is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.
| detection_options.c (snort-2.9.16.1) | : | detection_options.c (snort-2.9.17) |
|---|
| | |
| skipping to change at line 1011 | | skipping to change at line 1011 |
|---|
| int pattern_size = 0; | | int pattern_size = 0; |
| int eval_rtn_result = 1; | | int eval_rtn_result = 1; |
| int check_ports = 1; | | int check_ports = 1; |
| OptTreeNode *otn = (OptTreeNode*) node->option_data; | | OptTreeNode *otn = (OptTreeNode*) node->option_data; |
| PatternMatchData *pmd = (PatternMatchData*) eval_data->pmd; | | PatternMatchData *pmd = (PatternMatchData*) eval_data->pmd; |
| | |
| if (pmd) | | if (pmd) |
| pattern_size = pmd->pattern_size; | | pattern_size = pmd->pattern_size; |
| | |
| // See "detection_leaf_node.c" (detection_leaf_node_eval). | | // See "detection_leaf_node.c" (detection_leaf_node_eval). |
|
| | #ifdef TARGET_BASED |
| switch (detection_leaf_node_eval (node, eval_data)) | | switch (detection_leaf_node_eval (node, eval_data)) |
| { | | { |
| case Leaf_Abort: | | case Leaf_Abort: |
| eval_rtn_result = 0; | | eval_rtn_result = 0; |
| break; | | break; |
| | |
| case Leaf_SkipPorts: | | case Leaf_SkipPorts: |
| check_ports = 0; | | check_ports = 0; |
| // fall through | | // fall through |
| | |
| case Leaf_CheckPorts: | | case Leaf_CheckPorts: |
| NODE_PROFILE_TMPEND(node); | | NODE_PROFILE_TMPEND(node); |
| eval_rtn_result = fpEvalRTN (getRuntimeRtnFromOtn (o
tn), eval_data->p, check_ports); | | eval_rtn_result = fpEvalRTN (getRuntimeRtnFromOtn (o
tn), eval_data->p, check_ports); |
| NODE_PROFILE_TMPSTART(node); | | NODE_PROFILE_TMPSTART(node); |
| break; | | break; |
| } | | } |
|
| | #endif |
| | |
| if (eval_rtn_result) | | if (eval_rtn_result) |
| { | | { |
| if ((!otn->detection_filter) || | | if ((!otn->detection_filter) || |
| !detection_filter_test( | | !detection_filter_test( |
| otn->detection_filter, | | otn->detection_filter, |
| GET_SRC_IP(eval_data->p), GET_DST_IP(eval_data-
>p), | | GET_SRC_IP(eval_data->p), GET_DST_IP(eval_data-
>p), |
| eval_data->p->pkth->ts.tv_sec, eval_data)) | | eval_data->p->pkth->ts.tv_sec, eval_data)) |
| { | | { |
| #ifdef PERF_PROFILING | | #ifdef PERF_PROFILING |
| | |
| skipping to change at line 1292 | | skipping to change at line 1294 |
|---|
| * don't need to be evaluated again, so don't need to | | * don't need to be evaluated again, so don't need to |
| * evaluate this option again */ | | * evaluate this option again */ |
| continue; | | continue; |
| } | | } |
| } | | } |
| | |
| child_node->result = detection_option_node_evaluate(node->childr
en[i], eval_data); | | child_node->result = detection_option_node_evaluate(node->childr
en[i], eval_data); |
| if (child_node->option_type == RULE_OPTION_TYPE_LEAF_NODE) | | if (child_node->option_type == RULE_OPTION_TYPE_LEAF_NODE) |
| { | | { |
| /* Leaf node won't have any children but will return success | | /* Leaf node won't have any children but will return success |
|
| * or failure */ | | * or failure; regardless we must count them here */ |
| result += child_node->result; | | result += 1; |
| } | | } |
| else if (child_node->result == child_node->num_children) | | else if (child_node->result == child_node->num_children) |
| { | | { |
| /* Indicate that the child's tree branches are done */ | | /* Indicate that the child's tree branches are done */ |
| result++; | | result++; |
| } | | } |
| #ifdef PPM_MGR | | #ifdef PPM_MGR |
| if( PPM_PKTS_ENABLED() ) | | if( PPM_PKTS_ENABLED() ) |
| { | | { |
| PPM_GET_TIME(); | | PPM_GET_TIME(); |
| | | |
| End of changes. 3 change blocks. |
|---|
| 2 lines changed or deleted | | 4 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 