"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/decode.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

decode.c  (snort-2.9.16.1):decode.c  (snort-2.9.17)
skipping to change at line 621 skipping to change at line 621
{ {
for( i = 0; i < DECODE_INDEX_MAX; i++ ) for( i = 0; i < DECODE_INDEX_MAX; i++ )
decodeRulesArray[i] = ( value != 0 ); decodeRulesArray[i] = ( value != 0 );
} }
else if ( sid < DECODE_INDEX_MAX ) else if ( sid < DECODE_INDEX_MAX )
{ {
decodeRulesArray[sid] = ( value != 0 ); decodeRulesArray[sid] = ( value != 0 );
} }
} }
static ThrottleInfo log_throttleInfo = {0, 60, 0, 100};
// this must be called iff the layer is successfully decoded because, when // this must be called iff the layer is successfully decoded because, when
// enabled, the normalizer assumes that the encoding is structurally sound // enabled, the normalizer assumes that the encoding is structurally sound
static inline void PushLayer(PROTO_ID type, Packet* p, const uint8_t* hdr, uint3 2_t len) static inline void PushLayer(PROTO_ID type, Packet* p, const uint8_t* hdr, uint3 2_t len)
{ {
if ( p->next_layer < LAYER_MAX ) if ( p->next_layer < LAYER_MAX )
{ {
Layer* lyr = p->layers + p->next_layer++; Layer* lyr = p->layers + p->next_layer++;
lyr->proto = type; lyr->proto = type;
lyr->start = (uint8_t*)hdr; lyr->start = (uint8_t*)hdr;
lyr->length = (uint16_t)len; lyr->length = (uint16_t)len;
} }
else else
{ {
LogMessage("(snort_decoder) WARNING: decoder got too many layers;" LogThrottledByTimeCount(&log_throttleInfo,
" next proto is %u.\n", type); "(snort_decoder) WARNING: Too many levels for decoding;"
"next proto is %u.\n", type);
SnortEventqAdd(GENERATOR_SNORT_DECODE,
DECODE_DECODING_DEPTH_EXCEEDED,
1,
0,
1,
DECODE_DECODING_DEPTH_EXCEEDED_STR,
NULL);
pc.alert_pkts++;
} }
} }
//-------------------------------------------------------------------- //--------------------------------------------------------------------
// decode.c::ARP // decode.c::ARP
//-------------------------------------------------------------------- //--------------------------------------------------------------------
/* /*
* Function: DecodeARP(uint8_t *, uint32_t, Packet *) * Function: DecodeARP(uint8_t *, uint32_t, Packet *)
* *
skipping to change at line 1304 skipping to change at line 1315
* ScMplsPayloadCheck * ScMplsPayloadCheck
* checkMplsHdr and * checkMplsHdr and
* ScMplsPayloadType * ScMplsPayloadType
* *
* must be revisited for performance and payload type checks as against, * must be revisited for performance and payload type checks as against,
* static assignment from SnortConfig: sc->mpls_payload_type * static assignment from SnortConfig: sc->mpls_payload_type
*/ */
iRet = ScMplsPayloadCheck(*(uint8_t *)tmpMplsHdr, iRet); iRet = ScMplsPayloadCheck(*(uint8_t *)tmpMplsHdr, iRet);
#endif #endif
p->non_ip_pkt = 1;
switch (iRet) switch (iRet)
{ {
case MPLS_PAYLOADTYPE_IPV4: case MPLS_PAYLOADTYPE_IPV4:
DecodeIP((uint8_t *)tmpMplsHdr, mlen, p); DecodeIP((uint8_t *)tmpMplsHdr, mlen, p);
break; break;
case MPLS_PAYLOADTYPE_IPV6: case MPLS_PAYLOADTYPE_IPV6:
DecodeIPV6((uint8_t *)tmpMplsHdr, mlen, p); DecodeIPV6((uint8_t *)tmpMplsHdr, mlen, p);
break; break;
skipping to change at line 6057 skipping to change at line 6070
case TCPOPT_CC_NEW: case TCPOPT_CC_NEW:
code = OptLenValidate(option_ptr, end_ptr, len_ptr, TCPOLEN_CC, code = OptLenValidate(option_ptr, end_ptr, len_ptr, TCPOLEN_CC,
&p->tcp_options[opt_count], &byte_skip); &p->tcp_options[opt_count], &byte_skip);
break; break;
case TCPOPT_TRAILER_CSUM: case TCPOPT_TRAILER_CSUM:
experimental_option_found = 1; experimental_option_found = 1;
code = OptLenValidate(option_ptr, end_ptr, len_ptr, TCPOLEN_TRAILER_ CSUM, code = OptLenValidate(option_ptr, end_ptr, len_ptr, TCPOLEN_TRAILER_ CSUM,
&p->tcp_options[opt_count], &byte_skip); &p->tcp_options[opt_count], &byte_skip);
break; break;
case TCPOPT_TFO:
code = OptLenValidate(option_ptr, end_ptr, len_ptr, -1,
&p->tcp_options[opt_count], &byte_skip);
break;
case TCPOPT_TIMESTAMP: case TCPOPT_TIMESTAMP:
code = OptLenValidate(option_ptr, end_ptr, len_ptr, TCPOLEN_TIMESTAM P, code = OptLenValidate(option_ptr, end_ptr, len_ptr, TCPOLEN_TIMESTAM P,
&p->tcp_options[opt_count], &byte_skip); &p->tcp_options[opt_count], &byte_skip);
break; break;
case TCPOPT_SKEETER: case TCPOPT_SKEETER:
case TCPOPT_BUBBA: case TCPOPT_BUBBA:
case TCPOPT_UNASSIGNED: case TCPOPT_UNASSIGNED:
obsolete_option_found = 1; obsolete_option_found = 1;
code = OptLenValidate(option_ptr, end_ptr, len_ptr, -1, code = OptLenValidate(option_ptr, end_ptr, len_ptr, -1,
 End of changes. 4 change blocks. 
2 lines changed or deleted 20 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)