flow_key.h
flow_stash.h
ha.h
- flow_stash_keys.h
stash_item.h
)
DetectionEngine::onload(this);
if ( dump_flow_data )
- {
free_flow_data();
- if ( stash )
- stash->reset();
- }
-
clean();
ssn_state.ignore_direction = 0;
void set_mpls_layer_per_dir(Packet*);
Layer get_mpls_layer_per_dir(bool);
void set_service(Packet* pkt, const char* new_service);
-
+ bool get_attr(const std::string& key, int32_t& val);
+ bool get_attr(const std::string& key, std::string& val);
+ void set_attr(const std::string& key, const int32_t& val);
+ void set_attr(const std::string& key, const std::string& val);
// Use this API when the publisher of the attribute allocated memory for it and can give up its
// ownership after the call.
- void set_attr(const int& key, std::string* val)
+ void set_attr(const std::string& key, std::string* val)
{
assert(stash);
stash->store(key, val);
}
- bool get_attr(const int& key, std::string*& val)
- {
- assert(stash);
- return stash->get(key, val);
- }
-
template<typename T>
- bool get_attr(const int& key, T& val)
+ bool get_attr(const std::string& key, T& val)
{
assert(stash);
return stash->get(key, val);
}
template<typename T>
- void set_attr(const int& key, const T& val)
+ void set_attr(const std::string& key, const T& val)
{
assert(stash);
stash->store(key, val);
}
- void remove_attr(const FlowStashKey& key)
- {
- assert(stash);
- stash->remove(key);
- }
-
uint32_t update_session_flags(uint32_t flags)
{ return ssn_state.session_flags = flags; }
void FlowStash::reset()
{
- for (auto& it : container)
+ for(map<string, StashItem*>::iterator it = container.begin(); it != container.end(); ++it)
{
- if (it)
- {
- delete it;
- it = nullptr;
- }
+ delete it->second;
}
+ container.clear();
}
-void FlowStash::remove(const FlowStashKey& key)
-{
- auto& item = container[key];
-
- if (item)
- {
- delete item;
- item = nullptr;
- }
-}
-
-bool FlowStash::get(const int& key, int32_t& val)
+bool FlowStash::get(const string& key, int32_t& val)
{
return get(key, val, STASH_ITEM_TYPE_INT32);
}
-bool FlowStash::get(const int& key, uint32_t& val)
+bool FlowStash::get(const string& key, uint32_t& val)
{
return get(key, val, STASH_ITEM_TYPE_UINT32);
}
-bool FlowStash::get(const int& key, string& val)
+bool FlowStash::get(const string& key, string& val)
{
return get(key, val, STASH_ITEM_TYPE_STRING);
}
-bool FlowStash::get(const int& key, string*& val)
-{
- auto& it = container[key];
-
- if (it)
- {
- assert(it->get_type() == STASH_ITEM_TYPE_STRING);
- it->get_val(val);
- return true;
- }
- return false;
-}
-
-bool FlowStash::get(const int& key, StashGenericObject* &val)
+bool FlowStash::get(const std::string& key, StashGenericObject* &val)
{
return get(key, val, STASH_ITEM_TYPE_GENERIC_OBJECT);
}
-void FlowStash::store(const int& key, int32_t val)
+void FlowStash::store(const string& key, int32_t val)
{
store(key, val, STASH_ITEM_TYPE_INT32);
}
-void FlowStash::store(const int& key, uint32_t val)
+void FlowStash::store(const string& key, uint32_t val)
{
store(key, val, STASH_ITEM_TYPE_UINT32);
}
-void FlowStash::store(const int& key, const string& val)
+void FlowStash::store(const string& key, const string& val)
{
store(key, val, STASH_ITEM_TYPE_STRING);
}
-void FlowStash::store(const int& key, StashGenericObject* val)
+void FlowStash::store(const std::string& key, StashGenericObject* val)
{
store(key, val, STASH_ITEM_TYPE_GENERIC_OBJECT);
}
-void FlowStash::store(const int& key, StashGenericObject* &val, StashItemType type)
+void FlowStash::store(const string& key, StashGenericObject* &val, StashItemType type)
{
#ifdef NDEBUG
UNUSED(type);
#endif
- auto& it = container[key];
- if (it)
- delete it;
+ auto item = new StashItem(val);
+ auto it_and_status = container.emplace(make_pair(key, item));
- it = new StashItem(val);
- assert(it->get_type() == type);
+ if (!it_and_status.second)
+ {
+ StashGenericObject* stored_object;
+ assert(it_and_status.first->second->get_type() == type);
+ it_and_status.first->second->get_val(stored_object);
+ assert(stored_object->get_object_type() == val->get_object_type());
+ delete it_and_status.first->second;
+ it_and_status.first->second = item;
+ }
- StashEvent e(it);
- DataBus::publish(get_key_name(key), e);
+ StashEvent e(item);
+ DataBus::publish(key.c_str(), e);
}
-void FlowStash::store(const int& key, std::string* val)
+void FlowStash::store(const std::string& key, std::string* val)
{
store(key, val, STASH_ITEM_TYPE_STRING);
}
template<typename T>
-bool FlowStash::get(const int& key, T& val, StashItemType type)
+bool FlowStash::get(const string& key, T& val, StashItemType type)
{
#ifdef NDEBUG
UNUSED(type);
#endif
- auto& it = container[key];
+ auto it = container.find(key);
- if (it)
+ if (it != container.end())
{
- assert(it->get_type() == type);
- it->get_val(val);
+ assert(it->second->get_type() == type);
+ it->second->get_val(val);
return true;
}
return false;
}
template<typename T>
-void FlowStash::store(const int& key, T& val, StashItemType type)
+void FlowStash::store(const string& key, T& val, StashItemType type)
{
#ifdef NDEBUG
UNUSED(type);
#endif
- auto& it = container[key];
- if (it)
- delete it;
+ auto item = new StashItem(val);
+ auto it_and_status = container.emplace(make_pair(key, item));
- it = new StashItem(val);
- assert(it->get_type() == type);
+ if (!it_and_status.second)
+ {
+ assert(it_and_status.first->second->get_type() == type);
+ delete it_and_status.first->second;
+ it_and_status.first->second = item;
+ }
- StashEvent e(it);
- DataBus::publish(get_key_name(key), e);
+ StashEvent e(item);
+ DataBus::publish(key.c_str(), e);
}
#ifndef FLOW_STASH_H
#define FLOW_STASH_H
+#include <map>
#include <string>
-#include <vector>
#include "main/snort_types.h"
-#include "flow_stash_keys.h"
#include "stash_item.h"
namespace snort
class SO_PUBLIC FlowStash
{
public:
- FlowStash() : container(STASH_MAX_SIZE, nullptr) { }
~FlowStash();
void reset();
- bool get(const int& key, int32_t& val);
- bool get(const int& key, uint32_t& val);
- bool get(const int& key, std::string& val);
- bool get(const int& key, std::string*& val);
- bool get(const int& key, StashGenericObject* &val);
- void store(const int& key, int32_t val);
- void store(const int& key, uint32_t val);
- void store(const int& key, const std::string& val);
- void store(const int& key, std::string* val);
- void store(const int& key, StashGenericObject* val);
- void remove(const FlowStashKey& key);
+ bool get(const std::string& key, int32_t& val);
+ bool get(const std::string& key, uint32_t& val);
+ bool get(const std::string& key, std::string& val);
+ bool get(const std::string& key, StashGenericObject* &val);
+ void store(const std::string& key, int32_t val);
+ void store(const std::string& key, uint32_t val);
+ void store(const std::string& key, const std::string& val);
+ void store(const std::string& key, std::string* val);
+ void store(const std::string& key, StashGenericObject* val);
private:
- std::vector<StashItem*> container;
+ std::map<std::string, StashItem*> container;
template<typename T>
- bool get(const int& key, T& val, StashItemType type);
+ bool get(const std::string& key, T& val, StashItemType type);
template<typename T>
- void store(const int& key, T& val, StashItemType type);
- void store(const int& key, StashGenericObject* &val, StashItemType type);
+ void store(const std::string& key, T& val, StashItemType type);
+ void store(const std::string& key, StashGenericObject* &val, StashItemType type);
};
}
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2019-2019 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-
-// flow_stash_keys.h author Deepak Ramadass <deramada@cisco.com>
-
-#ifndef FLOW_STASH_KEYS_H
-#define FLOW_STASH_KEYS_H
-
-enum FlowStashKey
-{
- STASH_APPID_SERVICE = 0,
- STASH_APPID_CLIENT,
- STASH_APPID_PAYLOAD,
- STASH_APPID_MISC,
- STASH_APPID_REFERRED,
-
- STASH_HOST,
- STASH_TLS_HOST,
- STASH_URL,
- STASH_USER_AGENT,
- STASH_RESPONSE_CODE,
- STASH_REFERER,
- STASH_XFF,
- STASH_CLIENT_VERSION,
-
- STASH_MAX_SIZE
-};
-
-static const char* FlowStashKeyNames[] =
-{
- "appid-service",
- "appid-client",
- "appid-payload",
- "appid-misc",
- "appid-referred",
- "host",
- "tls-host",
- "url",
- "user-agent",
- "response-code",
- "referer",
- "xff",
- "client-version"
-};
-
-inline const char * get_key_name( int key )
-{
- return FlowStashKeyNames[key];
-}
-#endif
break;
case STASH_ITEM_TYPE_GENERIC_OBJECT:
delete val.generic_obj_val;
- break;
default:
break;
}
void get_val(std::string& str_val) const
{ str_val = *(val.str_val); }
- void get_val(std::string*& str_val) const
- { str_val = val.str_val; }
-
void get_val(StashGenericObject* &obj_val) const
{ obj_val = val.generic_obj_val; }
{
public:
+ static const char* STASH_EVENT;
+
// event we'll be listening to on the DataBus:
// static constexpr char STASH_EVENT[] = "foo.stash.event";
Type get_from_stash(FlowStash& stash)
{
- stash.get(STASH_APPID_SERVICE, value);
+ stash.get(STASH_EVENT, value);
return value;
}
Type value;
};
+template<class Type>
+const char* DBConsumer<Type>::STASH_EVENT = "foo.stash.event";
+
+
// DataBus mock: most functions are stubs, but _subscribe() and _publish()
// are (close to) real.
typedef int32_t value_t;
// DB deletes the subscribers so make c a pointer, not a local object.
- DBConsumer<value_t>* c = new DBConsumer<value_t>("appid-service");
- DataBus::subscribe("appid-service", c);
+ DBConsumer<value_t>* c = new DBConsumer<value_t>("foo");
+ DataBus::subscribe(DBConsumer<value_t>::STASH_EVENT, c);
FlowStash stash;
value_t vin, vout;
// stash/publish 10
vin = 10;
- stash.store(STASH_APPID_SERVICE, vin);
+ stash.store(DBConsumer<value_t>::STASH_EVENT, vin);
vout = c->get_value();
CHECK_EQUAL(vin, vout);
// stash/publish 20, with the same key as before
vin = 20;
- stash.store(STASH_APPID_SERVICE, vin);
+ stash.store(DBConsumer<value_t>::STASH_EVENT, vin);
vout = c->get_value();
CHECK_EQUAL(vin, vout);
// do we get some event that we're not listening to?
value_t before = c->get_value();
- stash.store(STASH_APPID_CLIENT, 30);
+ stash.store("bar.stash.event", 30);
value_t after = c->get_value();
CHECK_EQUAL(before, after);
{
FlowStash stash;
- stash.store(STASH_APPID_SERVICE, 10);
+ stash.store("item_1", 10);
int32_t val;
- CHECK(stash.get(STASH_APPID_SERVICE, val));
+ CHECK(stash.get("item_1", val));
CHECK_EQUAL(val, 10);
}
{
FlowStash stash;
- stash.store(STASH_APPID_SERVICE, 10);
- stash.store(STASH_APPID_SERVICE, 20);
+ stash.store("item_1", 10);
+ stash.store("item_1", 20);
int32_t val;
- CHECK(stash.get(STASH_APPID_SERVICE, val));
+ CHECK(stash.get("item_1", val));
CHECK_EQUAL(val, 20);
}
{
FlowStash stash;
- stash.store(STASH_APPID_SERVICE, 10u);
+ stash.store("item_1", 10u);
uint32_t val;
- CHECK(stash.get(STASH_APPID_SERVICE, val));
+ CHECK(stash.get("item_1", val));
CHECK_EQUAL(val, 10u);
}
{
FlowStash stash;
- stash.store(STASH_APPID_SERVICE, 10u);
- stash.store(STASH_APPID_SERVICE, 20u);
+ stash.store("item_1", 10u);
+ stash.store("item_1", 20u);
uint32_t val;
- CHECK(stash.get(STASH_APPID_SERVICE, val));
+ CHECK(stash.get("item_1", val));
CHECK_EQUAL(val, 20u);
}
{
FlowStash stash;
- stash.store(STASH_HOST, "value_1");
+ stash.store("item_1", "value_1");
string val;
- CHECK(stash.get(STASH_HOST, val));
+ CHECK(stash.get("item_1", val));
STRCMP_EQUAL(val.c_str(), "value_1");
}
{
FlowStash stash;
- stash.store(STASH_HOST, new string("value_1"));
+ stash.store("item_1", new string("value_1"));
string val;
- CHECK(stash.get(STASH_HOST, val));
+ CHECK(stash.get("item_1", val));
STRCMP_EQUAL(val.c_str(), "value_1");
}
{
FlowStash stash;
- stash.store(STASH_HOST, "value_1");
- stash.store(STASH_HOST, new string("value_2"));
+ stash.store("item_1", "value_1");
+ stash.store("item_1", new string("value_2"));
string val;
- CHECK(stash.get(STASH_HOST, val));
+ CHECK(stash.get("item_1", val));
STRCMP_EQUAL(val.c_str(), "value_2");
}
{
FlowStash stash;
- stash.store(STASH_HOST, 10);
+ stash.store("item_1", 10);
int32_t val;
- CHECK_FALSE(stash.get(STASH_URL, val));
+ CHECK_FALSE(stash.get("item_2", val));
}
TEST(stash_tests, new_generic_object)
FlowStash stash;
TestStashObject *test_object = new TestStashObject(111);
- stash.store(STASH_XFF, test_object);
+ stash.store("item_1", test_object);
StashGenericObject *retrieved_object;
- CHECK(stash.get(STASH_XFF, retrieved_object));
+ CHECK(stash.get("item_1", retrieved_object));
POINTERS_EQUAL(test_object, retrieved_object);
CHECK_EQUAL(test_object->get_object_type(), ((TestStashObject*)retrieved_object)->get_object_type());
}
{
FlowStash stash;
TestStashObject *test_object = new TestStashObject(111);
- stash.store(STASH_XFF, test_object);
+ stash.store("item_1", test_object);
TestStashObject *new_test_object = new TestStashObject(111);
- stash.store(STASH_XFF, new_test_object);
+ stash.store("item_1", new_test_object);
StashGenericObject *retrieved_object;
- CHECK(stash.get(STASH_XFF, retrieved_object));
+ CHECK(stash.get("item_1", retrieved_object));
POINTERS_EQUAL(new_test_object, retrieved_object);
}
{
FlowStash stash;
StashGenericObject *retrieved_object;
- CHECK_FALSE(stash.get(STASH_XFF, retrieved_object));
+ CHECK_FALSE(stash.get("item_1", retrieved_object));
}
TEST(stash_tests, mixed_items)
FlowStash stash;
TestStashObject *test_object = new TestStashObject(111);
- stash.store(STASH_APPID_SERVICE, 10);
- stash.store(STASH_HOST, "value_2");
- stash.store(STASH_APPID_CLIENT, 30);
- stash.store(STASH_XFF, test_object);
+ stash.store("item_1", 10);
+ stash.store("item_2", "value_2");
+ stash.store("item_3", 30);
+ stash.store("item_4", test_object);
int32_t int32_val;
string str_val;
- CHECK(stash.get(STASH_APPID_SERVICE, int32_val));
+ CHECK(stash.get("item_1", int32_val));
CHECK_EQUAL(int32_val, 10);
- CHECK(stash.get(STASH_HOST, str_val));
+ CHECK(stash.get("item_2", str_val));
STRCMP_EQUAL(str_val.c_str(), "value_2");
- CHECK(stash.get(STASH_APPID_CLIENT, int32_val));
+ CHECK(stash.get("item_3", int32_val));
CHECK_EQUAL(int32_val, 30);
StashGenericObject *retrieved_object;
- CHECK(stash.get(STASH_XFF, retrieved_object));
+ CHECK(stash.get("item_4", retrieved_object));
POINTERS_EQUAL(test_object, retrieved_object);
CHECK_EQUAL(test_object->get_object_type(), ((TestStashObject*)retrieved_object)->get_object_type());
}
asd.set_application_ids(service_id, asd.pick_client_app_id(), payload_id,
asd.pick_misc_app_id(), change_bits);
- asd.update_flow_attrs(change_bits);
publish_appid_event(change_bits, p->flow);
}
asd->set_application_ids(asd->pick_service_app_id(), asd->pick_client_app_id(),
asd->pick_payload_app_id(), asd->pick_misc_app_id(), change_bits);
}
- asd->update_flow_attrs(change_bits);
+
AppIdDiscovery::publish_appid_event(change_bits, flow);
}
}
}
-void AppIdHttpSession::update_flow_attrs(AppidChangeBits& change_bits)
-{
- if (change_bits[APPID_HOST_BIT])
- {
- if (meta_data[REQ_HOST_FID] and !meta_data[REQ_HOST_FID]->empty())
- asd.flow->set_attr(STASH_HOST, *meta_data[REQ_HOST_FID]);
- else
- asd.flow->remove_attr(STASH_HOST);
- }
-
- if (change_bits[APPID_URL_BIT])
- {
- if (meta_data[MISC_URL_FID] and !meta_data[MISC_URL_FID]->empty())
- asd.flow->set_attr(STASH_URL, *meta_data[MISC_URL_FID]);
- else
- asd.flow->remove_attr(STASH_URL);
- }
-
- if (change_bits[APPID_USERAGENT_BIT])
- {
- if (meta_data[REQ_AGENT_FID] and !meta_data[REQ_AGENT_FID]->empty())
- asd.flow->set_attr(STASH_USER_AGENT, *meta_data[REQ_AGENT_FID]);
- else
- asd.flow->remove_attr(STASH_USER_AGENT);
- }
-
- if (change_bits[APPID_RESPONSE_BIT])
- {
- if (meta_data[MISC_RESP_CODE_FID] and !meta_data[MISC_RESP_CODE_FID]->empty())
- asd.flow->set_attr(STASH_RESPONSE_CODE, *meta_data[MISC_RESP_CODE_FID]);
- else
- asd.flow->remove_attr(STASH_RESPONSE_CODE);
- }
-
- if (change_bits[APPID_REFERER_BIT])
- {
- if (meta_data[REQ_REFERER_FID] and !meta_data[REQ_REFERER_FID]->empty())
- asd.flow->set_attr(STASH_REFERER, *meta_data[REQ_REFERER_FID]);
- else
- asd.flow->remove_attr(STASH_REFERER);
- }
-}
-
int AppIdHttpSession::initial_chp_sweep(ChpMatchDescriptor& cmd)
{
CHPApp* cah = nullptr;
#include <utility>
#include "flow/flow.h"
-#include "flow/flow_stash_keys.h"
#include "pub_sub/appid_events.h"
#include "sfip/sf_ip.h"
{
delete meta_data[id];
meta_data[id] = str;
-
if (str)
- {
set_http_change_bits(change_bits, id);
- }
}
void set_field(HttpFieldIds id, const uint8_t* str, int32_t len, AppidChangeBits& change_bits)
void clear_all_fields();
- void update_flow_attrs(AppidChangeBits& change_bits);
-
protected:
void init_chp_match_descriptor(ChpMatchDescriptor& cmd);
length_sequence.proto = IpProtocol::PROTO_NOT_SET;
length_sequence.sequence_cnt = 0;
memset(length_sequence.sequence, '\0', sizeof(length_sequence.sequence));
+ memset(application_ids, 0, sizeof(application_ids));
appid_stats.total_sessions++;
}
void AppIdSession::set_application_ids(AppId service_id, AppId client_id,
AppId payload_id, AppId misc_id, AppidChangeBits& change_bits)
{
- AppId service, client, payload, misc;
- service = client = payload = misc = APP_ID_NONE;
-
- flow->get_attr(STASH_APPID_SERVICE, service);
- if (service != service_id)
+ if (application_ids[APP_PROTOID_SERVICE] != service_id)
{
- flow->set_attr(STASH_APPID_SERVICE, service_id);
+ application_ids[APP_PROTOID_SERVICE] = service_id;
change_bits.set(APPID_SERVICE_BIT);
}
-
- flow->get_attr(STASH_APPID_CLIENT, client);
- if (client != client_id)
+ if (application_ids[APP_PROTOID_CLIENT] != client_id)
{
- flow->set_attr(STASH_APPID_CLIENT, client_id);
+ application_ids[APP_PROTOID_CLIENT] = client_id;
change_bits.set(APPID_CLIENT_BIT);
}
-
- flow->get_attr(STASH_APPID_PAYLOAD, payload);
- if (payload != payload_id)
+ if (application_ids[APP_PROTOID_PAYLOAD] != payload_id)
{
- flow->set_attr(STASH_APPID_PAYLOAD, payload_id);
+ application_ids[APP_PROTOID_PAYLOAD] = payload_id;
change_bits.set(APPID_PAYLOAD_BIT);
}
-
- flow->get_attr(STASH_APPID_MISC, misc);
- if (misc != misc_id)
+ if (application_ids[APP_PROTOID_MISC] != misc_id)
{
- flow->set_attr(STASH_APPID_MISC, misc_id);
+ application_ids[APP_PROTOID_MISC] = misc_id;
change_bits.set(APPID_MISC_BIT);
}
}
- void AppIdSession::update_flow_attrs(AppidChangeBits& change_bits)
- {
- if (change_bits[APPID_REFERRED_BIT])
- flow->set_attr(STASH_APPID_REFERRED, referred_payload_app_id);
-
- if (change_bits[APPID_TLSHOST_BIT] and tsession and tsession->get_tls_host())
- flow->set_attr(STASH_TLS_HOST, tsession->get_tls_host());
-
- if (change_bits[APPID_VERSION_BIT])
- {
- if (client.get_version())
- flow->set_attr(STASH_CLIENT_VERSION, client.get_version());
- else
- flow->remove_attr(STASH_CLIENT_VERSION);
- }
-
- if (hsession)
- hsession->update_flow_attrs(change_bits);
-}
-
void AppIdSession::get_application_ids(AppId& service_id, AppId& client_id,
AppId& payload_id, AppId& misc_id)
{
- service_id = client_id = payload_id = misc_id = APP_ID_NONE;
- flow->get_attr(STASH_APPID_SERVICE, service_id);
- flow->get_attr(STASH_APPID_CLIENT, client_id);
- flow->get_attr(STASH_APPID_PAYLOAD, payload_id);
- flow->get_attr(STASH_APPID_MISC, misc_id);
+ service_id = application_ids[APP_PROTOID_SERVICE];
+ client_id = application_ids[APP_PROTOID_CLIENT];
+ payload_id = application_ids[APP_PROTOID_PAYLOAD];
+ misc_id = application_ids[APP_PROTOID_MISC];
}
void AppIdSession::get_application_ids(AppId& service_id, AppId& client_id,
AppId& payload_id)
-{
- service_id = client_id = payload_id = APP_ID_NONE;
- flow->get_attr(STASH_APPID_SERVICE, service_id);
- flow->get_attr(STASH_APPID_CLIENT, client_id);
- flow->get_attr(STASH_APPID_PAYLOAD, payload_id);
+{
+ service_id = application_ids[APP_PROTOID_SERVICE];
+ client_id = application_ids[APP_PROTOID_CLIENT];
+ payload_id = application_ids[APP_PROTOID_PAYLOAD];
}
AppId AppIdSession::get_application_ids_service()
{
- AppId service_id = APP_ID_NONE;;
- flow->get_attr(STASH_APPID_SERVICE, service_id);
- return service_id;
+ return application_ids[APP_PROTOID_SERVICE];
}
AppId AppIdSession::get_application_ids_client()
{
- AppId client_id = APP_ID_NONE;;
- flow->get_attr(STASH_APPID_CLIENT, client_id);
- return client_id;
+ return application_ids[APP_PROTOID_CLIENT];
}
AppId AppIdSession::get_application_ids_payload()
{
- AppId payload_id = APP_ID_NONE;;
- flow->get_attr(STASH_APPID_PAYLOAD, payload_id);
- return payload_id;
+ return application_ids[APP_PROTOID_PAYLOAD];
}
AppId AppIdSession::get_application_ids_misc()
{
- AppId misc_id = APP_ID_NONE;;
- flow->get_attr(STASH_APPID_MISC, misc_id);
- return misc_id;
+ return application_ids[APP_PROTOID_MISC];
}
bool AppIdSession::is_ssl_session_decrypted()
#include <string>
#include <unordered_map>
-#include "flow/flow.h"
-#include "flow/flow_stash_keys.h"
#include "pub_sub/appid_events.h"
#include "app_info_table.h"
#include "length_app_cache.h"
#include "service_state.h"
-class AppIdDnsSession;
-class AppIdHttpSession;
class ClientDetector;
class ServiceDetector;
+class AppIdDnsSession;
+class AppIdHttpSession;
class ThirdPartyAppIDSession;
using AppIdFreeFCN = void (*)(void*);
AppId get_application_ids_client();
AppId get_application_ids_payload();
AppId get_application_ids_misc();
- void update_flow_attrs(AppidChangeBits& change_bits);
bool is_ssl_session_decrypted();
void examine_ssl_metadata(snort::Packet*, AppidChangeBits& change_bits);
void delete_session_data();
static THREAD_LOCAL uint32_t appid_flow_data_id;
+ AppId application_ids[APP_PROTOID_MAX];
bool tp_app_id_deferred = false;
bool tp_payload_app_id_deferred = false;
if ( nullptr != app_name_key )
{
string app_name(app_name_key);
- //FIXIT-L: Inbuilt find of the set class does a partial (equivalent) key
- //match. It does not match the complete appid id. Ex: "foo" will be
- //matched with "foo bar"
if ( appid_table.find(app_name) != appid_table.end() )
return true;
}
{
return nullptr;
}
-void AppIdSession::update_flow_attrs(AppidChangeBits&) {}
// Stubs for ServiceDiscovery
void ServiceDiscovery::initialize() {}
return APP_ID_UNKNOWN;
}
-void AppIdHttpSession::update_flow_attrs(AppidChangeBits&) {}
-
TEST_GROUP(appid_discovery_tests)
{
void setup() override
AppIdSession* asd = new AppIdSession(IpProtocol::TCP, nullptr, 21, ins);
Flow* flow = new Flow;
flow->set_flow_data(asd);
- flow->stash = new snort::FlowStash;
p.flow = flow;
asd->config = &my_app_config;
asd->common.initiator_port = 21;
CHECK_EQUAL(databus_publish_called, true);
STRCMP_EQUAL(test_log, "Published change_bits == 0000000001111");
delete asd;
- delete flow->stash;
delete flow;
}
AppIdSession* asd = new AppIdSession(IpProtocol::TCP, nullptr, 21, ins);
Flow* flow = new Flow;
flow->set_flow_data(asd);
- flow->stash = new snort::FlowStash;
p.flow = flow;
asd->config = &my_app_config;
asd->common.initiator_port = 21;
// Detect changes in service, client, payload, and misc appid
CHECK_EQUAL(databus_publish_called, true);
- STRCMP_EQUAL(test_log, "Published change_bits == 0000000001110");
+ STRCMP_EQUAL(test_log, "Published change_bits == 0000000001111");
delete asd;
- delete flow->stash;
delete flow;
}
AppIdModule app_module;
AppIdInspector ins(app_module);
AppIdSession* asd = new AppIdSession(IpProtocol::TCP, nullptr, 21, ins);
- FakeFlow* flow = new FakeFlow;
+ Flow* flow = new Flow;
flow->set_flow_data(asd);
- flow->stash = new snort::FlowStash;
p.flow = flow;
asd->config = &my_app_config;
asd->common.initiator_port = 21;
CHECK_EQUAL(asd->service.get_id(), APP_ID_DNS);
delete asd;
- delete flow->stash;
delete flow;
}
THREAD_LOCAL AppIdDebug* appidDebug = nullptr;
void AppIdDebug::activate(const Flow*, const AppIdSession*, bool) { active = true; }
-//Stubs for AppIdHttpSession
-void AppIdSession::update_flow_attrs(AppidChangeBits&) {}
-
using namespace snort;
namespace snort
return 0;
}
-bool snort::FlowStash::get(const int&, int32_t&) { return true; }
-void snort::FlowStash::store(const int&, const int32_t) { }
-void snort::FlowStash::store(const int&, const std::string&) { }
-void snort::FlowStash::remove(const FlowStashKey&) { }
-snort::FlowStash::~FlowStash() { }
+FlowStash::~FlowStash() { }
#endif
}
void AppIdSession::set_application_ids(AppId service_id, AppId client_id,
- AppId payload_id, AppId misc_id, AppidChangeBits& change_bits)
+ AppId payload_id, AppId misc_id, AppidChangeBits& change_bits)
{
- AppId service, client, payload, misc;
- service = client = payload = misc = APP_ID_NONE;
-
- flow->get_attr(STASH_APPID_SERVICE, service);
- if (service != service_id)
+ if (application_ids[APP_PROTOID_SERVICE] != service_id)
{
- flow->set_attr(STASH_APPID_SERVICE, service_id);
+ application_ids[APP_PROTOID_SERVICE] = service_id;
change_bits.set(APPID_SERVICE_BIT);
}
-
- flow->get_attr(STASH_APPID_CLIENT, client);
- if (client != client_id)
+ if (application_ids[APP_PROTOID_CLIENT] != client_id)
{
- flow->set_attr(STASH_APPID_CLIENT, client_id);
+ application_ids[APP_PROTOID_CLIENT] = client_id;
change_bits.set(APPID_CLIENT_BIT);
}
-
- flow->get_attr(STASH_APPID_PAYLOAD, payload);
- if (payload != payload_id)
+ if (application_ids[APP_PROTOID_PAYLOAD] != payload_id)
{
- flow->set_attr(STASH_APPID_PAYLOAD, payload_id);
+ application_ids[APP_PROTOID_PAYLOAD] = payload_id;
change_bits.set(APPID_PAYLOAD_BIT);
}
-
- flow->get_attr(STASH_APPID_MISC, misc);
- if (misc != misc_id)
+ if (application_ids[APP_PROTOID_MISC] != misc_id)
{
- flow->set_attr(STASH_APPID_MISC, misc_id);
+ application_ids[APP_PROTOID_MISC] = misc_id;
change_bits.set(APPID_MISC_BIT);
}
}
projects / thirdparty / snort3.git / commitdiff
