"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/dynamic-preprocessors/appid/service_plugins/service_base.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

[ To the main snort source changes report ]

service_base.c  (snort-2.9.16.1):service_base.c  (snort-2.9.17)
skipping to change at line 2040 skipping to change at line 2040
if (id_state->invalid_client_count >= STATE_ID_INVALID_CLIENT_THRESHOLD) if (id_state->invalid_client_count >= STATE_ID_INVALID_CLIENT_THRESHOLD)
{ {
if (id_state->valid_count <= 1) if (id_state->valid_count <= 1)
{ {
id_state->state = SERVICE_ID_NEW; id_state->state = SERVICE_ID_NEW;
id_state->invalid_client_count = 0; id_state->invalid_client_count = 0;
IP_CLEAR(id_state->last_invalid_client); IP_CLEAR(id_state->last_invalid_client);
id_state->valid_count = 0; id_state->valid_count = 0;
id_state->detract_count = 0; id_state->detract_count = 0;
IP_CLEAR(id_state->last_detract); IP_CLEAR(id_state->last_detract);
id_state->svc = NULL;
} }
else else
{ {
id_state->valid_count--; id_state->valid_count--;
id_state->last_invalid_client = *client_ip; id_state->last_invalid_client = *client_ip;
id_state->invalid_client_count = 0; id_state->invalid_client_count = 0;
#if !defined(SFLINUX) && defined(DAQ_CAPA_VRF) #if !defined(SFLINUX) && defined(DAQ_CAPA_VRF)
id_state->asId = flowp->serviceAsId; id_state->asId = flowp->serviceAsId;
#endif #endif
} }
skipping to change at line 2075 skipping to change at line 2076
if (id_state->detract_count >= STATE_ID_NEEDED_DUPE_DETRACT_COUNT) if (id_state->detract_count >= STATE_ID_NEEDED_DUPE_DETRACT_COUNT)
{ {
if (id_state->valid_count <= 1) if (id_state->valid_count <= 1)
{ {
id_state->state = SERVICE_ID_NEW; id_state->state = SERVICE_ID_NEW;
id_state->invalid_client_count = 0; id_state->invalid_client_count = 0;
IP_CLEAR(id_state->last_invalid_client); IP_CLEAR(id_state->last_invalid_client);
id_state->valid_count = 0; id_state->valid_count = 0;
id_state->detract_count = 0; id_state->detract_count = 0;
IP_CLEAR(id_state->last_detract); IP_CLEAR(id_state->last_detract);
id_state->svc = NULL;
} }
else else
id_state->valid_count--; id_state->valid_count--;
} }
} }
} }
/* In SERVICE_ID_NEW, if port/pattern fails and not in a mid-stream, go to b rute force. */ /* In SERVICE_ID_NEW, if port/pattern fails and not in a mid-stream, go to b rute force. */
else if (id_state->state == SERVICE_ID_NEW && else if (id_state->state == SERVICE_ID_NEW &&
flowp->search_state == SERVICE_ID_PENDING && flowp->search_state == SERVICE_ID_PENDING &&
(sflist_count(flowp->candidate_service_list) == 0) && (sflist_count(flowp->candidate_service_list) == 0) &&
skipping to change at line 2154 skipping to change at line 2156
#if SERVICE_DEBUG_PORT #if SERVICE_DEBUG_PORT
if (flowp->service_port == SERVICE_DEBUG_PORT) if (flowp->service_port == SERVICE_DEBUG_PORT)
#endif #endif
fprintf(SF_DEBUG_FILE, "FailInProcess: State %s for protocol %u on port %u, count %u, %s\n", fprintf(SF_DEBUG_FILE, "FailInProcess: State %s for protocol %u on port %u, count %u, %s\n",
serviceIdStateName[id_state->state], (unsigned)flowp->proto, (un signed)flowp->service_port, serviceIdStateName[id_state->state], (unsigned)flowp->proto, (un signed)flowp->service_port,
id_state->invalid_client_count, (id_state->svc && id_state->svc- >name) ? id_state->svc->name:"UNKNOWN"); id_state->invalid_client_count, (id_state->svc && id_state->svc- >name) ? id_state->svc->name:"UNKNOWN");
#endif #endif
id_state->invalid_client_count += STATE_ID_INCONCLUSIVE_SERVICE_WEIGHT; id_state->invalid_client_count += STATE_ID_INCONCLUSIVE_SERVICE_WEIGHT;
#ifdef TARGET_BASED
tmp_ip = _dpd.sessionAPI->get_session_ip_address(flowp->ssn, SSN_DIR_FROM_SE RVER); tmp_ip = _dpd.sessionAPI->get_session_ip_address(flowp->ssn, SSN_DIR_FROM_SE RVER);
if (sfip_fast_eq6(tmp_ip, &flowp->service_ip)) if (sfip_fast_eq6(tmp_ip, &flowp->service_ip))
tmp_ip = _dpd.sessionAPI->get_session_ip_address(flowp->ssn, SSN_DIR_FRO M_CLIENT); tmp_ip = _dpd.sessionAPI->get_session_ip_address(flowp->ssn, SSN_DIR_FRO M_CLIENT);
#endif
HandleFailure(flowp, id_state, tmp_ip, 0); HandleFailure(flowp, id_state, tmp_ip, 0);
#ifdef SERVICE_DEBUG #ifdef SERVICE_DEBUG
#if SERVICE_DEBUG_PORT #if SERVICE_DEBUG_PORT
if (flowp->service_port == SERVICE_DEBUG_PORT) if (flowp->service_port == SERVICE_DEBUG_PORT)
#endif #endif
fprintf(SF_DEBUG_FILE, "FailInProcess: Changed State to %s for protocol %u on port %u, count %u, %s\n", fprintf(SF_DEBUG_FILE, "FailInProcess: Changed State to %s for protocol %u on port %u, count %u, %s\n",
serviceIdStateName[id_state->state], (unsigned)flowp->proto, (un signed)flowp->service_port, serviceIdStateName[id_state->state], (unsigned)flowp->proto, (un signed)flowp->service_port,
id_state->invalid_client_count, (id_state->svc && id_state->svc- >name) ? id_state->svc->name:"UNKNOWN"); id_state->invalid_client_count, (id_state->svc && id_state->svc- >name) ? id_state->svc->name:"UNKNOWN");
 End of changes. 4 change blocks. 
0 lines changed or deleted 4 lines changed or added
To the C Programs section of the snort source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)