"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/flow/flow_key.cc" between
snort3-3.1.28.0.tar.gz and snort3-3.1.29.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

flow_key.cc  (snort3-3.1.28.0):flow_key.cc  (snort3-3.1.29.0)
skipping to change at line 196 skipping to change at line 196
} }
void FlowKey::init_vlan(const SnortConfig* sc, uint16_t vlanId) void FlowKey::init_vlan(const SnortConfig* sc, uint16_t vlanId)
{ {
if (!sc->get_vlan_agnostic()) if (!sc->get_vlan_agnostic())
vlan_tag = vlanId; vlan_tag = vlanId;
else else
vlan_tag = 0; vlan_tag = 0;
} }
void FlowKey::init_address_space(const SnortConfig* sc, uint16_t addrSpaceId) void FlowKey::init_address_space(const SnortConfig* sc, uint32_t addrSpaceId)
{ {
if (!sc->address_space_agnostic()) if (!sc->address_space_agnostic())
addressSpaceId = addrSpaceId; addressSpaceId = addrSpaceId;
else else
addressSpaceId = 0; addressSpaceId = 0;
} }
void FlowKey::init_groups(int16_t ingress_group, int16_t egress_group, bool rev) void FlowKey::init_groups(int16_t ingress_group, int16_t egress_group, bool rev)
{ {
if (flags.group_used) if (flags.group_used)
skipping to change at line 237 skipping to change at line 237
else else
mplsLabel = 0; mplsLabel = 0;
} }
bool FlowKey::init( bool FlowKey::init(
const SnortConfig* sc, const SnortConfig* sc,
PktType type, IpProtocol ip_proto, PktType type, IpProtocol ip_proto,
const SfIp *srcIP, uint16_t srcPort, const SfIp *srcIP, uint16_t srcPort,
const SfIp *dstIP, uint16_t dstPort, const SfIp *dstIP, uint16_t dstPort,
uint16_t vlanId, uint32_t mplsId, uint16_t vlanId, uint32_t mplsId,
uint16_t addrSpaceId, int16_t ingress_group, uint32_t addrSpaceId, int16_t ingress_group,
int16_t egress_group) int16_t egress_group)
{ {
bool reversed; bool reversed;
/* Because the key is going to be used for hash lookups, /* Because the key is going to be used for hash lookups,
* the key fields will be normalized such that the lower * the key fields will be normalized such that the lower
* of the IP addresses is stored in ip_l and the port for * of the IP addresses is stored in ip_l and the port for
* that IP is stored in port_l. * that IP is stored in port_l.
*/ */
skipping to change at line 266 skipping to change at line 266
reversed = init6(ip_proto, srcIP, srcPort, dstIP, dstPort); reversed = init6(ip_proto, srcIP, srcPort, dstIP, dstPort);
} }
pkt_type = type; pkt_type = type;
ip_protocol = (uint8_t)ip_proto; ip_protocol = (uint8_t)ip_proto;
init_vlan(sc, vlanId); init_vlan(sc, vlanId);
init_address_space(sc, addrSpaceId); init_address_space(sc, addrSpaceId);
init_mpls(sc, mplsId); init_mpls(sc, mplsId);
if (ingress_group == DAQ_PKTHDR_UNKNOWN or egress_group == DAQ_PKTHDR_UNKNOW padding = flags.padding_bits = 0;
N)
flags.group_used = 0;
else
flags.group_used = 1;
flags.group_used = (ingress_group != DAQ_PKTHDR_UNKNOWN and egress_group != DAQ_PKTHDR_UNKNOWN);
init_groups(ingress_group, egress_group, reversed); init_groups(ingress_group, egress_group, reversed);
flags.ubits = 0;
return reversed; return reversed;
} }
bool FlowKey::init( bool FlowKey::init(
const SnortConfig* sc, const SnortConfig* sc,
PktType type, IpProtocol ip_proto, PktType type, IpProtocol ip_proto,
const SfIp *srcIP, uint16_t srcPort, const SfIp *srcIP, uint16_t srcPort,
const SfIp *dstIP, uint16_t dstPort, const SfIp *dstIP, uint16_t dstPort,
uint16_t vlanId, uint32_t mplsId, uint16_t vlanId, uint32_t mplsId,
const DAQ_PktHdr_t& pkt_hdr) const DAQ_PktHdr_t& pkt_hdr)
skipping to change at line 311 skipping to change at line 308
reversed = init6(ip_proto, srcIP, srcPort, dstIP, dstPort); reversed = init6(ip_proto, srcIP, srcPort, dstIP, dstPort);
} }
pkt_type = type; pkt_type = type;
ip_protocol = (uint8_t)ip_proto; ip_protocol = (uint8_t)ip_proto;
init_vlan(sc, vlanId); init_vlan(sc, vlanId);
init_address_space(sc, pkt_hdr.address_space_id); init_address_space(sc, pkt_hdr.address_space_id);
init_mpls(sc, mplsId); init_mpls(sc, mplsId);
padding = flags.padding_bits = 0;
flags.group_used = ((pkt_hdr.flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS) != 0); flags.group_used = ((pkt_hdr.flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS) != 0);
init_groups(pkt_hdr.ingress_group, pkt_hdr.egress_group, reversed); init_groups(pkt_hdr.ingress_group, pkt_hdr.egress_group, reversed);
flags.ubits = 0;
return reversed; return reversed;
} }
bool FlowKey::init( bool FlowKey::init(
const SnortConfig* sc, const SnortConfig* sc,
PktType type, IpProtocol ip_proto, PktType type, IpProtocol ip_proto,
const SfIp *srcIP, const SfIp *dstIP, const SfIp *srcIP, const SfIp *dstIP,
uint32_t id, uint16_t vlanId, uint32_t id, uint16_t vlanId,
uint32_t mplsId, uint16_t addrSpaceId, uint32_t mplsId, uint32_t addrSpaceId,
int16_t ingress_group, int16_t egress_group) int16_t ingress_group, int16_t egress_group)
{ {
// to avoid confusing 2 different datagrams or confusing a datagram // to avoid confusing 2 different datagrams or confusing a datagram
// with a session, we don't order the addresses and we set version // with a session, we don't order the addresses and we set version
uint16_t srcPort = id & 0xFFFF; uint16_t srcPort = id & 0xFFFF;
uint16_t dstPort = id >> 16; uint16_t dstPort = id >> 16;
bool reversed; bool reversed;
if (srcIP->is_ip4() && dstIP->is_ip4()) if (srcIP->is_ip4() && dstIP->is_ip4())
skipping to change at line 353 skipping to change at line 349
reversed = init6(ip_proto, srcIP, srcPort, dstIP, dstPort, false); reversed = init6(ip_proto, srcIP, srcPort, dstIP, dstPort, false);
ip_protocol = 0; ip_protocol = 0;
} }
pkt_type = type; pkt_type = type;
init_vlan(sc, vlanId); init_vlan(sc, vlanId);
init_address_space(sc, addrSpaceId); init_address_space(sc, addrSpaceId);
init_mpls(sc, mplsId); init_mpls(sc, mplsId);
if (ingress_group == DAQ_PKTHDR_UNKNOWN or egress_group == DAQ_PKTHDR_UNKNOW padding = flags.padding_bits = 0;
N)
flags.group_used = 0;
else
flags.group_used = 1;
flags.group_used = (ingress_group != DAQ_PKTHDR_UNKNOWN and egress_group != DAQ_PKTHDR_UNKNOWN);
init_groups(ingress_group, egress_group, reversed); init_groups(ingress_group, egress_group, reversed);
flags.ubits = 0;
return false; return false;
} }
bool FlowKey::init( bool FlowKey::init(
const SnortConfig* sc, const SnortConfig* sc,
PktType type, IpProtocol ip_proto, PktType type, IpProtocol ip_proto,
const SfIp *srcIP, const SfIp *dstIP, const SfIp *srcIP, const SfIp *dstIP,
uint32_t id, uint16_t vlanId, uint32_t id, uint16_t vlanId,
uint32_t mplsId, const DAQ_PktHdr_t& pkt_hdr) uint32_t mplsId, const DAQ_PktHdr_t& pkt_hdr)
{ {
skipping to change at line 398 skipping to change at line 390
reversed = init6(ip_proto, srcIP, srcPort, dstIP, dstPort, false); reversed = init6(ip_proto, srcIP, srcPort, dstIP, dstPort, false);
ip_protocol = 0; ip_protocol = 0;
} }
pkt_type = type; pkt_type = type;
init_vlan(sc, vlanId); init_vlan(sc, vlanId);
init_address_space(sc, pkt_hdr.address_space_id); init_address_space(sc, pkt_hdr.address_space_id);
init_mpls(sc, mplsId); init_mpls(sc, mplsId);
padding = flags.padding_bits = 0;
flags.group_used = ((pkt_hdr.flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS) != 0); flags.group_used = ((pkt_hdr.flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS) != 0);
init_groups(pkt_hdr.ingress_group, pkt_hdr.egress_group, reversed); init_groups(pkt_hdr.ingress_group, pkt_hdr.egress_group, reversed);
flags.ubits = 0;
return false; return false;
} }
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
// hash foo // hash foo
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
bool FlowKey::is_equal(const void* s1, const void* s2, size_t) bool FlowKey::is_equal(const void* s1, const void* s2, size_t)
{ {
const uint64_t* a = (const uint64_t*)s1; const uint64_t* a = (const uint64_t*)s1;
const uint64_t* b = (const uint64_t*)s2; const uint64_t* b = (const uint64_t*)s2;
const uint32_t* c;
const uint32_t* d;
if (*a - *b) if (*a - *b)
return false; /* Compares IPv4 lo/hi return false; /* Compares IPv4 lo/hi
Compares IPv6 low[0,1] */ Compares IPv6 low[0,1] */
a++; a++;
b++; b++;
if (*a - *b) if (*a - *b)
return false; /* Compares port lo/hi, vlan, protocol, vers ion return false; /* Compares port lo/hi, vlan, protocol, vers ion
Compares IPv6 low[2,3] */ Compares IPv6 low[2,3] */
skipping to change at line 441 skipping to change at line 431
return false; /* Compares IPv6 hi[0,1] */ return false; /* Compares IPv6 hi[0,1] */
a++; a++;
b++; b++;
if (*a - *b) if (*a - *b)
return false; /* Compares IPv6 hi[2,3] */ return false; /* Compares IPv6 hi[2,3] */
a++; a++;
b++; b++;
if (*a - *b) if (*a - *b)
return false; /* Compares MPLS label, port lo/hi */ return false; /* Compares MPLS label, addressSpaceId */
a++; a++;
b++; b++;
if (*a - *b) if (*a - *b)
return false; /* Compares group lo/hi, addressSpaceId, vla n */ return false; /* Compares port lo/hi, group lo/hi, vlan */
c = (const uint32_t*)(++a); a++;
d = (const uint32_t*)(++b); b++;
if (*c - *d) if (*a - *b)
return false; /* ip_proto, type, version, 8 bit pad */ return false; /* vlan, pad, ip_proto, type, version, flags
*/
return true; return true;
} }
unsigned FlowHashKeyOps::do_hash(const unsigned char* k, int) unsigned FlowHashKeyOps::do_hash(const unsigned char* k, int)
{ {
uint32_t a, b, c; uint32_t a, b, c;
a = b = c = hardener; a = b = c = hardener;
const uint32_t* d = (const uint32_t*)k; const uint32_t* d = (const uint32_t*)k;
skipping to change at line 481 skipping to change at line 471
c += d[5]; // IPv6 hi[1] c += d[5]; // IPv6 hi[1]
mix(a, b, c); mix(a, b, c);
a += d[6]; // IPv6 hi[2] a += d[6]; // IPv6 hi[2]
b += d[7]; // IPv6 hi[3] b += d[7]; // IPv6 hi[3]
c += d[8]; // mpls label c += d[8]; // mpls label
mix(a, b, c); mix(a, b, c);
a += d[9]; // port lo & port hi a += d[9]; // addressSpaceId
b += d[10]; // group lo & group hi b += d[10]; // port lo & port hi
c += d[11]; // addressSpaceId, vlan c += d[11]; // group lo & group hi
mix(a, b, c); mix(a, b, c);
a += d[12]; // ip_proto, pkt_type, version, 8 bits of zeroed pad a += d[12]; // vlan & pad
b += d[13]; // ip_proto, pkt_type, version, flags
finalize(a, b, c); finalize(a, b, c);
return c; return c;
} }
bool FlowHashKeyOps::key_compare(const void* k1, const void* k2, size_t len) bool FlowHashKeyOps::key_compare(const void* k1, const void* k2, size_t len)
{ {
return FlowKey::is_equal(k1, k2, len); return FlowKey::is_equal(k1, k2, len);
} }
 End of changes. 19 change blocks. 
32 lines changed or deleted 22 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)