]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
projects / thirdparty / snort3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6d788a8)
Pull request #3226: appid: make peg counts consistent with what is reported to extern...
authorShravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Tue, 21 Dec 2021 23:02:59 +0000 (23:02 +0000)
committerShravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Tue, 21 Dec 2021 23:02:59 +0000 (23:02 +0000)
Merge in SNORT/snort3 from ~SHRARANG/snort3:appid_stats to master

Squashed commit of the following:

commit 45601fb546e99d0f26d557408682f94c7c88e157
Author: Shravan Rangaraju <shrarang@cisco.com>
Date:   Fri Dec 10 13:06:57 2021 -0500

    appid: make peg counts consistent with what is reported to external components

18 files changed:
src/network_inspectors/appid/CMakeLists.txt patch | blob | blame | history
src/network_inspectors/appid/appid_app_descriptor.cc patch | blob | blame | history
src/network_inspectors/appid/appid_app_descriptor.h patch | blob | blame | history
src/network_inspectors/appid/appid_http_session.cc patch | blob | blame | history
src/network_inspectors/appid/appid_module.cc patch | blob | blame | history
src/network_inspectors/appid/appid_module.h patch | blob | blame | history
src/network_inspectors/appid/appid_peg_counts.cc patch | blob | blame | history
src/network_inspectors/appid/appid_peg_counts.h patch | blob | blame | history
src/network_inspectors/appid/appid_pegs.h [deleted file] patch | blob | blame | history
src/network_inspectors/appid/appid_session.cc patch | blob | blame | history
src/network_inspectors/appid/appid_session_api.cc patch | blob | blame | history
src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h patch | blob | blame | history
src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h patch | blob | blame | history
src/network_inspectors/appid/service_state.h patch | blob | blame | history
src/network_inspectors/appid/test/appid_discovery_test.cc patch | blob | blame | history
src/network_inspectors/appid/test/appid_http_session_test.cc patch | blob | blame | history
src/network_inspectors/appid/test/appid_mock_definitions.h patch | blob | blame | history
src/network_inspectors/appid/test/service_state_test.cc patch | blob | blame | history

diff --git a/src/network_inspectors/appid/CMakeLists.txt b/src/network_inspectors/appid/CMakeLists.txt
index 2b10e96e548aa1862e8ef671f5625e4606f3d756..c333882d69c2094438706f1e8988e2cb87a7823e 100644 (file)
--- a/src/network_inspectors/appid/CMakeLists.txt
+++ b/src/network_inspectors/appid/CMakeLists.txt
@@ -171,7 +171,6 @@ set ( APPID_SOURCES
     appid_inspector.h
     appid_module.cc
     appid_module.h
-    appid_pegs.h
     appid_ssh_event_handler.cc
     appid_ssh_event_handler.h
     appid_stats.cc
diff --git a/src/network_inspectors/appid/appid_app_descriptor.cc b/src/network_inspectors/appid/appid_app_descriptor.cc
index 5fc81a4ddfd94c4fad674710744d28d1296e84f4..c9e5352f4c7e0e849bd5e5bce2883e35d27a0f19 100644 (file)
--- a/src/network_inspectors/appid/appid_app_descriptor.cc
+++ b/src/network_inspectors/appid/appid_app_descriptor.cc
@@ -21,21 +21,7 @@ using namespace snort;
 void ApplicationDescriptor::set_id(AppId app_id)
 {
     if ( my_id != app_id )
-    {
         my_id = app_id;
-        if ( app_id > APP_ID_NONE )
-            update_stats(app_id);
-        else if ( app_id == APP_ID_UNKNOWN )
-            appid_stats.appid_unknown++;
-        else
-            return; // app_id == APP_ID_NONE
-
-        if ( overwritten_id > APP_ID_NONE )
-        {
-            update_stats(overwritten_id, false);
-            overwritten_id = APP_ID_NONE;
-        }
-    }
 }
 
 void ApplicationDescriptor::set_id(const Packet& p, AppIdSession& asd,
@@ -48,19 +34,10 @@ void ApplicationDescriptor::set_id(const Packet& p, AppIdSession& asd,
     }
 }
 
-void ServiceAppDescriptor::update_stats(AppId id, bool increment)
-{
-    AppIdPegCounts::update_service_count(id, increment);
-}
-
 void ServiceAppDescriptor::set_port_service_id(AppId id)
 {
     if ( id != port_service_id )
-    {
         port_service_id = id;
-        if ( id > APP_ID_NONE )
-            AppIdPegCounts::update_service_count(id, true);
-    }
 }
 
 void ServiceAppDescriptor::set_id(AppId app_id, OdpContext& odp_ctxt)
@@ -90,13 +67,3 @@ void ClientAppDescriptor::update_user(AppId app_id, const char* username, AppidC
         }
     }
 }
-
-void ClientAppDescriptor::update_stats(AppId id, bool increment)
-{
-    AppIdPegCounts::update_client_count(id, increment);
-}
-
-void PayloadAppDescriptor::update_stats(AppId id, bool increment)
-{
-    AppIdPegCounts::update_payload_count(id, increment);
-}
diff --git a/src/network_inspectors/appid/appid_app_descriptor.h b/src/network_inspectors/appid/appid_app_descriptor.h
index 6e19081bda44364353bfc18bd464fb22257f2492..17f0d7df9a60269446142761bdf72f66dfed2bcc 100644 (file)
--- a/src/network_inspectors/appid/appid_app_descriptor.h
+++ b/src/network_inspectors/appid/appid_app_descriptor.h
@@ -59,8 +59,6 @@ public:
         set_version(version);
     }
 
-    virtual void update_stats(AppId id, bool increment = true) = 0;
-
     AppId get_id() const
     {
         return my_id;
@@ -70,11 +68,6 @@ public:
 
     virtual void set_id(const snort::Packet& p, AppIdSession& asd, AppidSessionDirection dir, AppId app_id, AppidChangeBits& change_bits);
 
-    void set_overwritten_id(AppId app_id)
-    {
-        overwritten_id = app_id;
-    }
-
     const char* get_version() const
     {
         return my_version.empty() ? nullptr : my_version.c_str();
@@ -88,7 +81,6 @@ public:
 
 private:
     AppId my_id = APP_ID_NONE;
-    AppId overwritten_id = APP_ID_NONE;
     std::string my_version;
 };
 
@@ -139,8 +131,6 @@ public:
         service_group = DAQ_PKTHDR_UNKNOWN;
     }
 
-    void update_stats(AppId id, bool increment = true) override;
-
     AppId get_port_service_id() const
     {
         return port_service_id;
@@ -253,8 +243,6 @@ public:
         return my_username.empty() ? nullptr : my_username.c_str();
     }
 
-    void update_stats(AppId id, bool increment = true) override;
-
     void set_efp_client_app_id(AppId id)
     {
         efp_client_app_id = id;
@@ -291,8 +279,6 @@ public:
     {
         ApplicationDescriptor::reset();
     }
-
-    void update_stats(AppId id, bool increment = true) override;
 };
 
 #endif
diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc
index dcbc15576652f286a25faf65e89f5ab95cc1e253..094af1d8f431c1b2fc7aeef31acd0499398ba75f 100644 (file)
--- a/src/network_inspectors/appid/appid_http_session.cc
+++ b/src/network_inspectors/appid/appid_http_session.cc
@@ -442,6 +442,9 @@ void AppIdHttpSession::set_client(AppId app_id, AppidChangeBits& change_bits,
     assert(asd.flow);
     if (asd.flow->ha_state)
         asd.flow->ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR);
+    if (asd.get_service_id() == APP_ID_HTTP2)
+        AppIdPegCounts::inc_client_count(app_id);
+
     if (version)
     {
         client.set_version(version);
@@ -467,6 +470,8 @@ void AppIdHttpSession::set_payload(AppId app_id, AppidChangeBits& change_bits,
     assert(asd.flow);
     if (asd.flow->ha_state)
         asd.flow->ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR);
+    if (asd.get_service_id() == APP_ID_HTTP2)
+        AppIdPegCounts::inc_payload_count(app_id);
     payload.set_version(version);
 
     if (appidDebug->is_active())
@@ -487,6 +492,8 @@ void AppIdHttpSession::set_referred_payload(AppId app_id, AppidChangeBits& chang
         return;
 
     referred_payload_app_id = app_id;
+    if (asd.get_service_id() == APP_ID_HTTP2)
+        AppIdPegCounts::inc_referred_count(app_id);
     change_bits.set(APPID_REFERRED_BIT);
 
     if (appidDebug->is_active())
diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc
index dba8ad56193cc1cb01b3ea531ac6925185ecdbe0..b2bc54b67ec662d6cd59e02e8cb48cbe3c51486e 100644 (file)
--- a/src/network_inspectors/appid/appid_module.cc
+++ b/src/network_inspectors/appid/appid_module.cc
@@ -429,7 +429,6 @@ static const PegInfo appid_pegs[] =
     { CountType::SUM, "processed_packets", "count of packets processed" },
     { CountType::SUM, "ignored_packets", "count of packets ignored" },
     { CountType::SUM, "total_sessions", "count of sessions created" },
-    { CountType::SUM, "appid_unknown", "count of sessions where appid could not be determined" },
     { CountType::SUM, "service_cache_prunes", "number of times the service cache was pruned" },
     { CountType::SUM, "service_cache_adds", "number of times an entry was added to the service cache" },
     { CountType::SUM, "service_cache_removes", "number of times an item was removed from the service cache" },
diff --git a/src/network_inspectors/appid/appid_module.h b/src/network_inspectors/appid/appid_module.h
index 4894e8587d73601676a40080fcba8efdf9007ab2..ee31207f4e4eedd59c1453ebb072d568200c80d3 100644 (file)
--- a/src/network_inspectors/appid/appid_module.h
+++ b/src/network_inspectors/appid/appid_module.h
@@ -31,7 +31,7 @@
 #include "main/snort_config.h"
 
 #include "appid_config.h"
-#include "appid_pegs.h"
+#include "appid_peg_counts.h"
 
 namespace snort
 {
diff --git a/src/network_inspectors/appid/appid_peg_counts.cc b/src/network_inspectors/appid/appid_peg_counts.cc
index 99b1acd49c61ead132893d99a97407aee29d3845..7644ded583c73c79c7cf67c0e652a39fbe8447dc 100644 (file)
--- a/src/network_inspectors/appid/appid_peg_counts.cc
+++ b/src/network_inspectors/appid/appid_peg_counts.cc
@@ -67,6 +67,12 @@ void AppIdPegCounts::cleanup_dynamic_sum()
         memset((*appid_peg_counts)[app_num].stats, 0, sizeof(PegCount) *
             DetectorPegs::NUM_APPID_DETECTOR_PEGS);
     }
+
+    // reset unknown_app stats
+    memset(appid_dynamic_sum[SF_APPID_MAX].stats, 0, sizeof(PegCount) *
+        DetectorPegs::NUM_APPID_DETECTOR_PEGS);
+    memset((*appid_peg_counts)[appid_peg_counts->size() - 1].stats, 0, sizeof(PegCount) *
+        DetectorPegs::NUM_APPID_DETECTOR_PEGS);
 }
 
 void AppIdPegCounts::add_app_peg_info(std::string app_name, AppId app_id)
@@ -96,28 +102,19 @@ void AppIdPegCounts::sum_stats()
         appid_dynamic_sum[SF_APPID_MAX].stats[j] += ptr[peg_num].stats[j];
 }
 
-void AppIdPegCounts::update_service_count(AppId id, bool increment)
+void AppIdPegCounts::inc_service_count(AppId id)
 {
-    if (increment)
-        (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]++;
-    else if ((*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS])
-        (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]--;
+    (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]++;
 }
 
-void AppIdPegCounts::update_client_count(AppId id, bool increment)
+void AppIdPegCounts::inc_client_count(AppId id)
 {
-    if (increment)
-        (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]++;
-    else if ((*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS])
-        (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]--;
+    (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]++;
 }
 
-void AppIdPegCounts::update_payload_count(AppId id, bool increment)
+void AppIdPegCounts::inc_payload_count(AppId id)
 {
-    if (increment)
-        (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]++;
-    else if ((*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS])
-        (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]--;
+    (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]++;
 }
 
 void AppIdPegCounts::inc_user_count(AppId id)
@@ -130,6 +127,11 @@ void AppIdPegCounts::inc_misc_count(AppId id)
     (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::MISC_DETECTS]++;
 }
 
+void AppIdPegCounts::inc_referred_count(AppId id)
+{
+    (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::REFERRED_DETECTS]++;
+}
+
 uint32_t AppIdPegCounts::get_stats_index(AppId id)
 {
     std::unordered_map<AppId, uint32_t>::iterator stats_idx_it = appid_detector_pegs_idx.find(id);
@@ -162,8 +164,8 @@ void AppIdPegCounts::print()
     LogLabel("detected apps and services");
 
     char buff[120];
-    snprintf(buff, sizeof(buff), "%25.25s: %-10s %-10s %-10s %-10s %-10s %-10s %-10s",
-        "Application", "Flows", "Clients", "Users", "Payloads", "Misc", "Incompat.", "Failed");
+    snprintf(buff, sizeof(buff), "%25.25s: %-10s %-10s %-10s %-10s %-10s %-10s",
+        "Application", "Services", "Clients", "Users", "Payloads", "Misc", "Referred");
     LogText(buff);
 
     for (unsigned i = 0; i < app_num; i++)
diff --git a/src/network_inspectors/appid/appid_peg_counts.h b/src/network_inspectors/appid/appid_peg_counts.h
index 2914273732d26f4b0044f515fb3d47e14ebfd35c..f4004ff570d261403a80922beeb9a5fe95d3067d 100644 (file)
--- a/src/network_inspectors/appid/appid_peg_counts.h
+++ b/src/network_inspectors/appid/appid_peg_counts.h
@@ -42,6 +42,19 @@
 #include "main/thread.h"
 #include "utils/util.h"
 
+struct AppIdStats
+{
+    PegCount packets;
+    PegCount processed_packets;
+    PegCount ignored_packets;
+    PegCount total_sessions;
+    PegCount service_cache_prunes;
+    PegCount service_cache_adds;
+    PegCount service_cache_removes;
+    PegCount odp_reload_ignored_pkts;
+    PegCount tp_reload_ignored_pkts;
+};
+
 class AppIdPegCounts
 {
 public:
@@ -52,8 +65,7 @@ public:
         USER_DETECTS,
         PAYLOAD_DETECTS,
         MISC_DETECTS,
-        INCOMPATIBLE,
-        FAILED,
+        REFERRED_DETECTS,
         NUM_APPID_DETECTOR_PEGS
     };
 
@@ -70,9 +82,10 @@ public:
 
         void print(const char* app, char* buf, int buf_size)
         {
-            snprintf(buf, buf_size, "%25.25s: " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10")
+            snprintf(buf, buf_size, "%25.25s: " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10")
                 " " FMTu64("-10") " " FMTu64("-10") " " FMTu64("-10"), app, 
-                stats[0], stats[1], stats[2], stats[3], stats[4], stats[5], stats[6]);
+                stats[SERVICE_DETECTS], stats[CLIENT_DETECTS], stats[USER_DETECTS],
+                stats[PAYLOAD_DETECTS], stats[MISC_DETECTS], stats[REFERRED_DETECTS]);
         }
     };
 
@@ -82,24 +95,12 @@ public:
     static void cleanup_peg_info();
     static void cleanup_dynamic_sum();
 
-    static void update_service_count(AppId id, bool increment);
-    static void update_client_count(AppId id, bool increment);
-    static void update_payload_count(AppId id, bool increment);
-
+    static void inc_service_count(AppId id);
+    static void inc_client_count(AppId id);
+    static void inc_payload_count(AppId id);
     static void inc_user_count(AppId id);
     static void inc_misc_count(AppId id);
-
-    static void inc_incompatible_count(AppId id)
-    {
-        if ( appid_detector_pegs_idx[id] != appid_detectors_info.size() )
-            (*appid_peg_counts)[appid_detector_pegs_idx[id]].stats[DetectorPegs::INCOMPATIBLE]++;
-    }
-
-    static void inc_failed_count(AppId id)
-    {
-        if ( appid_detector_pegs_idx[id] != appid_detectors_info.size() )
-            (*appid_peg_counts)[appid_detector_pegs_idx[id]].stats[DetectorPegs::FAILED]++;
-    }
+    static void inc_referred_count(AppId id);
 
     static void sum_stats();
     static void print();
diff --git a/src/network_inspectors/appid/appid_pegs.h b/src/network_inspectors/appid/appid_pegs.h
deleted file mode 100644 (file)
index 484c616..0000000
--- a/src/network_inspectors/appid/appid_pegs.h
+++ /dev/null
@@ -1,40 +0,0 @@
-//--------------------------------------------------------------------------
-// Copyright (C) 2019-2021 Cisco and/or its affiliates. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify it
-// under the terms of the GNU General Public License Version 2 as published
-// by the Free Software Foundation.  You may not use, modify or distribute
-// this program under any other version of the GNU General Public License.
-//
-// This program is distributed in the hope that it will be useful, but
-// WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-// General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-//--------------------------------------------------------------------------
-
-// appid_pegs.h author Silviu Minut <sminut@cisco.com>
-
-#ifndef APPID_PEGS_H
-#define APPID_PEGS_H
-
-#include "framework/counts.h"
-
-struct AppIdStats
-{
-    PegCount packets;
-    PegCount processed_packets;
-    PegCount ignored_packets;
-    PegCount total_sessions;
-    PegCount appid_unknown;
-    PegCount service_cache_prunes;
-    PegCount service_cache_adds;
-    PegCount service_cache_removes;
-    PegCount odp_reload_ignored_pkts;
-    PegCount tp_reload_ignored_pkts;
-};
-
-#endif
diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index 66ab5ca4b61a5d50c1c2ac6082df779ce6ea3c7e..d81cd9684d581a5b0f680a4d2f9818a6208f3ff6 100644 (file)
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -393,18 +393,6 @@ void AppIdSession::check_ssl_detection_restart(AppidChangeBits& change_bits,
         encrypted.misc_id = pick_ss_misc_app_id();
         encrypted.referred_id = pick_ss_referred_payload_app_id();
 
-        // After decryption, new application ids might be detected
-        // overriding existing ones from the encrypted flow. Set overwritten id
-        // to update app statistics when new AppId is detected.
-        if (encrypted.service_id > APP_ID_NONE and client_inferred_service_id == APP_ID_NONE)
-            api.service.set_overwritten_id(encrypted.service_id);
-
-        if (encrypted.client_id > APP_ID_NONE)
-            api.client.set_overwritten_id(encrypted.client_id);
-
-        if (encrypted.payload_id > APP_ID_NONE)
-            api.payload.set_overwritten_id(encrypted.payload_id);
-
         reinit_session_data(change_bits, curr_tp_appid_ctxt);
         if (appidDebug->is_active())
             LogMessage("AppIdDbg %s SSL decryption is available, restarting app detection\n",
diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc
index 95d7bb41a3565319f2a1df7b99e07cc7b8ae8551..d3d2dfec5a075c3f1c1b65d801c2cfe20c862bab 100644 (file)
--- a/src/network_inspectors/appid/appid_session_api.cc
+++ b/src/network_inspectors/appid/appid_session_api.cc
@@ -28,6 +28,7 @@
 #include "flow/ha.h"
 #include "managers/inspector_manager.h"
 #include "appid_inspector.h"
+#include "appid_peg_counts.h"
 #include "appid_session.h"
 #include "appid_types.h"
 #include "service_plugins/service_bootp.h"
@@ -351,30 +352,13 @@ void AppIdSessionApi::set_netbios_domain(AppidChangeBits& change_bits, const cha
 void AppIdSessionApi::set_ss_application_ids(AppId service_id, AppId client_id,
     AppId payload_id, AppId misc_id, AppId referred_id, AppidChangeBits& change_bits, Flow& flow)
 {
-    if (application_ids[APP_PROTOID_SERVICE] != service_id)
-    {
-        application_ids[APP_PROTOID_SERVICE] = service_id;
-        change_bits.set(APPID_SERVICE_BIT);
-        if (flow.ha_state)
-            flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR);
-    }
-    if (application_ids[APP_PROTOID_CLIENT] != client_id)
-    {
-        application_ids[APP_PROTOID_CLIENT] = client_id;
-        change_bits.set(APPID_CLIENT_BIT);
-        if (flow.ha_state)
-            flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR);
-    }
-    if (application_ids[APP_PROTOID_PAYLOAD] != payload_id)
-    {
-        application_ids[APP_PROTOID_PAYLOAD] = payload_id;
-        change_bits.set(APPID_PAYLOAD_BIT);
-        if (flow.ha_state)
-            flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR);
-    }
+    set_application_ids_service(service_id, change_bits, flow);
+    set_ss_application_ids(client_id, payload_id, change_bits, flow);
+
     if (application_ids[APP_PROTOID_MISC] != misc_id)
     {
         application_ids[APP_PROTOID_MISC] = misc_id;
+        AppIdPegCounts::inc_misc_count(misc_id);
         change_bits.set(APPID_MISC_BIT);
         if (flow.ha_state)
             flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR);
@@ -382,6 +366,7 @@ void AppIdSessionApi::set_ss_application_ids(AppId service_id, AppId client_id,
     if (application_ids[APP_PROTOID_REFERRED] != referred_id)
     {
         application_ids[APP_PROTOID_REFERRED] = referred_id;
+        AppIdPegCounts::inc_referred_count(referred_id);
         change_bits.set(APPID_REFERRED_BIT);
     }
 }
@@ -392,6 +377,7 @@ void AppIdSessionApi::set_ss_application_ids_payload(AppId payload_id,
     if (application_ids[APP_PROTOID_PAYLOAD] != payload_id)
     {
         application_ids[APP_PROTOID_PAYLOAD] = payload_id;
+        AppIdPegCounts::inc_payload_count(payload_id);
         change_bits.set(APPID_PAYLOAD_BIT);
         if (flow.ha_state)
             flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR);
@@ -404,17 +390,12 @@ void AppIdSessionApi::set_ss_application_ids(AppId client_id, AppId payload_id,
     if (application_ids[APP_PROTOID_CLIENT] != client_id)
     {
         application_ids[APP_PROTOID_CLIENT] = client_id;
+        AppIdPegCounts::inc_client_count(client_id);
         change_bits.set(APPID_CLIENT_BIT);
         if (flow.ha_state)
             flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR);
     }
-    if (application_ids[APP_PROTOID_PAYLOAD] != payload_id)
-    {
-        application_ids[APP_PROTOID_PAYLOAD] = payload_id;
-        change_bits.set(APPID_PAYLOAD_BIT);
-        if (flow.ha_state)
-            flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR);
-    }
+    set_ss_application_ids_payload(payload_id, change_bits, flow);
 }
 
 void AppIdSessionApi::set_application_ids_service(AppId service_id, AppidChangeBits& change_bits,
@@ -423,6 +404,7 @@ void AppIdSessionApi::set_application_ids_service(AppId service_id, AppidChangeB
     if (application_ids[APP_PROTOID_SERVICE] != service_id)
     {
         application_ids[APP_PROTOID_SERVICE] = service_id;
+        AppIdPegCounts::inc_service_count(service_id);
         change_bits.set(APPID_SERVICE_BIT);
         if (flow.ha_state)
             flow.ha_state->add(FlowHAState::MODIFIED | FlowHAState::MAJOR);
diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h
index 0e5bc048df46e0bf2ce7956c504f3935c395484d..932f2f6155d01573c46ce930652d4ce09073ba1f 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h
+++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h
@@ -181,10 +181,10 @@ AppIdHttpSession::~AppIdHttpSession()
 
 // Stubs for AppIdPegCounts
 // LCOV_EXCL_START
-void AppIdPegCounts::update_service_count(AppId, bool) { }
-void AppIdPegCounts::update_client_count(AppId, bool) { }
+void AppIdPegCounts::inc_service_count(AppId) { }
+void AppIdPegCounts::inc_client_count(AppId) { }
 void AppIdPegCounts::inc_user_count(AppId) { }
-void AppIdPegCounts::update_payload_count(AppId, bool) { }
+void AppIdPegCounts::inc_payload_count(AppId) { }
 
 THREAD_LOCAL AppIdStats appid_stats;
 void AppIdModule::sum_stats(bool) { }
@@ -219,10 +219,6 @@ bool AppIdReloadTuner::tune_resources(unsigned int)
 }
 void ApplicationDescriptor::set_id(AppId){}
 void ServiceAppDescriptor::set_id(AppId, OdpContext&){}
-void ServiceAppDescriptor::update_stats(AppId, bool){}
-void ClientAppDescriptor::update_user(AppId, const char*, AppidChangeBits&){}
-void ClientAppDescriptor::update_stats(AppId, bool) {}
-void PayloadAppDescriptor::update_stats(AppId, bool) {}
 void ServiceDiscovery::initialize(AppIdInspector&) {}
 void ServiceDiscovery::reload() {}
 
diff --git a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h
index 79ba62993b166b13826ad6cc4cfc2a4b8f247141..af0eba7f246f44c8a03cf9099f8581ef90e75df4 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h
+++ b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h
@@ -98,10 +98,7 @@ void AppIdDetector::add_payload(AppIdSession&, AppId){}
 void AppIdDetector::add_app(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppId, const char*, AppidChangeBits&){}
 void ApplicationDescriptor::set_id(AppId){}
 void ServiceAppDescriptor::set_id(AppId, OdpContext&){}
-void ServiceAppDescriptor::update_stats(AppId, bool){}
 void ClientAppDescriptor::update_user(AppId, const char*, AppidChangeBits&){}
-void ClientAppDescriptor::update_stats(AppId, bool) {}
-void PayloadAppDescriptor::update_stats(AppId, bool) {}
 void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int,
         const uint8_t* const, unsigned, unsigned){}
 void AppIdDiscovery::register_detector(const std::string&, AppIdDetector*,  IpProtocol){}
@@ -178,9 +175,9 @@ void AppIdSession::free_flow_data()
 void* AppIdSession::get_flow_data(unsigned) const { return smb_data;}
 
 // Stubs for AppIdPegCounts
-void AppIdPegCounts::update_service_count(AppId, bool) { }
-void AppIdPegCounts::update_client_count(AppId, bool) { }
-void AppIdPegCounts::update_payload_count(AppId, bool) { }
+void AppIdPegCounts::inc_service_count(AppId, bool) { }
+void AppIdPegCounts::inc_client_count(AppId, bool) { }
+void AppIdPegCounts::inc_payload_count(AppId, bool) { }
 
 THREAD_LOCAL AppIdStats appid_stats;
 void AppIdModule::show_dynamic_stats() { }
diff --git a/src/network_inspectors/appid/service_state.h b/src/network_inspectors/appid/service_state.h
index 345307bbace7bdee4ff914f41ee648f03d7a84fb..11090dacc260c7ed16cfc14c0c34b5ac70e33b6a 100644 (file)
--- a/src/network_inspectors/appid/service_state.h
+++ b/src/network_inspectors/appid/service_state.h
@@ -30,7 +30,7 @@
 #include "utils/cpp_macros.h"
 #include "utils/util.h"
 
-#include "appid_pegs.h"
+#include "appid_peg_counts.h"
 #include "service_plugins/service_discovery.h"
 
 class ServiceDetector;
diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc
index a5ce3b4320b504cdfbc9b71e5a547c3b258ab691..79471860b11079d694f5fd7955fb97fb8e2689d1 100644 (file)
--- a/src/network_inspectors/appid/test/appid_discovery_test.cc
+++ b/src/network_inspectors/appid/test/appid_discovery_test.cc
@@ -151,11 +151,8 @@ void ServiceAppDescriptor::set_id(AppId app_id, OdpContext& odp_ctxt)
     set_id(app_id);
     deferred = odp_ctxt.get_app_info_mgr().get_app_info_flags(app_id, APPINFO_FLAG_DEFER);
 }
-void ServiceAppDescriptor::update_stats(AppId, bool){}
 void ServiceAppDescriptor::set_port_service_id(AppId){}
 void ClientAppDescriptor::update_user(AppId, const char*, AppidChangeBits&){}
-void ClientAppDescriptor::update_stats(AppId, bool) {}
-void PayloadAppDescriptor::update_stats(AppId, bool) {}
 
 // Stubs for AppIdModule
 AppIdModule::AppIdModule(): Module("appid_mock", "appid_mock_help") {}
diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc
index 525b0817026e55db26d35dcbd2520975fa1036e9..acb1f6b81d39aee09620954e943124fb9cdff069 100644 (file)
--- a/src/network_inspectors/appid/test/appid_http_session_test.cc
+++ b/src/network_inspectors/appid/test/appid_http_session_test.cc
@@ -184,6 +184,7 @@ TEST_GROUP(appid_http_session)
         session->flow = &flow;
         mock_hsession = new AppIdHttpSession(*session, 0);
         appidDebug = new AppIdDebug();
+        AppIdPegCounts::init_pegs();
     }
 
     void teardown() override
@@ -191,6 +192,7 @@ TEST_GROUP(appid_http_session)
         delete appidDebug;
         delete mock_hsession;
         delete session;
+        AppIdPegCounts::cleanup_pegs();
     }
 };
 
diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h
index f0e918bfb5276f3c00cf9f3184b0e1ad4b5d27f8..acae461ee9f72b4d2cd85a2f685870a41fcca46b 100644 (file)
--- a/src/network_inspectors/appid/test/appid_mock_definitions.h
+++ b/src/network_inspectors/appid/test/appid_mock_definitions.h
@@ -63,7 +63,6 @@ SearchTool::~SearchTool() = default;
 DiscoveryFilter::~DiscoveryFilter(){}
 void ApplicationDescriptor::set_id(AppId app_id){ my_id = app_id;}
 void ServiceAppDescriptor::set_id(AppId app_id, OdpContext&){ set_id(app_id); }
-void ServiceAppDescriptor::update_stats(AppId, bool){}
 void ServiceAppDescriptor::set_port_service_id(AppId app_id){ port_service_id = app_id;}
 void ClientAppDescriptor::update_user(AppId app_id, const char* username, AppidChangeBits& change_bits)
 {
@@ -71,8 +70,6 @@ void ClientAppDescriptor::update_user(AppId app_id, const char* username, AppidC
     my_user_id = app_id;
     change_bits.set(APPID_USER_INFO_BIT);
 }
-void ClientAppDescriptor::update_stats(AppId, bool) {}
-void PayloadAppDescriptor::update_stats(AppId, bool) {}
 
 AppIdDiscovery::~AppIdDiscovery() = default;
 void ClientDiscovery::initialize(AppIdInspector&) { }
diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc
index eb0ffcf63567e06250145a1ff386fd04769d6aa5..522e12dc82ee53223a33aaabf463eadf0ebdbaec 100644 (file)
--- a/src/network_inspectors/appid/test/service_state_test.cc
+++ b/src/network_inspectors/appid/test/service_state_test.cc
@@ -80,11 +80,8 @@ void AppIdDebug::activate(const Flow*, const AppIdSession*, bool) { active = tru
 void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
 void ApplicationDescriptor::set_id(AppId){}
 void ServiceAppDescriptor::set_id(AppId, OdpContext&){}
-void ServiceAppDescriptor::update_stats(AppId, bool){}
 void ServiceAppDescriptor::set_port_service_id(AppId){}
 void ClientAppDescriptor::update_user(AppId, const char*, AppidChangeBits&){}
-void ClientAppDescriptor::update_stats(AppId, bool) {}
-void PayloadAppDescriptor::update_stats(AppId, bool) {}
 AppIdConfig::~AppIdConfig() = default;
 OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { }
 AppIdConfig stub_config;
Mirror of https://github.com/snort3/snort3.git