#include "appid_discovery.h"
#include "appid_ha.h"
#include "appid_http_event_handler.h"
+#include "appid_opportunistic_tls_event_handler.h"
#include "appid_peg_counts.h"
#include "appid_session.h"
#include "appid_stats.h"
DataBus::subscribe_global(DCERPC_EXP_SESSION_EVENT_KEY, new DceExpSsnEventHandler(), sc);
+ DataBus::subscribe_global(OPPORTUNISTIC_TLS_EVENT, new AppIdOpportunisticTlsEventHandler(), sc);
+
return true;
}
--- /dev/null
+//--------------------------------------------------------------------------
+// Copyright (C) 2021-2021 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation. You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+//--------------------------------------------------------------------------
+
+// appid_opportunistic_tls_event_handler.h
+// author Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
+
+#ifndef APPID_OPPORTUNISTIC_TLS_EVENT_HANDLER_H
+#define APPID_OPPORTUNISTIC_TLS_EVENT_HANDLER_H
+
+#include "pub_sub/opportunistic_tls_event.h"
+#include "appid_session.h"
+
+class AppIdOpportunisticTlsEventHandler : public snort::DataHandler
+{
+public:
+ AppIdOpportunisticTlsEventHandler() : DataHandler(MOD_NAME) { }
+
+ void handle(snort::DataEvent&, snort::Flow* flow) override
+ {
+ assert(flow);
+ AppIdSession* asd = snort::appid_api.get_appid_session(*flow);
+ if (!asd)
+ return;
+
+ // Skip sessions using old odp context after reload detectors
+ if (!pkt_thread_odp_ctxt or
+ (pkt_thread_odp_ctxt->get_version() != asd->get_odp_ctxt_version()))
+ return;
+
+ asd->set_session_flags(APPID_SESSION_OPPORTUNISTIC_TLS);
+ }
+};
+
+#endif
+
};
static const char IMAP_PATTERN[] = "* OK";
+static const char CAPA_PATTERN[] = "* CAPABILITY";
enum IMAPClientState
{
tcp_patterns =
{
- { (const uint8_t*)IMAP_PATTERN, sizeof(IMAP_PATTERN) - 1, 0, 0, 0 }
+ { (const uint8_t*)IMAP_PATTERN, sizeof(IMAP_PATTERN) - 1, 0, 0, 0 },
+ { (const uint8_t*)CAPA_PATTERN, sizeof(CAPA_PATTERN) - 1, 0, 1, 0 }
};
appid_registry =
{
dd->client.flags |= CLIENT_FLAG_STARTTLS_SUCCESS;
- #ifndef REG_TEST
- if (args.asd.get_session_flags(APPID_SESSION_DECRYPT_MONITOR))
- #endif
+ if (args.asd.get_session_flags(APPID_SESSION_OPPORTUNISTIC_TLS))
dd->client.decryption_countdown = SSL_WAIT_PACKETS; // start a countdown
- #ifndef REG_TEST
else
dd->client.decryption_countdown = 1;
- #endif
add_service(args.change_bits, args.asd, args.pkt, args.dir, APP_ID_SMTPS);
projects / thirdparty / snort3.git / commitdiff
