]>
Commit | Line | Data |
---|---|---|
be1d9b13 | 1 | //-------------------------------------------------------------------------- |
5ad5de33 | 2 | // Copyright (C) 2016-2023 Cisco and/or its affiliates. All rights reserved. |
be1d9b13 TP |
3 | // |
4 | // This program is free software; you can redistribute it and/or modify it | |
5 | // under the terms of the GNU General Public License Version 2 as published | |
6 | // by the Free Software Foundation. You may not use, modify or distribute | |
7 | // this program under any other version of the GNU General Public License. | |
8 | // | |
9 | // This program is distributed in the hope that it will be useful, but | |
10 | // WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
12 | // General Public License for more details. | |
13 | // | |
14 | // You should have received a copy of the GNU General Public License along | |
15 | // with this program; if not, write to the Free Software Foundation, Inc., | |
16 | // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
17 | //-------------------------------------------------------------------------- | |
18 | ||
19 | // appid_mock_session.h author davis mcpherson <davmcphe@cisco.com> | |
20 | ||
3d760936 RC |
21 | #ifndef APPID_MOCK_SESSION_H |
22 | #define APPID_MOCK_SESSION_H | |
be1d9b13 | 23 | |
b60fde2f SR |
24 | #include "flow/ha.h" |
25 | ||
25b2cb6f | 26 | #include "appid_dns_session.h" |
be1d9b13 | 27 | #include "appid_mock_flow.h" |
103cd505 | 28 | #include "appid_mock_http_session.h" |
a831f4b9 | 29 | #include "appid_mock_inspector.h" |
be1d9b13 TP |
30 | |
31 | bool is_session_decrypted = false; | |
32 | ||
33 | char const* APPID_UT_TLS_HOST = "vpn.topsecret.com"; | |
34 | char const* APPID_UT_SERVICE_IP_ADDR = "192.168.0.2"; | |
35 | char const* APPID_UT_INITIATOR_IP_ADDR = "192.168.0.3"; | |
36 | ||
be1d9b13 TP |
37 | char const* APPID_ID_UT_DNS_HOST = "delphi.opendns.com"; |
38 | #define APPID_UT_DNS_HOST_OFFSET 22 | |
39 | #define APPID_UT_DNS_PATTERN_CNAME_REC 5 | |
40 | #define APPID_UT_DNS_NOERROR 0 | |
41 | #define APPID_UT_DNS_TTL 5 | |
42 | ||
43 | const char* test_app_name = "testapp_1492"; | |
44 | const AppId APPID_UT_ID = 1492; | |
45 | const short APPID_UT_SERVICE_PORT = 1066; | |
46 | const char* APPID_UT_USERNAME = "pigpen"; | |
47 | const char* APPID_UT_CLIENT_VERSION = "a snorting client"; | |
48 | const char* APPID_UT_SERVICE = "at your service"; | |
49 | const char* APPID_UT_SERVICE_VENDOR = "cisco snorty"; | |
50 | const char* APPID_UT_SERVICE_VERSION = "Version City"; | |
51 | ||
52 | AppIdServiceSubtype APPID_UT_SERVICE_SUBTYPE = { nullptr, APPID_UT_SERVICE, | |
53 | APPID_UT_SERVICE_VENDOR, | |
54 | APPID_UT_SERVICE_VERSION }; | |
55 | ||
4252e4ec | 56 | unsigned AppIdSession::inspector_id = 0; |
c2950e94 SR |
57 | std::mutex AppIdSession::inferred_svcs_lock; |
58 | uint16_t AppIdSession::inferred_svcs_ver = 0; | |
99d13aa9 | 59 | uint32_t OdpContext::next_version = 0; |
be1d9b13 | 60 | |
25b2cb6f MA |
61 | class MockAppIdDnsSession : public AppIdDnsSession |
62 | { | |
63 | public: | |
64 | MockAppIdDnsSession() | |
65 | { | |
bafa88da | 66 | host = (const char*) APPID_ID_UT_DNS_HOST; |
25b2cb6f MA |
67 | host_offset = APPID_UT_DNS_HOST_OFFSET; |
68 | record_type = APPID_UT_DNS_PATTERN_CNAME_REC; | |
69 | response_type = APPID_UT_DNS_NOERROR; | |
70 | ttl = APPID_UT_DNS_TTL; | |
71 | } | |
72 | }; | |
73 | ||
a524ad57 | 74 | AppIdConfig::~AppIdConfig() = default; |
25f69c51 | 75 | OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { } |
0265b2ea | 76 | |
b60fde2f SR |
77 | void FlowHAState::add(uint8_t) { } |
78 | ||
0265b2ea SR |
79 | static AppIdConfig stub_config; |
80 | static AppIdContext stub_ctxt(stub_config); | |
81 | static OdpContext stub_odp_ctxt(stub_config, nullptr); | |
82 | OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt; | |
eb170c4c | 83 | AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t, AppIdInspector& inspector, |
2a0742e1 | 84 | OdpContext&, uint32_t, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config), |
eb170c4c | 85 | protocol(proto), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) |
be1d9b13 | 86 | { |
7b79c237 | 87 | this->set_session_flags(APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED); |
99d13aa9 | 88 | odp_ctxt_version = odp_ctxt.get_version(); |
afe0a782 | 89 | set_service_port(APPID_UT_SERVICE_PORT); |
6a23d341 | 90 | AppidChangeBits change_bits; |
be1d9b13 | 91 | |
ce7f33c5 | 92 | set_client_user(APPID_UT_ID, APPID_UT_USERNAME, change_bits); |
704c6709 | 93 | set_client_version(APPID_UT_CLIENT_VERSION, change_bits); |
be1d9b13 | 94 | |
7d36e3ec | 95 | set_service_vendor(APPID_UT_SERVICE_VENDOR, change_bits); |
704c6709 | 96 | set_service_version(APPID_UT_SERVICE_VERSION, change_bits); |
7d36e3ec | 97 | add_service_subtype(*(new AppIdServiceSubtype(APPID_UT_SERVICE_SUBTYPE)), change_bits); |
be1d9b13 | 98 | |
be1d9b13 | 99 | tsession = new TlsSession; |
be1d9b13 | 100 | |
afe0a782 SR |
101 | SfIp svc_ip; |
102 | svc_ip.pton(AF_INET, APPID_UT_SERVICE_IP_ADDR); | |
103 | set_service_ip(svc_ip); | |
704c6709 | 104 | api.initiator_ip.pton(AF_INET, APPID_UT_INITIATOR_IP_ADDR); |
be1d9b13 | 105 | |
704c6709 | 106 | api.dsession = new MockAppIdDnsSession; |
be1d9b13 | 107 | tp_app_id = APPID_UT_ID; |
eb170c4c | 108 | set_service_id(APPID_UT_ID + 1, odp_ctxt); |
96e924be | 109 | client_inferred_service_id = APPID_UT_ID + 2; |
704c6709 SR |
110 | set_port_service_id(APPID_UT_ID + 3); |
111 | set_payload_id(APPID_UT_ID + 4); | |
be1d9b13 | 112 | tp_payload_app_id = APPID_UT_ID + 5; |
704c6709 | 113 | set_client_id(APPID_UT_ID + 6); |
be1d9b13 TP |
114 | misc_app_id = APPID_UT_ID + 7; |
115 | } | |
116 | ||
117 | AppIdSession::~AppIdSession() | |
118 | { | |
be1d9b13 | 119 | delete tsession; |
be1d9b13 TP |
120 | } |
121 | ||
34c7f938 | 122 | void* AppIdSession::get_flow_data(unsigned) const |
be1d9b13 TP |
123 | { |
124 | return nullptr; | |
125 | } | |
126 | ||
39505d41 | 127 | int AppIdSession::add_flow_data(void*, unsigned, AppIdFreeFCN) |
be1d9b13 | 128 | { |
be1d9b13 TP |
129 | return 0; |
130 | } | |
131 | ||
34c7f938 | 132 | AppId AppIdSession::pick_service_app_id() const |
be1d9b13 | 133 | { |
704c6709 | 134 | return get_service_id(); |
be1d9b13 TP |
135 | } |
136 | ||
34c7f938 | 137 | AppId AppIdSession::pick_ss_misc_app_id() const |
be1d9b13 | 138 | { |
6a23d341 | 139 | return misc_app_id; |
be1d9b13 TP |
140 | } |
141 | ||
34c7f938 | 142 | AppId AppIdSession::pick_ss_client_app_id() const |
be1d9b13 | 143 | { |
a80c988b | 144 | if (get_eve_client_app_id() > APP_ID_NONE and get_client_id() <= APP_ID_NONE) |
49e17530 | 145 | { |
a80c988b SR |
146 | api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_TLS_FP); |
147 | return get_eve_client_app_id(); | |
49e17530 SR |
148 | } |
149 | else | |
150 | { | |
a80c988b | 151 | api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_APPID); |
49e17530 SR |
152 | return get_client_id(); |
153 | } | |
be1d9b13 TP |
154 | } |
155 | ||
34c7f938 | 156 | AppId AppIdSession::pick_ss_payload_app_id() const |
be1d9b13 | 157 | { |
704c6709 | 158 | return get_payload_id(); |
be1d9b13 TP |
159 | } |
160 | ||
34c7f938 | 161 | AppId AppIdSession::pick_ss_referred_payload_app_id() const |
be1d9b13 TP |
162 | { |
163 | return APPID_UT_ID; | |
164 | } | |
165 | ||
e26358e9 | 166 | AppIdHttpSession* AppIdSession::create_http_session(int64_t) |
25b2cb6f | 167 | { |
2c7c87b9 | 168 | AppIdHttpSession* hsession = new MockAppIdHttpSession(*this); |
659b66a7 SR |
169 | AppidChangeBits change_bits; |
170 | ||
2c7c87b9 | 171 | hsession->client.set_id(APPID_UT_ID); |
e1bb0d1f SR |
172 | hsession->client.set_version(APPID_UT_CLIENT_VERSION); |
173 | change_bits.set(APPID_CLIENT_INFO_BIT); | |
2c7c87b9 SR |
174 | hsession->payload.set_id(APPID_UT_ID); |
175 | hsession->misc_app_id = APPID_UT_ID; | |
176 | hsession->referred_payload_app_id = APPID_UT_ID; | |
704c6709 | 177 | api.hsessions.push_back(hsession); |
25b2cb6f MA |
178 | return hsession; |
179 | } | |
180 | ||
e26358e9 | 181 | AppIdHttpSession* AppIdSession::get_matching_http_session(int64_t stream_id) const |
730e6c9a | 182 | { |
e26358e9 | 183 | for (uint64_t stream_index=0; stream_index < api.hsessions.size(); stream_index++) |
730e6c9a | 184 | { |
e26358e9 | 185 | if (stream_id == api.hsessions[stream_index]->get_httpx_stream_id()) |
704c6709 | 186 | return api.hsessions[stream_index]; |
730e6c9a SR |
187 | } |
188 | return nullptr; | |
189 | } | |
190 | ||
7666fdd4 | 191 | AppIdDnsSession* AppIdSession::create_dns_session() |
25b2cb6f | 192 | { |
704c6709 SR |
193 | if ( !api.dsession ) |
194 | api.dsession = new MockAppIdDnsSession(); | |
195 | return api.dsession; | |
25b2cb6f MA |
196 | } |
197 | ||
34c7f938 | 198 | AppIdDnsSession* AppIdSession::get_dns_session() const |
7666fdd4 | 199 | { |
704c6709 | 200 | return api.dsession; |
7666fdd4 SR |
201 | } |
202 | ||
3ea06dbe | 203 | bool AppIdSession::is_tp_appid_done() const |
7fd491e7 MS |
204 | { |
205 | return true; | |
206 | } | |
207 | ||
3ea06dbe | 208 | bool AppIdSession::is_tp_appid_available() const |
7fd491e7 | 209 | { |
58f81b64 | 210 | return true; |
7fd491e7 MS |
211 | } |
212 | ||
be1d9b13 TP |
213 | #endif |
214 |