true);
if (appid_inspector and
- (inspector.get_service() == appid_inspector->get_ctxt().config.snortId_for_http2))
+ (inspector.get_service() ==
+ appid_inspector->get_ctxt().config.snort_proto_ids[PROTO_INDEX_HTTP2]))
return true;
return false;
static void map_app_names_to_snort_ids(SnortConfig* sc, AppIdConfig& config)
{
- config.snortId_for_unsynchronized = sc->proto_ref->add("unsynchronized");
- config.snortId_for_ftp_data = sc->proto_ref->add("ftp-data");
- config.snortId_for_http2 = sc->proto_ref->add("http2");
-
// Have to create SnortProtocolIds during configuration initialization.
- sc->proto_ref->add("rexec");
- sc->proto_ref->add("rsh-error");
- sc->proto_ref->add("snmp");
- sc->proto_ref->add("sunrpc");
- sc->proto_ref->add("tftp");
+ config.snort_proto_ids[PROTO_INDEX_UNSYNCHRONIZED] = sc->proto_ref->add("unsynchronized");
+ config.snort_proto_ids[PROTO_INDEX_FTP_DATA] = sc->proto_ref->add("ftp-data");
+ config.snort_proto_ids[PROTO_INDEX_HTTP2] = sc->proto_ref->add("http2");
+ config.snort_proto_ids[PROTO_INDEX_REXEC] = sc->proto_ref->add("rexec");
+ config.snort_proto_ids[PROTO_INDEX_RSH_ERROR] = sc->proto_ref->add("rsh-error");
+ config.snort_proto_ids[PROTO_INDEX_SNMP] = sc->proto_ref->add("snmp");
+ config.snort_proto_ids[PROTO_INDEX_SUNRPC] = sc->proto_ref->add("sunrpc");
+ config.snort_proto_ids[PROTO_INDEX_TFTP] = sc->proto_ref->add("tftp");
+ config.snort_proto_ids[PROTO_INDEX_SIP] = sc->proto_ref->add("sip");
}
AppIdConfig::~AppIdConfig()
#define MIN_MAX_PKTS_BEFORE_SERVICE_FAIL 5
#define MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES 15
+enum SnortProtoIdIndex
+{
+ PROTO_INDEX_UNSYNCHRONIZED = 0,
+ PROTO_INDEX_FTP_DATA,
+ PROTO_INDEX_HTTP2,
+ PROTO_INDEX_REXEC,
+ PROTO_INDEX_RSH_ERROR,
+ PROTO_INDEX_SNMP,
+ PROTO_INDEX_SUNRPC,
+ PROTO_INDEX_TFTP,
+ PROTO_INDEX_SIP,
+
+ PROTO_INDEX_MAX
+};
+
class PatternClientDetector;
class PatternServiceDetector;
size_t memcap = 0;
bool list_odp_detectors = false;
bool log_all_sessions = false;
- SnortProtocolId snortId_for_unsynchronized;
- SnortProtocolId snortId_for_ftp_data;
- SnortProtocolId snortId_for_http2;
+ SnortProtocolId snort_proto_ids[PROTO_INDEX_MAX];
void show() const;
};
AppIdSession* asd = new AppIdSession(proto, ip, port, *inspector, odp_context);
asd->flow = p->flow;
asd->stats.first_packet_second = p->pkth->ts.tv_sec;
- asd->snort_protocol_id = asd->config.snortId_for_unsynchronized;
+ asd->snort_protocol_id = asd->config.snort_proto_ids[PROTO_INDEX_UNSYNCHRONIZED];
p->flow->set_flow_data(asd);
return asd;
}
};
void SipServiceDetector::createRtpFlow(AppIdSession& asd, const Packet* pkt, const SfIp* cliIp,
- uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol protocol, int16_t app_id)
+ uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol protocol)
{
- // FIXIT-E: Passing app_id instead of SnortProtocolId to
- // create_future_session is incorrect. We need to look up
- // snort_protocol_id.
-
AppIdSession* fp = AppIdSession::create_future_session(
- pkt, cliIp, cliPort, srvIp, srvPort, protocol, app_id);
+ pkt, cliIp, cliPort, srvIp, srvPort, protocol,
+ asd.config.snort_proto_ids[PROTO_INDEX_SIP]);
if ( fp )
{
// create an RTCP flow as well
AppIdSession* fp2 = AppIdSession::create_future_session(
- pkt, cliIp, cliPort + 1, srvIp, srvPort + 1, protocol, app_id);
+ pkt, cliIp, cliPort + 1, srvIp, srvPort + 1, protocol,
+ asd.config.snort_proto_ids[PROTO_INDEX_SIP]);
if ( fp2 )
{
while ( media_a && media_b )
{
createRtpFlow(asd, event.get_packet(), media_a->get_address(), media_a->get_port(),
- media_b->get_address(), media_b->get_port(), IpProtocol::UDP, APP_ID_RTP);
+ media_b->get_address(), media_b->get_port(), IpProtocol::UDP);
createRtpFlow(asd, event.get_packet(), media_b->get_address(), media_b->get_port(),
- media_a->get_address(), media_b->get_port(), IpProtocol::UDP, APP_ID_RTP);
+ media_a->get_address(), media_b->get_port(), IpProtocol::UDP);
media_a = session_a->next_media_data();
media_b = session_b->next_media_data();
private:
void createRtpFlow(AppIdSession&, const snort::Packet*, const snort::SfIp* cliIp,
- uint16_t cliPort, const snort::SfIp* srvIp, uint16_t srvPort, IpProtocol, int16_t app_id);
+ uint16_t cliPort, const snort::SfIp* srvIp, uint16_t srvPort, IpProtocol);
};
class SipEventHandler : public snort::DataHandler
void FtpServiceDetector::create_expected_session(AppIdSession& asd, const Packet* pkt, const SfIp* cliIp,
uint16_t cliPort, const SfIp* srvIp, uint16_t srvPort, IpProtocol protocol, AppidSessionDirection dir)
{
- // FIXIT-M - Avoid thread locals
- static THREAD_LOCAL SnortProtocolId ftp_data_snort_protocol_id = UNKNOWN_PROTOCOL_ID;
- if(ftp_data_snort_protocol_id == UNKNOWN_PROTOCOL_ID)
- ftp_data_snort_protocol_id = pkt->context->conf->proto_ref->find("ftp-data");
-
bool swap_flow_app_direction = (dir == APP_ID_FROM_RESPONDER) ? true : false;
AppIdSession* fp = AppIdSession::create_future_session(pkt, cliIp, cliPort, srvIp, srvPort,
- protocol, ftp_data_snort_protocol_id, swap_flow_app_direction);
+ protocol, asd.config.snort_proto_ids[PROTO_INDEX_FTP_DATA], swap_flow_app_direction);
if (fp) // initialize data session
{
uint32_t port = 0;
const uint8_t* data = args.data;
uint16_t size = args.size;
- // FIXIT-M - Avoid thread locals
- static THREAD_LOCAL SnortProtocolId rexec_snort_protocol_id = UNKNOWN_PROTOCOL_ID;
ServiceREXECData* rd = (ServiceREXECData*)data_get(args.asd);
if (!rd)
switch (rd->state)
{
case REXEC_STATE_PORT:
- if(rexec_snort_protocol_id == UNKNOWN_PROTOCOL_ID)
- rexec_snort_protocol_id = args.pkt->context->conf->proto_ref->find("rexec");
-
if (args.dir != APP_ID_FROM_INITIATOR)
goto bail;
if (size > REXEC_MAX_PORT_PACKET)
dip = args.pkt->ptrs.ip_api.get_dst();
sip = args.pkt->ptrs.ip_api.get_src();
- AppIdSession* pf = AppIdSession::create_future_session(args.pkt, dip, 0, sip, (uint16_t)port,
- IpProtocol::TCP, rexec_snort_protocol_id);
+ AppIdSession* pf = AppIdSession::create_future_session(args.pkt,
+ dip, 0, sip,(uint16_t)port, IpProtocol::TCP,
+ args.asd.config.snort_proto_ids[PROTO_INDEX_REXEC]);
+
if (pf)
{
ServiceREXECData* tmp_rd = (ServiceREXECData*)snort_calloc(
pmr = (const ServiceRPCPortmapReply*)data;
if (pmr->port)
{
- // FIXIT-M - Avoid thread locals
- static THREAD_LOCAL SnortProtocolId sunrpc_snort_protocol_id = UNKNOWN_PROTOCOL_ID;
-
- if(sunrpc_snort_protocol_id == UNKNOWN_PROTOCOL_ID)
- sunrpc_snort_protocol_id = pkt->context->conf->proto_ref->find("sunrpc");
-
const SfIp* dip = pkt->ptrs.ip_api.get_dst();
const SfIp* sip = pkt->ptrs.ip_api.get_src();
tmp = ntohl(pmr->port);
AppIdSession* pf = AppIdSession::create_future_session(
pkt, dip, 0, sip, (uint16_t)tmp,
- (IpProtocol)ntohl((uint32_t)rd->proto), sunrpc_snort_protocol_id);
+ (IpProtocol)ntohl((uint32_t)rd->proto),
+ asd.config.snort_proto_ids[PROTO_INDEX_SUNRPC]);
+
if (pf)
{
pf->add_flow_data_id((uint16_t)tmp, this);
uint32_t port = 0;
const uint8_t* data = args.data;
uint16_t size = args.size;
- //FIXIT-M - Avoid thread locals
- static THREAD_LOCAL SnortProtocolId rsh_error_snort_protocol_id = UNKNOWN_PROTOCOL_ID;
ServiceRSHELLData* rd = (ServiceRSHELLData*)data_get(args.asd);
if (!rd)
goto bail;
if (port)
{
- if(rsh_error_snort_protocol_id == UNKNOWN_PROTOCOL_ID)
- rsh_error_snort_protocol_id = args.pkt->context->conf->proto_ref->find("rsh-error");
-
const SfIp* dip = args.pkt->ptrs.ip_api.get_dst();
const SfIp* sip = args.pkt->ptrs.ip_api.get_src();
- AppIdSession* pf = AppIdSession::create_future_session(args.pkt, dip, 0, sip,
- (uint16_t)port, IpProtocol::TCP, rsh_error_snort_protocol_id);
+ AppIdSession* pf = AppIdSession::create_future_session(args.pkt,
+ dip, 0, sip, (uint16_t)port, IpProtocol::TCP,
+ args.asd.config.snort_proto_ids[PROTO_INDEX_RSH_ERROR]);
+
if (pf)
{
ServiceRSHELLData* tmp_rd = (ServiceRSHELLData*)snort_calloc(
const char* version_str = nullptr;
const uint8_t* data = args.data;
uint16_t size = args.size;
- //FIXIT-M - Avoid thread locals
- static THREAD_LOCAL SnortProtocolId snmp_snort_protocol_id = UNKNOWN_PROTOCOL_ID;
if (!size)
goto inprocess;
sd->state = SNMP_STATE_RESPONSE;
/*adding expected connection in case the server doesn't send from 161*/
- if(snmp_snort_protocol_id == UNKNOWN_PROTOCOL_ID)
- snmp_snort_protocol_id = args.pkt->context->conf->proto_ref->find("snmp");
-
const SfIp* dip = args.pkt->ptrs.ip_api.get_dst();
const SfIp* sip = args.pkt->ptrs.ip_api.get_src();
- AppIdSession* pf = AppIdSession::create_future_session(args.pkt, dip, 0, sip,
- args.pkt->ptrs.sp, args.asd.protocol, snmp_snort_protocol_id);
+ AppIdSession* pf = AppIdSession::create_future_session(args.pkt,
+ dip, 0, sip, args.pkt->ptrs.sp, args.asd.protocol,
+ args.asd.config.snort_proto_ids[PROTO_INDEX_SNMP]);
+
if (pf)
{
tmp_sd = (ServiceSNMPData*)snort_calloc(sizeof(ServiceSNMPData));
AppIdSession* pf = nullptr;
const uint8_t* data = args.data;
uint16_t size = args.size;
- //FIXIT-M - Avoid thread locals
- static THREAD_LOCAL SnortProtocolId tftp_snort_protocol_id = UNKNOWN_PROTOCOL_ID;
if (!size)
goto inprocess;
if (strcasecmp((const char*)data, "netascii") && strcasecmp((const char*)data, "octet"))
goto bail;
- if(tftp_snort_protocol_id == UNKNOWN_PROTOCOL_ID)
- tftp_snort_protocol_id = args.pkt->context->conf->proto_ref->find("tftp");
tmp_td = (ServiceTFTPData*)snort_calloc(sizeof(ServiceTFTPData));
tmp_td->state = TFTP_STATE_TRANSFER;
dip = args.pkt->ptrs.ip_api.get_dst();
sip = args.pkt->ptrs.ip_api.get_src();
- pf = AppIdSession::create_future_session(args.pkt, dip, 0, sip,
- args.pkt->ptrs.sp, args.asd.protocol, tftp_snort_protocol_id);
+ pf = AppIdSession::create_future_session(args.pkt,
+ dip, 0, sip, args.pkt->ptrs.sp, args.asd.protocol,
+ args.asd.config.snort_proto_ids[PROTO_INDEX_TFTP]);
+
if (pf)
{
data_add(*pf, tmp_td, &snort_free);
{
DummyInspector inspector;
inspector.set_service(dummy_http2_protocol_id);
- dummy_appid_inspector.get_ctxt().config.snortId_for_http2 = dummy_http2_protocol_id;
+ dummy_appid_inspector.get_ctxt().config.snort_proto_ids[PROTO_INDEX_HTTP2] =
+ dummy_http2_protocol_id;
+
CHECK_TRUE(appid_api.is_inspection_needed(inspector));
inspector.set_service(dummy_http2_protocol_id + 1);
}
if (tp_app_id == APP_ID_SSL &&
- (Stream::get_snort_protocol_id(p->flow) == asd.config.snortId_for_ftp_data))
+ (Stream::get_snort_protocol_id(p->flow) ==
+ asd.config.snort_proto_ids[PROTO_INDEX_FTP_DATA]))
{
// If we see SSL on an FTP data channel set tpAppId back
// to APP_ID_NONE so the FTP preprocessor picks up the flow.
projects / thirdparty / snort3.git / commitdiff
