static void appid_inspector_pterm()
{
-//FIXIT-M: RELOAD - if app_info_table is associated with an object
AppIdContext::pterm();
-//end of 'FIXIT-M: RELOAD' comment above
openssl_cleanup();
TPLibHandler::pfini();
}
SnortProtocolId tmp_snort_protocol_id = entry->snort_protocol_id;
// A particular APP_ID_xxx may not be assigned a service_snort_key value
- // in the rna_app.yaml file entry; so ignore the snort_protocol_id ==
+ // in the appMapping.data file entry; so ignore the snort_protocol_id ==
// UNKNOWN_PROTOCOL_ID case.
if (tmp_snort_protocol_id != snort_protocol_id)
{
#define APPID_SESSION_MID (1ULL << 9)
#define APPID_SESSION_OOO (1ULL << 10)
#define APPID_SESSION_SYN_RST (1ULL << 11)
-/**Service missed the first UDP packet in a flow. This causes detectors to see traffic in reverse direction.
- * Detectors should set this flag by verifying that packet from initiator is indeed a packet from responder.
- * Setting this flag without this check will cause RNA to not try other detectors in some cases (see bug 77551).*/
+// Service missed the first UDP packet in a flow. This causes detectors to see traffic in reverse direction.
#define APPID_SESSION_UDP_REVERSED (1ULL << 12)
#define APPID_SESSION_HTTP_SESSION (1ULL << 13)
/**Service protocol was detected */
{
bool isTpAppidDiscoveryDone = false;
AppInfoTableEntry* entry;
- uint32_t prevRnaClientState = asd.client_disco_state;
+ uint32_t prev_client_state = asd.client_disco_state;
bool was_service = asd.is_service_detected();
AppId tp_app_id = asd.get_tp_app_id();
asd.client_disco_state = APPID_DISCO_STATE_STATEFUL;
}
- //stop rna inspection as soon as tp has classified a valid AppId
+ //stop inspection as soon as tp has classified a valid AppId
if ( tp_app_id > APP_ID_NONE and
( asd.client_disco_state == APPID_DISCO_STATE_STATEFUL or
asd.client_disco_state == APPID_DISCO_STATE_DIRECT ) and
- asd.client_disco_state == prevRnaClientState and
+ asd.client_disco_state == prev_client_state and
!asd.get_session_flags(APPID_SESSION_NO_TPI) and
asd.is_tp_appid_available() )
{
}
/**Get packet count. This is used mostly for printing packet sequence
- * number when RNA is being tested with a pcap file.
+ * number when appid is being tested with a pcap file.
* Callback could be used either at init or during packet processing
*
* @param Lua_State* - Lua state variable.
* @param detector/stack - detector object
* @return int - Number of elements on stack, which is 1 if successful, 0 otherwise.
- * @return packetCount/stack - Total packet processed by RNA.
+ * @return packetCount/stack - Total packet processed by appid.
**/
static int detector_get_packet_count(lua_State* L)
{
* @param Lua_State* - Lua state variable.
* @param detector/stack - detector object
* @return int - Number of elements on stack, which is 1 if successful, 0 otherwise.
- * @return packetCount/stack - Total packet processed by RNA.
+ * @return packetCount/stack - Total packet processed by appid.
* @todo maintain a single copy and return the same copy with every call to Detector_getFlow().
*/
static int detector_get_flow(lua_State* L)
// (below)
{ "getProtocolType", detector_get_protocol_type }, // - "getProtocolType" is now
// "getL4Protocol" (below)
- { "inCompatibleData", service_set_incompatible_data }, // - "inCompatibleData" is
- // now "markIncompleteData"
- // (below)
- { "addDataId", service_add_data_id }, // - "addDataId" is now
- // "addAppIdDataToFlow"
- // (below)
- { "service_inCompatibleData", service_set_incompatible_data }, // - "service_inCompatibleData"
- // is now
- // "service_markIncompleteData"
- // (below)
- { "service_addDataId", service_add_data_id }, // - "service_addDataId" is
- // now
- // "service_addAppIdDataToFlow"
- // (below)
{ "getPacketSize", detector_get_packet_size },
{ "getPacketDir", detector_get_packet_direction },
/*Obsolete - new detectors should not use this API */
{ "init", service_init },
{ "registerPattern", service_register_pattern },
- { "getServiceID", service_get_service_id },
{ "addPort", service_add_ports },
- { "removePort", service_remove_ports },
- { "setServiceName", service_set_service_name },
- { "getServiceName", service_get_service_name },
- { "isCustomDetector", service_is_custom_detector },
- { "setValidator", service_set_validator },
{ "addService", service_add_service },
{ "failService", service_fail_service },
{ "inProcessService", service_in_process_service },
- { "markIncompleteData", service_set_incompatible_data },
{ "analyzePayload", service_analyze_payload },
- { "addAppIdDataToFlow", service_add_data_id },
/*service API */
{ "service_init", service_init },
/* Garbage collector hook function. Called when Lua side garbage collects detector
* api instance. Current design is to allocate one of each luaState, detector and
- * detectorUserData buffers, and hold these buffers till RNA exits. SigHups processing
- * reuses the buffers and calls DetectorInit to reinitialize. RNA ensures that
+ * detectorUserData buffers, and hold these buffers till appid exits. SigHups processing
+ * reuses the buffers and calls DetectorInit to reinitialize. AppId ensures that
* UserData<LuaDetectionState> is not garbage collected, by creating a reference in LUA_REGISTRY
- * table. The reference is released only on RNA exit.
+ * table. The reference is released only on appid exit.
*
* If in future, one needs to free any of these buffers then one should consider
* references to detector buffer in ServiceDetector stored in flows and hostServices
* data structures. Other detectors at this time create one static instance for the
- * lifetime of RNA, and therefore we have adopted the same principle for Lua Detectors.
+ * lifetime of appid, and therefore we have adopted the same principle for Lua Detectors.
*/
static int Detector_gc(lua_State*)
{
return out;
}
-/**Creates a user data for a flow.
- *
- * @param Lua_State* - Lua state variable.
- * @param detector/stack - detector object
- * @param srcAddress/stack - source address of the flow
- * @param srcPort/stack - source port of the the flow
- * @param dstAddress/stack - destination address of the flow.
- * @param dstPort/stack - detector port of the flow.
- * @param proto/stack - protocol type. See defined IPPROTO_xxxx in /usr/include/netinet/in.h
- * @return int - Number of elements on stack, which is 1 if successful, 0 otherwise.
- * @return UserData<DetectorFlow>/stack - A userdata representing UserData<DetectorFlow>.
- */
-static int create_detector_flow(lua_State* L)
-{
- SfIp saddr;
- SfIp daddr;
-
- AppIdDetector* ud = *UserData<AppIdDetector>::check(L, DETECTOR, 1);
- // Verify detector user data and that we are in packet context
- LuaStateDescriptor* lsd = ud->validate_lua_state(true);
-
- const char* pattern = lua_tostring(L, 2);
- size_t patternLen = lua_strlen (L, 2);
-
- if (patternLen == 16)
- {
- if (saddr.set(pattern, AF_INET6) != SFIP_SUCCESS)
- return 0;
- }
- else if (patternLen == 4)
- {
- if (saddr.set(pattern, AF_INET) != SFIP_SUCCESS)
- return 0;
- }
- else
- {
- return 0;
- }
- pattern = lua_tostring(L, 3);
- patternLen = lua_strlen (L, 3);
-
- if (patternLen == 16)
- {
- if (daddr.set(pattern, AF_INET6) != SFIP_SUCCESS)
- return 0;
- }
- else if (patternLen == 4)
- {
- if (daddr.set(pattern, AF_INET) != SFIP_SUCCESS)
- return 0;
- }
- else
- {
- return 0;
- }
-
- uint16_t sport = lua_tonumber(L, 4);
- uint16_t dport = lua_tonumber(L, 5);
- IpProtocol proto = (IpProtocol)lua_tonumber(L, 6);
-
- auto detector_flow = new DetectorFlow(L, AppIdSession::create_future_session(lsd->ldp.pkt, &saddr, sport,
- &daddr, dport, proto, 0));
- UserData<DetectorFlow>::push(L, DETECTORFLOW, detector_flow);
-
- lua_pushvalue(L, -1);
- detector_flow->userDataRef = luaL_ref(L, LUA_REGISTRYINDEX);
-
- odp_thread_local_ctxt->get_lua_detector_mgr().set_detector_flow(detector_flow);
-
- if (!detector_flow->asd)
- {
- /*calloced buffer will be freed later after the current packet is processed. */
- lua_pop(L, 1);
- return 0;
- }
-
- return 1;
-}
-
/**Sets a flow flag
*
* @param Lua_State* - Lua state variable.
return 0;
}
-/**Set service id on a flow
- * If function is implemented, then
- * verify detector user data and that we are in packet context
- *
- * @param Lua_State* - Lua state variable.
- * @param detectorFlow/stack - UserData<DetectorFlow> object
- * @param serviceId/stack - service Id to be set on a flow.
- * @return int - Number of elements on stack, which is 0.
- */
-static int set_detector_flow_service_id(lua_State*)
-{ return 0; }
-
-/**Set client application id on a flow, during packet processing
- * If function is implemented, then
- * verify detector user data and that we are in packet context
- *
- * @param Lua_State* - Lua state variable.
- * @param detectorFlow/stack - UserData<DetectorFlow> object
- * @param applId/stack - client application Id to be set on a flow.
- * @return int - Number of elements on stack, which is 0.
- */
-static int set_detecter_flow_cln_app_id(lua_State*)
-{
- return 0;
-}
-
-/**Set client application type id on a flow, during packet processing
- * If function is implemented, then
- * verify detector user data and that we are in packet context
- *
- * @param Lua_State* - Lua state variable.
- * @param detectorFlow/stack - UserData<DetectorFlow> object
- * @param applTypeId/stack - client application type id to be set on a flow.
- * @return int - Number of elements on stack, which is 0.
- */
-static int set_detector_flow_cln_app_type(lua_State*)
-{
- return 0;
-}
-
/**Design: For simplicity reason I am passing flowkey (20 bytes) to lua detectors.
* The key is used to index into local lua table and get any flow specific data that a detector needs.
* This approach avoids embedding lua detector data into core engine flow data structure.
static const luaL_Reg detector_flow_api[] =
{
- /* Obsolete API names. No longer use these! They are here for backward
- * compatibility and will eventually be removed. */
- /* - "new" is now "createFlow" (below) */
- { "new", create_detector_flow },
- { "createFlow", create_detector_flow },
{ "setFlowFlag", set_detector_flow_flag },
{ "getFlowFlag", get_detector_flow_flag },
{ "clearFlowFlag", clear_detector_flow_flag },
- { "setFlowServiceId", set_detector_flow_service_id },
- { "setFlowClnAppId", set_detecter_flow_cln_app_id },
- { "setFlowClnAppType", set_detector_flow_cln_app_type },
{ "getFlowKey", get_detector_flow_key },
{ nullptr, nullptr }
};
* of memory allocated to RNA (fraction of total system memory) and number of detectors
* loaded in database. Calculations are based on CAICCI detector and observing memory
* consumption per tracker.
- * @param rnaMemory - total memory RNA is allowed to use. This is calculated as a fraction of
- * total system memory.
* @param numDetectors - number of lua detectors present in database.
*/
static inline void set_lua_tracker_size(lua_State* L, uint32_t numTrackers)
return;
}
- // FIXIT-M: RELOAD - When reload is supported, we might need to make these unique
- // from one reload to the next reload, e.g., "odp_FOO_1", "odp_FOO_2", etc.
- // Alternatively, conflicts between reload may be avoided if a new lua state is
- // created separately, then swapped and free old state.
char detectorName[MAX_LUA_DETECTOR_FILENAME_LEN];
#ifdef HAVE_BASENAME_R
char detector_res[MAX_LUA_DETECTOR_FILENAME_LEN];
return detector_flow;
}
void free_detector_flow();
- // FIXIT-M: RELOAD - When reload is supported, move this variable to a separate location
lua_State* L;
bool insert_cb_detector(AppId app_id, LuaObject* ud);
LuaObject* get_cb_detector(AppId app_id);
/**Perform pattern match of a packet and construct a list of services sorted in order of
* precedence criteria. Criteria is count and then size. The first service in the list is
* returned. The list itself is saved in ServiceDiscoveryState. If
- * appId is already identified, then use it instead of searching again. RNA will capability
+ * appId is already identified, then use it instead of searching again. AppId has capability
* to try out other inferior matches. If appId is unknown i.e. searched and not found by FRE then
- * don't do any pattern match. This is a way degrades RNA detector selection if FRE is running on
- * this sensor.
+ * don't do any pattern match. This is a way to degrade detector if FRE is running.
*/
void ServiceDiscovery::match_by_pattern(AppIdSession& asd, const Packet* pkt, IpProtocol proto)
{
AppidSessionDirection direction, AppidChangeBits& change_bits)
{
bool isTpAppidDiscoveryDone = false;
- uint32_t prevRnaServiceState = asd.service_disco_state;
+ uint32_t prev_service_state = asd.service_disco_state;
AppId tp_app_id = asd.get_tp_app_id();
if (asd.service_disco_state == APPID_DISCO_STATE_NONE && p->dsize)
asd.service_disco_state = APPID_DISCO_STATE_STATEFUL;
}
- //stop rna inspection as soon as tp has classified a valid AppId later in the session
+ //stop inspection as soon as tp has classified a valid AppId later in the session
if ( tp_app_id > APP_ID_NONE and
asd.service_disco_state == APPID_DISCO_STATE_STATEFUL and
- prevRnaServiceState == APPID_DISCO_STATE_STATEFUL and
+ prev_service_state == APPID_DISCO_STATE_STATEFUL and
!asd.get_session_flags(APPID_SESSION_NO_TPI) and
asd.is_tp_appid_available() )
{
{
identify_service(asd, p, direction, change_bits);
isTpAppidDiscoveryDone = true;
- //to stop executing validator after service has been detected by RNA.
+ //to stop executing validator after service has been detected
if (asd.get_session_flags(APPID_SESSION_SERVICE_DETECTED |
APPID_SESSION_CONTINUE) == APPID_SESSION_SERVICE_DETECTED)
{
projects / thirdparty / snort3.git / commitdiff
