IpProtocol proto = map_resp_event.get_ip_proto();
SnortProtocolId protocol_id = map_resp_event.get_proto_id();
+ OdpContext& odp_ctxt = asd->get_odp_ctxt();
AppIdSession* fp = AppIdSession::create_future_session(pkt, src_ip, src_port,
- dst_ip, dst_port, proto, protocol_id);
+ dst_ip, dst_port, proto, protocol_id, odp_ctxt);
if (fp) // initialize data session
{
- fp->set_service_id(APP_ID_DCE_RPC, asd->get_odp_ctxt());
+ fp->set_service_id(APP_ID_DCE_RPC, odp_ctxt);
asd->initialize_future_session(*fp, APPID_SESSION_IGNORE_ID_FLAGS);
}
}
AppIdSession* AppIdSession::create_future_session(const Packet* ctrlPkt, const SfIp* cliIp,
uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol proto,
- SnortProtocolId snort_protocol_id, bool swap_app_direction, bool bidirectional,
- bool expect_persist)
+ SnortProtocolId snort_protocol_id, OdpContext& odp_ctxt, bool swap_app_direction,
+ bool bidirectional, bool expect_persist)
{
enum PktType type = get_pkt_type_from_ip_proto(proto);
// FIXIT-RC - port parameter passed in as 0 since we may not know client port, verify
- AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector,
- inspector->get_ctxt().get_odp_ctxt(), ctrlPkt->pkth->address_space_id);
+ AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector, odp_ctxt,
+ ctrlPkt->pkth->address_space_id);
is_session_monitored(asd->flags, ctrlPkt, *inspector);
if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp,
static AppIdSession* allocate_session(const snort::Packet*, IpProtocol,
AppidSessionDirection, AppIdInspector&, OdpContext&);
static AppIdSession* create_future_session(const snort::Packet*, const snort::SfIp*, uint16_t,
- const snort::SfIp*, uint16_t, IpProtocol, SnortProtocolId, bool swap_app_direction=false,
- bool bidirectional=false, bool expect_persist=false);
+ const snort::SfIp*, uint16_t, IpProtocol, SnortProtocolId, OdpContext&,
+ bool swap_app_direction=false, bool bidirectional=false, bool expect_persist=false);
void initialize_future_session(AppIdSession&, uint64_t);
snort::Flow* flow = nullptr;
void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, const SfIp* cliIp,
uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol protocol)
{
- AppIdSession* fp = AppIdSession::create_future_session(
- pkt, cliIp, cliPort, srvIp, srvPort, protocol,
- asd.config.snort_proto_ids[PROTO_INDEX_SIP], false, true);
+ OdpContext& odp_ctxt = asd.get_odp_ctxt();
+ AppIdSession* fp = AppIdSession::create_future_session(pkt, cliIp, cliPort, srvIp, srvPort, protocol,
+ asd.config.snort_proto_ids[PROTO_INDEX_SIP], odp_ctxt, false, true);
if ( fp )
{
fp->set_client_id(asd.get_client_id());
fp->set_payload_id(asd.get_payload_id());
- fp->set_service_id(APP_ID_RTP, asd.get_odp_ctxt());
+ fp->set_service_id(APP_ID_RTP, odp_ctxt);
// FIXIT-M : snort 2.9.x updated the flag to APPID_SESSION_EXPECTED_EVALUATE.
// Check if it is needed here as well.
// create an RTCP flow as well
- AppIdSession* fp2 = AppIdSession::create_future_session(
- pkt, cliIp, cliPort + 1, srvIp, srvPort + 1, protocol,
- asd.config.snort_proto_ids[PROTO_INDEX_SIP], false, true);
+ AppIdSession* fp2 = AppIdSession::create_future_session(pkt, cliIp, cliPort + 1, srvIp, srvPort + 1, protocol,
+ asd.config.snort_proto_ids[PROTO_INDEX_SIP], odp_ctxt, false, true);
if ( fp2 )
{
fp2->set_client_id(asd.get_client_id());
fp2->set_payload_id(asd.get_payload_id());
- fp2->set_service_id(APP_ID_RTCP, asd.get_odp_ctxt());
+ fp2->set_service_id(APP_ID_RTCP, odp_ctxt);
// FIXIT-M : same comment as above
// asd.initialize_future_session(*fp2, APPID_SESSION_EXPECTED_EVALUATE);
snort_protocol_id = entry->snort_protocol_id;
}
+ OdpContext& odp_ctxt = lsd->ldp.asd->get_odp_ctxt();
AppIdSession* fp = AppIdSession::create_future_session(lsd->ldp.pkt, &client_addr,
- client_port, &server_addr, server_port, proto, snort_protocol_id);
+ client_port, &server_addr, server_port, proto, snort_protocol_id, odp_ctxt);
if (fp)
{
- fp->set_service_id(service_id, ud->get_odp_ctxt());
+ fp->set_service_id(service_id, odp_ctxt);
fp->set_client_id(client_id);
fp->set_payload_id(payload_id);
fp->set_session_flags(APPID_SESSION_SERVICE_DETECTED | APPID_SESSION_NOT_A_SERVICE |
uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol protocol, AppidSessionDirection dir)
{
bool swap_flow_app_direction = (dir == APP_ID_FROM_RESPONDER) ? true : false;
+ OdpContext& odp_ctxt = asd.get_odp_ctxt();
AppIdSession* fp = AppIdSession::create_future_session(pkt, cliIp, cliPort, srvIp, srvPort,
- protocol, asd.config.snort_proto_ids[PROTO_INDEX_FTP_DATA], swap_flow_app_direction);
+ protocol, asd.config.snort_proto_ids[PROTO_INDEX_FTP_DATA], odp_ctxt, swap_flow_app_direction);
if (fp) // initialize data session
{
uint64_t encrypted_flags = asd.get_session_flags(APPID_SESSION_ENCRYPTED | APPID_SESSION_DECRYPTED);
if (encrypted_flags == APPID_SESSION_ENCRYPTED)
{
- fp->set_service_id(APP_ID_FTPSDATA, asd.get_odp_ctxt());
+ fp->set_service_id(APP_ID_FTPSDATA, odp_ctxt);
}
else
{
encrypted_flags = 0; // reset (APPID_SESSION_ENCRYPTED | APPID_SESSION_DECRYPTED) bits
- fp->set_service_id(APP_ID_FTP_DATA, asd.get_odp_ctxt());
+ fp->set_service_id(APP_ID_FTP_DATA, odp_ctxt);
}
asd.initialize_future_session(*fp, APPID_SESSION_IGNORE_ID_FLAGS | encrypted_flags);
sip = args.pkt->ptrs.ip_api.get_src();
AppIdSession* pf = AppIdSession::create_future_session(args.pkt,
dip, 0, sip,(uint16_t)port, IpProtocol::TCP,
- args.asd.config.snort_proto_ids[PROTO_INDEX_REXEC]);
+ args.asd.config.snort_proto_ids[PROTO_INDEX_REXEC], args.asd.get_odp_ctxt());
if (pf)
{
uint32_t addr = htonl(address);
sip.set(&addr, AF_INET);
const SfIp* dip = pkt->ptrs.ip_api.get_dst();
- AppIdSession* fsession = AppIdSession::create_future_session(
- pkt, dip, 0, &sip, port, rd->proto,
- asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC], false, false, true);
+ AppIdSession* fsession = AppIdSession::create_future_session(pkt, dip, 0, &sip,
+ port, rd->proto, asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC],
+ asd.get_odp_ctxt(), false, false, true);
if (fsession)
{
const SfIp* sip = pkt->ptrs.ip_api.get_src();
tmp = ntohl(pmr->port);
- AppIdSession* pf = AppIdSession::create_future_session(
- pkt, dip, 0, sip, (uint16_t)tmp, rd->proto,
- asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC], false, false, true);
+ AppIdSession* pf = AppIdSession::create_future_session(pkt, dip, 0, sip,
+ (uint16_t)tmp, rd->proto, asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC],
+ asd.get_odp_ctxt(), false, false, true);
if (pf)
{
const SfIp* sip = args.pkt->ptrs.ip_api.get_src();
AppIdSession* pf = AppIdSession::create_future_session(args.pkt,
dip, 0, sip, (uint16_t)port, IpProtocol::TCP,
- args.asd.config.snort_proto_ids[PROTO_INDEX_RSH_ERROR]);
+ args.asd.config.snort_proto_ids[PROTO_INDEX_RSH_ERROR], args.asd.get_odp_ctxt());
if (pf)
{
const SfIp* sip = args.pkt->ptrs.ip_api.get_src();
AppIdSession* pf = AppIdSession::create_future_session(args.pkt,
dip, 0, sip, args.pkt->ptrs.sp, args.asd.protocol,
- args.asd.config.snort_proto_ids[PROTO_INDEX_SNMP]);
+ args.asd.config.snort_proto_ids[PROTO_INDEX_SNMP], args.asd.get_odp_ctxt());
if (pf)
{
sip = args.pkt->ptrs.ip_api.get_src();
pf = AppIdSession::create_future_session(args.pkt,
dip, 0, sip, args.pkt->ptrs.sp, args.asd.protocol,
- args.asd.config.snort_proto_ids[PROTO_INDEX_TFTP]);
+ args.asd.config.snort_proto_ids[PROTO_INDEX_TFTP], args.asd.get_odp_ctxt());
if (pf)
{
projects / thirdparty / snort3.git / commitdiff
