inline void PushLayer(PROTO_ID type, Packet* p, const uint8_t* hdr, uint3
2_t len) | | static inline void PushLayer(PROTO_ID type, Packet* p, const uint8_t* hdr, uint3
2_t len) |
| { | | { |
| if ( p->next_layer < LAYER_MAX ) | | if ( p->next_layer < LAYER_MAX ) |
| { | | { |
| Layer* lyr = p->layers + p->next_layer++; | | Layer* lyr = p->layers + p->next_layer++; |
| lyr->proto = type; | | lyr->proto = type; |
| lyr->start = (uint8_t*)hdr; | | lyr->start = (uint8_t*)hdr; |
| lyr->length = (uint16_t)len; | | lyr->length = (uint16_t)len; |
| } | | } |
| else | | else |
| { | | { |
|
| LogMessage("(snort_decoder) WARNING: decoder got too many layers;" | | LogThrottledByTimeCount(&log_throttleInfo, |
| " next proto is %u.\n", type); | | "(snort_decoder) WARNING: Too many levels for decoding;" |
| | "next proto is %u.\n", type); |
| | SnortEventqAdd(GENERATOR_SNORT_DECODE, |
| | DECODE_DECODING_DEPTH_EXCEEDED, |
| | 1, |
| | 0, |
| | 1, |
| | DECODE_DECODING_DEPTH_EXCEEDED_STR, |
| | NULL); |
| | pc.alert_pkts++; |
| } | | } |
| } | | } |
| | |
| //-------------------------------------------------------------------- | | //-------------------------------------------------------------------- |
| // decode.c::ARP | | // decode.c::ARP |
| //-------------------------------------------------------------------- | | //-------------------------------------------------------------------- |
| | |
| /* | | /* |
| * Function: DecodeARP(uint8_t *, uint32_t, Packet *) | | * Function: DecodeARP(uint8_t *, uint32_t, Packet *) |
| * | | * |
| | |
| skipping to change at line 1304 | | skipping to change at line 1315 |
|---|
| * ScMplsPayloadCheck | | * ScMplsPayloadCheck |
| * checkMplsHdr and | | * checkMplsHdr and |
| * ScMplsPayloadType | | * ScMplsPayloadType |
| * | | * |
| * must be revisited for performance and payload type checks as against, | | * must be revisited for performance and payload type checks as against, |
| * static assignment from SnortConfig: sc->mpls_payload_type | | * static assignment from SnortConfig: sc->mpls_payload_type |
| */ | | */ |
| iRet = ScMplsPayloadCheck(*(uint8_t *)tmpMplsHdr, iRet); | | iRet = ScMplsPayloadCheck(*(uint8_t *)tmpMplsHdr, iRet); |
| #endif | | #endif |
| | |
|
| | p->non_ip_pkt = 1; |
| | |
| switch (iRet) | | switch (iRet) |
| { | | { |
| case MPLS_PAYLOADTYPE_IPV4: | | case MPLS_PAYLOADTYPE_IPV4: |
| DecodeIP((uint8_t *)tmpMplsHdr, mlen, p); | | DecodeIP((uint8_t *)tmpMplsHdr, mlen, p); |
| break; | | break; |
| | |
| case MPLS_PAYLOADTYPE_IPV6: | | case MPLS_PAYLOADTYPE_IPV6: |
| DecodeIPV6((uint8_t *)tmpMplsHdr, mlen, p); | | DecodeIPV6((uint8_t *)tmpMplsHdr, mlen, p); |
| break; | | break; |
| | |
| | |
| skipping to change at line 6057 | | skipping to change at line 6070 |
|---|
| case TCPOPT_CC_NEW: | | case TCPOPT_CC_NEW: |
| code = OptLenValidate(option_ptr, end_ptr, len_ptr, TCPOLEN_CC, | | code = OptLenValidate(option_ptr, end_ptr, len_ptr, TCPOLEN_CC, |
| &p->tcp_options[opt_count], &byte_skip); | | &p->tcp_options[opt_count], &byte_skip); |
| break; | | break; |
| case TCPOPT_TRAILER_CSUM: | | case TCPOPT_TRAILER_CSUM: |
| experimental_option_found = 1; | | experimental_option_found = 1; |
| code = OptLenValidate(option_ptr, end_ptr, len_ptr, TCPOLEN_TRAILER_
CSUM, | | code = OptLenValidate(option_ptr, end_ptr, len_ptr, TCPOLEN_TRAILER_
CSUM, |
| &p->tcp_options[opt_count], &byte_skip); | | &p->tcp_options[opt_count], &byte_skip); |
| break; | | break; |
| | |
|
| | case TCPOPT_TFO: |
| | code = OptLenValidate(option_ptr, end_ptr, len_ptr, -1, |
| | &p->tcp_options[opt_count], &byte_skip); |
| | break; |
| | |
| case TCPOPT_TIMESTAMP: | | case TCPOPT_TIMESTAMP: |
| code = OptLenValidate(option_ptr, end_ptr, len_ptr, TCPOLEN_TIMESTAM
P, | | code = OptLenValidate(option_ptr, end_ptr, len_ptr, TCPOLEN_TIMESTAM
P, |
| &p->tcp_options[opt_count], &byte_skip); | | &p->tcp_options[opt_count], &byte_skip); |
| break; | | break; |
| | |
| case TCPOPT_SKEETER: | | case TCPOPT_SKEETER: |
| case TCPOPT_BUBBA: | | case TCPOPT_BUBBA: |
| case TCPOPT_UNASSIGNED: | | case TCPOPT_UNASSIGNED: |
| obsolete_option_found = 1; | | obsolete_option_found = 1; |
| code = OptLenValidate(option_ptr, end_ptr, len_ptr, -1, | | code = OptLenValidate(option_ptr, end_ptr, len_ptr, -1, |
| | | |
| End of changes. 4 change blocks. |
|---|
| 2 lines changed or deleted | | 20 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 