Snort mailing list archives

Patch for Stream5 TCP direction

From: John Eure <john.eure () gmail com>
Date: Wed, 19 Feb 2014 15:32:36 -0800

Hello, snort-devel,

I've got a patch that fixes a tiny issue with some of the Stream5 TCP API
functions.

Stream5IsPafActiveTcp() takes a boolean called "to_server", but which
actually behaves as if it were "to_client"; I fixed that by swapping the
references to the TcpSession->client/server fields inside the function.
Stream5ActivatePafTcp() has a similar problem, but there are two variables,
one for the StreamTracker and one for the FlushMgr.  I switched the
FlushMgr references, and I know that's correct, but I left the
StreamTracker references alone, and I *think* that's correct, but I'm not
sure.  I don't use this function in my code anymore, so it's hard for me to
verify that everything works correctly, but I know at least the FlushMgr
should switch, so I did that.

There's also a related function, Stream5GetPAFUserDataTcp(), which was
already working correctly, so I left it alone.  I've included a few
comments that have helped me keep track of which direction is which.  And
I've updated the http_inspect preprocessor, which was the only one to call
stream_api->is_paf_active(), so that it continues to do the right thing.

On a related subject, I very much appreciate the recent renaming from
SSN_DIR_CLIENT to SSN_DIR_FROM_CLIENT - it helped me find and fix a few
issues with my own code.  At that point I went through and changed all of
my relevant names to have either "s2c" or "c2s" in them (borrowing that
terminology from the PAF module), and the result is that my code is now
simpler, less buggy, and less prone to cause insanity from trying to figure
out what "client" and "server" actually mean when applied to streams.  I
heartily recommend the practice.   :-)

Thanks for everything,
John Eure

Attachment: snort-2960-switch-stream-direction.diff
Description:

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Patch for Stream5 TCP direction John Eure (Feb 19)
- Re: Patch for Stream5 TCP direction Carter Waxman (cwaxman) (Feb 20)
  - Re: Patch for Stream5 TCP direction John Eure (Feb 20)
    - Re: Patch for Stream5 TCP direction Russ Combs (rucombs) (Feb 21)
    - Re: Patch for Stream5 TCP direction John Eure (Feb 21)
    - Re: Patch for Stream5 TCP direction Russ Combs (rucombs) (Feb 24)
    - Re: Patch for Stream5 TCP direction John Eure (Feb 25)