}
data = appSharedDataAlloc(proto, cliIp);
- if (data)
- data->common.policyId = appIdPolicyId;
+ data->common.policyId = appIdPolicyId;
// FIXIT - expect session control packet support not ported to snort3 yet
//node = (flags & APPID_EARLY_SESSION_FLAG_FW_RULE) ? &ctrlPkt->expectedSession : nullptr;
const PegInfo appid_pegs[] =
{
{ "packet_count", "count of packets processed by appid" },
- { "dns_udp_count", "count of dns flows over udp discovered" },
- { "dns_tcp_count", "count of dns flows over tcp discovered" },
- { "smtp_count", "count of smtp flows discovered" },
- { "smtps_count", "count of smtps flows discovered" },
+ { "dns_udp_count", "count of dns flows over udp discovered by appid" },
+ { "dns_tcp_count", "count of dns flows over tcp discovered by appid" },
+ { "ftp_count", "count of ftp flows discovered by appid" },
+ { "ftps_count", "count of ftps flows discovered by appid" },
+ { "smtp_count", "count of smtp flows discovered by appid" },
+ { "smtps_count", "count of smtps flows discovered by appid" },
+ { "telnet_count", "count of telnet flows discovered by appid" },
{ nullptr, nullptr }
};
PegCount packet_count;
PegCount dns_udp_count;
PegCount dns_tcp_count;
+ PegCount ftp_count;
+ PegCount ftps_count;
PegCount smtp_count;
PegCount smtps_count;
+ PegCount telnet_count;
};
extern THREAD_LOCAL AppIdStats appid_stats;
}
tmp = snprintf(&buffer[position], MAX_DISPLAY_SIZE-position,
"----------------------------------------------\n");
- if (tmp >= MAX_DISPLAY_SIZE-position)
- position = MAX_DISPLAY_SIZE;
- else if (tmp > 0)
- position += tmp;
DebugFormat(DEBUG_LOG,"%s\n",buffer);
}
{
ClientSMTPData* fd;
const uint8_t* end;
- unsigned len;
#if UNIT_TESTING
SMTPState currState = SMTP_STATE_NONE;
-
#endif
fd = (ClientSMTPData*)smtp_client_mod.api->data_get(flowp, smtp_client_mod.flow_data_index);
switch (fd->state)
{
case SMTP_STATE_HELO:
- len = end - data;
if (*data == HELO[fd->pos])
{
fd->pos++;
else
goto done;
break;
+
case SMTP_STATE_RCPT_TO:
if (*data == RCPTTO[fd->pos])
{
}
}
break;
+
case SMTP_STATE_MESSAGE:
if (*data == '.')
{
- len = end - data;
+ unsigned len = end - data;
if (len == 0 ||
(len >= 1 && data[1] == 0x0A) ||
(len >= 2 && data[1] == 0x0D && data[2] == 0x0A))
return 0;
}
-AppId getAppIdFromUrl(char* host, char* url, char** version,
- char* referer, AppId* ClientAppId, AppId* serviceAppId,
- AppId* payloadAppId, AppId* referredPayloadAppId, unsigned from_rtmp,
- const DetectorHttpConfig* pHttpConfig)
+AppId getAppIdFromUrl(char* host, char* url, char** version, char* referer, AppId* ClientAppId,
+ AppId* serviceAppId, AppId* payloadAppId, AppId* referredPayloadAppId,
+ unsigned from_rtmp, const DetectorHttpConfig* pHttpConfig)
{
char* path;
char* referer_start;
url_len = strlen(url);
}
else
- {
url_len = 0;
- }
if (!host)
{
- host_len = url_len;
-
temp_host = host = snort_strdup(url);
host = strchr(host, '/');
if (host != nullptr)
- {
*host = '\0';
- }
host = temp_host;
}
host_len = strlen(host);
size_t appVersionSize
)
{
- const uint8_t* index, * endKey;
+ const uint8_t* index;
+ const uint8_t* endKey;
const uint8_t* queryEnd;
uint32_t extractedSize;
uint32_t copySize = 0;
if (!userPattern->pattern || !packetData->pattern)
return 0;
- /*queryEnd is 1 past the end. */
+ // queryEnd is 1 past the end. key1=value1&key2=value2
queryEnd = packetData->pattern + packetData->patternSize;
- index = packetData->pattern;
- endKey = queryEnd;
-
- /*?key1=value1&key2=value2 */
- for (index = packetData->pattern; index < queryEnd; index = endKey+1)
+ for (index = packetData->pattern; index < queryEnd; index = endKey + 1)
{
/*find end of query tuple */
endKey = (const uint8_t*)memchr (index, '&', queryEnd - index);
if (!endKey)
endKey = queryEnd;
- if (userPattern->patternSize < (uint32_t)(endKey-index))
+ if (userPattern->patternSize < (uint32_t)(endKey - index))
{
if (memcmp(index, userPattern->pattern, userPattern->patternSize) == 0)
{
index += userPattern->patternSize;
- extractedSize = (endKey-index);
+ extractedSize = (endKey - index);
appVersionSize--;
copySize = (extractedSize < appVersionSize) ? extractedSize : appVersionSize;
memcpy(appVersion, index, copySize);
// data->reset();
// }
- if ( !data )
- FatalError("Could not allocate AppIdData data");
-
if (thirdparty_appid_module)
if (!(data->tpsession = thirdparty_appid_module->session_create()))
FatalError("Could not allocate AppIdData->tpsession data");
break;
if (length >= sizeof(info->dport))
- {
memcpy(&info->dport, data, sizeof(info->dport));
- length -= sizeof(info->dport);
- data += sizeof(info->dport);
- }
else
break;
}
else
protocol = IpProtocol::UDP;
+ // FIXIT-H: sfip_fast_equals_raw is macro that is defined as empty
+ // this cause static analysis to think ip is never used after being set, but it will be
+ // when sfip_fast_equals_raw is implemented here
ip = p->ptrs.ip_api.get_src();
if (session->common.initiator_port)
direction = (session->common.initiator_port == p->ptrs.sp) ? APP_ID_FROM_INITIATOR :
{
ErrorMessage("client %s: validator returned non-numeric value\n",clientName);
detector->validateParams.pkt = nullptr;
- retValue = SERVICE_ENULL;
}
retValue = lua_tonumber(myLuaState, -1);
&dns_service_mod,
#ifdef REMOVED_WHILE_NOT_IN_USE
&flap_service_mod,
+#endif
&ftp_service_mod,
+#ifdef REMOVED_WHILE_NOT_IN_USE
&irc_service_mod,
&lpr_service_mod,
&mysql_service_mod,
&snmp_service_mod,
&ssh_service_mod,
&ssl_service_mod,
+#endif
&telnet_service_mod,
+#ifdef REMOVED_WHILE_NOT_IN_USE
&tftp_service_mod,
&sip_service_mod,
&directconnect_service_mod,
}
svm->api = &serviceapi;
- pp = svm->pp;
for (pp=svm->pp; pp && pp->validate; pp++)
- {
if (CServiceAddPort(pp, svm, pConfig))
return -1;
- }
if (svm->init(&svc_init_api))
- {
ErrorMessage("Error initializing service %s\n",svm->name);
- }
svm->next = pConfig->serviceConfig.active_service_list;
pConfig->serviceConfig.active_service_list = svm;
// processing only non-lua service detectors.
if (svm->init)
{
- pp = svm->pp;
for (pp=svm->pp; pp && pp->validate; pp++)
- {
if (CServiceAddPort(pp, svm, pConfig))
return -1;
- }
}
}
patterns->find_all((char*)pkt->data, pkt->dsize, &pattern_match, false, (void*)&match_list);
count = 0;
- for (sm=match_list; sm; sm=sm->next)
+ for (sm = match_list; sm; sm = sm->next)
{
if (count >= smOrderedListSize)
{
#include "application_ids.h"
#include "service_base.h"
#include "service_util.h"
+#include "appid_module.h"
// FIXIT-H This needs to use a real SFIP function
static SFIP_RET sfip_convert_ip_text_to_binary(const int, const char*, void*)
case SERVICE_SUCCESS:
if (!getAppIdFlag(flowp, APPID_SESSION_SERVICE_DETECTED))
{
- uint64_t encryptedFlag = getAppIdFlag(flowp, APPID_SESSION_ENCRYPTED |
- APPID_SESSION_DECRYPTED);
+ uint64_t encryptedFlag = getAppIdFlag(flowp,
+ APPID_SESSION_ENCRYPTED | APPID_SESSION_DECRYPTED);
+
+ // FTPS only when encrypted==1 decrypted==0
ftp_service_mod.api->add_service(flowp, pkt, dir, &svc_element,
- encryptedFlag == APPID_SESSION_ENCRYPTED ? // FTPS
- // only
- // when
- // encrypted==1
- // decrypted==0
+ encryptedFlag == APPID_SESSION_ENCRYPTED ?
APP_ID_FTPS : APP_ID_FTP_CONTROL,
fd->vendor[0] ? fd->vendor : nullptr,
fd->version[0] ? fd->version : nullptr, nullptr);
+
+ if(encryptedFlag == APPID_SESSION_ENCRYPTED)
+ appid_stats.ftps_count++;
+ else
+ appid_stats.ftp_count++;
}
return SERVICE_SUCCESS;
int user_printable_index =0;
if (ret_value == -1)
- {
return -1;
- }
else if (ret_value)
{
while (start_index < data_size && (!isprint(srv_original[start_index]) ||
while (user_index < user_name_len)
{
if (!isprint(user_name[user_index]))
- {
return 1;
- }
+
user_index++;
}
if ((resp_endptr + NEXT_MESSAGE_OFFSET ) < (srv_original + data_size))
{
data_len_str = (uint8_t*)(resp_endptr+ LENGTH_OFFSET);
- data_len = 0;
data_len = (short)( data_len_str[0]<< SHIFT_BITS | ( data_len_str[1] ));
-
data_size = data_size - (resp_endptr + NEXT_MESSAGE_OFFSET + data_len -
srv_original);
/* Check if user name is available in the Domain Name field */
while (user_index < user_name_len)
{
if (isprint(user_name_bkp[user_index]))
- {
break;
- }
+
user_index++;
}
while (user_printable_index < user_name_len)
{
if (!isprint(user_name_bkp [user_printable_index ]))
- {
return 0;
- }
+
user_printable_index++;
}
/* Copy the user name if available */
return 0;
}
else
- {
return 0;
- }
}
else
- {
return 0;
- }
}
}
else
{
if (pAppidActiveConfig->mod_config->mdns_user_reporting)
{
- ret_val = MDNSUserAnalyser(flowp, pkt, size, args->pConfig);
+ MDNSUserAnalyser(flowp, pkt, size, args->pConfig);
mdnsMatchListDestroy(args->pConfig);
goto success;
}
certs_curr->common_name_ptr = (uint8_t*)start;
end = strstr(start, FIELD_SEPARATOR);
if (end)
- {
length = end - start;
- }
else
- {
length = strlen(start);
- }
+
certs_curr->common_name_len = length;
common_name_tot_len += length;
}
certs_curr->org_name_ptr = (uint8_t*)start;
end = strstr(start, FIELD_SEPARATOR);
if (end)
- {
length = end - start;
- }
else
- {
length = strlen(start);
- }
+
certs_curr->org_name_len = length;
org_name_tot_len += length;
}
}
if (!success)
- {
goto parse_certificates_clean;
- }
// Build up concatenated string of fields.
common_name = nullptr;
while (certs_curr)
{
/* Grab this common name. */
- if (certs_curr->common_name_ptr && certs_curr->common_name_len)
+ if (common_name_ptr && certs_curr->common_name_ptr && certs_curr->common_name_len)
{
memcpy(common_name_ptr, certs_curr->common_name_ptr, certs_curr->common_name_len);
common_name_ptr += certs_curr->common_name_len;
}
/* Grab this org name. */
- if (certs_curr->org_name_ptr && certs_curr->org_name_len)
+ if (org_name_ptr && certs_curr->org_name_ptr && certs_curr->org_name_len)
{
memcpy(org_name_ptr, certs_curr->org_name_ptr, certs_curr->org_name_len);
org_name_ptr += certs_curr->org_name_len;
certs_curr = certs_curr->next;
}
+
if (common_name_tot_len)
{
common_name_ptr -= 1;
#include "appid_flow_data.h"
#include "application_ids.h"
#include "service_api.h"
+#include "appid_module.h"
#define TELNET_COUNT_THRESHOLD 3
success:
telnet_service_mod.api->add_service(flowp, args->pkt, args->dir, &svc_element,
APP_ID_TELNET, nullptr, nullptr, nullptr);
+ appid_stats.telnet_count++;
return SERVICE_SUCCESS;
fail:
projects / thirdparty / snort3.git / commitdiff
