set ( DEEP_PROFILING ${ENABLE_DEEP_PROFILING} )
set ( ENABLE_MEMORY_PROFILER ${ENABLE_MEMORY_PROFILER} )
set ( ENABLE_RULE_PROFILER ${ENABLE_RULE_PROFILER} )
+set ( DISABLE_TENANT_ID ${DISABLE_TENANT_ID} )
if ( ENABLE_LARGE_PCAP )
set ( _FILE_OFFSET_BITS 64 )
option ( ENABLE_SHELL "enable shell support" OFF )
option ( ENABLE_UNIT_TESTS "enable unit tests" OFF )
option ( ENABLE_BENCHMARK_TESTS "enable benchmark tests" OFF )
+option ( DISABLE_TENANT_ID "disable tenant ID in the FlowKey structure" OFF )
option ( ENABLE_COREFILES "Prevent Snort from generating core files" ON )
option ( ENABLE_LARGE_PCAP "Enable support for pcaps larger than 2 GB" OFF )
set(MEMORY_PROFILER_CPPFLAGS "-DENABLE_MEMORY_PROFILER")
endif()
+if(DISABLE_TENANT_ID)
+ set (TENANT_ID_CPPFLAGS "-DDISABLE_TENANT_ID")
+ message(STATUS "Tenant ID support in FlowKey is disabled")
+endif()
+
+
if(ENABLE_RULE_PROFILER)
set(RULE_PROFILER_CPPFLAGS "-DENABLE_RULE_PROFILER")
endif()
/* enable memory profiler */
#cmakedefine ENABLE_MEMORY_PROFILER 1
+/* disable tenant_id */
+#cmakedefine DISABLE_TENANT_ID 1
+
/* enable rule profiler */
#cmakedefine ENABLE_RULE_PROFILER 1
--enable-jemalloc enable using jemalloc for dynamic memory management
--enable-jemalloc-static
same as --enable-jemalloc but linked statically
+ --disable-tenant-id disable tenant ID in the FlowKey
--enable-luajit-static enable luajit linked statically
--enable-appid-third-party
enable third party appid
--disable-jemalloc-static)
append_cache_entry ENABLE_JEMALLOC BOOL false
;;
+ --disable-tenant-id)
+ append_cache_entry DISABLE_TENANT_ID BOOL true
+ ;;
--enable-appid-third-party)
;;
--enable-unit-tests)
URL: www.snort.org
Version: @VERSION@
Libs: -L${libdir}/snort
-Cflags: -I${includedir}/snort @DEEP_PROFILING_CPPFLAGS@ @MEMORY_OVERLOADS_CPPFLAGS@ @MEMORY_PROFILER_CPPFLAGS@ @RULE_PROFILER_CPPFLAGS@ @NO_PROFILER_CPPFLAGS@ @TP_APPID_CPPFLAGS@ @TSC_CPPFLAGS@
+Cflags: -I${includedir}/snort @DEEP_PROFILING_CPPFLAGS@ @MEMORY_OVERLOADS_CPPFLAGS@ @MEMORY_PROFILER_CPPFLAGS@ @RULE_PROFILER_CPPFLAGS@ @NO_PROFILER_CPPFLAGS@ @TP_APPID_CPPFLAGS@ @TSC_CPPFLAGS@ @TENANT_ID_CPPFLAGS@
// This code assumes that the expected session is in the opposite direction of the control session
// when groups are significant
bool reversed_key = key.init(ctrlPkt->context->conf, type, ip_proto, cliIP, cliPort,
- srvIP, srvPort, vlanId, mplsId, ctrlPkt->pkth->address_space_id, ctrlPkt->pkth->tenant_id,
+ srvIP, srvPort, vlanId, mplsId, ctrlPkt->pkth->address_space_id,
+#ifndef DISABLE_TENANT_ID
+ ctrlPkt->pkth->tenant_id,
+#endif
0 != (ctrlPkt->pkth->flags & DAQ_PKT_FLAG_SIGNIFICANT_GROUPS),
ctrlPkt->pkth->egress_group, ctrlPkt->pkth->ingress_group);
bool new_node = false;
{
_daq_pkt_hdr pkthdr = {};
pkthdr.address_space_id = key->addressSpaceId;
- pkthdr.tenant_id = tenant;
+#ifndef DISABLE_TENANT_ID
+ pkthdr.tenant_id = key->tenant_id;
+#else
+ pkthdr.tenant_id = 0;
+#endif
select_default_policy(pkthdr, sc);
}
}
unsigned inspection_policy_id = 0;
unsigned ips_policy_id = 0;
unsigned reload_id = 0;
- uint32_t tenant = 0;
uint32_t default_session_timeout = 0;
uint32_t idle_timeout = 0;
int32_t client_intf = 0;
flow->server_group = p->pkth->egress_group;
}
- flow->tenant = p->pkth->tenant_id;
-
flow->flags.app_direction_swapped = false;
if ( flow->ssn_state.direction == FROM_CLIENT )
p->packet_flags |= PKT_FROM_CLIENT;
PktType type, IpProtocol ip_proto,
const SfIp *srcIP, uint16_t srcPort,
const SfIp *dstIP, uint16_t dstPort,
- uint16_t vlanId, uint32_t mplsId,
- uint32_t addrSpaceId, uint32_t tid, bool significant_groups,
+ uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId,
+#ifndef DISABLE_TENANT_ID
+ uint32_t tid,
+#endif
+ bool significant_groups,
int16_t ingress_group, int16_t egress_group)
{
bool reversed;
pkt_type = type;
ip_protocol = (uint8_t)ip_proto;
+#ifndef DISABLE_TENANT_ID
tenant_id = tid;
+#endif
init_vlan(sc, vlanId);
init_address_space(sc, addrSpaceId);
pkt_type = type;
ip_protocol = (uint8_t)ip_proto;
+#ifndef DISABLE_TENANT_ID
tenant_id = pkt_hdr.tenant_id;
+#endif
init_vlan(sc, vlanId);
init_address_space(sc, pkt_hdr.address_space_id);
}
pkt_type = type;
+#ifndef DISABLE_TENANT_ID
tenant_id = pkt_hdr.tenant_id;
+#endif
init_vlan(sc, vlanId);
init_address_space(sc, pkt_hdr.address_space_id);
mix(a, b, c);
a += d[9]; // addressSpaceId
+
+#ifndef DISABLE_TENANT_ID
b += d[10]; // tenant_id
c += d[11]; // port lo & port hi
a += d[12]; // group lo & group hi
b += d[13]; // vlan & padding
c += d[14]; // ip_protocol & pkt_type, version, flags
+#else
+ b += d[10]; // port lo & port hi
+ c += d[11]; // group lo & group hi
+
+ mix(a, b, c);
+
+ b += d[12]; // vlan & padding
+ c += d[13]; // ip_protocol & pkt_type, version, flags
+#endif
finalize(a, b, c);
uint32_t ip_h[4]; /* High IP */
uint32_t mplsLabel;
uint32_t addressSpaceId;
- uint32_t tenant_id;
+#ifndef DISABLE_TENANT_ID
+ uint32_t tenant_id; // included by default
+#endif
uint16_t port_l; /* Low Port - 0 if ICMP */
uint16_t port_h; /* High Port - 0 if ICMP */
int16_t group_l;
const SnortConfig*, PktType, IpProtocol,
const snort::SfIp *srcIP, uint16_t srcPort,
const snort::SfIp *dstIP, uint16_t dstPort,
- uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId, uint32_t tid, bool significant_groups,
+ uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId,
+#ifndef DISABLE_TENANT_ID
+ uint32_t tid,
+#endif
+ bool significant_groups,
int16_t group_h = DAQ_PKTHDR_UNKNOWN, int16_t group_l = DAQ_PKTHDR_UNKNOWN);
bool init(
bool use_daq_channel;
};
+
+// Ensure to increment both versions simultaneously to maintain consistency
+#ifndef DISABLE_TENANT_ID
static constexpr uint8_t HA_MESSAGE_VERSION = 4;
+#else
+static constexpr uint8_t HA_MESSAGE_VERSION = 5;
+#endif
// define message size and content constants.
static constexpr uint8_t KEY_SIZE_IP6 = sizeof(FlowKey);
const SfIp*, uint16_t,
const SfIp*, uint16_t,
uint16_t, uint32_t,
- uint32_t, uint32_t, bool, int16_t, int16_t)
+ uint32_t,
+#ifndef DISABLE_TENANT_ID
+ uint32_t,
+#endif
+ bool, int16_t, int16_t)
{
return true;
}
/* .ip_h = */ { 5, 6, 7, 8 },
/* .mplsLabel = */ 9,
/* .addressSpaceId = */ 0,
+#ifndef DISABLE_TENANT_ID
/* .tenant_id = */ 0,
+#endif
/* .port_l = */ 10,
/* .port_h = */ 11,
/* .group_l = */ 0,
{
HA_DELETE_EVENT,
HA_MESSAGE_VERSION,
+#ifndef DISABLE_TENANT_ID
65,
+#else
+ 61,
+#endif
KEY_TYPE_IP6
},
s_test_key
{
HA_UPDATE_EVENT,
HA_MESSAGE_VERSION,
+#ifndef DISABLE_TENANT_ID
77,
+#else
+ 73,
+#endif
KEY_TYPE_IP6
},
s_test_key,
#include "detection/detection_engine.h"
#include "events/event.h"
+#include "flow/flow_key.h"
#include "framework/logger.h"
#include "framework/module.h"
#include "log/messages.h"
const IpsContext* c = DetectionEngine::get_context();
Obfuscator* obf = (c and c->packet) ? c->packet->obfuscator : nullptr;
uint32_t tenant_id = 0;
+
+#ifndef DISABLE_TENANT_ID
if (flow)
- tenant_id = flow->tenant;
- else if (c and c->packet)
+ tenant_id = flow->key->tenant_id;
+ else
+#endif
+ if (c and c->packet)
tenant_id = c->packet->pkth->tenant_id;
while ( xid && (xid <= max_count) )
// two key->version here to create the proper debug_session string.
activate(key->ip_l, key->ip_h, key->port_l, key->port_h, (IpProtocol)(key->ip_protocol),
key->version, key->addressSpaceId, session, log_all_sessions,
- key->tenant_id, key->group_l, key->group_h, key->flags.group_used);
+#ifndef DISABLE_TENANT_ID
+ key->tenant_id,
+#else
+ 0,
+#endif
+ key->group_l, key->group_h, key->flags.group_used);
}
void AppIdDebug::set_constraints(const char *desc,
AppIdSession* asd = new AppIdSession(static_cast<IpProtocol>(key->ip_protocol),
flow.flags.client_initiated ? &flow.client_ip : &flow.server_ip,
flow.flags.client_initiated ? flow.client_port : flow.server_port, inspector,
- *pkt_thread_odp_ctxt, key->addressSpaceId, key->tenant_id);
+ *pkt_thread_odp_ctxt, key->addressSpaceId
+#ifndef DISABLE_TENANT_ID
+ ,flow.key->tenant_id
+#endif
+ );
+
appid_log(CURRENT_PACKET, TRACE_DEBUG_LEVEL, "high-avail - New AppId session created in consume\n");
flow.set_flow_data(asd);
port = (direction == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp;
AppIdSession* asd = new AppIdSession(proto, ip, port, inspector, odp_context,
- p->pkth->address_space_id, p->pkth->tenant_id);
+ p->pkth->address_space_id
+#ifndef DISABLE_TENANT_ID
+ ,p->pkth->tenant_id
+#endif
+ );
is_session_monitored(asd->flags, p, inspector);
asd->flow = p->flow;
asd->stats.first_packet_second = p->pkth->ts.tv_sec;
}
AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port,
- AppIdInspector& inspector, OdpContext& odp_ctxt, uint32_t asid, uint32_t tenant_id)
+ AppIdInspector& inspector, OdpContext& odp_ctxt, uint32_t asid
+#ifndef DISABLE_TENANT_ID
+ ,uint32_t tenant_id
+#endif
+ )
: FlowData(inspector_id, &inspector), config(inspector.get_ctxt().config),
- initiator_port(port), tenant_id(tenant_id), asid(asid), protocol(proto),
+ initiator_port(port),
+#ifndef DISABLE_TENANT_ID
+ tenant_id(tenant_id),
+#endif
+ asid(asid), protocol(proto),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(odp_ctxt),
odp_ctxt_version(odp_ctxt.get_version()),
tp_appid_ctxt(pkt_thread_tp_appid_ctxt)
// FIXIT-RC - port parameter passed in as 0 since we may not know client port, verify
AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector, odp_ctxt,
- ctrlPkt->pkth->address_space_id, ctrlPkt->pkth->tenant_id);
+ ctrlPkt->pkth->address_space_id
+#ifndef DISABLE_TENANT_ID
+ ,ctrlPkt->pkth->tenant_id
+#endif
+ );
is_session_monitored(asd->flags, ctrlPkt, *inspector);
if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp,
{
public:
AppIdSession(IpProtocol, const snort::SfIp*, uint16_t port, AppIdInspector&,
- OdpContext&, uint32_t asid, uint32_t tenant_id);
+ OdpContext&, uint32_t asid
+#ifndef DISABLE_TENANT_ID
+ ,uint32_t tenant_id
+#endif
+ );
~AppIdSession() override;
static AppIdSession* allocate_session(const snort::Packet*, IpProtocol,
std::unordered_map<unsigned, AppIdFlowData*> flow_data;
uint64_t flags = 0;
uint16_t initiator_port = 0;
+#ifndef DISABLE_TENANT_ID
uint32_t tenant_id = 0;
+#endif
uint32_t asid = 0;
uint16_t session_packet_count = 0;
#ifndef DETECTOR_PLUGINS_MOCK_H
#define DETECTOR_PLUGINS_MOCK_H
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "log/messages.h"
#include "utils/stats.h"
AppIdContext stub_ctxt(stub_config);
OdpContext stub_odp_ctxt(stub_config, nullptr);
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector,
- OdpContext& odpctxt, uint32_t, uint32_t) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector),
+ OdpContext& odpctxt, uint32_t
+#ifndef DISABLE_TENANT_ID
+ ,uint32_t
+#endif
+ ) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector),
config(stub_config), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(odpctxt)
{
this->set_session_flags(APPID_SESSION_DISCOVER_APP);
AppIdSession* AppIdSession::allocate_session(snort::Packet const*, IpProtocol,
AppidSessionDirection, AppIdInspector&, OdpContext& odp_ctxt)
{
- session = new AppIdSession(IpProtocol::IP, &sfip, 0, appid_inspector, odp_ctxt, 0, 0);
+ session = new AppIdSession(IpProtocol::IP, &sfip, 0, appid_inspector, odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0 // tenant_id
+#endif
+ );
return session;
}
static SfIp sfip;
static AppIdModule appid_mod;
static AppIdInspector appid_inspector(appid_mod);
-static AppIdSession session(IpProtocol::IP, &sfip, 0, appid_inspector, odpctxt, 0, 0);
+static AppIdSession session(IpProtocol::IP, &sfip, 0, appid_inspector, odpctxt, 0
+#ifndef DISABLE_TENANT_ID
+,0
+#endif
+);
static AppIdHttpSession mock_hsession(session, 0);
static ChpMatchDescriptor cmd_test;
static MatchedCHPAction mchp;
#include "appid_module.h"
#include "appid_peg_counts.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#define APPID_UT_ID 1492
namespace snort
static OdpContext stub_odp_ctxt(stub_config, nullptr);
OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt;
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector,
- OdpContext&, uint16_t) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector),
+ OdpContext&
+#ifndef DISABLE_TENANT_ID
+ ,uint16_t
+#endif
+ ) : snort::FlowData(inspector_id, (snort::Inspector*)&inspector),
config(stub_config), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { }
AppIdSession::~AppIdSession() = default;
DiscoveryFilter::~DiscoveryFilter(){}
mock_init_appid_pegs();
SfIp ip;
mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector,
- dummy_appid_inspector.get_ctxt().get_odp_ctxt(), 0, 0);
+ dummy_appid_inspector.get_ctxt().get_odp_ctxt(), 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
pkt_thread_odp_ctxt = &mock_session->get_odp_ctxt();
flow = new Flow;
flow->set_flow_data(mock_session);
AppIdContext stub_ctxt(stub_config);
OdpContext stub_odp_ctxt(stub_config, nullptr);
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&,
- OdpContext&, uint32_t, uint32_t) : FlowData(0), config(stub_config),
+ OdpContext&, uint32_t
+#ifndef DISABLE_TENANT_ID
+ ,uint32_t
+#endif
+ ) : FlowData(0), config(stub_config),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { }
AppIdSession::~AppIdSession() = default;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
SfIp dip;
dip.set("10.1.2.3");
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt, 0, 0);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
// This packet...
sip.set("10.9.8.7"); // this would be a reply back
uint16_t sport = 80;
sip.set("2001:db8:85a3::8a2e:370:7334"); // IPv6
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
// This packet...
dip.set("2001:db8:85a3::8a2e:370:7335");
uint16_t sport = 1234;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
SfIp dip;
dip.set("10.1.2.3");
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt, 0, 0);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &dip, 0, inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
// This packet...
sip.set("10.9.8.7");
uint16_t sport = 80;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
sip.set("10.1.2.3");
SfIp dip;
AppIdInspector inspector;
- AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0, 0);
+ AppIdSession session(IpProtocol::PROTO_NOT_SET, &sip, 0, inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
// This packet...
dip.set("10.9.8.7");
uint16_t sport = 48620;
{
SfIp ip;
mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector,
- dummy_appid_inspector.get_ctxt().get_odp_ctxt(), 0, 0);
+ dummy_appid_inspector.get_ctxt().get_odp_ctxt(), 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
flow = new Flow;
flow->set_flow_data(mock_session);
}
AppIdModule app_module;
AppIdInspector ins(app_module);
AppIdContext& app_ctxt = ins.get_ctxt();
- AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0, 0);
+ AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
asd->flags |= APPID_SESSION_SPECIAL_MONITORED | APPID_SESSION_DISCOVER_USER |
APPID_SESSION_DISCOVER_APP;
Flow* flow = new Flow;
AppIdModule app_module;
AppIdInspector ins(app_module);
AppIdContext& app_ctxt = ins.get_ctxt();
- AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0, 0);
+ AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
asd->flags |= APPID_SESSION_SPECIAL_MONITORED | APPID_SESSION_DISCOVER_USER |
APPID_SESSION_DISCOVER_APP;
Flow* flow = new Flow;
AppIdInspector ins(app_module);
SfIp ip;
AppIdContext app_ctxt(app_config);
- AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0, 0);
+ AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
const char* version = "3.0";
asd->set_client_version(version, change_bits);
AppIdModule app_module;
AppIdInspector ins(app_module);
AppIdContext& app_ctxt = ins.get_ctxt();
- AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0, 0);
+ AppIdSession* asd = new AppIdSession(IpProtocol::TCP, &ip, 21, ins, app_ctxt.get_odp_ctxt(), 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
asd->flags |= APPID_SESSION_SPECIAL_MONITORED | APPID_SESSION_DISCOVER_USER |
APPID_SESSION_DISCOVER_APP;
Flow* flow = new Flow;
void setup() override
{
SfIp ip;
- session = new AppIdSession(IpProtocol::TCP, &ip, 0, dummy_appid_inspector, stub_odp_ctxt, 0, 0);
+ session = new AppIdSession(IpProtocol::TCP, &ip, 0, dummy_appid_inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
pkt_thread_odp_ctxt = &stub_odp_ctxt;
appidDebug = new AppIdDebug();
appidDebug->activate(nullptr, nullptr, false);
{
flow = new Flow;
SfIp ip;
- mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, stub_odp_ctxt, 0, 0);
+ mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
pkt_thread_odp_ctxt = &mock_session->get_odp_ctxt();
mock_session->create_http_session();
flow->set_flow_data(mock_session);
// AppIdSession mock functions
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector& inspector,
- OdpContext&, uint32_t, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config),
+ OdpContext&, uint32_t
+#ifndef DISABLE_TENANT_ID
+ ,uint32_t
+#endif
+ ) : FlowData(inspector_id, &inspector), config(stub_config),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt)
{}
void setup() override
{
SfIp sfip;
- session = new AppIdSession(IpProtocol::IP, &sfip, 0, dummy_appid_inspector, stub_odp_ctxt, 0, 0);
+ session = new AppIdSession(IpProtocol::IP, &sfip, 0, dummy_appid_inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
session->flow = &flow;
mock_hsession = new AppIdHttpSession(*session, 0);
appidDebug = new AppIdDebug();
#ifndef APPID_MOCK_SESSION_H
#define APPID_MOCK_SESSION_H
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "flow/ha.h"
#include "appid_dns_session.h"
static OdpContext stub_odp_ctxt(stub_config, nullptr);
OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt;
AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t, AppIdInspector& inspector,
- OdpContext&, uint32_t, uint32_t) : FlowData(inspector_id, &inspector), config(stub_config),
+ OdpContext&, uint32_t
+#ifndef DISABLE_TENANT_ID
+ ,uint32_t
+#endif
+ ) : FlowData(inspector_id, &inspector), config(stub_config),
protocol(proto), api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt)
{
this->set_session_flags(APPID_SESSION_DISCOVER_APP | APPID_SESSION_SPECIAL_MONITORED);
AppidChangeBits change_bits;
SfIp ip{};
- mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0);
+ mock_session = new AppIdSession(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
mock_session->flow = &flow;
pkt_thread_odp_ctxt = &mock_session->get_odp_ctxt();
mock_session->set_ss_application_ids(APPID_UT_ID, APPID_UT_ID, APPID_UT_ID,
TEST(appid_session_api, get_client_app_id_with_eve_for_http2)
{
SfIp ip{};
- AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0);
+ AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
asd.flow = &flow;
AppidChangeBits change_bits;
asd.set_ss_application_ids(APP_ID_HTTP2, APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, change_bits);
TEST(appid_session_api, get_app_id)
{
SfIp ip{};
- AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0);
+ AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
asd.flow = &flow;
AppidChangeBits change_bits;
asd.set_application_ids_service(APP_ID_HTTP2, change_bits);
TEST(appid_session_api, get_app_id_with_eve_for_http2)
{
SfIp ip{};
- AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0);
+ AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
asd.flow = &flow;
AppidChangeBits change_bits;
asd.set_application_ids_service(APP_ID_HTTP2, change_bits);
TEST(appid_session_api, get_first_stream_appids_for_http2)
{
SfIp ip{};
- AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0);
+ AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
asd.flow = &flow;
AppidChangeBits change_bits;
asd.set_application_ids_service(APP_ID_HTTP2, change_bits);
TEST(appid_session_api, get_client_info_http2)
{
SfIp ip{};
- AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0, 0);
+ AppIdSession asd(IpProtocol::TCP, &ip, 1492, dummy_appid_inspector, odpctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
asd.flow = &flow;
AppidChangeBits change_bits;
asd.set_ss_application_ids(APP_ID_HTTP2, APPID_UT_ID + 1, APPID_UT_ID, APPID_UT_ID, APPID_UT_ID, change_bits);
AppIdContext stub_ctxt(stub_config);
OdpContext stub_odp_ctxt(stub_config, nullptr);
AppIdSession::AppIdSession(IpProtocol, const SfIp* ip, uint16_t, AppIdInspector&,
- OdpContext&, uint32_t, uint32_t) : FlowData(0), config(stub_config),
+ OdpContext&, uint32_t
+#ifndef DISABLE_TENANT_ID
+ ,uint32_t
+#endif
+ ) : FlowData(0), config(stub_config),
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { }
AppIdSession::~AppIdSession() = default;
AppIdDiscovery::~AppIdDiscovery() = default;
AppIdInspector inspector;
SfIp client_ip;
client_ip.set("1.2.3.4");
- AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt, 0, 0);
+ AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
// Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count = 0
sds.set_state(ServiceState::VALID);
AppIdInspector inspector;
SfIp client_ip;
client_ip.set("1.2.3.4");
- AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt, 0, 0);
+ AppIdSession asd(IpProtocol::PROTO_NOT_SET, &client_ip, 0, inspector, stub_odp_ctxt, 0
+#ifndef DISABLE_TENANT_ID
+ ,0
+#endif
+ );
// Testing 3+ failures to exceed STATE_ID_NEEDED_DUPE_DETRACT_COUNT with valid_count > 1
sds.set_state(ServiceState::VALID);
if (!when.has_criteria(BindWhen::Criteria::BWC_TENANTS))
return true;
- return when.tenants.count(flow.tenant) != 0;
+#ifndef DISABLE_TENANT_ID
+ return when.tenants.count(flow.key->tenant_id) != 0;
+#else
+ return when.tenants.count(0) != 0;
+#endif
}
inline bool Binding::check_tenant(const Packet* p) const
#include "extractor_event_handlers.h"
#include "detection/detection_engine.h"
+#include "flow/flow_key.h"
#include "framework/value.h"
#include "profiler/profiler.h"
#include "pub_sub/http_transaction_end_event.h"
{
// cppcheck-suppress unreadVariable
Profile profile(extractor_perf_stats);
+ uint32_t tid;
- if (tenant_id != flow->tenant)
+#ifndef DISABLE_TENANT_ID
+ tid = flow->key->tenant_id;
+#else
+ tid = 0;
+#endif
+
+ if (tenant_id != tid)
return;
Packet* p = DetectionEngine::get_current_packet();
#include <algorithm>
#include <cstring>
+#include "flow/flow_key.h"
#include "protocols/packet.h"
namespace {
return false;
return match_constraints(*this, f.client_ip, f.server_ip, f.client_port,
- f.server_port, f.tenant);
+ f.server_port,
+#ifndef DISABLE_TENANT_ID
+ f.key->tenant_id);
+#else
+ 0);
+#endif
}
#ifdef UNIT_TEST
#ifndef DCE_SMB2_H
#define DCE_SMB2_H
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include "dce_db.h"
#include "dce_smb.h"
#include "hash/lru_cache_shared.h"
uint16_t vlan_tag = 0;
uint16_t dport = 0;
uint64_t sid = 0;
+#ifndef DISABLE_TENANT_ID
uint32_t tenant_id = 0;
uint32_t padding2 = 0; // NOTE: If this changes, change do_hash too
+#endif
bool operator==(const Smb2SidHashKey& other) const
{
addressSpaceId == other.addressSpaceId and
vlan_tag == other.vlan_tag and
sid == other.sid and
- dport == other.dport and
- tenant_id == other.tenant_id );
+ dport == other.dport
+#ifndef DISABLE_TENANT_ID
+ and tenant_id == other.tenant_id
+#endif
+ );
}
};
PADDING_GUARD_END
a += d[12]; // sid[0]
b += d[13]; // sid[1]
+#ifndef DISABLE_TENANT_ID
c += d[14]; // tenant_id
-
+#endif
// padding2 is ignored.
finalize(a, b, c);
key.addressSpaceId = flow->key->addressSpaceId;
key.vlan_tag = flow->key->vlan_tag;
key.sid = sid;
+#ifndef DISABLE_TENANT_ID
key.tenant_id = flow->key->tenant_id;
+#endif
}
return key;
}
skey.padding = skey.flags.padding_bits = 0;
skey.flags.group_used = p->is_inter_group_flow();
skey.init_groups(p->pkth->ingress_group, p->pkth->egress_group, reversed);
+#ifndef DISABLE_TENANT_ID
skey.tenant_id = p->pkth->tenant_id;
-
+#endif
switch (p->type())
{
case PktType::TCP:
const SfIp* srcIP, uint16_t srcPort,
const SfIp* dstIP, uint16_t dstPort,
uint16_t vlan, uint32_t mplsId, uint32_t addressSpaceId,
- uint32_t tenant_id, bool significant_groups,
+#ifndef DISABLE_TENANT_ID
+ uint32_t tenant_id,
+#endif
+ bool significant_groups,
int16_t ingress_group, int16_t egress_group)
{
FlowKey key;
const SnortConfig* sc = SnortConfig::get_conf();
- key.init(sc, type, proto, srcIP, srcPort, dstIP, dstPort, vlan, mplsId,
- addressSpaceId, tenant_id, significant_groups, ingress_group, egress_group);
+ key.init(sc, type, proto, srcIP, srcPort, dstIP, dstPort, vlan, mplsId, addressSpaceId,
+#ifndef DISABLE_TENANT_ID
+ tenant_id,
+#endif
+ significant_groups, ingress_group, egress_group);
return get_flow(&key);
}
PktType type, IpProtocol proto,
const snort::SfIp* a1, uint16_t p1, const snort::SfIp* a2, uint16_t p2,
uint16_t vlanId, uint32_t mplsId, uint32_t addrSpaceId,
- uint32_t tenant_id, bool significant_groups, int16_t ingress_group = DAQ_PKTHDR_UNKNOWN,
+#ifndef DISABLE_TENANT_ID
+ uint32_t tenant_id,
+#endif
+ bool significant_groups, int16_t ingress_group = DAQ_PKTHDR_UNKNOWN,
int16_t egress_group = DAQ_PKTHDR_UNKNOWN);
static Flow* get_flow(
int TcpNormalizerMissed3whs::handle_paws(
TcpNormalizerState& tns, TcpSegmentDescriptor& tsd)
{
+ UNUSED(tsd);
+ UNUSED(tns);
return ACTION_NOTHING;
}