# features
option ( ENABLE_SHELL "enable shell support" OFF )
-option ( ENABLE_APPID_THIRD_PARTY "enable third party appid" OFF )
option ( ENABLE_UNIT_TESTS "enable unit tests" OFF )
option ( ENABLE_PIGLET "enable piglet test harness" OFF )
set(DNET_CPPFLAGS "-I${DNET_INCLUDE_DIR}")
endif()
-if(ENABLE_APPID_THIRD_PARTY)
- set(TP_APPID_CPPFLAGS "-DENABLE_APPID_THIRD_PARTY")
-endif()
-
if(ENABLE_DEEP_PROFILING)
set(DEEP_PROFILING_CPPFLAGS "-DDEEP_PROFILING")
endif()
/* include internal inspectors in binary */
#cmakedefine STATIC_SEARCH_ENGINES 1
-/* enable third party appid */
-#cmakedefine ENABLE_APPID_THIRD_PARTY 1
-
/* enable unit tests */
#cmakedefine UNIT_TEST 1
-if ( ENABLE_APPID_THIRD_PARTY )
- set (APPID_TP_INCLUDES
- tp_appid_module_api.h
- tp_appid_session_api.h
- tp_appid_types.h
- http_xff_fields.h
- )
-endif()
-
-
set (APPID_INCLUDES
appid_api.h
appid_dns_session.h
appid_types.h
application_ids.h
http_xff_fields.h
- ${APPID_TP_INCLUDES}
+ tp_appid_module_api.h
+ tp_appid_session_api.h
+ tp_appid_types.h
)
set ( APPID_INCLUDE_DIR ${CMAKE_CURRENT_SOURCE_DIR} )
appid_utils/sf_multi_mpse.h
)
-if ( ENABLE_APPID_THIRD_PARTY )
- set( APPID_TP_SOURCES
- tp_lib_handler.cc
- tp_appid_utils.cc
- tp_lib_handler.h
- tp_appid_types.h
- )
-endif()
-
set ( APPID_SOURCES
app_forecast.cc
app_forecast.h
service_state.cc
service_state.h
http_xff_fields.h
- ${APPID_TP_SOURCES}
+ tp_appid_utils.cc
+ tp_lib_handler.cc
+ tp_lib_handler.h
+ tp_appid_types.h
)
#if (STATIC_INSPECTORS)
#include "appid_session_api.h"
#include "app_info_table.h"
#include "service_plugins/service_ssl.h"
-#ifdef ENABLE_APPID_THIRD_PARTY
#include "tp_appid_session_api.h"
-#endif
using namespace snort;
asd->service_disco_state = APPID_DISCO_STATE_FINISHED;
asd->client_disco_state = APPID_DISCO_STATE_FINISHED;
-#ifdef ENABLE_APPID_THIRD_PARTY
if (asd->tpsession)
asd->tpsession->set_state(TP_STATE_HA);
-#endif
}
}
if((appHA->flags & APPID_HA_FLAGS_TP_DONE) && asd->tpsession)
{
-#ifdef ENABLE_APPID_THIRD_PARTY
asd->tpsession->set_state(TP_STATE_TERMINATED);
-#endif
asd->set_session_flags(APPID_SESSION_NO_TPI);
}
#include "service_plugins/service_ssl.h"
#include "detector_plugins/detector_dns.h"
#include "target_based/snort_protocols.h"
-#ifdef ENABLE_APPID_THIRD_PARTY
#include "tp_appid_utils.h"
#include "tp_lib_handler.h"
-#endif
using namespace snort;
SnortProtocolId snortId_for_ftp_data;
SnortProtocolId snortId_for_http2;
-#ifdef ENABLE_APPID_THIRD_PARTY
ThirdPartyAppIdContext* AppIdContext::tp_appid_ctxt = nullptr;
-#endif
OdpContext* AppIdContext::odp_ctxt = nullptr;
static void map_app_names_to_snort_ids(SnortConfig* sc)
once = true;
}
-#ifdef ENABLE_APPID_THIRD_PARTY
// do not reload third party on reload_config()
if (!tp_appid_ctxt)
tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config, *odp_ctxt);
-#endif
+
map_app_names_to_snort_ids(sc);
return true;
}
-#ifdef ENABLE_APPID_THIRD_PARTY
void AppIdContext::create_tp_appid_ctxt()
{
tp_appid_ctxt = TPLibHandler::create_tp_appid_ctxt(*config, *odp_ctxt);
}
-#endif
AppId AppIdContext::get_port_service_id(IpProtocol proto, uint16_t port)
{
#include "sfip/sf_ip.h"
#include "target_based/snort_protocols.h"
#include "utils/sflsq.h"
-#ifdef ENABLE_APPID_THIRD_PARTY
#include "tp_appid_module_api.h"
-#endif
#include "application_ids.h"
#include "host_port_app_cache.h"
~AppIdContext() { }
OdpContext& get_odp_ctxt() const
- {
- return *odp_ctxt;
- }
+ { return *odp_ctxt; }
-#ifdef ENABLE_APPID_THIRD_PARTY
ThirdPartyAppIdContext* get_tp_appid_ctxt() const
{ return tp_appid_ctxt; }
{ delete tp_appid_ctxt; }
void create_tp_appid_ctxt();
-#endif
-
bool init_appid(snort::SnortConfig*);
static void pterm();
void show();
// removed from AppIdContext::pterm
static AppInfoManager& app_info_mgr;
static OdpContext* odp_ctxt;
-#ifdef ENABLE_APPID_THIRD_PARTY
static ThirdPartyAppIdContext* tp_appid_ctxt;
-#endif
};
#endif
#include "detector_plugins/http_url_patterns.h"
#include "host_port_app_cache.h"
#include "service_plugins/service_discovery.h"
-#ifdef ENABLE_APPID_THIRD_PARTY
#include "tp_lib_handler.h"
#include "tp_appid_utils.h"
-#endif
using namespace snort;
AppIdDiscovery::AppIdDiscovery()
return APPID_EINVALID;
}
-#ifdef ENABLE_APPID_THIRD_PARTY
void AppIdDiscovery::do_application_discovery(Packet* p, AppIdInspector& inspector,
ThirdPartyAppIdContext* tp_appid_ctxt)
-#else
- void AppIdDiscovery::do_application_discovery(Packet* p, AppIdInspector& inspector)
-#endif
{
IpProtocol protocol = IpProtocol::PROTO_NOT_SET;
AppidSessionDirection direction = APP_ID_FROM_INITIATOR;
AppId payload_id = APP_ID_NONE;
AppId misc_id = APP_ID_NONE;
AppidChangeBits change_bits;
-#ifdef ENABLE_APPID_THIRD_PARTY
bool is_discovery_done = do_discovery(p, *asd, protocol, direction, service_id,
client_id, payload_id, misc_id, change_bits, tp_appid_ctxt);
-#else
- bool is_discovery_done = do_discovery(p, *asd, protocol, direction, service_id,
- client_id, payload_id, misc_id, change_bits);
-#endif
do_post_discovery(p, *asd, direction, is_discovery_done, service_id, client_id, payload_id,
misc_id, change_bits);
asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
asd.client_disco_state = APPID_DISCO_STATE_FINISHED;
asd.set_session_flags(APPID_SESSION_SERVICE_DETECTED);
-#ifdef ENABLE_APPID_THIRD_PARTY
if (asd.tpsession)
asd.tpsession->reset();
-#endif
if ( asd.payload.get_id() == APP_ID_NONE)
asd.payload.set_id(APP_ID_UNKNOWN);
}
return false;
}
-#ifdef ENABLE_APPID_THIRD_PARTY
bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd,
IpProtocol protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id,
AppId& payload_id, AppId& misc_id, AppidChangeBits& change_bits,
ThirdPartyAppIdContext* tp_appid_ctxt)
-#else
-bool AppIdDiscovery::do_discovery(Packet* p, AppIdSession& asd,
- IpProtocol protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id,
- AppId& payload_id, AppId& misc_id, AppidChangeBits& change_bits)
-#endif
{
bool is_discovery_done = false;
}
// Third party detection
-#ifdef ENABLE_APPID_THIRD_PARTY
if (tp_appid_ctxt)
{
// Skip third-party inspection for sessions using old config
is_discovery_done = do_tp_discovery(*tp_appid_ctxt, asd, protocol, p,
direction, change_bits);
}
-#endif
// Port-based service detection
do_port_based_discovery(p, asd, protocol, direction);
}
}
-#ifdef ENABLE_APPID_THIRD_PARTY
if (asd.get_session_flags(APPID_SESSION_OOO_CHECK_TP) and asd.tpsession and
(asd.scan_flags & SCAN_HOST_PORT_FLAG) and (service_id or payload_id))
{
appidDebug->get_debug_session());
}
}
-#endif
asd.set_application_ids(service_id, client_id, payload_id, misc_id, change_bits);
publish_appid_event(change_bits, p->flow);
int position, unsigned nocase);
virtual int add_service_port(AppIdDetector*, const ServiceDetectorPort&);
-#ifdef ENABLE_APPID_THIRD_PARTY
static void do_application_discovery(snort::Packet* p, AppIdInspector&,
ThirdPartyAppIdContext*);
-#else
- static void do_application_discovery(snort::Packet* p, AppIdInspector&);
-#endif
static void publish_appid_event(AppidChangeBits&, snort::Flow*);
AppIdDetectors* get_tcp_detectors()
private:
static bool do_pre_discovery(snort::Packet* p, AppIdSession** p_asd, AppIdInspector& inspector,
IpProtocol& protocol, AppidSessionDirection& direction);
-#ifdef ENABLE_APPID_THIRD_PARTY
static bool do_discovery(snort::Packet* p, AppIdSession& asd,
IpProtocol protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id,
AppId& payload_id, AppId& misc_id, AppidChangeBits& change_bits,
ThirdPartyAppIdContext* tp_appid_ctxt);
-#else
- static bool do_discovery(snort::Packet* p, AppIdSession& asd,
- IpProtocol protocol, AppidSessionDirection direction, AppId& service_id, AppId& client_id,
- AppId& payload_id, AppId& misc_id, AppidChangeBits& change_bits);
-#endif
static void do_post_discovery(snort::Packet* p, AppIdSession& asd,
AppidSessionDirection direction, bool is_discovery_done, AppId service_id, AppId client_id,
AppId payload_id, AppId misc_id, AppidChangeBits& change_bits);
#include "appid_session.h"
#include "detector_plugins/http_url_patterns.h"
#include "http_xff_fields.h"
-#ifdef ENABLE_APPID_THIRD_PARTY
#include "tp_lib_handler.h"
-#endif
#define PORT_MAX 65535
using namespace snort;
&& !asd.get_session_flags(APPID_SESSION_SPDY_SESSION))
{
asd.clear_session_flags(APPID_SESSION_CHP_INSPECTING);
-#ifdef ENABLE_APPID_THIRD_PARTY
if (asd.tpsession)
asd.tpsession->clear_attr(TP_ATTR_CONTINUE_MONITORING);
-#endif
}
}
chp_candidate = cah->appIdInstance;
num_matches = cah->num_matches;
num_scans = cah->num_scans;
-#ifdef ENABLE_APPID_THIRD_PARTY
if (asd.tpsession)
{
if ((ptype_scan_counts[RSP_CONTENT_TYPE_FID]))
else
asd.tpsession->clear_attr(TP_ATTR_COPY_RESPONSE_BODY);
}
-#endif
return 1;
}
#include "lua_detector_module.h"
#include "service_plugins/service_discovery.h"
#include "service_plugins/service_ssl.h"
-#ifdef ENABLE_APPID_THIRD_PARTY
#include "tp_appid_module_api.h"
#include "tp_lib_handler.h"
-#endif
using namespace snort;
-#ifdef ENABLE_APPID_THIRD_PARTY
THREAD_LOCAL ThirdPartyAppIdContext* tp_appid_thread_ctxt = nullptr;
-#endif
static THREAD_LOCAL PacketTracer::TracerMute appid_mute;
// FIXIT-L - appid cleans up openssl now as it is the primary (only) user... eventually this
ctxt->init_appid(sc);
-#ifdef ENABLE_APPID_THIRD_PARTY
if (!ctxt->get_tp_appid_ctxt())
-#endif
{
DataBus::subscribe_global(HTTP_REQUEST_HEADER_EVENT_KEY, new HttpEventHandler(
HttpEventHandler::REQUEST_EVENT), sc);
AppIdServiceState::clean();
delete appidDebug;
appidDebug = nullptr;
-#ifdef ENABLE_APPID_THIRD_PARTY
ThirdPartyAppIdContext* tp_appid_ctxt = ctxt->get_tp_appid_ctxt();
if (tp_appid_ctxt)
tp_appid_ctxt->tfini();
-#endif
}
void AppIdInspector::eval(Packet* p)
Profile profile(appid_perf_stats);
appid_stats.packets++;
-#ifdef ENABLE_APPID_THIRD_PARTY
ThirdPartyAppIdContext* tp_appid_ctxt = ctxt->get_tp_appid_ctxt();
if (tp_appid_thread_ctxt != tp_appid_ctxt)
{
tp_appid_ctxt->tinit();
tp_appid_thread_ctxt = tp_appid_ctxt;
}
-#endif
if (p->flow)
{
-#ifdef ENABLE_APPID_THIRD_PARTY
AppIdDiscovery::do_application_discovery(p, *this, tp_appid_thread_ctxt);
-#else
- AppIdDiscovery::do_application_discovery(p, *this);
-#endif
// FIXIT-L tag verdict reason as appid for daq
if (PacketTracer::is_active())
add_appid_to_packet_trace(*p->flow);
static void appid_inspector_pinit()
{
AppIdSession::init();
-#ifdef ENABLE_APPID_THIRD_PARTY
TPLibHandler::get();
-#endif
}
static void appid_inspector_pterm()
AppIdContext::pterm();
//end of 'FIXIT-M: RELOAD' comment above
openssl_cleanup();
-#ifdef ENABLE_APPID_THIRD_PARTY
TPLibHandler::pfini();
-#endif
}
static void appid_inspector_tinit()
static void appid_inspector_tterm()
{
-#ifdef ENABLE_APPID_THIRD_PARTY
TPLibHandler::tfini();
-#endif
AppIdPegCounts::cleanup_pegs();
}
};
-#ifdef ENABLE_APPID_THIRD_PARTY
extern THREAD_LOCAL ThirdPartyAppIdContext* tp_appid_thread_ctxt;
-#endif
#endif
static int reload_third_party(lua_State*)
{
-#ifdef ENABLE_APPID_THIRD_PARTY
if (Swapper::get_reload_in_progress())
{
LogMessage("== reload pending; retry\n");
Swapper::set_reload_in_progress(false);
LogMessage("== reload third-party complete\n");
}
-#else
- LogMessage("== third party is not enabled\n");
-#endif
return 0;
}
#include "appid_stats.h"
#include "lua_detector_api.h"
#include "service_plugins/service_ssl.h"
-#ifdef ENABLE_APPID_THIRD_PARTY
#include "tp_lib_handler.h"
-#endif
using namespace snort;
}
}
-#ifdef ENABLE_APPID_THIRD_PARTY
if (tpsession)
{
if (tpsession->get_ctxt() == tp_appid_thread_ctxt)
else
delete tpsession;
}
-#endif
delete_session_data();
free_flow_data();
client_disco_state = APPID_DISCO_STATE_NONE;
free_flow_data_by_mask(APPID_SESSION_DATA_CLIENT_MODSTATE_BIT);
-#ifdef ENABLE_APPID_THIRD_PARTY
//3rd party cleaning
if (tpsession)
tpsession->reset();
-#endif
init_tpPackets = 0;
resp_tpPackets = 0;
tp_payload_app_id = APP_ID_UNKNOWN;
tp_app_id = APP_ID_UNKNOWN;
-#ifdef ENABLE_APPID_THIRD_PARTY
if (this->tpsession)
this->tpsession->reset();
-#endif
}
bool AppIdSession::is_payload_appid_set()
if (!get_session_flags(APPID_SESSION_SPDY_SESSION))
{
clear_session_flags(APPID_SESSION_CHP_INSPECTING);
-#ifdef ENABLE_APPID_THIRD_PARTY
if (this->tpsession)
this->tpsession->clear_attr(TP_ATTR_CONTINUE_MONITORING);
-#endif
}
}
bool AppIdSession::is_tp_appid_done() const
{
-#ifdef ENABLE_APPID_THIRD_PARTY
if (ctxt->get_tp_appid_ctxt())
{
if (!tpsession)
return (state == TP_STATE_CLASSIFIED || state == TP_STATE_TERMINATED ||
state == TP_STATE_HA);
}
-#endif
return true;
}
bool AppIdSession::is_tp_processing_done() const
{
-#ifdef ENABLE_APPID_THIRD_PARTY
if (!get_session_flags(APPID_SESSION_NO_TPI) &&
(!is_tp_appid_done() ||
get_session_flags(APPID_SESSION_APP_REINSPECT | APPID_SESSION_APP_REINSPECT_SSL)))
return false;
-#endif
return true;
}
bool AppIdSession::is_tp_appid_available() const
{
-#ifdef ENABLE_APPID_THIRD_PARTY
if (ctxt->get_tp_appid_ctxt())
{
if (!tpsession)
return (state == TP_STATE_CLASSIFIED || state == TP_STATE_TERMINATED ||
state == TP_STATE_MONITORING);
}
-#endif
return true;
}
#include "service_regtest.h"
#endif
-#ifdef ENABLE_APPID_THIRD_PARTY
#include "tp_appid_session_api.h"
-#endif
using namespace snort;
asd.service_disco_state = APPID_DISCO_STATE_FINISHED;
// - Shut down TP.
-#ifdef ENABLE_APPID_THIRD_PARTY
asd.tpsession->set_state(TP_STATE_TERMINATED);
-#endif
// - Just ignore everything from now on.
asd.set_session_flags(APPID_SESSION_IGNORE_FLOW);
}
SOURCES $<TARGET_OBJECTS:appid_cpputest_deps>
)
-if ( ENABLE_APPID_THIRD_PARTY )
-
- add_cpputest( tp_lib_handler_test
- SOURCES
- tp_lib_handler_test.cc
- ../tp_lib_handler.cc
- LIBS
- dl
- )
+add_cpputest( tp_lib_handler_test
+ SOURCES
+ tp_lib_handler_test.cc
+ ../tp_lib_handler.cc
+ LIBS
+ dl
+)
- if ( ENABLE_UNIT_TESTS )
- add_library(tp_mock MODULE EXCLUDE_FROM_ALL tp_mock.cc)
- set_property(TARGET tp_mock PROPERTY ENABLE_EXPORTS 1)
- add_dependencies(tp_lib_handler_test tp_mock)
- endif ( ENABLE_UNIT_TESTS )
+if ( ENABLE_UNIT_TESTS )
+ add_library(tp_mock MODULE EXCLUDE_FROM_ALL tp_mock.cc)
+ set_property(TARGET tp_mock PROPERTY ENABLE_EXPORTS 1)
+ add_dependencies(tp_lib_handler_test tp_mock)
+endif ( ENABLE_UNIT_TESTS )
- add_cpputest( tp_appid_types_test
- SOURCES tp_appid_types_test.cc
- )
+add_cpputest( tp_appid_types_test
+ SOURCES tp_appid_types_test.cc
+)
-endif()
asd->common.initiator_ip.set("1.2.3.4");
asd->set_session_flags(APPID_SESSION_IGNORE_FLOW);
-#ifdef ENABLE_APPID_THIRD_PARTY
AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
-#else
- AppIdDiscovery::do_application_discovery(&p, ins);
-#endif
// Detect changes in service, client, payload, and misc appid
CHECK_EQUAL(databus_publish_called, true);
asd->common.initiator_port = 21;
asd->common.initiator_ip.set("1.2.3.4");
-#ifdef ENABLE_APPID_THIRD_PARTY
AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
-#else
- AppIdDiscovery::do_application_discovery(&p, ins);
-#endif
// Detect changes in service, client, payload, and misc appid
CHECK_EQUAL(databus_publish_called, true);
asd->client.set_id(APP_ID_CURL);
asd->service.set_id(APP_ID_FTP);
-#ifdef ENABLE_APPID_THIRD_PARTY
AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
-#else
- AppIdDiscovery::do_application_discovery(&p, ins);
-#endif
// Detect event for FTP service and CURL client
CHECK_EQUAL(databus_publish_called, true);
asd->payload.set_id(APP_ID_NONE);
asd->client.set_id(APP_ID_NONE);
asd->service.set_id(APP_ID_DNS);
-#ifdef ENABLE_APPID_THIRD_PARTY
AppIdDiscovery::do_application_discovery(&p, ins, nullptr);
-#else
- AppIdDiscovery::do_application_discovery(&p, ins);
-#endif
// Detect event for DNS service
CHECK_EQUAL(databus_publish_called, true);
static AppIdContext ctxt(&config);
static OdpContext odpctxt;
OdpContext* AppIdContext::odp_ctxt = &odpctxt;
-
-#ifdef ENABLE_APPID_THIRD_PARTY
ThirdPartyAppIdContext* AppIdContext::tp_appid_ctxt = nullptr;
-#endif
AppIdConfig::~AppIdConfig() { }
#include <dlfcn.h>
#include "log/messages.h"
+#include "main/snort_debug.h"
#include "profiler/profiler.h"
#include "protocols/packet.h"
#include "stream/stream.h"
#include "appid_inspector.h"
#include "detector_plugins/http_url_patterns.h"
#include "service_plugins/service_ssl.h"
-#include "protocols/packet.h"
-#include "main/snort_debug.h"
-#include "log/messages.h"
-#include "profiler/profiler.h"
-#include "stream/stream.h"
-#ifdef ENABLE_APPID_THIRD_PARTY
-#include "tp_lib_handler.h"
#include "tp_appid_utils.h"
-#endif
+#include "tp_lib_handler.h"
using namespace std;
using namespace snort;
const TPLibHandler* tph = TPLibHandler::get();
TpAppIdCreateSession tpsf = tph->tpsession_factory();
if ( !(asd.tpsession = tpsf(tp_appid_ctxt)) )
+ {
ErrorMessage("Could not allocate asd.tpsession data");
+ return false;
+ }
}
TPState current_tp_state = asd.tpsession->process(*p, direction,
projects / thirdparty / snort3.git / commitdiff
