"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/service_inspectors/netflow/netflow_module.cc" between
snort3-3.1.31.0.tar.gz and snort3-3.1.32.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

netflow_module.cc  (snort3-3.1.31.0):netflow_module.cc  (snort3-3.1.32.0)
skipping to change at line 25 skipping to change at line 25
// with this program; if not, write to the Free Software Foundation, Inc., // with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// netflow_module.cc author Shashikant Lad <shaslad@cisco.com> // netflow_module.cc author Shashikant Lad <shaslad@cisco.com>
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
#include "config.h" #include "config.h"
#endif #endif
#include <fstream>
#include <iostream>
#include <sstream>
#include <string>
#include "netflow_module.h" #include "netflow_module.h"
#include "utils/util.h" #include "utils/util.h"
using namespace snort; using namespace snort;
// ----------------------------------------------------------------------------- // -----------------------------------------------------------------------------
// static variables // static variables
// ----------------------------------------------------------------------------- // -----------------------------------------------------------------------------
static const Parameter device_rule_params[] = static const Parameter device_rule_params[] =
skipping to change at line 74 skipping to change at line 79
{ "rules", Parameter::PT_LIST, device_rule_params, nullptr, { "rules", Parameter::PT_LIST, device_rule_params, nullptr,
"list of NetFlow device rules" }, "list of NetFlow device rules" },
{ "flow_memcap", Parameter::PT_INT, "0:maxSZ", "0", { "flow_memcap", Parameter::PT_INT, "0:maxSZ", "0",
"maximum memory for flow record cache in bytes, 0 = unlimited" }, "maximum memory for flow record cache in bytes, 0 = unlimited" },
{ "template_memcap", Parameter::PT_INT, "0:maxSZ", "0", { "template_memcap", Parameter::PT_INT, "0:maxSZ", "0",
"maximum memory for template cache in bytes, 0 = unlimited" }, "maximum memory for template cache in bytes, 0 = unlimited" },
{ "netflow_service_id_path", Parameter::PT_STRING, nullptr, nullptr,
"path to file containing service IDs for NetFlow" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
}; };
static const PegInfo netflow_pegs[] = static const PegInfo netflow_pegs[] =
{ {
LRU_CACHE_LOCAL_PEGS("netflow"), LRU_CACHE_LOCAL_PEGS("netflow"),
{ CountType::SUM, "invalid_netflow_record", "count of invalid netflow record s" }, { CountType::SUM, "invalid_netflow_record", "count of invalid netflow record s" },
{ CountType::SUM, "packets", "total packets processed" }, { CountType::SUM, "packets", "total packets processed" },
{ CountType::SUM, "records", "total records found in netflow data" }, { CountType::SUM, "records", "total records found in netflow data" },
{ CountType::SUM, "unique_flows", "count of unique netflow flows" }, { CountType::SUM, "unique_flows", "count of unique netflow flows" },
skipping to change at line 207 skipping to change at line 215
is_exclude_rule = v.get_bool(); is_exclude_rule = v.get_bool();
} }
else if ( v.is("create_host") ) else if ( v.is("create_host") )
{ {
rule_cfg.create_host = v.get_bool(); rule_cfg.create_host = v.get_bool();
} }
else if ( v.is("create_service") ) else if ( v.is("create_service") )
{ {
rule_cfg.create_service = v.get_bool(); rule_cfg.create_service = v.get_bool();
} }
else if ( v.is("netflow_service_id_path") )
{
parse_service_id_file(v.get_string());
}
return true; return true;
} }
void NetflowModule::parse_service_id_file(const std::string& serv_id_file_path)
{
std::string serv_line;
std::ifstream serv_id_file;
serv_id_file.open(serv_id_file_path);
if ( serv_id_file.is_open() )
{
while ( std::getline(serv_id_file, serv_line) )
{
std::stringstream ss(serv_line);
std::vector<std::string> tokens;
std::string tmp_str;
while( std::getline(ss, tmp_str, '\t') )
tokens.push_back(tmp_str);
// Format is <port> <tcp/udp> <internal ID>
uint16_t srv_port = std::stoi(tokens[0]);
std::string proto_str = tokens[1];
uint16_t id = std::stoi(tokens[2]);
if ( proto_str == "tcp" )
tcp_service_mappings[srv_port] = id;
else if ( proto_str == "udp" )
udp_service_mappings[srv_port] = id;
}
}
}
PegCount* NetflowModule::get_counts() const PegCount* NetflowModule::get_counts() const
{ return (PegCount*)&netflow_stats; } { return (PegCount*)&netflow_stats; }
const PegInfo* NetflowModule::get_pegs() const const PegInfo* NetflowModule::get_pegs() const
{ return netflow_pegs; } { return netflow_pegs; }
ProfileStats* NetflowModule::get_profile() const ProfileStats* NetflowModule::get_profile() const
{ return &netflow_perf_stats; } { return &netflow_perf_stats; }
 End of changes. 4 change blocks. 
0 lines changed or deleted 43 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)