odp_ctxt.allow_port_wildcard_host_cache = true;
}
}
+ else if (!(strcasecmp(conf_key, "allow_port_wildcard_firstpkt_cache")))
+ {
+ if (!(strcasecmp(conf_val, "enabled")))
+ {
+ odp_ctxt.allow_port_wildcard_firstpkt_cache = true;
+ }
+ }
else if (!(strcasecmp(conf_key, "recheck_for_portservice_appid")))
{
if (!(strcasecmp(conf_val, "enabled")))
APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_interval %d\n", host_port_app_cache_lookup_interval);
APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: host_port_app_cache_lookup_range %d\n", host_port_app_cache_lookup_range);
APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: allow_port_wildcard_host_cache %s\n", (allow_port_wildcard_host_cache ? "True" : "False"));
+ APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: allow_port_wildcard_firstpkt_cache %s\n", (allow_port_wildcard_firstpkt_cache ? "True" : "False"));
APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: recheck_for_portservice_appid %s\n", (recheck_for_portservice_appid ? "True" : "False"));
APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_bytes_before_service_fail %" PRIu64" \n", max_bytes_before_service_fail);
APPID_LOG(nullptr, TRACE_INFO_LEVEL, "Appid Config: max_packet_before_service_fail %" PRIu16" \n", max_packet_before_service_fail);
bool need_reinspection = false;
bool tp_allow_probes = false;
bool allow_port_wildcard_host_cache = false;
+ bool allow_port_wildcard_firstpkt_cache = false;
bool recheck_for_portservice_appid = false;
bool eve_http_client = true;
bool appid_cpu_profiler = true;
uint8_t brute_force_inprocess_threshold = DEFAULT_BRUTE_FORCE_INPROCESS_STATE_THRESHOLD;
uint16_t max_packet_before_service_fail = DEFAULT_MAX_PKTS_BEFORE_SERVICE_FAIL;
uint16_t max_packet_service_fail_ignore_bytes = DEFAULT_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES;
- AppId first_pkt_service_id = 0;
- AppId first_pkt_payload_id = 0;
- AppId first_pkt_client_id = 0;
uint32_t chp_body_collection_max = 0;
uint32_t rtmp_max_packets = 15;
uint32_t max_tp_flow_depth = 5;
uint32_t failed_state_expiration_secs = DEFAULT_FAILED_STATE_EXPIRATION_SECS;
uint32_t host_port_app_cache_lookup_interval = 10;
uint32_t host_port_app_cache_lookup_range = 100000;
- uint64_t max_bytes_before_service_fail = DEFAULT_MAX_BYTES_BEFORE_SERVICE_FAIL;
- FirstPktAppIdDiscovered first_pkt_appid_prefix = NO_APPID_FOUND;
-
+ uint64_t max_bytes_before_service_fail = DEFAULT_MAX_BYTES_BEFORE_SERVICE_FAIL;
OdpContext(const AppIdConfig&, snort::SnortConfig*);
void initialize(AppIdInspector& inspector);
if (hv)
{
const char *service_app_name = nullptr, *client_app_name = nullptr, *payload_app_name = nullptr;
- asd.get_odp_ctxt().first_pkt_appid_prefix = NO_APPID_FOUND;
+ asd.first_pkt_appid_prefix = NO_APPID_FOUND;
if (hv->client_appId)
{
client_id = hv->client_appId;
client_app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(client_id);
- asd.get_odp_ctxt().first_pkt_client_id = client_id;
- asd.get_odp_ctxt().first_pkt_appid_prefix = FIRST_CLIENT_APPID_FOUND;
+ asd.first_pkt_client_id = client_id;
+ asd.first_pkt_appid_prefix = FIRST_CLIENT_APPID_FOUND;
}
if (hv->protocol_appId)
{
service_id = hv->protocol_appId;
service_app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
- asd.get_odp_ctxt().first_pkt_service_id = service_id;
+ asd.first_pkt_service_id = service_id;
- if (asd.get_odp_ctxt().first_pkt_appid_prefix == FIRST_CLIENT_APPID_FOUND)
+ if (asd.first_pkt_appid_prefix == FIRST_CLIENT_APPID_FOUND)
{
- asd.get_odp_ctxt().first_pkt_appid_prefix = FIRST_SERVICE_CLIENT_APPID_FOUND;
+ asd.first_pkt_appid_prefix = FIRST_SERVICE_CLIENT_APPID_FOUND;
}
else
{
- asd.get_odp_ctxt().first_pkt_appid_prefix = FIRST_SERVICE_APPID_FOUND;
+ asd.first_pkt_appid_prefix = FIRST_SERVICE_APPID_FOUND;
}
}
if (hv->web_appId)
{
payload_id = hv->web_appId;
payload_app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(payload_id);
- asd.get_odp_ctxt().first_pkt_payload_id = payload_id;
+ asd.first_pkt_payload_id = payload_id;
- if (asd.get_odp_ctxt().first_pkt_appid_prefix == FIRST_CLIENT_APPID_FOUND)
+ if (asd.first_pkt_appid_prefix == FIRST_CLIENT_APPID_FOUND)
{
- asd.get_odp_ctxt().first_pkt_appid_prefix = FIRST_CLIENT_PAYLOAD_APPID_FOUND;
+ asd.first_pkt_appid_prefix = FIRST_CLIENT_PAYLOAD_APPID_FOUND;
}
- else if (asd.get_odp_ctxt().first_pkt_appid_prefix == FIRST_SERVICE_APPID_FOUND)
+ else if (asd.first_pkt_appid_prefix == FIRST_SERVICE_APPID_FOUND)
{
- asd.get_odp_ctxt().first_pkt_appid_prefix = FIRST_SERVICE_PAYLOAD_APPID_FOUND;
+ asd.first_pkt_appid_prefix = FIRST_SERVICE_PAYLOAD_APPID_FOUND;
}
- else if (asd.get_odp_ctxt().first_pkt_appid_prefix == FIRST_SERVICE_CLIENT_APPID_FOUND)
+ else if (asd.first_pkt_appid_prefix == FIRST_SERVICE_CLIENT_APPID_FOUND)
{
- asd.get_odp_ctxt().first_pkt_appid_prefix = FIRST_ALL_APPID_FOUND;
+ asd.first_pkt_appid_prefix = FIRST_ALL_APPID_FOUND;
}
else
{
- asd.get_odp_ctxt().first_pkt_appid_prefix = FIRST_PAYLOAD_APPID_FOUND;
+ asd.first_pkt_appid_prefix = FIRST_PAYLOAD_APPID_FOUND;
}
}
asd.get_odp_ctxt().need_reinspection = hv->reinspect;
- switch (asd.get_odp_ctxt().first_pkt_appid_prefix)
+ switch (asd.first_pkt_appid_prefix)
{
case FIRST_PAYLOAD_APPID_FOUND :
service_id = payload_id;
service_app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
- asd.get_odp_ctxt().first_pkt_appid_prefix = FIRST_SERVICE_PAYLOAD_APPID_FOUND;
- asd.get_odp_ctxt().first_pkt_service_id = service_id;
+ asd.first_pkt_appid_prefix = FIRST_SERVICE_PAYLOAD_APPID_FOUND;
+ asd.first_pkt_service_id = service_id;
break;
case FIRST_CLIENT_APPID_FOUND :
service_id = client_id;
service_app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
- asd.get_odp_ctxt().first_pkt_appid_prefix = FIRST_SERVICE_CLIENT_APPID_FOUND;
- asd.get_odp_ctxt().first_pkt_service_id = service_id;
+ asd.first_pkt_appid_prefix = FIRST_SERVICE_CLIENT_APPID_FOUND;
+ asd.first_pkt_service_id = service_id;
break;
case FIRST_CLIENT_PAYLOAD_APPID_FOUND :
service_id = client_id;
service_app_name = asd.get_odp_ctxt().get_app_info_mgr().get_app_name(service_id);
- asd.get_odp_ctxt().first_pkt_appid_prefix = FIRST_ALL_APPID_FOUND;
- asd.get_odp_ctxt().first_pkt_service_id = service_id;
+ asd.first_pkt_appid_prefix = FIRST_ALL_APPID_FOUND;
+ asd.first_pkt_service_id = service_id;
break;
case NO_APPID_FOUND :
{
if ((rval = api.service.get_id()) > APP_ID_NONE)
return rval;
- else if (odp_ctxt.first_pkt_service_id > APP_ID_NONE)
- return odp_ctxt.first_pkt_service_id;
+ else if (first_pkt_service_id > APP_ID_NONE)
+ return first_pkt_service_id;
else
rval = APP_ID_UNKNOWN;
}
- else if (odp_ctxt.first_pkt_service_id > APP_ID_NONE)
- return odp_ctxt.first_pkt_service_id;
+ else if (first_pkt_service_id > APP_ID_NONE)
+ return first_pkt_service_id;
}
else
{
if (api.service.get_id() > APP_ID_NONE and !deferred)
return api.service.get_id();
- if (odp_ctxt.first_pkt_service_id > APP_ID_NONE)
- return odp_ctxt.first_pkt_service_id;
+ if (first_pkt_service_id > APP_ID_NONE)
+ return first_pkt_service_id;
if (is_tp_appid_available())
{
}
else if (tp_app_id > APP_ID_NONE)
return tp_app_id;
- else if (odp_ctxt.first_pkt_service_id > APP_ID_NONE)
- return odp_ctxt.first_pkt_service_id;
+ else if (first_pkt_service_id > APP_ID_NONE)
+ return first_pkt_service_id;
}
if (client_inferred_service_id > APP_ID_NONE)
return api.client.get_id();
}
- if (odp_ctxt.first_pkt_client_id > APP_ID_NONE)
+ if (first_pkt_client_id > APP_ID_NONE)
{
api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_APPID);
- return odp_ctxt.first_pkt_client_id;
+ return first_pkt_client_id;
}
api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_APPID);
if (get_session_flags(APPID_SESSION_FIRST_PKT_CACHE_MATCHED) and
(api.payload.get_id() <= APP_ID_NONE))
{
- if ((odp_ctxt.first_pkt_payload_id > APP_ID_NONE) and (tp_payload_app_id > APP_ID_NONE))
+ if ((first_pkt_payload_id > APP_ID_NONE) and (tp_payload_app_id > APP_ID_NONE))
{
return tp_payload_app_id;
}
return api.payload.get_id();
else if (tp_payload_app_id > APP_ID_NONE)
return tp_payload_app_id;
- else if (odp_ctxt.first_pkt_payload_id > APP_ID_NONE)
- return odp_ctxt.first_pkt_payload_id;
+ else if (first_pkt_payload_id > APP_ID_NONE)
+ return first_pkt_payload_id;
}
else
return tmp_id;
if (encrypted.payload_id > APP_ID_NONE)
return encrypted.payload_id;
- if (odp_ctxt.first_pkt_payload_id > APP_ID_NONE)
- return odp_ctxt.first_pkt_payload_id;
+ if (first_pkt_payload_id > APP_ID_NONE)
+ return first_pkt_payload_id;
// APP_ID_UNKNOWN is valid only for HTTP type services
if (tmp_id == APP_ID_UNKNOWN)
uint16_t session_packet_count = 0;
uint16_t init_pkts_without_reply = 0;
uint64_t init_bytes_without_reply = 0;
+ AppId first_pkt_service_id = 0;
+ AppId first_pkt_payload_id = 0;
+ AppId first_pkt_client_id = 0;
+ FirstPktAppIdDiscovered first_pkt_appid_prefix = NO_APPID_FOUND;
+
IpProtocol protocol = IpProtocol::PROTO_NOT_SET;
uint8_t previous_tcp_flags = 0;
const HostAppIdsVal* HostPortCache::find_on_first_pkt(const SfIp* ip, uint16_t port, IpProtocol protocol,
const OdpContext& odp_ctxt)
{
- uint16_t lookup_port = (odp_ctxt.allow_port_wildcard_host_cache)? 0 : port;
+ uint16_t lookup_port = (odp_ctxt.allow_port_wildcard_firstpkt_cache)? 0 : port;
if (!cache_first_ip.empty())
{
assert(inspector);
const AppIdContext& ctxt = inspector->get_ctxt();
- hk.port = (ctxt.get_odp_ctxt().allow_port_wildcard_host_cache)? 0 : port;
+ hk.port = (ctxt.get_odp_ctxt().allow_port_wildcard_firstpkt_cache)? 0 : port;
hk.proto = proto;
hv.protocol_appId = protocol_appId;
assert(inspector);
const AppIdContext& ctxt = inspector->get_ctxt();
- hk.port = (ctxt.get_odp_ctxt().allow_port_wildcard_host_cache)? 0 : port;
+ hk.port = (ctxt.get_odp_ctxt().allow_port_wildcard_firstpkt_cache)? 0 : port;
hk.proto = proto;
hv.protocol_appId = protocol_appId;
/* If we're still working on a port/pattern list of detectors, then ignore
* individual fails until we're done looking at everything. */
- if ((asd.get_odp_ctxt().first_pkt_service_id > APP_ID_NONE) or (!asd.service_detector && !asd.service_candidates.empty()))
+ if ((asd.first_pkt_service_id > APP_ID_NONE) or (!asd.service_detector && !asd.service_candidates.empty()))
return APPID_SUCCESS;
asd.set_service_id(APP_ID_NONE, asd.get_odp_ctxt());
projects / thirdparty / snort3.git / commitdiff
