update_stats(app_id);
else if ( app_id == APP_ID_UNKNOWN )
appid_stats.appid_unknown++;
+ else
+ return; // app_id == APP_ID_NONE
+
+ if ( overwritten_id > APP_ID_NONE )
+ {
+ update_stats(overwritten_id, false);
+ overwritten_id = APP_ID_NONE;
+ }
}
}
}
}
-void ServiceAppDescriptor::update_stats(AppId id)
+void ServiceAppDescriptor::update_stats(AppId id, bool increment)
{
- AppIdPegCounts::inc_service_count(id);
+ AppIdPegCounts::update_service_count(id, increment);
}
void ServiceAppDescriptor::set_port_service_id(AppId id)
{
port_service_id = id;
if ( id > APP_ID_NONE )
- AppIdPegCounts::inc_service_count(id);
+ AppIdPegCounts::update_service_count(id, true);
}
}
}
}
-void ClientAppDescriptor::update_stats(AppId id)
+void ClientAppDescriptor::update_stats(AppId id, bool increment)
{
- AppIdPegCounts::inc_client_count(id);
+ AppIdPegCounts::update_client_count(id, increment);
}
-void PayloadAppDescriptor::update_stats(AppId id)
+void PayloadAppDescriptor::update_stats(AppId id, bool increment)
{
- AppIdPegCounts::inc_payload_count(id);
+ AppIdPegCounts::update_payload_count(id, increment);
}
set_version(version, change_bits);
}
- virtual void update_stats(AppId id) = 0;
+ virtual void update_stats(AppId id, bool increment = true) = 0;
AppId get_id() const
{
virtual void set_id(const snort::Packet& p, AppIdSession& asd, AppidSessionDirection dir, AppId app_id, AppidChangeBits& change_bits);
+ void set_overwritten_id(AppId app_id)
+ {
+ overwritten_id = app_id;
+ }
+
const char* get_version() const
{
return my_version.empty() ? nullptr : my_version.c_str();
private:
AppId my_id = APP_ID_NONE;
+ AppId overwritten_id = APP_ID_NONE;
std::string my_version;
};
}
}
- void update_stats(AppId id) override;
+ void update_stats(AppId id, bool increment = true) override;
AppId get_port_service_id() const
{
return my_username.empty() ? nullptr : my_username.c_str();
}
- void update_stats(AppId id) override;
+ void update_stats(AppId id, bool increment = true) override;
private:
std::string my_username;
ApplicationDescriptor::reset();
}
- void update_stats(AppId id) override;
+ void update_stats(AppId id, bool increment = true) override;
};
#endif
appid_dynamic_sum[SF_APPID_MAX].stats[j] += ptr[peg_num].stats[j];
}
-void AppIdPegCounts::inc_service_count(AppId id)
+void AppIdPegCounts::update_service_count(AppId id, bool increment)
{
- (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]++;
+ if (increment)
+ (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]++;
+ else
+ (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::SERVICE_DETECTS]--;
}
-void AppIdPegCounts::inc_client_count(AppId id)
+void AppIdPegCounts::update_client_count(AppId id, bool increment)
{
- (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]++;
+ if (increment)
+ (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]++;
+ else
+ (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::CLIENT_DETECTS]--;
}
-void AppIdPegCounts::inc_user_count(AppId id)
+void AppIdPegCounts::update_payload_count(AppId id, bool increment)
{
- (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::USER_DETECTS]++;
+ if (increment)
+ (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]++;
+ else
+ (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]--;
}
-void AppIdPegCounts::inc_payload_count(AppId id)
+void AppIdPegCounts::inc_user_count(AppId id)
{
- (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::PAYLOAD_DETECTS]++;
+ (*appid_peg_counts)[get_stats_index(id)].stats[DetectorPegs::USER_DETECTS]++;
}
void AppIdPegCounts::inc_misc_count(AppId id)
static void init_pegs();
static void cleanup_pegs();
static void cleanup_peg_info();
- static void inc_service_count(AppId id);
- static void inc_client_count(AppId id);
+
+ static void update_service_count(AppId id, bool increment);
+ static void update_client_count(AppId id, bool increment);
+ static void update_payload_count(AppId id, bool increment);
+
static void inc_user_count(AppId id);
- static void inc_payload_count(AppId id);
static void inc_misc_count(AppId id);
static void inc_incompatible_count(AppId id)
encrypted.client_id = pick_ss_client_app_id();
encrypted.misc_id = pick_ss_misc_app_id();
encrypted.referred_id = pick_ss_referred_payload_app_id();
+
+ // After decryption, new application ids might be detected
+ // overriding existing ones from the encrypted flow. Set overwritten id
+ // to update app statistics when new AppId is detected.
+ if (encrypted.service_id > APP_ID_NONE and client_inferred_service_id == APP_ID_NONE)
+ api.service.set_overwritten_id(encrypted.service_id);
+
+ if (encrypted.client_id > APP_ID_NONE)
+ api.client.set_overwritten_id(encrypted.client_id);
+
+ if (encrypted.payload_id > APP_ID_NONE)
+ api.payload.set_overwritten_id(encrypted.payload_id);
+
reinit_session_data(change_bits);
if (appidDebug->is_active())
LogMessage("AppIdDbg %s SSL decryption is available, restarting app detection\n",
AppIdConfig::~AppIdConfig() = default;
// Stubs for AppIdPegCounts
-void AppIdPegCounts::inc_payload_count(AppId) { }
-void AppIdPegCounts::inc_client_count(AppId) { }
+void AppIdPegCounts::update_payload_count(AppId, bool) { }
+void AppIdPegCounts::update_client_count(AppId, bool) { }
THREAD_LOCAL AppIdStats appid_stats;
{
dd = (SMTPDetectorData*)snort_calloc(1, sizeof(*dd));
data_add(asd, dd, &smtp_free_state);
- dd->server.state = SMTP_SERVICE_STATE_CONNECTION;
+
+ if (asd.get_session_flags(APPID_SESSION_DECRYPTED))
+ dd->server.state = SMTP_SERVICE_STATE_HELO;
+ else
+ dd->server.state = SMTP_SERVICE_STATE_CONNECTION;
+
dd->client.state = SMTP_CLIENT_STATE_HELO;
dd->need_continue = 1;
asd.set_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS);
}
// Stubs for AppIdPegCounts
-void AppIdPegCounts::inc_service_count(AppId) { }
-void AppIdPegCounts::inc_client_count(AppId) { }
+void AppIdPegCounts::update_service_count(AppId, bool) { }
+void AppIdPegCounts::update_client_count(AppId, bool) { }
void AppIdPegCounts::inc_user_count(AppId) { }
-void AppIdPegCounts::inc_payload_count(AppId) { }
+void AppIdPegCounts::update_payload_count(AppId, bool) { }
THREAD_LOCAL AppIdStats appid_stats;
void AppIdModule::sum_stats(bool) { }
}
void ApplicationDescriptor::set_id(AppId){}
void ServiceAppDescriptor::set_id(AppId, OdpContext&){}
-void ServiceAppDescriptor::update_stats(AppId){}
+void ServiceAppDescriptor::update_stats(AppId, bool){}
void ClientAppDescriptor::update_user(AppId, const char*){}
-void ClientAppDescriptor::update_stats(AppId) {}
-void PayloadAppDescriptor::update_stats(AppId) {}
+void ClientAppDescriptor::update_stats(AppId, bool) {}
+void PayloadAppDescriptor::update_stats(AppId, bool) {}
void ServiceDiscovery::initialize()
{ }
void AppIdDetector::add_app(const snort::Packet&, AppIdSession&, AppidSessionDirection, AppId, AppId, const char*, AppidChangeBits&){}
void ApplicationDescriptor::set_id(AppId){}
void ServiceAppDescriptor::set_id(AppId, OdpContext&){}
-void ServiceAppDescriptor::update_stats(AppId){}
+void ServiceAppDescriptor::update_stats(AppId, bool){}
void ClientAppDescriptor::update_user(AppId, const char*){}
-void ClientAppDescriptor::update_stats(AppId) {}
-void PayloadAppDescriptor::update_stats(AppId) {}
+void ClientAppDescriptor::update_stats(AppId, bool) {}
+void PayloadAppDescriptor::update_stats(AppId, bool) {}
void AppIdDiscovery::add_pattern_data(AppIdDetector*, snort::SearchTool*, int,
const uint8_t* const, unsigned, unsigned){}
void AppIdDiscovery::register_detector(const std::string&, AppIdDetector*, IpProtocol){}
void* AppIdSession::get_flow_data(unsigned) const { return smb_data;}
// Stubs for AppIdPegCounts
-void AppIdPegCounts::inc_service_count(AppId) { }
-void AppIdPegCounts::inc_client_count(AppId) { }
-void AppIdPegCounts::inc_payload_count(AppId) { }
+void AppIdPegCounts::update_service_count(AppId, bool) { }
+void AppIdPegCounts::update_client_count(AppId, bool) { }
+void AppIdPegCounts::update_payload_count(AppId, bool) { }
THREAD_LOCAL AppIdStats appid_stats;
void AppIdModule::show_dynamic_stats() { }
set_id(app_id);
deferred = odp_ctxt.get_app_info_mgr().get_app_info_flags(app_id, APPINFO_FLAG_DEFER);
}
-void ServiceAppDescriptor::update_stats(AppId){}
+void ServiceAppDescriptor::update_stats(AppId, bool){}
void ServiceAppDescriptor::set_port_service_id(AppId){}
void ClientAppDescriptor::update_user(AppId, const char*){}
-void ClientAppDescriptor::update_stats(AppId) {}
-void PayloadAppDescriptor::update_stats(AppId) {}
+void ClientAppDescriptor::update_stats(AppId, bool) {}
+void PayloadAppDescriptor::update_stats(AppId, bool) {}
// Stubs for AppIdModule
AppIdModule::AppIdModule(): Module("appid_mock", "appid_mock_help") {}
void ApplicationDescriptor::set_id(AppId app_id){ my_id = app_id;}
void ServiceAppDescriptor::set_id(AppId app_id, OdpContext&){ set_id(app_id); }
-void ServiceAppDescriptor::update_stats(AppId){}
+void ServiceAppDescriptor::update_stats(AppId, bool){}
void ServiceAppDescriptor::set_port_service_id(AppId app_id){ port_service_id = app_id;}
void ClientAppDescriptor::update_user(AppId app_id, const char* username)
{
my_username = username;
my_user_id = app_id;
}
-void ClientAppDescriptor::update_stats(AppId) {}
-void PayloadAppDescriptor::update_stats(AppId) {}
+void ClientAppDescriptor::update_stats(AppId, bool) {}
+void PayloadAppDescriptor::update_stats(AppId, bool) {}
AppIdDiscovery::AppIdDiscovery() { }
AppIdDiscovery::~AppIdDiscovery() { }
void ApplicationDescriptor::set_id(const Packet&, AppIdSession&, AppidSessionDirection, AppId, AppidChangeBits&) { }
void ApplicationDescriptor::set_id(AppId){}
void ServiceAppDescriptor::set_id(AppId, OdpContext&){}
-void ServiceAppDescriptor::update_stats(AppId){}
+void ServiceAppDescriptor::update_stats(AppId, bool){}
void ServiceAppDescriptor::set_port_service_id(AppId){}
void ClientAppDescriptor::update_user(AppId, const char*){}
-void ClientAppDescriptor::update_stats(AppId) {}
-void PayloadAppDescriptor::update_stats(AppId) {}
+void ClientAppDescriptor::update_stats(AppId, bool) {}
+void PayloadAppDescriptor::update_stats(AppId, bool) {}
AppIdConfig::~AppIdConfig() { }
OdpContext::OdpContext(const AppIdConfig&, snort::SnortConfig*) { }
OdpContext::~OdpContext() { }
projects / thirdparty / snort3.git / commitdiff
