client_plugins/client_detector.h
client_plugins/client_discovery.cc
client_plugins/client_discovery.h
- client_plugins/efp_ca_patterns.cc
- client_plugins/efp_ca_patterns.h
+ client_plugins/eve_ca_patterns.cc
+ client_plugins/eve_ca_patterns.h
)
set ( SP_APPID_SOURCES
appid_discovery.cc
appid_discovery.h
appid_dns_session.h
- appid_efp_process_event_handler.cc
- appid_efp_process_event_handler.h
+ appid_eve_process_event_handler.cc
+ appid_eve_process_event_handler.h
appid_ha.cc
appid_ha.h
appid_http_session.cc
return my_username.empty() ? nullptr : my_username.c_str();
}
- void set_efp_client_app_id(AppId id)
+ void set_eve_client_app_id(AppId id)
{
- efp_client_app_id = id;
+ eve_client_app_id = id;
}
- AppId get_efp_client_app_id() const
+ AppId get_eve_client_app_id() const
{
- return efp_client_app_id;
+ return eve_client_app_id;
}
- void set_efp_client_app_detect_type(ClientAppDetectType client_app_detect_type)
+ void set_eve_client_app_detect_type(ClientAppDetectType client_app_detect_type)
{
my_client_detect_type = client_app_detect_type;
}
private:
std::string my_username;
AppId my_user_id = APP_ID_NONE;
- AppId efp_client_app_id = APP_ID_NONE;
+ AppId eve_client_app_id = APP_ID_NONE;
ClientAppDetectType my_client_detect_type = CLIENT_APP_DETECT_APPID;
};
service_disco_mgr.finalize_service_patterns();
client_disco_mgr.finalize_client_patterns();
http_matchers.finalize_patterns();
- efp_ca_matchers.finalize_patterns();
+ eve_ca_matchers.finalize_patterns();
// sip patterns need to be finalized after http patterns because they
// are dependent on http patterns
sip_matchers.finalize_patterns(*this);
client_pattern_detector->reload_client_port_patterns();
service_disco_mgr.reload_service_patterns();
client_disco_mgr.reload_client_patterns();
- efp_ca_matchers.reload_patterns();
+ eve_ca_matchers.reload_patterns();
http_matchers.reload_patterns();
sip_matchers.reload_patterns();
ssl_matchers.reload_patterns();
#include "app_info_table.h"
#include "client_plugins/client_discovery.h"
-#include "client_plugins/efp_ca_patterns.h"
+#include "client_plugins/eve_ca_patterns.h"
#include "detector_plugins/dns_patterns.h"
#include "detector_plugins/http_url_patterns.h"
#include "detector_plugins/sip_patterns.h"
return http_matchers;
}
- EfpCaPatternMatchers& get_efp_ca_matchers()
+ EveCaPatternMatchers& get_eve_ca_matchers()
{
- return efp_ca_matchers;
+ return eve_ca_matchers;
}
SipPatternMatchers& get_sip_matchers()
LengthCache length_cache;
DnsPatternMatchers dns_matchers;
HttpPatternMatchers http_matchers;
- EfpCaPatternMatchers efp_ca_matchers;
+ EveCaPatternMatchers eve_ca_matchers;
ServiceDiscovery service_disco_mgr;
SipPatternMatchers sip_matchers;
SslPatternMatchers ssl_matchers;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// appid_efp_process_event_handler.cc author Cliff Judge <cljudge@cisco.com>
+// appid_eve_process_event_handler.cc author Cliff Judge <cljudge@cisco.com>
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "appid_efp_process_event_handler.h"
+#include "appid_eve_process_event_handler.h"
#include "detection/detection_engine.h"
#include "appid_debug.h"
using namespace snort;
-void AppIdEfpProcessEventHandler::handle(DataEvent& event, Flow* flow)
+void AppIdEveProcessEventHandler::handle(DataEvent& event, Flow* flow)
{
assert(flow);
AppIdSession* asd = appid_api.get_appid_session(*flow);
(pkt_thread_odp_ctxt->get_version() != asd->get_odp_ctxt_version()))
return;
- const EfpProcessEvent &efp_process_event = static_cast<EfpProcessEvent&>(event);
+ const EveProcessEvent &eve_process_event = static_cast<EveProcessEvent&>(event);
- const std::string& name = efp_process_event.get_process_name();
- uint8_t conf = efp_process_event.get_process_confidence();
- const std::string& server_name = efp_process_event.get_server_name();
+ const std::string& name = eve_process_event.get_process_name();
+ uint8_t conf = eve_process_event.get_process_confidence();
+ const std::string& server_name = eve_process_event.get_server_name();
AppId app_id = APP_ID_NONE;
if (!name.empty())
{
- app_id = asd->get_odp_ctxt().get_efp_ca_matchers().match_efp_ca_pattern(name,
+ app_id = asd->get_odp_ctxt().get_eve_ca_matchers().match_eve_ca_pattern(name,
conf);
- asd->set_efp_client_app_id(app_id);
+ asd->set_eve_client_app_id(app_id);
}
if (appidDebug->is_active())
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// appid_efp_process_event_handler.h author Cliff Judge <cljudge@cisco.com>
+// appid_eve_process_event_handler.h author Cliff Judge <cljudge@cisco.com>
-#ifndef APPID_EFP_PROCESS_EVENT_HANDLER_H
-#define APPID_EFP_PROCESS_EVENT_HANDLER_H
+#ifndef APPID_EVE_PROCESS_EVENT_HANDLER_H
+#define APPID_EVE_PROCESS_EVENT_HANDLER_H
-#include "pub_sub/efp_process_event.h"
+#include "pub_sub/eve_process_event.h"
#include "appid_module.h"
-class AppIdEfpProcessEventHandler : public snort::DataHandler
+class AppIdEveProcessEventHandler : public snort::DataHandler
{
public:
- AppIdEfpProcessEventHandler() : DataHandler(MOD_NAME) { }
+ AppIdEveProcessEventHandler() : DataHandler(MOD_NAME) { }
void handle(snort::DataEvent& event, snort::Flow* flow) override;
};
#include "appid_dcerpc_event_handler.h"
#include "appid_debug.h"
#include "appid_discovery.h"
-#include "appid_efp_process_event_handler.h"
+#include "appid_eve_process_event_handler.h"
#include "appid_ha.h"
#include "appid_http_event_handler.h"
#include "appid_http2_req_body_event_handler.h"
DataBus::subscribe_network(OPPORTUNISTIC_TLS_EVENT, new AppIdOpportunisticTlsEventHandler());
- DataBus::subscribe_network(EFP_PROCESS_EVENT, new AppIdEfpProcessEventHandler());
+ DataBus::subscribe_network(EVE_PROCESS_EVENT, new AppIdEveProcessEventHandler());
DataBus::subscribe_network(SSH_EVENT, new SshEventHandler());
tmp_id = api.hsessions[0]->client.get_id();
if (tmp_id > APP_ID_NONE)
{
- api.client.set_efp_client_app_detect_type(CLIENT_APP_DETECT_APPID);
+ api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_APPID);
return tmp_id;
}
- if (api.client.get_efp_client_app_id() > APP_ID_NONE and
+ if (api.client.get_eve_client_app_id() > APP_ID_NONE and
(api.client.get_id() == APP_ID_SSL_CLIENT or
api.client.get_id() <= APP_ID_NONE))
{
- api.client.set_efp_client_app_detect_type(CLIENT_APP_DETECT_TLS_FP);
- return api.client.get_efp_client_app_id();
+ api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_TLS_FP);
+ return api.client.get_eve_client_app_id();
}
if (api.client.get_id() > APP_ID_NONE)
{
- api.client.set_efp_client_app_detect_type(CLIENT_APP_DETECT_APPID);
+ api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_APPID);
return api.client.get_id();
}
- api.client.set_efp_client_app_detect_type(CLIENT_APP_DETECT_APPID);
+ api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_APPID);
return encrypted.client_id;
}
api.client.update_user(id, username, change_bits);
}
- void set_efp_client_app_id(AppId id)
+ void set_eve_client_app_id(AppId id)
{
- api.client.set_efp_client_app_id(id);
+ api.client.set_eve_client_app_id(id);
}
- AppId get_efp_client_app_id() const
+ AppId get_eve_client_app_id() const
{
- return api.client.get_efp_client_app_id();
+ return api.client.get_eve_client_app_id();
}
AppId get_payload_id() const
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// efp_ca_patterns.cc author Cliff Judge <cljudge@cisco.com>
+// eve_ca_patterns.cc author Cliff Judge <cljudge@cisco.com>
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "efp_ca_patterns.h"
+#include "eve_ca_patterns.h"
#include <algorithm>
using namespace snort;
using namespace std;
-void EfpCaPatternMatchers::add_efp_ca_pattern(AppId app_id, const string& pattern_str,
+void EveCaPatternMatchers::add_eve_ca_pattern(AppId app_id, const string& pattern_str,
uint8_t confidence, const string& detector)
{
- auto match = find_if(efp_ca_load_list.begin(), efp_ca_load_list.end(),
- [app_id, pattern_str] (EfpCaPattern* efp_ca)
- { return (efp_ca->pattern == pattern_str and efp_ca->app_id != app_id); });
+ auto match = find_if(eve_ca_load_list.begin(), eve_ca_load_list.end(),
+ [app_id, pattern_str] (EveCaPattern* eve_ca)
+ { return (eve_ca->pattern == pattern_str and eve_ca->app_id != app_id); });
- if (match != efp_ca_load_list.end())
+ if (match != eve_ca_load_list.end())
WarningMessage("appid: detector %s - process name '%s' for client app %d is already "
"mapped to client app %d\n", detector.c_str(), (*match)->pattern.c_str(), app_id,
(*match)->app_id);
- EfpCaPattern* new_efp_ca_pattern = new EfpCaPattern(app_id, pattern_str, confidence);
- efp_ca_load_list.push_back(new_efp_ca_pattern);
+ EveCaPattern* new_eve_ca_pattern = new EveCaPattern(app_id, pattern_str, confidence);
+ eve_ca_load_list.push_back(new_eve_ca_pattern);
}
-static int efp_ca_pattern_match(void* id, void*, int, void* data, void*)
+static int eve_ca_pattern_match(void* id, void*, int, void* data, void*)
{
- EfpCaPatternList* efp_ca_match_list = (EfpCaPatternList *)data;
- efp_ca_match_list->push_back((EfpCaPattern *)id);
+ EveCaPatternList* eve_ca_match_list = (EveCaPatternList *)data;
+ eve_ca_match_list->push_back((EveCaPattern *)id);
return 0;
}
-AppId EfpCaPatternMatchers::match_efp_ca_pattern(const string& pattern,
+AppId EveCaPatternMatchers::match_eve_ca_pattern(const string& pattern,
uint8_t reported_confidence)
{
- EfpCaPatternList* efp_ca_match_list = new EfpCaPatternList();
- EfpCaPattern* best_match = nullptr;
+ EveCaPatternList* eve_ca_match_list = new EveCaPatternList();
+ EveCaPattern* best_match = nullptr;
- efp_ca_pattern_matcher.find_all(pattern.data(), pattern.size(), efp_ca_pattern_match,
- false, efp_ca_match_list);
+ eve_ca_pattern_matcher.find_all(pattern.data(), pattern.size(), eve_ca_pattern_match,
+ false, eve_ca_match_list);
- for (auto &mp : *efp_ca_match_list)
+ for (auto &mp : *eve_ca_match_list)
{
if (mp->pattern.size() == pattern.size())
{
if (best_match)
ret_app_id = best_match->app_id;
- delete efp_ca_match_list;
+ delete eve_ca_match_list;
return ret_app_id;
}
-EfpCaPatternMatchers::~EfpCaPatternMatchers()
+EveCaPatternMatchers::~EveCaPatternMatchers()
{
- for (auto& p : efp_ca_load_list)
+ for (auto& p : eve_ca_load_list)
delete p;
- efp_ca_load_list.clear();
+ eve_ca_load_list.clear();
}
-void EfpCaPatternMatchers::finalize_patterns()
+void EveCaPatternMatchers::finalize_patterns()
{
- for (auto& p : efp_ca_load_list)
+ for (auto& p : eve_ca_load_list)
{
- efp_ca_pattern_matcher.add(p->pattern.data(), p->pattern.size(), p, true);
+ eve_ca_pattern_matcher.add(p->pattern.data(), p->pattern.size(), p, true);
#ifdef REG_TEST
- LogMessage("Adding EFP Client App pattern %d %s %d\n",
+ LogMessage("Adding EVE Client App pattern %d %s %d\n",
p->app_id, p->pattern.c_str(), p->confidence);
#endif
}
- efp_ca_pattern_matcher.prep();
+ eve_ca_pattern_matcher.prep();
}
-void EfpCaPatternMatchers::reload_patterns()
+void EveCaPatternMatchers::reload_patterns()
{
- efp_ca_pattern_matcher.reload();
+ eve_ca_pattern_matcher.reload();
}
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// efp_ca_patterns.h author Cliff Judge <cljudge@cisco.com>
+// eve_ca_patterns.h author Cliff Judge <cljudge@cisco.com>
-#ifndef EFP_CA_PATTERNS_H
-#define EFP_CA_PATTERNS_H
+#ifndef EVE_CA_PATTERNS_H
+#define EVE_CA_PATTERNS_H
#include <vector>
#include "search_engines/search_tool.h"
#include "application_ids.h"
-struct EfpCaPattern
+struct EveCaPattern
{
const AppId app_id;
const std::string pattern;
const uint8_t confidence;
- EfpCaPattern(AppId id, const std::string& name, uint8_t conf) : app_id(id), pattern(name),
+ EveCaPattern(AppId id, const std::string& name, uint8_t conf) : app_id(id), pattern(name),
confidence(conf) {}
- ~EfpCaPattern() {}
+ ~EveCaPattern() {}
};
-typedef std::vector<EfpCaPattern*> EfpCaPatternList;
+typedef std::vector<EveCaPattern*> EveCaPatternList;
-class EfpCaPatternMatchers
+class EveCaPatternMatchers
{
public:
- ~EfpCaPatternMatchers();
- AppId match_efp_ca_pattern(const std::string&, uint8_t);
- void add_efp_ca_pattern(AppId, const std::string&, uint8_t, const std::string&);
+ ~EveCaPatternMatchers();
+ AppId match_eve_ca_pattern(const std::string&, uint8_t);
+ void add_eve_ca_pattern(AppId, const std::string&, uint8_t, const std::string&);
void finalize_patterns();
void reload_patterns();
private:
- snort::SearchTool efp_ca_pattern_matcher = snort::SearchTool();
- EfpCaPatternList efp_ca_load_list;
+ snort::SearchTool eve_ca_pattern_matcher = snort::SearchTool();
+ EveCaPatternList eve_ca_load_list;
};
#endif
include_directories ( appid PRIVATE ${APPID_INCLUDE_DIR} )
-add_cpputest( efp_ca_patterns_test )
+add_cpputest( eve_ca_patterns_test )
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
//
-// efp_ca_patterns_test.cc author Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
+// eve_ca_patterns_test.cc author Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "client_plugins/efp_ca_patterns.cc"
+#include "client_plugins/eve_ca_patterns.cc"
#include "client_plugins_mock.h"
#include <CppUTest/CommandLineTestRunner.h>
#include <CppUTest/TestHarness.h>
#include <CppUTestExt/MockSupport.h>
-static EfpCaPatternMatchers* efp_matcher = nullptr;
-EfpCaPattern efp_ca(APPID_UT_ID, "firefox", 90);
+static EveCaPatternMatchers* eve_matcher = nullptr;
+EveCaPattern eve_ca(APPID_UT_ID, "firefox", 90);
namespace snort
{
int SearchTool::find_all(const char* pattern, unsigned, MpseMatch, bool, void* data)
{
if (strcmp(pattern, "firefox") == 0)
- efp_ca_pattern_match(&efp_ca, nullptr, 0, data, nullptr);
+ eve_ca_pattern_match(&eve_ca, nullptr, 0, data, nullptr);
return 0;
}
}
-TEST_GROUP(efp_ca_patterns_tests)
+TEST_GROUP(eve_ca_patterns_tests)
{
void setup() override
{
- efp_matcher = new EfpCaPatternMatchers();
+ eve_matcher = new EveCaPatternMatchers();
}
void teardown() override
{
- delete efp_matcher;
+ delete eve_matcher;
}
};
-TEST(efp_ca_patterns_tests, efp_ca_pattern_match)
+TEST(eve_ca_patterns_tests, eve_ca_pattern_match)
{
- EfpCaPatternList data;
- EfpCaPattern efp1(APPID_UT_ID + 1, "firefox", 80);
- efp_ca_pattern_match(&efp1, nullptr, 0, &data, nullptr);
- EfpCaPattern* efp = data.back();
- CHECK(efp->app_id == efp1.app_id);
- CHECK(efp->pattern == efp1.pattern);
- CHECK(efp->confidence == efp1.confidence);
-
- EfpCaPattern efp2(APPID_UT_ID + 2, "chrome", 95);
- efp_ca_pattern_match(&efp2, nullptr, 0, &data, nullptr);
- efp = data.back();
- CHECK(efp->app_id == efp2.app_id);
- CHECK(efp->pattern == efp2.pattern);
- CHECK(efp->confidence == efp2.confidence);
+ EveCaPatternList data;
+ EveCaPattern eve1(APPID_UT_ID + 1, "firefox", 80);
+ eve_ca_pattern_match(&eve1, nullptr, 0, &data, nullptr);
+ EveCaPattern* eve = data.back();
+ CHECK(eve->app_id == eve1.app_id);
+ CHECK(eve->pattern == eve1.pattern);
+ CHECK(eve->confidence == eve1.confidence);
+
+ EveCaPattern eve2(APPID_UT_ID + 2, "chrome", 95);
+ eve_ca_pattern_match(&eve2, nullptr, 0, &data, nullptr);
+ eve = data.back();
+ CHECK(eve->app_id == eve2.app_id);
+ CHECK(eve->pattern == eve2.pattern);
+ CHECK(eve->confidence == eve2.confidence);
CHECK(data.size() == 2);
}
-TEST(efp_ca_patterns_tests, match_efp_ca_pattern)
+TEST(eve_ca_patterns_tests, match_eve_ca_pattern)
{
// 1. pattern not present in pattern matcher list
- CHECK(efp_matcher->match_efp_ca_pattern("chrome", 95) == 0);
+ CHECK(eve_matcher->match_eve_ca_pattern("chrome", 95) == 0);
// 2. pattern matches, confidence doesn't match
- CHECK(efp_matcher->match_efp_ca_pattern("firefox", 60) == 0);
+ CHECK(eve_matcher->match_eve_ca_pattern("firefox", 60) == 0);
// 3. pattern and confidence matches
- CHECK(efp_matcher->match_efp_ca_pattern("firefox", 90) == APPID_UT_ID);
+ CHECK(eve_matcher->match_eve_ca_pattern("firefox", 90) == APPID_UT_ID);
// 4. pattern matches, reported confidence > existing value
- CHECK(efp_matcher->match_efp_ca_pattern("firefox", 92) == APPID_UT_ID);
+ CHECK(eve_matcher->match_eve_ca_pattern("firefox", 92) == APPID_UT_ID);
}
int main(int argc, char** argv)
// LCOV_EXCL_STOP
DnsPatternMatchers::~DnsPatternMatchers() = default;
-EfpCaPatternMatchers::~EfpCaPatternMatchers() = default;
+EveCaPatternMatchers::~EveCaPatternMatchers() = default;
SslPatternMatchers::~SslPatternMatchers() = default;
HttpPatternMatchers::~HttpPatternMatchers() = default;
void AppIdDiscovery::register_udp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { }
int AppIdDiscovery::add_service_port(AppIdDetector*, ServiceDetectorPort const&) { return 0; }
DnsPatternMatchers::~DnsPatternMatchers() = default;
-EfpCaPatternMatchers::~EfpCaPatternMatchers() = default;
+EveCaPatternMatchers::~EveCaPatternMatchers() = default;
SipPatternMatchers::~SipPatternMatchers() = default;
SslPatternMatchers::~SslPatternMatchers() = default;
void AppIdModule::reset_stats() {}
const char* tmp_string = lua_tostring(L, ++index);
if (!tmp_string)
{
- ErrorMessage("appid: Invalid efp process_name string: appid %u.\n", appid);
+ ErrorMessage("appid: Invalid eve process_name string: appid %u.\n", appid);
return 0;
}
const std::string process_name(tmp_string);
uint8_t process_score = lua_tointeger(L, ++index);
const std::string detector_name = ud->get_detector()->get_name();
- ud->get_odp_ctxt().get_efp_ca_matchers().add_efp_ca_pattern(appid, process_name,
+ ud->get_odp_ctxt().get_eve_ca_matchers().add_eve_ca_pattern(appid, process_name,
process_score, detector_name);
ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(appid);
StashGenericObject(STASH_GENERIC_OBJECT_APPID) {}
}
-EfpCaPatternMatchers::~EfpCaPatternMatchers() { }
+EveCaPatternMatchers::~EveCaPatternMatchers() { }
SslPatternMatchers::~SslPatternMatchers() { }
SipPatternMatchers::~SipPatternMatchers() { }
HttpPatternMatchers::~HttpPatternMatchers() { }
SOURCES $<TARGET_OBJECTS:appid_cpputest_deps>
)
-add_cpputest( appid_efp_process_event_handler_test
+add_cpputest( appid_eve_process_event_handler_test
SOURCES $<TARGET_OBJECTS:appid_cpputest_deps>
)
// Stubs for matchers
static HttpPatternMatchers* http_matchers;
DnsPatternMatchers::~DnsPatternMatchers() = default;
-EfpCaPatternMatchers::~EfpCaPatternMatchers() = default;
+EveCaPatternMatchers::~EveCaPatternMatchers() = default;
HttpPatternMatchers::~HttpPatternMatchers() = default;
SipPatternMatchers::~SipPatternMatchers() = default;
SslPatternMatchers::~SslPatternMatchers() = default;
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
//
-// appid_efp_process_event_handler_test.cc author Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
+// appid_eve_process_event_handler_test.cc author Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "appid_efp_process_event_handler.cc"
+#include "appid_eve_process_event_handler.cc"
#include <string>
void AppIdDebug::activate(snort::Flow const*, AppIdSession const*, bool) { }
-AppId EfpCaPatternMatchers::match_efp_ca_pattern(const string&, uint8_t)
+AppId EveCaPatternMatchers::match_eve_ca_pattern(const string&, uint8_t)
{
return APPID_UT_ID;
}
-TEST_GROUP(appid_efp_process_event_handler_tests)
+TEST_GROUP(appid_eve_process_event_handler_tests)
{
void setup() override
{
}
};
-TEST(appid_efp_process_event_handler_tests, efp_process_event_handler)
+TEST(appid_eve_process_event_handler_tests, eve_process_event_handler)
{
Packet p;
- EfpProcessEvent event(p, "firefox", 90);
- AppIdEfpProcessEventHandler event_handler;
+ EveProcessEvent event(p, "firefox", 90);
+ AppIdEveProcessEventHandler event_handler;
Flow* flow = new Flow();
event_handler.handle(event, flow);
- CHECK(session->get_efp_client_app_id() == APPID_UT_ID);
+ CHECK(session->get_eve_client_app_id() == APPID_UT_ID);
delete flow;
}
void AppIdDiscovery::register_udp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { }
int AppIdDiscovery::add_service_port(AppIdDetector*, ServiceDetectorPort const&) { return 0; }
DnsPatternMatchers::~DnsPatternMatchers() = default;
-EfpCaPatternMatchers::~EfpCaPatternMatchers() = default;
+EveCaPatternMatchers::~EveCaPatternMatchers() = default;
HttpPatternMatchers::~HttpPatternMatchers() = default;
SipPatternMatchers::~SipPatternMatchers() = default;
SslPatternMatchers::~SslPatternMatchers() = default;
AppId AppIdSession::pick_ss_client_app_id() const
{
- if (get_efp_client_app_id() > APP_ID_NONE and get_client_id() <= APP_ID_NONE)
+ if (get_eve_client_app_id() > APP_ID_NONE and get_client_id() <= APP_ID_NONE)
{
- api.client.set_efp_client_app_detect_type(CLIENT_APP_DETECT_TLS_FP);
- return get_efp_client_app_id();
+ api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_TLS_FP);
+ return get_eve_client_app_id();
}
else
{
- api.client.set_efp_client_app_detect_type(CLIENT_APP_DETECT_APPID);
+ api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_APPID);
return get_client_id();
}
}
ClientAppDetectType detect_type = mock_session->get_api().get_client_app_detect_type();
CHECK_EQUAL(detect_type, CLIENT_APP_DETECT_APPID);
- /* Set efp client app to some appid, but keep normal client id set to none.
- The efp_client app should be picked, but the detect type should be TLS_FP. */
+ /* Set eve client app to some appid, but keep normal client id set to none.
+ The eve_client app should be picked, but the detect type should be TLS_FP. */
mock_session->set_client_id(APP_ID_NONE);
- mock_session->set_efp_client_app_id(638);
+ mock_session->set_eve_client_app_id(638);
AppId id = mock_session->pick_ss_client_app_id();
CHECK_EQUAL(id, 638);
detect_type = mock_session->get_api().get_client_app_detect_type();
int ServiceDiscovery::add_service_port(AppIdDetector*,
const ServiceDetectorPort&) { return APPID_EINVALID; }
DnsPatternMatchers::~DnsPatternMatchers() = default;
-EfpCaPatternMatchers::~EfpCaPatternMatchers() = default;
+EveCaPatternMatchers::~EveCaPatternMatchers() = default;
HttpPatternMatchers::~HttpPatternMatchers() = default;
SipPatternMatchers::~SipPatternMatchers() = default;
SslPatternMatchers::~SslPatternMatchers() = default;
void AppIdDiscovery::register_udp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { }
int AppIdDiscovery::add_service_port(AppIdDetector*, ServiceDetectorPort const&) { return 0; }
DnsPatternMatchers::~DnsPatternMatchers() = default;
-EfpCaPatternMatchers::~EfpCaPatternMatchers() = default;
+EveCaPatternMatchers::~EveCaPatternMatchers() = default;
HttpPatternMatchers::~HttpPatternMatchers() = default;
SipPatternMatchers::~SipPatternMatchers() = default;
SslPatternMatchers::~SslPatternMatchers() = default;
daq_message_event.h
dcerpc_events.h
dhcp_events.h
- efp_process_event.h
+ eve_process_event.h
expect_events.h
finalize_packet_event.h
http_events.h
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// efp_process_event.h author Cliff Judge <cljudge@cisco.com>
+// eve_process_event.h author Cliff Judge <cljudge@cisco.com>
-#ifndef EFP_PROCESS_EVENT_H
-#define EFP_PROCESS_EVENT_H
+#ifndef EVE_PROCESS_EVENT_H
+#define EVE_PROCESS_EVENT_H
#include <string>
#include "framework/data_bus.h"
-#define EFP_PROCESS_EVENT "efp_process_event"
+#define EVE_PROCESS_EVENT "eve_process_event"
-class EfpProcessEvent : public snort::DataEvent
+class EveProcessEvent : public snort::DataEvent
{
public:
- EfpProcessEvent(const snort::Packet& p, const char* process, uint8_t process_conf) :
+ EveProcessEvent(const snort::Packet& p, const char* process, uint8_t process_conf) :
p(p), process_name(process), process_confidence(process_conf) { }
- EfpProcessEvent(const snort::Packet& p, const char* server) : p(p), server_name(server) { }
+ EveProcessEvent(const snort::Packet& p, const char* server) : p(p), server_name(server) { }
const snort::Packet* get_packet() override { return &p; }
../http_request_body_event.cc
../../service_inspectors/http_inspect/http_msg_body_cl.cc
)
-add_cpputest( pub_sub_efp_process_event_test
+add_cpputest( pub_sub_eve_process_event_test
SOURCES
- ../efp_process_event.h
+ ../eve_process_event.h
)
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
-// pub_sub_efp_process_event_test.cc author Cliff Judge <cljudge@cisco.com>
+// pub_sub_eve_process_event_test.cc author Cliff Judge <cljudge@cisco.com>
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
-#include "pub_sub/efp_process_event.h"
+#include "pub_sub/eve_process_event.h"
#include "protocols/packet.h"
#include <CppUTest/CommandLineTestRunner.h>
Packet::Packet(bool) { }
Packet::~Packet() = default;
-TEST_GROUP(pub_sub_efp_process_event_test)
+TEST_GROUP(pub_sub_eve_process_event_test)
{
void teardown() override
{
}
};
-TEST(pub_sub_efp_process_event_test, efp_process_event)
+TEST(pub_sub_eve_process_event_test, eve_process_event)
{
Packet p;
- EfpProcessEvent event(p, "process", 10);
+ EveProcessEvent event(p, "process", 10);
CHECK(event.get_process_name() == "process");
CHECK(event.get_process_confidence() == 10);
CHECK(event.get_packet() == &p);
projects / thirdparty / snort3.git / commitdiff
