odp_thread_local_ctxt = nullptr;
}
-bool AppIdContext::init_appid(SnortConfig* sc)
+bool AppIdContext::init_appid(SnortConfig* sc, AppIdInspector& inspector)
{
// do not reload ODP on reload_config()
if (!odp_ctxt)
static bool once = false;
if (!once)
{
- odp_ctxt->get_client_disco_mgr().initialize();
- odp_ctxt->get_service_disco_mgr().initialize();
+ odp_ctxt->get_client_disco_mgr().initialize(inspector);
+ odp_ctxt->get_service_disco_mgr().initialize(inspector);
odp_thread_local_ctxt->initialize(*this, true);
- odp_ctxt->initialize();
+ odp_ctxt->initialize(inspector);
// do not reload third party on reload_config()
if (!tp_appid_ctxt)
version = next_version++;
}
-void OdpContext::initialize()
+void OdpContext::initialize(AppIdInspector& inspector)
{
- service_pattern_detector->finalize_service_port_patterns();
- client_pattern_detector->finalize_client_port_patterns();
+ service_pattern_detector->finalize_service_port_patterns(inspector);
+ client_pattern_detector->finalize_client_port_patterns(inspector);
service_disco_mgr.finalize_service_patterns();
client_disco_mgr.finalize_client_patterns();
http_matchers.finalize_patterns();
PROTO_INDEX_MAX
};
+class AppIdInspector;
class PatternClientDetector;
class PatternServiceDetector;
uint16_t max_packet_service_fail_ignore_bytes = MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES;
OdpContext(const AppIdConfig&, snort::SnortConfig*);
- void initialize();
+ void initialize(AppIdInspector& inspector);
void reload();
uint32_t get_version() const
void create_odp_ctxt();
void create_tp_appid_ctxt();
- bool init_appid(snort::SnortConfig*);
+ bool init_appid(snort::SnortConfig*, AppIdInspector&);
static void pterm();
void show() const;
#include "appid_detector.h"
-#include "managers/inspector_manager.h"
#include "protocols/packet.h"
#include "app_info_table.h"
using namespace snort;
-int AppIdDetector::initialize()
+int AppIdDetector::initialize(AppIdInspector& inspector)
{
if ( !tcp_patterns.empty() )
for (auto& pat : tcp_patterns)
if (!appid_registry.empty())
{
- AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME);
- assert(inspector);
- AppIdContext& ctxt = inspector->get_ctxt();
+ AppIdContext& ctxt = inspector.get_ctxt();
for (auto& id : appid_registry)
register_appid(id.appId, id.additionalInfo, ctxt.get_odp_ctxt());
}
#include "service_state.h"
class AppIdContext;
+class AppIdInspector;
class LuaStateDescriptor;
namespace snort
AppIdDetector() = default;
virtual ~AppIdDetector() = default;
- virtual int initialize();
+ virtual int initialize(AppIdInspector&);
virtual void reload();
virtual void do_custom_init() { }
virtual void do_custom_reload() { }
if (!asd)
{
- asd = AppIdSession::allocate_session(p, protocol, direction, &inspector, odp_ctxt);
+ asd = AppIdSession::allocate_session(p, protocol, direction, inspector, odp_ctxt);
if (p->flow->get_session_flags() & SSNFLAG_MIDSTREAM)
{
flow_flags |= APPID_SESSION_MID;
static void tterm();
- virtual void initialize() = 0;
+ virtual void initialize(AppIdInspector&) = 0;
virtual void reload() = 0;
virtual void register_detector(const std::string&, AppIdDetector*, IpProtocol);
virtual void add_pattern_data(AppIdDetector*, snort::SearchTool&, int position,
#include <cassert>
#include "detection/detection_engine.h"
-#include "managers/inspector_manager.h"
#include "app_info_table.h"
#include "appid_debug.h"
#include "appid_discovery.h"
if ( !asd )
{
// The event is received before appid has seen any packet, e.g., data on SYN
- auto inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME);
asd = AppIdSession::allocate_session( p, p->get_ip_proto_next(), direction,
inspector, *pkt_thread_odp_ctxt );
if ( appidDebug->is_enabled() )
{
- appidDebug->activate(flow, asd, inspector->get_ctxt().config.log_all_sessions);
+ appidDebug->activate(flow, asd, inspector.get_ctxt().config.log_all_sessions);
if ( appidDebug->is_active() )
LogMessage("AppIdDbg %s New AppId session at HTTP event\n",
appidDebug->get_debug_session());
{
hsession->set_field(REQ_HOST_FID, header_start, header_length, change_bits);
asd->scan_flags |= SCAN_HTTP_HOST_URL_FLAG;
+ }
- header_start = http_event->get_uri(header_length);
- if (header_length > 0)
- {
- hsession->set_field(REQ_URI_FID, header_start, header_length, change_bits);
- hsession->update_url(change_bits);
- }
+ header_start = http_event->get_uri(header_length);
+ if (header_length > 0)
+ {
+ hsession->set_field(REQ_URI_FID, header_start, header_length, change_bits);
+ asd->scan_flags |= SCAN_HTTP_URI_FLAG;
+ hsession->update_url(change_bits);
}
header_start = http_event->get_user_agent(header_length);
class Flow;
}
+class AppIdInspector;
+
class HttpEventHandler : public snort::DataHandler
{
public:
RESPONSE_EVENT,
};
- HttpEventHandler(HttpEventType type) : DataHandler(MOD_NAME)
- {
- event_type = type;
- }
+ HttpEventHandler(HttpEventType type, AppIdInspector& inspector) :
+ DataHandler(MOD_NAME), event_type(type), inspector(inspector)
+ { }
void handle(snort::DataEvent&, snort::Flow*) override;
private:
HttpEventType event_type;
+ AppIdInspector& inspector;
};
#endif
ctxt = new AppIdContext(const_cast<AppIdConfig&>(*config));
- my_seh = SipEventHandler::create();
- my_seh->subscribe(sc);
+ ctxt->init_appid(sc, *this);
- ctxt->init_appid(sc);
+ DataBus::subscribe_global(SIP_EVENT_TYPE_SIP_DIALOG_KEY, new SipEventHandler(*this), sc);
DataBus::subscribe_global(HTTP_REQUEST_HEADER_EVENT_KEY, new HttpEventHandler(
- HttpEventHandler::REQUEST_EVENT), sc);
+ HttpEventHandler::REQUEST_EVENT, *this), sc);
DataBus::subscribe_global(HTTP_RESPONSE_HEADER_EVENT_KEY, new HttpEventHandler(
- HttpEventHandler::RESPONSE_EVENT), sc);
+ HttpEventHandler::RESPONSE_EVENT, *this), sc);
DataBus::subscribe_global(DATA_DECRYPT_EVENT, new DataDecryptEventHandler(), sc);
odp_thread_local_ctxt = new OdpThreadContext;
OdpContext& odp_ctxt = ctxt.get_odp_ctxt();
- odp_ctxt.get_client_disco_mgr().initialize();
- odp_ctxt.get_service_disco_mgr().initialize();
+ odp_ctxt.get_client_disco_mgr().initialize(*inspector);
+ odp_ctxt.get_service_disco_mgr().initialize(*inspector);
odp_thread_local_ctxt->initialize(ctxt, true, true);
- odp_ctxt.initialize();
+ odp_ctxt.initialize(*inspector);
bool from_shell = ( L != nullptr );
current_request->respond("== swapping detectors configuration\n", from_shell);
}
AppIdSession* AppIdSession::allocate_session(const Packet* p, IpProtocol proto,
- AppidSessionDirection direction, AppIdInspector* inspector, OdpContext& odp_context)
+ AppidSessionDirection direction, AppIdInspector& inspector, OdpContext& odp_context)
{
uint16_t port = 0;
(p->ptrs.sp != p->ptrs.dp))
port = (direction == APP_ID_FROM_INITIATOR) ? p->ptrs.sp : p->ptrs.dp;
- AppIdSession* asd = new AppIdSession(proto, ip, port, *inspector, odp_context,
+ AppIdSession* asd = new AppIdSession(proto, ip, port, inspector, odp_context,
p->pkth->address_space_id);
asd->flow = p->flow;
asd->stats.first_packet_second = p->pkth->ts.tv_sec;
~AppIdSession() override;
static AppIdSession* allocate_session(const snort::Packet*, IpProtocol,
- AppidSessionDirection, AppIdInspector*, OdpContext&);
+ AppidSessionDirection, AppIdInspector&, OdpContext&);
static AppIdSession* create_future_session(const snort::Packet*, const snort::SfIp*, uint16_t,
const snort::SfIp*, uint16_t, IpProtocol, SnortProtocolId, bool swap_app_direction=false);
void initialize_future_session(AppIdSession&, uint64_t, AppidSessionDirection);
#include "log/text_log.h"
#include "log/unified2.h"
-#include "managers/inspector_manager.h"
#include "time/packet_time.h"
#include "appid_config.h"
#define MAX_CANDIDATE_CLIENTS 10
-void ClientDiscovery::initialize()
+void ClientDiscovery::initialize(AppIdInspector& inspector)
{
new BitClientDetector(this);
new BitTrackerClientDetector(this);
new VncClientDetector(this);
for ( auto kv : tcp_detectors )
- kv.second->initialize();
+ kv.second->initialize(inspector);
for ( auto kv : udp_detectors )
- kv.second->initialize();
+ kv.second->initialize(inspector);
}
void ClientDiscovery::reload()
#include "appid_types.h"
class ClientDetector;
+class AppIdInspector;
class AppIdSession;
struct ClientAppMatch
class ClientDiscovery : public AppIdDiscovery
{
public:
- void initialize() override;
+ void initialize(AppIdInspector&) override;
void reload() override;
void finalize_client_patterns();
#include "log/messages.h"
#include "main/snort_debug.h"
-#include "managers/inspector_manager.h"
#include "protocols/packet.h"
#include "search_engines/search_tool.h"
}
}
-static void read_patterns(PortPatternNode* portPatternList, PatternService** serviceList)
+static void read_patterns(PortPatternNode* portPatternList, PatternService** serviceList,
+ AppIdInspector& inspector)
{
PatternService* ps = nullptr;
char* lastName = nullptr;
pattern->next = ps->pattern;
ps->pattern = pattern;
- // FIXIT-M: Tp support ODP reload, store ODP context in PatternService
- AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME);
- assert(inspector);
- AppIdContext& ctxt = inspector->get_ctxt();
+ AppIdContext& ctxt = inspector.get_ctxt();
ctxt.get_odp_ctxt().get_app_info_mgr().set_app_info_active(ps->id);
}
}
}
-void PatternServiceDetector::finalize_service_port_patterns()
+void PatternServiceDetector::finalize_service_port_patterns(AppIdInspector& inspector)
{
- read_patterns(lua_injected_patterns, &service_port_pattern);
+ read_patterns(lua_injected_patterns, &service_port_pattern, inspector);
install_ports(service_port_pattern);
create_service_pattern_trees();
register_service_patterns();
udp_pattern_matcher->prep();
}
-void PatternClientDetector::finalize_client_port_patterns()
+void PatternClientDetector::finalize_client_port_patterns(AppIdInspector& inspector)
{
- read_patterns(lua_injected_patterns, &service_port_pattern);
+ read_patterns(lua_injected_patterns, &service_port_pattern, inspector);
create_client_pattern_trees();
register_client_patterns();
dump_patterns("Client", service_port_pattern);
class SearchTool;
}
+class AppIdInspector;
+
struct PortPatternNode
{
AppId appId;
~PatternClientDetector() override;
void insert_client_port_pattern(PortPatternNode*);
- void finalize_client_port_patterns();
+ void finalize_client_port_patterns(AppIdInspector&);
void reload_client_port_patterns();
int validate(AppIdDiscoveryArgs&) override;
~PatternServiceDetector() override;
void insert_service_port_pattern(PortPatternNode*);
- void finalize_service_port_patterns();
+ void finalize_service_port_patterns(AppIdInspector&);
void reload_service_port_patterns();
int validate(AppIdDiscoveryArgs&) override;
#include "appid_debug.h"
#include "appid_inspector.h"
#include "app_info_table.h"
-#include "managers/inspector_manager.h"
#include "protocols/packet.h"
using namespace snort;
{
IpProtocol protocol = p->is_tcp() ? IpProtocol::TCP : IpProtocol::UDP;
AppidSessionDirection direction = p->is_from_client() ? APP_ID_FROM_INITIATOR : APP_ID_FROM_RESPONDER;
- AppIdInspector* inspector = (AppIdInspector*) InspectorManager::get_inspector(MOD_NAME, true);
- asd = AppIdSession::allocate_session(p, protocol, direction, inspector, inspector->get_ctxt().get_odp_ctxt());
+ asd = AppIdSession::allocate_session(p, protocol, direction, inspector,
+ inspector.get_ctxt().get_odp_ctxt());
}
AppidChangeBits change_bits;
class Flow;
}
+class AppIdInspector;
class SipEventHandler;
class SipUdpClientDetector : public ClientDetector
class SipEventHandler : public snort::DataHandler
{
public:
-
- static SipEventHandler* create()
- {
- return new SipEventHandler;
- }
+ SipEventHandler(AppIdInspector& inspector) :
+ DataHandler(MOD_NAME), inspector(inspector)
+ { }
static void set_client(SipUdpClientDetector* cd) { SipEventHandler::client = cd; }
static void set_service(SipServiceDetector* sd) { SipEventHandler::service = sd; }
- void subscribe(snort::SnortConfig* sc)
- { snort::DataBus::subscribe_global(SIP_EVENT_TYPE_SIP_DIALOG_KEY, this, sc); }
-
void handle(snort::DataEvent&, snort::Flow*) override;
private:
- SipEventHandler() : DataHandler(MOD_NAME) { }
void client_handler(SipEvent&, AppIdSession&, AppidChangeBits&);
void service_handler(SipEvent&, AppIdSession&, AppidChangeBits&);
static SipUdpClientDetector* client;
static SipServiceDetector* service;
+ AppIdInspector& inspector;
};
#endif
void ClientAppDescriptor::update_user(AppId, const char*, AppidChangeBits&){}
void ClientAppDescriptor::update_stats(AppId, bool) {}
void PayloadAppDescriptor::update_stats(AppId, bool) {}
-void ServiceDiscovery::initialize() {}
+void ServiceDiscovery::initialize(AppIdInspector&) {}
void ServiceDiscovery::reload() {}
int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&)
void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
AppIdDiscovery::~AppIdDiscovery() { }
-void ClientDiscovery::initialize() { }
+void ClientDiscovery::initialize(AppIdInspector&) { }
void ClientDiscovery::reload() { }
void AppIdDiscovery::register_detector(const string&, AppIdDetector*, IpProtocol) { }
void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, unsigned char const*, unsigned int, unsigned int) { }
#include "appid_config.h"
#include "appid_debug.h"
#include "appid_dns_session.h"
+#include "appid_inspector.h"
#include "appid_session.h"
#include "detector_plugins/detector_dns.h"
#include "detector_plugins/detector_imap.h"
static ServiceDetector* ftp_service;
-void ServiceDiscovery::initialize()
+void ServiceDiscovery::initialize(AppIdInspector& inspector)
{
new BattleFieldServiceDetector(this);
new BgpServiceDetector(this);
for ( auto kv : tcp_detectors )
{
- kv.second->initialize();
+ kv.second->initialize(inspector);
service_detector_list.emplace_back(kv.second);
}
for ( auto kv : udp_detectors )
{
- kv.second->initialize();
+ kv.second->initialize(inspector);
service_detector_list.emplace_back(kv.second);
}
}
#include "appid_types.h"
+class AppIdInspector;
class AppIdSession;
class ServiceDetector;
class ServiceDiscoveryState;
{
public:
~ServiceDiscovery() override { }
- void initialize() override;
+ void initialize(AppIdInspector&) override;
void reload() override;
void finalize_service_patterns();
void reload_service_patterns();
#include <CppUTest/TestHarness.h>
#include <CppUTestExt/MockSupport.h>
-void ServiceDiscovery::initialize() {}
+void ServiceDiscovery::initialize(AppIdInspector&) {}
void ServiceDiscovery::reload() {}
void ServiceDiscovery::finalize_service_patterns() {}
void ServiceDiscovery::match_by_pattern(AppIdSession&, const Packet*, IpProtocol) {}
SipPatternMatchers::~SipPatternMatchers() { }
HttpPatternMatchers::~HttpPatternMatchers() { }
DnsPatternMatchers::~DnsPatternMatchers() { }
-void ClientDiscovery::initialize() {}
+void ClientDiscovery::initialize(AppIdInspector&) {}
void ClientDiscovery::reload() {}
FpSMBData* smb_data = nullptr;
-int AppIdDetector::initialize(){return 0;}
+int AppIdDetector::initialize(AppIdInspector&){return 0;}
void AppIdDetector::reload() { }
int AppIdDetector::data_add(AppIdSession&, void*, AppIdFreeFCN){return 0;}
void* AppIdDetector::data_get(AppIdSession&) {return nullptr;}
namespace snort
{
-Inspector* InspectorManager::get_inspector(
- char const*, bool, const snort::SnortConfig*) { return nullptr; }
AppIdSessionApi::AppIdSessionApi(const AppIdSession*, const SfIp&) :
StashGenericObject(STASH_GENERIC_OBJECT_APPID) {}
}
bool AppIdSession::is_tp_processing_done() const {return 0;}
AppId AppIdSession::pick_ss_payload_app_id(AppId) const { return get_payload_id(); }
AppIdSession* AppIdSession::allocate_session(const Packet*, IpProtocol,
- AppidSessionDirection, AppIdInspector*, OdpContext&)
+ AppidSessionDirection, AppIdInspector&, OdpContext&)
{
return nullptr;
}
void AppIdHttpSession::set_tun_dest(){}
// Stubs for ServiceDiscovery
-void ServiceDiscovery::initialize() {}
+void ServiceDiscovery::initialize(AppIdInspector&) {}
void ServiceDiscovery::reload() {}
void ServiceDiscovery::finalize_service_patterns() {}
void ServiceDiscovery::match_by_pattern(AppIdSession&, const Packet*, IpProtocol) {}
void HostTracker::remove_flows() {}
// Stubs for ClientDiscovery
-void ClientDiscovery::initialize() {}
+void ClientDiscovery::initialize(AppIdInspector&) {}
void ClientDiscovery::reload() {}
void ClientDiscovery::finalize_client_patterns() {}
static ClientDiscovery* c_discovery_manager = new ClientDiscovery();
namespace snort
{
AppIdApi appid_api;
-Inspector* InspectorManager::get_inspector(
- char const*, bool, const snort::SnortConfig*) { return nullptr; }
-
Packet::Packet(bool) { }
Packet::~Packet() { }
FakeHttpMsgHeader* fake_msg_header = nullptr;
AppIdSession* AppIdSession::allocate_session(const Packet*, IpProtocol, AppidSessionDirection,
- AppIdInspector*, OdpContext&)
+ AppIdInspector&, OdpContext&)
{
return nullptr;
}
TEST(appid_http_event, handle_null_appid_data)
{
HttpEvent event(nullptr, false, 0);
- HttpEventHandler event_handler(HttpEventHandler::REQUEST_EVENT);
+ HttpEventHandler event_handler(HttpEventHandler::REQUEST_EVENT, dummy_appid_inspector);
mock().expectOneCall("get_appid_session");
event_handler.handle(event, flow);
mock().checkExpectations();
TEST(appid_http_event, handle_null_msg_header)
{
HttpEvent event(nullptr, false, 0);
- HttpEventHandler event_handler(HttpEventHandler::REQUEST_EVENT);
+ HttpEventHandler event_handler(HttpEventHandler::REQUEST_EVENT, dummy_appid_inspector);
mock().strictOrder();
mock().expectOneCall("get_appid_session");
{
HttpEvent event(nullptr, false, 0);
FakeHttpMsgHeader http_msg_header;
- HttpEventHandler event_handler(test_data.type);
+ HttpEventHandler event_handler(test_data.type, dummy_appid_inspector);
fake_msg_header = &http_msg_header;
host = test_data.host;
TEST(appid_http_event, handle_msg_header_host_and_uri)
{
TestData test_data;
- test_data.scan_flags = SCAN_HTTP_HOST_URL_FLAG;
+ test_data.scan_flags = SCAN_HTTP_HOST_URL_FLAG | SCAN_HTTP_URI_FLAG;
test_data.host = HOST;
test_data.uri = URI;
TestData test_data;
test_data.type = HttpEventHandler::REQUEST_EVENT;
test_data.scan_flags = SCAN_HTTP_VIA_FLAG | SCAN_HTTP_USER_AGENT_FLAG |
- SCAN_HTTP_HOST_URL_FLAG;
+ SCAN_HTTP_HOST_URL_FLAG | SCAN_HTTP_URI_FLAG;
test_data.uri = URI;
test_data.cookie = COOKIE;
test_data.host = HOST;
void PayloadAppDescriptor::update_stats(AppId, bool) {}
AppIdDiscovery::~AppIdDiscovery() { }
-void ClientDiscovery::initialize() { }
+void ClientDiscovery::initialize(AppIdInspector&) { }
void ClientDiscovery::reload() { }
void AppIdDiscovery::register_detector(const string&, AppIdDetector*, IpProtocol) { }
void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, unsigned char const*, unsigned int, unsigned int) { }
return 0;
}
-void ServiceDiscovery::initialize() { }
+void ServiceDiscovery::initialize(AppIdInspector&) { }
void ServiceDiscovery::reload() { }
int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&)
api(*(new AppIdSessionApi(this, *ip))), odp_ctxt(stub_odp_ctxt) { }
AppIdSession::~AppIdSession() = default;
AppIdDiscovery::~AppIdDiscovery() {}
-void ClientDiscovery::initialize() { }
+void ClientDiscovery::initialize(AppIdInspector&) { }
void ClientDiscovery::reload() { }
void AppIdDiscovery::register_detector(const std::string&, AppIdDetector*, IpProtocol) {}
void AppIdDiscovery::add_pattern_data(AppIdDetector*, SearchTool&, int, const uint8_t* const,
int, unsigned) {}
int AppIdDiscovery::add_service_port(AppIdDetector*,
const ServiceDetectorPort&) { return APPID_EINVALID; }
-void ServiceDiscovery::initialize() {}
+void ServiceDiscovery::initialize(AppIdInspector&) {}
void ServiceDiscovery::reload() {}
void ServiceDiscovery::finalize_service_patterns() {}
void ServiceDiscovery::match_by_pattern(AppIdSession&, const Packet*, IpProtocol) {}
snort::SearchTool::~SearchTool() { }
AppIdDiscovery::~AppIdDiscovery() { }
-void ClientDiscovery::initialize() { }
+void ClientDiscovery::initialize(AppIdInspector&) { }
void ClientDiscovery::reload() { }
void AppIdDiscovery::register_detector(const string&, AppIdDetector*, IpProtocol) { }
void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool&, int, unsigned char const*, unsigned int, unsigned int) { }
SslPatternMatchers::~SslPatternMatchers() { }
AppIdConfig::~AppIdConfig() { }
OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { }
-void ServiceDiscovery::initialize() { }
+void ServiceDiscovery::initialize(AppIdInspector&) { }
void ServiceDiscovery::reload() { }
int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&)
{ return 0; }