appid_http_event_handler.cc
appid_http_event_handler.h
ips_appid_option.cc
- length_app_cache.cc
length_app_cache.h
lua_detector_api.cc
lua_detector_api.h
ParseWarning(WARN_PLUGINS, "appid: no entry in %s for %d", APP_MAPPING_FILE, appId);
}
-void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path)
+void AppInfoManager::load_appid_config(OdpContext& odp_ctxt, const char* path)
{
char buf[MAX_TABLE_LINE_LEN];
unsigned line = 0;
}
else
{
- config->max_tp_flow_depth = max_tp_flow_depth;
+ odp_ctxt.max_tp_flow_depth = max_tp_flow_depth;
}
}
else if (!(strcasecmp(conf_key, "host_port_app_cache_lookup_interval")))
}
else
{
- config->host_port_app_cache_lookup_interval = host_port_app_cache_lookup_interval;
+ odp_ctxt.host_port_app_cache_lookup_interval = host_port_app_cache_lookup_interval;
}
}
else if (!(strcasecmp(conf_key, "host_port_app_cache_lookup_range")))
}
else
{
- config->host_port_app_cache_lookup_range = host_port_app_cache_lookup_range;
+ odp_ctxt.host_port_app_cache_lookup_range = host_port_app_cache_lookup_range;
}
}
else if (!(strcasecmp(conf_key, "is_host_port_app_cache_runtime")))
{
if (!(strcasecmp(conf_val, "enabled")))
{
- config->is_host_port_app_cache_runtime = true;
+ odp_ctxt.is_host_port_app_cache_runtime = true;
}
}
else if (!(strcasecmp(conf_key, "check_host_port_app_cache")))
{
if (!(strcasecmp(conf_val, "enabled")))
{
- config->check_host_port_app_cache = true;
+ odp_ctxt.check_host_port_app_cache = true;
}
}
else if (!(strcasecmp(conf_key, "check_host_cache_unknown_ssl")))
{
if (!(strcasecmp(conf_val, "enabled")))
{
- config->check_host_cache_unknown_ssl = true;
+ odp_ctxt.check_host_cache_unknown_ssl = true;
}
}
else if (!(strcasecmp(conf_key, "allow_port_wildcard_host_cache")))
{
if (!(strcasecmp(conf_val, "enabled")))
{
- config->allow_port_wildcard_host_cache = true;
+ odp_ctxt.allow_port_wildcard_host_cache = true;
}
}
else if (!(strcasecmp(conf_key, "recheck_for_portservice_appid")))
{
if (!(strcasecmp(conf_val, "enabled")))
{
- config->recheck_for_portservice_appid = true;
+ odp_ctxt.recheck_for_portservice_appid = true;
}
}
else if (!(strcasecmp(conf_key, "bittorrent_aggressiveness")))
LogMessage("AppId: bittorrent_aggressiveness %d\n", aggressiveness);
if (aggressiveness >= 50)
{
- config->host_port_app_cache_lookup_interval = 5;
- config->recheck_for_portservice_appid = true;
+ odp_ctxt.host_port_app_cache_lookup_interval = 5;
+ odp_ctxt.recheck_for_portservice_appid = true;
set_app_info_flags(APP_ID_BITTORRENT, APPINFO_FLAG_DEFER);
set_app_info_flags(APP_ID_BITTORRENT, APPINFO_FLAG_DEFER_PAYLOAD);
- config->max_tp_flow_depth = 25;
- LogMessage("AppId: host_port_app_cache_lookup_interval %d\n", config->host_port_app_cache_lookup_interval);
+ odp_ctxt.max_tp_flow_depth = 25;
+ LogMessage("AppId: host_port_app_cache_lookup_interval %d\n", odp_ctxt.host_port_app_cache_lookup_interval);
LogMessage("AppId: recheck_for_portservice_appid enabled\n");
LogMessage("AppId: defer_to_thirdparty %d\n", APP_ID_BITTORRENT);
LogMessage("AppId: defer_payload_to_thirdparty %d\n", APP_ID_BITTORRENT);
- LogMessage("AppId: max_tp_flow_depth %d\n", config->max_tp_flow_depth);
+ LogMessage("AppId: max_tp_flow_depth %d\n", odp_ctxt.max_tp_flow_depth);
}
if (aggressiveness >= 80)
{
- config->allow_port_wildcard_host_cache = true;
+ odp_ctxt.allow_port_wildcard_host_cache = true;
LogMessage("AppId: allow_port_wildcard_host_cache enabled\n");
}
}
LogMessage("AppId: ultrasurf_aggressiveness %d\n", aggressiveness);
if (aggressiveness >= 50)
{
- config->check_host_cache_unknown_ssl = true;
+ odp_ctxt.check_host_cache_unknown_ssl = true;
set_app_info_flags(APP_ID_ULTRASURF, APPINFO_FLAG_DEFER);
set_app_info_flags(APP_ID_ULTRASURF, APPINFO_FLAG_DEFER_PAYLOAD);
- config->max_tp_flow_depth = 25;
+ odp_ctxt.max_tp_flow_depth = 25;
LogMessage("AppId: check_host_cache_unknown_ssl enabled\n");
LogMessage("AppId: defer_to_thirdparty %d\n", APP_ID_ULTRASURF);
LogMessage("AppId: defer_payload_to_thirdparty %d\n", APP_ID_ULTRASURF);
- LogMessage("AppId: max_tp_flow_depth %d\n", config->max_tp_flow_depth);
+ LogMessage("AppId: max_tp_flow_depth %d\n", odp_ctxt.max_tp_flow_depth);
}
if (aggressiveness >= 80)
{
- config->allow_port_wildcard_host_cache = true;
+ odp_ctxt.allow_port_wildcard_host_cache = true;
LogMessage("AppId: allow_port_wildcard_host_cache enabled\n");
}
}
LogMessage("AppId: psiphon_aggressiveness %d\n", aggressiveness);
if (aggressiveness >= 50)
{
- config->check_host_cache_unknown_ssl = true;
+ odp_ctxt.check_host_cache_unknown_ssl = true;
set_app_info_flags(APP_ID_PSIPHON, APPINFO_FLAG_DEFER);
set_app_info_flags(APP_ID_PSIPHON, APPINFO_FLAG_DEFER_PAYLOAD);
- config->max_tp_flow_depth = 25;
+ odp_ctxt.max_tp_flow_depth = 25;
LogMessage("AppId: check_host_cache_unknown_ssl enabled\n");
LogMessage("AppId: defer_to_thirdparty %d\n", APP_ID_PSIPHON);
LogMessage("AppId: defer_payload_to_thirdparty %d\n", APP_ID_PSIPHON);
- LogMessage("AppId: max_tp_flow_depth %d\n", config->max_tp_flow_depth);
+ LogMessage("AppId: max_tp_flow_depth %d\n", odp_ctxt.max_tp_flow_depth);
}
if (aggressiveness >= 80)
{
- config->allow_port_wildcard_host_cache = true;
+ odp_ctxt.allow_port_wildcard_host_cache = true;
LogMessage("AppId: allow_port_wildcard_host_cache enabled\n");
}
}
{
if (!(strcasecmp(conf_val, "enabled")))
{
- config->tp_allow_probes = 1;
+ odp_ctxt.tp_allow_probes = 1;
}
}
else if (!(strcasecmp(conf_key, "tp_client_app")))
{
set_app_info_flags(atoi(conf_val), APPINFO_FLAG_SSL_INSPECT);
}
- else if (!(strcasecmp(conf_key, "disable_safe_search")))
- {
- if (!(strcasecmp(conf_val, "disabled")))
- {
- config->safe_search_enabled = false;
- }
- }
else if (!(strcasecmp(conf_key, "ssl_squelch")))
{
set_app_info_flags(atoi(conf_val), APPINFO_FLAG_SSL_SQUELCH);
{
if (!(strcasecmp(conf_val, "disabled")))
{
- config->chp_userid_disabled = true;
+ odp_ctxt.chp_userid_disabled = true;
continue;
}
}
{
if (!(strcasecmp(conf_val, "disabled")))
{
- config->chp_body_collection_disabled = 1;
+ odp_ctxt.chp_body_collection_disabled = 1;
continue;
}
}
{
if (!(strcasecmp(conf_val, "disabled")))
{
- config->ftp_userid_disabled = 1;
+ odp_ctxt.ftp_userid_disabled = 1;
continue;
}
}
{
if (!(strcasecmp(conf_val, "disabled")))
{
- config->referred_appId_disabled = true;
+ odp_ctxt.referred_appId_disabled = true;
continue;
}
- else if (!config->referred_appId_disabled)
+ else if (!odp_ctxt.referred_appId_disabled)
{
char referred_app_list[4096];
int referred_app_index = safe_snprintf(referred_app_list, 4096, "%d ",
}
else if (!(strcasecmp(conf_key, "rtmp_max_packets")))
{
- config->rtmp_max_packets = atoi(conf_val);
+ odp_ctxt.rtmp_max_packets = atoi(conf_val);
}
else if (!(strcasecmp(conf_key, "mdns_user_report")))
{
- config->mdns_user_reporting = atoi(conf_val) ? true : false;
+ odp_ctxt.mdns_user_reporting = atoi(conf_val) ? true : false;
}
else if (!(strcasecmp(conf_key, "dns_host_report")))
{
- config->dns_host_reporting = atoi(conf_val) ? true : false;
+ odp_ctxt.dns_host_reporting = atoi(conf_val) ? true : false;
}
else if (!(strcasecmp(conf_key, "chp_body_max_bytes")))
{
- config->chp_body_collection_max = atoi(conf_val);
+ odp_ctxt.chp_body_collection_max = atoi(conf_val);
}
else if (!(strcasecmp(conf_key, "ignore_thirdparty_appid")))
{
// ports.
if (!(strcasecmp(conf_val, "disabled")))
{
- config->http2_detection_enabled = false;
+ odp_ctxt.http2_detection_enabled = false;
}
else if (!(strcasecmp(conf_val, "enabled")))
{
- config->http2_detection_enabled = true;
+ odp_ctxt.http2_detection_enabled = true;
}
else
{
conf_val);
}
}
+ else
+ ParseWarning(WARN_CONF, "AppId: unsupported configuration: %s\n", conf_key);
}
}
}
void AppInfoManager::init_appid_info_table(AppIdConfig* config,
- SnortConfig* sc)
+ SnortConfig* sc, OdpContext& odp_ctxt)
{
if ( !config->app_detector_dir )
{
snprintf(filepath, sizeof(filepath), "%s/odp/%s", config->app_detector_dir,
APP_CONFIG_FILE);
- load_appid_config (config, filepath);
+ load_appid_config (odp_ctxt, filepath);
snprintf(filepath, sizeof(filepath), "%s/custom/%s", config->app_detector_dir,
USR_CONFIG_FILE);
if (access (filepath, F_OK))
snprintf(filepath, sizeof(filepath), "%s/../%s", config->app_detector_dir,
USR_CONFIG_FILE);
- load_appid_config (config, filepath);
+ load_appid_config (odp_ctxt, filepath);
}
}
class AppIdConfig;
class ClientDetector;
+class OdpContext;
class ServiceDetector;
enum AppInfoFlags
return entry ? entry->priority : 0;
}
- void init_appid_info_table(AppIdConfig*, snort::SnortConfig*);
+ void init_appid_info_table(AppIdConfig*, snort::SnortConfig*, OdpContext& odp_ctxt);
void cleanup_appid_info_table();
void dump_app_info_table();
SnortProtocolId add_appid_protocol_reference(const char* protocol, snort::SnortConfig*);
private:
inline AppInfoManager() = default;
- void load_appid_config(AppIdConfig*, const char* path);
+ void load_appid_config(OdpContext&, const char* path);
AppInfoTableEntry* get_app_info_entry(AppId appId, const AppInfoTable&);
};
using namespace snort;
-#define ODP_PORT_DETECTORS "odp/port/*"
-#define CUSTOM_PORT_DETECTORS "custom/port/*"
-#define MAX_DISPLAY_SIZE 65536
-#define MAX_LINE 2048
-
-using namespace snort;
-
-struct PortList
-{
- PortList* next;
- uint16_t port;
-};
-
SnortProtocolId snortId_for_unsynchronized;
SnortProtocolId snortId_for_ftp_data;
SnortProtocolId snortId_for_http2;
#ifdef ENABLE_APPID_THIRD_PARTY
ThirdPartyAppIdContext* AppIdContext::tp_appid_ctxt = nullptr;
#endif
+OdpContext* AppIdContext::odp_ctxt = nullptr;
static void map_app_names_to_snort_ids(SnortConfig* sc)
{
AppIdContext::app_info_mgr.cleanup_appid_info_table();
}
-void AppIdContext::read_port_detectors(const char* files)
-{
- int rval;
- glob_t globs;
- char pattern[PATH_MAX];
- uint32_t n;
-
- snprintf(pattern, sizeof(pattern), "%s/%s", config->app_detector_dir, files);
-
- memset(&globs, 0, sizeof(globs));
- rval = glob(pattern, 0, nullptr, &globs);
- if (rval != 0 && rval != GLOB_NOMATCH)
- {
- ErrorMessage("Unable to read directory '%s'\n",pattern);
- return;
- }
-
- for (n = 0; n < globs.gl_pathc; n++)
- {
- FILE* file;
- unsigned proto = 0;
- AppId appId = APP_ID_NONE;
- char line[1024];
- PortList* port = nullptr;
- PortList* tmp_port;
-
- if ((file = fopen(globs.gl_pathv[n], "r")) == nullptr)
- {
- ErrorMessage("Unable to read port service '%s'\n",globs.gl_pathv[n]);
- continue;
- }
-
- while (fgets(line, sizeof(line), file))
- {
- char* key, * value, * p;
- size_t len;
-
- len = strlen(line);
- for (; len && (line[len - 1] == '\n' || line[len - 1] == '\r'); len--)
- line[len - 1] = 0;
-
- /* find key/value for lines of the format "key: value\n" */
- if ((value = strchr(line, ':')))
- {
- key = line;
- *value = '\0';
- value++;
- while (*value == ' ')
- value++;
-
- if (strcasecmp(key, "ports") == 0)
- {
- char* context = nullptr;
- char* ptr;
- unsigned long tmp;
-
- for (ptr = strtok_r(value, ",", &context); ptr; ptr = strtok_r(nullptr, ",",
- &context))
- {
- while (*ptr == ' ')
- ptr++;
- len = strlen(ptr);
- for (; len && ptr[len - 1] == ' '; len--)
- ptr[len - 1] = 0;
- tmp = strtoul(ptr, &p, 10);
- if (!*ptr || *p || !tmp || tmp > 65535)
- {
- ErrorMessage("Invalid port, '%s', in lua detector '%s'\n",ptr,
- globs.gl_pathv[n]);
- goto next;
- }
- tmp_port = (PortList*)snort_calloc(sizeof(PortList));
- tmp_port->port = (uint16_t)tmp;
- tmp_port->next = port;
- port = tmp_port;
- }
- }
- else if (strcasecmp(key, "protocol") == 0)
- {
- if (strcasecmp(value, "tcp") == 0)
- proto = 1;
- else if (strcasecmp(value, "udp") == 0)
- proto = 2;
- else if (strcasecmp(value, "tcp/udp") == 0)
- proto = 3;
- else
- {
- ErrorMessage("Invalid protocol, '%s', in port service '%s'\n",value,
- globs.gl_pathv[n]);
- goto next;
- }
- }
- else if (strcasecmp(key, "appId") == 0)
- {
- appId = (AppId)strtoul(value, &p, 10);
- if (!*value || *p || appId <= APP_ID_NONE)
- {
- ErrorMessage("Invalid app ID, '%s', in port service '%s'\n",value,
- globs.gl_pathv[n]);
- goto next;
- }
- }
- }
- }
-
- if (port && proto && appId > APP_ID_NONE)
- {
- while ((tmp_port = port))
- {
- port = tmp_port->next;
- if (proto & 1)
- tcp_port_only[tmp_port->port] = appId;
- if (proto & 2)
- udp_port_only[tmp_port->port] = appId;
-
- snort_free(tmp_port);
- AppIdContext::app_info_mgr.set_app_info_active(appId);
- }
- AppIdContext::app_info_mgr.set_app_info_active(appId);
- }
- else
- ErrorMessage("Missing parameter(s) in port service '%s'\n",globs.gl_pathv[n]);
-
-next: ;
- while ((tmp_port = port))
- {
- port = tmp_port->next;
- snort_free(tmp_port);
- }
- fclose(file);
- }
-
- globfree(&globs);
-}
-
bool AppIdContext::init_appid(SnortConfig* sc)
{
+ // do not reload ODP on reload_config()
+ if (!odp_ctxt)
+ odp_ctxt = new OdpContext();
+
// FIXIT-M: RELOAD - Get rid of "once" flag
// Handle the if condition in AppIdContext::init_appid
static bool once = false;
if (!once)
{
- AppIdContext::app_info_mgr.init_appid_info_table(config, sc);
- HostPortCache::initialize();
+ AppIdContext::app_info_mgr.init_appid_info_table(config, sc, *odp_ctxt);
HttpPatternMatchers* http_matchers = HttpPatternMatchers::get_instance();
AppIdDiscovery::initialize_plugins();
- init_length_app_cache();
LuaDetectorManager::initialize(*this, 1);
PatternServiceDetector::finalize_service_port_patterns();
PatternClientDetector::finalize_client_port_patterns();
http_matchers->finalize_patterns();
ssl_detector_process_patterns();
dns_host_detector_process_patterns();
- read_port_detectors(ODP_PORT_DETECTORS);
- read_port_detectors(CUSTOM_PORT_DETECTORS);
once = true;
}
#ifdef ENABLE_APPID_THIRD_PARTY
// do not reload third party on reload_config()
if (!tp_appid_ctxt)
- tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config);
+ tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config, *odp_ctxt);
#endif
map_app_names_to_snort_ids(sc);
return true;
#ifdef ENABLE_APPID_THIRD_PARTY
void AppIdContext::create_tp_appid_ctxt()
{
- tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config);
+ tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config, *odp_ctxt);
}
#endif
#define APP_ID_CONFIG_H
#include <array>
+#include <map>
#include <string>
-#include "application_ids.h"
#include "framework/decode_data.h"
#include "main/snort_config.h"
#include "protocols/ipv6.h"
#include "tp_appid_module_api.h"
#endif
+#include "application_ids.h"
+#include "host_port_app_cache.h"
+#include "length_app_cache.h"
+
#define APP_ID_PORT_ARRAY_SIZE 65536
class AppIdInspector;
bool debug = false;
bool dump_ports = false;
bool log_all_sessions = false;
+};
- bool safe_search_enabled = true;
+class OdpContext
+{
+public:
bool dns_host_reporting = true;
bool referred_appId_disabled = false;
bool mdns_user_reporting = true;
uint32_t http_response_version_enabled = 0;
bool allow_port_wildcard_host_cache = false;
bool recheck_for_portservice_appid = false;
+
+ HostPortVal* host_port_cache_find(const snort::SfIp* ip, uint16_t port, IpProtocol proto)
+ {
+ return host_port_cache.find(ip, port, proto, *this);
+ }
+
+ bool host_port_cache_add(const snort::SfIp* ip, uint16_t port, IpProtocol proto, unsigned type, AppId appid)
+ {
+ return host_port_cache.add(ip, port, proto, type, appid);
+ }
+
+ AppId length_cache_find(const LengthKey& key)
+ {
+ return length_cache.find(key);
+ }
+
+ bool length_cache_add(const LengthKey& key, AppId val)
+ {
+ return length_cache.add(key, val);
+ }
+
+private:
+ HostPortCache host_port_cache;
+ LengthCache length_cache;
};
class AppIdContext
~AppIdContext() { }
+ OdpContext& get_odp_ctxt() const
+ {
+ return *odp_ctxt;
+ }
+
#ifdef ENABLE_APPID_THIRD_PARTY
ThirdPartyAppIdContext* get_tp_appid_ctxt() const
{ return tp_appid_ctxt; }
AppIdConfig* config = nullptr;
private:
- void read_port_detectors(const char* files);
void display_port_config();
// FIXIT-M: RELOAD - Remove static, once app_info_mgr cleanup is
// removed from AppIdContext::pterm
static AppInfoManager& app_info_mgr;
+ static OdpContext* odp_ctxt;
#ifdef ENABLE_APPID_THIRD_PARTY
static ThirdPartyAppIdContext* tp_appid_ctxt;
#endif
if (!(asd.scan_flags & SCAN_HOST_PORT_FLAG))
check_static = true;
- if ((asd.session_packet_count % asd.ctxt->config->host_port_app_cache_lookup_interval == 0) and
- (asd.session_packet_count <= asd.ctxt->config->host_port_app_cache_lookup_range) and
- asd.ctxt->config->is_host_port_app_cache_runtime )
+ if ((asd.session_packet_count % asd.ctxt->get_odp_ctxt().host_port_app_cache_lookup_interval == 0) and
+ (asd.session_packet_count <= asd.ctxt->get_odp_ctxt().host_port_app_cache_lookup_range) and
+ asd.ctxt->get_odp_ctxt().is_host_port_app_cache_runtime )
check_dynamic = true;
if (!(check_static || check_dynamic))
HostPortVal* hv = nullptr;
if (check_static and
- (hv = HostPortCache::find(ip, port, protocol, *(asd.ctxt))))
+ (hv = asd.ctxt->get_odp_ctxt().host_port_cache_find(ip, port, protocol)))
{
asd.scan_flags |= SCAN_HOST_PORT_FLAG;
switch (hv->type)
auto ht = host_cache.find(*ip);
if (ht)
{
- AppId appid = ht->get_appid(port, protocol, true, asd.ctxt->config->allow_port_wildcard_host_cache);
+ AppId appid = ht->get_appid(port, protocol, true, asd.ctxt->get_odp_ctxt().allow_port_wildcard_host_cache);
if (appid > APP_ID_NONE)
{
// FIXIT-L: Make this more generic to support service and payload IDs
{
bool is_payload_client_misc_none = (payload_id <= APP_ID_NONE and client_id <= APP_ID_NONE and misc_id <= APP_ID_NONE);
bool is_appid_none = is_payload_client_misc_none and (service_id <= APP_ID_NONE or service_id == APP_ID_UNKNOWN_UI or
- (asd.ctxt->config->recheck_for_portservice_appid and service_id == asd.service.get_port_service_id()));
- bool is_ssl_none = asd.ctxt->config->check_host_cache_unknown_ssl and asd.get_session_flags(APPID_SESSION_SSL_SESSION) and
+ (asd.ctxt->get_odp_ctxt().recheck_for_portservice_appid and service_id == asd.service.get_port_service_id()));
+ bool is_ssl_none = asd.ctxt->get_odp_ctxt().check_host_cache_unknown_ssl and asd.get_session_flags(APPID_SESSION_SSL_SESSION) and
(not(asd.tsession and asd.tsession->get_tls_host() and asd.tsession->get_tls_cname()));
- if (is_appid_none or is_ssl_none or asd.ctxt->config->check_host_port_app_cache)
+ if (is_appid_none or is_ssl_none or asd.ctxt->get_odp_ctxt().check_host_port_app_cache)
return true;
return false;
}
asd.length_sequence.sequence_cnt++;
asd.length_sequence.sequence[index].direction = direction;
asd.length_sequence.sequence[index].length = p->dsize;
- AppId id = find_length_app_cache(asd.length_sequence);
+ AppId id = asd.ctxt->get_odp_ctxt().length_cache_find(asd.length_sequence);
if (id > APP_ID_NONE)
{
service_id = id;
int num_found = 0;
cmd.cur_ptype = (HttpFieldIds)i;
AppId ret = http_matchers->scan_chp(cmd, &version, &user, &num_found, this,
- asd.ctxt->config);
+ *asd.ctxt);
total_found += num_found;
if (!ret || num_found < ptype_req_counts[i])
{
static void appid_inspector_pterm()
{
//FIXIT-M: RELOAD - if app_info_table is associated with an object
- HostPortCache::terminate();
appid_forecast_pterm();
- free_length_app_cache();
LuaDetectorManager::terminate();
AppIdDiscovery::release_plugins();
delete HttpPatternMatchers::get_instance();
return true;
}
- if (asd->ctxt->config->check_host_port_app_cache)
+ if (asd->ctxt->get_odp_ctxt().check_host_port_app_cache)
return true;
return false;
goto udp_done;
}
if ((rval = dns_validate_header(args.dir, (const DNSHeader*)args.data,
- args.ctxt->config->dns_host_reporting, args.asd)) != APPID_SUCCESS)
+ args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd)) != APPID_SUCCESS)
{
if (rval == APPID_REVERSED)
{
// To get here, we missed the initial query, got a
// response, and now we've got another query.
rval = validate_packet(args.data, args.size, args.dir,
- args.ctxt->config->dns_host_reporting, args.asd);
+ args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd);
if (rval == APPID_SUCCESS)
goto inprocess;
}
// To get here, we missed the initial query, but now we've got
// a response.
rval = validate_packet(args.data, args.size, args.dir,
- args.ctxt->config->dns_host_reporting, args.asd);
+ args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd);
if (rval == APPID_SUCCESS)
{
args.asd.set_session_flags(APPID_SESSION_UDP_REVERSED);
}
rval = validate_packet(args.data, args.size, args.dir,
- args.ctxt->config->dns_host_reporting, args.asd);
+ args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd);
if ((rval == APPID_SUCCESS) && (args.dir == APP_ID_FROM_INITIATOR))
goto inprocess;
uint16_t size = args.size - sizeof(DNSTCPHeader);
uint16_t tmp = ntohs(hdr->length);
if (tmp < sizeof(DNSHeader) || dns_validate_header(args.dir, (const DNSHeader*)data,
- args.ctxt->config->dns_host_reporting, args.asd))
+ args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd))
{
if (args.dir == APP_ID_FROM_INITIATOR)
goto not_compatible;
if (tmp > size)
goto not_compatible;
rval = validate_packet(data, size, args.dir,
- args.ctxt->config->dns_host_reporting, args.asd);
+ args.ctxt->get_odp_ctxt().dns_host_reporting, args.asd);
if (rval != APPID_SUCCESS)
goto tcp_done;
}
AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor& cmd, char** version, char** user,
- int* total_found, AppIdHttpSession* hsession, const AppIdConfig* config)
+ int* total_found, AppIdHttpSession* hsession, const AppIdContext& ctxt)
{
MatchedCHPAction* insert_sweep2 = nullptr;
bool inhibit_modify = false;
else
cmd.sort_chp_matches();
- if (!config->safe_search_enabled)
- cmd.chp_rewritten[pt] = nullptr;
-
for ( auto& tmp: cmd.chp_matches[pt] )
{
CHPAction* match = (CHPAction*)tmp.mpattern;
hsession->set_skip_simple_detect(true);
break;
case EXTRACT_USER:
- if ( !*user && !config->chp_userid_disabled )
+ if ( !*user && !ctxt.get_odp_ctxt().chp_userid_disabled )
{
extract_chp(cmd.buffer[pt], cmd.length[pt], tmp.start_match_pos, match->psize,
match->action_data, user);
struct Packet;
}
class AppIdHttpSession;
-class AppIdConfig;
+class AppIdContext;
enum httpPatternType
{
void scan_key_chp(ChpMatchDescriptor&);
AppId scan_chp(ChpMatchDescriptor&, char**, char**, int*, AppIdHttpSession*,
- const AppIdConfig*);
+ const AppIdContext&);
AppId scan_header_x_working_with(const char*, uint32_t, char**);
int get_appid_by_pattern(const char*, unsigned, char**);
bool get_appid_from_url(char*, const char*, char**, const char*, AppId*, AppId*,
static const char* my_chp_data = (const char*)"chp_data";
static int total_found;
static AppIdConfig config;
+static AppIdContext ctxt(&config);
+static OdpContext odpctxt;
+OdpContext* AppIdContext::odp_ctxt = &odpctxt;
static AppId service_id = APP_ID_NONE;
static AppId client_id = APP_ID_NONE;
static DetectorHTTPPattern mpattern;
mchp.mpattern = &chpa_test;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.cur_ptype = RSP_BODY_FID;
- config.safe_search_enabled = false;
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdConfig*)&config) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
}
mchp.mpattern = &chpa_test;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.cur_ptype = RSP_BODY_FID;
- config.safe_search_enabled = false;
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdConfig*)&config) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
}
mchp.mpattern = &chpa_test;
mchp.start_match_pos = 0;
cmd_test.cur_ptype = RSP_BODY_FID;
- config.safe_search_enabled = false;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.buffer[RSP_BODY_FID] = (const char*)"userid\n\rpassword";
cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]);
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdConfig*)&config) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
snort_free(user);
user = nullptr;
// testing REWRITE_FIELD
test_find_all_done = false;
cmd_test.cur_ptype = RSP_BODY_FID;
- config.safe_search_enabled = false;
chpa_test.action_data = my_action_data;
chpa_test.appIdInstance = APP_ID_NONE;
chpa_test.action = REWRITE_FIELD;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.buffer[RSP_BODY_FID] = my_chp_data;
cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]);
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdConfig*)&config) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
snort_free(const_cast<char*>(cmd_test.chp_rewritten[RSP_BODY_FID]));
cmd_test.chp_rewritten[RSP_BODY_FID] = nullptr;
// testing INSERT_FIELD without action_data
test_find_all_done = false;
cmd_test.cur_ptype = RSP_BODY_FID;
- config.safe_search_enabled = false;
chpa_test.action_data = nullptr;
chpa_test.appIdInstance = APP_ID_NONE;
chpa_test.action = INSERT_FIELD;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.buffer[RSP_BODY_FID] = my_chp_data;
cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]);
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdConfig*)&config) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
snort_free(const_cast<char*>(cmd_test.chp_rewritten[RSP_BODY_FID]));
cmd_test.chp_rewritten[RSP_BODY_FID] = nullptr;
// testing INSERT_FIELD with action_data
test_find_all_done = false;
cmd_test.cur_ptype = RSP_BODY_FID;
- config.safe_search_enabled = false;
chpa_test.action_data = my_action_data;
chpa_test.appIdInstance = APP_ID_NONE;
chpa_test.action = INSERT_FIELD;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.buffer[RSP_BODY_FID] = my_chp_data;
cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]);
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdConfig*)&config) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
snort_free(const_cast<char*>(cmd_test.chp_rewritten[RSP_BODY_FID]));
cmd_test.chp_rewritten[RSP_BODY_FID] = nullptr;
mchp.mpattern = &chpa_test;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.cur_ptype = RSP_BODY_FID;
- config.safe_search_enabled = false;
chpa_test.psize = 1;
mchp.start_match_pos = 0;
cmd_test.buffer[RSP_BODY_FID] = my_chp_data;
cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]);
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdConfig*)&config) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
// testing FUTURE_APPID_SESSION_SIP (default action)
chpa_test.action = FUTURE_APPID_SESSION_SIP;
mchp.mpattern = &chpa_test;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
- CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdConfig*)&config) == APP_ID_NONE);
+ CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, ctxt) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
}
#include "config.h"
#endif
-#include "host_port_app_cache.h"
-#include "managers/inspector_manager.h"
-#include "appid_inspector.h"
-#include "appid_config.h"
-
#include <map>
-#include <cstring>
+#include "host_port_app_cache.h"
#include "log/messages.h"
#include "main/thread.h"
-#include "sfip/sf_ip.h"
-#include "utils/cpp_macros.h"
+#include "managers/inspector_manager.h"
+#include "appid_config.h"
+#include "appid_inspector.h"
using namespace snort;
-PADDING_GUARD_BEGIN
-struct HostPortKey
-{
- HostPortKey()
- {
- ip.clear();
- port = 0;
- proto = IpProtocol::PROTO_NOT_SET;
- padding = 0;
- }
-
- bool operator<(const HostPortKey& right) const
- {
- return memcmp((const uint8_t*) this, (const uint8_t*) &right, sizeof(*this)) < 0;
- }
-
- SfIp ip;
- uint16_t port;
- IpProtocol proto;
- char padding;
-};
-PADDING_GUARD_END
-
-static std::map<HostPortKey, HostPortVal>* host_port_cache = nullptr;
-
-void HostPortCache::initialize()
-{
- host_port_cache = new std::map<HostPortKey, HostPortVal>;
-}
-
-void HostPortCache::terminate()
-{
- if (host_port_cache)
- {
- host_port_cache->clear();
- delete host_port_cache;
- host_port_cache = nullptr;
- }
-}
-
-HostPortVal* HostPortCache::find(const SfIp* ip, uint16_t port, IpProtocol protocol, AppIdContext& ctxt)
+HostPortVal* HostPortCache::find(const SfIp* ip, uint16_t port, IpProtocol protocol,
+ OdpContext& odp_ctxt)
{
HostPortKey hk;
hk.ip = *ip;
- hk.port = (ctxt.config->allow_port_wildcard_host_cache)? 0 : port;
+ hk.port = (odp_ctxt.allow_port_wildcard_host_cache)? 0 : port;
hk.proto = protocol;
std::map<HostPortKey, HostPortVal>::iterator it;
- it = host_port_cache->find(hk);
- if (it != host_port_cache->end())
+ it = cache.find(hk);
+ if (it != cache.end())
return &it->second;
else
return nullptr;
hk.ip = *ip;
AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
AppIdContext* ctxt = inspector->get_ctxt();
- hk.port = (ctxt->config->allow_port_wildcard_host_cache)? 0 : port;
+ hk.port = (ctxt->get_odp_ctxt().allow_port_wildcard_host_cache)? 0 : port;
hk.proto = proto;
hv.appId = appId;
hv.type = type;
- (*host_port_cache)[ hk ] = hv;
+ cache[ hk ] = hv;
return true;
}
void HostPortCache::dump()
{
- for ( auto& kv : *host_port_cache )
+ for ( auto& kv : cache )
{
char inet_buffer[INET6_ADDRSTRLEN];
#ifndef HOST_PORT_APP_CACHE_H
#define HOST_PORT_APP_CACHE_H
+#include <cstring>
+
#include "application_ids.h"
#include "protocols/protocol_ids.h"
-#include "appid_config.h"
+#include "sfip/sf_ip.h"
+#include "utils/cpp_macros.h"
+
+class OdpContext;
-namespace snort
+PADDING_GUARD_BEGIN
+struct HostPortKey
{
-struct SfIp;
-}
+ HostPortKey()
+ {
+ ip.clear();
+ port = 0;
+ proto = IpProtocol::PROTO_NOT_SET;
+ padding = 0;
+ }
+
+ bool operator<(const HostPortKey& right) const
+ {
+ return memcmp((const uint8_t*) this, (const uint8_t*) &right, sizeof(*this)) < 0;
+ }
+
+ snort::SfIp ip;
+ uint16_t port;
+ IpProtocol proto;
+ char padding;
+};
+PADDING_GUARD_END
struct HostPortVal
{
class HostPortCache
{
public:
- static void initialize();
- static void terminate();
- static HostPortVal* find(const snort::SfIp*, uint16_t port, IpProtocol, AppIdContext&);
- static bool add(const snort::SfIp*, uint16_t port, IpProtocol, unsigned type, AppId);
- static void dump();
+ HostPortVal* find(const snort::SfIp*, uint16_t port, IpProtocol, OdpContext&);
+ bool add(const snort::SfIp*, uint16_t port, IpProtocol, unsigned type, AppId);
+ void dump();
+
+ ~HostPortCache()
+ {
+ cache.clear();
+ }
+
+private:
+ std::map<HostPortKey, HostPortVal> cache;
};
#endif
+++ /dev/null
-//--------------------------------------------------------------------------
-// Copyright (C) 2014-2019 Cisco and/or its affiliates. All rights reserved.
-// Copyright (C) 2005-2013 Sourcefire, Inc.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation. You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-//--------------------------------------------------------------------------
-
-// length_app_cache.cc author Sourcefire Inc.
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "length_app_cache.h"
-
-#include <map>
-
-#include "log/messages.h"
-#include "main/thread.h"
-
-#include "application_ids.h"
-
-using namespace snort;
-
-static std::map<LengthKey, AppId>* length_cache = nullptr;
-
-void init_length_app_cache()
-{
- length_cache = new std::map<LengthKey, AppId>;
-}
-
-void free_length_app_cache()
-{
- delete length_cache;
- length_cache = nullptr;
-}
-
-AppId find_length_app_cache(const LengthKey& key)
-{
- auto entry = length_cache->find(key);
- if (entry == length_cache->end())
- return APP_ID_NONE; /* no match */
- else
- return entry->second; /* match found */
-}
-
-bool add_length_app_cache(const LengthKey& key, AppId val)
-{
- return (length_cache->emplace(key, val)).second == true;
-}
-
#pragma pack()
-void init_length_app_cache();
-void free_length_app_cache();
-AppId find_length_app_cache(const LengthKey&);
-bool add_length_app_cache(const LengthKey&, AppId);
+class LengthCache
+{
+public:
+ AppId find(const LengthKey& key)
+ {
+ auto entry = cache.find(key);
+ if (entry == cache.end())
+ return APP_ID_NONE;
+ else
+ return entry->second;
+ }
+
+ bool add(const LengthKey& key, AppId val)
+ {
+ return (cache.emplace(key, val)).second == true;
+ }
+
+private:
+ std::map<LengthKey, AppId>cache;
+};
#endif
return 0;
}
- if (!HostPortCache::add(&ip_addr, (uint16_t)port, (IpProtocol)proto, type, app_id))
+ if (!ud->get_odp_ctxt().host_port_cache_add(&ip_addr, (uint16_t)port, (IpProtocol)proto, type, app_id))
ErrorMessage("%s:Failed to backend call\n",__func__);
return 0;
str_ptr++;
}
- if ( !add_length_app_cache(length_sequence, appId) )
+ if ( !ud->get_odp_ctxt().length_cache_add(length_sequence, appId) )
{
ErrorMessage("LuaDetectorApi:Could not add entry to cache!");
lua_pushnumber(L, -1);
LuaServiceObject::LuaServiceObject(AppIdDiscovery* sdm, const std::string& detector_name,
- const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L)
+ const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L,
+ OdpContext& odp_ctxt) : LuaObject(odp_ctxt)
{
init_lsd(&lsd, detector_name, L);
}
LuaClientObject::LuaClientObject(AppIdDiscovery* cdm, const std::string& detector_name,
- const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L)
+ const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L,
+ OdpContext& odp_ctxt) : LuaObject(odp_ctxt)
{
init_lsd(&lsd, detector_name, L);
class LuaObject {
public:
- LuaObject() = default;
+ LuaObject(OdpContext& odp_ctxt) : odp_ctxt(odp_ctxt) { }
virtual ~LuaObject() = default;
LuaObject(const LuaObject&) = delete;
LuaObject& operator=(const LuaObject&) = delete;
void set_running(bool is_running)
{ running = is_running; }
+ OdpContext& get_odp_ctxt() const
+ { return odp_ctxt; }
+
private:
std::string cb_fn_name;
bool running = false;
+ OdpContext& odp_ctxt;
};
class LuaServiceObject: public LuaObject
public:
ServiceDetector* sd;
LuaServiceObject(AppIdDiscovery* sdm, const std::string& detector_name,
- const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L);
+ const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L,
+ OdpContext& odp_ctxt);
ServiceDetector* get_detector()
{ return sd; }
};
public:
ClientDetector* cd;
LuaClientObject(AppIdDiscovery* cdm, const std::string& detector_name,
- const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L);
+ const std::string& log_name, bool is_custom, IpProtocol protocol, lua_State* L,
+ OdpContext& odp_ctxt);
ClientDetector* get_detector()
{ return cd; }
};
}
// Leaves 1 value (the Detector userdata) at the top of the stack when succeeds
-static LuaObject* create_lua_detector(lua_State* L, const char* detector_name, bool is_custom, const char* detector_filename)
+LuaObject* LuaDetectorManager::create_lua_detector(const char* detector_name,
+ bool is_custom, const char* detector_filename)
{
std::string log_name;
IpProtocol proto = IpProtocol::PROTO_NOT_SET;
if ( lua_istable(L, -1) )
{
return new LuaClientObject(&ClientDiscovery::get_instance(),
- detector_name, log_name, is_custom, proto, L);
+ detector_name, log_name, is_custom, proto, L, ctxt.get_odp_ctxt());
}
else
{
if ( lua_istable(L, -1) )
{
return new LuaServiceObject(&ServiceDiscovery::get_instance(),
- detector_name, log_name, is_custom, proto, L);
+ detector_name, log_name, is_custom, proto, L, ctxt.get_odp_ctxt());
}
else if (init(L))
ErrorMessage("Error - appid: can not read DetectorPackageInfo field"
return;
}
- LuaObject* lua_object = create_lua_detector(L, detectorName, isCustom, detector_filename);
+ LuaObject* lua_object = create_lua_detector(detectorName, isCustom, detector_filename);
if (lua_object)
allocated_objects.push_front(lua_object);
}
void list_lua_detectors();
void load_detector(char* detectorName, bool isCustom);
void load_lua_detectors(const char* path, bool isCustom);
+ LuaObject* create_lua_detector(const char* detector_name, bool is_custom,
+ const char* detector_filename);
AppIdContext& ctxt;
std::list<LuaObject*> allocated_objects;
}
AppIdDnsSession* dsession = asd.get_dns_session();
- if (asd.service.get_id() == APP_ID_DNS && asd.ctxt->config->dns_host_reporting
+ if (asd.service.get_id() == APP_ID_DNS && asd.ctxt->get_odp_ctxt().dns_host_reporting
&& dsession->get_host())
{
AppId client_id = APP_ID_NONE;
ret_val = validate_reply(args.data, args.size);
if (ret_val == 1)
{
- if (args.ctxt->config->mdns_user_reporting)
+ if (args.ctxt->get_odp_ctxt().mdns_user_reporting)
{
analyze_user(args.asd, args.pkt, args.size);
destroy_match_list();
}
/* Give up if it's taking us too long to figure out this thing. */
- if (args.asd.session_packet_count >= args.asd.ctxt->config->rtmp_max_packets)
+ if (args.asd.session_packet_count >= args.asd.ctxt->get_odp_ctxt().rtmp_max_packets)
{
goto fail;
}
if ( ss->pageUrl )
{
if ( !hsession->get_field(REQ_REFERER_FID) &&
- !args.asd.ctxt->config->referred_appId_disabled )
+ !args.asd.ctxt->get_odp_ctxt().referred_appId_disabled )
hsession->set_field(REQ_REFERER_FID, new std::string(ss->pageUrl), args.change_bits);
snort_free(ss->pageUrl);
AppIdConfig::~AppIdConfig() {}
static AppIdConfig app_config;
static AppIdContext app_ctxt(&app_config);
+static OdpContext odpctxt;
+OdpContext* AppIdContext::odp_ctxt = &odpctxt;
AppId AppIdContext::get_port_service_id(IpProtocol, uint16_t)
{
return APP_ID_NONE;
}
// Stubs for misc items
-HostPortVal* HostPortCache::find(const SfIp*, uint16_t, IpProtocol, AppIdContext&)
+HostPortVal* HostPortCache::find(const SfIp*, uint16_t, IpProtocol, OdpContext&)
{
return nullptr;
}
}
AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor&, char**, char**,
- int*, AppIdHttpSession*, const AppIdConfig*)
+ int*, AppIdHttpSession*, const AppIdContext&)
{
return 0;
}
AppIdSession* mock_session = nullptr;
AppIdSessionApi* appid_session_api = nullptr;
+static OdpContext odpctxt;
+OdpContext* AppIdContext::odp_ctxt = &odpctxt;
TEST_GROUP(appid_session_api)
{
// 4th if in is_appid_inspecting_session
mock_session->set_tp_app_id(APP_ID_NONE);
- mock_session->ctxt->config->check_host_port_app_cache = true;
+ mock_session->ctxt->get_odp_ctxt().check_host_port_app_cache = true;
val = appid_session_api->is_appid_inspecting_session();
CHECK_TRUE(val);
}
using namespace std;
-TPLibHandler* tph = nullptr;
+static TPLibHandler* tph = nullptr;
+static AppIdConfig config;
+static AppIdContext ctxt(&config);
+static OdpContext odpctxt;
+OdpContext* AppIdContext::odp_ctxt = &odpctxt;
#ifdef ENABLE_APPID_THIRD_PARTY
ThirdPartyAppIdContext* AppIdContext::tp_appid_ctxt = nullptr;
TEST(tp_lib_handler, load_unload)
{
- AppIdConfig config;
config.tp_appid_path="./libtp_mock.so";
config.tp_appid_config="./tp.config";
tph = TPLibHandler::get();
- ThirdPartyAppIdContext* ctxt = TPLibHandler::create_tp_appid_ctxt(config);
- CHECK_TRUE(ctxt != nullptr);
+ ThirdPartyAppIdContext* tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(config, ctxt.get_odp_ctxt());
+ CHECK_TRUE(tp_appid_ctxt != nullptr);
TpAppIdCreateSession asf = tph->tpsession_factory();
- ThirdPartyAppIdSession* tpsession = asf(*ctxt);
+ ThirdPartyAppIdSession* tpsession = asf(*tp_appid_ctxt);
CHECK_TRUE(tpsession != nullptr);
delete tpsession;
- delete ctxt;
+ delete tp_appid_ctxt;
TPLibHandler::pfini();
}
TEST(tp_lib_handler, load_error)
{
// Trigger load error:
- AppIdConfig config;
config.tp_appid_path="nonexistent.so";
TPLibHandler::get();
- ThirdPartyAppIdContext* ctxt = TPLibHandler::create_tp_appid_ctxt(config);
- CHECK_TRUE(ctxt == nullptr);
+ ThirdPartyAppIdContext* tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(config, ctxt.get_odp_ctxt());
+ CHECK_TRUE(tp_appid_ctxt == nullptr);
TPLibHandler::pfini();
}
LogMessage("AppIdDbg %s HTTP response upgrade is %s\n",
appidDebug->get_debug_session(),field->c_str());
- if (asd.ctxt->config->http2_detection_enabled)
+ if (asd.ctxt->get_odp_ctxt().http2_detection_enabled)
{
const std::string* rc = hsession->get_field(MISC_RESP_CODE_FID);
if ( rc && *rc == "101" )
}
}
- if ( !asd.ctxt->config->referred_appId_disabled &&
+ if ( !asd.ctxt->get_odp_ctxt().referred_appId_disabled &&
!hsession->get_field(REQ_REFERER_FID) )
{
if ( ( field=attribute_data.http_request_referer(own) ) != nullptr )
}
if ( hsession->get_field(MISC_URL_FID) || (confidence == 100 &&
- asd.session_packet_count > asd.ctxt->config->rtmp_max_packets) )
+ asd.session_packet_count > asd.ctxt->get_odp_ctxt().rtmp_max_packets) )
{
const std::string* url;
if ( ( url = hsession->get_field(MISC_URL_FID) ) != nullptr )
ThirdPartyAppIDAttributeData& attribute_data)
{
const string* field=0;
- if (!asd.ctxt->config->ftp_userid_disabled &&
+ if (!asd.ctxt->get_odp_ctxt().ftp_userid_disabled &&
(field=attribute_data.ftp_command_user()) != nullptr)
{
asd.client.update_user(APP_ID_FTP_CONTROL, field->c_str());
{
AppIdHttpSession* hsession = asd.get_http_session();
- if ((tpPktCount >= asd.ctxt->config->max_tp_flow_depth) ||
+ if ((tpPktCount >= asd.ctxt->get_odp_ctxt().max_tp_flow_depth) ||
(asd.get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) ==
(APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) &&
hsession->get_field(REQ_URI_FID) &&
/*** Start of third-party processing. ***/
bool isTpAppidDiscoveryDone = false;
- if (p->dsize || asd.ctxt->config->tp_allow_probes)
+ if (p->dsize || asd.ctxt->get_odp_ctxt().tp_allow_probes)
{
//restart inspection by 3rd party
if (!asd.tp_reinspect_by_initiator && (direction == APP_ID_FROM_INITIATOR) &&
if (!asd.is_tp_processing_done())
{
if (protocol != IpProtocol::TCP || (p->packet_flags & PKT_STREAM_ORDER_OK)
- || asd.ctxt->config->tp_allow_probes)
+ || asd.ctxt->get_odp_ctxt().tp_allow_probes)
{
int tp_confidence;
ThirdPartyAppIDAttributeData tp_attribute_data;
return true;
}
-ThirdPartyAppIdContext* TPLibHandler::create_tp_appid_ctxt(const AppIdConfig& config)
+ThirdPartyAppIdContext* TPLibHandler::create_tp_appid_ctxt(const AppIdConfig& config,
+ const OdpContext& odp_ctxt)
{
assert(self != nullptr);
tp_config.tp_appid_config = config.tp_appid_config;
tp_config.tp_appid_stats_enable = config.tp_appid_stats_enable;
tp_config.tp_appid_config_dump = config.tp_appid_config_dump;
- tp_config.chp_body_collection_max = config.chp_body_collection_max;
- tp_config.ftp_userid_disabled = config.ftp_userid_disabled;
+ tp_config.chp_body_collection_max = odp_ctxt.chp_body_collection_max;
+ tp_config.ftp_userid_disabled = odp_ctxt.ftp_userid_disabled;
tp_config.chp_body_collection_disabled =
- config.chp_body_collection_disabled;
- tp_config.tp_allow_probes = config.tp_allow_probes;
- if (config.http2_detection_enabled)
+ odp_ctxt.chp_body_collection_disabled;
+ tp_config.tp_allow_probes = odp_ctxt.tp_allow_probes;
+ if (odp_ctxt.http2_detection_enabled)
tp_config.http_upgrade_reporting_enabled = 1;
else
tp_config.http_upgrade_reporting_enabled = 0;
- tp_config.http_response_version_enabled = config.http_response_version_enabled;
+ tp_config.http_response_version_enabled = odp_ctxt.http_response_version_enabled;
ThirdPartyAppIdContext* tp_appid_ctxt = self->tp_appid_create_ctxt(tp_config);
if (tp_appid_ctxt == nullptr)
#include "tp_appid_session_api.h"
class AppIdConfig;
+class OdpContext;
// This needs to be exported by any third party .so library.
// Must return NULL if it fails to create the object.
return (self = new TPLibHandler());
}
- static ThirdPartyAppIdContext* create_tp_appid_ctxt(const AppIdConfig& config);
+ static ThirdPartyAppIdContext* create_tp_appid_ctxt(const AppIdConfig& config,
+ const OdpContext& odp_ctxt);
static void tfini();
static void pfini();
projects / thirdparty / snort3.git / commitdiff
