"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/detection/detection_engine.cc" between
snort3-3.1.29.0.tar.gz and snort3-3.1.30.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

detection_engine.cc  (snort3-3.1.29.0):detection_engine.cc  (snort3-3.1.30.0)
skipping to change at line 44 skipping to change at line 44
#include "main/snort_debug.h" #include "main/snort_debug.h"
#include "main/thread.h" #include "main/thread.h"
#include "managers/inspector_manager.h" #include "managers/inspector_manager.h"
#include "managers/mpse_manager.h" #include "managers/mpse_manager.h"
#include "packet_io/active.h" #include "packet_io/active.h"
#include "packet_tracer/packet_tracer.h" #include "packet_tracer/packet_tracer.h"
#include "parser/parser.h" #include "parser/parser.h"
#include "profiler/profiler_defs.h" #include "profiler/profiler_defs.h"
#include "protocols/packet.h" #include "protocols/packet.h"
#include "stream/stream.h" #include "stream/stream.h"
#include "time/packet_time.h"
#include "utils/stats.h" #include "utils/stats.h"
#include "context_switcher.h" #include "context_switcher.h"
#include "detection_module.h" #include "detection_module.h"
#include "detection_util.h" #include "detection_util.h"
#include "detect.h" #include "detect.h"
#include "detect_trace.h" #include "detect_trace.h"
#include "fp_config.h" #include "fp_config.h"
#include "fp_detect.h" #include "fp_detect.h"
#include "ips_context.h" #include "ips_context.h"
skipping to change at line 134 skipping to change at line 135
c->alt_data.len = 0; // FIXIT-L need context::reset() c->alt_data.len = 0; // FIXIT-L need context::reset()
} }
IpsContext* DetectionEngine::get_context() IpsContext* DetectionEngine::get_context()
{ return Analyzer::get_switcher()->get_context(); } { return Analyzer::get_switcher()->get_context(); }
SF_EVENTQ* DetectionEngine::get_event_queue() SF_EVENTQ* DetectionEngine::get_event_queue()
{ return Analyzer::get_switcher()->get_context()->equeue; } { return Analyzer::get_switcher()->get_context()->equeue; }
Packet* DetectionEngine::get_current_packet() Packet* DetectionEngine::get_current_packet()
{ return Analyzer::get_switcher()->get_context()->packet; } {
const IpsContext* c = Analyzer::get_switcher()->get_context();
assert(c);
return c->packet;
}
Packet* DetectionEngine::get_current_wire_packet() Packet* DetectionEngine::get_current_wire_packet()
{ return Analyzer::get_switcher()->get_context()->wire_packet; } {
const IpsContext* c = Analyzer::get_switcher()->get_context();
assert(c);
return c->wire_packet;
}
void DetectionEngine::set_encode_packet(Packet* p) void DetectionEngine::set_encode_packet(Packet* p)
{ Analyzer::get_switcher()->get_context()->encode_packet = p; } { Analyzer::get_switcher()->get_context()->encode_packet = p; }
Packet* DetectionEngine::get_encode_packet() Packet* DetectionEngine::get_encode_packet()
{ return Analyzer::get_switcher()->get_context()->encode_packet; } { return Analyzer::get_switcher()->get_context()->encode_packet; }
// we need to stay in the current context until rebuild is successful // we need to stay in the current context until rebuild is successful
// any events while rebuilding will be logged against the current packet // any events while rebuilding will be logged against the current packet
// however, rebuild is always in the next context, not current. // however, rebuild is always in the next context, not current.
Packet* DetectionEngine::set_next_packet(Packet* parent, Flow* flow) Packet* DetectionEngine::set_next_packet(const Packet* parent, Flow* flow)
{ {
static THREAD_LOCAL Active shutdown_active; static THREAD_LOCAL Active shutdown_active;
static THREAD_LOCAL ActiveAction* shutdown_action = nullptr; static THREAD_LOCAL ActiveAction* shutdown_action = nullptr;
wait_for_context(); wait_for_context();
IpsContext* c = Analyzer::get_switcher()->get_next(); IpsContext* c = Analyzer::get_switcher()->get_next();
Packet* p = c->packet; Packet* p = c->packet;
if ( parent ) if ( parent )
skipping to change at line 173 skipping to change at line 182
c->wire_packet = parent->context->wire_packet; c->wire_packet = parent->context->wire_packet;
} }
else else
{ {
if ( flow ) if ( flow )
p->context->snapshot_flow(flow); p->context->snapshot_flow(flow);
c->packet_number = get_packet_number(); c->packet_number = get_packet_number();
c->wire_packet = nullptr; c->wire_packet = nullptr;
} }
packet_gettimeofday(&c->pkth->ts);
p->pkth = c->pkth; p->pkth = c->pkth;
p->data = c->buf; p->data = c->buf;
p->pkt = c->buf; p->pkt = c->buf;
// normal rebuild // normal rebuild
if ( parent ) if ( parent )
{ {
p->daq_msg = parent->daq_msg; p->daq_msg = parent->daq_msg;
p->daq_instance = parent->daq_instance; p->daq_instance = parent->daq_instance;
p->active = parent->active; p->active = parent->active;
skipping to change at line 207 skipping to change at line 217
{ {
p->daq_msg = nullptr; p->daq_msg = nullptr;
p->daq_instance = nullptr; p->daq_instance = nullptr;
p->action = &shutdown_action; p->action = &shutdown_action;
p->active = &shutdown_active; p->active = &shutdown_active;
shutdown_active.reset(); shutdown_active.reset();
} }
p->reset(); p->reset();
p->packet_flags |= PKT_WAS_SET;
if ( parent ) if ( parent )
p->packet_flags |= PKT_HAS_PARENT; p->packet_flags |= PKT_HAS_PARENT;
return p; return p;
} }
void DetectionEngine::finish_inspect_with_latency(Packet* p) void DetectionEngine::finish_inspect_with_latency(Packet* p)
{ {
DetectionEngine::set_check_tags(); DetectionEngine::set_check_tags();
 End of changes. 6 change blocks. 
3 lines changed or deleted 15 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)