using namespace snort;
-SnortProtocolId snortId_for_unsynchronized;
-SnortProtocolId snortId_for_ftp_data;
-SnortProtocolId snortId_for_http2;
ThirdPartyAppIdContext* AppIdContext::tp_appid_ctxt = nullptr;
OdpContext* AppIdContext::odp_ctxt = nullptr;
-static void map_app_names_to_snort_ids(SnortConfig* sc)
+static void map_app_names_to_snort_ids(SnortConfig* sc, AppIdConfig& config)
{
- /* init globals for snortId compares */
- snortId_for_unsynchronized = sc->proto_ref->add("unsynchronized");
- snortId_for_ftp_data = sc->proto_ref->add("ftp-data");
- snortId_for_http2 = sc->proto_ref->add("http2");
+ config.snortId_for_unsynchronized = sc->proto_ref->add("unsynchronized");
+ config.snortId_for_ftp_data = sc->proto_ref->add("ftp-data");
+ config.snortId_for_http2 = sc->proto_ref->add("http2");
// Have to create SnortProtocolIds during configuration initialization.
sc->proto_ref->add("rexec");
odp_ctxt->get_service_disco_mgr().initialize();
LuaDetectorManager::initialize(*this, 1);
odp_ctxt->initialize();
+
+ // do not reload third party on reload_config()
+ if (!tp_appid_ctxt)
+ tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(config, *odp_ctxt);
once = true;
}
- // do not reload third party on reload_config()
- if (!tp_appid_ctxt)
- tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(config, *odp_ctxt);
-
- map_app_names_to_snort_ids(sc);
+ map_app_names_to_snort_ids(sc, config);
return true;
}
#define APP_ID_PORT_ARRAY_SIZE 65536
-extern SnortProtocolId snortId_for_unsynchronized;
-extern SnortProtocolId snortId_for_ftp_data;
-extern SnortProtocolId snortId_for_http2;
class PatternClientDetector;
class PatternServiceDetector;
size_t memcap = 0;
bool list_odp_detectors = false;
bool log_all_sessions = false;
-
+ SnortProtocolId snortId_for_unsynchronized;
+ SnortProtocolId snortId_for_ftp_data;
+ SnortProtocolId snortId_for_http2;
void show() const;
};
#include "app_forecast.h"
#include "app_info_table.h"
+#include "appid_config.h"
#include "appid_debug.h"
#include "appid_dns_session.h"
#include "appid_http_session.h"
AppIdSession* asd = new AppIdSession(proto, ip, port, *inspector);
asd->flow = p->flow;
asd->stats.first_packet_second = p->pkth->ts.tv_sec;
- asd->snort_protocol_id = snortId_for_unsynchronized;
+ asd->snort_protocol_id = asd->ctxt.config.snortId_for_unsynchronized;
p->flow->set_flow_data(asd);
return asd;
}
// UNKNOWN_PROTOCOL_ID case.
if (tmp_snort_protocol_id == UNKNOWN_PROTOCOL_ID &&
(newAppId == APP_ID_HTTP2))
- tmp_snort_protocol_id = snortId_for_http2;
+ tmp_snort_protocol_id = ctxt.config.snortId_for_http2;
if (tmp_snort_protocol_id != snort_protocol_id)
{
snort_protocol_id = tmp_snort_protocol_id;
if (appidDebug->is_active() &&
- tmp_snort_protocol_id == snortId_for_http2)
+ tmp_snort_protocol_id == ctxt.config.snortId_for_http2)
LogMessage("AppIdDbg %s Telling Snort that it's HTTP/2\n",
appidDebug->get_debug_session());
tp_app_id = APP_ID_NONE;
}
if (tp_app_id == APP_ID_SSL &&
- (Stream::get_snort_protocol_id(p->flow) == snortId_for_ftp_data))
+ (Stream::get_snort_protocol_id(p->flow) == asd.ctxt.config.snortId_for_ftp_data))
{
// If we see SSL on an FTP data channel set tpAppId back
// to APP_ID_NONE so the FTP preprocessor picks up the flow.