void set_service(SnortProtocolId snort_protocol_id_param)
{ snort_protocol_id = snort_protocol_id_param; }
- SnortProtocolId get_service() { return snort_protocol_id; }
+ SnortProtocolId get_service() const { return snort_protocol_id; }
// for well known buffers
// well known buffers may be included among generic below,
const InspectApi* get_api()
{ return api; }
- const char* get_name();
+ const char* get_name() const;
virtual bool is_control_channel() const
{ return false; }
InspectFunc reset; // clear stats
};
-inline const char* Inspector::get_name()
+inline const char* Inspector::get_name() const
{ return api->base.name; }
}
#include "appid_api.h"
+#include "framework/inspector.h"
#include "managers/inspector_manager.h"
#include "utils/util.h"
{
delete api;
}
+
+bool AppIdApi::is_inspection_needed(const Inspector& inspector) const
+{
+ AppIdInspector* appid_inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME,
+ true);
+
+ if (appid_inspector and
+ (inspector.get_service() == appid_inspector->get_ctxt().config.snortId_for_http2))
+ return true;
+
+ return false;
+}
AppId& client_id, AppId& payload_id, const char* org_unit = nullptr);
AppIdSessionApi* create_appid_session_api(const Flow& flow);
void free_appid_session_api(AppIdSessionApi* api);
+ bool is_inspection_needed(const Inspector& g) const;
};
SO_PUBLIC extern AppIdApi appid_api;
#define MIN_MAX_PKTS_BEFORE_SERVICE_FAIL 5
#define MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES 15
-extern SnortProtocolId snortId_for_unsynchronized;
-extern SnortProtocolId snortId_for_ftp_data;
-extern SnortProtocolId snortId_for_http2;
-
class PatternClientDetector;
class PatternServiceDetector;
using namespace snort;
+static SnortProtocolId dummy_http2_protocol_id = 1;
+
namespace snort
{
-class Inspector* InspectorManager::get_inspector(char const*, bool, const SnortConfig*)
-{ return nullptr; }
+class Inspector* InspectorManager::get_inspector(const char*, bool, const SnortConfig*)
+{ return &dummy_appid_inspector; }
+
}
+class DummyInspector : public snort::Inspector
+{
+public:
+ void eval(Packet*) override {};
+};
+
void DataBus::publish(const char*, DataEvent& event, Flow*)
{
AppidEvent* appid_event = (AppidEvent*)&event;
ip.pton(AF_INET, "192.168.1.222");
val = appid_api.consume_ha_state(*flow, (uint8_t*)&appHA, 0, IpProtocol::TCP, &ip, 1066);
CHECK_TRUE(val == sizeof(appHA));
- // FIXIT-E refactor below code to test AppId consume functionality
- /*
+
AppIdSession* session = (AppIdSession*)flow->get_flow_data(AppIdSession::inspector_id);
CHECK_TRUE(session);
CHECK_TRUE(session->get_tp_app_id() == appHA.appId[0]);
CHECK_TRUE(session->client_inferred_service_id == appHA.appId[2]);
CHECK_TRUE(session->service.get_port_service_id() == appHA.appId[3]);
CHECK_TRUE(session->payload.get_id() == appHA.appId[4]);
- CHECK_TRUE(session->tp_payload_app_id == appHA.appId[5]);
+ CHECK_TRUE(session->get_tp_payload_app_id() == appHA.appId[5]);
CHECK_TRUE(session->client.get_id() == appHA.appId[6]);
CHECK_TRUE(session->misc_app_id == appHA.appId[7]);
CHECK_TRUE(session->service_disco_state == APPID_DISCO_STATE_FINISHED);
CHECK_TRUE(session->client_disco_state == APPID_DISCO_STATE_FINISHED);
delete session;
- */
// test logic when service app is ftp control
appHA.appId[1] = APP_ID_FTP_CONTROL;
mock_flow_data= nullptr;
val = appid_api.consume_ha_state(*flow, (uint8_t*)&appHA, 0, IpProtocol::TCP, &ip, 1066);
CHECK_TRUE(val == sizeof(appHA));
- // FIXIT-E refactor below code to test AppId consume functionality
- /*
+
session = (AppIdSession*)flow->get_flow_data(AppIdSession::inspector_id);
CHECK_TRUE(session);
uint64_t flags = session->get_session_flags(APPID_SESSION_CLIENT_DETECTED |
CHECK_TRUE(session->service_disco_state == APPID_DISCO_STATE_STATEFUL);
CHECK_TRUE(session->client_disco_state == APPID_DISCO_STATE_FINISHED);
delete session;
- */
}
TEST(appid_api, ssl_app_group_id_lookup)
appid_session_api = appid_api.create_appid_session_api(*flow);
CHECK_FALSE(appid_session_api);
- AppIdSession ignore_asd(IpProtocol::TCP, nullptr, 1492, appid_inspector);
+ AppIdSession ignore_asd(IpProtocol::TCP, nullptr, 1492, dummy_appid_inspector);
ignore_asd.common.flow_type = APPID_FLOW_TYPE_IGNORE;
flow->set_flow_data(&ignore_asd);
appid_session_api = appid_api.create_appid_session_api(*flow);
flow = old_flow;
}
+TEST(appid_api, is_inspection_needed)
+{
+ DummyInspector inspector;
+ inspector.set_service(dummy_http2_protocol_id);
+ dummy_appid_inspector.get_ctxt().config.snortId_for_http2 = dummy_http2_protocol_id;
+ CHECK_TRUE(appid_api.is_inspection_needed(inspector));
+
+ inspector.set_service(dummy_http2_protocol_id + 1);
+ CHECK_FALSE(appid_api.is_inspection_needed(inspector));
+}
+
int main(int argc, char** argv)
{
mock_init_appid_pegs();
- mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector);
+ mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, dummy_appid_inspector);
int rc = CommandLineTestRunner::RunAllTests(argc, argv);
mock_cleanup_appid_pegs();
return rc;
void setup() override
{
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
- mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector);
+ mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, dummy_appid_inspector);
mock_session->get_http_session();
flow = new Flow;
flow->set_flow_data(mock_session);
void setup() override
{
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
- parent = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector);
- expected = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector);
+ parent = new AppIdSession(IpProtocol::TCP, nullptr, 1492, dummy_appid_inspector);
+ expected = new AppIdSession(IpProtocol::TCP, nullptr, 1492, dummy_appid_inspector);
}
void teardown() override
{
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
flow = new Flow;
- mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector);
+ mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, dummy_appid_inspector);
mock_session->create_http_session();
flow->set_flow_data(mock_session);
appidDebug = new AppIdDebug();
THREAD_LOCAL AppIdDebug* appidDebug = nullptr;
const SfIp* sfip = nullptr;
-AppIdSession session(IpProtocol::IP, sfip, 0, appid_inspector);
+AppIdSession session(IpProtocol::IP, sfip, 0, dummy_appid_inspector);
AppIdHttpSession mock_hsession(session, 0);
TEST_GROUP(appid_http_session)
#include "service_inspectors/http_inspect/http_msg_header.h"
#include "utils/stats.h"
-class Inspector;
class ThirdPartyAppIdContext;
ThirdPartyAppIdContext* tp_appid_ctxt = nullptr;
void AppIdModule::set_trace(const Trace*) const { }
const TraceOption* AppIdModule::get_trace_options() const { return nullptr; }
-AppIdInspector::AppIdInspector(AppIdModule& ) { }
AppIdInspector::~AppIdInspector() { }
void AppIdInspector::eval(snort::Packet*) { }
bool AppIdInspector::configure(snort::SnortConfig*) { return true; }
AppIdContext& AppIdInspector::get_ctxt() const { return *ctxt; }
AppIdModule appid_mod;
-AppIdInspector appid_inspector( appid_mod );
+AppIdInspector dummy_appid_inspector( appid_mod );
+AppIdConfig appid_config;
+AppIdContext appid_ctxt(appid_config);
+
+AppIdInspector::AppIdInspector(AppIdModule& ) { ctxt = &appid_ctxt; }
#endif
void setup() override
{
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
- mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector);
+ mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, dummy_appid_inspector);
appid_session_api = new AppIdSessionApi(mock_session);
}
projects / thirdparty / snort3.git / commitdiff
