ParseWarning(WARN_PLUGINS, "appid: no entry in %s for %d", APP_MAPPING_FILE, appId);
}
-void AppInfoManager::load_appid_config(AppIdModuleConfig* config, const char* path)
+void AppInfoManager::load_appid_config(AppIdConfig* config, const char* path)
{
char buf[MAX_TABLE_LINE_LEN];
unsigned line = 0;
return snort_protocol_id;
}
-void AppInfoManager::init_appid_info_table(AppIdModuleConfig* mod_config,
+void AppInfoManager::init_appid_info_table(AppIdConfig* config,
SnortConfig* sc)
{
- if ( !mod_config->app_detector_dir )
+ if ( !config->app_detector_dir )
{
return; // no lua detectors, no rule support, already warned
}
char filepath[PATH_MAX];
- snprintf(filepath, sizeof(filepath), "%s/odp/%s", mod_config->app_detector_dir,
+ snprintf(filepath, sizeof(filepath), "%s/odp/%s", config->app_detector_dir,
APP_MAPPING_FILE);
FILE* tableFile = fopen(filepath, "r");
}
fclose(tableFile);
- snprintf(filepath, sizeof(filepath), "%s/odp/%s", mod_config->app_detector_dir,
+ snprintf(filepath, sizeof(filepath), "%s/odp/%s", config->app_detector_dir,
APP_CONFIG_FILE);
- load_appid_config (mod_config, filepath);
- snprintf(filepath, sizeof(filepath), "%s/custom/%s", mod_config->app_detector_dir,
+ load_appid_config (config, filepath);
+ snprintf(filepath, sizeof(filepath), "%s/custom/%s", config->app_detector_dir,
USR_CONFIG_FILE);
if (access (filepath, F_OK))
- snprintf(filepath, sizeof(filepath), "%s/../%s", mod_config->app_detector_dir,
+ snprintf(filepath, sizeof(filepath), "%s/../%s", config->app_detector_dir,
USR_CONFIG_FILE);
- load_appid_config (mod_config, filepath);
+ load_appid_config (config, filepath);
}
}
#define SF_APPID_CSD_MIN 1000000
#define SF_APPID_DYNAMIC_MIN 2000000
-class AppIdModuleConfig;
+class AppIdConfig;
class ClientDetector;
class ServiceDetector;
return entry ? entry->priority : 0;
}
- void init_appid_info_table(AppIdModuleConfig*, snort::SnortConfig*);
+ void init_appid_info_table(AppIdConfig*, snort::SnortConfig*);
void cleanup_appid_info_table();
void dump_app_info_table();
SnortProtocolId add_appid_protocol_reference(const char* protocol, snort::SnortConfig*);
private:
inline AppInfoManager() = default;
- void load_appid_config(AppIdModuleConfig*, const char* path);
+ void load_appid_config(AppIdConfig*, const char* path);
AppInfoTableEntry* get_app_info_entry(AppId appId, const AppInfoTable&);
};
using namespace snort;
-uint32_t app_id_netmasks[33] =
-{ 0x00000000, 0x80000000, 0xC0000000, 0xE0000000, 0xF0000000, 0xF8000000, 0xFC000000,
- 0xFE000000, 0xFF000000, 0xFF800000, 0xFFC00000, 0xFFE00000, 0xFFF00000, 0xFFF80000,
- 0xFFFC0000, 0xFFFE0000, 0xFFFF0000, 0xFFFF8000, 0xFFFFC000, 0xFFFFE000, 0xFFFFF000,
- 0xFFFFF800, 0xFFFFFC00, 0xFFFFFE00, 0xFFFFFF00, 0xFFFFFF80, 0xFFFFFFC0, 0xFFFFFFE0,
- 0xFFFFFFF0, 0xFFFFFFF8, 0xFFFFFFFC, 0xFFFFFFFE, 0xFFFFFFFF };
-
struct PortList
{
PortList* next;
sc->proto_ref->add("tftp");
}
-AppIdModuleConfig::~AppIdModuleConfig()
+AppIdConfig::~AppIdConfig()
{
snort_free((void*)app_detector_dir);
}
-// FIXIT-M: RELOAD - move initialization back to AppIdConfig class constructor
-AppInfoManager& AppIdConfig::app_info_mgr = AppInfoManager::get_instance();
-std::array<AppId, APP_ID_PORT_ARRAY_SIZE> AppIdConfig::tcp_port_only = {APP_ID_NONE};
-std::array<AppId, APP_ID_PORT_ARRAY_SIZE> AppIdConfig::udp_port_only = {APP_ID_NONE};
-std::array<AppId, 256> AppIdConfig::ip_protocol = {APP_ID_NONE};
+// FIXIT-M: RELOAD - move initialization back to AppIdContext class constructor
+AppInfoManager& AppIdContext::app_info_mgr = AppInfoManager::get_instance();
+std::array<AppId, APP_ID_PORT_ARRAY_SIZE> AppIdContext::tcp_port_only = {APP_ID_NONE};
+std::array<AppId, APP_ID_PORT_ARRAY_SIZE> AppIdContext::udp_port_only = {APP_ID_NONE};
+std::array<AppId, 256> AppIdContext::ip_protocol = {APP_ID_NONE};
// FIXIT-M: RELOAD - Move app info table cleanup back to AppId config destructor - cleanup()
-void AppIdConfig::pterm()
+void AppIdContext::pterm()
{
- AppIdConfig::app_info_mgr.cleanup_appid_info_table();
+ AppIdContext::app_info_mgr.cleanup_appid_info_table();
}
-void AppIdConfig::read_port_detectors(const char* files)
+void AppIdContext::read_port_detectors(const char* files)
{
int rval;
glob_t globs;
char pattern[PATH_MAX];
uint32_t n;
- snprintf(pattern, sizeof(pattern), "%s/%s", mod_config->app_detector_dir, files);
+ snprintf(pattern, sizeof(pattern), "%s/%s", config->app_detector_dir, files);
memset(&globs, 0, sizeof(globs));
rval = glob(pattern, 0, nullptr, &globs);
udp_port_only[tmp_port->port] = appId;
snort_free(tmp_port);
- AppIdConfig::app_info_mgr.set_app_info_active(appId);
+ AppIdContext::app_info_mgr.set_app_info_active(appId);
}
- AppIdConfig::app_info_mgr.set_app_info_active(appId);
+ AppIdContext::app_info_mgr.set_app_info_active(appId);
}
else
ErrorMessage("Missing parameter(s) in port service '%s'\n",globs.gl_pathv[n]);
globfree(&globs);
}
-bool AppIdConfig::init_appid(SnortConfig* sc)
+bool AppIdContext::init_appid(SnortConfig* sc)
{
// FIXIT-M: RELOAD - Get rid of "once" flag
- // Handle the if condition in AppIdConfig::init_appid
+ // Handle the if condition in AppIdContext::init_appid
static bool once = false;
if (!once)
{
- AppIdConfig::app_info_mgr.init_appid_info_table(mod_config, sc);
+ AppIdContext::app_info_mgr.init_appid_info_table(config, sc);
HostPortCache::initialize();
HttpPatternMatchers* http_matchers = HttpPatternMatchers::get_instance();
AppIdDiscovery::initialize_plugins();
#ifdef ENABLE_APPID_THIRD_PARTY
// do not reload third party on reload_config()
if (!tp_appid_ctxt)
- tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*mod_config);
+ tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config);
#endif
map_app_names_to_snort_ids(sc);
return true;
}
#ifdef ENABLE_APPID_THIRD_PARTY
-void AppIdConfig::create_tp_appid_ctxt()
+void AppIdContext::create_tp_appid_ctxt()
{
- tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*mod_config);
+ tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config);
}
#endif
-AppId AppIdConfig::get_port_service_id(IpProtocol proto, uint16_t port)
+AppId AppIdContext::get_port_service_id(IpProtocol proto, uint16_t port)
{
AppId appId;
return appId;
}
-AppId AppIdConfig::get_protocol_service_id(IpProtocol proto)
+AppId AppIdContext::get_protocol_service_id(IpProtocol proto)
{
return ip_protocol[(uint16_t)proto];
}
-void AppIdConfig::show()
+void AppIdContext::show()
{
- if (!mod_config->tp_appid_path.empty())
- LogMessage(" 3rd Party Dir: %s\n", mod_config->tp_appid_path.c_str());
+ if (!config->tp_appid_path.empty())
+ LogMessage(" 3rd Party Dir: %s\n", config->tp_appid_path.c_str());
}
-void AppIdConfig::display_port_config()
+void AppIdContext::display_port_config()
{
bool first = true;
#include "tp_appid_module_api.h"
#endif
-#define APP_ID_MAX_DIRS 16
#define APP_ID_PORT_ARRAY_SIZE 65536
-#define MAX_ZONES 1024
-struct NetworkSet;
class AppIdInspector;
class AppInfoManager;
-extern unsigned appIdPolicyId;
-extern uint32_t app_id_netmasks[];
-
extern SnortProtocolId snortId_for_unsynchronized;
extern SnortProtocolId snortId_for_ftp_data;
extern SnortProtocolId snortId_for_http2;
-struct PortExclusion
-{
- int family;
- snort::ip::snort_in6_addr ip;
- snort::ip::snort_in6_addr netmask;
-};
-
-class AppIdModuleConfig
+class AppIdConfig
{
public:
- AppIdModuleConfig() = default;
- ~AppIdModuleConfig();
+ AppIdConfig() = default;
+ ~AppIdConfig();
// FIXIT-L: DECRYPT_DEBUG - Move this to ssl-module
#ifdef REG_TEST
bool recheck_for_portservice_appid = false;
};
-typedef std::array<SF_LIST*, APP_ID_PORT_ARRAY_SIZE> AppIdPortExclusions;
-
-class AppIdConfig
+class AppIdContext
{
public:
- AppIdConfig(AppIdModuleConfig* config) : mod_config(config)
+ AppIdContext(AppIdConfig* config) : config(config)
{ }
- ~AppIdConfig()
+ ~AppIdContext()
{
#ifdef ENABLE_APPID_THIRD_PARTY
delete tp_appid_ctxt;
}
#ifdef ENABLE_APPID_THIRD_PARTY
- ThirdPartyAppIDModule* get_tp_appid_ctxt() const
+ ThirdPartyAppIdContext* get_tp_appid_ctxt() const
{ return tp_appid_ctxt; }
void create_tp_appid_ctxt();
static std::array<AppId, APP_ID_PORT_ARRAY_SIZE> udp_port_only; // port-only UDP services
static std::array<AppId, 256> ip_protocol; // non-TCP / UDP protocol services
- SF_LIST client_app_args; // List of Client App arguments
- // for each potential port, an sflist of PortExclusion structs
- AppIdModuleConfig* mod_config = nullptr;
- unsigned appIdPolicyId = 53;
+ AppIdConfig* config = nullptr;
private:
void read_port_detectors(const char* files);
void display_port_config();
// FIXIT-M: RELOAD - Remove static, once app_info_mgr cleanup is
- // removed from AppIdConfig::pterm
+ // removed from AppIdContext::pterm
static AppInfoManager& app_info_mgr;
#ifdef ENABLE_APPID_THIRD_PARTY
- ThirdPartyAppIDModule* tp_appid_ctxt = nullptr;
+ ThirdPartyAppIdContext* tp_appid_ctxt = nullptr;
#endif
};
#include "application_ids.h"
#include "service_state.h"
-class AppIdConfig;
+class AppIdContext;
class LuaStateDescriptor;
namespace snort
public:
AppIdDiscoveryArgs(const uint8_t* data, uint16_t size, AppidSessionDirection dir,
AppIdSession& asd, snort::Packet* p, AppidChangeBits& cb) : data(data),
- size(size), dir(dir), asd(asd), pkt(p), config(asd.config), change_bits(cb)
+ size(size), dir(dir), asd(asd), pkt(p), ctxt(asd.ctxt), change_bits(cb)
{}
const uint8_t* data;
AppidSessionDirection dir;
AppIdSession& asd;
snort::Packet* pkt;
- const AppIdConfig* config = nullptr;
+ const AppIdContext* ctxt = nullptr;
AppidChangeBits& change_bits;
};
#ifdef ENABLE_APPID_THIRD_PARTY
void AppIdDiscovery::do_application_discovery(Packet* p, AppIdInspector& inspector,
- ThirdPartyAppIDModule* tp_appid_ctxt)
+ ThirdPartyAppIdContext* tp_appid_ctxt)
#else
void AppIdDiscovery::do_application_discovery(Packet* p, AppIdInspector& inspector)
#endif
uint64_t flow_flags = APPID_SESSION_DISCOVER_APP;
flow_flags |= asd.common.flags;
- // FIXIT-M - the 2.x purpose of this check is to stop monitoring a flow after a
- // reload if the flow ip addresses are no longer configured to be
- // monitored... this may not apply in snort++, find out and fix
- // accordingly
- if ( asd.common.policyId != asd.config->appIdPolicyId )
- {
- if (dir == APP_ID_FROM_INITIATOR)
- {
- if (asd.get_session_flags(APPID_SESSION_INITIATOR_CHECKED))
- {
- flags = get_ipfuncs_flags(p, false);
- if (flags & IPFUNCS_HOSTS_IP)
- flow_flags |= APPID_SESSION_INITIATOR_MONITORED;
- else
- flow_flags &= ~APPID_SESSION_INITIATOR_MONITORED;
- }
-
- if (asd.get_session_flags(APPID_SESSION_RESPONDER_CHECKED))
- {
- flags = get_ipfuncs_flags(p, true);
- if (flags & IPFUNCS_HOSTS_IP)
- flow_flags |= APPID_SESSION_RESPONDER_MONITORED;
- else
- flow_flags &= ~APPID_SESSION_RESPONDER_MONITORED;
- }
- }
- else
- {
- if (asd.get_session_flags(APPID_SESSION_RESPONDER_CHECKED))
- {
- flags = get_ipfuncs_flags(p, false);
- if (flags & IPFUNCS_HOSTS_IP)
- flow_flags |= APPID_SESSION_RESPONDER_MONITORED;
- else
- flow_flags &= ~APPID_SESSION_RESPONDER_MONITORED;
- }
-
- if (asd.get_session_flags(APPID_SESSION_INITIATOR_CHECKED))
- {
- flags = get_ipfuncs_flags(p, true);
- if (flags & IPFUNCS_HOSTS_IP)
- flow_flags |= APPID_SESSION_INITIATOR_MONITORED;
- else
- flow_flags &= ~APPID_SESSION_INITIATOR_MONITORED;
- }
- }
- }
+ // FIXIT-M - Re-check a flow after snort is reloaded. RNA policy might have changed
if (asd.get_session_flags(APPID_SESSION_BIDIRECTIONAL_CHECKED) ==
APPID_SESSION_BIDIRECTIONAL_CHECKED)
return flow_flags;
LogMessage("AppIdDbg %s Unknown monitoring\n", appidDebug->get_debug_session());
}
tmp_session->common.flags = flow_flags;
- tmp_session->common.policyId = inspector.get_appid_config()->appIdPolicyId;
p->flow->set_flow_data(tmp_session);
}
else
if ( ( flow_flags & APPID_SESSION_BIDIRECTIONAL_CHECKED) ==
APPID_SESSION_BIDIRECTIONAL_CHECKED )
asd->common.flow_type = APPID_FLOW_TYPE_IGNORE;
- asd->common.policyId = asd->config->appIdPolicyId;
if (appidDebug->is_active())
LogMessage("AppIdDbg %s Not monitored\n", appidDebug->get_debug_session());
}
if ( appidDebug->is_enabled() )
appidDebug->activate(p->flow, asd,
- inspector.get_appid_config()->mod_config->log_all_sessions);
+ inspector.get_ctxt()->config->log_all_sessions);
if ( is_packet_ignored(asd, p, direction) )
return false;
asd->stats.responder_bytes += p->pkth->pktlen;
asd->common.flags = flow_flags;
- asd->common.policyId = asd->config->appIdPolicyId;
if (!asd->get_session_flags(APPID_SESSION_PAYLOAD_SEEN) and p->dsize)
asd->set_session_flags(APPID_SESSION_PAYLOAD_SEEN);
// FIXIT-L: DECRYPT_DEBUG - Move set_proxied and first_decrypted_packet_debug to ssl-module
// after ssl-module's decryption capability is implemented
#ifdef REG_TEST
- uint32_t fdpd = inspector.get_appid_config()->mod_config->first_decrypted_packet_debug;
+ uint32_t fdpd = inspector.get_ctxt()->config->first_decrypted_packet_debug;
if (fdpd and (fdpd == asd->session_packet_count))
{
p->flow->set_proxied();
return;
}
- AppId id = asd.config->get_port_service_id(protocol, p->ptrs.sp);
+ AppId id = asd.ctxt->get_port_service_id(protocol, p->ptrs.sp);
if (id > APP_ID_NONE)
{
asd.service.set_port_service_id(id);
if (!(asd.scan_flags & SCAN_HOST_PORT_FLAG))
check_static = true;
- if ((asd.session_packet_count % asd.config->mod_config->host_port_app_cache_lookup_interval == 0) and
- (asd.session_packet_count <= asd.config->mod_config->host_port_app_cache_lookup_range) and
- asd.config->mod_config->is_host_port_app_cache_runtime )
+ if ((asd.session_packet_count % asd.ctxt->config->host_port_app_cache_lookup_interval == 0) and
+ (asd.session_packet_count <= asd.ctxt->config->host_port_app_cache_lookup_range) and
+ asd.ctxt->config->is_host_port_app_cache_runtime )
check_dynamic = true;
if (!(check_static || check_dynamic))
auto ht = host_cache.find(*ip);
if (ht)
{
- AppId appid = ht->get_appid(port, protocol, true, asd.config->mod_config->allow_port_wildcard_host_cache);
+ AppId appid = ht->get_appid(port, protocol, true, asd.ctxt->config->allow_port_wildcard_host_cache);
if (appid > APP_ID_NONE)
{
// FIXIT-L: Make this more generic to support service and payload IDs
{
bool is_payload_client_misc_none = (payload_id <= APP_ID_NONE and client_id <= APP_ID_NONE and misc_id <= APP_ID_NONE);
bool is_appid_none = is_payload_client_misc_none and (service_id <= APP_ID_NONE or service_id == APP_ID_UNKNOWN_UI or
- (asd.config->mod_config->recheck_for_portservice_appid and service_id == asd.service.get_port_service_id()));
- bool is_ssl_none = asd.config->mod_config->check_host_cache_unknown_ssl and asd.get_session_flags(APPID_SESSION_SSL_SESSION) and
+ (asd.ctxt->config->recheck_for_portservice_appid and service_id == asd.service.get_port_service_id()));
+ bool is_ssl_none = asd.ctxt->config->check_host_cache_unknown_ssl and asd.get_session_flags(APPID_SESSION_SSL_SESSION) and
(not(asd.tsession and asd.tsession->get_tls_host() and asd.tsession->get_tls_cname()));
- if (is_appid_none or is_ssl_none or asd.config->mod_config->check_host_port_app_cache)
+ if (is_appid_none or is_ssl_none or asd.ctxt->config->check_host_port_app_cache)
return true;
return false;
}
bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd,
IpProtocol protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id,
AppId& payload_id, AppId& misc_id, AppidChangeBits& change_bits,
- ThirdPartyAppIDModule* tp_appid_ctxt)
+ ThirdPartyAppIdContext* tp_appid_ctxt)
#else
bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd,
IpProtocol protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id,
{
if ( !asd.get_session_flags(APPID_SESSION_PORT_SERVICE_DONE) )
{
- AppId id = asd.config->get_protocol_service_id(protocol);
+ AppId id = asd.ctxt->get_protocol_service_id(protocol);
if (id > APP_ID_NONE)
{
asd.service.set_port_service_id(id);
class AppIdDetector;
class ServiceDetector;
struct ServiceDetectorPort;
-class ThirdPartyAppIDModule;
+class ThirdPartyAppIdContext;
namespace snort
{
#ifdef ENABLE_APPID_THIRD_PARTY
static void do_application_discovery(snort::Packet* p, AppIdInspector&,
- ThirdPartyAppIDModule*);
+ ThirdPartyAppIdContext*);
#else
static void do_application_discovery(snort::Packet* p, AppIdInspector&);
#endif
static bool do_discovery(snort::Packet* p, AppIdSession& asd,
IpProtocol protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id,
AppId& payload_id, AppId& misc_id, AppidChangeBits& change_bits,
- ThirdPartyAppIDModule* tp_appid_ctxt);
+ ThirdPartyAppIdContext* tp_appid_ctxt);
#else
static bool do_discovery(snort::Packet* p, AppIdSession& asd,
IpProtocol protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id,
int num_found = 0;
cmd.cur_ptype = (HttpFieldIds)i;
AppId ret = http_matchers->scan_chp(cmd, &version, &user, &num_found, this,
- asd.config->mod_config);
+ asd.ctxt->config);
total_found += num_found;
if (!ret || num_found < ptype_req_counts[i])
{
using namespace snort;
#ifdef ENABLE_APPID_THIRD_PARTY
-THREAD_LOCAL ThirdPartyAppIDModule* tp_appid_thread_ctxt = nullptr;
+THREAD_LOCAL ThirdPartyAppIdContext* tp_appid_thread_ctxt = nullptr;
#endif
static THREAD_LOCAL PacketTracer::TracerMute appid_mute;
AppIdInspector::~AppIdInspector()
{
- delete active_config;
+ delete ctxt;
delete config;
}
-AppIdConfig* AppIdInspector::get_appid_config()
+AppIdContext* AppIdInspector::get_ctxt()
{
- return active_config;
+ return ctxt;
}
bool AppIdInspector::configure(SnortConfig* sc)
{
- assert(!active_config);
+ assert(!ctxt);
- active_config = new AppIdConfig(const_cast<AppIdModuleConfig*>(config));
+ ctxt = new AppIdContext(const_cast<AppIdConfig*>(config));
my_seh = SipEventHandler::create();
my_seh->subscribe(sc);
- active_config->init_appid(sc);
+ ctxt->init_appid(sc);
#ifdef ENABLE_APPID_THIRD_PARTY
- if (!active_config->get_tp_appid_ctxt())
+ if (!ctxt->get_tp_appid_ctxt())
#endif
{
DataBus::subscribe_global(HTTP_REQUEST_HEADER_EVENT_KEY, new HttpEventHandler(
AppIdStatistics::initialize_manager(*config);
appid_forecast_tinit();
- LuaDetectorManager::initialize(*active_config);
+ LuaDetectorManager::initialize(*ctxt);
AppIdServiceState::initialize(config->memcap);
appidDebug = new AppIdDebug();
- if (active_config->mod_config and active_config->mod_config->log_all_sessions)
+ if (ctxt->config and ctxt->config->log_all_sessions)
appidDebug->set_enabled(true);
}
delete appidDebug;
appidDebug = nullptr;
#ifdef ENABLE_APPID_THIRD_PARTY
- ThirdPartyAppIDModule* tp_appid_ctxt = active_config->get_tp_appid_ctxt();
+ ThirdPartyAppIdContext* tp_appid_ctxt = ctxt->get_tp_appid_ctxt();
if (tp_appid_ctxt)
tp_appid_ctxt->tfini();
#endif
appid_stats.packets++;
#ifdef ENABLE_APPID_THIRD_PARTY
- ThirdPartyAppIDModule* tp_appid_ctxt = active_config->get_tp_appid_ctxt();
+ ThirdPartyAppIdContext* tp_appid_ctxt = ctxt->get_tp_appid_ctxt();
if (tp_appid_thread_ctxt != tp_appid_ctxt)
{
if (tp_appid_thread_ctxt)
delete HttpPatternMatchers::get_instance();
service_dns_host_clean();
service_ssl_clean();
- AppIdConfig::pterm();
+ AppIdContext::pterm();
//end of 'FIXIT-M: RELOAD' comment above
openssl_cleanup();
#ifdef ENABLE_APPID_THIRD_PARTY
void tinit() override;
void tterm() override;
void eval(snort::Packet*) override;
- AppIdConfig* get_appid_config();
+ AppIdContext* get_ctxt();
SipEventHandler& get_sip_event_handler()
{
}
private:
- const AppIdModuleConfig* config = nullptr;
- AppIdConfig* active_config = nullptr;
+ const AppIdConfig* config = nullptr;
+ AppIdContext* ctxt = nullptr;
SipEventHandler* my_seh = nullptr;
};
#ifdef ENABLE_APPID_THIRD_PARTY
-extern THREAD_LOCAL ThirdPartyAppIDModule* tp_appid_thread_ctxt;
+extern THREAD_LOCAL ThirdPartyAppIdContext* tp_appid_thread_ctxt;
#endif
#endif
Swapper::set_reload_in_progress(true);
LogMessage(".. reloading third-party");
AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
- AppIdConfig* config = inspector->get_appid_config();
- config->create_tp_appid_ctxt();
+ AppIdContext* ctxt = inspector->get_ctxt();
+ ctxt->create_tp_appid_ctxt();
Swapper::set_reload_in_progress(false);
}
#else
return &appid_perf_stats;
}
-const AppIdModuleConfig* AppIdModule::get_data()
+const AppIdConfig* AppIdModule::get_data()
{
- AppIdModuleConfig* temp = config;
+ AppIdConfig* temp = config;
config = nullptr;
return temp;
}
if ( config )
return false;
- config = new AppIdModuleConfig;
+ config = new AppIdConfig;
return true;
}
PegCount* get_counts() const override;
snort::ProfileStats* get_profile() const override;
- const AppIdModuleConfig* get_data();
+ const AppIdConfig* get_data();
Usage get_usage() const override
{ return CONTEXT; }
void show_dynamic_stats() override;
private:
- AppIdModuleConfig* config;
+ AppIdConfig* config;
AppIdReloadTuner appid_rrt;
};
AppIdSession::AppIdSession(IpProtocol proto, const SfIp* ip, uint16_t port,
AppIdInspector& inspector)
- : FlowData(inspector_id, &inspector), config(inspector.get_appid_config()),
+ : FlowData(inspector_id, &inspector), ctxt(inspector.get_ctxt()),
protocol(proto)
{
service_ip.clear();
{
if (!in_expected_cache)
{
- if (config->mod_config->stats_logging_enabled)
+ if (ctxt->config->stats_logging_enabled)
AppIdStatistics::get_stats_manager()->update(*this);
// fail any service detection that is in process for this flow
// FIXIT-RC - port parameter passed in as 0 since we may not know client port, verify
AppIdSession* asd = new AppIdSession(proto, cliIp, 0, *inspector);
- asd->common.policyId = asd->config->appIdPolicyId;
if (Stream::set_snort_protocol_id_expected(ctrlPkt, type, proto, cliIp,
cliPort, srvIp, srvPort, snort_protocol_id, asd))
bool AppIdSession::is_tp_appid_done() const
{
#ifdef ENABLE_APPID_THIRD_PARTY
- if (config->get_tp_appid_ctxt())
+ if (ctxt->get_tp_appid_ctxt())
{
if (!tpsession)
return false;
bool AppIdSession::is_tp_appid_available() const
{
#ifdef ENABLE_APPID_THIRD_PARTY
- if (config->get_tp_appid_ctxt())
+ if (ctxt->get_tp_appid_ctxt())
{
if (!tpsession)
return false;
class ServiceDetector;
class AppIdDnsSession;
class AppIdHttpSession;
-class ThirdPartyAppIDSession;
+class ThirdPartyAppIdSession;
using AppIdFreeFCN = void (*)(void*);
uint32_t session_id = 0;
snort::Flow* flow = nullptr;
- AppIdConfig* config;
+ AppIdContext* ctxt;
std::unordered_map<unsigned, AppIdFlowData*> flow_data;
AppInfoManager* app_info_mgr = nullptr;
CommonAppIdData common;
TlsSession* tsession = nullptr;
unsigned scan_flags = 0;
- ThirdPartyAppIDSession* tpsession = nullptr;
+ ThirdPartyAppIdSession* tpsession = nullptr;
uint16_t init_tpPackets = 0;
uint16_t resp_tpPackets = 0;
bool tp_reinspect_by_initiator = false;
return true;
}
- if (asd->config->mod_config->check_host_port_app_cache)
+ if (asd->ctxt->config->check_host_port_app_cache)
return true;
return false;
}
}
-AppIdStatistics::AppIdStatistics(const AppIdModuleConfig& config)
+AppIdStatistics::AppIdStatistics(const AppIdConfig& config)
{
enabled = true;
}
}
-AppIdStatistics* AppIdStatistics::initialize_manager(const AppIdModuleConfig& config)
+AppIdStatistics* AppIdStatistics::initialize_manager(const AppIdConfig& config)
{
if ( !config.stats_logging_enabled )
return nullptr;
#include "utils/sflsq.h"
class AppIdSession;
-class AppIdModuleConfig;
+class AppIdConfig;
struct StatsBucket
{
public:
~AppIdStatistics();
- static AppIdStatistics* initialize_manager(const AppIdModuleConfig&);
+ static AppIdStatistics* initialize_manager(const AppIdConfig&);
static AppIdStatistics* get_stats_manager();
static void cleanup();
void update(AppIdSession&);
void flush();
private:
- AppIdStatistics(const AppIdModuleConfig&);
+ AppIdStatistics(const AppIdConfig&);
time_t get_time()
{
goto udp_done;
}
if ((rval = dns_validate_header(args.dir, (const DNSHeader*)args.data,
- args.config->mod_config->dns_host_reporting, args.asd)) != APPID_SUCCESS)
+ args.ctxt->config->dns_host_reporting, args.asd)) != APPID_SUCCESS)
{
if (rval == APPID_REVERSED)
{
// To get here, we missed the initial query, got a
// response, and now we've got another query.
rval = validate_packet(args.data, args.size, args.dir,
- args.config->mod_config->dns_host_reporting, args.asd);
+ args.ctxt->config->dns_host_reporting, args.asd);
if (rval == APPID_SUCCESS)
goto inprocess;
}
// To get here, we missed the initial query, but now we've got
// a response.
rval = validate_packet(args.data, args.size, args.dir,
- args.config->mod_config->dns_host_reporting, args.asd);
+ args.ctxt->config->dns_host_reporting, args.asd);
if (rval == APPID_SUCCESS)
{
args.asd.set_session_flags(APPID_SESSION_UDP_REVERSED);
}
rval = validate_packet(args.data, args.size, args.dir,
- args.config->mod_config->dns_host_reporting, args.asd);
+ args.ctxt->config->dns_host_reporting, args.asd);
if ((rval == APPID_SUCCESS) && (args.dir == APP_ID_FROM_INITIATOR))
goto inprocess;
uint16_t size = args.size - sizeof(DNSTCPHeader);
uint16_t tmp = ntohs(hdr->length);
if (tmp < sizeof(DNSHeader) || dns_validate_header(args.dir, (const DNSHeader*)data,
- args.config->mod_config->dns_host_reporting, args.asd))
+ args.ctxt->config->dns_host_reporting, args.asd))
{
if (args.dir == APP_ID_FROM_INITIATOR)
goto not_compatible;
if (tmp > size)
goto not_compatible;
rval = validate_packet(data, size, args.dir,
- args.config->mod_config->dns_host_reporting, args.asd);
+ args.ctxt->config->dns_host_reporting, args.asd);
if (rval != APPID_SUCCESS)
goto tcp_done;
}
AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor& cmd, char** version, char** user,
- int* total_found, AppIdHttpSession* hsession, const AppIdModuleConfig* mod_config)
+ int* total_found, AppIdHttpSession* hsession, const AppIdConfig* config)
{
MatchedCHPAction* insert_sweep2 = nullptr;
bool inhibit_modify = false;
else
cmd.sort_chp_matches();
- if (!mod_config->safe_search_enabled)
+ if (!config->safe_search_enabled)
cmd.chp_rewritten[pt] = nullptr;
for ( auto& tmp: cmd.chp_matches[pt] )
hsession->set_skip_simple_detect(true);
break;
case EXTRACT_USER:
- if ( !*user && !mod_config->chp_userid_disabled )
+ if ( !*user && !config->chp_userid_disabled )
{
extract_chp(cmd.buffer[pt], cmd.length[pt], tmp.start_match_pos, match->psize,
match->action_data, user);
struct Packet;
}
class AppIdHttpSession;
-class AppIdModuleConfig;
+class AppIdConfig;
enum httpPatternType
{
void scan_key_chp(ChpMatchDescriptor&);
AppId scan_chp(ChpMatchDescriptor&, char**, char**, int*, AppIdHttpSession*,
- const AppIdModuleConfig*);
+ const AppIdConfig*);
AppId scan_header_x_working_with(const char*, uint32_t, char**);
int get_appid_by_pattern(const char*, unsigned, char**);
bool get_appid_from_url(char*, const char*, char**, const char*, AppId*, AppId*,
};
// Stubs for modules, config
-AppIdModuleConfig::~AppIdModuleConfig() = default;
+AppIdConfig::~AppIdConfig() = default;
AppIdModule::AppIdModule()
: Module("a", "b") { }
AppIdModule::~AppIdModule() = default;
static char* my_action_data = (char*)"0";
static const char* my_chp_data = (const char*)"chp_data";
static int total_found;
-static AppIdModuleConfig mod_config;
+static AppIdConfig config;
static AppId service_id = APP_ID_NONE;
static AppId client_id = APP_ID_NONE;
static DetectorHTTPPattern mpattern;
mchp.mpattern = &chpa_test;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.cur_ptype = RSP_BODY_FID;
- mod_config.safe_search_enabled = false;
+ config.safe_search_enabled = false;
CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdModuleConfig*)&mod_config) == APP_ID_NONE);
+ AppIdConfig*)&config) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
}
mchp.mpattern = &chpa_test;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.cur_ptype = RSP_BODY_FID;
- mod_config.safe_search_enabled = false;
+ config.safe_search_enabled = false;
CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdModuleConfig*)&mod_config) == APP_ID_NONE);
+ AppIdConfig*)&config) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
}
mchp.mpattern = &chpa_test;
mchp.start_match_pos = 0;
cmd_test.cur_ptype = RSP_BODY_FID;
- mod_config.safe_search_enabled = false;
+ config.safe_search_enabled = false;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.buffer[RSP_BODY_FID] = (const char*)"userid\n\rpassword";
cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]);
CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdModuleConfig*)&mod_config) == APP_ID_NONE);
+ AppIdConfig*)&config) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
snort_free(user);
user = nullptr;
// testing REWRITE_FIELD
test_find_all_done = false;
cmd_test.cur_ptype = RSP_BODY_FID;
- mod_config.safe_search_enabled = false;
+ config.safe_search_enabled = false;
chpa_test.action_data = my_action_data;
chpa_test.appIdInstance = APP_ID_NONE;
chpa_test.action = REWRITE_FIELD;
cmd_test.buffer[RSP_BODY_FID] = my_chp_data;
cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]);
CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdModuleConfig*)&mod_config) == APP_ID_NONE);
+ AppIdConfig*)&config) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
snort_free(const_cast<char*>(cmd_test.chp_rewritten[RSP_BODY_FID]));
cmd_test.chp_rewritten[RSP_BODY_FID] = nullptr;
// testing INSERT_FIELD without action_data
test_find_all_done = false;
cmd_test.cur_ptype = RSP_BODY_FID;
- mod_config.safe_search_enabled = false;
+ config.safe_search_enabled = false;
chpa_test.action_data = nullptr;
chpa_test.appIdInstance = APP_ID_NONE;
chpa_test.action = INSERT_FIELD;
cmd_test.buffer[RSP_BODY_FID] = my_chp_data;
cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]);
CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdModuleConfig*)&mod_config) == APP_ID_NONE);
+ AppIdConfig*)&config) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
snort_free(const_cast<char*>(cmd_test.chp_rewritten[RSP_BODY_FID]));
cmd_test.chp_rewritten[RSP_BODY_FID] = nullptr;
// testing INSERT_FIELD with action_data
test_find_all_done = false;
cmd_test.cur_ptype = RSP_BODY_FID;
- mod_config.safe_search_enabled = false;
+ config.safe_search_enabled = false;
chpa_test.action_data = my_action_data;
chpa_test.appIdInstance = APP_ID_NONE;
chpa_test.action = INSERT_FIELD;
cmd_test.buffer[RSP_BODY_FID] = my_chp_data;
cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]);
CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdModuleConfig*)&mod_config) == APP_ID_NONE);
+ AppIdConfig*)&config) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
snort_free(const_cast<char*>(cmd_test.chp_rewritten[RSP_BODY_FID]));
cmd_test.chp_rewritten[RSP_BODY_FID] = nullptr;
mchp.mpattern = &chpa_test;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
cmd_test.cur_ptype = RSP_BODY_FID;
- mod_config.safe_search_enabled = false;
+ config.safe_search_enabled = false;
chpa_test.psize = 1;
mchp.start_match_pos = 0;
cmd_test.buffer[RSP_BODY_FID] = my_chp_data;
cmd_test.length[RSP_BODY_FID] = strlen(cmd_test.buffer[RSP_BODY_FID]);
CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdModuleConfig*)&mod_config) == APP_ID_NONE);
+ AppIdConfig*)&config) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
// testing FUTURE_APPID_SESSION_SIP (default action)
mchp.mpattern = &chpa_test;
cmd_test.chp_matches[RSP_BODY_FID].emplace_back(mchp);
CHECK(hm->scan_chp(cmd_test, &version, &user, &total_found, &hsession, (const
- AppIdModuleConfig*)&mod_config) == APP_ID_NONE);
+ AppIdConfig*)&config) == APP_ID_NONE);
CHECK_EQUAL(true, test_find_all_done);
}
The set of Lua detectors that AppId loads are located in the odp/lua subdirectory of the directory that
contains the mapping configuration file.
-The legacy 'RNA' configuration is processed by the AppIdConfig class. This is currently not supported so
+The legacy 'RNA' configuration is processed by the AppIdContext class. This is currently not supported so
no additional details provided here at this time. This section should be updated once this feature is
supported.
#pragma pack(1)
-class AppIdConfig;
enum class IpProtocol : uint8_t;
struct LengthSequenceEntry
uint8_t protocol = lua_tointeger(L, ++index);
if (port == 0)
- AppIdConfig::ip_protocol[protocol] = appId;
+ AppIdContext::ip_protocol[protocol] = appId;
else if (protocol == 6)
- AppIdConfig::tcp_port_only[port] = appId;
+ AppIdContext::tcp_port_only[port] = appId;
else if (protocol == 17)
- AppIdConfig::udp_port_only[port] = appId;
+ AppIdContext::udp_port_only[port] = appId;
AppInfoManager::get_instance().set_app_info_active(appId);
lua_pop(L, 1);
}
-static lua_State* create_lua_state(const AppIdModuleConfig* mod_config, int is_control)
+static lua_State* create_lua_state(const AppIdConfig* config, int is_control)
{
auto L = luaL_newstate();
{
snprintf(new_lua_path, sizeof(new_lua_path) - 1,
"%s;%s/odp/libs/?.lua;%s/custom/libs/?.lua",
- cur_lua_path, mod_config->app_detector_dir, mod_config->app_detector_dir);
+ cur_lua_path, config->app_detector_dir, config->app_detector_dir);
}
else
{
snprintf(new_lua_path, sizeof(new_lua_path) - 1, "%s/odp/libs/?.lua;%s/custom/libs/?.lua",
- mod_config->app_detector_dir, mod_config->app_detector_dir);
+ config->app_detector_dir, config->app_detector_dir);
}
lua_pop(L, 1);
return L;
}
-LuaDetectorManager::LuaDetectorManager(AppIdConfig& config, int is_control) :
- config(config)
+LuaDetectorManager::LuaDetectorManager(AppIdContext& ctxt, int is_control) :
+ ctxt(ctxt)
{
sflist_init(&allocated_detector_flow_list);
allocated_objects.clear();
cb_detectors.clear();
- L = create_lua_state(config.mod_config, is_control);
+ L = create_lua_state(ctxt.config, is_control);
if (is_control == 1)
init_chp_glossary();
}
cb_detectors.clear(); // do not free Lua objects in cb_detectors
}
-void LuaDetectorManager::initialize(AppIdConfig& config, int is_control)
+void LuaDetectorManager::initialize(AppIdContext& ctxt, int is_control)
{
// FIXIT-M: RELOAD - When reload is supported, remove this line which prevents re-initialize
if (lua_detector_mgr)
return;
- lua_detector_mgr = new LuaDetectorManager(config, is_control);
+ lua_detector_mgr = new LuaDetectorManager(ctxt, is_control);
if (!lua_detector_mgr->L)
FatalError("Error - appid: can not create new luaState, instance=%u\n",
lua_detector_mgr->initialize_lua_detectors();
lua_detector_mgr->activate_lua_detectors();
- if (config.mod_config->debug)
+ if (ctxt.config->debug)
lua_detector_mgr->list_lua_detectors();
}
void LuaDetectorManager::initialize_lua_detectors()
{
char path[PATH_MAX];
- const char* dir = config.mod_config->app_detector_dir;
+ const char* dir = ctxt.config->app_detector_dir;
if ( !dir )
return;
#include "application_ids.h"
-class AppIdConfig;
+class AppIdContext;
class AppIdDetector;
struct DetectorFlow;
class LuaObject;
class LuaDetectorManager
{
public:
- LuaDetectorManager(AppIdConfig&, int);
+ LuaDetectorManager(AppIdContext&, int);
~LuaDetectorManager();
- static void initialize(AppIdConfig&, int is_control=0);
+ static void initialize(AppIdContext&, int is_control=0);
static void terminate();
static void add_detector_flow(DetectorFlow*);
static void free_detector_flows();
void load_detector(char* detectorName, bool isCustom);
void load_lua_detectors(const char* path, bool isCustom);
- AppIdConfig& config;
+ AppIdContext& ctxt;
std::list<LuaObject*> allocated_objects;
size_t num_odp_detectors = 0;
std::map<AppId, LuaObject*> cb_detectors;
}
AppIdDnsSession* dsession = asd.get_dns_session();
- if (asd.service.get_id() == APP_ID_DNS && asd.config->mod_config->dns_host_reporting
+ if (asd.service.get_id() == APP_ID_DNS && asd.ctxt->config->dns_host_reporting
&& dsession->get_host())
{
AppId client_id = APP_ID_NONE;
#include "appid_types.h"
-class AppIdConfig;
class AppIdSession;
class ServiceDetector;
class ServiceDiscoveryState;
ret_val = validate_reply(args.data, args.size);
if (ret_val == 1)
{
- if (args.config->mod_config->mdns_user_reporting)
+ if (args.ctxt->config->mdns_user_reporting)
{
analyze_user(args.asd, args.pkt, args.size);
destroy_match_list();
}
/* Give up if it's taking us too long to figure out this thing. */
- if (args.asd.session_packet_count >= args.asd.config->mod_config->rtmp_max_packets)
+ if (args.asd.session_packet_count >= args.asd.ctxt->config->rtmp_max_packets)
{
goto fail;
}
if ( ss->pageUrl )
{
if ( !hsession->get_field(REQ_REFERER_FID) &&
- !args.asd.config->mod_config->referred_appId_disabled )
+ !args.asd.ctxt->config->referred_appId_disabled )
hsession->set_field(REQ_REFERER_FID, new std::string(ss->pageUrl), args.change_bits);
snort_free(ss->pageUrl);
ProfileStats* AppIdModule::get_profile() const { return nullptr; }
// Stubs for config
-AppIdModuleConfig::~AppIdModuleConfig() {}
-static AppIdModuleConfig app_config;
-static AppIdConfig my_app_config(&app_config);
-AppId AppIdConfig::get_port_service_id(IpProtocol, uint16_t)
+AppIdConfig::~AppIdConfig() {}
+static AppIdConfig app_config;
+static AppIdContext app_ctxt(&app_config);
+AppId AppIdContext::get_port_service_id(IpProtocol, uint16_t)
{
return APP_ID_NONE;
}
-AppId AppIdConfig::get_protocol_service_id(IpProtocol)
+AppId AppIdContext::get_protocol_service_id(IpProtocol)
{
return APP_ID_NONE;
}
void AppIdInspector::show(SnortConfig*) { }
void AppIdInspector::tinit() { }
void AppIdInspector::tterm() { }
-AppIdConfig* AppIdInspector::get_appid_config()
+AppIdContext* AppIdInspector::get_ctxt()
{
- my_app_config.mod_config = &app_config;
- return &my_app_config;
+ app_ctxt.config = &app_config;
+ return &app_ctxt;
}
// Stubs for AppInfoManager
{
return 0;
}
-bool do_tp_discovery(ThirdPartyAppIDModule& , AppIdSession&, IpProtocol,
+bool do_tp_discovery(ThirdPartyAppIdContext& , AppIdSession&, IpProtocol,
Packet*, AppidSessionDirection&, AppidChangeBits&)
{
return true;
Flow* flow = new Flow;
flow->set_flow_data(asd);
p.flow = flow;
- asd->config = &my_app_config;
+ asd->ctxt = &app_ctxt;
asd->common.initiator_port = 21;
asd->common.initiator_ip.set("1.2.3.4");
asd->set_session_flags(APPID_SESSION_IGNORE_FLOW);
Flow* flow = new Flow;
flow->set_flow_data(asd);
p.flow = flow;
- asd->config = &my_app_config;
+ asd->ctxt = &app_ctxt;
asd->common.initiator_port = 21;
asd->common.initiator_ip.set("1.2.3.4");
flow->set_flow_data(asd);
p.flow = flow;
p.ptrs.tcph = nullptr;
- asd->config = &my_app_config;
+ asd->ctxt = &app_ctxt;
asd->common.initiator_port = 21;
asd->common.initiator_ip.set("1.2.3.4");
asd->misc_app_id = APP_ID_NONE;
}
AppId HttpPatternMatchers::scan_chp(ChpMatchDescriptor&, char**, char**,
- int*, AppIdHttpSession*, const AppIdModuleConfig*)
+ int*, AppIdHttpSession*, const AppIdConfig*)
{
return 0;
}
#include "service_inspectors/http_inspect/http_msg_header.h"
class Inspector;
-struct ThirdPartyAppIDModule;
+struct ThirdPartyAppIdContext;
-AppIdConfig* pAppidActiveConfig = nullptr;
-ThirdPartyAppIDModule* tp_appid_module = nullptr;
+ThirdPartyAppIdContext* tp_appid_ctxt = nullptr;
namespace snort
{
// 4th if in is_appid_inspecting_session
mock_session->set_tp_app_id(APP_ID_NONE);
- mock_session->config->mod_config->check_host_port_app_cache = true;
+ mock_session->ctxt->config->check_host_port_app_cache = true;
val = appid_session_api->is_appid_inspecting_session();
CHECK_TRUE(val);
}
{
mock_init_appid_pegs();
mock_session = new AppIdSession(IpProtocol::TCP, nullptr, 1492, appid_inspector);
- AppIdModuleConfig *mod_config = new AppIdModuleConfig();
- mock_session->config = new AppIdConfig(mod_config);
+ AppIdConfig *config = new AppIdConfig();
+ mock_session->ctxt = new AppIdContext(config);
int rc = CommandLineTestRunner::RunAllTests(argc, argv);
mock_cleanup_appid_pegs();
return rc;
TPLibHandler* tph = nullptr;
-AppIdModuleConfig::~AppIdModuleConfig() { }
+AppIdConfig::~AppIdConfig() { }
TEST_GROUP(tp_lib_handler)
{
TEST(tp_lib_handler, load_unload)
{
- AppIdModuleConfig config;
+ AppIdConfig config;
config.tp_appid_path="./libtp_mock.so";
config.tp_appid_config="./tp.config";
tph = TPLibHandler::get();
- ThirdPartyAppIDModule* tpm = TPLibHandler::create_tp_appid_ctxt(config);
- CHECK_TRUE(tpm != nullptr);
+ ThirdPartyAppIdContext* ctxt = TPLibHandler::create_tp_appid_ctxt(config);
+ CHECK_TRUE(ctxt != nullptr);
TpAppIdCreateSession asf = tph->tpsession_factory();
- ThirdPartyAppIDSession* tpsession = asf(*tpm);
+ ThirdPartyAppIdSession* tpsession = asf(*ctxt);
CHECK_TRUE(tpsession != nullptr);
delete tpsession;
- delete tpm;
+ delete ctxt;
TPLibHandler::pfini();
}
TEST(tp_lib_handler, load_error)
{
// Trigger load error:
- AppIdModuleConfig config;
+ AppIdConfig config;
config.tp_appid_path="nonexistent.so";
TPLibHandler::get();
- ThirdPartyAppIDModule* tpm = TPLibHandler::create_tp_appid_ctxt(config);
- CHECK_TRUE(tpm == nullptr);
+ ThirdPartyAppIdContext* ctxt = TPLibHandler::create_tp_appid_ctxt(config);
+ CHECK_TRUE(ctxt == nullptr);
TPLibHandler::pfini();
}
using namespace snort;
using namespace std;
-class ThirdPartyAppIDModuleImpl : public ThirdPartyAppIDModule
+class ThirdPartyAppIdContextImpl : public ThirdPartyAppIdContext
{
public:
- ThirdPartyAppIDModuleImpl(uint32_t ver, const char* mname, ThirdPartyConfig& config)
- : ThirdPartyAppIDModule(ver, mname, config)
+ ThirdPartyAppIdContextImpl(uint32_t ver, const char* mname, ThirdPartyConfig& config)
+ : ThirdPartyAppIdContext(ver, mname, config)
{
cerr << WhereMacro << endl;
}
- ~ThirdPartyAppIDModuleImpl()
+ ~ThirdPartyAppIdContextImpl()
{
cerr << WhereMacro << endl;
}
int tfini() override { return 0; }
};
-class ThirdPartyAppIDSessionImpl : public ThirdPartyAppIDSession
+class ThirdPartyAppIdSessionImpl : public ThirdPartyAppIdSession
{
public:
- ThirdPartyAppIDSessionImpl(ThirdPartyAppIDModule& ctxt)
- : ThirdPartyAppIDSession(ctxt)
+ ThirdPartyAppIdSessionImpl(ThirdPartyAppIdContext& ctxt)
+ : ThirdPartyAppIdSession(ctxt)
{ }
bool reset() override { return 1; }
void delete_with_ctxt() override { delete this; }
// once the .so has been loaded.
extern "C"
{
- SO_PUBLIC ThirdPartyAppIDModuleImpl* tp_appid_create_ctxt(ThirdPartyConfig& config)
+ SO_PUBLIC ThirdPartyAppIdContextImpl* tp_appid_create_ctxt(ThirdPartyConfig& config)
{
- return new ThirdPartyAppIDModuleImpl(2,"foobar", config);
+ return new ThirdPartyAppIdContextImpl(3,"foobar", config);
}
- SO_PUBLIC ThirdPartyAppIDSessionImpl* tp_appid_create_session(ThirdPartyAppIDModule& ctxt)
+ SO_PUBLIC ThirdPartyAppIdSessionImpl* tp_appid_create_session(ThirdPartyAppIdContext& ctxt)
{
- return new ThirdPartyAppIDSessionImpl(ctxt);
+ return new ThirdPartyAppIdSessionImpl(ctxt);
}
SO_PUBLIC int tp_appid_pfini()
#include <string>
#include "tp_appid_types.h"
-#define THIRD_PARTY_APP_ID_API_VERSION 2
+#define THIRD_PARTY_APP_ID_API_VERSION 3
class ThirdPartyConfig
{
}
};
-class ThirdPartyAppIDModule
+class ThirdPartyAppIdContext
{
public:
- ThirdPartyAppIDModule(uint32_t ver, const char* mname, ThirdPartyConfig& config)
+ ThirdPartyAppIdContext(uint32_t ver, const char* mname, ThirdPartyConfig& config)
: version(ver), name(mname), cfg(config) { }
- virtual ~ThirdPartyAppIDModule() { }
+ virtual ~ThirdPartyAppIdContext() { }
uint32_t api_version() const { return version; }
const std::string& module_name() const { return name; }
private:
// No implicit constructor as derived classes need to provide
// version and name.
- ThirdPartyAppIDModule() : version(0), name("") { }
+ ThirdPartyAppIdContext() : version(0), name("") { }
};
#endif
struct Packet;
}
-class ThirdPartyAppIDModule;
+class ThirdPartyAppIdContext;
-class ThirdPartyAppIDSession
+class ThirdPartyAppIdSession
{
public:
- ThirdPartyAppIDSession(ThirdPartyAppIDModule& ctxt)
+ ThirdPartyAppIdSession(ThirdPartyAppIdContext& ctxt)
: appid(APP_ID_NONE), confidence(100), state(TP_STATE_INIT), ctxt(ctxt) { }
- virtual ~ThirdPartyAppIDSession() { }
+ virtual ~ThirdPartyAppIdSession() { }
virtual bool reset() = 0; // just reset state
virtual void delete_with_ctxt() = 0;
virtual void set_attr(TPSessionAttr) = 0;
virtual unsigned get_attr(TPSessionAttr) = 0;
virtual AppId get_appid(int& conf) { conf=confidence; return appid; }
- virtual const ThirdPartyAppIDModule* get_ctxt() const
+ virtual const ThirdPartyAppIdContext* get_ctxt() const
{ return &ctxt; }
protected:
AppId appid;
int confidence;
TPState state;
- const ThirdPartyAppIDModule& ctxt;
+ const ThirdPartyAppIdContext& ctxt;
};
#endif
// Consider passing all the metadata pointers (e.g. host, url, etc.)
// to AppIdHttpSession directly from the thirdparty.so callbacks.
//
-// Or, register observers with THirdPartyAppIDAttributeData and modify the
+// Or, register observers with ThirdPartyAppIDAttributeData and modify the
// set functions to copy the tp buffers directly into the appropriate observer.
//
// Or, replace ThirdParty with 1st Party http_inspect.
LogMessage("AppIdDbg %s HTTP response upgrade is %s\n",
appidDebug->get_debug_session(),field->c_str());
- if (asd.config->mod_config->http2_detection_enabled)
+ if (asd.ctxt->config->http2_detection_enabled)
{
const std::string* rc = hsession->get_field(MISC_RESP_CODE_FID);
if ( rc && *rc == "101" )
}
}
- if ( !asd.config->mod_config->referred_appId_disabled &&
+ if ( !asd.ctxt->config->referred_appId_disabled &&
!hsession->get_field(REQ_REFERER_FID) )
{
if ( ( field=attribute_data.http_request_referer(own) ) != nullptr )
}
if ( hsession->get_field(MISC_URL_FID) || (confidence == 100 &&
- asd.session_packet_count > asd.config->mod_config->rtmp_max_packets) )
+ asd.session_packet_count > asd.ctxt->config->rtmp_max_packets) )
{
const std::string* url;
if ( ( url = hsession->get_field(MISC_URL_FID) ) != nullptr )
const string* field = 0;
int reinspect_ssl_appid = 0;
- // if (tp_appid_module && asd.tpsession)
tmpAppId = asd.tpsession->get_appid(tmpConfidence);
asd.set_session_flags(APPID_SESSION_SSL_SESSION);
ThirdPartyAppIDAttributeData& attribute_data)
{
const string* field=0;
- if (!asd.config->mod_config->ftp_userid_disabled &&
+ if (!asd.ctxt->config->ftp_userid_disabled &&
(field=attribute_data.ftp_command_user()) != nullptr)
{
asd.client.update_user(APP_ID_FTP_CONTROL, field->c_str());
{
AppIdHttpSession* hsession = asd.get_http_session();
- if ((tpPktCount >= asd.config->mod_config->max_tp_flow_depth) ||
+ if ((tpPktCount >= asd.ctxt->config->max_tp_flow_depth) ||
(asd.get_session_flags(APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) ==
(APPID_SESSION_HTTP_SESSION | APPID_SESSION_APP_REINSPECT) &&
hsession->get_field(REQ_URI_FID) &&
}
}
-bool do_tp_discovery(ThirdPartyAppIDModule& tp_module, AppIdSession& asd, IpProtocol protocol,
+bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession& asd, IpProtocol protocol,
Packet* p, AppidSessionDirection& direction, AppidChangeBits& change_bits)
{
AppId tp_app_id = asd.get_tp_app_id();
/*** Start of third-party processing. ***/
bool isTpAppidDiscoveryDone = false;
- if (p->dsize || asd.config->mod_config->tp_allow_probes)
+ if (p->dsize || asd.ctxt->config->tp_allow_probes)
{
//restart inspection by 3rd party
if (!asd.tp_reinspect_by_initiator && (direction == APP_ID_FROM_INITIATOR) &&
if (!asd.is_tp_processing_done())
{
if (protocol != IpProtocol::TCP || (p->packet_flags & PKT_STREAM_ORDER_OK)
- || asd.config->mod_config->tp_allow_probes)
+ || asd.ctxt->config->tp_allow_probes)
{
int tp_confidence;
ThirdPartyAppIDAttributeData tp_attribute_data;
{
const TPLibHandler* tph = TPLibHandler::get();
TpAppIdCreateSession tpsf = tph->tpsession_factory();
- if ( !(asd.tpsession = tpsf(tp_module)) )
+ if ( !(asd.tpsession = tpsf(tp_appid_ctxt)) )
ErrorMessage("Could not allocate asd.tpsession data");
}
class AppIdSession;
-bool do_tp_discovery(ThirdPartyAppIDModule& tp_module, AppIdSession&, IpProtocol, snort::Packet*,
+bool do_tp_discovery(ThirdPartyAppIdContext& tp_appid_ctxt, AppIdSession&, IpProtocol, snort::Packet*,
AppidSessionDirection&, AppidChangeBits&);
#endif
return true;
}
-ThirdPartyAppIDModule* TPLibHandler::create_tp_appid_ctxt(const AppIdModuleConfig& config)
+ThirdPartyAppIdContext* TPLibHandler::create_tp_appid_ctxt(const AppIdConfig& config)
{
assert(self != nullptr);
tp_config.http_upgrade_reporting_enabled = 0;
tp_config.http_response_version_enabled = config.http_response_version_enabled;
- ThirdPartyAppIDModule* tp_appid_ctxt = self->tp_appid_create_ctxt(tp_config);
+ ThirdPartyAppIdContext* tp_appid_ctxt = self->tp_appid_create_ctxt(tp_config);
if (tp_appid_ctxt == nullptr)
{
ErrorMessage("Failed to create third party appId context.\n");
#include "tp_appid_module_api.h"
#include "tp_appid_session_api.h"
-class AppIdModuleConfig;
+class AppIdConfig;
// This needs to be exported by any third party .so library.
// Must return NULL if it fails to create the object.
-typedef ThirdPartyAppIDModule* (* TpAppIdCreateCtxt)(ThirdPartyConfig& );
-typedef ThirdPartyAppIDSession* (* TpAppIdCreateSession)(ThirdPartyAppIDModule& ctxt);
+typedef ThirdPartyAppIdContext* (* TpAppIdCreateCtxt)(ThirdPartyConfig& );
+typedef ThirdPartyAppIdSession* (* TpAppIdCreateSession)(ThirdPartyAppIdContext& ctxt);
typedef int (* TpAppIdPfini)();
typedef int (* TpAppIdTfini)();
return (self = new TPLibHandler());
}
- static ThirdPartyAppIDModule* create_tp_appid_ctxt(const AppIdModuleConfig& config);
+ static ThirdPartyAppIdContext* create_tp_appid_ctxt(const AppIdConfig& config);
static void tfini();
static void pfini();
projects / thirdparty / snort3.git / commitdiff
