"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/network_inspectors/port_scan/ps_detect.cc" between
snort3-3.1.28.0.tar.gz and snort3-3.1.29.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

ps_detect.cc  (snort3-3.1.28.0):ps_detect.cc  (snort3-3.1.29.0)
skipping to change at line 57 skipping to change at line 57
#include "ps_inspect.h" #include "ps_inspect.h"
#include "ps_pegs.h" #include "ps_pegs.h"
using namespace snort; using namespace snort;
PADDING_GUARD_BEGIN PADDING_GUARD_BEGIN
struct PS_HASH_KEY struct PS_HASH_KEY
{ {
int protocol; int protocol;
SfIp scanner; SfIp scanner;
SfIp scanned;
int16_t group; int16_t group;
uint16_t asid; SfIp scanned;
uint16_t pad;
uint32_t asid;
}; };
PADDING_GUARD_END PADDING_GUARD_END
class PortScanCache : public XHash class PortScanCache : public XHash
{ {
public: public:
PortScanCache(unsigned rows, unsigned key_len, unsigned datasize, unsigned m emcap) PortScanCache(unsigned rows, unsigned key_len, unsigned datasize, unsigned m emcap)
: XHash(rows, key_len, datasize, memcap) : XHash(rows, key_len, datasize, memcap)
{ } { }
skipping to change at line 329 skipping to change at line 330
PS_PKT* ps_pkt, PS_TRACKER** scanner, PS_TRACKER** scanned) PS_PKT* ps_pkt, PS_TRACKER** scanner, PS_TRACKER** scanned)
{ {
PS_HASH_KEY key; PS_HASH_KEY key;
Packet* p = (Packet*)ps_pkt->pkt; Packet* p = (Packet*)ps_pkt->pkt;
if (ps_get_proto(ps_pkt, &key.protocol) == -1) if (ps_get_proto(ps_pkt, &key.protocol) == -1)
return false; return false;
ps_pkt->proto = key.protocol; ps_pkt->proto = key.protocol;
key.asid = p->pkth->address_space_id; key.asid = p->pkth->address_space_id;
key.pad = 0;
/* /*
** Let's lookup the host that is being scanned, taking into account ** Let's lookup the host that is being scanned, taking into account
** the pkt may be reversed. ** the pkt may be reversed.
*/ */
if (config->detect_scan_type & if (config->detect_scan_type &
(PS_TYPE_PORTSCAN | PS_TYPE_DECOYSCAN | PS_TYPE_DISTPORTSCAN)) (PS_TYPE_PORTSCAN | PS_TYPE_DECOYSCAN | PS_TYPE_DISTPORTSCAN))
{ {
key.scanner.clear(); key.scanner.clear();
 End of changes. 3 change blocks. 
2 lines changed or deleted 4 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)