AppIdConfig::AppIdConfig( AppIdModuleConfig* config )
: mod_config( config ), app_info_mgr(AppInfoManager::get_instance())
{
+ for( unsigned i = 0; i < MAX_ZONES; i++ )
+ net_list_by_zone[ i ] = nullptr;
+ for( unsigned i = 0; i < 65535; i++ )
+ {
+ tcp_port_only[ i ] = APP_ID_NONE;
+ udp_port_only[ i ] = APP_ID_NONE;
+ }
+
+ for( unsigned i = 0; i < 255; i++ )
+ ip_protocol[ i ] = APP_ID_NONE;
+
+ for( unsigned i = 0; i < APP_ID_PORT_ARRAY_SIZE; i++ )
+ {
+ tcp_port_exclusions_src[ i ] = nullptr;
+ udp_port_exclusions_src[ i ] = nullptr;
+ tcp_port_exclusions_dst[ i ] = nullptr;
+ udp_port_exclusions_dst[ i ] = nullptr;
+ }
}
AppIdConfig::~AppIdConfig()
}
}
-int AppIdConfig::add_port_exclusion(SF_LIST* port_exclusions[], const ip::snort_in6_addr* ip,
+int AppIdConfig::add_port_exclusion(AppIdPortExclusions& port_exclusions, const ip::snort_in6_addr* ip,
const ip::snort_in6_addr* netmask, int family, uint16_t port)
{
- PortExclusion* port_ex;
SF_LIST* pe_list;
- port_ex = (PortExclusion*)snort_calloc(sizeof(PortExclusion));
+ PortExclusion* port_ex = (PortExclusion*)snort_calloc(sizeof(PortExclusion));
port_ex->ip = *ip;
if (family == AF_INET)
{
char* p;
RNAIpAddrSet* ias;
RNAIpv6AddrSet* ias6;
- SF_LIST** port_exclusions;
IpProtocol proto;
unsigned long dir;
unsigned long port;
if (dir & 1)
{
if (proto == IpProtocol::TCP)
- port_exclusions = tcp_port_exclusions_src;
+ add_port_exclusion(tcp_port_exclusions_src, &ip, &netmask, family, (uint16_t)port);
else
- port_exclusions = udp_port_exclusions_src;
- add_port_exclusion(port_exclusions, &ip, &netmask, family, (uint16_t)port);
+ add_port_exclusion(udp_port_exclusions_src, &ip, &netmask, family, (uint16_t)port);
}
+
if (dir & 2)
{
if (proto == IpProtocol::TCP)
- port_exclusions = tcp_port_exclusions_dst;
+ add_port_exclusion(tcp_port_exclusions_dst, &ip, &netmask, family, (uint16_t)port);
else
- port_exclusions = udp_port_exclusions_dst;
- add_port_exclusion(port_exclusions, &ip, &netmask, family, (uint16_t)port);
+ add_port_exclusion(udp_port_exclusions_dst, &ip, &netmask, family, (uint16_t)port);
}
}
}
}
-static void free_port_exclusion_list( SF_LIST** pe_list )
+static void free_port_exclusion_list( AppIdPortExclusions& pe_list )
{
for ( unsigned i = 0; i < APP_ID_PORT_ARRAY_SIZE; i++ )
{
free_port_exclusion_list(udp_port_exclusions_src);
free_port_exclusion_list(udp_port_exclusions_dst);
- memset(net_list_by_zone, 0, sizeof(net_list_by_zone));
sflist_static_free_all(&client_app_args, (void (*)(void*))free_config_items);
}
struct AppIdSessionLogFilter
{
+ AppIdSessionLogFilter()
+ {
+ sip.clear();
+ dip.clear();
+ }
+
sfip_t sip;
bool sip_flag = false;
sfip_t dip;
RNA_FW_CONFIG_STATE_PENDING,
};
+typedef std::array<SF_LIST*, APP_ID_PORT_ARRAY_SIZE> AppIdPortExclusions;
+
class AppIdConfig
{
public:
unsigned net_list_count = 0;
NetworkSet* net_list_list = nullptr;
NetworkSet* net_list = nullptr;
- NetworkSet* net_list_by_zone[MAX_ZONES] = { nullptr };
- std::array<AppId, 65535> tcp_port_only; ///< Service IDs for port-only TCP services
- std::array<AppId, 65535> udp_port_only; ///< Service IDs for port-only UDP services
- AppId ip_protocol[255] = { 0 }; ///< Service IDs for non-TCP / UDP protocol services
+ std::array<NetworkSet*, MAX_ZONES> net_list_by_zone;
+ std::array<AppId, APP_ID_PORT_ARRAY_SIZE> tcp_port_only; ///< Service IDs for port-only TCP services
+ std::array<AppId, APP_ID_PORT_ARRAY_SIZE> udp_port_only; ///< Service IDs for port-only UDP services
+ std::array<AppId, 255> ip_protocol; ///< Service IDs for non-TCP / UDP protocol services
SF_LIST client_app_args; ///< List of Client App arguments
// for each potential port, an sflist of PortExclusion structs
- SF_LIST* tcp_port_exclusions_src[APP_ID_PORT_ARRAY_SIZE] = { nullptr };
- SF_LIST* udp_port_exclusions_src[APP_ID_PORT_ARRAY_SIZE] = { nullptr };
- SF_LIST* tcp_port_exclusions_dst[APP_ID_PORT_ARRAY_SIZE] = { nullptr };
- SF_LIST* udp_port_exclusions_dst[APP_ID_PORT_ARRAY_SIZE] = { nullptr };
- AppIdModuleConfig* mod_config;
+ AppIdPortExclusions tcp_port_exclusions_src;
+ AppIdPortExclusions udp_port_exclusions_src;
+ AppIdPortExclusions tcp_port_exclusions_dst;
+ AppIdPortExclusions udp_port_exclusions_dst;
+ AppIdModuleConfig* mod_config = nullptr;
private:
void read_port_detectors(const char* files);
void configure_analysis_networks(char* toklist[], uint32_t flag);
- int add_port_exclusion(SF_LIST* port_exclusions[], const ip::snort_in6_addr* ip,
+ int add_port_exclusion(AppIdPortExclusions& port_exclusions, const ip::snort_in6_addr* ip,
const ip::snort_in6_addr* netmask, int family, uint16_t port);
void process_port_exclusion(char* toklist[]);
void process_config_directive(char* toklist[], int /* reload */);
if(*data)
snort_free(*data);
- *data = snort_strndup((char*)header_start, header_length);
+ *data = (char*)snort_alloc(header_length + 1);
+ memcpy(*data, header_start, header_length);
+ *(*data + header_length) = '\0';
datalen = header_length;
}
if(header_length > 0)
{
replace_header_data(&session->hsession->useragent,
- session->hsession->useragent_buflen, header_start,
- header_length);
+ session->hsession->useragent_buflen, header_start, header_length);
session->scan_flags |= SCAN_HTTP_USER_AGENT_FLAG;
}
}
delete_shared_data();
-
free_flow_data();
}
static inline int check_port_exclusion(const Packet* pkt, bool reversed)
{
- SF_LIST** src_port_exclusions;
- SF_LIST** dst_port_exclusions;
+ AppIdPortExclusions* src_port_exclusions;
+ AppIdPortExclusions* dst_port_exclusions;
SF_LIST* pe_list;
PortExclusion* pe;
const sfip_t* s_ip;
if ( pkt->is_tcp() )
{
- src_port_exclusions = config->tcp_port_exclusions_src;
- dst_port_exclusions = config->tcp_port_exclusions_dst;
+ src_port_exclusions = &config->tcp_port_exclusions_src;
+ dst_port_exclusions = &config->tcp_port_exclusions_dst;
}
else if ( pkt->is_udp() )
{
- src_port_exclusions = config->udp_port_exclusions_src;
- dst_port_exclusions = config->udp_port_exclusions_dst;
+ src_port_exclusions = &config->udp_port_exclusions_src;
+ dst_port_exclusions = &config->udp_port_exclusions_dst;
}
else
return 0;
/* check the source port */
uint16_t port = reversed ? pkt->ptrs.dp : pkt->ptrs.sp;
- if ( port && (pe_list = src_port_exclusions[port]) != nullptr )
+ if ( port && (pe_list = (*src_port_exclusions)[port]) != nullptr )
{
s_ip = reversed ? pkt->ptrs.ip_api.get_dst() : pkt->ptrs.ip_api.get_src();
/* check the dest port */
port = reversed ? pkt->ptrs.sp : pkt->ptrs.dp;
- if ( port && (pe_list=dst_port_exclusions[port]) != nullptr )
+ if ( port && (pe_list = (*dst_port_exclusions)[port]) != nullptr )
{
s_ip = reversed ? pkt->ptrs.ip_api.get_src() : pkt->ptrs.ip_api.get_dst();
void AppIdSession::free_tls_session_data()
{
- if (tsession )
+ if ( tsession )
{
if (tsession->tls_host)
snort_free(tsession->tls_host);
free_http_session_data();
free_tls_session_data();
free_dns_session_data();
- tsession = nullptr;
snort_free(firewallEarlyData);
firewallEarlyData = nullptr;
serviceAppId = APP_ID_UNKNOWN;
tp_payload_app_id = APP_ID_UNKNOWN;
tp_app_id = APP_ID_UNKNOWN;
+
if (payload_version)
{
snort_free(payload_version);
payload_version = nullptr;
}
+
if (serviceVendor)
{
snort_free(serviceVendor);
serviceVendor = nullptr;
}
+
if (serviceVersion)
{
snort_free(serviceVersion);
AppIdConfig* config = nullptr;
CommonAppIdData common;
- //AppIdSession* next = nullptr;
Flow* flow = nullptr;
AppIdFlowData* flowData = nullptr;
AppInfoManager* app_info_mgr = nullptr;
void get_server_vendor_version(const uint8_t* data, int len, char** version, char** vendor,
RNAServiceSubtype** subtype)
{
- const uint8_t* subname;
- const uint8_t* subver;
- int subname_len;
- int subver_len;
- const uint8_t* paren;
- const uint8_t* ver;
- const uint8_t* p;
- const uint8_t* end = data + len;
- RNAServiceSubtype* sub;
- int vendor_len;
- int version_len;
- char* tmp;
+ int vendor_len = len;
- ver = (const uint8_t*)memchr(data, '/', len);
+ const uint8_t* ver = (const uint8_t*)memchr(data, '/', len);
if (ver)
{
- version_len = 0;
+ RNAServiceSubtype* sub;
+ int version_len = 0;
+ int subver_len;
+ const uint8_t* subname = nullptr;
+ int subname_len = 0;
+ const uint8_t* subver = nullptr;
+ const uint8_t* paren = nullptr;
+ const uint8_t* p;
+ const uint8_t* end = data + len;
vendor_len = ver - data;
ver++;
- subname = nullptr;
- subname_len = 0;
- subver = nullptr;
- paren = nullptr;
+
for (p=ver; *p && p < end; p++)
{
if (*p == '(')
if (subname && subname_len > 0 && subver && *subname)
{
sub = (RNAServiceSubtype*)snort_calloc(sizeof(RNAServiceSubtype));
- tmp = (char*)snort_calloc(subname_len + 1);
+ char* tmp = (char*)snort_calloc(subname_len + 1);
memcpy(tmp, subname, subname_len);
tmp[subname_len] = 0;
sub->service = tmp;
if (subname && subname_len > 0 && subver && *subname)
{
sub = (RNAServiceSubtype*)snort_calloc(sizeof(RNAServiceSubtype));
- tmp = (char*)snort_calloc(subname_len + 1);
+ char* tmp = (char*)snort_calloc(subname_len + 1);
memcpy(tmp, subname, subname_len);
tmp[subname_len] = 0;
sub->service = tmp;
memcpy(*version, ver, version_len);
*(*version + version_len) = '\0';
}
- else
- {
- vendor_len = len;
- }
if (vendor_len >= MAX_VERSION_SIZE)
vendor_len = MAX_VERSION_SIZE - 1;
if ( !detector->server.pServiceElement )
{
detector->server.pServiceElement = new RNAServiceElement;
+ detector->server.pServiceElement->init();
detector->server.pServiceElement->name = detector->server.serviceModule.name;
}
{
RNAServiceElement* next;
RNAServiceValidationFCN validate;
- // Value of userdata pointer and validate pointer forms key for comparison.
Detector* userdata;
-
- /**type of detector - pattern based, Sourcefire (validator) or User (Validator). */
unsigned detectorType;
-
- /**Number of resources registered */
unsigned ref_count;
unsigned current_ref_count;
int provides_user;
const char* name;
+
+ void init()
+ {
+ next = nullptr;
+ name = nullptr;
+ validate = nullptr;
+ userdata = nullptr;
+ provides_user = 0;
+ detectorType = DETECTOR_TYPE_NOT_SET;
+ ref_count = 0;
+ current_ref_count = 0;
+ }
+
+ void init(const char* service_name, RNAServiceValidationFCN fcn, Detector* ud,
+ int has_user, unsigned type)
+ {
+ next = nullptr;
+ name = service_name;
+ validate = fcn;
+ userdata = ud;
+ provides_user = has_user;
+ detectorType = type;
+ ref_count = 0;
+ current_ref_count = 0;
+ }
};
typedef void* (*ServiceFlowdataGet)(AppIdSession*, unsigned);
if (!li)
{
li = new RNAServiceElement;
+ li->init(name, fcn, userdata, provides_user, DETECTOR_TYPE_PATTERN);
li->next = *list;
*list = li;
- li->validate = fcn;
- li->userdata = userdata;
- li->detectorType = UINT_MAX;
- li->provides_user = provides_user;
- li->name = name;
}
if ( !(*patterns) )
if (!li)
{
li = new RNAServiceElement;
+ li->init(svm->name, pp->validate, userdata, svm->provides_user, DETECTOR_TYPE_PORT);
li->next = *list;
*list = li;
- li->validate = pp->validate;
- li->provides_user = svm->provides_user;
- li->userdata = userdata;
- li->detectorType = UINT_MAX;
- li->name = svm->name;
}
if (pp->proto == IpProtocol::TCP && pp->port == 21 && !ftp_service)
const char* temp_start_ptr;
temp_start_ptr = start_ptr+index;
+ // FIXIT-M - This code needs review to ensure it works correctly with the new semantics of the
+ // index returned by the SearchTool find_all pattern matching function
mdnsMatchListFind(start_ptr, size - data_size + index, resp_endptr, &pattern_length);
/* Contains reference pointer */
while ((index < data_size) && !(*resp_endptr) && ((uint8_t )temp_start_ptr[index] >>
goto fail;
}
}
+
asd->set_session_flags(APPID_SESSION_SSL_SESSION);
if (ss->host_name || ss->common_name || ss->org_name)
{
while (mp)
{
//only patterns that match start of payload, or patterns starting with '.' or patterns
- // folowing '.' in payload
- //are considered a match.
+ // folowing '.' in payload are considered a match.
if (mp->index == 0 || *mp->mpattern->pattern == '.' || pattern[mp->index-1] == '.')
{
if (!best_match || mp->mpattern->pattern_size > best_match->pattern_size)
// obviously delay detection under some scenarios.
};
-#define DETECTOR_TYPE_PASSIVE 0
-#define DETECTOR_TYPE_DECODER 0
-#define DETECTOR_TYPE_NETFLOW 1
-#define DETECTOR_TYPE_PORT 2
-#define DETECTOR_TYPE_DERIVED 3
-#define DETECTOR_TYPE_CONFLICT 4
-#define DETECTOR_TYPE_PATTERN 5
+enum DetectorType
+{
+ DETECTOR_TYPE_PASSIVE = 0,
+ DETECTOR_TYPE_DECODER = 0,
+ DETECTOR_TYPE_NETFLOW,
+ DETECTOR_TYPE_PORT,
+ DETECTOR_TYPE_DERIVED,
+ DETECTOR_TYPE_CONFLICT,
+ DETECTOR_TYPE_PATTERN,
+ DETECTOR_TYPE_NOT_SET
+};
struct ServiceMatch
{
AppIdSession::AppIdSession(IpProtocol, const sfip_t*, uint16_t) : FlowData(flow_id, nullptr)
{
+ hsession = nullptr;
}
AppIdSession::~AppIdSession()
return;
if(hsession->content_type)
- free(hsession->content_type);
+ snort_free(hsession->content_type);
if(hsession->cookie)
- free(hsession->cookie);
+ snort_free(hsession->cookie);
if(hsession->host)
- free(hsession->host);
+ snort_free(hsession->host);
if(hsession->location)
- free(hsession->location);
+ snort_free(hsession->location);
if(hsession->referer)
- free(hsession->referer);
+ snort_free(hsession->referer);
if(hsession->response_code)
free(hsession->response_code);
if(hsession->server)
- free(hsession->server);
+ snort_free(hsession->server);
if(hsession->uri)
- free(hsession->uri);
+ snort_free(hsession->uri);
if(hsession->url)
snort_free(hsession->url);
if(hsession->useragent)
- free(hsession->useragent);
+ snort_free(hsession->useragent);
if(hsession->via)
- free(hsession->via);
+ snort_free(hsession->via);
if(hsession->x_working_with)
- free(hsession->x_working_with);
+ snort_free(hsession->x_working_with);
snort_free(hsession);
}
mock().checkExpectations();
}
-#define CONTENT_TYPE "html/text"
-#define COOKIE "this is my request cookie content"
-#define HOST "www.google.com"
-#define LOCATION "abc.yahoo.com"
-#define URI "/path/to/index.html"
-#define USERAGENT "Mozilla/5.0 (Macintosh; Intel Mac OS X)"
-#define REFERER "http://www.yahoo.com/search"
+const char* CONTENT_TYPE = "html/text";
+const char* COOKIE = "this is my request cookie content";
+const char* HOST = "www.google.com";
+const char* LOCATION = "abc.yahoo.com";
+const char* URI = "/path/to/index.html";
+const char* USERAGENT = "Mozilla/5.0 (Macintosh; Intel Mac OS X)";
+const char* REFERER = "http://www.yahoo.com/search";
+const char* SERVER = "Apache";
+const char* X_WORKING_WITH = "working with string";
+const char* VIA = "via string";
#define RESPONSE_CODE 301
-#define SERVER "Apache"
-#define X_WORKING_WITH "working with string"
-#define VIA "via string"
struct TestData
{
this->msg = msg;
this->dialog = dialog;
- if( msg->from )
+ if( msg->fromLen )
from = string(msg->from, msg->fromLen);
- if( msg->userName )
+ if( msg->userNameLen )
user_name = string(msg->userName, msg->userNameLen);
- if( msg->userAgent )
+ if( msg->userAgentLen )
user_agent = string(msg->userAgent, msg->userAgentLen);
- if( msg->server )
+ if( msg->serverLen )
server = string(msg->server, msg->serverLen);
}
projects / thirdparty / snort3.git / commitdiff
