set (APPID_INCLUDES
appid_api.h
+ appid_app_descriptor.h
appid_dns_session.h
appid_http_session.h
appid_session_api.h
#endif
#include "appid_app_descriptor.h"
+#include "app_info_table.h"
+#include "appid_config.h"
+#include "appid_module.h"
+#include "appid_peg_counts.h"
+#include "appid_types.h"
#include "lua_detector_api.h"
using namespace snort;
+void ApplicationDescriptor::set_id(AppId app_id)
+{
+ if ( my_id != app_id )
+ {
+ my_id = app_id;
+ if ( app_id > APP_ID_NONE )
+ update_stats(app_id);
+ else if ( app_id == APP_ID_UNKNOWN )
+ appid_stats.appid_unknown++;
+ }
+}
+
void ApplicationDescriptor::set_id(const Packet& p, AppIdSession& asd,
AppidSessionDirection dir, AppId app_id, AppidChangeBits& change_bits)
{
}
}
+void ServiceAppDescriptor::update_stats(AppId id)
+{
+ AppIdPegCounts::inc_service_count(id);
+}
+
+void ServiceAppDescriptor::set_port_service_id(AppId id)
+{
+ if ( id != port_service_id )
+ {
+ port_service_id = id;
+ if ( id > APP_ID_NONE )
+ AppIdPegCounts::inc_service_count(id);
+ }
+}
+
+void ServiceAppDescriptor::set_id(AppId app_id, OdpContext& odp_ctxt)
+{
+ if (get_id() != app_id)
+ {
+ ApplicationDescriptor::set_id(app_id);
+ deferred = odp_ctxt.get_app_info_mgr().get_app_info_flags(app_id, APPINFO_FLAG_DEFER);
+ }
+}
+
+void ClientAppDescriptor::update_user(AppId app_id, const char* username)
+{
+ my_username = username;
+
+ if ( my_user_id != app_id )
+ {
+ my_user_id = app_id;
+ if ( app_id > APP_ID_NONE )
+ AppIdPegCounts::inc_user_count(app_id);
+ }
+}
+
+void ClientAppDescriptor::update_stats(AppId id)
+{
+ AppIdPegCounts::inc_client_count(id);
+}
+
+void PayloadAppDescriptor::update_stats(AppId id)
+{
+ AppIdPegCounts::inc_payload_count(id);
+}
#include "protocols/packet.h"
#include "pub_sub/appid_events.h"
-#include "app_info_table.h"
-#include "appid_config.h"
-#include "appid_module.h"
-#include "appid_peg_counts.h"
#include "appid_types.h"
+#include "application_ids.h"
class AppIdDetector;
class AppIdSession;
+class OdpContext;
class ApplicationDescriptor
{
return my_id;
}
- virtual void set_id(AppId app_id)
- {
- if ( my_id != app_id )
- {
- my_id = app_id;
- if ( app_id > APP_ID_NONE )
- update_stats(app_id);
- else if ( app_id == APP_ID_UNKNOWN )
- appid_stats.appid_unknown++;
- }
- }
+ virtual void set_id(AppId app_id);
virtual void set_id(const snort::Packet& p, AppIdSession& asd, AppidSessionDirection dir, AppId app_id, AppidChangeBits& change_bits);
public:
ServiceAppDescriptor() = default;
- void set_id(AppId app_id, OdpContext& odp_ctxt)
- {
- if (get_id() != app_id)
- {
- ApplicationDescriptor::set_id(app_id);
- deferred = odp_ctxt.get_app_info_mgr().get_app_info_flags(app_id, APPINFO_FLAG_DEFER);
- }
- }
+ void set_id(AppId app_id, OdpContext& odp_ctxt);
void reset() override
{
port_service_id = APP_ID_NONE;
}
- void update_stats(AppId id) override
- {
- AppIdPegCounts::inc_service_count(id);
- }
+ void update_stats(AppId id) override;
AppId get_port_service_id() const
{
return port_service_id;
}
- void set_port_service_id(AppId id)
- {
- if ( id != port_service_id )
- {
- port_service_id = id;
- if ( id > APP_ID_NONE )
- AppIdPegCounts::inc_service_count(id);
- }
- }
+ void set_port_service_id(AppId id);
bool get_deferred()
{
my_user_id = APP_ID_NONE;
}
- void update_user(AppId app_id, const char* username)
- {
- if ( my_username != username )
- my_username = username;
-
- if ( my_user_id != app_id )
- {
- my_user_id = app_id;
- if ( app_id > APP_ID_NONE )
- AppIdPegCounts::inc_user_count(app_id);
- }
- }
+ void update_user(AppId app_id, const char* username);
AppId get_user_id() const
{
return my_username.empty() ? nullptr : my_username.c_str();
}
- void update_stats(AppId id) override
- {
- AppIdPegCounts::inc_client_count(id);
- }
+ void update_stats(AppId id) override;
private:
std::string my_username;
ApplicationDescriptor::reset();
}
- void update_stats(AppId id) override
- {
- AppIdPegCounts::inc_payload_count(id);
- }
+ void update_stats(AppId id) override;
};
#endif
const SfIp* ip;
AppIdHttpSession* hsession = asd.get_http_session();
- const TunnelDest* tun_dest = hsession->get_tun_dest();
+ const TunnelDest* tun_dest = nullptr;
+ if (hsession)
+ tun_dest = hsession->get_tun_dest();
if (tun_dest)
{
ip = &(tun_dest->ip);
direction = event_type == REQUEST_EVENT ? APP_ID_FROM_INITIATOR : APP_ID_FROM_RESPONDER;
- AppIdHttpSession* hsession = asd->get_http_session();
+ AppIdHttpSession* hsession = asd->get_http_session(0);
+
+ if (!hsession)
+ hsession = asd->create_http_session();
if (direction == APP_ID_FROM_INITIATOR)
{
#include "pub_sub/appid_events.h"
#include "sfip/sf_ip.h"
+#include "appid_app_descriptor.h"
#include "appid_types.h"
#include "application_ids.h"
class ChpMatchDescriptor;
class HttpPatternMatchers;
-// These values are used in Lua code as raw numbers. Do NOT reassign new values.
-// 0 - 8 (inclusive) : used heavily in CHP code. DO NOT CHANGE.
-// 9 - NUM_METADATA_FIELDS : extra metadata buffers, beyond CHP.
-// NUM_METADATA_FIELDS : must always follow the last metadata FID.
-// NUM_HTTP_FIELDS : number of CHP fields, so always RSP_BODY_FID + 1
-enum HttpFieldIds : uint8_t
-{
- // 0-8: CHP fields. DO NOT CHANGE
-
- // Request-side headers
- REQ_AGENT_FID, // 0
- REQ_HOST_FID, // 1
- REQ_REFERER_FID, // 2
- REQ_URI_FID, // 3
- REQ_COOKIE_FID, // 4
- REQ_BODY_FID, // 5
- // Response-side headers
- RSP_CONTENT_TYPE_FID, // 6
- RSP_LOCATION_FID, // 7
- RSP_BODY_FID, // 8
-
- // extra (non-CHP) metadata fields.
- MISC_VIA_FID, // 9
- MISC_RESP_CODE_FID, // 10
- MISC_SERVER_FID, // 11
- MISC_XWW_FID, // 12
- MISC_URL_FID, // 13
-
- // Total number of metadata fields, always first after actual FIDs.
- NUM_METADATA_FIELDS, // 14
-
- // Number of CHP fields, always 1 past RSP_BODY_FIELD
- NUM_HTTP_FIELDS = MISC_VIA_FID,
- MAX_KEY_PATTERN = REQ_URI_FID, // DO NOT CHANGE, used in CHP
-};
-
#define RESPONSE_CODE_PACKET_THRESHHOLD 0
// These values are used in Lua code as raw numbers. Do NOT reassign new values.
AppIdHttpSession(AppIdSession&);
virtual ~AppIdHttpSession();
+ ClientAppDescriptor client;
+ PayloadAppDescriptor payload;
+ AppId referred_payload_app_id = APP_ID_NONE;
+ AppId misc_app_id = APP_ID_NONE;
int process_http_packet(AppidSessionDirection direction, AppidChangeBits& change_bits,
HttpPatternMatchers& http_matchers);
#include "appid_debug.h"
#include "appid_discovery.h"
#include "appid_http_event_handler.h"
+#include "appid_peg_counts.h"
#include "appid_session.h"
#include "appid_stats.h"
#include "client_plugins/client_discovery.h"
payload.reset();
referred_payload_app_id = tp_payload_app_id = APP_ID_NONE;
clear_session_flags(APPID_SESSION_CONTINUE);
- if (hsession)
- hsession->set_field(MISC_URL_FID, nullptr, change_bits);
+ if (!hsessions.empty())
+ hsessions[0]->set_field(MISC_URL_FID, nullptr, change_bits);
}
//service
AppId referred_payload_id = APP_ID_NONE;
char* version = nullptr;
- if (!hsession)
- hsession = new AppIdHttpSession(*this);
+ if (hsessions.empty())
+ return;
- if (const char* url = hsession->get_cfield(MISC_URL_FID))
+ if (const char* url = hsessions[0]->get_cfield(MISC_URL_FID))
{
HttpPatternMatchers& http_matchers = ctxt.get_odp_ctxt().get_http_matchers();
- const char* referer = hsession->get_cfield(REQ_REFERER_FID);
+ const char* referer = hsessions[0]->get_cfield(REQ_REFERER_FID);
if (((http_matchers.get_appid_from_url(nullptr, url, &version,
referer, &client_id, &service_id, &payload_id,
&referred_payload_id, true, ctxt.get_odp_ctxt())) ||
rna_ss = subtype;
}
- delete hsession;
+ for (auto* hsession: hsessions)
+ delete hsession;
free_tls_session_data();
delete dsession;
}
delete_session_data();
netbios_name = nullptr;
netbios_domain = nullptr;
- hsession = nullptr;
+ hsessions.clear();
tp_payload_app_id = APP_ID_UNKNOWN;
tp_app_id = APP_ID_UNKNOWN;
void AppIdSession::clear_http_data()
{
- if (!hsession)
+ if (hsessions.empty())
return;
- hsession->clear_all_fields();
+ hsessions[0]->clear_all_fields();
}
-AppIdHttpSession* AppIdSession::get_http_session()
+AppIdHttpSession* AppIdSession::create_http_session()
{
- if (!hsession)
- hsession = new AppIdHttpSession(*this);
+ AppIdHttpSession* hsession = new AppIdHttpSession(*this);
+ hsessions.push_back(hsession);
return hsession;
}
+AppIdHttpSession* AppIdSession::get_http_session(uint32_t stream_index)
+{
+ if (stream_index < hsessions.size())
+ return hsessions[stream_index];
+ else
+ return nullptr;
+}
AppIdDnsSession* AppIdSession::get_dns_session()
{
#include "app_info_table.h"
#include "appid_api.h"
#include "appid_app_descriptor.h"
+#include "appid_config.h"
+#include "appid_http_session.h"
#include "appid_types.h"
#include "application_ids.h"
#include "detector_plugins/http_url_patterns.h"
AppId get_application_ids_client();
AppId get_application_ids_payload();
AppId get_application_ids_misc();
+ uint32_t get_hsessions_size()
+ {
+ return hsessions.size();
+ }
bool is_ssl_session_decrypted();
void examine_ssl_metadata(snort::Packet*, AppidChangeBits& change_bits);
void clear_http_data();
void reset_session_data();
- AppIdHttpSession* get_http_session();
+ AppIdHttpSession* create_http_session();
+ AppIdHttpSession* get_http_session(uint32_t stream_index = 0);
AppIdDnsSession* get_dns_session();
bool is_tp_appid_done() const;
}
private:
- AppIdHttpSession* hsession = nullptr;
+ std::vector<AppIdHttpSession*> hsessions;
AppIdDnsSession* dsession = nullptr;
void reinit_session_data(AppidChangeBits& change_bits);
return asd->pick_only_service_app_id();
}
-AppId AppIdSessionApi::get_misc_app_id()
+AppId AppIdSessionApi::get_misc_app_id(uint32_t stream_index)
{
- return asd->get_application_ids_misc();
+ if (asd->is_http2)
+ {
+ if (stream_index >= asd->get_hsessions_size())
+ return APP_ID_UNKNOWN;
+ return asd->get_http_session(stream_index)->misc_app_id;
+ }
+ else
+ return asd->get_application_ids_misc();
}
-AppId AppIdSessionApi::get_client_app_id()
+AppId AppIdSessionApi::get_client_app_id(uint32_t stream_index)
{
- return asd->get_application_ids_client();
+ if (asd->is_http2)
+ {
+ if (stream_index >= asd->get_hsessions_size())
+ return APP_ID_UNKNOWN;
+ return asd->get_http_session(stream_index)->client.get_id();
+ }
+ else
+ return asd->get_application_ids_client();
}
-AppId AppIdSessionApi::get_payload_app_id()
+AppId AppIdSessionApi::get_payload_app_id(uint32_t stream_index)
{
- return asd->get_application_ids_payload();
+ if (asd->is_http2)
+ {
+ if (stream_index >= asd->get_hsessions_size())
+ return APP_ID_UNKNOWN;
+ return asd->get_http_session(stream_index)->payload.get_id();
+ }
+ else
+ return asd->get_application_ids_payload();
}
-AppId AppIdSessionApi::get_referred_app_id()
+AppId AppIdSessionApi::get_referred_app_id(uint32_t stream_index)
{
- return asd->pick_referred_payload_app_id();
+ if (asd->is_http2)
+ {
+ if (stream_index >= asd->get_hsessions_size())
+ return APP_ID_UNKNOWN;
+ return asd->get_http_session(stream_index)->referred_payload_app_id;
+ }
+ else
+ return asd->pick_referred_payload_app_id();
}
void AppIdSessionApi::get_app_id(AppId& service, AppId& client,
- AppId& payload, AppId& misc, AppId& referred)
+ AppId& payload, AppId& misc, AppId& referred, uint32_t stream_index)
{
- asd->get_application_ids(service, client, payload, misc);
- referred = asd->pick_referred_payload_app_id();
+ if (asd->is_http2)
+ {
+ if (stream_index >= asd->get_hsessions_size())
+ service = client = payload = misc = referred = APP_ID_UNKNOWN;
+ else
+ {
+ service = asd->get_application_ids_service();
+ client = asd->get_http_session(stream_index)->client.get_id();
+ payload = asd->get_http_session(stream_index)->payload.get_id();
+ misc = asd->get_http_session(stream_index)->misc_app_id;
+ referred = asd->get_http_session(stream_index)->referred_payload_app_id;
+ }
+ }
+ else
+ {
+ asd->get_application_ids(service, client, payload, misc);
+ referred = asd->pick_referred_payload_app_id();
+ }
}
void AppIdSessionApi::get_app_id(AppId* service, AppId* client,
- AppId* payload, AppId* misc, AppId* referred)
+ AppId* payload, AppId* misc, AppId* referred, uint32_t stream_index)
{
+ if (asd->is_http2)
+ {
+ if (stream_index >= asd->get_hsessions_size())
+ {
+ if(service)
+ *service = APP_ID_UNKNOWN;
+ if(client)
+ *client = APP_ID_UNKNOWN;
+ if(payload)
+ *payload = APP_ID_UNKNOWN;
+ if(misc)
+ *misc = APP_ID_UNKNOWN;
+ if(referred)
+ *referred = APP_ID_UNKNOWN;
+ }
+ else
+ {
+ AppIdHttpSession* hsession = asd->get_http_session(stream_index);
+ if (service)
+ *service = asd->get_application_ids_service();
+ if (client)
+ *client = hsession->client.get_id();
+ if (payload)
+ *payload = hsession->payload.get_id();
+ if (misc)
+ *misc = hsession->misc_app_id;
+ if (referred)
+ *referred = hsession->referred_payload_app_id;
+ }
+ }
if (service)
*service = asd->get_application_ids_service();
if (client)
asd->get_session_flags(APPID_SESSION_NO_TPI)) );
}
-const char* AppIdSessionApi::get_client_version()
+const char* AppIdSessionApi::get_client_version(uint32_t stream_index)
{
- return asd->client.get_version();
+ if (asd->is_http2)
+ {
+ if (stream_index >= asd->get_hsessions_size())
+ return nullptr;
+ return asd->get_http_session(stream_index)->client.get_version();
+ }
+ else
+ return asd->client.get_version();
}
uint64_t AppIdSessionApi::get_appid_session_attribute(uint64_t flags)
return asd->get_dns_session();
}
-AppIdHttpSession* AppIdSessionApi::get_http_session()
+AppIdHttpSession* AppIdSessionApi::get_http_session(uint32_t stream_index)
{
- return asd->get_http_session();
+ return asd->get_http_session(stream_index);
}
bool AppIdSessionApi::is_http_inspection_done()
AppId get_service_app_id();
AppId get_port_service_app_id();
AppId get_only_service_app_id();
- AppId get_misc_app_id();
- AppId get_client_app_id();
- AppId get_payload_app_id();
- AppId get_referred_app_id();
- void get_app_id(AppId& service, AppId& client, AppId& payload, AppId& misc, AppId& referred);
- void get_app_id(AppId* service, AppId* client, AppId* payload, AppId* misc, AppId* referred);
+ AppId get_misc_app_id(uint32_t stream_index = 0);
+ AppId get_client_app_id(uint32_t stream_index = 0);
+ AppId get_payload_app_id(uint32_t stream_index = 0);
+ AppId get_referred_app_id(uint32_t stream_index = 0);
+ void get_app_id(AppId& service, AppId& client, AppId& payload, AppId& misc, AppId& referred, uint32_t stream_index = 0);
+ void get_app_id(AppId* service, AppId* client, AppId* payload, AppId* misc, AppId* referred, uint32_t stream_index = 0);
bool is_ssl_session_decrypted();
bool is_appid_inspecting_session();
bool is_appid_available();
const char* get_user_name(AppId* service, bool* isLoginSuccessful);
- const char* get_client_version();
+ const char* get_client_version(uint32_t stream_index = 0);
uint64_t get_appid_session_attribute(uint64_t flag);
APPID_FLOW_TYPE get_flow_type();
void get_service_info(const char** vendor, const char** version,
SfIp* get_service_ip();
SfIp* get_initiator_ip();
AppIdDnsSession* get_dns_session();
- AppIdHttpSession* get_http_session();
+ AppIdHttpSession* get_http_session(uint32_t stream_index = 0);
char* get_tls_host();
DHCPData* get_dhcp_fp_data();
void free_dhcp_fp_data(DHCPData*);
#ifndef APPID_TYPES_H
#define APPID_TYPES_H
+#include <cstdint>
+// These values are used in Lua code as raw numbers. Do NOT reassign new values.
+// 0 - 8 (inclusive) : used heavily in CHP code. DO NOT CHANGE.
+// 9 - NUM_METADATA_FIELDS : extra metadata buffers, beyond CHP.
+// NUM_METADATA_FIELDS : must always follow the last metadata FID.
+// NUM_HTTP_FIELDS : number of CHP fields, so always RSP_BODY_FID + 1
+enum HttpFieldIds : uint8_t
+{
+ // 0-8: CHP fields. DO NOT CHANGE
+
+ // Request-side headers
+ REQ_AGENT_FID, // 0
+ REQ_HOST_FID, // 1
+ REQ_REFERER_FID, // 2
+ REQ_URI_FID, // 3
+ REQ_COOKIE_FID, // 4
+ REQ_BODY_FID, // 5
+ // Response-side headers
+ RSP_CONTENT_TYPE_FID, // 6
+ RSP_LOCATION_FID, // 7
+ RSP_BODY_FID, // 8
+
+ // extra (non-CHP) metadata fields.
+ MISC_VIA_FID, // 9
+ MISC_RESP_CODE_FID, // 10
+ MISC_SERVER_FID, // 11
+ MISC_XWW_FID, // 12
+ MISC_URL_FID, // 13
+
+ // Total number of metadata fields, always first after actual FIDs.
+ NUM_METADATA_FIELDS, // 14
+
+ // Number of CHP fields, always 1 past RSP_BODY_FIELD
+ NUM_HTTP_FIELDS = MISC_VIA_FID,
+ MAX_KEY_PATTERN = REQ_URI_FID, // DO NOT CHANGE, used in CHP
+};
enum AppidSessionDirection
{
APP_ID_FROM_RESPONDER,
APP_ID_APPID_SESSION_DIRECTION_MAX
};
-
#endif
#ifndef CLIENT_PLUGIN_MOCK_H
#define CLIENT_PLUGIN_MOCK_H
+#include "appid_detector.h"
+#include "appid_module.h"
+#include "appid_peg_counts.h"
+#include "utils/stats.h"
namespace snort
{
// Stubs for messages
int, unsigned){}
int AppIdDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&){return 0;}
void ApplicationDescriptor::set_id(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&){}
+void ApplicationDescriptor::set_id(AppId){}
AppIdDiscovery::AppIdDiscovery() { }
AppIdDiscovery::~AppIdDiscovery() { }
void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
#include "search_engines/search_tool.h"
#include "utils/util.h"
-#include "appid_http_session.h"
+#include "appid_types.h"
#include "appid_utils/sf_mlmp.h"
#include "application_ids.h"
#ifndef DETECTOR_PLUGINS_MOCK_H
#define DETECTOR_PLUGINS_MOCK_H
+#include "appid_detector.h"
+#include "appid_module.h"
+#include "appid_peg_counts.h"
+#include "utils/stats.h"
namespace snort
{
{
return true;
}
-
+void ApplicationDescriptor::set_id(AppId){}
+void ServiceAppDescriptor::set_id(AppId, OdpContext&){}
+void ServiceAppDescriptor::update_stats(AppId){}
+void ClientAppDescriptor::update_user(AppId, const char*){}
+void ClientAppDescriptor::update_stats(AppId) {}
+void PayloadAppDescriptor::update_stats(AppId) {}
void ServiceDiscovery::initialize()
{ }
#include "app_info_table.h"
#include "appid_debug.h"
#include "appid_inspector.h"
+#include "appid_peg_counts.h"
#include "client_plugins/client_discovery.h"
#include "detector_plugins/detector_dns.h"
#include "detector_plugins/detector_pattern.h"
success:
AppIdHttpSession* hsession = args.asd.get_http_session();
+ if (!hsession)
+ hsession = args.asd.create_http_session();
+
if ( ss->swfUrl )
{
if ( !hsession->get_field(MISC_URL_FID) )
#ifndef SERVICE_PLUGIN_MOCK_H
#define SERVICE_PLUGIN_MOCK_H
+#include "appid_detector.h"
+#include "appid_module.h"
+#include "appid_peg_counts.h"
+#include "utils/stats.h"
namespace snort
{
void AppIdDetector::add_user(AppIdSession&, const char*, AppId, bool){}
void AppIdDetector::add_payload(AppIdSession&, AppId){}
void AppIdDetector::add_app(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppId, const char*, AppidChangeBits&){}
+void ApplicationDescriptor::set_id(AppId){}
+void ServiceAppDescriptor::set_id(AppId, OdpContext&){}
+void ServiceAppDescriptor::update_stats(AppId){}
+void ClientAppDescriptor::update_user(AppId, const char*){}
+void ClientAppDescriptor::update_stats(AppId) {}
+void PayloadAppDescriptor::update_stats(AppId) {}
void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool*, int,
const uint8_t* const, unsigned, unsigned){}
void AppIdDiscovery::register_detector(const std::string&, AppIdDetector*, IpProtocol){}
}
};
-TEST(appid_detector_tests, add_info)
-{
- const char* info_url = "https://tools.ietf.org/html/rfc793";
- AppidChangeBits change_bits;
- AppIdDetector* ad = new TestDetector;
- MockAppIdHttpSession* hsession = (MockAppIdHttpSession*)mock_session->get_http_session();
- ad->add_info(*mock_session, info_url, change_bits);
- STRCMP_EQUAL(hsession->get_cfield(MISC_URL_FID), URL);
- hsession->reset();
- ad->add_info(*mock_session, info_url, change_bits);
- STRCMP_EQUAL(mock_session->get_http_session()->get_cfield(MISC_URL_FID), info_url);
- delete ad;
-}
-
TEST(appid_detector_tests, add_user)
{
const char* username = "snorty";
#include "host_tracker/host_cache.h"
#include "network_inspectors/appid/appid_discovery.cc"
+#include "network_inspectors/appid/appid_peg_counts.h"
#include "search_engines/search_tool.h"
#include "utils/sflsq.cc"
SslPatternMatchers::~SslPatternMatchers() { }
void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+void ApplicationDescriptor::set_id(AppId app_id){my_id = app_id;}
+void ServiceAppDescriptor::set_id(AppId app_id, OdpContext& odp_ctxt)
+{
+ set_id(app_id);
+ deferred = odp_ctxt.get_app_info_mgr().get_app_info_flags(app_id, APPINFO_FLAG_DEFER);
+}
+void ServiceAppDescriptor::update_stats(AppId){}
+void ServiceAppDescriptor::set_port_service_id(AppId){}
+void ClientAppDescriptor::update_user(AppId, const char*){}
+void ClientAppDescriptor::update_stats(AppId) {}
+void PayloadAppDescriptor::update_stats(AppId) {}
// Stubs for AppIdModule
AppIdModule::AppIdModule(): Module("appid_mock", "appid_mock_help") {}
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
flow = new Flow;
mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector);
+ mock_session->create_http_session();
flow->set_flow_data(mock_session);
appidDebug = new AppIdDebug();
appidDebug->activate(nullptr, nullptr, 0);
#include "appid_mock_definitions.h"
#include "appid_mock_inspector.h"
#include "appid_mock_flow.h"
+#include "appid_peg_counts.h"
#include "detector_plugins/http_url_patterns.h"
// AppIdSession mock functions
AppIdSession::AppIdSession(IpProtocol, const SfIp*, uint16_t, AppIdInspector& inspector)
: FlowData(inspector_id, &inspector), ctxt(stub_ctxt)
-{
-}
+{}
AppIdSession::~AppIdSession()
-{
-}
+{}
void AppIdSession::set_client_appid_data(AppId, AppidChangeBits&, char*)
{
#ifndef APPID_MOCK_DEFINITIONS_H
#define APPID_MOCK_DEFINITIONS_H
+#include "appid_detector.h"
+#include "appid_module.h"
+#include "appid_peg_counts.h"
#include "service_inspectors/http_inspect/http_msg_header.h"
+#include "utils/stats.h"
class Inspector;
class ThirdPartyAppIdContext;
SearchTool::~SearchTool() { }
}
+void ApplicationDescriptor::set_id(AppId app_id){ my_id = app_id;}
+void ServiceAppDescriptor::set_id(AppId app_id, OdpContext&){ set_id(app_id); }
+void ServiceAppDescriptor::update_stats(AppId){}
+void ServiceAppDescriptor::set_port_service_id(AppId app_id){ port_service_id = app_id;}
+void ClientAppDescriptor::update_user(AppId app_id, const char* username)
+{
+ my_username = username;
+ my_user_id = app_id;
+}
+void ClientAppDescriptor::update_stats(AppId) {}
+void PayloadAppDescriptor::update_stats(AppId) {}
+
AppIdDiscovery::AppIdDiscovery() { }
AppIdDiscovery::~AppIdDiscovery() { }
void ClientDiscovery::initialize() { }
AppIdSession::~AppIdSession()
{
- delete hsession;
+ for (auto* hsession: hsessions)
+ delete hsession;
delete tsession;
delete dsession;
if (netbios_name)
{
return is_session_decrypted;
}
-
-AppIdHttpSession* AppIdSession::get_http_session()
+AppIdHttpSession* AppIdSession::create_http_session()
{
- if ( !hsession )
- hsession = new MockAppIdHttpSession(*this);
+ AppIdHttpSession* hsession = new MockAppIdHttpSession(*this);
+ hsession->client.set_id(APPID_UT_ID);
+ hsession->payload.set_id(APPID_UT_ID);
+ hsession->misc_app_id = APPID_UT_ID;
+ hsession->referred_payload_app_id = APPID_UT_ID;
+ hsessions.push_back(hsession);
return hsession;
}
+AppIdHttpSession* AppIdSession::get_http_session(uint32_t stream_index)
+{
+ if (stream_index < hsessions.size())
+ {
+ return hsessions[stream_index];
+ }
+ return nullptr;
+}
+
AppIdDnsSession* AppIdSession::get_dns_session()
{
if ( !dsession )
TEST(appid_session_api, get_misc_app_id)
{
+ mock_session->is_http2 = false;
AppId id = appid_session_api->get_misc_app_id();
CHECK_EQUAL(id, APPID_UT_ID);
+ mock_session->is_http2 = true;
+ id = appid_session_api->get_client_app_id(0);
+ CHECK_EQUAL(APPID_UT_ID, id);
+ id = appid_session_api->get_client_app_id(3);
+ CHECK_EQUAL(APP_ID_UNKNOWN, id);
}
TEST(appid_session_api, get_client_app_id)
{
+ mock_session->is_http2 = false;
AppId id = appid_session_api->get_client_app_id();
CHECK_EQUAL(id, APPID_UT_ID);
+ mock_session->is_http2 = true;
+ id = appid_session_api->get_client_app_id(0);
+ CHECK_EQUAL(APPID_UT_ID, id);
+ id = appid_session_api->get_client_app_id(3);
+ CHECK_EQUAL(APP_ID_UNKNOWN, id);
}
TEST(appid_session_api, get_payload_app_id)
{
+ mock_session->is_http2 = false;
AppId id = appid_session_api->get_payload_app_id();
CHECK_EQUAL(id, APPID_UT_ID);
+ mock_session->is_http2 = true;
+ id = appid_session_api->get_payload_app_id(0);
+ CHECK_EQUAL(APPID_UT_ID, id);
+ id = appid_session_api->get_payload_app_id(2);
+ CHECK_EQUAL(APP_ID_UNKNOWN, id);
}
TEST(appid_session_api, get_referred_app_id)
{
+ mock_session->is_http2 = false;
AppId id = appid_session_api->get_referred_app_id();
CHECK_EQUAL(id, APPID_UT_ID);
+ mock_session->is_http2 = true;
+ id = appid_session_api->get_payload_app_id(0);
+ CHECK_EQUAL(APPID_UT_ID, id);
+ id = appid_session_api->get_payload_app_id(2);
+ CHECK_EQUAL(APP_ID_UNKNOWN, id);
}
TEST(appid_session_api, get_service_port)
const char* val;
val = appid_session_api->get_client_version();
STRCMP_EQUAL(val, APPID_UT_CLIENT_VERSION);
+ val = appid_session_api->get_client_version(0);
+ STRCMP_EQUAL(APPID_UT_CLIENT_VERSION, val);
+ mock_session->is_http2 = true;
+ val = appid_session_api->get_client_version(2);
+ STRCMP_EQUAL(nullptr, val);
+}
+TEST(appid_session_api, get_http_session)
+{
+ AppIdHttpSession* val;
+ val = appid_session_api->get_http_session();
+ CHECK_TRUE(val != nullptr);
+ val = appid_session_api->get_http_session(2);
+ CHECK_TRUE(val == nullptr);
}
-
TEST(appid_session_api, get_appid_session_attribute)
{
uint64_t flags = 0x0000000000000001;
{
mock_init_appid_pegs();
mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector);
+ mock_session->create_http_session();
int rc = CommandLineTestRunner::RunAllTests(argc, argv);
mock_cleanup_appid_pegs();
return rc;
void AppIdDebug::activate(const Flow*, const AppIdSession*, bool) { active = true; }
void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+void ApplicationDescriptor::set_id(AppId){}
+void ServiceAppDescriptor::set_id(AppId, OdpContext&){}
+void ServiceAppDescriptor::update_stats(AppId){}
+void ServiceAppDescriptor::set_port_service_id(AppId){}
+void ClientAppDescriptor::update_user(AppId, const char*){}
+void ClientAppDescriptor::update_stats(AppId) {}
+void PayloadAppDescriptor::update_stats(AppId) {}
AppIdConfig::~AppIdConfig() { }
AppIdConfig stub_config;
AppIdContext stub_ctxt(stub_config);
static inline void process_http_session(AppIdSession& asd,
ThirdPartyAppIDAttributeData& attribute_data, AppidChangeBits& change_bits)
{
- AppIdHttpSession* hsession = asd.get_http_session();
+ AppIdHttpSession* hsession = asd.get_http_session(0);
+ if (!hsession)
+ hsession = asd.create_http_session();
string* field=0;
bool own=true;
ThirdPartyAppIDAttributeData& attribute_data, int confidence, AppidChangeBits& change_bits)
{
AppIdHttpSession* hsession = asd.get_http_session();
+ if (!hsession)
+ hsession = asd.create_http_session();
AppId service_id = 0;
AppId client_id = 0;
AppId payload_id = 0;
}
AppIdHttpSession* hsession = asd.get_http_session();
+ if (!hsession)
+ hsession = asd.create_http_session();
hsession->process_http_packet(direction, change_bits, asd.ctxt.get_odp_ctxt().get_http_matchers());
// If SSL over HTTP tunnel, make sure Snort knows that it's encrypted.
projects / thirdparty / snort3.git / commitdiff
