if (!asd)
{
AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
- if(inspector)
+ if (inspector)
{
-
asd = new AppIdSession(proto, ip, port, *inspector);
flow.set_flow_data(asd);
asd->service.set_id(appHA->appId[1], asd->ctxt.get_odp_ctxt());
return false;
}
-AppIdSessionApi* AppIdApi::create_appid_session_api(const Flow& flow)
+const AppIdSessionApi* AppIdApi::get_appid_session_api(const Flow& flow) const
{
AppIdSession* asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id);
if (asd)
- return new AppIdSessionApi(asd);
+ return &asd->get_api();
return nullptr;
}
-void AppIdApi::free_appid_session_api(AppIdSessionApi* api)
-{
- delete api;
-}
-
bool AppIdApi::is_inspection_needed(const Inspector& inspector) const
{
AppIdInspector* appid_inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME,
SfIp*, uint16_t initiatorPort);
bool ssl_app_group_id_lookup(Flow* flow, const char*, const char*, const char*,
const char*, bool, AppId& service_id, AppId& client_id, AppId& payload_id);
- AppIdSessionApi* create_appid_session_api(const Flow& flow);
- void free_appid_session_api(AppIdSessionApi* api);
+ const AppIdSessionApi* get_appid_session_api(const Flow& flow) const;
bool is_inspection_needed(const Inspector& g) const;
};
void set_port_service_id(AppId id);
- bool get_deferred()
+ bool get_deferred() const
{
return deferred;
}
sport = port1;
dport = port2;
}
- else if (session->common.initiator_port)
+ else if (session->initiator_port)
{
- if (session->common.initiator_port == port1)
+ if (session->initiator_port == port1)
{
sip = (const ip::snort_in6_addr*)ip1;
dip = (const ip::snort_in6_addr*)ip2;
dport = port1;
}
}
- else if (memcmp(session->common.initiator_ip.get_ip6_ptr(),
+ else if (memcmp(session->initiator_ip.get_ip6_ptr(),
ip1, sizeof(ip::snort_in6_addr)) == 0)
{
sip = (const ip::snort_in6_addr*)ip1;
AppidSessionDirection direction = APP_ID_FROM_INITIATOR;
AppIdSession* asd = (AppIdSession*)p->flow->get_flow_data(AppIdSession::inspector_id);
- if (!do_pre_discovery(p, &asd, inspector, protocol, outer_protocol, direction))
+ if (!do_pre_discovery(p, asd, inspector, protocol, outer_protocol, direction))
return;
AppId service_id = APP_ID_NONE;
protocol = asd->protocol;
asd->flow = p->flow;
- if (asd->common.initiator_port)
- direction = (asd->common.initiator_port == p->ptrs.sp) ?
+ if (asd->initiator_port)
+ direction = (asd->initiator_port == p->ptrs.sp) ?
APP_ID_FROM_INITIATOR : APP_ID_FROM_RESPONDER;
else
{
const SfIp* ip = p->ptrs.ip_api.get_src();
- direction = ip->fast_equals_raw(asd->common.initiator_ip) ?
+ direction = ip->fast_equals_raw(asd->initiator_ip) ?
APP_ID_FROM_INITIATOR : APP_ID_FROM_RESPONDER;
}
uint64_t flags;
uint64_t flow_flags = APPID_SESSION_DISCOVER_APP;
- flow_flags |= asd.common.flags;
+ flow_flags |= asd.flags;
// FIXIT-M - Re-check a flow after snort is reloaded. RNA policy might have changed
if (asd.get_session_flags(APPID_SESSION_BIDIRECTIONAL_CHECKED) ==
}
// Return false if the packet or the session doesn't need to be inspected
-bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInspector& inspector,
+bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession*& asd, AppIdInspector& inspector,
IpProtocol& protocol, IpProtocol& outer_protocol, AppidSessionDirection& direction)
{
- AppIdSession* asd = *p_asd;
-
if (!set_network_attributes(asd, p, protocol, outer_protocol, direction))
{
appid_stats.ignored_packets++;
if (!asd)
{
- *p_asd = asd = AppIdSession::allocate_session(p, protocol, direction, &inspector);
+ asd = AppIdSession::allocate_session(p, protocol, direction, &inspector);
if (p->flow->get_session_flags() & SSNFLAG_MIDSTREAM)
{
flow_flags |= APPID_SESSION_MID;
}
}
- asd->common.flags = flow_flags;
+ asd->flags = flow_flags;
if (!asd->get_session_flags(APPID_SESSION_PAYLOAD_SEEN) and p->dsize)
asd->set_session_flags(APPID_SESSION_PAYLOAD_SEEN);
- if (asd->get_session_flags(APPID_SESSION_FUTURE_FLOW))
+ if (asd->get_session_flags(APPID_SESSION_FUTURE_FLOW) and
+ (!asd->get_session_flags(APPID_SESSION_FUTURE_FLOW_IDED)))
{
- if (!asd->get_session_flags(APPID_SESSION_FUTURE_FLOW_IDED))
- {
- AppidChangeBits change_bits;
+ AppidChangeBits change_bits;
- asd->set_ss_application_ids(asd->pick_service_app_id(), asd->pick_ss_client_app_id(),
- asd->pick_ss_payload_app_id(), asd->pick_ss_misc_app_id(), change_bits);
- asd->publish_appid_event(change_bits, p->flow);
- asd->set_session_flags(APPID_SESSION_FUTURE_FLOW_IDED);
+ asd->set_ss_application_ids(asd->pick_service_app_id(), asd->pick_ss_client_app_id(),
+ asd->pick_ss_payload_app_id(), asd->pick_ss_misc_app_id(), change_bits);
+ asd->publish_appid_event(change_bits, p->flow);
+ asd->set_session_flags(APPID_SESSION_FUTURE_FLOW_IDED);
- if (appidDebug->is_active())
- {
- const char *app_name =
- asd->ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(asd->service.get_id());
- LogMessage("AppIdDbg %s Ignoring connection with service %s (%d)\n",
- appidDebug->get_debug_session(), app_name ? app_name : "unknown",
- asd->service.get_id());
- }
+ if (appidDebug->is_active())
+ {
+ const char *app_name =
+ asd->ctxt.get_odp_ctxt().get_app_info_mgr().get_app_name(asd->service.get_id());
+ LogMessage("AppIdDbg %s Ignoring connection with service %s (%d)\n",
+ appidDebug->get_debug_session(), app_name ? app_name : "unknown",
+ asd->service.get_id());
}
return false;
std::vector<AppIdPatternMatchNode*> pattern_data;
private:
- static bool do_pre_discovery(snort::Packet* p, AppIdSession** p_asd, AppIdInspector& inspector,
+ static bool do_pre_discovery(snort::Packet* p, AppIdSession*& asd, AppIdInspector& inspector,
IpProtocol& protocol, IpProtocol& outer_protocol, AppidSessionDirection& direction);
static bool do_discovery(snort::Packet* p, AppIdSession& asd, IpProtocol protocol,
IpProtocol outer_protocol, AppidSessionDirection direction, AppId& service_id,
void set_field(HttpFieldIds id, const std::string* str, AppidChangeBits& change_bits);
void set_field(HttpFieldIds id, const uint8_t* str, int32_t len, AppidChangeBits& change_bits);
- const std::string* get_field(HttpFieldIds id)
+ const std::string* get_field(HttpFieldIds id) const
{ return meta_data[id]; }
- const char* get_cfield(HttpFieldIds id)
+ const char* get_cfield(HttpFieldIds id) const
{ return meta_data[id] != nullptr ? meta_data[id]->c_str() : nullptr; }
- bool get_offset(int id, uint16_t& start, uint16_t& end)
+ bool get_offset(int id, uint16_t& start, uint16_t& end) const
{
if ( REQ_AGENT_FID <= id and id < NUM_HTTP_FIELDS )
{
void set_tun_dest();
- const TunnelDest* get_tun_dest()
+ const TunnelDest* get_tun_dest() const
{ return tun_dest; }
void free_tun_dest()
void reset_ptype_scan_counts();
- int get_ptype_scan_count(enum HttpFieldIds type)
+ int get_ptype_scan_count(enum HttpFieldIds type) const
{ return ptype_scan_counts[type]; }
virtual void custom_init() { }
#include "appid_dns_session.h"
#include "appid_http_session.h"
#include "appid_inspector.h"
+#include "appid_session_api.h"
#include "appid_stats.h"
#include "lua_detector_api.h"
#include "service_plugins/service_ssl.h"
{
service_ip.clear();
session_id = ++appid_flow_data_id;
- common.initiator_ip = *ip;
- common.initiator_port = port;
+ initiator_ip = *ip;
+ initiator_port = port;
- length_sequence.proto = IpProtocol::PROTO_NOT_SET;
- length_sequence.sequence_cnt = 0;
- memset(length_sequence.sequence, '\0', sizeof(length_sequence.sequence));
- memset(application_ids, 0, sizeof(application_ids));
appid_stats.total_sessions++;
}
service.update(id, change_bits, version);
}
-bool AppIdSession::is_svc_taking_too_much_time()
+bool AppIdSession::is_svc_taking_too_much_time() const
{
return (init_pkts_without_reply > ctxt.get_odp_ctxt().max_packet_service_fail_ignore_bytes ||
(init_pkts_without_reply > ctxt.get_odp_ctxt().max_packet_before_service_fail &&
return 0;
}
-void* AppIdSession::get_flow_data(unsigned id)
+void* AppIdSession::get_flow_data(unsigned id) const
{
AppIdFlowDataIter it = flow_data.find(id);
if (it != flow_data.end())
clear_session_flags(APPID_SESSION_CONTINUE);
}
-AppId AppIdSession::pick_service_app_id()
+AppId AppIdSession::pick_service_app_id() const
{
AppId rval = APP_ID_NONE;
return rval;
}
-AppId AppIdSession::pick_ss_misc_app_id()
+AppId AppIdSession::pick_ss_misc_app_id() const
{
if (service.get_id() == APP_ID_HTTP2)
return APP_ID_NONE;
return encrypted.misc_id;
}
-AppId AppIdSession::pick_ss_client_app_id()
+AppId AppIdSession::pick_ss_client_app_id() const
{
if (service.get_id() == APP_ID_HTTP2)
return APP_ID_NONE;
return encrypted.client_id;
}
-AppId AppIdSession::pick_ss_payload_app_id()
+AppId AppIdSession::pick_ss_payload_app_id() const
{
if (service.get_id() == APP_ID_HTTP2)
return APP_ID_NONE;
return APP_ID_NONE;
}
-AppId AppIdSession::pick_ss_referred_payload_app_id()
+AppId AppIdSession::pick_ss_referred_payload_app_id() const
{
if (service.get_id() == APP_ID_HTTP2)
return APP_ID_NONE;
}
void AppIdSession::get_first_stream_app_ids(AppId& service_id, AppId& client_id,
- AppId& payload_id, AppId& misc_id)
+ AppId& payload_id, AppId& misc_id) const
{
service_id = application_ids[APP_PROTOID_SERVICE];
if (service_id != APP_ID_HTTP2)
}
void AppIdSession::get_first_stream_app_ids(AppId& service_id, AppId& client_id,
- AppId& payload_id)
+ AppId& payload_id) const
{
service_id = application_ids[APP_PROTOID_SERVICE];
if (service_id != APP_ID_HTTP2)
}
}
-AppId AppIdSession::get_application_ids_service()
+AppId AppIdSession::get_application_ids_service() const
{
return application_ids[APP_PROTOID_SERVICE];
}
-AppId AppIdSession::get_application_ids_client(uint32_t stream_index)
+AppId AppIdSession::get_application_ids_client(uint32_t stream_index) const
{
if (get_application_ids_service() == APP_ID_HTTP2)
{
return APP_ID_NONE;
}
-AppId AppIdSession::get_application_ids_payload(uint32_t stream_index)
+AppId AppIdSession::get_application_ids_payload(uint32_t stream_index) const
{
if (get_application_ids_service() == APP_ID_HTTP2)
{
return APP_ID_NONE;
}
-AppId AppIdSession::get_application_ids_misc(uint32_t stream_index)
+AppId AppIdSession::get_application_ids_misc(uint32_t stream_index) const
{
if (service.get_id() == APP_ID_HTTP2)
{
return APP_ID_NONE;
}
-bool AppIdSession::is_ssl_session_decrypted()
+bool AppIdSession::is_ssl_session_decrypted() const
{
return get_session_flags(APPID_SESSION_DECRYPTED);
}
this->tpsession->reset();
}
-bool AppIdSession::is_payload_appid_set()
+bool AppIdSession::is_payload_appid_set() const
{
return (payload.get_id() || tp_payload_app_id);
}
hsessions.push_back(hsession);
return hsession;
}
-AppIdHttpSession* AppIdSession::get_http_session(uint32_t stream_index)
+
+AppIdHttpSession* AppIdSession::get_http_session(uint32_t stream_index) const
{
if (stream_index < hsessions.size())
return hsessions[stream_index];
return nullptr;
}
-AppIdHttpSession* AppIdSession::get_matching_http_session(uint32_t stream_id)
+AppIdHttpSession* AppIdSession::get_matching_http_session(uint32_t stream_id) const
{
for (uint32_t stream_index=0; stream_index < hsessions.size(); stream_index++)
{
return dsession;
}
-AppIdDnsSession* AppIdSession::get_dns_session()
+AppIdDnsSession* AppIdSession::get_dns_session() const
{
return dsession;
}
void AppIdSession::publish_appid_event(AppidChangeBits& change_bits, Flow* flow,
bool is_http2, uint32_t http2_stream_index)
{
+ if (!api.get_published())
+ {
+ change_bits.set(APPID_CREATED_BIT);
+ api.set_published(true);
+ }
+
if (change_bits.none())
return;
- AppidEvent app_event(change_bits, is_http2, http2_stream_index);
+ AppidEvent app_event(change_bits, is_http2, http2_stream_index, api);
DataBus::publish(APPID_EVENT_ANY_CHANGE, app_event, flow);
if (appidDebug->is_active())
{
#include "length_app_cache.h"
#include "service_state.h"
+namespace snort
+{
+ class AppIdSessionApi;
+}
+
class ClientDetector;
class ServiceDetector;
class AppIdDnsSession;
};
typedef std::unordered_map<unsigned, AppIdFlowData*>::const_iterator AppIdFlowDataIter;
-struct CommonAppIdData
-{
- CommonAppIdData()
- {
- initiator_ip.clear();
- }
-
- //flags shared with other preprocessor via session attributes.
- uint64_t flags = 0;
- snort::SfIp initiator_ip;
- uint16_t initiator_port = 0;
-};
-
enum MatchedTlsType
{
MATCHED_TLS_NONE = 0,
const char* get_tls_org_unit() const { return tls_org_unit; }
- bool get_tls_handshake_done() { return tls_handshake_done; }
+ bool get_tls_handshake_done() const { return tls_handshake_done; }
// Duplicate only if len > 0, otherwise simply set (i.e., own the argument)
void set_tls_host(const char* new_tls_host, uint32_t len, AppidChangeBits& change_bits)
snort::Flow* flow = nullptr;
AppIdContext& ctxt;
std::unordered_map<unsigned, AppIdFlowData*> flow_data;
- CommonAppIdData common;
+ uint64_t flags = 0;
+ snort::SfIp initiator_ip;
+ uint16_t initiator_port = 0;
+
uint16_t session_packet_count = 0;
uint16_t init_pkts_without_reply = 0;
uint64_t init_bytes_without_reply = 0;
static void init() { inspector_id = FlowData::create_flow_data_id(); }
- void set_session_flags(uint64_t flags) { common.flags |= flags; }
- void clear_session_flags(uint64_t flags) { common.flags &= ~flags; }
- uint64_t get_session_flags(uint64_t flags) const { return (common.flags & flags); }
- void set_service_detected() { common.flags |= APPID_SESSION_SERVICE_DETECTED; }
- bool is_service_detected() { return ((common.flags & APPID_SESSION_SERVICE_DETECTED) == 0) ?
+ void set_session_flags(uint64_t set_flags) { flags |= set_flags; }
+ void clear_session_flags(uint64_t clear_flags) { flags &= ~clear_flags; }
+ uint64_t get_session_flags(uint64_t get_flags) const { return (flags & get_flags); }
+ void set_service_detected() { flags |= APPID_SESSION_SERVICE_DETECTED; }
+ bool is_service_detected() const { return ((flags & APPID_SESSION_SERVICE_DETECTED) == 0) ?
false : true; }
- void set_client_detected() { common.flags |= APPID_SESSION_CLIENT_DETECTED; }
- bool is_client_detected() { return ((common.flags & APPID_SESSION_CLIENT_DETECTED) == 0) ?
+ void set_client_detected() { flags |= APPID_SESSION_CLIENT_DETECTED; }
+ bool is_client_detected() const { return ((flags & APPID_SESSION_CLIENT_DETECTED) == 0) ?
false : true; }
- bool is_decrypted() { return ((common.flags & APPID_SESSION_DECRYPTED) == 0) ? false : true; }
- bool is_svc_taking_too_much_time();
+ bool is_decrypted() const { return ((flags & APPID_SESSION_DECRYPTED) == 0) ? false : true; }
+ bool is_svc_taking_too_much_time() const;
- void* get_flow_data(unsigned id);
+ void* get_flow_data(unsigned id) const;
int add_flow_data(void* data, unsigned id, AppIdFreeFCN);
int add_flow_data_id(uint16_t port, ServiceDetector*);
void* remove_flow_data(unsigned id);
void free_flow_data_by_mask(unsigned mask);
void free_flow_data();
- AppId pick_service_app_id();
+ AppId pick_service_app_id() const;
// pick_ss_* and set_ss_* methods below are for application protocols that support only a single
// stream in a flow. They should not be used for HTTP2 sessions which can have multiple
// streams within a single flow
- AppId pick_ss_misc_app_id();
- AppId pick_ss_client_app_id();
- AppId pick_ss_payload_app_id();
- AppId pick_ss_referred_payload_app_id();
+ AppId pick_ss_misc_app_id() const;
+ AppId pick_ss_client_app_id() const;
+ AppId pick_ss_payload_app_id() const;
+ AppId pick_ss_referred_payload_app_id() const;
void set_ss_application_ids(AppId service, AppId client, AppId payload, AppId misc,
AppidChangeBits& change_bits);
// For protocols such as HTTP2 which can have multiple streams within a single flow, get_first_stream_*
// methods return the appids in the first stream seen in a packet.
- void get_first_stream_app_ids(AppId& service, AppId& client, AppId& payload, AppId& misc);
- void get_first_stream_app_ids(AppId& service, AppId& client, AppId& payload);
- AppId get_application_ids_service();
- AppId get_application_ids_client(uint32_t stream_index = 0);
- AppId get_application_ids_payload(uint32_t stream_index = 0);
- AppId get_application_ids_misc(uint32_t stream_index = 0);
-
- uint32_t get_hsessions_size()
+ void get_first_stream_app_ids(AppId& service, AppId& client, AppId& payload, AppId& misc) const;
+ void get_first_stream_app_ids(AppId& service, AppId& client, AppId& payload) const;
+ AppId get_application_ids_service() const;
+ AppId get_application_ids_client(uint32_t stream_index = 0) const;
+ AppId get_application_ids_payload(uint32_t stream_index = 0) const;
+ AppId get_application_ids_misc(uint32_t stream_index = 0) const;
+
+ uint32_t get_hsessions_size() const
{
return hsessions.size();
}
- bool is_ssl_session_decrypted();
+ bool is_ssl_session_decrypted() const;
void examine_ssl_metadata(AppidChangeBits& change_bits);
void set_client_appid_data(AppId, AppidChangeBits& change_bits, char* version = nullptr);
void set_service_appid_data(AppId, AppidChangeBits& change_bits, char* version = nullptr);
void sync_with_snort_protocol_id(AppId, snort::Packet*);
void stop_service_inspection(snort::Packet*, AppidSessionDirection);
- bool is_payload_appid_set();
+ bool is_payload_appid_set() const;
void clear_http_flags();
void clear_http_data();
void reset_session_data();
AppIdHttpSession* create_http_session(uint32_t stream_id = 0);
- AppIdHttpSession* get_http_session(uint32_t stream_index = 0);
- AppIdHttpSession* get_matching_http_session(uint32_t stream_id);
+ AppIdHttpSession* get_http_session(uint32_t stream_index = 0) const;
+ AppIdHttpSession* get_matching_http_session(uint32_t stream_id) const;
void delete_all_http_sessions()
{
for (auto hsession : hsessions)
}
AppIdDnsSession* create_dns_session();
- AppIdDnsSession* get_dns_session();
+ AppIdDnsSession* get_dns_session() const;
bool is_tp_appid_done() const;
bool is_tp_processing_done() const;
void publish_appid_event(AppidChangeBits&, snort::Flow*, bool is_http2 = false,
uint32_t http2_stream_index = 0);
- inline void set_tp_app_id(AppId app_id) {
+ inline void set_tp_app_id(AppId app_id)
+ {
if (tp_app_id != app_id)
{
tp_app_id = app_id;
}
}
- inline void set_tp_payload_app_id(AppId app_id) {
+ inline void set_tp_payload_app_id(AppId app_id)
+ {
if (tp_payload_app_id != app_id)
{
tp_payload_app_id = app_id;
}
}
- inline AppId get_tp_app_id() {
+ inline AppId get_tp_app_id() const
+ {
return tp_app_id;
}
- inline AppId get_tp_payload_app_id() {
+ inline AppId get_tp_payload_app_id() const
+ {
return tp_payload_app_id;
}
prev_http2_raw_packet = packet_num;
}
+ const snort::AppIdSessionApi& get_api() const
+ {
+ return api;
+ }
+
private:
std::vector<AppIdHttpSession*> hsessions;
AppIdDnsSession* dsession = nullptr;
void delete_session_data();
static THREAD_LOCAL uint32_t appid_flow_data_id;
- AppId application_ids[APP_PROTOID_MAX];
+ AppId application_ids[APP_PROTOID_MAX] =
+ { APP_ID_NONE, APP_ID_NONE, APP_ID_NONE, APP_ID_NONE };
bool tp_app_id_deferred = false;
bool tp_payload_app_id_deferred = false;
AppId tp_payload_app_id = APP_ID_NONE;
uint16_t my_inferred_svcs_ver = 0;
+ snort::AppIdSessionApi api{*this};
static uint16_t inferred_svcs_ver;
};
return false;
}
#endif
-
using namespace snort;
-bool AppIdSessionApi::refresh(const Flow& flow)
+AppId AppIdSessionApi::get_service_app_id() const
{
- AppIdSession* new_asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id);
-
- if (new_asd)
- {
- asd = new_asd;
- return true;
- }
- return false;
-}
-
-AppId AppIdSessionApi::get_service_app_id()
-{
- return asd->get_application_ids_service();
+ return asd.get_application_ids_service();
}
-AppId AppIdSessionApi::get_misc_app_id(uint32_t stream_index)
+AppId AppIdSessionApi::get_misc_app_id(uint32_t stream_index) const
{
- return asd->get_application_ids_misc(stream_index);
+ return asd.get_application_ids_misc(stream_index);
}
-AppId AppIdSessionApi::get_client_app_id(uint32_t stream_index)
+AppId AppIdSessionApi::get_client_app_id(uint32_t stream_index) const
{
- return asd->get_application_ids_client(stream_index);
+ return asd.get_application_ids_client(stream_index);
}
-AppId AppIdSessionApi::get_payload_app_id(uint32_t stream_index)
+AppId AppIdSessionApi::get_payload_app_id(uint32_t stream_index) const
{
- return asd->get_application_ids_payload(stream_index);
+ return asd.get_application_ids_payload(stream_index);
}
-AppId AppIdSessionApi::get_referred_app_id(uint32_t stream_index)
+AppId AppIdSessionApi::get_referred_app_id(uint32_t stream_index) const
{
- if (asd->get_application_ids_service() == APP_ID_HTTP2)
+ if (asd.get_application_ids_service() == APP_ID_HTTP2)
{
- if ((stream_index != 0) and (stream_index >= asd->get_hsessions_size()))
+ if ((stream_index != 0) and (stream_index >= asd.get_hsessions_size()))
return APP_ID_UNKNOWN;
- else if (AppIdHttpSession* hsession = asd->get_http_session(stream_index))
+ else if (AppIdHttpSession* hsession = asd.get_http_session(stream_index))
return hsession->referred_payload_app_id;
}
else if (stream_index == 0)
- return asd->pick_ss_referred_payload_app_id();
+ return asd.pick_ss_referred_payload_app_id();
return APP_ID_UNKNOWN;
}
void AppIdSessionApi::get_app_id(AppId& service, AppId& client,
- AppId& payload, AppId& misc, AppId& referred, uint32_t stream_index)
+ AppId& payload, AppId& misc, AppId& referred, uint32_t stream_index) const
{
- if (asd->get_application_ids_service() == APP_ID_HTTP2)
+ if (asd.get_application_ids_service() == APP_ID_HTTP2)
{
- if ((stream_index != 0) and (stream_index >= asd->get_hsessions_size()))
+ if ((stream_index != 0) and (stream_index >= asd.get_hsessions_size()))
service = client = payload = misc = referred = APP_ID_UNKNOWN;
- else if (AppIdHttpSession* hsession = asd->get_http_session(stream_index))
+ else if (AppIdHttpSession* hsession = asd.get_http_session(stream_index))
{
- service = asd->get_application_ids_service();
+ service = asd.get_application_ids_service();
client = hsession->client.get_id();
payload = hsession->payload.get_id();
misc = hsession->misc_app_id;
}
else
{
- asd->get_first_stream_app_ids(service, client, payload, misc);
- referred = asd->pick_ss_referred_payload_app_id();
+ asd.get_first_stream_app_ids(service, client, payload, misc);
+ referred = asd.pick_ss_referred_payload_app_id();
}
}
void AppIdSessionApi::get_app_id(AppId* service, AppId* client,
- AppId* payload, AppId* misc, AppId* referred, uint32_t stream_index)
+ AppId* payload, AppId* misc, AppId* referred, uint32_t stream_index) const
{
- if (asd->get_application_ids_service() == APP_ID_HTTP2)
+ if (asd.get_application_ids_service() == APP_ID_HTTP2)
{
- if ((stream_index != 0) and (stream_index >= asd->get_hsessions_size()))
+ if ((stream_index != 0) and (stream_index >= asd.get_hsessions_size()))
{
if (service)
*service = APP_ID_UNKNOWN;
*referred = APP_ID_UNKNOWN;
return;
}
- else if (AppIdHttpSession* hsession = asd->get_http_session(stream_index))
+ else if (AppIdHttpSession* hsession = asd.get_http_session(stream_index))
{
if (service)
- *service = asd->get_application_ids_service();
+ *service = asd.get_application_ids_service();
if (client)
*client = hsession->client.get_id();
if (payload)
}
}
if (service)
- *service = asd->get_application_ids_service();
+ *service = asd.get_application_ids_service();
if (client)
- *client = asd->get_application_ids_client();
+ *client = asd.get_application_ids_client();
if (payload)
- *payload = asd->get_application_ids_payload();
+ *payload = asd.get_application_ids_payload();
if (misc)
- *misc = asd->get_application_ids_misc();
+ *misc = asd.get_application_ids_misc();
if (referred)
- *referred = asd->pick_ss_referred_payload_app_id();
+ *referred = asd.pick_ss_referred_payload_app_id();
}
-bool AppIdSessionApi::is_appid_inspecting_session()
+bool AppIdSessionApi::is_appid_inspecting_session() const
{
- if ( asd->service_disco_state != APPID_DISCO_STATE_FINISHED or
- !asd->is_tp_appid_done() or
- asd->get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE) or
- (asd->get_session_flags(APPID_SESSION_ENCRYPTED) and
- (asd->get_session_flags(APPID_SESSION_DECRYPTED) or
- asd->session_packet_count < SSL_WHITELIST_PKT_LIMIT)) )
+ if ( asd.service_disco_state != APPID_DISCO_STATE_FINISHED or
+ !asd.is_tp_appid_done() or
+ asd.get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_CONTINUE) or
+ (asd.get_session_flags(APPID_SESSION_ENCRYPTED) and
+ (asd.get_session_flags(APPID_SESSION_DECRYPTED) or
+ asd.session_packet_count < SSL_WHITELIST_PKT_LIMIT)) )
{
return true;
}
- if ( asd->client_disco_state != APPID_DISCO_STATE_FINISHED and
- (!asd->is_client_detected() or
- (asd->service_disco_state != APPID_DISCO_STATE_STATEFUL
- and asd->get_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS))) )
+ if ( asd.client_disco_state != APPID_DISCO_STATE_FINISHED and
+ (!asd.is_client_detected() or
+ (asd.service_disco_state != APPID_DISCO_STATE_STATEFUL
+ and asd.get_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS))) )
{
return true;
}
- if ( asd->get_tp_app_id() == APP_ID_SSH and asd->payload.get_id() != APP_ID_SFTP and
- asd->session_packet_count < MAX_SFTP_PACKET_COUNT )
+ if ( asd.get_tp_app_id() == APP_ID_SSH and asd.payload.get_id() != APP_ID_SFTP and
+ asd.session_packet_count < MAX_SFTP_PACKET_COUNT )
{
return true;
}
- if (asd->ctxt.get_odp_ctxt().check_host_port_app_cache)
+ if (asd.ctxt.get_odp_ctxt().check_host_port_app_cache)
return true;
return false;
}
-bool AppIdSessionApi::is_appid_available()
+bool AppIdSessionApi::is_appid_available() const
{
- return ( (asd->service.get_id() != APP_ID_NONE ||
- asd->payload.get_id() != APP_ID_NONE) &&
- (asd->is_tp_appid_available() ||
- asd->get_session_flags(APPID_SESSION_NO_TPI)) );
+ return ( (asd.service.get_id() != APP_ID_NONE ||
+ asd.payload.get_id() != APP_ID_NONE) &&
+ (asd.is_tp_appid_available() ||
+ asd.get_session_flags(APPID_SESSION_NO_TPI)) );
}
-const char* AppIdSessionApi::get_client_version(uint32_t stream_index)
+const char* AppIdSessionApi::get_client_version(uint32_t stream_index) const
{
- if (uint32_t num_hsessions = asd->get_hsessions_size())
+ if (uint32_t num_hsessions = asd.get_hsessions_size())
{
if (stream_index >= num_hsessions)
return nullptr;
- else if (AppIdHttpSession* hsession = asd->get_http_session(stream_index))
+ else if (AppIdHttpSession* hsession = asd.get_http_session(stream_index))
return hsession->client.get_version();
}
else if (stream_index == 0)
- return asd->client.get_version();
+ return asd.client.get_version();
return nullptr;
}
-uint64_t AppIdSessionApi::get_appid_session_attribute(uint64_t flags)
+uint64_t AppIdSessionApi::get_appid_session_attribute(uint64_t flags) const
{
- return asd->get_session_flags(flags);
+ return asd.get_session_flags(flags);
}
-const char* AppIdSessionApi::get_tls_host()
+const char* AppIdSessionApi::get_tls_host() const
{
- if (asd->tsession)
- return asd->tsession->get_tls_host();
+ if (asd.tsession)
+ return asd.tsession->get_tls_host();
return nullptr;
}
-SfIp* AppIdSessionApi::get_initiator_ip()
+const SfIp* AppIdSessionApi::get_initiator_ip() const
{
- return &asd->common.initiator_ip;
+ return &asd.initiator_ip;
}
-AppIdDnsSession* AppIdSessionApi::get_dns_session()
+const AppIdDnsSession* AppIdSessionApi::get_dns_session() const
{
- return asd->get_dns_session();
+ return asd.get_dns_session();
}
-AppIdHttpSession* AppIdSessionApi::get_http_session(uint32_t stream_index)
+const AppIdHttpSession* AppIdSessionApi::get_http_session(uint32_t stream_index) const
{
- return asd->get_http_session(stream_index);
+ return asd.get_http_session(stream_index);
}
-bool AppIdSessionApi::is_http_inspection_done()
+bool AppIdSessionApi::is_http_inspection_done() const
{
- return (asd->is_tp_appid_done() and
- !(asd->get_session_flags(APPID_SESSION_SSL_SESSION) and
- !get_tls_host() and
- (asd->service_disco_state!= APPID_DISCO_STATE_FINISHED)));
+ return (asd.is_tp_appid_done() and
+ !(asd.get_session_flags(APPID_SESSION_SSL_SESSION) and !get_tls_host() and
+ (asd.service_disco_state!= APPID_DISCO_STATE_FINISHED)));
}
class SO_PUBLIC AppIdSessionApi
{
public:
- AppIdSessionApi(AppIdSession* asd) : asd(asd) {}
- bool refresh(const Flow& flow);
- AppId get_service_app_id();
- AppId get_misc_app_id(uint32_t stream_index = 0);
- AppId get_client_app_id(uint32_t stream_index = 0);
- AppId get_payload_app_id(uint32_t stream_index = 0);
- AppId get_referred_app_id(uint32_t stream_index = 0);
- void get_app_id(AppId& service, AppId& client, AppId& payload, AppId& misc, AppId& referred, uint32_t stream_index = 0);
- void get_app_id(AppId* service, AppId* client, AppId* payload, AppId* misc, AppId* referred, uint32_t stream_index = 0);
- bool is_appid_inspecting_session();
- bool is_appid_available();
- const char* get_client_version(uint32_t stream_index = 0);
- uint64_t get_appid_session_attribute(uint64_t flag);
- SfIp* get_initiator_ip();
- AppIdDnsSession* get_dns_session();
- AppIdHttpSession* get_http_session(uint32_t stream_index = 0);
- const char* get_tls_host();
- bool is_http_inspection_done();
+ AppIdSessionApi(const AppIdSession& asd) : asd(asd) {}
+ AppId get_service_app_id() const;
+ AppId get_misc_app_id(uint32_t stream_index = 0) const;
+ AppId get_client_app_id(uint32_t stream_index = 0) const;
+ AppId get_payload_app_id(uint32_t stream_index = 0) const;
+ AppId get_referred_app_id(uint32_t stream_index = 0) const;
+ void get_app_id(AppId& service, AppId& client, AppId& payload, AppId& misc, AppId& referred, uint32_t stream_index = 0) const;
+ void get_app_id(AppId* service, AppId* client, AppId* payload, AppId* misc, AppId* referred, uint32_t stream_index = 0) const;
+ bool is_appid_inspecting_session() const;
+ bool is_appid_available() const;
+ const char* get_client_version(uint32_t stream_index = 0) const;
+ uint64_t get_appid_session_attribute(uint64_t flag) const;
+ const SfIp* get_initiator_ip() const;
+ const AppIdDnsSession* get_dns_session() const;
+ const AppIdHttpSession* get_http_session(uint32_t stream_index = 0) const;
+ const char* get_tls_host() const;
+ bool is_http_inspection_done() const;
+
+ bool get_published() const
+ { return published; }
+
+ void set_published(bool val)
+ { published = val; }
private:
- AppIdSession* asd;
+ const AppIdSession& asd;
+ bool published = false;
};
}
return 0;
}
-
-
bool added = false;
std::lock_guard<std::mutex> lck(AppIdSession::inferred_svcs_lock);
if ( !host_cache[ip_addr]->add_service(port, proto, appid, true, &added) )
args.asd.initialize_future_session(*pf, APPID_SESSION_EXPECTED_EVALUATE, APP_ID_APPID_SESSION_DIRECTION_MAX);
pf->service_disco_state = APPID_DISCO_STATE_STATEFUL;
pf->scan_flags |= SCAN_HOST_PORT_FLAG;
- pf->common.initiator_ip = *sip;
+ pf->initiator_ip = *sip;
}
}
break;
return APPID_ENOMEM;
}
args.asd.initialize_future_session(*pf, APPID_SESSION_EXPECTED_EVALUATE, APP_ID_FROM_RESPONDER);
- pf->common.initiator_ip = *sip;
+ pf->initiator_ip = *sip;
pf->service_disco_state = APPID_DISCO_STATE_STATEFUL;
pf->scan_flags |= SCAN_HOST_PORT_FLAG;
}
{
snort_free(smb_data);
}
-void* AppIdSession::get_flow_data(unsigned){ return smb_data;}
+void* AppIdSession::get_flow_data(unsigned) const { return smb_data;}
// Stubs for AppIdPegCounts
void AppIdPegCounts::inc_service_count(AppId) { }
void AppIdSession::publish_appid_event(AppidChangeBits& change_bits, Flow* flow, bool, uint32_t)
{
- AppidEvent app_event(change_bits, false, 0);
+ static AppIdSessionApi api(*this);
+ AppidEvent app_event(change_bits, false, 0, api);
DataBus::publish(APPID_EVENT_ANY_CHANGE, app_event, flow);
}
memset((void*)&appHA, 0, sizeof(appHA));
memset((void*)&cmp_buf, 0, sizeof(cmp_buf));
- mock_session->common.flags |= APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_HTTP_SESSION;
+ mock_session->flags |= APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_HTTP_SESSION;
mock_session->set_tp_app_id(APPID_UT_ID);
mock_session->service.set_id(APPID_UT_ID + 1, stub_odp_ctxt);
CHECK_EQUAL(service, APPID_UT_ID);
CHECK_EQUAL(client, APPID_UT_ID);
CHECK_EQUAL(payload, APPID_UT_ID);
- STRCMP_EQUAL("Published change_bits == 000000001111", test_log);
+ STRCMP_EQUAL("Published change_bits == 0000000011110", test_log);
service = APP_ID_NONE;
client = APP_ID_NONE;
STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_first_alt_name(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
- STRCMP_EQUAL("Published change_bits == 000001000110", test_log);
+ STRCMP_EQUAL("Published change_bits == 0000010001100", test_log);
AppidChangeBits change_bits;
mock_session->tsession->set_tls_host("www.cisco.com", 13, change_bits);
STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Cisco");
- STRCMP_EQUAL("Published change_bits == 000001000110", test_log);
+ STRCMP_EQUAL("Published change_bits == 0000010001100", test_log);
string host = "";
val = appid_api.ssl_app_group_id_lookup(flow, (const char*)(host.c_str()), nullptr,
STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Google");
- STRCMP_EQUAL("Published change_bits == 000001000000", test_log);
+ STRCMP_EQUAL("Published change_bits == 0000010000000", test_log);
mock().checkExpectations();
}
-TEST(appid_api, create_appid_session_api)
-{
- AppIdSessionApi* appid_session_api = appid_api.create_appid_session_api(*flow);
- CHECK_TRUE(appid_session_api);
- appid_api.free_appid_session_api(appid_session_api);
-
- Flow* old_flow = flow;
- flow = new Flow;
- flow->set_flow_data(nullptr);
- appid_session_api = appid_api.create_appid_session_api(*flow);
- CHECK_FALSE(appid_session_api);
-
- delete flow;
- flow = old_flow;
-}
-
TEST(appid_api, is_inspection_needed)
{
DummyInspector inspector;
IpProtocol protocol = IpProtocol::TCP;
uint16_t address_space_id = 0;
// The session...
- session.common.initiator_port = sport;
- session.common.initiator_ip = sip;
+ session.initiator_port = sport;
+ session.initiator_ip = sip;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
protocol, 4, address_space_id, &session, false);
IpProtocol protocol = IpProtocol::TCP;
uint16_t address_space_id = 0;
// The session...
- session.common.initiator_port = dport; // session initiator is now dst
- session.common.initiator_ip = dip;
+ session.initiator_port = dport; // session initiator is now dst
+ session.initiator_ip = dip;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
protocol, 4, address_space_id, &session, false);
IpProtocol protocol = IpProtocol::UDP; // also threw in UDP and address space ID for kicks
uint16_t address_space_id = 100;
// The session...
- session.common.initiator_port = sport;
- session.common.initiator_ip = sip;
+ session.initiator_port = sport;
+ session.initiator_ip = sip;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
protocol, 6, address_space_id, &session, false);
IpProtocol protocol = IpProtocol::TCP;
uint16_t address_space_id = 0;
// The session...
- session.common.initiator_port = 0; // no initiator port yet (uses IPs)
- session.common.initiator_ip = sip;
+ session.initiator_port = 0; // no initiator port yet (uses IPs)
+ session.initiator_ip = sip;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
protocol, 4, address_space_id, &session, false);
IpProtocol protocol = IpProtocol::TCP;
uint16_t address_space_id = 0;
// The session...
- session.common.initiator_port = 0; // no initiator port yet (uses IPs)... and reversed packet dir from above
- session.common.initiator_ip = dip;
+ session.initiator_port = 0; // no initiator port yet (uses IPs)... and reversed packet dir from above
+ session.initiator_ip = dip;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
protocol, 4, address_space_id, &session, false);
IpProtocol protocol = IpProtocol::UDP; // but this packet is UDP instead
uint16_t address_space_id = 0;
// The session...
- session.common.initiator_port = sport;
- session.common.initiator_ip = sip;
+ session.initiator_port = sport;
+ session.initiator_ip = sip;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
protocol, 4, address_space_id, &session, false);
IpProtocol protocol = IpProtocol::TCP;
uint16_t address_space_id = 0;
// The session...
- session.common.initiator_port = sport;
- session.common.initiator_ip = sip;
+ session.initiator_port = sport;
+ session.initiator_ip = sip;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
protocol, 4, address_space_id, &session, false);
IpProtocol protocol = IpProtocol::TCP;
uint16_t address_space_id = 0;
// The session...
- session.common.initiator_port = sport;
- session.common.initiator_ip = sip;
+ session.initiator_port = sport;
+ session.initiator_ip = sip;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
protocol, 4, address_space_id, &session, false);
IpProtocol protocol = IpProtocol::TCP;
uint16_t address_space_id = 0;
// The session...
- session.common.initiator_port = sport;
- session.common.initiator_ip = sip;
+ session.initiator_port = sport;
+ session.initiator_ip = sip;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
protocol, 4, address_space_id, &session, false);
IpProtocol protocol = IpProtocol::TCP;
uint16_t address_space_id = 0;
// The session...
- session.common.initiator_port = sport;
- session.common.initiator_ip = sip;
+ session.initiator_port = sport;
+ session.initiator_ip = sip;
// activate()
appidDebug->activate(sip.get_ip6_ptr(), dip.get_ip6_ptr(), sport, dport,
protocol, 4, address_space_id, &session, false);
#include "utils/sflsq.cc"
#include "appid_mock_session.h"
+#include "appid_session_api.h"
#include "tp_lib_handler.h"
#include <CppUTest/CommandLineTestRunner.h>
void AppIdSession::publish_appid_event(AppidChangeBits& change_bits, Flow* flow, bool, uint32_t)
{
- AppidEvent app_event(change_bits, false, 0);
+ static AppIdSessionApi api(*this);
+ AppidEvent app_event(change_bits, false, 0, api);
DataBus::publish(APPID_EVENT_ANY_CHANGE, app_event, flow);
}
Flow* flow = new Flow;
flow->set_flow_data(asd);
p.flow = flow;
- asd->common.initiator_port = 21;
- asd->common.initiator_ip.set("1.2.3.4");
+ asd->initiator_port = 21;
+ asd->initiator_ip.set("1.2.3.4");
asd->set_session_flags(APPID_SESSION_FUTURE_FLOW);
AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
// Detect changes in service, client, payload, and misc appid
mock().checkExpectations();
- STRCMP_EQUAL(test_log, "Published change_bits == 000000001111");
+ STRCMP_EQUAL(test_log, "Published change_bits == 0000000011110");
delete asd;
delete flow;
}
Flow* flow = new Flow;
flow->set_flow_data(asd);
p.flow = flow;
- asd->common.initiator_port = 21;
- asd->common.initiator_ip.set("1.2.3.4");
+ asd->initiator_port = 21;
+ asd->initiator_ip.set("1.2.3.4");
AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
// Detect changes in service, client, payload, and misc appid
mock().checkExpectations();
- STRCMP_EQUAL(test_log, "Published change_bits == 000000001111");
+ STRCMP_EQUAL(test_log, "Published change_bits == 0000000011110");
delete asd;
delete flow;
}
flow->set_flow_data(asd);
p.flow = flow;
p.ptrs.tcph = nullptr;
- asd->common.initiator_port = 21;
- asd->common.initiator_ip.set("1.2.3.4");
+ asd->initiator_port = 21;
+ asd->initiator_ip.set("1.2.3.4");
asd->misc_app_id = APP_ID_NONE;
asd->payload.set_id(APP_ID_NONE);
asd->client.set_id(APP_ID_CURL);
// Detect all; failure of this test means some bits from enum are missed in translation
change_bits.set();
change_bits_to_string(change_bits, str);
- STRCMP_EQUAL(str.c_str(), "service, client, payload, misc, referred, host,"
+ STRCMP_EQUAL(str.c_str(), "created, service, client, payload, misc, referred, host,"
" tls-host, url, user-agent, response, referrer, version");
// Failure of this test is a reminder that enum is changed, hence translator needs update
- CHECK_EQUAL(APPID_MAX_BIT, 12);
+ CHECK_EQUAL(APPID_MAX_BIT, 13);
}
int main(int argc, char** argv)
{
}
-bool AppIdSession::is_payload_appid_set()
+bool AppIdSession::is_payload_appid_set() const
{
return true;
}
tsession = new TlsSession;
service_ip.pton(AF_INET, APPID_UT_SERVICE_IP_ADDR);
- common.initiator_ip.pton(AF_INET, APPID_UT_INITIATOR_IP_ADDR);
+ initiator_ip.pton(AF_INET, APPID_UT_INITIATOR_IP_ADDR);
netbios_name = snort_strdup(APPID_UT_NETBIOS_NAME);
snort_free(netbios_name);
}
-void* AppIdSession::get_flow_data(unsigned)
+void* AppIdSession::get_flow_data(unsigned) const
{
return nullptr;
}
}
}
-AppId AppIdSession::pick_service_app_id()
+AppId AppIdSession::pick_service_app_id() const
{
return service.get_id();
}
-AppId AppIdSession::pick_ss_misc_app_id()
+AppId AppIdSession::pick_ss_misc_app_id() const
{
return misc_app_id;
}
-AppId AppIdSession::pick_ss_client_app_id()
+AppId AppIdSession::pick_ss_client_app_id() const
{
return client.get_id();
}
-AppId AppIdSession::pick_ss_payload_app_id()
+AppId AppIdSession::pick_ss_payload_app_id() const
{
return payload.get_id();
}
-AppId AppIdSession::pick_ss_referred_payload_app_id()
+AppId AppIdSession::pick_ss_referred_payload_app_id() const
{
return APPID_UT_ID;
}
-void AppIdSession::get_first_stream_app_ids(AppId&, AppId&, AppId&, AppId&) { }
+void AppIdSession::get_first_stream_app_ids(AppId&, AppId&, AppId&, AppId&) const { }
-void AppIdSession::get_first_stream_app_ids(AppId&, AppId&, AppId&) { }
+void AppIdSession::get_first_stream_app_ids(AppId&, AppId&, AppId&) const { }
-AppId AppIdSession::get_application_ids_service() { return APPID_UT_ID; }
+AppId AppIdSession::get_application_ids_service() const { return APPID_UT_ID; }
-AppId AppIdSession::get_application_ids_client(uint32_t stream_index)
+AppId AppIdSession::get_application_ids_client(uint32_t stream_index) const
{
if (stream_index < hsessions.size() or stream_index == 0)
return APPID_UT_ID;
return APP_ID_NONE;
}
-AppId AppIdSession::get_application_ids_payload(uint32_t stream_index)
+AppId AppIdSession::get_application_ids_payload(uint32_t stream_index) const
{
if (stream_index < hsessions.size() or stream_index == 0)
return APPID_UT_ID;
return APP_ID_NONE;
}
-AppId AppIdSession::get_application_ids_misc(uint32_t stream_index)
+AppId AppIdSession::get_application_ids_misc(uint32_t stream_index) const
{
if (stream_index < hsessions.size() or stream_index == 0)
return APPID_UT_ID;
return APP_ID_NONE;
}
-bool AppIdSession::is_ssl_session_decrypted()
+bool AppIdSession::is_ssl_session_decrypted() const
{
return is_session_decrypted;
}
return hsession;
}
-AppIdHttpSession* AppIdSession::get_http_session(uint32_t stream_index)
+AppIdHttpSession* AppIdSession::get_http_session(uint32_t stream_index) const
{
if (stream_index < hsessions.size())
{
return nullptr;
}
-AppIdHttpSession* AppIdSession::get_matching_http_session(uint32_t stream_id)
+AppIdHttpSession* AppIdSession::get_matching_http_session(uint32_t stream_id) const
{
for (uint32_t stream_index=0; stream_index < hsessions.size(); stream_index++)
{
- if(stream_id == hsessions[stream_index]->get_http2_stream_id())
+ if (stream_id == hsessions[stream_index]->get_http2_stream_id())
return hsessions[stream_index];
}
return nullptr;
return dsession;
}
-AppIdDnsSession* AppIdSession::get_dns_session()
+AppIdDnsSession* AppIdSession::get_dns_session() const
{
return dsession;
}
{
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, dummy_appid_inspector);
- appid_session_api = new AppIdSessionApi(mock_session);
+ appid_session_api = new AppIdSessionApi(*mock_session);
}
void teardown() override
expected_ip.pton(AF_INET, APPID_UT_INITIATOR_IP_ADDR);
- SfIp* val = appid_session_api->get_initiator_ip();
+ const SfIp* val = appid_session_api->get_initiator_ip();
CHECK_TRUE(val->fast_eq4(expected_ip));
}
}
TEST(appid_session_api, get_http_session)
{
- AppIdHttpSession* val;
+ const AppIdHttpSession* val;
mock_session->create_http_session();
val = appid_session_api->get_http_session();
CHECK_TRUE(val != nullptr);
TEST(appid_session_api, appid_dns_api)
{
- AppIdDnsSession* dsession = appid_session_api->get_dns_session();
+ const AppIdDnsSession* dsession = appid_session_api->get_dns_session();
const char* val = dsession->get_host();
STRCMP_EQUAL(val, APPID_ID_UT_DNS_HOST);
#define APPID_EVENT_ANY_CHANGE "appid_event_any_change"
+namespace snort
+{
+ class AppIdSessionApi;
+}
+
// Events are added as needed by subscribers
// Any change here should also change change_bits_to_string()
enum AppidChangeBit
{
+ APPID_CREATED_BIT = 0,
+
// id
- APPID_SERVICE_BIT = 0,
+ APPID_SERVICE_BIT,
APPID_CLIENT_BIT,
APPID_PAYLOAD_BIT,
APPID_MISC_BIT,
{
size_t n = change_bits.count();
+ if (change_bits.test(APPID_CREATED_BIT))
+ --n? str.append("created, ") : str.append("created");
if (change_bits.test(APPID_SERVICE_BIT))
--n? str.append("service, ") : str.append("service");
if (change_bits.test(APPID_CLIENT_BIT))
class AppidEvent : public snort::DataEvent
{
public:
- AppidEvent(const AppidChangeBits& ac, bool is_http2, uint32_t http2_stream_index) :
- ac_bits(ac), is_http2(is_http2), http2_stream_index(http2_stream_index) {}
+ AppidEvent(const AppidChangeBits& ac, bool is_http2, uint32_t http2_stream_index,
+ const snort::AppIdSessionApi& api) :
+ ac_bits(ac), is_http2(is_http2), http2_stream_index(http2_stream_index), api(api) {}
const AppidChangeBits& get_change_bitset() const
{ return ac_bits; }
uint32_t get_http2_stream_index() const
{ return http2_stream_index; }
+ const snort::AppIdSessionApi& get_appid_session_api() const
+ { return api; }
+
private:
const AppidChangeBits& ac_bits;
bool is_http2;
uint32_t http2_stream_index;
+ const snort::AppIdSessionApi& api;
};
#endif
projects / thirdparty / snort3.git / commitdiff
