// when groups are significant
bool reversed_key = (ctrlPkt->pkth->flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS)
? key.init(ctrlPkt->context->conf, type, ip_proto, cliIP, cliPort,
- srvIP, srvPort, vlanId, mplsId, ctrlPkt->pkth->address_space_id, ctrlPkt->pkth->egress_group,
+ srvIP, srvPort, vlanId, mplsId, ctrlPkt->pkth->address_space_id, ctrlPkt->pkth->tenant_id, ctrlPkt->pkth->egress_group,
ctrlPkt->pkth->ingress_group)
: key.init(ctrlPkt->context->conf, type, ip_proto, cliIP, cliPort,
srvIP, srvPort, vlanId, mplsId, *ctrlPkt->pkth);
return 0;
}
-bool ExpectCache::is_expected(Packet* p)
-{
- FlowKey key;
- return (find_node_by_packet(p, key) != nullptr);
-}
-
bool ExpectCache::check(Packet* p, Flow* lws)
{
FlowKey key;
bool swap_app_direction = false, bool expect_multi = false, bool bidirectional = false,
bool expect_persist = false);
- bool is_expected(snort::Packet*);
bool check(snort::Packet*, snort::Flow*);
unsigned long get_expects() { return expects; }
SSN_DIR_BOTH, fd, snort_protocol_id, swap_app_direction, expect_multi, bidirectional, expect_persist);
}
-bool FlowControl::is_expected(Packet* p)
-{
- return exp_cache->is_expected(p);
-}
-
snort::Flow* stale_flow_cleanup(FlowCache*, snort::Flow*, snort::Packet*);
void timeout_flows(unsigned int, time_t cur_time);
void check_expected_flow(snort::Flow*, snort::Packet*);
- bool is_expected(snort::Packet*);
unsigned prune_multiple(PruneReason, bool do_cleanup);
int add_expected_ignore(
const SfIp *srcIP, uint16_t srcPort,
const SfIp *dstIP, uint16_t dstPort,
uint16_t vlanId, uint32_t mplsId,
- uint32_t addrSpaceId, int16_t ingress_group,
- int16_t egress_group)
+ uint32_t addrSpaceId, uint32_t tid,
+ int16_t ingress_group, int16_t egress_group)
{
bool reversed;
pkt_type = type;
ip_protocol = (uint8_t)ip_proto;
+ tenant_id = tid;
init_vlan(sc, vlanId);
init_address_space(sc, addrSpaceId);
pkt_type = type;
ip_protocol = (uint8_t)ip_proto;
+ tenant_id = pkt_hdr.tenant_id;
init_vlan(sc, vlanId);
init_address_space(sc, pkt_hdr.address_space_id);
const SfIp *srcIP, const SfIp *dstIP,
uint32_t id, uint16_t vlanId,
uint32_t mplsId, uint32_t addrSpaceId,
- int16_t ingress_group, int16_t egress_group)
+ uint32_t tid, int16_t ingress_group,
+ int16_t egress_group)
{
// to avoid confusing 2 different datagrams or confusing a datagram
// with a session, we don't order the addresses and we set version
}
pkt_type = type;
+ tenant_id = tid;
init_vlan(sc, vlanId);
init_address_space(sc, addrSpaceId);
}
pkt_type = type;
+ tenant_id = pkt_hdr.tenant_id;
init_vlan(sc, vlanId);
init_address_space(sc, pkt_hdr.address_space_id);
// hash foo
//-------------------------------------------------------------------------
-bool FlowKey::is_equal(const void* s1, const void* s2, size_t)
-{
- const uint64_t* a = (const uint64_t*)s1;
- const uint64_t* b = (const uint64_t*)s2;
-
- if (*a - *b)
- return false; /* Compares IPv4 lo/hi
- Compares IPv6 low[0,1] */
-
- a++;
- b++;
- if (*a - *b)
- return false; /* Compares port lo/hi, vlan, protocol, version
- Compares IPv6 low[2,3] */
-
- a++;
- b++;
- if (*a - *b)
- return false; /* Compares IPv6 hi[0,1] */
-
- a++;
- b++;
- if (*a - *b)
- return false; /* Compares IPv6 hi[2,3] */
-
- a++;
- b++;
- if (*a - *b)
- return false; /* Compares MPLS label, addressSpaceId */
-
- a++;
- b++;
- if (*a - *b)
- return false; /* Compares port lo/hi, group lo/hi, vlan */
-
- a++;
- b++;
- if (*a - *b)
- return false; /* vlan, pad, ip_proto, type, version, flags */
-
- return true;
-}
-
unsigned FlowHashKeyOps::do_hash(const unsigned char* k, int)
{
uint32_t a, b, c;
mix(a, b, c);
a += d[9]; // addressSpaceId
- b += d[10]; // port lo & port hi
- c += d[11]; // group lo & group hi
+ b += d[10]; // tenant_id
+ c += d[11]; // port lo & port hi
mix(a, b, c);
- a += d[12]; // vlan & pad
- b += d[13]; // ip_proto, pkt_type, version, flags
+ a += d[12]; // group lo & group hi
+ b += d[13]; // vlan & padding
+ c += d[14]; // ip_protocol & pkt_type, version, flags
finalize(a, b, c);
return c;
}
-bool FlowHashKeyOps::key_compare(const void* k1, const void* k2, size_t len)
+bool FlowHashKeyOps::key_compare(const void* k1, const void* k2, size_t)
{
- return FlowKey::is_equal(k1, k2, len);
+ return FlowKey::is_equal(static_cast<const FlowKey*>(k1), static_cast<const FlowKey*>(k2));
}
bool key_compare(const void* k1, const void* k2, size_t) override;
};
-
PADDING_GUARD_BEGIN
struct SO_PUBLIC FlowKey
{
uint32_t ip_h[4]; /* High IP */
uint32_t mplsLabel;
uint32_t addressSpaceId;
+ uint32_t tenant_id;
uint16_t port_l; /* Low Port - 0 if ICMP */
uint16_t port_h; /* High Port - 0 if ICMP */
int16_t group_l;
const SnortConfig*, PktType, IpProtocol,
const snort::SfIp *srcIP, uint16_t srcPort,
const snort::SfIp *dstIP, uint16_t dstPort,
- uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId,
+ uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId, uint32_t tid,
int16_t group_h = DAQ_PKTHDR_UNKNOWN, int16_t group_l = DAQ_PKTHDR_UNKNOWN);
bool init(
const SnortConfig*, PktType, IpProtocol,
const snort::SfIp *srcIP, const snort::SfIp *dstIP,
uint32_t id, uint16_t vlanId,
- uint32_t mplsId, uint32_t addrSpaceId,
+ uint32_t mplsId, uint32_t addrSpaceId, uint32_t tid,
int16_t group_h = DAQ_PKTHDR_UNKNOWN, int16_t group_l = DAQ_PKTHDR_UNKNOWN);
bool init(
void init_address_space(const SnortConfig*, uint32_t);
void init_groups(int16_t, int16_t, bool);
- // If this data structure changes size, compare must be updated!
- static bool is_equal(const void* k1, const void* k2, size_t);
+ static bool is_equal(const FlowKey* k1, const FlowKey* k2)
+ {
+ return 0 == memcmp(k1, k2, sizeof(FlowKey));
+ }
+
private:
bool init4(IpProtocol, const snort::SfIp *srcIP, uint16_t srcPort,
bool use_daq_channel;
};
-static constexpr uint8_t HA_MESSAGE_VERSION = 3;
+static constexpr uint8_t HA_MESSAGE_VERSION = 4;
// define message size and content constants.
static constexpr uint8_t KEY_SIZE_IP6 = sizeof(FlowKey);
if (read_flow_key(msg, hdr, key) == 0)
return nullptr;
- if (packet_key and !FlowKey::is_equal(packet_key, &key, 0))
+ if (packet_key and !FlowKey::is_equal(packet_key, &key))
{
ha_stats.key_mismatch++;
return nullptr;
ExpectCache::ExpectCache(uint32_t) { }
ExpectCache::~ExpectCache() = default;
bool ExpectCache::check(Packet*, Flow*) { return true; }
-bool ExpectCache::is_expected(Packet*) { return true; }
void DetectionEngine::disable_all(Packet*) { }
Flow* HighAvailabilityManager::import(Packet&, FlowKey&) { return nullptr; }
bool HighAvailabilityManager::in_standby(Flow*) { return false; }
void DetectionEngine::disable_all(Packet*) { }
ExpectCache::ExpectCache(uint32_t) { }
bool ExpectCache::check(Packet*, Flow*) { return true; }
-bool ExpectCache::is_expected(Packet*) { return true; }
Flow* HighAvailabilityManager::import(Packet&, FlowKey&) { return nullptr; }
namespace snort
const SfIp*, uint16_t,
const SfIp*, uint16_t,
uint16_t, uint32_t,
- uint32_t, int16_t, int16_t)
+ uint32_t, uint32_t, int16_t, int16_t)
{
return true;
}
PktType, IpProtocol,
const SfIp*, const SfIp*,
uint32_t, uint16_t,
- uint32_t, uint32_t, int16_t,
+ uint32_t, uint32_t, uint32_t, int16_t,
int16_t)
{
return true;
/* .ip_h = */ { 5, 6, 7, 8 },
/* .mplsLabel = */ 9,
/* .addressSpaceId = */ 0,
+ /* .tenant_id = */ 0,
/* .port_l = */ 10,
/* .port_h = */ 11,
/* .group_l = */ 0,
{
HA_DELETE_EVENT,
HA_MESSAGE_VERSION,
- 61,
+ 65,
KEY_TYPE_IP6
},
s_test_key
{
HA_UPDATE_EVENT,
HA_MESSAGE_VERSION,
- 73,
+ 77,
KEY_TYPE_IP6
},
s_test_key,
}
}
-bool FlowKey::is_equal(const void*, const void*, size_t) { return false; }
-
int SFDAQInstance::ioctl(DAQ_IoctlCmd, void*, size_t) { return DAQ_SUCCESS; }
FlowStash::~FlowStash() = default;
#include "appid_debug.h"
+#include <sstream>
+
#include "flow/flow_key.h"
#include "log/messages.h"
#include "trace/trace_api.h"
void AppIdDebug::activate(const uint32_t* ip1, const uint32_t* ip2, uint16_t port1,
uint16_t port2, IpProtocol protocol, const int version, uint32_t address_space_id,
- const AppIdSession* session, bool log_all_sessions, int16_t group1, int16_t group2,
- bool inter_group_flow)
+ const AppIdSession* session, bool log_all_sessions, uint32_t tenant_id,
+ int16_t group1, int16_t group2, bool inter_group_flow)
{
if (!( log_all_sessions or
( info.proto_match(protocol) and
snort_inet_ntop(af, &sip->u6_addr32[(af == AF_INET)? 3 : 0], sipstr, sizeof(sipstr));
snort_inet_ntop(af, &dip->u6_addr32[(af == AF_INET)? 3 : 0], dipstr, sizeof(dipstr));
- char gr_buf[32] = { '\0' };
+ std::ostringstream oss;
+ oss << sipstr << " " << sport << " -> "
+ << dipstr << " " << dport << " "
+ << std::to_string(to_utype(protocol))
+ << " AS=" << address_space_id
+ << " ID=" << get_instance_id();
+
if (inter_group_flow)
- snprintf(gr_buf, sizeof(gr_buf), " GR=%hd-%hd", sgroup, dgroup);
+ oss << " GR=" << sgroup << "-" << dgroup;
+
+ if (tenant_id)
+ oss << " TN=" << tenant_id;
- snprintf(debug_session, sizeof(debug_session),
- "%s %hu -> %s %hu %hhu AS=%u ID=%u%s",
- sipstr, sport, dipstr, dport, static_cast<uint8_t>(protocol),
- address_space_id, get_instance_id(), gr_buf);
+ debugstr = oss.str();
}
void AppIdDebug::activate(const Flow *flow, const AppIdSession* session, bool log_all_sessions)
// two key->version here to create the proper debug_session string.
activate(key->ip_l, key->ip_h, key->port_l, key->port_h, (IpProtocol)(key->ip_protocol),
key->version, key->addressSpaceId, session, log_all_sessions,
- key->group_l, key->group_h, key->flags.group_used);
+ key->tenant_id, key->group_l, key->group_h, key->flags.group_used);
}
void AppIdDebug::set_constraints(const char *desc,
struct Packet;
}
-// %s %u -> %s %u %u AS=%u ID=%u [GR=%hd-%hd]
-// IPv6 Port -> IPv6 Port Proto AS=ASNum ID=InstanceNum [GR=SrcGroupNum-DstGroupNum]
-#define APPID_DEBUG_SESSION_ID_SIZE ((39+1+5+1+2+1+39+1+5+1+3+1+2+1+10+1+2+1+10+32)+1)
-
#define CURRENT_PACKET snort::DetectionEngine::get_current_packet()
void appid_log(const snort::Packet*, const uint8_t log_level, const char*, ...);
void activate(const uint32_t* ip1, const uint32_t* ip2, uint16_t port1, uint16_t port2,
IpProtocol protocol, const int version, uint32_t address_space_id,
- const AppIdSession* session, bool log_all_sessions, int16_t group1 = DAQ_PKTHDR_UNKNOWN,
+ const AppIdSession* session, bool log_all_sessions, uint32_t tenant_id, int16_t group1 = DAQ_PKTHDR_UNKNOWN,
int16_t group2 = DAQ_PKTHDR_UNKNOWN, bool inter_group_flow = false);
void activate(const snort::Flow *flow, const AppIdSession* session, bool log_all_sessions);
void set_constraints(const char *desc, const AppIdDebugSessionConstraints* constraints);
bool is_active() { return active; }
void deactivate() { active = false; }
- const char* get_debug_session()
+ const char* get_debug_session() const
{
- return debug_session;
+ return debugstr.c_str();
}
private:
bool enabled = false;
bool active = false;
AppIdDebugSessionConstraints info = {};
- char debug_session[APPID_DEBUG_SESSION_ID_SIZE] = {};
+ std::string debugstr;
};
extern THREAD_LOCAL AppIdDebug* appidDebug;
AppIdSession* asd = new AppIdSession(static_cast<IpProtocol>(key->ip_protocol),
flow.flags.client_initiated ? &flow.client_ip : &flow.server_ip,
flow.flags.client_initiated ? flow.client_port : flow.server_port, inspector,
- *pkt_thread_odp_ctxt, key->addressSpaceId);
+ *pkt_thread_odp_ctxt, key->addressSpaceId, key->tenant_id);
appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - New AppId session created in consume\n");
flow.set_flow_data(asd);
port = (direction == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp;
AppIdSession* asd = new AppIdSession(proto, ip, port, inspector, odp_context,
- p->pkth->address_space_id);
+ p->pkth->address_space_id, p->pkth->tenant_id);
is_session_monitored(asd->flags, p, inspector);
asd->flow = p->flow;
asd->stats.first_packet_second = p->pkth->ts.tv_sec;
}
AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port,
- AppIdInspector& inspector, OdpContext& odp_ctxt, uint32_t asid)
+ AppIdInspector& inspector, OdpContext& odp_ctxt, uint32_t asid, uint32_t tenant_id)
: FlowData(inspector_id, &inspector), config(inspector.get_ctxt().config),
- initiator_port(port), asid(asid), protocol(proto),
+ initiator_port(port), tenant_id(tenant_id), asid(asid), protocol(proto),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(odp_ctxt),
odp_ctxt_version(odp_ctxt.get_version()),
tp_appid_ctxt(pkt_thread_tp_appid_ctxt)
// FIXIT-RC - port parameter passed in as 0 since we may not know client port, verify
AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector, odp_ctxt,
- ctrlPkt->pkth->address_space_id);
+ ctrlPkt->pkth->address_space_id, ctrlPkt->pkth->tenant_id);
is_session_monitored(asd->flags, ctrlPkt, *inspector);
if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp,
{
public:
AppIdSession(IpProtocol, const snort::SfIp*, uint16_t port, AppIdInspector&,
- OdpContext&, uint32_t asid = 0);
+ OdpContext&, uint32_t asid, uint32_t tenant_id);
~AppIdSession() override;
static AppIdSession* allocate_session(const snort::Packet*, IpProtocol,
std::unordered_map<unsigned, AppIdFlowData*> flow_data;
uint64_t flags = 0;
uint16_t initiator_port = 0;
+ uint32_t tenant_id = 0;
uint32_t asid = 0;
uint16_t session_packet_count = 0;
AppIdContext stub_ctxt(stub_config);
OdpContext stub_odp_ctxt(stub_config, nullptr);
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector,
- OdpContext& odpctxt, uint32_t) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector),
+ OdpContext& odpctxt, uint32_t, uint32_t) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector),
config(stub_config), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(odpctxt)
{
this->set_session_flags(APPID_SESSION_DISCOVER_APP);
AppIdSession* AppIdSession::allocate_session(snort::Packet const*, IpProtocol,
AppidSessionDirection, AppIdInspector&, OdpContext& odp_ctxt)
{
- session = new AppIdSession(IpProtocol::IP, &sfip, 0, appid_inspector, odp_ctxt);
+ session = new AppIdSession(IpProtocol::IP, &sfip, 0, appid_inspector, odp_ctxt, 0, 0);
return session;
}
static SfIp sfip;
static AppIdModule appid_mod;
static AppIdInspector appid_inspector(appid_mod);
-static AppIdSession session(IpProtocol::IP, &sfip, 0, appid_inspector, odpctxt);
+static AppIdSession session(IpProtocol::IP, &sfip, 0, appid_inspector, odpctxt, 0, 0);
static AppIdHttpSession mock_hsession(session, 0);
static ChpMatchDescriptor cmd_test;
static MatchedCHPAction mchp;
mock_init_appid_pegs();
SfIp ip;
mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector,
- dummy_appid_inspector.get_ctxt().get_odp_ctxt());
+ dummy_appid_inspector.get_ctxt().get_odp_ctxt(), 0, 0);
pkt_thread_odp_ctxt = &mock_session->get_odp_ctxt();
flow = new Flow;
flow->set_flow_data(mock_session);
AppIdContext stub_ctxt(stub_config);
OdpContext stub_odp_ctxt(stub_config, nullptr);
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&,
- OdpContext&, uint32_t) : FlowData(0), config(stub_config),
+ OdpContext&, uint32_t, uint32_t) : FlowData(0), config(stub_config),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { }
AppIdSession::~AppIdSession() = default;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
session.initiator_port = sport;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
- protocol, 4, address_space_id, &session, false);
+ protocol, 4, address_space_id, &session, false, 0);
CHECK_EQUAL(appidDebug->is_active(), true);
// get_debug_session()
SfIp dip;
dip.set("10.1.2.3");
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt, 0, 0);
// This packet...
sip.set("10.9.8.7"); // this would be a reply back
uint16_t sport = 80;
session.initiator_port = dport; // session initiator is now dst
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
- protocol, 4, address_space_id, &session, false);
+ protocol, 4, address_space_id, &session, false, 0);
CHECK_EQUAL(appidDebug->is_active(), true);
// get_debug_session()
sip.set("2001:db8:85a3::8a2e:370:7334"); // IPv6
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
// This packet...
dip.set("2001:db8:85a3::8a2e:370:7335");
uint16_t sport = 1234;
session.initiator_port = sport;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
- protocol, 6, address_space_id, &session, false);
+ protocol, 6, address_space_id, &session, false, 0);
CHECK_EQUAL(appidDebug->is_active(), true);
// get_debug_session()
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
session.initiator_port = 0; // no initiator port yet (uses IPs)
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
- protocol, 4, address_space_id, &session, false);
+ protocol, 4, address_space_id, &session, false, 0);
CHECK_EQUAL(appidDebug->is_active(), true);
// get_debug_session()
SfIp dip;
dip.set("10.1.2.3");
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt, 0, 0);
// This packet...
sip.set("10.9.8.7");
uint16_t sport = 80;
session.initiator_port = 0; // no initiator port yet (uses IPs)... and reversed packet dir from above
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
- protocol, 4, address_space_id, &session, false);
+ protocol, 4, address_space_id, &session, false, 0);
CHECK_EQUAL(appidDebug->is_active(), true);
// get_debug_session()
uint32_t address_space_id = 0;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
- protocol, 4, address_space_id, nullptr, false); // null session
+ protocol, 4, address_space_id, nullptr, false, 0); // null session
CHECK_EQUAL(appidDebug->is_active(), false); // not active
}
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
session.initiator_port = sport;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
- protocol, 4, address_space_id, &session, false);
+ protocol, 4, address_space_id, &session, false, 0);
CHECK_EQUAL(appidDebug->is_active(), false); // not active (no match)
delete &session.get_api();
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
session.initiator_port = sport;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
- protocol, 4, address_space_id, &session, false);
+ protocol, 4, address_space_id, &session, false, 0);
CHECK_EQUAL(appidDebug->is_active(), true);
// get_debug_session()
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
session.initiator_port = sport;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
- protocol, 4, address_space_id, &session, false);
+ protocol, 4, address_space_id, &session, false, 0);
CHECK_EQUAL(appidDebug->is_active(), true);
// get_debug_session()
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
session.initiator_port = sport;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
- protocol, 4, address_space_id, &session, false);
+ protocol, 4, address_space_id, &session, false, 0);
CHECK_EQUAL(appidDebug->is_active(), true);
// get_debug_session()
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
session.initiator_port = sport;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
- protocol, 4, address_space_id, &session, false);
+ protocol, 4, address_space_id, &session, false, 0);
CHECK_EQUAL(appidDebug->is_active(), true);
// get_debug_session()
{
SfIp ip;
mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector,
- dummy_appid_inspector.get_ctxt().get_odp_ctxt());
+ dummy_appid_inspector.get_ctxt().get_odp_ctxt(), 0, 0);
flow = new Flow;
flow->set_flow_data(mock_session);
}
const PegInfo* AppIdModule::get_pegs() const { return nullptr; }
PegCount* AppIdModule::get_counts() const { return nullptr; }
ProfileStats* AppIdModule::get_profile(
- unsigned i, const char*& name, const char*& parent) const { return nullptr; }
+ unsigned, const char*&, const char*&) const { return nullptr; }
void AppIdModule::set_trace(const Trace*) const { }
const TraceOption* AppIdModule::get_trace_options() const { return nullptr; }
THREAD_LOCAL bool ThirdPartyAppIdContext::tp_reload_in_progress = false;
p.ptrs.ip_api.set(ip, ip);
AppIdModule app_module;
AppIdInspector ins(app_module);
- AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt());
+ AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0, 0);
asd->flags |= APPID_SESSION_SPECIAL_MONITORED | APPID_SESSION_DISCOVER_USER |
APPID_SESSION_DISCOVER_APP;
Flow* flow = new Flow;
p.ptrs.tcph = nullptr;
AppIdModule app_module;
AppIdInspector ins(app_module);
- AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt());
+ AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0, 0);
asd->flags |= APPID_SESSION_SPECIAL_MONITORED | APPID_SESSION_DISCOVER_USER |
APPID_SESSION_DISCOVER_APP;
Flow* flow = new Flow;
AppIdModule app_module;
AppIdInspector ins(app_module);
SfIp ip;
- AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt());
+ AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0, 0);
const char* version = "3.0";
asd->set_client_version(version, change_bits);
p.ptrs.ip_api.set(ip, ip);
AppIdModule app_module;
AppIdInspector ins(app_module);
- AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt());
+ AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0, 0);
asd->flags |= APPID_SESSION_SPECIAL_MONITORED | APPID_SESSION_DISCOVER_USER |
APPID_SESSION_DISCOVER_APP;
Flow* flow = new Flow;
void setup() override
{
SfIp ip;
- session = new AppIdSession(IpProtocol::TCP, &ip, 0, dummy_appid_inspector, stub_odp_ctxt);
+ session = new AppIdSession(IpProtocol::TCP, &ip, 0, dummy_appid_inspector, stub_odp_ctxt, 0, 0);
pkt_thread_odp_ctxt = &stub_odp_ctxt;
appidDebug = new AppIdDebug();
appidDebug->activate(nullptr, nullptr, false);
{
flow = new Flow;
SfIp ip;
- mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, stub_odp_ctxt);
+ mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, stub_odp_ctxt, 0, 0);
pkt_thread_odp_ctxt = &mock_session->get_odp_ctxt();
mock_session->create_http_session();
flow->set_flow_data(mock_session);
// AppIdSession mock functions
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector,
- OdpContext&, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config),
+ OdpContext&, uint32_t, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt)
{}
// AppIdDebug mock functions
void AppIdDebug::activate(const uint32_t*, const uint32_t*, uint16_t,
uint16_t, IpProtocol, const int, uint32_t, const AppIdSession*, bool,
- int16_t, int16_t, bool)
+ uint32_t, int16_t, int16_t, bool)
{
}
void setup() override
{
SfIp sfip;
- session = new AppIdSession(IpProtocol::IP, &sfip, 0, dummy_appid_inspector, stub_odp_ctxt);
+ session = new AppIdSession(IpProtocol::IP, &sfip, 0, dummy_appid_inspector, stub_odp_ctxt, 0, 0);
session->flow = &flow;
mock_hsession = new AppIdHttpSession(*session, 0);
appidDebug = new AppIdDebug();
static OdpContext stub_odp_ctxt(stub_config, nullptr);
OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt;
AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t, AppIdInspector& inspector,
- OdpContext&, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config),
+ OdpContext&, uint32_t, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config),
protocol(proto), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt)
{
this->set_session_flags(APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED);
AppidChangeBits change_bits;
SfIp ip{};
- mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt);
+ mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0);
mock_session->flow = &flow;
pkt_thread_odp_ctxt = &mock_session->get_odp_ctxt();
mock_session->set_ss_application_ids(APPID_UT_ID, APPID_UT_ID, APPID_UT_ID,
TEST(appid_session_api, get_client_app_id_with_eve_for_http2)
{
SfIp ip{};
- AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt);
+ AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0);
asd.flow = &flow;
AppidChangeBits change_bits;
asd.set_ss_application_ids(APP_ID_HTTP2, APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, change_bits);
TEST(appid_session_api, get_app_id)
{
SfIp ip{};
- AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt);
+ AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0);
asd.flow = &flow;
AppidChangeBits change_bits;
asd.set_application_ids_service(APP_ID_HTTP2, change_bits);
TEST(appid_session_api, get_app_id_with_eve_for_http2)
{
SfIp ip{};
- AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt);
+ AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0);
asd.flow = &flow;
AppidChangeBits change_bits;
asd.set_application_ids_service(APP_ID_HTTP2, change_bits);
TEST(appid_session_api, get_first_stream_appids_for_http2)
{
SfIp ip{};
- AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt);
+ AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0);
asd.flow = &flow;
AppidChangeBits change_bits;
asd.set_application_ids_service(APP_ID_HTTP2, change_bits);
TEST(appid_session_api, get_client_info_http2)
{
SfIp ip{};
- AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt);
+ AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0);
asd.flow = &flow;
AppidChangeBits change_bits;
asd.set_ss_application_ids(APP_ID_HTTP2, APPID_UT_ID + 1, APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, change_bits);
AppIdContext stub_ctxt(stub_config);
OdpContext stub_odp_ctxt(stub_config, nullptr);
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&,
- OdpContext&, uint32_t) : FlowData(0), config(stub_config),
+ OdpContext&, uint32_t, uint32_t) : FlowData(0), config(stub_config),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { }
AppIdSession::~AppIdSession() = default;
AppIdDiscovery::~AppIdDiscovery() = default;
AppIdInspector inspector;
SfIp client_ip;
client_ip.set("1.2.3.4");
- AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt);
+ AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt, 0, 0);
// Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count = 0
sds.set_state(ServiceState::VALID);
AppIdInspector inspector;
SfIp client_ip;
client_ip.set("1.2.3.4");
- AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt);
+ AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt, 0, 0);
// Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count > 1
sds.set_state(ServiceState::VALID);
#include <cstdarg>
#include <cstdio>
#include <unordered_map>
+#include <sstream>
#include "detection/ips_context.h"
#include "log/log.h"
{
SfIpString sipstr;
SfIpString dipstr;
+ std::ostringstream oss;
uint16_t sport = p.ptrs.sp;
uint16_t dport = p.ptrs.dp;
actual_sip->ntop(sipstr, sizeof(sipstr));
actual_dip->ntop(dipstr, sizeof(dipstr));
- char gr_buf[32] = { '\0' };
- if (p.is_inter_group_flow())
- snprintf(gr_buf, sizeof(gr_buf), " GR=%hd-%hd", p.pkth->ingress_group,
- p.pkth->egress_group);
-
if (shell_enabled)
{
PacketTracer::log("\n");
- snprintf(debug_session, sizeof(debug_session), "%s %hu -> %s %hu %hhu AS=%u ID=%u%s ",
- sipstr, sport, dipstr, dport, static_cast<uint8_t>(proto),
- p.pkth->address_space_id, get_instance_id(), gr_buf);
+
+ oss << sipstr << " " << sport << " -> "
+ << dipstr << " " << dport << " "
+ << std::to_string(to_utype(proto))
+ << " AS=" << p.pkth->address_space_id
+ << " ID=" << get_instance_id();
+
+ if (p.is_inter_group_flow())
+ {
+ oss << " GR="
+ << p.pkth->ingress_group
+ << "-"
+ << p.pkth->egress_group;
+ }
+
+ if (p.pkth->tenant_id)
+ oss << " TN=" << p.pkth->tenant_id;
+
+ oss << " ";
+ debugstr = oss.str();
}
else
{
add_eth_header_info(p);
- PacketTracer::log("%s:%hu -> %s:%hu proto %u AS=%u ID=%u%s\n",
- sipstr, sport, dipstr, dport, static_cast<uint8_t>(proto),
- p.pkth->address_space_id, get_instance_id(), gr_buf);
+
+ oss << sipstr << ":" << sport << " -> "
+ << dipstr << ":" << dport << " "
+ << "proto " << std::to_string(to_utype(proto))
+ << " AS=" << p.pkth->address_space_id
+ << " ID=" << get_instance_id();
+
+ if (p.is_inter_group_flow())
+ {
+ oss << " GR="
+ << p.pkth->ingress_group
+ << "-"
+ << p.pkth->egress_group;
+ }
+
+ if (p.pkth->tenant_id)
+ oss << " TN=" << p.pkth->tenant_id;
+
+ oss << "\n";
+ PacketTracer::log("%s", oss.str().c_str());
}
add_packet_type_info(p);
}
if (shell_enabled)
{
PacketTracer::log("\n");
- char gr_buf[32] = { '\0' };
+ std::ostringstream oss;
+ oss << eh->to_string()
+ << " AS=" << p.pkth->address_space_id
+ << " ID=" << get_instance_id();
+
if (p.is_inter_group_flow())
- snprintf(gr_buf, sizeof(gr_buf), " GR=%hd-%hd", p.pkth->ingress_group,
- p.pkth->egress_group);
-
- snprintf(debug_session, sizeof(debug_session),
- "%02X:%02X:%02X:%02X:%02X:%02X -> %02X:%02X:%02X:%02X:%02X:%02X %04X"
- " AS=%u ID=%u%s ",
- eh->ether_src[0], eh->ether_src[1], eh->ether_src[2],
- eh->ether_src[3], eh->ether_src[4], eh->ether_src[5],
- eh->ether_dst[0], eh->ether_dst[1], eh->ether_dst[2],
- eh->ether_dst[3], eh->ether_dst[4], eh->ether_dst[5],
- (uint16_t)eh->ethertype(), p.pkth->address_space_id, get_instance_id(),
- gr_buf);
+ {
+ oss << " GR="
+ << p.pkth->ingress_group
+ << "-"
+ << p.pkth->egress_group;
+ }
+
+ if (p.pkth->tenant_id)
+ oss << " TN=" << p.pkth->tenant_id;
+
+ oss << " "; // Include a space before the remaining data.
+ debugstr = oss.str();
s_pkt_trace->active = true;
}
else
{
// MAC layer
- PacketTracer::log("%02X:%02X:%02X:%02X:%02X:%02X -> %02X:%02X:%02X:%02X:%02X:%02X %04X\n",
- eh->ether_src[0], eh->ether_src[1], eh->ether_src[2],
- eh->ether_src[3], eh->ether_src[4], eh->ether_src[5],
- eh->ether_dst[0], eh->ether_dst[1], eh->ether_dst[2],
- eh->ether_dst[3], eh->ether_dst[4], eh->ether_dst[5],
- (uint16_t)eh->ethertype());
+ PacketTracer::log("%s\n", eh->to_string().c_str());
}
}
}
#include "time/clock_defs.h"
#include "time/stopwatch.h"
-// %s %u -> %s %u %u AS=%u ID=%u GR=%hd-%hd
-// IPv6 Port -> IPv6 Port Proto AS=ASNum ID=InstanceNum GR=SrcGroupNum-DstGroupNum
-#define PT_DEBUG_SESSION_ID_SIZE ((39+1+5+1+2+1+39+1+5+1+3+1+2+1+10+1+2+1+10+32)+1)
-
namespace snort
{
struct Packet;
bool shell_enabled = false;
bool active = false;
- char debug_session[PT_DEBUG_SESSION_ID_SIZE] = {0};
+ std::string debugstr;
PacketConstraints constraints;
// static functions
void add_eth_header_info(const snort::Packet&);
void add_packet_type_info(const snort::Packet&);
void update_constraints(const PacketConstraints* constraints);
- const char *get_debug_session() { return debug_session; }
+ const char *get_debug_session() { return debugstr.c_str(); }
virtual void open_file();
virtual void dump_to_daq(Packet*);
#ifndef PROTOCOLS_ETH_H
#define PROTOCOLS_ETH_H
+#include <string>
+
#include <arpa/inet.h>
#include "protocols/protocol_ids.h"
uint8_t ether_src[6];
uint16_t ether_type;
- /* return data in byte order */
+ /* return data in host byte order */
inline ProtocolId ethertype() const
{ return (ProtocolId)ntohs(ether_type); }
/* return data in network order */
inline uint16_t raw_ethertype() const
{ return ether_type; }
+
+ // <Src MAC> -> <Dst Mac> <Ether Type>
+ std::string to_string() const
+ {
+ char str[50];
+
+ snprintf(str, sizeof(str),
+ "%02X:%02X:%02X:%02X:%02X:%02X -> %02X:%02X:%02X:%02X:%02X:%02X %04X",
+ ether_src[0], ether_src[1], ether_src[2],
+ ether_src[3], ether_src[4], ether_src[5],
+ ether_dst[0], ether_dst[1], ether_dst[2],
+ ether_dst[3], ether_dst[4], ether_dst[5],
+ (uint16_t)ethertype());
+
+ return str;
+ }
};
} // namespace eth
} // namespace snort
uint16_t vlan_tag = 0;
uint16_t padding = 0;
uint64_t sid = 0;
+ uint32_t tenant_id = 0;
+ uint32_t padding2 = 0; // NOTE: If this changes, change do_hash too
bool operator==(const Smb2SidHashKey& other) const
{
sgroup == other.sgroup and
addressSpaceId == other.addressSpaceId and
vlan_tag == other.vlan_tag and
- sid == other.sid);
+ sid == other.sid and
+ tenant_id == other.tenant_id );
}
};
PADDING_GUARD_END
{
uint32_t a, b, c;
a = b = c = SMB_KEY_HASH_HARDENER;
- a += d[0]; b += d[1]; c += d[2]; mix(a, b, c);
- a += d[3]; b += d[4]; c += d[5]; mix(a, b, c);
- a += d[6]; b += d[7]; c += d[8]; mix(a, b, c);
- a += d[9]; b += d[10]; c += d[11]; mix(a, b, c);
- a += d[12]; b += d[13]; finalize(a, b, c);
+
+ a += d[0]; // IPv6 cip[0]
+ b += d[1]; // IPv6 cip[1]
+ c += d[2]; // IPv6 cip[2]
+ mix(a, b, c);
+
+ a += d[3]; // IPv6 cip[3]
+ b += d[4]; // IPv6 sip[0]
+ c += d[5]; // IPv6 sip[1]
+ mix(a, b, c);
+
+ a += d[6]; // IPv6 sip[2]
+ b += d[7]; // IPv6 sip[3]
+ c += d[8]; // mpls label
+ mix(a, b, c);
+
+ a += d[9]; // cgroup and sgroup
+ b += d[10]; // addressSpaceId
+ c += d[11]; // vlan_tag, padding
+ mix(a, b, c);
+
+ a += d[12]; // sid[0]
+ b += d[13]; // sid[1]
+ c += d[14]; // tenant_id
+
+ // padding2 is ignored.
+ finalize(a, b, c);
+
return c;
}
{
memcpy(key.cip, flow->client_ip.get_ip6_ptr(), 4 * sizeof(uint32_t));
memcpy(key.sip, flow->server_ip.get_ip6_ptr(), 4 * sizeof(uint32_t));
- key.sid = sid;
+ key.mplsLabel = flow->key->mplsLabel;
key.cgroup = flow->client_group;
key.sgroup = flow->server_group;
- key.vlan_tag = flow->key->vlan_tag;
- key.mplsLabel = flow->key->mplsLabel;
key.addressSpaceId = flow->key->addressSpaceId;
- key.padding = 0;
+ key.vlan_tag = flow->key->vlan_tag;
+ key.sid = sid;
+ key.tenant_id = flow->key->tenant_id;
}
return key;
}
{
/* Call into Streams to mark data channel as something
* to ignore. */
- Stream::ignore_flow(
+ FtpDataFlowData* fd = new FtpDataFlowData(p);
+ int ret = Stream::ignore_flow(
p, PktType::TCP, IpProtocol::TCP,
&session->clientIP, session->clientPort,
&session->serverIP, session->serverPort,
- SSN_DIR_BOTH, (new FtpDataFlowData(p)));
+ SSN_DIR_BOTH, fd);
+ if (ret)
+ delete fd;
}
}
}
}
else
{
- Stream::ignore_flow(p, p->flow->pkt_type, p->get_ip_proto_next(), &mdataA->maddress,
- mdataA->mport, &mdataB->maddress, mdataB->mport, SSN_DIR_BOTH, (new SipFlowData));
+ SipFlowData* fd = new SipFlowData;
+ int ret = Stream::ignore_flow(p, p->flow->pkt_type, p->get_ip_proto_next(), &mdataA->maddress,
+ mdataA->mport, &mdataB->maddress, mdataB->mport, SSN_DIR_BOTH, fd);
+ if (ret)
+ delete fd;
}
sip_stats.ignoreChannels++;
mdataA = mdataA->nextM;
SfIpRet SfCidr::set(const char* src)
{
- return addr.set(src, &bits);
+ // Can't pass &bits to set() since using an address of a packed
+ // member variable may result in an unaligned pointer value.
+ uint16_t outbits = 0;
+ SfIpRet ret = addr.set(src, &outbits);
+ bits = outbits;
+ return ret;
}
// Check if ip is contained within the network specified by this addr
skey.padding = skey.flags.padding_bits = 0;
skey.flags.group_used = p->is_inter_group_flow();
skey.init_groups(p->pkth->ingress_group, p->pkth->egress_group, reversed);
+ skey.tenant_id = p->pkth->tenant_id;
switch (p->type())
{
const SfIp* srcIP, uint16_t srcPort,
const SfIp* dstIP, uint16_t dstPort,
uint16_t vlan, uint32_t mplsId, uint32_t addressSpaceId,
+ uint32_t tenant_id,
int16_t ingress_group, int16_t egress_group)
{
FlowKey key;
const SnortConfig* sc = SnortConfig::get_conf();
key.init(sc, type, proto, srcIP, srcPort, dstIP, dstPort, vlan, mplsId,
- addressSpaceId, ingress_group, egress_group);
+ addressSpaceId, tenant_id, ingress_group, egress_group);
return get_flow(&key);
}
PktType type, IpProtocol proto,
const SfIp* srcIP, uint16_t srcPort,
const SfIp* dstIP, uint16_t dstPort,
- uint16_t vlan, uint32_t mplsId, const DAQ_PktHdr_t& pkth)
+ uint16_t vlan, uint32_t mplsId,
+ const DAQ_PktHdr_t& pkth)
{
FlowKey key;
const SnortConfig* sc = SnortConfig::get_conf();
*p->pkth);
}
-FlowKey* Stream::get_flow_key(Packet* p)
-{
- FlowKey* key = (FlowKey*)snort_calloc(sizeof(*key));
- populate_flow_key(p, key);
- return key;
-}
-
//-------------------------------------------------------------------------
// app data foo
//-------------------------------------------------------------------------
const SfIp* srcIP, uint16_t srcPort,
const SfIp* dstIP, uint16_t dstPort,
uint16_t vlan, uint32_t mplsId,
- uint32_t addressSpaceID, unsigned flowdata_id,
+ uint32_t addressSpaceID, unsigned flowdata_id, uint32_t tenant_id,
int16_t ingress_group, int16_t egress_group)
{
Flow* flow = get_flow(
type, proto, srcIP, srcPort, dstIP, dstPort,
- vlan, mplsId, addressSpaceID, ingress_group,
+ vlan, mplsId, addressSpaceID, tenant_id, ingress_group,
egress_group);
if (!flow)
return flow->get_flow_data(flowdata_id);
}
-FlowData* Stream::get_flow_data(
- PktType type, IpProtocol proto,
- const SfIp* srcIP, uint16_t srcPort,
- const SfIp* dstIP, uint16_t dstPort,
- uint16_t vlan, uint32_t mplsId,
- unsigned flowdata_id, const DAQ_PktHdr_t& pkth)
-{
- Flow* flow = get_flow(
- type, proto, srcIP, srcPort, dstIP, dstPort,
- vlan, mplsId, pkth);
-
- if (!flow)
- return nullptr;
-
- return flow->get_flow_data(flowdata_id);
-}
-
//-------------------------------------------------------------------------
//-------------------------------------------------------------------------
// session status
PktType type, IpProtocol proto,
const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2,
uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId, unsigned flowdata_id,
- int16_t ingress_group = DAQ_PKTHDR_UNKNOWN, int16_t egress_group = DAQ_PKTHDR_UNKNOWN);
-
- static FlowData* get_flow_data(
- PktType type, IpProtocol proto,
- const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2,
- uint16_t vlanId, uint32_t mplsId, unsigned flowdata_id, const DAQ_PktHdr_t&);
+ uint32_t tenant_id, int16_t ingress_group = DAQ_PKTHDR_UNKNOWN,
+ int16_t egress_group = DAQ_PKTHDR_UNKNOWN);
// Get pointer to application data for a flow using the FlowKey as the lookup criteria
static FlowData* get_flow_data(const FlowKey*, unsigned flowdata_id);
PktType type, IpProtocol proto,
const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2,
uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId,
- int16_t ingress_group = DAQ_PKTHDR_UNKNOWN, int16_t egress_group = DAQ_PKTHDR_UNKNOWN);
+ uint32_t tenant_id, int16_t ingress_group = DAQ_PKTHDR_UNKNOWN,
+ int16_t egress_group = DAQ_PKTHDR_UNKNOWN);
static Flow* get_flow(
PktType type, IpProtocol proto,
// Handle session block pending state
static void check_flow_closed(Packet*);
- // Create a session key from the Packet
- static FlowKey* get_flow_key(Packet*);
-
- // Populate a session key from the Packet
+ // Populate a flow key from the Packet
static void populate_flow_key(const Packet*, FlowKey*);
static void set_snort_protocol_id_from_ha(Flow*, const SnortProtocolId);