Merge pull request #674 in SNORT/snort3 from appid_stateVariable_fix to master

author Hui Cao (huica) <huica@cisco.com>

Wed, 12 Oct 2016 17:29:53 +0000 (13:29 -0400)

committer Hui Cao (huica) <huica@cisco.com>

Wed, 12 Oct 2016 17:29:53 +0000 (13:29 -0400)
author Hui Cao (huica) <huica@cisco.com>
Wed, 12 Oct 2016 17:29:53 +0000 (13:29 -0400)
committer Hui Cao (huica) <huica@cisco.com>
Wed, 12 Oct 2016 17:29:53 +0000 (13:29 -0400)
diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc

index dcd32fe655c3cb2e53520de4a22e4ede383ce560..58d7b6ba63f9fc8032f2540a3a01d9de8a0b341e 100644 (file)
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -41,13 +41,16 @@ const PegInfo appid_pegs[] =
      { "packets", "count of packets received by appid inspector" },
      { "processed packets", "count of packets processed by appid inspector" },
      { "ignored packets", "count of packets ignored by appid inspector" },
+    { "aim_clients", "count of aim clients discovered by appid" },
      { "battlefield_flows", "count of battle field flows discovered by appid" },
      { "bgp_flows", "count of bgp flows discovered by appid" },
      { "bit_clients", "count of bittorrent clients discovered by appid" },
      { "bit_flows", "count of bittorrent flows discovered by appid" },
      { "bittracker_clients", "count of bittorrent tracker clients discovered by appid" },
+    { "bootp_flows", "count of bootp flows discovered by appid" },
      { "dcerpc_tcp_flows", "count of dce rpc flows over tcp discovered by appid" },
      { "dcerpc_udp_flows", "count of dce rpc flows over udp discovered by appid" },
+    { "direct_connect_flows", "count of direct connect flows discovered by appid" },    
      { "dns_tcp_flows", "count of dns flows over tcp discovered by appid" },
      { "dns_udp_flows", "count of dns flows over udp discovered by appid" },
      { "ftp_flows", "count of ftp flows discovered by appid" },
@@ -60,10 +63,23 @@ const PegInfo appid_pegs[] =
      { "kerberos_users", "count of kerberos users discovered by appid" },
      { "lpr_flows", "count of lpr service flows discovered by appid" },
      { "mdns_flows", "count of mdns service flows discovered by appid" },
+    { "msn_clients", "count of msn clients discovered by appid" },
      { "mysql_flows", "count of mysql service flows discovered by appid" },
-    { "netbios_flows", "count of netbios service flows discovered by appid" },
+    { "netbios_dgm_flows", "count of netbios-dgm service flows discovered by appid" },
+    { "netbios_ns_flows", "count of netbios-ns service flows discovered by appid" },
+    { "netbios_ssn_flows", "count of netbios-ssn service flows discovered by appid" },
+    { "nntp_flows", "count of nntp flows discovered by appid" },
+    { "ntp_flows", "count of ntp flows discovered by appid" },
      { "pop_flows", "count of pop service flows discovered by appid" },
+    { "radius_flows", "count of radius flows discovered by appid" },
+    { "rexec_flows", "count of rexec flows discovered by appid" },
+    { "rfb_flows", "count of rfb flows discovered by appid" },
+    { "rlogin_flows", "count of rlogin flows discovered by appid" },
+    { "rpc_flows", "count of rpc flows discovered by appid" },
+    { "rshell_flows", "count of rshell flows discovered by appid" },
      { "rsync_flows", "count of rsync service flows discovered by appid" },
+    { "rtmp_flows", "count of rtmp flows discovered by appid" },
+    { "rtp_clients", "count of rtp clients discovered by appid" },
      { "smtp_aol_clients", "count of AOL smtp clients discovered by appid" },
      { "smtp_applemail_clients", "count of Apple Mail smtp clients discovered by appid" },
      { "smtp_eudora_clients", "count of Eudora smtp clients discovered by appid" },
@@ -78,11 +94,17 @@ const PegInfo appid_pegs[] =
      { "smtp_thunderbird_clients", "count of Thunderbird smtp clients discovered by appid" },
      { "smtp_flows", "count of smtp flows discovered by appid" },
      { "smtps_flows", "count of smtps flows discovered by appid" },
+    { "snmp_flows", "count of snmp flows discovered by appid" },
      { "ssh_clients", "count of ssh clients discovered by appid" },
      { "ssh_flows", "count of ssh flows discovered by appid" },
      { "ssl_flows", "count of ssl flows discovered by appid" },
      { "telnet_flows", "count of telnet flows discovered by appid" },
+    { "tftp_flows", "count of tftp flows discovered by appid" },
      { "timbuktu_flows", "count of timbuktu flows discovered by appid" },
+    { "tns_clients", "count of tns clients discovered by appid" },
+    { "tns_flows", "count of tns flows discovered by appid" },
+    { "vnc_clients", "count of vnc clients discovered by appid" },
+    { "yahoo_messenger_clients", "count of Yahoo Messenger clients discovered by appid" },
      { nullptr, nullptr }
  };
  
diff --git a/src/network_inspectors/appid/appid_module.h b/src/network_inspectors/appid/appid_module.h

index 8a72f84264964134197d1b85c9d49f66ff6d8268..7c3df0265cd34ef8fe12f971df1aeb8489ccd7e5 100644 (file)
--- a/src/network_inspectors/appid/appid_module.h
+++ b/src/network_inspectors/appid/appid_module.h
@@ -36,13 +36,16 @@ struct AppIdStats
      PegCount packets;
      PegCount processed_packets;
      PegCount ignored_packets;
+    PegCount aim_clients;
      PegCount battlefield_flows;
      PegCount bgp_flows;
      PegCount bit_clients;
      PegCount bit_flows;
      PegCount bittracker_clients;
+    PegCount bootp_flows;
      PegCount dcerpc_tcp_flows;
      PegCount dcerpc_udp_flows;
+    PegCount direct_connect_flows;
      PegCount dns_tcp_flows;
      PegCount dns_udp_flows;
      PegCount ftp_flows;
@@ -55,10 +58,23 @@ struct AppIdStats
      PegCount kerberos_users;
      PegCount lpr_flows;
      PegCount mdns_flows;
+    PegCount msn_clients;
      PegCount mysql_flows;
-    PegCount netbios_flows;
+    PegCount netbios_dgm_flows;
+    PegCount netbios_ns_flows;
+    PegCount netbios_ssn_flows;
+    PegCount nntp_flows;
+    PegCount ntp_flows;
      PegCount pop_flows;
+    PegCount radius_flows;
+    PegCount rexec_flows;
+    PegCount rfb_flows;
+    PegCount rlogin_flows;
+    PegCount rpc_flows;
+    PegCount rshell_flows;
      PegCount rsync_flows;
+    PegCount rtmp_flows;
+    PegCount rtp_clients;
      PegCount smtp_aol_clients;
      PegCount smtp_applemail_clients;
      PegCount smtp_eudora_clients;
@@ -73,11 +89,17 @@ struct AppIdStats
      PegCount smtp_thunderbird_clients;
      PegCount smtp_flows;
      PegCount smtps_flows;
+    PegCount snmp_flows;
      PegCount ssh_clients;
      PegCount ssh_flows;
      PegCount ssl_flows;
      PegCount telnet_flows;
+    PegCount tftp_flows;
      PegCount timbuktu_flows;
+    PegCount tns_clients;
+    PegCount tns_flows;
+    PegCount vnc_clients;
+    PegCount yahoo_messenger_clients;
  };
  
  extern THREAD_LOCAL AppIdStats appid_stats;
diff --git a/src/network_inspectors/appid/client_plugins/client_app_aim.cc b/src/network_inspectors/appid/client_plugins/client_app_aim.cc

index c3fb87bcc68fa95d99e8fb6dfb72b119ceadf6d7..9519705d7c33d58dfd343240173dfa2515098504 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_aim.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_aim.cc
@@ -32,6 +32,7 @@
  
  #include "app_info_table.h"
  #include "application_ids.h"
+#include "appid_module.h"
  
  #pragma pack(1)
  
@@ -302,6 +303,7 @@ static CLIENT_APP_RETCODE aim_validate( const uint8_t* const data, uint16_t size
                  aim_client_mod.api->add_app(
                      flowp, APP_ID_AOL_INSTANT_MESSENGER,
                      APP_ID_AOL_INSTANT_MESSENGER, version);
+                appid_stats.aim_clients++;
              }
          }
      }
diff --git a/src/network_inspectors/appid/client_plugins/client_app_msn.cc b/src/network_inspectors/appid/client_plugins/client_app_msn.cc

index fe23bef2cbf5ea0041ef66c252de320d2425c8d2..bf4167b90722202f93bff018e3332889ecfcb882 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_msn.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_msn.cc
@@ -23,6 +23,7 @@
  #include "main/snort_debug.h"
  #include "app_info_table.h"
  #include "application_ids.h"
+#include "appid_module.h"
  
  #define MAX_VERSION_SIZE 64
  
@@ -53,7 +54,7 @@ static const uint8_t MSMSGS[] = "MSMSGS";
  
  static Client_App_Pattern patterns[] =
  {
-    { VER,     sizeof(VER)-1,      0, APP_ID_MSN },
+    { VER,     sizeof(VER)-1,     -1, APP_ID_MSN },
      { CVRMAIN, sizeof(CVRMAIN)-1, -1, APP_ID_MSN },
      { MSNMSGR, sizeof(MSNMSGR)-1, -1, APP_ID_MSN_MESSENGER },
      { MACMSGS, sizeof(MACMSGS)-1, -1, APP_ID_MSN_MESSENGER },
@@ -195,6 +196,7 @@ static CLIENT_APP_RETCODE msn_validate(const uint8_t* data, uint16_t size, const
  done:
      msn_client_mod.api->add_app(flowp, APP_ID_MSN_MESSENGER, product_id, (char*)version);
      flowp->setAppIdFlag(APPID_SESSION_CLIENT_DETECTED);
+    appid_stats.msn_clients++;
      return CLIENT_APP_SUCCESS;
  }
  
diff --git a/src/network_inspectors/appid/client_plugins/client_app_rtp.cc b/src/network_inspectors/appid/client_plugins/client_app_rtp.cc

index 90fc0d289f43a121d654e11f4848de9034d221f4..8a83e9de8abaa4f9fdbca0b18f72a5b0c90a0b58 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_rtp.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_rtp.cc
@@ -26,6 +26,7 @@
  
  #include "application_ids.h"
  #include "client_app_api.h"
+#include "appid_module.h"
  
  enum RTPState
  {
@@ -111,118 +112,118 @@ struct Client_App_Pattern
  
  static Client_App_Pattern patterns[] =
  {
-    { (const uint8_t*)"\x000\x000", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x001", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x002", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x003", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x004", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x005", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x006", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x007", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x008", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x009", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x00a", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x00b", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x00c", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x00d", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x00e", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x00f", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x010", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x011", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x012", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x013", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x019", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x01a", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x01b", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x01c", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x01f", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x020", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x021", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x022", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x080", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x081", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x082", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x083", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x084", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x085", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x086", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x087", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x088", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x089", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x08a", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x08b", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x08c", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x08d", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x08e", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x08f", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x090", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x091", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x092", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x093", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x099", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x09a", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x09b", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x09c", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x09f", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x0a0", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x0a1", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x000\x0a2", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x000", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x001", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x002", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x003", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x004", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x005", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x006", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x007", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x008", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x009", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x00a", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x00b", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x00c", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x00d", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x00e", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x00f", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x010", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x011", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x012", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x013", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x019", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x01a", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x01b", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x01c", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x01f", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x020", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x021", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x022", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x080", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x081", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x082", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x083", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x084", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x085", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x086", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x087", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x088", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x089", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x08a", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x08b", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x08c", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x08d", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x08e", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x08f", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x090", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x091", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x092", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x093", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x099", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x09a", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x09b", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x09c", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x09f", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x0a0", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x0a1", 2, 0, APP_ID_RTP },
-    { (const uint8_t*)"\x080\x0a2", 2, 0, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x000", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x001", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x002", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x003", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x004", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x005", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x006", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x007", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x008", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x009", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x00a", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x00b", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x00c", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x00d", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x00e", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x00f", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x010", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x011", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x012", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x013", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x019", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x01a", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x01b", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x01c", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x01f", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x020", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x021", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x022", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x080", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x081", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x082", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x083", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x084", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x085", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x086", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x087", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x088", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x089", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x08a", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x08b", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x08c", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x08d", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x08e", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x08f", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x090", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x091", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x092", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x093", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x099", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x09a", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x09b", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x09c", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x09f", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x0a0", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x0a1", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x000\x0a2", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x000", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x001", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x002", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x003", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x004", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x005", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x006", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x007", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x008", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x009", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x00a", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x00b", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x00c", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x00d", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x00e", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x00f", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x010", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x011", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x012", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x013", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x019", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x01a", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x01b", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x01c", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x01f", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x020", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x021", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x022", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x080", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x081", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x082", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x083", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x084", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x085", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x086", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x087", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x088", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x089", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x08a", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x08b", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x08c", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x08d", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x08e", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x08f", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x090", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x091", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x092", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x093", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x099", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x09a", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x09b", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x09c", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x09f", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x0a0", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x0a1", 2, -1, APP_ID_RTP },
+    { (const uint8_t*)"\x080\x0a2", 2, -1, APP_ID_RTP },
  };
  
  static AppRegistryEntry appIdRegistry[] =
@@ -353,6 +354,7 @@ static CLIENT_APP_RETCODE rtp_validate(const uint8_t* data, uint16_t size, const
  
      rtp_client_mod.api->add_app(flowp, APP_ID_RTP, APP_ID_RTP, nullptr);
      flowp->setAppIdFlag(APPID_SESSION_CLIENT_DETECTED);
+    appid_stats.rtp_clients++;
      return CLIENT_APP_SUCCESS;
  }
  
diff --git a/src/network_inspectors/appid/client_plugins/client_app_tns.cc b/src/network_inspectors/appid/client_plugins/client_app_tns.cc

index 2def02df3eae9b6bb0200e9898fb277bb23768e8..b2e625506e658521763015aaade12583b4dbd09d 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_tns.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_tns.cc
@@ -27,6 +27,7 @@
  #include "app_info_table.h"
  #include "application_ids.h"
  #include "client_app_api.h"
+#include "appid_module.h"
  
  static const char TNS_BANNER[] = "\000\000";
  #define TNS_BANNER_LEN (sizeof(TNS_BANNER)-1)
@@ -158,7 +159,7 @@ struct Client_App_Pattern
  
  static Client_App_Pattern patterns[] =
  {
-    { (const uint8_t*)TNS_BANNER, sizeof(TNS_BANNER)-1, 2, APP_ID_ORACLE_DATABASE },
+    { (const uint8_t*)TNS_BANNER, sizeof(TNS_BANNER)-1, -1, APP_ID_ORACLE_DATABASE },
  };
  
  static AppRegistryEntry appIdRegistry[] =
@@ -431,6 +432,7 @@ done:
          tns_client_mod.api->add_user(flowp, username, APP_ID_ORACLE_DATABASE, 1);
      }
      flowp->setAppIdFlag(APPID_SESSION_CLIENT_DETECTED);
+    appid_stats.tns_clients++;
      return CLIENT_APP_SUCCESS;
  }
  
diff --git a/src/network_inspectors/appid/client_plugins/client_app_vnc.cc b/src/network_inspectors/appid/client_plugins/client_app_vnc.cc

index e680a50ad167b4628608ffb34614ec7626d5e364..cc32082eee2790fd39b5d8e4df2a75d835562bae 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_vnc.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_vnc.cc
@@ -27,6 +27,7 @@
  #include "app_info_table.h"
  #include "application_ids.h"
  #include "client_app_api.h"
+#include "appid_module.h"
  
  static const char VNC_BANNER[] = "RFB ";
  static const char VNC_BANNER2[] = ".";
@@ -84,7 +85,7 @@ struct Client_App_Pattern
  
  static Client_App_Pattern patterns[] =
  {
-    { (const uint8_t*)VNC_BANNER,  sizeof(VNC_BANNER)-1,  0, APP_ID_VNC },
+    { (const uint8_t*)VNC_BANNER,  sizeof(VNC_BANNER)-1, -1, APP_ID_VNC },
      { (const uint8_t*)VNC_BANNER2, sizeof(VNC_BANNER2)-1, 7, APP_ID_VNC },
  };
  
@@ -198,6 +199,7 @@ inprocess:
  done:
      vnc_client_mod.api->add_app(flowp, APP_ID_VNC_RFB, APP_ID_VNC, (const char*)fd->version);
      flowp->setAppIdFlag(APPID_SESSION_CLIENT_DETECTED);
+    appid_stats.vnc_clients++;
      return CLIENT_APP_SUCCESS;
  }
  
diff --git a/src/network_inspectors/appid/client_plugins/client_app_ym.cc b/src/network_inspectors/appid/client_plugins/client_app_ym.cc

index ff9dbe740248b6c065d2bd788b9b0f0edbeade0f..508a4471626d4c3f58f48e113b0970d3e6f1006e 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/client_app_ym.cc
+++ b/src/network_inspectors/appid/client_plugins/client_app_ym.cc
@@ -28,6 +28,7 @@
  #include "app_info_table.h"
  #include "application_ids.h"
  #include "client_app_api.h"
+#include "appid_module.h"
  
  struct YM_CLIENT_APP_CONFIG
  {
@@ -70,7 +71,7 @@ static const uint8_t APP_YMSG[] = "YMSG";
  
  static Client_App_Pattern patterns[] =
  {
-    { APP_YMSG, sizeof(APP_YMSG)-1, 0, APP_ID_YAHOO_MSG },
+    { APP_YMSG, sizeof(APP_YMSG)-1, -1, APP_ID_YAHOO_MSG },
  };
  
  static AppRegistryEntry appIdRegistry[] =
@@ -222,6 +223,7 @@ static CLIENT_APP_RETCODE ym_validate(const uint8_t* data, uint16_t size, const
  done:
      ym_client_mod.api->add_app(flowp, APP_ID_YAHOO, product_id, (char*)version);
      flowp->setAppIdFlag(APPID_SESSION_CLIENT_DETECTED);
+    appid_stats.yahoo_messenger_clients++;
      return CLIENT_APP_SUCCESS;
  }
  
diff --git a/src/network_inspectors/appid/service_plugins/service_bootp.cc b/src/network_inspectors/appid/service_plugins/service_bootp.cc

index d703683e96ad1461074a06d825ddd33689998493..11d2d6a0f67ed58375785b73b4d2de5531586b97 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_bootp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_bootp.cc
@@ -24,6 +24,7 @@
  #include "protocols/eth.h"
  #include "app_info_table.h"
  #include "application_ids.h"
+#include "appid_module.h"
  
  #define DHCP_MAGIC_COOKIE 0x63825363
  
@@ -310,6 +311,7 @@ success:
          flowp->setAppIdFlag(APPID_SESSION_CONTINUE);
          bootp_service_mod.api->add_service(flowp, args->pkt, args->dir, &svc_element,
              APP_ID_DHCP, nullptr, nullptr, nullptr);
+        appid_stats.bootp_flows++;
      }
      return SERVICE_SUCCESS;
  
diff --git a/src/network_inspectors/appid/service_plugins/service_direct_connect.cc b/src/network_inspectors/appid/service_plugins/service_direct_connect.cc

index aaeb84d8fe718d50702e050813fa51cef3955e7a..2288f69a759b413166cbeb1f07a5f104057b2056 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_direct_connect.cc
+++ b/src/network_inspectors/appid/service_plugins/service_direct_connect.cc
@@ -25,6 +25,8 @@
  #include "main/snort_debug.h"
  #include "utils/util.h"
  
+#include "appid_module.h"
+
  enum CONNECTION_STATES
  {
      CONN_STATE_INIT,
@@ -262,6 +264,7 @@ success:
  
      directconnect_service_mod.api->add_service(flowp, pkt, dir, &svc_element,
          APP_ID_DIRECT_CONNECT, nullptr, nullptr, nullptr);
+    appid_stats.direct_connect_flows++;
      return SERVICE_SUCCESS;
  
  fail:
@@ -314,6 +317,7 @@ success:
  reportSuccess:
      directconnect_service_mod.api->add_service(flowp, pkt, dir, &svc_element,
          APP_ID_DIRECT_CONNECT, nullptr, nullptr, nullptr);
+    appid_stats.direct_connect_flows++;
      return SERVICE_SUCCESS;
  
  fail:
diff --git a/src/network_inspectors/appid/service_plugins/service_netbios.cc b/src/network_inspectors/appid/service_plugins/service_netbios.cc

index 1b35736d17307dc3973177abd2e50e245681796a..4b657f39ceaa986a6d8908382811a25a2a5a552e 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_netbios.cc
+++ b/src/network_inspectors/appid/service_plugins/service_netbios.cc
@@ -611,7 +611,7 @@ static int nbns_validate(ServiceValidationArgs* args)
  success:
      netbios_service_mod.api->add_service(flowp, args->pkt, dir, &nbns_svc_element,
          APP_ID_NETBIOS_NS, nullptr, nullptr, nullptr);
-    appid_stats.netbios_flows++;
+    appid_stats.netbios_ns_flows++;
      return SERVICE_SUCCESS;
  
  inprocess:
@@ -1065,7 +1065,7 @@ static int nbss_validate(ServiceValidationArgs* args)
          {
              netbios_service_mod.api->add_misc(flowp, nd->miscAppId);
          }
-        appid_stats.netbios_flows++;
+        appid_stats.netbios_ssn_flows++;
      }
      return SERVICE_SUCCESS;
  
@@ -1228,7 +1228,7 @@ success:
              {
                  netbios_service_mod.api->add_misc(flowp, miscAppId);
              }
-            appid_stats.netbios_flows++;
+            appid_stats.netbios_dgm_flows++;
          }
      }
      return SERVICE_SUCCESS;
diff --git a/src/network_inspectors/appid/service_plugins/service_nntp.cc b/src/network_inspectors/appid/service_plugins/service_nntp.cc

index 07a8cc986731f33a0e19215dc6fc113f44de5581..87303333e93fd6bd6305d29587657db23e56d9cb 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_nntp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_nntp.cc
@@ -25,6 +25,7 @@
  #include "utils/util.h"
  
  #include "appid_session.h"
+#include "appid_module.h"
  #include "application_ids.h"
  #include "service_api.h"
  
@@ -380,6 +381,7 @@ inprocess:
  success:
      nntp_service_mod.api->add_service(flowp, args->pkt, args->dir, &svc_element,
          APP_ID_NNTP, nullptr, nullptr, nullptr);
+    appid_stats.nntp_flows++;
      return SERVICE_SUCCESS;
  
  fail:
diff --git a/src/network_inspectors/appid/service_plugins/service_ntp.cc b/src/network_inspectors/appid/service_plugins/service_ntp.cc

index 427fba10a3d589b3fcf1a99f6355f919874f1689..ed20da310b1d8f2064f0123344020b7bb5a86f48 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_ntp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ntp.cc
@@ -24,6 +24,7 @@
  #include "main/snort_debug.h"
  
  #include "appid_session.h"
+#include "appid_module.h"
  #include "application_ids.h"
  #include "service_api.h"
  
@@ -164,6 +165,7 @@ static int ntp_validate(ServiceValidationArgs* args)
  
      ntp_service_mod.api->add_service(flowp, args->pkt, args->dir, &svc_element,
          APP_ID_NTP, nullptr, nullptr, nullptr);
+    appid_stats.ntp_flows++;
      return SERVICE_SUCCESS;
  
  inprocess:
diff --git a/src/network_inspectors/appid/service_plugins/service_radius.cc b/src/network_inspectors/appid/service_plugins/service_radius.cc

index 86ec577993da96fee25df6d7ee58511e39b414e1..9b68b3dc83d2cae25c107012eb8aa0f80d068fd8 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_radius.cc
+++ b/src/network_inspectors/appid/service_plugins/service_radius.cc
@@ -28,6 +28,7 @@
  #include "appid_session.h"
  #include "application_ids.h"
  #include "service_api.h"
+#include "appid_module.h"
  
  #define RADIUS_CODE_ACCESS_REQUEST       1
  #define RADIUS_CODE_ACCESS_ACCEPT        2
@@ -223,6 +224,7 @@ inprocess:
  success:
      radius_service_mod.api->add_service(flowp, args->pkt, dir, &svc_element,
          APP_ID_RADIUS, nullptr, nullptr, nullptr);
+    appid_stats.radius_flows++;
      return SERVICE_SUCCESS;
  
  not_compatible:
@@ -325,6 +327,7 @@ inprocess:
  success:
      radius_service_mod.api->add_service(flowp, args->pkt, dir, &acct_svc_element,
          APP_ID_RADIUS_ACCT, nullptr, nullptr, nullptr);
+    appid_stats.radius_flows++;
      return SERVICE_SUCCESS;
  
  not_compatible:
diff --git a/src/network_inspectors/appid/service_plugins/service_rexec.cc b/src/network_inspectors/appid/service_plugins/service_rexec.cc

index 35b9b7afb2ff5ff961c16eea88bab37fed4a820d..6fa2db0bcfb275987124f8e632b5c969736216c3 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rexec.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rexec.cc
@@ -36,6 +36,7 @@
  #include "appid_api.h"
  #include "app_info_table.h"
  #include "appid_session.h"
+#include "appid_module.h"
  #include "application_ids.h"
  #include "service_api.h"
  #include "service_base.h"
@@ -328,6 +329,7 @@ success:
      {
          rexec_service_mod.api->add_service(flowp, pkt, dir, &svc_element,
              APP_ID_EXEC, nullptr, nullptr, nullptr);
+        appid_stats.rexec_flows++;
      }
      return SERVICE_SUCCESS;
  
diff --git a/src/network_inspectors/appid/service_plugins/service_rfb.cc b/src/network_inspectors/appid/service_plugins/service_rfb.cc

index 11d06997e25e6deac36aef21d5dbde2ae7473e59..efb4c56d746dcf351004bd818e4be0da72aa3b56 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rfb.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rfb.cc
@@ -24,6 +24,7 @@
  #include "service_api.h"
  #include "app_info_table.h"
  #include "application_ids.h"
+#include "appid_module.h"
  
  #include "main/snort_debug.h"
  
@@ -129,6 +130,7 @@ static int rfb_validate(ServiceValidationArgs* args)
      *v = 0;
      rfb_service_mod.api->add_service(flowp, args->pkt, args->dir, &svc_element,
          APP_ID_VNC_RFB, nullptr, version, nullptr);
+    appid_stats.rfb_flows++;
      return SERVICE_SUCCESS;
  
  inprocess:
diff --git a/src/network_inspectors/appid/service_plugins/service_rlogin.cc b/src/network_inspectors/appid/service_plugins/service_rlogin.cc

index b467beab755d60326908377b01e05379fd36f383..9abded9beea43ad3007eb401f523d27994d3ad8c 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rlogin.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rlogin.cc
@@ -23,6 +23,7 @@
  
  #include "service_api.h"
  #include "application_ids.h"
+#include "appid_module.h"
  
  #include "main/snort_debug.h"
  #include "protocols/tcp.h"
@@ -165,6 +166,7 @@ inprocess:
  success:
      rlogin_service_mod.api->add_service(flowp, pkt, args->dir, &svc_element,
          APP_ID_RLOGIN, nullptr, nullptr, nullptr);
+    appid_stats.rlogin_flows++;
      return SERVICE_SUCCESS;
  
  fail:
diff --git a/src/network_inspectors/appid/service_plugins/service_rpc.cc b/src/network_inspectors/appid/service_plugins/service_rpc.cc

index 0f8d25d1753438874de34608ae792a5e9f1bb33a..8e83b8496a1759f7b8199ca9eb0144bc95db0e1c 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rpc.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rpc.cc
@@ -41,6 +41,7 @@
  #include "application_ids.h"
  #include "target_based/snort_protocols.h"
  #include "utils/util.h"
+#include "appid_module.h"
  
  /*#define RNA_DEBUG_RPC   1 */
  
@@ -543,8 +544,9 @@ done:
              }
              else
                  subtype = nullptr;
-            rpc_service_mod.api->add_service(flowp, pkt, dir, &svc_element,
-                APP_ID_SUN_RPC, nullptr, nullptr, subtype);
+                rpc_service_mod.api->add_service(flowp, pkt, dir, &svc_element,
+                    APP_ID_SUN_RPC, nullptr, nullptr, subtype);
+                appid_stats.rpc_flows++;
          }
          flowp->setAppIdFlag(APPID_SESSION_CONTINUE);
          return SERVICE_SUCCESS;
@@ -911,8 +913,9 @@ inprocess:
              }
              else
                  subtype = nullptr;
-            rpc_service_mod.api->add_service(flowp, pkt, dir, &tcp_svc_element,
-                APP_ID_SUN_RPC, nullptr, nullptr, subtype);
+                rpc_service_mod.api->add_service(flowp, pkt, dir, &tcp_svc_element,
+                    APP_ID_SUN_RPC, nullptr, nullptr, subtype);
+                appid_stats.rpc_flows++;
          }
          flowp->setAppIdFlag(APPID_SESSION_CONTINUE);
          return SERVICE_SUCCESS;
diff --git a/src/network_inspectors/appid/service_plugins/service_rshell.cc b/src/network_inspectors/appid/service_plugins/service_rshell.cc

index 6a57a9bce562daac529a713774f499a1dcfe7796..2ac18582bc0131fb6a9f03d41cb27d7e0fb456c3 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rshell.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rshell.cc
@@ -25,6 +25,7 @@
  #include "service_api.h"
  #include "service_base.h"
  #include "app_info_table.h"
+#include "appid_module.h"
  
  #include "log/messages.h"
  #include "main/snort_debug.h"
@@ -330,6 +331,7 @@ inprocess:
  success:
      rshell_service_mod.api->add_service(flowp, pkt, dir, &svc_element,
          APP_ID_SHELL, nullptr, nullptr, nullptr);
+    appid_stats.rshell_flows++;
      return SERVICE_SUCCESS;
  
  bail:
diff --git a/src/network_inspectors/appid/service_plugins/service_rtmp.cc b/src/network_inspectors/appid/service_plugins/service_rtmp.cc

index 2beb7bfc35f30beb6fc6b69b3cfd895fa4fa1b9a..e91be8ff442be8a75665bad5f9469d683ff2ddb7 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_rtmp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_rtmp.cc
@@ -24,6 +24,7 @@
  #include "application_ids.h"
  #include "service_api.h"
  #include "app_info_table.h"
+#include "appid_module.h"
  
  #include "log/messages.h"
  #include "main/snort_debug.h"
@@ -702,6 +703,7 @@ success:
      }
      rtmp_service_mod.api->add_service(flowp, args->pkt, dir, &svc_element,
          APP_ID_RTMP, nullptr, nullptr, nullptr);
+    appid_stats.rtmp_flows++;
      return SERVICE_SUCCESS;
  }
  
diff --git a/src/network_inspectors/appid/service_plugins/service_snmp.cc b/src/network_inspectors/appid/service_plugins/service_snmp.cc

index 8dd44c1f48abc94ec9d593392b7e39dc1432c57d..681162205b7b4e1f08e7120db16054dc547319ac 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_snmp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_snmp.cc
@@ -26,6 +26,7 @@
  #include "utils/util.h"
  
  #include "appid_api.h"
+#include "appid_module.h"
  #include "app_info_table.h"
  #include "service_base.h"
  #include "application_ids.h"
@@ -614,6 +615,7 @@ success:
      snmp_service_mod.api->add_service(flowp, pkt, dir, &svc_element,
          APP_ID_SNMP,
          SNMP_VENDOR_STR, version_str, nullptr);
+    appid_stats.snmp_flows++;
      return SERVICE_SUCCESS;
  
  bail:
diff --git a/src/network_inspectors/appid/service_plugins/service_tftp.cc b/src/network_inspectors/appid/service_plugins/service_tftp.cc

index 1500fd8328c592d6942fdb52b4da24aca16d9bf9..893d1f78c66b1216f400dac6998551f428ffb547 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_tftp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_tftp.cc
@@ -34,6 +34,7 @@
  #include "app_info_table.h"
  #include "appid_api.h"
  #include "appid_session.h"
+#include "appid_module.h"
  #include "application_ids.h"
  #include "service_api.h"
  #include "service_base.h"
@@ -367,6 +368,7 @@ success:
          LogMessage("AppIdDbg %s tftp success\n", app_id_debug_session);
      tftp_service_mod.api->add_service(flowp, pkt, dir, &svc_element,
          APP_ID_TFTP, nullptr, nullptr, nullptr);
+    appid_stats.tftp_flows++;
      return SERVICE_SUCCESS;
  
  bail:
diff --git a/src/network_inspectors/appid/service_plugins/service_tns.cc b/src/network_inspectors/appid/service_plugins/service_tns.cc

index d66776281a3535e27360a9cd9dea99095d7bd3c9..75243a3f561e00e47e2d207a775adbba2cd7ee78 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_tns.cc
+++ b/src/network_inspectors/appid/service_plugins/service_tns.cc
@@ -21,6 +21,7 @@
  
  #include "app_info_table.h"
  #include "appid_session.h"
+#include "appid_module.h"
  #include "application_ids.h"
  #include "service_api.h"
  
@@ -307,6 +308,7 @@ inprocess:
  success:
      tns_service_mod.api->add_service(flowp, args->pkt, args->dir, &svc_element, APP_ID_ORACLE_TNS,
          nullptr, ss->version ? ss->version : nullptr, nullptr);
+    appid_stats.tns_flows++;
      return SERVICE_SUCCESS;
  
  fail:
author	Hui Cao (huica) <huica@cisco.com>
	Wed, 12 Oct 2016 17:29:53 +0000 (13:29 -0400)
committer	Hui Cao (huica) <huica@cisco.com>
	Wed, 12 Oct 2016 17:29:53 +0000 (13:29 -0400)
src/network_inspectors/appid/appid_module.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_module.h		patch \| blob \| blame \| history
src/network_inspectors/appid/client_plugins/client_app_aim.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/client_plugins/client_app_msn.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/client_plugins/client_app_rtp.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/client_plugins/client_app_tns.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/client_plugins/client_app_vnc.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/client_plugins/client_app_ym.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_bootp.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_direct_connect.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_netbios.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_nntp.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_ntp.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_radius.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_rexec.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_rfb.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_rlogin.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_rpc.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_rshell.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_rtmp.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_snmp.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_tftp.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_tns.cc		patch \| blob \| blame \| history