}
service_id = asd->get_application_ids_service();
+ AppId misc_id = asd->get_application_ids_misc();
+
if (client_id == APP_ID_NONE)
client_id = asd->get_application_ids_client();
+ else
+ asd->client.set_id(client_id);
+
if (payload_id == APP_ID_NONE)
payload_id = asd->get_application_ids_payload();
+ else
+ asd->payload.set_id(payload_id);
+
+ asd->set_application_ids(service_id, client_id, payload_id, misc_id, change_bits);
+
+ asd->publish_appid_event(change_bits, flow);
}
else
{
misc_id, change_bits);
}
-void AppIdDiscovery::publish_appid_event(AppidChangeBits& change_bits, Flow* flow)
-{
- if (change_bits.none())
- return;
-
- AppidEvent app_event(change_bits);
- DataBus::publish(APPID_EVENT_ANY_CHANGE, app_event, flow);
- if (appidDebug->is_active())
- {
- std::string str;
- change_bits_to_string(change_bits, str);
- LogMessage("AppIdDbg %s Published event for changes: %s\n",
- appidDebug->get_debug_session(), str.c_str());
- }
-}
-
static inline unsigned get_ipfuncs_flags(const Packet* p, bool dst)
{
const SfIp* sf_ip;
AppidChangeBits change_bits;
asd->set_application_ids(asd->pick_service_app_id(), asd->pick_client_app_id(),
asd->pick_payload_app_id(), asd->pick_misc_app_id(), change_bits);
- publish_appid_event(change_bits, p->flow);
+ asd->publish_appid_event(change_bits, p->flow);
asd->set_session_flags(APPID_SESSION_IGNORE_FLOW_IDED);
}
if (appidDebug->is_active() &&
return false;
}
+ // The packet_flags will not be set on a retry packet so we have to skip
+ // processing it, but can continue processing the rest of the flow since
+ // AppId should have seen this packet already.
+ if (p->is_retry())
+ return false;
+
if (p->ptrs.tcph and !asd->get_session_flags(APPID_SESSION_OOO))
{
if ((p->packet_flags & PKT_STREAM_ORDER_BAD) ||
}
asd.set_application_ids(service_id, client_id, payload_id, misc_id, change_bits);
- publish_appid_event(change_bits, p->flow);
+ asd.publish_appid_event(change_bits, p->flow);
}
static void do_application_discovery(snort::Packet* p, AppIdInspector&,
ThirdPartyAppIdContext*);
- static void publish_appid_event(AppidChangeBits&, snort::Flow*);
AppIdDetectors* get_tcp_detectors()
{
asd->pick_payload_app_id(), asd->pick_misc_app_id(), change_bits);
}
- AppIdDiscovery::publish_appid_event(change_bits, flow);
+ asd->publish_appid_event(change_bits, flow);
}
}
}
}
+
+void AppIdSession::publish_appid_event(AppidChangeBits& change_bits, Flow* flow)
+{
+ if (change_bits.none())
+ return;
+
+ AppidEvent app_event(change_bits);
+ DataBus::publish(APPID_EVENT_ANY_CHANGE, app_event, flow);
+ if (appidDebug->is_active())
+ {
+ std::string str;
+ change_bits_to_string(change_bits, str);
+ LogMessage("AppIdDbg %s Published event for changes: %s\n",
+ appidDebug->get_debug_session(), str.c_str());
+ }
+}
+
AppidChangeBits& change_bits);
void set_tp_payload_app_id(snort::Packet& p, AppidSessionDirection dir, AppId app_id,
AppidChangeBits& change_bits);
+ void publish_appid_event(AppidChangeBits&, snort::Flow*);
inline void set_tp_app_id(AppId app_id) {
if (tp_app_id != app_id)
AppidChangeBits change_bits;
client_handler(sip_event, *asd, change_bits);
service_handler(sip_event, *asd, change_bits);
- AppIdDiscovery::publish_appid_event(change_bits, flow);
+ asd->publish_appid_event(change_bits, flow);
}
void SipEventHandler::client_handler(SipEvent& sip_event, AppIdSession& asd,
#include <CppUTest/CommandLineTestRunner.h>
#include <CppUTest/TestHarness.h>
+#include <CppUTestExt/MockSupport.h>
using namespace snort;
{ return nullptr; }
}
+void DataBus::publish(const char*, DataEvent& event, Flow*)
+{
+ AppidEvent* appid_event = (AppidEvent*)&event;
+ char* test_log = (char*)mock().getData("test_log").getObjectPointer();
+ snprintf(test_log, 256, "Published change_bits == %s",
+ appid_event->get_change_bitset().to_string().c_str());
+ mock().actualCall("publish");
+}
+
+void AppIdSession::publish_appid_event(AppidChangeBits& change_bits, Flow* flow)
+{
+ AppidEvent app_event(change_bits);
+ DataBus::publish(APPID_EVENT_ANY_CHANGE, app_event, flow);
+}
+
bool SslPatternMatchers::scan_hostname(unsigned char const*, unsigned long, AppId& client_id, AppId& payload_id)
{
client_id = APPID_UT_ID + 1;
TEST_GROUP(appid_api)
{
+ char test_log[256];
void setup() override
{
MemoryLeakWarningPlugin::turnOffNewDeleteOverloads();
flow = new Flow;
flow->set_flow_data(mock_session);
+ mock().setDataObject("test_log", "char", test_log);
}
void teardown() override
{
delete flow;
+ mock().clear();
MemoryLeakWarningPlugin::turnOnNewDeleteOverloads();
}
};
memset((void*)&cmp_buf, 0, sizeof(cmp_buf));
mock_session->common.flow_type = APPID_FLOW_TYPE_IGNORE;
mock_session->common.flags |= APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_HTTP_SESSION;
+
+ // Reset IDs that may be updated by ssl_app_group_id_lookup test.
+ mock_session->payload.set_id(APPID_UT_ID + 4);
+ mock_session->client.set_id(APPID_UT_ID + 6);
+
uint32_t val = appid_api.produce_ha_state(*flow, (uint8_t*)&appHA);
CHECK_TRUE(val == sizeof(appHA));
CHECK_TRUE(memcmp(&appHA, &cmp_buf, val) == 0);
TEST(appid_api, ssl_app_group_id_lookup)
{
+ mock().expectNCalls(4, "publish");
AppId service, client, payload = APP_ID_NONE;
bool val = false;
mock_session->common.flow_type = APPID_FLOW_TYPE_IGNORE;
CHECK_EQUAL(service, APP_ID_NONE);
CHECK_EQUAL(client, APP_ID_NONE);
CHECK_EQUAL(payload, APP_ID_NONE);
+
mock_session->common.flow_type = APPID_FLOW_TYPE_NORMAL;
val = appid_api.ssl_app_group_id_lookup(flow, nullptr, nullptr, service, client, payload);
CHECK_TRUE(val);
CHECK_EQUAL(service, APPID_UT_ID);
CHECK_EQUAL(client, APPID_UT_ID);
CHECK_EQUAL(payload, APPID_UT_ID);
+ STRCMP_EQUAL("Published change_bits == 000000001111", test_log);
+
service = APP_ID_NONE;
client = APP_ID_NONE;
payload = APP_ID_NONE;
CHECK_TRUE(val);
CHECK_EQUAL(client, APPID_UT_ID + 1);
CHECK_EQUAL(payload, APPID_UT_ID + 1);
+ STRCMP_EQUAL("Published change_bits == 000001000110", test_log);
+
AppidChangeBits change_bits;
mock_session->tsession->set_tls_host("www.cisco.com", 13, change_bits);
mock_session->tsession->set_tls_cname("www.cisco.com", 13);
STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Cisco");
+ STRCMP_EQUAL("Published change_bits == 000001000110", test_log);
+
string host = "";
val = appid_api.ssl_app_group_id_lookup(flow, (const char*)(host.c_str()),
(const char*)APPID_UT_TLS_HOST, service, client, payload, (const char*)("Google"));
STRCMP_EQUAL(mock_session->tsession->get_tls_host(), nullptr);
STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Google");
+ STRCMP_EQUAL("Published change_bits == 000000000110", test_log);
+ mock().checkExpectations();
}
TEST(appid_api, create_appid_session_api)
#include <CppUTest/CommandLineTestRunner.h>
#include <CppUTest/TestHarness.h>
+#include <CppUTestExt/MockSupport.h>
namespace snort
{
} // namespace snort
// Stubs for publish
-static bool databus_publish_called = false;
-static char test_log[256];
void DataBus::publish(const char*, DataEvent& event, Flow*)
{
- databus_publish_called = true;
AppidEvent* appid_event = (AppidEvent*)&event;
+ char* test_log = (char*)mock().getData("test_log").getObjectPointer();
snprintf(test_log, 256, "Published change_bits == %s",
appid_event->get_change_bitset().to_string().c_str());
+ mock().actualCall("publish");
}
// Stubs for matchers
{
return nullptr;
}
+
+void AppIdSession::publish_appid_event(AppidChangeBits& change_bits, Flow* flow)
+{
+ AppidEvent app_event(change_bits);
+ DataBus::publish(APPID_EVENT_ANY_CHANGE, app_event, flow);
+}
+
void AppIdHttpSession::set_tun_dest(){}
// Stubs for ServiceDiscovery
TEST_GROUP(appid_discovery_tests)
{
+ char test_log[256];
void setup() override
{
appidDebug = new AppIdDebug();
s_app_module = new AppIdModule;
s_ins = new AppIdInspector(*s_app_module);
AppIdPegCounts::init_pegs();
+ mock().setDataObject("test_log", "char", test_log);
}
void teardown() override
delete s_app_module;
AppIdPegCounts::cleanup_pegs();
AppIdPegCounts::cleanup_peg_info();
+ mock().clear();
}
};
TEST(appid_discovery_tests, event_published_when_ignoring_flow)
{
// Testing event from do_pre_discovery() path
- databus_publish_called = false;
+ mock().expectOneCall("publish");
test_log[0] = '\0';
Packet p;
p.packet_flags = 0;
AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
// Detect changes in service, client, payload, and misc appid
- CHECK_EQUAL(databus_publish_called, true);
+ mock().checkExpectations();
STRCMP_EQUAL(test_log, "Published change_bits == 000000001111");
delete asd;
delete flow;
TEST(appid_discovery_tests, event_published_when_processing_flow)
{
// Testing event from do_discovery() path
- databus_publish_called = false;
+ mock().expectOneCall("publish");
test_log[0] = '\0';
Packet p;
p.packet_flags = 0;
AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
// Detect changes in service, client, payload, and misc appid
- CHECK_EQUAL(databus_publish_called, true);
+ mock().checkExpectations();
STRCMP_EQUAL(test_log, "Published change_bits == 000000001111");
delete asd;
delete flow;
TEST(appid_discovery_tests, change_bits_for_non_http_appid)
{
// Testing FTP appid
- databus_publish_called = false;
+ mock().expectNCalls(2, "publish");
Packet p;
p.packet_flags = 0;
DAQ_PktHdr_t pkth;
AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
// Detect event for FTP service and CURL client
- CHECK_EQUAL(databus_publish_called, true);
CHECK_EQUAL(asd->client.get_id(), APP_ID_CURL);
CHECK_EQUAL(asd->service.get_id(), APP_ID_FTP);
// Testing DNS appid
- databus_publish_called = false;
asd->misc_app_id = APP_ID_NONE;
asd->payload.set_id(APP_ID_NONE);
asd->client.set_id(APP_ID_NONE);
AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
// Detect event for DNS service
- CHECK_EQUAL(databus_publish_called, true);
+ mock().checkExpectations();
CHECK_EQUAL(asd->service.get_id(), APP_ID_DNS);
delete asd;
};
FakeHttpMsgHeader* fake_msg_header = nullptr;
-void AppIdDiscovery::publish_appid_event(AppidChangeBits&, Flow*) {}
-
void AppIdHttpSession::set_http_change_bits(AppidChangeBits&, HttpFieldIds) {}
const uint8_t* HttpEvent::get_content_type(int32_t& length)
return mock_session;
}
+void AppIdSession::publish_appid_event(AppidChangeBits&, Flow*) { }
+
TEST_GROUP(appid_http_event)
{
void setup() override
projects / thirdparty / snort3.git / commitdiff
