{
AppIdSession* asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id);
- return (asd && asd->common.flow_type == APPID_FLOW_TYPE_NORMAL) ? asd : nullptr;
+ return asd;
}
const char* AppIdApi::get_application_name(AppId app_id, AppIdContext& ctxt)
assert(buf);
AppIdSessionHA* appHA = (AppIdSessionHA*)buf;
AppIdSession* asd = get_appid_session(flow);
- if (asd and (asd->common.flow_type == APPID_FLOW_TYPE_NORMAL))
+ if (asd)
{
appHA->flags = APPID_HA_FLAGS_APP;
if (asd->is_tp_appid_available())
appHA->appId[7] = asd->misc_app_id;
}
else
- memset(appHA->appId, 0, sizeof(appHA->appId));
+ memset(appHA, 0, sizeof(*appHA));
return sizeof(*appHA);
}
{
AppIdSession* asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id);
- if (asd and asd->common.flow_type == APPID_FLOW_TYPE_NORMAL)
+ if (asd)
return new AppIdSessionApi(asd);
return nullptr;
{
if (asd)
{
- if (asd->common.flow_type == APPID_FLOW_TYPE_IGNORE)
- return false;
-
- if (asd->common.flow_type == APPID_FLOW_TYPE_NORMAL)
- {
- protocol = asd->protocol;
- asd->flow = p->flow;
- }
- else if (p->is_tcp())
- protocol = IpProtocol::TCP;
- else
- protocol = IpProtocol::UDP;
+ protocol = asd->protocol;
+ asd->flow = p->flow;
if (asd->common.initiator_port)
direction = (asd->common.initiator_port == p->ptrs.sp) ?
return flow_flags;
}
-bool AppIdDiscovery::handle_unmonitored_session(AppIdSession* asd, const Packet* p,
- IpProtocol protocol, AppidSessionDirection dir, AppIdInspector& inspector,
- uint64_t& flow_flags)
-{
- if (asd)
- flow_flags = is_session_monitored(*asd, p, dir);
- else
- flow_flags = is_session_monitored(p, dir);
-
- if ( flow_flags & (APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED) )
- return false;
-
- if ( !asd )
- {
- uint16_t port = 0;
-
- const SfIp* ip = (dir == APP_ID_FROM_INITIATOR) ?
- p->ptrs.ip_api.get_src() : p->ptrs.ip_api.get_dst();
- if ((protocol == IpProtocol::TCP || protocol == IpProtocol::UDP)
- && p->ptrs.sp != p->ptrs.dp)
- {
- port = (dir == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp;
- }
-
- // FIXIT-E - Creating AppId session even when flow is ignored (not monitored, e.g.,
- // when AppId discovery is disabled) will consume a lot of unneeded memory and perform
- // unneeded tasks in constructor. Snort2 uses static APPID_SESSION_STRUCT_FLAG ignore_fsf.
- // Snort3 may use something like that or a dummy class/object having only common.flow_type
- // to let us know that it is APPID_FLOW_TYPE_IGNORE type and thus being returned early
- // from this method due to set_network_attributes() checking.
- AppIdSession* tmp_session = new AppIdSession(protocol, ip, port, inspector);
-
- if ((flow_flags & APPID_SESSION_BIDIRECTIONAL_CHECKED) ==
- APPID_SESSION_BIDIRECTIONAL_CHECKED)
- {
- tmp_session->common.flow_type = APPID_FLOW_TYPE_IGNORE;
- if (appidDebug->is_active())
- LogMessage("AppIdDbg %s Not monitored\n", appidDebug->get_debug_session());
- }
- else
- {
- tmp_session->common.flow_type = APPID_FLOW_TYPE_TMP;
- if (appidDebug->is_active())
- LogMessage("AppIdDbg %s Unknown monitoring\n", appidDebug->get_debug_session());
- }
- tmp_session->common.flags = flow_flags;
- p->flow->set_flow_data(tmp_session);
- }
- else
- {
- asd->common.flags = flow_flags;
- if ( ( flow_flags & APPID_SESSION_BIDIRECTIONAL_CHECKED) ==
- APPID_SESSION_BIDIRECTIONAL_CHECKED )
- asd->common.flow_type = APPID_FLOW_TYPE_IGNORE;
- if (appidDebug->is_active())
- LogMessage("AppIdDbg %s Not monitored\n", appidDebug->get_debug_session());
- }
-
- return true;
-}
-
// Return false if the packet or the session doesn't need to be inspected
bool AppIdDiscovery::do_pre_discovery(Packet* p, AppIdSession** p_asd, AppIdInspector& inspector,
IpProtocol& protocol, IpProtocol& outer_protocol, AppidSessionDirection& direction)
return false;
uint64_t flow_flags;
- if (handle_unmonitored_session(asd, p, protocol, direction, inspector, flow_flags))
+ if (asd)
+ flow_flags = is_session_monitored(*asd, p, direction);
+ else
+ flow_flags = is_session_monitored(p, direction);
+
+ if ( !(flow_flags & (APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED)) )
return false;
- // FIXIT-M - Potential memory leak for TMP sessions. handle_unmonitored_session() already
- // TMP session and that is not being freed before creating the new one below
- if (!asd || asd->common.flow_type == APPID_FLOW_TYPE_TMP)
+ if (!asd)
{
*p_asd = asd = AppIdSession::allocate_session(p, protocol, direction, &inspector);
if (p->flow->get_session_flags() & SSNFLAG_MIDSTREAM)
AppidSessionDirection direction);
static bool do_host_port_based_discovery(snort::Packet* p, AppIdSession& asd,
IpProtocol protocol, AppidSessionDirection direction);
- static bool handle_unmonitored_session(AppIdSession* asd, const snort::Packet* p,
- IpProtocol protocol, AppidSessionDirection dir, AppIdInspector& inspector,
- uint64_t& flow_flags);
};
#endif
{
service_ip.clear();
session_id = ++appid_flow_data_id;
- common.flow_type = APPID_FLOW_TYPE_NORMAL;
common.initiator_ip = *ip;
common.initiator_port = port;
{
AppId rval = APP_ID_NONE;
- if (common.flow_type != APPID_FLOW_TYPE_NORMAL)
- return APP_ID_NONE;
-
if (is_service_detected())
{
bool deferred = service.get_deferred() || tp_app_id_deferred;
AppId AppIdSession::pick_ss_misc_app_id()
{
- if (common.flow_type != APPID_FLOW_TYPE_NORMAL or
- service.get_id() == APP_ID_HTTP2)
+ if (service.get_id() == APP_ID_HTTP2)
return APP_ID_NONE;
if (misc_app_id > APP_ID_NONE)
AppId AppIdSession::pick_ss_client_app_id()
{
- if (common.flow_type != APPID_FLOW_TYPE_NORMAL or
- service.get_id() == APP_ID_HTTP2)
+ if (service.get_id() == APP_ID_HTTP2)
return APP_ID_NONE;
AppId tmp_id = APP_ID_NONE;
AppId AppIdSession::pick_ss_payload_app_id()
{
- if (common.flow_type != APPID_FLOW_TYPE_NORMAL or
- service.get_id() == APP_ID_HTTP2)
+ if (service.get_id() == APP_ID_HTTP2)
return APP_ID_NONE;
if (tp_payload_app_id_deferred)
AppId AppIdSession::pick_ss_referred_payload_app_id()
{
- if (common.flow_type != APPID_FLOW_TYPE_NORMAL or
- service.get_id() == APP_ID_HTTP2)
+ if (service.get_id() == APP_ID_HTTP2)
return APP_ID_NONE;
AppId tmp_id = APP_ID_NONE;
APPID_SESSION_INITIATOR_MONITORED | APPID_SESSION_DISCOVER_USER | \
APPID_SESSION_SPECIAL_MONITORED)
-// flow status codes
-enum AppIdFlowStatusCodes
-{
- APPID_SESSION_SUCCESS = 0,
- APPID_SESSION_ENULL,
- APPID_SESSION_EINVALID,
- APPID_SESSION_ENOMEM,
- APPID_SESSION_NOTFOUND,
- APPID_SESSION_BADJUJU,
- APPID_SESSION_DISABLED,
- APPID_SESSION_EUNSUPPORTED,
- APPID_SESSION_STOP_PROCESSING,
- APPID_SESSION_EEXISTS
-};
-
enum APPID_DISCOVERY_STATE
{
APPID_DISCO_STATE_NONE = 0,
initiator_ip.clear();
}
- snort::APPID_FLOW_TYPE flow_type = snort::APPID_FLOW_TYPE_IGNORE;
//flags shared with other preprocessor via session attributes.
uint64_t flags = 0;
snort::SfIp initiator_ip;
APPID_DISCOVERY_STATE service_disco_state = APPID_DISCO_STATE_NONE;
SESSION_SERVICE_SEARCH_STATE service_search_state = SESSION_SERVICE_SEARCH_STATE::START;
ServiceDetector* service_detector = nullptr;
- snort::AppIdServiceSubtype* subtype = nullptr;
+ AppIdServiceSubtype* subtype = nullptr;
std::vector<ServiceDetector*> service_candidates;
ServiceAppDescriptor service;
{
AppIdSession* new_asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id);
- if (new_asd and new_asd->common.flow_type == APPID_FLOW_TYPE_NORMAL)
+ if (new_asd)
{
asd = new_asd;
return true;
return asd->get_application_ids_service();
}
-AppId AppIdSessionApi::get_port_service_app_id()
-{
- return asd->service.get_port_service_id();
-}
-
AppId AppIdSessionApi::get_misc_app_id(uint32_t stream_index)
{
return asd->get_application_ids_misc(stream_index);
*referred = asd->pick_ss_referred_payload_app_id();
}
-bool AppIdSessionApi::is_ssl_session_decrypted()
-{
- return asd->is_ssl_session_decrypted();
-}
-
bool AppIdSessionApi::is_appid_inspecting_session()
{
if ( asd->service_disco_state != APPID_DISCO_STATE_FINISHED or
return false;
}
-const char* AppIdSessionApi::get_user_name(AppId* service, bool* isLoginSuccessful)
-{
- *service = asd->client.get_user_id();
- *isLoginSuccessful = asd->get_session_flags(APPID_SESSION_LOGIN_SUCCEEDED) ? true : false;
- return asd->client.get_username();
-}
-
bool AppIdSessionApi::is_appid_available()
{
return ( (asd->service.get_id() != APP_ID_NONE ||
return asd->get_session_flags(flags);
}
-void AppIdSessionApi::get_service_info(const char** vendor, const char** version,
- AppIdServiceSubtype** subtype)
-{
- *vendor = asd->service.get_vendor();
- *version = asd->service.get_version();
- *subtype = asd->subtype;
-}
-
-short AppIdSessionApi::get_service_port()
-{
- return asd->service_port;
-}
-
const char* AppIdSessionApi::get_tls_host()
{
if (asd->tsession)
return nullptr;
}
-SfIp* AppIdSessionApi::get_service_ip()
-{
- return &asd->service_ip;
-}
-
SfIp* AppIdSessionApi::get_initiator_ip()
{
return &asd->common.initiator_ip;
}
-DHCPData* AppIdSessionApi::get_dhcp_fp_data()
-{
- if (asd->get_session_flags(APPID_SESSION_HAS_DHCP_FP))
- return static_cast<DHCPData*>(asd->remove_flow_data(APPID_SESSION_DATA_DHCP_FP_DATA));
-
- return nullptr;
-}
-
-void AppIdSessionApi::free_dhcp_fp_data(DHCPData* data)
-{
- asd->clear_session_flags(APPID_SESSION_HAS_DHCP_FP);
- BootpServiceDetector::AppIdFreeDhcpData(data);
-}
-
-DHCPInfo* AppIdSessionApi::get_dhcp_info()
-{
- if (asd->get_session_flags(APPID_SESSION_HAS_DHCP_INFO))
- return static_cast<DHCPInfo*>(asd->remove_flow_data(APPID_SESSION_DATA_DHCP_INFO));
-
- return nullptr;
-}
-
-void AppIdSessionApi::free_dhcp_info(DHCPInfo* data)
-{
- asd->clear_session_flags(APPID_SESSION_HAS_DHCP_INFO);
- BootpServiceDetector::AppIdFreeDhcpInfo(data);
-}
-
-FpSMBData* AppIdSessionApi::get_smb_fp_data()
-{
- if (asd->get_session_flags(APPID_SESSION_HAS_SMB_INFO))
- return static_cast<FpSMBData*>(asd->remove_flow_data(APPID_SESSION_DATA_SMB_DATA));
-
- return nullptr;
-}
-
-void AppIdSessionApi::free_smb_fp_data(FpSMBData* data)
-{
- asd->clear_session_flags(APPID_SESSION_HAS_SMB_INFO);
- NbdgmServiceDetector::AppIdFreeSMBData(data);
-}
-
-const char* AppIdSessionApi::get_netbios_name()
-{
- return asd->netbios_name;
-}
-
AppIdDnsSession* AppIdSessionApi::get_dns_session()
{
return asd->get_dns_session();
!get_tls_host() and
(asd->service_disco_state!= APPID_DISCO_STATE_FINISHED)));
}
-
-
APPID_SESSION_PORT_SERVICE_DONE)
const uint64_t APPID_SESSION_ALL_FLAGS = 0xFFFFFFFFFFFFFFFFULL;
-enum APPID_FLOW_TYPE
-{
- APPID_FLOW_TYPE_IGNORE,
- APPID_FLOW_TYPE_NORMAL,
- APPID_FLOW_TYPE_TMP
-};
-
-struct AppIdServiceSubtype
-{
- AppIdServiceSubtype* next;
- const char* service;
- const char* vendor;
- const char* version;
-};
-
-#define DHCP_OP55_MAX_SIZE 64
-#define DHCP_OP60_MAX_SIZE 64
-
-struct DHCPData
-{
- DHCPData* next;
- unsigned op55_len;
- unsigned op60_len;
- uint8_t op55[DHCP_OP55_MAX_SIZE];
- uint8_t op60[DHCP_OP60_MAX_SIZE];
- uint8_t eth_addr[6];
-};
-
-struct DHCPInfo
-{
- DHCPInfo* next;
- uint32_t ipAddr;
- uint8_t eth_addr[6];
- uint32_t subnetmask;
- uint32_t leaseSecs;
- uint32_t router;
-};
-
-struct FpSMBData
-{
- FpSMBData* next;
- unsigned major;
- unsigned minor;
- uint32_t flags;
-};
-
class SO_PUBLIC AppIdSessionApi
{
public:
AppIdSessionApi(AppIdSession* asd) : asd(asd) {}
bool refresh(const Flow& flow);
AppId get_service_app_id();
- AppId get_port_service_app_id();
AppId get_misc_app_id(uint32_t stream_index = 0);
AppId get_client_app_id(uint32_t stream_index = 0);
AppId get_payload_app_id(uint32_t stream_index = 0);
AppId get_referred_app_id(uint32_t stream_index = 0);
void get_app_id(AppId& service, AppId& client, AppId& payload, AppId& misc, AppId& referred, uint32_t stream_index = 0);
void get_app_id(AppId* service, AppId* client, AppId* payload, AppId* misc, AppId* referred, uint32_t stream_index = 0);
- bool is_ssl_session_decrypted();
bool is_appid_inspecting_session();
bool is_appid_available();
- const char* get_user_name(AppId* service, bool* isLoginSuccessful);
const char* get_client_version(uint32_t stream_index = 0);
uint64_t get_appid_session_attribute(uint64_t flag);
- APPID_FLOW_TYPE get_flow_type();
- void get_service_info(const char** vendor, const char** version,
- AppIdServiceSubtype**);
- short get_service_port();
- SfIp* get_service_ip();
SfIp* get_initiator_ip();
AppIdDnsSession* get_dns_session();
AppIdHttpSession* get_http_session(uint32_t stream_index = 0);
const char* get_tls_host();
- DHCPData* get_dhcp_fp_data();
- void free_dhcp_fp_data(DHCPData*);
- DHCPInfo* get_dhcp_info();
- void free_dhcp_info(DHCPInfo*);
- FpSMBData* get_smb_fp_data();
- void free_smb_fp_data(FpSMBData*);
- const char* get_netbios_name();
bool is_http_inspection_done();
private:
APP_ID_APPID_SESSION_DIRECTION_MAX
};
+struct AppIdServiceSubtype
+{
+ AppIdServiceSubtype* next;
+ const char* service;
+ const char* vendor;
+ const char* version;
+};
+
#endif
&& asd.get_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS) )
create_detector_candidates_list(asd, p);
- return APPID_SESSION_SUCCESS;
+ return 0;
}
// This function sets the client discovery state to APPID_DISCO_STATE_FINISHED
namespace snort
{
-struct AppIdServiceSubtype;
struct Packet;
}
class AppIdHttpSession;
bool get_appid_from_url(const char*, const char*, char**, const char*, AppId*, AppId*,
AppId*, AppId*, bool, OdpContext&);
AppId get_appid_by_content_type(const char*, int);
- void get_server_vendor_version(const char*, int, char**, char**, snort::AppIdServiceSubtype**);
+ void get_server_vendor_version(const char*, int, char**, char**, AppIdServiceSubtype**);
void identify_user_agent(const char*, int, AppId&, AppId&, char**);
void get_http_offsets(snort::Packet*, AppIdHttpSession*);
uint32_t parse_multiple_http_patterns(const char* pattern, tMlmpPattern*,
#include "service_detector.h"
-class ServiceDiscovery;
+#define DHCP_OP55_MAX_SIZE 64
+#define DHCP_OP60_MAX_SIZE 64
+
class AppIdSession;
+class ServiceDiscovery;
+
+struct DHCPData
+{
+ DHCPData* next;
+ unsigned op55_len;
+ unsigned op60_len;
+ uint8_t op55[DHCP_OP55_MAX_SIZE];
+ uint8_t op60[DHCP_OP60_MAX_SIZE];
+ uint8_t eth_addr[6];
+};
+
+struct DHCPInfo
+{
+ DHCPInfo* next;
+ uint32_t ipAddr;
+ uint8_t eth_addr[6];
+ uint32_t subnetmask;
+ uint32_t leaseSecs;
+ uint32_t router;
+};
class BootpServiceDetector : public ServiceDetector
{
int validate(AppIdDiscoveryArgs&) override;
// FIXIT-L - move to service discovery class
- static void AppIdFreeDhcpData(snort::DHCPData*);
- static void AppIdFreeDhcpInfo(snort::DHCPInfo*);
+ static void AppIdFreeDhcpData(DHCPData*);
+ static void AppIdFreeDhcpInfo(DHCPInfo*);
private:
int add_dhcp_info(AppIdSession&, unsigned op55_len, const uint8_t* op55, unsigned
int add_service(AppidChangeBits&, AppIdSession&, const snort::Packet*,
AppidSessionDirection, AppId, const char* vendor = nullptr,
- const char* version = nullptr, const snort::AppIdServiceSubtype* = nullptr);
+ const char* version = nullptr, const AppIdServiceSubtype* = nullptr);
int add_service_consume_subtype(AppIdSession&, const snort::Packet*,
AppidSessionDirection dir, AppId, const char* vendor, const char* version,
- snort::AppIdServiceSubtype*, AppidChangeBits&);
+ AppIdServiceSubtype*, AppidChangeBits&);
int incompatible_data(AppIdSession&, const snort::Packet*, AppidSessionDirection dir);
int fail_service(AppIdSession&, const snort::Packet*, AppidSessionDirection dir);
#include "service_detector.h"
-class ServiceDiscovery;
class AppIdSession;
+class ServiceDiscovery;
+
+struct FpSMBData
+{
+ FpSMBData* next;
+ unsigned major;
+ unsigned minor;
+ uint32_t flags;
+};
class NbssServiceDetector : public ServiceDetector
{
int validate(AppIdDiscoveryArgs&) override;
- static void AppIdFreeSMBData(snort::FpSMBData*);
+ static void AppIdFreeSMBData(FpSMBData*);
private:
void add_smb_info(AppIdSession&, unsigned major, unsigned minor, uint32_t flags);
}
void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
+
const char* AppInfoManager::get_app_name(AppId)
{
return test_app_name;
CHECK_EQUAL(id, 1492);
}
-// FIXIT - enable this test when consume ha appid api call is fixed
TEST(appid_api, produce_ha_state)
{
AppIdSessionHA appHA, cmp_buf;
memset((void*)&appHA, 0, sizeof(appHA));
memset((void*)&cmp_buf, 0, sizeof(cmp_buf));
- mock_session->common.flow_type = APPID_FLOW_TYPE_IGNORE;
mock_session->common.flags |= APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_HTTP_SESSION;
- // Reset IDs that may be updated by ssl_app_group_id_lookup test.
+ mock_session->set_tp_app_id(APPID_UT_ID);
+ mock_session->service.set_id(APPID_UT_ID + 1, stub_odp_ctxt);
+ mock_session->client_inferred_service_id = APPID_UT_ID + 2;
+ mock_session->service.set_port_service_id(APPID_UT_ID + 3);
mock_session->payload.set_id(APPID_UT_ID + 4);
+ mock_session->set_tp_payload_app_id(APPID_UT_ID + 5);
mock_session->client.set_id(APPID_UT_ID + 6);
+ mock_session->misc_app_id = APPID_UT_ID + 7;
uint32_t val = appid_api.produce_ha_state(*flow, (uint8_t*)&appHA);
CHECK_TRUE(val == sizeof(appHA));
- CHECK_TRUE(memcmp(&appHA, &cmp_buf, val) == 0);
- mock_session->common.flow_type = APPID_FLOW_TYPE_NORMAL;
- val = appid_api.produce_ha_state(*flow, (uint8_t*)&appHA);
- CHECK_TRUE(val == sizeof(appHA));
CHECK_TRUE(appHA.appId[0] == APPID_UT_ID);
CHECK_TRUE(appHA.appId[1] == APPID_UT_ID + 1);
CHECK_TRUE(appHA.appId[2] == APPID_UT_ID + 2);
mock().expectNCalls(4, "publish");
AppId service, client, payload = APP_ID_NONE;
bool val = false;
- mock_session->common.flow_type = APPID_FLOW_TYPE_IGNORE;
- val = appid_api.ssl_app_group_id_lookup(flow, nullptr, nullptr, nullptr, nullptr,
- false, service, client, payload);
- CHECK_TRUE(!val);
- CHECK_EQUAL(service, APP_ID_NONE);
- CHECK_EQUAL(client, APP_ID_NONE);
- CHECK_EQUAL(payload, APP_ID_NONE);
- mock_session->common.flow_type = APPID_FLOW_TYPE_NORMAL;
val = appid_api.ssl_app_group_id_lookup(flow, nullptr, nullptr, nullptr, nullptr,
false, service, client, payload);
CHECK_TRUE(val);
appid_session_api = appid_api.create_appid_session_api(*flow);
CHECK_FALSE(appid_session_api);
- AppIdSession ignore_asd(IpProtocol::TCP, nullptr, 1492, dummy_appid_inspector);
- ignore_asd.common.flow_type = APPID_FLOW_TYPE_IGNORE;
- flow->set_flow_data(&ignore_asd);
- appid_session_api = appid_api.create_appid_session_api(*flow);
- CHECK_FALSE(appid_session_api);
-
delete flow;
flow = old_flow;
}
AppIdSession::AppIdSession(IpProtocol proto, const SfIp*, uint16_t, AppIdInspector& inspector)
: FlowData(inspector_id, &inspector), ctxt(stub_ctxt), protocol(proto)
{
- common.flow_type = APPID_FLOW_TYPE_NORMAL;
service_port = APPID_UT_SERVICE_PORT;
AppidChangeBits change_bits;
snort_free(netbios_name);
}
-DHCPInfo* dhcp_info = nullptr;
-DHCPData* dhcp_data = nullptr;
-FpSMBData* smb_data = nullptr;
-
void* AppIdSession::get_flow_data(unsigned)
{
return nullptr;
}
-int AppIdSession::add_flow_data(void* data, unsigned type, AppIdFreeFCN)
+int AppIdSession::add_flow_data(void*, unsigned, AppIdFreeFCN)
{
- if ( type == APPID_SESSION_DATA_DHCP_FP_DATA )
- {
- dhcp_data = (DHCPData*)data;
- set_session_flags(APPID_SESSION_HAS_DHCP_FP);
- }
- else if ( type == APPID_SESSION_DATA_DHCP_INFO )
- {
- dhcp_info = (DHCPInfo*)data;
- set_session_flags(APPID_SESSION_HAS_DHCP_INFO);
- }
- else if ( type == APPID_SESSION_DATA_SMB_DATA )
- {
- smb_data = (FpSMBData*)data;
- set_session_flags(APPID_SESSION_HAS_SMB_INFO);
- }
return 0;
}
-void* AppIdSession::remove_flow_data(unsigned type)
-{
- void* data = nullptr;
-
- if ( type == APPID_SESSION_DATA_DHCP_FP_DATA )
- {
- data = dhcp_data;
- dhcp_data = nullptr;
- clear_session_flags(APPID_SESSION_HAS_DHCP_FP);
- }
- else if ( type == APPID_SESSION_DATA_DHCP_INFO )
- {
- data = dhcp_info;
- dhcp_info = nullptr;
- clear_session_flags(APPID_SESSION_HAS_DHCP_INFO);
- }
- else if ( type == APPID_SESSION_DATA_SMB_DATA )
- {
- data = smb_data;
- smb_data = nullptr;
- clear_session_flags(APPID_SESSION_HAS_SMB_INFO);
- }
-
- return data;
-}
-
void AppIdSession::set_ss_application_ids(AppId service_id, AppId client_id,
AppId payload_id, AppId misc_id, AppidChangeBits& change_bits)
{
void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
-void BootpServiceDetector::AppIdFreeDhcpData(DHCPData* data)
-{
- delete data;
-}
-
-void BootpServiceDetector::AppIdFreeDhcpInfo(DHCPInfo* info)
-{
- delete info;
-}
-
-void NbdgmServiceDetector::AppIdFreeSMBData(FpSMBData* data)
-{
- delete data;
-}
-
AppIdSession* mock_session = nullptr;
AppIdSessionApi* appid_session_api = nullptr;
static AppIdConfig config;
CHECK_EQUAL(id, APPID_UT_ID);
}
-TEST(appid_session_api, get_port_service_app_id)
-{
- AppId id = appid_session_api->get_port_service_app_id();
- CHECK_EQUAL(id, APPID_UT_ID + 3);
-}
-
TEST(appid_session_api, get_misc_app_id)
{
AppId id = appid_session_api->get_misc_app_id();
CHECK_EQUAL(APP_ID_NONE, id);
}
-TEST(appid_session_api, get_service_port)
-{
- short sp = appid_session_api->get_service_port();
- CHECK_EQUAL(sp, APPID_UT_SERVICE_PORT);
-}
-
-
TEST(appid_session_api, get_tls_host)
{
AppidChangeBits change_bits;
STRCMP_EQUAL(val, APPID_UT_TLS_HOST);
}
-TEST(appid_session_api, get_service_ip)
-{
- SfIp expected_ip;
-
- expected_ip.pton(AF_INET, APPID_UT_SERVICE_IP_ADDR);
-
- SfIp* val = appid_session_api->get_service_ip();
- CHECK_TRUE(val->fast_eq4(expected_ip));
-}
-
TEST(appid_session_api, get_initiator_ip)
{
SfIp expected_ip;
CHECK_TRUE(val->fast_eq4(expected_ip));
}
-TEST(appid_session_api, get_netbios_name)
-{
- const char* val;
- val = appid_session_api->get_netbios_name();
- STRCMP_EQUAL(val, APPID_UT_NETBIOS_NAME);
-}
-
-TEST(appid_session_api, is_ssl_session_decrypted)
-{
- bool val = appid_session_api->is_ssl_session_decrypted();
- CHECK_TRUE(!val);
- is_session_decrypted = true;
- val = appid_session_api->is_ssl_session_decrypted();
- CHECK_TRUE(val);
-}
-
TEST(appid_session_api, is_appid_inspecting_session)
{
mock_session->service_disco_state = APPID_DISCO_STATE_STATEFUL;
CHECK_TRUE(val);
}
-TEST(appid_session_api, get_user_name)
-{
- AppId service;
- bool isLoginSuccessful;
-
- const char* val;
- val = appid_session_api->get_user_name(&service, &isLoginSuccessful);
- STRCMP_EQUAL(val, APPID_UT_USERNAME);
- CHECK_TRUE(service == APPID_UT_ID);
- CHECK_TRUE(!isLoginSuccessful);
- mock_session->set_session_flags(APPID_SESSION_LOGIN_SUCCEEDED);
- appid_session_api->get_user_name(&service, &isLoginSuccessful);
- CHECK_TRUE(service == APPID_UT_ID);
- CHECK_TRUE(isLoginSuccessful);
-}
-
TEST(appid_session_api, is_appid_available)
{
bool val;
}
}
-TEST(appid_session_api, get_service_info)
-{
- const char* serviceVendor;
- const char* serviceVersion;
- AppIdServiceSubtype* serviceSubtype;
-
- appid_session_api->get_service_info(&serviceVendor, &serviceVersion, &serviceSubtype);
- STRCMP_EQUAL(serviceVendor, APPID_UT_SERVICE_VENDOR);
- STRCMP_EQUAL(serviceVersion, APPID_UT_SERVICE_VERSION);
- STRCMP_EQUAL(serviceSubtype->service, APPID_UT_SERVICE);
- STRCMP_EQUAL(serviceSubtype->vendor, APPID_UT_SERVICE_VENDOR);
- STRCMP_EQUAL(serviceSubtype->version, APPID_UT_SERVICE_VERSION);
-}
-
TEST(appid_session_api, appid_dns_api)
{
AppIdDnsSession* dsession = appid_session_api->get_dns_session();
CHECK_TRUE(ttl == APPID_UT_DNS_TTL);
}
-TEST(appid_session_api, dhcp_fp_data)
-{
- DHCPData* val;
- val = appid_session_api->get_dhcp_fp_data();
- CHECK_TRUE(!val);
- val = new DHCPData;
- mock_session->add_flow_data(val, APPID_SESSION_DATA_DHCP_FP_DATA, nullptr);
- val = appid_session_api->get_dhcp_fp_data();
- CHECK_TRUE(val);
- appid_session_api->free_dhcp_fp_data(val);
- val = appid_session_api->get_dhcp_fp_data();
- CHECK_TRUE(!val);
-}
-
-TEST(appid_session_api, dhcp_info)
-{
- DHCPInfo* val;
- val = appid_session_api->get_dhcp_info();
- CHECK_TRUE(!val);
- val = new DHCPInfo;
- mock_session->add_flow_data(val, APPID_SESSION_DATA_DHCP_INFO, nullptr);
- val = appid_session_api->get_dhcp_info();
- CHECK_TRUE(val);
- appid_session_api->free_dhcp_info(val);
- val = appid_session_api->get_dhcp_info();
- CHECK_TRUE(!val);
-}
-
-TEST(appid_session_api, smb_fp_data)
-{
- FpSMBData* val;
- val = appid_session_api->get_smb_fp_data();
- CHECK_TRUE(!val);
- val = new FpSMBData;
- mock_session->add_flow_data(val, APPID_SESSION_DATA_SMB_DATA, nullptr);
- val = appid_session_api->get_smb_fp_data();
- CHECK_TRUE(val);
- appid_session_api->free_smb_fp_data(val);
- val = appid_session_api->get_smb_fp_data();
- CHECK_TRUE(!val);
-}
-
TEST(appid_session_api, is_http_inspection_done)
{
bool val;
projects / thirdparty / snort3.git / commitdiff
