Snort mailing list archives
Re: Patch for Stream5 TCP direction
From: "Carter Waxman (cwaxman)" <cwaxman () cisco com>
Date: Thu, 20 Feb 2014 14:48:22 +0000
Hi John, What is the issue you are trying to fix? Is there a particular behavior this is causing? -Carter From: John Eure <john.eure () gmail com<mailto:john.eure () gmail com>> Date: Wednesday, February 19, 2014 6:32 PM To: snort-devel <snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>> Subject: [Snort-devel] Patch for Stream5 TCP direction Hello, snort-devel, I've got a patch that fixes a tiny issue with some of the Stream5 TCP API functions. Stream5IsPafActiveTcp() takes a boolean called "to_server", but which actually behaves as if it were "to_client"; I fixed that by swapping the references to the TcpSession->client/server fields inside the function. Stream5ActivatePafTcp() has a similar problem, but there are two variables, one for the StreamTracker and one for the FlushMgr. I switched the FlushMgr references, and I know that's correct, but I left the StreamTracker references alone, and I *think* that's correct, but I'm not sure. I don't use this function in my code anymore, so it's hard for me to verify that everything works correctly, but I know at least the FlushMgr should switch, so I did that. There's also a related function, Stream5GetPAFUserDataTcp(), which was already working correctly, so I left it alone. I've included a few comments that have helped me keep track of which direction is which. And I've updated the http_inspect preprocessor, which was the only one to call stream_api->is_paf_active(), so that it continues to do the right thing. On a related subject, I very much appreciate the recent renaming from SSN_DIR_CLIENT to SSN_DIR_FROM_CLIENT - it helped me find and fix a few issues with my own code. At that point I went through and changed all of my relevant names to have either "s2c" or "c2s" in them (borrowing that terminology from the PAF module), and the result is that my code is now simpler, less buggy, and less prone to cause insanity from trying to figure out what "client" and "server" actually mean when applied to streams. I heartily recommend the practice. :-) Thanks for everything, John Eure
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Patch for Stream5 TCP direction John Eure (Feb 19)
- Re: Patch for Stream5 TCP direction Carter Waxman (cwaxman) (Feb 20)
- Re: Patch for Stream5 TCP direction John Eure (Feb 20)
- Re: Patch for Stream5 TCP direction Russ Combs (rucombs) (Feb 21)
- Re: Patch for Stream5 TCP direction John Eure (Feb 21)
- Re: Patch for Stream5 TCP direction Russ Combs (rucombs) (Feb 24)
- Re: Patch for Stream5 TCP direction John Eure (Feb 25)
- Re: Patch for Stream5 TCP direction John Eure (Feb 20)
- Re: Patch for Stream5 TCP direction Carter Waxman (cwaxman) (Feb 20)