"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/service_inspectors/http_inspect/http_stream_splitter_scan.cc" between
snort3-3.1.36.0.tar.gz and snort3-3.1.38.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

http_stream_splitter_scan.cc  (snort3-3.1.36.0):http_stream_splitter_scan.cc  (snort3-3.1.38.0)
skipping to change at line 27 skipping to change at line 27
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// http_stream_splitter_scan.cc author Tom Peters <thopeter@cisco.com> // http_stream_splitter_scan.cc author Tom Peters <thopeter@cisco.com>
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
#include "config.h" #include "config.h"
#endif #endif
#include "http_stream_splitter.h" #include "http_stream_splitter.h"
#include "packet_io/active.h" #include "packet_io/active.h"
#include "protocols/packet.h"
#include "http_common.h" #include "http_common.h"
#include "http_cutter.h" #include "http_cutter.h"
#include "http_enum.h" #include "http_enum.h"
#include "http_inspect.h" #include "http_inspect.h"
#include "http_module.h" #include "http_module.h"
#include "http_msg_section.h" #include "http_msg_section.h"
#include "http_test_input.h" #include "http_test_input.h"
using namespace snort; using namespace snort;
skipping to change at line 131 skipping to change at line 132
{ {
return StreamSplitter::FLUSH; return StreamSplitter::FLUSH;
} }
#endif #endif
return ret_val; return ret_val;
} }
StreamSplitter::Status HttpStreamSplitter::scan(Packet* pkt, const uint8_t* data , uint32_t length, StreamSplitter::Status HttpStreamSplitter::scan(Packet* pkt, const uint8_t* data , uint32_t length,
uint32_t, uint32_t* flush_offset) uint32_t, uint32_t* flush_offset)
{ {
Profile profile(HttpModule::get_profile_stats()); return scan(pkt->flow, data, length, flush_offset);
}
Flow* const flow = pkt->flow; StreamSplitter::Status HttpStreamSplitter::scan(Flow* flow, const uint8_t* data,
uint32_t length,
uint32_t* flush_offset)
{
Profile profile(HttpModule::get_profile_stats());
// This is the session state information we share with HttpInspect and store with stream. A // This is the session state information we share with HttpInspect and store with stream. A
// session is defined by a TCP connection. Since scan() is the first to see a new TCP // session is defined by a TCP connection. Since scan() is the first to see a new TCP
// connection the new flow data object is created here. // connection the new flow data object is created here.
HttpFlowData* session_data = HttpInspect::http_get_flow_data(flow); HttpFlowData* session_data = HttpInspect::http_get_flow_data(flow);
if (session_data == nullptr) if (session_data == nullptr)
{ {
HttpInspect::http_set_flow_data(flow, session_data = new HttpFlowData(fl ow)); HttpInspect::http_set_flow_data(flow, session_data = new HttpFlowData(fl ow));
HttpModule::increment_peg_counts(PEG_FLOW); HttpModule::increment_peg_counts(PEG_FLOW);
skipping to change at line 234 skipping to change at line 239
if ((type == SEC_STATUS) && if ((type == SEC_STATUS) &&
(session_data->expected_trans_num[SRC_SERVER] == session_data->zero_nine _expected)) (session_data->expected_trans_num[SRC_SERVER] == session_data->zero_nine _expected))
{ {
// 0.9 response is a body that runs to connection end with no headers. // 0.9 response is a body that runs to connection end with no headers.
// Processing this imaginary empty headers allows // Processing this imaginary empty headers allows
// us to overcome this limitation and reuse the entire HTTP infrastructu re. // us to overcome this limitation and reuse the entire HTTP infrastructu re.
session_data->version_id[source_id] = VERS_0_9; session_data->version_id[source_id] = VERS_0_9;
session_data->status_code_num = 200; session_data->status_code_num = 200;
HttpModule::increment_peg_counts(PEG_RESPONSE); HttpModule::increment_peg_counts(PEG_RESPONSE);
prepare_flush(session_data, nullptr, SEC_HEADER, 0, 0, 0, false, 0, 0); prepare_flush(session_data, nullptr, SEC_HEADER, 0, 0, 0, false, 0, 0);
my_inspector->process((const uint8_t*)"", 0, flow, SRC_SERVER, false); my_inspector->process((const uint8_t*)"", 0, flow, SRC_SERVER, false, nu llptr);
session_data->transaction[SRC_SERVER]->clear_section(); session_data->transaction[SRC_SERVER]->clear_section();
} }
HttpCutter*& cutter = session_data->cutter[source_id]; HttpCutter*& cutter = session_data->cutter[source_id];
if (cutter == nullptr) if (cutter == nullptr)
{ {
cutter = get_cutter(type, session_data); cutter = get_cutter(type, session_data);
} }
const uint32_t max_length = MAX_OCTETS - cutter->get_octets_seen(); const uint32_t max_length = MAX_OCTETS - cutter->get_octets_seen();
 End of changes. 4 change blocks. 
3 lines changed or deleted 9 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)