bool configure(SnortConfig*) override
{
- get_data_bus().subscribe(key.c_str(), new LogHandler(key));
+ DataBus::subscribe(key.c_str(), new LogHandler(key));
return true;
}
{
case FILE_VERDICT_LOG:
// Log file event through data bus
- get_data_bus().publish("file_event", (const uint8_t*)"LOG", 3, flow);
+ DataBus::publish("file_event", (const uint8_t*)"LOG", 3, flow);
break;
case FILE_VERDICT_BLOCK:
// can't block session inside a session
- get_data_bus().publish("file_event", (const uint8_t*)"BLOCK", 5, flow);
+ DataBus::publish("file_event", (const uint8_t*)"BLOCK", 5, flow);
break;
case FILE_VERDICT_REJECT:
- get_data_bus().publish("file_event", (const uint8_t*)"RESET", 5, flow);
+ DataBus::publish("file_event", (const uint8_t*)"RESET", 5, flow);
break;
default:
break;
bool configure(SnortConfig*) override
{
- get_data_bus().subscribe("file_event", new LogHandler(config));
+ DataBus::subscribe("file_event", new LogHandler(config));
return true;
}
#include "data_bus.h"
#include "main/policy.h"
+#include "main/snort_config.h"
#include "protocols/packet.h"
-DataBus& get_data_bus()
+static DataBus& get_data_bus()
{ return get_inspection_policy()->dbus; }
class BufferEvent : public DataEvent
const Packet* packet;
};
+//--------------------------------------------------------------------------
+// public methods
+//--------------------------------------------------------------------------
+
DataBus::DataBus() = default;
DataBus::~DataBus()
// publication of given event
void DataBus::subscribe(const char* key, DataHandler* h)
{
- DataList& v = map[key];
- v.push_back(h);
+ get_data_bus()._subscribe(key, h);
}
// notify subscribers of event
void DataBus::publish(const char* key, DataEvent& e, Flow* f)
{
- DataList& v = map[key];
+ InspectionPolicy* pi = get_inspection_policy();
+ pi->dbus._publish(key, e, f);
- for ( auto* h : v )
- h->handle(e, f);
+ // also publish to default policy to notify control subscribers such as appid
+ InspectionPolicy* di = get_default_inspection_policy(SnortConfig::get_conf());
+
+ // of course, only when current is not default
+ if ( di != pi )
+ di->dbus._publish(key, e, f);
}
void DataBus::publish(const char* key, const uint8_t* buf, unsigned len, Flow* f)
publish(key, e, f);
}
+//--------------------------------------------------------------------------
+// private methods
+//--------------------------------------------------------------------------
+
+void DataBus::_subscribe(const char* key, DataHandler* h)
+{
+ DataList& v = map[key];
+ v.push_back(h);
+}
+
+// notify subscribers of event
+void DataBus::_publish(const char* key, DataEvent& e, Flow* f)
+{
+ DataList& v = map[key];
+
+ for ( auto* h : v )
+ h->handle(e, f);
+}
+
DataBus();
~DataBus();
- void subscribe(const char* key, DataHandler*);
- void publish(const char* key, DataEvent&, Flow* = nullptr);
+ static void subscribe(const char* key, DataHandler*);
+ static void publish(const char* key, DataEvent&, Flow* = nullptr);
// convenience methods
- void publish(const char* key, const uint8_t*, unsigned, Flow* = nullptr);
- void publish(const char* key, Packet*, Flow* = nullptr);
+ static void publish(const char* key, const uint8_t*, unsigned, Flow* = nullptr);
+ static void publish(const char* key, Packet*, Flow* = nullptr);
+
+private:
+ void _subscribe(const char* key, DataHandler*);
+ void _publish(const char* key, DataEvent&, Flow*);
private:
DataMap map;
};
-// FIXIT-L this should be in snort_confg.h or similar but that
-// requires refactoring to work as installed header
-SO_PUBLIC DataBus& get_data_bus();
-
// common data events
#define PACKET_EVENT "detection.packet"
IpsPolicy* get_ips_policy()
{ return s_detection_policy; }
+InspectionPolicy* get_default_inspection_policy(SnortConfig* sc)
+{ return sc->policy_map->inspection_policy[0]; }
+
void set_network_policy(NetworkPolicy* p)
{ s_traffic_policy = p; }
// navigator stuff
//-------------------------------------------------------------------------
+struct SnortConfig;
+
// FIXIT-L may be inlined at some point; on lockdown for now
// FIXIT-L SO_PUBLIC required because SnortConfig::inline_mode(), etc. uses the function
SO_PUBLIC NetworkPolicy* get_network_policy();
SO_PUBLIC InspectionPolicy* get_inspection_policy();
SO_PUBLIC IpsPolicy* get_ips_policy();
+SO_PUBLIC InspectionPolicy* get_default_inspection_policy(SnortConfig*);
+
void set_network_policy(NetworkPolicy*);
-void set_network_policy(struct SnortConfig*, unsigned = 0);
+void set_network_policy(SnortConfig*, unsigned = 0);
void set_inspection_policy(InspectionPolicy*);
-void set_inspection_policy(struct SnortConfig*, unsigned = 0);
+void set_inspection_policy(SnortConfig*, unsigned = 0);
void set_ips_policy(IpsPolicy*);
SO_PUBLIC void set_user_ips_policy(unsigned policy_id);
-void set_ips_policy(struct SnortConfig*, unsigned = 0);
+void set_ips_policy(SnortConfig*, unsigned = 0);
-void set_policies(struct SnortConfig*, Shell*);
+void set_policies(SnortConfig*, Shell*);
void set_default_policy();
-void set_default_policy(struct SnortConfig*);
+void set_default_policy(SnortConfig*);
bool only_inspection_policy();
bool only_ips_policy();
active_config = new AppIdConfig( ( AppIdModuleConfig* )config);
- get_data_bus().subscribe(HTTP_REQUEST_HEADER_EVENT_KEY, new HttpEventHandler(
+ DataBus::subscribe(HTTP_REQUEST_HEADER_EVENT_KEY, new HttpEventHandler(
HttpEventHandler::REQUEST_EVENT));
- get_data_bus().subscribe(HTTP_RESPONSE_HEADER_EVENT_KEY, new HttpEventHandler(
+
+ DataBus::subscribe(HTTP_RESPONSE_HEADER_EVENT_KEY, new HttpEventHandler(
HttpEventHandler::RESPONSE_EVENT));
my_seh = SipEventHandler::create();
void set_client(SipUdpClientDetector* cd) { SipEventHandler::client = cd; }
void set_service(SipServiceDetector* sd) { SipEventHandler::service = sd; }
+
void subscribe()
- {
- get_data_bus().subscribe(SIP_EVENT_TYPE_SIP_DIALOG_KEY, this);
- }
+ { DataBus::subscribe(SIP_EVENT_TYPE_SIP_DIALOG_KEY, this); }
void handle(DataEvent&, Flow*) override;
void do_detection(Packet* p)
{
- get_data_bus().publish(PACKET_EVENT, p);
+ DataBus::publish(PACKET_EVENT, p);
DetectionEngine::disable_all(p);
}
void HttpMsgHeader::publish()
{
HttpEvent http_event(this);
- if(source_id == SRC_CLIENT)
- {
- get_data_bus().publish(HTTP_REQUEST_HEADER_EVENT_KEY, http_event, flow);
- }
- else
- {
- get_data_bus().publish(HTTP_RESPONSE_HEADER_EVENT_KEY, http_event, flow);
- }
+
+ const char* key = (source_id == SRC_CLIENT) ?
+ HTTP_REQUEST_HEADER_EVENT_KEY : HTTP_RESPONSE_HEADER_EVENT_KEY;
+
+ DataBus::publish(key, http_event, flow);
}
const Field& HttpMsgHeader::get_true_ip()
if (RpcPrepRaw(data, rsdata->frag_len, p) != RPC_STATUS__SUCCESS)
return RPC_STATUS__ERROR;
- get_data_bus().publish(PACKET_EVENT, p);
+ DataBus::publish(PACKET_EVENT, p);
}
if ( (dsize > 0) )
if ( (dsize > 0) )
RpcPreprocEvent(rconfig, rsdata, RPC_MULTIPLE_RECORD);
- get_data_bus().publish(PACKET_EVENT, p);
+ DataBus::publish(PACKET_EVENT, p);
RpcBufClean(&rsdata->frag);
}
return true;
}
-static void sip_publish_data_bus(const Packet* p, const SIPMsg* sip_msg, const SIP_DialogData* dialog)
+static void sip_publish_data_bus(
+ const Packet* p, const SIPMsg* sip_msg, const SIP_DialogData* dialog)
{
SipEvent event(p, sip_msg, dialog);
- get_data_bus().publish(SIP_EVENT_TYPE_SIP_DIALOG_KEY, event, p->flow);
+ DataBus::publish(SIP_EVENT_TYPE_SIP_DIALOG_KEY, event, p->flow);
}
/********************************************************************
projects / thirdparty / snort3.git / commitdiff
